@sun-asterisk/sunlint 1.3.30 → 1.3.32

package/rules/common/C067_no_hardcoded_config/symbol-based-analyzer.js.backup

@@ -0,0 +1,3853 @@
+// rules/common/C067_no_hardcoded_config/symbol-based-analyzer.js
+const { SyntaxKind, Project, Node } = require("ts-morph");
+
+class C067SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+
+    // Common UI/framework strings that should be excluded
+    this.UI_STRINGS = [
+      "checkbox",
+      "button",
+      "search",
+      "remove",
+      "submit",
+      "cancel",
+      "ok",
+      "close",
+      "Authorization",
+      "User-Agent",
+      "Content-Type",
+      "Accept",
+      "Bearer",
+      "ArrowDown",
+      "ArrowUp",
+      "ArrowLeft",
+      "ArrowRight",
+      "bottom",
+      "top",
+      "left",
+      "right",
+      "next-auth/react",
+      "@nestjs/swagger",
+      "@nestjs/common",
+      "nestjs-pino",
+    ];
+
+    // Test-related strings to exclude
+    this.TEST_PATTERNS = [
+      /^(test|mock|example|dummy|placeholder|fixture|stub)/i,
+      /^(User \d+|Test User|Admin User)/i,
+      /^(group\d+|item\d+|element\d+)/i,
+      /^(abcdef\d+|123456|test-\w+)/i,
+    ];
+
+    // Configuration patterns to detect - based on Rule C067 requirements
+    this.configPatterns = {
+      // API URLs and endpoints - external URLs that differ by environment
+      urls: {
+        regex:
+          /^https?:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)([a-zA-Z0-9-]+\.[a-zA-Z]{2,}|[^\/\s]+\.[^\/\s]+)(\/[^\s]*)?$/,
+        exclude: [
+          /^https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0)(:\d+)?/, // Local development
+          /^https?:\/\/(example\.com|test\.com|dummy\.com)/, // Test domains
+          /^(http|https):\/\/\$\{.+\}/, // Template URLs with variables
+        ],
+      },
+
+      // Timeouts, retry intervals, batch sizes - environment-dependent numeric values
+      environmentNumbers: {
+        isEnvironmentDependent: (value, context) => {
+          const lowerContext = context.toLowerCase();
+
+          // Business logic numbers are NOT environment config
+          const businessLogicPatterns = [
+            /limit|max|min|size|count|length|threshold/i,
+            /page|record|item|batch|chunk|export/i,
+            /width|height|margin|padding/i,
+            /attempt|retry|step/i,
+          ];
+
+          if (businessLogicPatterns.some((pattern) => pattern.test(context))) {
+            return false;
+          }
+
+          // Skip common business constants
+          const businessConstants = [
+            20000,
+            10000,
+            5000,
+            1000,
+            500,
+            100,
+            50,
+            20,
+            10,
+            5, // Common limits
+            404,
+            500,
+            200,
+            201,
+            400,
+            401,
+            403, // HTTP status codes
+            24,
+            60,
+            3600,
+            86400, // Time constants (hours, minutes, seconds)
+            1,
+            2,
+            3,
+            4,
+            5,
+            6,
+            7,
+            8,
+            9,
+            10, // Simple counters
+          ];
+
+          if (businessConstants.includes(value)) {
+            return false;
+          }
+
+          // Timeouts and intervals (values > 1000ms that might differ by environment)
+          if (typeof value === "number" && value > 1000) {
+            return /timeout|interval|delay|duration|retry|batch/i.test(context);
+          }
+
+          // Port numbers (except common development ports)
+          if (typeof value === "number" && value > 1000 && value < 65536) {
+            const commonDevPorts = [3000, 8000, 8080, 9000, 5000, 4200, 4000];
+            if (!commonDevPorts.includes(value)) {
+              return /port|listen|bind|server/i.test(context);
+            }
+          }
+
+          return false;
+        },
+      },
+
+      // Database and connection strings
+      connections: {
+        regex: /^(mongodb|mysql|postgres|redis|elasticsearch):\/\/|^jdbc:|^Server=|^Data Source=/i,
+      },
+
+      // Credentials - API keys, passwords, tokens
+      credentials: {
+        keywords: [
+          "apikey",
+          "api_key",
+          "secret_key",
+          "access_token",
+          "client_secret",
+          "password",
+          "token",
+          "key",
+        ],
+        exclude: [
+          /must contain|should contain|invalid|error|message/i, // Validation messages
+          /description|comment|note/i, // Descriptions
+          /^[a-z\s]{10,}$/i, // Long descriptive text
+        ],
+      },
+
+      // Feature flags and toggles
+      featureFlags: {
+        keywords: ["feature", "flag", "toggle", "enable", "disable", "enabled", "disabled"],
+        patterns: [
+          /^(enable|disable)[A-Z]/, // enableFeature, disableLogging
+          /[A-Z][a-z]+(Flag|Toggle|Enabled|Disabled)$/, // newUIFlag, debugEnabled
+          /^FEATURE_[A-Z_]+$/, // FEATURE_NEW_UI
+          /^(is|has)[A-Z][a-z]+Enabled$/, // isDebugEnabled
+        ],
+      },
+
+      // Thresholds and limits that might vary by environment
+      thresholds: {
+        keywords: ["threshold", "limit", "max", "min"],
+        contextPatterns: [
+          /memory|cpu|disk|storage/i, // Resource thresholds
+          /rate|request|connection/i, // Rate limiting
+          /pool|queue|buffer/i, // Resource pools
+        ],
+      },
+
+      // Security & Authentication - Phase 1 extension
+      security: {
+        corsOrigins: {
+          keywords: ["cors", "origin", "allowed"],
+          patterns: [
+            /^https?:\/\/[^\/]+$/, // URLs without paths
+            /\.(com|org|net|dev|staging|prod)$/i,
+          ],
+        },
+        sessionConfig: {
+          keywords: ["session", "jwt", "token", "auth", "expiry", "expire"],
+          timePatterns: [
+            /^\d+[smhd]$/, // 24h, 30m, 60s, 7d
+            /^\d{3,}$/, // Large numbers (seconds)
+          ],
+        },
+      },
+
+      // Infrastructure Config - Phase 1 extension
+      infrastructure: {
+        caching: {
+          keywords: ["cache", "ttl", "expire", "redis", "prefix"],
+          patterns: [
+            /^[a-zA-Z]+:[a-zA-Z]+:/, // Prefixes like "myapp:prod:"
+            /^\d{3,}$/, // TTL values in seconds
+          ],
+        },
+        logging: {
+          keywords: ["log", "level"],
+          levels: ["trace", "debug", "info", "warn", "error", "fatal"],
+        },
+        performance: {
+          keywords: ["worker", "thread", "concurrency", "queue", "upload", "download"],
+          contextPatterns: [
+            /worker|thread|process/i,
+            /concurrency|parallel|queue/i,
+            /upload|download|file.*size/i,
+          ],
+        },
+      },
+
+      // Environment-specific patterns
+      environments: {
+        names: ["production", "prod", "staging", "stage", "development", "dev", "test"],
+        patterns: [
+          /^(production|prod|staging|stage|development|dev|test)$/i,
+          /\.(prod|staging|dev)\./, // domain patterns
+          /_(prod|staging|dev)_/i, // variable patterns
+        ],
+      },
+
+      // Service dependencies
+      services: {
+        keywords: ["service", "endpoint", "host", "port"],
+        patterns: [
+          /^https?:\/\/[a-zA-Z-]+-service/, // microservice URLs
+          /:[0-9]{4,5}$/, // Port numbers
+          /service.*url|url.*service/i,
+        ],
+      },
+
+      // ============ Phase 2: Critical Configuration Patterns ============
+
+      // Database & Storage Configuration
+      database: {
+        poolConfig: {
+          keywords: ["pool", "connection", "max", "min", "idle"],
+          patterns: [
+            /pool.*size|max.*connections?|min.*connections?/i,
+            /connection.*pool/i,
+            /idle.*timeout|acquire.*timeout/i,
+          ],
+        },
+        queryConfig: {
+          keywords: ["query", "timeout", "retry", "transaction"],
+          patterns: [
+            /query.*timeout|statement.*timeout/i,
+            /transaction.*isolation|isolation.*level/i,
+            /read.*timeout|write.*timeout/i,
+          ],
+        },
+        schemaNames: {
+          keywords: ["table", "collection", "database", "schema", "shard", "partition"],
+          patterns: [
+            /^[a-z_]+_20\d{2}$/, // Table names with year: users_2024
+            /^shard_\d+$|^partition_\d+$/i, // Shard identifiers
+            /table.*name|collection.*name/i,
+          ],
+        },
+      },
+
+      // Security & Authentication (Extended)
+      securityExtended: {
+        tokenConfig: {
+          keywords: ["token", "jwt", "expiry", "expire", "ttl"],
+          patterns: [
+            /^\d{3,}$/, // Expiry in seconds: 7200, 86400
+            /^\d+[smhd]$/, // Human readable: 2h, 30m, 7d
+            /expir(y|e|ation)|ttl/i,
+          ],
+        },
+        passwordPolicy: {
+          keywords: ["password", "length", "complexity", "require", "min", "max"],
+          patterns: [
+            /min.*(password|length)|password.*min/i,
+            /password.*(complexity|requirement|policy)/i,
+            /must.*contain|should.*contain|require.*\d+/i,
+          ],
+        },
+        rateLimiting: {
+          keywords: ["rate", "limit", "attempt", "throttle", "max"],
+          patterns: [
+            /max.*(attempt|tries|request)|attempt.*limit/i,
+            /rate.*limit|throttle/i,
+            /request.*per.*(minute|hour|second)/i,
+          ],
+        },
+        encryptionConfig: {
+          keywords: ["encrypt", "cipher", "algorithm", "mode", "aes", "rsa"],
+          patterns: [
+            /^(AES|RSA|DES|3DES|Blowfish)-\d+(-[A-Z]+)?$/i, // AES-256-GCM
+            /encryption.*algorithm|cipher.*mode/i,
+          ],
+        },
+        oauthConfig: {
+          keywords: ["oauth", "scope", "grant", "client"],
+          patterns: [
+            /^(read|write|admin):[a-z_]+$/i, // OAuth scopes: read:user
+            /scope|grant.*type|client.*id/i,
+          ],
+        },
+      },
+
+      // File System & Paths
+      fileSystem: {
+        directories: {
+          keywords: ["dir", "directory", "path", "folder", "upload", "download", "temp"],
+          patterns: [
+            /^\/[a-z]+\/[a-z]+\//i, // Unix absolute paths: /var/www/uploads
+            /^[A-Z]:\\/i, // Windows paths: C:\Users\...
+            /upload.*dir|download.*dir|temp.*dir/i,
+            /^\.\/[a-z_-]+\//i, // Relative paths: ./uploads/
+          ],
+        },
+        fileLimits: {
+          keywords: ["file", "size", "limit", "max", "upload"],
+          patterns: [
+            /file.*size|max.*size|size.*limit/i,
+            /upload.*limit|download.*limit/i,
+            /^\d{6,}$/, // Large byte values: 10485760 (10MB)
+          ],
+        },
+        fileTypes: {
+          keywords: ["extension", "type", "allow", "mime", "accept"],
+          patterns: [
+            /^\.[a-z0-9]{2,4}$/i, // File extensions: .jpg, .pdf
+            /allowed.*(type|extension)|accept.*type/i,
+            /^(image|video|audio|application)\/[a-z0-9+-]+$/i, // MIME types
+          ],
+        },
+        logPaths: {
+          keywords: ["log", "path", "file"],
+          patterns: [/^\/var\/log\//i, /\.log$/i, /log.*file|log.*path/i],
+        },
+      },
+
+      // ============ Phase 3: Important Configuration Patterns ============
+
+      // Network & Protocol Configuration
+      network: {
+        httpConfig: {
+          keywords: ["method", "header", "content", "type", "accept"],
+          httpMethods: ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"],
+          patterns: [
+            /^(GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)$/,
+            /allowed.*method|http.*method/i,
+            /content-type|accept|user-agent/i,
+          ],
+        },
+        timeouts: {
+          keywords: ["connect", "read", "write", "timeout", "socket"],
+          patterns: [
+            /connect.*timeout|connection.*timeout/i,
+            /read.*timeout|write.*timeout/i,
+            /socket.*timeout|idle.*timeout/i,
+          ],
+        },
+        bufferConfig: {
+          keywords: ["buffer", "size", "socket", "receive", "send"],
+          patterns: [/buffer.*size|socket.*buffer/i, /receive.*buffer|send.*buffer/i],
+        },
+        keepAlive: {
+          keywords: ["keepalive", "keep", "alive", "ping", "interval"],
+          patterns: [/keep.*alive|keepalive/i, /ping.*interval|heartbeat/i, /websocket.*ping/i],
+        },
+      },
+
+      // Business Rules & Limits
+      business: {
+        pricing: {
+          keywords: ["price", "cost", "fee", "charge", "plan"],
+          patterns: [
+            /^\d+\.\d{2}$/, // Price values: 49.99, 19.95
+            /price|cost|fee|charge/i,
+            /plan.*(price|cost)/i,
+          ],
+        },
+        quotas: {
+          keywords: ["quota", "limit", "plan", "tier", "free", "premium"],
+          patterns: [
+            /quota|limit.*per.*plan|plan.*limit/i,
+            /free.*plan|premium.*plan|enterprise.*plan/i,
+            /api.*calls.*per|request.*per.*day/i,
+          ],
+        },
+        discounts: {
+          keywords: ["discount", "promo", "coupon", "rate", "percent"],
+          patterns: [
+            /^0\.[0-9]{1,2}$/, // Decimal rates: 0.15 (15%)
+            /discount.*rate|promo.*code/i,
+          ],
+        },
+        trials: {
+          keywords: ["trial", "demo", "expiry", "days", "period"],
+          patterns: [/trial.*days|trial.*period/i, /demo.*period|expiry.*days/i],
+        },
+      },
+
+      // Monitoring & Observability
+      monitoring: {
+        metricsConfig: {
+          keywords: ["metric", "interval", "collect", "sample", "export"],
+          patterns: [/metric.*interval|collection.*interval/i, /export.*interval|push.*interval/i],
+        },
+        alertThresholds: {
+          keywords: ["alert", "threshold", "warn", "error", "critical"],
+          patterns: [
+            /alert.*threshold|threshold.*alert/i,
+            /error.*rate|error.*threshold/i,
+            /^0\.[0-9]{1,3}$/, // Percentage thresholds: 0.05 (5%)
+          ],
+        },
+        samplingRates: {
+          keywords: ["sample", "sampling", "rate", "trace"],
+          patterns: [
+            /sampling.*rate|sample.*rate/i,
+            /trace.*sampling/i,
+            /^0\.[0-9]{1,2}$/, // Sampling rates: 0.1 (10%)
+          ],
+        },
+        healthChecks: {
+          keywords: ["health", "check", "interval", "ping", "probe"],
+          patterns: [/health.*check|liveness|readiness/i, /check.*interval|probe.*interval/i],
+        },
+      },
+
+      // ============ Phase 4: Enhancement Configuration Patterns ============
+
+      // Message Queue & Event Configuration
+      messageQueue: {
+        queueConfig: {
+          keywords: ["queue", "size", "capacity", "max", "buffer"],
+          patterns: [/queue.*size|max.*queue|queue.*capacity/i, /buffer.*size.*queue/i],
+        },
+        messageTTL: {
+          keywords: ["message", "ttl", "expiry", "expire", "retention"],
+          patterns: [/message.*ttl|message.*expiry/i, /retention.*period|expire.*after/i],
+        },
+        queueNames: {
+          keywords: ["queue", "topic", "exchange", "dlq", "dead"],
+          patterns: [
+            /^[a-z-]+-queue$/i, // Queue names: user-events-queue
+            /dead.*letter|dlq|failed.*messages?/i,
+            /topic.*name|exchange.*name/i,
+          ],
+        },
+        consumerConfig: {
+          keywords: ["consumer", "group", "partition", "offset"],
+          patterns: [/consumer.*group|group.*id/i, /partition.*count|offset.*reset/i],
+        },
+      },
+
+      // Deployment & Infrastructure
+      deployment: {
+        resourceLimits: {
+          keywords: ["cpu", "memory", "limit", "request", "resource"],
+          patterns: [
+            /^\d+m$/i, // CPU millicores: 2000m
+            /^\d+[MG]i$/i, // Memory: 4Gi, 512Mi
+            /cpu.*limit|memory.*limit/i,
+            /resource.*limit|resource.*request/i,
+          ],
+        },
+        scalingConfig: {
+          keywords: ["scale", "replica", "min", "max", "threshold"],
+          patterns: [
+            /min.*replicas?|max.*replicas?/i,
+            /scale.*threshold|auto.*scale/i,
+            /horizontal.*pod.*autoscaler|hpa/i,
+          ],
+        },
+        regionConfig: {
+          keywords: ["region", "zone", "location", "deploy", "availability"],
+          patterns: [
+            /^[a-z]{2}-[a-z]+-\d+$/i, // AWS regions: us-east-1
+            /deploy.*region|region.*name/i,
+            /availability.*zone/i,
+          ],
+        },
+        instanceTypes: {
+          keywords: ["instance", "type", "machine", "node", "vm"],
+          patterns: [
+            /^[a-z]\d\.[a-z]+$/i, // AWS instance types: t3.micro
+            /instance.*type|machine.*type/i,
+            /node.*selector|node.*type/i,
+          ],
+        },
+      },
+
+      // Third-party Integration
+      integration: {
+        webhookURLs: {
+          keywords: ["webhook", "callback", "notify", "hook"],
+          patterns: [/webhook|callback.*url/i, /^https?:\/\/[^\/]+\/webhooks?\//i],
+        },
+        externalServices: {
+          keywords: ["provider", "service", "integration", "api"],
+          patterns: [
+            /^(stripe|paypal|twilio|sendgrid|slack|github)$/i, // Service names
+            /provider.*name|integration.*name/i,
+            /external.*service/i,
+          ],
+        },
+        apiVersions: {
+          keywords: ["version", "api", "v"],
+          patterns: [
+            /^v?\d{4}-\d{2}-\d{2}$/i, // Date versions: 2023-10-16
+            /^v\d+(\.\d+)?$/i, // Semantic versions: v1, v2.1
+            /api.*version/i,
+          ],
+        },
+        channelIds: {
+          keywords: ["channel", "room", "chat", "notify"],
+          patterns: [
+            /^#[a-z-]+$/i, // Slack channels: #production-alerts
+            /channel.*id|room.*id/i,
+          ],
+        },
+      },
+
+      // Localization & Formatting
+      localization: {
+        timezones: {
+          keywords: ["timezone", "zone", "tz"],
+          patterns: [
+            /^[A-Z][a-z]+\/[A-Z][a-z]+$/i, // IANA timezones: Asia/Tokyo
+            /timezone|time.*zone/i,
+          ],
+        },
+        dateFormats: {
+          keywords: ["date", "format", "pattern", "time"],
+          patterns: [
+            /^[YMDHms\-\/:\s]+$/, // Date format patterns: YYYY-MM-DD
+            /date.*format|time.*format/i,
+            /format.*string.*date/i,
+          ],
+        },
+        currencies: {
+          keywords: ["currency", "code", "symbol"],
+          patterns: [
+            /^[A-Z]{3}$/i, // Currency codes: USD, EUR, JPY
+            /currency.*code/i,
+          ],
+        },
+        locales: {
+          keywords: ["locale", "language", "lang", "i18n"],
+          patterns: [
+            /^[a-z]{2}-[A-Z]{2}$/i, // Locale codes: en-US, ja-JP
+            /locale|language.*code/i,
+          ],
+        },
+        numberFormats: {
+          keywords: ["number", "format", "decimal", "thousand", "separator"],
+          patterns: [/number.*format|decimal.*separator/i, /thousand.*separator/i],
+        },
+      },
+
+      // ============ Additional Critical Patterns ============
+
+      // Environment Variable Names (hardcoded)
+      environmentVars: {
+        keywords: ["process.env", "env"],
+        patterns: [
+          /^(PROD|DEV|STAGING|TEST)_[A-Z_]+$/i, // Environment-prefixed vars
+          /^[A-Z_]+_(PROD|DEV|STAGING|TEST)$/i,
+          /^(PRODUCTION|DEVELOPMENT)_/i,
+        ],
+      },
+
+      // Third-party Service IDs
+      thirdPartyServices: {
+        stripe: {
+          patterns: [
+            /^pk_(test|live)_[a-zA-Z0-9]{24,}$/, // Publishable keys
+            /^sk_(test|live)_[a-zA-Z0-9]{24,}$/, // Secret keys
+          ],
+        },
+        googleAnalytics: {
+          patterns: [
+            /^UA-\d+-\d+$/, // Universal Analytics
+            /^G-[A-Z0-9]{10}$/, // GA4
+            /^GTM-[A-Z0-9]+$/, // Google Tag Manager
+          ],
+        },
+        sentry: {
+          patterns: [/^https?:\/\/[a-f0-9]+@[^\/]+\.ingest\.sentry\.io\/\d+$/i],
+        },
+        googleMaps: {
+          patterns: [
+            /^AIzaSy[a-zA-Z0-9_-]{33}$/, // Google Maps API Key
+          ],
+        },
+        firebase: {
+          patterns: [/^[a-z0-9-]+\.firebaseapp\.com$/i, /^[a-z0-9-]+\.firebase(io|database)\.com$/i],
+        },
+        aws: {
+          patterns: [
+            /^AKIA[A-Z0-9]{16}$/, // AWS Access Key ID
+            /^[a-z0-9-]+\.s3\.[a-z0-9-]+\.amazonaws\.com$/i,
+          ],
+        },
+        social: {
+          patterns: [
+            /^\d{15,16}$/, // Facebook App ID
+            /^[a-zA-Z0-9]{25}$/, // Twitter Bearer Token format
+          ],
+        },
+      },
+
+      // IP Addresses & Hostnames
+      ipAddresses: {
+        patterns: [
+          /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/, // IPv4
+          /^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/, // IPv6
+          /^(?:[0-9a-fA-F]{1,4}:){1,7}:$/, // IPv6 shortened
+        ],
+        keywords: ["host", "ip", "address", "server"],
+        privateRanges: [/^10\./, /^172\.(1[6-9]|2[0-9]|3[0-1])\./, /^192\.168\./, /^127\./, /^0\.0\.0\.0$/],
+      },
+
+      // Internal Hostnames
+      hostnames: {
+        patterns: [
+          /^[a-z0-9-]+\.(internal|local|corp|lan)$/i,
+          /^[a-z0-9-]+-(?:master|slave|replica|primary|secondary)$/i,
+          /^(?:db|redis|kafka|mongo|postgres|mysql)-[a-z0-9-]+$/i,
+        ],
+        keywords: ["host", "hostname", "server", "broker", "endpoint"],
+      },
+
+      // Cron Job Schedules
+      cronSchedules: {
+        patterns: [
+          /^[\d\*\/,\-]+\s+[\d\*\/,\-]+\s+[\d\*\/,\-]+\s+[\d\*\/,\-]+\s+[\d\*\/,\-]+$/, // Standard cron
+          /^@(?:yearly|annually|monthly|weekly|daily|hourly|reboot)$/i, // Predefined schedules
+        ],
+        keywords: ["cron", "schedule", "interval"],
+      },
+
+      // Magic Numbers (Business Logic)
+      magicNumbers: {
+        // Numbers that appear in business logic contexts
+        keywords: ["age", "limit", "max", "min", "threshold", "rate", "tax", "fee", "discount", "commission"],
+        businessContexts: [
+          /legal.*age|minimum.*age|age.*requirement/i,
+          /tax.*rate|vat.*rate|commission.*rate/i,
+          /interest.*rate|exchange.*rate/i,
+          /shipping.*fee|processing.*fee|service.*fee/i,
+          /credit.*limit|withdrawal.*limit|transfer.*limit/i,
+        ],
+      },
+
+      // Email & SMS Templates
+      messageTemplates: {
+        email: {
+          keywords: ["subject", "body", "template", "email"],
+          patterns: [
+            /^[A-Z][a-zA-Z\s]{10,}$/, // English subject lines
+            /\{{\s*[a-z_]+\s*\}}/, // Template variables
+          ],
+        },
+        sms: {
+          keywords: ["sms", "text", "message"],
+          patterns: [/^Your\s+[A-Z]/i, /OTP|verification code|confirm/i],
+        },
+      },
+
+      // Version Numbers
+      versions: {
+        patterns: [
+          /^v?\d+\.\d+\.\d+(?:-[a-z0-9.]+)?$/i, // Semantic version: 1.2.3, v1.2.3-beta
+          /^v\d+$/i, // API version: v1, v2
+        ],
+        keywords: ["version", "api.*version", "min.*version", "max.*version"],
+      },
+
+      // Default Pagination
+      pagination: {
+        keywords: ["page", "limit", "size", "offset", "per.*page"],
+        defaults: [10, 20, 25, 50, 100], // Common pagination values
+      },
+    };
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    const violations = [];
+
+    try {
+      const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+      if (!sourceFile) {
+        if (this.verbose) {
+          console.log(
+            `[DEBUG] 🔍 C067: File not in semantic project, trying standalone: ${filePath.split("/").pop()}`
+          );
+        }
+        // Fallback to standalone analysis if file not in semantic project
+        return await this.analyzeFileStandalone(filePath, options);
+      }
+
+      if (this.verbose) {
+        console.log(`[DEBUG] 🔍 C067: Analyzing hardcoded config in ${filePath.split("/").pop()}`);
+      }
+
+      // Skip test files and config files themselves
+      if (this.isConfigOrTestFile(filePath)) {
+        if (this.verbose) {
+          console.log(`[DEBUG] 🔍 C067: Skipping config/test file: ${filePath.split("/").pop()}`);
+        }
+        return violations;
+      }
+
+      // Find hardcoded configuration values
+      const hardcodedConfigs = this.findHardcodedConfigs(sourceFile);
+
+      for (const config of hardcodedConfigs) {
+        violations.push({
+          ruleId: "C067",
+          message: this.createMessage(config),
+          filePath: filePath,
+          line: config.line,
+          column: config.column,
+          severity: "warning",
+          category: "configuration",
+          type: config.type,
+          value: config.value,
+          suggestion: this.getSuggestion(config.type),
+        });
+      }
+
+      if (this.verbose) {
+        console.log(`[DEBUG] 🔍 C067: Found ${violations.length} hardcoded config violations`);
+      }
+
+      return violations;
+    } catch (error) {
+      if (this.verbose) {
+        console.error(`[DEBUG] ❌ C067: Symbol analysis error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+
+  async analyzeFileStandalone(filePath, options = {}) {
+    const violations = [];
+
+    try {
+      // Create a standalone ts-morph project for this analysis
+      const project = new Project({
+        compilerOptions: {
+          target: "ES2020",
+          module: "CommonJS",
+          allowJs: true,
+          allowSyntheticDefaultImports: true,
+          esModuleInterop: true,
+          skipLibCheck: true,
+          strict: false,
+        },
+        useInMemoryFileSystem: true,
+      });
+
+      // Add the source file to the project
+      const fs = require("fs");
+      const path = require("path");
+
+      // Check if file exists first
+      if (!fs.existsSync(filePath)) {
+        throw new Error(`File not found on filesystem: ${filePath}`);
+      }
+
+      // Read file content and create source file
+      const fileContent = fs.readFileSync(filePath, "utf8");
+      const fileName = path.basename(filePath);
+      const sourceFile = project.createSourceFile(fileName, fileContent);
+
+      if (!sourceFile) {
+        throw new Error(`Source file not found: ${filePath}`);
+      }
+
+      if (this.verbose) {
+        console.log(
+          `[DEBUG] 🔍 C067: Analyzing hardcoded config in ${filePath.split("/").pop()} (standalone)`
+        );
+      }
+
+      // Skip test files and config files themselves
+      if (this.isConfigOrTestFile(filePath)) {
+        if (this.verbose) {
+          console.log(`[DEBUG] 🔍 C067: Skipping config/test file: ${filePath.split("/").pop()}`);
+        }
+        return violations;
+      }
+
+      // Find hardcoded configuration values
+      const hardcodedConfigs = this.findHardcodedConfigs(sourceFile);
+
+      for (const config of hardcodedConfigs) {
+        violations.push({
+          ruleId: "C067",
+          message: this.createMessage(config),
+          filePath: filePath,
+          line: config.line,
+          column: config.column,
+          severity: "warning",
+          category: "configuration",
+          type: config.type,
+          value: config.value,
+          suggestion: this.getSuggestion(config.type),
+        });
+      }
+
+      if (this.verbose) {
+        console.log(`[DEBUG] 🔍 C067: Found ${violations.length} hardcoded config violations (standalone)`);
+      }
+
+      // Clean up the project
+      project.removeSourceFile(sourceFile);
+
+      return violations;
+    } catch (error) {
+      if (this.verbose) {
+        console.error(`[DEBUG] ❌ C067: Standalone analysis error: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+
+  isConfigOrTestFile(filePath) {
+    // Skip config files themselves and test files, including dummy/test data files
+    const fileName = filePath.toLowerCase();
+    const configPatterns = [
+      /config\.(ts|js|json)$/,
+      /\.config\.(ts|js)$/,
+      /\.env$/,
+      /\.env\./,
+      /constants?\.(ts|js)$/,           // constants.ts, constant.ts
+      /\.constants?\.(ts|js)$/,         // app.constants.ts, common.constant.ts
+      /settings\.(ts|js)$/,
+      /defaults\.(ts|js)$/,
+    ];
+
+    const testPatterns = [
+      /\.(test|spec)\.(ts|tsx|js|jsx)$/,
+      /\/__tests__\//,
+      /\/test\//,
+      /\/tests\//,
+      /\.stories\.(ts|tsx|js|jsx)$/,
+      /\.mock\.(ts|tsx|js|jsx)$/,
+      /\/dummy\//, // Skip dummy data files
+      /dummy\.(ts|js)$/, // Skip dummy files
+      /test-fixtures\//, // Skip test fixture files
+      /\.fixture\.(ts|js)$/, // Skip fixture files
+      /entity\.(ts|js)$/, // Skip entity/ORM files (contain DB constraints)
+    ];
+
+    return (
+      configPatterns.some((pattern) => pattern.test(fileName)) ||
+      testPatterns.some((pattern) => pattern.test(fileName))
+    );
+  }
+
+  findHardcodedConfigs(sourceFile) {
+    const configs = [];
+
+    // Traverse all nodes in the source file
+    sourceFile.forEachDescendant((node) => {
+      // Check string literals for URLs, credentials, feature flags
+      if (node.getKind() === SyntaxKind.StringLiteral) {
+        const config = this.analyzeStringLiteral(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+
+      // Check numeric literals for timeouts, ports, batch sizes
+      if (node.getKind() === SyntaxKind.NumericLiteral) {
+        const config = this.analyzeNumericLiteral(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+
+      // Check boolean literals for feature flags
+      if (node.getKind() === SyntaxKind.TrueKeyword || node.getKind() === SyntaxKind.FalseKeyword) {
+        const config = this.analyzeBooleanLiteral(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+
+      // Check template literals for URLs with embedded values
+      if (node.getKind() === SyntaxKind.TemplateExpression) {
+        const config = this.analyzeTemplateLiteral(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+
+      // Check property assignments for configuration objects
+      if (node.getKind() === SyntaxKind.PropertyAssignment) {
+        const config = this.analyzePropertyAssignment(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+
+      // Check variable declarations for configuration constants
+      if (node.getKind() === SyntaxKind.VariableDeclaration) {
+        const config = this.analyzeVariableDeclaration(node, sourceFile);
+        if (config) {
+          configs.push(config);
+        }
+      }
+    });
+
+    return configs;
+  }
+
+  analyzeStringLiteral(node, sourceFile) {
+    const value = node.getLiteralValue();
+    const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+
+    // Skip short strings and common UI values
+    if (value.length < 3) return null;
+
+    const parentContext = this.getParentContext(node);
+
+    // Skip import paths and module names
+    if (this.isImportPath(value, node)) return null;
+
+    // Skip UI strings and labels
+    if (this.isUIString(value)) return null;
+
+    // Skip Japanese UI text and form labels (NEW - reduces false positives)
+    if (this.isJapaneseUIText(value, parentContext)) return null;
+
+    // Skip form field labels (NEW - reduces false positives)
+    if (this.isFormFieldLabel(value, parentContext)) return null;
+
+    // Skip test data and mocks
+    if (this.isTestData(value, parentContext)) return null;
+
+    // Skip validation messages and error messages
+    if (this.isValidationMessage(value, parentContext)) return null;
+
+    // Skip file names and descriptions
+    if (this.isFileNameOrDescription(value, parentContext)) return null;
+
+    // Skip config keys (like 'api.baseUrl', 'features.newUI', etc.)
+    if (this.looksLikeConfigKey(value)) {
+      return null;
+    }
+
+    // Skip if this is used in a config service call
+    if (
+      parentContext.includes("config.get") ||
+      parentContext.includes("config.getString") ||
+      parentContext.includes("config.getBoolean") ||
+      parentContext.includes("config.getNumber")
+    ) {
+      return null;
+    }
+
+    // Skip if this is a property key in an object literal
+    if (this.isPropertyKey(node)) {
+      return null;
+    }
+
+    // Check for API URLs and endpoints - Rule C067 requirement
+    if (this.configPatterns.urls.regex.test(value)) {
+      if (!this.isExcludedUrl(value, node) && this.isEnvironmentDependentUrl(value)) {
+        return {
+          type: "api_url",
+          value: value,
+          line: position.line,
+          column: position.column,
+          node: node,
+          suggestion: "Move API URLs to environment variables or config files",
+        };
+      }
+    }
+
+    // Check for credentials - Rule C067 requirement
+    if (this.isRealCredential(value, parentContext)) {
+      return {
+        type: "credential",
+        value: this.maskSensitiveValue(value),
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move credentials to secure environment variables or vault",
+      };
+    }
+
+    // Check for connection strings - Rule C067 requirement
+    if (this.configPatterns.connections.regex.test(value)) {
+      return {
+        type: "connection_string",
+        value: this.maskSensitiveValue(value),
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move connection strings to environment variables",
+      };
+    }
+
+    // Phase 1 extensions - Security & Infrastructure
+
+    // Check for CORS origins
+    if (this.isCorsOrigin(value, parentContext)) {
+      return {
+        type: "cors_origin",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move CORS origins to environment configuration",
+      };
+    }
+
+    // Check for session/JWT configuration
+    if (this.isSessionConfig(value, parentContext)) {
+      return {
+        type: "session_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move session configuration to environment variables",
+      };
+    }
+
+    // Check for cache configuration
+    if (this.isCacheConfig(value, parentContext)) {
+      return {
+        type: "cache_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move cache configuration to environment settings",
+      };
+    }
+
+    // Check for log levels
+    if (this.isLogLevel(value, parentContext)) {
+      return {
+        type: "log_level",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move log level to environment configuration",
+      };
+    }
+
+    // Check for environment names
+    if (this.isEnvironmentName(value, parentContext)) {
+      return {
+        type: "environment_name",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Avoid hardcoding environment names, use environment detection",
+      };
+    }
+
+    // Check for service dependencies
+    if (this.isServiceDependency(value, parentContext)) {
+      return {
+        type: "service_dependency",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move service URLs to service discovery or configuration",
+      };
+    }
+
+    // ============ Phase 2: Critical String Configurations ============
+
+    // Check for database schema/table names
+    if (this.isSchemaName(value, parentContext)) {
+      return {
+        type: "schema_name",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move schema names to database configuration",
+      };
+    }
+
+    // Check for encryption algorithms
+    if (this.isEncryptionConfig(value, parentContext)) {
+      return {
+        type: "encryption_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move encryption configuration to security settings",
+      };
+    }
+
+    // Check for OAuth scopes
+    if (this.isOAuthConfig(value, parentContext)) {
+      return {
+        type: "oauth_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move OAuth configuration to authentication settings",
+      };
+    }
+
+    // Check for directories and paths
+    if (this.isDirectory(value, parentContext)) {
+      return {
+        type: "directory",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move directory paths to environment configuration",
+      };
+    }
+
+    // Check for file extensions and MIME types
+    if (this.isFileType(value, parentContext)) {
+      return {
+        type: "file_type",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move file type restrictions to configuration",
+      };
+    }
+
+    // Check for log file paths
+    if (this.isLogPath(value, parentContext)) {
+      return {
+        type: "log_path",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move log paths to logging configuration",
+      };
+    }
+
+    // ============ Phase 3: Important String Configurations ============
+
+    // Check for HTTP methods and headers
+    if (this.isHttpConfig(value, parentContext)) {
+      return {
+        type: "http_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move HTTP configuration to network settings",
+      };
+    }
+
+    // Check for queue/topic names
+    if (this.isQueueConfig(value, parentContext)) {
+      return {
+        type: "queue_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move queue names to messaging configuration",
+      };
+    }
+
+    // Check for consumer group IDs
+    if (this.isConsumerConfig(value, parentContext)) {
+      return {
+        type: "consumer_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move consumer configuration to messaging settings",
+      };
+    }
+
+    // ============ Phase 4: Enhancement String Configurations ============
+
+    // Check for resource limits (Kubernetes style)
+    if (this.isResourceLimit(value, parentContext)) {
+      return {
+        type: "resource_limit",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move resource limits to deployment configuration",
+      };
+    }
+
+    // Check for deployment regions
+    if (this.isRegionConfig(value, parentContext)) {
+      return {
+        type: "region_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move region configuration to deployment settings",
+      };
+    }
+
+    // Check for instance types
+    if (this.isInstanceType(value, parentContext)) {
+      return {
+        type: "instance_type",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move instance types to infrastructure configuration",
+      };
+    }
+
+    // Check for webhook URLs
+    if (this.isWebhookURL(value, parentContext)) {
+      return {
+        type: "webhook_url",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move webhook URLs to integration configuration",
+      };
+    }
+
+    // Check for external service names
+    if (this.isExternalService(value, parentContext)) {
+      return {
+        type: "external_service",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move service provider names to integration configuration",
+      };
+    }
+
+    // Check for API versions
+    if (this.isApiVersion(value, parentContext)) {
+      return {
+        type: "api_version",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move API versions to integration configuration",
+      };
+    }
+
+    // Check for channel IDs (Slack, etc.)
+    if (this.isChannelId(value, parentContext)) {
+      return {
+        type: "channel_id",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move channel IDs to notification configuration",
+      };
+    }
+
+    // Check for timezones
+    if (this.isTimezone(value, parentContext)) {
+      return {
+        type: "timezone",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move timezone to localization configuration",
+      };
+    }
+
+    // Check for date formats
+    if (this.isDateFormat(value, parentContext)) {
+      return {
+        type: "date_format",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move date formats to localization configuration",
+      };
+    }
+
+    // Check for currency codes
+    if (this.isCurrency(value, parentContext)) {
+      return {
+        type: "currency",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move currency codes to localization configuration",
+      };
+    }
+
+    // Check for locale identifiers
+    if (this.isLocale(value, parentContext)) {
+      return {
+        type: "locale",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move locale to localization configuration",
+      };
+    }
+
+    // ============ Additional Critical Configurations ============
+
+    // Check for hardcoded environment variable names
+    if (this.isHardcodedEnvVar(value, parentContext)) {
+      return {
+        type: "environment_var",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Use environment-agnostic variable names or config service",
+      };
+    }
+
+    // Check for third-party service IDs/keys
+    if (this.isThirdPartyServiceId(value, parentContext)) {
+      return {
+        type: "third_party_service",
+        value: this.maskSensitiveValue(value),
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move API keys/service IDs to secret management (e.g., .env, AWS Secrets Manager)",
+      };
+    }
+
+    // Check for IP addresses
+    if (this.isIPAddress(value, parentContext)) {
+      return {
+        type: "ip_address",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move IP addresses to configuration or service discovery",
+      };
+    }
+
+    // Check for internal hostnames
+    if (this.isInternalHostname(value, parentContext)) {
+      return {
+        type: "hostname",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move hostnames to configuration or use service discovery",
+      };
+    }
+
+    // Check for cron schedules
+    if (this.isCronSchedule(value, parentContext)) {
+      return {
+        type: "cron_schedule",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move cron schedules to scheduler configuration",
+      };
+    }
+
+    // Check for message templates
+    if (this.isMessageTemplate(value, parentContext)) {
+      return {
+        type: "message_template",
+        value: value.substring(0, 50) + (value.length > 50 ? "..." : ""),
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move email/SMS templates to template management system",
+      };
+    }
+
+    // Check for version numbers
+    if (this.isVersionNumber(value, parentContext)) {
+      return {
+        type: "version",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        suggestion: "Move version numbers to build configuration or package.json",
+      };
+    }
+
+    return null;
+  }
+
+  analyzeBooleanLiteral(node, sourceFile) {
+    const value = node.getKind() === SyntaxKind.TrueKeyword;
+    const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+    const parentContext = this.getParentContext(node);
+
+    // Skip React state initial values (NEW - reduces false positives)
+    // Common patterns: useState(false), const [isOpen, setIsOpen] = useState(false)
+    if (/useState|useReducer|createContext/.test(parentContext)) {
+      return null;
+    }
+
+    // Skip component props default values
+    if (/defaultProps|default\s*:/i.test(parentContext)) {
+      return null;
+    }
+
+    // Skip UI state management (open, close, show, hide, loading, disabled, etc.)
+    const uiStatePatterns = [
+      /isOpen|isClose|isShow|isHide/i,
+      /isVisible|isHidden/i,
+      /isLoading|isDisabled|isEnabled|isActive/i,
+      /isChecked|isSelected/i,
+      /hasError|hasWarning/i,
+      /showModal|closeModal|openDialog/i,
+    ];
+
+    if (uiStatePatterns.some((pattern) => pattern.test(parentContext))) {
+      return null;
+    }
+
+    // Check if this boolean is a feature flag or toggle - Rule C067 requirement
+    if (this.isFeatureFlag(parentContext)) {
+      return {
+        type: "feature_flag",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move feature flags to configuration management system",
+      };
+    }
+
+    return null;
+  }
+
+  analyzeNumericLiteral(node, sourceFile) {
+    const value = node.getLiteralValue();
+    const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+    const parentContext = this.getParentContext(node);
+
+    // Check for timeouts and retry intervals - Rule C067 requirement
+    if (this.isTimeout(value, parentContext)) {
+      return {
+        type: "timeout",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move timeout values to configuration files",
+      };
+    }
+
+    // Check for retry intervals - Rule C067 requirement
+    if (this.isRetryInterval(value, parentContext)) {
+      return {
+        type: "retry_interval",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move retry intervals to environment configuration",
+      };
+    }
+
+    // Check for batch sizes - Rule C067 requirement
+    if (this.isBatchSize(value, parentContext)) {
+      return {
+        type: "batch_size",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move batch sizes to configuration management",
+      };
+    }
+
+    // Check for thresholds that might vary by environment
+    if (this.isThreshold(value, parentContext)) {
+      return {
+        type: "threshold",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move thresholds to environment-specific configuration",
+      };
+    }
+
+    // Phase 1 extensions - Infrastructure numeric configs
+
+    // Check for session/JWT expiry times
+    if (this.isSessionConfig(value, parentContext)) {
+      return {
+        type: "session_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move session timeouts to environment configuration",
+      };
+    }
+
+    // Check for cache TTL values
+    if (this.isCacheConfig(value, parentContext)) {
+      return {
+        type: "cache_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move cache TTL to configuration management",
+      };
+    }
+
+    // Check for performance configuration
+    if (this.isPerformanceConfig(value, parentContext)) {
+      return {
+        type: "performance_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move performance settings to environment configuration",
+      };
+    }
+
+    // ============ Phase 2: Critical Numeric Configurations ============
+
+    // Check for database pool sizes
+    if (this.isDatabasePoolConfig(value, parentContext)) {
+      return {
+        type: "database_pool",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move database pool configuration to environment settings",
+      };
+    }
+
+    // Check for query timeouts
+    if (this.isQueryConfig(value, parentContext)) {
+      return {
+        type: "query_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move query timeout to database configuration",
+      };
+    }
+
+    // Check for token expiry times
+    if (this.isTokenConfig(value, parentContext)) {
+      return {
+        type: "token_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move token expiry to security configuration",
+      };
+    }
+
+    // Check for password policy values
+    if (this.isPasswordPolicy(value, parentContext)) {
+      return {
+        type: "password_policy",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move password policy to security configuration",
+      };
+    }
+
+    // Check for rate limits
+    if (this.isRateLimiting(value, parentContext)) {
+      return {
+        type: "rate_limiting",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move rate limits to security configuration",
+      };
+    }
+
+    // Check for file size limits
+    if (this.isFileLimit(value, parentContext)) {
+      return {
+        type: "file_limit",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move file size limits to upload configuration",
+      };
+    }
+
+    // ============ Phase 3: Important Numeric Configurations ============
+
+    // Check for network timeouts (distinct from general timeouts)
+    if (this.isNetworkTimeout(value, parentContext)) {
+      return {
+        type: "network_timeout",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move network timeouts to network configuration",
+      };
+    }
+
+    // Check for buffer sizes
+    if (this.isBufferConfig(value, parentContext)) {
+      return {
+        type: "buffer_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move buffer sizes to network configuration",
+      };
+    }
+
+    // Check for keep-alive intervals
+    if (this.isKeepAliveConfig(value, parentContext)) {
+      return {
+        type: "keepalive_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move keep-alive settings to network configuration",
+      };
+    }
+
+    // Check for pricing values
+    if (this.isPricing(value, parentContext)) {
+      return {
+        type: "pricing",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move pricing to business configuration",
+      };
+    }
+
+    // Check for quotas
+    if (this.isQuota(value, parentContext)) {
+      return {
+        type: "quota",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move quotas to business configuration",
+      };
+    }
+
+    // Check for discount rates
+    if (this.isDiscount(value, parentContext)) {
+      return {
+        type: "discount",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move discount rates to pricing configuration",
+      };
+    }
+
+    // Check for trial periods
+    if (this.isTrial(value, parentContext)) {
+      return {
+        type: "trial",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move trial periods to subscription configuration",
+      };
+    }
+
+    // Check for metrics intervals
+    if (this.isMetricsConfig(value, parentContext)) {
+      return {
+        type: "metrics_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move metrics intervals to monitoring configuration",
+      };
+    }
+
+    // Check for alert thresholds
+    if (this.isAlertThreshold(value, parentContext)) {
+      return {
+        type: "alert_threshold",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move alert thresholds to monitoring configuration",
+      };
+    }
+
+    // Check for sampling rates
+    if (this.isSamplingRate(value, parentContext)) {
+      return {
+        type: "sampling_rate",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move sampling rates to observability configuration",
+      };
+    }
+
+    // Check for health check intervals
+    if (this.isHealthCheck(value, parentContext)) {
+      return {
+        type: "health_check",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move health check intervals to monitoring configuration",
+      };
+    }
+
+    // ============ Phase 4: Enhancement Numeric Configurations ============
+
+    // Check for message TTL
+    if (this.isMessageTTL(value, parentContext)) {
+      return {
+        type: "message_ttl",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move message TTL to messaging configuration",
+      };
+    }
+
+    // Check for scaling configuration
+    if (this.isScalingConfig(value, parentContext)) {
+      return {
+        type: "scaling_config",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move scaling configuration to deployment settings",
+      };
+    }
+
+    // ============ Additional Critical Numeric Configurations ============
+
+    // Check for magic numbers in business logic
+    if (this.isMagicNumber(value, parentContext)) {
+      return {
+        type: "magic_number",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move business constants to configuration or constants file",
+      };
+    }
+
+    // Check for pagination defaults
+    if (this.isPaginationDefault(value, parentContext)) {
+      return {
+        type: "pagination_default",
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        context: parentContext,
+        suggestion: "Move pagination defaults to API configuration",
+      };
+    }
+
+    return null;
+  }
+
+  analyzeTemplateLiteral(node, sourceFile) {
+    // For now, focus on simple template literals that might contain URLs
+    const templateText = node.getFullText();
+    if (templateText.includes("http://") || templateText.includes("https://")) {
+      const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+
+      // Check if it's using environment variables or config
+      if (!templateText.includes("process.env") && !templateText.includes("config.")) {
+        return {
+          type: "template_url",
+          value: templateText.trim(),
+          line: position.line,
+          column: position.column,
+          node: node,
+        };
+      }
+    }
+
+    return null;
+  }
+
+  analyzePropertyAssignment(node, sourceFile) {
+    const nameNode = node.getNameNode();
+    const valueNode = node.getInitializer();
+
+    if (!nameNode || !valueNode) return null;
+
+    const propertyName = nameNode.getText();
+    const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+
+    // Skip ALL field mapping objects and ORM/database entity configurations
+    const ancestorObj = node.getParent();
+    if (ancestorObj && Node.isObjectLiteralExpression(ancestorObj)) {
+      const objParent = ancestorObj.getParent();
+      if (objParent && Node.isVariableDeclaration(objParent)) {
+        const varName = objParent.getName();
+        // Skip field mappings, database schemas, etc.
+        if (/mapping|map|field|column|decode|schema|entity|constraint|table/i.test(varName)) {
+          return null;
+        }
+      }
+
+      // Check if this looks like a table column definition or field mapping
+      const objText = ancestorObj.getText();
+      if (/primaryKeyConstraintName|foreignKeyConstraintName|key.*may contain/i.test(objText)) {
+        return null; // Skip database constraint definitions
+      }
+    }
+
+    // Skip properties that are clearly field mappings or business data
+    const businessLogicProperties = [
+      // Field mappings
+      "key",
+      "field",
+      "dataKey",
+      "valueKey",
+      "labelKey",
+      "sortKey",
+      // Business logic
+      "endpoint",
+      "path",
+      "route",
+      "method",
+      "limit",
+      "pageSize",
+      "batchSize",
+      "maxResults",
+      "retry",
+      "retries",
+      "maxRetries",
+      "attempts",
+      "count",
+      "max",
+      "min",
+      "size",
+      "length",
+      // UI properties
+      "className",
+      "style",
+      "disabled",
+      "readonly",
+      // Database/ORM
+      "primaryKeyConstraintName",
+      "foreignKeyConstraintName",
+      "constraintName",
+      "tableName",
+      "columnName",
+      "schemaName",
+    ];
+
+    const lowerPropertyName = propertyName.toLowerCase();
+    if (businessLogicProperties.some((prop) => lowerPropertyName.includes(prop))) {
+      return null; // Skip these completely
+    }
+
+    // Only check for CLEARLY environment-dependent properties
+    const trulyEnvironmentDependentProps = [
+      "baseurl",
+      "baseURL",
+      "host",
+      "hostname",
+      "server",
+      "endpoint",
+      "apikey",
+      "api_key",
+      "secret_key",
+      "client_secret",
+      "database",
+      "connectionstring",
+      "dbhost",
+      "dbport",
+      "port",
+      "timeout", // Only when they have suspicious values
+      "bucket",
+      "region", // Cloud-specific
+      "clientid",
+      "tenantid", // OAuth-specific
+    ];
+
+    if (!trulyEnvironmentDependentProps.some((prop) => lowerPropertyName.includes(prop))) {
+      return null; // Not clearly environment-dependent
+    }
+
+    let value = null;
+    let configType = null;
+
+    if (valueNode.getKind() === SyntaxKind.StringLiteral) {
+      value = valueNode.getLiteralValue();
+
+      // Only flag URLs or clearly sensitive values
+      if (this.configPatterns.urls.regex.test(value) && this.isEnvironmentDependentUrl(value)) {
+        configType = "url";
+      } else if (this.isRealCredential(value, propertyName)) {
+        configType = "credential";
+      } else {
+        return null; // Skip other string values
+      }
+    } else if (valueNode.getKind() === SyntaxKind.NumericLiteral) {
+      value = valueNode.getLiteralValue();
+      const parentContext = this.getParentContext(node);
+
+      // Only flag numbers that are clearly environment-dependent
+      if (this.configPatterns.environmentNumbers.isEnvironmentDependent(value, parentContext)) {
+        configType = "environment_config";
+      } else {
+        return null;
+      }
+    } else {
+      return null; // Skip other value types
+    }
+
+    if (configType) {
+      return {
+        type: configType,
+        value: value,
+        line: position.line,
+        column: position.column,
+        node: node,
+        propertyName: propertyName,
+      };
+    }
+
+    return null;
+  }
+
+  analyzeVariableDeclaration(node, sourceFile) {
+    const nameNode = node.getNameNode();
+    const initializer = node.getInitializer();
+
+    if (!nameNode || !initializer) return null;
+
+    const variableName = nameNode.getText();
+    const position = sourceFile.getLineAndColumnAtPos(node.getStart());
+
+    // Check if variable name suggests environment-dependent configuration
+    if (this.isEnvironmentDependentProperty(variableName)) {
+      let value = null;
+
+      if (initializer.getKind() === SyntaxKind.StringLiteral) {
+        value = initializer.getLiteralValue();
+      } else if (initializer.getKind() === SyntaxKind.NumericLiteral) {
+        value = initializer.getLiteralValue();
+      }
+
+      if (value !== null && this.looksLikeEnvironmentConfig(variableName, value)) {
+        return {
+          type: "variable_config",
+          value: value,
+          line: position.line,
+          column: position.column,
+          node: node,
+          variableName: variableName,
+        };
+      }
+    }
+
+    return null;
+  }
+
+  getParentContext(node) {
+    // Get surrounding context to understand the purpose of the literal
+    let parent = node.getParent();
+    let context = "";
+
+    // Check if this is a method call argument or property access
+    while (parent && context.length < 100) {
+      const parentText = parent.getText();
+
+      // If parent is CallExpression and this node is an argument, it might be a config key
+      if (parent.getKind() === SyntaxKind.CallExpression) {
+        const callExpr = parent;
+        const methodName = this.getMethodName(callExpr);
+        if (["get", "getBoolean", "getNumber", "getArray", "getString"].includes(methodName)) {
+          return `config.${methodName}()`; // This indicates it's a config key
+        }
+      }
+
+      if (parentText.length < 200) {
+        context = parentText;
+        break;
+      }
+      parent = parent.getParent();
+    }
+
+    return context;
+  }
+
+  getMethodName(callExpression) {
+    const expression = callExpression.getExpression();
+    if (expression.getKind() === SyntaxKind.PropertyAccessExpression) {
+      return expression.getName();
+    }
+    if (expression.getKind() === SyntaxKind.Identifier) {
+      return expression.getText();
+    }
+    return "";
+  }
+
+  isExcludedUrl(value, node) {
+    return this.configPatterns.urls.exclude.some((pattern) => pattern.test(value));
+  }
+
+  isExcludedCredential(value, node) {
+    return this.configPatterns.credentials.exclude.some((pattern) => pattern.test(value));
+  }
+
+  containsCredentialKeyword(context) {
+    const lowerContext = context.toLowerCase();
+
+    // Skip if this looks like a header name or property key definition
+    if (context.includes("':") || context.includes('": ') || context.includes(" = ")) {
+      // This might be a key-value pair where the string is the key
+      return false;
+    }
+
+    return this.configPatterns.credentials.keywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  looksLikeUIValue(value, context) {
+    // Check if it's likely a UI-related value (like input type, label, etc.)
+    const uiKeywords = ["input", "type", "field", "label", "placeholder", "text", "button"];
+    const lowerContext = context.toLowerCase();
+    return uiKeywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  looksLikeConfigKey(value) {
+    // Check if it looks like a config key path (e.g., 'api.baseUrl', 'features.newUI')
+    if (/^[a-zA-Z][a-zA-Z0-9]*\.[a-zA-Z][a-zA-Z0-9]*(\.[a-zA-Z][a-zA-Z0-9]*)*$/.test(value)) {
+      return true;
+    }
+
+    // Check for other config key patterns
+    const configKeyPatterns = [
+      /^[a-zA-Z][a-zA-Z0-9]*\.[a-zA-Z]/, // dotted notation like 'api.url'
+      /^[A-Z_][A-Z0-9_]*$/, // CONSTANT_CASE like 'API_URL'
+      /^get[A-Z]/, // getter methods like 'getApiUrl'
+      /^config\./, // config namespace
+      /^settings\./, // settings namespace
+      /^env\./, // env namespace
+    ];
+
+    return configKeyPatterns.some((pattern) => pattern.test(value));
+  }
+
+  isPropertyKey(node) {
+    // Check if this string literal is used as a property key in an object literal
+    const parent = node.getParent();
+
+    // If parent is PropertyAssignment and this node is the name, it's a property key
+    if (parent && parent.getKind() === SyntaxKind.PropertyAssignment) {
+      const nameNode = parent.getNameNode();
+      return nameNode === node;
+    }
+
+    return false;
+  }
+
+  isImportPath(value, node) {
+    // Check if this is likely an import path or module name
+    const parent = node.getParent();
+
+    // Check if it's in an import statement
+    let currentNode = parent;
+    while (currentNode) {
+      const kind = currentNode.getKind();
+      if (
+        kind === SyntaxKind.ImportDeclaration ||
+        kind === SyntaxKind.ExportDeclaration ||
+        kind === SyntaxKind.CallExpression
+      ) {
+        const text = currentNode.getText();
+        if (text.includes("require(") || text.includes("import ") || text.includes("from ")) {
+          return true;
+        }
+      }
+      currentNode = currentNode.getParent();
+    }
+
+    // Check for common import path patterns
+    return (
+      /^[@a-z][a-z0-9\-_]*\/|^[a-z][a-z0-9\-_]*$|^\.{1,2}\//.test(value) ||
+      value.endsWith(".js") ||
+      value.endsWith(".ts") ||
+      value.endsWith(".json") ||
+      value.endsWith(".css") ||
+      value.endsWith(".scss") ||
+      value.endsWith(".html")
+    );
+  }
+
+  isUIString(value) {
+    // Check against predefined UI string patterns, but don't skip credentials
+    if (
+      typeof value === "string" &&
+      value.length > 20 &&
+      (/token|key|secret|bearer|auth/i.test(value) || /^[a-f0-9-]{30,}$/i.test(value))
+    ) {
+      // Don't skip potential credentials/tokens even if they contain UI keywords
+      return false;
+    }
+
+    return this.UI_STRINGS.some((pattern) => {
+      if (typeof pattern === "string") {
+        return value === pattern; // Exact match only, not includes
+      } else {
+        return pattern.test(value);
+      }
+    });
+  }
+
+  isJapaneseUIText(value, context) {
+    if (typeof value !== "string") return false;
+
+    // Check for Japanese/CJK characters
+    const hasJapanese = /[\u3000-\u303f\u3040-\u309f\u30a0-\u30ff\uff00-\uff9f\u4e00-\u9faf]/.test(value);
+    if (!hasJapanese) return false;
+
+    // Japanese particles that indicate UI text
+    const japaneseParticles = /[はがをにでとへのもやけだ]/;
+    if (japaneseParticles.test(value)) return true;
+
+    // Common Japanese UI terms
+    const japaneseUITerms = [
+      /ID$/, // xxxID
+      /名$/, // xxx名 (name)
+      /用/, // xxx用 (for xxx)
+      /番号/, // 番号 (number)
+      /情報/, // 情報 (information)
+      /設定/, // 設定 (settings)
+      /画面/, // 画面 (screen)
+      /ボタン/, // ボタン (button)
+      /入力/, // 入力 (input)
+      /選択/, // 選択 (selection)
+      /一覧/, // 一覧 (list)
+      /詳細/, // 詳細 (details)
+      /確認/, // 確認 (confirmation)
+      /登録/, // 登録 (registration)
+      /更新/, // 更新 (update)
+      /削除/, // 削除 (delete)
+      /検索/, // 検索 (search)
+      /表示/, // 表示 (display)
+      /メール/, // メール (email)
+      /電話/, // 電話 (phone)
+      /住所/, // 住所 (address)
+      /連絡/, // 連絡 (contact)
+      /会社/, // 会社 (company)
+      /工場/, // 工場 (factory)
+      /整備/, // 整備 (maintenance)
+    ];
+
+    if (japaneseUITerms.some((pattern) => pattern.test(value))) return true;
+
+    // Check if context suggests it's a label or placeholder
+    const lowerContext = context.toLowerCase();
+    const labelPatterns = [
+      /label|placeholder|title|heading|text/i,
+      /register.*label|field.*label/i,
+      /header.*text|tooltip/i,
+    ];
+
+    if (hasJapanese && labelPatterns.some((pattern) => pattern.test(context))) {
+      return true;
+    }
+
+    return false;
+  }
+
+  isFormFieldLabel(value, context) {
+    if (typeof value !== "string") return false;
+
+    const lowerContext = context.toLowerCase();
+
+    // Check if it's in a form field context
+    const formFieldPatterns = [
+      /register.*label|label.*register/i,
+      /field.*label|label.*field/i,
+      /form.*label|label.*form/i,
+      /input.*label|label.*input/i,
+      /placeholder|tooltip|helper.*text/i,
+      /error.*message|validation.*message/i,
+      /\.label\b|label:/i,
+    ];
+
+    if (formFieldPatterns.some((pattern) => pattern.test(context))) {
+      return true;
+    }
+
+    // Check for React Hook Form's register with label
+    if (context.includes("register(") && context.includes("label")) {
+      return true;
+    }
+
+    return false;
+  }
+
+  isTestData(value, context) {
+    // Check if variable name suggests it's test/mock data
+    const lowerContext = context.toLowerCase();
+    const testVarPatterns = [
+      /mock[a-z]/i, // mockApiKey, mockUser
+      /test[a-z]/i, // testUser, testKey
+      /dummy[a-z]/i, // dummyData
+      /sample[a-z]/i, // sampleData
+      /fake[a-z]/i, // fakeKey
+      /example[a-z]/i, // exampleToken
+    ];
+
+    if (testVarPatterns.some((pattern) => pattern.test(context))) {
+      return true;
+    }
+
+    // Don't skip credentials/tokens even in dummy files if they look real
+    if (
+      typeof value === "string" &&
+      value.length > 20 &&
+      (/^sk-live|^pk-live|^prod-|^production-/i.test(value) || // Clearly production keys
+        /^[a-f0-9]{32,}$/i.test(value) || // Long hex strings
+        /^[A-Za-z0-9+/]{40,}={0,2}$/i.test(value)) // Base64 tokens
+    ) {
+      return false; // Don't skip potential real credentials
+    }
+
+    // Check for test patterns in value - but be more restrictive
+    if (this.TEST_PATTERNS.some((pattern) => pattern.test(value))) {
+      // Only skip if it's clearly test data, not production dummy data
+      const isInTestFile =
+        /\.(test|spec)\.(ts|tsx|js|jsx)$/i.test(context) ||
+        /\/__tests__\//i.test(context) ||
+        /\/test\//i.test(context);
+      return isInTestFile;
+    }
+
+    // Check for test context
+    const testKeywords = ["test", "spec", "mock", "fixture", "stub", "describe", "it("];
+    return testKeywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  isValidationMessage(value, context) {
+    // Skip validation/error messages
+    const validationPatterns = [
+      /must contain|should contain|invalid|error|required|missing/i,
+      /password|username|email/i, // Common validation contexts
+      /^[A-Z][a-z\s]{10,}$/, // Sentence-like messages
+      /\s(at least|one|letter|uppercase|lowercase|numeric)/i,
+    ];
+
+    return (
+      validationPatterns.some((pattern) => pattern.test(value)) ||
+      /message|error|validation|description/i.test(context)
+    );
+  }
+
+  isFileNameOrDescription(value, context) {
+    // Skip file names and descriptions
+    const filePatterns = [
+      /\.(csv|json|xml|txt|md)$/i,
+      /^[a-z_\-]+\.(csv|json|xml|txt)$/i,
+      /description|comment|note|foreign key|identity/i,
+    ];
+
+    return (
+      filePatterns.some((pattern) => pattern.test(value)) ||
+      /description|comment|note|identity|foreign|table/i.test(context)
+    );
+  }
+
+  isEnvironmentDependentUrl(value) {
+    // Only flag URLs that are likely to differ between environments
+    const envDependentPatterns = [
+      /\.amazonaws\.com/, // AWS services
+      /\.azure\.com/, // Azure services
+      /\.googleapis\.com/, // Google services
+      /\.herokuapp\.com/, // Heroku apps
+      /\.vercel\.app/, // Vercel deployments
+      /\.netlify\.app/, // Netlify deployments
+      /api\./, // API endpoints
+      /auth\./, // Auth services
+      /\.dev|\.staging|\.prod/i, // Environment-specific domains
+      /\/api\/v\d+/, // Versioned API endpoints
+      /https?:\/\/[^\/]+\.com\/api/, // External API endpoints
+    ];
+
+    // Skip localhost and development URLs
+    if (/localhost|127\.0\.0\.1|0\.0\.0\.0/.test(value)) {
+      return false;
+    }
+
+    return envDependentPatterns.some((pattern) => pattern.test(value));
+  }
+
+  isRealCredential(value, context) {
+    // Check for real credentials, not validation messages
+    const credentialKeywords = this.configPatterns.credentials.keywords;
+    const lowerContext = context.toLowerCase();
+
+    // Must have credential keyword in context
+    if (!credentialKeywords.some((keyword) => lowerContext.includes(keyword))) {
+      return false;
+    }
+
+    // Skip property/field names (camelCase identifiers)
+    // These are field names, not actual credential values
+    if (/^[a-z][a-zA-Z0-9]*$/.test(value)) {
+      // Common field name patterns that are not credentials
+      const fieldNamePatterns = [
+        /^(is|has|can|should)[A-Z]/, // isJoinFPL, hasAccess
+        /Flg$/i, // loginFlg, deleteFlg
+        /Id$/i, // userId, accountId
+        /Key$/i, // sortKey, primaryKey
+        /Name$/i, // userName, keyName
+        /Code$/i, // errorCode, statusCode
+        /Type$/i, // tokenType, keyType
+        /Status$/i, // loginStatus
+        /^[a-z]+[A-Z][a-z]+$/, // General camelCase
+      ];
+
+      if (fieldNamePatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+    }
+
+    // Skip URL paths (routes)
+    if (/^\/[a-z-/]*$/.test(value)) {
+      return false; // /login, /verify-login, etc.
+    }
+
+    // Skip Japanese UI text and labels
+    if (this.isJapaneseUIText(value, context)) {
+      return false;
+    }
+
+    // Skip form field labels
+    if (this.isFormFieldLabel(value, context)) {
+      return false;
+    }
+
+    // Skip if it's excluded (validation messages, etc.)
+    if (this.configPatterns.credentials.exclude.some((pattern) => pattern.test(value))) {
+      return false;
+    }
+
+    // Skip validation messages and descriptions
+    if (this.isValidationMessage(value, context)) {
+      return false;
+    }
+
+    // Real credentials are usually:
+    // - Random strings with mix of chars: abc123XYZ789
+    // - Long alphanumeric: sk-1234567890abcdef
+    // - Base64 encoded: YWJjZGVmZ2hpams=
+    // - UUID format: 550e8400-e29b-41d4-a716-446655440000
+    const looksLikeRealCredential =
+      /^[a-zA-Z0-9+/]{32,}={0,2}$/.test(value) || // Base64
+      /^[a-f0-9]{32,}$/.test(value) || // Hex
+      /^[a-z]{2,4}-[a-zA-Z0-9]{20,}$/.test(value) || // Prefixed keys: sk-..., pk-...
+      /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value); // UUID
+
+    // Must be reasonably long and look like an actual credential value
+    return value.length >= 16 && looksLikeRealCredential && !this.looksLikeUIValue(value, context);
+  }
+
+  isEnvironmentDependentProperty(propertyName) {
+    // Skip UI/framework related property names
+    const uiPropertyPatterns = [
+      /^key[A-Z]/, // keyXxx (UI field keys)
+      /^field[A-Z]/, // fieldXxx
+      /^prop[A-Z]/, // propXxx
+      /^data[A-Z]/, // dataXxx
+      /CheckDisplay/, // UI display control keys
+      /InputPossible/, // UI input control keys
+      /Flag$/, // UI flags
+      /Class$/, // CSS classes
+      /^(disabled|readonly|active)Class$/i, // UI state classes
+    ];
+
+    if (uiPropertyPatterns.some((pattern) => pattern.test(propertyName))) {
+      return false;
+    }
+
+    // Properties that are likely to differ between environments
+    const envDependentProps = [
+      "baseurl",
+      "baseURL",
+      "host",
+      "hostname",
+      "server",
+      "apikey",
+      "api_key",
+      "secret",
+      "token",
+      "password",
+      "credential",
+      "database",
+      "db",
+      "connection",
+      "connectionstring",
+      "timeout", // Only long timeouts
+      "port", // Only non-standard ports
+      "authorization",
+      "auth",
+      "authentication", // Auth headers and codes
+      "apptoken",
+      "devicetoken",
+      "accesstoken",
+      "refreshtoken", // App tokens
+      "code",
+      "hash",
+      "signature",
+      "key", // Various security values
+      "clientsecret",
+      "clientid",
+      "sessionkey", // OAuth and session
+      "requestid",
+      "sessionid",
+      "transactionid",
+      "otp", // Request/session tracking
+    ];
+
+    const lowerName = propertyName.toLowerCase();
+    return envDependentProps.some((prop) => lowerName.includes(prop));
+  }
+
+  looksLikeEnvironmentConfig(propertyName, value) {
+    // Check if this property/value combination looks like environment config
+    const lowerPropertyName = propertyName.toLowerCase();
+
+    if (typeof value === "string") {
+      // Skip test data (common test passwords, etc.)
+      const testDataPatterns = [
+        /^(password123|test123|admin123|user123|wrongpassword|testpassword)$/i,
+        /^(test|mock|dummy|sample|example)/i,
+        /^\/(api|mock|test)/, // Test API paths
+        /^[a-z]+\d+$/i, // Simple test values like 'user1', 'test2'
+      ];
+
+      // Check if variable name suggests it's test/mock data
+      const isMockVariable = /^(mock|test|dummy|sample|fake|example)[A-Z]/i.test(propertyName);
+      if (isMockVariable) {
+        return false; // Skip mock variables even if they contain credentials
+      }
+
+      // Don't skip common test patterns if they appear in credential contexts
+      const isCredentialContext = /token|key|secret|auth|otp|code|password|credential/i.test(propertyName);
+
+      if (!isCredentialContext && testDataPatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+
+      // Skip object property paths and field names
+      const propertyPathPatterns = [
+        /^[a-zA-Z][a-zA-Z0-9]*(\[[0-9]+\])?\.[a-zA-Z][a-zA-Z0-9]*$/, // obj[0].prop, obj.prop
+        /^[a-zA-Z][a-zA-Z0-9]*\.[a-zA-Z][a-zA-Z0-9]*(\.[a-zA-Z][a-zA-Z0-9]*)*$/, // obj.prop.subprop
+        /^[a-zA-Z][a-zA-Z0-9]*(\[[0-9]+\])+$/, // obj[0], obj[0][1]
+        /^(key|field|prop|data)[A-Z]/, // keyXxx, fieldXxx, propXxx, dataXxx
+        /CheckDisplay|InputPossible|Flag$/i, // Common UI field patterns
+        /^exflg|^flg|Support$/i, // Business logic flags
+      ];
+
+      if (propertyPathPatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+
+      // Skip CSS classes and UI constants
+      const uiPatterns = [
+        /^bg-|text-|cursor-|border-|flex-|grid-/, // CSS classes
+        /^(disabled|readonly|active|inactive)$/i, // UI states
+        /class$/i, // className values
+      ];
+
+      if (uiPatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+
+      // Skip internal system identifiers (queue names, service names, route names)
+      const systemIdentifierPatterns = [
+        /-queue$/i, // Queue names
+        /-task$/i, // Task names
+        /-activity$/i, // Activity names
+        /-service$/i, // Service names
+        /-worker$/i, // Worker names
+        /^[A-Z_]+_QUEUE$/, // CONSTANT_QUEUE names
+        /^[A-Z_]+_TASK$/, // CONSTANT_TASK names
+        /^(register|login|logout|reset-password|verify|update)$/i, // Route names
+        /password|token/i && /invalid|expired|attempts|exceeded/i, // Error messages
+      ];
+
+      if (systemIdentifierPatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+
+      // Skip error messages and validation messages
+      const messagePatterns = [
+        /invalid|expired|exceeded|failed|error|success/i,
+        /attempts|required|missing|not found/i,
+        /^[A-Z][a-z\s]{10,}$/, // Sentence-like messages
+        /は|が|を|に|で|と/, // Japanese particles (UI text)
+        /情報|画面|ボタン|入力/, // Japanese UI terms
+      ];
+
+      if (messagePatterns.some((pattern) => pattern.test(value))) {
+        return false;
+      }
+
+      // URLs are environment-dependent
+      if (this.configPatterns.urls.regex.test(value)) {
+        return this.isEnvironmentDependentUrl(value);
+      }
+
+      // Credentials - but exclude test data
+      if (
+        lowerPropertyName.includes("key") ||
+        lowerPropertyName.includes("secret") ||
+        lowerPropertyName.includes("token") ||
+        lowerPropertyName.includes("password")
+      ) {
+        return value.length > 10; // Real secrets are usually longer
+      }
+
+      // Skip short endpoint names or simple strings
+      if (value.length < 10 && !value.includes(".") && !value.includes("/")) {
+        return false;
+      }
+    }
+
+    if (typeof value === "number") {
+      // Only flag environment-dependent numbers
+      return this.configPatterns.environmentNumbers.isEnvironmentDependent(value, propertyName);
+    }
+
+    return true;
+  }
+
+  isCommonConstant(value) {
+    // Common constants that are usually OK to hardcode
+    const commonConstants = [100, 200, 300, 400, 500, 1000, 2000, 3000, 5000, 8080, 3000];
+    return commonConstants.includes(value);
+  }
+
+  isConfigProperty(propertyName) {
+    const configProps = [
+      "url",
+      "endpoint",
+      "baseurl",
+      "apiurl",
+      "host",
+      "port",
+      "timeout",
+      "interval",
+      "delay",
+      "retry",
+      "retries",
+      "username",
+      "password",
+      "apikey",
+      "secret",
+      "token",
+      "database",
+      "connection",
+      "connectionstring",
+      "maxsize",
+      "batchsize",
+      "pagesize",
+      "limit",
+    ];
+
+    const lowerName = propertyName.toLowerCase();
+    return configProps.some((prop) => lowerName.includes(prop));
+  }
+
+  isConfigVariable(variableName) {
+    const configVars = [
+      "api",
+      "url",
+      "endpoint",
+      "host",
+      "port",
+      "timeout",
+      "interval",
+      "delay",
+      "retry",
+      "config",
+      "setting",
+      "constant",
+    ];
+
+    const lowerName = variableName.toLowerCase();
+    return configVars.some((var_) => lowerName.includes(var_));
+  }
+
+  looksLikeHardcodedConfig(name, value) {
+    // Skip obvious constants and UI values
+    if (typeof value === "string") {
+      if (value.length < 3) return false;
+      if (/^(ok|yes|no|true|false|success|error|info|warn)$/i.test(value)) return false;
+    }
+
+    if (typeof value === "number") {
+      if (this.isCommonConstant(value)) return false;
+    }
+
+    return true;
+  }
+
+  // Helper methods for specific configuration types
+  isTimeout(value, context) {
+    const lowerContext = context.toLowerCase();
+    return typeof value === "number" && value > 1000 && /timeout|delay|wait|duration/i.test(context);
+  }
+
+  isRetryInterval(value, context) {
+    const lowerContext = context.toLowerCase();
+    return typeof value === "number" && value > 100 && /retry|interval|backoff|attempt/i.test(context);
+  }
+
+  // Phase 1 extensions - Security & Infrastructure
+  isCorsOrigin(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Check if it's a URL pattern that matches CORS origin
+    const matchesPattern = this.configPatterns.security.corsOrigins.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+
+    if (!matchesPattern) return false;
+
+    // If context contains CORS-related keywords, it's definitely a CORS origin
+    if (this.configPatterns.security.corsOrigins.keywords.some((keyword) => lowerContext.includes(keyword))) {
+      return true;
+    }
+
+    // Also check variable name patterns for CORS/allowed origins
+    if (/cors|allowed.*origin|origin.*allowed/i.test(context)) {
+      return true;
+    }
+
+    return false;
+  }
+
+  isSessionConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    // Check keywords
+    if (
+      !this.configPatterns.security.sessionConfig.keywords.some((keyword) => lowerContext.includes(keyword))
+    ) {
+      return false;
+    }
+
+    // Check for time patterns
+    if (typeof value === "string") {
+      return this.configPatterns.security.sessionConfig.timePatterns.some((pattern) => pattern.test(value));
+    }
+
+    // Check for numeric values (seconds)
+    if (typeof value === "number" && value > 300) {
+      // > 5 minutes
+      return /session|jwt|token|expiry|expire/i.test(context);
+    }
+
+    return false;
+  }
+
+  isCacheConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (
+      !this.configPatterns.infrastructure.caching.keywords.some((keyword) => lowerContext.includes(keyword))
+    ) {
+      return false;
+    }
+
+    if (typeof value === "string") {
+      // Check for Redis prefixes
+      return this.configPatterns.infrastructure.caching.patterns.some((pattern) => pattern.test(value));
+    }
+
+    if (typeof value === "number" && value > 60) {
+      // TTL > 1 minute
+      return /cache|ttl|expire/i.test(context);
+    }
+
+    return false;
+  }
+
+  isLogLevel(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Check if value is a valid log level
+    const isValidLevel = this.configPatterns.infrastructure.logging.levels.includes(value.toLowerCase());
+    if (!isValidLevel) return false;
+
+    // Check if context suggests it's a log level configuration
+    return /log.*level|level.*log|^log_level$|^loglevel$/i.test(context);
+  }
+
+  isPerformanceConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 1) {
+      return false;
+    }
+
+    // Check for performance-related keywords in context
+    const hasKeyword = this.configPatterns.infrastructure.performance.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+
+    if (!hasKeyword) return false;
+
+    // Check for specific performance patterns
+    return this.configPatterns.infrastructure.performance.contextPatterns.some((pattern) =>
+      pattern.test(context)
+    );
+  }
+
+  isEnvironmentName(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Check if value is a known environment name
+    const isEnvName =
+      this.configPatterns.environments.names.includes(value.toLowerCase()) ||
+      this.configPatterns.environments.patterns.some((pattern) => pattern.test(value));
+
+    if (!isEnvName) return false;
+
+    // Check if context suggests it's environment configuration
+    return /environment|env|node_env|current.*env/i.test(context);
+  }
+
+  isServiceDependency(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    return (
+      this.configPatterns.services.keywords.some((keyword) => lowerContext.includes(keyword)) &&
+      this.configPatterns.services.patterns.some((pattern) => pattern.test(value))
+    );
+  }
+
+  isBatchSize(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    // Skip UI/display related sizes
+    if (/ui|display|view|page.*size|page.*limit|default.*page/i.test(context)) {
+      return false;
+    }
+
+    // Skip small values that are likely UI constants (pagination, etc.)
+    if (typeof value === "number" && value <= 50 && /page|size|limit/i.test(context)) {
+      return false;
+    }
+
+    // Only flag larger batch sizes for processing
+    return (
+      typeof value === "number" &&
+      value > 100 &&
+      /batch|chunk|buffer|pool|queue|processing/i.test(context) &&
+      !/ui|display|view|page/i.test(context)
+    );
+  }
+
+  isThreshold(value, context) {
+    const lowerContext = context.toLowerCase();
+    return (
+      typeof value === "number" &&
+      value > 0 &&
+      this.configPatterns.thresholds.contextPatterns.some((pattern) => pattern.test(context))
+    );
+  }
+
+  isFeatureFlag(context) {
+    const lowerContext = context.toLowerCase();
+    return (
+      this.configPatterns.featureFlags.keywords.some((keyword) => lowerContext.includes(keyword)) ||
+      this.configPatterns.featureFlags.patterns.some((pattern) => pattern.test(context))
+    );
+  }
+
+  // ============ Phase 2: Critical Configuration Helpers ============
+
+  // Database & Storage Configuration helpers
+  isDatabasePoolConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.database.poolConfig.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isQueryConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value === "number" && value > 1000) {
+      return this.configPatterns.database.queryConfig.patterns.some((pattern) => pattern.test(context));
+    }
+
+    if (typeof value === "string") {
+      return this.configPatterns.database.queryConfig.patterns.some((pattern) => pattern.test(context));
+    }
+
+    return false;
+  }
+
+  isSchemaName(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Check if it matches schema name patterns
+    const matchesPattern = this.configPatterns.database.schemaNames.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    // Check if context suggests it's a schema/table name
+    return this.configPatterns.database.schemaNames.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  // Security & Authentication (Extended) helpers
+  isTokenConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (
+      !this.configPatterns.securityExtended.tokenConfig.keywords.some((keyword) =>
+        lowerContext.includes(keyword)
+      )
+    ) {
+      return false;
+    }
+
+    if (typeof value === "string") {
+      return this.configPatterns.securityExtended.tokenConfig.patterns.some((pattern) => pattern.test(value));
+    }
+
+    if (typeof value === "number" && value > 300) {
+      return /expir|ttl|token|jwt/i.test(context);
+    }
+
+    return false;
+  }
+
+  isPasswordPolicy(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value === "number" && value > 0 && value < 128) {
+      return this.configPatterns.securityExtended.passwordPolicy.patterns.some((pattern) =>
+        pattern.test(context)
+      );
+    }
+
+    if (typeof value === "string") {
+      return this.configPatterns.securityExtended.passwordPolicy.patterns.some((pattern) =>
+        pattern.test(value)
+      );
+    }
+
+    return false;
+  }
+
+  isRateLimiting(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.securityExtended.rateLimiting.patterns.some((pattern) =>
+      pattern.test(context)
+    );
+  }
+
+  isEncryptionConfig(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.securityExtended.encryptionConfig.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.securityExtended.encryptionConfig.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isOAuthConfig(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.securityExtended.oauthConfig.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.securityExtended.oauthConfig.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  // File System & Paths helpers
+  isDirectory(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.fileSystem.directories.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.fileSystem.directories.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isFileLimit(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 1000) return false;
+
+    return this.configPatterns.fileSystem.fileLimits.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isFileType(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.fileSystem.fileTypes.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.fileSystem.fileTypes.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isLogPath(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    return this.configPatterns.fileSystem.logPaths.patterns.some((pattern) => pattern.test(value));
+  }
+
+  // ============ Phase 3: Important Configuration Helpers ============
+
+  // Network & Protocol Configuration helpers
+  isHttpConfig(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Check if it's an HTTP method
+    if (this.configPatterns.network.httpConfig.httpMethods.includes(value)) {
+      return /method|allowed|http/i.test(context);
+    }
+
+    // Check other HTTP patterns
+    return this.configPatterns.network.httpConfig.patterns.some((pattern) => pattern.test(value));
+  }
+
+  isNetworkTimeout(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 100) return false;
+
+    return this.configPatterns.network.timeouts.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isBufferConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 1024) return false;
+
+    return this.configPatterns.network.bufferConfig.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isKeepAliveConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value === "boolean") {
+      return /keepalive|keep.*alive/i.test(context);
+    }
+
+    if (typeof value === "number" && value > 0) {
+      return this.configPatterns.network.keepAlive.patterns.some((pattern) => pattern.test(context));
+    }
+
+    return false;
+  }
+
+  // Business Rules & Limits helpers
+  isPricing(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value === "number" && value > 0) {
+      // Check for price pattern (e.g., 49.99)
+      if (this.configPatterns.business.pricing.patterns.some((pattern) => pattern.test(value.toString()))) {
+        return this.configPatterns.business.pricing.keywords.some((keyword) =>
+          lowerContext.includes(keyword)
+        );
+      }
+    }
+
+    return false;
+  }
+
+  isQuota(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.business.quotas.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isDiscount(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number") return false;
+
+    // Check for decimal rate patterns
+    if (this.configPatterns.business.discounts.patterns.some((pattern) => pattern.test(value.toString()))) {
+      return this.configPatterns.business.discounts.keywords.some((keyword) =>
+        lowerContext.includes(keyword)
+      );
+    }
+
+    return false;
+  }
+
+  isTrial(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.business.trials.patterns.some((pattern) => pattern.test(context));
+  }
+
+  // Monitoring & Observability helpers
+  isMetricsConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.monitoring.metricsConfig.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isAlertThreshold(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number") return false;
+
+    return this.configPatterns.monitoring.alertThresholds.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isSamplingRate(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value < 0 || value > 1) return false;
+
+    return this.configPatterns.monitoring.samplingRates.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isHealthCheck(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.monitoring.healthChecks.patterns.some((pattern) => pattern.test(context));
+  }
+
+  // ============ Phase 4: Enhancement Configuration Helpers ============
+
+  // Message Queue & Event Configuration helpers
+  isQueueConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value === "number" && value > 0) {
+      return this.configPatterns.messageQueue.queueConfig.patterns.some((pattern) => pattern.test(context));
+    }
+
+    if (typeof value === "string") {
+      return (
+        this.configPatterns.messageQueue.queueNames.patterns.some((pattern) => pattern.test(value)) &&
+        this.configPatterns.messageQueue.queueNames.keywords.some((keyword) => lowerContext.includes(keyword))
+      );
+    }
+
+    return false;
+  }
+
+  isMessageTTL(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.messageQueue.messageTTL.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isConsumerConfig(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Skip CSS classes (Tailwind, Bootstrap, etc.)
+    // CSS classes typically have: spaces, dashes, colons, brackets
+    const cssIndicators = [
+      /\s+(flex|grid|block|inline|hidden|visible)/, // Layout utilities
+      /\s+(text|bg|border|rounded|shadow|p-|m-|w-|h-)/, // Common CSS utilities
+      /:\w+/, // Pseudo-classes like :hover, data-[...]
+      /\[[\w-]+\]/, // Attribute selectors
+      /(sm|md|lg|xl|2xl):/, // Responsive breakpoints
+    ];
+
+    if (cssIndicators.some((pattern) => pattern.test(value))) {
+      return false;
+    }
+
+    // Skip className/class attributes
+    if (/className|class\s*=/.test(context)) {
+      return false;
+    }
+
+    // Only detect if context has consumer/group/queue keywords
+    const hasConsumerContext = /consumer|queue|group|topic|subscription/i.test(context);
+    if (!hasConsumerContext) return false;
+
+    return this.configPatterns.messageQueue.consumerConfig.patterns.some((pattern) => pattern.test(context));
+  }
+
+  // Deployment & Infrastructure helpers
+  isResourceLimit(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.deployment.resourceLimits.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.deployment.resourceLimits.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isScalingConfig(value, context) {
+    const lowerContext = context.toLowerCase();
+
+    if (typeof value !== "number" || value <= 0) return false;
+
+    return this.configPatterns.deployment.scalingConfig.patterns.some((pattern) => pattern.test(context));
+  }
+
+  isRegionConfig(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.deployment.regionConfig.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.deployment.regionConfig.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isInstanceType(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.deployment.instanceTypes.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.deployment.instanceTypes.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  // Third-party Integration helpers
+  isWebhookURL(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Skip UI text/error messages - they're not webhook URLs!
+    const uiTextIndicators = [
+      /failed|error|success|warning/i,
+      /please|try again|invalid/i,
+      /\s{2,}/, // Multiple spaces (typical in messages)
+      value.length > 100, // Long text is likely a message
+    ];
+
+    if (uiTextIndicators.some((pattern) => (typeof pattern === "boolean" ? pattern : pattern.test(value)))) {
+      return false;
+    }
+
+    // Skip single words that aren't paths
+    if (!/[\/\.]/.test(value) && value.length < 20) {
+      // Single word like "Callback" is not a webhook URL
+      return false;
+    }
+
+    return (
+      this.configPatterns.integration.webhookURLs.patterns.some((pattern) => pattern.test(value)) ||
+      this.configPatterns.integration.webhookURLs.keywords.some((keyword) => lowerContext.includes(keyword))
+    );
+  }
+
+  isExternalService(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.integration.externalServices.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.integration.externalServices.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isApiVersion(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.integration.apiVersions.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.integration.apiVersions.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isChannelId(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.integration.channelIds.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.integration.channelIds.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  // Localization & Formatting helpers
+  isTimezone(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.localization.timezones.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.localization.timezones.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isDateFormat(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.localization.dateFormats.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.localization.dateFormats.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isCurrency(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.localization.currencies.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.localization.currencies.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isLocale(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.localization.locales.patterns.some((pattern) =>
+      pattern.test(value)
+    );
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.localization.locales.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+  }
+
+  isNumberFormat(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    return this.configPatterns.localization.numberFormats.patterns.some((pattern) => pattern.test(context));
+  }
+
+  // ============ Additional Critical Configuration Helpers ============
+
+  // Environment Variable Names (hardcoded)
+  isHardcodedEnvVar(value, context) {
+    if (typeof value !== "string") return false;
+
+    // Check if it's accessing process.env with hardcoded environment-specific name
+    // Look for patterns like: process.env.PROD_API_URL, process.env['DEV_DATABASE']
+    if (!context.includes("process.env")) return false;
+
+    // The value should be the environment variable name itself
+    return this.configPatterns.environmentVars.patterns.some((pattern) => pattern.test(value));
+  }
+
+  // Third-party Service IDs
+  isThirdPartyServiceId(value, context) {
+    if (typeof value !== "string") return false;
+
+    const { thirdPartyServices } = this.configPatterns;
+
+    // Check Stripe keys
+    if (thirdPartyServices.stripe.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    // Check Google Analytics IDs
+    if (thirdPartyServices.googleAnalytics.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    // Check Sentry DSN
+    if (thirdPartyServices.sentry.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    // Check Google Maps API Key
+    if (thirdPartyServices.googleMaps.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    // Check Firebase
+    if (thirdPartyServices.firebase.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    // Check AWS
+    if (thirdPartyServices.aws.patterns.some((p) => p.test(value))) {
+      return true;
+    }
+
+    return false;
+  }
+
+  // IP Addresses
+  isIPAddress(value, context) {
+    if (typeof value !== "string") return false;
+
+    const { ipAddresses } = this.configPatterns;
+
+    // Check if it matches IP pattern
+    const isIP = ipAddresses.patterns.some((pattern) => pattern.test(value));
+    if (!isIP) return false;
+
+    // Skip localhost and common development IPs
+    if (ipAddresses.privateRanges.some((range) => range.test(value))) {
+      // Only flag private IPs if in server/host context
+      return ipAddresses.keywords.some((keyword) => context.toLowerCase().includes(keyword));
+    }
+
+    return true;
+  }
+
+  // Internal Hostnames
+  isInternalHostname(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.hostnames.patterns.some((pattern) => pattern.test(value));
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.hostnames.keywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  // Cron Schedules
+  isCronSchedule(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.cronSchedules.patterns.some((pattern) => pattern.test(value));
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.cronSchedules.keywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  // Magic Numbers in Business Logic
+  isMagicNumber(value, context) {
+    if (typeof value !== "number") return false;
+
+    // Skip common constants
+    const commonConstants = [0, 1, 2];
+    if (commonConstants.includes(value)) return false;
+
+    // Skip HTTP status codes (200, 404, etc.)
+    if (value >= 100 && value < 600 && Number.isInteger(value)) {
+      // But allow decimal values like 0.1 (tax rate), 0.08 (VAT)
+      return false;
+    }
+
+    const lowerContext = context.toLowerCase();
+
+    // Check if it's in business logic context with specific keywords
+    const hasKeyword = this.configPatterns.magicNumbers.keywords.some((keyword) =>
+      lowerContext.includes(keyword)
+    );
+
+    if (!hasKeyword) return false;
+
+    // Additional check: look for business context patterns
+    const hasBusinessContext = this.configPatterns.magicNumbers.businessContexts.some((pattern) =>
+      pattern.test(context)
+    );
+
+    return hasBusinessContext;
+  }
+
+  // Email & SMS Templates
+  isMessageTemplate(value, context) {
+    if (typeof value !== "string") return false;
+    if (value.length < 10) return false;
+
+    const lowerValue = value.toLowerCase();
+    const lowerContext = context.toLowerCase();
+
+    // Skip error codes/enums (like "OAuthAccountNotLinked", "AccessDenied")
+    // These are constants, not templates!
+    if (/^[A-Z][a-zA-Z]+$/.test(value) && !value.includes(" ") && value.length < 30) {
+      return false;
+    }
+
+    // Skip short strings without template markers
+    if (value.length < 20 && !value.includes("{{") && !value.includes("${")) {
+      return false;
+    }
+
+    // Email subject/body - check both context AND value for keywords
+    const emailKeywordInContext = this.configPatterns.messageTemplates.email.keywords.some((k) =>
+      lowerContext.includes(k)
+    );
+    const emailKeywordInValue = ["welcome", "verify", "password", "reset", "order", "confirm"].some((k) =>
+      lowerValue.includes(k)
+    );
+
+    if (emailKeywordInContext || emailKeywordInValue) {
+      return this.configPatterns.messageTemplates.email.patterns.some((p) => p.test(value));
+    }
+
+    // SMS text - check for OTP, code, verification keywords
+    const smsKeywordInContext = this.configPatterns.messageTemplates.sms.keywords.some((k) =>
+      lowerContext.includes(k)
+    );
+    const smsKeywordInValue = ["otp", "code", "verification", "verify"].some((k) => lowerValue.includes(k));
+
+    if (smsKeywordInContext || smsKeywordInValue) {
+      return this.configPatterns.messageTemplates.sms.patterns.some((p) => p.test(value));
+    }
+
+    return false;
+  }
+
+  // Version Numbers
+  isVersionNumber(value, context) {
+    if (typeof value !== "string") return false;
+    const lowerContext = context.toLowerCase();
+
+    const matchesPattern = this.configPatterns.versions.patterns.some((pattern) => pattern.test(value));
+    if (!matchesPattern) return false;
+
+    return this.configPatterns.versions.keywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  // Default Pagination
+  isPaginationDefault(value, context) {
+    if (typeof value !== "number") return false;
+    const lowerContext = context.toLowerCase();
+
+    // Must be a common pagination value
+    if (!this.configPatterns.pagination.defaults.includes(value)) return false;
+
+    // Must be in pagination context
+    return this.configPatterns.pagination.keywords.some((keyword) => lowerContext.includes(keyword));
+  }
+
+  maskSensitiveValue(value) {
+    if (typeof value !== "string" || value.length <= 6) {
+      return value;
+    }
+
+    // Mask sensitive information but show some characters for context
+    const start = value.substring(0, 3);
+    const end = value.substring(value.length - 3);
+    const masked = "*".repeat(Math.min(value.length - 6, 10));
+    return `${start}${masked}${end}`;
+  }
+
+  createMessage(config) {
+    const baseMessage = "Configuration should not be hardcoded in source code.";
+
+    switch (config.type) {
+      case "api_url":
+        return `${baseMessage} API URL '${config.value}' should be managed through environment variables or configuration files.`;
+      case "credential":
+        return `${baseMessage} Credential '${config.value}' must be stored in secure environment variables or a secrets vault.`;
+      case "connection_string":
+        return `${baseMessage} Database connection string should be loaded from environment variables.`;
+      case "timeout":
+        return `${baseMessage} Timeout value ${config.value}ms may need to differ between environments.`;
+      case "retry_interval":
+        return `${baseMessage} Retry interval ${config.value}ms should be configurable per environment.`;
+      case "batch_size":
+        return `${baseMessage} Batch size ${config.value} may vary between development and production environments.`;
+      case "threshold":
+        return `${baseMessage} Threshold value ${config.value} should be environment-configurable.`;
+      case "feature_flag":
+        return `${baseMessage} Feature flag should be managed through a feature flag system or configuration.`;
+      case "cors_origin":
+        return `${baseMessage} CORS origin '${config.value}' should be loaded from environment configuration.`;
+      case "session_config":
+        return `${baseMessage} Session configuration '${config.value}' should be environment-dependent.`;
+      case "cache_config":
+        return `${baseMessage} Cache configuration '${config.value}' should be managed through environment settings.`;
+      case "log_level":
+        return `${baseMessage} Log level '${config.value}' should be configurable per environment.`;
+      case "environment_name":
+        return `${baseMessage} Environment name '${config.value}' should not be hardcoded, use environment detection.`;
+      case "service_dependency":
+        return `${baseMessage} Service URL '${config.value}' should use service discovery or configuration management.`;
+      case "performance_config":
+        return `${baseMessage} Performance setting ${config.value} should be tuned per environment capacity.`;
+
+      // Phase 2: Critical configurations
+      case "database_pool":
+        return `${baseMessage} Database pool size ${config.value} should be optimized per environment capacity.`;
+      case "query_config":
+        return `${baseMessage} Query configuration '${config.value}' should be environment-dependent.`;
+      case "schema_name":
+        return `${baseMessage} Database schema/table name '${config.value}' should be managed through configuration.`;
+      case "token_config":
+        return `${baseMessage} Token configuration '${config.value}' should be externalized for security.`;
+      case "password_policy":
+        return `${baseMessage} Password policy setting ${config.value} should be configurable per environment.`;
+      case "rate_limiting":
+        return `${baseMessage} Rate limit ${config.value} should vary by environment and tier.`;
+      case "encryption_config":
+        return `${baseMessage} Encryption algorithm '${config.value}' should be configurable for compliance requirements.`;
+      case "oauth_config":
+        return `${baseMessage} OAuth scope '${config.value}' should be managed through configuration.`;
+      case "directory":
+        return `${baseMessage} Directory path '${config.value}' should be environment-specific.`;
+      case "file_limit":
+        return `${baseMessage} File size limit ${config.value} bytes should be configurable per environment.`;
+      case "file_type":
+        return `${baseMessage} File type restriction '${config.value}' should be managed in configuration.`;
+      case "log_path":
+        return `${baseMessage} Log file path '${config.value}' should be environment-specific.`;
+
+      // Phase 3: Important configurations
+      case "http_config":
+        return `${baseMessage} HTTP configuration '${config.value}' should be externalized.`;
+      case "network_timeout":
+        return `${baseMessage} Network timeout ${config.value}ms should be tuned per environment.`;
+      case "buffer_config":
+        return `${baseMessage} Buffer size ${config.value} bytes should be configurable.`;
+      case "keepalive_config":
+        return `${baseMessage} Keep-alive setting ${config.value} should be environment-dependent.`;
+      case "pricing":
+        return `${baseMessage} Price ${config.value} should be managed in pricing configuration system.`;
+      case "quota":
+        return `${baseMessage} Quota limit ${config.value} should be configurable per plan/tier.`;
+      case "discount":
+        return `${baseMessage} Discount rate ${config.value} should be managed in pricing configuration.`;
+      case "trial":
+        return `${baseMessage} Trial period ${config.value} days should be configurable.`;
+      case "metrics_config":
+        return `${baseMessage} Metrics interval ${config.value} should be environment-dependent.`;
+      case "alert_threshold":
+        return `${baseMessage} Alert threshold ${config.value} should be tuned per environment.`;
+      case "sampling_rate":
+        return `${baseMessage} Sampling rate ${config.value} should be configurable for observability tuning.`;
+      case "health_check":
+        return `${baseMessage} Health check interval ${config.value} should be environment-specific.`;
+
+      // Phase 4: Enhancement configurations
+      case "queue_config":
+        return `${baseMessage} Queue configuration '${config.value}' should be externalized.`;
+      case "message_ttl":
+        return `${baseMessage} Message TTL ${config.value} should be configurable per environment.`;
+      case "consumer_config":
+        return `${baseMessage} Consumer configuration '${config.value}' should be managed externally.`;
+      case "resource_limit":
+        return `${baseMessage} Resource limit '${config.value}' should be environment-specific.`;
+      case "scaling_config":
+        return `${baseMessage} Scaling configuration ${config.value} should be tuned per environment.`;
+      case "region_config":
+        return `${baseMessage} Deployment region '${config.value}' should be determined at deployment time.`;
+      case "instance_type":
+        return `${baseMessage} Instance type '${config.value}' should be configurable per environment.`;
+      case "webhook_url":
+        return `${baseMessage} Webhook URL '${config.value}' should be environment-specific.`;
+      case "external_service":
+        return `${baseMessage} External service name '${config.value}' should be managed in configuration.`;
+      case "api_version":
+        return `${baseMessage} API version '${config.value}' should be configurable for version management.`;
+      case "channel_id":
+        return `${baseMessage} Channel ID '${config.value}' should be environment-dependent.`;
+      case "timezone":
+        return `${baseMessage} Timezone '${config.value}' should be user-configurable or environment-specific.`;
+      case "date_format":
+        return `${baseMessage} Date format '${config.value}' should be locale-configurable.`;
+      case "currency":
+        return `${baseMessage} Currency code '${config.value}' should be region-configurable.`;
+      case "locale":
+        return `${baseMessage} Locale '${config.value}' should be user-configurable.`;
+      case "number_format":
+        return `${baseMessage} Number format should be locale-configurable.`;
+
+      // Additional critical configurations
+      case "environment_var":
+        return `${baseMessage} Environment variable name '${config.value}' is hardcoded and environment-specific.`;
+      case "third_party_service":
+        return `${baseMessage} Third-party service ID/key '${config.value}' is hardcoded (security risk).`;
+      case "ip_address":
+        return `${baseMessage} IP address '${config.value}' is hardcoded.`;
+      case "hostname":
+        return `${baseMessage} Internal hostname '${config.value}' is hardcoded.`;
+      case "cron_schedule":
+        return `${baseMessage} Cron schedule '${config.value}' is hardcoded.`;
+      case "magic_number":
+        return `${baseMessage} Magic number '${config.value}' in business logic should be a named constant.`;
+      case "message_template":
+        return `${baseMessage} Message template is hardcoded (should be in template system).`;
+      case "version":
+        return `${baseMessage} Version number '${config.value}' is hardcoded.`;
+      case "pagination_default":
+        return `${baseMessage} Pagination default '${config.value}' is hardcoded.`;
+
+      case "property_config":
+        return `${baseMessage} Property '${config.propertyName}' contains value '${config.value}' that may differ between environments.`;
+      case "variable_config":
+        return `${baseMessage} Variable '${config.variableName}' contains value '${config.value}' that should be configurable.`;
+      default:
+        return `${baseMessage} Value '${config.value}' may need to differ between development, staging, and production environments.`;
+    }
+  }
+
+  getSuggestion(type) {
+    const suggestions = {
+      api_url: 'Use process.env.API_BASE_URL or config.get("api.baseUrl")',
+      credential: "Use process.env.API_KEY or secure vault (e.g., AWS Secrets Manager, Azure Key Vault)",
+      connection_string: "Use process.env.DATABASE_URL or connection configuration",
+      timeout: 'Use process.env.REQUEST_TIMEOUT or config.get("timeouts.request")',
+      retry_interval: 'Use process.env.RETRY_INTERVAL or config.get("retry.interval")',
+      batch_size: 'Use process.env.BATCH_SIZE or config.get("processing.batchSize")',
+      threshold: 'Use process.env.MEMORY_THRESHOLD or config.get("limits.memory")',
+      feature_flag:
+        'Use feature flag service (e.g., LaunchDarkly, ConfigCat) or config.get("features.enabled")',
+      cors_origin: 'Use process.env.CORS_ORIGINS or config.get("security.corsOrigins")',
+      session_config: 'Use process.env.JWT_EXPIRY or config.get("auth.sessionTimeout")',
+      cache_config: 'Use process.env.CACHE_TTL or config.get("cache.defaultTtl")',
+      log_level: 'Use process.env.LOG_LEVEL or config.get("logging.level")',
+      environment_name: "Use process.env.NODE_ENV or runtime environment detection",
+      service_dependency: 'Use service discovery or config.get("services.userService.url")',
+      performance_config: 'Use process.env.WORKER_THREADS or config.get("performance.workers")',
+
+      // Phase 2: Critical configurations
+      database_pool: 'Use process.env.DB_POOL_SIZE or config.get("database.poolSize")',
+      query_config: 'Use process.env.QUERY_TIMEOUT or config.get("database.queryTimeout")',
+      schema_name: 'Use process.env.TABLE_PREFIX or config.get("database.schemaName")',
+      token_config: 'Use process.env.TOKEN_EXPIRY or config.get("auth.tokenExpiry")',
+      password_policy: 'Use process.env.MIN_PASSWORD_LENGTH or config.get("security.passwordPolicy")',
+      rate_limiting: 'Use process.env.RATE_LIMIT or config.get("security.rateLimit")',
+      encryption_config: 'Use process.env.ENCRYPTION_ALGORITHM or config.get("security.encryption")',
+      oauth_config: 'Use process.env.OAUTH_SCOPES or config.get("oauth.scopes")',
+      directory: 'Use process.env.UPLOAD_DIR or config.get("storage.uploadDirectory")',
+      file_limit: 'Use process.env.MAX_FILE_SIZE or config.get("upload.maxFileSize")',
+      file_type: 'Use process.env.ALLOWED_FILE_TYPES or config.get("upload.allowedTypes")',
+      log_path: 'Use process.env.LOG_PATH or config.get("logging.filePath")',
+
+      // Phase 3: Important configurations
+      http_config: 'Use process.env.ALLOWED_METHODS or config.get("http.allowedMethods")',
+      network_timeout: 'Use process.env.CONNECT_TIMEOUT or config.get("network.timeout")',
+      buffer_config: 'Use process.env.BUFFER_SIZE or config.get("network.bufferSize")',
+      keepalive_config: 'Use process.env.KEEPALIVE_INTERVAL or config.get("network.keepAlive")',
+      pricing: 'Use pricing service or config.get("pricing.plans")',
+      quota: 'Use process.env.API_QUOTA or config.get("limits.quotas")',
+      discount: 'Use pricing service or config.get("pricing.discounts")',
+      trial: 'Use process.env.TRIAL_DAYS or config.get("subscription.trialPeriod")',
+      metrics_config: 'Use process.env.METRICS_INTERVAL or config.get("monitoring.metricsInterval")',
+      alert_threshold: 'Use process.env.ALERT_THRESHOLD or config.get("monitoring.alertThresholds")',
+      sampling_rate: 'Use process.env.TRACE_SAMPLING_RATE or config.get("observability.samplingRate")',
+      health_check: 'Use process.env.HEALTH_CHECK_INTERVAL or config.get("monitoring.healthCheck")',
+
+      // Phase 4: Enhancement configurations
+      queue_config: 'Use process.env.QUEUE_SIZE or config.get("messaging.queueSize")',
+      message_ttl: 'Use process.env.MESSAGE_TTL or config.get("messaging.messageTtl")',
+      consumer_config: 'Use process.env.CONSUMER_GROUP or config.get("messaging.consumerGroup")',
+      resource_limit: 'Use Kubernetes limits or config.get("deployment.resources")',
+      scaling_config: 'Use process.env.MIN_REPLICAS or config.get("deployment.autoscaling")',
+      region_config: 'Use deployment configuration or config.get("infrastructure.region")',
+      instance_type: 'Use deployment configuration or config.get("infrastructure.instanceType")',
+      webhook_url: 'Use process.env.WEBHOOK_URL or config.get("integrations.webhookUrl")',
+      external_service: 'Use process.env.PAYMENT_PROVIDER or config.get("integrations.provider")',
+      api_version: 'Use process.env.API_VERSION or config.get("integrations.apiVersion")',
+      channel_id: 'Use process.env.SLACK_CHANNEL or config.get("notifications.channel")',
+      timezone: 'Use process.env.TZ or config.get("localization.timezone")',
+      date_format: 'Use config.get("localization.dateFormat") or user preferences',
+      currency: 'Use config.get("localization.currency") or user/region preferences',
+      locale: 'Use process.env.LOCALE or config.get("localization.locale")',
+      number_format: 'Use config.get("localization.numberFormat") or locale-based formatting',
+
+      // Additional critical configurations
+      environment_var: "Use environment-agnostic names with NODE_ENV detection or config service",
+      third_party_service: "Use AWS Secrets Manager, Azure Key Vault, or .env with git-ignored secrets",
+      ip_address: 'Use service discovery (Consul, Kubernetes DNS) or config.get("services.host")',
+      hostname: 'Use service discovery or config.get("services.internalHostname")',
+      cron_schedule: 'Use process.env.CRON_SCHEDULE or config.get("scheduler.cron")',
+      magic_number: "Define as const BUSINESS_CONSTANT = value in constants file",
+      message_template: 'Use template management (i18n, email service) or config.get("templates.email")',
+      version: "Use package.json version or build-time injection (webpack.DefinePlugin)",
+      pagination_default: 'Use config.get("api.defaultPageSize") or API configuration',
+
+      property_config: "Move to centralized configuration (config.ts, application.properties, or .env)",
+      variable_config: "Use environment variables or configuration service",
+      config_key: "Define configuration keys as constants in a dedicated config module",
+    };
+
+    return (
+      suggestions[type] ||
+      "Move to environment variables, config files, or centralized configuration management"
+    );
+  }
+}
+
+module.exports = C067SymbolBasedAnalyzer;