agentic-loop 1.0.0

package/dist/checks/check-magic-numbers.js

@@ -0,0 +1,116 @@
+/**
+ * Check for magic numbers that should be named constants
+ */
+// Numbers that are commonly acceptable and don't need constants
+const ACCEPTABLE_NUMBERS = new Set([
+    -1, 0, 1, 2, 10, 100, 1000,
+    // Common time values
+    60, 1000, 3600, 86400,
+    // Array/string indices
+    0, 1, 2,
+]);
+// Contexts where magic numbers are acceptable
+const ACCEPTABLE_CONTEXTS = [
+    /\.length\s*[<>=!]/, // array length comparisons
+    /\[\s*\d+\s*\]/, // array indexing
+    /slice\s*\(\s*\d+/, // slice operations
+    /substring\s*\(\s*\d+/, // substring operations
+    /repeat\s*\(\s*\d+/, // repeat operations
+    /^\s*(?:return|throw)\s+\d+/, // return/throw numeric values
+    /port\s*[:=]/i, // port numbers
+    /\.toFixed\s*\(\s*\d+/, // decimal places
+    /Math\./, // Math operations
+    /parseInt|parseFloat/, // parsing functions
+    /0x[0-9a-fA-F]+/, // hex numbers (color codes, etc.)
+    /rgba?\s*\(/, // CSS colors
+    /version/i, // version numbers
+    /new Date\(/, // date constructors
+    /setTimeout|setInterval/, // timer functions (often have inline ms)
+    /padding|margin|width|height/i, // CSS-related
+];
+// Paths that indicate frontend component files (skip these)
+const FRONTEND_PATH_PATTERNS = [
+    /\/components\//i,
+    /\/pages\//i,
+    /\/views\//i,
+    /\/layouts\//i,
+    /\/ui\//i,
+    /\.styled\./i,
+    /\.styles\./i,
+];
+export const checkMagicNumbers = {
+    id: 'magic-numbers',
+    name: 'Check Magic Numbers',
+    description: 'Detect magic numbers that should be named constants',
+    severity: 'warning',
+    // Skip JSX/TSX - too many false positives with CSS values
+    fileTypes: ['js', 'ts', 'mjs', 'cjs', 'py'],
+    check(context) {
+        const results = [];
+        // Skip frontend component files even if they're .js/.ts
+        if (FRONTEND_PATH_PATTERNS.some((pattern) => pattern.test(context.filePath))) {
+            return results;
+        }
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (isCommentLine(line, context.extension)) {
+                continue;
+            }
+            // Skip constant/variable declarations with descriptive names
+            if (isConstantDeclaration(line)) {
+                continue;
+            }
+            // Find all numbers in the line
+            const numberMatches = line.matchAll(/(?<![a-zA-Z_])(-?\d+(?:\.\d+)?)\b/g);
+            for (const match of numberMatches) {
+                const numStr = match[1];
+                const num = parseFloat(numStr);
+                // Skip acceptable numbers
+                if (ACCEPTABLE_NUMBERS.has(num)) {
+                    continue;
+                }
+                // Skip if in acceptable context
+                if (ACCEPTABLE_CONTEXTS.some((pattern) => pattern.test(line))) {
+                    continue;
+                }
+                // Skip very small numbers (likely not magic)
+                if (num >= -10 && num <= 10 && Number.isInteger(num)) {
+                    continue;
+                }
+                results.push({
+                    line: lineNum,
+                    column: match.index || 0,
+                    message: `Magic number ${numStr} - consider using a named constant`,
+                    severity: 'warning',
+                    ruleId: 'magic-numbers/unnamed',
+                });
+            }
+        }
+        return results;
+    },
+};
+function isCommentLine(line, extension) {
+    const trimmed = line.trim();
+    if (['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs'].includes(extension)) {
+        return trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+    }
+    if (['py', 'pyw'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    return false;
+}
+function isConstantDeclaration(line) {
+    // JavaScript/TypeScript const with UPPER_CASE name
+    if (/const\s+[A-Z][A-Z0-9_]+\s*=/.test(line)) {
+        return true;
+    }
+    // Python uppercase variable (convention for constants)
+    if (/^[A-Z][A-Z0-9_]+\s*=/.test(line.trim())) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=check-magic-numbers.js.map

package/dist/checks/check-magic-numbers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-magic-numbers.js","sourceRoot":"","sources":["../../src/checks/check-magic-numbers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,gEAAgE;AAChE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI;IAC1B,qBAAqB;IACrB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK;IACrB,uBAAuB;IACvB,CAAC,EAAE,CAAC,EAAE,CAAC;CACR,CAAC,CAAC;AAEH,8CAA8C;AAC9C,MAAM,mBAAmB,GAAG;IAC1B,mBAAmB,EAAY,2BAA2B;IAC1D,eAAe,EAAgB,iBAAiB;IAChD,kBAAkB,EAAa,mBAAmB;IAClD,sBAAsB,EAAS,uBAAuB;IACtD,mBAAmB,EAAY,oBAAoB;IACnD,4BAA4B,EAAG,8BAA8B;IAC7D,cAAc,EAAiB,eAAe;IAC9C,sBAAsB,EAAS,iBAAiB;IAChD,QAAQ,EAAuB,kBAAkB;IACjD,qBAAqB,EAAU,oBAAoB;IACnD,gBAAgB,EAAc,kCAAkC;IAChE,YAAY,EAAmB,aAAa;IAC5C,UAAU,EAAqB,kBAAkB;IACjD,YAAY,EAAmB,oBAAoB;IACnD,wBAAwB,EAAO,yCAAyC;IACxE,8BAA8B,EAAE,cAAc;CAC/C,CAAC;AAEF,4DAA4D;AAC5D,MAAM,sBAAsB,GAAG;IAC7B,iBAAiB;IACjB,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,SAAS;IACT,aAAa;IACb,aAAa;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAS;IACrC,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,qDAAqD;IAClE,QAAQ,EAAE,SAAS;IACnB,0DAA0D;IAC1D,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC;IAE3C,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,wDAAwD;QACxD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC7E,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,6DAA6D;YAC7D,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,oCAAoC,CAAC,CAAC;YAE1E,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBAE/B,0BAA0B;gBAC1B,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC9D,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,GAAG,IAAI,CAAC,EAAE,IAAI,GAAG,IAAI,EAAE,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;oBACxB,OAAO,EAAE,gBAAgB,MAAM,oCAAoC;oBACnE,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,uBAAuB;iBAChC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,IAAY,EAAE,SAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,mDAAmD;IACnD,IAAI,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/checks/check-secrets.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for hardcoded secrets, API keys, and tokens
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkSecrets: Hook;
+//# sourceMappingURL=check-secrets.d.ts.map

package/dist/checks/check-secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-secrets.d.ts","sourceRoot":"","sources":["../../src/checks/check-secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAGvE,eAAO,MAAM,YAAY,EAAE,IAkI1B,CAAC"}

package/dist/checks/check-secrets.js

@@ -0,0 +1,138 @@
+/**
+ * Check for hardcoded secrets, API keys, and tokens
+ */
+import { SECRET_PATTERNS, isPlaceholder } from '../utils/patterns.js';
+export const checkSecrets = {
+    id: 'secrets',
+    name: 'Check Secrets',
+    description: 'Detect hardcoded API keys, passwords, and tokens',
+    severity: 'error',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'py', 'json', 'yaml', 'yml', 'toml', 'env'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (isCommentLine(line, context.extension)) {
+                continue;
+            }
+            // AWS Access Key
+            const awsMatch = line.match(SECRET_PATTERNS.awsAccessKey);
+            if (awsMatch && !isPlaceholder(awsMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(awsMatch[0]),
+                    message: 'Possible AWS Access Key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/aws-key',
+                });
+            }
+            // Stripe Key
+            const stripeMatch = line.match(SECRET_PATTERNS.stripeKey);
+            if (stripeMatch && !isPlaceholder(stripeMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(stripeMatch[0]),
+                    message: 'Stripe API key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/stripe-key',
+                });
+            }
+            // GitHub Token
+            const githubMatch = line.match(SECRET_PATTERNS.githubToken);
+            if (githubMatch && !isPlaceholder(githubMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(githubMatch[0]),
+                    message: 'GitHub token detected',
+                    severity: 'error',
+                    ruleId: 'secrets/github-token',
+                });
+            }
+            // Slack Token
+            const slackMatch = line.match(SECRET_PATTERNS.slackToken);
+            if (slackMatch && !isPlaceholder(slackMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(slackMatch[0]),
+                    message: 'Slack token detected',
+                    severity: 'error',
+                    ruleId: 'secrets/slack-token',
+                });
+            }
+            // SendGrid Key
+            const sendgridMatch = line.match(SECRET_PATTERNS.sendgridKey);
+            if (sendgridMatch && !isPlaceholder(sendgridMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(sendgridMatch[0]),
+                    message: 'SendGrid API key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/sendgrid-key',
+                });
+            }
+            // Private Key
+            if (SECRET_PATTERNS.privateKey.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: 0,
+                    message: 'Private key detected - never commit private keys',
+                    severity: 'error',
+                    ruleId: 'secrets/private-key',
+                });
+            }
+            // Generic API key patterns
+            const genericApiMatch = line.match(SECRET_PATTERNS.genericApiKey);
+            if (genericApiMatch && !isPlaceholder(genericApiMatch[0])) {
+                // Only flag if it looks like a real key (long enough, not a placeholder)
+                const value = genericApiMatch[0];
+                if (value.length > 30) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(value),
+                        message: 'Possible hardcoded API key - use environment variables',
+                        severity: 'error',
+                        ruleId: 'secrets/generic-api-key',
+                    });
+                }
+            }
+            // Generic secrets (password, token, etc.)
+            const secretMatch = line.match(SECRET_PATTERNS.genericSecret);
+            if (secretMatch && !isPlaceholder(secretMatch[0])) {
+                // Skip obvious non-secrets
+                const value = secretMatch[0].toLowerCase();
+                if (!value.includes('password:') && // Not a type annotation
+                    !value.includes('password =') && // Assignment with placeholder
+                    value.length > 20) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(secretMatch[0]),
+                        message: 'Possible hardcoded secret - use environment variables',
+                        severity: 'warning',
+                        ruleId: 'secrets/generic-secret',
+                    });
+                }
+            }
+        }
+        return results;
+    },
+};
+function isCommentLine(line, extension) {
+    const trimmed = line.trim();
+    // JavaScript/TypeScript style comments
+    if (['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs'].includes(extension)) {
+        return trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+    }
+    // Python style comments
+    if (['py', 'pyw'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    // YAML style comments
+    if (['yaml', 'yml'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    return false;
+}
+//# sourceMappingURL=check-secrets.js.map

package/dist/checks/check-secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-secrets.js","sourceRoot":"","sources":["../../src/checks/check-secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEtE,MAAM,CAAC,MAAM,YAAY,GAAS;IAChC,EAAE,EAAE,SAAS;IACb,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE,kDAAkD;IAC/D,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IAE/F,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,iBAAiB;YACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;YAC1D,IAAI,QAAQ,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACjC,OAAO,EAAE,kCAAkC;oBAC3C,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,iBAAiB;iBAC1B,CAAC,CAAC;YACL,CAAC;YAED,aAAa;YACb,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpC,OAAO,EAAE,yBAAyB;oBAClC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;YACL,CAAC;YAED,eAAe;YACf,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAC5D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpC,OAAO,EAAE,uBAAuB;oBAChC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;YACL,CAAC;YAED,cAAc;YACd,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;YAC1D,IAAI,UAAU,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;oBACnC,OAAO,EAAE,sBAAsB;oBAC/B,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,qBAAqB;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,eAAe;YACf,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAC9D,IAAI,aAAa,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;oBACtC,OAAO,EAAE,2BAA2B;oBACpC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;YACL,CAAC;YAED,cAAc;YACd,IAAI,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,kDAAkD;oBAC3D,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,qBAAqB;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;YAClE,IAAI,eAAe,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,yEAAyE;gBACzE,MAAM,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBACjC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBACtB,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;wBAC3B,OAAO,EAAE,wDAAwD;wBACjE,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,yBAAyB;qBAClC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,0CAA0C;YAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;YAC9D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,2BAA2B;gBAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3C,IACE,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,wBAAwB;oBACxD,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,8BAA8B;oBAC/D,KAAK,CAAC,MAAM,GAAG,EAAE,EACjB,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;wBACpC,OAAO,EAAE,uDAAuD;wBAChE,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,wBAAwB;qBACjC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,IAAY,EAAE,SAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,uCAAuC;IACvC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/checks/check-snake-case-ts.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for snake_case property names in TypeScript interfaces/types
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkSnakeCaseTs: Hook;
+//# sourceMappingURL=check-snake-case-ts.d.ts.map

package/dist/checks/check-snake-case-ts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-snake-case-ts.d.ts","sourceRoot":"","sources":["../../src/checks/check-snake-case-ts.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAEvE,eAAO,MAAM,gBAAgB,EAAE,IAmF9B,CAAC"}

package/dist/checks/check-snake-case-ts.js

@@ -0,0 +1,78 @@
+/**
+ * Check for snake_case property names in TypeScript interfaces/types
+ */
+export const checkSnakeCaseTs = {
+    id: 'snake-case',
+    name: 'Check Snake Case',
+    description: 'Detect snake_case properties in TypeScript that should be camelCase',
+    severity: 'warning',
+    fileTypes: ['ts', 'tsx', 'mts', 'cts'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        // Track if we're inside an interface or type definition
+        let inInterfaceOrType = false;
+        let braceDepth = 0;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
+                continue;
+            }
+            // Detect interface or type start
+            if (/^\s*(?:export\s+)?(?:interface|type)\s+\w+/.test(line)) {
+                inInterfaceOrType = true;
+                braceDepth = 0;
+            }
+            // Track brace depth
+            const openBraces = (line.match(/\{/g) || []).length;
+            const closeBraces = (line.match(/\}/g) || []).length;
+            if (inInterfaceOrType) {
+                braceDepth += openBraces - closeBraces;
+                // Check for snake_case properties
+                // Match property names in interface/type definitions
+                const propertyMatch = line.match(/^\s*['"]?([a-z][a-z0-9]*(?:_[a-z0-9]+)+)['"]?\s*[?]?\s*:/);
+                if (propertyMatch) {
+                    const propertyName = propertyMatch[1];
+                    const suggestedName = toCamelCase(propertyName);
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(propertyName),
+                        message: `Property "${propertyName}" uses snake_case - consider using camelCase "${suggestedName}"`,
+                        severity: 'warning',
+                        ruleId: 'snake-case/property',
+                        fix: suggestedName,
+                    });
+                }
+                // End of interface/type
+                if (braceDepth <= 0 && closeBraces > 0) {
+                    inInterfaceOrType = false;
+                }
+            }
+            // Also check for snake_case in object destructuring from API responses
+            // This is a common issue when copying from API response types
+            const destructMatch = line.match(/const\s*\{\s*([^}]+)\s*\}\s*=/);
+            if (destructMatch) {
+                const props = destructMatch[1].split(',');
+                for (const prop of props) {
+                    const propName = prop.trim().split(':')[0].trim();
+                    if (/^[a-z][a-z0-9]*(?:_[a-z0-9]+)+$/.test(propName)) {
+                        results.push({
+                            line: lineNum,
+                            column: line.indexOf(propName),
+                            message: `Destructured property "${propName}" uses snake_case - API response may need transformation`,
+                            severity: 'info',
+                            ruleId: 'snake-case/destructure',
+                        });
+                    }
+                }
+            }
+        }
+        return results;
+    },
+};
+function toCamelCase(snakeCase) {
+    return snakeCase.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
+}
+//# sourceMappingURL=check-snake-case-ts.js.map

package/dist/checks/check-snake-case-ts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-snake-case-ts.js","sourceRoot":"","sources":["../../src/checks/check-snake-case-ts.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAS;IACpC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,qEAAqE;IAClF,QAAQ,EAAE,SAAS;IACnB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IAEtC,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,wDAAwD;QACxD,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,iCAAiC;YACjC,IAAI,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5D,iBAAiB,GAAG,IAAI,CAAC;gBACzB,UAAU,GAAG,CAAC,CAAC;YACjB,CAAC;YAED,oBAAoB;YACpB,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YACpD,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAErD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,UAAU,IAAI,UAAU,GAAG,WAAW,CAAC;gBAEvC,kCAAkC;gBAClC,qDAAqD;gBACrD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAE7F,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;oBAEhD,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;wBAClC,OAAO,EAAE,aAAa,YAAY,iDAAiD,aAAa,GAAG;wBACnG,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,qBAAqB;wBAC7B,GAAG,EAAE,aAAa;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAED,wBAAwB;gBACxB,IAAI,UAAU,IAAI,CAAC,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACvC,iBAAiB,GAAG,KAAK,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,8DAA8D;YAC9D,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAClE,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACrD,OAAO,CAAC,IAAI,CAAC;4BACX,IAAI,EAAE,OAAO;4BACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;4BAC9B,OAAO,EAAE,0BAA0B,QAAQ,0DAA0D;4BACrG,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,wBAAwB;yBACjC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,WAAW,CAAC,SAAiB;IACpC,OAAO,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAC7E,CAAC"}

package/dist/checks/check-todo-fixme.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for TODO/FIXME comments that indicate incomplete work
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkTodoFixme: Hook;
+//# sourceMappingURL=check-todo-fixme.d.ts.map

package/dist/checks/check-todo-fixme.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-todo-fixme.d.ts","sourceRoot":"","sources":["../../src/checks/check-todo-fixme.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAKvE,eAAO,MAAM,cAAc,EAAE,IAwC5B,CAAC"}

package/dist/checks/check-todo-fixme.js

@@ -0,0 +1,41 @@
+/**
+ * Check for TODO/FIXME comments that indicate incomplete work
+ */
+// Patterns to match TODO/FIXME comments
+const TODO_PATTERN = /\b(TODO|FIXME|XXX|HACK|BUG|OPTIMIZE)\b[:\s]*(.*)/i;
+export const checkTodoFixme = {
+    id: 'todo',
+    name: 'Check TODO/FIXME',
+    description: 'Detect TODO, FIXME, and other incomplete work markers',
+    severity: 'info',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'py', 'html', 'css'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            const match = line.match(TODO_PATTERN);
+            if (match) {
+                const type = match[1].toUpperCase();
+                const description = match[2]?.trim() || '';
+                // Determine severity based on type
+                let severity = 'info';
+                if (type === 'FIXME' || type === 'BUG') {
+                    severity = 'warning';
+                }
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(match[0]),
+                    message: description
+                        ? `${type}: ${description}`
+                        : `${type} marker without description`,
+                    severity,
+                    ruleId: `todo/${type.toLowerCase()}`,
+                });
+            }
+        }
+        return results;
+    },
+};
+//# sourceMappingURL=check-todo-fixme.js.map

package/dist/checks/check-todo-fixme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-todo-fixme.js","sourceRoot":"","sources":["../../src/checks/check-todo-fixme.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,wCAAwC;AACxC,MAAM,YAAY,GAAG,mDAAmD,CAAC;AAEzE,MAAM,CAAC,MAAM,cAAc,GAAS;IAClC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,uDAAuD;IACpE,QAAQ,EAAE,MAAM;IAChB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC;IAExE,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;gBAE3C,mCAAmC;gBACnC,IAAI,QAAQ,GAAuB,MAAM,CAAC;gBAC1C,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACvC,QAAQ,GAAG,SAAS,CAAC;gBACvB,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9B,OAAO,EAAE,WAAW;wBAClB,CAAC,CAAC,GAAG,IAAI,KAAK,WAAW,EAAE;wBAC3B,CAAC,CAAC,GAAG,IAAI,6BAA6B;oBACxC,QAAQ;oBACR,MAAM,EAAE,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC"}

package/dist/checks/check-unsafe-html.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for unsafe HTML/DOM manipulation that could lead to XSS
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkUnsafeHtml: Hook;
+//# sourceMappingURL=check-unsafe-html.d.ts.map

package/dist/checks/check-unsafe-html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-unsafe-html.d.ts","sourceRoot":"","sources":["../../src/checks/check-unsafe-html.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAEvE,eAAO,MAAM,eAAe,EAAE,IA6G7B,CAAC"}

package/dist/checks/check-unsafe-html.js

@@ -0,0 +1,101 @@
+/**
+ * Check for unsafe HTML/DOM manipulation that could lead to XSS
+ */
+export const checkUnsafeHtml = {
+    id: 'unsafe-html',
+    name: 'Check Unsafe HTML',
+    description: 'Detect unsafe innerHTML/DOM manipulation that could lead to XSS',
+    severity: 'error',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'html'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
+                continue;
+            }
+            // Check for innerHTML assignment
+            if (/\.innerHTML\s*=/.test(line)) {
+                // Check if it's a static string (less dangerous)
+                const isStaticString = /\.innerHTML\s*=\s*['"`][^'"`]*['"`]\s*;?\s*$/.test(line);
+                if (!isStaticString) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf('innerHTML'),
+                        message: 'Unsafe innerHTML assignment - use textContent or sanitize input',
+                        severity: 'error',
+                        ruleId: 'unsafe-html/innerHTML',
+                    });
+                }
+            }
+            // Check for outerHTML assignment
+            if (/\.outerHTML\s*=/.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf('outerHTML'),
+                    message: 'Unsafe outerHTML assignment - consider safer alternatives',
+                    severity: 'error',
+                    ruleId: 'unsafe-html/outerHTML',
+                });
+            }
+            // Check for document.write
+            if (/document\.write\s*\(/.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf('document.write'),
+                    message: 'document.write() is unsafe - use DOM manipulation instead',
+                    severity: 'error',
+                    ruleId: 'unsafe-html/document-write',
+                });
+            }
+            // Check for insertAdjacentHTML with non-static content
+            if (/\.insertAdjacentHTML\s*\([^,]+,/.test(line)) {
+                const isStaticString = /\.insertAdjacentHTML\s*\([^,]+,\s*['"`][^'"`]*['"`]\s*\)/.test(line);
+                if (!isStaticString) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf('insertAdjacentHTML'),
+                        message: 'Unsafe insertAdjacentHTML - sanitize input before insertion',
+                        severity: 'warning',
+                        ruleId: 'unsafe-html/insertAdjacentHTML',
+                    });
+                }
+            }
+            // Check for dangerouslySetInnerHTML in React
+            if (/dangerouslySetInnerHTML\s*=/.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf('dangerouslySetInnerHTML'),
+                    message: 'dangerouslySetInnerHTML requires careful sanitization',
+                    severity: 'warning',
+                    ruleId: 'unsafe-html/react-dangerously',
+                });
+            }
+            // Check for eval
+            if (/\beval\s*\(/.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf('eval'),
+                    message: 'eval() is unsafe - avoid using eval with dynamic content',
+                    severity: 'error',
+                    ruleId: 'unsafe-html/eval',
+                });
+            }
+            // Check for Function constructor with dynamic content
+            if (/new\s+Function\s*\(/.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf('Function'),
+                    message: 'new Function() with dynamic content is similar to eval()',
+                    severity: 'warning',
+                    ruleId: 'unsafe-html/function-constructor',
+                });
+            }
+        }
+        return results;
+    },
+};
+//# sourceMappingURL=check-unsafe-html.js.map

package/dist/checks/check-unsafe-html.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-unsafe-html.js","sourceRoot":"","sources":["../../src/checks/check-unsafe-html.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,iEAAiE;IAC9E,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC;IAE3D,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,iCAAiC;YACjC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,iDAAiD;gBACjD,MAAM,cAAc,GAAG,8CAA8C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEjF,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;wBACjC,OAAO,EAAE,iEAAiE;wBAC1E,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,uBAAuB;qBAChC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;oBACjC,OAAO,EAAE,2DAA2D;oBACpE,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,uBAAuB;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;oBACtC,OAAO,EAAE,2DAA2D;oBACpE,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,4BAA4B;iBACrC,CAAC,CAAC;YACL,CAAC;YAED,uDAAuD;YACvD,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,MAAM,cAAc,GAAG,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAE7F,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC;wBAC1C,OAAO,EAAE,6DAA6D;wBACtE,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,gCAAgC;qBACzC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,6CAA6C;YAC7C,IAAI,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,yBAAyB,CAAC;oBAC/C,OAAO,EAAE,uDAAuD;oBAChE,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,+BAA+B;iBACxC,CAAC,CAAC;YACL,CAAC;YAED,iBAAiB;YACjB,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;oBAC5B,OAAO,EAAE,0DAA0D;oBACnE,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,kBAAkB;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,sDAAsD;YACtD,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;oBAChC,OAAO,EAAE,0DAA0D;oBACnE,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,kCAAkC;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC"}

package/dist/checks/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Hook registry - exports all available hooks
+ */
+import type { Hook } from '../utils/types.js';
+import { checkSecrets } from './check-secrets.js';
+import { checkHardcodedUrls } from './check-hardcoded-urls.js';
+import { checkDebugStatements } from './check-debug-statements.js';
+import { checkTodoFixme } from './check-todo-fixme.js';
+import { checkEmptyCatch } from './check-empty-catch.js';
+import { checkDryViolations } from './check-dry-violations.js';
+import { checkMagicNumbers } from './check-magic-numbers.js';
+import { checkFunctionLength } from './check-function-length.js';
+import { checkCommentedCode } from './check-commented-code.js';
+import { checkDeepNesting } from './check-deep-nesting.js';
+import { checkConsoleError } from './check-console-error.js';
+import { checkAnyTypes } from './check-any-types.js';
+import { checkSnakeCaseTs } from './check-snake-case-ts.js';
+import { checkUnsafeHtml } from './check-unsafe-html.js';
+import { checkDockerPlatform } from './check-docker-platform.js';
+import { checkHardcodedAiModels } from './check-hardcoded-ai-models.js';
+/** All available hooks */
+export declare const hooks: Hook[];
+/** Get a hook by its ID */
+export declare function getHook(id: string): Hook | undefined;
+/** Get hooks filtered by file extension */
+export declare function getHooksForFile(extension: string): Hook[];
+/** Get all hook IDs */
+export declare function getHookIds(): string[];
+export { checkSecrets, checkHardcodedUrls, checkDebugStatements, checkTodoFixme, checkEmptyCatch, checkDryViolations, checkMagicNumbers, checkFunctionLength, checkCommentedCode, checkDeepNesting, checkConsoleError, checkAnyTypes, checkSnakeCaseTs, checkUnsafeHtml, checkDockerPlatform, checkHardcodedAiModels, };
+//# sourceMappingURL=index.d.ts.map

package/dist/checks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/checks/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,0BAA0B;AAC1B,eAAO,MAAM,KAAK,EAAE,IAAI,EAwBvB,CAAC;AAEF,2BAA2B;AAC3B,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAEpD;AAED,2CAA2C;AAC3C,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,EAAE,CAEzD;AAED,uBAAuB;AACvB,wBAAgB,UAAU,IAAI,MAAM,EAAE,CAErC;AAED,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,sBAAsB,GACvB,CAAC"}