al-sem 0.0.1

package/src/detectors/d20-unreachable-after-exit.ts

@@ -0,0 +1,92 @@
+import type { CombinedGraph } from "../engine/combined-graph.ts";
+import { compareStrings } from "../engine/uncertainty-util.ts";
+import { roleOf } from "../model/entities.ts";
+import type { DetectorStats, EvidenceStep, Finding } from "../model/finding.ts";
+import type { SemanticModel } from "../model/model.ts";
+import { fingerprintOf } from "../projection/finding-fingerprint.ts";
+import { toConfidence } from "./confidence.ts";
+import type { DetectorContext } from "./detector-context.ts";
+
+const EXIT_DESCRIPTION: Record<"exit" | "error" | "currreport-quit", string> = {
+	exit: "Exit",
+	error: "Error",
+	"currreport-quit": "CurrReport.Quit",
+};
+
+/**
+ * D20 — a statement that immediately follows an unconditional exit
+ * (`Exit;` / `Error(...)` / `CurrReport.Quit`) inside the same code block.
+ * Control reaches the exit and never returns to the next statement.
+ *
+ * The indexer captures the exit anchor and the first unreachable sibling
+ * during the body DFS (`Routine.features.unreachableStatements`); this
+ * detector just emits one finding per recorded pair. Nested blocks
+ * (inside `if`, loops, etc.) are tracked independently because the
+ * indexer walks every code_block.
+ */
+export function detectD20(
+	model: SemanticModel,
+	_graph: CombinedGraph,
+	_ctx: DetectorContext,
+): { findings: Finding[]; stats: DetectorStats } {
+	const findings: Finding[] = [];
+	let candidatesConsidered = 0;
+
+	for (const routine of model.routines) {
+		if (roleOf(routine) !== "primary") continue;
+		if (!routine.bodyAvailable) continue;
+		if (routine.parseIncomplete) continue;
+		candidatesConsidered++;
+
+		for (const u of routine.features.unreachableStatements) {
+			const kindLabel = EXIT_DESCRIPTION[u.exitKind];
+			const path: EvidenceStep[] = [
+				{
+					routineId: routine.id,
+					sourceAnchor: u.exitAnchor,
+					note: `${kindLabel} statement — control leaves the routine here`,
+				},
+				{
+					routineId: routine.id,
+					sourceAnchor: u.unreachableAnchor,
+					note: "this statement (and any siblings after it) is never executed",
+				},
+			];
+
+			const finding: Finding = {
+				id: `d20/${u.id}`,
+				rootCauseKey: `d20/${u.id}`,
+				detector: "d20-unreachable-after-exit",
+				title: "Unreachable statement after unconditional exit",
+				rootCause: `${routine.name}: the statement after \`${kindLabel}\` is unreachable — control leaves the routine before it can run.`,
+				severity: "low",
+				confidence: toConfidence([], "likely"),
+				primaryLocation: u.unreachableAnchor,
+				evidencePath: path,
+				affectedObjects: [routine.objectId],
+				affectedTables: [],
+				fixOptions: [
+					{
+						description:
+							"Remove the unreachable statement, or move the preceding exit / Error / Quit inside a conditional so the later code can run.",
+						safety: "high",
+					},
+				],
+				provenance: [{ source: "tree-sitter" }],
+			};
+			finding.fingerprint = fingerprintOf(finding, model);
+			findings.push(finding);
+		}
+	}
+
+	const sorted = findings.sort((a, b) => compareStrings(a.id, b.id));
+	return {
+		findings: sorted,
+		stats: {
+			detector: "d20-unreachable-after-exit",
+			candidatesConsidered,
+			findingsEmitted: sorted.length,
+			skipped: {},
+		},
+	};
+}

package/src/detectors/d21-read-without-load.ts

@@ -0,0 +1,128 @@
+import type { CombinedGraph } from "../engine/combined-graph.ts";
+import { beforeAnchor } from "../engine/source-anchor.ts";
+import { compareStrings } from "../engine/uncertainty-util.ts";
+import { roleOf } from "../model/entities.ts";
+import type { DetectorStats, EvidenceStep, Finding } from "../model/finding.ts";
+import type { SemanticModel } from "../model/model.ts";
+import { fingerprintOf } from "../projection/finding-fingerprint.ts";
+import { toConfidence } from "./confidence.ts";
+import type { DetectorContext } from "./detector-context.ts";
+
+/**
+ * Ops that legitimately put a record into a "loaded / initialised" state in memory.
+ * Same set as D11 (the write-side sibling of this detector). A by-var parameter is
+ * also treated as loaded (the caller is responsible).
+ */
+const LOAD_OPS: ReadonlySet<string> = new Set([
+	"Get",
+	"FindFirst",
+	"FindLast",
+	"FindSet",
+	"Find",
+	"Next",
+	"Init",
+	"Insert",
+	"Copy",
+]);
+
+/**
+ * Read-side ops that read the CURRENT record's fields and therefore require a prior load:
+ *   - `TestField` — runtime check that a field is not blank; raises Error otherwise.
+ *   - `CalcFields` / `CalcSums` — materialise FlowFields from SQL.
+ *
+ * Without a prior load these operate on the in-memory default record (a zero-initialised
+ * row), which is at best a no-op (`TestField` always fires) and at worst hides real
+ * loading bugs.
+ */
+const READING_OPS: ReadonlySet<string> = new Set(["TestField", "CalcFields", "CalcSums"]);
+
+/**
+ * D21 — read-side sibling of D11. Flags `TestField` / `CalcFields` / `CalcSums` on a
+ * record variable that was never loaded earlier in the same routine. Skips by-var
+ * parameter records (caller-loaded).
+ */
+export function detectD21(
+	model: SemanticModel,
+	_graph: CombinedGraph,
+	_ctx: DetectorContext,
+): { findings: Finding[]; stats: DetectorStats } {
+	const findings: Finding[] = [];
+	let candidatesConsidered = 0;
+	let skippedParseIncomplete = 0;
+	let skippedParameter = 0;
+
+	for (const routine of model.routines) {
+		if (roleOf(routine) !== "primary") continue;
+		if (!routine.bodyAvailable) continue;
+		if (routine.parseIncomplete) {
+			skippedParseIncomplete++;
+			continue;
+		}
+		candidatesConsidered++;
+
+		const paramRecordNames = new Set(
+			routine.features.recordVariables
+				.filter((rv) => rv.isParameter)
+				.map((rv) => rv.name.toLowerCase()),
+		);
+
+		for (const op of routine.features.recordOperations) {
+			if (!READING_OPS.has(op.op)) continue;
+			const varKey = op.recordVariableName.toLowerCase();
+			if (paramRecordNames.has(varKey)) {
+				skippedParameter++;
+				continue;
+			}
+			const loadedBefore = routine.features.recordOperations.some(
+				(other) =>
+					LOAD_OPS.has(other.op) &&
+					other.recordVariableName.toLowerCase() === varKey &&
+					beforeAnchor(other.sourceAnchor, op.sourceAnchor),
+			);
+			if (loadedBefore) continue;
+
+			const path: EvidenceStep[] = [
+				{
+					routineId: routine.id,
+					operationId: op.id,
+					sourceAnchor: op.sourceAnchor,
+					note: `${op.op} on ${op.recordVariableName} with no prior Get/Find/Init in this routine`,
+				},
+			];
+			const finding: Finding = {
+				id: `d21/${routine.id}/${op.id}`,
+				rootCauseKey: `d21/${routine.id}/${op.id}`,
+				detector: "d21-read-without-load",
+				title: "Read on uninitialised record",
+				rootCause: `${routine.name} calls ${op.op} on ${op.recordVariableName} but never loaded it — the call operates on a default record and may silently succeed or always raise.`,
+				severity: "medium",
+				confidence: toConfidence([], "likely"),
+				primaryLocation: op.sourceAnchor,
+				evidencePath: path,
+				affectedObjects: [routine.objectId],
+				affectedTables: op.tableId !== undefined ? [op.tableId] : [],
+				fixOptions: [
+					{
+						description:
+							"Load the record with Get / FindFirst before TestField/CalcFields, or pass it in as a var parameter from a caller that loaded it.",
+						safety: "high",
+					},
+				],
+				provenance: [{ source: "tree-sitter" }],
+			};
+			finding.fingerprint = fingerprintOf(finding, model);
+			findings.push(finding);
+		}
+	}
+
+	const stats: DetectorStats = {
+		detector: "d21-read-without-load",
+		candidatesConsidered,
+		findingsEmitted: findings.length,
+		skipped: {
+			...(skippedParseIncomplete > 0 ? { parseIncomplete: skippedParseIncomplete } : {}),
+			...(skippedParameter > 0 ? { parameter: skippedParameter } : {}),
+		},
+	};
+	return { findings: findings.sort((a, b) => compareStrings(a.id, b.id)), stats };
+}

package/src/detectors/d22-flowfield-without-calcfields.ts

@@ -0,0 +1,168 @@
+import type { CombinedGraph } from "../engine/combined-graph.ts";
+import { beforeAnchor } from "../engine/source-anchor.ts";
+import { compareStrings } from "../engine/uncertainty-util.ts";
+import { roleOf } from "../model/entities.ts";
+import type { Field, FieldAccess, RecordOperation, Table } from "../model/entities.ts";
+import { unquotedFieldName } from "../model/expression.ts";
+import type { DetectorStats, EvidenceStep, Finding } from "../model/finding.ts";
+import type { TableId } from "../model/ids.ts";
+import type { SemanticModel } from "../model/model.ts";
+import { fingerprintOf } from "../projection/finding-fingerprint.ts";
+import { toConfidence } from "./confidence.ts";
+import type { DetectorContext } from "./detector-context.ts";
+
+/**
+ * D22 — accessing a FlowField on a record without calling `CalcFields(<field>)`
+ * earlier in the routine. In AL, a FlowField is not materialised by a regular SQL
+ * load (Get/Find*); reading it returns the AL default (0 for numeric, '' for text)
+ * until `CalcFields` runs against that specific field. The cost of mis-reading a
+ * FlowField is silent: the calling code looks correct but treats every customer as
+ * having a zero balance, etc.
+ *
+ * Detection (intraprocedural):
+ *  1. Resolve the record-var to its table (via `recordVariables[].tableId`).
+ *  2. Resolve the field name to a `Field` and test `fieldClass === "FlowField"`.
+ *  3. Check whether any `CalcFields(...)` call on the same record-var earlier in the
+ *     same routine lists the field name (case-insensitive) in its `fieldArguments`.
+ *  4. If no covering CalcFields, emit a finding anchored on the field access.
+ *
+ * Skipped:
+ *  - record-vars whose tableId did not resolve (the field's fieldClass is unknown).
+ *  - by-var parameter records (caller might have already called CalcFields).
+ */
+export function detectD22(
+	model: SemanticModel,
+	_graph: CombinedGraph,
+	ctx: DetectorContext,
+): { findings: Finding[]; stats: DetectorStats } {
+	const findings: Finding[] = [];
+	const { tableById } = ctx;
+	let candidatesConsidered = 0;
+	let skippedUnresolvedTable = 0;
+	let skippedParameter = 0;
+
+	for (const routine of model.routines) {
+		if (roleOf(routine) !== "primary") continue;
+		if (!routine.bodyAvailable) continue;
+		if (routine.parseIncomplete) continue;
+		candidatesConsidered++;
+
+		const recordVarByNameLc = new Map(
+			routine.features.recordVariables.map((rv) => [rv.name.toLowerCase(), rv]),
+		);
+		const paramRecordNames = new Set(
+			routine.features.recordVariables
+				.filter((rv) => rv.isParameter)
+				.map((rv) => rv.name.toLowerCase()),
+		);
+
+		for (const fa of routine.features.fieldAccesses) {
+			const recordVarKey = fa.recordVariableName.toLowerCase();
+			if (paramRecordNames.has(recordVarKey)) {
+				skippedParameter++;
+				continue;
+			}
+			const recordVar = recordVarByNameLc.get(recordVarKey);
+			const tableId: TableId | undefined = recordVar?.tableId;
+			if (tableId === undefined) {
+				skippedUnresolvedTable++;
+				continue;
+			}
+			const table = tableById.get(tableId);
+			if (table === undefined) {
+				skippedUnresolvedTable++;
+				continue;
+			}
+			const field = lookupField(table, fa.fieldName);
+			if (field === undefined) continue;
+			if (field.fieldClass !== "FlowField") continue;
+
+			// Was the field calc'd earlier in this routine on the same record-var?
+			if (covered(routine.features.recordOperations, recordVarKey, fa.fieldName, fa.sourceAnchor))
+				continue;
+
+			emit(routine, fa, field, table, findings, model);
+		}
+	}
+
+	const sorted = findings.sort((a, b) => compareStrings(a.id, b.id));
+	return {
+		findings: sorted,
+		stats: {
+			detector: "d22-flowfield-without-calcfields",
+			candidatesConsidered,
+			findingsEmitted: sorted.length,
+			skipped: {
+				...(skippedUnresolvedTable > 0 ? { unresolvedTable: skippedUnresolvedTable } : {}),
+				...(skippedParameter > 0 ? { parameter: skippedParameter } : {}),
+			},
+		},
+	};
+}
+
+function lookupField(table: Table, fieldName: string): Field | undefined {
+	// `FieldAccess.fieldName` is already the unquoted name — the body indexer
+	// strips `quoted_identifier` quotes at extraction time, so a plain
+	// case-insensitive compare suffices here.
+	const wanted = fieldName.toLowerCase();
+	return table.fields.find((f) => f.name.toLowerCase() === wanted);
+}
+
+function covered(
+	ops: RecordOperation[],
+	recordVarKey: string,
+	fieldName: string,
+	accessAnchor: FieldAccess["sourceAnchor"],
+): boolean {
+	const wanted = fieldName.toLowerCase();
+	for (const op of ops) {
+		if (op.op !== "CalcFields") continue;
+		if (op.recordVariableName.toLowerCase() !== recordVarKey) continue;
+		if (!beforeAnchor(op.sourceAnchor, accessAnchor)) continue;
+		// Each CalcFields arg is structured — `unquotedFieldName` returns the
+		// `value` (unquoted) for quoted identifiers / string literals, or the
+		// bare text otherwise. No regex shred.
+		const infos = op.fieldArgumentInfos ?? [];
+		if (infos.some((info) => unquotedFieldName(info) === wanted)) return true;
+	}
+	return false;
+}
+
+function emit(
+	routine: { id: string; objectId: string; name: string },
+	fa: FieldAccess,
+	field: Field,
+	table: Table,
+	findings: Finding[],
+	model: SemanticModel,
+): void {
+	const path: EvidenceStep[] = [
+		{
+			routineId: routine.id,
+			sourceAnchor: fa.sourceAnchor,
+			note: `reads FlowField ${table.name}.${field.name} without a prior CalcFields(${field.name}) on ${fa.recordVariableName}`,
+		},
+	];
+	const finding: Finding = {
+		id: `d22/${routine.id}/${fa.recordVariableName.toLowerCase()}/${field.name.toLowerCase()}/${fa.sourceAnchor.range.startLine}:${fa.sourceAnchor.range.startColumn}`,
+		rootCauseKey: `d22/${routine.id}/${fa.recordVariableName.toLowerCase()}/${field.name.toLowerCase()}`,
+		detector: "d22-flowfield-without-calcfields",
+		title: "FlowField read without prior CalcFields",
+		rootCause: `${routine.name} reads ${table.name}.${field.name} (a FlowField) but never called CalcFields(${field.name}) on ${fa.recordVariableName} — the read returns the AL default (0 / empty), not the live value.`,
+		severity: "medium",
+		confidence: toConfidence([], "likely"),
+		primaryLocation: fa.sourceAnchor,
+		evidencePath: path,
+		affectedObjects: [routine.objectId],
+		affectedTables: [table.id],
+		fixOptions: [
+			{
+				description: `Call \`${fa.recordVariableName}.CalcFields(${field.name});\` before reading the field. Hoist the CalcFields out of any tight loop to avoid an N+1.`,
+				safety: "high",
+			},
+		],
+		provenance: [{ source: "tree-sitter" }],
+	};
+	finding.fingerprint = fingerprintOf(finding, model);
+	findings.push(finding);
+}

package/src/detectors/d29-subscriber-modify-on-event-record.ts

@@ -0,0 +1,163 @@
+import { parseRoutineAttributes } from "../engine/attribute-parser.ts";
+import type { CombinedGraph } from "../engine/combined-graph.ts";
+import { compareStrings } from "../engine/uncertainty-util.ts";
+import { findAttribute, stringArg } from "../model/attributes.ts";
+import { roleOf } from "../model/entities.ts";
+import type { ParameterSymbol, RecordOperation, Routine } from "../model/entities.ts";
+import type { DetectorStats, EvidenceStep, Finding } from "../model/finding.ts";
+import type { SemanticModel } from "../model/model.ts";
+import { fingerprintOf } from "../projection/finding-fingerprint.ts";
+import { toConfidence } from "./confidence.ts";
+import type { DetectorContext } from "./detector-context.ts";
+
+const MUTATING_OPS: ReadonlySet<string> = new Set(["Modify", "ModifyAll", "Delete", "DeleteAll"]);
+
+/** Extract the publisher-event name from a routine's `[EventSubscriber(...)]` attribute.
+ * Returns the third positional arg (the event name), lowercased. Returns undefined when
+ * the routine isn't a subscriber or the event-name arg is missing/malformed. */
+function eventName(routine: Routine): string | undefined {
+	const attr = findAttribute(routine.attributesParsed, "EventSubscriber");
+	if (attr === undefined) return undefined;
+	return stringArg(attr, 2)?.toLowerCase();
+}
+
+/** The publisher-side event names that fire AROUND a record Modify/Delete and pass the
+ * affected record as the first parameter. Subscribing and then mutating that parameter
+ * is the recursive-trigger hazard D29 catches. */
+const MODIFY_EVENT_PATTERNS: RegExp[] = [
+	/onafter(?:validate)?modify(?:event)?/i,
+	/onbefore(?:validate)?modify(?:event)?/i,
+	/onaftermodifyevent/i,
+	/onbeforemodifyevent/i,
+	/onafterdelete(?:event)?/i,
+	/onbeforedelete(?:event)?/i,
+];
+
+function isModifyEvent(name: string | undefined): boolean {
+	if (name === undefined) return false;
+	return MODIFY_EVENT_PATTERNS.some((re) => re.test(name));
+}
+
+/**
+ * D29 — an `[EventSubscriber]` of a record-modify (or delete) event that calls
+ * `Modify` / `ModifyAll` / `Delete` / `DeleteAll` on the inbound record parameter
+ * re-fires the same publisher event, opening a recursive-trigger loop.
+ *
+ * Two conditions:
+ *  1. Routine carries `[EventSubscriber(ObjectType::..., ..., '<eventName>', ...)]`
+ *     and `<eventName>` matches a Modify/Delete-shaped pattern
+ *     (OnAfter*Modify*, OnBefore*Modify*, OnAfterDelete*, OnBeforeDelete*).
+ *  2. Body has a Modify/ModifyAll/Delete/DeleteAll on a record-typed parameter
+ *     (typically the first record parameter — the "Rec" the event handed over).
+ *
+ * Severity: `medium`. Real bugs of this shape can be `high`, but al-sem can't yet
+ * distinguish `Modify(true)` (re-fires events, definitely recursive) from
+ * `Modify(false)` (skips triggers). Future work: capture Modify arguments and
+ * escalate when the `RunTrigger` flag is true or omitted.
+ *
+ * Skipped:
+ *  - non-subscribers / non-Modify events;
+ *  - routines without a record-typed parameter (nothing to mutate);
+ *  - mutations on non-parameter local records (those are D11/D10 territory).
+ */
+export function detectD29(
+	model: SemanticModel,
+	_graph: CombinedGraph,
+	_ctx: DetectorContext,
+): { findings: Finding[]; stats: DetectorStats } {
+	const findings: Finding[] = [];
+	let candidatesConsidered = 0;
+	let skippedNonModifyEvent = 0;
+	let skippedNoRecordParam = 0;
+
+	for (const routine of model.routines) {
+		if (roleOf(routine) !== "primary") continue;
+		if (routine.kind !== "event-subscriber") continue;
+		if (!routine.bodyAvailable) continue;
+		if (routine.parseIncomplete) continue;
+		// Cross-check via the attribute parser so we don't double-flag if the routine has
+		// `[Obsolete]` or weird modifiers — parseRoutineAttributes ignores EventSubscriber
+		// but it's a cheap consistency check.
+		void parseRoutineAttributes(routine);
+
+		const evt = eventName(routine);
+		if (!isModifyEvent(evt)) {
+			skippedNonModifyEvent++;
+			continue;
+		}
+		const recordParams = routine.parameters.filter((p): p is ParameterSymbol => p.isRecord);
+		if (recordParams.length === 0) {
+			skippedNoRecordParam++;
+			continue;
+		}
+		candidatesConsidered++;
+
+		const paramNamesLc = new Set(recordParams.map((p) => p.name.toLowerCase()));
+		for (const op of routine.features.recordOperations) {
+			if (!MUTATING_OPS.has(op.op)) continue;
+			const varKey = op.recordVariableName.toLowerCase();
+			if (!paramNamesLc.has(varKey)) continue;
+
+			emit(routine, op, evt ?? "<unknown event>", findings, model);
+		}
+	}
+
+	const sorted = findings.sort((a, b) => compareStrings(a.id, b.id));
+	return {
+		findings: sorted,
+		stats: {
+			detector: "d29-subscriber-modify-on-event-record",
+			candidatesConsidered,
+			findingsEmitted: sorted.length,
+			skipped: {
+				...(skippedNonModifyEvent > 0 ? { nonModifyEvent: skippedNonModifyEvent } : {}),
+				...(skippedNoRecordParam > 0 ? { noRecordParam: skippedNoRecordParam } : {}),
+			},
+		},
+	};
+}
+
+function emit(
+	routine: Routine,
+	op: RecordOperation,
+	eventNameLc: string,
+	findings: Finding[],
+	model: SemanticModel,
+): void {
+	const path: EvidenceStep[] = [
+		{
+			routineId: routine.id,
+			sourceAnchor: routine.sourceAnchor,
+			note: `[EventSubscriber] ${routine.name} on '${eventNameLc}'`,
+		},
+		{
+			routineId: routine.id,
+			operationId: op.id,
+			sourceAnchor: op.sourceAnchor,
+			note: `${op.op} on ${op.recordVariableName} — the event's inbound record parameter`,
+		},
+	];
+	const finding: Finding = {
+		id: `d29/${routine.id}/${op.id}`,
+		rootCauseKey: `d29/${routine.id}/${op.id}`,
+		detector: "d29-subscriber-modify-on-event-record",
+		title: "Event subscriber mutates the inbound record",
+		rootCause: `${routine.name} subscribes to '${eventNameLc}' and calls ${op.op} on ${op.recordVariableName}, the inbound record parameter — re-firing the same event from a subscriber can recurse.`,
+		severity: "medium",
+		confidence: toConfidence([], "likely"),
+		primaryLocation: op.sourceAnchor,
+		evidencePath: path,
+		affectedObjects: [routine.objectId],
+		affectedTables: op.tableId !== undefined ? [op.tableId] : [],
+		fixOptions: [
+			{
+				description:
+					"Either use Modify(false) to suppress trigger re-firing, perform the mutation on a fresh record loaded by primary key, or move the work outside the subscriber path.",
+				safety: "medium",
+			},
+		],
+		provenance: [{ source: "tree-sitter" }],
+	};
+	finding.fingerprint = fingerprintOf(finding, model);
+	findings.push(finding);
+}

package/src/detectors/d3-load-state.ts

@@ -0,0 +1,72 @@
+import type { RecordOperation, Routine } from "../model/entities.ts";
+
+/** The load-field state of a record variable at a point in the operation stream. */
+export type LoadState =
+	| { kind: "none" } // no SetLoadFields seen — the full record is loaded
+	| { kind: "loaded"; fields: Set<string> } // a partial load set is active
+	| { kind: "invalidated" }; // Reset / Copy / TransferFields cleared the analysable state
+
+/** A retrieval op paired with the load state of its record variable at that site. */
+export interface LoadStateAtRetrieval {
+	retrievalOp: RecordOperation;
+	recordVariableName: string;
+	loadState: LoadState;
+}
+
+const RETRIEVAL_OPS = new Set(["FindSet", "FindFirst", "FindLast", "Get"]);
+
+/** Source order: line then column. */
+function inSourceOrder(a: RecordOperation, b: RecordOperation): number {
+	const ra = a.sourceAnchor.range;
+	const rb = b.sourceAnchor.range;
+	if (ra.startLine !== rb.startLine) return ra.startLine - rb.startLine;
+	return ra.startColumn - rb.startColumn;
+}
+
+/**
+ * Reconstruct per-record-variable load-field state by walking the routine's record
+ * operations in source order. Returns one entry per retrieval op (`FindSet` / `FindFirst` /
+ * `FindLast` / `Get`) with the load state of its record variable at that point.
+ *
+ * `SetLoadFields` sets a partial load set; `AddLoadFields` unions; `Reset` / `Copy` /
+ * `TransferFields` invalidate the analysable state. All record-variable names are compared
+ * case-insensitively (AL identifiers are case-insensitive).
+ */
+export function deriveLoadStates(routine: Routine): LoadStateAtRetrieval[] {
+	const ops = [...routine.features.recordOperations].sort(inSourceOrder);
+	const stateByVar = new Map<string, LoadState>();
+	const out: LoadStateAtRetrieval[] = [];
+
+	for (const op of ops) {
+		const varKey = op.recordVariableName.toLowerCase();
+		const current = stateByVar.get(varKey) ?? { kind: "none" };
+
+		if (op.op === "SetLoadFields") {
+			stateByVar.set(varKey, {
+				kind: "loaded",
+				fields: new Set((op.fieldArguments ?? []).map((f) => f.toLowerCase())),
+			});
+			continue;
+		}
+		if (op.op === "AddLoadFields") {
+			const next = new Set(current.kind === "loaded" ? current.fields : []);
+			for (const f of op.fieldArguments ?? []) next.add(f.toLowerCase());
+			stateByVar.set(varKey, { kind: "loaded", fields: next });
+			continue;
+		}
+		if (op.op === "Reset" || op.op === "Copy" || op.op === "TransferFields") {
+			stateByVar.set(varKey, { kind: "invalidated" });
+			continue;
+		}
+		if (RETRIEVAL_OPS.has(op.op)) {
+			out.push({
+				retrievalOp: op,
+				recordVariableName: op.recordVariableName,
+				loadState:
+					current.kind === "loaded" ? { kind: "loaded", fields: new Set(current.fields) } : current,
+			});
+		}
+	}
+
+	return out;
+}