autosnippet 3.0.0 → 3.0.2

package/lib/service/guard/GuardCheckEngine.js

@@ -1,24 +1,38 @@
 /**
  * GuardCheckEngine - Guard 规则检查引擎
- * 
+ *
  * 从 V1 guard/ios 迁移，适配 V2 架构
  * 支持: 正则模式匹配 + AST 语义规则 + code-level 检查 + 多维度审计
  */
 
-import Logger from '../../infrastructure/logging/Logger.js';
 import * as AstAnalyzerModule from '../../core/AstAnalyzer.js';
+import Logger from '../../infrastructure/logging/Logger.js';
+import { LanguageService } from '../../shared/LanguageService.js';
 
 /**
- * 内置默认规则集（iOS: ObjC + Swift）
- * 用于在数据库为空时提供基础检查能力
+ * 内置默认规则集 — 多语言基础规则
+ *
+ * 每条规则包含:
+ *   - message: 违反时的中文提示
+ *   - severity: 'error' | 'warning' | 'info'
+ *   - pattern: 行级正则（不跨行）
+ *   - languages: 适用语言数组
+ *   - dimension: 'file' | 'target' | 'project'
+ *   - category: 规则分类 (安全 / 性能 / 风格 / 正确性)
+ *   - fixSuggestion?: 修复建议
  */
 const BUILT_IN_RULES = {
+  // ══════════════════════════════════════════════════════════
+  //  ObjC / Swift — iOS 核心规则
+  // ══════════════════════════════════════════════════════════
+
   'no-main-thread-sync': {
     message: '禁止在主线程上使用 dispatch_sync(main)，易死锁',
     severity: 'error',
     pattern: 'dispatch_sync\\s*\\([^)]*main',
     languages: ['objc', 'swift'],
     dimension: 'file',
+    category: 'correctness',
   },
   'main-thread-sync-swift': {
     message: '禁止在主线程上使用 DispatchQueue.main.sync，易死锁',
@@ -26,13 +40,16 @@ const BUILT_IN_RULES = {
     pattern: 'DispatchQueue\\.main\\.sync',
     languages: ['swift'],
     dimension: 'file',
+    category: 'correctness',
   },
   'objc-dealloc-async': {
     message: 'dealloc 内禁止使用 dispatch_async/dispatch_after/postNotification 等',
     severity: 'error',
-    pattern: '(dealloc.*(dispatch_async|dispatch_after|postNotification|performSelector.*afterDelay))',
+    pattern:
+      '(dealloc.*(dispatch_async|dispatch_after|postNotification|performSelector.*afterDelay))',
     languages: ['objc'],
     dimension: 'file',
+    category: 'correctness',
   },
   'objc-block-retain-cycle': {
     message: 'block 内直接使用 self 可能循环引用，建议 weakSelf',
@@ -40,6 +57,8 @@ const BUILT_IN_RULES = {
     pattern: '\\^\\s*[({][^}]*\\bself\\b',
     languages: ['objc'],
     dimension: 'file',
+    category: 'correctness',
+    fixSuggestion: '声明 __weak typeof(self) weakSelf = self; 后在 block 内使用 weakSelf',
   },
   'objc-assign-object': {
     message: 'assign 用于对象类型会产生悬垂指针，建议改为 weak 或 strong',
@@ -47,6 +66,7 @@ const BUILT_IN_RULES = {
     pattern: '@property\\s*\\([^)]*\\bassign\\b[^)]*\\)[^;]*(\\*|id\\s*<|\\bid\\s+)',
     languages: ['objc'],
     dimension: 'file',
+    category: 'correctness',
   },
   'swift-force-cast': {
     message: '强制类型转换 as! 在失败时崩溃，建议 as? 或 guard let',
@@ -54,6 +74,8 @@ const BUILT_IN_RULES = {
     pattern: 'as\\s*!',
     languages: ['swift'],
     dimension: 'file',
+    category: 'safety',
+    fixSuggestion: '使用 as? 配合 guard let / if let 进行安全转换',
   },
   'swift-force-try': {
     message: 'try! 在异常时崩溃，建议 do-catch 或 try?',
@@ -61,13 +83,16 @@ const BUILT_IN_RULES = {
     pattern: 'try\\s*!',
     languages: ['swift'],
     dimension: 'file',
+    category: 'safety',
   },
   'objc-timer-retain-cycle': {
-    message: 'NSTimer 以 self 为 target 会强引用 self，需在 dealloc 前 invalidate 或使用 block 形式',
+    message:
+      'NSTimer 以 self 为 target 会强引用 self，需在 dealloc 前 invalidate 或使用 block 形式',
     severity: 'warning',
     pattern: '(scheduledTimerWithTimeInterval|timerWithTimeInterval)[^;]*target\\s*:\\s*self',
     languages: ['objc'],
     dimension: 'file',
+    category: 'correctness',
   },
   'objc-possible-main-thread-blocking': {
     message: 'sleep/usleep 可能造成主线程阻塞',
@@ -75,9 +100,12 @@ const BUILT_IN_RULES = {
     pattern: '\\b(sleep|usleep)\\s*\\(',
     languages: ['objc'],
     dimension: 'file',
+    category: 'performance',
   },
 
-  // ── 通用 JavaScript / TypeScript 规则 ──────────────────
+  // ══════════════════════════════════════════════════════════
+  //  JavaScript / TypeScript
+  // ══════════════════════════════════════════════════════════
 
   'js-no-eval': {
     message: 'eval() 存在安全风险和性能问题，应避免使用',
@@ -85,6 +113,7 @@ const BUILT_IN_RULES = {
     pattern: '\\beval\\s*\\(',
     languages: ['javascript', 'typescript'],
     dimension: 'file',
+    category: 'safety',
   },
   'js-no-var': {
     message: '使用 let/const 替代 var，避免变量提升问题',
@@ -92,6 +121,7 @@ const BUILT_IN_RULES = {
     pattern: '\\bvar\\s+\\w+',
     languages: ['javascript', 'typescript'],
     dimension: 'file',
+    category: 'style',
   },
   'js-no-console-log': {
     message: '生产代码应移除 console.log，使用专用日志库',
@@ -99,6 +129,7 @@ const BUILT_IN_RULES = {
     pattern: 'console\\.log\\s*\\(',
     languages: ['javascript', 'typescript'],
     dimension: 'file',
+    category: 'style',
   },
   'js-no-debugger': {
     message: '生产代码中不应包含 debugger 语句',
@@ -106,13 +137,15 @@ const BUILT_IN_RULES = {
     pattern: '\\bdebugger\\b',
     languages: ['javascript', 'typescript'],
     dimension: 'file',
+    category: 'style',
   },
-  'ts-no-any': {
-    message: '避免使用 any 类型，使用 unknown 或具体类型',
+  'js-no-alert': {
+    message: '生产代码中不应使用 alert()，影响用户体验',
     severity: 'warning',
-    pattern: ':\\s*any\\b',
-    languages: ['typescript'],
+    pattern: '\\balert\\s*\\(',
+    languages: ['javascript', 'typescript'],
     dimension: 'file',
+    category: 'style',
   },
   'ts-no-non-null-assertion': {
     message: '非空断言 ! 可能掩盖 null/undefined 错误',
@@ -120,9 +153,12 @@ const BUILT_IN_RULES = {
     pattern: '\\w+!\\.',
     languages: ['typescript'],
     dimension: 'file',
+    category: 'safety',
   },
 
-  // ── Python 规则 ──────────────────────────────────────
+  // ══════════════════════════════════════════════════════════
+  //  Python
+  // ══════════════════════════════════════════════════════════
 
   'py-no-bare-except': {
     message: '裸 except: 会捕获所有异常（含 SystemExit），应指定异常类型',
@@ -130,6 +166,7 @@ const BUILT_IN_RULES = {
     pattern: 'except\\s*:',
     languages: ['python'],
     dimension: 'file',
+    category: 'correctness',
   },
   'py-no-exec': {
     message: 'exec() 存在安全风险，应避免使用',
@@ -137,16 +174,37 @@ const BUILT_IN_RULES = {
     pattern: '\\bexec\\s*\\(',
     languages: ['python'],
     dimension: 'file',
+    category: 'safety',
   },
   'py-no-mutable-default': {
     message: '函数默认参数使用可变对象（list/dict/set）会导致共享状态 bug',
     severity: 'warning',
-    pattern: 'def\\s+\\w+\\s*\\([^)]*=\\s*\\[\\]',
+    pattern: 'def\\s+\\w+\\s*\\([^)]*=\\s*(?:\\[\\]|\\{\\}|set\\(\\))',
+    languages: ['python'],
+    dimension: 'file',
+    category: 'correctness',
+  },
+  'py-no-star-import': {
+    message: 'from module import * 导致命名空间污染，应显式导入',
+    severity: 'warning',
+    pattern: 'from\\s+\\S+\\s+import\\s+\\*',
     languages: ['python'],
     dimension: 'file',
+    category: 'style',
+  },
+  'py-no-assert-in-prod': {
+    message: 'assert 在 -O 模式下会被移除，不应用于生产逻辑校验',
+    severity: 'info',
+    pattern: '^\\s*assert\\s+',
+    languages: ['python'],
+    dimension: 'file',
+    category: 'correctness',
+    excludePaths: /(?:^|[\/\\])tests?[\/\\]|[\/\\]test_[^\/\\]*\.py$|_test\.py$/,
   },
 
-  // ── Java / Kotlin 规则 ──────────────────────────────
+  // ══════════════════════════════════════════════════════════
+  //  Java / Kotlin
+  // ══════════════════════════════════════════════════════════
 
   'java-no-system-exit': {
     message: 'System.exit() 直接终止 JVM，应抛异常或返回状态码',
@@ -154,6 +212,7 @@ const BUILT_IN_RULES = {
     pattern: 'System\\.exit\\s*\\(',
     languages: ['java', 'kotlin'],
     dimension: 'file',
+    category: 'correctness',
   },
   'java-no-raw-type': {
     message: '使用泛型集合替代原始类型 (如 List<String> 替代 List)',
@@ -161,9 +220,37 @@ const BUILT_IN_RULES = {
     pattern: '(List|Map|Set|Collection|Iterable)\\s+\\w+\\s*[=;]',
     languages: ['java'],
     dimension: 'file',
+    category: 'style',
+  },
+  'java-no-empty-catch': {
+    message: '空 catch 块会静默吞掉异常，至少应记录日志',
+    severity: 'warning',
+    pattern: 'catch\\s*\\([^)]+\\)\\s*\\{\\s*\\}',
+    languages: ['java', 'kotlin'],
+    dimension: 'file',
+    category: 'correctness',
+  },
+  'java-no-thread-stop': {
+    message: 'Thread.stop() 已废弃且不安全，使用 interrupt() 协作式终止',
+    severity: 'error',
+    pattern: '\\.stop\\s*\\(\\)',
+    languages: ['java'],
+    dimension: 'file',
+    category: 'safety',
+  },
+  'kotlin-no-force-unwrap': {
+    message: '!! 非空断言在值为 null 时抛 NPE，应使用 ?. 或 ?: 安全访问',
+    severity: 'warning',
+    pattern: '\\w+!!',
+    languages: ['kotlin'],
+    dimension: 'file',
+    category: 'safety',
+    fixSuggestion: '使用 ?. 安全调用或 ?: 提供默认值',
   },
 
-  // ── Go 规则 ──────────────────────────────────────────
+  // ══════════════════════════════════════════════════════════
+  //  Go
+  // ══════════════════════════════════════════════════════════
 
   'go-no-panic': {
     message: 'panic 应仅用于不可恢复错误，库代码应返回 error',
@@ -171,52 +258,120 @@ const BUILT_IN_RULES = {
     pattern: '\\bpanic\\s*\\(',
     languages: ['go'],
     dimension: 'file',
+    category: 'correctness',
   },
   'go-no-err-ignored': {
     message: '错误值不应用 _ 忽略，应处理或明确标注',
     severity: 'warning',
-    pattern: '\\b_\\s*,\\s*err\\s*:?=|_\\s*=\\s*\\w+\\(',
+    pattern: '\\w+\\s*,\\s*_\\s*:?=\\s*\\w|_\\s*=\\s*\\w+\\.[A-Z]\\w*\\(',
+    languages: ['go'],
+    dimension: 'file',
+    category: 'correctness',
+  },
+  'go-no-init-abuse': {
+    message: 'init() 函数副作用难以追踪，避免在 init 中执行复杂逻辑',
+    severity: 'info',
+    pattern: 'func\\s+init\\s*\\(\\s*\\)',
     languages: ['go'],
     dimension: 'file',
+    category: 'style',
+  },
+  'go-no-global-var': {
+    message: '全局可变变量导致并发安全问题，考虑使用依赖注入',
+    severity: 'info',
+    pattern: '^var\\s+\\w+\\s+',
+    languages: ['go'],
+    dimension: 'file',
+    category: 'style',
   },
 
-  // ── Rust 规则 ────────────────────────────────────────
+  // ══════════════════════════════════════════════════════════
+  //  Dart (Flutter)
+  // ══════════════════════════════════════════════════════════
+
+  'dart-no-print': {
+    message: '生产代码应使用 logger 替代 print()，便于日志分级和关闭',
+    severity: 'info',
+    pattern: '\\bprint\\s*\\(',
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'style',
+  },
+  'dart-avoid-dynamic': {
+    message: '避免使用 dynamic 类型，使用具体类型或泛型提升类型安全',
+    severity: 'warning',
+    pattern: '\\bdynamic\\b',
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'style',
+  },
+  'dart-no-set-state-after-dispose': {
+    message: 'setState 调用前应检查 mounted 状态，避免 disposed 后调用',
+    severity: 'warning',
+    pattern: 'setState\\s*\\(',
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'correctness',
+    fixSuggestion: '使用 if (mounted) setState(...) 守卫',
+  },
 
-  'rust-no-unwrap': {
-    message: 'unwrap() 在 None/Err 时 panic，应使用 ? 或模式匹配',
+  'dart-avoid-bang-operator': {
+    message: '避免使用 ! 空断言操作符，优先使用 ?? 默认值或 ?. 安全调用',
     severity: 'warning',
-    pattern: '\\.unwrap\\s*\\(',
-    languages: ['rust'],
+    pattern: '\\w+!\\.',
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'correctness',
+    fixSuggestion: '使用 ?. 安全调用或 ?? 提供默认值',
+  },
+  'dart-prefer-const-constructor': {
+    message: '当所有字段均为 final 时，构造函数应声明为 const 以优化 Widget 重建',
+    severity: 'info',
+    pattern: '(?<!const\\s)\\bnew\\s+\\w+\\(',
+    languages: ['dart'],
     dimension: 'file',
+    category: 'performance',
+    fixSuggestion: '移除 new 关键字，并在 Widget 构造调用前加 const',
   },
-  'rust-no-unsafe': {
-    message: 'unsafe 代码需严格审查，确认必要性并添加安全注释',
+  'dart-no-relative-import': {
+    message: 'lib/ 目录内应使用 package: 形式的绝对导入，避免相对路径导入',
     severity: 'info',
-    pattern: '\\bunsafe\\s*\\{',
-    languages: ['rust'],
+    pattern: "import\\s+['\"]\\.\\.?/",
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'style',
+  },
+  'dart-dispose-controller': {
+    message: 'TextEditingController/AnimationController 等须在 dispose() 中释放',
+    severity: 'warning',
+    pattern: '(?:TextEditingController|AnimationController|ScrollController|FocusNode|TabController)\\(',
+    languages: ['dart'],
     dimension: 'file',
+    category: 'correctness',
+    fixSuggestion: '在 State.dispose() 中调用 controller.dispose()',
   },
+  'dart-no-build-context-across-async': {
+    message: 'BuildContext 不应跨越 async gap 使用，可能导致引用已卸载的 Widget',
+    severity: 'warning',
+    pattern: 'await\\s+.*\\n.*context\\.',
+    languages: ['dart'],
+    dimension: 'file',
+    category: 'correctness',
+    fixSuggestion: '在 await 前缓存所需数据，或在 await 后检查 mounted',
+  },
+
 };
 
 /**
  * 从文件扩展名推断语言
  */
 export function detectLanguage(filePath) {
-  if (!filePath) return 'unknown';
-  const ext = filePath.split('.').pop()?.toLowerCase();
-  switch (ext) {
-    case 'swift': return 'swift';
-    case 'm': case 'mm': case 'h': return 'objc';
-    case 'js': case 'mjs': case 'cjs': return 'javascript';
-    case 'ts': case 'tsx': return 'typescript';
-    case 'py': return 'python';
-    case 'java': return 'java';
-    case 'kt': case 'kts': return 'kotlin';
-    case 'rb': return 'ruby';
-    case 'go': return 'go';
-    case 'rs': return 'rust';
-    default: return 'unknown';
+  if (!filePath) {
+    return 'unknown';
   }
+  const lang = LanguageService.inferLang(filePath);
+  // 向后兼容: objectivec → objc
+  return lang === 'objectivec' ? 'objc' : lang;
 }
 
 /**
@@ -246,13 +401,17 @@ export class GuardCheckEngine {
       if (!this._customRulesCache || now - this._cacheTime > this._cacheTTL) {
         let rows = [];
         try {
-          rows = this.db.prepare(
-            `SELECT id, title, description, language, scope, constraints
+          rows = this.db
+            .prepare(
+              `SELECT id, title, description, language, scope, constraints
              FROM knowledge_entries
              WHERE (kind = 'rule' OR knowledgeType = 'boundary-constraint')
                AND lifecycle = 'active'`
-          ).all();
-        } catch { /* table may not exist */ }
+            )
+            .all();
+        } catch {
+          /* table may not exist */
+        }
 
         const regexRules = [];
         const astRules = [];
@@ -262,7 +421,9 @@ export class GuardCheckEngine {
           try {
             const constraints = JSON.parse(r.constraints || '{}');
             guards = constraints.guards || [];
-          } catch { /* ignore */ }
+          } catch {
+            /* ignore */
+          }
 
           for (const g of guards) {
             const ruleType = g.type || 'regex';
@@ -295,7 +456,7 @@ export class GuardCheckEngine {
     }
 
     // 合并内置规则（不覆盖同名数据库规则）
-    const existingIds = new Set(rules.map(r => r.id || r.name));
+    const existingIds = new Set(rules.map((r) => r.id || r.name));
     for (const [ruleId, rule] of Object.entries(this._builtInRules)) {
       if (!existingIds.has(ruleId)) {
         rules.push({
@@ -306,23 +467,25 @@ export class GuardCheckEngine {
           languages: rule.languages,
           severity: rule.severity,
           dimension: rule.dimension || 'file',
+          category: rule.category || '',
           source: 'built-in',
           type: 'regex',
           fixSuggestion: rule.fixSuggestion || null,
+          ...(rule.excludePaths ? { excludePaths: rule.excludePaths } : {}),
         });
       }
     }
 
     // 按语言过滤
     if (language) {
-      rules = rules.filter(r => !r.languages?.length || r.languages.includes(language));
+      rules = rules.filter((r) => !r.languages?.length || r.languages.includes(language));
     }
 
     // 合并 AST 规则（供外部调用者使用，如 GuardFeedbackLoop.查找 fixSuggestion）
     if (this._astRulesCache?.length) {
       let astRules = this._astRulesCache;
       if (language) {
-        astRules = astRules.filter(r => !r.languages?.length || r.languages.includes(language));
+        astRules = astRules.filter((r) => !r.languages?.length || r.languages.includes(language));
       }
       rules.push(...astRules);
     }
@@ -338,25 +501,40 @@ export class GuardCheckEngine {
    * @returns {Array<{ruleId, message, severity, line, snippet, dimension?, fixSuggestion?}>}
    */
   checkCode(code, language, options = {}) {
-    const { scope = null } = options;
+    const { scope = null, filePath = '' } = options;
     const violations = [];
 
     // 获取匹配语言的规则
     let rules = this.getRules(language);
 
+    // 按 excludePaths 过滤（测试文件排除等）
+    if (filePath) {
+      rules = rules.filter((r) => {
+        if (!r.excludePaths) return true;
+        const re = r.excludePaths instanceof RegExp ? r.excludePaths : new RegExp(r.excludePaths);
+        return !re.test(filePath);
+      });
+    }
+
     // 如果有 scope，按层级过滤：project ⊇ target ⊇ file
     // project 范围包含所有维度的规则；target 包含 file+target；file 仅匹配 file
     if (scope) {
-      const SCOPE_HIERARCHY = { project: ['file', 'target', 'project'], target: ['file', 'target'], file: ['file'] };
+      const SCOPE_HIERARCHY = {
+        project: ['file', 'target', 'project'],
+        target: ['file', 'target'],
+        file: ['file'],
+      };
       const allowedDimensions = SCOPE_HIERARCHY[scope] || [scope];
-      rules = rules.filter(r => !r.dimension || allowedDimensions.includes(r.dimension));
+      rules = rules.filter((r) => !r.dimension || allowedDimensions.includes(r.dimension));
     }
 
     const lines = (code || '').split(/\r?\n/);
 
     for (const rule of rules) {
       // 跳过空模式或特殊标记 (?!) — 由 code-level 检查接管
-      if (!rule.pattern || rule.pattern === '(?!)') continue;
+      if (!rule.pattern || rule.pattern === '(?!)') {
+        continue;
+      }
 
       let re;
       try {
@@ -391,7 +569,7 @@ export class GuardCheckEngine {
     this.trackGuardHits(violations);
 
     // ── Reasoning Enrichment: 推理信息跟随数据流动 ──
-    return violations.map(v => ({
+    return violations.map((v) => ({
       ...v,
       reasoning: {
         whatViolated: v.ruleId,
@@ -410,16 +588,23 @@ export class GuardCheckEngine {
    * @returns {Array} violations
    */
   _runAstRuleChecks(code, language) {
-    // AST 规则仅支持 ObjC + Swift
-    const astLangMap = { objc: 'objectivec', swift: 'swift' };
-    const astLang = astLangMap[language];
-    if (!astLang) return [];
+    // AST 语言标准化 — 通过 LanguageService 判断是否为已知编程语言
+    const astLang = LanguageService.isKnownLang(language)
+      ? language
+      : language === 'objc'
+        ? 'objectivec'
+        : language;
+    if (!LanguageService.isKnownLang(astLang)) {
+      return [];
+    }
 
     // 获取缓存中的 AST 规则
-    const astRules = (this._astRulesCache || []).filter(r =>
-      !r.languages?.length || r.languages.includes(language)
+    const astRules = (this._astRulesCache || []).filter(
+      (r) => !r.languages?.length || r.languages.includes(language)
     );
-    if (astRules.length === 0) return [];
+    if (astRules.length === 0) {
+      return [];
+    }
 
     // 延迟加载 AstAnalyzer
     let AstAnalyzer;
@@ -427,7 +612,9 @@ export class GuardCheckEngine {
       // 使用 dynamic import 会是 async，这里用 require 风格同步加载
       // AstAnalyzer 作为 ESM 模块，在 constructor 时已被引入
       AstAnalyzer = this._getAstAnalyzer();
-      if (!AstAnalyzer || !AstAnalyzer.isAvailable()) return [];
+      if (!AstAnalyzer || !AstAnalyzer.isAvailable()) {
+        return [];
+      }
     } catch {
       this.logger.debug('AstAnalyzer not available, skipping AST rules');
       return [];
@@ -437,14 +624,18 @@ export class GuardCheckEngine {
 
     for (const rule of astRules) {
       const { astQuery } = rule;
-      if (!astQuery?.queryType) continue;
+      if (!astQuery?.queryType) {
+        continue;
+      }
 
       try {
         switch (astQuery.queryType) {
           case 'mustCallThrough': {
             // 检查某 API 是否只在指定 wrapper 类中调用
             const { targetAPI, wrapperClass } = astQuery.params || {};
-            if (!targetAPI || !wrapperClass) break;
+            if (!targetAPI || !wrapperClass) {
+              break;
+            }
 
             const calls = AstAnalyzer.findCallExpressions(code, astLang, targetAPI);
             for (const call of calls) {
@@ -466,7 +657,9 @@ export class GuardCheckEngine {
           case 'mustNotUseInContext': {
             // 在特定上下文中禁止使用某模式
             const { pattern: textPattern, forbiddenContext } = astQuery.params || {};
-            if (!textPattern || !forbiddenContext) break;
+            if (!textPattern || !forbiddenContext) {
+              break;
+            }
 
             const matches = AstAnalyzer.findPatternInContext(code, astLang, textPattern, {
               forbiddenContext,
@@ -488,9 +681,16 @@ export class GuardCheckEngine {
           case 'mustConformToProtocol': {
             // 检查类是否实现了指定协议
             const { className, protocolName } = astQuery.params || {};
-            if (!className || !protocolName) break;
+            if (!className || !protocolName) {
+              break;
+            }
 
-            const result = AstAnalyzer.checkProtocolConformance(code, astLang, className, protocolName);
+            const result = AstAnalyzer.checkProtocolConformance(
+              code,
+              astLang,
+              className,
+              protocolName
+            );
             if (result.classFound && !result.conforms) {
               violations.push({
                 ruleId: rule.id,
@@ -528,7 +728,9 @@ export class GuardCheckEngine {
    * @param {Array<{ruleId: string}>} violations
    */
   trackGuardHits(violations) {
-    if (!violations?.length || !this.db) return;
+    if (!violations?.length || !this.db) {
+      return;
+    }
 
     try {
       // 收集来自数据库规则的 ruleId → 命中次数
@@ -547,13 +749,17 @@ export class GuardCheckEngine {
                updatedAt = ?
            WHERE id = ?`
         );
-      } catch { /* table may not exist */ }
+      } catch {
+        /* table may not exist */
+      }
       const now = Math.floor(Date.now() / 1000);
 
       for (const [ruleId, count] of hitMap) {
         try {
           updateStmt.run(count, now, ruleId);
-        } catch { /* 非 Recipe 规则（内置规则）忽略 */ }
+        } catch {
+          /* 非 Recipe 规则（内置规则）忽略 */
+        }
       }
     } catch (err) {
       this.logger.debug('trackGuardHits failed', { error: err.message });
@@ -561,15 +767,17 @@ export class GuardCheckEngine {
   }
 
   /**
-   * 代码级别检查 - 需要上下文理解的检查
+   * 代码级别检查 - 需要上下文理解的检查（跨行 / 配对检查）
+   * 按语言分发到各自的检查逻辑
    */
   _runCodeLevelChecks(code, language, lines) {
     const violations = [];
 
+    // ── ObjC ──
     if (language === 'objc') {
       // KVO 观察者未移除检查
       if (code.includes('addObserver') && !code.includes('removeObserver')) {
-        const lineIdx = lines.findIndex(l => /addObserver/.test(l));
+        const lineIdx = lines.findIndex((l) => /addObserver/.test(l));
         violations.push({
           ruleId: 'objc-kvo-missing-remove',
           message: '存在 addObserver 未发现配对 removeObserver，请在 dealloc 或合适时机移除',
@@ -586,13 +794,19 @@ export class GuardCheckEngine {
       for (let i = 0; i < lines.length; i++) {
         categoryRegex.lastIndex = 0;
         const m = categoryRegex.exec(lines[i]);
-        if (!m) continue;
+        if (!m) {
+          continue;
+        }
         const key = `${m[1]}(${m[2]})`;
-        if (!categories[key]) categories[key] = [];
+        if (!categories[key]) {
+          categories[key] = [];
+        }
         categories[key].push({ line: i + 1, snippet: lines[i].trim().slice(0, 120) });
       }
       for (const [key, occs] of Object.entries(categories)) {
-        if (occs.length <= 1) continue;
+        if (occs.length <= 1) {
+          continue;
+        }
         for (let j = 1; j < occs.length; j++) {
           violations.push({
             ruleId: 'objc-duplicate-category',
@@ -606,6 +820,78 @@ export class GuardCheckEngine {
       }
     }
 
+    // ── JavaScript / TypeScript ──
+    if (language === 'javascript' || language === 'typescript') {
+      // Promise 未处理 rejection 检查
+      if (code.includes('.then(') && !code.includes('.catch(') && !code.includes('.then(') === false) {
+        // 简化: 检查 new Promise 或 .then() 链没有 .catch()
+        const thenLines = [];
+        for (let i = 0; i < lines.length; i++) {
+          if (/\.then\s*\(/.test(lines[i]) && !/\.catch\s*\(/.test(code)) {
+            thenLines.push(i);
+          }
+        }
+        if (thenLines.length > 0 && !code.includes('.catch(')) {
+          violations.push({
+            ruleId: 'js-unhandled-promise',
+            message: 'Promise 链缺少 .catch() 错误处理，未捕获的 rejection 可能导致静默失败',
+            severity: 'warning',
+            line: thenLines[0] + 1,
+            snippet: lines[thenLines[0]].trim().slice(0, 120),
+            dimension: 'file',
+          });
+        }
+      }
+    }
+
+    // ── Go ──
+    if (language === 'go') {
+      // defer 在循环内检查 — defer 在函数结束时才执行，循环内 defer 可能资源泄露
+      let inLoop = false;
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim();
+        if (/^for\s/.test(trimmed) || /^for\s*\{/.test(trimmed)) {
+          inLoop = true;
+        }
+        if (inLoop && /^\s*defer\s/.test(lines[i])) {
+          violations.push({
+            ruleId: 'go-defer-in-loop',
+            message: 'defer 在循环内会延迟到函数返回时才执行，可能导致资源泄露或大量堆积',
+            severity: 'warning',
+            line: i + 1,
+            snippet: lines[i].trim().slice(0, 120),
+            dimension: 'file',
+            fixSuggestion: '将循环体提取到独立函数中，或手动调用 Close()',
+          });
+        }
+        // 简化: 遇到 } 且缩进回到顶层，认为循环结束
+        if (inLoop && trimmed === '}' && (lines[i].match(/^\t/) || lines[i].match(/^}/))) {
+          inLoop = false;
+        }
+      }
+    }
+
+    // ── Python ──
+    if (language === 'python') {
+      // 文件中同时存在 tab 和 space 缩进
+      let hasTab = false;
+      let hasSpace = false;
+      for (let i = 0; i < Math.min(lines.length, 200); i++) {
+        if (/^\t/.test(lines[i])) hasTab = true;
+        if (/^ {2,}/.test(lines[i]) && !/^\t/.test(lines[i])) hasSpace = true;
+      }
+      if (hasTab && hasSpace) {
+        violations.push({
+          ruleId: 'py-mixed-indentation',
+          message: '文件混用 tab 和 space 缩进，Python 对此敏感，请统一使用 space',
+          severity: 'warning',
+          line: 1,
+          snippet: '',
+          dimension: 'file',
+        });
+      }
+    }
+
     return violations;
   }
 
@@ -624,8 +910,8 @@ export class GuardCheckEngine {
       violations,
       summary: {
         total: violations.length,
-        errors: violations.filter(v => v.severity === 'error').length,
-        warnings: violations.filter(v => v.severity === 'warning').length,
+        errors: violations.filter((v) => v.severity === 'error').length,
+        warnings: violations.filter((v) => v.severity === 'warning').length,
       },
     };
   }
@@ -651,7 +937,7 @@ export class GuardCheckEngine {
     // ── 跨文件检查 ──
     const crossFileViolations = this._runCrossFileChecks(files);
     totalViolations += crossFileViolations.length;
-    totalErrors += crossFileViolations.filter(v => v.severity === 'error').length;
+    totalErrors += crossFileViolations.filter((v) => v.severity === 'error').length;
 
     return {
       files: results,
@@ -660,7 +946,7 @@ export class GuardCheckEngine {
         filesChecked: results.length,
         totalViolations,
         totalErrors,
-        filesWithViolations: results.filter(r => r.summary.total > 0).length,
+        filesWithViolations: results.filter((r) => r.summary.total > 0).length,
       },
     };
   }
@@ -680,7 +966,9 @@ export class GuardCheckEngine {
 
     for (const { path: filePath, content } of files) {
       const ext = filePath.split('.').pop()?.toLowerCase();
-      if (ext !== 'm' && ext !== 'mm' && ext !== 'h') continue;
+      if (ext !== 'm' && ext !== 'mm' && ext !== 'h') {
+        continue;
+      }
 
       const lines = content.split(/\r?\n/);
       for (let i = 0; i < lines.length; i++) {
@@ -688,7 +976,9 @@ export class GuardCheckEngine {
         let m;
         while ((m = categoryRegex.exec(lines[i])) !== null) {
           const key = `${m[1]}(${m[2]})`;
-          if (!categoryMap.has(key)) categoryMap.set(key, []);
+          if (!categoryMap.has(key)) {
+            categoryMap.set(key, []);
+          }
           categoryMap.get(key).push({
             filePath,
             line: i + 1,
@@ -701,11 +991,13 @@ export class GuardCheckEngine {
     // .h 和 .m 成对出现是正常的（声明 + 实现），只有同类型文件重名才是问题
     // 或者超过 2 处声明就一定有问题
     for (const [key, locations] of categoryMap) {
-      if (locations.length <= 1) continue;
+      if (locations.length <= 1) {
+        continue;
+      }
 
       // 按文件扩展名分组: .h 和 .m/.mm 各一个是合法的
-      const hFiles = locations.filter(l => l.filePath.endsWith('.h'));
-      const mFiles = locations.filter(l => !l.filePath.endsWith('.h'));
+      const hFiles = locations.filter((l) => l.filePath.endsWith('.h'));
+      const mFiles = locations.filter((l) => !l.filePath.endsWith('.h'));
 
       // 同类型文件中有多个声明 → 重名冲突
       const hasDuplicateH = hFiles.length > 1;
@@ -715,10 +1007,13 @@ export class GuardCheckEngine {
 
       if (hasDuplicateH || hasDuplicateM || tooMany) {
         // 收集冲突的那些位置
-        const conflictLocations = tooMany ? locations
-          : hasDuplicateH && hasDuplicateM ? locations
-          : hasDuplicateH ? hFiles
-          : mFiles;
+        const conflictLocations = tooMany
+          ? locations
+          : hasDuplicateH && hasDuplicateM
+            ? locations
+            : hasDuplicateH
+              ? hFiles
+              : mFiles;
 
         violations.push({
           ruleId: 'objc-cross-file-duplicate-category',