npm - brakit - Versions diffs - 0.7.3 → 0.7.5 - Mend

brakit 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/api.d.ts +116 -3
package/dist/api.js +593 -309
package/dist/bin/brakit.js +11 -9
package/dist/runtime/index.js +1142 -471
package/package.json +1 -1

package/dist/api.js CHANGED Viewed

@@ -98,6 +98,8 @@ var MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
 var EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
 var INTERNAL_ID_KEYS = /^(id|_id|userId|user_id|createdBy|updatedBy|organizationId|org_id|tenantId|tenant_id)$/;
 var INTERNAL_ID_SUFFIX = /Id$|_id$/;
+var SELECT_STAR_RE = /^SELECT\s+\*/i;
+var SELECT_DOT_STAR_RE = /\.\*\s+FROM/i;
 var RULE_HINTS = {
   "exposed-secret": "Never include secret fields in API responses. Strip sensitive fields before returning.",
   "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
@@ -618,6 +620,13 @@ var OVERFETCH_MIN_REQUESTS = 2;
 var OVERFETCH_MIN_FIELDS = 8;
 var OVERFETCH_MIN_INTERNAL_IDS = 2;
 var OVERFETCH_NULL_RATIO = 0.3;
+var REGRESSION_PCT_THRESHOLD = 50;
+var REGRESSION_MIN_INCREASE_MS = 200;
+var REGRESSION_MIN_REQUESTS = 5;
+var QUERY_COUNT_REGRESSION_RATIO = 1.5;
+var OVERFETCH_MANY_FIELDS = 12;
+var OVERFETCH_UNWRAP_MIN_SIZE = 3;
+var MAX_DUPLICATE_INSIGHTS = 3;
 // src/utils/static-patterns.ts
 var STATIC_PATTERNS = [
@@ -670,7 +679,7 @@ var RequestStore = class {
       responseHeaders: flattenHeaders(input.responseHeaders),
       responseBody: responseBodyStr,
       startedAt: input.startTime,
-      durationMs: Math.round(performance.now() - input.startTime),
+      durationMs: Math.round((input.endTime ?? performance.now()) - input.startTime),
       responseSize: input.responseBody?.length ?? 0,
       isStatic: isStaticPath(path)
     };
@@ -760,14 +769,21 @@ var defaultQueryStore = new QueryStore();
 // src/store/metrics/metrics-store.ts
 import { randomUUID as randomUUID2 } from "crypto";
+// src/utils/endpoint.ts
+function getEndpointKey(method, path) {
+  return `${method} ${path}`;
+}
 // src/store/metrics/persistence.ts
 import {
   readFileSync as readFileSync2,
   writeFileSync as writeFileSync2,
   mkdirSync as mkdirSync2,
   existsSync as existsSync2,
-  unlinkSync
+  unlinkSync,
+  renameSync
 } from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
 import { resolve as resolve2 } from "path";
 // src/analysis/group.ts
@@ -1123,6 +1139,22 @@ function deriveFlowLabel(requests, sourcePage) {
   return trigger.label;
 }
+// src/utils/collections.ts
+function groupBy(items, keyFn) {
+  const map = /* @__PURE__ */ new Map();
+  for (const item of items) {
+    const key = keyFn(item);
+    if (key == null) continue;
+    let arr = map.get(key);
+    if (!arr) {
+      arr = [];
+      map.set(key, arr);
+    }
+    arr.push(item);
+  }
+  return map;
+}
 // src/instrument/adapters/normalize.ts
 function normalizeSQL(sql) {
   if (!sql) return { op: "OTHER", table: "" };
@@ -1155,7 +1187,7 @@ function normalizeQueryParams(sql) {
   return n;
 }
-// src/analysis/insights.ts
+// src/analysis/insights/query-helpers.ts
 function getQueryShape(q) {
   if (q.sql) return normalizeQueryParams(q.sql) ?? "";
   return `${q.operation ?? q.normalizedOp ?? "?"}:${q.model ?? q.table ?? ""}`;
@@ -1167,143 +1199,234 @@ function getQueryInfo(q) {
     table: q.table ?? q.model ?? ""
   };
 }
-function formatDuration(ms) {
-  if (ms < 1e3) return `${ms}ms`;
-  return `${(ms / 1e3).toFixed(1)}s`;
-}
-function formatSize(bytes) {
-  if (bytes < 1024) return `${bytes}B`;
-  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
-  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+// src/analysis/insights/prepare.ts
+function createEndpointGroup() {
+  return {
+    total: 0,
+    errors: 0,
+    totalDuration: 0,
+    queryCount: 0,
+    totalSize: 0,
+    totalQueryTimeMs: 0,
+    totalFetchTimeMs: 0,
+    queryShapeDurations: /* @__PURE__ */ new Map()
+  };
 }
-function computeInsights(ctx) {
-  const insights = [];
+function prepareContext(ctx) {
   const nonStatic = ctx.requests.filter(
     (r) => !r.isStatic && (!r.path || !r.path.startsWith(DASHBOARD_PREFIX))
   );
-  const queriesByReq = /* @__PURE__ */ new Map();
-  for (const q of ctx.queries) {
-    if (!q.parentRequestId) continue;
-    let arr = queriesByReq.get(q.parentRequestId);
-    if (!arr) {
-      arr = [];
-      queriesByReq.set(q.parentRequestId, arr);
+  const queriesByReq = groupBy(ctx.queries, (q) => q.parentRequestId);
+  const fetchesByReq = groupBy(ctx.fetches, (f) => f.parentRequestId);
+  const reqById = new Map(nonStatic.map((r) => [r.id, r]));
+  const endpointGroups = /* @__PURE__ */ new Map();
+  for (const r of nonStatic) {
+    const ep = getEndpointKey(r.method, r.path);
+    let g = endpointGroups.get(ep);
+    if (!g) {
+      g = createEndpointGroup();
+      endpointGroups.set(ep, g);
     }
-    arr.push(q);
-  }
-  const reqById = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) reqById.set(r.id, r);
-  const n1Seen = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    const shapeGroups = /* @__PURE__ */ new Map();
+    g.total++;
+    if (r.statusCode >= 400) g.errors++;
+    g.totalDuration += r.durationMs;
+    g.totalSize += r.responseSize ?? 0;
+    const reqQueries = queriesByReq.get(r.id) ?? [];
+    g.queryCount += reqQueries.length;
     for (const q of reqQueries) {
+      g.totalQueryTimeMs += q.durationMs;
       const shape = getQueryShape(q);
-      let group = shapeGroups.get(shape);
-      if (!group) {
-        group = { count: 0, distinctSql: /* @__PURE__ */ new Set(), first: q };
-        shapeGroups.set(shape, group);
+      const info = getQueryInfo(q);
+      let sd = g.queryShapeDurations.get(shape);
+      if (!sd) {
+        sd = { totalMs: 0, count: 0, label: info.op + (info.table ? ` ${info.table}` : "") };
+        g.queryShapeDurations.set(shape, sd);
       }
-      group.count++;
-      group.distinctSql.add(q.sql ?? shape);
+      sd.totalMs += q.durationMs;
+      sd.count++;
     }
-    for (const [, sg] of shapeGroups) {
-      if (sg.count <= N1_QUERY_THRESHOLD || sg.distinctSql.size <= 1) continue;
-      const info = getQueryInfo(sg.first);
-      const key = `${endpoint}:${info.op}:${info.table || "unknown"}`;
-      if (n1Seen.has(key)) continue;
-      n1Seen.add(key);
-      insights.push({
-        severity: "critical",
-        type: "n1",
-        title: "N+1 Query Pattern",
-        desc: `${endpoint} runs ${sg.count}x ${info.op} ${info.table} with different params in a single request`,
-        hint: "This typically happens when fetching related data in a loop. Use a batch query, JOIN, or include/eager-load to fetch all records at once.",
-        nav: "queries"
-      });
+    const reqFetches = fetchesByReq.get(r.id) ?? [];
+    for (const f of reqFetches) {
+      g.totalFetchTimeMs += f.durationMs;
     }
   }
-  const ceQueryMap = /* @__PURE__ */ new Map();
-  const ceAllEndpoints = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    ceAllEndpoints.add(endpoint);
-    const seenInReq = /* @__PURE__ */ new Set();
-    for (const q of reqQueries) {
-      const shape = getQueryShape(q);
-      let entry = ceQueryMap.get(shape);
-      if (!entry) {
-        entry = { endpoints: /* @__PURE__ */ new Set(), count: 0, first: q };
-        ceQueryMap.set(shape, entry);
-      }
-      entry.count++;
-      if (!seenInReq.has(shape)) {
-        seenInReq.add(shape);
-        entry.endpoints.add(endpoint);
+  return {
+    ...ctx,
+    nonStatic,
+    queriesByReq,
+    fetchesByReq,
+    reqById,
+    endpointGroups
+  };
+}
+// src/analysis/insights/runner.ts
+var SEVERITY_ORDER = { critical: 0, warning: 1, info: 2 };
+var InsightRunner = class {
+  rules = [];
+  register(rule) {
+    this.rules.push(rule);
+  }
+  run(ctx) {
+    const prepared = prepareContext(ctx);
+    const insights = [];
+    for (const rule of this.rules) {
+      try {
+        insights.push(...rule.check(prepared));
+      } catch {
       }
     }
+    insights.sort(
+      (a, b) => (SEVERITY_ORDER[a.severity] ?? 2) - (SEVERITY_ORDER[b.severity] ?? 2)
+    );
+    return insights;
   }
-  if (ceAllEndpoints.size >= CROSS_ENDPOINT_MIN_ENDPOINTS) {
-    for (const [, cem] of ceQueryMap) {
-      if (cem.count < CROSS_ENDPOINT_MIN_OCCURRENCES) continue;
-      if (cem.endpoints.size < CROSS_ENDPOINT_MIN_ENDPOINTS) continue;
-      const pct = Math.round(cem.endpoints.size / ceAllEndpoints.size * 100);
-      if (pct < CROSS_ENDPOINT_PCT) continue;
-      const info = getQueryInfo(cem.first);
-      const label = info.op + (info.table ? ` ${info.table}` : "");
-      insights.push({
-        severity: "warning",
-        type: "cross-endpoint",
-        title: "Repeated Query Across Endpoints",
-        desc: `${label} runs on ${cem.endpoints.size} of ${ceAllEndpoints.size} endpoints (${pct}%).`,
-        hint: "This query runs on most of your endpoints. Load it once in middleware or cache the result to avoid redundant database calls.",
-        nav: "queries"
-      });
+};
+// src/analysis/insights/rules/n1.ts
+var n1Rule = {
+  id: "n1",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      const shapeGroups = /* @__PURE__ */ new Map();
+      for (const q of reqQueries) {
+        const shape = getQueryShape(q);
+        let group = shapeGroups.get(shape);
+        if (!group) {
+          group = { count: 0, distinctSql: /* @__PURE__ */ new Set(), first: q };
+          shapeGroups.set(shape, group);
+        }
+        group.count++;
+        group.distinctSql.add(q.sql ?? shape);
+      }
+      for (const [, sg] of shapeGroups) {
+        if (sg.count <= N1_QUERY_THRESHOLD || sg.distinctSql.size <= 1) continue;
+        const info = getQueryInfo(sg.first);
+        const key = `${endpoint}:${info.op}:${info.table || "unknown"}`;
+        if (seen.has(key)) continue;
+        seen.add(key);
+        insights.push({
+          severity: "critical",
+          type: "n1",
+          title: "N+1 Query Pattern",
+          desc: `${endpoint} runs ${sg.count}x ${info.op} ${info.table} with different params in a single request`,
+          hint: "This typically happens when fetching related data in a loop. Use a batch query, JOIN, or include/eager-load to fetch all records at once.",
+          nav: "queries"
+        });
+      }
     }
+    return insights;
   }
-  const rqSeen = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    const exact = /* @__PURE__ */ new Map();
-    for (const q of reqQueries) {
-      if (!q.sql) continue;
-      let entry = exact.get(q.sql);
-      if (!entry) {
-        entry = { count: 0, first: q };
-        exact.set(q.sql, entry);
+};
+// src/analysis/insights/rules/cross-endpoint.ts
+var crossEndpointRule = {
+  id: "cross-endpoint",
+  check(ctx) {
+    const insights = [];
+    const queryMap = /* @__PURE__ */ new Map();
+    const allEndpoints = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      allEndpoints.add(endpoint);
+      const seenInReq = /* @__PURE__ */ new Set();
+      for (const q of reqQueries) {
+        const shape = getQueryShape(q);
+        let entry = queryMap.get(shape);
+        if (!entry) {
+          entry = { endpoints: /* @__PURE__ */ new Set(), count: 0, first: q };
+          queryMap.set(shape, entry);
+        }
+        entry.count++;
+        if (!seenInReq.has(shape)) {
+          seenInReq.add(shape);
+          entry.endpoints.add(endpoint);
+        }
       }
-      entry.count++;
     }
-    for (const [, e] of exact) {
-      if (e.count < REDUNDANT_QUERY_MIN_COUNT) continue;
-      const info = getQueryInfo(e.first);
-      const label = info.op + (info.table ? ` ${info.table}` : "");
-      const dedupKey = `${endpoint}:${label}`;
-      if (rqSeen.has(dedupKey)) continue;
-      rqSeen.add(dedupKey);
-      insights.push({
-        severity: "warning",
-        type: "redundant-query",
-        title: "Redundant Query",
-        desc: `${label} runs ${e.count}x with identical params in ${endpoint}.`,
-        hint: "The exact same query with identical parameters runs multiple times in one request. Cache the first result or lift the query to a shared function.",
-        nav: "queries"
-      });
+    if (allEndpoints.size >= CROSS_ENDPOINT_MIN_ENDPOINTS) {
+      for (const [, cem] of queryMap) {
+        if (cem.count < CROSS_ENDPOINT_MIN_OCCURRENCES) continue;
+        if (cem.endpoints.size < CROSS_ENDPOINT_MIN_ENDPOINTS) continue;
+        const p = Math.round(cem.endpoints.size / allEndpoints.size * 100);
+        if (p < CROSS_ENDPOINT_PCT) continue;
+        const info = getQueryInfo(cem.first);
+        const label = info.op + (info.table ? ` ${info.table}` : "");
+        insights.push({
+          severity: "warning",
+          type: "cross-endpoint",
+          title: "Repeated Query Across Endpoints",
+          desc: `${label} runs on ${cem.endpoints.size} of ${allEndpoints.size} endpoints (${p}%).`,
+          hint: "This query runs on most of your endpoints. Load it once in middleware or cache the result to avoid redundant database calls.",
+          nav: "queries"
+        });
+      }
     }
+    return insights;
   }
-  if (ctx.errors.length > 0) {
-    const errGroups = /* @__PURE__ */ new Map();
+};
+// src/analysis/insights/rules/redundant-query.ts
+var redundantQueryRule = {
+  id: "redundant-query",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      const exact = /* @__PURE__ */ new Map();
+      for (const q of reqQueries) {
+        if (!q.sql) continue;
+        let entry = exact.get(q.sql);
+        if (!entry) {
+          entry = { count: 0, first: q };
+          exact.set(q.sql, entry);
+        }
+        entry.count++;
+      }
+      for (const [, e] of exact) {
+        if (e.count < REDUNDANT_QUERY_MIN_COUNT) continue;
+        const info = getQueryInfo(e.first);
+        const label = info.op + (info.table ? ` ${info.table}` : "");
+        const dedupKey = `${endpoint}:${label}`;
+        if (seen.has(dedupKey)) continue;
+        seen.add(dedupKey);
+        insights.push({
+          severity: "warning",
+          type: "redundant-query",
+          title: "Redundant Query",
+          desc: `${label} runs ${e.count}x with identical params in ${endpoint}.`,
+          hint: "The exact same query with identical parameters runs multiple times in one request. Cache the first result or lift the query to a shared function.",
+          nav: "queries"
+        });
+      }
+    }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/error.ts
+var errorRule = {
+  id: "error",
+  check(ctx) {
+    if (ctx.errors.length === 0) return [];
+    const insights = [];
+    const groups = /* @__PURE__ */ new Map();
     for (const e of ctx.errors) {
       const name = e.name || "Error";
-      errGroups.set(name, (errGroups.get(name) ?? 0) + 1);
+      groups.set(name, (groups.get(name) ?? 0) + 1);
     }
-    for (const [name, cnt] of errGroups) {
+    for (const [name, cnt] of groups) {
       insights.push({
         severity: "critical",
         type: "error",
@@ -1313,235 +1436,391 @@ function computeInsights(ctx) {
         nav: "errors"
       });
     }
+    return insights;
   }
-  const endpointGroups = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) {
-    const ep = `${r.method} ${r.path}`;
-    let g = endpointGroups.get(ep);
-    if (!g) {
-      g = { total: 0, errors: 0, totalDuration: 0, queryCount: 0, totalSize: 0 };
-      endpointGroups.set(ep, g);
+};
+// src/analysis/insights/rules/error-hotspot.ts
+var errorHotspotRule = {
+  id: "error-hotspot",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const errorRate = Math.round(g.errors / g.total * 100);
+      if (errorRate >= ERROR_RATE_THRESHOLD_PCT) {
+        insights.push({
+          severity: "critical",
+          type: "error-hotspot",
+          title: "Error Hotspot",
+          desc: `${ep} \u2014 ${errorRate}% error rate (${g.errors}/${g.total} requests)`,
+          hint: "This endpoint frequently returns errors. Check the response bodies for error details and stack traces.",
+          nav: "requests"
+        });
+      }
     }
-    g.total++;
-    if (r.statusCode >= 400) g.errors++;
-    g.totalDuration += r.durationMs;
-    g.queryCount += (queriesByReq.get(r.id) ?? []).length;
-    g.totalSize += r.responseSize ?? 0;
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const errorRate = Math.round(g.errors / g.total * 100);
-    if (errorRate >= ERROR_RATE_THRESHOLD_PCT) {
+};
+// src/analysis/insights/rules/duplicate.ts
+var duplicateRule = {
+  id: "duplicate",
+  check(ctx) {
+    const dupCounts = /* @__PURE__ */ new Map();
+    const flowCount = /* @__PURE__ */ new Map();
+    for (const flow of ctx.flows) {
+      if (!flow.requests) continue;
+      const seenInFlow = /* @__PURE__ */ new Set();
+      for (const fr of flow.requests) {
+        if (!fr.isDuplicate) continue;
+        const dupKey = `${fr.method} ${fr.label ?? fr.path ?? fr.url}`;
+        dupCounts.set(dupKey, (dupCounts.get(dupKey) ?? 0) + 1);
+        if (!seenInFlow.has(dupKey)) {
+          seenInFlow.add(dupKey);
+          flowCount.set(dupKey, (flowCount.get(dupKey) ?? 0) + 1);
+        }
+      }
+    }
+    const dupEntries = [...dupCounts.entries()].map(([key, count]) => ({ key, count, flows: flowCount.get(key) ?? 0 })).sort((a, b) => b.count - a.count);
+    const insights = [];
+    for (let i = 0; i < Math.min(dupEntries.length, MAX_DUPLICATE_INSIGHTS); i++) {
+      const d = dupEntries[i];
       insights.push({
-        severity: "critical",
-        type: "error-hotspot",
-        title: "Error Hotspot",
-        desc: `${ep} \u2014 ${errorRate}% error rate (${g.errors}/${g.total} requests)`,
-        hint: "This endpoint frequently returns errors. Check the response bodies for error details and stack traces.",
-        nav: "requests"
+        severity: "warning",
+        type: "duplicate",
+        title: "Duplicate API Call",
+        desc: `${d.key} loaded ${d.count}x as duplicate across ${d.flows} action${d.flows !== 1 ? "s" : ""}`,
+        hint: "Multiple components independently fetch the same endpoint. Lift the fetch to a parent component, use a data cache, or deduplicate with React Query / SWR.",
+        nav: "actions"
       });
     }
+    return insights;
   }
-  const dupCounts = /* @__PURE__ */ new Map();
-  const flowCount = /* @__PURE__ */ new Map();
-  for (const flow of ctx.flows) {
-    if (!flow.requests) continue;
-    const seenInFlow = /* @__PURE__ */ new Set();
-    for (const fr of flow.requests) {
-      if (!fr.isDuplicate) continue;
-      const dupKey = `${fr.method} ${fr.label ?? fr.path ?? fr.url}`;
-      dupCounts.set(dupKey, (dupCounts.get(dupKey) ?? 0) + 1);
-      if (!seenInFlow.has(dupKey)) {
-        seenInFlow.add(dupKey);
-        flowCount.set(dupKey, (flowCount.get(dupKey) ?? 0) + 1);
+};
+// src/utils/format.ts
+function formatDuration(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  return `${(ms / 1e3).toFixed(1)}s`;
+}
+function formatSize(bytes) {
+  if (bytes < 1024) return `${bytes}B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+}
+function pct(part, total) {
+  return total > 0 ? Math.round(part / total * 100) : 0;
+}
+// src/analysis/insights/rules/slow.ts
+var slowRule = {
+  id: "slow",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const avgMs = Math.round(g.totalDuration / g.total);
+      if (avgMs < SLOW_ENDPOINT_THRESHOLD_MS) continue;
+      const avgQueryMs = Math.round(g.totalQueryTimeMs / g.total);
+      const avgFetchMs = Math.round(g.totalFetchTimeMs / g.total);
+      const avgAppMs = Math.max(0, avgMs - avgQueryMs - avgFetchMs);
+      const parts = [];
+      if (avgQueryMs > 0) parts.push(`DB ${formatDuration(avgQueryMs)} ${pct(avgQueryMs, avgMs)}%`);
+      if (avgFetchMs > 0) parts.push(`Fetch ${formatDuration(avgFetchMs)} ${pct(avgFetchMs, avgMs)}%`);
+      if (avgAppMs > 0) parts.push(`App ${formatDuration(avgAppMs)} ${pct(avgAppMs, avgMs)}%`);
+      const breakdown = parts.length > 0 ? ` [${parts.join(" \xB7 ")}]` : "";
+      let detail;
+      let slowestMs = 0;
+      for (const [, sd] of g.queryShapeDurations) {
+        const avgShapeMs = sd.totalMs / sd.count;
+        if (avgShapeMs > slowestMs) {
+          slowestMs = avgShapeMs;
+          detail = `Slowest query: ${sd.label} \u2014 avg ${formatDuration(Math.round(avgShapeMs))} (${sd.count}x)`;
+        }
       }
-    }
-  }
-  const dupEntries = [...dupCounts.entries()].map(([key, count]) => ({ key, count, flows: flowCount.get(key) ?? 0 })).sort((a, b) => b.count - a.count);
-  for (let i = 0; i < Math.min(dupEntries.length, 3); i++) {
-    const d = dupEntries[i];
-    insights.push({
-      severity: "warning",
-      type: "duplicate",
-      title: "Duplicate API Call",
-      desc: `${d.key} loaded ${d.count}x as duplicate across ${d.flows} action${d.flows !== 1 ? "s" : ""}`,
-      hint: "Multiple components independently fetch the same endpoint. Lift the fetch to a parent component, use a data cache, or deduplicate with React Query / SWR.",
-      nav: "actions"
-    });
-  }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const avgMs = Math.round(g.totalDuration / g.total);
-    if (avgMs >= SLOW_ENDPOINT_THRESHOLD_MS) {
       insights.push({
         severity: "warning",
         type: "slow",
         title: "Slow Endpoint",
-        desc: `${ep} \u2014 avg ${formatDuration(avgMs)} across ${g.total} request${g.total !== 1 ? "s" : ""}`,
-        hint: "Consistently slow responses hurt user experience. Check the Queries tab to see if database queries are the bottleneck.",
+        desc: `${ep} \u2014 avg ${formatDuration(avgMs)}${breakdown}`,
+        hint: avgQueryMs >= avgFetchMs && avgQueryMs >= avgAppMs ? "Most time is in database queries. Check the Queries tab for slow or redundant queries." : avgFetchMs >= avgQueryMs && avgFetchMs >= avgAppMs ? "Most time is in outbound HTTP calls. Check if upstream services are slow or if calls can be parallelized." : "Most time is in application code. Profile the handler for CPU-heavy operations or blocking calls.",
+        detail,
         nav: "requests"
       });
     }
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const avgQueries = Math.round(g.queryCount / g.total);
-    if (avgQueries > HIGH_QUERY_COUNT_PER_REQ) {
+};
+// src/analysis/insights/rules/query-heavy.ts
+var queryHeavyRule = {
+  id: "query-heavy",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const avgQueries = Math.round(g.queryCount / g.total);
+      if (avgQueries > HIGH_QUERY_COUNT_PER_REQ) {
+        insights.push({
+          severity: "warning",
+          type: "query-heavy",
+          title: "Query-Heavy Endpoint",
+          desc: `${ep} \u2014 avg ${avgQueries} queries/request`,
+          hint: "Too many queries per request increases latency. Combine queries with JOINs, use batch operations, or reduce the number of data fetches.",
+          nav: "queries"
+        });
+      }
+    }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/select-star.ts
+var selectStarRule = {
+  id: "select-star",
+  check(ctx) {
+    const seen = /* @__PURE__ */ new Map();
+    for (const [, reqQueries] of ctx.queriesByReq) {
+      for (const q of reqQueries) {
+        if (!q.sql) continue;
+        const isSelectStar = SELECT_STAR_RE.test(q.sql.trim()) || SELECT_DOT_STAR_RE.test(q.sql);
+        if (!isSelectStar) continue;
+        const info = getQueryInfo(q);
+        const key = info.table || "unknown";
+        seen.set(key, (seen.get(key) ?? 0) + 1);
+      }
+    }
+    const insights = [];
+    for (const [table, count] of seen) {
+      if (count < OVERFETCH_MIN_REQUESTS) continue;
       insights.push({
         severity: "warning",
-        type: "query-heavy",
-        title: "Query-Heavy Endpoint",
-        desc: `${ep} \u2014 avg ${avgQueries} queries/request`,
-        hint: "Too many queries per request increases latency. Combine queries with JOINs, use batch operations, or reduce the number of data fetches.",
+        type: "select-star",
+        title: "SELECT * Query",
+        desc: `SELECT * on ${table} \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
+        hint: "SELECT * fetches all columns including ones you don\u2019t need. Specify only required columns to reduce data transfer and memory usage.",
         nav: "queries"
       });
     }
+    return insights;
   }
-  const selectStarSeen = /* @__PURE__ */ new Map();
-  for (const [, reqQueries] of queriesByReq) {
-    for (const q of reqQueries) {
-      if (!q.sql) continue;
-      const isSelectStar = /^SELECT\s+\*/i.test(q.sql.trim()) || /\.\*\s+FROM/i.test(q.sql);
-      if (!isSelectStar) continue;
-      const info = getQueryInfo(q);
-      const key = info.table || "unknown";
-      selectStarSeen.set(key, (selectStarSeen.get(key) ?? 0) + 1);
+};
+// src/analysis/insights/rules/high-rows.ts
+var highRowsRule = {
+  id: "high-rows",
+  check(ctx) {
+    const seen = /* @__PURE__ */ new Map();
+    for (const [, reqQueries] of ctx.queriesByReq) {
+      for (const q of reqQueries) {
+        if (!q.rowCount || q.rowCount <= HIGH_ROW_COUNT) continue;
+        const info = getQueryInfo(q);
+        const key = `${info.op} ${info.table || "unknown"}`;
+        let entry = seen.get(key);
+        if (!entry) {
+          entry = { max: 0, count: 0 };
+          seen.set(key, entry);
+        }
+        entry.count++;
+        if (q.rowCount > entry.max) entry.max = q.rowCount;
+      }
     }
+    const insights = [];
+    for (const [key, hrs] of seen) {
+      if (hrs.count < OVERFETCH_MIN_REQUESTS) continue;
+      insights.push({
+        severity: "warning",
+        type: "high-rows",
+        title: "Large Result Set",
+        desc: `${key} returns ${hrs.max}+ rows (${hrs.count}x)`,
+        hint: "Fetching many rows slows responses and wastes memory. Add a LIMIT clause, implement pagination, or filter with a WHERE condition.",
+        nav: "queries"
+      });
+    }
+    return insights;
   }
-  for (const [table, count] of selectStarSeen) {
-    if (count < OVERFETCH_MIN_REQUESTS) continue;
-    insights.push({
-      severity: "warning",
-      type: "select-star",
-      title: "SELECT * Query",
-      desc: `SELECT * on ${table} \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
-      hint: "SELECT * fetches all columns including ones you don\u2019t need. Specify only required columns to reduce data transfer and memory usage.",
-      nav: "queries"
-    });
-  }
-  const highRowSeen = /* @__PURE__ */ new Map();
-  for (const [, reqQueries] of queriesByReq) {
-    for (const q of reqQueries) {
-      if (!q.rowCount || q.rowCount <= HIGH_ROW_COUNT) continue;
-      const info = getQueryInfo(q);
-      const key = `${info.op} ${info.table || "unknown"}`;
-      let entry = highRowSeen.get(key);
-      if (!entry) {
-        entry = { max: 0, count: 0 };
-        highRowSeen.set(key, entry);
+};
+// src/utils/response.ts
+function unwrapResponse2(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
+  const obj = parsed;
+  const keys = Object.keys(obj);
+  if (keys.length > 3) return parsed;
+  let best = null;
+  let bestSize = 0;
+  for (const key of keys) {
+    const val = obj[key];
+    if (Array.isArray(val) && val.length > bestSize) {
+      best = val;
+      bestSize = val.length;
+    } else if (val && typeof val === "object" && !Array.isArray(val)) {
+      const size = Object.keys(val).length;
+      if (size > bestSize) {
+        best = val;
+        bestSize = size;
       }
-      entry.count++;
-      if (q.rowCount > entry.max) entry.max = q.rowCount;
     }
   }
-  for (const [key, hrs] of highRowSeen) {
-    if (hrs.count < OVERFETCH_MIN_REQUESTS) continue;
-    insights.push({
-      severity: "warning",
-      type: "high-rows",
-      title: "Large Result Set",
-      desc: `${key} returns ${hrs.max}+ rows (${hrs.count}x)`,
-      hint: "Fetching many rows slows responses and wastes memory. Add a LIMIT clause, implement pagination, or filter with a WHERE condition.",
-      nav: "queries"
-    });
-  }
-  const overfetchSeen = /* @__PURE__ */ new Set();
-  for (const r of nonStatic) {
-    if (r.statusCode >= 400 || !r.responseBody) continue;
-    const ep = `${r.method} ${r.path}`;
-    if (overfetchSeen.has(ep)) continue;
-    let parsed;
-    try {
-      parsed = JSON.parse(r.responseBody);
-    } catch {
-      continue;
-    }
-    let target = parsed;
-    if (target && typeof target === "object" && !Array.isArray(target)) {
-      const topKeys = Object.keys(target);
-      if (topKeys.length <= 3) {
-        let best = null;
-        let bestSize = 0;
-        for (const k of topKeys) {
-          const val = target[k];
-          if (Array.isArray(val) && val.length > bestSize) {
-            best = val;
-            bestSize = val.length;
-          } else if (val && typeof val === "object" && !Array.isArray(val)) {
-            const size = Object.keys(val).length;
-            if (size > bestSize) {
-              best = val;
-              bestSize = size;
-            }
-          }
-        }
-        if (best && bestSize >= 3) target = best;
+  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
+}
+// src/analysis/insights/rules/response-overfetch.ts
+var responseOverfetchRule = {
+  id: "response-overfetch",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const r of ctx.nonStatic) {
+      if (r.statusCode >= 400 || !r.responseBody) continue;
+      const ep = getEndpointKey(r.method, r.path);
+      if (seen.has(ep)) continue;
+      let parsed;
+      try {
+        parsed = JSON.parse(r.responseBody);
+      } catch {
+        continue;
+      }
+      const target = unwrapResponse2(parsed);
+      const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
+      if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
+      const fields = Object.keys(inspectObj);
+      if (fields.length < OVERFETCH_MIN_FIELDS) continue;
+      let internalIdCount = 0;
+      let nullCount = 0;
+      for (const key of fields) {
+        if (INTERNAL_ID_SUFFIX.test(key) || key === "id" || key === "_id") internalIdCount++;
+        const val = inspectObj[key];
+        if (val === null || val === void 0) nullCount++;
+      }
+      const nullRatio = nullCount / fields.length;
+      const reasons = [];
+      if (internalIdCount >= OVERFETCH_MIN_INTERNAL_IDS) reasons.push(`${internalIdCount} internal ID fields`);
+      if (nullRatio >= OVERFETCH_NULL_RATIO) reasons.push(`${Math.round(nullRatio * 100)}% null fields`);
+      if (reasons.length === 0 && fields.length >= OVERFETCH_MANY_FIELDS) {
+        reasons.push(`${fields.length} fields returned`);
+      }
+      if (reasons.length > 0) {
+        seen.add(ep);
+        insights.push({
+          severity: "info",
+          type: "response-overfetch",
+          title: "Response Overfetch",
+          desc: `${ep} \u2014 ${reasons.join(", ")}`,
+          hint: "This response returns more data than the client likely needs. Use a DTO or select only required fields to reduce payload size and avoid leaking internal structure.",
+          nav: "requests"
+        });
       }
     }
-    const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
-    if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
-    const fields = Object.keys(inspectObj);
-    if (fields.length < OVERFETCH_MIN_FIELDS) continue;
-    let internalIdCount = 0;
-    let nullCount = 0;
-    for (const key of fields) {
-      if (INTERNAL_ID_SUFFIX.test(key) || key === "id" || key === "_id") internalIdCount++;
-      const val = inspectObj[key];
-      if (val === null || val === void 0) nullCount++;
-    }
-    const nullRatio = nullCount / fields.length;
-    const reasons = [];
-    if (internalIdCount >= OVERFETCH_MIN_INTERNAL_IDS) reasons.push(`${internalIdCount} internal ID fields`);
-    if (nullRatio >= OVERFETCH_NULL_RATIO) reasons.push(`${Math.round(nullRatio * 100)}% null fields`);
-    if (fields.length >= OVERFETCH_MIN_FIELDS && reasons.length === 0 && fields.length >= 12) {
-      reasons.push(`${fields.length} fields returned`);
-    }
-    if (reasons.length > 0) {
-      overfetchSeen.add(ep);
-      insights.push({
-        severity: "info",
-        type: "response-overfetch",
-        title: "Response Overfetch",
-        desc: `${ep} \u2014 ${reasons.join(", ")}`,
-        hint: "This response returns more data than the client likely needs. Use a DTO or select only required fields to reduce payload size and avoid leaking internal structure.",
-        nav: "requests"
-      });
-    }
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < OVERFETCH_MIN_REQUESTS) continue;
-    const avgSize = Math.round(g.totalSize / g.total);
-    if (avgSize > LARGE_RESPONSE_BYTES) {
-      insights.push({
-        severity: "info",
-        type: "large-response",
-        title: "Large Response",
-        desc: `${ep} \u2014 avg ${formatSize(avgSize)} response`,
-        hint: "Large API responses increase network transfer time. Implement pagination, field filtering, or response compression.",
-        nav: "requests"
-      });
+};
+// src/analysis/insights/rules/large-response.ts
+var largeResponseRule = {
+  id: "large-response",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < OVERFETCH_MIN_REQUESTS) continue;
+      const avgSize = Math.round(g.totalSize / g.total);
+      if (avgSize > LARGE_RESPONSE_BYTES) {
+        insights.push({
+          severity: "info",
+          type: "large-response",
+          title: "Large Response",
+          desc: `${ep} \u2014 avg ${formatSize(avgSize)} response`,
+          hint: "Large API responses increase network transfer time. Implement pagination, field filtering, or response compression.",
+          nav: "requests"
+        });
+      }
     }
+    return insights;
   }
-  if (ctx.securityFindings) {
-    for (const f of ctx.securityFindings) {
-      insights.push({
-        severity: f.severity,
-        type: "security",
-        title: f.title,
-        desc: f.desc,
-        hint: f.hint,
-        nav: "security"
-      });
+};
+// src/analysis/insights/rules/regression.ts
+var regressionRule = {
+  id: "regression",
+  check(ctx) {
+    if (!ctx.previousMetrics || ctx.previousMetrics.length === 0) return [];
+    const insights = [];
+    for (const epMetrics of ctx.previousMetrics) {
+      if (epMetrics.sessions.length < 2) continue;
+      const prev = epMetrics.sessions[epMetrics.sessions.length - 2];
+      const current = epMetrics.sessions[epMetrics.sessions.length - 1];
+      if (prev.requestCount < REGRESSION_MIN_REQUESTS || current.requestCount < REGRESSION_MIN_REQUESTS) continue;
+      const p95Increase = current.p95DurationMs - prev.p95DurationMs;
+      const p95PctChange = prev.p95DurationMs > 0 ? Math.round(p95Increase / prev.p95DurationMs * 100) : 0;
+      if (p95Increase >= REGRESSION_MIN_INCREASE_MS && p95PctChange >= REGRESSION_PCT_THRESHOLD) {
+        insights.push({
+          severity: "warning",
+          type: "regression",
+          title: "Performance Regression",
+          desc: `${epMetrics.endpoint} p95 degraded ${formatDuration(prev.p95DurationMs)} \u2192 ${formatDuration(current.p95DurationMs)} (+${p95PctChange}%)`,
+          hint: "This endpoint is slower than the previous session. Check if recent code changes added queries or processing.",
+          nav: "graph"
+        });
+      }
+      if (prev.avgQueryCount > 0 && current.avgQueryCount > prev.avgQueryCount * QUERY_COUNT_REGRESSION_RATIO) {
+        insights.push({
+          severity: "warning",
+          type: "regression",
+          title: "Query Count Regression",
+          desc: `${epMetrics.endpoint} queries/request increased ${prev.avgQueryCount} \u2192 ${current.avgQueryCount}`,
+          hint: "This endpoint is making more database queries than before. Check for new N+1 patterns or removed query optimizations.",
+          nav: "queries"
+        });
+      }
     }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/security.ts
+var securityRule = {
+  id: "security",
+  check(ctx) {
+    if (!ctx.securityFindings) return [];
+    return ctx.securityFindings.map((f) => ({
+      severity: f.severity,
+      type: "security",
+      title: f.title,
+      desc: f.desc,
+      hint: f.hint,
+      nav: "security"
+    }));
   }
-  const severityOrder = { critical: 0, warning: 1, info: 2 };
-  insights.sort((a, b) => (severityOrder[a.severity] ?? 2) - (severityOrder[b.severity] ?? 2));
-  return insights;
+};
+// src/analysis/insights/index.ts
+function createDefaultInsightRunner() {
+  const runner = new InsightRunner();
+  runner.register(n1Rule);
+  runner.register(crossEndpointRule);
+  runner.register(redundantQueryRule);
+  runner.register(errorRule);
+  runner.register(errorHotspotRule);
+  runner.register(duplicateRule);
+  runner.register(slowRule);
+  runner.register(queryHeavyRule);
+  runner.register(selectStarRule);
+  runner.register(highRowsRule);
+  runner.register(responseOverfetchRule);
+  runner.register(largeResponseRule);
+  runner.register(regressionRule);
+  runner.register(securityRule);
+  return runner;
+}
+function computeInsights(ctx) {
+  return createDefaultInsightRunner().run(ctx);
 }
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(debounceMs = 300) {
+  constructor(metricsStore, debounceMs = 300) {
+    this.metricsStore = metricsStore;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
     this.boundRequestListener = () => this.scheduleRecompute();
@@ -1599,6 +1878,7 @@ var AnalysisEngine = class {
     const queries = defaultQueryStore.getAll();
     const errors = defaultErrorStore.getAll();
     const logs = defaultLogStore.getAll();
+    const fetches = defaultFetchStore.getAll();
     const flows = groupRequestsIntoFlows(requests);
     this.cachedFindings = this.scanner.scan({ requests, logs });
     this.cachedInsights = computeInsights({
@@ -1606,6 +1886,8 @@ var AnalysisEngine = class {
       queries,
       errors,
       flows,
+      fetches,
+      previousMetrics: this.metricsStore.getAll(),
       securityFindings: this.cachedFindings
     });
     for (const fn of this.listeners) {
@@ -1618,13 +1900,15 @@ var AnalysisEngine = class {
 };
 // src/index.ts
-var VERSION = "0.7.3";
+var VERSION = "0.7.5";
 export {
   AdapterRegistry,
   AnalysisEngine,
+  InsightRunner,
   SecurityScanner,
   VERSION,
   computeInsights,
+  createDefaultInsightRunner,
   createDefaultScanner,
   detectProject
 };