npm - brakit - Versions diffs - 0.7.4 → 0.7.6 - Mend

brakit 0.7.4 → 0.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +78 -50
package/dist/api.d.ts +116 -3
package/dist/api.js +615 -353
package/dist/bin/brakit.js +38 -31
package/dist/runtime/index.js +1150 -510
package/package.json +1 -1

package/dist/api.js CHANGED Viewed

@@ -98,6 +98,8 @@ var MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
 var EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
 var INTERNAL_ID_KEYS = /^(id|_id|userId|user_id|createdBy|updatedBy|organizationId|org_id|tenantId|tenant_id)$/;
 var INTERNAL_ID_SUFFIX = /Id$|_id$/;
+var SELECT_STAR_RE = /^SELECT\s+\*/i;
+var SELECT_DOT_STAR_RE = /\.\*\s+FROM/i;
 var RULE_HINTS = {
   "exposed-secret": "Never include secret fields in API responses. Strip sensitive fields before returning.",
   "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
@@ -407,6 +409,58 @@ var corsCredentialsRule = {
   }
 };
+// src/constants/thresholds.ts
+var FLOW_GAP_MS = 5e3;
+var SLOW_REQUEST_THRESHOLD_MS = 2e3;
+var MIN_POLLING_SEQUENCE = 3;
+var ENDPOINT_TRUNCATE_LENGTH = 12;
+var N1_QUERY_THRESHOLD = 5;
+var ERROR_RATE_THRESHOLD_PCT = 20;
+var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
+var MIN_REQUESTS_FOR_INSIGHT = 2;
+var HIGH_QUERY_COUNT_PER_REQ = 5;
+var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
+var CROSS_ENDPOINT_PCT = 50;
+var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
+var REDUNDANT_QUERY_MIN_COUNT = 2;
+var LARGE_RESPONSE_BYTES = 51200;
+var HIGH_ROW_COUNT = 100;
+var OVERFETCH_MIN_REQUESTS = 2;
+var OVERFETCH_MIN_FIELDS = 8;
+var OVERFETCH_MIN_INTERNAL_IDS = 2;
+var OVERFETCH_NULL_RATIO = 0.3;
+var REGRESSION_PCT_THRESHOLD = 50;
+var REGRESSION_MIN_INCREASE_MS = 200;
+var REGRESSION_MIN_REQUESTS = 5;
+var QUERY_COUNT_REGRESSION_RATIO = 1.5;
+var OVERFETCH_MANY_FIELDS = 12;
+var OVERFETCH_UNWRAP_MIN_SIZE = 3;
+var MAX_DUPLICATE_INSIGHTS = 3;
+// src/utils/response.ts
+function unwrapResponse(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
+  const obj = parsed;
+  const keys = Object.keys(obj);
+  if (keys.length > 3) return parsed;
+  let best = null;
+  let bestSize = 0;
+  for (const key of keys) {
+    const val = obj[key];
+    if (Array.isArray(val) && val.length > bestSize) {
+      best = val;
+      bestSize = val.length;
+    } else if (val && typeof val === "object" && !Array.isArray(val)) {
+      const size = Object.keys(val).length;
+      if (size > bestSize) {
+        best = val;
+        bestSize = size;
+      }
+    }
+  }
+  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
+}
 // src/analysis/rules/response-pii-leak.ts
 var WRITE_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH"]);
 var FULL_RECORD_MIN_FIELDS = 5;
@@ -451,28 +505,6 @@ function hasInternalIds(obj) {
   }
   return false;
 }
-function unwrapResponse(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= 3 ? best : parsed;
-}
 function detectPII(method, reqBody, resBody) {
   const target = unwrapResponse(resBody);
   if (WRITE_METHODS.has(method) && reqBody && typeof reqBody === "object") {
@@ -598,27 +630,6 @@ var DASHBOARD_PREFIX = "/__brakit";
 var MAX_REQUEST_ENTRIES = 1e3;
 var MAX_TELEMETRY_ENTRIES = 1e3;
-// src/constants/thresholds.ts
-var FLOW_GAP_MS = 5e3;
-var SLOW_REQUEST_THRESHOLD_MS = 2e3;
-var MIN_POLLING_SEQUENCE = 3;
-var ENDPOINT_TRUNCATE_LENGTH = 12;
-var N1_QUERY_THRESHOLD = 5;
-var ERROR_RATE_THRESHOLD_PCT = 20;
-var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
-var MIN_REQUESTS_FOR_INSIGHT = 2;
-var HIGH_QUERY_COUNT_PER_REQ = 5;
-var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
-var CROSS_ENDPOINT_PCT = 50;
-var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
-var REDUNDANT_QUERY_MIN_COUNT = 2;
-var LARGE_RESPONSE_BYTES = 51200;
-var HIGH_ROW_COUNT = 100;
-var OVERFETCH_MIN_REQUESTS = 2;
-var OVERFETCH_MIN_FIELDS = 8;
-var OVERFETCH_MIN_INTERNAL_IDS = 2;
-var OVERFETCH_NULL_RATIO = 0.3;
 // src/utils/static-patterns.ts
 var STATIC_PATTERNS = [
   /^\/_next\//,
@@ -670,7 +681,7 @@ var RequestStore = class {
       responseHeaders: flattenHeaders(input.responseHeaders),
       responseBody: responseBodyStr,
       startedAt: input.startTime,
-      durationMs: Math.round(performance.now() - input.startTime),
+      durationMs: Math.round((input.endTime ?? performance.now()) - input.startTime),
       responseSize: input.responseBody?.length ?? 0,
       isStatic: isStaticPath(path)
     };
@@ -760,14 +771,21 @@ var defaultQueryStore = new QueryStore();
 // src/store/metrics/metrics-store.ts
 import { randomUUID as randomUUID2 } from "crypto";
+// src/utils/endpoint.ts
+function getEndpointKey(method, path) {
+  return `${method} ${path}`;
+}
 // src/store/metrics/persistence.ts
 import {
   readFileSync as readFileSync2,
   writeFileSync as writeFileSync2,
   mkdirSync as mkdirSync2,
   existsSync as existsSync2,
-  unlinkSync
+  unlinkSync,
+  renameSync
 } from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
 import { resolve as resolve2 } from "path";
 // src/analysis/group.ts
@@ -1123,6 +1141,22 @@ function deriveFlowLabel(requests, sourcePage) {
   return trigger.label;
 }
+// src/utils/collections.ts
+function groupBy(items, keyFn) {
+  const map = /* @__PURE__ */ new Map();
+  for (const item of items) {
+    const key = keyFn(item);
+    if (key == null) continue;
+    let arr = map.get(key);
+    if (!arr) {
+      arr = [];
+      map.set(key, arr);
+    }
+    arr.push(item);
+  }
+  return map;
+}
 // src/instrument/adapters/normalize.ts
 function normalizeSQL(sql) {
   if (!sql) return { op: "OTHER", table: "" };
@@ -1155,7 +1189,7 @@ function normalizeQueryParams(sql) {
   return n;
 }
-// src/analysis/insights.ts
+// src/analysis/insights/query-helpers.ts
 function getQueryShape(q) {
   if (q.sql) return normalizeQueryParams(q.sql) ?? "";
   return `${q.operation ?? q.normalizedOp ?? "?"}:${q.model ?? q.table ?? ""}`;
@@ -1167,143 +1201,234 @@ function getQueryInfo(q) {
     table: q.table ?? q.model ?? ""
   };
 }
-function formatDuration(ms) {
-  if (ms < 1e3) return `${ms}ms`;
-  return `${(ms / 1e3).toFixed(1)}s`;
-}
-function formatSize(bytes) {
-  if (bytes < 1024) return `${bytes}B`;
-  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
-  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+// src/analysis/insights/prepare.ts
+function createEndpointGroup() {
+  return {
+    total: 0,
+    errors: 0,
+    totalDuration: 0,
+    queryCount: 0,
+    totalSize: 0,
+    totalQueryTimeMs: 0,
+    totalFetchTimeMs: 0,
+    queryShapeDurations: /* @__PURE__ */ new Map()
+  };
 }
-function computeInsights(ctx) {
-  const insights = [];
+function prepareContext(ctx) {
   const nonStatic = ctx.requests.filter(
     (r) => !r.isStatic && (!r.path || !r.path.startsWith(DASHBOARD_PREFIX))
   );
-  const queriesByReq = /* @__PURE__ */ new Map();
-  for (const q of ctx.queries) {
-    if (!q.parentRequestId) continue;
-    let arr = queriesByReq.get(q.parentRequestId);
-    if (!arr) {
-      arr = [];
-      queriesByReq.set(q.parentRequestId, arr);
+  const queriesByReq = groupBy(ctx.queries, (q) => q.parentRequestId);
+  const fetchesByReq = groupBy(ctx.fetches, (f) => f.parentRequestId);
+  const reqById = new Map(nonStatic.map((r) => [r.id, r]));
+  const endpointGroups = /* @__PURE__ */ new Map();
+  for (const r of nonStatic) {
+    const ep = getEndpointKey(r.method, r.path);
+    let g = endpointGroups.get(ep);
+    if (!g) {
+      g = createEndpointGroup();
+      endpointGroups.set(ep, g);
     }
-    arr.push(q);
-  }
-  const reqById = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) reqById.set(r.id, r);
-  const n1Seen = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    const shapeGroups = /* @__PURE__ */ new Map();
+    g.total++;
+    if (r.statusCode >= 400) g.errors++;
+    g.totalDuration += r.durationMs;
+    g.totalSize += r.responseSize ?? 0;
+    const reqQueries = queriesByReq.get(r.id) ?? [];
+    g.queryCount += reqQueries.length;
     for (const q of reqQueries) {
+      g.totalQueryTimeMs += q.durationMs;
       const shape = getQueryShape(q);
-      let group = shapeGroups.get(shape);
-      if (!group) {
-        group = { count: 0, distinctSql: /* @__PURE__ */ new Set(), first: q };
-        shapeGroups.set(shape, group);
+      const info = getQueryInfo(q);
+      let sd = g.queryShapeDurations.get(shape);
+      if (!sd) {
+        sd = { totalMs: 0, count: 0, label: info.op + (info.table ? ` ${info.table}` : "") };
+        g.queryShapeDurations.set(shape, sd);
       }
-      group.count++;
-      group.distinctSql.add(q.sql ?? shape);
+      sd.totalMs += q.durationMs;
+      sd.count++;
     }
-    for (const [, sg] of shapeGroups) {
-      if (sg.count <= N1_QUERY_THRESHOLD || sg.distinctSql.size <= 1) continue;
-      const info = getQueryInfo(sg.first);
-      const key = `${endpoint}:${info.op}:${info.table || "unknown"}`;
-      if (n1Seen.has(key)) continue;
-      n1Seen.add(key);
-      insights.push({
-        severity: "critical",
-        type: "n1",
-        title: "N+1 Query Pattern",
-        desc: `${endpoint} runs ${sg.count}x ${info.op} ${info.table} with different params in a single request`,
-        hint: "This typically happens when fetching related data in a loop. Use a batch query, JOIN, or include/eager-load to fetch all records at once.",
-        nav: "queries"
-      });
+    const reqFetches = fetchesByReq.get(r.id) ?? [];
+    for (const f of reqFetches) {
+      g.totalFetchTimeMs += f.durationMs;
     }
   }
-  const ceQueryMap = /* @__PURE__ */ new Map();
-  const ceAllEndpoints = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    ceAllEndpoints.add(endpoint);
-    const seenInReq = /* @__PURE__ */ new Set();
-    for (const q of reqQueries) {
-      const shape = getQueryShape(q);
-      let entry = ceQueryMap.get(shape);
-      if (!entry) {
-        entry = { endpoints: /* @__PURE__ */ new Set(), count: 0, first: q };
-        ceQueryMap.set(shape, entry);
-      }
-      entry.count++;
-      if (!seenInReq.has(shape)) {
-        seenInReq.add(shape);
-        entry.endpoints.add(endpoint);
+  return {
+    ...ctx,
+    nonStatic,
+    queriesByReq,
+    fetchesByReq,
+    reqById,
+    endpointGroups
+  };
+}
+// src/analysis/insights/runner.ts
+var SEVERITY_ORDER = { critical: 0, warning: 1, info: 2 };
+var InsightRunner = class {
+  rules = [];
+  register(rule) {
+    this.rules.push(rule);
+  }
+  run(ctx) {
+    const prepared = prepareContext(ctx);
+    const insights = [];
+    for (const rule of this.rules) {
+      try {
+        insights.push(...rule.check(prepared));
+      } catch {
       }
     }
+    insights.sort(
+      (a, b) => (SEVERITY_ORDER[a.severity] ?? 2) - (SEVERITY_ORDER[b.severity] ?? 2)
+    );
+    return insights;
   }
-  if (ceAllEndpoints.size >= CROSS_ENDPOINT_MIN_ENDPOINTS) {
-    for (const [, cem] of ceQueryMap) {
-      if (cem.count < CROSS_ENDPOINT_MIN_OCCURRENCES) continue;
-      if (cem.endpoints.size < CROSS_ENDPOINT_MIN_ENDPOINTS) continue;
-      const pct = Math.round(cem.endpoints.size / ceAllEndpoints.size * 100);
-      if (pct < CROSS_ENDPOINT_PCT) continue;
-      const info = getQueryInfo(cem.first);
-      const label = info.op + (info.table ? ` ${info.table}` : "");
-      insights.push({
-        severity: "warning",
-        type: "cross-endpoint",
-        title: "Repeated Query Across Endpoints",
-        desc: `${label} runs on ${cem.endpoints.size} of ${ceAllEndpoints.size} endpoints (${pct}%).`,
-        hint: "This query runs on most of your endpoints. Load it once in middleware or cache the result to avoid redundant database calls.",
-        nav: "queries"
-      });
+};
+// src/analysis/insights/rules/n1.ts
+var n1Rule = {
+  id: "n1",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      const shapeGroups = /* @__PURE__ */ new Map();
+      for (const q of reqQueries) {
+        const shape = getQueryShape(q);
+        let group = shapeGroups.get(shape);
+        if (!group) {
+          group = { count: 0, distinctSql: /* @__PURE__ */ new Set(), first: q };
+          shapeGroups.set(shape, group);
+        }
+        group.count++;
+        group.distinctSql.add(q.sql ?? shape);
+      }
+      for (const [, sg] of shapeGroups) {
+        if (sg.count <= N1_QUERY_THRESHOLD || sg.distinctSql.size <= 1) continue;
+        const info = getQueryInfo(sg.first);
+        const key = `${endpoint}:${info.op}:${info.table || "unknown"}`;
+        if (seen.has(key)) continue;
+        seen.add(key);
+        insights.push({
+          severity: "critical",
+          type: "n1",
+          title: "N+1 Query Pattern",
+          desc: `${endpoint} runs ${sg.count}x ${info.op} ${info.table} with different params in a single request`,
+          hint: "This typically happens when fetching related data in a loop. Use a batch query, JOIN, or include/eager-load to fetch all records at once.",
+          nav: "queries"
+        });
+      }
     }
+    return insights;
   }
-  const rqSeen = /* @__PURE__ */ new Set();
-  for (const [reqId, reqQueries] of queriesByReq) {
-    const req = reqById.get(reqId);
-    if (!req) continue;
-    const endpoint = `${req.method} ${req.path}`;
-    const exact = /* @__PURE__ */ new Map();
-    for (const q of reqQueries) {
-      if (!q.sql) continue;
-      let entry = exact.get(q.sql);
-      if (!entry) {
-        entry = { count: 0, first: q };
-        exact.set(q.sql, entry);
+};
+// src/analysis/insights/rules/cross-endpoint.ts
+var crossEndpointRule = {
+  id: "cross-endpoint",
+  check(ctx) {
+    const insights = [];
+    const queryMap = /* @__PURE__ */ new Map();
+    const allEndpoints = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      allEndpoints.add(endpoint);
+      const seenInReq = /* @__PURE__ */ new Set();
+      for (const q of reqQueries) {
+        const shape = getQueryShape(q);
+        let entry = queryMap.get(shape);
+        if (!entry) {
+          entry = { endpoints: /* @__PURE__ */ new Set(), count: 0, first: q };
+          queryMap.set(shape, entry);
+        }
+        entry.count++;
+        if (!seenInReq.has(shape)) {
+          seenInReq.add(shape);
+          entry.endpoints.add(endpoint);
+        }
       }
-      entry.count++;
     }
-    for (const [, e] of exact) {
-      if (e.count < REDUNDANT_QUERY_MIN_COUNT) continue;
-      const info = getQueryInfo(e.first);
-      const label = info.op + (info.table ? ` ${info.table}` : "");
-      const dedupKey = `${endpoint}:${label}`;
-      if (rqSeen.has(dedupKey)) continue;
-      rqSeen.add(dedupKey);
-      insights.push({
-        severity: "warning",
-        type: "redundant-query",
-        title: "Redundant Query",
-        desc: `${label} runs ${e.count}x with identical params in ${endpoint}.`,
-        hint: "The exact same query with identical parameters runs multiple times in one request. Cache the first result or lift the query to a shared function.",
-        nav: "queries"
-      });
+    if (allEndpoints.size >= CROSS_ENDPOINT_MIN_ENDPOINTS) {
+      for (const [, cem] of queryMap) {
+        if (cem.count < CROSS_ENDPOINT_MIN_OCCURRENCES) continue;
+        if (cem.endpoints.size < CROSS_ENDPOINT_MIN_ENDPOINTS) continue;
+        const p = Math.round(cem.endpoints.size / allEndpoints.size * 100);
+        if (p < CROSS_ENDPOINT_PCT) continue;
+        const info = getQueryInfo(cem.first);
+        const label = info.op + (info.table ? ` ${info.table}` : "");
+        insights.push({
+          severity: "warning",
+          type: "cross-endpoint",
+          title: "Repeated Query Across Endpoints",
+          desc: `${label} runs on ${cem.endpoints.size} of ${allEndpoints.size} endpoints (${p}%).`,
+          hint: "This query runs on most of your endpoints. Load it once in middleware or cache the result to avoid redundant database calls.",
+          nav: "queries"
+        });
+      }
+    }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/redundant-query.ts
+var redundantQueryRule = {
+  id: "redundant-query",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const [reqId, reqQueries] of ctx.queriesByReq) {
+      const req = ctx.reqById.get(reqId);
+      if (!req) continue;
+      const endpoint = getEndpointKey(req.method, req.path);
+      const exact = /* @__PURE__ */ new Map();
+      for (const q of reqQueries) {
+        if (!q.sql) continue;
+        let entry = exact.get(q.sql);
+        if (!entry) {
+          entry = { count: 0, first: q };
+          exact.set(q.sql, entry);
+        }
+        entry.count++;
+      }
+      for (const [, e] of exact) {
+        if (e.count < REDUNDANT_QUERY_MIN_COUNT) continue;
+        const info = getQueryInfo(e.first);
+        const label = info.op + (info.table ? ` ${info.table}` : "");
+        const dedupKey = `${endpoint}:${label}`;
+        if (seen.has(dedupKey)) continue;
+        seen.add(dedupKey);
+        insights.push({
+          severity: "warning",
+          type: "redundant-query",
+          title: "Redundant Query",
+          desc: `${label} runs ${e.count}x with identical params in ${endpoint}.`,
+          hint: "The exact same query with identical parameters runs multiple times in one request. Cache the first result or lift the query to a shared function.",
+          nav: "queries"
+        });
+      }
     }
+    return insights;
   }
-  if (ctx.errors.length > 0) {
-    const errGroups = /* @__PURE__ */ new Map();
+};
+// src/analysis/insights/rules/error.ts
+var errorRule = {
+  id: "error",
+  check(ctx) {
+    if (ctx.errors.length === 0) return [];
+    const insights = [];
+    const groups = /* @__PURE__ */ new Map();
     for (const e of ctx.errors) {
       const name = e.name || "Error";
-      errGroups.set(name, (errGroups.get(name) ?? 0) + 1);
+      groups.set(name, (groups.get(name) ?? 0) + 1);
     }
-    for (const [name, cnt] of errGroups) {
+    for (const [name, cnt] of groups) {
       insights.push({
         severity: "critical",
         type: "error",
@@ -1313,235 +1438,367 @@ function computeInsights(ctx) {
         nav: "errors"
       });
     }
+    return insights;
   }
-  const endpointGroups = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) {
-    const ep = `${r.method} ${r.path}`;
-    let g = endpointGroups.get(ep);
-    if (!g) {
-      g = { total: 0, errors: 0, totalDuration: 0, queryCount: 0, totalSize: 0 };
-      endpointGroups.set(ep, g);
+};
+// src/analysis/insights/rules/error-hotspot.ts
+var errorHotspotRule = {
+  id: "error-hotspot",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const errorRate = Math.round(g.errors / g.total * 100);
+      if (errorRate >= ERROR_RATE_THRESHOLD_PCT) {
+        insights.push({
+          severity: "critical",
+          type: "error-hotspot",
+          title: "Error Hotspot",
+          desc: `${ep} \u2014 ${errorRate}% error rate (${g.errors}/${g.total} requests)`,
+          hint: "This endpoint frequently returns errors. Check the response bodies for error details and stack traces.",
+          nav: "requests"
+        });
+      }
     }
-    g.total++;
-    if (r.statusCode >= 400) g.errors++;
-    g.totalDuration += r.durationMs;
-    g.queryCount += (queriesByReq.get(r.id) ?? []).length;
-    g.totalSize += r.responseSize ?? 0;
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const errorRate = Math.round(g.errors / g.total * 100);
-    if (errorRate >= ERROR_RATE_THRESHOLD_PCT) {
+};
+// src/analysis/insights/rules/duplicate.ts
+var duplicateRule = {
+  id: "duplicate",
+  check(ctx) {
+    const dupCounts = /* @__PURE__ */ new Map();
+    const flowCount = /* @__PURE__ */ new Map();
+    for (const flow of ctx.flows) {
+      if (!flow.requests) continue;
+      const seenInFlow = /* @__PURE__ */ new Set();
+      for (const fr of flow.requests) {
+        if (!fr.isDuplicate) continue;
+        const dupKey = `${fr.method} ${fr.label ?? fr.path ?? fr.url}`;
+        dupCounts.set(dupKey, (dupCounts.get(dupKey) ?? 0) + 1);
+        if (!seenInFlow.has(dupKey)) {
+          seenInFlow.add(dupKey);
+          flowCount.set(dupKey, (flowCount.get(dupKey) ?? 0) + 1);
+        }
+      }
+    }
+    const dupEntries = [...dupCounts.entries()].map(([key, count]) => ({ key, count, flows: flowCount.get(key) ?? 0 })).sort((a, b) => b.count - a.count);
+    const insights = [];
+    for (let i = 0; i < Math.min(dupEntries.length, MAX_DUPLICATE_INSIGHTS); i++) {
+      const d = dupEntries[i];
       insights.push({
-        severity: "critical",
-        type: "error-hotspot",
-        title: "Error Hotspot",
-        desc: `${ep} \u2014 ${errorRate}% error rate (${g.errors}/${g.total} requests)`,
-        hint: "This endpoint frequently returns errors. Check the response bodies for error details and stack traces.",
-        nav: "requests"
+        severity: "warning",
+        type: "duplicate",
+        title: "Duplicate API Call",
+        desc: `${d.key} loaded ${d.count}x as duplicate across ${d.flows} action${d.flows !== 1 ? "s" : ""}`,
+        hint: "Multiple components independently fetch the same endpoint. Lift the fetch to a parent component, use a data cache, or deduplicate with React Query / SWR.",
+        nav: "actions"
       });
     }
+    return insights;
   }
-  const dupCounts = /* @__PURE__ */ new Map();
-  const flowCount = /* @__PURE__ */ new Map();
-  for (const flow of ctx.flows) {
-    if (!flow.requests) continue;
-    const seenInFlow = /* @__PURE__ */ new Set();
-    for (const fr of flow.requests) {
-      if (!fr.isDuplicate) continue;
-      const dupKey = `${fr.method} ${fr.label ?? fr.path ?? fr.url}`;
-      dupCounts.set(dupKey, (dupCounts.get(dupKey) ?? 0) + 1);
-      if (!seenInFlow.has(dupKey)) {
-        seenInFlow.add(dupKey);
-        flowCount.set(dupKey, (flowCount.get(dupKey) ?? 0) + 1);
+};
+// src/utils/format.ts
+function formatDuration(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  return `${(ms / 1e3).toFixed(1)}s`;
+}
+function formatSize(bytes) {
+  if (bytes < 1024) return `${bytes}B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
+}
+function pct(part, total) {
+  return total > 0 ? Math.round(part / total * 100) : 0;
+}
+// src/analysis/insights/rules/slow.ts
+var slowRule = {
+  id: "slow",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const avgMs = Math.round(g.totalDuration / g.total);
+      if (avgMs < SLOW_ENDPOINT_THRESHOLD_MS) continue;
+      const avgQueryMs = Math.round(g.totalQueryTimeMs / g.total);
+      const avgFetchMs = Math.round(g.totalFetchTimeMs / g.total);
+      const avgAppMs = Math.max(0, avgMs - avgQueryMs - avgFetchMs);
+      const parts = [];
+      if (avgQueryMs > 0) parts.push(`DB ${formatDuration(avgQueryMs)} ${pct(avgQueryMs, avgMs)}%`);
+      if (avgFetchMs > 0) parts.push(`Fetch ${formatDuration(avgFetchMs)} ${pct(avgFetchMs, avgMs)}%`);
+      if (avgAppMs > 0) parts.push(`App ${formatDuration(avgAppMs)} ${pct(avgAppMs, avgMs)}%`);
+      const breakdown = parts.length > 0 ? ` [${parts.join(" \xB7 ")}]` : "";
+      let detail;
+      let slowestMs = 0;
+      for (const [, sd] of g.queryShapeDurations) {
+        const avgShapeMs = sd.totalMs / sd.count;
+        if (avgShapeMs > slowestMs) {
+          slowestMs = avgShapeMs;
+          detail = `Slowest query: ${sd.label} \u2014 avg ${formatDuration(Math.round(avgShapeMs))} (${sd.count}x)`;
+        }
       }
-    }
-  }
-  const dupEntries = [...dupCounts.entries()].map(([key, count]) => ({ key, count, flows: flowCount.get(key) ?? 0 })).sort((a, b) => b.count - a.count);
-  for (let i = 0; i < Math.min(dupEntries.length, 3); i++) {
-    const d = dupEntries[i];
-    insights.push({
-      severity: "warning",
-      type: "duplicate",
-      title: "Duplicate API Call",
-      desc: `${d.key} loaded ${d.count}x as duplicate across ${d.flows} action${d.flows !== 1 ? "s" : ""}`,
-      hint: "Multiple components independently fetch the same endpoint. Lift the fetch to a parent component, use a data cache, or deduplicate with React Query / SWR.",
-      nav: "actions"
-    });
-  }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const avgMs = Math.round(g.totalDuration / g.total);
-    if (avgMs >= SLOW_ENDPOINT_THRESHOLD_MS) {
       insights.push({
         severity: "warning",
         type: "slow",
         title: "Slow Endpoint",
-        desc: `${ep} \u2014 avg ${formatDuration(avgMs)} across ${g.total} request${g.total !== 1 ? "s" : ""}`,
-        hint: "Consistently slow responses hurt user experience. Check the Queries tab to see if database queries are the bottleneck.",
+        desc: `${ep} \u2014 avg ${formatDuration(avgMs)}${breakdown}`,
+        hint: avgQueryMs >= avgFetchMs && avgQueryMs >= avgAppMs ? "Most time is in database queries. Check the Queries tab for slow or redundant queries." : avgFetchMs >= avgQueryMs && avgFetchMs >= avgAppMs ? "Most time is in outbound HTTP calls. Check if upstream services are slow or if calls can be parallelized." : "Most time is in application code. Profile the handler for CPU-heavy operations or blocking calls.",
+        detail,
         nav: "requests"
       });
     }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/query-heavy.ts
+var queryHeavyRule = {
+  id: "query-heavy",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
+      const avgQueries = Math.round(g.queryCount / g.total);
+      if (avgQueries > HIGH_QUERY_COUNT_PER_REQ) {
+        insights.push({
+          severity: "warning",
+          type: "query-heavy",
+          title: "Query-Heavy Endpoint",
+          desc: `${ep} \u2014 avg ${avgQueries} queries/request`,
+          hint: "Too many queries per request increases latency. Combine queries with JOINs, use batch operations, or reduce the number of data fetches.",
+          nav: "queries"
+        });
+      }
+    }
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < MIN_REQUESTS_FOR_INSIGHT) continue;
-    const avgQueries = Math.round(g.queryCount / g.total);
-    if (avgQueries > HIGH_QUERY_COUNT_PER_REQ) {
+};
+// src/analysis/insights/rules/select-star.ts
+var selectStarRule = {
+  id: "select-star",
+  check(ctx) {
+    const seen = /* @__PURE__ */ new Map();
+    for (const [, reqQueries] of ctx.queriesByReq) {
+      for (const q of reqQueries) {
+        if (!q.sql) continue;
+        const isSelectStar = SELECT_STAR_RE.test(q.sql.trim()) || SELECT_DOT_STAR_RE.test(q.sql);
+        if (!isSelectStar) continue;
+        const info = getQueryInfo(q);
+        const key = info.table || "unknown";
+        seen.set(key, (seen.get(key) ?? 0) + 1);
+      }
+    }
+    const insights = [];
+    for (const [table, count] of seen) {
+      if (count < OVERFETCH_MIN_REQUESTS) continue;
       insights.push({
         severity: "warning",
-        type: "query-heavy",
-        title: "Query-Heavy Endpoint",
-        desc: `${ep} \u2014 avg ${avgQueries} queries/request`,
-        hint: "Too many queries per request increases latency. Combine queries with JOINs, use batch operations, or reduce the number of data fetches.",
+        type: "select-star",
+        title: "SELECT * Query",
+        desc: `SELECT * on ${table} \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
+        hint: "SELECT * fetches all columns including ones you don\u2019t need. Specify only required columns to reduce data transfer and memory usage.",
         nav: "queries"
       });
     }
+    return insights;
   }
-  const selectStarSeen = /* @__PURE__ */ new Map();
-  for (const [, reqQueries] of queriesByReq) {
-    for (const q of reqQueries) {
-      if (!q.sql) continue;
-      const isSelectStar = /^SELECT\s+\*/i.test(q.sql.trim()) || /\.\*\s+FROM/i.test(q.sql);
-      if (!isSelectStar) continue;
-      const info = getQueryInfo(q);
-      const key = info.table || "unknown";
-      selectStarSeen.set(key, (selectStarSeen.get(key) ?? 0) + 1);
-    }
-  }
-  for (const [table, count] of selectStarSeen) {
-    if (count < OVERFETCH_MIN_REQUESTS) continue;
-    insights.push({
-      severity: "warning",
-      type: "select-star",
-      title: "SELECT * Query",
-      desc: `SELECT * on ${table} \u2014 ${count} occurrence${count !== 1 ? "s" : ""}`,
-      hint: "SELECT * fetches all columns including ones you don\u2019t need. Specify only required columns to reduce data transfer and memory usage.",
-      nav: "queries"
-    });
-  }
-  const highRowSeen = /* @__PURE__ */ new Map();
-  for (const [, reqQueries] of queriesByReq) {
-    for (const q of reqQueries) {
-      if (!q.rowCount || q.rowCount <= HIGH_ROW_COUNT) continue;
-      const info = getQueryInfo(q);
-      const key = `${info.op} ${info.table || "unknown"}`;
-      let entry = highRowSeen.get(key);
-      if (!entry) {
-        entry = { max: 0, count: 0 };
-        highRowSeen.set(key, entry);
-      }
-      entry.count++;
-      if (q.rowCount > entry.max) entry.max = q.rowCount;
-    }
-  }
-  for (const [key, hrs] of highRowSeen) {
-    if (hrs.count < OVERFETCH_MIN_REQUESTS) continue;
-    insights.push({
-      severity: "warning",
-      type: "high-rows",
-      title: "Large Result Set",
-      desc: `${key} returns ${hrs.max}+ rows (${hrs.count}x)`,
-      hint: "Fetching many rows slows responses and wastes memory. Add a LIMIT clause, implement pagination, or filter with a WHERE condition.",
-      nav: "queries"
-    });
-  }
-  const overfetchSeen = /* @__PURE__ */ new Set();
-  for (const r of nonStatic) {
-    if (r.statusCode >= 400 || !r.responseBody) continue;
-    const ep = `${r.method} ${r.path}`;
-    if (overfetchSeen.has(ep)) continue;
-    let parsed;
-    try {
-      parsed = JSON.parse(r.responseBody);
-    } catch {
-      continue;
-    }
-    let target = parsed;
-    if (target && typeof target === "object" && !Array.isArray(target)) {
-      const topKeys = Object.keys(target);
-      if (topKeys.length <= 3) {
-        let best = null;
-        let bestSize = 0;
-        for (const k of topKeys) {
-          const val = target[k];
-          if (Array.isArray(val) && val.length > bestSize) {
-            best = val;
-            bestSize = val.length;
-          } else if (val && typeof val === "object" && !Array.isArray(val)) {
-            const size = Object.keys(val).length;
-            if (size > bestSize) {
-              best = val;
-              bestSize = size;
-            }
-          }
+};
+// src/analysis/insights/rules/high-rows.ts
+var highRowsRule = {
+  id: "high-rows",
+  check(ctx) {
+    const seen = /* @__PURE__ */ new Map();
+    for (const [, reqQueries] of ctx.queriesByReq) {
+      for (const q of reqQueries) {
+        if (!q.rowCount || q.rowCount <= HIGH_ROW_COUNT) continue;
+        const info = getQueryInfo(q);
+        const key = `${info.op} ${info.table || "unknown"}`;
+        let entry = seen.get(key);
+        if (!entry) {
+          entry = { max: 0, count: 0 };
+          seen.set(key, entry);
         }
-        if (best && bestSize >= 3) target = best;
+        entry.count++;
+        if (q.rowCount > entry.max) entry.max = q.rowCount;
       }
     }
-    const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
-    if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
-    const fields = Object.keys(inspectObj);
-    if (fields.length < OVERFETCH_MIN_FIELDS) continue;
-    let internalIdCount = 0;
-    let nullCount = 0;
-    for (const key of fields) {
-      if (INTERNAL_ID_SUFFIX.test(key) || key === "id" || key === "_id") internalIdCount++;
-      const val = inspectObj[key];
-      if (val === null || val === void 0) nullCount++;
-    }
-    const nullRatio = nullCount / fields.length;
-    const reasons = [];
-    if (internalIdCount >= OVERFETCH_MIN_INTERNAL_IDS) reasons.push(`${internalIdCount} internal ID fields`);
-    if (nullRatio >= OVERFETCH_NULL_RATIO) reasons.push(`${Math.round(nullRatio * 100)}% null fields`);
-    if (fields.length >= OVERFETCH_MIN_FIELDS && reasons.length === 0 && fields.length >= 12) {
-      reasons.push(`${fields.length} fields returned`);
-    }
-    if (reasons.length > 0) {
-      overfetchSeen.add(ep);
+    const insights = [];
+    for (const [key, hrs] of seen) {
+      if (hrs.count < OVERFETCH_MIN_REQUESTS) continue;
       insights.push({
-        severity: "info",
-        type: "response-overfetch",
-        title: "Response Overfetch",
-        desc: `${ep} \u2014 ${reasons.join(", ")}`,
-        hint: "This response returns more data than the client likely needs. Use a DTO or select only required fields to reduce payload size and avoid leaking internal structure.",
-        nav: "requests"
+        severity: "warning",
+        type: "high-rows",
+        title: "Large Result Set",
+        desc: `${key} returns ${hrs.max}+ rows (${hrs.count}x)`,
+        hint: "Fetching many rows slows responses and wastes memory. Add a LIMIT clause, implement pagination, or filter with a WHERE condition.",
+        nav: "queries"
       });
     }
+    return insights;
   }
-  for (const [ep, g] of endpointGroups) {
-    if (g.total < OVERFETCH_MIN_REQUESTS) continue;
-    const avgSize = Math.round(g.totalSize / g.total);
-    if (avgSize > LARGE_RESPONSE_BYTES) {
-      insights.push({
-        severity: "info",
-        type: "large-response",
-        title: "Large Response",
-        desc: `${ep} \u2014 avg ${formatSize(avgSize)} response`,
-        hint: "Large API responses increase network transfer time. Implement pagination, field filtering, or response compression.",
-        nav: "requests"
-      });
+};
+// src/analysis/insights/rules/response-overfetch.ts
+var responseOverfetchRule = {
+  id: "response-overfetch",
+  check(ctx) {
+    const insights = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const r of ctx.nonStatic) {
+      if (r.statusCode >= 400 || !r.responseBody) continue;
+      const ep = getEndpointKey(r.method, r.path);
+      if (seen.has(ep)) continue;
+      let parsed;
+      try {
+        parsed = JSON.parse(r.responseBody);
+      } catch {
+        continue;
+      }
+      const target = unwrapResponse(parsed);
+      const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
+      if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
+      const fields = Object.keys(inspectObj);
+      if (fields.length < OVERFETCH_MIN_FIELDS) continue;
+      let internalIdCount = 0;
+      let nullCount = 0;
+      for (const key of fields) {
+        if (INTERNAL_ID_SUFFIX.test(key) || key === "id" || key === "_id") internalIdCount++;
+        const val = inspectObj[key];
+        if (val === null || val === void 0) nullCount++;
+      }
+      const nullRatio = nullCount / fields.length;
+      const reasons = [];
+      if (internalIdCount >= OVERFETCH_MIN_INTERNAL_IDS) reasons.push(`${internalIdCount} internal ID fields`);
+      if (nullRatio >= OVERFETCH_NULL_RATIO) reasons.push(`${Math.round(nullRatio * 100)}% null fields`);
+      if (reasons.length === 0 && fields.length >= OVERFETCH_MANY_FIELDS) {
+        reasons.push(`${fields.length} fields returned`);
+      }
+      if (reasons.length > 0) {
+        seen.add(ep);
+        insights.push({
+          severity: "info",
+          type: "response-overfetch",
+          title: "Response Overfetch",
+          desc: `${ep} \u2014 ${reasons.join(", ")}`,
+          hint: "This response returns more data than the client likely needs. Use a DTO or select only required fields to reduce payload size and avoid leaking internal structure.",
+          nav: "requests"
+        });
+      }
     }
+    return insights;
   }
-  if (ctx.securityFindings) {
-    for (const f of ctx.securityFindings) {
-      insights.push({
-        severity: f.severity,
-        type: "security",
-        title: f.title,
-        desc: f.desc,
-        hint: f.hint,
-        nav: "security"
-      });
+};
+// src/analysis/insights/rules/large-response.ts
+var largeResponseRule = {
+  id: "large-response",
+  check(ctx) {
+    const insights = [];
+    for (const [ep, g] of ctx.endpointGroups) {
+      if (g.total < OVERFETCH_MIN_REQUESTS) continue;
+      const avgSize = Math.round(g.totalSize / g.total);
+      if (avgSize > LARGE_RESPONSE_BYTES) {
+        insights.push({
+          severity: "info",
+          type: "large-response",
+          title: "Large Response",
+          desc: `${ep} \u2014 avg ${formatSize(avgSize)} response`,
+          hint: "Large API responses increase network transfer time. Implement pagination, field filtering, or response compression.",
+          nav: "requests"
+        });
+      }
     }
+    return insights;
   }
-  const severityOrder = { critical: 0, warning: 1, info: 2 };
-  insights.sort((a, b) => (severityOrder[a.severity] ?? 2) - (severityOrder[b.severity] ?? 2));
-  return insights;
+};
+// src/analysis/insights/rules/regression.ts
+var regressionRule = {
+  id: "regression",
+  check(ctx) {
+    if (!ctx.previousMetrics || ctx.previousMetrics.length === 0) return [];
+    const insights = [];
+    for (const epMetrics of ctx.previousMetrics) {
+      if (epMetrics.sessions.length < 2) continue;
+      const prev = epMetrics.sessions[epMetrics.sessions.length - 2];
+      const current = epMetrics.sessions[epMetrics.sessions.length - 1];
+      if (prev.requestCount < REGRESSION_MIN_REQUESTS || current.requestCount < REGRESSION_MIN_REQUESTS) continue;
+      const p95Increase = current.p95DurationMs - prev.p95DurationMs;
+      const p95PctChange = prev.p95DurationMs > 0 ? Math.round(p95Increase / prev.p95DurationMs * 100) : 0;
+      if (p95Increase >= REGRESSION_MIN_INCREASE_MS && p95PctChange >= REGRESSION_PCT_THRESHOLD) {
+        insights.push({
+          severity: "warning",
+          type: "regression",
+          title: "Performance Regression",
+          desc: `${epMetrics.endpoint} p95 degraded ${formatDuration(prev.p95DurationMs)} \u2192 ${formatDuration(current.p95DurationMs)} (+${p95PctChange}%)`,
+          hint: "This endpoint is slower than the previous session. Check if recent code changes added queries or processing.",
+          nav: "graph"
+        });
+      }
+      if (prev.avgQueryCount > 0 && current.avgQueryCount > prev.avgQueryCount * QUERY_COUNT_REGRESSION_RATIO) {
+        insights.push({
+          severity: "warning",
+          type: "regression",
+          title: "Query Count Regression",
+          desc: `${epMetrics.endpoint} queries/request increased ${prev.avgQueryCount} \u2192 ${current.avgQueryCount}`,
+          hint: "This endpoint is making more database queries than before. Check for new N+1 patterns or removed query optimizations.",
+          nav: "queries"
+        });
+      }
+    }
+    return insights;
+  }
+};
+// src/analysis/insights/rules/security.ts
+var securityRule = {
+  id: "security",
+  check(ctx) {
+    if (!ctx.securityFindings) return [];
+    return ctx.securityFindings.map((f) => ({
+      severity: f.severity,
+      type: "security",
+      title: f.title,
+      desc: f.desc,
+      hint: f.hint,
+      nav: "security"
+    }));
+  }
+};
+// src/analysis/insights/index.ts
+function createDefaultInsightRunner() {
+  const runner = new InsightRunner();
+  runner.register(n1Rule);
+  runner.register(crossEndpointRule);
+  runner.register(redundantQueryRule);
+  runner.register(errorRule);
+  runner.register(errorHotspotRule);
+  runner.register(duplicateRule);
+  runner.register(slowRule);
+  runner.register(queryHeavyRule);
+  runner.register(selectStarRule);
+  runner.register(highRowsRule);
+  runner.register(responseOverfetchRule);
+  runner.register(largeResponseRule);
+  runner.register(regressionRule);
+  runner.register(securityRule);
+  return runner;
+}
+function computeInsights(ctx) {
+  return createDefaultInsightRunner().run(ctx);
 }
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(debounceMs = 300) {
+  constructor(metricsStore, debounceMs = 300) {
+    this.metricsStore = metricsStore;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
     this.boundRequestListener = () => this.scheduleRecompute();
@@ -1599,6 +1856,7 @@ var AnalysisEngine = class {
     const queries = defaultQueryStore.getAll();
     const errors = defaultErrorStore.getAll();
     const logs = defaultLogStore.getAll();
+    const fetches = defaultFetchStore.getAll();
     const flows = groupRequestsIntoFlows(requests);
     this.cachedFindings = this.scanner.scan({ requests, logs });
     this.cachedInsights = computeInsights({
@@ -1606,6 +1864,8 @@ var AnalysisEngine = class {
       queries,
       errors,
       flows,
+      fetches,
+      previousMetrics: this.metricsStore.getAll(),
       securityFindings: this.cachedFindings
     });
     for (const fn of this.listeners) {
@@ -1618,13 +1878,15 @@ var AnalysisEngine = class {
 };
 // src/index.ts
-var VERSION = "0.7.4";
+var VERSION = "0.7.6";
 export {
   AdapterRegistry,
   AnalysisEngine,
+  InsightRunner,
   SecurityScanner,
   VERSION,
   computeInsights,
+  createDefaultInsightRunner,
   createDefaultScanner,
   detectProject
 };