npm - codesift-mcp - Versions diffs - 0.3.0 → 0.5.0 - Mend

codesift-mcp 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (543) hide show

package/README.md +215 -23
package/dist/cache/hono-cache.d.ts +50 -0
package/dist/cache/hono-cache.d.ts.map +1 -0
package/dist/cache/hono-cache.js +132 -0
package/dist/cache/hono-cache.js.map +1 -0
package/dist/cli/help.d.ts.map +1 -1
package/dist/cli/help.js +8 -6
package/dist/cli/help.js.map +1 -1
package/dist/cli/platform.d.ts.map +1 -1
package/dist/cli/platform.js +12 -14
package/dist/cli/platform.js.map +1 -1
package/dist/cli/setup.d.ts +1 -1
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +27 -3
package/dist/cli/setup.js.map +1 -1
package/dist/formatters-shortening.d.ts +13 -0
package/dist/formatters-shortening.d.ts.map +1 -1
package/dist/formatters-shortening.js +131 -0
package/dist/formatters-shortening.js.map +1 -1
package/dist/formatters.d.ts +38 -0
package/dist/formatters.d.ts.map +1 -1
package/dist/formatters.js +521 -0
package/dist/formatters.js.map +1 -1
package/dist/instructions.d.ts +1 -1
package/dist/instructions.d.ts.map +1 -1
package/dist/instructions.js +39 -38
package/dist/instructions.js.map +1 -1
package/dist/lsp/lsp-servers.d.ts.map +1 -1
package/dist/lsp/lsp-servers.js +5 -0
package/dist/lsp/lsp-servers.js.map +1 -1
package/dist/lsp/lsp-tools.d.ts.map +1 -1
package/dist/lsp/lsp-tools.js +1 -0
package/dist/lsp/lsp-tools.js.map +1 -1
package/dist/parser/astro-template.d.ts +47 -0
package/dist/parser/astro-template.d.ts.map +1 -0
package/dist/parser/astro-template.js +171 -0
package/dist/parser/astro-template.js.map +1 -0
package/dist/parser/extractors/_shared.d.ts +4 -0
package/dist/parser/extractors/_shared.d.ts.map +1 -1
package/dist/parser/extractors/_shared.js +8 -0
package/dist/parser/extractors/_shared.js.map +1 -1
package/dist/parser/extractors/astro.d.ts +4 -5
package/dist/parser/extractors/astro.d.ts.map +1 -1
package/dist/parser/extractors/astro.js +102 -26
package/dist/parser/extractors/astro.js.map +1 -1
package/dist/parser/extractors/gradle-kts.d.ts +4 -0
package/dist/parser/extractors/gradle-kts.d.ts.map +1 -0
package/dist/parser/extractors/gradle-kts.js +246 -0
package/dist/parser/extractors/gradle-kts.js.map +1 -0
package/dist/parser/extractors/hono-inline-analyzer.d.ts +34 -0
package/dist/parser/extractors/hono-inline-analyzer.d.ts.map +1 -0
package/dist/parser/extractors/hono-inline-analyzer.js +465 -0
package/dist/parser/extractors/hono-inline-analyzer.js.map +1 -0
package/dist/parser/extractors/hono-model.d.ts +196 -0
package/dist/parser/extractors/hono-model.d.ts.map +1 -0
package/dist/parser/extractors/hono-model.js +10 -0
package/dist/parser/extractors/hono-model.js.map +1 -0
package/dist/parser/extractors/hono.d.ts +118 -0
package/dist/parser/extractors/hono.d.ts.map +1 -0
package/dist/parser/extractors/hono.js +1527 -0
package/dist/parser/extractors/hono.js.map +1 -0
package/dist/parser/extractors/kotlin.d.ts +4 -0
package/dist/parser/extractors/kotlin.d.ts.map +1 -0
package/dist/parser/extractors/kotlin.js +521 -0
package/dist/parser/extractors/kotlin.js.map +1 -0
package/dist/parser/extractors/php.d.ts +22 -0
package/dist/parser/extractors/php.d.ts.map +1 -0
package/dist/parser/extractors/php.js +334 -0
package/dist/parser/extractors/php.js.map +1 -0
package/dist/parser/extractors/python.d.ts.map +1 -1
package/dist/parser/extractors/python.js +234 -11
package/dist/parser/extractors/python.js.map +1 -1
package/dist/parser/extractors/sql.d.ts +33 -0
package/dist/parser/extractors/sql.d.ts.map +1 -0
package/dist/parser/extractors/sql.js +506 -0
package/dist/parser/extractors/sql.js.map +1 -0
package/dist/parser/extractors/typescript.d.ts.map +1 -1
package/dist/parser/extractors/typescript.js +209 -3
package/dist/parser/extractors/typescript.js.map +1 -1
package/dist/parser/languages/tree-sitter-javascript.wasm +0 -0
package/dist/parser/languages/tree-sitter-kotlin.wasm +0 -0
package/dist/parser/languages/tree-sitter-php.wasm +0 -0
package/dist/parser/languages/tree-sitter-php_only.wasm +0 -0
package/dist/parser/languages/tree-sitter-python.wasm +0 -0
package/dist/parser/parse-cache.d.ts +39 -0
package/dist/parser/parse-cache.d.ts.map +1 -0
package/dist/parser/parse-cache.js +87 -0
package/dist/parser/parse-cache.js.map +1 -0
package/dist/parser/parser-manager.d.ts +32 -0
package/dist/parser/parser-manager.d.ts.map +1 -1
package/dist/parser/parser-manager.js +93 -3
package/dist/parser/parser-manager.js.map +1 -1
package/dist/parser/symbol-extractor.d.ts.map +1 -1
package/dist/parser/symbol-extractor.js +16 -0
package/dist/parser/symbol-extractor.js.map +1 -1
package/dist/register-tools.d.ts +38 -2
package/dist/register-tools.d.ts.map +1 -1
package/dist/register-tools.js +2444 -195
package/dist/register-tools.js.map +1 -1
package/dist/search/reranker.js +1 -1
package/dist/search/reranker.js.map +1 -1
package/dist/search/tool-ranker.d.ts +90 -0
package/dist/search/tool-ranker.d.ts.map +1 -0
package/dist/search/tool-ranker.js +420 -0
package/dist/search/tool-ranker.js.map +1 -0
package/dist/server-helpers.d.ts.map +1 -1
package/dist/server-helpers.js +11 -0
package/dist/server-helpers.js.map +1 -1
package/dist/server.js +47 -14
package/dist/server.js.map +1 -1
package/dist/storage/index-store.d.ts +15 -1
package/dist/storage/index-store.d.ts.map +1 -1
package/dist/storage/index-store.js +27 -1
package/dist/storage/index-store.js.map +1 -1
package/dist/storage/session-state.d.ts +1 -1
package/dist/storage/session-state.d.ts.map +1 -1
package/dist/storage/session-state.js +6 -4
package/dist/storage/session-state.js.map +1 -1
package/dist/storage/usage-tracker.d.ts.map +1 -1
package/dist/storage/usage-tracker.js +4 -1
package/dist/storage/usage-tracker.js.map +1 -1
package/dist/tools/agent-config-tools.d.ts +24 -0
package/dist/tools/agent-config-tools.d.ts.map +1 -0
package/dist/tools/agent-config-tools.js +119 -0
package/dist/tools/agent-config-tools.js.map +1 -0
package/dist/tools/architecture-tools.d.ts +23 -0
package/dist/tools/architecture-tools.d.ts.map +1 -0
package/dist/tools/architecture-tools.js +140 -0
package/dist/tools/architecture-tools.js.map +1 -0
package/dist/tools/astro-actions.d.ts +54 -0
package/dist/tools/astro-actions.d.ts.map +1 -0
package/dist/tools/astro-actions.js +561 -0
package/dist/tools/astro-actions.js.map +1 -0
package/dist/tools/astro-audit.d.ts +87 -0
package/dist/tools/astro-audit.d.ts.map +1 -0
package/dist/tools/astro-audit.js +345 -0
package/dist/tools/astro-audit.js.map +1 -0
package/dist/tools/astro-config.d.ts +33 -0
package/dist/tools/astro-config.d.ts.map +1 -0
package/dist/tools/astro-config.js +260 -0
package/dist/tools/astro-config.js.map +1 -0
package/dist/tools/astro-content-collections.d.ts +44 -0
package/dist/tools/astro-content-collections.d.ts.map +1 -0
package/dist/tools/astro-content-collections.js +630 -0
package/dist/tools/astro-content-collections.js.map +1 -0
package/dist/tools/astro-islands.d.ts +63 -0
package/dist/tools/astro-islands.d.ts.map +1 -0
package/dist/tools/astro-islands.js +255 -0
package/dist/tools/astro-islands.js.map +1 -0
package/dist/tools/astro-migration.d.ts +31 -0
package/dist/tools/astro-migration.d.ts.map +1 -0
package/dist/tools/astro-migration.js +378 -0
package/dist/tools/astro-migration.js.map +1 -0
package/dist/tools/astro-routes.d.ts +49 -0
package/dist/tools/astro-routes.d.ts.map +1 -0
package/dist/tools/astro-routes.js +119 -0
package/dist/tools/astro-routes.js.map +1 -0
package/dist/tools/async-correctness.d.ts +26 -0
package/dist/tools/async-correctness.d.ts.map +1 -0
package/dist/tools/async-correctness.js +166 -0
package/dist/tools/async-correctness.js.map +1 -0
package/dist/tools/audit-tools.d.ts +38 -0
package/dist/tools/audit-tools.d.ts.map +1 -0
package/dist/tools/audit-tools.js +248 -0
package/dist/tools/audit-tools.js.map +1 -0
package/dist/tools/celery-tools.d.ts +38 -0
package/dist/tools/celery-tools.d.ts.map +1 -0
package/dist/tools/celery-tools.js +154 -0
package/dist/tools/celery-tools.js.map +1 -0
package/dist/tools/clone-tools.js +1 -1
package/dist/tools/clone-tools.js.map +1 -1
package/dist/tools/complexity-tools.d.ts +4 -0
package/dist/tools/complexity-tools.d.ts.map +1 -1
package/dist/tools/complexity-tools.js +78 -4
package/dist/tools/complexity-tools.js.map +1 -1
package/dist/tools/compose-tools.d.ts +60 -0
package/dist/tools/compose-tools.d.ts.map +1 -0
package/dist/tools/compose-tools.js +203 -0
package/dist/tools/compose-tools.js.map +1 -0
package/dist/tools/coupling-tools.d.ts +50 -0
package/dist/tools/coupling-tools.d.ts.map +1 -0
package/dist/tools/coupling-tools.js +262 -0
package/dist/tools/coupling-tools.js.map +1 -0
package/dist/tools/dependency-audit-tools.d.ts +65 -0
package/dist/tools/dependency-audit-tools.d.ts.map +1 -0
package/dist/tools/dependency-audit-tools.js +553 -0
package/dist/tools/dependency-audit-tools.js.map +1 -0
package/dist/tools/django-settings.d.ts +22 -0
package/dist/tools/django-settings.d.ts.map +1 -0
package/dist/tools/django-settings.js +301 -0
package/dist/tools/django-settings.js.map +1 -0
package/dist/tools/django-view-security-tools.d.ts +32 -0
package/dist/tools/django-view-security-tools.d.ts.map +1 -0
package/dist/tools/django-view-security-tools.js +184 -0
package/dist/tools/django-view-security-tools.js.map +1 -0
package/dist/tools/fastapi-depends.d.ts +63 -0
package/dist/tools/fastapi-depends.d.ts.map +1 -0
package/dist/tools/fastapi-depends.js +191 -0
package/dist/tools/fastapi-depends.js.map +1 -0
package/dist/tools/frequency-tools.js +1 -1
package/dist/tools/frequency-tools.js.map +1 -1
package/dist/tools/graph-tools.d.ts +8 -2
package/dist/tools/graph-tools.d.ts.map +1 -1
package/dist/tools/graph-tools.js +44 -3
package/dist/tools/graph-tools.js.map +1 -1
package/dist/tools/hilt-tools.d.ts +55 -0
package/dist/tools/hilt-tools.d.ts.map +1 -0
package/dist/tools/hilt-tools.js +258 -0
package/dist/tools/hilt-tools.js.map +1 -0
package/dist/tools/hono-analyze-app.d.ts +48 -0
package/dist/tools/hono-analyze-app.d.ts.map +1 -0
package/dist/tools/hono-analyze-app.js +94 -0
package/dist/tools/hono-analyze-app.js.map +1 -0
package/dist/tools/hono-api-contract.d.ts +22 -0
package/dist/tools/hono-api-contract.d.ts.map +1 -0
package/dist/tools/hono-api-contract.js +112 -0
package/dist/tools/hono-api-contract.js.map +1 -0
package/dist/tools/hono-conditional-middleware.d.ts +27 -0
package/dist/tools/hono-conditional-middleware.d.ts.map +1 -0
package/dist/tools/hono-conditional-middleware.js +62 -0
package/dist/tools/hono-conditional-middleware.js.map +1 -0
package/dist/tools/hono-context-flow.d.ts +24 -0
package/dist/tools/hono-context-flow.d.ts.map +1 -0
package/dist/tools/hono-context-flow.js +70 -0
package/dist/tools/hono-context-flow.js.map +1 -0
package/dist/tools/hono-dead-routes.d.ts +26 -0
package/dist/tools/hono-dead-routes.d.ts.map +1 -0
package/dist/tools/hono-dead-routes.js +102 -0
package/dist/tools/hono-dead-routes.js.map +1 -0
package/dist/tools/hono-entry-resolver.d.ts +27 -0
package/dist/tools/hono-entry-resolver.d.ts.map +1 -0
package/dist/tools/hono-entry-resolver.js +31 -0
package/dist/tools/hono-entry-resolver.js.map +1 -0
package/dist/tools/hono-env-regression.d.ts +29 -0
package/dist/tools/hono-env-regression.d.ts.map +1 -0
package/dist/tools/hono-env-regression.js +157 -0
package/dist/tools/hono-env-regression.js.map +1 -0
package/dist/tools/hono-inline-analyze.d.ts +31 -0
package/dist/tools/hono-inline-analyze.d.ts.map +1 -0
package/dist/tools/hono-inline-analyze.js +59 -0
package/dist/tools/hono-inline-analyze.js.map +1 -0
package/dist/tools/hono-middleware-chain.d.ts +40 -0
package/dist/tools/hono-middleware-chain.d.ts.map +1 -0
package/dist/tools/hono-middleware-chain.js +121 -0
package/dist/tools/hono-middleware-chain.js.map +1 -0
package/dist/tools/hono-modules.d.ts +22 -0
package/dist/tools/hono-modules.d.ts.map +1 -0
package/dist/tools/hono-modules.js +118 -0
package/dist/tools/hono-modules.js.map +1 -0
package/dist/tools/hono-response-types.d.ts +37 -0
package/dist/tools/hono-response-types.d.ts.map +1 -0
package/dist/tools/hono-response-types.js +76 -0
package/dist/tools/hono-response-types.js.map +1 -0
package/dist/tools/hono-rpc-types.d.ts +21 -0
package/dist/tools/hono-rpc-types.d.ts.map +1 -0
package/dist/tools/hono-rpc-types.js +49 -0
package/dist/tools/hono-rpc-types.js.map +1 -0
package/dist/tools/hono-security.d.ts +31 -0
package/dist/tools/hono-security.d.ts.map +1 -0
package/dist/tools/hono-security.js +269 -0
package/dist/tools/hono-security.js.map +1 -0
package/dist/tools/hono-visualize.d.ts +13 -0
package/dist/tools/hono-visualize.d.ts.map +1 -0
package/dist/tools/hono-visualize.js +64 -0
package/dist/tools/hono-visualize.js.map +1 -0
package/dist/tools/hotspot-tools.d.ts.map +1 -1
package/dist/tools/hotspot-tools.js +9 -7
package/dist/tools/hotspot-tools.js.map +1 -1
package/dist/tools/index-tools.d.ts +17 -0
package/dist/tools/index-tools.d.ts.map +1 -1
package/dist/tools/index-tools.js +210 -10
package/dist/tools/index-tools.js.map +1 -1
package/dist/tools/kotlin-tools.d.ts +142 -0
package/dist/tools/kotlin-tools.d.ts.map +1 -0
package/dist/tools/kotlin-tools.js +572 -0
package/dist/tools/kotlin-tools.js.map +1 -0
package/dist/tools/legacy-hono-conventions.d.ts +14 -0
package/dist/tools/legacy-hono-conventions.d.ts.map +1 -0
package/dist/tools/legacy-hono-conventions.js +152 -0
package/dist/tools/legacy-hono-conventions.js.map +1 -0
package/dist/tools/migration-lint-tools.d.ts +26 -0
package/dist/tools/migration-lint-tools.d.ts.map +1 -0
package/dist/tools/migration-lint-tools.js +247 -0
package/dist/tools/migration-lint-tools.js.map +1 -0
package/dist/tools/model-tools.d.ts +30 -0
package/dist/tools/model-tools.d.ts.map +1 -0
package/dist/tools/model-tools.js +145 -0
package/dist/tools/model-tools.js.map +1 -0
package/dist/tools/nest-ext-tools.d.ts +207 -0
package/dist/tools/nest-ext-tools.d.ts.map +1 -0
package/dist/tools/nest-ext-tools.js +752 -0
package/dist/tools/nest-ext-tools.js.map +1 -0
package/dist/tools/nest-tools.d.ts +198 -0
package/dist/tools/nest-tools.d.ts.map +1 -0
package/dist/tools/nest-tools.js +1142 -0
package/dist/tools/nest-tools.js.map +1 -0
package/dist/tools/nextjs-api-contract-readers.d.ts +14 -0
package/dist/tools/nextjs-api-contract-readers.d.ts.map +1 -0
package/dist/tools/nextjs-api-contract-readers.js +204 -0
package/dist/tools/nextjs-api-contract-readers.js.map +1 -0
package/dist/tools/nextjs-api-contract-tools.d.ts +57 -0
package/dist/tools/nextjs-api-contract-tools.d.ts.map +1 -0
package/dist/tools/nextjs-api-contract-tools.js +144 -0
package/dist/tools/nextjs-api-contract-tools.js.map +1 -0
package/dist/tools/nextjs-boundary-tools.d.ts +39 -0
package/dist/tools/nextjs-boundary-tools.d.ts.map +1 -0
package/dist/tools/nextjs-boundary-tools.js +152 -0
package/dist/tools/nextjs-boundary-tools.js.map +1 -0
package/dist/tools/nextjs-component-readers.d.ts +101 -0
package/dist/tools/nextjs-component-readers.d.ts.map +1 -0
package/dist/tools/nextjs-component-readers.js +287 -0
package/dist/tools/nextjs-component-readers.js.map +1 -0
package/dist/tools/nextjs-component-tools.d.ts +51 -0
package/dist/tools/nextjs-component-tools.d.ts.map +1 -0
package/dist/tools/nextjs-component-tools.js +212 -0
package/dist/tools/nextjs-component-tools.js.map +1 -0
package/dist/tools/nextjs-data-flow-tools.d.ts +42 -0
package/dist/tools/nextjs-data-flow-tools.d.ts.map +1 -0
package/dist/tools/nextjs-data-flow-tools.js +158 -0
package/dist/tools/nextjs-data-flow-tools.js.map +1 -0
package/dist/tools/nextjs-framework-audit-tools.d.ts +60 -0
package/dist/tools/nextjs-framework-audit-tools.d.ts.map +1 -0
package/dist/tools/nextjs-framework-audit-tools.js +394 -0
package/dist/tools/nextjs-framework-audit-tools.js.map +1 -0
package/dist/tools/nextjs-link-tools.d.ts +41 -0
package/dist/tools/nextjs-link-tools.d.ts.map +1 -0
package/dist/tools/nextjs-link-tools.js +157 -0
package/dist/tools/nextjs-link-tools.js.map +1 -0
package/dist/tools/nextjs-metadata-tools.d.ts +74 -0
package/dist/tools/nextjs-metadata-tools.d.ts.map +1 -0
package/dist/tools/nextjs-metadata-tools.js +252 -0
package/dist/tools/nextjs-metadata-tools.js.map +1 -0
package/dist/tools/nextjs-middleware-coverage-tools.d.ts +41 -0
package/dist/tools/nextjs-middleware-coverage-tools.d.ts.map +1 -0
package/dist/tools/nextjs-middleware-coverage-tools.js +88 -0
package/dist/tools/nextjs-middleware-coverage-tools.js.map +1 -0
package/dist/tools/nextjs-route-readers.d.ts +81 -0
package/dist/tools/nextjs-route-readers.d.ts.map +1 -0
package/dist/tools/nextjs-route-readers.js +340 -0
package/dist/tools/nextjs-route-readers.js.map +1 -0
package/dist/tools/nextjs-route-tools.d.ts +36 -0
package/dist/tools/nextjs-route-tools.d.ts.map +1 -0
package/dist/tools/nextjs-route-tools.js +175 -0
package/dist/tools/nextjs-route-tools.js.map +1 -0
package/dist/tools/nextjs-security-readers.d.ts +22 -0
package/dist/tools/nextjs-security-readers.d.ts.map +1 -0
package/dist/tools/nextjs-security-readers.js +318 -0
package/dist/tools/nextjs-security-readers.js.map +1 -0
package/dist/tools/nextjs-security-scoring.d.ts +15 -0
package/dist/tools/nextjs-security-scoring.d.ts.map +1 -0
package/dist/tools/nextjs-security-scoring.js +65 -0
package/dist/tools/nextjs-security-scoring.js.map +1 -0
package/dist/tools/nextjs-security-tools.d.ts +75 -0
package/dist/tools/nextjs-security-tools.d.ts.map +1 -0
package/dist/tools/nextjs-security-tools.js +153 -0
package/dist/tools/nextjs-security-tools.js.map +1 -0
package/dist/tools/nextjs-tools.d.ts +15 -0
package/dist/tools/nextjs-tools.d.ts.map +1 -0
package/dist/tools/nextjs-tools.js +15 -0
package/dist/tools/nextjs-tools.js.map +1 -0
package/dist/tools/outline-tools.d.ts.map +1 -1
package/dist/tools/outline-tools.js +20 -0
package/dist/tools/outline-tools.js.map +1 -1
package/dist/tools/pattern-tools.d.ts +8 -0
package/dist/tools/pattern-tools.d.ts.map +1 -1
package/dist/tools/pattern-tools.js +651 -3
package/dist/tools/pattern-tools.js.map +1 -1
package/dist/tools/perf-tools.d.ts +32 -0
package/dist/tools/perf-tools.d.ts.map +1 -0
package/dist/tools/perf-tools.js +227 -0
package/dist/tools/perf-tools.js.map +1 -0
package/dist/tools/php-tools.d.ts +185 -0
package/dist/tools/php-tools.d.ts.map +1 -0
package/dist/tools/php-tools.js +645 -0
package/dist/tools/php-tools.js.map +1 -0
package/dist/tools/plan-turn-tools.d.ts +89 -0
package/dist/tools/plan-turn-tools.d.ts.map +1 -0
package/dist/tools/plan-turn-tools.js +508 -0
package/dist/tools/plan-turn-tools.js.map +1 -0
package/dist/tools/prisma-schema-tools.d.ts +44 -0
package/dist/tools/prisma-schema-tools.d.ts.map +1 -0
package/dist/tools/prisma-schema-tools.js +358 -0
package/dist/tools/prisma-schema-tools.js.map +1 -0
package/dist/tools/project-tools.d.ts +116 -7
package/dist/tools/project-tools.d.ts.map +1 -1
package/dist/tools/project-tools.js +595 -218
package/dist/tools/project-tools.js.map +1 -1
package/dist/tools/pydantic-models.d.ts +46 -0
package/dist/tools/pydantic-models.d.ts.map +1 -0
package/dist/tools/pydantic-models.js +249 -0
package/dist/tools/pydantic-models.js.map +1 -0
package/dist/tools/pyproject-tools.d.ts +23 -0
package/dist/tools/pyproject-tools.d.ts.map +1 -0
package/dist/tools/pyproject-tools.js +133 -0
package/dist/tools/pyproject-tools.js.map +1 -0
package/dist/tools/pytest-tools.d.ts +20 -0
package/dist/tools/pytest-tools.d.ts.map +1 -0
package/dist/tools/pytest-tools.js +106 -0
package/dist/tools/pytest-tools.js.map +1 -0
package/dist/tools/python-audit.d.ts +40 -0
package/dist/tools/python-audit.d.ts.map +1 -0
package/dist/tools/python-audit.js +244 -0
package/dist/tools/python-audit.js.map +1 -0
package/dist/tools/python-callers.d.ts +28 -0
package/dist/tools/python-callers.d.ts.map +1 -0
package/dist/tools/python-callers.js +110 -0
package/dist/tools/python-callers.js.map +1 -0
package/dist/tools/python-circular-imports.d.ts +19 -0
package/dist/tools/python-circular-imports.d.ts.map +1 -0
package/dist/tools/python-circular-imports.js +126 -0
package/dist/tools/python-circular-imports.js.map +1 -0
package/dist/tools/python-constants-tools.d.ts +44 -0
package/dist/tools/python-constants-tools.d.ts.map +1 -0
package/dist/tools/python-constants-tools.js +525 -0
package/dist/tools/python-constants-tools.js.map +1 -0
package/dist/tools/python-deps-analyzer.d.ts +46 -0
package/dist/tools/python-deps-analyzer.d.ts.map +1 -0
package/dist/tools/python-deps-analyzer.js +227 -0
package/dist/tools/python-deps-analyzer.js.map +1 -0
package/dist/tools/query-tools.d.ts +23 -0
package/dist/tools/query-tools.d.ts.map +1 -0
package/dist/tools/query-tools.js +256 -0
package/dist/tools/query-tools.js.map +1 -0
package/dist/tools/react-tools.d.ts +263 -0
package/dist/tools/react-tools.d.ts.map +1 -0
package/dist/tools/react-tools.js +839 -0
package/dist/tools/react-tools.js.map +1 -0
package/dist/tools/report-tools.js +47 -0
package/dist/tools/report-tools.js.map +1 -1
package/dist/tools/review-diff-tools.d.ts +5 -4
package/dist/tools/review-diff-tools.d.ts.map +1 -1
package/dist/tools/review-diff-tools.js +157 -66
package/dist/tools/review-diff-tools.js.map +1 -1
package/dist/tools/room-tools.d.ts +36 -0
package/dist/tools/room-tools.d.ts.map +1 -0
package/dist/tools/room-tools.js +147 -0
package/dist/tools/room-tools.js.map +1 -0
package/dist/tools/route-tools.d.ts +27 -1
package/dist/tools/route-tools.d.ts.map +1 -1
package/dist/tools/route-tools.js +744 -18
package/dist/tools/route-tools.js.map +1 -1
package/dist/tools/ruff-tools.d.ts +32 -0
package/dist/tools/ruff-tools.d.ts.map +1 -0
package/dist/tools/ruff-tools.js +114 -0
package/dist/tools/ruff-tools.js.map +1 -0
package/dist/tools/search-ranker.d.ts.map +1 -1
package/dist/tools/search-ranker.js +7 -0
package/dist/tools/search-ranker.js.map +1 -1
package/dist/tools/search-tools.d.ts +3 -2
package/dist/tools/search-tools.d.ts.map +1 -1
package/dist/tools/search-tools.js +16 -3
package/dist/tools/search-tools.js.map +1 -1
package/dist/tools/serialization-tools.d.ts +24 -0
package/dist/tools/serialization-tools.d.ts.map +1 -0
package/dist/tools/serialization-tools.js +156 -0
package/dist/tools/serialization-tools.js.map +1 -0
package/dist/tools/sql-tools.d.ts +274 -0
package/dist/tools/sql-tools.d.ts.map +1 -0
package/dist/tools/sql-tools.js +1160 -0
package/dist/tools/sql-tools.js.map +1 -0
package/dist/tools/status-tools.d.ts +10 -0
package/dist/tools/status-tools.d.ts.map +1 -0
package/dist/tools/status-tools.js +32 -0
package/dist/tools/status-tools.js.map +1 -0
package/dist/tools/symbol-tools.d.ts +19 -0
package/dist/tools/symbol-tools.d.ts.map +1 -1
package/dist/tools/symbol-tools.js +75 -4
package/dist/tools/symbol-tools.js.map +1 -1
package/dist/tools/taint-tools.d.ts +43 -0
package/dist/tools/taint-tools.d.ts.map +1 -0
package/dist/tools/taint-tools.js +922 -0
package/dist/tools/taint-tools.js.map +1 -0
package/dist/tools/test-impact-tools.d.ts +29 -0
package/dist/tools/test-impact-tools.d.ts.map +1 -0
package/dist/tools/test-impact-tools.js +156 -0
package/dist/tools/test-impact-tools.js.map +1 -0
package/dist/tools/typecheck-tools.d.ts +39 -0
package/dist/tools/typecheck-tools.d.ts.map +1 -0
package/dist/tools/typecheck-tools.js +191 -0
package/dist/tools/typecheck-tools.js.map +1 -0
package/dist/tools/wiring-tools.d.ts +19 -0
package/dist/tools/wiring-tools.d.ts.map +1 -0
package/dist/tools/wiring-tools.js +147 -0
package/dist/tools/wiring-tools.js.map +1 -0
package/dist/types.d.ts +9 -1
package/dist/types.d.ts.map +1 -1
package/dist/utils/framework-detect.d.ts +18 -2
package/dist/utils/framework-detect.d.ts.map +1 -1
package/dist/utils/framework-detect.js +150 -3
package/dist/utils/framework-detect.js.map +1 -1
package/dist/utils/import-graph.d.ts +42 -0
package/dist/utils/import-graph.d.ts.map +1 -1
package/dist/utils/import-graph.js +248 -9
package/dist/utils/import-graph.js.map +1 -1
package/dist/utils/language-detect.d.ts +21 -0
package/dist/utils/language-detect.d.ts.map +1 -0
package/dist/utils/language-detect.js +183 -0
package/dist/utils/language-detect.js.map +1 -0
package/dist/utils/nextjs-ast-readers.d.ts +44 -0
package/dist/utils/nextjs-ast-readers.d.ts.map +1 -0
package/dist/utils/nextjs-ast-readers.js +341 -0
package/dist/utils/nextjs-ast-readers.js.map +1 -0
package/dist/utils/nextjs-audit-cache.d.ts +51 -0
package/dist/utils/nextjs-audit-cache.d.ts.map +1 -0
package/dist/utils/nextjs-audit-cache.js +116 -0
package/dist/utils/nextjs-audit-cache.js.map +1 -0
package/dist/utils/nextjs-metadata-readers.d.ts +65 -0
package/dist/utils/nextjs-metadata-readers.d.ts.map +1 -0
package/dist/utils/nextjs-metadata-readers.js +447 -0
package/dist/utils/nextjs-metadata-readers.js.map +1 -0
package/dist/utils/nextjs.d.ts +42 -0
package/dist/utils/nextjs.d.ts.map +1 -0
package/dist/utils/nextjs.js +284 -0
package/dist/utils/nextjs.js.map +1 -0
package/dist/utils/python-import-resolver.d.ts +42 -0
package/dist/utils/python-import-resolver.d.ts.map +1 -0
package/dist/utils/python-import-resolver.js +101 -0
package/dist/utils/python-import-resolver.js.map +1 -0
package/dist/utils/python-imports.d.ts +28 -0
package/dist/utils/python-imports.d.ts.map +1 -0
package/dist/utils/python-imports.js +117 -0
package/dist/utils/python-imports.js.map +1 -0
package/dist/utils/react-alias.d.ts +15 -0
package/dist/utils/react-alias.d.ts.map +1 -0
package/dist/utils/react-alias.js +31 -0
package/dist/utils/react-alias.js.map +1 -0
package/dist/utils/test-file.d.ts.map +1 -1
package/dist/utils/test-file.js +7 -0
package/dist/utils/test-file.js.map +1 -1
package/dist/utils/walk.d.ts +22 -0
package/dist/utils/walk.d.ts.map +1 -1
package/dist/utils/walk.js +70 -2
package/dist/utils/walk.js.map +1 -1
package/package.json +4 -3
package/rules/codesift.md +71 -5
package/rules/codesift.mdc +71 -5
package/rules/codex.md +71 -5
package/rules/gemini.md +71 -5
package/src/parser/languages/tree-sitter-javascript.wasm +0 -0
package/src/parser/languages/tree-sitter-kotlin.wasm +0 -0
package/src/parser/languages/tree-sitter-php.wasm +0 -0
package/src/parser/languages/tree-sitter-php_only.wasm +0 -0
package/src/parser/languages/tree-sitter-python.wasm +0 -0

package/dist/tools/pattern-tools.js CHANGED Viewed

@@ -1,11 +1,187 @@
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
 import { getCodeIndex } from "./index-tools.js";
 import { isTestFileStrict as isTestFile } from "../utils/test-file.js";
 // Built-in patterns inspired by CQ checklist + common React/TS anti-patterns
-const BUILTIN_PATTERNS = {
+// Exported for direct regex testing in unit tests.
+export const BUILTIN_PATTERNS = {
     "useEffect-no-cleanup": {
         regex: /useEffect\s*\(\s*(?:async\s*)?\(\)\s*=>\s*\{(?:(?!return\s*\(\s*\)\s*=>|return\s+\(\)\s*=>|return\s*\(\s*\)\s*\{|return\s+function)[\s\S])*\}\s*,/,
         description: "useEffect without cleanup return — potential memory leak (CQ22)",
     },
+    // --- React anti-patterns (Wave 2) ---
+    "hook-in-condition": {
+        regex: /\b(?:if|for|while|switch)\s*\([^)]*\)\s*\{[\s\S]{0,500}?\buse[A-Z]\w*\s*\(/,
+        description: "React hook called inside if/for/while/switch — violates Rule of Hooks",
+    },
+    "useEffect-async": {
+        regex: /useEffect\s*\(\s*async\s+(?:function\b|\(|[a-z_$])/,
+        description: "async function directly in useEffect — use inner async wrapper (CQ22)",
+    },
+    "useEffect-object-dep": {
+        regex: /useEffect\s*\([\s\S]*?,\s*\[[^\]]*[{[]/,
+        description: "Object/array literal in useEffect dependency array — causes infinite re-renders",
+    },
+    "missing-display-name": {
+        regex: /(?:React\.)?(?:memo|forwardRef)\s*\((?:(?!displayName)[\s\S]){0,500}$/,
+        description: "React.memo/forwardRef without displayName nearby — harder to debug in DevTools",
+    },
+    "index-as-key": {
+        regex: /\.map\s*\(\s*\(\s*\w+\s*,\s*(index|idx|i)\b[^)]*\)\s*=>[\s\S]{0,400}?key\s*=\s*\{?\s*\1\b/,
+        description: "Array index used as React key — causes incorrect reconciliation on reorder",
+    },
+    "inline-handler": {
+        regex: /\bon[A-Z]\w*\s*=\s*\{\s*(?:\([^)]*\)|[a-z_$][\w$]*)\s*=>/,
+        description: "Inline arrow function in JSX event handler — creates new reference every render (memoization killer)",
+    },
+    "conditional-render-hook": {
+        regex: /\breturn\s+[^;{]*;\s*\n[\s\S]*?\buse[A-Z]\w*\s*\(/,
+        description: "React hook called after early return — violates Rule of Hooks",
+    },
+    // --- React anti-patterns (Wave 4b — additional) ---
+    "dangerously-set-html": {
+        regex: /dangerouslySetInnerHTML\s*=\s*\{/,
+        description: "dangerouslySetInnerHTML used — XSS risk unless content is sanitized (CQ24)",
+    },
+    "direct-dom-access": {
+        regex: /\bdocument\.(getElementById|querySelector|querySelectorAll|getElementsBy)\s*\(/,
+        description: "Direct DOM access in React component — use useRef instead (breaks SSR, bypasses virtual DOM)",
+    },
+    "unstable-default-value": {
+        regex: /(?:function\s+[A-Z]\w*|const\s+[A-Z]\w*\s*=\s*(?:\([^)]*\)|[^=]*)\s*=>)\s*[\s\S]{0,100}(?:\{\s*[^}]*=\s*\[\s*\]|\{\s*[^}]*=\s*\{\s*\})/,
+        description: "Default prop value [] or {} in component params — creates new reference every render, breaks memo/PureComponent",
+    },
+    "jsx-falsy-and": {
+        regex: /\{\s*(?:count|length|size|num|total|amount)\s*&&\s*</,
+        description: "Numeric variable used with && in JSX — renders '0' on screen when falsy. Use ternary or Boolean() (React gotcha)",
+    },
+    "nested-component-def": {
+        regex: /(?:function\s+[A-Z]\w*\s*\([^)]*\)\s*\{|const\s+[A-Z]\w*\s*=\s*(?:\([^)]*\)|[\w$]*)\s*=>\s*\{)[\s\S]{0,1500}?\n\s{2,}(?:function\s+[A-Z]\w*\s*\(|const\s+[A-Z]\w*\s*=\s*\()/,
+        description: "Component defined inside another component — remounts on every parent render, loses all state. Hoist to module level.",
+    },
+    "usecallback-no-deps": {
+        regex: /use(?:Callback|Memo)\s*\([\s\S]*?\)\s*\)\s*[;,]/,
+        description: "useCallback/useMemo with only one argument (no dependency array) — useless memoization, value recreated every render",
+    },
+    // --- React 19 features (Tier 4 — Item 19) ---
+    "react19-use-without-suspense": {
+        regex: /\buse\s*\(\s*[a-zA-Z_$][\w$]*\s*\)/,
+        description: "React 19 use(promise) — must be wrapped in <Suspense> or it throws. Verify Suspense boundary exists in parent.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "react19-server-action-not-async": {
+        regex: /^[\s\S]{0,200}["']use server["'][\s\S]{0,500}?\bexport\s+(?!async)function\s+\w+\s*\(/m,
+        description: "React 19 Server Action: function in 'use server' file must be async (returns Promise). Synchronous functions break the action contract.",
+        fileIncludePattern: /\.(tsx|jsx|ts|js)$/,
+    },
+    "react19-form-action-non-function": {
+        regex: /<form\s+[^>]*\baction\s*=\s*["'][^"']/,
+        description: "React 19 form action prop should be a function (Server Action), not a string URL. Use <form action={serverAction}> for progressive enhancement.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "react19-useoptimistic-no-transition": {
+        regex: /\buseOptimistic\s*\([\s\S]{0,300}?(?!useTransition|startTransition)/,
+        description: "React 19 useOptimistic should be paired with useTransition/startTransition for non-urgent updates. Without it, optimistic updates can be interrupted.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    // --- oxlint-inspired React rules (April 2026) ---
+    "hook-usestate-destructure": {
+        regex: /(?:^|\n)\s*useState\s*(?:<[^>]+>)?\s*\([^)]*\)\s*;/,
+        description: "useState() called without destructuring [value, setter] — value is inaccessible. Use: const [value, setValue] = useState(initial). (oxlint react/hook-use-state)",
+        fileIncludePattern: /\.(tsx|jsx|ts)$/,
+    },
+    "prefer-function-component": {
+        regex: /class\s+\w+\s+extends\s+(?:React\.)?(?:Component|PureComponent)\b/,
+        description: "Class component could be a function component — class components lack hook support, are harder to tree-shake, and React Compiler cannot optimize them. (oxlint react/prefer-function-component)",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    // --- React Compiler bailout patterns (GA v1.0, Oct 2025 — Next.js 16 stable) ---
+    "compiler-side-effect-in-render": {
+        regex: /\b(?:console\.(?:log|warn|error|info)\s*\(|Math\.random\s*\(|Date\.now\s*\(|document\.(?:getElementById|querySelector|createElement)\s*\()/,
+        description: "Side effect in render body — React Compiler silently skips memoization. Move to useEffect or event handler.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-ref-read-in-render": {
+        regex: /(?:^|\n)\s*(?:const|let|var)\s+\w+\s*=\s*\w+Ref\.current\b/,
+        description: "Reading ref.current during render — React Compiler cannot track ref mutations. Read refs in useEffect or event handlers only.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-prop-mutation": {
+        regex: /\bprops\.\w+\.(?:push|pop|shift|unshift|splice|sort|reverse|fill)\s*\(/,
+        description: "Mutating props object — breaks React Compiler immutability assumption. Clone before mutating: [...props.items, newItem].",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-state-mutation": {
+        regex: /(?:^|\n)\s*\w+\.(?:push|pop|shift|unshift|splice|sort|reverse|fill)\s*\([\s\S]{0,200}?set[A-Z]\w*\s*\(\s*\w+\s*\)/,
+        description: "Direct state mutation then setState with same reference — React Compiler assumes immutable updates. Use spread: setItems([...items, newItem]).",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-try-catch-bailout": {
+        regex: /(?:function\s+[A-Z]\w*|const\s+[A-Z]\w*\s*=)[\s\S]{0,300}?\btry\s*\{[\s\S]{0,500}?\bcatch\s*\(/,
+        description: "try/catch in component body — React Compiler may silently bail out (known issue #35644). Move error handling to useEffect or extract to a hook.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-redundant-memo": {
+        regex: /\b(?:React\.)?memo\s*\(\s*(?:function\s+[A-Z]|(?:\([^)]*\)|[A-Z]\w*)\s*=>)/,
+        description: "React.memo wrapping — React Compiler auto-memoizes, making manual memo redundant. Safe to remove after compiler adoption.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "compiler-redundant-usecallback": {
+        regex: /\buseCallback\s*\(\s*(?:\([^)]*\)|[a-z_$][\w$]*)\s*=>/,
+        description: "useCallback wrapping — React Compiler auto-memoizes callbacks, making manual useCallback redundant. Safe to remove after compiler adoption.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    // --- RSC boundary serializability (Tier 4 — Item 18) ---
+    "rsc-non-serializable-prop": {
+        // Detects patterns like onClick={fn} or callback={handler} on JSX elements
+        // when the file has "use client" directive or imports from a client component.
+        // Heuristic: prop=function-reference (not arrow inline, that's caught elsewhere).
+        regex: /\b(?:onClick|onChange|onSubmit|onError|callback|handler|render)\s*=\s*\{\s*[a-z_$][\w$]*\s*\}/,
+        description: "Function passed as prop across RSC boundary — must be a Server Action ('use server') or component must be Client Component ('use client'). Functions are not serializable.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "rsc-date-prop": {
+        regex: /\b\w+\s*=\s*\{\s*new\s+Date\s*\(/,
+        description: "Date object passed as prop — Date is serializable in JSON but loses prototype across RSC boundary. Use ISO string + parse on client side.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    // --- useEffect pain points (37% of devs struggle — State of React 2025) ---
+    "useEffect-missing-cleanup": {
+        regex: /useEffect\s*\(\s*(?:\([^)]*\)|[a-z_$][\w$]*)\s*=>[\s\S]{0,800}?(?:addEventListener|setInterval|setTimeout|subscribe|on\s*\()(?:(?!return\s*(?:\(\s*\)\s*=>|function))[\s\S]){0,800}\}\s*,/,
+        description: "useEffect with addEventListener/setInterval/subscribe but no cleanup return — memory leak. Return a cleanup function that removes the listener/clears the interval.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "useEffect-setstate-loop": {
+        regex: /useEffect\s*\(\s*(?:\([^)]*\)|[a-z_$][\w$]*)\s*=>[\s\S]{0,500}?set([A-Z]\w*)\s*\([\s\S]{0,300}?\[\s*[\s\S]*?\b\1\b/i,
+        description: "setState inside useEffect with same state variable in dependency array — causes infinite render loop. Either remove from deps or use functional updater: setState(prev => ...).",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    "useEffect-missing-deps-identifier": {
+        // Heuristic: useEffect with empty dep array [] but body references an
+        // identifier that looks like a prop/state (lowerCamelCase, 2+ chars).
+        // Subset of eslint-react-hooks/exhaustive-deps — catches the common
+        // "empty deps but reads mutable value" bug without full scope analysis.
+        regex: /useEffect\s*\(\s*\([^)]*\)\s*=>\s*\{[\s\S]{0,400}?\b(?:props\.\w+|[a-z][a-zA-Z]*(?:\.\w+)?)[\s\S]{0,400}?\}\s*,\s*\[\s*\]\s*\)/,
+        description: "useEffect with empty deps array [] reads props/state identifiers in body — likely missing dependencies. If intentional, add // eslint-disable-next-line react-hooks/exhaustive-deps with reason.",
+        fileIncludePattern: /\.(tsx|jsx)$/,
+    },
+    // --- Next.js 16 cache patterns ---
+    "nextjs-use-cache-without-tag": {
+        regex: /['"]use cache['"](?:(?!cacheTag\s*\()[\s\S]){0,1000}$/,
+        description: "Next.js 16 'use cache' directive without cacheTag() call — cache entry is hard to invalidate. Add cacheTag('name') for targeted revalidation.",
+        fileIncludePattern: /\.(tsx|jsx|ts)$/,
+    },
+    "nextjs-revalidatetag-deprecated": {
+        regex: /\brevalidateTag\s*\(\s*['"][^'"]+['"]\s*\)/,
+        description: "Next.js 16: revalidateTag() without cacheLife profile (second argument). Single-arg form deprecated — add cacheLife profile.",
+        fileIncludePattern: /\.(tsx|jsx|ts)$/,
+    },
+    // --- TanStack Query patterns ---
+    "tanstack-missing-invalidation": {
+        regex: /\buseMutation\s*\((?:(?!invalidateQueries|invalidateQuery)[\s\S]){0,800}\}\s*\)/,
+        description: "useMutation without invalidateQueries in onSuccess/onSettled — stale data remains in cache after mutation. Add queryClient.invalidateQueries() on success.",
+        fileIncludePattern: /\.(tsx|jsx|ts)$/,
+    },
     "empty-catch": {
         regex: /catch\s*\([^)]*\)\s*\{\s*\}/,
         description: "Empty catch block — swallowed error (CQ8)",
@@ -38,6 +214,427 @@ const BUILTIN_PATTERNS = {
         regex: /\/\/\s*(TODO|FIXME|HACK|XXX|TEMP|TEMPORARY)\b|\/\/\s*(Phase|Step|Stage)\s*\d|\/\/\s*(placeholder|stub|dummy)\b|throw new Error\(['"]not implemented['"]\)|console\.(log|warn)\(['"]TODO\b/i,
         description: "Scaffolding markers: TODO/FIXME/HACK, Phase/Step markers, placeholder stubs, not-implemented throws (tech debt)",
     },
+    // Kotlin anti-patterns
+    "runblocking-in-coroutine": {
+        regex: /suspend\s+fun[\s\S]{0,500}runBlocking\s*[\({]/,
+        description: "runBlocking inside suspend function — deadlock risk (Kotlin coroutines)",
+    },
+    "globalscope-launch": {
+        regex: /GlobalScope\.(launch|async)\s*[\({]/,
+        description: "GlobalScope.launch/async — lifecycle leak, use structured concurrency (Kotlin)",
+    },
+    "data-class-mutable": {
+        regex: /data\s+class\s+\w+\([^)]*\bvar\s+/,
+        description: "data class with var property — breaks hashCode/equals contract (Kotlin)",
+    },
+    "lateinit-no-check": {
+        regex: /lateinit\s+var\s+(\w+)/,
+        description: "lateinit var without isInitialized check — UninitializedPropertyAccessException risk (Kotlin)",
+    },
+    "empty-when-branch": {
+        regex: /when\s*\([^)]*\)\s*\{[\s\S]*?->\s*\{\s*\}/,
+        description: "Empty when branch — swallowed case (Kotlin)",
+    },
+    "mutable-shared-state": {
+        regex: /(?:companion\s+object|object\s+\w+)\s*\{[\s\S]*?\bvar\s+/,
+        description: "Mutable var inside object/companion — thread-unsafe shared state (Kotlin)",
+    },
+    // Kotest anti-patterns — require include_tests=true to surface
+    "kotest-missing-assertion": {
+        regex: /\btest\s*\(\s*"[^"]*"\s*\)\s*\{(?:(?!\bshould(?:Be|NotBe|Throw|Contain|Match|HaveSize)\b|\bshould\s*\{|\bshouldBe\b|\bassertSoftly\b|\bassertThat\b|\bassertTrue\b|\bassertFalse\b|\bassertEquals\b|\bexpect\s*\(|\bverify\s*\()[\s\S])*?\}/,
+        description: "Kotest test block without any shouldBe/shouldThrow/assertSoftly/assertEquals — missing assertion",
+    },
+    "kotest-mixed-styles": {
+        regex: /(?:\bFunSpec\s*\([\s\S]*?(?:\bDescribeSpec|\bStringSpec|\bBehaviorSpec|\bShouldSpec|\bWordSpec|\bFeatureSpec|\bExpectSpec)\s*\()|(?:(?:\bDescribeSpec|\bStringSpec|\bBehaviorSpec|\bShouldSpec|\bWordSpec|\bFeatureSpec|\bExpectSpec)\s*\([\s\S]*?\bFunSpec\s*\()/,
+        description: "Multiple Kotest spec styles (e.g. FunSpec + DescribeSpec) in same file — inconsistent test layout",
+    },
+    // Jetpack Compose anti-patterns
+    "compose-missing-remember": {
+        regex: /(?<!\bremember\s*\{[^}]{0,60})\b(?:mutableStateOf|mutableStateListOf|mutableIntStateOf|derivedStateOf)\s*(?:<[^>]*>)?\s*\(/,
+        description: "mutableStateOf/derivedStateOf without remember — state resets every recomposition (Compose)",
+    },
+    "compose-unstable-lambda": {
+        regex: /@Composable[\s\S]{0,2000}?\bon[A-Z]\w*\s*:\s*\([^)]*\)\s*->\s*Unit/,
+        description: "Event callback param with function type — unstable, causes child recomposition every frame unless caller uses remember (Compose)",
+    },
+    "compose-side-effect-in-composition": {
+        regex: /@Composable[\s\S]{0,1000}?(?:\bcoroutineScope\s*\{|\bviewModelScope\.launch|\bGlobalScope\.launch)/,
+        description: "Coroutine launch in @Composable body — use LaunchedEffect/rememberCoroutineScope instead (Compose)",
+    },
+    // PHP anti-patterns
+    "sql-injection-php": {
+        regex: /\$_(?:GET|POST|REQUEST)\[[^\]]+\][\s\S]{0,200}?(?:->query\(|->execute\(|createCommand\()/,
+        description: "User input from $_GET/$_POST flowing into SQL query without sanitization (PHP)",
+    },
+    "xss-php": {
+        regex: /echo\s+\$_(?:GET|POST|REQUEST)\[|print\s+\$_(?:GET|POST|REQUEST)\[/,
+        description: "Unescaped user input echoed to output — XSS risk (PHP). Use htmlspecialchars()",
+    },
+    "eval-php": {
+        regex: /\beval\s*\(/,
+        description: "eval() usage — code injection risk (PHP)",
+    },
+    "exec-php": {
+        regex: /\b(?:exec|system|passthru|shell_exec|popen|proc_open)\s*\(/,
+        description: "Shell command execution — command injection risk (PHP)",
+    },
+    "unserialize-php": {
+        regex: /\bunserialize\s*\(\s*\$_(?:GET|POST|REQUEST|COOKIE)/,
+        description: "unserialize() on user input — deserialization attack risk (PHP)",
+    },
+    "file-include-var": {
+        regex: /(?:require|include)(?:_once)?\s*\(?\s*\$(?!this)/,
+        description: "require/include with variable — file inclusion risk (PHP)",
+    },
+    "unescaped-yii-view": {
+        regex: /<\?=\s*\$(?!this->(?:render|beginBlock|endBlock))(?!.*?Html::encode)/,
+        description: "Yii2 view outputs variable without Html::encode() — XSS risk",
+    },
+    "raw-query-yii": {
+        regex: /createCommand\s*\(\s*["'][^"']*\$\{?\w+/,
+        description: "Yii2 createCommand with string interpolation — SQL injection risk",
+    },
+    // NestJS anti-patterns
+    "nest-circular-inject": {
+        regex: /@Inject\s*\(\s*forwardRef\s*\(/,
+        description: "Circular dependency via forwardRef — restructure module boundaries (NestJS)",
+    },
+    "nest-catch-all-filter": {
+        regex: /@Catch\s*\(\s*\)/,
+        description: "@Catch() with no argument — catches all exceptions indiscriminately (NestJS)",
+    },
+    "nest-request-scope": {
+        regex: /scope:\s*Scope\.REQUEST/,
+        description: "Request-scoped provider — performance overhead, breaks singleton assumptions (NestJS)",
+    },
+    "nest-raw-exception": {
+        regex: /throw\s+new\s+Error\s*\(/,
+        description: "Raw Error thrown instead of NestJS HttpException/BadRequestException (NestJS)",
+    },
+    "nest-any-guard-return": {
+        regex: /canActivate[\s\S]{0,100}return\s+true\s*;/,
+        description: "Guard always returns true — security no-op (NestJS)",
+    },
+    "nest-service-locator": {
+        regex: /moduleRef\s*\.\s*(?:get|resolve)\s*\(/,
+        description: "Service locator via ModuleRef.get/resolve — use constructor injection instead (NestJS)",
+    },
+    "nest-direct-env": {
+        regex: /process\.env\.\w+/,
+        description: "Direct process.env access — use ConfigService for type-safe config (NestJS)",
+    },
+    // Wave 2 anti-patterns
+    "nest-graphql-no-auth": {
+        // R-7 fix: restrict to .resolver.ts files (via fileIncludePattern) to avoid
+        // false positives on REST @Query() params. Regex checks for @Resolver + @Query/@Mutation
+        // present AND no @UseGuards anywhere in the matched span (capped at 2000 chars to avoid
+        // catastrophic backtracking — O(n) since the negation only runs once per symbol source).
+        regex: /^(?![\s\S]*@UseGuards)[\s\S]*@Resolver\s*\([\s\S]{0,500}?@(?:Query|Mutation)\s*\(/,
+        description: "GraphQL resolver with @Query/@Mutation but no @UseGuards in file — likely unprotected (NestJS)",
+        fileIncludePattern: /\.resolver\.[jt]sx?$/,
+    },
+    "nest-eager-relation": {
+        regex: /@(?:OneToMany|ManyToOne|OneToOne|ManyToMany)\s*\(\s*\(\)\s*=>\s*\w+[\s\S]{0,200}\beager:\s*true/,
+        description: "TypeORM relation with { eager: true } — auto-loads joins on every query (NestJS)",
+    },
+    // Wave 3: nestjs-doctor rule parity batch (15 rules)
+    // --- Security (5 rules) ---
+    "nest-typeorm-synchronize-prod": {
+        regex: /synchronize:\s*true(?![\s\S]{0,100}NODE_ENV\s*!==\s*['"`]production)/,
+        description: "TypeORM synchronize: true — schema auto-sync in production drops/recreates tables (NestJS)",
+        fileIncludePattern: /\.(ts|js)$/,
+    },
+    "nest-exposed-stack-trace": {
+        regex: /\.stack\s*(?:,|\)|\}|\n)/,
+        description: "Error.stack exposed in response/log — leaks internal paths and line numbers (NestJS security)",
+        fileIncludePattern: /\.(controller|filter|interceptor)\.[jt]sx?$/,
+    },
+    "nest-raw-entity-response": {
+        regex: /return\s+(?:await\s+)?this\.\w+Repository\.find/,
+        description: "Raw entity returned from controller — bypasses @Exclude/@Transform, leaks internal fields (NestJS)",
+        fileIncludePattern: /\.controller\.[jt]sx?$/,
+    },
+    "nest-cors-wildcard": {
+        regex: /(?:cors:\s*(?:true|\{\s*origin:\s*['"`]\*['"`])|enableCors\s*\(\s*\{\s*origin:\s*['"`]\*['"`])/,
+        description: "CORS wildcard origin — allows any site to make credentialed requests (NestJS security)",
+    },
+    "nest-disabled-csrf": {
+        regex: /csrf:\s*false|csrfProtection.*disabled/i,
+        description: "CSRF protection disabled — forms vulnerable to cross-site request forgery (NestJS)",
+    },
+    // --- Correctness (5 rules) ---
+    "nest-missing-guard-method": {
+        regex: /implements\s+(?:Can(?:Activate|Load)|NestGuard)(?:\s*\{(?![\s\S]{0,500}(?:canActivate|canLoad)\s*\())/,
+        description: "Guard class implements CanActivate/CanLoad but missing the required method (NestJS)",
+        fileIncludePattern: /\.guard\.[jt]sx?$/,
+    },
+    "nest-missing-pipe-transform": {
+        regex: /implements\s+PipeTransform(?:\s*\{(?![\s\S]{0,500}transform\s*\())/,
+        description: "Pipe class implements PipeTransform but missing transform() method (NestJS)",
+        fileIncludePattern: /\.pipe\.[jt]sx?$/,
+    },
+    "nest-missing-filter-catch": {
+        regex: /implements\s+ExceptionFilter(?:\s*\{(?![\s\S]{0,500}catch\s*\())/,
+        description: "Exception filter class implements ExceptionFilter but missing catch() method (NestJS)",
+        fileIncludePattern: /\.filter\.[jt]sx?$/,
+    },
+    "nest-missing-interceptor-intercept": {
+        regex: /implements\s+NestInterceptor(?:\s*\{(?![\s\S]{0,500}intercept\s*\())/,
+        description: "Interceptor class implements NestInterceptor but missing intercept() method (NestJS)",
+        fileIncludePattern: /\.interceptor\.[jt]sx?$/,
+    },
+    "nest-param-decorator-no-type": {
+        regex: /@Param\s*\(\s*['"`]\w+['"`]\s*\)\s*\w+\s*[,)]/,
+        description: "@Param('id') parameter without type annotation — `id` inferred as `any` (NestJS)",
+        fileIncludePattern: /\.controller\.[jt]sx?$/,
+    },
+    // --- Architecture (3 rules) ---
+    "nest-orm-in-controller": {
+        regex: /(?:@InjectRepository|this\.\w+Repository\.(?:find|save|update|delete|remove))/,
+        description: "Direct ORM/Repository usage in controller — violates separation of concerns (NestJS)",
+        fileIncludePattern: /\.controller\.[jt]sx?$/,
+    },
+    "nest-business-logic-in-controller": {
+        regex: /\bif\s*\(\s*\w+\s*\.\s*\w+\s*(?:===|!==|>|<|>=|<=)[\s\S]{0,200}(?:throw\s+new|await\s+this\.)/,
+        description: "Complex branching + async call in controller — business logic belongs in a service (NestJS)",
+        fileIncludePattern: /\.controller\.[jt]sx?$/,
+    },
+    "nest-moduleref-get": {
+        regex: /\bmoduleRef\s*\.\s*(?:get|resolve)\s*\(\s*['"`]?\w+/,
+        description: "Service locator via ModuleRef.get/resolve — use constructor injection instead (NestJS)",
+    },
+    // --- Performance (2 rules) ---
+    "nest-sync-fs-in-handler": {
+        regex: /\b(?:readFileSync|writeFileSync|existsSync|statSync|mkdirSync)\s*\(/,
+        description: "Synchronous filesystem call blocks the event loop — use fs/promises (NestJS)",
+        fileIncludePattern: /\.(controller|service)\.[jt]sx?$/,
+    },
+    "nest-require-primary-key": {
+        regex: /@Entity\s*\([\s\S]{0,200}(?:export\s+)?class\s+\w+(?:\s+extends\s+\w+)?\s*\{(?![\s\S]{0,500}@Primary(?:Generated)?Column)/,
+        description: "@Entity without @PrimaryColumn/@PrimaryGeneratedColumn — TypeORM will fail at runtime (NestJS)",
+        fileIncludePattern: /\.entity\.[jt]sx?$/,
+    },
+    // Astro anti-patterns
+    "astro-client-on-astro": {
+        regex: /client:(load|idle|visible|media|only).*\.astro/,
+        description: "client directive on .astro component import (Astro components cannot hydrate)",
+    },
+    "astro-glob-usage": {
+        regex: /Astro\.glob\s*\(/,
+        description: "Astro.glob() REMOVED in Astro 6 — use getCollection() or import.meta.glob() (BREAKING)",
+    },
+    "astro-set-html-xss": {
+        regex: /set:html=\{[^"'][^}]*\}/,
+        description: "set:html with dynamic content — potential XSS risk",
+    },
+    "astro-img-element": {
+        regex: /<img\s/,
+        description: "raw <img> element — use <Image> from astro:assets for optimization",
+    },
+    "astro-missing-getStaticPaths": {
+        regex: /\[[\w.]+\]\.astro/,
+        description: "dynamic route file — verify getStaticPaths is exported",
+    },
+    "astro-legacy-content-collections": {
+        regex: /src\/content\/config\.ts/,
+        description: "Legacy content collections REMOVED in Astro 6 — migrate to src/content.config.ts + Content Layer API (BREAKING)",
+    },
+    "astro-no-image-dimensions": {
+        regex: /<Image\s+(?![^>]*(?:width|height)\s*=)[^>]*\/?>/,
+        description: "<Image> without width/height — causes CLS (Cumulative Layout Shift)",
+    },
+    "astro-inline-script-no-is-inline": {
+        regex: /<script(?!\s+is:inline)(?:\s[^>]*)?>[\s\S]*?<\/script>/,
+        description: "<script> without is:inline — Astro will process/bundle it; add is:inline for raw passthrough",
+    },
+    "astro-env-secret-in-client": {
+        regex: /import\.meta\.env\.SECRET_/,
+        description: "import.meta.env.SECRET_* accessed — secret env vars are server-only, undefined in client components",
+    },
+    "astro-hardcoded-site-url": {
+        regex: /(?:href|src|url)\s*=\s*["']https?:\/\/(?!\/\/)[^"']*["']/,
+        description: "hardcoded absolute URL — use Astro.site or relative paths for portability",
+    },
+    "astro-missing-lang-attr": {
+        regex: /<html(?!\s[^>]*\blang\s*=)[^>]*>/,
+        description: "<html> without lang attribute — required for accessibility (WCAG 3.1.1)",
+    },
+    "astro-form-without-action": {
+        regex: /<form(?!\s[^>]*\baction\s*=)[^>]*>/,
+        description: "<form> without action attribute — consider Astro Actions for type-safe form handling",
+    },
+    "astro-view-transitions-deprecated": {
+        regex: /<ViewTransitions\s*\/?>/,
+        description: "<ViewTransitions /> renamed to <ClientRouter /> in Astro 6 (BREAKING) — update import from astro:transitions",
+    },
+    // Next.js anti-patterns
+    "nextjs-wrong-router": {
+        regex: /from\s+['"]next\/router['"]|require\s*\(\s*['"]next\/router['"]\s*\)/,
+        description: "Using next/router (Pages Router) in App Router file — use next/navigation instead",
+        fileExcludePattern: /(^|\/)pages\//,
+    },
+    "nextjs-fetch-waterfall": {
+        regex: /await\s+fetch\s*\([^)]*\)[\s\S]{0,300}await\s+fetch\s*\(/,
+        description: "Sequential await fetch calls — use Promise.all to avoid waterfall (Next.js performance)",
+    },
+    "nextjs-unnecessary-use-client": {
+        regex: /['"]use client['"](?![\s\S]*(?:useState|useEffect|useRef|useCallback|useMemo|useContext|useReducer|onClick|onChange|onSubmit|window\.|document\.|localStorage\.))/,
+        description: "File has 'use client' but may not need it — no hooks, events, or browser globals detected",
+    },
+    "nextjs-pages-in-app": {
+        regex: /./,
+        description: "Pages Router convention (index.tsx) inside app/ directory — use page.tsx for App Router",
+        fileIncludePattern: /(^|\/)app\/.*\/index\.(tsx|jsx|ts|js)$|^app\/index\.(tsx|jsx|ts|js)$/,
+    },
+    "nextjs-missing-error-boundary": {
+        regex: /./,
+        description: "Page file without sibling error.tsx — no error boundary for graceful error handling",
+        fileIncludePattern: /(^|\/)app\/.*\/page\.[jt]sx?$/,
+    },
+    "nextjs-use-client-in-layout": {
+        regex: /^[\s\S]{0,512}['"]use client['"]/,
+        description: "Layout file with 'use client' — layouts should be Server Components for optimal performance",
+        fileIncludePattern: /(^|\/)app\/.*\/layout\.[jt]sx?$|^app\/layout\.[jt]sx?$/,
+    },
+    "nextjs-missing-metadata": {
+        regex: /./,
+        description: "Page file without metadata or generateMetadata export — missing SEO metadata",
+        fileIncludePattern: /(^|\/)app\/.*\/page\.[jt]sx?$/,
+    },
+    "nextjs-missing-use-client": {
+        // Match files containing client-only API references that do NOT begin with
+        // a "use client" / 'use client' / `use client` directive in the first 512 bytes.
+        regex: /^(?![\s\S]{0,512}["'`]use client["'`])[\s\S]*(?:useState|useEffect|useRef|useCallback|useMemo|useContext|onClick=|onChange=|onSubmit=)/,
+        description: "Client-only API used without 'use client' directive — component will error at build (Next.js App Router)",
+        fileIncludePattern: /(^|\/)app\/.*\.(tsx|jsx)$/,
+    },
+    // --- Hono anti-patterns (Task 15) ---
+    "hono-missing-error-handler": {
+        regex: /new\s+(?:Hono|OpenAPIHono)\s*(?:<[^>]*>)?\s*\(\s*\)(?!(?:[\s\S](?!new\s+(?:Hono|OpenAPIHono)))*\.onError)/,
+        description: "Hono app created without .onError() handler — unhandled exceptions return 500 with no logging",
+    },
+    "hono-throw-raw-error": {
+        regex: /\(\s*c\s*:\s*Context\s*(?:,\s*next\s*:\s*Next\s*)?\)[\s\S]*?\bthrow\s+new\s+Error\s*\(/,
+        description: "throw new Error() inside Hono handler — use HTTPException for proper status code handling",
+    },
+    "hono-missing-validator": {
+        regex: /await\s+c\.req\.(?:json|parseBody)\s*\(\s*\)(?![\s\S]{0,400}?zValidator)/,
+        description: "c.req.json()/parseBody() without preceding zValidator — unvalidated request body",
+    },
+    "hono-unguarded-json-parse": {
+        regex: /(?<!try\s*\{[\s\S]{0,200})await\s+c\.req\.json\s*\(\s*\)/,
+        description: "await c.req.json() without try/catch — malformed JSON crashes handler",
+    },
+    "hono-env-type-any": {
+        regex: /new\s+Hono\s*\(\s*\)(?!\s*<)/,
+        description: "new Hono() without <Env> generic — loses type safety on c.env and c.var",
+    },
+    "hono-missing-status-code": {
+        regex: /\bc\.json\s*\(\s*\{[^}]+\}\s*\)/,
+        description: "c.json() without explicit status code — defaults to 200 even for errors/creations",
+    },
+    "hono-full-app-rpc-export": {
+        regex: /export\s+type\s+\w+\s*=\s*typeof\s+app\b/,
+        description: "export type X = typeof app — slow RPC pattern (Issue #3869, 8-min CI builds). Use typeof routeGroup instead",
+    },
+    // --- Database / ORM anti-patterns (db-audit feedback) ---
+    "unsafe-raw-sql": {
+        regex: /(?:\$queryRawUnsafe|\$executeRawUnsafe|knex\.raw|sequelize\.query|db\.raw)\s*\(\s*[`"'][^`"']*\$\{/,
+        description: "Raw SQL with template-string interpolation — SQL injection risk. Use parameterized $queryRaw`...` or query builder. Covers Prisma/Knex/Sequelize/Drizzle.",
+    },
+    "transaction-external-io": {
+        regex: /\$transaction\s*\(\s*async\s*\([^)]*\)\s*=>\s*\{[\s\S]{0,2000}?\b(?:fetch|axios|http|stripe|sendgrid|twilio|sendEmail|publishEvent|enqueue)\s*[.(]/,
+        description: "External I/O (fetch/HTTP/email/queue) inside Prisma $transaction callback — long-running transactions hold locks. Move I/O after commit.",
+    },
+    "migration-create-index-no-concurrently": {
+        regex: /CREATE\s+(?:UNIQUE\s+)?INDEX(?!\s+CONCURRENTLY)/i,
+        description: "CREATE INDEX without CONCURRENTLY — locks the table during build. Use CREATE INDEX CONCURRENTLY in PostgreSQL migrations.",
+        fileIncludePattern: /\/migrations?\/.*\.sql$/,
+    },
+    "migration-drop-column": {
+        regex: /\bALTER\s+TABLE[\s\S]{0,200}\bDROP\s+COLUMN\b/i,
+        description: "DROP COLUMN in migration — destructive, breaks rolling deploys. Use multi-step deprecation: stop writes → backfill → drop in next release.",
+        fileIncludePattern: /\/migrations?\/.*\.sql$/,
+    },
+    "migration-alter-column-type": {
+        regex: /\bALTER\s+TABLE[\s\S]{0,200}\bALTER\s+COLUMN[\s\S]{0,200}\bTYPE\b/i,
+        description: "ALTER COLUMN TYPE in migration — full table rewrite, locks table. Use ADD COLUMN + backfill + DROP COLUMN in separate releases.",
+        fileIncludePattern: /\/migrations?\/.*\.sql$/,
+    },
+    "migration-not-null-no-default": {
+        regex: /\bADD\s+COLUMN\b[\s\S]{0,200}\bNOT\s+NULL\b(?![\s\S]{0,100}\bDEFAULT\b)/i,
+        description: "ADD COLUMN NOT NULL without DEFAULT — fails on existing rows. Add as nullable first, backfill, then add NOT NULL constraint.",
+        fileIncludePattern: /\/migrations?\/.*\.sql$/,
+    },
+    // --- Python anti-patterns ---
+    "mutable-default": {
+        regex: /def\s+\w+\s*\([^)]*=\s*(?:\[\s*\]|\{\s*\}|set\s*\(\s*\))/,
+        description: "Mutable default argument ([], {}, set()) — shared between calls (Python)",
+    },
+    "bare-except": {
+        regex: /except\s*:/,
+        description: "Bare except: catches everything including KeyboardInterrupt (Python)",
+    },
+    "broad-except": {
+        regex: /except\s+(?:Exception|BaseException)\s*:/,
+        description: "Broad exception catch — hides real errors (Python)",
+    },
+    "global-keyword": {
+        regex: /\bglobal\s+\w+/,
+        description: "global keyword — mutable global state makes code hard to test (Python)",
+    },
+    "star-import": {
+        regex: /from\s+\S+\s+import\s+\*/,
+        description: "Star import — pollutes namespace, breaks static analysis (Python)",
+    },
+    "print-debug-py": {
+        regex: /^\s*print\s*\(/m,
+        description: "print() in production code — use logging module (Python)",
+    },
+    "eval-exec": {
+        regex: /\b(?:eval|exec)\s*\(/,
+        description: "eval()/exec() — code injection risk (Python)",
+    },
+    "shell-true": {
+        regex: /subprocess\.\w+\s*\([^)]*shell\s*=\s*True/,
+        description: "subprocess with shell=True — command injection risk (Python)",
+    },
+    "pickle-load": {
+        regex: /pickle\.(?:load|loads)\s*\(/,
+        description: "pickle.load/loads — arbitrary code execution from untrusted data (Python)",
+    },
+    "yaml-unsafe": {
+        regex: /yaml\.load\s*\([^)]*\)(?![\s\S]{0,30}Loader)/,
+        description: "yaml.load without SafeLoader — arbitrary code execution risk (Python)",
+    },
+    "open-no-with": {
+        regex: /(?<!with\s{1,20})\bopen\s*\([^)]+\)\s*(?:\.\w+|;|$)/m,
+        description: "open() without with statement — resource leak if exception occurs (Python)",
+    },
+    "string-concat-loop": {
+        regex: /for\s+\w+\s+in\s+[\s\S]{0,200}?\+=\s*(?:['"]|f['"]|str\()/,
+        description: "String concatenation in loop — O(n^2), use join() or list append (Python)",
+    },
+    "datetime-naive": {
+        regex: /datetime\.(?:now|utcnow)\s*\(\s*\)/,
+        description: "datetime.now()/utcnow() without timezone — naive datetime causes bugs (Python)",
+    },
+    "shadow-builtin": {
+        regex: /^(?:list|dict|set|id|type|input|map|filter|range|str|int|float|bool|tuple|bytes|object|print|open|format|len|sum|min|max|any|all|zip|enumerate|sorted|reversed|next|iter|super|hash|dir|vars|globals|locals)\s*=/m,
+        description: "Assignment shadows Python builtin — breaks code that uses the builtin later (Python)",
+    },
+    "n-plus-one-django": {
+        regex: /for\s+\w+\s+in\s+[\s\S]{0,300}?\.\w+_set\b|\.\w+\.all\(\)/,
+        description: "Potential N+1 query — accessing related objects in loop without select_related/prefetch_related (Django)",
+    },
+    "late-binding": {
+        regex: /for\s+(\w+)\s+in\s+[\s\S]{0,200}?lambda\s*[^:]*:\s*\1\b/,
+        description: "Late binding closure in loop — all lambdas share last loop value (Python)",
+    },
+    "assert-tuple": {
+        regex: /\bassert\s*\(/,
+        description: "assert(expr) — always True because tuple is truthy. Use assert expr without parens (Python)",
+    },
 };
 /**
  * Search for structural code patterns across indexed symbols.
@@ -54,10 +651,14 @@ export async function searchPatterns(repo, pattern, options) {
     // Resolve pattern: built-in name or custom regex
     let regex;
     let patternName;
+    let fileExcludePattern;
+    let fileIncludePattern;
     const builtin = BUILTIN_PATTERNS[pattern];
     if (builtin) {
         regex = builtin.regex;
         patternName = `${pattern}: ${builtin.description}`;
+        fileExcludePattern = builtin.fileExcludePattern;
+        fileIncludePattern = builtin.fileIncludePattern;
     }
     else {
         try {
@@ -80,6 +681,10 @@ export async function searchPatterns(repo, pattern, options) {
             continue;
         if (filePattern && !sym.file.includes(filePattern))
             continue;
+        if (fileExcludePattern && fileExcludePattern.test(sym.file))
+            continue;
+        if (fileIncludePattern && !fileIncludePattern.test(sym.file))
+            continue;
         scanned++;
         const match = regex.exec(sym.source);
         if (match) {
@@ -98,6 +703,47 @@ export async function searchPatterns(repo, pattern, options) {
             });
         }
     }
+    // File-level scanning fallback for patterns targeting non-source files
+    // (e.g. SQL migrations, .env files). Triggered when fileIncludePattern is set.
+    // This iterates index.files and reads them directly — needed because such
+    // files have no parsed symbols.
+    if (fileIncludePattern) {
+        for (const fileEntry of index.files) {
+            if (matches.length >= maxResults)
+                break;
+            if (!fileIncludePattern.test(fileEntry.path))
+                continue;
+            if (filePattern && !fileEntry.path.includes(filePattern))
+                continue;
+            if (fileExcludePattern && fileExcludePattern.test(fileEntry.path))
+                continue;
+            // Skip files that already had symbol matches above (avoid duplicates)
+            if (matches.some((m) => m.file === fileEntry.path))
+                continue;
+            let content;
+            try {
+                content = await readFile(join(index.root, fileEntry.path), "utf-8");
+            }
+            catch {
+                continue;
+            }
+            scanned++;
+            const match = regex.exec(content);
+            if (match) {
+                const linesBefore = content.slice(0, match.index).split("\n").length;
+                const matchedText = match[0].split("\n")[0];
+                matches.push({
+                    name: fileEntry.path.split("/").pop() ?? fileEntry.path,
+                    kind: "function", // file-level match has no symbol kind
+                    file: fileEntry.path,
+                    start_line: linesBefore,
+                    end_line: linesBefore,
+                    matched_pattern: patternName,
+                    context: matchedText.trim().slice(0, 200),
+                });
+            }
+        }
+    }
     return {
         matches,
         pattern: patternName,
@@ -108,9 +754,11 @@ export async function searchPatterns(repo, pattern, options) {
  * List all available built-in patterns.
  */
 export function listPatterns() {
-    return Object.entries(BUILTIN_PATTERNS).map(([name, { description }]) => ({
+    return Object.entries(BUILTIN_PATTERNS).map(([name, p]) => ({
         name,
-        description,
+        description: p.description,
+        ...(p.fileExcludePattern ? { fileExcludePattern: p.fileExcludePattern.source } : {}),
+        ...(p.fileIncludePattern ? { fileIncludePattern: p.fileIncludePattern.source } : {}),
     }));
 }
 //# sourceMappingURL=pattern-tools.js.map