eslint-plugin-operability 3.0.0

package/README.md

@@ -0,0 +1,141 @@
+<p align="center">
+  <a href="https://eslint.interlace.tools" target="blank"><img src="https://eslint.interlace.tools/eslint-interlace-logo-light.svg" alt="ESLint Interlace Logo" width="120" /></a>
+</p>
+
+<p align="center">
+  Production readiness rules for debug code, logging, and operational hygiene.
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/eslint-plugin-operability" target="_blank"><img src="https://img.shields.io/npm/v/eslint-plugin-operability.svg" alt="NPM Version" /></a>
+  <a href="https://www.npmjs.com/package/eslint-plugin-operability" target="_blank"><img src="https://img.shields.io/npm/dm/eslint-plugin-operability.svg" alt="NPM Downloads" /></a>
+  <a href="https://opensource.org/licenses/MIT" target="_blank"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="Package License" /></a>
+</p>
+
+## Description
+
+This plugin enforces production-ready code practices by detecting debug statements, verbose error messages, and other patterns that should not ship to production. It helps teams maintain operational hygiene and prevent accidental exposure of sensitive information.
+
+## Philosophy
+
+**Interlace** fosters **strength through integration**. Code that works in development isn't always production-ready. These rules catch common operability issues before they reach production, protecting both your users and your infrastructure.
+
+## Getting Started
+
+- To check out the [guide](https://eslint.interlace.tools/docs/operability), visit [eslint.interlace.tools](https://eslint.interlace.tools). 📚
+
+```bash
+npm install eslint-plugin-operability --save-dev
+```
+
+## ⚙️ Configuration Presets
+
+| Preset        | Description                                     |
+| :------------ | :---------------------------------------------- |
+| `recommended` | Balanced operability checks for production code |
+
+---
+
+## 🏢 Usage Example
+
+```js
+// eslint.config.js
+import operability from 'eslint-plugin-operability';
+
+export default [
+  operability.configs.recommended,
+
+  // Be extra strict in production code
+  {
+    files: ['src/**/*.ts'],
+    ignores: ['**/*.test.ts', '**/*.spec.ts'],
+    rules: {
+      '@interlace/operability/operability/no-console-log': 'error',
+    },
+  },
+];
+```
+
+---
+
+## Rules
+
+| Rule                                                                       | Description                                   | 💼  | ⚠️  |
+| :------------------------------------------------------------------------- | :-------------------------------------------- | :-: | :-: |
+| [no-console-log](./docs/rules/no-console-log.md)                           | Disallow `console.log` in production code     | 💼  | ⚠️  |
+| [no-process-exit](./docs/rules/no-process-exit.md)                         | Disallow `process.exit()` in library code     |     |     |
+| [no-debug-code-in-production](./docs/rules/no-debug-code-in-production.md) | Detect debug statements and debugger keywords | 💼  |     |
+| [no-verbose-error-messages](./docs/rules/no-verbose-error-messages.md)     | Prevent overly detailed error messages        | 💼  | ⚠️  |
+| [require-code-minification](./docs/rules/require-code-minification.md)     | Detect patterns that prevent minification     |     |     |
+| [require-data-minimization](./docs/rules/require-data-minimization.md)     | Detect excessive data exposure in responses   |     |     |
+
+**Legend**: 💼 Recommended | ⚠️ Warns (not error)
+
+---
+
+## Why These Rules?
+
+### `no-console-log`
+
+`console.log` statements are for debugging and shouldn't ship to production.
+
+```ts
+// ❌ Bad: Debug logging in production
+function processPayment(card: Card) {
+  console.log('Processing payment:', card); // Exposes sensitive data!
+  return paymentService.charge(card);
+}
+
+// ✅ Good: Use proper logging
+function processPayment(card: Card) {
+  logger.info('Processing payment', { cardLast4: card.last4 });
+  return paymentService.charge(card);
+}
+```
+
+### `no-debug-code-in-production`
+
+Catches `debugger` statements and debug-only code paths.
+
+```ts
+// ❌ Bad: Debugger statement left in code
+function calculateTotal(items: Item[]) {
+  debugger; // Will pause execution in production!
+  return items.reduce((sum, item) => sum + item.price, 0);
+}
+
+// ✅ Good: No debug statements
+function calculateTotal(items: Item[]) {
+  return items.reduce((sum, item) => sum + item.price, 0);
+}
+```
+
+### `no-verbose-error-messages`
+
+Prevents detailed error messages that could expose system internals.
+
+```ts
+// ❌ Bad: Verbose error exposes internals (CWE-209)
+throw new Error(
+  `Database connection failed at ${host}:${port} with user ${dbUser}`,
+);
+
+// ✅ Good: Generic error with internal logging
+logger.error('Database connection failed', { host, port, user: dbUser });
+throw new Error('Service temporarily unavailable');
+```
+
+---
+
+## 🔗 Related ESLint Plugins
+
+Part of the **Interlace ESLint Ecosystem** — AI-native quality plugins with LLM-optimized error messages:
+
+| Plugin                                                                                     | Description                     |
+| :----------------------------------------------------------------------------------------- | :------------------------------ |
+| [`eslint-plugin-reliability`](https://www.npmjs.com/package/eslint-plugin-reliability)     | Error handling & null safety    |
+| [`eslint-plugin-secure-coding`](https://www.npmjs.com/package/eslint-plugin-secure-coding) | Security best practices & OWASP |
+
+## 📄 License
+
+MIT © [Ofri Peretz](https://github.com/ofri-peretz)

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "eslint-plugin-operability",
+  "version": "3.0.0",
+  "description": "ESLint rules for production behavior, resource hygiene, and log quality.",
+  "type": "commonjs",
+  "main": "./src/index.js",
+  "types": "./src/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./src/index.d.ts",
+      "default": "./src/index.js"
+    }
+  },
+  "author": "Ofri Peretz <ofriperetzdev@gmail.com>",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "src/",
+    "dist/",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md"
+  ],
+  "keywords": [
+    "eslint",
+    "eslint-plugin",
+    "interlace-quality",
+    "operability",
+    "observability",
+    "production-ready",
+    "llm-optimized"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "tslib": "^2.3.0",
+    "@interlace/eslint-devkit": "*"
+  },
+  "devDependencies": {
+    "@typescript-eslint/parser": "^8.46.2",
+    "@typescript-eslint/rule-tester": "^8.46.2"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ofri-peretz/eslint",
+    "directory": "packages/eslint-plugin-operability"
+  },
+  "homepage": "https://github.com/ofri-peretz/eslint/tree/main/packages/eslint-plugin-operability#readme",
+  "bugs": {
+    "url": "https://github.com/ofri-peretz/eslint/issues"
+  }
+}

package/src/index.d.ts

@@ -0,0 +1,144 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+export declare const rules: {
+    'no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+    'operability/require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+        name: string;
+    };
+};
+export declare const plugin: {
+    meta: {
+        name: string;
+        version: string;
+    };
+    rules: {
+        'no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+        'operability/require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+            name: string;
+        };
+    };
+};
+export declare const configs: {
+    recommended: {
+        plugins: {
+            '@interlace/operability': {
+                meta: {
+                    name: string;
+                    version: string;
+                };
+                rules: {
+                    'no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/no-console-log': TSESLint.RuleModule<"consoleLogFound" | "strategyRemove" | "strategyConvert" | "strategyComment" | "strategyWarn", [(import("./rules/operability/no-console-log").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/no-process-exit': TSESLint.RuleModule<"noProcessExit", [(import("./rules/operability/no-process-exit").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/no-debug-code-in-production': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-debug-code-in-production").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/no-verbose-error-messages': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/no-verbose-error-messages").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/require-code-minification': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-code-minification").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                    'operability/require-data-minimization': TSESLint.RuleModule<"violationDetected", [(import("./rules/operability/require-data-minimization").Options | undefined)?], unknown, TSESLint.RuleListener> & {
+                        name: string;
+                    };
+                };
+            };
+        };
+        rules: {
+            '@interlace/operability/operability/no-console-log': "warn";
+            '@interlace/operability/operability/no-debug-code-in-production': "error";
+            '@interlace/operability/operability/no-verbose-error-messages': "warn";
+        };
+    };
+};
+export default plugin;

package/src/index.js

@@ -0,0 +1,51 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configs = exports.plugin = exports.rules = void 0;
+// Operability rules
+const no_console_log_1 = require("./rules/operability/no-console-log");
+const no_process_exit_1 = require("./rules/operability/no-process-exit");
+const no_debug_code_in_production_1 = require("./rules/operability/no-debug-code-in-production");
+const no_verbose_error_messages_1 = require("./rules/operability/no-verbose-error-messages");
+const require_code_minification_1 = require("./rules/operability/require-code-minification");
+const require_data_minimization_1 = require("./rules/operability/require-data-minimization");
+exports.rules = {
+    'no-console-log': no_console_log_1.noConsoleLog,
+    'no-process-exit': no_process_exit_1.noProcessExit,
+    'no-debug-code-in-production': no_debug_code_in_production_1.noDebugCodeInProduction,
+    'no-verbose-error-messages': no_verbose_error_messages_1.noVerboseErrorMessages,
+    'require-code-minification': require_code_minification_1.requireCodeMinification,
+    'require-data-minimization': require_data_minimization_1.requireDataMinimization,
+    // Categorized names
+    'operability/no-console-log': no_console_log_1.noConsoleLog,
+    'operability/no-process-exit': no_process_exit_1.noProcessExit,
+    'operability/no-debug-code-in-production': no_debug_code_in_production_1.noDebugCodeInProduction,
+    'operability/no-verbose-error-messages': no_verbose_error_messages_1.noVerboseErrorMessages,
+    'operability/require-code-minification': require_code_minification_1.requireCodeMinification,
+    'operability/require-data-minimization': require_data_minimization_1.requireDataMinimization,
+};
+exports.plugin = {
+    meta: {
+        name: 'eslint-plugin-operability',
+        version: '1.0.0',
+    },
+    rules: exports.rules,
+};
+exports.configs = {
+    recommended: {
+        plugins: {
+            '@interlace/operability': exports.plugin,
+        },
+        rules: {
+            '@interlace/operability/operability/no-console-log': 'warn',
+            '@interlace/operability/operability/no-debug-code-in-production': 'error',
+            '@interlace/operability/operability/no-verbose-error-messages': 'warn',
+        },
+    },
+};
+exports.default = exports.plugin;
+//# sourceMappingURL=index.js.map

package/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/eslint-plugin-operability/src/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAIH,oBAAoB;AACpB,uEAAkE;AAClE,yEAAoE;AACpE,iGAA0F;AAC1F,6FAAuF;AACvF,6FAAwF;AACxF,6FAAwF;AAE3E,QAAA,KAAK,GAAG;IACnB,gBAAgB,EAAE,6BAAY;IAC9B,iBAAiB,EAAE,+BAAa;IAChC,6BAA6B,EAAE,qDAAuB;IACtD,2BAA2B,EAAE,kDAAsB;IACnD,2BAA2B,EAAE,mDAAuB;IACpD,2BAA2B,EAAE,mDAAuB;IAEpD,oBAAoB;IACpB,4BAA4B,EAAE,6BAAY;IAC1C,6BAA6B,EAAE,+BAAa;IAC5C,yCAAyC,EAAE,qDAAuB;IAClE,uCAAuC,EAAE,kDAAsB;IAC/D,uCAAuC,EAAE,mDAAuB;IAChE,uCAAuC,EAAE,mDAAuB;CACS,CAAC;AAE/D,QAAA,MAAM,GAAG;IACpB,IAAI,EAAE;QACJ,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,OAAO;KACjB;IACD,KAAK,EAAL,aAAK;CAC+B,CAAC;AAE1B,QAAA,OAAO,GAAG;IACrB,WAAW,EAAE;QACX,OAAO,EAAE;YACP,wBAAwB,EAAE,cAAM;SACjC;QACD,KAAK,EAAE;YACL,mDAAmD,EAAE,MAAM;YAC3D,gEAAgE,EAAE,OAAO;YACzE,8DAA8D,EAAE,MAAM;SACvE;KACmC;CACc,CAAC;AAEvD,kBAAe,cAAM,CAAC"}

package/src/lib/eslint-plugin-operability.d.ts

@@ -0,0 +1 @@
+export declare function eslintPluginOperability(): string;

package/src/lib/eslint-plugin-operability.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.eslintPluginOperability = eslintPluginOperability;
+function eslintPluginOperability() {
+    return 'eslint-plugin-operability';
+}
+//# sourceMappingURL=eslint-plugin-operability.js.map

package/src/lib/eslint-plugin-operability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eslint-plugin-operability.js","sourceRoot":"","sources":["../../../../../packages/eslint-plugin-operability/src/lib/eslint-plugin-operability.ts"],"names":[],"mappings":";;AAAA,0DAEC;AAFD,SAAgB,uBAAuB;IACrC,OAAO,2BAA2B,CAAC;AACrC,CAAC"}

package/src/rules/operability/no-console-log.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * Enhanced ESLint rule: no-console-log
+ * Disallows console.log with configurable strategies and LLM-optimized output
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+/**
+ * Strategy for handling console.log
+ * @enum {string}
+ * @description The strategy to use when handling console.log
+ * @example
+ * - 'remove': Remove the console.log statement
+ * - 'convert': Convert the console.log statement to a logger method
+ */
+type Strategy = 'remove' | 'convert' | 'comment' | 'warn';
+/**
+ * Message IDs for the rule
+ * @enum {string}
+ * @description The message IDs for the rule
+ * @example
+ * - 'consoleLogFound': The message ID for the console.log statement found
+ * - 'strategyRemove': The message ID for the strategy to remove the console.log statement
+ * - 'strategyConvert': The message ID for the strategy to convert the console.log statement to a logger method
+ */
+type MessageIds = 'consoleLogFound' | 'strategyRemove' | 'strategyConvert' | 'strategyComment' | 'strategyWarn';
+interface SeverityMapping {
+    [consoleMethod: string]: string;
+}
+export interface Options {
+    /** How to handle console.log: 'remove', 'convert', 'comment', or 'warn' */
+    strategy?: Strategy;
+    /** File path patterns to ignore */
+    ignorePaths?: string[];
+    /** Name of the logger to use (e.g., 'logger', 'winston'). Default: 'logger' */
+    loggerName?: string;
+    /** Maximum occurrences to report: number (e.g., 5), 'all' (report all instances), or undefined (no limit). Default: undefined */
+    maxOccurrences?: number | 'all';
+    /** Map console methods to logger methods */
+    severityMap?: SeverityMapping;
+    /** Auto-detect logger import in file. Default: true */
+    autoDetectLogger?: boolean;
+    /** Object names to match (e.g., ['console', 'winston', 'oldLogger']). Default: ['console'] */
+    sourcePatterns?: string[];
+}
+type RuleOptions = [Options?];
+export declare const noConsoleLog: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/no-console-log.js

@@ -0,0 +1,328 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noConsoleLog = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const eslint_devkit_3 = require("@interlace/eslint-devkit");
+// Default severity map: only flags console.log by default for minimal disruption
+// Can be extended via severityMap option to include other console methods
+const DEFAULT_SEVERITY_MAP = {
+    log: 'debug',
+};
+exports.noConsoleLog = (0, eslint_devkit_2.createRule)({
+    name: 'no-console-log',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Disallow console.log with configurable remediation strategies',
+        },
+        fixable: 'code',
+        hasSuggestions: false,
+        messages: {
+            // 🎯 Token optimization: 43% reduction (51→29 tokens) - compact format for logger context
+            consoleLogFound: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.WARNING,
+                issueName: 'console.log in production',
+                cwe: 'CWE-532',
+                description: 'console.log found in production code',
+                severity: 'MEDIUM',
+                fix: 'Use logger.debug() or remove statement',
+                documentationLink: 'https://owasp.org/www-project-log-review-guide/',
+            }),
+            strategyRemove: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Remove Strategy',
+                description: 'Remove console.log statement',
+                severity: 'LOW',
+                fix: 'Delete the console.log statement',
+                documentationLink: 'https://owasp.org/www-project-log-review-guide/',
+            }),
+            strategyConvert: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Convert Strategy',
+                description: 'Convert to logger method',
+                severity: 'LOW',
+                fix: 'logger.debug() or logger.info()',
+                documentationLink: 'https://github.com/winstonjs/winston',
+            }),
+            strategyComment: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Comment Strategy',
+                description: 'Comment out console.log',
+                severity: 'LOW',
+                fix: '// console.log(...)',
+                documentationLink: 'https://owasp.org/www-project-log-review-guide/',
+            }),
+            strategyWarn: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Warn Strategy',
+                description: 'Replace with console.warn()',
+                severity: 'LOW',
+                fix: 'console.warn()',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/console/warn',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    strategy: {
+                        type: 'string',
+                        enum: ['remove', 'convert', 'comment', 'warn'],
+                        default: 'remove',
+                        description: 'Strategy for handling console.log',
+                    },
+                    ignorePaths: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'File path patterns to ignore',
+                    },
+                    loggerName: {
+                        type: 'string',
+                        default: 'logger',
+                        description: 'Name of the logger to use for convert strategy (e.g., "logger", "winston")',
+                    },
+                    maxOccurrences: {
+                        oneOf: [
+                            {
+                                type: 'number',
+                                minimum: 1,
+                                description: 'Maximum number of occurrences to report',
+                            },
+                            {
+                                type: 'string',
+                                enum: ['all'],
+                                description: 'Report all violations',
+                            },
+                        ],
+                        description: 'Maximum occurrences to report: number (e.g., 5), "all" (report all), or undefined (no limit)',
+                    },
+                    severityMap: {
+                        type: 'object',
+                        additionalProperties: { type: 'string' },
+                        default: {
+                            log: 'debug',
+                        },
+                        description: 'Advanced: Map console methods to logger methods, e.g., {"log": "info", "debug": "verbose"}',
+                    },
+                    autoDetectLogger: {
+                        type: 'boolean',
+                        default: true,
+                        description: 'Auto-detect logger import in file',
+                    },
+                    sourcePatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['console'],
+                        description: 'Object names to match and replace (e.g., ["console", "winston", "oldLogger"]). Uses exact string matching for safety.',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            strategy: 'remove',
+            ignorePaths: [],
+            loggerName: 'logger',
+            severityMap: { log: 'log' }, // Only flag console.log by default
+            autoDetectLogger: true,
+            sourcePatterns: ['console'],
+        },
+    ],
+    create(context) {
+        const options = context.options[0] || {};
+        const { strategy = 'remove', ignorePaths = [], loggerName, maxOccurrences, severityMap = {}, autoDetectLogger = true, sourcePatterns = ['console'], } = options;
+        /** Merge user's severityMap with defaults to determine method mappings */
+        const effectiveSeverityMap = { ...DEFAULT_SEVERITY_MAP, ...severityMap };
+        const filename = context.filename || context.getFilename();
+        const sourceCode = context.sourceCode || context.sourceCode;
+        const occurrences = [];
+        /**
+         * Auto-detect logger in file by scanning imports.
+         * Uses strict pattern matching to avoid false positives (e.g., 'reactLogo').
+         */
+        let detectedLogger = null;
+        if (autoDetectLogger) {
+            const ast = sourceCode.ast;
+            const loggerPatterns = /^(logger|log|winston|bunyan|pino|console)$/i;
+            for (const statement of ast.body) {
+                if (statement.type === 'ImportDeclaration') {
+                    for (const specifier of statement.specifiers) {
+                        if (specifier.type === 'ImportDefaultSpecifier' ||
+                            specifier.type === 'ImportSpecifier') {
+                            const name = specifier.local.name;
+                            if (loggerPatterns.test(name)) {
+                                detectedLogger = name;
+                                break;
+                            }
+                        }
+                    }
+                }
+                // Look for require() calls
+                if (statement.type === 'VariableDeclaration') {
+                    for (const declarator of statement.declarations) {
+                        if (declarator.init?.type === 'CallExpression' &&
+                            declarator.init.callee.type === 'Identifier' &&
+                            declarator.init.callee.name === 'require' &&
+                            declarator.id.type === 'Identifier') {
+                            const name = declarator.id.name;
+                            if (loggerPatterns.test(name)) {
+                                detectedLogger = name;
+                                break;
+                            }
+                        }
+                    }
+                }
+                if (detectedLogger)
+                    break;
+            }
+        }
+        /**
+         * Determine the effective logger to use.
+         * Priority: explicit loggerName from config > auto-detected logger > default 'logger'
+         */
+        const effectiveLogger = loggerName || detectedLogger || 'logger';
+        /**
+         * Check if the current file should be ignored based on ignorePaths patterns.
+         * Supports exact matches, directory prefixes, and glob-like patterns.
+         */
+        const shouldIgnoreFile = () => {
+            if (ignorePaths.length === 0)
+                return false;
+            const normalizedPath = (0, eslint_devkit_3.normalizePath)(filename);
+            return ignorePaths.some((pattern) => {
+                const normalizedPattern = pattern.replace(/\\/g, '/');
+                /** Exact match */
+                if (normalizedPath === normalizedPattern)
+                    return true;
+                /** Directory match */
+                if (normalizedPath.startsWith(normalizedPattern + '/'))
+                    return true;
+                /** Glob-like pattern support */
+                const regexPattern = normalizedPattern
+                    .replace(/\./g, '\\.')
+                    .replace(/\*/g, '.*')
+                    .replace(/\?/g, '.');
+                return new RegExp(regexPattern).test(normalizedPath);
+            });
+        };
+        if (shouldIgnoreFile()) {
+            return {};
+        }
+        return {
+            /**
+             * CallExpression visitor that checks for member expressions matching source patterns.
+             * Handles calls like console.log(), winston.info(), oldLogger.debug(), etc.
+             */
+            CallExpression(node) {
+                if (node.callee.type !== 'MemberExpression' ||
+                    node.callee.object.type !== 'Identifier' ||
+                    node.callee.property.type !== 'Identifier') {
+                    return;
+                }
+                const sourceObject = node.callee.object.name;
+                const methodName = node.callee.property.name;
+                /** Check if this source object is in our patterns to match */
+                if (!sourcePatterns.includes(sourceObject)) {
+                    return;
+                }
+                /** Only handle methods that are in the effectiveSeverityMap */
+                if (!effectiveSeverityMap[methodName]) {
+                    return;
+                }
+                const line = node.loc?.start.line ?? 0;
+                occurrences.push(line);
+                // ✅ Calculate skip condition (don't return early)
+                // 'all' means report all instances
+                // undefined means no limit
+                // number > 0 means limit to that count
+                const shouldSkipReport = maxOccurrences !== undefined &&
+                    maxOccurrences !== 'all' &&
+                    typeof maxOccurrences === 'number' &&
+                    maxOccurrences > 0 &&
+                    occurrences.length > maxOccurrences;
+                const sourceCode = context.sourceCode || context.sourceCode;
+                const relativePath = (0, eslint_devkit_3.getRelativePath)(process.cwd(), filename);
+                /**
+                 * Determine the target logger method to use based on severityMap.
+                 *
+                 * @example
+                 * Default: console.log → logger.log, console.debug → logger.debug
+                 *
+                 * @example
+                 * With severityMap: { log: 'info' } → console.log → logger.info, console.debug → logger.debug
+                 */
+                const targetLoggerMethod = effectiveSeverityMap[methodName] || methodName;
+                /**
+                 * Generate fix based on the configured strategy.
+                 * Handles remove, convert, comment, and warn strategies.
+                 */
+                const fix = (fixer) => {
+                    const statement = findParentStatement(node);
+                    if (!statement)
+                        return null;
+                    switch (strategy) {
+                        case 'remove':
+                            return fixer.remove(statement);
+                        case 'convert':
+                            return fixer.replaceText(node.callee, `${effectiveLogger}.${targetLoggerMethod}`);
+                        case 'comment': {
+                            const text = sourceCode.getText(statement);
+                            return fixer.replaceText(statement, `// ${text}`);
+                        }
+                        case 'warn':
+                            return fixer.replaceText(node.callee, 'console.warn');
+                        default:
+                            return null;
+                    }
+                };
+                /** Build conversion info for the error message */
+                let conversionInfo = '';
+                if (strategy === 'convert') {
+                    conversionInfo = ` → ${effectiveLogger}.${targetLoggerMethod}()`;
+                }
+                // ✅ Only report if not exceeding limit
+                if (!shouldSkipReport) {
+                    context.report({
+                        node,
+                        messageId: 'consoleLogFound',
+                        data: {
+                            consoleMethod: `${sourceObject}.${methodName}`,
+                            filePath: relativePath,
+                            line: String(line),
+                            strategy,
+                            conversionInfo,
+                            logger: effectiveLogger,
+                            method: targetLoggerMethod,
+                        },
+                        fix,
+                    });
+                }
+            },
+        };
+    },
+});
+/**
+ * Find the parent statement node for proper removal
+ */
+function findParentStatement(node) {
+    let current = node;
+    while (current) {
+        if (current.type === 'ExpressionStatement' ||
+            current.type === 'ReturnStatement' ||
+            current.type === 'VariableDeclaration') {
+            return current;
+        }
+        current = current.parent;
+    }
+    return null;
+}
+//# sourceMappingURL=no-console-log.js.map

package/src/rules/operability/no-console-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-console-log.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/no-console-log.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAOH,4DAA0E;AAC1E,4DAAsD;AACtD,4DAA0E;AAgC1E,iFAAiF;AACjF,0EAA0E;AAC1E,MAAM,oBAAoB,GAAoB;IAC5C,GAAG,EAAE,OAAO;CACb,CAAC;AA2BW,QAAA,YAAY,GAAG,IAAA,0BAAU,EAA0B;IAC9D,IAAI,EAAE,gBAAgB;IACtB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EACT,+DAA+D;SAClE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE;YACR,0FAA0F;YAC1F,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,wCAAwC;gBAC7C,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,sCAAsC;aAC1D,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,yBAAyB;gBACtC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,6BAA6B;gBAC1C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gBAAgB;gBACrB,iBAAiB,EACf,+DAA+D;aAClE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;wBAC9C,OAAO,EAAE,QAAQ;wBACjB,WAAW,EAAE,mCAAmC;qBACjD;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,8BAA8B;qBAC5C;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,QAAQ;wBACjB,WAAW,EACT,4EAA4E;qBAC/E;oBACD,cAAc,EAAE;wBACd,KAAK,EAAE;4BACL;gCACE,IAAI,EAAE,QAAQ;gCACd,OAAO,EAAE,CAAC;gCACV,WAAW,EAAE,yCAAyC;6BACvD;4BACD;gCACE,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,KAAK,CAAC;gCACb,WAAW,EAAE,uBAAuB;6BACrC;yBACF;wBACD,WAAW,EACT,8FAA8F;qBACjG;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,QAAQ;wBACd,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACxC,OAAO,EAAE;4BACP,GAAG,EAAE,OAAO;yBACb;wBACD,WAAW,EACT,4FAA4F;qBAC/F;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,mCAAmC;qBACjD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,CAAC;wBACpB,WAAW,EACT,uHAAuH;qBAC1H;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,QAAQ;YACpB,WAAW,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,mCAAmC;YAChE,gBAAgB,EAAE,IAAI;YACtB,cAAc,EAAE,CAAC,SAAS,CAAC;SAC5B;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,QAAQ,GAAG,QAAQ,EACnB,WAAW,GAAG,EAAE,EAChB,UAAU,EACV,cAAc,EACd,WAAW,GAAG,EAAE,EAChB,gBAAgB,GAAG,IAAI,EACvB,cAAc,GAAG,CAAC,SAAS,CAAC,GAC7B,GAAG,OAAO,CAAC;QAEZ,0EAA0E;QAC1E,MAAM,oBAAoB,GAAG,EAAE,GAAG,oBAAoB,EAAE,GAAG,WAAW,EAAE,CAAC;QAEzE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC;;;WAGG;QACH,IAAI,cAAc,GAAkB,IAAI,CAAC;QAEzC,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;YAC3B,MAAM,cAAc,GAAG,6CAA6C,CAAC;YAErE,KAAK,MAAM,SAAS,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjC,IAAI,SAAS,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBAC3C,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;wBAC7C,IACE,SAAS,CAAC,IAAI,KAAK,wBAAwB;4BAC3C,SAAS,CAAC,IAAI,KAAK,iBAAiB,EACpC,CAAC;4BACD,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC;4BAClC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gCAC9B,cAAc,GAAG,IAAI,CAAC;gCACtB,MAAM;4BACR,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,2BAA2B;gBAC3B,IAAI,SAAS,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBAC7C,KAAK,MAAM,UAAU,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;wBAChD,IACE,UAAU,CAAC,IAAI,EAAE,IAAI,KAAK,gBAAgB;4BAC1C,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;4BAC5C,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;4BACzC,UAAU,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EACnC,CAAC;4BACD,MAAM,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,IAAI,CAAC;4BAChC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gCAC9B,cAAc,GAAG,IAAI,CAAC;gCACtB,MAAM;4BACR,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,IAAI,cAAc;oBAAE,MAAM;YAC5B,CAAC;QACH,CAAC;QAED;;;WAGG;QACH,MAAM,eAAe,GAAG,UAAU,IAAI,cAAc,IAAI,QAAQ,CAAC;QAEjE;;;WAGG;QACH,MAAM,gBAAgB,GAAG,GAAY,EAAE;YACrC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAE3C,MAAM,cAAc,GAAG,IAAA,6BAAa,EAAC,QAAQ,CAAC,CAAC;YAE/C,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,OAAe,EAAE,EAAE;gBAC1C,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAEtD,kBAAkB;gBAClB,IAAI,cAAc,KAAK,iBAAiB;oBAAE,OAAO,IAAI,CAAC;gBAEtD,sBAAsB;gBACtB,IAAI,cAAc,CAAC,UAAU,CAAC,iBAAiB,GAAG,GAAG,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAEpE,gCAAgC;gBAChC,MAAM,YAAY,GAAG,iBAAiB;qBACnC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;qBACrB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC;qBACpB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAEvB,OAAO,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,gBAAgB,EAAE,EAAE,CAAC;YACvB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO;YACL;;;eAGG;YACH,cAAc,CAAC,IAA6B;gBAC1C,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAC1C,CAAC;oBACD,OAAO;gBACT,CAAC;gBAED,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;gBAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAE7C,8DAA8D;gBAC9D,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,+DAA+D;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,CAAC;oBACtC,OAAO;gBACT,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;gBACvC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEvB,kDAAkD;gBAClD,mCAAmC;gBACnC,2BAA2B;gBAC3B,uCAAuC;gBACvC,MAAM,gBAAgB,GACpB,cAAc,KAAK,SAAS;oBAC5B,cAAc,KAAK,KAAK;oBACxB,OAAO,cAAc,KAAK,QAAQ;oBAClC,cAAc,GAAG,CAAC;oBAClB,WAAW,CAAC,MAAM,GAAG,cAAc,CAAC;gBAEtC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;gBAC5D,MAAM,YAAY,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAE9D;;;;;;;;mBAQG;gBACH,MAAM,kBAAkB,GACtB,oBAAoB,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC;gBAEjD;;;mBAGG;gBACH,MAAM,GAAG,GAAG,CAAC,KAAyB,EAAE,EAAE;oBACxC,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;oBAC5C,IAAI,CAAC,SAAS;wBAAE,OAAO,IAAI,CAAC;oBAE5B,QAAQ,QAAQ,EAAE,CAAC;wBACjB,KAAK,QAAQ;4BACX,OAAO,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;wBAEjC,KAAK,SAAS;4BACZ,OAAO,KAAK,CAAC,WAAW,CACtB,IAAI,CAAC,MAAM,EACX,GAAG,eAAe,IAAI,kBAAkB,EAAE,CAC3C,CAAC;wBAEJ,KAAK,SAAS,CAAC,CAAC,CAAC;4BACf,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;4BAC3C,OAAO,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;wBACpD,CAAC;wBAED,KAAK,MAAM;4BACT,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;wBAExD;4BACE,OAAO,IAAI,CAAC;oBAChB,CAAC;gBACH,CAAC,CAAC;gBAEF,kDAAkD;gBAClD,IAAI,cAAc,GAAG,EAAE,CAAC;gBACxB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,cAAc,GAAG,MAAM,eAAe,IAAI,kBAAkB,IAAI,CAAC;gBACnE,CAAC;gBAED,uCAAuC;gBACvC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,iBAAiB;wBAC5B,IAAI,EAAE;4BACJ,aAAa,EAAE,GAAG,YAAY,IAAI,UAAU,EAAE;4BAC9C,QAAQ,EAAE,YAAY;4BACtB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;4BAClB,QAAQ;4BACR,cAAc;4BACd,MAAM,EAAE,eAAe;4BACvB,MAAM,EAAE,kBAAkB;yBAC3B;wBACD,GAAG;qBACJ,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAmB;IAC9C,IAAI,OAAO,GAA8B,IAAI,CAAC;IAE9C,OAAO,OAAO,EAAE,CAAC;QACf,IACE,OAAO,CAAC,IAAI,KAAK,qBAAqB;YACtC,OAAO,CAAC,IAAI,KAAK,iBAAiB;YAClC,OAAO,CAAC,IAAI,KAAK,qBAAqB,EACtC,CAAC;YACD,OAAO,OAA6B,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/src/rules/operability/no-debug-code-in-production.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+}
+type RuleOptions = [Options?];
+export declare const noDebugCodeInProduction: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/no-debug-code-in-production.js

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDebugCodeInProduction = void 0;
+/**
+ * @fileoverview Detect debug code in production
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/489.html
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noDebugCodeInProduction = (0, eslint_devkit_1.createRule)({
+    name: 'no-debug-code-in-production',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detect debug code in production',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-489',
+                description: 'Detect debug code in production detected - DEBUG, __DEV__, console',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/489.html',
+            }),
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            Identifier(node) {
+                if (['DEBUG', '__DEV__'].includes(node.name)) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+            CallExpression(node) {
+                if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                    node.callee.object.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    node.callee.object.name === 'console' &&
+                    node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    node.callee.property.name === 'log') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=no-debug-code-in-production.js.map

package/src/rules/operability/no-debug-code-in-production.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-debug-code-in-production.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/no-debug-code-in-production.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;;;GAIG;AAEH,4DAKkC;AAUrB,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,iCAAiC;SAC/C;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EACT,oEAAoE;gBACtE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,UAAU,CAAC,IAAyB;gBAClC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7C,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YACD,cAAc,CAAC,IAA6B;gBAC1C,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB;oBACpD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBACrD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBACrC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK,EACnC,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/operability/no-process-exit.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+/**
+ * ESLint Rule: no-process-exit
+ * Prevent usage of process.exit()
+ */
+import type { TSESLint } from '@interlace/eslint-devkit';
+export interface Options {
+    /** Allow process.exit in specific contexts */
+    allow?: string[];
+}
+type RuleOptions = [Options?];
+export declare const noProcessExit: TSESLint.RuleModule<"noProcessExit", RuleOptions, unknown, TSESLint.RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/no-process-exit.js

@@ -0,0 +1,79 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noProcessExit = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+exports.noProcessExit = (0, eslint_devkit_1.createRule)({
+    name: 'no-process-exit',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent usage of process.exit() which can terminate the process unexpectedly',
+        },
+        hasSuggestions: false,
+        messages: {
+            noProcessExit: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Process Exit',
+                description: 'Avoid using process.exit()',
+                severity: 'HIGH',
+                fix: 'Use throw error or return exit code instead',
+                documentationLink: 'https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/no-process-exit.md',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allow: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [{ allow: [] }],
+    create(context) {
+        function isInAllowedContext() {
+            // For simplicity, we'll skip the allow option for now
+            return false;
+        }
+        function isProcessExitCall(node) {
+            // Check if this is a call to process.exit
+            function isProcessExitMember(callee) {
+                if (callee.type === 'MemberExpression' &&
+                    callee.object.type === 'Identifier' &&
+                    callee.object.name === 'process' &&
+                    callee.property.type === 'Identifier' &&
+                    callee.property.name === 'exit') {
+                    return true;
+                }
+                return false;
+            }
+            return isProcessExitMember(node.callee);
+        }
+        return {
+            CallExpression(node) {
+                if (isProcessExitCall(node) && !isInAllowedContext()) {
+                    context.report({
+                        node,
+                        messageId: 'noProcessExit',
+                        data: {
+                            current: 'process.exit()',
+                            fix: 'throw error or return',
+                        },
+                    });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=no-process-exit.js.map

package/src/rules/operability/no-process-exit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-process-exit.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/no-process-exit.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAOH,4DAAsD;AACtD,4DAA0E;AAW7D,QAAA,aAAa,GAAG,IAAA,0BAAU,EAA0B;IAC/D,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EACT,8EAA8E;SACjF;QACD,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE;YACR,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EACf,+FAA+F;aAClG,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAE;wBACL,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAE/B,MAAM,CAAC,OAAsD;QAC3D,SAAS,kBAAkB;YACzB,sDAAsD;YACtD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,SAAS,iBAAiB,CAAC,IAA6B;YACtD,0CAA0C;YAC1C,SAAS,mBAAmB,CAAC,MAA2B;gBACtD,IACE,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM,EAC/B,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;oBACrD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,eAAe;wBAC1B,IAAI,EAAE;4BACJ,OAAO,EAAE,gBAAgB;4BACzB,GAAG,EAAE,uBAAuB;yBAC7B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/operability/no-verbose-error-messages.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+}
+type RuleOptions = [Options?];
+export declare const noVerboseErrorMessages: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/no-verbose-error-messages.js

@@ -0,0 +1,74 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noVerboseErrorMessages = void 0;
+/**
+ * @fileoverview Prevent exposing stack traces to users
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/209.html
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noVerboseErrorMessages = (0, eslint_devkit_1.createRule)({
+    name: 'no-verbose-error-messages',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent exposing stack traces to users',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-209',
+                description: 'Prevent exposing stack traces to users detected - this is a security risk',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/209.html',
+            }),
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({
+                node,
+                messageId: 'violationDetected',
+            });
+        }
+        return {
+            CallExpression(node) {
+                // Check res.send/res.json with error.stack
+                if (node.type === eslint_devkit_1.AST_NODE_TYPES.CallExpression &&
+                    node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                    node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    ['send', 'json'].includes(node.callee.property.name)) {
+                    const arg = node.arguments[0];
+                    // Check for error.stack or err.stack
+                    if (arg?.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                        arg.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                        arg.property.name === 'stack') {
+                        report(node);
+                    }
+                    // Check for { stack: error.stack } in object
+                    if (arg?.type === eslint_devkit_1.AST_NODE_TYPES.ObjectExpression) {
+                        const stackProp = arg.properties.find((p) => p.type === eslint_devkit_1.AST_NODE_TYPES.Property &&
+                            p.key.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                            (p.key.name === 'stack' ||
+                                (p.value.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                                    p.value.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                                    p.value.property.name === 'stack')));
+                        if (stackProp) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=no-verbose-error-messages.js.map

package/src/rules/operability/no-verbose-error-messages.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-verbose-error-messages.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/no-verbose-error-messages.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;;;GAIG;AAEH,4DAKkC;AAUrB,QAAA,sBAAsB,GAAG,IAAA,0BAAU,EAA0B;IACxE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,wCAAwC;SACtD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EACT,2EAA2E;gBAC7E,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,mBAAmB;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,2CAA2C;gBAC3C,IACE,IAAI,CAAC,IAAI,KAAK,8BAAc,CAAC,cAAc;oBAC3C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB;oBACpD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oBACvD,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACpD,CAAC;oBACD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBAE9B,qCAAqC;oBACrC,IACE,GAAG,EAAE,IAAI,KAAK,8BAAc,CAAC,gBAAgB;wBAC7C,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;wBAC/C,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,EAC7B,CAAC;wBACD,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;oBAED,6CAA6C;oBAC7C,IAAI,GAAG,EAAE,IAAI,KAAK,8BAAc,CAAC,gBAAgB,EAAE,CAAC;wBAClD,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,8BAAc,CAAC,QAAQ;4BAClC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;4BACxC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,OAAO;gCACrB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,8BAAc,CAAC,gBAAgB;oCAC/C,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;oCACnD,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAC1C,CAAC;wBACF,IAAI,SAAS,EAAE,CAAC;4BACd,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/operability/require-code-minification.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+}
+type RuleOptions = [Options?];
+export declare const requireCodeMinification: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/require-code-minification.js

@@ -0,0 +1,49 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireCodeMinification = void 0;
+/**
+ * @fileoverview Require minification configuration
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/656.html
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireCodeMinification = (0, eslint_devkit_1.createRule)({
+    name: 'require-code-minification',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require minification configuration',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-656',
+                description: 'Require minification configuration detected - Build config without minification',
+                severity: 'LOW',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/656.html',
+            }),
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            Property(node) {
+                if (node.key.type === 'Identifier' &&
+                    node.key.name === 'minimize' &&
+                    node.value.type === 'Literal' &&
+                    node.value.value === false) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=require-code-minification.js.map

package/src/rules/operability/require-code-minification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-code-minification.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/require-code-minification.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;;;GAIG;AAEH,4DAIkC;AAUrB,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,oCAAoC;SAClD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EACT,iFAAiF;gBACnF,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,QAAQ,CAAC,IAAuB;gBAC9B,IACE,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oBAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,UAAU;oBAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;oBAC7B,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,EAC1B,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/operability/require-data-minimization.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+export interface Options {
+}
+type RuleOptions = [Options?];
+export declare const requireDataMinimization: import("@typescript-eslint/utils/ts-eslint").RuleModule<"violationDetected", RuleOptions, unknown, import("@typescript-eslint/utils/ts-eslint").RuleListener> & {
+    name: string;
+};
+export {};

package/src/rules/operability/require-data-minimization.js

@@ -0,0 +1,56 @@
+"use strict";
+/**
+ * Copyright (c) 2025 Ofri Peretz
+ * Licensed under the MIT License. Use of this source code is governed by the
+ * MIT license that can be found in the LICENSE file.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireDataMinimization = void 0;
+/**
+ * @fileoverview Identify excessive data collection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/213.html
+ */
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireDataMinimization = (0, eslint_devkit_1.createRule)({
+    name: 'require-data-minimization',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Identify excessive data collection patterns',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-213',
+                description: 'Excessive data collection detected - only collect data that is necessary',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/213.html',
+            }),
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            ObjectExpression(node) {
+                // Flag objects with >10 properties being collected
+                if (node.properties.length > 10) {
+                    // Check if this looks like user data collection
+                    const hasUserData = node.properties.some((p) => p.type === eslint_devkit_1.AST_NODE_TYPES.Property &&
+                        p.key.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                        ['email', 'name', 'phone', 'address'].includes(p.key.name));
+                    if (hasUserData) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=require-data-minimization.js.map

package/src/rules/operability/require-data-minimization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-data-minimization.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-operability/src/rules/operability/require-data-minimization.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH;;;;GAIG;AAEH,4DAKkC;AAUrB,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE;YACJ,WAAW,EAAE,6CAA6C;SAC3D;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EACT,0EAA0E;gBAC5E,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,gBAAgB,CAAC,IAA+B;gBAC9C,mDAAmD;gBACnD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAChC,gDAAgD;oBAChD,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,8BAAc,CAAC,QAAQ;wBAClC,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,8BAAc,CAAC,UAAU;wBACxC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAC7D,CAAC;oBAEF,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}