falsegreen-js 0.4.0 → 0.6.0

package/CHANGELOG.md

@@ -6,6 +6,103 @@ All notable changes to this project are documented here. The format is based on
 
 ## [Unreleased]
 
+## [0.6.0] - 2026-06-29
+
+### Added
+- `JS25` (high, J1): the only assertion sits inside an array-iterator callback
+  (`forEach`/`map`/`filter`/`some`/`every`/`flatMap`). On an empty collection the
+  callback runs zero times, so nothing is checked and the test still goes green.
+  Fills the verified gap between C2/C2b (whose `hasAssertion` descends into the
+  callback and finds the assertion) and C21 (whose own-scope scan stops at the
+  callback and sees none). FP guards: an own-scope assertion, a non-empty
+  array-literal receiver, or an `expect.assertions`/`hasAssertions` guard suppress it.
+- `JS30` (high, J2): literal-vs-literal assertion such as `expect(2).toBe(3)` or
+  chai `expect(x).to.equal(y)`, where both operands are literal nodes through an
+  equality matcher (`toBe`/`toEqual`/`toStrictEqual`/`toBeCloseTo`/`equal`/`equals`/
+  `eql`/`is`). The comparison is fixed at parse time, independent of any code. The
+  same-token case (`expect(1).toBe(1)`) stays with C5; object/array literals
+  (reference equality) and template literals with substitutions are excluded.
+- `JS31` (low, J1): a `try/catch` whose try calls code that may throw and whose
+  catch neither asserts on the exception, re-raises, nor calls `fail()`. A unit that
+  stops throwing (a real regression) still passes green. Complement of JS11, which
+  owns the swallowed-assertion case; JS31 fires only when the try has a call but no
+  assertion and the catch is harmless.
+- `JS27` (low, J3): `toHaveBeenCalled*` is the sole oracle on a locally-created
+  double (`jest.fn`/`vi.fn`/`spyOn`). The test confirms it called the double it set
+  up, not the unit's output or state. Gated to the unit level (a logger-spy call
+  check is legitimate at integration/e2e) and suppressed when any non-call-tracking
+  assertion is present. Sibling of JS8.
+- `JS26` (low, J1): fake timers installed but never advanced. A `setTimeout`/
+  `setInterval` is armed under frozen fake timers and nothing in the test scope (nor
+  a sibling `before`/`after` hook) calls `runAllTimers`/`advanceTimersByTime`/`tick`,
+  so the scheduled callback never fires and the assertion reads un-mutated state. The
+  opposite of C16 (uncontrolled timer). Requires an assertion in scope; a flush in
+  the body or an enclosing hook suppresses it.
+- `JS29` (low, J6): an `expect(...).resolves`/`.rejects` chain that is a bare
+  statement, not awaited or returned. The matcher settles asynchronously, so a
+  floating chain finishes green before it resolves. The statically-provable subset of
+  the skipped JS20, keyed on the explicit `.resolves`/`.rejects` marker so no type
+  inference is needed.
+- `C8b` (low, J4): `toBeCloseTo` called with no precision argument, so the default
+  2-digit tolerance applies. The js analogue of `assertAlmostEqual`/`pytest.approx`
+  with no tolerance, ported from `falsegreen`. Implicit-precision only; a
+  literal-vs-literal `toBeCloseTo` stays with JS30.
+- `C11a` (low, J2): self-confirming literal. The expected value is bound from the
+  same call under test (`const e = foo(); expect(foo()).toBe(e)`), so the oracle
+  confirms the code against itself. Ported from `falsegreen`; the bound initializer
+  must provably be the SUT call (its source text equals the expect subject's), so a
+  literal or a different-call binding stays clean.
+
+### Changed
+- `C8` (exact float) now fires only when the subject is a real (non-literal) value;
+  a literal-vs-literal float (`expect(0.1).toBe(0.3)`) is owned by the stronger JS30
+  lane, so the two no longer double-report.
+
+## [0.5.0] - 2026-06-28
+
+### Added
+- `JS23` (high, J1): `expect.assertions(N)` with a numeric `N` higher than the unconditional,
+  reachable, non-nested `expect()` calls that can run. The guard can never be met, so the test
+  passes without ever exercising the count it claims. Fires only when `N` is a numeric literal
+  and the shortfall is provable: an `expect` in a loop, a branch, a `.then`/callback, or a
+  helper makes the count indeterminate and suppresses the finding. `expect.hasAssertions()`
+  carries no count and is skipped. This is the implemented sibling of the still-skipped JS16.
+- `JS24` (low, J4): a Cypress query chain (`cy.get`/`cy.find`/`cy.contains`) used as a statement
+  with no terminating `.should`/`.and` and no `expect` inside a `.then` callback. The query
+  produces a subject that is never asserted, the cy.* analogue of JS13. Action commands
+  (`click`/`type`/`visit`/...) do work rather than just query, so a chain ending in one stays
+  clean, as does a chain that ends in `.should`/`.and` or asserts in `.then`.
+- CLI `--enable <codes>` (and `--enable=...`): re-activates listed off or opt-in codes at their
+  catalog severity, flipping a default-off code on. It cannot raise a code above catalog
+  severity. `--disable` wins over `--enable`, so a code passed to both stays off.
+- `examples/` tree (#47): a worked sample for every emitted code, a BAD test the scanner flags
+  paired with a CLEAN look-alike one token away that it leaves alone. Files are grouped by
+  RiskGroup (`effectiveness`, `execution`, `nondeterminism`, `dependency`), with `cypress.cy.ts`
+  for the Cypress code and `diagnostics.test.ts` for the opt-in maintainability group. C16 keeps
+  a separate frozen-clock file because the fake-timer signal is file-wide. `vitest.config.ts`
+  excludes `examples/**` from collection, and `test/examples.test.ts` scans each file with
+  `analyze(parse(...))` to assert every code fires in its file, with a drift guard that fails if a
+  new default-on code lands without an example. The config-audit-only PL series scans Jest/Vitest
+  config rather than a test file, so it has no test-file example.
+
+### Changed
+- `JS8` now also catches the `jest.spyOn`/`vi.spyOn` form: a spy with a canned return
+  (`mockReturnValue`/`mockResolvedValue`/`mockImplementation`) whose spied target root is also an
+  `expect` subject. The test asserts the canned value, not real behaviour. Conservative
+  same-binding guard: spying a collaborator (a different object) stays clean, and asserting on
+  the spy handle itself (`expect(spy).toHaveBeenCalled()`) is not treated as the subject.
+- `JS3` gains a distinct detail when the snapshot is an empty inline baseline:
+  `toMatchInlineSnapshot()` with no argument, or an empty or whitespace-only string baseline,
+  passes by writing itself on the first run. A populated inline snapshot keeps the existing
+  detail; the snapshot-only detection logic is unchanged.
+
+### Docs
+- `CONTRIBUTING.md` documents the FP-boundary decisions that previously lived only in
+  source comments: the admission criteria for a new code (statically provable, FP-guarded,
+  ships with a CLEAN look-alike one token from the BAD, carries a catalog entry, clears the
+  panel and principal-reviewer gate) and the standing per-code rules for C44, C6, JS5, C16,
+  JS23, JS24, and JS8 (#51).
+
 ## [0.4.0] - 2026-06-28
 
 ### Fixed
@@ -176,7 +273,8 @@ All notable changes to this project are documented here. The format is based on
 - pre-commit hook (`.pre-commit-hooks.yaml`), CI matrix (Node 18/20/22), and an npm
   trusted-publishing release workflow.
 
-[Unreleased]: https://github.com/vinicq/falsegreen-js/compare/v0.4.0...HEAD
+[Unreleased]: https://github.com/vinicq/falsegreen-js/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/vinicq/falsegreen-js/compare/v0.4.0...v0.5.0
 [0.4.0]: https://github.com/vinicq/falsegreen-js/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/vinicq/falsegreen-js/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/vinicq/falsegreen-js/compare/v0.1.0...v0.2.0

package/README.md

@@ -15,7 +15,14 @@ AST scan, no code execution. Sibling of [`falsegreen`](https://github.com/vinicq
 
 Covers `.js`, `.jsx`, `.ts`, `.tsx`, `.mjs`, `.cjs`, `.mts`, `.cts`.
 
-**The falsegreen family:** [falsegreen](https://github.com/vinicq/falsegreen) (Python/pytest) · **falsegreen-js** (JS/TS) · [robotframework-falsegreen](https://github.com/vinicq/robotframework-falsegreen) (Robot Framework) · [falsegreen-skill](https://github.com/vinicq/falsegreen-skill) (semantic LLM pass).
+**The falsegreen family** (install the one for your stack):
+
+| Tool | Stack | Install | Package |
+|---|---|---|---|
+| [falsegreen](https://github.com/vinicq/falsegreen) | Python / pytest | `pip install falsegreen` | [PyPI](https://pypi.org/project/falsegreen/) |
+| **falsegreen-js** | JS / TS | `npm i -D falsegreen-js` (`npx falsegreen-js`) | [npm](https://www.npmjs.com/package/falsegreen-js) |
+| [robotframework-falsegreen](https://github.com/vinicq/robotframework-falsegreen) | Robot Framework | `pip install robotframework-falsegreen` | [PyPI](https://pypi.org/project/robotframework-falsegreen/) |
+| [falsegreen-skill](https://github.com/vinicq/falsegreen-skill) | semantic LLM pass | `npx falsegreen-skill analyze <path>` | [npm](https://www.npmjs.com/package/falsegreen-skill) |
 
 ## Why
 
@@ -44,6 +51,7 @@ npx falsegreen-js --output report.json   # write to a file
 npx falsegreen-js --output .falsegreen/  # write report.<ext> into a directory
 npx falsegreen-js --config-audit  # audit Jest/Vitest config (project-layer PL codes)
 npx falsegreen-js --disable C7,JS3
+npx falsegreen-js --enable D8,M2   # re-activate off/opt-in codes at catalog severity
 ```
 
 Each finding is reported with its pyramid level (unit / integration / e2e, read from the file's imports) and a one-line fix hint, and the summary breaks the findings down by level and lists the most common fixes. `--output` takes a file or a directory: an extension-less or trailing-slash path (e.g. `.falsegreen/`) receives `report.<ext>` for the chosen format. Reports are run artifacts; keep the output directory gitignored.
@@ -129,7 +137,9 @@ line up in the research. `JS*` codes are ecosystem-specific.
 | C20 | high | assertion in unreachable code (after a `return`/`throw`/`process.exit`, a `break`, a both-arms-terminating `if`, or an exhaustive `switch`) — it never runs |
 | C23 | low  | reads a real file at a literal path, or a hard-coded URL (mystery guest) |
 | C8  | low  | exact equality on a float (use `toBeCloseTo`) |
+| C8b | low  | `toBeCloseTo` with no precision argument — the default 2-digit tolerance may be too loose |
 | C9  | low  | `toThrow()` with no error type or message — accepts any error |
+| C11a | low | self-confirming literal — the expected value is bound from the same call under test (`const e = foo(); expect(foo()).toBe(e)`) |
 | C16 | low  | result depends on `Date.now`, `Math.random`, or a fixed timer |
 | C18 | low  | compares `String(x)` / `JSON.stringify(x)` / `` `${x}` `` to a literal (formatting, not value) |
 | C21 | low  | every assertion is conditional — none runs unconditionally |
@@ -152,6 +162,14 @@ line up in the research. `JS*` codes are ecosystem-specific.
 | JS18 | low | test takes a `done` callback instead of async/await — a mistimed `done` passes early |
 | JS21 | high | matcher referenced but never called (`expect(x).toBe` with no `()`) — the assertion never runs |
 | JS22 | high | empty `it.each`/`test.each` table — generated with zero cases, never runs |
+| JS23 | high | `expect.assertions(N)` with fewer unconditional `expect()` calls than N — the guard can never be met |
+| JS24 | low  | Cypress query (`cy.get`/`cy.find`/`cy.contains`) as a loose statement with no terminating `.should`/`.and` and no `expect` in `.then` — its result is never asserted |
+| JS25 | high | the only assertion sits inside an array-iterator callback (`forEach`/`map`/`filter`/`some`/`every`/`flatMap`) — runs zero times on an empty collection |
+| JS26 | low  | fake timers installed but never advanced (`runAllTimers`/`advanceTimersByTime`/`tick`) — the scheduled callback never fires, so the assertion reads un-mutated state |
+| JS27 | low  | `toHaveBeenCalled*` is the sole oracle on a locally-created double — verifies wiring, not behaviour |
+| JS29 | low  | `expect(...).resolves`/`.rejects` chain is a bare statement, not awaited or returned — the test finishes green before the matcher settles |
+| JS30 | high | literal-vs-literal assertion (`expect(2).toBe(3)`, chai `expect(x).to.equal(y)`) — both operands are fixed at parse time |
+| JS31 | low  | `try/catch` swallows a possible throw with no assertion on the exception — a unit that stops throwing still passes green |
 
 Each code carries a judgment tag (J1-J6) shared with the
 [falsegreen-skill](https://github.com/vinicq/falsegreen-skill) semantic framework.
@@ -186,8 +204,11 @@ Some catalog codes were reviewed and left out, on purpose:
 - **JS20** (a Promise compared without `resolves`/`rejects`): telling that a value is a
   Promise needs type information the AST does not carry, so it would be too noisy.
 - **JS12** (a floating promise whose `expect` is never returned): already covered by JS7.
-- **JS16** (`async` test with no `expect.assertions(n)`): the absence of a guard is not a
-  smell on its own; flagging it would fire on most async tests.
+- **JS16** (`async` test with no `expect.assertions(n)`): the *absence* of a guard is not a
+  smell on its own; flagging it would fire on most async tests. The implemented sibling is
+  `JS23`, which fires on a present-but-unsatisfiable guard: `expect.assertions(N)` with a
+  numeric `N` higher than the unconditional `expect()` calls that can run, so the count can
+  never be met.
 - **JS14** (a giant inline snapshot): a readability and review-noise concern, not a
   false-green one. The snapshot still protects, so it belongs to the diagnostic group and is
   better served by `eslint-plugin-jest` (`no-large-snapshots`) as an opt-in lint rule.
@@ -226,7 +247,7 @@ Optional. `falsegreen.json`, `.falsegreenrc.json`, or a `"falsegreen"` key in
 }
 ```
 
-Precedence: CLI `--disable` > config `disable`/`severity` > catalog default.
+Precedence: CLI `--disable` > CLI `--enable` > config `disable`/`severity` > catalog default. `--enable <codes>` re-activates listed off or opt-in codes at their catalog severity (it flips a default-off code on; it cannot raise a code above catalog). A code passed to both `--enable` and `--disable` stays off — `--disable` wins.
 
 ## Scope and honesty
 

package/dist/cases.js

@@ -59,6 +59,16 @@ export const CASES = {
     JS18: { title: "test takes a done callback instead of async/await — a done called too early (or in a floating promise) passes before the assertions run", group: "execution", severity: "low", defaultOn: true, judgment: "J1" },
     JS21: { title: "matcher referenced but never called (expect(x).toBe with no ()) — the assertion never executes", group: "execution", severity: "high", defaultOn: true, judgment: "J1" },
     JS22: { title: "empty it.each/test.each table — the test is generated with zero cases and never runs", group: "execution", severity: "high", defaultOn: true, judgment: "J1" },
+    JS23: { title: "expect.assertions(N) with fewer unconditional expect() calls than N — the guard can never be met", group: "execution", severity: "high", defaultOn: true, judgment: "J1" },
+    JS24: { title: "Cypress query (cy.get/find/contains) with no terminating .should/.and and no expect in .then — its result is never asserted", group: "effectiveness", severity: "low", defaultOn: true, judgment: "J4" },
+    JS25: { title: "the only assertion sits inside an array-iterator callback (forEach/map/filter/some/every/flatMap) — runs zero times on an empty collection", group: "execution", severity: "high", defaultOn: true, judgment: "J1" },
+    JS26: { title: "fake timers installed but never advanced — the scheduled callback never fires, so the assertion runs against un-mutated state", group: "execution", severity: "low", defaultOn: true, judgment: "J1" },
+    JS27: { title: "toHaveBeenCalled* is the sole oracle on a locally-created double — verifies wiring, not behaviour", group: "dependency", severity: "low", defaultOn: true, judgment: "J3" },
+    JS29: { title: "expect(...).resolves/.rejects chain is a bare statement, not awaited or returned — the test finishes green before the matcher settles", group: "execution", severity: "low", defaultOn: true, judgment: "J6" },
+    JS30: { title: "literal-vs-literal assertion (expect(1).toBe(1)) — both operands are fixed at parse time, independent of any code", group: "effectiveness", severity: "high", defaultOn: true, judgment: "J2" },
+    JS31: { title: "try/catch swallows a SUT throw with no assertion on the exception — a unit that stops throwing still passes green", group: "execution", severity: "low", defaultOn: true, judgment: "J1" },
+    C8b: { title: "toBeCloseTo with no precision argument — the default 2-digit tolerance may be too loose for the value under test", group: "effectiveness", severity: "low", defaultOn: true, judgment: "J4" },
+    C11a: { title: "self-confirming literal — the expected value is bound from the same call/expression under test (const e = foo(); expect(foo()).toBe(e))", group: "effectiveness", severity: "low", defaultOn: true, judgment: "J2" },
     // --- diagnostic group (maintainability; default off, opt-in via --diagnostics
     // or config severity). These are NOT false-green: the test still protects. They
     // are a "plus" for test-code health, mirroring falsegreen's D/M group. -------
@@ -155,6 +165,16 @@ export const FIX_HINTS = {
     JS18: "use async/await instead of the done callback",
     JS21: "call the matcher (add ()) so the assertion executes",
     JS22: "add at least one row to the it.each/test.each table",
+    JS23: "make the unconditional expect() count match expect.assertions(N), or remove the guard",
+    JS24: "end the cy query in .should()/.and(), or assert in .then()",
+    JS25: "add an assertion outside the iterator callback so it runs even when the collection is empty",
+    JS26: "advance the fake timers (runAllTimers/advanceTimersByTime/tick) before asserting",
+    JS27: "assert the unit's output or state, not just that the double was called",
+    JS29: "await or return the resolves/rejects assertion so the matcher settles",
+    JS30: "assert a real value against an independent expected one, not literal against literal",
+    JS31: "assert on the caught error, re-throw, call fail(), or wrap the call in expect().toThrow()",
+    C8b: "pass a precision argument to toBeCloseTo(), or choose an explicit tolerance",
+    C11a: "bind the expected value independently of the call under test",
     D1: "give each assertion a message, or split the test",
     D3: "remove the duplicate assertion",
     D4: "add titled cases to it.each/test.each",

package/dist/cli.js

@@ -34,6 +34,7 @@ Usage:
   falsegreen-js --config-audit    audit Jest/Vitest config (project-layer PL codes)
   falsegreen-js --diagnostics     also report the opt-in maintainability group (D*/M*)
   falsegreen-js --disable C7,JS3  turn off specific codes
+  falsegreen-js --enable D8,M2    re-activate off/opt-in codes at catalog severity (--disable wins)
   falsegreen-js --version
   falsegreen-js --help
 
@@ -52,6 +53,7 @@ function parseArgs(argv) {
     let baseline;
     let writeBaselinePath;
     const disable = new Set();
+    const enable = new Set();
     // An optional-value flag (--baseline / --write-baseline) consumes the next
     // token only when it is a value, not another flag.
     const optionalValue = (next) => (next !== undefined && !next.startsWith("-")) ? next : undefined;
@@ -115,6 +117,14 @@ function parseArgs(argv) {
             a.slice("--disable=".length).split(",").map((s) => s.trim())
                 .filter(Boolean).forEach((c) => disable.add(c));
         }
+        else if (a === "--enable") {
+            const v = argv[++i] ?? "";
+            v.split(",").map((s) => s.trim()).filter(Boolean).forEach((c) => enable.add(c));
+        }
+        else if (a.startsWith("--enable=")) {
+            a.slice("--enable=".length).split(",").map((s) => s.trim())
+                .filter(Boolean).forEach((c) => enable.add(c));
+        }
         else if (a.startsWith("-")) {
             process.stderr.write(`falsegreen-js: unknown option ${a}\n`);
             process.exit(2);
@@ -124,7 +134,7 @@ function parseArgs(argv) {
     }
     const fmt = format ?? (json ? "json" : "text");
     return {
-        paths, fmt, staged, help, version, diagnostics, configAudit, disable,
+        paths, fmt, staged, help, version, diagnostics, configAudit, disable, enable,
         output, baseline, writeBaselinePath,
     };
 }
@@ -234,7 +244,9 @@ export function renderText(findings) {
 }
 function scan(opt) {
     const config = loadConfig();
-    const scanOpts = { config, cliDisable: opt.disable, diagnostics: opt.diagnostics };
+    const scanOpts = {
+        config, cliDisable: opt.disable, cliEnable: opt.enable, diagnostics: opt.diagnostics,
+    };
     if (opt.staged)
         return stagedFiles().flatMap((f) => scanFile(f, scanOpts));
     return scanPaths(opt.paths.length ? opt.paths : ["."], scanOpts);

package/dist/rules.js

@@ -4,6 +4,7 @@ import { DIAGNOSTIC_THRESHOLDS } from "./cases.js";
 import { ASSERT_ROOTS, ASSERT_METHODS, SNAPSHOT_MATCHERS, EQUALITY_MATCHERS, VUE_SVELTE_ASYNC, oracleKind, } from "./oracles.js";
 import { lineOf } from "./parse.js";
 import { assertionsInDeadCode, hasUnconditionalAssertion } from "./cfg.js";
+import { detectPyramidLevel } from "./level.js";
 // --- test framework vocabulary (runner-agnostic) ---------------------------
 // it/test/specify (Jest, Vitest, Mocha, Jasmine, AVA, node:test, Cypress,
 // Playwright, tap). describe/context/suite are suites. fit/fdescribe focus and
@@ -14,6 +15,23 @@ import { assertionsInDeadCode, hasUnconditionalAssertion } from "./cfg.js";
 const TEST_BLOCK_ROOTS = new Set(["it", "test", "specify"]);
 const SUITE_ROOTS = new Set(["describe", "context", "suite", "fdescribe", "xdescribe", "fcontext", "xcontext"]);
 const FOCUS_NAMES = new Set(["fit", "fdescribe", "fcontext"]);
+// Array-iterator methods whose callback runs once per element — zero times on an
+// empty collection. An assertion that lives ONLY inside one of these callbacks
+// (JS25) runs zero times when the receiver is empty: green with nothing checked.
+const ARRAY_ITERATOR_METHODS = new Set(["forEach", "map", "filter", "some", "every", "flatMap"]);
+// Equality matchers across runners for the literal-vs-literal (JS30) and
+// self-confirming-literal (C11a) lanes: Jest/Vitest toBe family + toBeCloseTo,
+// plus chai/AVA equal/equals/eql/is. Broader than EQUALITY_MATCHERS (which gates
+// the Jest-only C5/C7/C8 lanes) on purpose.
+const EQ_MATCHERS_ANY = new Set([
+    "toBe", "toEqual", "toStrictEqual", "toBeCloseTo", "equal", "equals", "eql", "is",
+]);
+// toHaveBeenCalled* family (JS27): matchers that only assert a double was invoked.
+const CALL_TRACKING_MATCHERS = new Set([
+    "toHaveBeenCalled", "toHaveBeenCalledTimes", "toHaveBeenCalledWith",
+    "toHaveBeenLastCalledWith", "toHaveBeenNthCalledWith", "toBeCalled",
+    "toBeCalledTimes", "toBeCalledWith", "toHaveBeenCalledOnce",
+]);
 const SKIP_NAMES = new Set(["xit", "xdescribe", "xcontext", "xspecify"]);
 // --- C48 dark-patch: a test that flips a known test-mode flag then asserts ---
 // env keys (process.env.<KEY> = <test-mode value>) whose name means "we are under
@@ -78,6 +96,58 @@ function expectRooted(e) {
     }
     return false;
 }
+// --- JS24: Cypress query chain with no terminating assertion ---------------
+const CY_QUERY_COMMANDS = new Set(["get", "find", "contains"]);
+/** True if any `expect(...)` call appears under `scope` (any matcher form, or a
+ *  bare expect). Used to keep a cy chain clean when it asserts inside a .then. */
+function containsExpectCall(scope) {
+    let found = false;
+    const walk = (n) => {
+        if (found)
+            return;
+        if (ts.isCallExpression(n) && expectRooted(n)) {
+            found = true;
+            return;
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return found;
+}
+/** True if a call chain rooted at `cy` ends in a query command (get/find/contains)
+ *  and carries no terminating `.should`/`.and` and no `expect(...)` inside a `.then`
+ *  callback — so it produces a subject that is never asserted. Action commands
+ *  (click/type/visit/...) as the outermost call do something, so they stay clean.
+ *  `expr` is the outermost call of the statement. */
+function isUnassertedCyQuery(expr) {
+    if (rootIdent(expr) !== "cy")
+        return false;
+    // outermost command must be a query, not an action (action does work, not just query)
+    if (!ts.isPropertyAccessExpression(expr.expression))
+        return false;
+    if (!CY_QUERY_COMMANDS.has(expr.expression.name.text))
+        return false;
+    // scan the whole chain for a terminating assertion: any .should/.and, or an
+    // expect(...) inside a .then(cb) callback. Either keeps it clean.
+    let cur = expr;
+    const visit = (n) => {
+        if (ts.isCallExpression(n) && ts.isPropertyAccessExpression(n.expression)) {
+            const m = n.expression.name.text;
+            if (m === "should" || m === "and")
+                return true;
+            if (m === "then") {
+                const cb = n.arguments.find((a) => ts.isArrowFunction(a) || ts.isFunctionExpression(a));
+                if (cb && containsExpectCall(cb))
+                    return true;
+            }
+        }
+        let asserted = false;
+        ts.forEachChild(n, (c) => { if (visit(c))
+            asserted = true; });
+        return asserted;
+    };
+    return !visit(cur);
+}
 function literalTruthiness(e) {
     if (!e)
         return null;
@@ -151,6 +221,23 @@ function expectChain(call) {
     }
     return null;
 }
+/** True if `call` is the terminal matcher call of an `expect(...).resolves`/
+ *  `.rejects` chain (e.g. `expect(p).resolves.toBe(1)`). Walks the callee base for a
+ *  `.resolves`/`.rejects` property access that bottoms out in an `expect(...)` call.
+ *  Only the explicit resolves/rejects marker counts (JS29); a plain promise does not. */
+function expectIsResolvesRejects(call) {
+    if (!ts.isPropertyAccessExpression(call.expression))
+        return false;
+    let base = call.expression.expression;
+    let sawSettle = false;
+    while (ts.isPropertyAccessExpression(base) || ts.isCallExpression(base)) {
+        if (ts.isPropertyAccessExpression(base) &&
+            (base.name.text === "resolves" || base.name.text === "rejects"))
+            sawSettle = true;
+        base = base.expression;
+    }
+    return sawSettle && expectRooted(call.expression);
+}
 /** True if a call's result is observed: awaited, returned, assigned, the
  *  implicit-return body of an arrow, or explicitly discarded with `void` (an
  *  author signalling "I am dropping this on purpose"). A bare floating call (its
@@ -314,6 +401,22 @@ function isHarmlessCatch(block) {
     }
     return true;
 }
+/** Stricter than isHarmlessCatch, for JS31: the catch truly swallows the throw,
+ *  doing NOTHING with it. Only an empty body or `console.*` log-only statements
+ *  qualify. An assignment (recovery flag like `supported = false`), a return, a
+ *  fail()/throw, an assertion, or any other call is meaningful handling, not a
+ *  silent swallow, so JS31 must not fire. Keeps JS31 precision-first. */
+function catchSilentlySwallows(block) {
+    for (const stmt of block.statements) {
+        if (!ts.isExpressionStatement(stmt))
+            return false; // return/var/if/etc: handling
+        if (!ts.isCallExpression(stmt.expression))
+            return false; // a bare assignment/expr
+        if (!calleeName(stmt.expression.expression).startsWith("console."))
+            return false;
+    }
+    return true;
+}
 /** Matcher names of every expect-chain assertion under scope (for snapshot-only). */
 function matchersUnder(scope) {
     const out = [];
@@ -328,6 +431,309 @@ function matchersUnder(scope) {
     ts.forEachChild(scope, walk);
     return out;
 }
+/** True if any snapshot matcher under `scope` is an inline snapshot with no
+ *  baseline yet: `toMatchInlineSnapshot()` / `toThrowErrorMatchingInlineSnapshot()`
+ *  with no argument, or an empty/whitespace-only string-literal baseline. On the
+ *  first run the runner writes the snapshot from the output itself, so it passes
+ *  by construction. A populated inline snapshot has a real baseline and is not this. */
+function hasEmptyInlineSnapshot(scope) {
+    let found = false;
+    const walk = (n) => {
+        if (found)
+            return;
+        if (ts.isCallExpression(n)) {
+            const chain = expectChain(n);
+            if (chain && (chain.matcher === "toMatchInlineSnapshot" ||
+                chain.matcher === "toThrowErrorMatchingInlineSnapshot")) {
+                const a0 = chain.args[0];
+                if (a0 === undefined) {
+                    found = true;
+                    return;
+                }
+                if ((ts.isStringLiteral(a0) || ts.isNoSubstitutionTemplateLiteral(a0)) &&
+                    a0.text.trim() === "") {
+                    found = true;
+                    return;
+                }
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    ts.forEachChild(scope, walk);
+    return found;
+}
+/** The numeric N of an `expect.assertions(N)` call (N a numeric literal), else
+ *  null. `expect.hasAssertions()` carries no count and is not this. */
+function expectAssertionsCount(call) {
+    if (calleeName(call.expression) !== "expect.assertions")
+        return null;
+    const a0 = call.arguments[0];
+    if (a0 && ts.isNumericLiteral(a0))
+        return Number(a0.text);
+    return null;
+}
+/** JS23 expect accounting. `unconditional` is the count of expect-chain matcher
+ *  calls guaranteed to run: a direct ExpressionStatement on the test body's spine
+ *  (optionally awaited). `indeterminate` is true when any other expect-chain call
+ *  exists in the body (in a loop, branch, try, switch, callback, .then, or an
+ *  expression operand) — its run count cannot be proven, so a shortfall is not
+ *  provable and JS23 must be suppressed (FP-averse: a false positive is worse than
+ *  a miss). Stops at nested functions only for the spine count, but the
+ *  indeterminate scan walks the whole body (a .then callback IS indeterminate). */
+function expectAccounting(body) {
+    const spine = new Set();
+    let unconditional = 0;
+    for (const st of body.statements) {
+        if (!ts.isExpressionStatement(st))
+            continue;
+        let e = st.expression;
+        if (ts.isAwaitExpression(e))
+            e = e.expression;
+        if (ts.isCallExpression(e) && expectChain(e)) {
+            unconditional++;
+            spine.add(e);
+        }
+    }
+    // Anything that is not the proven-unconditional expect spine makes the count
+    // indeterminate: an off-spine expect chain (loop/branch/.then/operand), or any
+    // other call — a helper or setup call may carry assertions the count cannot see.
+    // Do not descend into a spine chain (its inner expect()/matcher calls are
+    // accounted, not separate helpers).
+    let indeterminate = false;
+    const walk = (n) => {
+        if (indeterminate)
+            return;
+        if (spine.has(n))
+            return; // whole spine chain already counted
+        if (ts.isCallExpression(n)) {
+            const nm = calleeName(n.expression);
+            if (nm !== "expect.assertions" && nm !== "expect.hasAssertions") {
+                indeterminate = true;
+                return;
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(body);
+    return { unconditional, indeterminate };
+}
+/** JS8 (spyOn form): collect `{root -> line}` for every jest.spyOn/vi.spyOn target
+ *  whose return was canned (mockReturnValue/mockResolvedValue/mockRejectedValue/
+ *  mockImplementation) under `scope`. Test-local on purpose: a spyOn is hoisted only
+ *  within its own test body, unlike the module-wide jest.mock form. */
+function cannedSpyTargets(scope) {
+    const out = new Map();
+    const sf = scope.getSourceFile();
+    const walk = (n) => {
+        if (ts.isCallExpression(n) &&
+            /^(mockReturnValue|mockResolvedValue|mockRejectedValue|mockImplementation)$/.test(calleeName(n.expression).split(".").pop() ?? "")) {
+            let base = n.expression;
+            while (ts.isPropertyAccessExpression(base) || ts.isCallExpression(base)) {
+                if (ts.isCallExpression(base)) {
+                    const cn = calleeName(base.expression);
+                    if (cn === "jest.spyOn" || cn === "vi.spyOn") {
+                        const tr = base.arguments[0] && rootIdent(base.arguments[0]);
+                        if (tr)
+                            out.set(tr, lineOf(sf, n));
+                        break;
+                    }
+                }
+                base = ts.isCallExpression(base) ? base.expression
+                    : base.expression;
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return out;
+}
+/** Root identifiers used as an expect subject under `scope` (`expect(a.b).m()` -> "a"). */
+function expectSubjectRoots(scope) {
+    const out = new Set();
+    const walk = (n) => {
+        if (ts.isCallExpression(n)) {
+            const chain = expectChain(n);
+            if (chain && chain.subject) {
+                const r = rootIdent(chain.subject);
+                if (r)
+                    out.add(r);
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return out;
+}
+/** JS25: every assertion under `scope` sits inside an array-iterator callback
+ *  (arr.forEach/map/filter/some/every/flatMap(cb)), and at least one such
+ *  assertion exists. Walk the body; when entering an iterator callback, any
+ *  assertion inside counts as "iterator-bound"; an assertion reached outside one
+ *  is an own-scope assertion that disproves JS25. Returns whether the only
+ *  assertions are iterator-bound (and there is at least one). FP-averse: a single
+ *  own-scope assertion anywhere suppresses it. */
+function assertionsOnlyInArrayIterator(scope) {
+    let iteratorBound = 0;
+    let ownScope = 0;
+    // The callback nodes of array-iterator calls under scope, so the walk knows when
+    // an assertion is inside one without re-deriving the call shape per node.
+    const iterCallbacks = new Set();
+    const collect = (n) => {
+        if (ts.isCallExpression(n) && ts.isPropertyAccessExpression(n.expression) &&
+            ARRAY_ITERATOR_METHODS.has(n.expression.name.text)) {
+            for (const a of n.arguments) {
+                if (ts.isArrowFunction(a) || ts.isFunctionExpression(a))
+                    iterCallbacks.add(a);
+            }
+        }
+        ts.forEachChild(n, collect);
+    };
+    collect(scope);
+    const walk = (n, insideIter) => {
+        const nowInside = insideIter || iterCallbacks.has(n);
+        if (isAssertionNode(n)) {
+            if (nowInside)
+                iteratorBound++;
+            else
+                ownScope++;
+        }
+        ts.forEachChild(n, (c) => walk(c, nowInside));
+    };
+    ts.forEachChild(scope, (c) => walk(c, false));
+    return ownScope === 0 && iteratorBound > 0;
+}
+/** True if `scope` carries an expect.assertions(N) / expect.hasAssertions() guard
+ *  (JS23 territory) — used as a JS25 FP guard: the author already declared a count. */
+function hasAssertionCountGuard(scope) {
+    let found = false;
+    const walk = (n) => {
+        if (found)
+            return;
+        if (ts.isCallExpression(n)) {
+            const nm = calleeName(n.expression);
+            if (nm === "expect.assertions" || nm === "expect.hasAssertions") {
+                found = true;
+                return;
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return found;
+}
+/** True if any array-iterator call under `scope` iterates a non-empty array
+ *  literal receiver (arr `[1, 2].forEach(...)`) — JS25 FP guard: a non-empty
+ *  literal always runs the callback at least once, so the assertion does run. */
+function iteratesNonEmptyArrayLiteral(scope) {
+    let found = false;
+    const walk = (n) => {
+        if (found)
+            return;
+        if (ts.isCallExpression(n) && ts.isPropertyAccessExpression(n.expression) &&
+            ARRAY_ITERATOR_METHODS.has(n.expression.name.text)) {
+            const recv = n.expression.expression;
+            if (ts.isArrayLiteralExpression(recv) && recv.elements.length > 0) {
+                found = true;
+                return;
+            }
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return found;
+}
+/** JS27: the matcher names of every expect-chain assertion under `scope`, each
+ *  paired with the root identifier of its subject. Used to decide whether the ONLY
+ *  oracle is a toHaveBeenCalled* check on a locally-created double. */
+function expectMatcherSubjects(scope) {
+    const out = [];
+    const walk = (n) => {
+        if (ts.isCallExpression(n)) {
+            const chain = expectChain(n);
+            if (chain)
+                out.push({ matcher: chain.matcher, root: chain.subject ? rootIdent(chain.subject) : null });
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return out;
+}
+/** Root identifiers in `scope` bound to a freshly-created test double:
+ *  jest.fn()/vi.fn()/jest.spyOn()/vi.spyOn() in a const/let, or a mockReturnValue/
+ *  mockImplementation-decorated handle. Used by JS27 to confirm the call-tracking
+ *  subject is a local double, not a real collaborator. */
+function localDoubleRoots(scope) {
+    const out = new Set();
+    const isDoubleInit = (e) => {
+        let cur = e;
+        while (ts.isCallExpression(cur) || ts.isPropertyAccessExpression(cur)) {
+            if (ts.isCallExpression(cur)) {
+                const nm = calleeName(cur.expression);
+                if (nm === "jest.fn" || nm === "vi.fn" || nm === "jest.spyOn" || nm === "vi.spyOn" ||
+                    nm === "sinon.spy" || nm === "sinon.stub")
+                    return true;
+            }
+            cur = ts.isCallExpression(cur) ? cur.expression : cur.expression;
+        }
+        return false;
+    };
+    const walk = (n) => {
+        if (ts.isVariableDeclaration(n) && n.initializer && ts.isIdentifier(n.name) &&
+            isDoubleInit(n.initializer)) {
+            out.add(n.name.text);
+        }
+        ts.forEachChild(n, walk);
+    };
+    walk(scope);
+    return out;
+}
+/** JS26: a fake-timer install and a setTimeout/setInterval arm both live under
+ *  `scope`, but no flush/advance does (in scope or a sibling lifecycle hook). The
+ *  scheduled callback never fires, so any assertion runs against un-mutated state. */
+function timerInstalledNeverAdvanced(scope, timer, sf) {
+    // install present in scope, no flush in scope — order does not matter (a frozen
+    // timer that is never advanced is vacuous regardless of where the install sits).
+    if (!callMatchesUnder(scope, sf, FAKE_TIMER_INSTALL))
+        return false;
+    if (callMatchesUnder(scope, sf, FAKE_TIMER_FLUSH))
+        return false;
+    // a sibling hook may install or flush; reuse the JS-wide hook scan. If a hook
+    // flushes, the callback fires, so suppress.
+    if (hookControlsTimerFlush(timer, sf))
+        return false;
+    return true;
+}
+/** True if an enclosing describe/top-level afterEach/afterAll flushes timers — the
+ *  JS26 suppression twin of hookControlsTimer (which also accepts a before-install).
+ *  Here only a teardown flush matters: an install in a hook does not advance. */
+function hookControlsTimerFlush(timer, sf) {
+    const scan = (statements) => {
+        for (const stmt of statements) {
+            if (!ts.isExpressionStatement(stmt) || !ts.isCallExpression(stmt.expression))
+                continue;
+            const hook = calleeName(stmt.expression.expression).split(".")[0];
+            const cb = getTestCallback(stmt.expression);
+            if (!cb)
+                continue;
+            if (callMatchesUnder(cb, sf, FAKE_TIMER_FLUSH) &&
+                (SETUP_HOOKS.has(hook) || TEARDOWN_HOOKS.has(hook)))
+                return true;
+        }
+        return false;
+    };
+    if (scan(sf.statements))
+        return true;
+    let pn = timer.parent;
+    while (pn) {
+        if ((ts.isArrowFunction(pn) || ts.isFunctionExpression(pn) || ts.isFunctionDeclaration(pn)) &&
+            pn.parent && ts.isCallExpression(pn.parent) && pn.parent.arguments.includes(pn)) {
+            const suiteRoot = calleeName(pn.parent.expression).split(".")[0];
+            if (SUITE_ROOTS.has(suiteRoot) && pn.body && ts.isBlock(pn.body) && scan(pn.body.statements))
+                return true;
+        }
+        pn = pn.parent;
+    }
+    return false;
+}
 function getTestCallback(call) {
     for (const arg of call.arguments) {
         if (ts.isArrowFunction(arg) || ts.isFunctionExpression(arg))
@@ -480,6 +886,7 @@ export function analyze(sf) {
     const findings = [];
     const file = sf.fileName;
     const text = sf.getFullText();
+    const level = detectPyramidLevel(sf);
     // Fake-timer / flush presence suppresses the JS7 timer arm: if the test fakes
     // or drives timers anywhere, a setTimeout/setInterval callback is flushed
     // synchronously and its assertion does run. Covers Jest, Vitest and Sinon
@@ -578,7 +985,9 @@ export function analyze(sf) {
                     else if (hasAssertion(cb)) {
                         const ms = matchersUnder(cb);
                         if (ms.length > 0 && ms.every((m) => SNAPSHOT_MATCHERS.has(m))) {
-                            push(line, "JS3", "the only assertion is a snapshot");
+                            push(line, "JS3", hasEmptyInlineSnapshot(cb)
+                                ? "the only assertion is an empty inline snapshot — it passes by writing itself on first run"
+                                : "the only assertion is a snapshot");
                         }
                         // C21: the test has at least one assertion in its own scope and none of
                         // them is guaranteed to run unconditionally (all behind a condition, a
@@ -596,6 +1005,104 @@ export function analyze(sf) {
                             push(line, "C21", "every assertion is guarded by a condition");
                         }
                     }
+                    // JS23: expect.assertions(N) with N a numeric literal, but fewer
+                    // unconditional reachable non-nested expect() matcher calls than N — the
+                    // guard can never be satisfied. FP-averse: any expect in a loop, branch,
+                    // callback, or helper is indeterminate, so the count is undercounted and a
+                    // shortfall is only reported when it is provable. expect.hasAssertions()
+                    // carries no count and is skipped. Distinct from the deliberately-skipped JS16.
+                    let assertionsGuard = null;
+                    forEachNoNesting(cb.body, (n) => {
+                        if (ts.isCallExpression(n)) {
+                            const cnt = expectAssertionsCount(n);
+                            if (cnt !== null)
+                                assertionsGuard = { line: lineOf(sf, n), n: cnt };
+                        }
+                    });
+                    if (assertionsGuard !== null) {
+                        const guard = assertionsGuard;
+                        const acc = expectAccounting(cb.body);
+                        if (!acc.indeterminate && acc.unconditional < guard.n) {
+                            push(guard.line, "JS23", `expect.assertions(${guard.n}) but only ${acc.unconditional} unconditional expect() call(s) run`);
+                        }
+                    }
+                    // JS8 (spyOn form): test-local. A spyOn target with a canned return that is
+                    // also an expect subject IN THE SAME test body is a self-mock — the test
+                    // asserts the canned value. Scoped to cb.body so a spy in one test never
+                    // matches an assertion in another (the jest.mock module form, hoisted
+                    // file-wide, is handled separately after the walk).
+                    const spied = cannedSpyTargets(cb.body);
+                    if (spied.size > 0) {
+                        const subjects = expectSubjectRoots(cb.body);
+                        for (const [tr, ln] of spied) {
+                            if (subjects.has(tr)) {
+                                push(ln, "JS8", `${tr} is spied with a canned return and asserted directly`);
+                                break;
+                            }
+                        }
+                    }
+                    // JS25: every assertion lives inside an array-iterator callback
+                    // (forEach/map/filter/some/every/flatMap) and none on the test's own
+                    // spine — so on an empty collection the callback never runs and zero
+                    // assertions execute. The verified hole between C2/C2b (hasAssertion
+                    // descends into callbacks, so it finds one) and C21 (its ownAsserts stop
+                    // at callbacks, so it sees none). FP guards: any own-scope assertion, a
+                    // non-empty array-literal receiver, or an expect.assertions/hasAssertions
+                    // guard suppress it.
+                    if (hasAssertion(cb) && assertionsOnlyInArrayIterator(cb.body) &&
+                        !iteratesNonEmptyArrayLiteral(cb.body) && !hasAssertionCountGuard(cb.body)) {
+                        push(line, "JS25", "the only assertion is inside an array-iterator callback; it runs zero times on an empty collection");
+                    }
+                    // JS27: every expect-chain matcher is in the toHaveBeenCalled* family AND
+                    // each such subject root is a locally-created double (jest.fn/vi.fn/spyOn).
+                    // The test confirms it called the double it set up, never the unit's output
+                    // or state (J3). FP guards: any non-call-tracking assertion suppresses it,
+                    // and it is gated to the unit level (a logger-spy call check is legit at
+                    // integration/e2e). Sibling of JS8.
+                    if (level === "unit") {
+                        const ms27 = expectMatcherSubjects(cb.body);
+                        if (ms27.length > 0 && ms27.every((m) => CALL_TRACKING_MATCHERS.has(m.matcher))) {
+                            const doubles = localDoubleRoots(cb.body);
+                            if (ms27.every((m) => m.root !== null && doubles.has(m.root))) {
+                                push(line, "JS27", "the only oracle is a toHaveBeenCalled* check on a local double; assert the unit's output or state");
+                            }
+                        }
+                    }
+                    // C11a: self-confirming literal — the expected value is bound from the
+                    // same call/expression under test. `const e = foo(); expect(foo()).toBe(e)`
+                    // can never fail: both sides evaluate the SUT, so the oracle confirms the
+                    // code against itself (J2). Static, low-FP corner of the circular-oracle
+                    // family. FP guard: the bound initializer must be provably the SUT call,
+                    // i.e. its source text equals the expect subject's source text exactly, and
+                    // it contains a call (a plain literal binding is not self-confirming).
+                    {
+                        const inits = new Map(); // var name -> initializer text
+                        forEachNoNesting(cb.body, (n) => {
+                            if (ts.isVariableDeclaration(n) && ts.isIdentifier(n.name) && n.initializer &&
+                                containsCall(n.initializer)) {
+                                inits.set(n.name.text, n.initializer.getText(sf).replace(/\s+/g, " ").trim());
+                            }
+                        });
+                        if (inits.size > 0) {
+                            forEachNoNesting(cb.body, (n) => {
+                                if (!ts.isCallExpression(n))
+                                    return;
+                                const ch = expectChain(n);
+                                if (!ch || ch.negated || !ch.subject)
+                                    return;
+                                if (!EQ_MATCHERS_ANY.has(ch.matcher))
+                                    return;
+                                const a0 = ch.args[0];
+                                if (!a0 || !ts.isIdentifier(a0))
+                                    return;
+                                const initText = inits.get(a0.text);
+                                if (initText && containsCall(ch.subject) &&
+                                    ch.subject.getText(sf).replace(/\s+/g, " ").trim() === initText) {
+                                    push(lineOf(sf, n), "C11a", "expected value is bound from the same call under test");
+                                }
+                            });
+                        }
+                    }
                     // D7: anonymous test (empty or missing description)
                     const desc = node.arguments[0];
                     const emptyStr = (d) => d !== undefined &&
@@ -737,8 +1244,9 @@ export function analyze(sf) {
                     // C7 self-compare
                     push(lineOf(sf, node), "C7", "expected value is the same expression as the subject");
                 }
-                else if (EQUALITY_MATCHERS.has(chain.matcher) && arg && ts.isNumericLiteral(arg)) {
-                    // C8 exact float
+                else if (EQUALITY_MATCHERS.has(chain.matcher) && arg && ts.isNumericLiteral(arg) && !isLiteral(subj)) {
+                    // C8 exact float — on a real (non-literal) subject. A literal-vs-literal
+                    // float (expect(0.1).toBe(0.3)) is JS30, the stronger both-literals lane.
                     const v = Number(arg.text);
                     if (!Number.isInteger(v) && v !== 0 && v !== 1) {
                         push(lineOf(sf, node), "C8", "exact equality on a float; use toBeCloseTo");
@@ -748,6 +1256,25 @@ export function analyze(sf) {
                     // C18 sensitive equality: compares the stringified form to a literal
                     push(lineOf(sf, node), "C18", "compares the stringified form of a value to a literal");
                 }
+                // JS30: literal-vs-literal through an equality matcher — both operands are
+                // fixed at parse time, so the comparison is independent of any production
+                // code. Different-token only (the same-token case is C5's "both sides are
+                // the same literal"); object/array literals (reference-equality, false-red)
+                // and template literals with substitutions (C18 lane) are excluded by
+                // isLiteral. Broader matcher set than C5/C7 (adds toBeCloseTo + chai/AVA
+                // equal/equals/eql/is). Negation already filtered (chain.negated).
+                if (EQ_MATCHERS_ANY.has(chain.matcher) && isLiteral(subj) && isLiteral(arg) &&
+                    subj.getText(sf) !== arg.getText(sf)) {
+                    push(lineOf(sf, node), "JS30", "both operands are literals; the comparison is fixed at parse time");
+                }
+                // C8b: toBeCloseTo called with no precision argument — only the expected
+                // value, so the default 2-digit tolerance applies. The js analogue of
+                // assertAlmostEqual/pytest.approx with no tolerance: implicit-precision only.
+                // A literal-vs-literal toBeCloseTo is JS30's stronger lane, so skip it here.
+                if (chain.matcher === "toBeCloseTo" && chain.args.length === 1 &&
+                    !(isLiteral(subj) && isLiteral(arg))) {
+                    push(lineOf(sf, node), "C8b", "toBeCloseTo with no precision; the default 2-digit tolerance may be too loose");
+                }
             }
             // C16 nondeterminism
             if (!fakeTimers) {
@@ -809,8 +1336,32 @@ export function analyze(sf) {
                             push(lineOf(sf, node), "JS7", `assertion deferred into a floating .${leaf}(); may not run before the test ends`);
                         }
                     }
+                    // JS26: fake timers installed but never advanced. The setTimeout/setInterval
+                    // is armed, fake timers freeze it, and nothing in the same test scope (nor a
+                    // sibling before/after hook) calls runAllTimers/advanceTimersByTime/tick — so
+                    // the scheduled callback never fires and any assertion runs against the
+                    // un-mutated initial state. Opposite of C16 (uncontrolled timer): here the
+                    // timer is controlled but not advanced. Requires an assertion in scope so a
+                    // pure setup arm with no oracle is not flagged. Kept low (legit "assert
+                    // nothing happened yet" exists). FP guard: any flush in the body or a
+                    // before/afterEach of the enclosing describe suppresses it.
+                    if (isTimer) {
+                        const scope = enclosingTestScope(node);
+                        if (timerInstalledNeverAdvanced(scope, node, sf) && hasAssertion(scope)) {
+                            push(lineOf(sf, node), "JS26", `${name} scheduled under fake timers that are never advanced; the callback never fires`);
+                        }
+                    }
                 }
             }
+            // JS29: an expect(...).resolves/.rejects chain that is a bare statement, not
+            // awaited, returned, or collected. The matcher only settles asynchronously, so
+            // a floating chain finishes green before it resolves. The statically-provable
+            // subset of JS20 (no type inference needed: the explicit .resolves/.rejects
+            // marker is the signal). FP guard: only the explicit resolves/rejects member
+            // (a plain promise stays JS20-out); awaited/returned/collected suppresses it.
+            if (expectIsResolvesRejects(node) && !isObservedAsync(node)) {
+                push(lineOf(sf, node), "JS29", "resolves/rejects assertion is not awaited or returned; it settles after the test ends");
+            }
             // JS13: a sync query used as a loose statement (result never asserted).
             // Testing Library getBy*/queryBy*, and Vue Test Utils findComponent /
             // findAllComponents always, or find/findAll with a string selector (which
@@ -821,9 +1372,18 @@ export function analyze(sf) {
                 const isVueComponentQuery = qleaf === "findComponent" || qleaf === "findAllComponents";
                 const isVueSelectorQuery = (qleaf === "find" || qleaf === "findAll") &&
                     node.arguments.length > 0 && ts.isStringLiteral(node.arguments[0]);
-                if (isRtlQuery || isVueComponentQuery || isVueSelectorQuery) {
+                // A cy-rooted chain belongs to JS24, not JS13: cy.get("ul").find("li") ends in
+                // .find("li") and would otherwise trip the Vue-selector heuristic (double-report).
+                if ((isRtlQuery || isVueComponentQuery || isVueSelectorQuery) && rootIdent(node) !== "cy") {
                     push(lineOf(sf, node), "JS13", `${qleaf}() result is not asserted`);
                 }
+                // JS24: the cy.* analogue of JS13 — a Cypress query chain (cy.get/find/
+                // contains) as a statement with no terminating .should/.and and no expect
+                // in a .then callback. Only query commands produce a subject; action
+                // commands (click/type/visit/...) do work and stay clean.
+                if (isUnassertedCyQuery(node)) {
+                    push(lineOf(sf, node), "JS24", `cy query (${qleaf}) result is not asserted`);
+                }
             }
             // A runner `.each` table: it.each / test.each / describe.each (and fit/xit
             // variants). Gate the each-table codes on a runner root so a plain helper
@@ -877,6 +1437,19 @@ export function analyze(sf) {
             if (containsAssertion(node.tryBlock) && isHarmlessCatch(node.catchClause.block)) {
                 push(lineOf(sf, node), "JS11", "a failing assertion in try is swallowed by catch");
             }
+            else if (
+            // JS31: the try calls production code that may throw, the catch neither
+            // asserts on the exception, re-raises, nor calls fail() — so a unit that
+            // STOPS throwing (a real regression) still passes green. Complement of JS11
+            // (which owns the swallowed-assertion case): JS31 fires only when the try
+            // has a call but NO assertion (otherwise JS11), and the catch is harmless.
+            // FP guard: a catch that asserts on e / re-throws / calls fail() makes
+            // isHarmlessCatch false; a toThrow/assert.throws oracle in the try would be
+            // an assertion (so JS31 is skipped, the throw is covered).
+            containsCall(node.tryBlock) &&
+                catchSilentlySwallows(node.catchClause.block)) {
+                push(lineOf(sf, node), "JS31", "try/catch swallows a possible throw with no assertion on the exception");
+            }
         }
         // JS21: a matcher referenced but never called — `expect(x).toBe;` with no (),
         // so the assertion object is built and dropped; nothing executes. The chain

package/dist/scan.d.ts

@@ -9,6 +9,7 @@ export interface Config {
 export interface ScanOptions {
     config?: Config;
     cliDisable?: Set<string>;
+    cliEnable?: Set<string>;
     diagnostics?: boolean;
 }
 export declare function isTestFile(file: string): boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "falsegreen-js",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Find JavaScript/TypeScript unit tests that give false positives: green tests that protect nothing, and tests that pass while asserting the wrong thing. Deterministic AST scanner, sibling of falsegreen (Python).",
   "keywords": [
     "jest",