lemmaly 0.1.0

package/skills/lemmaly/rules/js-unique-via-indexof.md

@@ -0,0 +1,35 @@
+---
+id: js-unique-via-indexof
+title: Unique-by-indexOf — O(n^2) dedupe; use `Array.from(new Set(arr))`
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning, complexity-cuts
+---
+
+# Unique-by-indexOf — O(n^2) dedupe; use `Array.from(new Set(arr))`
+
+`.filter((x, i, a) => a.indexOf(x) === i)` is the textbook O(n²) dedupe. A `Set` does it in O(n).
+
+## Fix
+
+Use `Array.from(new Set(arr))`, or build a Set inline. O(n) instead of O(n^2).
+
+## Incorrect
+
+```ts
+// O(n²)
+const unique = arr.filter((x, i, a) => a.indexOf(x) === i);
+```
+
+## Correct
+
+```ts
+// O(n)
+const unique = Array.from(new Set(arr));
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-useeffect-missing-deps.md

@@ -0,0 +1,33 @@
+---
+id: js-useeffect-missing-deps
+title: useEffect without a deps array — runs after every render
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning
+---
+
+# useEffect without a deps array — runs after every render
+
+A `useEffect` with no dependency array runs after every render. If the effect updates state, you can get a render loop or wasted work each frame.
+
+## Fix
+
+Add a deps array — `[]` for mount-only, `[a, b]` to track changes.
+
+## Incorrect
+
+```tsx
+useEffect(() => {
+  setUser(fetchUser(id));
+}); // no deps — runs every render
+```
+
+## Correct
+
+```tsx
+useEffect(() => {
+  setUser(fetchUser(id));
+}, [id]); // runs when id changes
+```

package/skills/lemmaly/rules/php-count-in-for-condition.md

@@ -0,0 +1,45 @@
+---
+id: php-count-in-for-condition
+title: count() in for-condition — recomputed every iteration
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: php
+tags: php, warning, complexity-cuts
+---
+
+# count() in for-condition — recomputed every iteration
+
+PHP recomputes the loop condition every iteration. `count($a)` on a 100k-element array, called 100k times, is 10B element traversals. Hoist it.
+
+## Fix
+
+Hoist: `for ($i = 0, $n = count($a); $i < $n; $i++)`. Or use `foreach`.
+
+## Incorrect
+
+```php
+<?php
+for ($i = 0; $i < count($a); $i++) {
+  echo $a[$i];
+}
+```
+
+## Correct
+
+```php
+<?php
+// Hoist the length
+for ($i = 0, $n = count($a); $i < $n; $i++) {
+  echo $a[$i];
+}
+
+// Or, idiomatic
+foreach ($a as $x) {
+  echo $x;
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/php-in-array-in-loop.md

@@ -0,0 +1,42 @@
+---
+id: php-in-array-in-loop
+title: in_array inside loop — O(n*m); use array_flip + isset
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: php
+tags: php, warning, complexity-cuts
+---
+
+# in_array inside loop — O(n*m); use array_flip + isset
+
+`in_array` is a linear scan. Used inside a loop over m items it is O(n·m). `array_flip + isset` is O(1) per check.
+
+## Fix
+
+`$set = array_flip($haystack); ... isset($set[$x])` is O(1) per check.
+
+## Incorrect
+
+```php
+<?php
+foreach ($users as $u) {
+  if (in_array($u->id, $banned)) continue;
+  ship($u);
+}
+```
+
+## Correct
+
+```php
+<?php
+$bannedSet = array_flip($banned); // O(n) once
+foreach ($users as $u) {
+  if (isset($bannedSet[$u->id])) continue; // O(1)
+  ship($u);
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/php-loose-equality.md

@@ -0,0 +1,35 @@
+---
+id: php-loose-equality
+title: == / != — loose equality has surprising coercions
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: php
+tags: php, info, invariant-guard
+---
+
+# == / != — loose equality has surprising coercions
+
+PHP `==` does type coercion in surprising ways (`"0" == false` is `true`, `"abc" == 0` was `true` before PHP 8). `===` compares value AND type — no surprises.
+
+## Fix
+
+Use `===` / `!==` unless type-juggling is explicitly intended (with a comment).
+
+## Incorrect
+
+```php
+<?php
+if ($status == 0) { /* matches "", "0", false, null, 0, "abc" pre-PHP 8 */ }
+```
+
+## Correct
+
+```php
+<?php
+if ($status === 0) { /* matches only int 0 */ }
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/php-query-in-loop.md

@@ -0,0 +1,47 @@
+---
+id: php-query-in-loop
+title: DB query inside loop — N+1
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: php
+tags: php, error, complexity-cuts
+---
+
+# DB query inside loop — N+1
+
+A SQL query inside a loop is the textbook N+1 problem. 1000 orders, 1000 round-trips to the DB. Batch with `WHERE id IN (...)` or eager-load in your ORM.
+
+## Fix
+
+Collect the ids, run ONE `WHERE id IN (...)` query, index by id, then loop. In Eloquent use eager loading: `Model::with('relation')`.
+
+## Incorrect
+
+```php
+<?php
+foreach ($orderIds as $id) {
+  $row = $db->query("SELECT * FROM orders WHERE id = $id"); // 1 query per id
+  process($row);
+}
+```
+
+## Correct
+
+```php
+<?php
+// One bulk query
+$placeholders = implode(',', array_fill(0, count($orderIds), '?'));
+$stmt = $db->prepare("SELECT * FROM orders WHERE id IN ($placeholders)");
+$stmt->execute($orderIds);
+foreach ($stmt->fetchAll() as $row) {
+  process($row);
+}
+
+// Eloquent / Doctrine: use eager loading
+$orders = Order::with('items')->whereIn('id', $orderIds)->get();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/py-bare-except.md

@@ -0,0 +1,39 @@
+---
+id: py-bare-except
+title: Bare except — hides timeouts, OOM, KeyboardInterrupt
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: python
+tags: python, info, invariant-guard
+---
+
+# Bare except — hides timeouts, OOM, KeyboardInterrupt
+
+Bare `except:` catches `SystemExit`, `KeyboardInterrupt`, `MemoryError`, and `GeneratorExit` — things you almost never want to swallow. It hides timeouts, OOM, and Ctrl-C.
+
+## Fix
+
+Catch specific exceptions: `except (TimeoutError, ConnectionError):`.
+
+## Incorrect
+
+```python
+try:
+    do_work()
+except:
+    log("failed")  # also swallows Ctrl-C, OOM, timeouts
+```
+
+## Correct
+
+```python
+try:
+    do_work()
+except Exception as e:  # excludes SystemExit, KeyboardInterrupt
+    log(f"failed: {e}")
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/py-django-loop-without-eager.md

@@ -0,0 +1,42 @@
+---
+id: py-django-loop-without-eager
+title: Django ORM iteration — verify select_related/prefetch_related to avoid N+1
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: python
+tags: python, warning, complexity-cuts
+---
+
+# Django ORM iteration — verify select_related/prefetch_related to avoid N+1
+
+Iterating a Django QuerySet that touches a related model triggers one extra query per row — classic N+1. `select_related` (foreign key, one query with JOIN) or `prefetch_related` (reverse / many-to-many, two queries) fixes it.
+
+## Fix
+
+Add .select_related('fk') for FK/OneToOne, .prefetch_related('rel') for reverse FK / M2M.
+
+## Incorrect
+
+```python
+# N+1 queries
+for order in Order.objects.all():
+    print(order.user.email)  # extra query per order
+```
+
+## Correct
+
+```python
+# 1 query with JOIN
+for order in Order.objects.select_related("user"):
+    print(order.user.email)
+
+# For reverse FK / M2M:
+for user in User.objects.prefetch_related("orders"):
+    for order in user.orders.all():
+        ...
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/py-in-list-literal.md

@@ -0,0 +1,37 @@
+---
+id: py-in-list-literal
+title: Membership against a list literal — O(n) per check; use a set
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: python
+tags: python, info, complexity-cuts
+---
+
+# Membership against a list literal — O(n) per check; use a set
+
+`x in [a, b, c, ...]` is an O(n) linear scan. Inside a loop over m items, this is O(n × m). A `set` (or a literal `{a, b, c}` for membership) is O(1).
+
+## Fix
+
+Hoist to a module-level frozenset({...}).
+
+## Incorrect
+
+```python
+# O(n × m)
+roles = ["admin", "editor", "owner"]
+result = [u for u in users if u.role in roles]
+```
+
+## Correct
+
+```python
+# O(n + m)
+roles = {"admin", "editor", "owner"}
+result = [u for u in users if u.role in roles]
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/py-mutable-default-arg.md

@@ -0,0 +1,39 @@
+---
+id: py-mutable-default-arg
+title: Mutable default argument — shared across calls
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: python
+tags: python, error, invariant-guard
+---
+
+# Mutable default argument — shared across calls
+
+Python evaluates default arguments once, at function definition. A mutable default (list, dict, set) is **shared across every call** — calls accumulate state from previous calls.
+
+## Fix
+
+Default to None; create inside: `def f(x=None): x = x or []`.
+
+## Incorrect
+
+```python
+def collect(item, bucket=[]):  # shared across all calls!
+    bucket.append(item)
+    return bucket
+```
+
+## Correct
+
+```python
+def collect(item, bucket=None):
+    if bucket is None:
+        bucket = []
+    bucket.append(item)
+    return bucket
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/py-open-without-with.md

@@ -0,0 +1,33 @@
+---
+id: py-open-without-with
+title: open() without `with` — risk of leaked file descriptors
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: python
+tags: python, info
+---
+
+# open() without `with` — risk of leaked file descriptors
+
+`open()` returns a file object. Without `with`, an exception between open and close leaks the file descriptor. Long-running processes (servers, workers) eventually exhaust the OS limit.
+
+## Fix
+
+Use `with open(path) as f:` to ensure the handle is released.
+
+## Incorrect
+
+```python
+f = open(path)
+data = f.read()
+f.close()  # skipped if read() raises
+```
+
+## Correct
+
+```python
+with open(path) as f:
+    data = f.read()
+# f is closed even if read() raises
+```

package/skills/lemmaly/rules/py-range-len.md

@@ -0,0 +1,35 @@
+---
+id: py-range-len
+title: range(len(x)) — un-Pythonic; use enumerate(x)
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: python
+tags: python, info
+---
+
+# range(len(x)) — un-Pythonic; use enumerate(x)
+
+`for i in range(len(xs))` then indexing `xs[i]` is un-Pythonic, slower, and forces you to think about indices when you usually want the items. `enumerate` is idiomatic and faster.
+
+## Fix
+
+Use `for i, item in enumerate(x):` when you need the index too.
+
+## Incorrect
+
+```python
+for i in range(len(xs)):
+    process(xs[i])
+```
+
+## Correct
+
+```python
+for x in xs:
+    process(x)
+
+# When you actually need the index
+for i, x in enumerate(xs):
+    process(i, x)
+```

package/skills/lemmaly/rules/py-string-concat-in-loop.md

@@ -0,0 +1,43 @@
+---
+id: py-string-concat-in-loop
+title: String += inside loop — O(n^2)
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: python
+tags: python, warning, complexity-cuts
+---
+
+# String += inside loop — O(n^2)
+
+Python strings are immutable. `s += x` in a loop allocates and copies the whole `s` each iteration — O(n²) total work. A list join is O(n).
+
+## Fix
+
+Append to a list, then ''.join(list). Or use io.StringIO.
+
+## Incorrect
+
+```python
+# O(n²)
+s = ""
+for line in lines:
+    s += line + "\n"
+```
+
+## Correct
+
+```python
+# O(n)
+s = "\n".join(lines) + "\n"
+
+# Or, for incremental building:
+parts = []
+for line in lines:
+    parts.append(line)
+s = "\n".join(parts)
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/rb-bare-rescue.md

@@ -0,0 +1,41 @@
+---
+id: rb-bare-rescue
+title: Bare rescue — catches StandardError, hides bugs
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: ruby
+tags: ruby, warning, invariant-guard
+---
+
+# Bare rescue — catches StandardError, hides bugs
+
+A bare `rescue` (without a class) catches `StandardError` — including `NoMethodError`, `ArgumentError`, and other bugs you almost always want to surface. Catch the specific class.
+
+## Fix
+
+Catch a specific class: `rescue Net::ReadTimeout` etc. Bare rescue swallows too much.
+
+## Incorrect
+
+```ruby
+begin
+  fetch_remote
+rescue
+  retry # also catches typos and bugs in fetch_remote
+end
+```
+
+## Correct
+
+```ruby
+begin
+  fetch_remote
+rescue Net::ReadTimeout, Net::OpenTimeout => e
+  retry
+end
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/rb-include-in-iterator.md

@@ -0,0 +1,37 @@
+---
+id: rb-include-in-iterator
+title: Array#include? inside iterator — O(n*m); use Set
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: ruby
+tags: ruby, warning, complexity-cuts
+---
+
+# Array#include? inside iterator — O(n*m); use Set
+
+`Array#include?` is O(n). Used inside an iterator over m items it is O(n·m). `Set#include?` is O(1).
+
+## Fix
+
+`require 'set'; allowed = Set.new(list); ... allowed.include?(x)`.
+
+## Incorrect
+
+```ruby
+# O(n·m)
+users.select { |u| banned.include?(u.id) }
+```
+
+## Correct
+
+```ruby
+# O(n+m)
+require 'set'
+banned_set = Set.new(banned)
+users.select { |u| banned_set.include?(u.id) }
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/rb-n-plus-one-activerecord.md

@@ -0,0 +1,39 @@
+---
+id: rb-n-plus-one-activerecord
+title: ActiveRecord iteration touching an association — N+1 without includes
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: ruby
+tags: ruby, error, complexity-cuts
+---
+
+# ActiveRecord iteration touching an association — N+1 without includes
+
+Iterating an ActiveRecord scope and touching an association fires one extra query per row. `includes` (preload or eager_load) fetches everything in a constant number of queries.
+
+## Fix
+
+Use `Model.includes(:assoc)` or `:preload` / `:eager_load` before iterating.
+
+## Incorrect
+
+```ruby
+# N+1 queries
+Post.all.each do |p|
+  puts p.author.name # 1 extra query per post
+end
+```
+
+## Correct
+
+```ruby
+# 2 queries total (or 1 with eager_load)
+Post.includes(:author).each do |p|
+  puts p.author.name
+end
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/rb-string-concat-in-loop.md

@@ -0,0 +1,39 @@
+---
+id: rb-string-concat-in-loop
+title: String += in loop — O(n^2) since += creates a new string each iteration
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: ruby
+tags: ruby, info, complexity-cuts
+---
+
+# String += in loop — O(n^2) since += creates a new string each iteration
+
+`s += x` creates a new string each iteration — O(n²). `<<` mutates in place (O(n) amortized). `Array#join` is O(n) and idiomatic.
+
+## Fix
+
+Use `<<` (mutates) or `parts.join` if building from an array.
+
+## Incorrect
+
+```ruby
+s = ""
+parts.each { |p| s += p } # O(n²)
+```
+
+## Correct
+
+```ruby
+# Mutating concat
+s = String.new
+parts.each { |p| s << p }
+
+# Idiomatic
+s = parts.join
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.