lemmaly 0.1.0

package/skills/lemmaly/rules/rs-clone-in-loop.md

@@ -0,0 +1,38 @@
+---
+id: rs-clone-in-loop
+title: .clone() inside iterator — avoid if a borrow works
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: rust
+tags: rust, info, complexity-cuts
+---
+
+# .clone() inside iterator — avoid if a borrow works
+
+A `.clone()` inside an iterator allocates a fresh copy per element. If a borrow (`&x`) or `Rc::clone` (cheap atomic increment for shared ownership) would do, the deep clone is wasted work.
+
+## Fix
+
+Borrow with &, use Rc/Arc for shared ownership, or move once outside the loop.
+
+## Incorrect
+
+```rust
+// Deep clones every element
+let names: Vec<String> = users.iter().map(|u| u.name.clone()).collect();
+```
+
+## Correct
+
+```rust
+// Borrow when possible
+let names: Vec<&str> = users.iter().map(|u| u.name.as_str()).collect();
+
+// Cheap reference-counted clone when shared ownership is needed
+let shared: Vec<Rc<String>> = users.iter().map(|u| Rc::clone(&u.name)).collect();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/rs-string-push-no-capacity.md

@@ -0,0 +1,43 @@
+---
+id: rs-string-push-no-capacity
+title: String::new() + push_str in loop — repeated reallocation
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: rust
+tags: rust, info, complexity-cuts
+---
+
+# String::new() + push_str in loop — repeated reallocation
+
+`String::new()` starts at capacity 0. Each `push_str` past capacity reallocates. `with_capacity` or `join` avoids it.
+
+## Fix
+
+Preallocate: `String::with_capacity(n)`, or `parts.join(sep)` for known parts.
+
+## Incorrect
+
+```rust
+let mut s = String::new();
+for part in parts.iter() {
+  s.push_str(part); // reallocates as it grows
+}
+```
+
+## Correct
+
+```rust
+let total: usize = parts.iter().map(|p| p.len()).sum();
+let mut s = String::with_capacity(total);
+for part in parts.iter() {
+  s.push_str(part);
+}
+
+// Or, simplest:
+let s = parts.join("");
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/rs-unwrap-in-prod.md

@@ -0,0 +1,36 @@
+---
+id: rs-unwrap-in-prod
+title: .unwrap() / .expect() panics on None/Err — surface the error
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: rust
+tags: rust, warning, invariant-guard
+---
+
+# .unwrap() / .expect() panics on None/Err — surface the error
+
+`.unwrap()` and `.expect()` panic on `None`/`Err`. In production code they crash the process and lose the structured error. Rust gives you `?`, `match`, and `ok_or` to surface the error to the caller.
+
+## Fix
+
+Use `?`, `match`, `unwrap_or`, `unwrap_or_else`, or `ok_or(...)?`. Reserve unwrap for tests and provably infallible paths.
+
+## Incorrect
+
+```rust
+let value = map.get(&key).unwrap(); // panics if key missing
+```
+
+## Correct
+
+```rust
+let value = map.get(&key).ok_or(Error::MissingKey)?;
+
+// Or, when None has a meaningful default:
+let value = map.get(&key).copied().unwrap_or_default();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/rs-vec-push-no-capacity.md

@@ -0,0 +1,42 @@
+---
+id: rs-vec-push-no-capacity
+title: Vec::new() + push in loop — repeated reallocation
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: rust
+tags: rust, info, complexity-cuts
+---
+
+# Vec::new() + push in loop — repeated reallocation
+
+`Vec::new()` starts with capacity 0; each `push` past the current capacity reallocates and copies. Preallocating with `Vec::with_capacity(n)` does one allocation.
+
+## Fix
+
+Preallocate: `Vec::with_capacity(n)`, or use `.collect::<Vec<_>>()` over an iterator that has a size hint.
+
+## Incorrect
+
+```rust
+let mut out = Vec::new();
+for x in input.iter() {
+  out.push(transform(x)); // grows; reallocates log(n) times
+}
+```
+
+## Correct
+
+```rust
+let mut out = Vec::with_capacity(input.len());
+for x in input.iter() {
+  out.push(transform(x));
+}
+
+// Or, when transform is pure:
+let out: Vec<_> = input.iter().map(transform).collect();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/sh-for-ls.md

@@ -0,0 +1,41 @@
+---
+id: sh-for-ls
+title: for f in $(ls ...) — breaks on filenames with spaces / newlines
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: shell
+tags: shell, warning, invariant-guard
+---
+
+# for f in $(ls ...) — breaks on filenames with spaces / newlines
+
+`for f in $(ls ...)` breaks on filenames with spaces, tabs, newlines, or globs. The output of `ls` is meant for humans, not programs. Use a glob or `find -print0 | xargs -0`.
+
+## Fix
+
+Use glob `for f in *.txt` or `find ... -print0 | xargs -0`. Never parse `ls`.
+
+## Incorrect
+
+```shell
+for f in $(ls *.txt); do
+  process "$f"  # breaks on "my file.txt"
+done
+```
+
+## Correct
+
+```shell
+# Glob directly
+for f in *.txt; do
+  process "$f"
+done
+
+# Or, when find is necessary
+find . -name '*.txt' -print0 | xargs -0 -n1 process
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/sh-set-e-no-pipefail.md

@@ -0,0 +1,37 @@
+---
+id: sh-set-e-no-pipefail
+title: set -e without set -o pipefail — failures inside pipes are masked
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: shell
+tags: shell, warning, invariant-guard
+---
+
+# set -e without set -o pipefail — failures inside pipes are masked
+
+`set -e` exits on a failed command, but a failure in the middle of a pipe is masked — only the *last* command's exit status counts. `set -o pipefail` fixes it. `set -u` catches unset variables.
+
+## Fix
+
+Use `set -euo pipefail` so the script also fails when an earlier stage in a pipe fails.
+
+## Incorrect
+
+```shell
+#!/bin/bash
+set -e
+some_failing_step | grep needle # if some_failing_step fails, script keeps going
+```
+
+## Correct
+
+```shell
+#!/bin/bash
+set -euo pipefail
+some_failing_step | grep needle # any failure in the pipe aborts the script
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/sh-unquoted-var.md

@@ -0,0 +1,35 @@
+---
+id: sh-unquoted-var
+title: Unquoted $var — word splitting and glob expansion
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: shell
+tags: shell, warning, invariant-guard
+---
+
+# Unquoted $var — word splitting and glob expansion
+
+An unquoted `$var` is subject to word splitting (on `$IFS`) and glob expansion. A path with a space, a tab, or a `*` will silently do the wrong thing.
+
+## Fix
+
+Quote: `"$var"`. Use `"${arr[@]}"` for arrays. Required even for paths you trust.
+
+## Incorrect
+
+```shell
+if [ -d $dir ]; then echo yes; fi
+# If $dir = "/tmp/with space", expands to: [ -d /tmp/with space ] — syntax error
+```
+
+## Correct
+
+```shell
+if [ -d "$dir" ]; then echo yes; fi
+# Always quote. For arrays: "${arr[@]}".
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/sh-useless-cat-pipe.md

@@ -0,0 +1,32 @@
+---
+id: sh-useless-cat-pipe
+title: cat file | cmd — useless use of cat (UUOC)
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: shell
+tags: shell, info
+---
+
+# cat file | cmd — useless use of cat (UUOC)
+
+`cat file | cmd` reads the file and pipes through `cat` just to feed `cmd`. Every command that takes a file argument can read it directly — one fewer process, clearer intent.
+
+## Fix
+
+Run the command on the file directly: `grep ... file` instead of `cat file | grep ...`.
+
+## Incorrect
+
+```shell
+cat access.log | grep "500"
+```
+
+## Correct
+
+```shell
+grep "500" access.log
+
+# Or stdin redirection if the command takes only stdin:
+cmd < access.log
+```

package/skills/lemmaly/rules/sql-leading-wildcard-like.md

@@ -0,0 +1,34 @@
+---
+id: sql-leading-wildcard-like
+title: LIKE with leading wildcard — cannot use a B-tree index
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: sql
+tags: sql, warning
+---
+
+# LIKE with leading wildcard — cannot use a B-tree index
+
+A B-tree index sorts by prefix. `LIKE '%foo'` cannot use it — the query scans the table. Use a trigram index (Postgres `pg_trgm`), reverse the column for suffix search, or a full-text search index.
+
+## Fix
+
+Use a trigram index (pg_trgm), full-text search, or a reversed-column index.
+
+## Incorrect
+
+```sql
+SELECT * FROM products WHERE name LIKE '%phone';
+```
+
+## Correct
+
+```sql
+-- Postgres: GIN index on trigrams
+CREATE INDEX products_name_trgm ON products USING gin (name gin_trgm_ops);
+SELECT * FROM products WHERE name ILIKE '%phone%';
+
+-- Or full-text:
+SELECT * FROM products WHERE to_tsvector(name) @@ to_tsquery('phone');
+```

package/skills/lemmaly/rules/sql-not-in-subquery.md

@@ -0,0 +1,38 @@
+---
+id: sql-not-in-subquery
+title: NOT IN (subquery) — null-unsafe; usually slower than NOT EXISTS
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: sql
+tags: sql, warning, invariant-guard
+---
+
+# NOT IN (subquery) — null-unsafe; usually slower than NOT EXISTS
+
+`NOT IN (subquery)` is null-unsafe: if any row in the subquery is NULL, the whole predicate is NULL (not TRUE), and the outer row is dropped. `NOT EXISTS` is null-safe and usually has a better plan.
+
+## Fix
+
+Rewrite as `WHERE NOT EXISTS (SELECT 1 FROM ... WHERE ...)`.
+
+## Incorrect
+
+```sql
+SELECT * FROM orders
+WHERE user_id NOT IN (SELECT id FROM banned_users);
+-- One NULL in banned_users.id → returns zero rows
+```
+
+## Correct
+
+```sql
+SELECT o.* FROM orders o
+WHERE NOT EXISTS (
+  SELECT 1 FROM banned_users b WHERE b.id = o.user_id
+);
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/sql-or-in-where.md

@@ -0,0 +1,35 @@
+---
+id: sql-or-in-where
+title: OR in WHERE — can prevent index use
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: sql
+tags: sql, info
+---
+
+# OR in WHERE — can prevent index use
+
+A query planner can use an index on one side of an `OR` but often not both, falling back to a sequential scan. `UNION ALL` or `IN (...)` (when both sides are equality on the same column) usually wins.
+
+## Fix
+
+Equality on same column → `WHERE col IN (...)`. Otherwise consider UNION ALL.
+
+## Incorrect
+
+```sql
+SELECT * FROM events
+WHERE user_id = $1 OR account_id = $1;
+```
+
+## Correct
+
+```sql
+SELECT * FROM events WHERE user_id = $1
+UNION ALL
+SELECT * FROM events WHERE account_id = $1;
+
+-- Or, when both sides are the same column:
+SELECT * FROM events WHERE user_id IN ($1, $2, $3);
+```

package/skills/lemmaly/rules/sql-select-no-limit.md

@@ -0,0 +1,37 @@
+---
+id: sql-select-no-limit
+title: SELECT without LIMIT — unbounded result set
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: sql
+tags: sql, info
+---
+
+# SELECT without LIMIT — unbounded result set
+
+A query with no `LIMIT` returns however many rows match. On a small table this is fine; on a growing one it eventually OOMs the client or the page. Add a bound, or paginate.
+
+## Fix
+
+Add LIMIT, or paginate by id range. Unbounded reads OOM under growth.
+
+## Incorrect
+
+```sql
+SELECT id, email FROM users ORDER BY created_at DESC;
+```
+
+## Correct
+
+```sql
+SELECT id, email FROM users
+ORDER BY created_at DESC
+LIMIT 100;
+
+-- Keyset pagination for next page:
+SELECT id, email FROM users
+WHERE created_at < $1
+ORDER BY created_at DESC
+LIMIT 100;
+```

package/skills/lemmaly/rules/sql-select-star.md

@@ -0,0 +1,29 @@
+---
+id: sql-select-star
+title: SELECT * — fetches unused columns; blocks index-only scans
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: sql
+tags: sql, warning
+---
+
+# SELECT * — fetches unused columns; blocks index-only scans
+
+`SELECT *` fetches every column, defeating index-only scans, inflating wire traffic, and breaking downstream code when a column is added/renamed. Project only what you need.
+
+## Fix
+
+Name the columns. Smaller payload and more covering-index opportunities.
+
+## Incorrect
+
+```sql
+SELECT * FROM users WHERE id = $1;
+```
+
+## Correct
+
+```sql
+SELECT id, email, created_at FROM users WHERE id = $1;
+```

package/skills/lemmaly/rules/sql-update-no-where.md

@@ -0,0 +1,35 @@
+---
+id: sql-update-no-where
+title: UPDATE / DELETE without WHERE — touches every row
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: sql
+tags: sql, error, invariant-guard
+---
+
+# UPDATE / DELETE without WHERE — touches every row
+
+An `UPDATE` or `DELETE` without a `WHERE` clause rewrites every row in the table. In production this is an incident, not a bug.
+
+## Fix
+
+Add a WHERE clause, or confirm in a comment that touching all rows is intentional.
+
+## Incorrect
+
+```sql
+UPDATE users SET active = false;
+DELETE FROM sessions;
+```
+
+## Correct
+
+```sql
+UPDATE users SET active = false WHERE last_seen_at < NOW() - INTERVAL '90 days';
+DELETE FROM sessions WHERE expires_at < NOW();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.