lemmaly 0.1.0

package/skills/lemmaly/rules/go-loop-var-capture.md

@@ -0,0 +1,47 @@
+---
+id: go-loop-var-capture
+title: Loop variable captured by goroutine — pre-1.22 races on the last value
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: go
+tags: go, error, invariant-guard
+---
+
+# Loop variable captured by goroutine — pre-1.22 races on the last value
+
+Before Go 1.22, the loop variable in `for ... := range` was reused across iterations. Goroutines that closed over it all read the *same* (final) value. Go 1.22+ fixes this at the language level, but the pattern still appears in libraries that target older versions.
+
+## Fix
+
+Pin the variable inside the loop: `i := i` before `go func() { use(i) }()`, or pass as argument: `go func(i int) { ... }(i)`. (Fixed automatically in Go 1.22+.)
+
+## Incorrect
+
+```go
+// Pre-1.22: all goroutines print the last item
+for _, v := range items {
+  go func() {
+    fmt.Println(v)
+  }()
+}
+```
+
+## Correct
+
+```go
+// Pin the variable explicitly
+for _, v := range items {
+  v := v
+  go func() { fmt.Println(v) }()
+}
+
+// Or pass as a parameter
+for _, v := range items {
+  go func(v string) { fmt.Println(v) }(v)
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/go-slice-append-no-cap.md

@@ -0,0 +1,39 @@
+---
+id: go-slice-append-no-cap
+title: append in loop without preallocated capacity — repeated reallocation
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: go
+tags: go, info, complexity-cuts
+---
+
+# append in loop without preallocated capacity — repeated reallocation
+
+A slice grown by repeated `append` reallocates and copies its backing array each time it crosses a capacity boundary. Preallocating with `make([]T, 0, n)` does one allocation total.
+
+## Fix
+
+Preallocate: `out := make([]T, 0, len(in))` then `append`.
+
+## Incorrect
+
+```go
+var out []int
+for _, x := range in {
+  out = append(out, x*2) // grows; reallocates log(n) times
+}
+```
+
+## Correct
+
+```go
+out := make([]int, 0, len(in))
+for _, x := range in {
+  out = append(out, x*2)
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/go-string-concat-in-loop.md

@@ -0,0 +1,44 @@
+---
+id: go-string-concat-in-loop
+title: string += inside loop — O(n^2); use strings.Builder
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: go
+tags: go, warning, complexity-cuts
+---
+
+# string += inside loop — O(n^2); use strings.Builder
+
+Go strings are immutable. `s += x` allocates each iteration — O(n²). `strings.Builder` reuses one backing array.
+
+## Fix
+
+Use strings.Builder: `var sb strings.Builder; for ... { sb.WriteString(x) }; sb.String()`.
+
+## Incorrect
+
+```go
+// O(n²)
+var s string
+for _, line := range lines {
+  s += line + "\n"
+}
+```
+
+## Correct
+
+```go
+// O(n)
+var sb strings.Builder
+sb.Grow(len(lines) * 80)
+for _, line := range lines {
+  sb.WriteString(line)
+  sb.WriteByte('\n')
+}
+s := sb.String()
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/java-arraylist-remove-in-for-i.md

@@ -0,0 +1,44 @@
+---
+id: java-arraylist-remove-in-for-i
+title: list.remove(i) inside for-i — index shifts; ConcurrentModification risk
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: java
+tags: java, error, invariant-guard
+---
+
+# list.remove(i) inside for-i — index shifts; ConcurrentModification risk
+
+Removing from an `ArrayList` inside a `for (int i = 0; i < list.size(); i++)` shifts indices and skips elements — and on a `Collections.synchronizedList` or in concurrent code, it throws `ConcurrentModificationException`.
+
+## Fix
+
+Iterate backwards, use Iterator.remove(), or collect indexes and remove in one removeIf().
+
+## Incorrect
+
+```java
+for (int i = 0; i < list.size(); i++) {
+  if (shouldRemove(list.get(i))) {
+    list.remove(i); // shifts everything; next element is skipped
+  }
+}
+```
+
+## Correct
+
+```java
+// Idiomatic and correct
+list.removeIf(this::shouldRemove);
+
+// Or, with an explicit iterator:
+var it = list.iterator();
+while (it.hasNext()) {
+  if (shouldRemove(it.next())) it.remove();
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/java-bare-catch-exception.md

@@ -0,0 +1,42 @@
+---
+id: java-bare-catch-exception
+title: catch (Exception) with empty body or log-only — swallows root cause
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: java
+tags: java, warning, invariant-guard
+---
+
+# catch (Exception) with empty body or log-only — swallows root cause
+
+`catch (Exception e)` with an empty body or just `printStackTrace()` swallows the root cause. The bug lives on, the stack trace evaporates, the production incident has no breadcrumbs.
+
+## Fix
+
+Catch the narrowest exception, rethrow as a domain exception, or handle with a documented fallback. Never swallow silently.
+
+## Incorrect
+
+```java
+try {
+  riskyCall();
+} catch (Exception e) {
+  e.printStackTrace(); // swallowed; caller thinks everything is fine
+}
+```
+
+## Correct
+
+```java
+try {
+  riskyCall();
+} catch (IOException e) {
+  // narrow exception, rethrow as domain error with cause preserved
+  throw new ReadFailedException("riskyCall failed for " + ctx, e);
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **invariant-guard** for the corrective workflow.

package/skills/lemmaly/rules/java-list-contains-in-loop.md

@@ -0,0 +1,40 @@
+---
+id: java-list-contains-in-loop
+title: List.contains inside iterator — O(n*m); use HashSet
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: java
+tags: java, warning, complexity-cuts
+---
+
+# List.contains inside iterator — O(n*m); use HashSet
+
+`List.contains` is O(n). Used inside a stream/iterator over m items it is O(n·m). A `HashSet` lookup is O(1).
+
+## Fix
+
+Build a HashSet outside: `Set<T> s = new HashSet<>(list); s.contains(x);`
+
+## Incorrect
+
+```java
+// O(n·m)
+var active = users.stream()
+    .filter(u -> !banned.contains(u.id))
+    .toList();
+```
+
+## Correct
+
+```java
+// O(n+m)
+var bannedSet = new HashSet<>(banned);
+var active = users.stream()
+    .filter(u -> !bannedSet.contains(u.id))
+    .toList();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/java-string-concat-in-loop.md

@@ -0,0 +1,42 @@
+---
+id: java-string-concat-in-loop
+title: String += inside loop — O(n^2) on immutable String
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: java
+tags: java, warning, complexity-cuts
+---
+
+# String += inside loop — O(n^2) on immutable String
+
+Java `String` is immutable. `s += x` allocates a fresh `String` (and an underlying `char[]`) each iteration — O(n²) total work. `StringBuilder` reuses one buffer.
+
+## Fix
+
+Use StringBuilder: `var sb = new StringBuilder(); for (...) sb.append(x); sb.toString();`
+
+## Incorrect
+
+```java
+// O(n²)
+String s = "";
+for (var line : lines) {
+  s += line + "\n";
+}
+```
+
+## Correct
+
+```java
+// O(n)
+var sb = new StringBuilder(lines.size() * 80);
+for (var line : lines) {
+  sb.append(line).append('\n');
+}
+String s = sb.toString();
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-anonymous-handler-jsx.md

@@ -0,0 +1,31 @@
+---
+id: js-anonymous-handler-jsx
+title: Anonymous arrow handler in JSX — breaks memoized-child equality
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning
+---
+
+# Anonymous arrow handler in JSX — breaks memoized-child equality
+
+An anonymous arrow handler is a new function every render. For an ordinary child, this is fine. For a `React.memo` child, it breaks equality and forces a re-render every time.
+
+## Fix
+
+Wrap with useCallback if the child is memoized. Otherwise ignore.
+
+## Incorrect
+
+```tsx
+// Child is React.memo — this defeats it
+<MemoButton onClick={() => save(id)} />
+```
+
+## Correct
+
+```tsx
+const onClick = useCallback(() => save(id), [id]);
+<MemoButton onClick={onClick} />
+```

package/skills/lemmaly/rules/js-array-key-index.md

@@ -0,0 +1,29 @@
+---
+id: js-array-key-index
+title: key={index} on a list — breaks identity for reorderable items
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: javascript
+tags: javascript, info
+---
+
+# key={index} on a list — breaks identity for reorderable items
+
+`key={index}` is fine for a static list. For a list that reorders, inserts, or deletes in the middle, it forces React to mismatch component state with the wrong row — losing input focus, animation, and local state.
+
+## Fix
+
+Use a stable id when the list can reorder, insert, or delete in the middle.
+
+## Incorrect
+
+```tsx
+{items.map((item, i) => <Row key={i} item={item} />)}
+```
+
+## Correct
+
+```tsx
+{items.map((item) => <Row key={item.id} item={item} />)}
+```

package/skills/lemmaly/rules/js-async-in-foreach.md

@@ -0,0 +1,43 @@
+---
+id: js-async-in-foreach
+title: async passed to .forEach — returned promises are dropped
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: javascript
+tags: javascript, error, complexity-cuts
+---
+
+# async passed to .forEach — returned promises are dropped
+
+`Array.prototype.forEach` ignores return values. Passing an `async` function returns promises that are dropped — errors are swallowed and the caller continues before the work finishes.
+
+## Fix
+
+Use `for (const x of arr) await fn(x)` or `await Promise.all(arr.map(fn))`.
+
+## Incorrect
+
+```ts
+// Promises dropped; errors silently swallowed
+items.forEach(async (item) => {
+  await save(item);
+});
+console.log('done'); // logs before any save completes
+```
+
+## Correct
+
+```ts
+// Sequential, with errors propagated
+for (const item of items) {
+  await save(item);
+}
+
+// Parallel
+await Promise.all(items.map((item) => save(item)));
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-await-in-for-loop.md

@@ -0,0 +1,41 @@
+---
+id: js-await-in-for-loop
+title: await inside for-loop — likely N+1 / serialized I/O
+severity: error
+impact: CRITICAL
+impactDescription: Will break or scale-fail in production
+language: javascript
+tags: javascript, error, complexity-cuts
+---
+
+# await inside for-loop — likely N+1 / serialized I/O
+
+Awaiting inside a `for` over independent items serializes wall-clock work into O(n × latency). For network or DB calls this is the N+1 problem.
+
+## Fix
+
+Collect promises into an array and use Promise.all(...), or batch with a bulk query (WHERE id IN (...)).
+
+## Incorrect
+
+```ts
+// Wall-clock: O(n × latency)
+for (const id of ids) {
+  const user = await db.users.findById(id);
+  results.push(user);
+}
+```
+
+## Correct
+
+```ts
+// Wall-clock: O(latency); one bulk query
+const users = await db.users.findMany({ where: { id: { in: ids } } });
+
+// Or, if calls are truly independent:
+const results = await Promise.all(ids.map(id => db.users.findById(id)));
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-deep-clone-via-json.md

@@ -0,0 +1,33 @@
+---
+id: js-deep-clone-via-json
+title: JSON.parse(JSON.stringify(x)) — slow clone; loses Dates/Maps/undefined
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning
+---
+
+# JSON.parse(JSON.stringify(x)) — slow clone; loses Dates/Maps/undefined
+
+`JSON.parse(JSON.stringify(x))` is slow, allocates twice, and silently loses `Date`, `Map`, `Set`, `undefined`, `BigInt`, `RegExp`, and any non-enumerable property. It is also unsafe on cyclic structures.
+
+## Fix
+
+Use structuredClone(x), or copy only the fields you actually need.
+
+## Incorrect
+
+```ts
+const copy = JSON.parse(JSON.stringify(state));
+// state.createdAt was a Date — now a string
+```
+
+## Correct
+
+```ts
+const copy = structuredClone(state); // preserves Date, Map, Set, cycles
+
+// Or, when you only need a few fields:
+const copy = { id: state.id, name: state.name };
+```

package/skills/lemmaly/rules/js-helper-call-in-iterator.md

@@ -0,0 +1,41 @@
+---
+id: js-helper-call-in-iterator
+title: get*/find*/fetch* helper called inside iterator — likely N round-trips
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning, complexity-cuts
+---
+
+# get*/find*/fetch* helper called inside iterator — likely N round-trips
+
+A `get*`/`find*`/`fetch*` helper inside an iterator usually means N independent lookups. If the helper hits a DB or network, this is N+1. If it scans an array, it is O(n × m).
+
+## Fix
+
+Hoist the helper out of the loop and pass a precomputed lookup (Map/Set) into the iterator, or batch with a single bulk query.
+
+## Incorrect
+
+```ts
+// N round trips
+const enriched = orders.map((o) => ({
+  ...o,
+  user: getUserById(o.userId),
+}));
+```
+
+## Correct
+
+```ts
+// 1 round trip
+const userIds = [...new Set(orders.map((o) => o.userId))];
+const users = await db.users.findMany({ where: { id: { in: userIds } } });
+const userById = new Map(users.map((u) => [u.id, u]));
+const enriched = orders.map((o) => ({ ...o, user: userById.get(o.userId) }));
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-includes-in-iterator.md

@@ -0,0 +1,37 @@
+---
+id: js-includes-in-iterator
+title: Array.includes inside .map/.filter/.forEach — O(n*m); use a Set
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: javascript
+tags: javascript, info, complexity-cuts
+---
+
+# Array.includes inside .map/.filter/.forEach — O(n*m); use a Set
+
+`.includes` on an array is O(n). Calling it inside `.map`/`.filter`/`.forEach` over m items is O(n × m). A `Set` lookup is O(1).
+
+## Fix
+
+Build a Set once outside the iterator, then `set.has(x)` inside.
+
+## Incorrect
+
+```ts
+// O(n × m)
+const allowed = ['admin', 'editor', 'owner'];
+const result = users.filter((u) => allowed.includes(u.role));
+```
+
+## Correct
+
+```ts
+// O(n + m)
+const allowed = new Set(['admin', 'editor', 'owner']);
+const result = users.filter((u) => allowed.has(u.role));
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-inline-object-jsx-prop.md

@@ -0,0 +1,35 @@
+---
+id: js-inline-object-jsx-prop
+title: Inline object literal as JSX prop — new reference every render
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning
+---
+
+# Inline object literal as JSX prop — new reference every render
+
+An inline object literal in JSX creates a new reference every render. If the child is `React.memo`, this defeats the memoization. If it is a dependency of a hook in the child, it re-fires that hook every render.
+
+## Fix
+
+Hoist outside render, or wrap in useMemo if the child is React.memo.
+
+## Incorrect
+
+```tsx
+<Chart options={{ animated: true, color: 'red' }} />
+```
+
+## Correct
+
+```tsx
+// Hoist if static
+const CHART_OPTIONS = { animated: true, color: 'red' };
+<Chart options={CHART_OPTIONS} />
+
+// Memoize if derived
+const options = useMemo(() => ({ animated, color }), [animated, color]);
+<Chart options={options} />
+```

package/skills/lemmaly/rules/js-nested-for-loops.md

@@ -0,0 +1,45 @@
+---
+id: js-nested-for-loops
+title: Nested for-loops — O(n*m); consider hashing one side
+severity: info
+impact: MEDIUM
+impactDescription: Suboptimal; flag when n is large or on a hot path
+language: javascript
+tags: javascript, info, complexity-cuts
+---
+
+# Nested for-loops — O(n*m); consider hashing one side
+
+Two `for` loops that check membership between arrays are O(n × m). Hashing one side into a `Set` makes it O(n + m).
+
+## Fix
+
+If looking up between the two arrays, put one into a Set/Map first → O(n+m).
+
+## Incorrect
+
+```ts
+// O(n × m)
+const matches = [];
+for (const a of left) {
+  for (const b of right) {
+    if (a.id === b.id) matches.push([a, b]);
+  }
+}
+```
+
+## Correct
+
+```ts
+// O(n + m)
+const rightById = new Map(right.map((b) => [b.id, b]));
+const matches = [];
+for (const a of left) {
+  const b = rightById.get(a.id);
+  if (b) matches.push([a, b]);
+}
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.

package/skills/lemmaly/rules/js-spread-in-reduce.md

@@ -0,0 +1,38 @@
+---
+id: js-spread-in-reduce
+title: Object spread inside reduce — O(n^2)
+severity: warning
+impact: HIGH
+impactDescription: Hot-path or correctness risk at realistic n
+language: javascript
+tags: javascript, warning, complexity-cuts
+---
+
+# Object spread inside reduce — O(n^2)
+
+Object-spread in a reducer copies the accumulator on every iteration — O(n²) work and O(n²) allocation. The result is the same as mutating once.
+
+## Fix
+
+Mutate the accumulator (`acc[k] = v; return acc`) or use Object.fromEntries(arr.map(...)).
+
+## Incorrect
+
+```ts
+// O(n²)
+const byId = items.reduce((acc, x) => ({ ...acc, [x.id]: x }), {});
+```
+
+## Correct
+
+```ts
+// O(n)
+const byId = Object.fromEntries(items.map((x) => [x.id, x]));
+
+// Or mutate the accumulator
+const byId = items.reduce((acc, x) => { acc[x.id] = x; return acc; }, {});
+```
+
+## Escalate to
+
+If this pattern is widespread in the codebase, load **complexity-cuts** for the corrective workflow.