octocode-cli 1.2.7 → 1.2.9

package/skills/octocode-research/.octocode/scan/2026-03-22T10-32-27-073Z/code-quality.json

@@ -0,0 +1 @@
+{"schemaVersion":"1.1.0","generatedAt":"2026-03-22T10:32:30.560Z","duplicateFlows":{"duplicatedFunctions":[],"duplicatedControlFlow":[],"totalFunctionGroups":0,"totalFlowGroups":0},"optimizationOpportunities":[],"findings":[{"id":"AST-ISSUE-0009","severity":"high","category":"await-in-loop","file":"src/server-init.ts","lineStart":94,"lineEnd":94,"title":"await inside loop — sequential async execution","reason":"Each await runs serially. For N iterations this takes N * latency instead of max(latency). Use Promise.all() or Promise.allSettled() for parallel execution.","files":["src/server-init.ts"],"suggestedFix":{"strategy":"Collect promises and await them in parallel with Promise.all().","steps":["Collect all async operations into an array of promises.","Use await Promise.all(promises) or Promise.allSettled(promises).","If order matters or rate limiting is needed, use a batching utility."]},"impact":"Sequential awaits multiply latency by N iterations — parallelizing can reduce total time to max(single-latency).","tags":["performance","async","n-plus-one"],"lspHints":[{"tool":"lspGotoDefinition","symbolName":"await","lineHint":94,"file":"src/server-init.ts","expectedResult":"navigate to the awaited call to check if parallelization is safe"}],"ruleId":"ast.await-in-loop","analysisLens":"ast","confidence":"low","evidence":{"category":"await-in-loop","location":"src/server-init.ts:94-94"},"correlatedSignals":["top-level-effects","paired:unreachable-module","paired:untested-critical-code","paired:dead-file","paired:empty-catch","paired:import-side-effect-risk","paired:listener-leak-risk","paired:missing-error-boundary"],"recommendedValidation":{"summary":"navigate to the awaited call to check if parallelization is safe","tools":["localSearchCode","lspGotoDefinition"]}},{"id":"AST-ISSUE-0010","severity":"high","category":"await-in-loop","file":"src/server-init.ts","lineStart":104,"lineEnd":104,"title":"await inside loop — sequential async execution","reason":"Each await runs serially. For N iterations this takes N * latency instead of max(latency). Use Promise.all() or Promise.allSettled() for parallel execution.","files":["src/server-init.ts"],"suggestedFix":{"strategy":"Collect promises and await them in parallel with Promise.all().","steps":["Collect all async operations into an array of promises.","Use await Promise.all(promises) or Promise.allSettled(promises).","If order matters or rate limiting is needed, use a batching utility."]},"impact":"Sequential awaits multiply latency by N iterations — parallelizing can reduce total time to max(single-latency).","tags":["performance","async","n-plus-one"],"lspHints":[{"tool":"lspGotoDefinition","symbolName":"await","lineHint":104,"file":"src/server-init.ts","expectedResult":"navigate to the awaited call to check if parallelization is safe"}],"ruleId":"ast.await-in-loop","analysisLens":"ast","confidence":"low","evidence":{"category":"await-in-loop","location":"src/server-init.ts:104-104"},"correlatedSignals":["top-level-effects","paired:unreachable-module","paired:untested-critical-code","paired:dead-file","paired:empty-catch","paired:import-side-effect-risk","paired:listener-leak-risk","paired:missing-error-boundary"],"recommendedValidation":{"summary":"navigate to the awaited call to check if parallelization is safe","tools":["localSearchCode","lspGotoDefinition"]}},{"id":"AST-ISSUE-0011","severity":"high","category":"await-in-loop","file":"src/utils/retry.ts","lineStart":113,"lineEnd":113,"title":"await inside loop — sequential async execution","reason":"Each await runs serially. For N iterations this takes N * latency instead of max(latency). Use Promise.all() or Promise.allSettled() for parallel execution.","files":["src/utils/retry.ts"],"suggestedFix":{"strategy":"Collect promises and await them in parallel with Promise.all().","steps":["Collect all async operations into an array of promises.","Use await Promise.all(promises) or Promise.allSettled(promises).","If order matters or rate limiting is needed, use a batching utility."]},"impact":"Sequential awaits multiply latency by N iterations — parallelizing can reduce total time to max(single-latency).","tags":["performance","async","n-plus-one"],"lspHints":[{"tool":"lspGotoDefinition","symbolName":"await","lineHint":113,"file":"src/utils/retry.ts","expectedResult":"navigate to the awaited call to check if parallelization is safe"}],"ruleId":"ast.await-in-loop","analysisLens":"ast","confidence":"low","evidence":{"category":"await-in-loop","location":"src/utils/retry.ts:113-113"},"correlatedSignals":["hot-file","paired:dead-export","paired:feature-envy","paired:semantic-dead-export"],"recommendedValidation":{"summary":"navigate to the awaited call to check if parallelization is safe","tools":["localSearchCode","lspGotoDefinition"]}},{"id":"AST-ISSUE-0012","severity":"high","category":"await-in-loop","file":"src/utils/retry.ts","lineStart":128,"lineEnd":128,"title":"await inside loop — sequential async execution","reason":"Each await runs serially. For N iterations this takes N * latency instead of max(latency). Use Promise.all() or Promise.allSettled() for parallel execution.","files":["src/utils/retry.ts"],"suggestedFix":{"strategy":"Collect promises and await them in parallel with Promise.all().","steps":["Collect all async operations into an array of promises.","Use await Promise.all(promises) or Promise.allSettled(promises).","If order matters or rate limiting is needed, use a batching utility."]},"impact":"Sequential awaits multiply latency by N iterations — parallelizing can reduce total time to max(single-latency).","tags":["performance","async","n-plus-one"],"lspHints":[{"tool":"lspGotoDefinition","symbolName":"await","lineHint":128,"file":"src/utils/retry.ts","expectedResult":"navigate to the awaited call to check if parallelization is safe"}],"ruleId":"ast.await-in-loop","analysisLens":"ast","confidence":"low","evidence":{"category":"await-in-loop","location":"src/utils/retry.ts:128-128"},"correlatedSignals":["hot-file","paired:dead-export","paired:feature-envy","paired:semantic-dead-export"],"recommendedValidation":{"summary":"navigate to the awaited call to check if parallelization is safe","tools":["localSearchCode","lspGotoDefinition"]}},{"id":"AST-ISSUE-0014","severity":"high","category":"cognitive-complexity","file":"src/routes/lsp.ts","lineStart":97,"lineEnd":146,"title":"High cognitive complexity: extractLocations (36)","reason":"Function cognitive complexity is 36 (threshold: 15). Nested branches compound reading difficulty.","files":["src/routes/lsp.ts:97-146"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"extractLocations","lineHint":97,"file":"src/routes/lsp.ts","expectedResult":"understand call graph before simplifying extractLocations"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/routes/lsp.ts:97-146"},"correlatedSignals":["hot-file","critical-path-context","paired:unreachable-module","paired:dependency-test-only","paired:move-to-caller"],"recommendedValidation":{"summary":"understand call graph before simplifying extractLocations","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0015","severity":"high","category":"cognitive-complexity","file":"src/routes/package.ts","lineStart":51,"lineEnd":110,"title":"High cognitive complexity: extractPackages (33)","reason":"Function cognitive complexity is 33 (threshold: 15). Nested branches compound reading difficulty.","files":["src/routes/package.ts:51-110"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"extractPackages","lineHint":51,"file":"src/routes/package.ts","expectedResult":"understand call graph before simplifying extractPackages"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/routes/package.ts:51-110"},"correlatedSignals":["hot-file","critical-path-context","paired:dependency-critical-path","paired:unreachable-module","paired:unvalidated-input-sink","paired:dependency-test-only","paired:move-to-caller"],"recommendedValidation":{"summary":"understand call graph before simplifying extractPackages","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0016","severity":"high","category":"cognitive-complexity","file":"src/utils/responseParser.ts","lineStart":96,"lineEnd":173,"title":"High cognitive complexity: parseToolResponse (29)","reason":"Function cognitive complexity is 29 (threshold: 15). Nested branches compound reading difficulty.","files":["src/utils/responseParser.ts:96-173"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"parseToolResponse","lineHint":96,"file":"src/utils/responseParser.ts","expectedResult":"understand call graph before simplifying parseToolResponse"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/utils/responseParser.ts:96-173"},"correlatedSignals":["hot-file","paired:dead-export","paired:semantic-dead-export","paired:untested-critical-code","paired:over-abstraction","paired:move-to-caller"],"recommendedValidation":{"summary":"understand call graph before simplifying parseToolResponse","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0017","severity":"high","category":"cognitive-complexity","file":"src/utils/responseParser.ts","lineStart":195,"lineEnd":272,"title":"High cognitive complexity: parseToolResponseBulk (30)","reason":"Function cognitive complexity is 30 (threshold: 15). Nested branches compound reading difficulty.","files":["src/utils/responseParser.ts:195-272"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"parseToolResponseBulk","lineHint":195,"file":"src/utils/responseParser.ts","expectedResult":"understand call graph before simplifying parseToolResponseBulk"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/utils/responseParser.ts:195-272"},"correlatedSignals":["hot-file","paired:dead-export","paired:semantic-dead-export","paired:untested-critical-code","paired:over-abstraction","paired:move-to-caller"],"recommendedValidation":{"summary":"understand call graph before simplifying parseToolResponseBulk","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0061","severity":"high","category":"god-module","file":"src/validation/schemas.ts","lineStart":1,"lineEnd":1,"title":"God module: src/validation/schemas.ts","reason":"Module is excessively large: 39 exports (threshold: 20).","files":["src/validation/schemas.ts"],"suggestedFix":{"strategy":"Split module into focused sub-modules with single responsibilities.","steps":["Identify distinct functional groups within the module.","Extract each group into a dedicated module.","Create a barrel if backward compatibility is needed.","Update imports incrementally."]},"impact":"Smaller modules are easier to understand, test, and maintain.","tags":["complexity","responsibility","size"],"lspHints":[{"tool":"lspFindReferences","symbolName":"schemas.ts","lineHint":1,"file":"src/validation/schemas.ts","expectedResult":"identify consumer clusters to guide module splitting strategy"}],"ruleId":"ast.god-module","analysisLens":"ast","confidence":"low","evidence":{"category":"god-module","location":"src/validation/schemas.ts:1-1"},"correlatedSignals":["hot-file","paired:untested-critical-code","paired:feature-envy","paired:semantic-dead-export"],"recommendedValidation":{"summary":"identify consumer clusters to guide module splitting strategy","tools":["localSearchCode","lspFindReferences"]}},{"id":"AST-ISSUE-0110","severity":"high","category":"similar-function-body","file":"src/utils/responseBuilder.ts","lineStart":133,"lineEnd":170,"title":"Similar function: fileContent (97% similar to bulkResult in src/utils/responseBuilder.ts)","reason":"\"fileContent\" and \"bulkResult\" have 97% structural similarity. Near-duplicates diverge over time and should be consolidated.","files":["src/utils/responseBuilder.ts","src/utils/responseBuilder.ts"],"suggestedFix":{"strategy":"Extract shared logic into a parameterized helper.","steps":["Compare src/utils/responseBuilder.ts:133 with src/utils/responseBuilder.ts:410.","Identify the varying parts and extract them as parameters.","Create a shared function and call it from both locations."]},"impact":"Near-clone functions diverge over time, causing inconsistent behavior and multiplied maintenance cost.","tags":["duplication","maintainability","near-clone"],"ruleId":"ast.similar-function-body","analysisLens":"ast","confidence":"low","evidence":{"category":"similar-function-body","location":"src/utils/responseBuilder.ts:133-170"},"correlatedSignals":["hot-file","critical-path-context","paired:distance-from-main-sequence","paired:cognitive-complexity","paired:over-abstraction"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0144","severity":"medium","category":"cognitive-complexity","file":"src/middleware/queryParser.ts","lineStart":31,"lineEnd":77,"title":"High cognitive complexity: parseAndValidate (16)","reason":"Function cognitive complexity is 16 (threshold: 15). Nested branches compound reading difficulty.","files":["src/middleware/queryParser.ts:31-77"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"parseAndValidate","lineHint":31,"file":"src/middleware/queryParser.ts","expectedResult":"understand call graph before simplifying parseAndValidate"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/middleware/queryParser.ts:31-77"},"correlatedSignals":["paired:dead-export","paired:semantic-dead-export","paired:unreachable-module","paired:input-passthrough-risk","paired:prototype-pollution-risk"],"recommendedValidation":{"summary":"understand call graph before simplifying parseAndValidate","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0145","severity":"medium","category":"cognitive-complexity","file":"src/routes/lsp.ts","lineStart":149,"lineEnd":177,"title":"High cognitive complexity: extractCallHierarchyLocations (16)","reason":"Function cognitive complexity is 16 (threshold: 15). Nested branches compound reading difficulty.","files":["src/routes/lsp.ts:149-177"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"extractCallHierarchyLocations","lineHint":149,"file":"src/routes/lsp.ts","expectedResult":"understand call graph before simplifying extractCallHierarchyLocations"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/routes/lsp.ts:149-177"},"correlatedSignals":["hot-file","critical-path-context","paired:unreachable-module","paired:dependency-test-only","paired:move-to-caller"],"recommendedValidation":{"summary":"understand call graph before simplifying extractCallHierarchyLocations","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0146","severity":"medium","category":"cognitive-complexity","file":"src/utils/responseBuilder.ts","lineStart":75,"lineEnd":128,"title":"High cognitive complexity: searchResults (22)","reason":"Function cognitive complexity is 22 (threshold: 15). Nested branches compound reading difficulty.","files":["src/utils/responseBuilder.ts:75-128"],"suggestedFix":{"strategy":"Reduce nesting and simplify control flow.","steps":["Convert nested branches into early returns / guard clauses.","Extract deeply nested blocks into named helper functions.","Replace complex boolean chains with named predicates."]},"impact":"Lower cognitive complexity directly correlates with fewer bugs and faster code reviews.","tags":["complexity","readability","nesting"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"searchResults","lineHint":75,"file":"src/utils/responseBuilder.ts","expectedResult":"understand call graph before simplifying searchResults"}],"ruleId":"ast.cognitive-complexity","analysisLens":"ast","confidence":"low","evidence":{"category":"cognitive-complexity","location":"src/utils/responseBuilder.ts:75-128"},"correlatedSignals":["hot-file","critical-path-context","paired:distance-from-main-sequence","paired:similar-function-body","paired:over-abstraction"],"recommendedValidation":{"summary":"understand call graph before simplifying searchResults","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0236","severity":"medium","category":"empty-catch","file":"src/server-init.ts","lineStart":172,"lineEnd":174,"title":"Empty catch block silently swallows errors","reason":"Catch block at line 172 has no statements — errors are silently ignored.","files":["src/server-init.ts:172-174"],"suggestedFix":{"strategy":"Log, re-throw, or handle the error explicitly.","steps":["Add error logging (console.error or a logger) at minimum.","Re-throw if the caller should handle the error.","Add a comment explaining why swallowing is intentional, if it truly is."]},"impact":"Prevents silent failures that are extremely hard to debug in production.","tags":["error-handling","reliability","silent-failure"],"ruleId":"ast.empty-catch","analysisLens":"ast","confidence":"low","evidence":{"category":"empty-catch","location":"src/server-init.ts:172-174"},"correlatedSignals":["top-level-effects","paired:await-in-loop","paired:unreachable-module","paired:untested-critical-code","paired:dead-file","paired:import-side-effect-risk","paired:listener-leak-risk","paired:missing-error-boundary"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0237","severity":"medium","category":"empty-catch","file":"src/utils/logger.ts","lineStart":109,"lineEnd":111,"title":"Empty catch block silently swallows errors","reason":"Catch block at line 109 has no statements — errors are silently ignored.","files":["src/utils/logger.ts:109-111"],"suggestedFix":{"strategy":"Log, re-throw, or handle the error explicitly.","steps":["Add error logging (console.error or a logger) at minimum.","Re-throw if the caller should handle the error.","Add a comment explaining why swallowing is intentional, if it truly is."]},"impact":"Prevents silent failures that are extremely hard to debug in production.","tags":["error-handling","reliability","silent-failure"],"ruleId":"ast.empty-catch","analysisLens":"ast","confidence":"low","evidence":{"category":"empty-catch","location":"src/utils/logger.ts:109-111"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:excessive-parameters","paired:input-passthrough-risk","paired:listener-leak-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0238","severity":"medium","category":"empty-catch","file":"src/utils/logger.ts","lineStart":130,"lineEnd":132,"title":"Empty catch block silently swallows errors","reason":"Catch block at line 130 has no statements — errors are silently ignored.","files":["src/utils/logger.ts:130-132"],"suggestedFix":{"strategy":"Log, re-throw, or handle the error explicitly.","steps":["Add error logging (console.error or a logger) at minimum.","Re-throw if the caller should handle the error.","Add a comment explaining why swallowing is intentional, if it truly is."]},"impact":"Prevents silent failures that are extremely hard to debug in production.","tags":["error-handling","reliability","silent-failure"],"ruleId":"ast.empty-catch","analysisLens":"ast","confidence":"low","evidence":{"category":"empty-catch","location":"src/utils/logger.ts:130-132"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:excessive-parameters","paired:input-passthrough-risk","paired:listener-leak-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0239","severity":"medium","category":"excessive-parameters","file":"src/utils/logger.ts","lineStart":285,"lineEnd":302,"title":"Excessive parameters: logToolSuccess (6 params)","reason":"Function has 6 parameters (threshold: 5). High parameter counts make call sites hard to read and signal the function may be doing too much.","files":["src/utils/logger.ts:285-302"],"suggestedFix":{"strategy":"Introduce a parameter object or split the function.","steps":["Group related parameters into an options/config object.","Use destructuring at the function signature for clarity.","Consider splitting into smaller, focused functions if params serve different concerns."]},"impact":"Improves call-site readability and makes the API easier to evolve.","tags":["api-design","readability","refactor"],"ruleId":"ast.excessive-parameters","analysisLens":"ast","confidence":"low","evidence":{"category":"excessive-parameters","location":"src/utils/logger.ts:285-302"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:input-passthrough-risk","paired:listener-leak-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0240","severity":"medium","category":"excessive-parameters","file":"src/utils/logger.ts","lineStart":307,"lineEnd":324,"title":"Excessive parameters: logToolError (6 params)","reason":"Function has 6 parameters (threshold: 5). High parameter counts make call sites hard to read and signal the function may be doing too much.","files":["src/utils/logger.ts:307-324"],"suggestedFix":{"strategy":"Introduce a parameter object or split the function.","steps":["Group related parameters into an options/config object.","Use destructuring at the function signature for clarity.","Consider splitting into smaller, focused functions if params serve different concerns."]},"impact":"Improves call-site readability and makes the API easier to evolve.","tags":["api-design","readability","refactor"],"ruleId":"ast.excessive-parameters","analysisLens":"ast","confidence":"low","evidence":{"category":"excessive-parameters","location":"src/utils/logger.ts:307-324"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:input-passthrough-risk","paired:listener-leak-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0248","severity":"medium","category":"listener-leak-risk","file":"src/middleware/logger.ts","lineStart":30,"lineEnd":57,"title":"1 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/middleware/logger.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/middleware/logger.ts:30-57"},"correlatedSignals":["critical-path-context","paired:input-passthrough-risk","paired:similar-function-body","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0249","severity":"medium","category":"listener-leak-risk","file":"src/routes/tools.ts","lineStart":575,"lineEnd":581,"title":"1 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/routes/tools.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/routes/tools.ts:575-581"},"correlatedSignals":["hot-file","critical-path-context","paired:hardcoded-secret","paired:prototype-pollution-risk","paired:untested-critical-code","paired:unvalidated-input-sink","paired:over-abstraction","paired:type-assertion-escape"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0250","severity":"medium","category":"listener-leak-risk","file":"src/server-init.ts","lineStart":73,"lineEnd":183,"title":"4 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/server-init.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/server-init.ts:73-183"},"correlatedSignals":["top-level-effects","paired:await-in-loop","paired:unreachable-module","paired:untested-critical-code","paired:dead-file","paired:empty-catch","paired:import-side-effect-risk","paired:missing-error-boundary"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0251","severity":"medium","category":"listener-leak-risk","file":"src/server.ts","lineStart":269,"lineEnd":270,"title":"2 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/server.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/server.ts:269-270"},"correlatedSignals":["hot-file","critical-path-context","top-level-effects","paired:dependency-critical-path","paired:untested-critical-code","paired:import-side-effect-risk","paired:missing-error-boundary","paired:uncleared-timer"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0252","severity":"medium","category":"listener-leak-risk","file":"src/utils/asyncTimeout.ts","lineStart":59,"lineEnd":108,"title":"2 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/utils/asyncTimeout.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/utils/asyncTimeout.ts:59-108"},"correlatedSignals":["hot-file","paired:distance-from-main-sequence","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0253","severity":"medium","category":"listener-leak-risk","file":"src/utils/logger.ts","lineStart":375,"lineEnd":388,"title":"1 event listener(s) added without any removal","reason":"addEventListener/on without corresponding removeEventListener/off risks memory leaks if the target outlives the subscriber.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Add corresponding listener removal in cleanup.","steps":["Store the handler reference in a variable.","Call removeEventListener/off in cleanup (unmount, dispose, close).","Or use AbortController signal for automatic cleanup."]},"impact":"Listener references prevent garbage collection of the subscriber, causing memory growth proportional to event-target lifetime.","tags":["performance","memory-leak","events"],"ruleId":"ast.listener-leak-risk","analysisLens":"ast","confidence":"low","evidence":{"category":"listener-leak-risk","location":"src/utils/logger.ts:375-388"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0256","severity":"medium","category":"missing-error-boundary","file":"src/mcpCache.ts","lineStart":23,"lineEnd":28,"title":"Missing error boundary: <anonymous> (2 awaits, no try-catch)","reason":"Async function \"<anonymous>\" has 2 await(s) but no try-catch. Rejected promises propagate as unhandled rejections.","files":["src/mcpCache.ts"],"suggestedFix":{"strategy":"Wrap await calls in try-catch or add a .catch() handler.","steps":["Add a try-catch block around the await expressions.","Handle errors appropriately (log, return default, re-throw with context).","If the caller handles errors, document it with a comment."]},"impact":"Unhandled promise rejections crash Node.js processes and cause silent failures in browsers.","tags":["error-handling","async","reliability"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"<anonymous>","lineHint":23,"file":"src/mcpCache.ts","expectedResult":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream"}],"ruleId":"ast.missing-error-boundary","analysisLens":"ast","confidence":"low","evidence":{"category":"missing-error-boundary","location":"src/mcpCache.ts:23-28"},"correlatedSignals":["paired:distance-from-main-sequence","paired:low-cohesion","paired:promise-misuse","paired:move-to-caller"],"recommendedValidation":{"summary":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0257","severity":"medium","category":"missing-error-boundary","file":"src/server-init.ts","lineStart":89,"lineEnd":109,"title":"Missing error boundary: waitForReady (2 awaits, no try-catch)","reason":"Async function \"waitForReady\" has 2 await(s) but no try-catch. Rejected promises propagate as unhandled rejections.","files":["src/server-init.ts"],"suggestedFix":{"strategy":"Wrap await calls in try-catch or add a .catch() handler.","steps":["Add a try-catch block around the await expressions.","Handle errors appropriately (log, return default, re-throw with context).","If the caller handles errors, document it with a comment."]},"impact":"Unhandled promise rejections crash Node.js processes and cause silent failures in browsers.","tags":["error-handling","async","reliability"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"waitForReady","lineHint":89,"file":"src/server-init.ts","expectedResult":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream"}],"ruleId":"ast.missing-error-boundary","analysisLens":"ast","confidence":"low","evidence":{"category":"missing-error-boundary","location":"src/server-init.ts:89-109"},"correlatedSignals":["top-level-effects","paired:await-in-loop","paired:unreachable-module","paired:untested-critical-code","paired:dead-file","paired:empty-catch","paired:import-side-effect-risk","paired:listener-leak-risk"],"recommendedValidation":{"summary":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0258","severity":"medium","category":"missing-error-boundary","file":"src/server.ts","lineStart":219,"lineEnd":266,"title":"Missing error boundary: startServer (2 awaits, no try-catch)","reason":"Async function \"startServer\" has 2 await(s) but no try-catch. Rejected promises propagate as unhandled rejections.","files":["src/server.ts"],"suggestedFix":{"strategy":"Wrap await calls in try-catch or add a .catch() handler.","steps":["Add a try-catch block around the await expressions.","Handle errors appropriately (log, return default, re-throw with context).","If the caller handles errors, document it with a comment."]},"impact":"Unhandled promise rejections crash Node.js processes and cause silent failures in browsers.","tags":["error-handling","async","reliability"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"startServer","lineHint":219,"file":"src/server.ts","expectedResult":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream"}],"ruleId":"ast.missing-error-boundary","analysisLens":"ast","confidence":"low","evidence":{"category":"missing-error-boundary","location":"src/server.ts:219-266"},"correlatedSignals":["hot-file","critical-path-context","top-level-effects","paired:dependency-critical-path","paired:untested-critical-code","paired:import-side-effect-risk","paired:listener-leak-risk","paired:uncleared-timer"],"recommendedValidation":{"summary":"check if callers wrap this in try-catch or .catch() — if so, the boundary may exist upstream","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0275","severity":"medium","category":"promise-misuse","file":"src/mcpCache.ts","lineStart":18,"lineEnd":31,"title":"Unnecessary async: initializeMcpContent has no await","reason":"Function \"initializeMcpContent\" is declared `async` but never uses `await`. The `async` keyword adds unnecessary Promise wrapping.","files":["src/mcpCache.ts"],"suggestedFix":{"strategy":"Remove the async keyword or add the missing await.","steps":["If the function does not need to be async, remove the `async` keyword.","If an `await` was forgotten, add it to the appropriate call.","Verify callers handle the return value correctly after the change."]},"impact":"Unnecessary async wrapping adds microtask overhead and misleads readers.","tags":["async","performance","clarity"],"ruleId":"ast.promise-misuse","analysisLens":"ast","confidence":"low","evidence":{"category":"promise-misuse","location":"src/mcpCache.ts:18-31"},"correlatedSignals":["paired:distance-from-main-sequence","paired:low-cohesion","paired:missing-error-boundary","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0276","severity":"medium","category":"promise-misuse","file":"src/utils/logger.ts","lineStart":46,"lineEnd":65,"title":"Unnecessary async: ensureLogsDirAsync has no await","reason":"Function \"ensureLogsDirAsync\" is declared `async` but never uses `await`. The `async` keyword adds unnecessary Promise wrapping.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Remove the async keyword or add the missing await.","steps":["If the function does not need to be async, remove the `async` keyword.","If an `await` was forgotten, add it to the appropriate call.","Verify callers handle the return value correctly after the change."]},"impact":"Unnecessary async wrapping adds microtask overhead and misleads readers.","tags":["async","performance","clarity"],"ruleId":"ast.promise-misuse","analysisLens":"ast","confidence":"low","evidence":{"category":"promise-misuse","location":"src/utils/logger.ts:46-65"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0278","severity":"medium","category":"similar-function-body","file":"src/middleware/logger.ts","lineStart":30,"lineEnd":57,"title":"Similar function: <anonymous> (85% similar to <anonymous> in src/validation/httpPreprocess.ts)","reason":"\"<anonymous>\" and \"<anonymous>\" have 85% structural similarity. Near-duplicates diverge over time and should be consolidated.","files":["src/middleware/logger.ts","src/validation/httpPreprocess.ts"],"suggestedFix":{"strategy":"Extract shared logic into a parameterized helper.","steps":["Compare src/middleware/logger.ts:30 with src/validation/httpPreprocess.ts:87.","Identify the varying parts and extract them as parameters.","Create a shared function and call it from both locations."]},"impact":"Near-clone functions diverge over time, causing inconsistent behavior and multiplied maintenance cost.","tags":["duplication","maintainability","near-clone"],"ruleId":"ast.similar-function-body","analysisLens":"ast","confidence":"low","evidence":{"category":"similar-function-body","location":"src/middleware/logger.ts:30-57"},"correlatedSignals":["critical-path-context","paired:input-passthrough-risk","paired:listener-leak-risk","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0279","severity":"medium","category":"similar-function-body","file":"src/routes/local.ts","lineStart":107,"lineEnd":127,"title":"Similar function: transform (89% similar to <anonymous> in src/routes/lsp.ts)","reason":"\"transform\" and \"<anonymous>\" have 89% structural similarity. Near-duplicates diverge over time and should be consolidated.","files":["src/routes/local.ts","src/routes/lsp.ts"],"suggestedFix":{"strategy":"Extract shared logic into a parameterized helper.","steps":["Compare src/routes/local.ts:107 with src/routes/lsp.ts:162.","Identify the varying parts and extract them as parameters.","Create a shared function and call it from both locations."]},"impact":"Near-clone functions diverge over time, causing inconsistent behavior and multiplied maintenance cost.","tags":["duplication","maintainability","near-clone"],"ruleId":"ast.similar-function-body","analysisLens":"ast","confidence":"low","evidence":{"category":"similar-function-body","location":"src/routes/local.ts:107-127"},"correlatedSignals":["hot-file","critical-path-context","paired:dependency-critical-path","paired:unreachable-module","paired:dependency-test-only","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0280","severity":"medium","category":"similar-function-body","file":"src/utils/responseBuilder.ts","lineStart":75,"lineEnd":128,"title":"Similar function: searchResults (85% similar to pullRequests in src/utils/responseBuilder.ts)","reason":"\"searchResults\" and \"pullRequests\" have 85% structural similarity. Near-duplicates diverge over time and should be consolidated.","files":["src/utils/responseBuilder.ts","src/utils/responseBuilder.ts"],"suggestedFix":{"strategy":"Extract shared logic into a parameterized helper.","steps":["Compare src/utils/responseBuilder.ts:75 with src/utils/responseBuilder.ts:356.","Identify the varying parts and extract them as parameters.","Create a shared function and call it from both locations."]},"impact":"Near-clone functions diverge over time, causing inconsistent behavior and multiplied maintenance cost.","tags":["duplication","maintainability","near-clone"],"ruleId":"ast.similar-function-body","analysisLens":"ast","confidence":"low","evidence":{"category":"similar-function-body","location":"src/utils/responseBuilder.ts:75-128"},"correlatedSignals":["hot-file","critical-path-context","paired:distance-from-main-sequence","paired:cognitive-complexity","paired:over-abstraction"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0281","severity":"medium","category":"similar-function-body","file":"src/utils/responseBuilder.ts","lineStart":175,"lineEnd":236,"title":"Similar function: lspResult (87% similar to pullRequests in src/utils/responseBuilder.ts)","reason":"\"lspResult\" and \"pullRequests\" have 87% structural similarity. Near-duplicates diverge over time and should be consolidated.","files":["src/utils/responseBuilder.ts","src/utils/responseBuilder.ts"],"suggestedFix":{"strategy":"Extract shared logic into a parameterized helper.","steps":["Compare src/utils/responseBuilder.ts:175 with src/utils/responseBuilder.ts:356.","Identify the varying parts and extract them as parameters.","Create a shared function and call it from both locations."]},"impact":"Near-clone functions diverge over time, causing inconsistent behavior and multiplied maintenance cost.","tags":["duplication","maintainability","near-clone"],"ruleId":"ast.similar-function-body","analysisLens":"ast","confidence":"low","evidence":{"category":"similar-function-body","location":"src/utils/responseBuilder.ts:175-236"},"correlatedSignals":["hot-file","critical-path-context","paired:distance-from-main-sequence","paired:cognitive-complexity","paired:over-abstraction"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0282","severity":"medium","category":"sync-io","file":"src/utils/logger.ts","lineStart":74,"lineEnd":74,"title":"Synchronous I/O: existsSync","reason":"existsSync blocks the event loop. In server or UI code this degrades responsiveness for all concurrent operations.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Replace with async equivalent.","steps":["Replace existsSync with its async counterpart (e.g. fs.promises.readFile).","Sync I/O is acceptable in CLI scripts, build tools, or one-time init code."]},"impact":"Synchronous I/O blocks the event loop, stalling all concurrent requests until the operation completes.","tags":["performance","blocking","io"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"existsSync","lineHint":74,"file":"src/utils/logger.ts","expectedResult":"find callers to assess if this sync I/O is in a hot path"}],"ruleId":"ast.sync-io","analysisLens":"ast","confidence":"low","evidence":{"category":"sync-io","location":"src/utils/logger.ts:74-74"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"find callers to assess if this sync I/O is in a hot path","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0283","severity":"medium","category":"sync-io","file":"src/utils/logger.ts","lineStart":75,"lineEnd":75,"title":"Synchronous I/O: mkdirSync","reason":"mkdirSync blocks the event loop. In server or UI code this degrades responsiveness for all concurrent operations.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Replace with async equivalent.","steps":["Replace mkdirSync with its async counterpart (e.g. fs.promises.readFile).","Sync I/O is acceptable in CLI scripts, build tools, or one-time init code."]},"impact":"Synchronous I/O blocks the event loop, stalling all concurrent requests until the operation completes.","tags":["performance","blocking","io"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"mkdirSync","lineHint":75,"file":"src/utils/logger.ts","expectedResult":"find callers to assess if this sync I/O is in a hot path"}],"ruleId":"ast.sync-io","analysisLens":"ast","confidence":"low","evidence":{"category":"sync-io","location":"src/utils/logger.ts:75-75"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"find callers to assess if this sync I/O is in a hot path","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0284","severity":"medium","category":"sync-io","file":"src/utils/logger.ts","lineStart":77,"lineEnd":77,"title":"Synchronous I/O: existsSync","reason":"existsSync blocks the event loop. In server or UI code this degrades responsiveness for all concurrent operations.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Replace with async equivalent.","steps":["Replace existsSync with its async counterpart (e.g. fs.promises.readFile).","Sync I/O is acceptable in CLI scripts, build tools, or one-time init code."]},"impact":"Synchronous I/O blocks the event loop, stalling all concurrent requests until the operation completes.","tags":["performance","blocking","io"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"existsSync","lineHint":77,"file":"src/utils/logger.ts","expectedResult":"find callers to assess if this sync I/O is in a hot path"}],"ruleId":"ast.sync-io","analysisLens":"ast","confidence":"low","evidence":{"category":"sync-io","location":"src/utils/logger.ts:77-77"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"find callers to assess if this sync I/O is in a hot path","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0285","severity":"medium","category":"sync-io","file":"src/utils/logger.ts","lineStart":78,"lineEnd":78,"title":"Synchronous I/O: mkdirSync","reason":"mkdirSync blocks the event loop. In server or UI code this degrades responsiveness for all concurrent operations.","files":["src/utils/logger.ts"],"suggestedFix":{"strategy":"Replace with async equivalent.","steps":["Replace mkdirSync with its async counterpart (e.g. fs.promises.readFile).","Sync I/O is acceptable in CLI scripts, build tools, or one-time init code."]},"impact":"Synchronous I/O blocks the event loop, stalling all concurrent requests until the operation completes.","tags":["performance","blocking","io"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"mkdirSync","lineHint":78,"file":"src/utils/logger.ts","expectedResult":"find callers to assess if this sync I/O is in a hot path"}],"ruleId":"ast.sync-io","analysisLens":"ast","confidence":"low","evidence":{"category":"sync-io","location":"src/utils/logger.ts:78-78"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:semantic-dead-export","paired:sql-injection-risk","paired:empty-catch","paired:excessive-parameters","paired:input-passthrough-risk"],"recommendedValidation":{"summary":"find callers to assess if this sync I/O is in a hot path","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0286","severity":"medium","category":"type-assertion-escape","file":"src/routes/tools.ts","lineStart":111,"lineEnd":111,"title":"Type-safety escapes in src/routes/tools.ts (3)","reason":"Found 1 double-assertion, 2 non-null `!`. Each assertion bypasses TypeScript's type checker.","files":["src/routes/tools.ts"],"suggestedFix":{"strategy":"Replace type assertions with proper type guards or narrow types.","steps":["Replace `as any` with `unknown` and add runtime type checks.","Replace `as unknown as T` with proper generic constraints.","Replace `!` assertions with explicit null checks."]},"impact":"Type assertions silence the compiler — runtime errors go undetected.","tags":["type-safety","assertions","code-quality"],"ruleId":"ast.type-assertion-escape","analysisLens":"ast","confidence":"low","evidence":{"category":"type-assertion-escape","location":"src/routes/tools.ts:111-111"},"correlatedSignals":["hot-file","critical-path-context","paired:hardcoded-secret","paired:prototype-pollution-risk","paired:untested-critical-code","paired:unvalidated-input-sink","paired:listener-leak-risk","paired:over-abstraction"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0287","severity":"medium","category":"type-assertion-escape","file":"src/utils/circuitBreaker.ts","lineStart":98,"lineEnd":98,"title":"Type-safety escapes in src/utils/circuitBreaker.ts (1)","reason":"Found 1 non-null `!`. Each assertion bypasses TypeScript's type checker.","files":["src/utils/circuitBreaker.ts"],"suggestedFix":{"strategy":"Replace type assertions with proper type guards or narrow types.","steps":["Replace `as any` with `unknown` and add runtime type checks.","Replace `as unknown as T` with proper generic constraints.","Replace `!` assertions with explicit null checks."]},"impact":"Type assertions silence the compiler — runtime errors go undetected.","tags":["type-safety","assertions","code-quality"],"ruleId":"ast.type-assertion-escape","analysisLens":"ast","confidence":"low","evidence":{"category":"type-assertion-escape","location":"src/utils/circuitBreaker.ts:98-98"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:prototype-pollution-risk","paired:semantic-dead-export","paired:over-abstraction","paired:uncleared-timer","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0288","severity":"medium","category":"uncleared-timer","file":"src/server.ts","lineStart":66,"lineEnd":66,"title":"setInterval without clearInterval in scope","reason":"setInterval without cleanup runs indefinitely, causing memory leaks and unexpected behavior after component unmount or scope exit.","files":["src/server.ts"],"suggestedFix":{"strategy":"Store the timer ID and call clearInterval in cleanup.","steps":["Assign the return value: const id = setInterval(...).","Call clearInterval(id) in cleanup (useEffect return, componentWillUnmount, or scope exit)."]},"impact":"Uncleared intervals run indefinitely, leaking memory and CPU cycles after their scope is no longer relevant.","tags":["performance","memory-leak","timer"],"ruleId":"ast.uncleared-timer","analysisLens":"ast","confidence":"low","evidence":{"category":"uncleared-timer","location":"src/server.ts:66-66"},"correlatedSignals":["hot-file","critical-path-context","top-level-effects","paired:dependency-critical-path","paired:untested-critical-code","paired:import-side-effect-risk","paired:listener-leak-risk","paired:missing-error-boundary"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0289","severity":"medium","category":"uncleared-timer","file":"src/utils/circuitBreaker.ts","lineStart":433,"lineEnd":435,"title":"setInterval without clearInterval in scope","reason":"setInterval without cleanup runs indefinitely, causing memory leaks and unexpected behavior after component unmount or scope exit.","files":["src/utils/circuitBreaker.ts"],"suggestedFix":{"strategy":"Store the timer ID and call clearInterval in cleanup.","steps":["Assign the return value: const id = setInterval(...).","Call clearInterval(id) in cleanup (useEffect return, componentWillUnmount, or scope exit)."]},"impact":"Uncleared intervals run indefinitely, leaking memory and CPU cycles after their scope is no longer relevant.","tags":["performance","memory-leak","timer"],"ruleId":"ast.uncleared-timer","analysisLens":"ast","confidence":"low","evidence":{"category":"uncleared-timer","location":"src/utils/circuitBreaker.ts:433-435"},"correlatedSignals":["hot-file","critical-path-context","paired:dead-export","paired:prototype-pollution-risk","paired:semantic-dead-export","paired:over-abstraction","paired:type-assertion-escape","paired:move-to-caller"],"recommendedValidation":{"summary":"Confirm the code location and inspect the matched structure before proposing a refactor.","tools":["localSearchCode"]}},{"id":"AST-ISSUE-0368","severity":"low","category":"narrowable-type","file":"src/types/guards.ts","lineStart":83,"lineEnd":88,"title":"Narrowable param: hasBooleanProperty(obj: unknown) → Record<string, unknown>","reason":"Parameter \"obj\" in \"hasBooleanProperty\" is declared as `unknown` but all call sites pass `Record<string, unknown>`. The type can be safely narrowed.","files":["src/types/guards.ts"],"suggestedFix":{"strategy":"Narrow the parameter type to match actual usage.","steps":["Change the parameter type from `unknown` to `Record<string, unknown>`.","Verify no future callers need the broader type.","If the function is part of a public API, consider keeping the broad type with a narrower overload."]},"impact":"Overly broad parameter types weaken type checking — narrowing catches bugs at compile time.","tags":["code-quality","types","refactoring","semantic"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"hasBooleanProperty","lineHint":83,"file":"src/types/guards.ts","expectedResult":"all incoming calls pass Record<string, unknown>"}],"ruleId":"hybrid.narrowable-type","analysisLens":"hybrid","confidence":"medium","evidence":{"category":"narrowable-type","location":"src/types/guards.ts:83-88"},"correlatedSignals":["hot-file","paired:dead-export","paired:distance-from-main-sequence","paired:semantic-dead-export","paired:unreachable-module","paired:untested-critical-code","paired:move-to-caller"],"recommendedValidation":{"summary":"all incoming calls pass Record<string, unknown>","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0369","severity":"low","category":"narrowable-type","file":"src/utils/responseFactory.ts","lineStart":40,"lineEnd":45,"title":"Narrowable param: safeString(obj: unknown) → Record<string, unknown>","reason":"Parameter \"obj\" in \"safeString\" is declared as `unknown` but all call sites pass `Record<string, unknown>`. The type can be safely narrowed.","files":["src/utils/responseFactory.ts"],"suggestedFix":{"strategy":"Narrow the parameter type to match actual usage.","steps":["Change the parameter type from `unknown` to `Record<string, unknown>`.","Verify no future callers need the broader type.","If the function is part of a public API, consider keeping the broad type with a narrower overload."]},"impact":"Overly broad parameter types weaken type checking — narrowing catches bugs at compile time.","tags":["code-quality","types","refactoring","semantic"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"safeString","lineHint":40,"file":"src/utils/responseFactory.ts","expectedResult":"all incoming calls pass Record<string, unknown>"}],"ruleId":"hybrid.narrowable-type","analysisLens":"hybrid","confidence":"medium","evidence":{"category":"narrowable-type","location":"src/utils/responseFactory.ts:40-45"},"correlatedSignals":["hot-file","paired:dead-export","paired:semantic-dead-export","paired:unreachable-module","paired:untested-critical-code","paired:architecture-sdp-violation","paired:feature-envy","paired:move-to-caller"],"recommendedValidation":{"summary":"all incoming calls pass Record<string, unknown>","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0370","severity":"low","category":"narrowable-type","file":"src/utils/responseFactory.ts","lineStart":50,"lineEnd":55,"title":"Narrowable param: safeNumber(obj: unknown) → Record<string, unknown>","reason":"Parameter \"obj\" in \"safeNumber\" is declared as `unknown` but all call sites pass `Record<string, unknown>`. The type can be safely narrowed.","files":["src/utils/responseFactory.ts"],"suggestedFix":{"strategy":"Narrow the parameter type to match actual usage.","steps":["Change the parameter type from `unknown` to `Record<string, unknown>`.","Verify no future callers need the broader type.","If the function is part of a public API, consider keeping the broad type with a narrower overload."]},"impact":"Overly broad parameter types weaken type checking — narrowing catches bugs at compile time.","tags":["code-quality","types","refactoring","semantic"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"safeNumber","lineHint":50,"file":"src/utils/responseFactory.ts","expectedResult":"all incoming calls pass Record<string, unknown>"}],"ruleId":"hybrid.narrowable-type","analysisLens":"hybrid","confidence":"medium","evidence":{"category":"narrowable-type","location":"src/utils/responseFactory.ts:50-55"},"correlatedSignals":["hot-file","paired:dead-export","paired:semantic-dead-export","paired:unreachable-module","paired:untested-critical-code","paired:architecture-sdp-violation","paired:feature-envy","paired:move-to-caller"],"recommendedValidation":{"summary":"all incoming calls pass Record<string, unknown>","tools":["localSearchCode","lspCallHierarchy"]}},{"id":"AST-ISSUE-0371","severity":"low","category":"narrowable-type","file":"src/utils/responseFactory.ts","lineStart":60,"lineEnd":65,"title":"Narrowable param: safeArray(obj: unknown) → Record<string, unknown>","reason":"Parameter \"obj\" in \"safeArray\" is declared as `unknown` but all call sites pass `Record<string, unknown>`. The type can be safely narrowed.","files":["src/utils/responseFactory.ts"],"suggestedFix":{"strategy":"Narrow the parameter type to match actual usage.","steps":["Change the parameter type from `unknown` to `Record<string, unknown>`.","Verify no future callers need the broader type.","If the function is part of a public API, consider keeping the broad type with a narrower overload."]},"impact":"Overly broad parameter types weaken type checking — narrowing catches bugs at compile time.","tags":["code-quality","types","refactoring","semantic"],"lspHints":[{"tool":"lspCallHierarchy","symbolName":"safeArray","lineHint":60,"file":"src/utils/responseFactory.ts","expectedResult":"all incoming calls pass Record<string, unknown>"}],"ruleId":"hybrid.narrowable-type","analysisLens":"hybrid","confidence":"medium","evidence":{"category":"narrowable-type","location":"src/utils/responseFactory.ts:60-65"},"correlatedSignals":["hot-file","paired:dead-export","paired:semantic-dead-export","paired:unreachable-module","paired:untested-critical-code","paired:architecture-sdp-violation","paired:feature-envy","paired:move-to-caller"],"recommendedValidation":{"summary":"all incoming calls pass Record<string, unknown>","tools":["localSearchCode","lspCallHierarchy"]}}],"findingsCount":45,"severityBreakdown":{"critical":0,"high":10,"medium":31,"low":4,"info":0},"categoryBreakdown":{"await-in-loop":4,"cognitive-complexity":7,"god-module":1,"similar-function-body":5,"empty-catch":3,"excessive-parameters":2,"listener-leak-risk":6,"missing-error-boundary":3,"promise-misuse":2,"sync-io":4,"type-assertion-escape":2,"uncleared-timer":2,"narrowable-type":4}}