pi-lens 3.3.0 → 3.6.0

package/clients/dispatch/runners/ast-grep-napi.ts

@@ -17,6 +17,8 @@ import type {
 } from "../types.js";
 import {
 	calculateRuleComplexity,
+	hasUnsupportedConditions,
+	isOverlyBroadPattern,
 	isStructuredRule,
 	loadYamlRules,
 	MAX_BLOCKING_RULE_COMPLEXITY,
@@ -49,6 +51,15 @@ const MAX_MATCHES_PER_RULE = 10;
 /** Maximum total diagnostics per file to prevent output spam */
 const MAX_TOTAL_DIAGNOSTICS = 50;
 
+/** Rules already covered by tree-sitter runner (priority 14, runs first) */
+const TREE_SITTER_OVERLAP = new Set([
+	"constructor-super",
+	"empty-catch",
+	"long-parameter-list",
+	"nested-ternary",
+	"no-dupe-class-members",
+]);
+
 /** Maximum AST depth to traverse to prevent stack overflow on deeply nested files */
 const MAX_AST_DEPTH = 50;
 
@@ -80,106 +91,187 @@ function getLang(filePath: string, sgModule: typeof import("@ast-grep/napi")) {
 }
 
 /**
- * Execute a structured rule using manual AST traversal
+ * Check if a single node matches a condition (without searching descendants).
+ * In ast-grep semantics:
+ * - pattern/kind/regex: check the node itself
+ * - all: node must match ALL sub-conditions
+ * - any: node must match at least ONE sub-condition
+ * - not: node must NOT match the sub-condition
+ * - has: node must have a DESCENDANT matching the sub-condition
  */
-function executeStructuredRule(
-	rootNode: any,
+function nodeMatchesCondition(
+	node: any,
 	condition: YamlRuleCondition,
-	matches: unknown[] = [],
 	depth = 0,
-): unknown[] {
-	if (depth > MAX_RULE_DEPTH) return matches;
+): boolean {
+	if (depth > MAX_RULE_DEPTH) return false;
 
-	let candidates: unknown[] = [];
+	// Check kind constraint
+	if (condition.kind && node.kind() !== condition.kind) return false;
 
+	// Check pattern constraint (node itself must match)
 	if (condition.pattern) {
 		try {
-			candidates = rootNode.findAll(condition.pattern);
+			const matches = node.findAll(condition.pattern);
+			// Check if the node itself is among the matches (same start position)
+			const nodeRange = node.range();
+			let selfMatch = false;
+			for (const m of matches) {
+				const mr = (m as any).range();
+				if (
+					mr.start.line === nodeRange.start.line &&
+					mr.start.column === nodeRange.start.column &&
+					mr.end.line === nodeRange.end.line &&
+					mr.end.column === nodeRange.end.column
+				) {
+					selfMatch = true;
+					break;
+				}
+			}
+			if (!selfMatch) return false;
 		} catch {
-			return matches;
+			return false;
 		}
-	} else if (condition.kind) {
-		candidates = findByKind(rootNode, condition.kind, 0);
-	} else {
-		candidates = getAllNodes(rootNode, 0);
 	}
 
-	for (const candidate of candidates) {
-		const node = candidate as {
-			text(): string;
-			kind(): string;
-			children(): unknown[];
-		};
-		let matchesCondition = true;
-
-		if (condition.has && matchesCondition) {
-			const subMatches = executeStructuredRule(
-				node,
-				condition.has,
-				[],
-				depth + 1,
-			);
-			if (subMatches.length === 0) matchesCondition = false;
+	// Check regex constraint
+	if (condition.regex) {
+		try {
+			const text = node.text();
+			if (!new RegExp(condition.regex).test(text)) return false;
+		} catch {
+			return false;
 		}
+	}
+
+	// Check has (descendant must match)
+	if (condition.has) {
+		const descendants = findMatchingNodes(node, condition.has, depth + 1);
+		if (descendants.length === 0) return false;
+	}
 
-		if (condition.not && matchesCondition) {
-			const subMatches = executeStructuredRule(
-				node,
-				condition.not,
-				[],
-				depth + 1,
-			);
-			if (subMatches.length > 0) matchesCondition = false;
+	// Check not (node must NOT match this condition)
+	if (condition.not) {
+		if (nodeMatchesCondition(node, condition.not, depth + 1)) return false;
+	}
+
+	// Check all (node must match ALL sub-conditions)
+	if (condition.all) {
+		for (const sub of condition.all) {
+			if (!nodeMatchesCondition(node, sub, depth + 1)) return false;
 		}
+	}
 
-		if (condition.any && matchesCondition) {
-			let anyMatches = false;
-			for (const subCondition of condition.any) {
-				const subMatches = executeStructuredRule(
-					node,
-					subCondition,
-					[],
-					depth + 1,
-				);
-				if (subMatches.length > 0) {
-					anyMatches = true;
-					break;
-				}
+	// Check any (node must match at least one sub-condition)
+	if (condition.any) {
+		let anyMatch = false;
+		for (const sub of condition.any) {
+			if (nodeMatchesCondition(node, sub, depth + 1)) {
+				anyMatch = true;
+				break;
 			}
-			if (!anyMatches) matchesCondition = false;
 		}
+		if (!anyMatch) return false;
+	}
 
-		if (condition.all && matchesCondition) {
-			for (const subCondition of condition.all) {
-				const subMatches = executeStructuredRule(
-					node,
-					subCondition,
-					[],
-					depth + 1,
-				);
-				if (subMatches.length === 0) {
-					matchesCondition = false;
-					break;
+	return true;
+}
+
+/**
+ * Find all nodes in the tree that match a condition.
+ * This is the "search" function - traverses the tree and checks each node.
+ */
+function findMatchingNodes(
+	rootNode: any,
+	condition: YamlRuleCondition,
+	depth = 0,
+): unknown[] {
+	if (depth > MAX_RULE_DEPTH) return [];
+
+	const matches: unknown[] = [];
+
+	// Optimization: if the condition has a kind, only check nodes of that kind
+	// If it has a pattern, use findAll for initial candidates
+	let candidates: unknown[];
+
+	if (condition.pattern && !condition.all && !condition.any) {
+		// Use findAll for pattern-only conditions (fast path)
+		try {
+			candidates = rootNode.findAll(condition.pattern);
+		} catch {
+			return [];
+		}
+	} else if (condition.kind && !condition.all && !condition.any) {
+		// Use findByKind for kind-only conditions (fast path)
+		candidates = findByKind(rootNode, condition.kind, 0);
+	} else if (condition.all) {
+		// For `all`, find the narrowest sub-condition to generate candidates
+		candidates = getCandidatesForAll(rootNode, condition.all);
+	} else if (condition.any) {
+		// For `any`, union candidates from all sub-conditions
+		const seen = new Set<string>();
+		candidates = [];
+		for (const sub of condition.any) {
+			const subMatches = findMatchingNodes(rootNode, sub, depth + 1);
+			for (const m of subMatches) {
+				const r = (m as any).range();
+				const key = `${r.start.line}:${r.start.column}`;
+				if (!seen.has(key)) {
+					seen.add(key);
+					candidates.push(m);
 				}
 			}
 		}
+	} else {
+		// Fallback: traverse all nodes
+		candidates = getAllNodes(rootNode, 0);
+	}
 
-		if (condition.regex && matchesCondition) {
-			try {
-				const text = node.text();
-				const regex = new RegExp(condition.regex);
-				if (!regex.test(text)) matchesCondition = false;
-			} catch {
-				matchesCondition = false;
-			}
+	for (const candidate of candidates) {
+		if (nodeMatchesCondition(candidate, condition, depth)) {
+			matches.push(candidate);
 		}
+	}
 
-		if (matchesCondition) {
-			matches.push(node);
+	return matches;
+}
+
+/**
+ * For an `all` condition, find the narrowest sub-condition to generate
+ * initial candidates. This avoids scanning all nodes when one sub-condition
+ * has a specific kind or pattern.
+ */
+function getCandidatesForAll(
+	rootNode: any,
+	subs: YamlRuleCondition[],
+): unknown[] {
+	// Prefer kind-based narrowing first, then pattern-based
+	for (const sub of subs) {
+		if (sub.kind) {
+			return findByKind(rootNode, sub.kind, 0);
+		}
+	}
+	for (const sub of subs) {
+		if (sub.pattern) {
+			try {
+				return rootNode.findAll(sub.pattern);
+			} catch {}
 		}
 	}
+	// No narrowing possible, scan all
+	return getAllNodes(rootNode, 0);
+}
 
-	return matches;
+/**
+ * Legacy wrapper - execute a structured rule using the new two-phase approach.
+ */
+function executeStructuredRule(
+	rootNode: any,
+	condition: YamlRuleCondition,
+	matches: unknown[] = [],
+	depth = 0,
+): unknown[] {
+	return findMatchingNodes(rootNode, condition, depth);
 }
 
 /**
@@ -213,9 +305,7 @@ const astGrepNapiRunner: RunnerDefinition = {
 	id: "ast-grep-napi",
 	appliesTo: ["jsts"],
 	priority: 15,
-	// Post-write disabled in plan.ts (removed from TOOL_PLANS.jsts.groups).
-	// Still enabled for /lens-booboo via FULL_LINT_PLANS.
-	enabledByDefault: false,
+	enabledByDefault: true,
 	skipTestFiles: true,
 
 	async run(ctx: DispatchContext): Promise<RunnerResult> {
@@ -279,6 +369,24 @@ const astGrepNapiRunner: RunnerDefinition = {
 			}
 
 			for (const rule of rules) {
+				// Skip rules already handled by tree-sitter runner (priority 14)
+				if (TREE_SITTER_OVERLAP.has(rule.id)) continue;
+
+				// Skip rules using conditions we can't execute (inside, follows,
+				// precedes, stopBy, field, nthChild, constraints). Running these
+				// with only partial condition evaluation causes false positives.
+				if (hasUnsupportedConditions(rule)) continue;
+
+				// Skip rules whose top-level pattern is overly broad ($NAME, $X, etc.)
+				// without additional structural constraints to narrow matches.
+				if (
+					rule.rule &&
+					isOverlyBroadPattern(rule.rule.pattern) &&
+					!isStructuredRule(rule)
+				) {
+					continue;
+				}
+
 				const lang = rule.language?.toLowerCase();
 				if (lang && lang !== "typescript" && lang !== "javascript") {
 					continue;
@@ -318,8 +426,7 @@ const astGrepNapiRunner: RunnerDefinition = {
 							range(): { start: { line: number; column: number } };
 						};
 						const range = node.range();
-						const weight = rule.metadata?.weight || 3;
-						const severity = weight >= 4 ? "error" : "warning";
+						const severity = rule.severity === "error" ? "error" : "warning";
 
 						diagnostics.push({
 							id: `ast-grep-napi-${range.start.line}-${rule.id}`,
@@ -342,10 +449,15 @@ const astGrepNapiRunner: RunnerDefinition = {
 			}
 		}
 
+		const hasBlocking = diagnostics.some((d) => d.semantic === "blocking");
 		return {
 			status: "succeeded",
 			diagnostics,
-			semantic: diagnostics.length > 0 ? "warning" : ("none" as const),
+			semantic: hasBlocking
+				? "blocking"
+				: diagnostics.length > 0
+					? "warning"
+					: ("none" as const),
 		};
 	},
 };

package/clients/dispatch/runners/similarity.js

@@ -90,7 +90,7 @@ const similarityRunner = {
         };
     },
 };
-function extractFunctions(sourceFile, _fullContent) {
+export function extractFunctions(sourceFile, _fullContent) {
     const functions = [];
     function visit(node) {
         // Function declarations

package/clients/dispatch/runners/similarity.ts

@@ -139,7 +139,7 @@ const similarityRunner: RunnerDefinition = {
 // Function Extraction
 // ============================================================================
 
-interface ExtractedFunction {
+export interface ExtractedFunction {
 	name: string;
 	line: number;
 	column: number;
@@ -148,7 +148,7 @@ interface ExtractedFunction {
 	signature: string;
 }
 
-function extractFunctions(
+export function extractFunctions(
 	sourceFile: ts.SourceFile,
 	_fullContent: string,
 ): ExtractedFunction[] {

package/clients/dispatch/runners/tree-sitter.js

@@ -5,9 +5,12 @@
  * for fast AST-based pattern matching.
  * Updated: ast-grep-napi test
  */
-import path from "node:path";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { RuleCache } from "../../cache/rule-cache.js";
+import { normalizeMapKey } from "../../path-utils.js";
 import { TreeSitterClient } from "../../tree-sitter-client.js";
-import { queryLoader } from "../../tree-sitter-query-loader.js";
+import { queryLoader, } from "../../tree-sitter-query-loader.js";
 // Module-level singleton: web-tree-sitter WASM must only be initialized once per process.
 // Creating a new TreeSitterClient() on every write resets TRANSFER_BUFFER (a module-level
 // WASM pointer) — concurrent writes race on _ts_init() and corrupt shared WASM state → crash.
@@ -18,6 +21,80 @@ function getSharedClient() {
     }
     return _sharedClient;
 }
+/**
+ * Check if a code block is effectively empty (ignoring comments and whitespace)
+ */
+function isEmptyBlock(blockContent) {
+    // Remove comments, whitespace, and check if anything remains
+    const cleaned = blockContent
+        .replace(/\/\/.*$/gm, "") // Remove single-line comments
+        .replace(/\/\*[\s\S]*?\*\//g, "") // Remove multi-line comments
+        .replace(/\s+/g, "") // Remove all whitespace
+        .trim();
+    return cleaned.length === 0 || cleaned === "{}";
+}
+/**
+ * Extract parameter count from match text
+ */
+function countParameters(matchText) {
+    // Count commas in parameter list, or check for non-empty params
+    // Simple heuristic: count commas + 1, or 0 if empty
+    const paramsMatch = matchText.match(/\((.*)\)/);
+    if (!paramsMatch)
+        return 0;
+    const params = paramsMatch[1].trim();
+    if (!params)
+        return 0;
+    return params.split(",").length;
+}
+/**
+ * Apply post-filter to determine if a match should be reported
+ */
+function applyPostFilter(query, captures) {
+    if (!query.post_filter)
+        return true; // No filter = always include
+    switch (query.post_filter) {
+        case "empty_body": {
+            // Check if the BODY capture is effectively empty
+            const body = captures.BODY || captures.body || "";
+            return isEmptyBlock(body);
+        }
+        case "count_params": {
+            // Check if parameter count meets minimum
+            const minParams = query.post_filter_params?.min_params || 6;
+            // Get PARAMS capture which contains the parameter list like "(a, b, c)"
+            const params = captures.PARAMS || captures.params || captures.PARAM || "";
+            const paramCount = countParameters(params);
+            return paramCount >= minParams;
+        }
+        case "not_dbg_method":
+            // Exclude debug methods (for console-statement)
+            return !/\b(dbg|debug|logDebug)\b/i.test(captures.METHOD || "");
+        default:
+            // Unknown filter - include by default (safer than excluding)
+            return true;
+    }
+}
+/**
+ * Check if variable name matches secret patterns
+ * This handles the #match? predicate from tree-sitter queries
+ */
+function matchesSecretPattern(varName) {
+    const secretPatterns = [
+        /api[_-]?key/i,
+        /api[_-]?secret/i,
+        /password/i,
+        /secret/i,
+        /token/i,
+        /auth/i,
+        /private[_-]?key/i,
+        /access[_-]?token/i,
+        /credentials/i,
+        /aws[_-]?secret/i,
+        /github[_-]?token/i,
+    ];
+    return secretPatterns.some((pattern) => pattern.test(varName));
+}
 const treeSitterRunner = {
     id: "tree-sitter",
     appliesTo: ["jsts", "python"],
@@ -56,14 +133,49 @@ const treeSitterRunner = {
         else {
             return { status: "skipped", diagnostics: [], semantic: "none" };
         }
-        // Load queries if not already loaded
-        if (!queryLoader.getAllQueries().length) {
-            await queryLoader.loadQueries();
+        // Try cache first, fall back to loading from disk
+        let languageQueries = [];
+        const cache = new RuleCache(languageId);
+        // Get all rule files for this language (use ctx.cwd for project root)
+        const rulesDir = path.join(ctx.cwd, "rules", "tree-sitter-queries", languageId);
+        const ruleFiles = [];
+        if (fs.existsSync(rulesDir)) {
+            ruleFiles.push(...fs
+                .readdirSync(rulesDir)
+                .filter((f) => f.endsWith(".yml"))
+                .map((f) => path.join(rulesDir, f)));
+        }
+        // Try cache
+        const cached = cache.get(ruleFiles);
+        if (cached) {
+            // Use cached queries
+            languageQueries = cached.queries.map((q) => ({
+                ...q,
+                has_fix: false,
+                filePath: "",
+            }));
+        }
+        else {
+            // Load from disk
+            if (!queryLoader.getAllQueries().length) {
+                await queryLoader.loadQueries();
+            }
+            const allQueries = queryLoader.getAllQueries();
+            languageQueries = allQueries.filter((q) => q.language === languageId ||
+                (isJavaScript && q.language === "typescript"));
+            // Save to cache
+            cache.set(ruleFiles, languageQueries.map((q) => ({
+                id: q.id,
+                name: q.name,
+                severity: q.severity,
+                language: q.language,
+                message: q.message,
+                query: q.query,
+                metavars: q.metavars,
+                post_filter: q.post_filter,
+                post_filter_params: q.post_filter_params,
+            })));
         }
-        // Get all loaded queries for this language
-        const allQueries = queryLoader.getAllQueries();
-        const languageQueries = allQueries.filter((q) => q.language === languageId ||
-            (isJavaScript && q.language === "typescript"));
         if (languageQueries.length === 0) {
             return { status: "succeeded", diagnostics: [], semantic: "none" };
         }
@@ -74,8 +186,23 @@ const treeSitterRunner = {
                 // Extract directory from file path (use path.dirname for cross-platform)
                 const rootDir = path.dirname(filePath);
                 const matches = await client.structuralSearch(query.id, // Use query ID as pattern (findMatchingQuery will resolve it)
-                languageId, rootDir, { maxResults: 10, fileFilter: (f) => f === filePath });
+                languageId, rootDir, {
+                    maxResults: 10,
+                    fileFilter: (f) => normalizeMapKey(f) === normalizeMapKey(filePath),
+                });
                 for (const match of matches) {
+                    // Apply post-filter if defined (pass captures for proper filtering)
+                    if (!applyPostFilter(query, match.captures)) {
+                        continue; // Skip this match - filter didn't pass
+                    }
+                    // For hardcoded-secrets, also check variable name pattern
+                    if (query.id === "hardcoded-secrets") {
+                        // Extract variable name from captures
+                        const varName = match.captures?.VARNAME || "";
+                        if (!varName || !matchesSecretPattern(varName)) {
+                            continue; // Skip - no variable name or doesn't match secret patterns
+                        }
+                    }
                     // Get line/column from match (already 0-indexed from tree-sitter)
                     const line = match.line;
                     const column = match.column;