pumuki-ast-hooks 5.5.47 → 5.5.49

package/scripts/hooks-system/infrastructure/ast/android/detectors/android-solid-detectors.js

@@ -0,0 +1,227 @@
+const path = require('path');
+const { SyntaxKind } = require(path.join(__dirname, '../../ast-core'));
+
+function analyzeOCP(sf, findings, pushFinding) {
+    const filePath = sf.getFilePath();
+    const fileName = filePath.split('/').pop() || 'unknown';
+
+    const functions = sf.getFunctions();
+    const arrowFunctions = sf.getVariableDeclarations().filter(vd => {
+        const init = vd.getInitializer();
+        return init && init.getKind() === SyntaxKind.ArrowFunction;
+    });
+
+    const classes = sf.getClasses();
+
+    const allNodes = [
+        ...functions.map(f => ({ type: 'function', node: f, name: f.getName() || 'anonymous' })),
+        ...arrowFunctions.map(af => ({ type: 'arrow', node: af, name: af.getName() || 'anonymous' })),
+        ...classes.map(c => ({ type: 'class', node: c, name: c.getName() || 'AnonymousClass' })),
+    ];
+
+    allNodes.forEach(({ node, name }) => {
+        analyzeNodeForOCP(node, name, fileName, sf, pushFinding);
+    });
+}
+
+function analyzeNodeForOCP(node, nodeName, fileName, sf, pushFinding) {
+    let body;
+
+    if (node.getKind() === SyntaxKind.FunctionDeclaration ||
+        node.getKind() === SyntaxKind.FunctionExpression) {
+        body = node.getBody();
+    } else if (node.getKind() === SyntaxKind.VariableDeclaration) {
+        const init = node.getInitializer();
+        if (init && init.getKind() === SyntaxKind.ArrowFunction) {
+            body = init.getBody();
+        }
+    } else if (node.getKind() === SyntaxKind.ClassDeclaration) {
+        const methods = node.getMethods();
+        methods.forEach(method => {
+            const methodBody = method.getBody();
+            if (methodBody) {
+                analyzeBodyForOCP(methodBody, `${nodeName}.${method.getName()}`, fileName, sf, pushFinding);
+            }
+        });
+        return;
+    } else {
+        return;
+    }
+
+    if (body) {
+        analyzeBodyForOCP(body, nodeName, fileName, sf, pushFinding);
+    }
+}
+
+function analyzeBodyForOCP(body, name, fileName, sf, pushFinding) {
+    const switchStatements = body.getDescendantsOfKind(SyntaxKind.SwitchStatement);
+    const stringLiterals = body.getDescendantsOfKind(SyntaxKind.StringLiteral);
+
+    let hasTypeCodes = false;
+    const suspectStrings = ['type', 'kind', 'state', 'status', 'mode', 'screen', 'variant'];
+    for (const s of stringLiterals) {
+        const value = (s.getLiteralText && s.getLiteralText()) || s.getText() || '';
+        if (suspectStrings.some(x => value.toLowerCase().includes(x))) {
+            hasTypeCodes = true;
+            break;
+        }
+    }
+
+    if (switchStatements.length >= 3 && hasTypeCodes) {
+        const message = `OCP VIOLATION in ${fileName}::${name}: ${switchStatements.length} switch statements with type codes - consider polymorphism or sealed classes`;
+        pushFinding('solid.ocp.switch_typecodes', 'critical', sf, body, message, []);
+        return;
+    }
+
+    const ifStatements = body.getDescendantsOfKind(SyntaxKind.IfStatement);
+    const hasManyIfs = ifStatements.length >= 6;
+    const hasElseIfChains = ifStatements.some(ifStmt => {
+        const elseStmt = ifStmt.getElseStatement();
+        return elseStmt && elseStmt.getKind() === SyntaxKind.IfStatement;
+    });
+
+    if (hasManyIfs && hasElseIfChains) {
+        const message = `OCP WARNING in ${fileName}::${name}: multiple if/else-if chains - consider strategy/visitor`;
+        pushFinding('solid.ocp.if_chains', 'high', sf, body, message, []);
+    }
+}
+
+function analyzeDIP(sf, findings, pushFinding) {
+    const filePath = sf.getFilePath();
+    const fileName = filePath.split('/').pop() || 'unknown';
+
+    const isDomain = /\/domain\//i.test(filePath);
+
+    if (isDomain) {
+        const imports = sf.getImportDeclarations();
+
+        imports.forEach(imp => {
+            const importPath = imp.getModuleSpecifierValue();
+
+            if (/\/infrastructure\//i.test(importPath) ||
+                /androidx|kotlinx|retrofit|room|hilt/i.test(importPath)) {
+                const message = `DIP VIOLATION in ${fileName}: Domain layer importing from Infrastructure/Framework: ${importPath} - Domain should depend only on abstractions`;
+                pushFinding('solid.dip.domain_depends_infrastructure', 'critical', sf, imp, message, findings);
+            }
+        });
+    }
+
+    const isPresentation = /\/presentation\//i.test(filePath);
+
+    if (isPresentation) {
+        const imports = sf.getImportDeclarations();
+
+        imports.forEach(imp => {
+            const importPath = imp.getModuleSpecifierValue();
+
+            if (/\/infrastructure\//i.test(importPath) &&
+                !/\/infrastructure\/repositories\/|\/infrastructure\/config\//i.test(importPath)) {
+                const message = `DIP VIOLATION in ${fileName}: Presentation layer importing from Infrastructure: ${importPath} - use repository interfaces or abstractions`;
+                pushFinding('solid.dip.presentation_infrastructure', 'critical', sf, imp, message, findings);
+            }
+        });
+    }
+
+    const classes = sf.getClasses();
+    classes.forEach(cls => {
+        const className = cls.getName() || 'AnonymousClass';
+
+        if (/ViewModel|UseCase/i.test(className)) {
+            const imports = sf.getImportDeclarations();
+
+            imports.forEach(imp => {
+                const importPath = imp.getModuleSpecifierValue();
+
+                if (/Repository|Service|Client/i.test(importPath) &&
+                    !/interface|protocol|Repository.*Protocol/i.test(importPath)) {
+                    const message = `DIP VIOLATION in ${fileName}::${className}: depends on concrete implementation '${importPath}' - inject interface/abstraction`;
+                    pushFinding('solid.dip.concrete_dependency', 'critical', sf, imp, message, findings);
+                }
+            });
+        }
+    });
+}
+
+function analyzeSRP(sf, findings, pushFinding) {
+    const filePath = sf.getFilePath();
+    const fileName = filePath.split('/').pop() || 'unknown';
+
+    const functions = sf.getFunctions();
+    const arrowFunctions = sf.getVariableDeclarations().filter(vd => {
+        const init = vd.getInitializer();
+        return init && init.getKind() === SyntaxKind.ArrowFunction;
+    });
+
+    [...functions, ...arrowFunctions].forEach(func => {
+        const funcName = func.getName?.() || 'anonymous';
+        const body = func.getBody?.() || func.getInitializer()?.getBody();
+
+        if (!body) return;
+
+        const statements = body.getStatements();
+        const ifStatements = body.getDescendantsOfKind(SyntaxKind.IfStatement);
+        const switchStatements = body.getDescendantsOfKind(SyntaxKind.SwitchStatement);
+        const loops = body.getDescendantsOfKind(SyntaxKind.ForStatement)
+            .concat(body.getDescendantsOfKind(SyntaxKind.ForInStatement))
+            .concat(body.getDescendantsOfKind(SyntaxKind.WhileStatement));
+
+        if (statements.length > 30 || ifStatements.length > 10 || switchStatements.length > 2 || loops.length > 5) {
+            const message = `SRP VIOLATION in ${fileName}::${funcName}: high complexity (${statements.length} statements, ${ifStatements.length} ifs, ${switchStatements.length} switches) - extract responsibilities`;
+            pushFinding('solid.srp.high_complexity', 'critical', sf, func, message, findings);
+        }
+    });
+
+    const classes = sf.getClasses();
+    classes.forEach(cls => {
+        const className = cls.getName() || 'AnonymousClass';
+        const methods = cls.getMethods();
+
+        if (methods.length > 20) {
+            const message = `SRP VIOLATION in ${fileName}::${className}: God class with ${methods.length} methods - split into focused classes`;
+            pushFinding('solid.srp.god_class', 'critical', sf, cls, message, findings);
+        }
+    });
+}
+
+function detectMethodConcern(name) {
+    if (!name) return 'unknown';
+    const lower = name.toLowerCase();
+    if (/fetch|get|load|retrieve|query/.test(lower)) return 'data';
+    if (/update|set|save|persist|write/.test(lower)) return 'mutation';
+    if (/validate|check|verify|ensure/.test(lower)) return 'validation';
+    if (/render|draw|display|view/.test(lower)) return 'ui';
+    if (/handle|process|execute|run|perform/.test(lower)) return 'logic';
+    return 'unknown';
+}
+
+function analyzeISP(sf, findings, pushFinding) {
+    const interfaces = sf.getInterfaces();
+
+    interfaces.forEach(iface => {
+        const interfaceName = iface.getName();
+        const properties = iface.getProperties();
+        const methods = iface.getMethods();
+
+        if (properties.length > 10) {
+            const message = `ISP VIOLATION: ${interfaceName} has ${properties.length} properties - split into focused interfaces`;
+            pushFinding('solid.isp.fat_interface', 'critical', sf, iface, message, findings);
+        }
+
+        if (methods.length > 0) {
+            const methodConcerns = methods.map(m => detectMethodConcern(m.getName()));
+            const uniqueConcerns = new Set(methodConcerns.filter(c => c !== 'unknown'));
+
+            if (uniqueConcerns.size >= 3) {
+                const message = `ISP VIOLATION: ${interfaceName} mixes ${uniqueConcerns.size} concerns (${Array.from(uniqueConcerns).join(', ')}) - segregate into focused interfaces`;
+                pushFinding('solid.isp.multiple_concerns', 'critical', sf, iface, message, findings);
+            }
+        }
+    });
+}
+
+module.exports = {
+    analyzeOCP,
+    analyzeDIP,
+    analyzeSRP,
+    analyzeISP,
+};

package/scripts/hooks-system/infrastructure/ast/ast-core.js

@@ -30,7 +30,10 @@ function getRepoRoot() {
   try {
     const { execSync } = require('child_process');
     return execSync('git rev-parse --show-toplevel', { encoding: 'utf-8' }).trim();
-  } catch {
+  } catch (error) {
+    if (process.env.DEBUG) {
+      console.debug(`[ast-core] Failed to detect git repo root, using cwd: ${error.message}`);
+    }
     return process.cwd();
   }
 }
@@ -191,7 +194,10 @@ function pushFinding(ruleId, severity, sf, node, message, findings, metrics = {}
     let strictRegex;
     try {
       strictRegex = new RegExp(strictRegexSource, 'i');
-    } catch {
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-core] Invalid STRICT_CRITICAL_RULES_REGEX, using default: ${error.message}`);
+      }
       strictRegex = new RegExp(env.getBool('AUDIT_LIBRARY', false) ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
     }
     isStrictCriticalRule = strictRegex.test(ruleId);
@@ -261,7 +267,10 @@ function pushFileFinding(ruleId, severity, filePath, line, column, message, find
     let strictRegex;
     try {
       strictRegex = new RegExp(strictRegexSource, 'i');
-    } catch {
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-core] Invalid STRICT_CRITICAL_RULES_REGEX, using default: ${error.message}`);
+      }
       strictRegex = new RegExp(env.getBool('AUDIT_LIBRARY', false) ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
     }
     isStrictCriticalRule = strictRegex.test(ruleId);

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -115,7 +115,10 @@ function getStagedFilesRel(root) {
       .split('\n')
       .map(s => s.trim())
       .filter(Boolean);
-  } catch {
+  } catch (error) {
+    if (process.env.DEBUG) {
+      console.debug(`[ast-intelligence] Failed to read staged files: ${error.message}`);
+    }
     return [];
   }
 }
@@ -172,7 +175,10 @@ function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
     let content;
     try {
       content = fs.readFileSync(filePath, 'utf8');
-    } catch {
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-intelligence] Failed to read file ${filePath}: ${error.message}`);
+      }
       continue;
     }
 
@@ -214,7 +220,10 @@ function runHardcodedThresholdAudit(root, findings) {
   ].filter((d) => {
     try {
       return fs.existsSync(d) && fs.statSync(d).isDirectory();
-    } catch {
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-intelligence] Failed to stat dir ${d}: ${error.message}`);
+      }
       return false;
     }
   });
@@ -238,7 +247,10 @@ function runHardcodedThresholdAudit(root, findings) {
       let entries;
       try {
         entries = fs.readdirSync(current, { withFileTypes: true });
-      } catch {
+      } catch (error) {
+        if (process.env.DEBUG) {
+          console.debug(`[ast-intelligence] Failed to read dir ${current}: ${error.message}`);
+        }
         continue;
       }
 
@@ -290,7 +302,10 @@ function runHardcodedThresholdAudit(root, findings) {
     let content;
     try {
       content = fs.readFileSync(filePath, 'utf8');
-    } catch {
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-intelligence] Failed to read file ${filePath}: ${error.message}`);
+      }
       continue;
     }
 
@@ -394,15 +409,23 @@ function generateOutput(findings, context, project, root) {
         .filter(Boolean);
 
       if (stagedRel.length > 0) {
-        const stagedAbs = new Set(stagedRel.map(r => path.resolve(root, r)));
-        findings = (findings || []).filter(f => {
-          if (!f || !f.filePath) return false;
-          const fp = String(f.filePath);
-          if (stagedAbs.has(fp)) return true;
-          return stagedRel.some(rel => fp.endsWith(rel) || fp.includes(`/${rel}`));
-        });
+        try {
+          findings = findings.filter((f) => {
+            if (!f || !f.filePath) return false;
+            const fp = String(f.filePath).replace(/\\/g, '/');
+            return stagedRel.some(rel => fp.endsWith(rel) || fp.includes(`/${rel}`));
+          });
+        } catch (error) {
+          if (process.env.DEBUG) {
+            console.debug(`[ast-intelligence] Failed to filter findings by staged files: ${error.message}`);
+          }
+          findings = [];
+        }
+      }
+    } catch (error) {
+      if (process.env.DEBUG) {
+        console.debug(`[ast-intelligence] Failed to get staged files: ${error.message}`);
       }
-    } catch {
       findings = [];
     }
   }

package/scripts/hooks-system/infrastructure/ast/backend/ast-backend.js

@@ -21,6 +21,7 @@ const {
   getRepoRoot,
 } = require(path.join(__dirname, '../ast-core'));
 const { BackendArchitectureDetector } = require(path.join(__dirname, 'analyzers/BackendArchitectureDetector'));
+const { analyzeGodClasses } = require(path.join(__dirname, 'detectors/god-class-detector'));
 
 /**
  * Run Backend-specific AST intelligence analysis
@@ -267,10 +268,13 @@ function runBackendIntelligence(project, findings, platform) {
       }
     }
 
-    const hasEnvSpecific = sf.getFullText().includes("process.env.NODE_ENV") ||
-      sf.getFullText().includes("app.get('env')") ||
-      sf.getFullText().includes("ConfigService");
-    const hasConfigUsage = sf.getFullText().includes("config") || sf.getFullText().includes("env");
+    const fullTextUpper = sf.getFullText();
+    const usesEnvHelper = /config\/env/.test(fullTextUpper) || /env\.get(Bool|Number)?\(/.test(fullTextUpper);
+    const hasEnvSpecific = fullTextUpper.includes("process.env.NODE_ENV") ||
+      fullTextUpper.includes("app.get('env')") ||
+      fullTextUpper.includes("ConfigService") ||
+      usesEnvHelper;
+    const hasConfigUsage = /process\.env\b|ConfigService|env\.get(Bool|Number)?\(|\bconfig\s*[\.\[]/i.test(sf.getFullText());
     if (!hasEnvSpecific && hasConfigUsage && !isTestFile(filePath)) {
       pushFinding("backend.config.missing_env_separation", "info", sf, sf, "Missing environment-specific configuration - consider NODE_ENV or ConfigService", findings);
     }
@@ -283,83 +287,7 @@ function runBackendIntelligence(project, findings, platform) {
     }
 
     if (godClassBaseline) {
-      sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
-        const className = cls.getName() || '';
-        const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
-        const isTestClass = /Spec$|Test$|Mock/.test(className);
-        if (isValueObject || isTestClass) return;
-
-        const methodsCount = cls.getMethods().length;
-        const propertiesCount = cls.getProperties().length;
-        const startLine = cls.getStartLineNumber();
-        const endLine = cls.getEndLineNumber();
-        const lineCount = Math.max(0, endLine - startLine);
-
-        const decisionKinds = [
-          SyntaxKind.IfStatement,
-          SyntaxKind.ForStatement,
-          SyntaxKind.ForInStatement,
-          SyntaxKind.ForOfStatement,
-          SyntaxKind.WhileStatement,
-          SyntaxKind.DoStatement,
-          SyntaxKind.SwitchStatement,
-          SyntaxKind.ConditionalExpression,
-          SyntaxKind.TryStatement,
-          SyntaxKind.CatchClause
-        ];
-        const complexity = decisionKinds.reduce((acc, kind) => acc + cls.getDescendantsOfKind(kind).length, 0);
-
-        const clsText = cls.getFullText();
-        const concerns = new Set();
-        if (/\bfs\.|\bfs\.promises\b|readFileSync|writeFileSync|mkdirSync|unlinkSync|readdirSync/.test(clsText)) concerns.add('io');
-        if (/\bpath\.|join\(|resolve\(|dirname\(|basename\(/.test(clsText)) concerns.add('path');
-        if (/execSync\(|spawnSync\(|spawn\(|child_process/.test(clsText)) concerns.add('process');
-        if (/\bfetch\b|axios\b|http\.|https\.|request\(/.test(clsText)) concerns.add('network');
-        if (/\bcrypto\b|encrypt|decrypt|hash|jwt|bearer|token/i.test(clsText)) concerns.add('security');
-        if (/setTimeout\(|setInterval\(|clearInterval\(|cron|schedule/i.test(clsText)) concerns.add('scheduling');
-        if (/\brepo\b|repository|prisma|typeorm|mongoose|sequelize|knex|\bdb\b|database|sql/i.test(clsText)) concerns.add('persistence');
-        if (/notification|notifier|terminal-notifier|osascript/i.test(clsText)) concerns.add('notifications');
-        if (/\bgit\b|rev-parse|git diff|git status|git log/i.test(clsText)) concerns.add('git');
-        const concernCount = concerns.size;
-
-        const methodsZ = godClassBaseline.robustZ(methodsCount, godClassBaseline.med.methodsCount, godClassBaseline.mad.methodsCount);
-        const propsZ = godClassBaseline.robustZ(propertiesCount, godClassBaseline.med.propertiesCount, godClassBaseline.mad.propertiesCount);
-        const linesZ = godClassBaseline.robustZ(lineCount, godClassBaseline.med.lineCount, godClassBaseline.mad.lineCount);
-        const complexityZ = godClassBaseline.robustZ(complexity, godClassBaseline.med.complexity, godClassBaseline.mad.complexity);
-
-        const sizeOutlier =
-          methodsZ >= godClassBaseline.thresholds.outlier.methodsCountZ ||
-          propsZ >= godClassBaseline.thresholds.outlier.propertiesCountZ ||
-          linesZ >= godClassBaseline.thresholds.outlier.lineCountZ;
-        const complexityOutlier = complexityZ >= godClassBaseline.thresholds.outlier.complexityZ;
-        const concernOutlier = concernCount >= godClassBaseline.thresholds.outlier.concerns;
-
-        // Detección híbrida: estadística + umbrales absolutos
-        // Archivo masivo: cualquier archivo con >500 líneas es sospechoso
-        const isMassiveFile = lineCount > 500;
-        // God class absoluta: archivo muy grande O (grande + complejo) O (grande + muchos métodos)
-        const isAbsoluteGod = lineCount > 1000 ||
-          (lineCount > 500 && complexity > 50) ||
-          (lineCount > 500 && methodsCount > 20) ||
-          (lineCount > 600 && methodsCount > 30 && complexity > 80);
-        const isUnderThreshold = lineCount < 300 && methodsCount < 15 && complexity < 30;
-
-        let signalCount = 0;
-        if (sizeOutlier) signalCount++;
-        if (complexityOutlier) signalCount++;
-        if (concernOutlier) signalCount++;
-        if (isMassiveFile) signalCount++; // Añadir señal extra por tamaño masivo
-
-        const isInternalAstToolingFile = /infrastructure\/ast\//i.test(filePath);
-        const isInfrastructureService = /application\/services.*\/(RealtimeGuardService|EvidenceManager|HookInstaller|InstallService|EvidenceMonitor)/i.test(filePath);
-        if (!isUnderThreshold && !isInternalAstToolingFile && !isInfrastructureService && (signalCount >= 2 || isAbsoluteGod)) {
-          console.error(`[GOD CLASS DEBUG] ${className}: methods=${methodsCount}, props=${propertiesCount}, lines=${lineCount}, complexity=${complexity}, concerns=${concernCount}, isAbsoluteGod=${isAbsoluteGod}, signalCount=${signalCount}`);
-          pushFinding("backend.antipattern.god_classes", "critical", sf, cls,
-            `God class detected: ${methodsCount} methods, ${propertiesCount} properties, ${lineCount} lines, complexity ${complexity}, concerns ${concernCount} - VIOLATES SRP`,
-            findings
-          );
-        }
-      });
+      analyzeGodClasses(sf, findings, { SyntaxKind, pushFinding, godClassBaseline });
     }
 
     sf.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
@@ -760,8 +688,7 @@ function runBackendIntelligence(project, findings, platform) {
 
     sf.getDescendantsOfKind(SyntaxKind.StringLiteral).forEach((str) => {
       const text = str.getLiteralValue();
-      const sqlKeywords = ['SEL' + 'ECT ', 'INS' + 'ERT ', 'UPD' + 'ATE ', 'DEL' + 'ETE ', 'DR' + 'OP ', 'AL' + 'TER ', 'TRUN' + 'CATE '];
-      const sqlPattern = new RegExp(sqlKeywords.join('|'), 'i');
+      const sqlPattern = /\b(select|insert|update|delete|drop|alter|truncate)\b\s+(from|into|table|database|schema|where)/i;
       if (sqlPattern.test(text)) {
         pushFinding("backend.database.raw_sql", "medium", sf, str, "Raw SQL detected - prefer ORM queries for type safety and security", findings);
         if (/[\"'`].*\+.*[\"'`]/.test(text) || /\$\{.*\}/.test(text)) {

package/scripts/hooks-system/infrastructure/ast/backend/detectors/god-class-detector.js

@@ -0,0 +1,83 @@
+/**
+ * God Class detector extracted from ast-backend.js to keep responsibilities separated.
+ */
+function analyzeGodClasses(sourceFile, findings, { SyntaxKind, pushFinding, godClassBaseline }) {
+    if (!godClassBaseline) return;
+
+    sourceFile.getDescendantsOfKind(SyntaxKind.ClassDeclaration).forEach((cls) => {
+        const className = cls.getName() || '';
+        const isValueObject = /Metrics|ValueObject|VO$|Dto$|Entity$/.test(className);
+        const isTestClass = /Spec$|Test$|Mock/.test(className);
+        if (isValueObject || isTestClass) return;
+
+        const methodsCount = cls.getMethods().length;
+        const propertiesCount = cls.getProperties().length;
+        const startLine = cls.getStartLineNumber();
+        const endLine = cls.getEndLineNumber();
+        const lineCount = Math.max(0, endLine - startLine);
+
+        const decisionKinds = [
+            SyntaxKind.IfStatement,
+            SyntaxKind.ForStatement,
+            SyntaxKind.ForInStatement,
+            SyntaxKind.ForOfStatement,
+            SyntaxKind.WhileStatement,
+            SyntaxKind.DoStatement,
+            SyntaxKind.SwitchStatement,
+            SyntaxKind.ConditionalExpression,
+            SyntaxKind.TryStatement,
+            SyntaxKind.CatchClause
+        ];
+        const complexity = decisionKinds.reduce((acc, kind) => acc + cls.getDescendantsOfKind(kind).length, 0);
+
+        const clsText = cls.getFullText();
+        const concerns = new Set();
+        if (/\bfs\.|\bfs\.promises\b|readFileSync|writeFileSync|mkdirSync|unlinkSync|readdirSync/.test(clsText)) concerns.add('io');
+        if (/\bpath\.|join\(|resolve\(|dirname\(|basename\(/.test(clsText)) concerns.add('path');
+        if (/execSync\(|spawnSync\(|spawn\(|child_process/.test(clsText)) concerns.add('process');
+        if (/\bfetch\b|axios\b|http\.|https\.|request\(/.test(clsText)) concerns.add('network');
+        if (/\bcrypto\b|encrypt|decrypt|hash|jwt|bearer|token/i.test(clsText)) concerns.add('security');
+        if (/setTimeout\(|setInterval\(|clearInterval\(|cron|schedule/i.test(clsText)) concerns.add('scheduling');
+        if (/\brepo\b|repository|prisma|typeorm|mongoose|sequelize|knex|\bdb\b|database|sql/i.test(clsText)) concerns.add('persistence');
+        if (/notification|notifier|terminal-notifier|osascript/i.test(clsText)) concerns.add('notifications');
+        if (/\bgit\b|rev-parse|git diff|git status|git log/i.test(clsText)) concerns.add('git');
+        const concernCount = concerns.size;
+
+        const methodsZ = godClassBaseline.robustZ(methodsCount, godClassBaseline.med.methodsCount, godClassBaseline.mad.methodsCount);
+        const propsZ = godClassBaseline.robustZ(propertiesCount, godClassBaseline.med.propertiesCount, godClassBaseline.mad.propertiesCount);
+        const linesZ = godClassBaseline.robustZ(lineCount, godClassBaseline.med.lineCount, godClassBaseline.mad.lineCount);
+        const complexityZ = godClassBaseline.robustZ(complexity, godClassBaseline.med.complexity, godClassBaseline.mad.complexity);
+
+        const sizeOutlier =
+            methodsZ >= godClassBaseline.thresholds.outlier.methodsCountZ ||
+            propsZ >= godClassBaseline.thresholds.outlier.propertiesCountZ ||
+            linesZ >= godClassBaseline.thresholds.outlier.lineCountZ;
+        const complexityOutlier = complexityZ >= godClassBaseline.thresholds.outlier.complexityZ;
+        const concernOutlier = concernCount >= godClassBaseline.thresholds.outlier.concerns;
+
+        const isMassiveFile = lineCount > 500;
+        const isAbsoluteGod = lineCount > 1000 ||
+            (lineCount > 500 && complexity > 50) ||
+            (lineCount > 500 && methodsCount > 20) ||
+            (lineCount > 600 && methodsCount > 30 && complexity > 80);
+        const isUnderThreshold = lineCount < 300 && methodsCount < 15 && complexity < 30;
+
+        let signalCount = 0;
+        if (sizeOutlier) signalCount++;
+        if (complexityOutlier) signalCount++;
+        if (concernOutlier) signalCount++;
+        if (isMassiveFile) signalCount++;
+
+        if (!isUnderThreshold && (signalCount >= 2 || isAbsoluteGod)) {
+            console.error(`[GOD CLASS DEBUG] ${className}: methods=${methodsCount}, props=${propertiesCount}, lines=${lineCount}, complexity=${complexity}, concerns=${concernCount}, isAbsoluteGod=${isAbsoluteGod}, signalCount=${signalCount}`);
+            pushFinding("backend.antipattern.god_classes", "critical", sourceFile, cls,
+                `God class detected: ${methodsCount} methods, ${propertiesCount} properties, ${lineCount} lines, complexity ${complexity}, concerns ${concernCount} - VIOLATES SRP`,
+                findings
+            );
+        }
+    });
+}
+
+module.exports = {
+    analyzeGodClasses,
+};

package/scripts/hooks-system/infrastructure/ast/common/ast-common.js

@@ -145,6 +145,21 @@ function runCommonIntelligence(project, findings) {
       }
     });
 
+    sf.getDescendantsOfKind(SyntaxKind.CatchClause).forEach((clause) => {
+      const block = typeof clause.getBlock === 'function' ? clause.getBlock() : null;
+      const statements = block && typeof block.getStatements === 'function' ? block.getStatements() : [];
+      if ((statements || []).length === 0) {
+        pushFinding(
+          'common.error.empty_catch',
+          'critical',
+          sf,
+          clause,
+          'Empty catch block detected - always handle errors (log, rethrow, wrap, or return Result)',
+          findings
+        );
+      }
+    });
+
     sf.getDescendantsOfKind(SyntaxKind.AnyKeyword).forEach((node) => {
 
       const isUtilityScript = /\/(scripts?|migrations?|seeders?|fixtures?)\//i.test(filePath);
@@ -318,7 +333,7 @@ function runCommonIntelligence(project, findings) {
       withoutStrings = withoutStrings.replace(/`[^`]*`/g, '');
       withoutStrings = withoutStrings.replace(/"[^"]*"/g, '');
       withoutStrings = withoutStrings.replace(/'[^']*'/g, '');
-      
+
       if (!/\/\/|\/\*/.test(withoutStrings)) return;
 
       const withoutUrls = withoutStrings.replace(/https?:\/\//g, '');
@@ -327,7 +342,7 @@ function runCommonIntelligence(project, findings) {
       const withoutJSDoc = withoutUrls.replace(/\/\*\*[\s\S]*?\*\//g, '');
       const hasOnlyJSDoc = !/\/\/|\/\*/.test(withoutJSDoc);
       if (hasOnlyJSDoc) return;
-      
+
       const withoutAllComments = withoutJSDoc.replace(/\/\/.*$/gm, '').replace(/\/\*[\s\S]*?\*\//g, '');
       if (!/\/\/|\/\*/.test(withoutAllComments)) return;