safeword 0.28.0 → 0.29.0

package/dist/{chunk-6ZRDSDK4.js → chunk-7UYKOFTI.js}

@@ -569,6 +569,43 @@ var basePluginsUnscoped = [
 ];
 var basePlugins = scopeToFiles(basePluginsUnscoped, JS_TS_FILES);
 
+// src/presets/typescript/eslint-configs/overrides-cli.ts
+var cliOverrides = {
+  name: "safeword/overrides-cli",
+  rules: {
+    // CLI tools read/write user-provided paths — not an injection vector
+    "security/detect-non-literal-fs-filename": "off",
+    // CLI tools index objects with user-provided keys (parsed JSON/YAML)
+    "security/detect-object-injection": "off",
+    // CLI tools execute commands from PATH — this is expected, not an attack
+    "sonarjs/no-os-command-from-path": "off",
+    "sonarjs/os-command": "off",
+    // CLI tools compare mixed types from parsed user input
+    "sonarjs/different-types-comparison": "off"
+  }
+};
+
+// src/presets/typescript/eslint-configs/overrides-relaxed-types.ts
+var relaxedTypesOverrides = {
+  name: "safeword/overrides-relaxed-types",
+  rules: {
+    // External data (JSON, YAML, API responses) has no compile-time types
+    "@typescript-eslint/no-unsafe-argument": "off",
+    "@typescript-eslint/no-unsafe-assignment": "off",
+    "@typescript-eslint/no-unsafe-call": "off",
+    "@typescript-eslint/no-unsafe-member-access": "off",
+    "@typescript-eslint/no-unsafe-return": "off",
+    // Boolean checks on untyped values are valid guards, not unnecessary
+    "@typescript-eslint/strict-boolean-expressions": "off",
+    "@typescript-eslint/no-unnecessary-condition": "off",
+    "@typescript-eslint/no-unnecessary-boolean-literal-compare": "off",
+    // Fallback operators on untyped values are intentional
+    "@typescript-eslint/prefer-nullish-coalescing": "off",
+    // Template literals with untyped values are common in logging/output
+    "@typescript-eslint/restrict-template-expressions": "off"
+  }
+};
+
 // src/presets/typescript/eslint-configs/playwright.ts
 import playwrightPlugin from "eslint-plugin-playwright";
 var playwrightConfig = [
@@ -1028,6 +1065,10 @@ var eslintPlugin = {
     storybook: storybookConfig,
     turbo: turboConfig
   },
+  overrides: {
+    cli: cliOverrides,
+    relaxedTypes: relaxedTypesOverrides
+  },
   detect,
   rules,
   prettierConfig: default2
@@ -1038,6 +1079,8 @@ export {
   astroConfig,
   rules,
   default2 as default,
+  cliOverrides,
+  relaxedTypesOverrides,
   playwrightConfig,
   recommended,
   recommendedTypeScript,
@@ -1052,4 +1095,4 @@ export {
   eslintPlugin,
   typescript_default
 };
-//# sourceMappingURL=chunk-6ZRDSDK4.js.map
+//# sourceMappingURL=chunk-7UYKOFTI.js.map

package/dist/chunk-7UYKOFTI.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/presets/typescript/eslint-configs/astro.ts","../src/presets/typescript/eslint-configs/base.ts","../src/presets/typescript/eslint-rules/no-accumulating-spread.ts","../src/presets/typescript/eslint-rules/no-incomplete-error-handling.ts","../src/presets/typescript/eslint-rules/no-re-export-all.ts","../src/presets/typescript/eslint-rules/index.ts","../src/presets/typescript/eslint-configs/overrides-cli.ts","../src/presets/typescript/eslint-configs/overrides-relaxed-types.ts","../src/presets/typescript/eslint-configs/playwright.ts","../src/presets/typescript/eslint-configs/recommended.ts","../src/presets/typescript/eslint-configs/recommended-nextjs.ts","../src/presets/typescript/eslint-configs/recommended-react.ts","../src/presets/typescript/eslint-configs/recommended-typescript.ts","../src/presets/typescript/eslint-configs/storybook.ts","../src/presets/typescript/eslint-configs/tailwind.ts","../src/presets/typescript/eslint-configs/tanstack-query.ts","../src/presets/typescript/eslint-configs/turbo.ts","../src/presets/typescript/eslint-configs/vitest.ts","../src/presets/typescript/index.ts"],"sourcesContent":["/**\n * ESLint configuration for Astro projects\n *\n * Applies to .astro files.\n * Includes recommended rules plus LLM-critical security/convention rules.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport astroPlugin from 'eslint-plugin-astro';\n\n/**\n * Astro config\n *\n * Includes:\n * - 8 recommended rules (all at error)\n * - 33 accessibility rules from jsx-a11y-strict (adapted for Astro)\n * - 3 LLM-critical rules: no-set-html-directive (XSS), no-unsafe-inline-scripts (CSP), no-exports-from-components\n *\n * Note: jsx-a11y rules work with Astro files because eslint-plugin-astro\n * provides wrapped versions that understand Astro's JSX-like syntax.\n * Using eslint-plugin-jsx-a11y directly on Astro files does NOT work.\n */\nexport const astroConfig: any[] = [\n  // Spread flat/recommended (5 config objects: plugin setup, file patterns, prettier overrides, rules)\n  ...astroPlugin.configs['flat/recommended'],\n\n  // Accessibility rules adapted for Astro (requires eslint-plugin-jsx-a11y installed)\n  ...astroPlugin.configs['flat/jsx-a11y-strict'],\n\n  // Add LLM-critical rules\n  {\n    name: 'safeword/astro',\n    rules: {\n      // XSS prevention - LLMs often use set:html for rendering user content\n      'astro/no-set-html-directive': 'error',\n\n      // CSP safety - inline scripts can break Content Security Policy\n      'astro/no-unsafe-inline-scripts': 'error',\n\n      // Astro convention - LLMs try to export from .astro components (not allowed)\n      'astro/no-exports-from-components': 'error',\n    },\n  },\n];\n","/**\n * Base ESLint plugins shared between JS and TypeScript configs\n *\n * These plugins work without type information and are included in both\n * `recommended` (JS) and `recommendedTypeScript` configs.\n */\n\nimport js from '@eslint/js';\nimport eslintComments from '@eslint-community/eslint-plugin-eslint-comments';\nimport { createTypeScriptImportResolver } from 'eslint-import-resolver-typescript';\nimport { importX } from 'eslint-plugin-import-x';\nimport pluginPromise from 'eslint-plugin-promise';\nimport { configs as regexpConfigs } from 'eslint-plugin-regexp';\nimport pluginSecurity from 'eslint-plugin-security';\nimport simpleImportSort from 'eslint-plugin-simple-import-sort';\nimport { configs as sonarConfigs } from 'eslint-plugin-sonarjs';\nimport unicorn from 'eslint-plugin-unicorn';\n\nimport { rules as safewordRules } from '../eslint-rules/index.js';\n\n/**\n * File patterns for base JS/TS rules\n * Excludes .astro, .vue, .svelte which use different parsers\n */\nexport const JS_TS_FILES = ['**/*.{js,jsx,ts,tsx,mjs,cjs,mts,cts}'];\n\n/**\n * Add files restriction to config objects.\n * Handles both single config objects and arrays of configs.\n * Skips config objects that only have ignores (global ignores).\n * Skips config objects that already have files set.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nfunction scopeConfigToFiles(config: any, files: string[]): any {\n  // Skip global ignores (config with only ignores property)\n  if (config.ignores && Object.keys(config).length === 1) {\n    return config;\n  }\n  // Skip configs that already have files set\n  if (config.files) {\n    return config;\n  }\n  // Add files restriction\n  return { ...config, files };\n}\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nfunction scopeToFiles(configs: any[], files: string[]): any[] {\n  return configs.flatMap(config => {\n    // Handle arrays (third-party configs may be arrays)\n    if (Array.isArray(config)) {\n      return config.map(c => scopeConfigToFiles(c, files));\n    }\n    return scopeConfigToFiles(config, files);\n  });\n}\n\n/**\n * Base plugins - shared between JS and TS configs\n * Does NOT include JSDoc (different config per language) or Prettier (must be last)\n *\n * Note: Uses any[] because ESLint plugin types are incompatible across packages.\n * Runtime validation by ESLint ensures correctness.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nconst basePluginsUnscoped: any[] = [\n  // Default ignores - always skip these directories\n  {\n    ignores: ['**/node_modules/**', '**/dist/**', '**/build/**', '**/.git/**'],\n  },\n\n  // ESLint core recommended\n  js.configs.recommended,\n\n  // Code style and design rules - catches common LLM patterns\n  {\n    name: 'safeword/code-style',\n    rules: {\n      'no-unneeded-ternary': 'error', // x ? true : false → x\n      'prefer-template': 'error', // 'a' + b → `a${b}`\n      'dot-notation': 'error', // obj[\"prop\"] → obj.prop\n      'object-shorthand': 'error', // { foo: foo } → { foo }\n      'no-extra-boolean-cast': 'error', // !!value → Boolean(value) or value\n      'prefer-object-spread': 'error', // Object.assign({}, x) → { ...x }\n      'logical-assignment-operators': 'error', // x = x ?? y → x ??= y\n      'operator-assignment': 'error', // x = x + 1 → x += 1\n      curly: 'error', // Require braces around if/else/for/while\n      'arrow-body-style': ['error', 'as-needed'], // () => { return x } → () => x\n      'prefer-arrow-callback': ['error', { allowNamedFunctions: true }], // function() {} → () => {}\n      // Design constraints - forces LLMs to decompose code\n      'max-depth': ['error', 4], // Forces early returns, avoids deep nesting\n      'max-params': ['error', 5], // Forces object params or decomposition\n      complexity: ['error', 10], // Cyclomatic complexity - LLMs write dense, complex code\n      'max-nested-callbacks': ['error', 3], // Prevents callback hell in async code\n      eqeqeq: ['error', 'always', { null: 'ignore' }], // === required, except x == null\n      'preserve-caught-error': 'error', // Re-throw with { cause: error } to preserve stack\n    },\n  },\n\n  // Import validation\n  importX.flatConfigs.recommended,\n  {\n    name: 'safeword/import-rules',\n    settings: {\n      'import-x/resolver-next': [createTypeScriptImportResolver()],\n    },\n    rules: {\n      'import-x/no-duplicates': 'error', // LLMs create duplicate imports\n      'import-x/no-cycle': 'error', // Circular dependencies A → B → A\n      'import-x/no-self-import': 'error', // File imports itself (copy-paste bug)\n      // Turn off rules with high false-positive rate - documented justification:\n      //\n      // no-named-as-default: Flags valid patterns like `import Button from './Button'`\n      // when Button.tsx has both default and named exports. Very common in React.\n      // Issue: https://github.com/import-js/eslint-plugin-import/issues/1618\n      'import-x/no-named-as-default': 'off',\n      //\n      // no-named-as-default-member: Same issue - flags accessing static members\n      // on default imports, e.g., `Button.displayName`. Common React pattern.\n      'import-x/no-named-as-default-member': 'off',\n    },\n  },\n\n  // Code quality / complexity\n  sonarConfigs.recommended,\n  {\n    name: 'safeword/sonarjs-rules',\n    rules: {\n      // Enable design rules (off by default but valuable for clean code)\n      'sonarjs/no-collapsible-if': 'error', // if(a) { if(b) } → if(a && b)\n      'sonarjs/no-nested-switch': 'error', // Switch inside switch is a smell\n      'sonarjs/prefer-immediate-return': 'error', // const x = y; return x → return y\n      'sonarjs/no-inconsistent-returns': 'error', // Some paths return, some don't\n    },\n  },\n\n  // Security - detect common vulnerabilities\n  pluginSecurity.configs.recommended,\n  {\n    name: 'safeword/security-rules',\n    rules: {\n      // Critical security rules at error (LLMs ignore warnings)\n      'security/detect-bidi-characters': 'error', // Trojan Source attacks\n      'security/detect-eval-with-expression': 'error',\n      'security/detect-non-literal-fs-filename': 'error',\n      'security/detect-non-literal-regexp': 'error',\n      'security/detect-non-literal-require': 'error',\n      'security/detect-child-process': 'error',\n      'security/detect-unsafe-regex': 'error',\n      'security/detect-disable-mustache-escape': 'error',\n      'security/detect-no-csrf-before-method-override': 'error',\n      // Escalate all to error (LLMs ignore warnings)\n      'security/detect-object-injection': 'error',\n      'security/detect-possible-timing-attacks': 'error',\n      'security/detect-buffer-noassert': 'error',\n      'security/detect-new-buffer': 'error',\n      'security/detect-pseudoRandomBytes': 'error',\n    },\n  },\n\n  // Promise handling - catches floating promises (critical for LLM code)\n  pluginPromise.configs['flat/recommended'],\n  {\n    name: 'safeword/promise-rules',\n    rules: {\n      'promise/no-multiple-resolved': 'error', // Catches missing return after resolve\n      // LLMs mix callback/promise paradigms - escalate to error\n      'promise/no-callback-in-promise': 'error',\n      'promise/no-nesting': 'error',\n      'promise/no-promise-in-callback': 'error',\n      'promise/no-return-in-finally': 'error',\n      'promise/valid-params': 'error',\n    },\n  },\n\n  // Regexp - catches ReDoS vulnerabilities and malformed regex\n  regexpConfigs['flat/recommended'],\n  {\n    name: 'safeword/regexp-rules',\n    rules: {\n      // Escalate warn rules to error (LLMs ignore warnings)\n      'regexp/confusing-quantifier': 'error',\n      'regexp/no-empty-alternative': 'error',\n      'regexp/no-lazy-ends': 'error',\n      'regexp/no-potentially-useless-backreference': 'error',\n      'regexp/no-useless-flag': 'error',\n      'regexp/optimal-lookaround-quantifier': 'error',\n    },\n  },\n\n  // Modern JS enforcement - strict for agents\n  unicorn.configs.recommended,\n  {\n    name: 'safeword/unicorn-rules',\n    rules: {\n      // Keep off - documented justification for each:\n      //\n      // no-process-exit: CLI tools legitimately use process.exit() for:\n      //   - Error handling with non-zero exit codes\n      //   - Clean shutdown after completing work\n      // Forcing throw-only would break CLI UX and exit code contracts.\n      'unicorn/no-process-exit': 'off',\n      //\n      // prefer-module: CommonJS is still valid in Node.js ecosystem:\n      //   - Config files (jest.config.js, .eslintrc.cjs)\n      //   - Packages with CJS-only dependencies\n      //   - Gradual ESM migration in progress\n      'unicorn/prefer-module': 'off',\n      // Escalated to error for LLM code\n      'unicorn/switch-case-braces': 'error',\n      'unicorn/catch-error-name': 'error',\n      'unicorn/no-array-reduce': 'error', // LLMs write confusing reduce\n      'unicorn/prevent-abbreviations': [\n        'error',\n        {\n          allowList: {\n            ctx: true, // context\n            req: true, // request\n            res: true, // response\n            err: true, // error\n            dir: true, // directory\n            pkg: true, // package\n            env: true, // environment\n            args: true, // arguments\n            params: true, // parameters\n            props: true, // properties\n            ref: true, // reference\n            src: true, // source\n            dest: true, // destination\n            db: true, // database\n            fn: true, // function\n            cb: true, // callback\n            acc: true, // accumulator\n            prev: true, // previous\n            curr: true, // current\n            i: true, // index\n            j: true, // index\n            k: true, // index\n          },\n        },\n      ],\n      'unicorn/no-null': 'error', // Use undefined\n      'unicorn/no-array-for-each': 'error', // Use for...of\n      'unicorn/no-negated-condition': 'error', // Clearer conditionals\n      // Cherry-picked from 'all' config - high value for LLM code\n      'unicorn/no-unused-properties': 'error', // Dead code in enum-like objects\n      'unicorn/consistent-destructuring': 'error', // Don't mix props.x and {x} = props\n      'unicorn/prefer-import-meta-properties': 'error', // import.meta.dirname > __dirname\n    },\n  },\n\n  // Import sorting - auto-fixable, reduces noise\n  {\n    name: 'safeword/import-sort',\n    plugins: { 'simple-import-sort': simpleImportSort },\n    rules: {\n      'simple-import-sort/imports': 'error',\n      'simple-import-sort/exports': 'error',\n      'import-x/order': 'off', // Disable in favor of simple-import-sort\n    },\n  },\n\n  // Safeword custom rules - LLM-specific patterns\n  {\n    name: 'safeword/custom-rules',\n    plugins: { safeword: { rules: safewordRules } },\n    rules: {\n      'safeword/no-incomplete-error-handling': 'error',\n      'safeword/no-accumulating-spread': 'error', // O(n²) reduce pattern\n      'safeword/no-re-export-all': 'error', // Hurts tree-shaking\n    },\n  },\n\n  // ESLint native: flag stale disable directives (ESLint 9 default is warn, we want error)\n  {\n    name: 'safeword/linter-options',\n    linterOptions: {\n      reportUnusedDisableDirectives: 'error',\n    },\n  },\n\n  // ESLint disable comment governance - prevents broad/undocumented suppressions\n  {\n    name: 'safeword/eslint-comments',\n    plugins: { 'eslint-comments': eslintComments },\n    rules: {\n      'eslint-comments/disable-enable-pair': ['error', { allowWholeFile: true }],\n      'eslint-comments/no-unlimited-disable': 'error', // Must name specific rule\n      'eslint-comments/require-description': ['error', { ignore: ['eslint-enable'] }], // Must explain why\n      'eslint-comments/no-duplicate-disable': 'error', // No redundant disables\n      'eslint-comments/no-unused-enable': 'error', // No orphaned enables\n    },\n  },\n];\n\n/**\n * Base plugins scoped to JS/TS files only.\n * Prevents rules from running on .astro, .vue, .svelte files which use different parsers.\n */\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nexport const basePlugins: any[] = scopeToFiles(basePluginsUnscoped, JS_TS_FILES);\n\n/**\n * Prettier config - must be last to disable conflicting rules\n */\n\nexport { default as prettierConfig } from 'eslint-config-prettier';\n","/**\n * Rule: no-accumulating-spread\n *\n * Detects spread operator on accumulators in reduce callbacks, which causes\n * O(n²) time complexity. This is a common LLM performance mistake.\n *\n * Bad (O(n²)):\n *   items.reduce((acc, item) => ({ ...acc, [item.id]: item }), {})\n *   items.reduce((acc, item) => [...acc, item.name], [])\n *\n * Good (O(n)):\n *   items.reduce((acc, item) => { acc[item.id] = item; return acc; }, {})\n *   items.reduce((acc, item) => { acc.push(item.name); return acc; }, [])\n *\n * Or better - avoid reduce entirely:\n *   Object.fromEntries(items.map(item => [item.id, item]))\n *   items.map(item => item.name)\n */\n\nimport type { Rule } from 'eslint';\nimport type {\n  ArrowFunctionExpression,\n  CallExpression,\n  FunctionExpression,\n  Node,\n  SpreadElement,\n} from 'estree';\n\n/**\n * Check if a node is a call to .reduce()\n */\nfunction isReduceCall(node: CallExpression): boolean {\n  const { callee } = node;\n  return (\n    callee.type === 'MemberExpression' &&\n    callee.property.type === 'Identifier' &&\n    callee.property.name === 'reduce'\n  );\n}\n\n/**\n * Get the accumulator parameter name from a reduce callback\n */\nfunction getAccumulatorName(\n  callback: ArrowFunctionExpression | FunctionExpression,\n): string | undefined {\n  const firstParameter = callback.params[0];\n  if (firstParameter?.type === 'Identifier') {\n    return firstParameter.name;\n  }\n  return undefined;\n}\n\n/**\n * Check if a spread element spreads the accumulator\n */\nfunction spreadsAccumulator(spread: SpreadElement, accName: string): boolean {\n  return spread.argument.type === 'Identifier' && spread.argument.name === accName;\n}\n\n/**\n * Check object expression properties for accumulator spread.\n */\nfunction findSpreadInObject(\n  node: Node & { type: 'ObjectExpression' },\n  accName: string,\n): SpreadElement | undefined {\n  for (const property of node.properties) {\n    if (property.type === 'SpreadElement' && spreadsAccumulator(property, accName)) {\n      return property;\n    }\n  }\n  return undefined;\n}\n\n/**\n * Check array expression elements for accumulator spread.\n */\nfunction findSpreadInArray(\n  node: Node & { type: 'ArrayExpression' },\n  accName: string,\n): SpreadElement | undefined {\n  for (const element of node.elements) {\n    if (element?.type === 'SpreadElement' && spreadsAccumulator(element, accName)) {\n      return element;\n    }\n  }\n  return undefined;\n}\n\n/**\n * Recursively check if an expression contains a spread of the accumulator\n */\nfunction containsAccumulatorSpread(node: Node, accName: string): SpreadElement | undefined {\n  // eslint-disable-next-line @typescript-eslint/switch-exhaustiveness-check -- Only specific node types can contain spreads; all others return undefined via default\n  switch (node.type) {\n    case 'SpreadElement': {\n      return spreadsAccumulator(node, accName) ? node : undefined;\n    }\n\n    case 'ObjectExpression': {\n      return findSpreadInObject(node, accName);\n    }\n\n    case 'ArrayExpression': {\n      return findSpreadInArray(node, accName);\n    }\n\n    case 'ConditionalExpression': {\n      return (\n        containsAccumulatorSpread(node.consequent, accName) ??\n        containsAccumulatorSpread(node.alternate, accName)\n      );\n    }\n\n    case 'LogicalExpression': {\n      return (\n        containsAccumulatorSpread(node.left, accName) ??\n        containsAccumulatorSpread(node.right, accName)\n      );\n    }\n\n    default: {\n      return undefined;\n    }\n  }\n}\n\n/**\n * Check arrow function body for accumulator spread\n */\nfunction checkArrowBody(\n  body: ArrowFunctionExpression['body'],\n  accName: string,\n): SpreadElement | undefined {\n  // Direct return: (acc, item) => ({ ...acc, ... })\n  if (body.type === 'ObjectExpression' || body.type === 'ArrayExpression') {\n    return containsAccumulatorSpread(body, accName);\n  }\n\n  // Parenthesized or conditional\n  if (body.type === 'ConditionalExpression' || body.type === 'LogicalExpression') {\n    return containsAccumulatorSpread(body, accName);\n  }\n\n  // Block body - check return statements\n  if (body.type === 'BlockStatement') {\n    for (const stmt of body.body) {\n      if (stmt.type === 'ReturnStatement' && stmt.argument) {\n        const found = containsAccumulatorSpread(stmt.argument, accName);\n        if (found) return found;\n      }\n    }\n  }\n\n  return undefined;\n}\n\nconst rule: Rule.RuleModule = {\n  meta: {\n    type: 'problem',\n    docs: {\n      description: 'Disallow spreading accumulator in reduce (causes O(n²) complexity)',\n      recommended: true,\n    },\n    messages: {\n      accumulatingSpread:\n        'Spreading accumulator in reduce() causes O(n²) complexity. ' +\n        'Mutate the accumulator instead, or use map/filter/Object.fromEntries.',\n    },\n    schema: [],\n  },\n\n  create(context) {\n    return {\n      CallExpression(node: CallExpression) {\n        if (!isReduceCall(node)) return;\n\n        const callback = node.arguments[0];\n        if (\n          !callback ||\n          (callback.type !== 'ArrowFunctionExpression' && callback.type !== 'FunctionExpression')\n        ) {\n          return;\n        }\n\n        const accName = getAccumulatorName(callback);\n        if (!accName) return;\n\n        const spreadNode = checkArrowBody(callback.body, accName);\n        if (spreadNode) {\n          context.report({\n            node: spreadNode,\n            messageId: 'accumulatingSpread',\n          });\n        }\n      },\n    };\n  },\n};\n\nexport default rule;\n","/**\n * Rule: no-incomplete-error-handling\n *\n * Detects catch blocks that log an error but don't rethrow or return,\n * which swallows the error silently. This is a common LLM mistake.\n *\n * Bad:\n *   catch (error) { console.error(error); }  // swallowed!\n *\n * Good:\n *   catch (error) { console.error(error); throw error; }\n *   catch (error) { console.error(error); return null; }\n *   catch (error) { throw new AppError('context', { cause: error }); }\n */\n\nimport type { Rule } from 'eslint';\nimport type { CallExpression, CatchClause, Statement } from 'estree';\n\nconst LOG_METHODS = new Set(['log', 'error', 'warn', 'info', 'debug', 'trace']);\n\nconst LOG_OBJECTS = new Set(['console', 'logger', 'log']);\n\n/**\n * Checks if a call expression is a logging call (console.log, logger.error, etc.)\n * @param node\n */\nfunction isLoggingCall(node: CallExpression): boolean {\n  const { callee } = node;\n\n  // console.error(...), logger.error(...), etc.\n  if (\n    callee.type === 'MemberExpression' &&\n    callee.object.type === 'Identifier' &&\n    callee.property.type === 'Identifier'\n  ) {\n    const object = callee.object.name.toLowerCase();\n    const method = callee.property.name.toLowerCase();\n    return LOG_OBJECTS.has(object) && LOG_METHODS.has(method);\n  }\n\n  return false;\n}\n\n/**\n * Check if a single statement terminates control flow.\n */\nfunction isTerminatingBranch(stmt: Statement): boolean {\n  if (stmt.type === 'ThrowStatement' || stmt.type === 'ReturnStatement') {\n    return true;\n  }\n  if (stmt.type === 'BlockStatement') {\n    return hasTerminatingStatement(stmt.body);\n  }\n  return false;\n}\n\n/**\n * Check if an if statement terminates (both branches must terminate).\n */\nfunction ifStatementTerminates(stmt: Statement & { type: 'IfStatement' }): boolean {\n  const consequentTerminates = isTerminatingBranch(stmt.consequent);\n  const alternateTerminates = stmt.alternate ? isTerminatingBranch(stmt.alternate) : false;\n  return consequentTerminates && alternateTerminates;\n}\n\n/**\n * Checks if statements include a throw or return (error is properly handled)\n * @param statements\n */\nfunction hasTerminatingStatement(statements: Statement[]): boolean {\n  for (const stmt of statements) {\n    if (stmt.type === 'ThrowStatement' || stmt.type === 'ReturnStatement') {\n      return true;\n    }\n    if (stmt.type === 'IfStatement' && ifStatementTerminates(stmt)) {\n      return true;\n    }\n  }\n  return false;\n}\n\n/**\n * Check if a single statement is a logging call.\n */\nfunction isLoggingStatement(stmt: Statement): boolean {\n  return (\n    stmt.type === 'ExpressionStatement' &&\n    stmt.expression.type === 'CallExpression' &&\n    isLoggingCall(stmt.expression)\n  );\n}\n\n/**\n * Get nested statements from a statement (for recursive search).\n */\nfunction getNestedStatements(stmt: Statement): Statement[] {\n  if (stmt.type === 'BlockStatement') {\n    return stmt.body;\n  }\n  if (stmt.type === 'IfStatement') {\n    const nested = [stmt.consequent];\n    if (stmt.alternate) nested.push(stmt.alternate);\n    return nested;\n  }\n  return [];\n}\n\n/**\n * Recursively checks if statements include a logging call (searches nested blocks)\n * @param statements\n */\nfunction containsLoggingCall(statements: Statement[]): boolean {\n  for (const stmt of statements) {\n    if (isLoggingStatement(stmt)) return true;\n\n    const nested = getNestedStatements(stmt);\n    if (nested.length > 0 && containsLoggingCall(nested)) return true;\n  }\n  return false;\n}\n\nconst rule: Rule.RuleModule = {\n  meta: {\n    type: 'problem',\n    docs: {\n      description: 'Disallow catch blocks that log but do not rethrow or return',\n      recommended: true,\n    },\n    messages: {\n      incompleteErrorHandling:\n        'Catch block logs error but does not rethrow or return. This swallows the error silently.',\n    },\n    schema: [],\n  },\n\n  create(context) {\n    return {\n      CatchClause(node: CatchClause) {\n        const { body } = node;\n        if (body.type !== 'BlockStatement') return;\n\n        const statements = body.body;\n\n        // Only flag if there's a logging call but no terminating statement\n        if (containsLoggingCall(statements) && !hasTerminatingStatement(statements)) {\n          context.report({\n            node,\n            messageId: 'incompleteErrorHandling',\n          });\n        }\n      },\n    };\n  },\n};\n\nexport default rule;\n","/**\n * Rule: no-re-export-all\n *\n * Disallows `export * from` statements which re-export all exports from\n * another module. This pattern hurts tree-shaking and makes dependencies\n * unclear. LLMs often use this for convenience without understanding\n * the bundle size implications.\n *\n * Bad:\n *   export * from './utils';\n *   export * from '@/components';\n *\n * Good:\n *   export { foo, bar } from './utils';\n *   export { Button, Modal } from '@/components';\n *\n * Note: `export * as namespace from` is allowed as it creates a named export.\n */\n\nimport type { Rule } from 'eslint';\nimport type { ExportAllDeclaration } from 'estree';\n\nconst rule: Rule.RuleModule = {\n  meta: {\n    type: 'suggestion',\n    docs: {\n      description: 'Disallow wildcard re-exports (export * from)',\n      recommended: true,\n    },\n    messages: {\n      noReExportAll:\n        'Avoid `export * from`. Use named exports for better tree-shaking and clearer dependencies.',\n    },\n    schema: [],\n  },\n\n  create(context) {\n    return {\n      ExportAllDeclaration(node: ExportAllDeclaration) {\n        // Allow `export * as namespace from` - this creates a named export\n        if (node.exported) {\n          return;\n        }\n\n        context.report({\n          node,\n          messageId: 'noReExportAll',\n        });\n      },\n    };\n  },\n};\n\nexport default rule;\n","/**\n * Safeword custom ESLint rules\n */\n\nimport noAccumulatingSpread from './no-accumulating-spread.js';\nimport noIncompleteErrorHandling from './no-incomplete-error-handling.js';\nimport noReExportAll from './no-re-export-all.js';\n\nexport const rules = {\n  'no-accumulating-spread': noAccumulatingSpread,\n  'no-incomplete-error-handling': noIncompleteErrorHandling,\n  'no-re-export-all': noReExportAll,\n};\n","/**\n * CLI Tool Overrides\n *\n * Disables security rules that produce false positives for CLI tools,\n * build tools, and scripts that work with dynamic file paths and\n * shell commands by design.\n *\n * Usage:\n *   import safeword from 'safeword/eslint';\n *   export default [\n *     ...safeword.configs.recommendedTypeScript,\n *     safeword.overrides.cli,\n *   ];\n */\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nexport const cliOverrides: any = {\n  name: 'safeword/overrides-cli',\n  rules: {\n    // CLI tools read/write user-provided paths — not an injection vector\n    'security/detect-non-literal-fs-filename': 'off',\n    // CLI tools index objects with user-provided keys (parsed JSON/YAML)\n    'security/detect-object-injection': 'off',\n    // CLI tools execute commands from PATH — this is expected, not an attack\n    'sonarjs/no-os-command-from-path': 'off',\n    'sonarjs/os-command': 'off',\n    // CLI tools compare mixed types from parsed user input\n    'sonarjs/different-types-comparison': 'off',\n  },\n};\n","/**\n * Relaxed Type-Checking Overrides\n *\n * Disables strict TypeScript rules that produce false positives when\n * code handles data without compile-time types: JSON parsing, YAML\n * loading, API responses, dynamic config files, and user input.\n *\n * Usage:\n *   import safeword from 'safeword/eslint';\n *   export default [\n *     ...safeword.configs.recommendedTypeScript,\n *     safeword.overrides.relaxedTypes,\n *   ];\n */\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages\nexport const relaxedTypesOverrides: any = {\n  name: 'safeword/overrides-relaxed-types',\n  rules: {\n    // External data (JSON, YAML, API responses) has no compile-time types\n    '@typescript-eslint/no-unsafe-argument': 'off',\n    '@typescript-eslint/no-unsafe-assignment': 'off',\n    '@typescript-eslint/no-unsafe-call': 'off',\n    '@typescript-eslint/no-unsafe-member-access': 'off',\n    '@typescript-eslint/no-unsafe-return': 'off',\n    // Boolean checks on untyped values are valid guards, not unnecessary\n    '@typescript-eslint/strict-boolean-expressions': 'off',\n    '@typescript-eslint/no-unnecessary-condition': 'off',\n    '@typescript-eslint/no-unnecessary-boolean-literal-compare': 'off',\n    // Fallback operators on untyped values are intentional\n    '@typescript-eslint/prefer-nullish-coalescing': 'off',\n    // Template literals with untyped values are common in logging/output\n    '@typescript-eslint/restrict-template-expressions': 'off',\n  },\n};\n","/**\n * ESLint configuration for Playwright e2e tests\n *\n * Applies ONLY to e2e test files to avoid conflicts with vitest:\n * - *.e2e.ts files (explicit e2e naming)\n * - Files in e2e/ directories\n *\n * Does NOT apply to regular *.test.ts files (those are vitest).\n *\n * All rules escalated to error (LLMs ignore warnings).\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport playwrightPlugin from 'eslint-plugin-playwright';\n\n/**\n * Playwright e2e test linting config\n *\n * Based on recommended config with all warns escalated to error.\n *\n * File patterns target only e2e tests to avoid vitest conflicts:\n * - Explicit e2e suffix (e.g., login.e2e.ts)\n * - Test/spec files in e2e directories only\n */\nexport const playwrightConfig: any[] = [\n  {\n    name: 'safeword/playwright',\n    files: ['**/*.e2e.{ts,tsx,js,jsx}', '**/e2e/**/*.{test,spec}.{ts,tsx,js,jsx}'],\n    plugins: {\n      playwright: playwrightPlugin,\n    },\n    rules: {\n      // From recommended - already at error\n      'playwright/missing-playwright-await': 'error',\n      'playwright/no-focused-test': 'error',\n      'playwright/no-networkidle': 'error',\n      'playwright/no-standalone-expect': 'error',\n      'playwright/no-unsafe-references': 'error',\n      'playwright/no-unused-locators': 'error',\n      'playwright/no-wait-for-navigation': 'error',\n      'playwright/prefer-web-first-assertions': 'error',\n      'playwright/valid-describe-callback': 'error',\n      'playwright/valid-expect': 'error',\n      'playwright/valid-expect-in-promise': 'error',\n      'playwright/valid-test-tags': 'error',\n      'playwright/valid-title': 'error',\n\n      // Escalated from warn to error (LLMs ignore warnings)\n      'playwright/expect-expect': 'error',\n      'playwright/max-nested-describe': 'error',\n      'playwright/no-conditional-expect': 'error',\n      'playwright/no-conditional-in-test': 'error',\n      'playwright/no-element-handle': 'error',\n      'playwright/no-eval': 'error',\n      'playwright/no-force-option': 'error',\n      'playwright/no-nested-step': 'error',\n      'playwright/no-page-pause': 'error',\n      'playwright/no-useless-await': 'error',\n      'playwright/no-useless-not': 'error',\n      'playwright/no-wait-for-selector': 'error',\n      'playwright/no-wait-for-timeout': 'error',\n\n      'playwright/no-skipped-test': 'error',\n\n      // Relax base rules for test files - each override has documented justification:\n      //\n      // no-empty-function: Tests often need empty callbacks for mocks/stubs:\n      //   const mockFn = vi.fn(() => {});  // Valid mock with no implementation\n      //   await expect(action).rejects.toThrow(); // Empty catch in expect wrapper\n      '@typescript-eslint/no-empty-function': 'off',\n      //\n      // detect-non-literal-fs-filename: Tests read fixtures from known safe paths:\n      //   const fixture = readFileSync(join(__dirname, 'fixtures', testCase.input));\n      // Test fixtures are developer-controlled, not user input.\n      'security/detect-non-literal-fs-filename': 'off',\n      //\n      // no-unsafe-* rules: Tests legitimately use partial mocks, fixtures, and stubs.\n      '@typescript-eslint/no-unsafe-assignment': 'off',\n      '@typescript-eslint/no-unsafe-member-access': 'off',\n      '@typescript-eslint/no-unsafe-call': 'off',\n      '@typescript-eslint/no-unsafe-argument': 'off',\n      '@typescript-eslint/no-unsafe-return': 'off',\n      //\n      // no-nested-functions: Test organization uses nested describe/it patterns.\n      'sonarjs/no-nested-functions': 'off',\n      //\n      // no-null: Playwright API explicitly uses null in signatures:\n      //   await page.waitForFunction(() => window.loaded, null, { timeout: 5000 });\n      // See: https://playwright.dev/docs/api/class-page#page-wait-for-function\n      'unicorn/no-null': 'off',\n    },\n  },\n];\n","/**\n * Recommended ESLint configuration for JavaScript + LLM coding agents\n *\n * This preset bundles and configures multiple ESLint plugins with\n * severity levels optimized for catching common LLM-generated code issues.\n *\n * Philosophy: LLMs ignore warnings, so rules that catch real bugs are at \"error\".\n *\n * For TypeScript projects, use `recommendedTypeScript` instead.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport pluginJsdoc from 'eslint-plugin-jsdoc';\n\nimport { basePlugins, prettierConfig } from './base.js';\n\n/**\n * JavaScript recommended config - core plugins without TypeScript\n *\n * Note: Uses any[] because ESLint plugin types are incompatible across packages.\n * Runtime validation by ESLint ensures correctness.\n */\n\nexport const recommended: any[] = [\n  // All base plugins (security, promise, unicorn, etc.)\n  ...basePlugins,\n\n  // JSDoc - JavaScript needs docs (no type safety net)\n  // Using error config - LLMs ignore warnings\n  pluginJsdoc.configs['flat/recommended-error'],\n\n  // Prettier must be last to disable conflicting rules\n  prettierConfig,\n\n  // Re-enable curly after prettier (prettier turns it off but we want braces for LLM code)\n  {\n    rules: {\n      curly: 'error', // Force braces on if/else/for/while - LLMs write unsafe single-line blocks\n    },\n  },\n];\n","/**\n * Recommended ESLint configuration for Next.js + TypeScript + LLM coding agents\n *\n * Extends the React config with Next.js-specific rules:\n * - @next/eslint-plugin-next: Framework rules (Image, Link, Head, etc.)\n *\n * Philosophy: LLMs make Next.js-specific mistakes. All rules at error severity.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport nextPlugin from '@next/eslint-plugin-next';\n\nimport { recommendedTypeScriptReact } from './recommended-react.js';\n\n/**\n * Next.js-only rules for monorepo scoping\n *\n * Contains ONLY Next.js-specific ESLint rules without React rules.\n * Use with `files:` scoping in monorepos where only some packages use Next.js,\n * while React rules apply to all React packages.\n */\nexport const nextOnlyRules: any[] = [\n  // Next.js plugin with core-web-vitals config (stricter)\n  nextPlugin.configs['core-web-vitals'],\n\n  // Escalate ALL remaining warn rules to error (LLMs ignore warnings)\n  {\n    name: 'safeword/nextjs-rules',\n    rules: {\n      '@next/next/google-font-display': 'error',\n      '@next/next/google-font-preconnect': 'error',\n      '@next/next/next-script-for-ga': 'error',\n      '@next/next/no-async-client-component': 'error',\n      '@next/next/no-before-interactive-script-outside-document': 'error',\n      '@next/next/no-css-tags': 'error',\n      '@next/next/no-head-element': 'error',\n      '@next/next/no-img-element': 'error',\n      '@next/next/no-page-custom-font': 'error',\n      '@next/next/no-styled-jsx-in-document': 'error',\n      '@next/next/no-title-in-document-head': 'error',\n      '@next/next/no-typos': 'error',\n      '@next/next/no-unwanted-polyfillio': 'error',\n    },\n  },\n];\n\n/**\n * Next.js + TypeScript recommended config\n *\n * Extends React config with Next.js-specific rules for catching\n * common LLM mistakes: using <img> instead of <Image>, <a> instead of <Link>.\n */\nexport const recommendedTypeScriptNext: any[] = [\n  // All React + TypeScript rules\n  ...recommendedTypeScriptReact,\n\n  // Next.js-only rules\n  ...nextOnlyRules,\n];\n","/**\n * Recommended ESLint configuration for React + TypeScript + LLM coding agents\n *\n * Extends the TypeScript config with React-specific rules:\n * - eslint-plugin-react: JSX rules (keys, duplicates, etc.)\n * - eslint-plugin-react-hooks 7.x: Hook rules + React Compiler diagnostics\n * - eslint-plugin-jsx-a11y: Accessibility rules (strict preset)\n *\n * Philosophy: LLMs make React-specific mistakes. These rules catch them.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport jsxA11y from 'eslint-plugin-jsx-a11y';\nimport reactPlugin from 'eslint-plugin-react';\nimport reactHooksPluginImport from 'eslint-plugin-react-hooks';\n\n// Type assertion - react-hooks 7.x exports configs but types don't declare it\nconst reactHooksPlugin = reactHooksPluginImport as unknown as {\n  configs?: { flat?: { 'recommended-latest'?: any } };\n};\n\nimport { recommendedTypeScript } from './recommended-typescript.js';\n\n// Runtime validation - ensure react-hooks 7.x with flat config support\nconst reactHooksConfig = reactHooksPlugin.configs?.flat?.['recommended-latest'];\nif (!reactHooksConfig) {\n  throw new Error(\n    'safeword requires eslint-plugin-react-hooks >= 7.0.0 with flat config support. ' +\n      'Please upgrade react-hooks: npm install eslint-plugin-react-hooks@latest',\n  );\n}\n\n/**\n * React + TypeScript recommended config\n *\n * Extends TypeScript config with React-specific rules for catching\n * common LLM mistakes: missing keys, hook violations, stale closures.\n *\n * Includes React Compiler rules (v7.x) for detecting purity violations,\n * improper memoization, and other compiler-incompatible patterns.\n */\nexport const recommendedTypeScriptReact: any[] = [\n  // All TypeScript rules (includes base plugins)\n  ...recommendedTypeScript,\n\n  // React plugin - JSX rules\n  reactPlugin.configs.flat?.recommended,\n  reactPlugin.configs.flat?.['jsx-runtime'], // React 17+ (no import React needed)\n\n  // React Hooks + Compiler rules (v7.x flat config)\n  // Using recommended-latest which includes void-use-memo\n  reactHooksConfig,\n\n  // Accessibility rules - strict preset (all at error level)\n  jsxA11y.flatConfigs.strict,\n\n  // Escalate warn rules to error + add LLM-critical rules\n  {\n    name: 'safeword/react-hooks-rules',\n    rules: {\n      // Escalate default warns to error (LLMs ignore warnings)\n      'react-hooks/exhaustive-deps': 'error', // Default: warn\n      'react-hooks/incompatible-library': 'error', // Default: warn\n      'react-hooks/unsupported-syntax': 'error', // Default: warn\n\n      // LLM-critical rules NOT in recommended-latest preset\n      'react-hooks/memoized-effect-dependencies': 'error', // LLMs create unstable refs as deps\n      'react-hooks/no-deriving-state-in-effects': 'error', // LLMs derive state in useEffect\n    },\n  },\n\n  // React rule overrides for TypeScript projects\n  {\n    name: 'safeword/react-rules',\n    rules: {\n      // Turn off rules that are redundant with TypeScript\n      'react/prop-types': 'off', // TS handles prop validation\n      'react/react-in-jsx-scope': 'off', // Not needed with React 17+\n\n      // Escalate important rules to error\n      'react/jsx-key': 'error', // LLMs forget keys in map()\n      'react/jsx-no-duplicate-props': 'error', // Copy-paste bugs\n      'react/no-direct-mutation-state': 'error', // Critical React bug\n      'react/no-children-prop': 'error', // Anti-pattern\n      'react/jsx-no-target-blank': 'error', // Security - has autofix\n      'react/no-unknown-property': 'error', // class -> className, has autofix\n      'react/no-unescaped-entities': 'error', // XSS prevention\n    },\n  },\n];\n","/**\n * Recommended ESLint configuration for TypeScript + LLM coding agents\n *\n * Extends the base recommended config with typescript-eslint's\n * strictTypeChecked + stylisticTypeChecked presets.\n *\n * Type-checked rules are critical for LLM code - they catch:\n * - Floating promises (forgot await)\n * - Misused promises (passing promise where value expected)\n * - Unsafe any usage\n * - Incorrect async/await patterns\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport { importX } from 'eslint-plugin-import-x';\nimport { configs as tseslintConfigs } from 'typescript-eslint';\n\nimport { basePlugins, prettierConfig } from './base.js';\n\n/**\n * File patterns for TypeScript files.\n * Used for parser options and type-checked rules.\n */\nconst TS_FILES = ['**/*.ts', '**/*.tsx', '**/*.mts', '**/*.cts'];\n\n/**\n * TypeScript recommended config - all base plugins + typescript-eslint strict\n *\n * Requires: tsconfig.json in project root (or configured via languageOptions)\n *\n * Note: Uses any[] because ESLint plugin types are incompatible across packages.\n * Runtime validation by ESLint ensures correctness.\n */\n\nexport const recommendedTypeScript: any[] = [\n  // All base plugins (security, promise, unicorn, etc.)\n  ...basePlugins,\n\n  // TypeScript-specific import config\n  importX.flatConfigs.typescript,\n\n  // typescript-eslint strict + stylistic (type-checked)\n  ...tseslintConfigs.strictTypeChecked,\n  ...tseslintConfigs.stylisticTypeChecked,\n\n  // Enable projectService for type-checked rules (modern approach, auto-discovers tsconfig)\n  {\n    name: 'safeword/typescript-parser-options',\n    files: TS_FILES,\n    languageOptions: {\n      parserOptions: {\n        projectService: true,\n      },\n    },\n  },\n\n  // Disable type-checked rules for non-TS files (no type info available)\n  // Includes JS files and .astro files (which use astro-eslint-parser)\n  {\n    ...tseslintConfigs.disableTypeChecked,\n    name: 'safeword/disable-type-checked-for-non-ts',\n    files: ['**/*.js', '**/*.mjs', '**/*.cjs', '**/*.jsx', '**/*.astro'],\n  },\n\n  // No JSDoc for TypeScript - types > docs\n  // TypeScript signatures provide better documentation than JSDoc\n\n  // TypeScript-specific rule overrides for LLM code\n  // Only applies to TS files (JS files don't have type info for these rules)\n  {\n    name: 'safeword/typescript-rules',\n    files: TS_FILES,\n    rules: {\n      // consistent-type-definitions: Disabled because both interface and type are valid:\n      //   - interface: Better error messages, extendable, declaration merging\n      //   - type: Union/intersection types, mapped types, template literals\n      // Forcing one over the other limits expressiveness. Teams should choose per-case.\n      // See: https://www.typescriptlang.org/docs/handbook/2/everyday-types.html#differences-between-type-aliases-and-interfaces\n      '@typescript-eslint/consistent-type-definitions': 'off',\n\n      // LLMs use `any` when stuck - force them to use `unknown` instead\n      '@typescript-eslint/no-explicit-any': 'error',\n\n      // LLMs use truthy checks when they should be explicit\n      // This catches bugs like `if (count)` when count could be 0\n      '@typescript-eslint/strict-boolean-expressions': [\n        'error',\n        {\n          allowString: true, // Allow string checks (common pattern)\n          allowNumber: false, // Disallow number checks (0 is falsy bug)\n          allowNullableObject: true,\n          allowNullableBoolean: true,\n          allowNullableString: true,\n          allowNullableNumber: false,\n          allowAny: false,\n        },\n      ],\n\n      // Underscore prefix convention for intentionally unused vars (matches TypeScript behavior)\n      '@typescript-eslint/no-unused-vars': [\n        'error',\n        {\n          argsIgnorePattern: '^_',\n          varsIgnorePattern: '^_',\n          caughtErrorsIgnorePattern: '^_',\n        },\n      ],\n\n      // Design rules not in strict+stylistic (high LLM value)\n      '@typescript-eslint/consistent-type-imports': 'error', // import type { X } for types\n      '@typescript-eslint/switch-exhaustiveness-check': 'error', // Missing case in union switch\n      '@typescript-eslint/no-shadow': 'error', // Variable shadows outer scope\n      '@typescript-eslint/require-array-sort-compare': 'error', // [].sort() needs compareFn\n      '@typescript-eslint/no-unused-private-class-members': 'error', // Catch dead code in classes\n\n      // Allow numbers in template literals - common for logging/debugging.\n      // Integers stringify predictably; floats should use toFixed() for precision.\n      '@typescript-eslint/restrict-template-expressions': [\n        'error',\n        {\n          allowNumber: true,\n          allowBoolean: true,\n          allowNullish: false, // Avoid \"undefined\" or \"null\" in strings\n          allowRegExp: false,\n        },\n      ],\n    },\n  },\n\n  // Prettier must be last to disable conflicting rules\n  prettierConfig,\n\n  // Re-enable curly after prettier (prettier turns it off but we want braces for LLM code)\n  {\n    name: 'safeword/post-prettier',\n    rules: {\n      curly: 'error', // Force braces on if/else/for/while - LLMs write unsafe single-line blocks\n    },\n  },\n];\n","/**\n * ESLint configuration for Storybook stories\n *\n * Uses official flat/recommended as base, then:\n * - Upgrades all warn → error (LLMs ignore warnings)\n * - Adds strict rules not in recommended\n *\n * @see https://github.com/storybookjs/eslint-plugin-storybook\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport storybookPlugin from 'eslint-plugin-storybook';\n\n/**\n * Storybook story linting config\n *\n * Based on flat/recommended with stricter settings for LLM code generation.\n */\nexport const storybookConfig: any[] = [\n  // Use official flat/recommended as base (includes plugin setup + file patterns)\n  ...storybookPlugin.configs['flat/recommended'],\n\n  // Override warnings to errors + add strict rules\n  {\n    name: 'safeword/storybook-strict',\n    files: ['**/*.stories.{ts,tsx,js,jsx,mjs,cjs}', '**/*.story.{ts,tsx,js,jsx,mjs,cjs}'],\n    rules: {\n      // Upgrade warn → error (LLMs ignore warnings)\n      'storybook/hierarchy-separator': 'error',\n      'storybook/no-redundant-story-name': 'error',\n      'storybook/prefer-pascal-case': 'error',\n\n      // Strict rules not in recommended (useful for LLMs)\n      'storybook/csf-component': 'error', // component property should be set\n      'storybook/no-stories-of': 'error', // storiesOf is deprecated\n      'storybook/meta-inline-properties': 'error', // Meta should only have inline properties\n    },\n  },\n];\n","/**\n * ESLint configuration for Tailwind CSS projects\n *\n * Uses eslint-plugin-better-tailwindcss for native Tailwind v4 support.\n * All rules enabled at error level (LLMs ignore warnings).\n *\n * Includes 11 rules:\n * - Correctness: no-conflicting-classes, no-unregistered-classes, no-restricted-classes\n * - Stylistic: enforce-consistent-class-order, enforce-shorthand-classes, no-duplicate-classes,\n *   no-deprecated-classes, enforce-consistent-line-wrapping, no-unnecessary-whitespace,\n *   enforce-consistent-variable-syntax, enforce-consistent-important-position\n *\n * @see https://github.com/schoero/eslint-plugin-better-tailwindcss\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport eslintPluginBetterTailwindcss from 'eslint-plugin-better-tailwindcss';\n\n/** File patterns for Tailwind rules - targets files containing Tailwind classes */\nexport const TAILWIND_FILES = ['**/*.{jsx,tsx,astro,html}'];\n\nexport const tailwindConfig: any[] = [\n  {\n    name: 'safeword/tailwind',\n    files: TAILWIND_FILES,\n    plugins: {\n      'better-tailwindcss': eslintPluginBetterTailwindcss,\n    },\n    rules: {\n      // Correctness rules - catch LLM mistakes\n      'better-tailwindcss/no-conflicting-classes': 'error',\n      'better-tailwindcss/no-unregistered-classes': 'error',\n      'better-tailwindcss/no-restricted-classes': 'error', // no-op by default, configurable\n\n      // Stylistic rules - enforce consistency\n      'better-tailwindcss/enforce-consistent-class-order': 'error',\n      'better-tailwindcss/enforce-consistent-line-wrapping': 'error',\n      'better-tailwindcss/enforce-consistent-variable-syntax': 'error',\n      'better-tailwindcss/enforce-consistent-important-position': 'error',\n      'better-tailwindcss/enforce-shorthand-classes': 'error',\n      'better-tailwindcss/no-duplicate-classes': 'error',\n      'better-tailwindcss/no-deprecated-classes': 'error',\n      'better-tailwindcss/no-unnecessary-whitespace': 'error',\n    },\n  },\n];\n","/**\n * ESLint configuration for TanStack Query\n *\n * Enforces best practices for TanStack Query (React Query).\n * All 7 rules at error severity - LLMs have no valid reason to violate these.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport tanstackQueryPlugin from '@tanstack/eslint-plugin-query';\n\n/**\n * TanStack Query linting config\n *\n * All rules at error severity:\n * - exhaustive-deps: Missing query key deps → stale cached data\n * - stable-query-client: Client in component → infinite re-render loop\n * - no-void-query-fn: No return → undefined cached\n * - no-rest-destructuring: ...rest loses reactivity\n * - no-unstable-deps: New function each render → unnecessary refetches\n * - infinite-query-property-order: Wrong order → TypeScript can't infer types\n * - mutation-property-order: Wrong order → TypeScript can't infer types\n */\nexport const tanstackQueryConfig: any[] = [\n  {\n    name: 'safeword/tanstack-query',\n    plugins: {\n      '@tanstack/query': tanstackQueryPlugin,\n    },\n    rules: {\n      '@tanstack/query/exhaustive-deps': 'error',\n      '@tanstack/query/stable-query-client': 'error',\n      '@tanstack/query/no-void-query-fn': 'error',\n      '@tanstack/query/no-rest-destructuring': 'error',\n      '@tanstack/query/no-unstable-deps': 'error',\n      '@tanstack/query/infinite-query-property-order': 'error',\n      '@tanstack/query/mutation-property-order': 'error',\n    },\n  },\n];\n","/**\n * ESLint configuration for Turborepo projects\n *\n * Ensures environment variables used in code are declared in turbo.json\n * for proper cache invalidation.\n *\n * @see https://turbo.build/repo/docs/reference/eslint-plugin-turbo\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport turboPlugin from 'eslint-plugin-turbo';\n\n/**\n * Turborepo env var validation config\n *\n * Uses official flat/recommended preset (already at error severity).\n * Catches undeclared env vars that would break Turborepo caching.\n */\nexport const turboConfig: any[] = [turboPlugin.configs?.['flat/recommended']].filter(Boolean);\n","/**\n * ESLint configuration for Vitest tests\n *\n * Applies to test files: *.test.ts, *.spec.ts\n * Enforces test best practices for LLM-generated tests.\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport vitestPlugin from 'eslint-plugin-vitest';\n\n/**\n * Vitest test linting config\n *\n * Includes recommended rules plus no-focused-tests.\n * All rules at error severity.\n */\nexport const vitestConfig: any[] = [\n  {\n    name: 'safeword/vitest',\n    files: ['**/*.test.{ts,tsx,js,jsx}', '**/*.spec.{ts,tsx,js,jsx}'],\n    plugins: {\n      vitest: vitestPlugin,\n    },\n    rules: {\n      // Recommended rules (all at error)\n      // Allow expect* helper functions (e.g., expectErrorSeverity) as assertion functions\n      'vitest/expect-expect': ['error', { assertFunctionNames: ['expect', 'expect*'] }],\n      'vitest/no-identical-title': 'error',\n      'vitest/no-commented-out-tests': 'error',\n      'vitest/valid-title': 'error',\n      'vitest/valid-expect': ['error', { maxArgs: 2 }], // Allow custom message: expect(value, 'message')\n      'vitest/valid-describe-callback': 'error',\n      'vitest/require-local-test-context-for-concurrent-snapshots': 'error',\n      'vitest/no-import-node-test': 'error',\n\n      // Additional strict rules\n      'vitest/no-focused-tests': 'error', // No .only() in CI\n      'vitest/max-nested-describe': ['error', { max: 5 }], // Limit describe nesting depth\n\n      // Relax base rules for test files - each override has documented justification:\n      //\n      // no-empty-function: Tests often need empty callbacks for mocks/stubs:\n      //   const mockFn = vi.fn(() => {});  // Valid mock with no implementation\n      //   await expect(action).rejects.toThrow(); // Empty catch in expect wrapper\n      '@typescript-eslint/no-empty-function': 'off',\n      //\n      // detect-non-literal-fs-filename: Tests read fixtures from known safe paths:\n      //   const fixture = readFileSync(join(__dirname, 'fixtures', testCase.input));\n      // Test fixtures are developer-controlled, not user input.\n      'security/detect-non-literal-fs-filename': 'off',\n      //\n      // no-unsafe-* rules: Tests legitimately use partial mocks, fixtures, and stubs\n      // that trigger these rules. The typescript-eslint team acknowledges this:\n      // \"If your project frequently stubs objects in test files, consider disabling.\"\n      // See: https://typescript-eslint.io/rules/no-unsafe-member-access/\n      '@typescript-eslint/no-unsafe-assignment': 'off',\n      '@typescript-eslint/no-unsafe-member-access': 'off',\n      '@typescript-eslint/no-unsafe-call': 'off',\n      '@typescript-eslint/no-unsafe-argument': 'off',\n      '@typescript-eslint/no-unsafe-return': 'off',\n      //\n      // no-nested-functions: describe/it nesting is standard test organization:\n      //   describe(\"Foo\", () => { describe(\"bar\", () => { it(\"works\", () => {}) }) })\n      // This triggers at level 4+, which is normal for BDD-style tests.\n      'sonarjs/no-nested-functions': 'off',\n      //\n      // Keep max-nested-callbacks at reasonable threshold for tests.\n      // Default is 10; we use 6 to catch excessive nesting early while allowing\n      // typical patterns like: describe → it → array.filter → callback.\n      'max-nested-callbacks': ['error', { max: 6 }],\n    },\n  },\n];\n","/**\n * TypeScript Preset\n *\n * ESLint configs, rules, and detection for TypeScript/JavaScript projects.\n * This is the main entry point for the TypeScript language preset.\n *\n * Usage in user's eslint.config.mjs:\n *   import safeword from 'safeword/eslint';\n *   export default [...safeword.configs.recommendedTypeScript];\n *\n * Or with multiple configs:\n *   import safeword from 'safeword/eslint';\n *   export default [\n *     ...safeword.configs.recommendedTypeScript,\n *     ...safeword.configs.vitest,\n *   ];\n */\n\n/* eslint-disable @typescript-eslint/no-explicit-any -- ESLint config types are incompatible across plugin packages */\n\nimport type { Rule } from 'eslint';\n\nimport { VERSION } from '../../version.js';\nimport { detect } from './detect.js';\nimport { astroConfig } from './eslint-configs/astro.js';\nimport { prettierConfig } from './eslint-configs/base.js';\nimport { cliOverrides } from './eslint-configs/overrides-cli.js';\nimport { relaxedTypesOverrides } from './eslint-configs/overrides-relaxed-types.js';\nimport { playwrightConfig } from './eslint-configs/playwright.js';\nimport { recommended } from './eslint-configs/recommended.js';\nimport { nextOnlyRules, recommendedTypeScriptNext } from './eslint-configs/recommended-nextjs.js';\nimport { recommendedTypeScriptReact } from './eslint-configs/recommended-react.js';\nimport { recommendedTypeScript } from './eslint-configs/recommended-typescript.js';\nimport { storybookConfig } from './eslint-configs/storybook.js';\nimport { tailwindConfig } from './eslint-configs/tailwind.js';\nimport { tanstackQueryConfig } from './eslint-configs/tanstack-query.js';\nimport { turboConfig } from './eslint-configs/turbo.js';\nimport { vitestConfig } from './eslint-configs/vitest.js';\nimport { rules } from './eslint-rules/index.js';\n\ninterface SafewordEslint {\n  meta: {\n    name: string;\n    version: string;\n  };\n  configs: {\n    recommended: any[];\n    recommendedTypeScript: any[];\n    recommendedTypeScriptReact: any[];\n    recommendedTypeScriptNext: any[];\n    /** Next.js-only rules for monorepo file scoping */\n    nextOnlyRules: any[];\n    astro: any[];\n    tailwind: any[];\n    tanstackQuery: any[];\n    vitest: any[];\n    playwright: any[];\n    storybook: any[];\n    turbo: any[];\n  };\n  /** Override presets for common false-positive categories */\n  overrides: {\n    /** Security rules that are false positives for CLI tools, build tools, and scripts */\n    cli: any;\n    /** Strict TypeScript rules that conflict with untyped external data (JSON, YAML, APIs) */\n    relaxedTypes: any;\n  };\n  detect: typeof detect;\n  rules: Record<string, Rule.RuleModule>;\n  /** eslint-config-prettier, bundled for convenience */\n  prettierConfig: any;\n}\n\n/**\n * ESLint plugin structure for TypeScript preset.\n * Can be used directly as an ESLint plugin or via safeword.eslint.\n */\nexport const eslintPlugin: SafewordEslint = {\n  meta: {\n    name: 'safeword',\n    version: VERSION,\n  },\n  configs: {\n    recommended,\n    recommendedTypeScript,\n    recommendedTypeScriptReact,\n    recommendedTypeScriptNext,\n    nextOnlyRules,\n    astro: astroConfig,\n    tailwind: tailwindConfig,\n    tanstackQuery: tanstackQueryConfig,\n    vitest: vitestConfig,\n    playwright: playwrightConfig,\n    storybook: storybookConfig,\n    turbo: turboConfig,\n  },\n  overrides: {\n    cli: cliOverrides,\n    relaxedTypes: relaxedTypesOverrides,\n  },\n  detect,\n  rules,\n  prettierConfig,\n};\n\n// Re-export configs for direct access\nexport { detect } from './detect.js';\nexport { astroConfig } from './eslint-configs/astro.js';\nexport { prettierConfig } from './eslint-configs/base.js';\nexport { cliOverrides } from './eslint-configs/overrides-cli.js';\nexport { relaxedTypesOverrides } from './eslint-configs/overrides-relaxed-types.js';\nexport { playwrightConfig } from './eslint-configs/playwright.js';\nexport { recommended } from './eslint-configs/recommended.js';\nexport { nextOnlyRules, recommendedTypeScriptNext } from './eslint-configs/recommended-nextjs.js';\nexport { recommendedTypeScriptReact } from './eslint-configs/recommended-react.js';\nexport { recommendedTypeScript } from './eslint-configs/recommended-typescript.js';\nexport { storybookConfig } from './eslint-configs/storybook.js';\nexport { tailwindConfig } from './eslint-configs/tailwind.js';\nexport { tanstackQueryConfig } from './eslint-configs/tanstack-query.js';\nexport { turboConfig } from './eslint-configs/turbo.js';\nexport { vitestConfig } from './eslint-configs/vitest.js';\nexport { rules } from './eslint-rules/index.js';\n\n// Default export for `import safeword from \"safeword/eslint\"`\nexport default eslintPlugin;\n"],"mappings":";;;;;;;;AASA,OAAO,iBAAiB;AAcjB,IAAM,cAAqB;AAAA;AAAA,EAEhC,GAAG,YAAY,QAAQ,kBAAkB;AAAA;AAAA,EAGzC,GAAG,YAAY,QAAQ,sBAAsB;AAAA;AAAA,EAG7C;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,+BAA+B;AAAA;AAAA,MAG/B,kCAAkC;AAAA;AAAA,MAGlC,oCAAoC;AAAA,IACtC;AAAA,EACF;AACF;;;ACrCA,OAAO,QAAQ;AACf,OAAO,oBAAoB;AAC3B,SAAS,sCAAsC;AAC/C,SAAS,eAAe;AACxB,OAAO,mBAAmB;AAC1B,SAAS,WAAW,qBAAqB;AACzC,OAAO,oBAAoB;AAC3B,OAAO,sBAAsB;AAC7B,SAAS,WAAW,oBAAoB;AACxC,OAAO,aAAa;;;ACepB,SAAS,aAAa,MAA+B;AACnD,QAAM,EAAE,OAAO,IAAI;AACnB,SACE,OAAO,SAAS,sBAChB,OAAO,SAAS,SAAS,gBACzB,OAAO,SAAS,SAAS;AAE7B;AAKA,SAAS,mBACP,UACoB;AACpB,QAAM,iBAAiB,SAAS,OAAO,CAAC;AACxC,MAAI,gBAAgB,SAAS,cAAc;AACzC,WAAO,eAAe;AAAA,EACxB;AACA,SAAO;AACT;AAKA,SAAS,mBAAmB,QAAuB,SAA0B;AAC3E,SAAO,OAAO,SAAS,SAAS,gBAAgB,OAAO,SAAS,SAAS;AAC3E;AAKA,SAAS,mBACP,MACA,SAC2B;AAC3B,aAAW,YAAY,KAAK,YAAY;AACtC,QAAI,SAAS,SAAS,mBAAmB,mBAAmB,UAAU,OAAO,GAAG;AAC9E,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAKA,SAAS,kBACP,MACA,SAC2B;AAC3B,aAAW,WAAW,KAAK,UAAU;AACnC,QAAI,SAAS,SAAS,mBAAmB,mBAAmB,SAAS,OAAO,GAAG;AAC7E,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAKA,SAAS,0BAA0B,MAAY,SAA4C;AAEzF,UAAQ,KAAK,MAAM;AAAA,IACjB,KAAK,iBAAiB;AACpB,aAAO,mBAAmB,MAAM,OAAO,IAAI,OAAO;AAAA,IACpD;AAAA,IAEA,KAAK,oBAAoB;AACvB,aAAO,mBAAmB,MAAM,OAAO;AAAA,IACzC;AAAA,IAEA,KAAK,mBAAmB;AACtB,aAAO,kBAAkB,MAAM,OAAO;AAAA,IACxC;AAAA,IAEA,KAAK,yBAAyB;AAC5B,aACE,0BAA0B,KAAK,YAAY,OAAO,KAClD,0BAA0B,KAAK,WAAW,OAAO;AAAA,IAErD;AAAA,IAEA,KAAK,qBAAqB;AACxB,aACE,0BAA0B,KAAK,MAAM,OAAO,KAC5C,0BAA0B,KAAK,OAAO,OAAO;AAAA,IAEjD;AAAA,IAEA,SAAS;AACP,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAKA,SAAS,eACP,MACA,SAC2B;AAE3B,MAAI,KAAK,SAAS,sBAAsB,KAAK,SAAS,mBAAmB;AACvE,WAAO,0BAA0B,MAAM,OAAO;AAAA,EAChD;AAGA,MAAI,KAAK,SAAS,2BAA2B,KAAK,SAAS,qBAAqB;AAC9E,WAAO,0BAA0B,MAAM,OAAO;AAAA,EAChD;AAGA,MAAI,KAAK,SAAS,kBAAkB;AAClC,eAAW,QAAQ,KAAK,MAAM;AAC5B,UAAI,KAAK,SAAS,qBAAqB,KAAK,UAAU;AACpD,cAAM,QAAQ,0BAA0B,KAAK,UAAU,OAAO;AAC9D,YAAI,MAAO,QAAO;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEA,IAAM,OAAwB;AAAA,EAC5B,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,MACJ,aAAa;AAAA,MACb,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,oBACE;AAAA,IAEJ;AAAA,IACA,QAAQ,CAAC;AAAA,EACX;AAAA,EAEA,OAAO,SAAS;AACd,WAAO;AAAA,MACL,eAAe,MAAsB;AACnC,YAAI,CAAC,aAAa,IAAI,EAAG;AAEzB,cAAM,WAAW,KAAK,UAAU,CAAC;AACjC,YACE,CAAC,YACA,SAAS,SAAS,6BAA6B,SAAS,SAAS,sBAClE;AACA;AAAA,QACF;AAEA,cAAM,UAAU,mBAAmB,QAAQ;AAC3C,YAAI,CAAC,QAAS;AAEd,cAAM,aAAa,eAAe,SAAS,MAAM,OAAO;AACxD,YAAI,YAAY;AACd,kBAAQ,OAAO;AAAA,YACb,MAAM;AAAA,YACN,WAAW;AAAA,UACb,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,iCAAQ;;;ACvLf,IAAM,cAAc,oBAAI,IAAI,CAAC,OAAO,SAAS,QAAQ,QAAQ,SAAS,OAAO,CAAC;AAE9E,IAAM,cAAc,oBAAI,IAAI,CAAC,WAAW,UAAU,KAAK,CAAC;AAMxD,SAAS,cAAc,MAA+B;AACpD,QAAM,EAAE,OAAO,IAAI;AAGnB,MACE,OAAO,SAAS,sBAChB,OAAO,OAAO,SAAS,gBACvB,OAAO,SAAS,SAAS,cACzB;AACA,UAAM,SAAS,OAAO,OAAO,KAAK,YAAY;AAC9C,UAAM,SAAS,OAAO,SAAS,KAAK,YAAY;AAChD,WAAO,YAAY,IAAI,MAAM,KAAK,YAAY,IAAI,MAAM;AAAA,EAC1D;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,MAA0B;AACrD,MAAI,KAAK,SAAS,oBAAoB,KAAK,SAAS,mBAAmB;AACrE,WAAO;AAAA,EACT;AACA,MAAI,KAAK,SAAS,kBAAkB;AAClC,WAAO,wBAAwB,KAAK,IAAI;AAAA,EAC1C;AACA,SAAO;AACT;AAKA,SAAS,sBAAsB,MAAoD;AACjF,QAAM,uBAAuB,oBAAoB,KAAK,UAAU;AAChE,QAAM,sBAAsB,KAAK,YAAY,oBAAoB,KAAK,SAAS,IAAI;AACnF,SAAO,wBAAwB;AACjC;AAMA,SAAS,wBAAwB,YAAkC;AACjE,aAAW,QAAQ,YAAY;AAC7B,QAAI,KAAK,SAAS,oBAAoB,KAAK,SAAS,mBAAmB;AACrE,aAAO;AAAA,IACT;AACA,QAAI,KAAK,SAAS,iBAAiB,sBAAsB,IAAI,GAAG;AAC9D,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAKA,SAAS,mBAAmB,MAA0B;AACpD,SACE,KAAK,SAAS,yBACd,KAAK,WAAW,SAAS,oBACzB,cAAc,KAAK,UAAU;AAEjC;AAKA,SAAS,oBAAoB,MAA8B;AACzD,MAAI,KAAK,SAAS,kBAAkB;AAClC,WAAO,KAAK;AAAA,EACd;AACA,MAAI,KAAK,SAAS,eAAe;AAC/B,UAAM,SAAS,CAAC,KAAK,UAAU;AAC/B,QAAI,KAAK,UAAW,QAAO,KAAK,KAAK,SAAS;AAC9C,WAAO;AAAA,EACT;AACA,SAAO,CAAC;AACV;AAMA,SAAS,oBAAoB,YAAkC;AAC7D,aAAW,QAAQ,YAAY;AAC7B,QAAI,mBAAmB,IAAI,EAAG,QAAO;AAErC,UAAM,SAAS,oBAAoB,IAAI;AACvC,QAAI,OAAO,SAAS,KAAK,oBAAoB,MAAM,EAAG,QAAO;AAAA,EAC/D;AACA,SAAO;AACT;AAEA,IAAMA,QAAwB;AAAA,EAC5B,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,MACJ,aAAa;AAAA,MACb,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,yBACE;AAAA,IACJ;AAAA,IACA,QAAQ,CAAC;AAAA,EACX;AAAA,EAEA,OAAO,SAAS;AACd,WAAO;AAAA,MACL,YAAY,MAAmB;AAC7B,cAAM,EAAE,KAAK,IAAI;AACjB,YAAI,KAAK,SAAS,iBAAkB;AAEpC,cAAM,aAAa,KAAK;AAGxB,YAAI,oBAAoB,UAAU,KAAK,CAAC,wBAAwB,UAAU,GAAG;AAC3E,kBAAQ,OAAO;AAAA,YACb;AAAA,YACA,WAAW;AAAA,UACb,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,uCAAQA;;;ACrIf,IAAMC,QAAwB;AAAA,EAC5B,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,MAAM;AAAA,MACJ,aAAa;AAAA,MACb,aAAa;AAAA,IACf;AAAA,IACA,UAAU;AAAA,MACR,eACE;AAAA,IACJ;AAAA,IACA,QAAQ,CAAC;AAAA,EACX;AAAA,EAEA,OAAO,SAAS;AACd,WAAO;AAAA,MACL,qBAAqB,MAA4B;AAE/C,YAAI,KAAK,UAAU;AACjB;AAAA,QACF;AAEA,gBAAQ,OAAO;AAAA,UACb;AAAA,UACA,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAEA,IAAO,2BAAQA;;;AC7CR,IAAM,QAAQ;AAAA,EACnB,0BAA0B;AAAA,EAC1B,gCAAgC;AAAA,EAChC,oBAAoB;AACtB;;;AJsSA,SAAoB,WAAXC,gBAAiC;AA1RnC,IAAM,cAAc,CAAC,sCAAsC;AASlE,SAAS,mBAAmB,QAAa,OAAsB;AAE7D,MAAI,OAAO,WAAW,OAAO,KAAK,MAAM,EAAE,WAAW,GAAG;AACtD,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,OAAO;AAChB,WAAO;AAAA,EACT;AAEA,SAAO,EAAE,GAAG,QAAQ,MAAM;AAC5B;AAGA,SAAS,aAAa,SAAgB,OAAwB;AAC5D,SAAO,QAAQ,QAAQ,YAAU;AAE/B,QAAI,MAAM,QAAQ,MAAM,GAAG;AACzB,aAAO,OAAO,IAAI,OAAK,mBAAmB,GAAG,KAAK,CAAC;AAAA,IACrD;AACA,WAAO,mBAAmB,QAAQ,KAAK;AAAA,EACzC,CAAC;AACH;AAUA,IAAM,sBAA6B;AAAA;AAAA,EAEjC;AAAA,IACE,SAAS,CAAC,sBAAsB,cAAc,eAAe,YAAY;AAAA,EAC3E;AAAA;AAAA,EAGA,GAAG,QAAQ;AAAA;AAAA,EAGX;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,MACL,uBAAuB;AAAA;AAAA,MACvB,mBAAmB;AAAA;AAAA,MACnB,gBAAgB;AAAA;AAAA,MAChB,oBAAoB;AAAA;AAAA,MACpB,yBAAyB;AAAA;AAAA,MACzB,wBAAwB;AAAA;AAAA,MACxB,gCAAgC;AAAA;AAAA,MAChC,uBAAuB;AAAA;AAAA,MACvB,OAAO;AAAA;AAAA,MACP,oBAAoB,CAAC,SAAS,WAAW;AAAA;AAAA,MACzC,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,KAAK,CAAC;AAAA;AAAA;AAAA,MAEhE,aAAa,CAAC,SAAS,CAAC;AAAA;AAAA,MACxB,cAAc,CAAC,SAAS,CAAC;AAAA;AAAA,MACzB,YAAY,CAAC,SAAS,EAAE;AAAA;AAAA,MACxB,wBAAwB,CAAC,SAAS,CAAC;AAAA;AAAA,MACnC,QAAQ,CAAC,SAAS,UAAU,EAAE,MAAM,SAAS,CAAC;AAAA;AAAA,MAC9C,yBAAyB;AAAA;AAAA,IAC3B;AAAA,EACF;AAAA;AAAA,EAGA,QAAQ,YAAY;AAAA,EACpB;AAAA,IACE,MAAM;AAAA,IACN,UAAU;AAAA,MACR,0BAA0B,CAAC,+BAA+B,CAAC;AAAA,IAC7D;AAAA,IACA,OAAO;AAAA,MACL,0BAA0B;AAAA;AAAA,MAC1B,qBAAqB;AAAA;AAAA,MACrB,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAM3B,gCAAgC;AAAA;AAAA;AAAA;AAAA,MAIhC,uCAAuC;AAAA,IACzC;AAAA,EACF;AAAA;AAAA,EAGA,aAAa;AAAA,EACb;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,6BAA6B;AAAA;AAAA,MAC7B,4BAA4B;AAAA;AAAA,MAC5B,mCAAmC;AAAA;AAAA,MACnC,mCAAmC;AAAA;AAAA,IACrC;AAAA,EACF;AAAA;AAAA,EAGA,eAAe,QAAQ;AAAA,EACvB;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,mCAAmC;AAAA;AAAA,MACnC,wCAAwC;AAAA,MACxC,2CAA2C;AAAA,MAC3C,sCAAsC;AAAA,MACtC,uCAAuC;AAAA,MACvC,iCAAiC;AAAA,MACjC,gCAAgC;AAAA,MAChC,2CAA2C;AAAA,MAC3C,kDAAkD;AAAA;AAAA,MAElD,oCAAoC;AAAA,MACpC,2CAA2C;AAAA,MAC3C,mCAAmC;AAAA,MACnC,8BAA8B;AAAA,MAC9B,qCAAqC;AAAA,IACvC;AAAA,EACF;AAAA;AAAA,EAGA,cAAc,QAAQ,kBAAkB;AAAA,EACxC;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,MACL,gCAAgC;AAAA;AAAA;AAAA,MAEhC,kCAAkC;AAAA,MAClC,sBAAsB;AAAA,MACtB,kCAAkC;AAAA,MAClC,gCAAgC;AAAA,MAChC,wBAAwB;AAAA,IAC1B;AAAA,EACF;AAAA;AAAA,EAGA,cAAc,kBAAkB;AAAA,EAChC;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,+BAA+B;AAAA,MAC/B,+BAA+B;AAAA,MAC/B,uBAAuB;AAAA,MACvB,+CAA+C;AAAA,MAC/C,0BAA0B;AAAA,MAC1B,wCAAwC;AAAA,IAC1C;AAAA,EACF;AAAA;AAAA,EAGA,QAAQ,QAAQ;AAAA,EAChB;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOL,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAM3B,yBAAyB;AAAA;AAAA,MAEzB,8BAA8B;AAAA,MAC9B,4BAA4B;AAAA,MAC5B,2BAA2B;AAAA;AAAA,MAC3B,iCAAiC;AAAA,QAC/B;AAAA,QACA;AAAA,UACE,WAAW;AAAA,YACT,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,MAAM;AAAA;AAAA,YACN,QAAQ;AAAA;AAAA,YACR,OAAO;AAAA;AAAA,YACP,KAAK;AAAA;AAAA,YACL,KAAK;AAAA;AAAA,YACL,MAAM;AAAA;AAAA,YACN,IAAI;AAAA;AAAA,YACJ,IAAI;AAAA;AAAA,YACJ,IAAI;AAAA;AAAA,YACJ,KAAK;AAAA;AAAA,YACL,MAAM;AAAA;AAAA,YACN,MAAM;AAAA;AAAA,YACN,GAAG;AAAA;AAAA,YACH,GAAG;AAAA;AAAA,YACH,GAAG;AAAA;AAAA,UACL;AAAA,QACF;AAAA,MACF;AAAA,MACA,mBAAmB;AAAA;AAAA,MACnB,6BAA6B;AAAA;AAAA,MAC7B,gCAAgC;AAAA;AAAA;AAAA,MAEhC,gCAAgC;AAAA;AAAA,MAChC,oCAAoC;AAAA;AAAA,MACpC,yCAAyC;AAAA;AAAA,IAC3C;AAAA,EACF;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,EAAE,sBAAsB,iBAAiB;AAAA,IAClD,OAAO;AAAA,MACL,8BAA8B;AAAA,MAC9B,8BAA8B;AAAA,MAC9B,kBAAkB;AAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,EAAE,UAAU,EAAE,MAAqB,EAAE;AAAA,IAC9C,OAAO;AAAA,MACL,yCAAyC;AAAA,MACzC,mCAAmC;AAAA;AAAA,MACnC,6BAA6B;AAAA;AAAA,IAC/B;AAAA,EACF;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,eAAe;AAAA,MACb,+BAA+B;AAAA,IACjC;AAAA,EACF;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,EAAE,mBAAmB,eAAe;AAAA,IAC7C,OAAO;AAAA,MACL,uCAAuC,CAAC,SAAS,EAAE,gBAAgB,KAAK,CAAC;AAAA,MACzE,wCAAwC;AAAA;AAAA,MACxC,uCAAuC,CAAC,SAAS,EAAE,QAAQ,CAAC,eAAe,EAAE,CAAC;AAAA;AAAA,MAC9E,wCAAwC;AAAA;AAAA,MACxC,oCAAoC;AAAA;AAAA,IACtC;AAAA,EACF;AACF;AAOO,IAAM,cAAqB,aAAa,qBAAqB,WAAW;;;AK5RxE,IAAM,eAAoB;AAAA,EAC/B,MAAM;AAAA,EACN,OAAO;AAAA;AAAA,IAEL,2CAA2C;AAAA;AAAA,IAE3C,oCAAoC;AAAA;AAAA,IAEpC,mCAAmC;AAAA,IACnC,sBAAsB;AAAA;AAAA,IAEtB,sCAAsC;AAAA,EACxC;AACF;;;ACbO,IAAM,wBAA6B;AAAA,EACxC,MAAM;AAAA,EACN,OAAO;AAAA;AAAA,IAEL,yCAAyC;AAAA,IACzC,2CAA2C;AAAA,IAC3C,qCAAqC;AAAA,IACrC,8CAA8C;AAAA,IAC9C,uCAAuC;AAAA;AAAA,IAEvC,iDAAiD;AAAA,IACjD,+CAA+C;AAAA,IAC/C,6DAA6D;AAAA;AAAA,IAE7D,gDAAgD;AAAA;AAAA,IAEhD,oDAAoD;AAAA,EACtD;AACF;;;ACpBA,OAAO,sBAAsB;AAWtB,IAAM,mBAA0B;AAAA,EACrC;AAAA,IACE,MAAM;AAAA,IACN,OAAO,CAAC,4BAA4B,yCAAyC;AAAA,IAC7E,SAAS;AAAA,MACP,YAAY;AAAA,IACd;AAAA,IACA,OAAO;AAAA;AAAA,MAEL,uCAAuC;AAAA,MACvC,8BAA8B;AAAA,MAC9B,6BAA6B;AAAA,MAC7B,mCAAmC;AAAA,MACnC,mCAAmC;AAAA,MACnC,iCAAiC;AAAA,MACjC,qCAAqC;AAAA,MACrC,0CAA0C;AAAA,MAC1C,sCAAsC;AAAA,MACtC,2BAA2B;AAAA,MAC3B,sCAAsC;AAAA,MACtC,8BAA8B;AAAA,MAC9B,0BAA0B;AAAA;AAAA,MAG1B,4BAA4B;AAAA,MAC5B,kCAAkC;AAAA,MAClC,oCAAoC;AAAA,MACpC,qCAAqC;AAAA,MACrC,gCAAgC;AAAA,MAChC,sBAAsB;AAAA,MACtB,8BAA8B;AAAA,MAC9B,6BAA6B;AAAA,MAC7B,4BAA4B;AAAA,MAC5B,+BAA+B;AAAA,MAC/B,6BAA6B;AAAA,MAC7B,mCAAmC;AAAA,MACnC,kCAAkC;AAAA,MAElC,8BAA8B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAO9B,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA,MAKxC,2CAA2C;AAAA;AAAA;AAAA,MAG3C,2CAA2C;AAAA,MAC3C,8CAA8C;AAAA,MAC9C,qCAAqC;AAAA,MACrC,yCAAyC;AAAA,MACzC,uCAAuC;AAAA;AAAA;AAAA,MAGvC,+BAA+B;AAAA;AAAA;AAAA;AAAA;AAAA,MAK/B,mBAAmB;AAAA,IACrB;AAAA,EACF;AACF;;;AChFA,OAAO,iBAAiB;AAWjB,IAAM,cAAqB;AAAA;AAAA,EAEhC,GAAG;AAAA;AAAA;AAAA,EAIH,YAAY,QAAQ,wBAAwB;AAAA;AAAA,EAG5CC;AAAA;AAAA,EAGA;AAAA,IACE,OAAO;AAAA,MACL,OAAO;AAAA;AAAA,IACT;AAAA,EACF;AACF;;;AC9BA,OAAO,gBAAgB;;;ACEvB,OAAO,aAAa;AACpB,OAAO,iBAAiB;AACxB,OAAO,4BAA4B;;;ACAnC,SAAS,WAAAC,gBAAe;AACxB,SAAS,WAAW,uBAAuB;AAQ3C,IAAM,WAAW,CAAC,WAAW,YAAY,YAAY,UAAU;AAWxD,IAAM,wBAA+B;AAAA;AAAA,EAE1C,GAAG;AAAA;AAAA,EAGHC,SAAQ,YAAY;AAAA;AAAA,EAGpB,GAAG,gBAAgB;AAAA,EACnB,GAAG,gBAAgB;AAAA;AAAA,EAGnB;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,iBAAiB;AAAA,MACf,eAAe;AAAA,QACb,gBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA,EAIA;AAAA,IACE,GAAG,gBAAgB;AAAA,IACnB,MAAM;AAAA,IACN,OAAO,CAAC,WAAW,YAAY,YAAY,YAAY,YAAY;AAAA,EACrE;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAML,kDAAkD;AAAA;AAAA,MAGlD,sCAAsC;AAAA;AAAA;AAAA,MAItC,iDAAiD;AAAA,QAC/C;AAAA,QACA;AAAA,UACE,aAAa;AAAA;AAAA,UACb,aAAa;AAAA;AAAA,UACb,qBAAqB;AAAA,UACrB,sBAAsB;AAAA,UACtB,qBAAqB;AAAA,UACrB,qBAAqB;AAAA,UACrB,UAAU;AAAA,QACZ;AAAA,MACF;AAAA;AAAA,MAGA,qCAAqC;AAAA,QACnC;AAAA,QACA;AAAA,UACE,mBAAmB;AAAA,UACnB,mBAAmB;AAAA,UACnB,2BAA2B;AAAA,QAC7B;AAAA,MACF;AAAA;AAAA,MAGA,8CAA8C;AAAA;AAAA,MAC9C,kDAAkD;AAAA;AAAA,MAClD,gCAAgC;AAAA;AAAA,MAChC,iDAAiD;AAAA;AAAA,MACjD,sDAAsD;AAAA;AAAA;AAAA;AAAA,MAItD,oDAAoD;AAAA,QAClD;AAAA,QACA;AAAA,UACE,aAAa;AAAA,UACb,cAAc;AAAA,UACd,cAAc;AAAA;AAAA,UACd,aAAa;AAAA,QACf;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGAC;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,MACL,OAAO;AAAA;AAAA,IACT;AAAA,EACF;AACF;;;AD1HA,IAAM,mBAAmB;AAOzB,IAAM,mBAAmB,iBAAiB,SAAS,OAAO,oBAAoB;AAC9E,IAAI,CAAC,kBAAkB;AACrB,QAAM,IAAI;AAAA,IACR;AAAA,EAEF;AACF;AAWO,IAAM,6BAAoC;AAAA;AAAA,EAE/C,GAAG;AAAA;AAAA,EAGH,YAAY,QAAQ,MAAM;AAAA,EAC1B,YAAY,QAAQ,OAAO,aAAa;AAAA;AAAA;AAAA;AAAA,EAIxC;AAAA;AAAA,EAGA,QAAQ,YAAY;AAAA;AAAA,EAGpB;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,+BAA+B;AAAA;AAAA,MAC/B,oCAAoC;AAAA;AAAA,MACpC,kCAAkC;AAAA;AAAA;AAAA,MAGlC,4CAA4C;AAAA;AAAA,MAC5C,4CAA4C;AAAA;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA,EAGA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA,MAEL,oBAAoB;AAAA;AAAA,MACpB,4BAA4B;AAAA;AAAA;AAAA,MAG5B,iBAAiB;AAAA;AAAA,MACjB,gCAAgC;AAAA;AAAA,MAChC,kCAAkC;AAAA;AAAA,MAClC,0BAA0B;AAAA;AAAA,MAC1B,6BAA6B;AAAA;AAAA,MAC7B,6BAA6B;AAAA;AAAA,MAC7B,+BAA+B;AAAA;AAAA,IACjC;AAAA,EACF;AACF;;;ADpEO,IAAM,gBAAuB;AAAA;AAAA,EAElC,WAAW,QAAQ,iBAAiB;AAAA;AAAA,EAGpC;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,MACL,kCAAkC;AAAA,MAClC,qCAAqC;AAAA,MACrC,iCAAiC;AAAA,MACjC,wCAAwC;AAAA,MACxC,4DAA4D;AAAA,MAC5D,0BAA0B;AAAA,MAC1B,8BAA8B;AAAA,MAC9B,6BAA6B;AAAA,MAC7B,kCAAkC;AAAA,MAClC,wCAAwC;AAAA,MACxC,wCAAwC;AAAA,MACxC,uBAAuB;AAAA,MACvB,qCAAqC;AAAA,IACvC;AAAA,EACF;AACF;AAQO,IAAM,4BAAmC;AAAA;AAAA,EAE9C,GAAG;AAAA;AAAA,EAGH,GAAG;AACL;;;AG/CA,OAAO,qBAAqB;AAOrB,IAAM,kBAAyB;AAAA;AAAA,EAEpC,GAAG,gBAAgB,QAAQ,kBAAkB;AAAA;AAAA,EAG7C;AAAA,IACE,MAAM;AAAA,IACN,OAAO,CAAC,wCAAwC,oCAAoC;AAAA,IACpF,OAAO;AAAA;AAAA,MAEL,iCAAiC;AAAA,MACjC,qCAAqC;AAAA,MACrC,gCAAgC;AAAA;AAAA,MAGhC,2BAA2B;AAAA;AAAA,MAC3B,2BAA2B;AAAA;AAAA,MAC3B,oCAAoC;AAAA;AAAA,IACtC;AAAA,EACF;AACF;;;ACtBA,OAAO,mCAAmC;AAGnC,IAAM,iBAAiB,CAAC,2BAA2B;AAEnD,IAAM,iBAAwB;AAAA,EACnC;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,IACP,SAAS;AAAA,MACP,sBAAsB;AAAA,IACxB;AAAA,IACA,OAAO;AAAA;AAAA,MAEL,6CAA6C;AAAA,MAC7C,8CAA8C;AAAA,MAC9C,4CAA4C;AAAA;AAAA;AAAA,MAG5C,qDAAqD;AAAA,MACrD,uDAAuD;AAAA,MACvD,yDAAyD;AAAA,MACzD,4DAA4D;AAAA,MAC5D,gDAAgD;AAAA,MAChD,2CAA2C;AAAA,MAC3C,4CAA4C;AAAA,MAC5C,gDAAgD;AAAA,IAClD;AAAA,EACF;AACF;;;ACrCA,OAAO,yBAAyB;AAczB,IAAM,sBAA6B;AAAA,EACxC;AAAA,IACE,MAAM;AAAA,IACN,SAAS;AAAA,MACP,mBAAmB;AAAA,IACrB;AAAA,IACA,OAAO;AAAA,MACL,mCAAmC;AAAA,MACnC,uCAAuC;AAAA,MACvC,oCAAoC;AAAA,MACpC,yCAAyC;AAAA,MACzC,oCAAoC;AAAA,MACpC,iDAAiD;AAAA,MACjD,2CAA2C;AAAA,IAC7C;AAAA,EACF;AACF;;;AC5BA,OAAO,iBAAiB;AAQjB,IAAM,cAAqB,CAAC,YAAY,UAAU,kBAAkB,CAAC,EAAE,OAAO,OAAO;;;ACV5F,OAAO,kBAAkB;AAQlB,IAAM,eAAsB;AAAA,EACjC;AAAA,IACE,MAAM;AAAA,IACN,OAAO,CAAC,6BAA6B,2BAA2B;AAAA,IAChE,SAAS;AAAA,MACP,QAAQ;AAAA,IACV;AAAA,IACA,OAAO;AAAA;AAAA;AAAA,MAGL,wBAAwB,CAAC,SAAS,EAAE,qBAAqB,CAAC,UAAU,SAAS,EAAE,CAAC;AAAA,MAChF,6BAA6B;AAAA,MAC7B,iCAAiC;AAAA,MACjC,sBAAsB;AAAA,MACtB,uBAAuB,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC;AAAA;AAAA,MAC/C,kCAAkC;AAAA,MAClC,8DAA8D;AAAA,MAC9D,8BAA8B;AAAA;AAAA,MAG9B,2BAA2B;AAAA;AAAA,MAC3B,8BAA8B,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOlD,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA,MAKxC,2CAA2C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAM3C,2CAA2C;AAAA,MAC3C,8CAA8C;AAAA,MAC9C,qCAAqC;AAAA,MACrC,yCAAyC;AAAA,MACzC,uCAAuC;AAAA;AAAA;AAAA;AAAA;AAAA,MAKvC,+BAA+B;AAAA;AAAA;AAAA;AAAA;AAAA,MAK/B,wBAAwB,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;AAAA,IAC9C;AAAA,EACF;AACF;;;ACIO,IAAM,eAA+B;AAAA,EAC1C,MAAM;AAAA,IACJ,MAAM;AAAA,IACN,SAAS;AAAA,EACX;AAAA,EACA,SAAS;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,UAAU;AAAA,IACV,eAAe;AAAA,IACf,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,WAAW;AAAA,IACX,OAAO;AAAA,EACT;AAAA,EACA,WAAW;AAAA,IACT,KAAK;AAAA,IACL,cAAc;AAAA,EAChB;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAAC;AACF;AAqBA,IAAO,qBAAQ;","names":["rule","rule","default","default","importX","importX","default","default"]}

package/dist/index.js

@@ -1,6 +1,6 @@
 import {
   eslintPlugin
-} from "./chunk-6ZRDSDK4.js";
+} from "./chunk-7UYKOFTI.js";
 import {
   detect
 } from "./chunk-PEKTMTDF.js";

package/dist/presets/typescript/index.d.ts

@@ -118,6 +118,38 @@ declare const detect: {
  */
 declare const astroConfig: any[];
 
+/**
+ * CLI Tool Overrides
+ *
+ * Disables security rules that produce false positives for CLI tools,
+ * build tools, and scripts that work with dynamic file paths and
+ * shell commands by design.
+ *
+ * Usage:
+ *   import safeword from 'safeword/eslint';
+ *   export default [
+ *     ...safeword.configs.recommendedTypeScript,
+ *     safeword.overrides.cli,
+ *   ];
+ */
+declare const cliOverrides: any;
+
+/**
+ * Relaxed Type-Checking Overrides
+ *
+ * Disables strict TypeScript rules that produce false positives when
+ * code handles data without compile-time types: JSON parsing, YAML
+ * loading, API responses, dynamic config files, and user input.
+ *
+ * Usage:
+ *   import safeword from 'safeword/eslint';
+ *   export default [
+ *     ...safeword.configs.recommendedTypeScript,
+ *     safeword.overrides.relaxedTypes,
+ *   ];
+ */
+declare const relaxedTypesOverrides: any;
+
 /**
  * ESLint configuration for Playwright e2e tests
  *
@@ -340,6 +372,13 @@ interface SafewordEslint {
         storybook: any[];
         turbo: any[];
     };
+    /** Override presets for common false-positive categories */
+    overrides: {
+        /** Security rules that are false positives for CLI tools, build tools, and scripts */
+        cli: any;
+        /** Strict TypeScript rules that conflict with untyped external data (JSON, YAML, APIs) */
+        relaxedTypes: any;
+    };
     detect: typeof detect;
     rules: Record<string, Rule.RuleModule>;
     /** eslint-config-prettier, bundled for convenience */
@@ -351,4 +390,4 @@ interface SafewordEslint {
  */
 declare const eslintPlugin: SafewordEslint;
 
-export { astroConfig, eslintPlugin as default, detect, eslintPlugin, nextOnlyRules, playwrightConfig, recommended, recommendedTypeScript, recommendedTypeScriptNext, recommendedTypeScriptReact, rules, storybookConfig, tailwindConfig, tanstackQueryConfig, turboConfig, vitestConfig };
+export { astroConfig, cliOverrides, eslintPlugin as default, detect, eslintPlugin, nextOnlyRules, playwrightConfig, recommended, recommendedTypeScript, recommendedTypeScriptNext, recommendedTypeScriptReact, relaxedTypesOverrides, rules, storybookConfig, tailwindConfig, tanstackQueryConfig, turboConfig, vitestConfig };

package/dist/presets/typescript/index.js

@@ -1,5 +1,6 @@
 import {
   astroConfig,
+  cliOverrides,
   default as default2,
   eslintPlugin,
   nextOnlyRules,
@@ -8,6 +9,7 @@ import {
   recommendedTypeScript,
   recommendedTypeScriptNext,
   recommendedTypeScriptReact,
+  relaxedTypesOverrides,
   rules,
   storybookConfig,
   tailwindConfig,
@@ -15,13 +17,14 @@ import {
   turboConfig,
   typescript_default,
   vitestConfig
-} from "../../chunk-6ZRDSDK4.js";
+} from "../../chunk-7UYKOFTI.js";
 import {
   detect
 } from "../../chunk-PEKTMTDF.js";
 import "../../chunk-ORQHKDT2.js";
 export {
   astroConfig,
+  cliOverrides,
   typescript_default as default,
   detect,
   eslintPlugin,
@@ -32,6 +35,7 @@ export {
   recommendedTypeScript,
   recommendedTypeScriptNext,
   recommendedTypeScriptReact,
+  relaxedTypesOverrides,
   rules,
   storybookConfig,
   tailwindConfig,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safeword",
-  "version": "0.28.0",
+  "version": "0.29.0",
   "description": "CLI for setting up and managing safeword development environments",
   "type": "module",
   "bin": {

package/templates/SAFEWORD.md

@@ -88,6 +88,12 @@ Fallback: task. User can /bdd to override.
 
 ---
 
+## Reasoning Discipline
+
+Before proposing a significant decision, research first. Read relevant code, docs, or patterns. Identify 2-3 options, evaluate against criteria (correctness, simplicity, no bloat), then propose with rationale — state what was considered and why you chose this one.
+
+---
+
 ## Code Philosophy
 
 **Optimize for:** Clarity → Simplicity → Correctness (in that order)
@@ -170,11 +176,11 @@ Commit after: GREEN phase, before/after refactoring, when switching tasks.
 
 ## Enforcement
 
-Safeword tracks your phase and TDD step, reminding you each turn via the prompt hook. The done gate requires evidence (tests pass, scenarios complete, audit run).
+Safeword tracks your phase and TDD step, reminding you each turn via the prompt hook. The done gate requires verify.md artifact (written by /verify when all checks pass).
 
-- **Natural gates** — you can't start TDD without test-definitions.md; you can't create test-definitions.md without ticket frontmatter fields: `scope`, `out_of_scope`, `done_when`
+- **Natural gates** — you can't start TDD without test-definitions.md; you can't create test-definitions.md without ticket frontmatter fields: `scope`, `out_of_scope`, `done_when`; you can't close a ticket without verify.md
 - **Reminders** — the prompt hook injects your current phase and TDD step each turn
-- **Output validation** — the done gate hard-blocks until evidence proves the work is complete
+- **Artifact validation** — the done gate hard-blocks until verify.md exists in the ticket folder
 - **LOC gate** — commit every ~400 lines of code (blast radius control)
 
 ---
@@ -190,7 +196,8 @@ Safeword tracks your phase and TDD step, reminding you each turn via the prompt
 1. **Clarity → Simplicity → Correctness** (in that order)
 2. **Test what you can test**—never ask user to verify
 3. **Understand before sizing**—contribute a perspective, then classify internally
-4. **Commit after each GREEN phase**
-5. **Read the matching guide** when a trigger fires
-6. **Always read the latest documentation for the relevant tool**
-7. **AVOID BLOAT**
+4. **Research before proposing**—explore options proportional to decision magnitude
+5. **Commit after each GREEN phase**
+6. **Read the matching guide** when a trigger fires
+7. **Always read the latest documentation for the relevant tool**
+8. **AVOID BLOAT**

package/templates/hooks/lib/active-ticket.ts

@@ -55,6 +55,83 @@ export function getTicketInfo(projectDirectory: string, ticketId: string): Ticke
   }
 }
 
+/**
+ * Parse test-definitions.md sub-checkboxes to find current TDD step.
+ * Looks for the first scenario with mixed checked/unchecked sub-items.
+ * Returns the last completed step: 'red' (1 checked), 'green' (2 checked),
+ * 'refactor' (3 checked). Returns null if no active scenario found.
+ */
+export function parseTddStep(content: string): string | null {
+  const lines = content.split('\n');
+  const steps = ['red', 'green', 'refactor'];
+  let checkedCount = 0;
+  let uncheckedCount = 0;
+  let previousScenarioComplete = false;
+
+  for (const line of lines) {
+    // Detect scenario header — reset counters
+    if (/^#{2,3}\s/.test(line)) {
+      // Check previous scenario before resetting
+      if (checkedCount > 0 && uncheckedCount > 0) {
+        return steps[checkedCount - 1] ?? null;
+      }
+      // Track if previous scenario was fully complete
+      previousScenarioComplete = checkedCount === 3 && uncheckedCount === 0;
+      checkedCount = 0;
+      uncheckedCount = 0;
+      continue;
+    }
+
+    // Count sub-checkboxes (RED/GREEN/REFACTOR)
+    const checkboxMatch = line.match(/^- \[([ x])\] (RED|GREEN|REFACTOR)\s*$/i);
+    if (checkboxMatch) {
+      if (checkboxMatch[1] === 'x') {
+        checkedCount++;
+      } else {
+        uncheckedCount++;
+      }
+    }
+  }
+
+  // Check last scenario — mixed means active
+  if (checkedCount > 0 && uncheckedCount > 0) {
+    return steps[checkedCount - 1] ?? null;
+  }
+
+  // Last scenario fully complete — return 'refactor' (just finished)
+  if (checkedCount === 3 && uncheckedCount === 0) {
+    return 'refactor';
+  }
+
+  // Last scenario all unchecked but previous was complete — REFACTOR just done
+  if (checkedCount === 0 && uncheckedCount > 0 && previousScenarioComplete) {
+    return 'refactor';
+  }
+
+  return null;
+}
+
+/**
+ * Derive TDD step from a ticket's test-definitions.md.
+ * Returns null if file doesn't exist or no active scenario found.
+ */
+export function deriveTddStep(projectDirectory: string, ticketFolder: string): string | null {
+  const testDefinitionsPath = nodePath.join(
+    projectDirectory,
+    '.safeword-project',
+    'tickets',
+    ticketFolder,
+    'test-definitions.md',
+  );
+  if (!existsSync(testDefinitionsPath)) return null;
+  try {
+    const content = readFileSync(testDefinitionsPath, 'utf8');
+    return parseTddStep(content);
+  } catch {
+    return null;
+  }
+}
+
 export function getActiveTicket(projectDirectory: string): ActiveTicketInfo {
   const ticketsDirectory = nodePath.join(projectDirectory, '.safeword-project', 'tickets');
   if (!existsSync(ticketsDirectory)) return EMPTY;

package/templates/hooks/lib/quality-state.ts

@@ -23,12 +23,11 @@ export interface QualityState {
   locSinceCommit: number;
   lastCommitHash: string;
   activeTicket: string | null;
-  lastKnownPhase: string | null;
   gate: string | null;
-  lastKnownTddStep: string | null;
   locAtLastReview: number;
   recentFailures: FailureEntry[];
   incrementedPatterns: string[];
+  novelResearchReminder?: boolean;
 }
 
 /**

package/templates/hooks/lib/quality.ts

@@ -62,9 +62,9 @@ Review your work critically.
 - Is it correct?
 - Could this be simplified without losing clarity?
 - Does it follow latest docs and research? If unsure, say so — don't guess.
-- If questions remain: research first, then ask targeted questions.
+- If uncertain about correctness, research it now.
 - Report findings only. No preamble.
-- State what you're most uncertain about.`,
+- State what remains uncertain after research.`,
 
   done: `Quality Review (Done Phase):