spaghetti-slicer 0.1.0

package/dist/index.js

@@ -0,0 +1,1158 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/cli/index.ts
+var import_commander = require("commander");
+var import_ora = __toESM(require("ora"));
+var fs2 = __toESM(require("fs"));
+
+// src/engine/walker.ts
+var import_glob = require("glob");
+var path = __toESM(require("path"));
+var fs = __toESM(require("fs"));
+var IGNORE_PATTERNS = [
+  "**/node_modules/**",
+  "**/.next/**",
+  "**/dist/**",
+  "**/build/**",
+  "**/coverage/**",
+  "**/.git/**"
+];
+function walkFiles(rootPath) {
+  const absoluteRoot = path.resolve(rootPath);
+  const stat = fs.statSync(absoluteRoot);
+  if (stat.isFile()) {
+    return [absoluteRoot];
+  }
+  const files = (0, import_glob.globSync)("**/*.{ts,tsx,js,jsx}", {
+    cwd: absoluteRoot,
+    absolute: true,
+    ignore: IGNORE_PATTERNS
+  });
+  return files;
+}
+
+// src/engine/scorer.ts
+var CATEGORY_WEIGHTS = {
+  architecture: 25,
+  react: 20,
+  typescript: 20,
+  a11y: 20,
+  performance: 15
+};
+var SEVERITY_DEDUCTIONS = {
+  critical: 10,
+  warning: 5,
+  info: 2
+};
+function scoreCategory(violations) {
+  let score = 100;
+  for (const v of violations) {
+    score -= SEVERITY_DEDUCTIONS[v.severity];
+  }
+  return Math.max(0, score);
+}
+function computeReport(violations, totalFiles, scannedFiles, durationMs) {
+  const categories = ["architecture", "react", "typescript", "a11y", "performance"];
+  const categoryScores = {};
+  for (const cat of categories) {
+    const catViolations = violations.filter((v) => v.category === cat);
+    categoryScores[cat] = scoreCategory(catViolations);
+  }
+  const totalScore = Math.round(
+    categories.reduce(
+      (sum, cat) => sum + categoryScores[cat] * (CATEGORY_WEIGHTS[cat] / 100),
+      0
+    )
+  );
+  const criticalCount = violations.filter((v) => v.severity === "critical").length;
+  const warningCount = violations.filter((v) => v.severity === "warning").length;
+  const infoCount = violations.filter((v) => v.severity === "info").length;
+  return {
+    totalFiles,
+    scannedFiles,
+    totalViolations: violations.length,
+    criticalCount,
+    warningCount,
+    infoCount,
+    categoryScores,
+    totalScore,
+    violations,
+    durationMs
+  };
+}
+
+// src/engine/parser.ts
+var import_parser = require("@typescript-eslint/parser");
+function parseFile(fileContent, filePath) {
+  try {
+    return (0, import_parser.parse)(fileContent, {
+      loc: true,
+      range: true,
+      tokens: false,
+      comment: false,
+      ecmaFeatures: { jsx: true }
+    });
+  } catch {
+    console.warn(`[spaghetti-slicer] Failed to parse ${filePath}, skipping.`);
+    return null;
+  }
+}
+function findNodes(node, type) {
+  const results = [];
+  function visit(n) {
+    if (n.type === type) {
+      results.push(n);
+    }
+    for (const key of Object.keys(n)) {
+      if (key === "parent") continue;
+      const child = n[key];
+      if (child && typeof child === "object") {
+        if (Array.isArray(child)) {
+          for (const item of child) {
+            if (item && typeof item === "object" && "type" in item) {
+              visit(item);
+            }
+          }
+        } else if ("type" in child) {
+          visit(child);
+        }
+      }
+    }
+  }
+  visit(node);
+  return results;
+}
+function getNodeLine(node) {
+  return node.loc?.start.line ?? 0;
+}
+function getNodeColumn(node) {
+  return node.loc?.start.column ?? 0;
+}
+
+// src/rules/architecture/component-length.ts
+var COMPONENT_MAX_LINES = 200;
+function returnsJSX(node) {
+  const returns = findNodes(node, "ReturnStatement");
+  return returns.some((r) => {
+    if (!r.argument) return false;
+    const arg = r.argument;
+    return arg.type === "JSXElement" || arg.type === "JSXFragment" || arg.type === "ParenthesizedExpression" && (arg.expression.type === "JSXElement" || arg.expression.type === "JSXFragment");
+  });
+}
+function getFunctionName(node) {
+  if (node.type === "FunctionDeclaration") return node.id?.name ?? "Anonymous";
+  const parent = node.parent;
+  if (parent?.type === "VariableDeclarator") {
+    const id = parent.id;
+    if (id.type === "Identifier") return id.name;
+  }
+  return "Anonymous";
+}
+function attachParents(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents(child, node);
+      }
+    }
+  }
+}
+var componentLengthRule = {
+  id: "component-length",
+  name: "Component Length",
+  description: "React components should not exceed 200 lines.",
+  category: "architecture",
+  severity: "critical",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents(ast);
+    const violations = [];
+    const funcDecls = findNodes(ast, "FunctionDeclaration");
+    for (const node of funcDecls) {
+      if (!returnsJSX(node)) continue;
+      const start = node.loc?.start.line ?? 0;
+      const end = node.loc?.end.line ?? 0;
+      const lines = end - start + 1;
+      if (lines > COMPONENT_MAX_LINES) {
+        const name = getFunctionName(node);
+        violations.push({
+          ruleId: "component-length",
+          message: `Component '${name}' is ${lines} lines. Break it into smaller components.`,
+          filePath,
+          line: getNodeLine(node),
+          severity: "critical",
+          category: "architecture"
+        });
+      }
+    }
+    const arrowFns = findNodes(ast, "ArrowFunctionExpression");
+    for (const node of arrowFns) {
+      if (!returnsJSX(node)) continue;
+      const start = node.loc?.start.line ?? 0;
+      const end = node.loc?.end.line ?? 0;
+      const lines = end - start + 1;
+      if (lines > COMPONENT_MAX_LINES) {
+        const name = getFunctionName(node);
+        violations.push({
+          ruleId: "component-length",
+          message: `Component '${name}' is ${lines} lines. Break it into smaller components.`,
+          filePath,
+          line: getNodeLine(node),
+          severity: "critical",
+          category: "architecture"
+        });
+      }
+    }
+    return violations;
+  }
+};
+
+// src/rules/architecture/business-logic-in-jsx.ts
+var TRANSFORM_METHODS = ["filter", "reduce", "sort", "flatMap", "find", "findIndex"];
+function isTransformCall(node) {
+  const callee = node.callee;
+  if (callee.type !== "MemberExpression") return false;
+  const prop = callee.property;
+  return prop.type === "Identifier" && TRANSFORM_METHODS.includes(prop.name);
+}
+function countTernaryNesting(node) {
+  let depth = 1;
+  let current = node;
+  while (current.type === "ConditionalExpression" && current.consequent.type === "ConditionalExpression") {
+    depth++;
+    current = current.consequent;
+  }
+  return depth;
+}
+var businessLogicInJSXRule = {
+  id: "business-logic-in-jsx",
+  name: "Business Logic in JSX",
+  description: "Data transformations should be moved out of JSX expressions.",
+  category: "architecture",
+  severity: "warning",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    const violations = [];
+    const containers = findNodes(
+      ast,
+      "JSXExpressionContainer"
+    );
+    for (const container of containers) {
+      const calls = findNodes(container, "CallExpression");
+      for (const call of calls) {
+        if (isTransformCall(call)) {
+          violations.push({
+            ruleId: "business-logic-in-jsx",
+            message: "Inline data transformation found in JSX. Move to a variable or custom hook.",
+            filePath,
+            line: getNodeLine(call),
+            column: getNodeColumn(call),
+            severity: "warning",
+            category: "architecture"
+          });
+          break;
+        }
+      }
+      const ternaries = findNodes(
+        container,
+        "ConditionalExpression"
+      );
+      for (const ternary of ternaries) {
+        if (countTernaryNesting(ternary) > 2) {
+          violations.push({
+            ruleId: "business-logic-in-jsx",
+            message: "Inline data transformation found in JSX. Move to a variable or custom hook.",
+            filePath,
+            line: getNodeLine(ternary),
+            column: getNodeColumn(ternary),
+            severity: "warning",
+            category: "architecture"
+          });
+          break;
+        }
+      }
+    }
+    return violations;
+  }
+};
+
+// src/rules/architecture/direct-fetch-in-component.ts
+function isCustomHookOrService(filePath) {
+  const lower = filePath.toLowerCase();
+  return lower.includes("/hooks/") || lower.includes("/services/") || lower.includes("/api/") || lower.includes(".service.") || lower.includes(".hook.");
+}
+function getFunctionName2(node) {
+  if (node.type === "FunctionDeclaration") {
+    return node.id?.name ?? null;
+  }
+  if (node.type === "ArrowFunctionExpression" || node.type === "FunctionExpression") {
+    const parent = node.parent;
+    if (parent?.type === "VariableDeclarator") {
+      const id = parent.id;
+      if (id.type === "Identifier") return id.name;
+    }
+  }
+  return null;
+}
+function isComponentFunction(node) {
+  const name = getFunctionName2(node);
+  if (!name) return false;
+  return /^[A-Z]/.test(name);
+}
+function attachParents2(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents2(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents2(child, node);
+      }
+    }
+  }
+}
+function getAncestorComponentFunction(node) {
+  let current = node.parent;
+  while (current) {
+    if (current.type === "FunctionDeclaration" || current.type === "ArrowFunctionExpression" || current.type === "FunctionExpression") {
+      if (isComponentFunction(current)) return current;
+    }
+    current = current.parent;
+  }
+  return null;
+}
+var directFetchInComponentRule = {
+  id: "direct-fetch-in-component",
+  name: "Direct Fetch in Component",
+  description: "fetch/axios calls should not be made directly inside components.",
+  category: "architecture",
+  severity: "critical",
+  run(filePath, fileContent) {
+    if (isCustomHookOrService(filePath)) return [];
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents2(ast);
+    const violations = [];
+    const calls = findNodes(ast, "CallExpression");
+    for (const call of calls) {
+      const callee = call.callee;
+      let isFetchCall = false;
+      if (callee.type === "Identifier" && callee.name === "fetch") {
+        isFetchCall = true;
+      }
+      if (callee.type === "MemberExpression" && callee.object.type === "Identifier" && callee.object.name === "axios") {
+        isFetchCall = true;
+      }
+      if (callee.type === "Identifier" && callee.name === "axios") {
+        isFetchCall = true;
+      }
+      if (!isFetchCall) continue;
+      const componentAncestor = getAncestorComponentFunction(call);
+      if (!componentAncestor) continue;
+      violations.push({
+        ruleId: "direct-fetch-in-component",
+        message: "Direct fetch() call found in component. Move to a custom hook or service layer.",
+        filePath,
+        line: getNodeLine(call),
+        column: getNodeColumn(call),
+        severity: "critical",
+        category: "architecture"
+      });
+    }
+    return violations;
+  }
+};
+
+// src/rules/architecture/state-bloat.ts
+var MAX_STATE_HOOKS = 5;
+function returnsJSX2(node) {
+  const returns = findNodes(node, "ReturnStatement");
+  return returns.some((r) => {
+    if (!r.argument) return false;
+    const arg = r.argument;
+    return arg.type === "JSXElement" || arg.type === "JSXFragment" || arg.type === "ParenthesizedExpression" && (arg.expression.type === "JSXElement" || arg.expression.type === "JSXFragment");
+  });
+}
+function getFunctionName3(node) {
+  if (node.type === "FunctionDeclaration") return node.id?.name ?? "Anonymous";
+  const parent = node.parent;
+  if (parent?.type === "VariableDeclarator") {
+    const id = parent.id;
+    if (id.type === "Identifier") return id.name;
+  }
+  return "Anonymous";
+}
+function attachParents3(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents3(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents3(child, node);
+      }
+    }
+  }
+}
+function isuseStateCall(node) {
+  const callee = node.callee;
+  if (callee.type === "Identifier" && callee.name === "useState") {
+    return true;
+  }
+  if (callee.type === "MemberExpression" && callee.object.type === "Identifier" && callee.object.name === "React" && callee.property.type === "Identifier" && callee.property.name === "useState") {
+    return true;
+  }
+  return false;
+}
+function isDirectHookInComponent(node, componentNode) {
+  let current = node.parent;
+  while (current) {
+    if (current === componentNode) return true;
+    if (current.type === "FunctionDeclaration" || current.type === "ArrowFunctionExpression" || current.type === "FunctionExpression") {
+      return false;
+    }
+    current = current.parent;
+  }
+  return false;
+}
+var stateBloatRule = {
+  id: "state-bloat",
+  name: "State Bloat",
+  description: "Components should not contain more than 5 useState hooks.",
+  category: "architecture",
+  severity: "warning",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents3(ast);
+    const violations = [];
+    const checkComponent = (node) => {
+      if (!returnsJSX2(node)) return;
+      const alluseStateCalls = findNodes(node, "CallExpression").filter(isuseStateCall).filter((call) => isDirectHookInComponent(call, node));
+      const count = alluseStateCalls.length;
+      if (count > MAX_STATE_HOOKS) {
+        const name = getFunctionName3(node);
+        violations.push({
+          ruleId: "state-bloat",
+          message: `Component '${name}' contains ${count} useState hooks. Combine them into a single useReducer or group them into custom hooks.`,
+          filePath,
+          line: getNodeLine(node),
+          severity: "warning",
+          category: "architecture"
+        });
+      }
+    };
+    const funcDecls = findNodes(ast, "FunctionDeclaration");
+    for (const node of funcDecls) {
+      checkComponent(node);
+    }
+    const arrowFns = findNodes(ast, "ArrowFunctionExpression");
+    for (const node of arrowFns) {
+      checkComponent(node);
+    }
+    return violations;
+  }
+};
+
+// src/rules/architecture/hardcoded-secrets-endpoints.ts
+var URL_REGEX = /^(https?|wss?):\/\/[^\s'"`{}()]+/;
+var SECRET_KEY_REGEX = /(api_?key|secret|password|token|credential)/i;
+var PLACEHOLDER_REGEX = /^(TODO|placeholder|dummy|test|your[-_]api[-_]key|your[-_]secret|your[-_]token|your[-_]password|enter[-_]here|x+)/i;
+function attachParents4(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents4(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents4(child, node);
+      }
+    }
+  }
+}
+function getVariableName(node) {
+  const parent = node.parent;
+  if (!parent) return null;
+  if (parent.type === "VariableDeclarator") {
+    if (parent.id.type === "Identifier") {
+      return parent.id.name;
+    }
+  }
+  if (parent.type === "Property") {
+    if (parent.key.type === "Identifier") {
+      return parent.key.name;
+    }
+    if (parent.key.type === "Literal" && typeof parent.key.value === "string") {
+      return parent.key.value;
+    }
+  }
+  if (parent.type === "AssignmentExpression") {
+    if (parent.left.type === "Identifier") {
+      return parent.left.name;
+    }
+    if (parent.left.type === "MemberExpression") {
+      const prop = parent.left.property;
+      if (prop.type === "Identifier") {
+        return prop.name;
+      }
+      if (prop.type === "Literal" && typeof prop.value === "string") {
+        return prop.value;
+      }
+    }
+  }
+  return null;
+}
+var hardcodedSecretsEndpointsRule = {
+  id: "hardcoded-secrets-endpoints",
+  name: "Hardcoded Secrets and Endpoints",
+  description: "Do not hardcode raw URLs or secrets in the codebase.",
+  category: "architecture",
+  severity: "critical",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents4(ast);
+    const violations = [];
+    const checkStringValue = (value, node) => {
+      const trimmed = value.trim();
+      if (URL_REGEX.test(trimmed)) {
+        violations.push({
+          ruleId: "hardcoded-secrets-endpoints",
+          message: `Hardcoded API endpoint found: '${trimmed}'. Extract to an environment variable.`,
+          filePath,
+          line: getNodeLine(node),
+          column: getNodeColumn(node),
+          severity: "critical",
+          category: "architecture"
+        });
+        return;
+      }
+      if (trimmed.length > 4 && !PLACEHOLDER_REGEX.test(trimmed)) {
+        const varName = getVariableName(node);
+        if (varName && SECRET_KEY_REGEX.test(varName)) {
+          violations.push({
+            ruleId: "hardcoded-secrets-endpoints",
+            message: `Potential hardcoded secret found in variable '${varName}'. Extract to an environment variable.`,
+            filePath,
+            line: getNodeLine(node),
+            column: getNodeColumn(node),
+            severity: "critical",
+            category: "architecture"
+          });
+        }
+      }
+    };
+    const literals = findNodes(ast, "Literal");
+    for (const node of literals) {
+      if (node.parent?.type === "Property" && node.parent.key === node) {
+        continue;
+      }
+      if (typeof node.value === "string") {
+        checkStringValue(node.value, node);
+      }
+    }
+    const templateLiterals = findNodes(ast, "TemplateLiteral");
+    for (const node of templateLiterals) {
+      if (node.quasis.length === 1) {
+        const value = node.quasis[0].value.cooked ?? "";
+        checkStringValue(value, node);
+      }
+    }
+    return violations;
+  }
+};
+
+// src/rules/react/index-as-key.ts
+function attachParents5(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents5(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents5(child, node);
+      }
+    }
+  }
+}
+function getMapIndexParam(callExpr) {
+  const callee = callExpr.callee;
+  if (callee.type !== "MemberExpression") return null;
+  const prop = callee.property;
+  if (prop.type !== "Identifier" || prop.name !== "map") return null;
+  const args = callExpr.arguments;
+  if (!args.length) return null;
+  const callback = args[0];
+  if (callback.type !== "ArrowFunctionExpression" && callback.type !== "FunctionExpression")
+    return null;
+  if (callback.params.length < 2) return null;
+  const indexParam = callback.params[1];
+  if (indexParam.type === "Identifier") return indexParam.name;
+  return null;
+}
+var indexAsKeyRule = {
+  id: "index-as-key",
+  name: "Index as Key",
+  description: "Array index should not be used as a React key prop.",
+  category: "react",
+  severity: "critical",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents5(ast);
+    const violations = [];
+    const callExprs = findNodes(ast, "CallExpression");
+    for (const call of callExprs) {
+      const indexParam = getMapIndexParam(call);
+      if (!indexParam) continue;
+      const jsxAttrs = findNodes(call, "JSXAttribute");
+      for (const attr of jsxAttrs) {
+        if (attr.name.type !== "JSXIdentifier" || attr.name.name !== "key") continue;
+        const val = attr.value;
+        if (val?.type === "JSXExpressionContainer" && val.expression.type === "Identifier" && val.expression.name === indexParam) {
+          violations.push({
+            ruleId: "index-as-key",
+            message: "Array index used as key prop. Use a stable unique identifier instead.",
+            filePath,
+            line: getNodeLine(attr),
+            column: getNodeColumn(attr),
+            severity: "critical",
+            category: "react"
+          });
+        }
+      }
+    }
+    return violations;
+  }
+};
+
+// src/rules/react/missing-error-boundary.ts
+function isErrorBoundaryClass(node) {
+  if (!node.superClass) return false;
+  const methods = findNodes(node, "MethodDefinition");
+  return methods.some((m) => {
+    const key = m.key;
+    if (key.type !== "Identifier") return false;
+    return key.name === "componentDidCatch" || key.name === "getDerivedStateFromError";
+  });
+}
+var hasErrorBoundary = false;
+var firstFilePath = "";
+var firstCheckDone = false;
+function resetErrorBoundaryState() {
+  hasErrorBoundary = false;
+  firstFilePath = "";
+  firstCheckDone = false;
+}
+var missingErrorBoundaryRule = {
+  id: "missing-error-boundary",
+  name: "Missing Error Boundary",
+  description: "Codebase should have at least one error boundary component.",
+  category: "react",
+  severity: "warning",
+  run(filePath, fileContent) {
+    if (!firstCheckDone) {
+      firstFilePath = filePath;
+      firstCheckDone = true;
+    }
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    const classes = findNodes(ast, "ClassDeclaration");
+    if (classes.some(isErrorBoundaryClass)) {
+      hasErrorBoundary = true;
+    }
+    return [];
+  }
+};
+function finalizeErrorBoundaryViolations() {
+  if (!hasErrorBoundary && firstFilePath) {
+    return [
+      {
+        ruleId: "missing-error-boundary",
+        message: "No error boundary found in codebase. Wrap route-level components with an error boundary.",
+        filePath: firstFilePath,
+        line: 1,
+        severity: "warning",
+        category: "react"
+      }
+    ];
+  }
+  return [];
+}
+
+// src/rules/react/no-sub-renders.ts
+var RENDER_NAME_REGEX = /^render([A-Z].*)?$/;
+function returnsJSX3(node) {
+  const returns = findNodes(node, "ReturnStatement");
+  return returns.some((r) => {
+    if (!r.argument) return false;
+    const arg = r.argument;
+    return arg.type === "JSXElement" || arg.type === "JSXFragment" || arg.type === "ParenthesizedExpression" && (arg.expression.type === "JSXElement" || arg.expression.type === "JSXFragment");
+  });
+}
+function attachParents6(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents6(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents6(child, node);
+      }
+    }
+  }
+}
+function getEnclosingComponent(node) {
+  let current = node.parent;
+  while (current) {
+    if (current.type === "FunctionDeclaration" || current.type === "ArrowFunctionExpression" || current.type === "FunctionExpression") {
+      if (returnsJSX3(current)) {
+        return current;
+      }
+    }
+    current = current.parent;
+  }
+  return null;
+}
+function getFunctionName4(node) {
+  if (node.type === "FunctionDeclaration") {
+    return node.id?.name ?? null;
+  }
+  const parent = node.parent;
+  if (parent?.type === "VariableDeclarator") {
+    if (parent.id.type === "Identifier") {
+      return parent.id.name;
+    }
+  }
+  return null;
+}
+var noSubRendersRule = {
+  id: "no-sub-renders",
+  name: "No Sub-Renders",
+  description: "Helper rendering functions should not be defined inside a component body.",
+  category: "react",
+  severity: "warning",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents6(ast);
+    const violations = [];
+    const checkFunctionNode = (node) => {
+      const parentComp = getEnclosingComponent(node);
+      if (!parentComp) return;
+      const name = getFunctionName4(node);
+      if (!name) return;
+      const isRenderName = RENDER_NAME_REGEX.test(name);
+      const doesReturnJSX = returnsJSX3(node);
+      if (isRenderName || doesReturnJSX) {
+        violations.push({
+          ruleId: "no-sub-renders",
+          message: `Helper rendering function '${name}' defined inside component body. Extract it into a standalone React component.`,
+          filePath,
+          line: getNodeLine(node),
+          column: getNodeColumn(node),
+          severity: "warning",
+          category: "react"
+        });
+      }
+    };
+    const funcDecls = findNodes(ast, "FunctionDeclaration");
+    for (const node of funcDecls) {
+      checkFunctionNode(node);
+    }
+    const arrowFns = findNodes(ast, "ArrowFunctionExpression");
+    for (const node of arrowFns) {
+      checkFunctionNode(node);
+    }
+    const funcExprs = findNodes(ast, "FunctionExpression");
+    for (const node of funcExprs) {
+      checkFunctionNode(node);
+    }
+    return violations;
+  }
+};
+
+// src/rules/react/fat-controller.ts
+var MIN_COMPONENT_LINES = 20;
+var MAX_LOGIC_RATIO = 0.75;
+function isJSXReturn(r) {
+  if (!r.argument) return false;
+  const arg = r.argument;
+  return arg.type === "JSXElement" || arg.type === "JSXFragment" || arg.type === "ParenthesizedExpression" && (arg.expression.type === "JSXElement" || arg.expression.type === "JSXFragment");
+}
+function returnsJSX4(node) {
+  const returns = findNodes(node, "ReturnStatement");
+  return returns.some(isJSXReturn);
+}
+function getFunctionName5(node) {
+  if (node.type === "FunctionDeclaration") return node.id?.name ?? "Anonymous";
+  const parent = node.parent;
+  if (parent?.type === "VariableDeclarator") {
+    const id = parent.id;
+    if (id.type === "Identifier") return id.name;
+  }
+  return "Anonymous";
+}
+function attachParents7(node, parent) {
+  ;
+  node.parent = parent;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (item && typeof item === "object" && "type" in item) {
+            attachParents7(item, node);
+          }
+        }
+      } else if ("type" in child) {
+        attachParents7(child, node);
+      }
+    }
+  }
+}
+function isDirectReturnOf(node, componentNode) {
+  let current = node.parent;
+  while (current) {
+    if (current === componentNode) return true;
+    if (current.type === "FunctionDeclaration" || current.type === "ArrowFunctionExpression" || current.type === "FunctionExpression") {
+      return false;
+    }
+    current = current.parent;
+  }
+  return false;
+}
+var fatControllerRule = {
+  id: "fat-controller",
+  name: "Fat Controller",
+  description: "Component body logic should not exceed 75% of the total component size.",
+  category: "react",
+  severity: "warning",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    attachParents7(ast);
+    const violations = [];
+    const checkComponent = (node) => {
+      if (!returnsJSX4(node)) return;
+      const start = node.loc?.start.line ?? 0;
+      const end = node.loc?.end.line ?? 0;
+      const totalLines = end - start + 1;
+      if (totalLines <= MIN_COMPONENT_LINES) return;
+      const directReturns = findNodes(node, "ReturnStatement").filter((r) => isDirectReturnOf(r, node)).filter(isJSXReturn);
+      if (directReturns.length === 0) return;
+      const earliestReturnLine = Math.min(...directReturns.map((r) => r.loc?.start.line ?? 0));
+      const logicLines = earliestReturnLine - start;
+      const ratio = logicLines / totalLines;
+      if (ratio > MAX_LOGIC_RATIO) {
+        const name = getFunctionName5(node);
+        violations.push({
+          ruleId: "fat-controller",
+          message: `Component '${name}' body has ${Math.round(ratio * 100)}% JavaScript logic code and less than 25% JSX return markup. Extract logic into a custom hook.`,
+          filePath,
+          line: getNodeLine(node),
+          severity: "warning",
+          category: "react"
+        });
+      }
+    };
+    const funcDecls = findNodes(ast, "FunctionDeclaration");
+    for (const node of funcDecls) {
+      checkComponent(node);
+    }
+    const arrowFns = findNodes(ast, "ArrowFunctionExpression");
+    for (const node of arrowFns) {
+      checkComponent(node);
+    }
+    return violations;
+  }
+};
+
+// src/rules/performance/image-missing-dimensions.ts
+var IMAGE_TAGS = ["img", "Image"];
+var imageMissingDimensionsRule = {
+  id: "image-missing-dimensions",
+  name: "Image Missing Dimensions",
+  description: "<img> elements should have width and height to prevent CLS.",
+  category: "performance",
+  severity: "warning",
+  run(filePath, fileContent) {
+    const ast = parseFile(fileContent, filePath);
+    if (!ast) return [];
+    const violations = [];
+    const elements = findNodes(ast, "JSXOpeningElement");
+    for (const el of elements) {
+      const name = el.name;
+      if (name.type !== "JSXIdentifier") continue;
+      if (!IMAGE_TAGS.includes(name.name)) continue;
+      const attrs = el.attributes;
+      const hasWidth = attrs.some(
+        (a) => a.type === "JSXAttribute" && a.name.type === "JSXIdentifier" && a.name.name === "width"
+      );
+      const hasHeight = attrs.some(
+        (a) => a.type === "JSXAttribute" && a.name.type === "JSXIdentifier" && a.name.name === "height"
+      );
+      if (!hasWidth || !hasHeight) {
+        violations.push({
+          ruleId: "image-missing-dimensions",
+          message: "<img> element missing width/height attributes. This causes Cumulative Layout Shift (CLS).",
+          filePath,
+          line: getNodeLine(el),
+          column: getNodeColumn(el),
+          severity: "warning",
+          category: "performance"
+        });
+      }
+    }
+    return violations;
+  }
+};
+
+// src/rules/index.ts
+var allRules = [
+  componentLengthRule,
+  businessLogicInJSXRule,
+  directFetchInComponentRule,
+  stateBloatRule,
+  hardcodedSecretsEndpointsRule,
+  indexAsKeyRule,
+  missingErrorBoundaryRule,
+  noSubRendersRule,
+  fatControllerRule,
+  imageMissingDimensionsRule
+];
+
+// src/reporter/console.ts
+var import_chalk = __toESM(require("chalk"));
+var import_boxen = __toESM(require("boxen"));
+var CATEGORY_LABELS = {
+  architecture: "Architecture",
+  react: "React",
+  typescript: "TypeScript",
+  a11y: "Accessibility",
+  performance: "Performance"
+};
+function scoreBar(score) {
+  const filled = Math.round(score / 10);
+  const empty = 10 - filled;
+  return import_chalk.default.green("\u2588".repeat(filled)) + import_chalk.default.gray("\u2591".repeat(empty));
+}
+function scoreLabel(score) {
+  if (score >= 90) return import_chalk.default.green("\u2705 Excellent");
+  if (score >= 75) return import_chalk.default.green("\u2705 Good");
+  if (score >= 60) return import_chalk.default.yellow("\u26A0\uFE0F  Needs Work");
+  return import_chalk.default.red("\u274C Poor");
+}
+function printReport(report) {
+  console.log(
+    (0, import_boxen.default)(
+      import_chalk.default.bold.cyan("  spaghetti-slicer v0.1.0") + "\n  Scanning React/TS codebase...",
+      { padding: 1, borderStyle: "round", borderColor: "cyan" }
+    )
+  );
+  const duration = (report.durationMs / 1e3).toFixed(1);
+  console.log(
+    import_chalk.default.green("\u2714") + ` ${report.scannedFiles} files scanned in ${duration}s
+`
+  );
+  const criticals = report.violations.filter((v) => v.severity === "critical");
+  const warnings = report.violations.filter((v) => v.severity === "warning");
+  const infos = report.violations.filter((v) => v.severity === "info");
+  if (criticals.length > 0) {
+    console.log(import_chalk.default.red.bold(`CRITICAL (${criticals.length})`));
+    for (const v of criticals) {
+      console.log(
+        import_chalk.default.red(`\u2717 ${v.filePath}:${v.line}`)
+      );
+      console.log(
+        `  ${import_chalk.default.gray(`[${v.category}]`)} ${v.message}`
+      );
+    }
+    console.log();
+  }
+  if (warnings.length > 0) {
+    console.log(import_chalk.default.yellow.bold(`WARNINGS (${warnings.length})`));
+    for (const v of warnings) {
+      console.log(
+        import_chalk.default.yellow(`\u26A0 ${v.filePath}:${v.line}`)
+      );
+      console.log(
+        `  ${import_chalk.default.gray(`[${v.category}]`)} ${v.message}`
+      );
+    }
+    console.log();
+  }
+  if (infos.length > 0) {
+    console.log(import_chalk.default.blue.bold(`INFO (${infos.length})`));
+    for (const v of infos) {
+      console.log(
+        import_chalk.default.blue(`\u2139 ${v.filePath}:${v.line}`)
+      );
+      console.log(
+        `  ${import_chalk.default.gray(`[${v.category}]`)} ${v.message}`
+      );
+    }
+    console.log();
+  }
+  const categories = [
+    "architecture",
+    "react",
+    "typescript",
+    "a11y",
+    "performance"
+  ];
+  const scoreLines = categories.map((cat) => {
+    const s = report.categoryScores[cat];
+    const label = CATEGORY_LABELS[cat].padEnd(14);
+    return `  ${label} ${scoreBar(s)}  ${s}/100`;
+  }).join("\n");
+  const summary = [
+    import_chalk.default.bold("  AUDIT SCORE"),
+    "",
+    scoreLines,
+    "",
+    `  Total Score:   ${import_chalk.default.bold(String(report.totalScore))}/100  ${scoreLabel(report.totalScore)}`,
+    "",
+    `  ${import_chalk.default.red(`${report.criticalCount} critical`)}  \u2022  ${import_chalk.default.yellow(`${report.warningCount} warnings`)}  \u2022  ${import_chalk.default.blue(`${report.infoCount} info`)}`
+  ].join("\n");
+  console.log(
+    (0, import_boxen.default)(summary, {
+      padding: { top: 0, bottom: 0, left: 0, right: 2 },
+      borderStyle: "round",
+      borderColor: report.totalScore >= 75 ? "green" : report.totalScore >= 60 ? "yellow" : "red"
+    })
+  );
+}
+
+// src/reporter/json.ts
+function toJSON(report) {
+  return JSON.stringify(report, null, 2);
+}
+
+// src/cli/index.ts
+var program = new import_commander.Command();
+program.name("spaghetti-slicer").description("Frontend best practices auditor for React/TypeScript codebases").version("0.1.0").argument("<path>", "Directory or file to audit").option("--json", "Output results as JSON to stdout").option("--fix", "Show auto-fix suggestions").option("--rule <category>", "Only run rules from one category").option("--min-score <number>", "Exit with code 1 if score is below threshold").action(async (targetPath, options) => {
+  const start = Date.now();
+  if (!fs2.existsSync(targetPath)) {
+    console.error(`Error: path '${targetPath}' does not exist.`);
+    process.exit(1);
+  }
+  const files = walkFiles(targetPath);
+  const totalFiles = files.length;
+  let activeRules = allRules;
+  if (options.rule) {
+    const cat = options.rule;
+    activeRules = allRules.filter((r) => r.category === cat);
+  }
+  resetErrorBoundaryState();
+  const spinner = options.json ? null : (0, import_ora.default)(`Scanning ${totalFiles} files...`).start();
+  const allViolations = [];
+  let scannedFiles = 0;
+  for (const filePath of files) {
+    let content;
+    try {
+      content = fs2.readFileSync(filePath, "utf-8");
+    } catch {
+      continue;
+    }
+    for (const rule of activeRules) {
+      try {
+        const violations = rule.run(filePath, content);
+        allViolations.push(...violations);
+      } catch {
+      }
+    }
+    scannedFiles++;
+  }
+  const errorBoundaryViolations = finalizeErrorBoundaryViolations();
+  allViolations.push(...errorBoundaryViolations);
+  spinner?.succeed(`${scannedFiles} files scanned`);
+  const durationMs = Date.now() - start;
+  const report = computeReport(allViolations, totalFiles, scannedFiles, durationMs);
+  if (options.json) {
+    process.stdout.write(toJSON(report) + "\n");
+  } else {
+    printReport(report);
+    if (options.fix) {
+      console.log("\nAuto-fix suggestions:");
+      console.log("  Run: eslint --fix for no-explicit-any violations");
+      console.log("  Run: eslint-plugin-jsx-a11y for accessibility violations");
+    }
+  }
+  const minScore = options.minScore ? parseInt(options.minScore, 10) : null;
+  if (minScore !== null && report.totalScore < minScore) {
+    process.exit(1);
+  }
+});
+program.parse();