vibe-and-thrive 1.0.0

package/dist/hooks/check-hardcoded-urls.js

@@ -0,0 +1,124 @@
+/**
+ * Check for hardcoded URLs that should use environment variables
+ */
+// Common CDN and safe domains to ignore
+const SAFE_DOMAINS = new Set([
+    'cdn.jsdelivr.net',
+    'cdnjs.cloudflare.com',
+    'unpkg.com',
+    'fonts.googleapis.com',
+    'fonts.gstatic.com',
+    'fonts.bunny.net',
+    'api.github.com',
+    'raw.githubusercontent.com',
+    'registry.npmjs.org',
+    'pypi.org',
+    'schema.org',
+    'www.w3.org',
+    'example.com',
+    'example.org',
+]);
+// Patterns that indicate this is likely test/example code
+const TEST_PATTERNS = [
+    /\.test\./,
+    /\.spec\./,
+    /\/__tests__\//,
+    /\/test\//,
+    /\/fixtures?\//,
+    /\.mock\./,
+];
+export const checkHardcodedUrls = {
+    id: 'urls',
+    name: 'Check Hardcoded URLs',
+    description: 'Detect hardcoded URLs that should use environment variables',
+    severity: 'error',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'py'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        // Skip test files
+        if (TEST_PATTERNS.some((p) => p.test(context.filePath))) {
+            return results;
+        }
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (isCommentLine(line, context.extension)) {
+                continue;
+            }
+            // Check for localhost URLs
+            const localhostMatches = line.matchAll(/https?:\/\/localhost(?::\d+)?(?:\/[^\s'")\]]*)?/g);
+            for (const match of localhostMatches) {
+                // Skip if in a fallback/default pattern
+                if (isFallbackPattern(line, match.index || 0)) {
+                    continue;
+                }
+                results.push({
+                    line: lineNum,
+                    column: match.index || 0,
+                    message: 'Hardcoded localhost URL - use environment variable',
+                    severity: 'warning',
+                    ruleId: 'urls/localhost',
+                    fix: 'Use process.env.API_URL or similar',
+                });
+            }
+            // Check for 127.0.0.1 URLs
+            const ipMatches = line.matchAll(/https?:\/\/127\.0\.0\.1(?::\d+)?(?:\/[^\s'")\]]*)?/g);
+            for (const match of ipMatches) {
+                if (isFallbackPattern(line, match.index || 0)) {
+                    continue;
+                }
+                results.push({
+                    line: lineNum,
+                    column: match.index || 0,
+                    message: 'Hardcoded localhost IP - use environment variable',
+                    severity: 'warning',
+                    ruleId: 'urls/localhost-ip',
+                });
+            }
+            // Check for production URLs
+            const urlMatches = line.matchAll(/https?:\/\/([a-zA-Z0-9][a-zA-Z0-9-]*\.[a-zA-Z]{2,}(?:\.[a-zA-Z]{2,})?)(?::\d+)?(?:\/[^\s'")\]]*)?/g);
+            for (const match of urlMatches) {
+                const domain = match[1].toLowerCase();
+                // Skip safe domains
+                if (SAFE_DOMAINS.has(domain)) {
+                    continue;
+                }
+                // Skip if in a fallback pattern
+                if (isFallbackPattern(line, match.index || 0)) {
+                    continue;
+                }
+                // Skip common documentation/example patterns
+                if (domain.includes('example') || domain.includes('placeholder')) {
+                    continue;
+                }
+                // Flag as potential hardcoded production URL
+                results.push({
+                    line: lineNum,
+                    column: match.index || 0,
+                    message: `Hardcoded URL (${domain}) - consider using environment variable`,
+                    severity: 'warning',
+                    ruleId: 'urls/hardcoded',
+                });
+            }
+        }
+        return results;
+    },
+};
+function isCommentLine(line, extension) {
+    const trimmed = line.trim();
+    if (['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs'].includes(extension)) {
+        return trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+    }
+    if (['py', 'pyw'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    return false;
+}
+function isFallbackPattern(line, urlIndex) {
+    // Check if URL appears after || or ?? or as a default value
+    const before = line.substring(0, urlIndex);
+    return /(\|\||\?\?|:\s*$|,\s*$|=\s*$|default[:\s]*$)/i.test(before.trim());
+}
+//# sourceMappingURL=check-hardcoded-urls.js.map

package/dist/hooks/check-hardcoded-urls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-hardcoded-urls.js","sourceRoot":"","sources":["../../src/hooks/check-hardcoded-urls.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,wCAAwC;AACxC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,kBAAkB;IAClB,sBAAsB;IACtB,WAAW;IACX,sBAAsB;IACtB,mBAAmB;IACnB,iBAAiB;IACjB,gBAAgB;IAChB,2BAA2B;IAC3B,oBAAoB;IACpB,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,aAAa;CACd,CAAC,CAAC;AAEH,0DAA0D;AAC1D,MAAM,aAAa,GAAG;IACpB,UAAU;IACV,UAAU;IACV,eAAe;IACf,UAAU;IACV,eAAe;IACf,UAAU;CACX,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAS;IACtC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EAAE,6DAA6D;IAC1E,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC;IAEzD,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,kBAAkB;QAClB,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,kDAAkD,CAAC,CAAC;YAC3F,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;gBACrC,wCAAwC;gBACxC,IAAI,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;oBACxB,OAAO,EAAE,oDAAoD;oBAC7D,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,gBAAgB;oBACxB,GAAG,EAAE,oCAAoC;iBAC1C,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,qDAAqD,CAAC,CAAC;YACvF,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,IAAI,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;oBACxB,OAAO,EAAE,mDAAmD;oBAC5D,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,mBAAmB;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,4BAA4B;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,oGAAoG,CAAC,CAAC;YACvI,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAEtC,oBAAoB;gBACpB,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC7B,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,iBAAiB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACjE,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;oBACxB,OAAO,EAAE,kBAAkB,MAAM,yCAAyC;oBAC1E,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,IAAY,EAAE,SAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,QAAgB;IACvD,4DAA4D;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC3C,OAAO,+CAA+C,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;AAC7E,CAAC"}

package/dist/hooks/check-magic-numbers.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for magic numbers that should be named constants
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkMagicNumbers: Hook;
+//# sourceMappingURL=check-magic-numbers.d.ts.map

package/dist/hooks/check-magic-numbers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-magic-numbers.d.ts","sourceRoot":"","sources":["../../src/hooks/check-magic-numbers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AA0CvE,eAAO,MAAM,iBAAiB,EAAE,IAkE/B,CAAC"}

package/dist/hooks/check-magic-numbers.js

@@ -0,0 +1,116 @@
+/**
+ * Check for magic numbers that should be named constants
+ */
+// Numbers that are commonly acceptable and don't need constants
+const ACCEPTABLE_NUMBERS = new Set([
+    -1, 0, 1, 2, 10, 100, 1000,
+    // Common time values
+    60, 1000, 3600, 86400,
+    // Array/string indices
+    0, 1, 2,
+]);
+// Contexts where magic numbers are acceptable
+const ACCEPTABLE_CONTEXTS = [
+    /\.length\s*[<>=!]/, // array length comparisons
+    /\[\s*\d+\s*\]/, // array indexing
+    /slice\s*\(\s*\d+/, // slice operations
+    /substring\s*\(\s*\d+/, // substring operations
+    /repeat\s*\(\s*\d+/, // repeat operations
+    /^\s*(?:return|throw)\s+\d+/, // return/throw numeric values
+    /port\s*[:=]/i, // port numbers
+    /\.toFixed\s*\(\s*\d+/, // decimal places
+    /Math\./, // Math operations
+    /parseInt|parseFloat/, // parsing functions
+    /0x[0-9a-fA-F]+/, // hex numbers (color codes, etc.)
+    /rgba?\s*\(/, // CSS colors
+    /version/i, // version numbers
+    /new Date\(/, // date constructors
+    /setTimeout|setInterval/, // timer functions (often have inline ms)
+    /padding|margin|width|height/i, // CSS-related
+];
+// Paths that indicate frontend component files (skip these)
+const FRONTEND_PATH_PATTERNS = [
+    /\/components\//i,
+    /\/pages\//i,
+    /\/views\//i,
+    /\/layouts\//i,
+    /\/ui\//i,
+    /\.styled\./i,
+    /\.styles\./i,
+];
+export const checkMagicNumbers = {
+    id: 'magic-numbers',
+    name: 'Check Magic Numbers',
+    description: 'Detect magic numbers that should be named constants',
+    severity: 'warning',
+    // Skip JSX/TSX - too many false positives with CSS values
+    fileTypes: ['js', 'ts', 'mjs', 'cjs', 'py'],
+    check(context) {
+        const results = [];
+        // Skip frontend component files even if they're .js/.ts
+        if (FRONTEND_PATH_PATTERNS.some((pattern) => pattern.test(context.filePath))) {
+            return results;
+        }
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (isCommentLine(line, context.extension)) {
+                continue;
+            }
+            // Skip constant/variable declarations with descriptive names
+            if (isConstantDeclaration(line)) {
+                continue;
+            }
+            // Find all numbers in the line
+            const numberMatches = line.matchAll(/(?<![a-zA-Z_])(-?\d+(?:\.\d+)?)\b/g);
+            for (const match of numberMatches) {
+                const numStr = match[1];
+                const num = parseFloat(numStr);
+                // Skip acceptable numbers
+                if (ACCEPTABLE_NUMBERS.has(num)) {
+                    continue;
+                }
+                // Skip if in acceptable context
+                if (ACCEPTABLE_CONTEXTS.some((pattern) => pattern.test(line))) {
+                    continue;
+                }
+                // Skip very small numbers (likely not magic)
+                if (num >= -10 && num <= 10 && Number.isInteger(num)) {
+                    continue;
+                }
+                results.push({
+                    line: lineNum,
+                    column: match.index || 0,
+                    message: `Magic number ${numStr} - consider using a named constant`,
+                    severity: 'warning',
+                    ruleId: 'magic-numbers/unnamed',
+                });
+            }
+        }
+        return results;
+    },
+};
+function isCommentLine(line, extension) {
+    const trimmed = line.trim();
+    if (['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs'].includes(extension)) {
+        return trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+    }
+    if (['py', 'pyw'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    return false;
+}
+function isConstantDeclaration(line) {
+    // JavaScript/TypeScript const with UPPER_CASE name
+    if (/const\s+[A-Z][A-Z0-9_]+\s*=/.test(line)) {
+        return true;
+    }
+    // Python uppercase variable (convention for constants)
+    if (/^[A-Z][A-Z0-9_]+\s*=/.test(line.trim())) {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=check-magic-numbers.js.map

package/dist/hooks/check-magic-numbers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-magic-numbers.js","sourceRoot":"","sources":["../../src/hooks/check-magic-numbers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,gEAAgE;AAChE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI;IAC1B,qBAAqB;IACrB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK;IACrB,uBAAuB;IACvB,CAAC,EAAE,CAAC,EAAE,CAAC;CACR,CAAC,CAAC;AAEH,8CAA8C;AAC9C,MAAM,mBAAmB,GAAG;IAC1B,mBAAmB,EAAY,2BAA2B;IAC1D,eAAe,EAAgB,iBAAiB;IAChD,kBAAkB,EAAa,mBAAmB;IAClD,sBAAsB,EAAS,uBAAuB;IACtD,mBAAmB,EAAY,oBAAoB;IACnD,4BAA4B,EAAG,8BAA8B;IAC7D,cAAc,EAAiB,eAAe;IAC9C,sBAAsB,EAAS,iBAAiB;IAChD,QAAQ,EAAuB,kBAAkB;IACjD,qBAAqB,EAAU,oBAAoB;IACnD,gBAAgB,EAAc,kCAAkC;IAChE,YAAY,EAAmB,aAAa;IAC5C,UAAU,EAAqB,kBAAkB;IACjD,YAAY,EAAmB,oBAAoB;IACnD,wBAAwB,EAAO,yCAAyC;IACxE,8BAA8B,EAAE,cAAc;CAC/C,CAAC;AAEF,4DAA4D;AAC5D,MAAM,sBAAsB,GAAG;IAC7B,iBAAiB;IACjB,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,SAAS;IACT,aAAa;IACb,aAAa;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAS;IACrC,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,qDAAqD;IAClE,QAAQ,EAAE,SAAS;IACnB,0DAA0D;IAC1D,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC;IAE3C,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,wDAAwD;QACxD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC7E,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,6DAA6D;YAC7D,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,SAAS;YACX,CAAC;YAED,+BAA+B;YAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,oCAAoC,CAAC,CAAC;YAE1E,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACxB,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBAE/B,0BAA0B;gBAC1B,IAAI,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC9D,SAAS;gBACX,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,GAAG,IAAI,CAAC,EAAE,IAAI,GAAG,IAAI,EAAE,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;oBACxB,OAAO,EAAE,gBAAgB,MAAM,oCAAoC;oBACnE,QAAQ,EAAE,SAAS;oBACnB,MAAM,EAAE,uBAAuB;iBAChC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,IAAY,EAAE,SAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,mDAAmD;IACnD,IAAI,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/hooks/check-secrets.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for hardcoded secrets, API keys, and tokens
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkSecrets: Hook;
+//# sourceMappingURL=check-secrets.d.ts.map

package/dist/hooks/check-secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-secrets.d.ts","sourceRoot":"","sources":["../../src/hooks/check-secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAGvE,eAAO,MAAM,YAAY,EAAE,IAkI1B,CAAC"}

package/dist/hooks/check-secrets.js

@@ -0,0 +1,138 @@
+/**
+ * Check for hardcoded secrets, API keys, and tokens
+ */
+import { SECRET_PATTERNS, isPlaceholder } from '../utils/patterns.js';
+export const checkSecrets = {
+    id: 'secrets',
+    name: 'Check Secrets',
+    description: 'Detect hardcoded API keys, passwords, and tokens',
+    severity: 'error',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'py', 'json', 'yaml', 'yml', 'toml', 'env'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (isCommentLine(line, context.extension)) {
+                continue;
+            }
+            // AWS Access Key
+            const awsMatch = line.match(SECRET_PATTERNS.awsAccessKey);
+            if (awsMatch && !isPlaceholder(awsMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(awsMatch[0]),
+                    message: 'Possible AWS Access Key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/aws-key',
+                });
+            }
+            // Stripe Key
+            const stripeMatch = line.match(SECRET_PATTERNS.stripeKey);
+            if (stripeMatch && !isPlaceholder(stripeMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(stripeMatch[0]),
+                    message: 'Stripe API key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/stripe-key',
+                });
+            }
+            // GitHub Token
+            const githubMatch = line.match(SECRET_PATTERNS.githubToken);
+            if (githubMatch && !isPlaceholder(githubMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(githubMatch[0]),
+                    message: 'GitHub token detected',
+                    severity: 'error',
+                    ruleId: 'secrets/github-token',
+                });
+            }
+            // Slack Token
+            const slackMatch = line.match(SECRET_PATTERNS.slackToken);
+            if (slackMatch && !isPlaceholder(slackMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(slackMatch[0]),
+                    message: 'Slack token detected',
+                    severity: 'error',
+                    ruleId: 'secrets/slack-token',
+                });
+            }
+            // SendGrid Key
+            const sendgridMatch = line.match(SECRET_PATTERNS.sendgridKey);
+            if (sendgridMatch && !isPlaceholder(sendgridMatch[0])) {
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(sendgridMatch[0]),
+                    message: 'SendGrid API key detected',
+                    severity: 'error',
+                    ruleId: 'secrets/sendgrid-key',
+                });
+            }
+            // Private Key
+            if (SECRET_PATTERNS.privateKey.test(line)) {
+                results.push({
+                    line: lineNum,
+                    column: 0,
+                    message: 'Private key detected - never commit private keys',
+                    severity: 'error',
+                    ruleId: 'secrets/private-key',
+                });
+            }
+            // Generic API key patterns
+            const genericApiMatch = line.match(SECRET_PATTERNS.genericApiKey);
+            if (genericApiMatch && !isPlaceholder(genericApiMatch[0])) {
+                // Only flag if it looks like a real key (long enough, not a placeholder)
+                const value = genericApiMatch[0];
+                if (value.length > 30) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(value),
+                        message: 'Possible hardcoded API key - use environment variables',
+                        severity: 'error',
+                        ruleId: 'secrets/generic-api-key',
+                    });
+                }
+            }
+            // Generic secrets (password, token, etc.)
+            const secretMatch = line.match(SECRET_PATTERNS.genericSecret);
+            if (secretMatch && !isPlaceholder(secretMatch[0])) {
+                // Skip obvious non-secrets
+                const value = secretMatch[0].toLowerCase();
+                if (!value.includes('password:') && // Not a type annotation
+                    !value.includes('password =') && // Assignment with placeholder
+                    value.length > 20) {
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(secretMatch[0]),
+                        message: 'Possible hardcoded secret - use environment variables',
+                        severity: 'warning',
+                        ruleId: 'secrets/generic-secret',
+                    });
+                }
+            }
+        }
+        return results;
+    },
+};
+function isCommentLine(line, extension) {
+    const trimmed = line.trim();
+    // JavaScript/TypeScript style comments
+    if (['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs'].includes(extension)) {
+        return trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+    }
+    // Python style comments
+    if (['py', 'pyw'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    // YAML style comments
+    if (['yaml', 'yml'].includes(extension)) {
+        return trimmed.startsWith('#');
+    }
+    return false;
+}
+//# sourceMappingURL=check-secrets.js.map

package/dist/hooks/check-secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-secrets.js","sourceRoot":"","sources":["../../src/hooks/check-secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEtE,MAAM,CAAC,MAAM,YAAY,GAAS;IAChC,EAAE,EAAE,SAAS;IACb,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE,kDAAkD;IAC/D,QAAQ,EAAE,OAAO;IACjB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;IAE/F,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACX,CAAC;YAED,iBAAiB;YACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;YAC1D,IAAI,QAAQ,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACjC,OAAO,EAAE,kCAAkC;oBAC3C,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,iBAAiB;iBAC1B,CAAC,CAAC;YACL,CAAC;YAED,aAAa;YACb,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpC,OAAO,EAAE,yBAAyB;oBAClC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,oBAAoB;iBAC7B,CAAC,CAAC;YACL,CAAC;YAED,eAAe;YACf,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAC5D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpC,OAAO,EAAE,uBAAuB;oBAChC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;YACL,CAAC;YAED,cAAc;YACd,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;YAC1D,IAAI,UAAU,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;oBACnC,OAAO,EAAE,sBAAsB;oBAC/B,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,qBAAqB;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,eAAe;YACf,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YAC9D,IAAI,aAAa,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;oBACtC,OAAO,EAAE,2BAA2B;oBACpC,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;YACL,CAAC;YAED,cAAc;YACd,IAAI,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,kDAAkD;oBAC3D,QAAQ,EAAE,OAAO;oBACjB,MAAM,EAAE,qBAAqB;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,2BAA2B;YAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;YAClE,IAAI,eAAe,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,yEAAyE;gBACzE,MAAM,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBACjC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBACtB,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;wBAC3B,OAAO,EAAE,wDAAwD;wBACjE,QAAQ,EAAE,OAAO;wBACjB,MAAM,EAAE,yBAAyB;qBAClC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,0CAA0C;YAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;YAC9D,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClD,2BAA2B;gBAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3C,IACE,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,wBAAwB;oBACxD,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,8BAA8B;oBAC/D,KAAK,CAAC,MAAM,GAAG,EAAE,EACjB,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;wBACpC,OAAO,EAAE,uDAAuD;wBAChE,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,wBAAwB;qBACjC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,IAAY,EAAE,SAAiB;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,uCAAuC;IACvC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,OAAO,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/hooks/check-snake-case-ts.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for snake_case property names in TypeScript interfaces/types
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkSnakeCaseTs: Hook;
+//# sourceMappingURL=check-snake-case-ts.d.ts.map

package/dist/hooks/check-snake-case-ts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-snake-case-ts.d.ts","sourceRoot":"","sources":["../../src/hooks/check-snake-case-ts.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAEvE,eAAO,MAAM,gBAAgB,EAAE,IAmF9B,CAAC"}

package/dist/hooks/check-snake-case-ts.js

@@ -0,0 +1,78 @@
+/**
+ * Check for snake_case property names in TypeScript interfaces/types
+ */
+export const checkSnakeCaseTs = {
+    id: 'snake-case',
+    name: 'Check Snake Case',
+    description: 'Detect snake_case properties in TypeScript that should be camelCase',
+    severity: 'warning',
+    fileTypes: ['ts', 'tsx', 'mts', 'cts'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        // Track if we're inside an interface or type definition
+        let inInterfaceOrType = false;
+        let braceDepth = 0;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Skip comments
+            if (line.trim().startsWith('//') || line.trim().startsWith('*')) {
+                continue;
+            }
+            // Detect interface or type start
+            if (/^\s*(?:export\s+)?(?:interface|type)\s+\w+/.test(line)) {
+                inInterfaceOrType = true;
+                braceDepth = 0;
+            }
+            // Track brace depth
+            const openBraces = (line.match(/\{/g) || []).length;
+            const closeBraces = (line.match(/\}/g) || []).length;
+            if (inInterfaceOrType) {
+                braceDepth += openBraces - closeBraces;
+                // Check for snake_case properties
+                // Match property names in interface/type definitions
+                const propertyMatch = line.match(/^\s*['"]?([a-z][a-z0-9]*(?:_[a-z0-9]+)+)['"]?\s*[?]?\s*:/);
+                if (propertyMatch) {
+                    const propertyName = propertyMatch[1];
+                    const suggestedName = toCamelCase(propertyName);
+                    results.push({
+                        line: lineNum,
+                        column: line.indexOf(propertyName),
+                        message: `Property "${propertyName}" uses snake_case - consider using camelCase "${suggestedName}"`,
+                        severity: 'warning',
+                        ruleId: 'snake-case/property',
+                        fix: suggestedName,
+                    });
+                }
+                // End of interface/type
+                if (braceDepth <= 0 && closeBraces > 0) {
+                    inInterfaceOrType = false;
+                }
+            }
+            // Also check for snake_case in object destructuring from API responses
+            // This is a common issue when copying from API response types
+            const destructMatch = line.match(/const\s*\{\s*([^}]+)\s*\}\s*=/);
+            if (destructMatch) {
+                const props = destructMatch[1].split(',');
+                for (const prop of props) {
+                    const propName = prop.trim().split(':')[0].trim();
+                    if (/^[a-z][a-z0-9]*(?:_[a-z0-9]+)+$/.test(propName)) {
+                        results.push({
+                            line: lineNum,
+                            column: line.indexOf(propName),
+                            message: `Destructured property "${propName}" uses snake_case - API response may need transformation`,
+                            severity: 'info',
+                            ruleId: 'snake-case/destructure',
+                        });
+                    }
+                }
+            }
+        }
+        return results;
+    },
+};
+function toCamelCase(snakeCase) {
+    return snakeCase.replace(/_([a-z])/g, (_, letter) => letter.toUpperCase());
+}
+//# sourceMappingURL=check-snake-case-ts.js.map

package/dist/hooks/check-snake-case-ts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-snake-case-ts.js","sourceRoot":"","sources":["../../src/hooks/check-snake-case-ts.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAS;IACpC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,qEAAqE;IAClF,QAAQ,EAAE,SAAS;IACnB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IAEtC,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,wDAAwD;QACxD,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,gBAAgB;YAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,iCAAiC;YACjC,IAAI,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5D,iBAAiB,GAAG,IAAI,CAAC;gBACzB,UAAU,GAAG,CAAC,CAAC;YACjB,CAAC;YAED,oBAAoB;YACpB,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YACpD,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAErD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,UAAU,IAAI,UAAU,GAAG,WAAW,CAAC;gBAEvC,kCAAkC;gBAClC,qDAAqD;gBACrD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAE7F,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;oBACtC,MAAM,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;oBAEhD,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO;wBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;wBAClC,OAAO,EAAE,aAAa,YAAY,iDAAiD,aAAa,GAAG;wBACnG,QAAQ,EAAE,SAAS;wBACnB,MAAM,EAAE,qBAAqB;wBAC7B,GAAG,EAAE,aAAa;qBACnB,CAAC,CAAC;gBACL,CAAC;gBAED,wBAAwB;gBACxB,IAAI,UAAU,IAAI,CAAC,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACvC,iBAAiB,GAAG,KAAK,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,8DAA8D;YAC9D,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;YAClE,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACrD,OAAO,CAAC,IAAI,CAAC;4BACX,IAAI,EAAE,OAAO;4BACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;4BAC9B,OAAO,EAAE,0BAA0B,QAAQ,0DAA0D;4BACrG,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,wBAAwB;yBACjC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC;AAEF,SAAS,WAAW,CAAC,SAAiB;IACpC,OAAO,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAC7E,CAAC"}

package/dist/hooks/check-todo-fixme.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for TODO/FIXME comments that indicate incomplete work
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkTodoFixme: Hook;
+//# sourceMappingURL=check-todo-fixme.d.ts.map

package/dist/hooks/check-todo-fixme.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-todo-fixme.d.ts","sourceRoot":"","sources":["../../src/hooks/check-todo-fixme.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAKvE,eAAO,MAAM,cAAc,EAAE,IAwC5B,CAAC"}

package/dist/hooks/check-todo-fixme.js

@@ -0,0 +1,41 @@
+/**
+ * Check for TODO/FIXME comments that indicate incomplete work
+ */
+// Patterns to match TODO/FIXME comments
+const TODO_PATTERN = /\b(TODO|FIXME|XXX|HACK|BUG|OPTIMIZE)\b[:\s]*(.*)/i;
+export const checkTodoFixme = {
+    id: 'todo',
+    name: 'Check TODO/FIXME',
+    description: 'Detect TODO, FIXME, and other incomplete work markers',
+    severity: 'info',
+    fileTypes: ['js', 'jsx', 'ts', 'tsx', 'mjs', 'cjs', 'py', 'html', 'css'],
+    check(context) {
+        const results = [];
+        const lines = context.content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            const match = line.match(TODO_PATTERN);
+            if (match) {
+                const type = match[1].toUpperCase();
+                const description = match[2]?.trim() || '';
+                // Determine severity based on type
+                let severity = 'info';
+                if (type === 'FIXME' || type === 'BUG') {
+                    severity = 'warning';
+                }
+                results.push({
+                    line: lineNum,
+                    column: line.indexOf(match[0]),
+                    message: description
+                        ? `${type}: ${description}`
+                        : `${type} marker without description`,
+                    severity,
+                    ruleId: `todo/${type.toLowerCase()}`,
+                });
+            }
+        }
+        return results;
+    },
+};
+//# sourceMappingURL=check-todo-fixme.js.map

package/dist/hooks/check-todo-fixme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-todo-fixme.js","sourceRoot":"","sources":["../../src/hooks/check-todo-fixme.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,wCAAwC;AACxC,MAAM,YAAY,GAAG,mDAAmD,CAAC;AAEzE,MAAM,CAAC,MAAM,cAAc,GAAS;IAClC,EAAE,EAAE,MAAM;IACV,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,uDAAuD;IACpE,QAAQ,EAAE,MAAM;IAChB,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC;IAExE,KAAK,CAAC,OAAoB;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;gBAE3C,mCAAmC;gBACnC,IAAI,QAAQ,GAAuB,MAAM,CAAC;gBAC1C,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;oBACvC,QAAQ,GAAG,SAAS,CAAC;gBACvB,CAAC;gBAED,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9B,OAAO,EAAE,WAAW;wBAClB,CAAC,CAAC,GAAG,IAAI,KAAK,WAAW,EAAE;wBAC3B,CAAC,CAAC,GAAG,IAAI,6BAA6B;oBACxC,QAAQ;oBACR,MAAM,EAAE,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF,CAAC"}

package/dist/hooks/check-unsafe-html.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Check for unsafe HTML/DOM manipulation that could lead to XSS
+ */
+import type { Hook } from '../utils/types.js';
+export declare const checkUnsafeHtml: Hook;
+//# sourceMappingURL=check-unsafe-html.d.ts.map

package/dist/hooks/check-unsafe-html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-unsafe-html.d.ts","sourceRoot":"","sources":["../../src/hooks/check-unsafe-html.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,IAAI,EAA2B,MAAM,mBAAmB,CAAC;AAEvE,eAAO,MAAM,eAAe,EAAE,IA6G7B,CAAC"}