flaw-kit 2.0.0__tar.gz

flaw_kit-2.0.0/PKG-INFO

@@ -0,0 +1,59 @@
+Metadata-Version: 2.4
+Name: flaw-kit
+Version: 2.0.0
+Summary: FLAW — Flow Logic Audit Watch. Code auditor for AI-generated projects.
+Author: resetroot99, ajakvani
+License: MIT
+Project-URL: Homepage, https://github.com/resetroot99/FLAW
+Project-URL: Repository, https://github.com/resetroot99/FLAW
+Project-URL: Issues, https://github.com/resetroot99/FLAW/issues
+Keywords: audit,code-quality,ai-code-review,static-analysis
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+
+# flaw-kit
+
+**FLAW — Flow Logic Audit Watch**
+
+Code integrity auditor for AI-generated projects. Scans your codebase and tells you what's broken, what's fake, and what's missing.
+
+This is the Python wrapper for the FLAW engine. Requires Node.js >= 18.
+
+## Install
+
+```bash
+pip install flaw-kit
+```
+
+## Usage
+
+```bash
+# Interactive mode
+flaw
+
+# One-shot scan
+flaw .
+
+# Export HTML report
+flaw ../my-app --html
+```
+
+## Requirements
+
+- Python >= 3.8
+- Node.js >= 18
+
+## Full Documentation
+
+See the [GitHub repo](https://github.com/resetroot99/FLAW) for full documentation, features, and configuration.
+
+## License
+
+MIT

flaw_kit-2.0.0/README.md

@@ -0,0 +1,39 @@
+# flaw-kit
+
+**FLAW — Flow Logic Audit Watch**
+
+Code integrity auditor for AI-generated projects. Scans your codebase and tells you what's broken, what's fake, and what's missing.
+
+This is the Python wrapper for the FLAW engine. Requires Node.js >= 18.
+
+## Install
+
+```bash
+pip install flaw-kit
+```
+
+## Usage
+
+```bash
+# Interactive mode
+flaw
+
+# One-shot scan
+flaw .
+
+# Export HTML report
+flaw ../my-app --html
+```
+
+## Requirements
+
+- Python >= 3.8
+- Node.js >= 18
+
+## Full Documentation
+
+See the [GitHub repo](https://github.com/resetroot99/FLAW) for full documentation, features, and configuration.
+
+## License
+
+MIT

flaw_kit-2.0.0/flaw_audit/__init__.py

@@ -0,0 +1,3 @@
+"""FLAW — Flow Logic Audit Watch. Code auditor for AI-generated projects."""
+
+__version__ = "2.0.0"

flaw_kit-2.0.0/flaw_audit/cli.py

@@ -0,0 +1,71 @@
+"""
+FLAW CLI — Python wrapper for the FLAW TypeScript engine.
+Requires Node.js >= 18 to be installed.
+"""
+
+import subprocess
+import sys
+import os
+import shutil
+
+
+def find_node():
+    """Find the Node.js binary."""
+    node = shutil.which("node")
+    if node:
+        return node
+    # Common install locations
+    for path in ["/usr/local/bin/node", "/opt/homebrew/bin/node", os.path.expanduser("~/.nvm/current/bin/node")]:
+        if os.path.isfile(path):
+            return path
+    return None
+
+
+def find_entry():
+    """Find the FLAW JS entry point."""
+    # Bundled dist/ alongside this package
+    pkg_dir = os.path.dirname(os.path.abspath(__file__))
+    bundled = os.path.join(pkg_dir, "dist", "index.js")
+    if os.path.isfile(bundled):
+        return bundled
+
+    # Installed globally via npm
+    npx = shutil.which("npx")
+    if npx:
+        return None  # Will use npx fallback
+
+    return None
+
+
+def main():
+    """Main entry point for the FLAW CLI."""
+    node = find_node()
+    if not node:
+        print("\033[31mError: Node.js >= 18 is required.\033[0m")
+        print("Install it from https://nodejs.org or via your package manager.")
+        print("")
+        print("  brew install node        # macOS")
+        print("  curl -fsSL https://fnm.vercel.app/install | bash  # fnm")
+        print("  apt install nodejs       # Ubuntu/Debian")
+        sys.exit(1)
+
+    entry = find_entry()
+
+    if entry:
+        # Run bundled JS directly
+        result = subprocess.run([node, entry] + sys.argv[1:])
+        sys.exit(result.returncode)
+    else:
+        # Try npx fallback
+        npx = shutil.which("npx")
+        if npx:
+            result = subprocess.run([npx, "flaw-kit"] + sys.argv[1:])
+            sys.exit(result.returncode)
+
+        print("\033[31mError: FLAW engine not found.\033[0m")
+        print("Install via npm: npm install -g flaw-kit")
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

flaw_kit-2.0.0/flaw_audit/dist/analyzers/backend-integrity.js

@@ -0,0 +1,133 @@
+import { makeFinding, makeSmell, emptyResult } from './base.js';
+import { searchFiles, filesMatching, extractSnippet } from '../utils/patterns.js';
+import { isTestFile } from '../utils/fs.js';
+const serverFilter = (f) => !isTestFile(f) && (/\b(api|server|route|action|controller|handler|middleware|mutation)\b/i.test(f) ||
+    /\.(py|rb|go|rs|java|php)$/.test(f));
+const srcFilter = (f) => !isTestFile(f) && /\.(ts|tsx|js|jsx|py|rb|go|java|php)$/.test(f);
+export function analyzeBackendIntegrity(ctx) {
+    const result = emptyResult();
+    // FK-BE-PERSIST-001: Writes that don't actually persist
+    // Look for handlers that return success without DB writes
+    const handlerFiles = filesMatching(ctx.fileContents, /(export\s+(default\s+)?function|export\s+const)\s+\w*(POST|PUT|PATCH|DELETE|create|update|save|delete|remove)/i, serverFilter);
+    for (const file of handlerFiles) {
+        const content = ctx.fileContents.get(file);
+        const hasDbOp = /(prisma|db|knex|mongoose|sequelize|supabase|drizzle|sql|query|insert|update|\.save\(|\.create\(|\.update\(|\.delete\(|\.destroy\()/i.test(content);
+        const hasResponse = /(return|res\.(json|send|status)|NextResponse|Response)/i.test(content);
+        if (hasResponse && !hasDbOp) {
+            result.findings.push(makeFinding({
+                ruleId: 'FK-BE-PERSIST-001',
+                title: 'Write handler may not persist data',
+                categoryId: 'BE',
+                severity: 'high',
+                confidence: 'medium',
+                labels: ['Fragile', 'Incomplete'],
+                summary: `Handler in ${file} returns a response but has no visible database operation.`,
+                impact: 'Data may not actually be saved.',
+                location: { file },
+                codeSnippet: extractSnippet(ctx.fileContents, file, 1, 0, 8),
+                suggestedFix: 'Verify the handler connects to a real persistence layer.',
+            }));
+            result.smellHits.push(makeSmell('SMELL-DISCONNECTED-BACKEND', 'Disconnected backend', 1));
+        }
+    }
+    // FK-BE-CONTRACT-001: Inconsistent response patterns
+    const responsePatterns = searchFiles(ctx.fileContents, /res\.(json|send)\(\s*\{[^}]*\}\s*\)/, serverFilter);
+    // Check for inconsistent response shapes (success vs error)
+    const successShapes = new Set();
+    const errorShapes = new Set();
+    for (const hit of responsePatterns) {
+        if (/error|fail|400|401|403|404|500/i.test(hit.context)) {
+            const shape = hit.context.replace(/['"`][^'"`]*['"`]/g, 'STR').replace(/\d+/g, 'NUM');
+            errorShapes.add(shape);
+        }
+        else {
+            const shape = hit.context.replace(/['"`][^'"`]*['"`]/g, 'STR').replace(/\d+/g, 'NUM');
+            successShapes.add(shape);
+        }
+    }
+    // FK-BE-ENDPOINT-001: fetch/axios calls to undefined endpoints
+    // Collect frontend API calls — match various URL patterns
+    const clientFetches = searchFiles(ctx.fileContents, /fetch\(\s*['"``]([^'"`]+)['"``]|axios\.\w+\(\s*['"``]([^'"`]+)['"``]|api\.\w+\(\s*['"``]([^'"`]+)['"``]/, (f) => !isTestFile(f) && /\.(tsx?|jsx?)$/.test(f));
+    // Collect all backend route paths from FastAPI/Express/Next.js
+    const backendRoutes = new Set();
+    // Next.js file-based routes
+    for (const f of ctx.files) {
+        if (/\/api\//.test(f) && serverFilter(f)) {
+            const match = f.match(/\/api\/(.+?)(?:\/route|\/index)?\.\w+$/);
+            if (match)
+                backendRoutes.add(`/api/${match[1]}`);
+        }
+    }
+    // FastAPI/Express decorator-based routes
+    for (const [file, content] of ctx.fileContents) {
+        if (!/\.py$/.test(file) && !serverFilter(file))
+            continue;
+        const lines = content.split('\n');
+        // Collect router prefixes: router = APIRouter(prefix="/api/v1/foo")
+        let routerPrefix = '';
+        const prefixMatch = content.match(/APIRouter\s*\(\s*(?:.*?)prefix\s*=\s*['"`]([^'"`]+)['"`]/);
+        if (prefixMatch)
+            routerPrefix = prefixMatch[1];
+        for (let i = 0; i < lines.length; i++) {
+            // @router.get("/path"), @app.post("/path"), etc.
+            const routeMatch = lines[i].match(/@(?:router|app)\.(get|post|put|patch|delete)\(\s*['"`]([^'"`]+)['"`]/);
+            if (routeMatch) {
+                const path = routerPrefix + routeMatch[2];
+                backendRoutes.add(path);
+            }
+            // Express: router.get("/path", ...) or app.post("/path", ...)
+            const expressMatch = lines[i].match(/(?:router|app)\.(get|post|put|patch|delete)\(\s*['"`]([^'"`]+)['"`]/);
+            if (expressMatch) {
+                backendRoutes.add(expressMatch[2]);
+            }
+        }
+    }
+    for (const hit of clientFetches) {
+        const urlMatch = hit.match.match(/['"`]([^'"`]+?)['"`]/);
+        if (!urlMatch)
+            continue;
+        let url = urlMatch[1].replace(/\?.*/, '').replace(/\/+$/, '');
+        // Skip template strings with complex expressions, relative URLs, external URLs
+        if (/\$\{/.test(url) || /^https?:\/\//.test(url) || !url.startsWith('/'))
+            continue;
+        // Normalize dynamic segments for matching: /api/v1/foo/123 -> /api/v1/foo/{id}
+        const urlNorm = url.replace(/\/\d+/g, '/{id}');
+        const exists = Array.from(backendRoutes).some(route => {
+            const routeNorm = route.replace(/\{[^}]+\}/g, '{id}');
+            return urlNorm === routeNorm || url === route || url.startsWith(route + '/') || route.startsWith(url);
+        });
+        if (!exists && backendRoutes.size > 0) {
+            result.findings.push(makeFinding({
+                ruleId: 'FK-BE-ENDPOINT-001',
+                title: 'Client fetches endpoint that may not exist',
+                categoryId: 'BE',
+                severity: 'high',
+                confidence: 'low',
+                labels: ['Broken', 'Fake Flow'],
+                summary: `Client calls ${url} but no matching API route was found.`,
+                impact: 'Frontend action has no backend support.',
+                location: { file: hit.file, startLine: hit.line },
+                codeSnippet: extractSnippet(ctx.fileContents, hit.file, hit.line),
+                suggestedFix: 'Create the API endpoint or fix the URL.',
+            }));
+        }
+    }
+    // FK-BE-ORPHAN-001: Backend routes with no frontend caller
+    if (backendRoutes.size > 0 && clientFetches.length > 0) {
+        const calledUrls = new Set();
+        for (const hit of clientFetches) {
+            const urlMatch = hit.match.match(/['"`]([^'"`]+?)['"`]/);
+            if (urlMatch)
+                calledUrls.add(urlMatch[1].replace(/\?.*/, '').replace(/\/+$/, ''));
+        }
+        // Also check for URL references in template literals
+        const templateFetches = searchFiles(ctx.fileContents, /['"``]\/api\/v\d+\/[a-z_/-]+['"``]/, (f) => !isTestFile(f) && /\.(tsx?|jsx?)$/.test(f));
+        for (const hit of templateFetches) {
+            const urlMatch = hit.match.match(/['"`]([^'"`]+?)['"`]/);
+            if (urlMatch)
+                calledUrls.add(urlMatch[1]);
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=backend-integrity.js.map

flaw_kit-2.0.0/flaw_audit/dist/analyzers/base.js

@@ -0,0 +1,25 @@
+let findingCounter = 0;
+export function makeFinding(opts) {
+    findingCounter++;
+    return {
+        id: `finding_${String(findingCounter).padStart(3, '0')}`,
+        status: 'open',
+        ...opts,
+    };
+}
+export function makeSmell(id, label, count) {
+    return { id, label, count };
+}
+export function emptyResult() {
+    return { findings: [], smellHits: [] };
+}
+export function mergeResults(...results) {
+    return {
+        findings: results.flatMap(r => r.findings),
+        smellHits: results.flatMap(r => r.smellHits),
+    };
+}
+export function resetFindingCounter() {
+    findingCounter = 0;
+}
+//# sourceMappingURL=base.js.map

flaw_kit-2.0.0/flaw_audit/dist/analyzers/data-model.js

@@ -0,0 +1,111 @@
+import { makeFinding, emptyResult } from './base.js';
+import { searchFiles, filesMatching, extractSnippet } from '../utils/patterns.js';
+import { isTestFile } from '../utils/fs.js';
+const srcFilter = (f) => !isTestFile(f);
+export function analyzeDataModel(ctx) {
+    const result = emptyResult();
+    // FK-DM-TENANT-001: Queries without tenant/user scoping
+    // JS/TS ORM patterns
+    const queryWithoutScope = searchFiles(ctx.fileContents, /\.findMany\(\s*\)|\bfindAll\(\s*\)|\.\w+\.find\(\s*\{?\s*\}?\s*\)/, (f) => srcFilter(f) && /\.(ts|js)$/.test(f));
+    // Python ORM patterns: SQLAlchemy session.query(...).all(), select(...), .objects.all()
+    const pyQueryWithoutScope = searchFiles(ctx.fileContents, /session\.query\([^)]+\)\.all\(\)|\.execute\(\s*select\([^)]+\)\s*\)|\.objects\.all\(\)/, (f) => srcFilter(f) && /\.py$/.test(f));
+    for (const hit of [...queryWithoutScope, ...pyQueryWithoutScope]) {
+        const content = ctx.fileContents.get(hit.file);
+        const lines = content.split('\n');
+        const region = lines.slice(Math.max(0, hit.line - 5), Math.min(lines.length, hit.line + 10)).join('\n');
+        const hasScope = /(where|filter|userId|tenantId|orgId|ownerId|scope|belongsTo|tenant_id|user_id|org_id|owner_id|company_id)/i.test(region);
+        // Check for limit/pagination in context — bounded queries are low risk
+        const hasLimit = /(\.limit\(|\.take\(|LIMIT\s+\d|\$limit|\.slice\(|\.head\(|pagination|paginate|offset|skip\s*[:=]|limit\s*[:=])/i.test(region);
+        if (!hasScope && !hasLimit) {
+            result.findings.push(makeFinding({
+                ruleId: 'FK-DM-TENANT-001',
+                title: 'Unscoped query may return all records',
+                categoryId: 'DM',
+                severity: 'high',
+                confidence: 'low',
+                labels: ['Unsafe'],
+                summary: `Query at ${hit.file}:${hit.line} fetches without visible scoping.`,
+                impact: 'May expose data across users or tenants.',
+                location: { file: hit.file, startLine: hit.line },
+                codeSnippet: extractSnippet(ctx.fileContents, hit.file, hit.line, 2, 4),
+                suggestedFix: 'Add user/tenant scoping to the query.',
+            }));
+        }
+    }
+    // FK-DM-SCHEMA-001: Schema with optional fields that should be required
+    const schemaFiles = filesMatching(ctx.fileContents, /model\s+\w+\s*\{|CREATE TABLE|schema\.\w+Table|class\s+\w+\(.*Base\)/i, srcFilter);
+    // Check for Prisma models missing required fields
+    for (const file of schemaFiles) {
+        const content = ctx.fileContents.get(file);
+        if (/\.prisma$/.test(file)) {
+            // Check for models without timestamps
+            const models = content.match(/model\s+\w+\s*\{[^}]+\}/g) || [];
+            for (const model of models) {
+                const modelName = model.match(/model\s+(\w+)/)?.[1] || 'Unknown';
+                if (!/createdAt|created_at|updatedAt|updated_at/i.test(model)) {
+                    result.findings.push(makeFinding({
+                        ruleId: 'FK-DM-SCHEMA-001',
+                        title: `Model ${modelName} lacks timestamp fields`,
+                        categoryId: 'DM',
+                        severity: 'low',
+                        confidence: 'high',
+                        labels: ['Incomplete'],
+                        summary: `Model ${modelName} has no createdAt/updatedAt fields.`,
+                        impact: 'No audit trail for record changes.',
+                        location: { file },
+                        suggestedFix: 'Add createdAt and updatedAt timestamp fields.',
+                    }));
+                }
+            }
+        }
+    }
+    // FK-DM-NULLABLE-001: SQLAlchemy columns that are Optional/nullable without defaults
+    for (const [file, content] of ctx.fileContents) {
+        if (!/\.py$/.test(file) || isTestFile(file))
+            continue;
+        if (!/class\s+\w+\(.*Base\)/.test(content))
+            continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Column(..., nullable=True) or Optional[...] = Column(...) without server_default
+            if (/Column\(/.test(line) && /nullable\s*=\s*True/.test(line) && !/server_default|default=/.test(line)) {
+                const colName = line.match(/(\w+)\s*(?::\s*\w+)?\s*=\s*(?:mapped_column|Column)/)?.[1];
+                if (colName && /(name|title|status|type|email|role)$/i.test(colName)) {
+                    result.findings.push(makeFinding({
+                        ruleId: 'FK-DM-NULLABLE-001',
+                        title: `Critical column "${colName}" is nullable without default`,
+                        categoryId: 'DM',
+                        severity: 'medium',
+                        confidence: 'medium',
+                        labels: ['Fragile', 'Incomplete'],
+                        summary: `${file}:${i + 1} — "${colName}" is nullable but looks like a required field.`,
+                        impact: 'NULL values in required fields cause downstream errors.',
+                        location: { file, startLine: i + 1 },
+                        codeSnippet: extractSnippet(ctx.fileContents, file, i + 1, 1, 2),
+                        suggestedFix: `Make "${colName}" non-nullable or add a server_default.`,
+                    }));
+                }
+            }
+        }
+    }
+    // FK-DM-DEMO-001: Seed data referenced in production paths
+    const seedRefs = searchFiles(ctx.fileContents, /^import\s+.*['"`].*\b(seed|fixtures?|demo|sample)\b.*['"`]|^(?:const|let|var)\s+.*=\s*require\(.*\b(seed|fixtures?|demo|sample)\b/i, (f) => srcFilter(f) && !isTestFile(f) && !/seed|fixture|demo|test|spec|analyz/i.test(f));
+    for (const hit of seedRefs) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DM-DEMO-001',
+            title: 'Seed/demo data imported in production path',
+            categoryId: 'DM',
+            severity: 'medium',
+            confidence: 'medium',
+            labels: ['Mock Leakage'],
+            summary: `Seed or demo data imported in ${hit.file}:${hit.line}.`,
+            impact: 'Production logic may depend on test/demo data.',
+            location: { file: hit.file, startLine: hit.line },
+            codeSnippet: extractSnippet(ctx.fileContents, hit.file, hit.line),
+            suggestedFix: 'Remove seed/demo imports from production code.',
+        }));
+    }
+    return result;
+}
+//# sourceMappingURL=data-model.js.map

flaw_kit-2.0.0/flaw_audit/dist/analyzers/deployment.js

@@ -0,0 +1,111 @@
+import { makeFinding, emptyResult } from './base.js';
+import { isTestFile } from '../utils/fs.js';
+export function analyzeDeployment(ctx) {
+    const result = emptyResult();
+    const fileSet = new Set(ctx.files);
+    // FK-DO-SETUP-001: Missing README
+    const hasReadme = ctx.files.some(f => /^readme\.(md|txt|rst)$/i.test(f));
+    if (!hasReadme && ctx.files.length > 10) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-SETUP-001',
+            title: 'No README file',
+            categoryId: 'DO',
+            severity: 'medium',
+            confidence: 'high',
+            labels: ['Incomplete'],
+            summary: 'Project has no README for setup instructions.',
+            impact: 'New developers cannot onboard without oral tradition.',
+            location: { file: '.' },
+            suggestedFix: 'Add a README with setup, run, and deployment instructions.',
+        }));
+    }
+    // FK-DO-ENV-001: No .env.example
+    const hasEnvExample = ctx.files.some(f => /\.env\.(example|sample|template)$/i.test(f));
+    const hasEnvUsage = Array.from(ctx.fileContents.values()).some(c => /process\.env\.\w+|import\.meta\.env\.\w+|os\.environ/i.test(c));
+    if (hasEnvUsage && !hasEnvExample) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-ENV-001',
+            title: 'Environment variables used but no .env.example provided',
+            categoryId: 'DO',
+            severity: 'medium',
+            confidence: 'high',
+            labels: ['Incomplete'],
+            summary: 'Code references env vars but no example env file exists.',
+            impact: 'New developers must guess required configuration.',
+            location: { file: '.' },
+            suggestedFix: 'Create a .env.example listing all required variables.',
+        }));
+    }
+    // FK-DO-CI-001: No CI configuration
+    const hasCi = ctx.files.some(f => /\.github\/workflows\//.test(f) ||
+        /\.gitlab-ci\.yml/.test(f) ||
+        /Jenkinsfile/.test(f) ||
+        /\.circleci\//.test(f) ||
+        /bitbucket-pipelines\.yml/.test(f));
+    if (!hasCi && ctx.files.length > 20) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-CI-001',
+            title: 'No CI/CD configuration found',
+            categoryId: 'DO',
+            severity: 'medium',
+            confidence: 'high',
+            labels: ['Incomplete'],
+            summary: 'No CI/CD pipeline configuration detected.',
+            impact: 'No automated checks on code changes.',
+            location: { file: '.' },
+            suggestedFix: 'Add CI config to run lint, typecheck, and tests on push.',
+        }));
+    }
+    // FK-DO-SETUP-001: No lockfile
+    const hasLockfile = ctx.files.some(f => /^(package-lock\.json|yarn\.lock|pnpm-lock\.yaml|bun\.lockb|Gemfile\.lock|poetry\.lock|go\.sum|Cargo\.lock)$/.test(f));
+    const hasPackageJson = fileSet.has('package.json');
+    if (hasPackageJson && !hasLockfile) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-SETUP-001',
+            title: 'No lockfile committed',
+            categoryId: 'DO',
+            severity: 'medium',
+            confidence: 'high',
+            labels: ['Fragile'],
+            summary: 'package.json exists but no lockfile is committed.',
+            impact: 'Builds may not be reproducible across environments.',
+            location: { file: 'package.json' },
+            suggestedFix: 'Commit the lockfile for your package manager.',
+        }));
+    }
+    // FK-DO-LOGS-001: No structured logging
+    const hasLogger = Array.from(ctx.fileContents.values()).some(c => /\b(winston|pino|bunyan|log4js|logger\.|logging\.getLogger|structlog|slog\.)/i.test(c));
+    const sourceCount = ctx.files.filter(f => /\.(ts|tsx|js|jsx|py|rb|go)$/.test(f) && !isTestFile(f)).length;
+    if (!hasLogger && sourceCount > 20) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-LOGS-001',
+            title: 'No structured logging library detected',
+            categoryId: 'DO',
+            severity: 'low',
+            confidence: 'medium',
+            labels: ['Incomplete'],
+            summary: 'Project uses console.log but no structured logging.',
+            impact: 'Production debugging will be harder without structured logs.',
+            location: { file: '.' },
+            suggestedFix: 'Add a structured logger (pino, winston, etc.).',
+        }));
+    }
+    // Gitignore check
+    const hasGitignore = fileSet.has('.gitignore');
+    if (!hasGitignore && ctx.files.length > 5) {
+        result.findings.push(makeFinding({
+            ruleId: 'FK-DO-SETUP-001',
+            title: 'No .gitignore file',
+            categoryId: 'DO',
+            severity: 'medium',
+            confidence: 'high',
+            labels: ['Unsafe', 'Incomplete'],
+            summary: 'Project has no .gitignore — risk of committing sensitive files.',
+            impact: 'node_modules, .env, and build artifacts may be committed.',
+            location: { file: '.' },
+            suggestedFix: 'Add a .gitignore appropriate for your stack.',
+        }));
+    }
+    return result;
+}
+//# sourceMappingURL=deployment.js.map