REES analyzer roadmap
The review-enrichment service (REES) returns a structured "review brief" the engine splices into each review — the heavy/external/historical analysis the no-checkout headless reviewer cannot do. Four analyzers are live (dependency/CVE #1493, secret #1494, license #1496, install-script #1497). This epic tracks the rest, from a 7-agent ideation pass (36 ideas).
Each is a clean PR inside review-enrichment/ following the established pattern (types → analyzers/.ts → brief.ts registry → render.ts → node:test). Public-safe, verifiable findings only (file:line or package@version).
Speculative / later (not yet split into issues)
- Uncaught-rejection / floating-promise + error-swallow analyzer — Floating promises, un-handled async rejections, empty catch {} swallowed errors, missing await on a returned promise.
- SQL migration safety analyzer — Destructive/lock-risky schema migrations (column/table DROP, NOT-NULL-without-default add) + non-contiguous/duplicate migrations/NNNN_*.sql numbers.
- Deprecated-API & framework anti-pattern cross-checker — Use of a dependency's deprecated/removed API for the INSTALLED version, or framework anti-patterns (React componentWillReceiveProps, missing key, body-parser, removed Node/Python calls).
- Accessibility & i18n regression detector — a11y violations (img without alt, input without label, div onClick without role/keyboard, contrast) + newly hardcoded user-facing English where a t('...') key belongs in an i18n repo.
- Public-API undocumented-export scan — Newly added exported API surface that ships with no doc comment, measured against the module's OWN documentation norm so it only fires where peers ARE documented (house-style regression, not a blanket nag).
- Blame-to-PR regression linker — For the lines this PR edits, identifies the originating PR of the surrounding code and whether that region was itself a later fix/regression — 'you're editing code last changed by PR #N, a fix for incident #M.'
- Flaky-test history annotator — Touched test files mapping to tests with recent flakiness/retries on the default branch — a passing CI run may be noise.
- Enum/literal-union exhaustiveness drift — A PR adds a new variant to a TS string-literal union / enum / discriminated-union kind field but leaves switch/if-chains non-exhaustive — the new case silently no-ops.
- License compatibility deep-resolver — Transitive-dependency license incompatible with the repo's OWN declared license (GPL into MIT, SSPL/BUSL treated as OSS, no-license deps) — vs the shipped license-check which is per-direct-dep and policy-class-only.
Parent: #1029
REES analyzer roadmap
The review-enrichment service (REES) returns a structured "review brief" the engine splices into each review — the heavy/external/historical analysis the no-checkout headless reviewer cannot do. Four analyzers are live (dependency/CVE #1493, secret #1494, license #1496, install-script #1497). This epic tracks the rest, from a 7-agent ideation pass (36 ideas).
Each is a clean PR inside
review-enrichment/following the established pattern (types → analyzers/.ts → brief.ts registry → render.ts → node:test). Public-safe, verifiable findings only (file:line or package@version).Speculative / later (not yet split into issues)
Parent: #1029