GenSense Rule Catalog
This catalog lists all semantic rules currently active in the GenSense engine.
| Rule ID | Severity | Category | Description |
|---|---|---|---|
RUST_ASYNC_MUTEX_DEADLOCK | Critical | Reliability | Holding a standard Mutex guard across an await point can block the entire executor thread. |
RUST_ASYNC_BLOCKING_IO | Warning | Performance | Calling synchronous blocking functions inside an async task blocks the entire executor thread, stalling all other tasks on that thread. |
RUST_ASYNC_PANIC_PREVENTION | Warning | Safety | Unwrapped Result or Option in async context can lead to unhandled task failures and cascading system instability. |
RUST_ASYNC_MISSING_TIMEOUT | Critical | Reliability | A network or I/O call that never responds can hang an entire worker task indefinitely, leading to protocol-level stalls or cascading failures. |
RUST_MISSING_TRACING_SPAN | Info | Observability | Production-grade protocol logic must be visible in telemetry. Missing spans make debugging distributed hangs or latency spikes extremely difficult. |
RUST_FAKE_ASYNC | Info | Performance | Async functions without awaits introduce state machine overhead and return a future unnecessarily without concurrency benefits. |
TS_PRISMA_SELECT_STAR | Warning | Performance | Fetching entire database rows (SELECT *) increases network overhead and can leak sensitive fields (e.g. password_hash). |
JUMIA_GOD_SERVICE | Warning | Architecture | Oversized services often contain mixed concerns, making them harder to test and maintain. |
JUMIA_REPETITIVE_DECIMAL_LOGIC | Info | Quality | Scattered financial rounding/formatting logic can lead to inconsistent precision across the platform. |
JUMIA_STUB_FALLBACK | Info | Reliability | While good for resilience, heavy reliance on fallback paths indicates the system is not running in its optimal high-performance mode. |
JUMIA_NESTING_LIMIT | Warning | Quality | Deeply nested code is hard to read and often hide complex edge cases. |
JUMIA_ASYNC_FOR_EACH | Critical | Reliability | Array.forEach does not await promises. This leads to race conditions and unhandled rejections in production. |
TS_HARDCODED_ENV_URL | Warning | Security | Hardcoded environment URLs prevent infrastructure portability and leak environment topology. |
JS_DYNAMIC_EXECUTION | Warning | Security | Dynamic execution can introduce unpredictability and increase the surface area for logic vulnerabilities in isolate environments. |
TS_DYNAMIC_EXECUTION | Warning | Security | Dynamic execution can introduce unpredictability and increase the surface area for logic vulnerabilities in isolate environments. |
TS_ALIASED_DYNAMIC_EXECUTION | Warning | Security | Aliasing 'eval' to another variable can be used to bypass static analysis and execute arbitrary code dynamically. |
TS_CONSOLE_USAGE | Warning | Quality | Direct console outputs can be tricky to filter in production logs. |
TS_BLOCKING_IO | Warning | Performance | Synchronous calls block the event loop, which can significantly reduce the responsiveness of the service under load. |
TS_EMPTY_CATCH | Warning | Reliability | Silently swallowing errors makes debugging very difficult and can leave the app in a weird state. |
TS_NON_NULL_ASSERTION | Warning | Quality | Non-null assertions bypass TypeScript's safety checks and can lead to runtime 'TypeError: Cannot read property of null' errors. |
TS_MAGIC_NUMBER | Warning | Maintainability | Magic numbers make code harder to read and maintain as their intent is not immediately clear. |
TS_ANY_TYPE | Warning | Quality | Using 'any' completely disables TypeScript's safety checks for that variable. |
TS_REACT_HOOK_DEPS | Warning | Quality | Empty dependency arrays can cause stale closures if the hook references variables from the component scope. |
TS_BUNDLE_BLOAT | Warning | Performance | Importing entire libraries (like lodash) can significantly bloat Next.js client-side bundles. |
TS_ASYNC_FOR_EACH | Warning | Reliability | Array.prototype.forEach is not promise-aware. The loop will continue without awaiting the callback, leading to race conditions and unhandled rejections. |
TS_SENSITIVE_DATA_LOGGING | Warning | Security | Logging sensitive credentials or PII in production logs is a major security violation and can lead to account takeovers. |
TS_DATA_LEAK_TRACKER | Warning | Security | Data flow analysis confirms that sensitive input (e.g. passwords) is reaching a logging sink through intermediate variables. |
TS_FLOATING_PROMISE | Warning | Reliability | Floating promises can lead to race conditions, unhandled rejections, and non-deterministic behavior. |
RUST_UNSAFE_BLOCK | Warning | Security | Unsafe code bypasses Rust's safety guarantees, which can sometimes lead to tricky undefined behavior if not audited. |
RUST_HOST_INTERACTION | Warning | Isolation | Isolated workers are designed to be environment-agnostic; host interaction can break portability and security boundaries. |
RUST_STD_OUTPUT | Warning | Quality | Direct standard output from libraries can interfere with the host application's logging strategy. |
RUST_ALLOCATION_IN_LOG | Warning | Performance | This can cause unnecessary allocations even when the specific log level is disabled at runtime. |
RUST_CLONE_IN_LOOP | Warning | Performance | Allocating memory repeatedly inside a loop can quietly degrade performance. |
RUST_CONSTRUCTOR_BLOAT | Warning | Maintainability | Constructors with many arguments can be tricky to read and maintain. |
RUST_SILENT_FAILURE | Warning | Reliability | Logging a failure without propagating it or changing the system state is an anti-pattern that hides errors and breaks expected control flow. |
RUST_VEC_FRONT_REMOVE | Warning | Performance | Removing from the front of a Vec requires shifting all subsequent elements, resulting in O(n) time complexity. This can cause significant latency in large collections. |
RUST_ALGO_N2_LOOP | Warning | Performance | This pattern results in O(N²) algorithmic complexity, which can lead to exponential performance degradation as data size grows. |
RUST_CHANNEL_UNBOUNDED | Warning | Concurrency | Unbounded channels can grow indefinitely if the consumer is slower than the producer, leading to Out-Of-Memory (OOM) crashes. |
RUST_OVER_GENERAL_VARIABLE | Warning | Quality | Names like 'info', 'data', or 'item' are hallmark AI scaffolding and hide the semantic intent of the data. |
RUST_LOCK_IO | Warning | Performance | Holding locks during async I/O can cause lock contention and stall other tasks waiting for the same lock. |
RUST_UNCHECKED_IO | Warning | Reliability | I/O operations (like opening files or network requests) are prone to failure. Unwrapping them can cause the entire service to panic. |
RUST_UNWRAP_SAFETY | Warning | Reliability | Unwrapping without documented justification is a production risk. If the assumption is wrong, the service will panic. |
RUST_TOKIO_SELECT_ELSE | Warning | Reliability | Select blocks without a default branch can hang indefinitely if all futures are pending or completed. |
RUST_LARGE_STACK_ALLOCATION | Warning | Reliability | Allocating large buffers (>10KB) on the stack increases the risk of stack overflow, especially in async contexts with many concurrent tasks. |
RUST_PANIC_IN_LIB | Warning | Safety | Unconditional panics in library or protocol crates cause hard crashes for consumers. Standard practice is to return 'Result' and let the caller decide how to handle failure. |
SECRET_LEAK_DETECTION | Critical | Security | Hardcoding secrets (API keys, private keys, etc.) in source code is a major security risk and can lead to unauthorized access. |
RUST_GOD_FUNCTION | Warning | Quality | Standardized Standard #2: Oversized functions indicate mixed concerns and low readability. |
RUST_NESTING_LIMIT | Warning | Quality | Rule #vibecoding: Extreme indentation indicates complex, unmaintainable logic. |
TS_GOD_FUNCTION | Warning | Quality | Standardized Standard #2: Oversized functions indicate mixed concerns. |
TS_NESTING_LIMIT | Warning | Quality | Rule #vibecoding: Extreme indentation indicates complex logic. |
SOL_INTEGER_OVERFLOW | Warning | Security | Unchecked arithmetic can lead to silent integer overflows or underflows if the developer hasn't manually verified the safety of the operation. Modern Solidity (>=0.8.0) handles this by default; 'unchecked' blocks bypass this protection. |
SOL_MISSING_ACCESS_CONTROL | Warning | Security | Public or external functions that are missing access control modifiers can be executed by anyone, potentially allowing unauthorized state changes or fund drainage. |
SOL_STATE_MUTATION_CHECK | Warning | Gas_Optimization | State mutations in read-only functions can sometimes cause transaction reverts or unexpected gas costs. |
SOL_SELFDESTRUCT_ADVISORY | Warning | Security | Contract destruction is a high-impact event that can sometimes lock funds or break integrations for users. |
SOL_PRAGMA_STABILITY | Warning | Stability | Floating pragmas can lead to non-deterministic builds if different compiler versions are used across environments. |
SOL_ACCESS_CONTROL_SETTER | Warning | Security | Publicly accessible setters can allow unauthorized users to modify critical protocol parameters. |
SOL_ZERO_ADDRESS_CHECK | Warning | Quality | Setting critical parameters to the zero address can accidentally 'brick' contract functionality. |
SOL_MISSING_EVENT_INDEX | Warning | Quality | Missing 'indexed' attributes on critical event parameters (like addresses) makes it difficult to filter and search for events off-chain. |
SOL_HARDCODED_ADDRESS | Warning | Security | Hardcoding addresses (other than the zero address) makes the contract inflexible and prone to errors during multi-chain deployment or upgrades. |
SOL_TX_ORIGIN | Warning | Security | Using 'tx.origin' makes the contract vulnerable to phishing-style reentrancy attacks. An attacker can trick a user into calling a malicious contract that then calls your contract. |
SOL_TIMESTAMP_DEPENDENCY | Warning | Security | Block timestamps can be slightly manipulated by miners, which might be risky if relied upon for critical logic like randomness. |
SOL_REENTRANCY_RISK | Warning | Security | External calls (like '.call{value: ...}') can trigger fallback functions, leading to reentrancy vulnerabilities if not properly protected. |
SOL_PRECISION_LOSS | Warning | Fintech | In Solidity, integer division truncates. Dividing before multiplying can lead to significant precision loss in financial calculations. |