feat(rules): add W013 window-without-partition rule (#21)

Warns on window functions using OVER () without PARTITION BY,
flagging non-deterministic ordering and full-result-set scans.

Contributed by @Prabhu-1409. Closes #9.

Author: Prabhu-1409

CHANGELOG.md

@@ -10,6 +10,12 @@ a deprecation window (see `GOVERNANCE.md` § Scope discipline).
 
 ## [Unreleased]
 
+### Added
+
+- **W013 `window-without-partition`** - warns on window functions
+  using OVER () without PARTITION BY, flagging non-deterministic
+  ordering and full-result-set scans.
+
 ## [0.6.1] - 2026-04-26
 
 ### Added
@@ -116,6 +122,8 @@ a deprecation window (see `GOVERNANCE.md` § Scope discipline).
 - `test_duration_tracked` no longer fails on fast hardware where
   `time.perf_counter` resolution is coarser than the scan duration.
   Assertion relaxed from `> 0` to `>= 0` with an explicit float type check.
+- Added W014: warn on OVER() without ORDER BY / PARTITION BY to flag non-deterministic window 
+  functions.
 
 ## [0.4.1] - 2026-04-19
 

README.md

@@ -226,11 +226,13 @@ sql-sop list-rules                       # show every registered rule
 | W008 | `mixed-case-keywords` | `select ... FROM` -- inconsistent casing |
 | W009 | `missing-semicolon` | Statement not terminated with `;` |
 | W010 | `commented-out-code` | `-- SELECT * FROM old_table` -- use version control |
-| W016 | `not-in-with-subquery` | `WHERE id NOT IN (SELECT ...)` -- silently returns 0 rows on NULL |
+| W013 | `window-missing-partition` | `OVER ()` -- unpredictable results and unclear intent |
+| W016 | `not-in-with-subquery` | `WHERE id NOT IN (SELECT ...)` -- silently returns 0 rows on NULL 
 | W017 | `leading-wildcard-like` | `WHERE name LIKE '%smith'` -- non-SARGable, full scan |
 | W018 | `or-across-columns` | `WHERE a = 1 OR b = 2` -- defeats single-column indexes |
 | W020 | `truncate-table` | `TRUNCATE TABLE staging;` -- bypasses triggers, resets identity |
 
+
 ### T-SQL (v0.5.0+)
 
 Rules targeting SQL Server anti-patterns common in legacy stored procs

sql_guard/rules/__init__.py

@@ -31,6 +31,7 @@
     SubqueryCouldBeJoin,
     TruncateTable,
     UnionWithoutAll,
+    WindowMissingPartition
 )
 from sql_guard.rules.structural import (
     DeeplyNestedSubquery,
@@ -67,6 +68,7 @@
     MissingSemicolon(),
     CommentedOutCode(),
     UnionWithoutAll(),
+    WindowMissingPartition(),
     GroupByOrdinal(),
     NotInWithSubquery(),
     LeadingWildcardLike(),

sql_guard/rules/warnings.py

@@ -482,3 +482,36 @@ def check_statement(self, statement: str, start_line: int, file: str) -> Finding
                 suggestion="Add a WHERE/LIMIT to restrict scope, or pre-aggregate with GROUP BY",
             )
         return None
+
+
+class WindowMissingPartition(Rule):
+    """W013: OVER() without PARTITION BY can yield unpredictable results."""
+
+    id = "W013"
+    name = "window-missing-partition"
+    severity = "warning"
+    description = "OVER() without PARTITION BY may lead to unpredictable results and unclear intent."
+    multiline = True
+
+    _over_pattern = Rule._compile(r"\bOVER\s*\(")
+    _partition_pattern = Rule._compile(r"PARTITION\s+BY")
+
+    def has_valid_over_clause(self, statement: str) -> bool:
+        # If no OVER(...) → nothing to check
+        if not self._over_pattern.search(statement):
+            return True
+
+        # Valid only if PARTITION BY exists
+        return bool(self._partition_pattern.search(statement))
+
+    def check_statement(self, statement: str, start_line: int, file: str) -> Finding | None:
+        if not self.has_valid_over_clause(statement):
+            return Finding(
+                rule_id=self.id,
+                severity=self.severity,
+                file=file,
+                line=start_line,
+                message="Missing PARTITION BY in OVER clause",
+                suggestion="Add PARTITION BY to define window groups clearly",
+            )
+        return None

tests/fixtures/warnings.sql

@@ -22,6 +22,14 @@ SELECT region, status, COUNT(*)
 FROM orders
 GROUP BY 1, 2;
 
+
+-- W013: OVER without PARTITION BY
+SELECT
+  user_id,
+  ROW_NUMBER() OVER () AS rn
+FROM events;
+
+
 -- W016: NOT IN with subquery
 SELECT *
 FROM customers

tests/test_rules.py

@@ -18,18 +18,18 @@
 
 class TestRuleRegistry:
     def test_all_rules_loaded(self) -> None:
-        assert len(ALL_RULES) == 33
+        assert len(ALL_RULES) == 34
 
     def test_10_errors(self) -> None:
         # 8 E-series + 2 T-series (T002 xp-cmdshell, T004 deprecated-outer-join).
         errors = [r for r in ALL_RULES if r.severity == "error"]
         assert len(errors) == 10
 
-    def test_23_warnings(self) -> None:
-        # 17 W-series + 3 S-series + 3 T-series (T001 with-nolock,
+    def test_24_warnings(self) -> None:
+        # 18 W-series + 3 S-series + 3 T-series (T001 with-nolock,
         # T003 cursor-declaration, T005 create-index-without-online).
         warnings = [r for r in ALL_RULES if r.severity == "warning"]
-        assert len(warnings) == 23
+        assert len(warnings) == 24
 
     def test_unique_ids(self) -> None:
         ids = [r.id for r in ALL_RULES]
@@ -166,6 +166,19 @@ def test_w012_passes_on_digit_prefixed_column_name(self) -> None:
         statement = "SELECT 1st_quarter, COUNT(*) FROM sales GROUP BY 1st_quarter;"
         assert rule.check_statement(statement, 1, "test.sql") is None
 
+    def test_w013_window_missing_partition(self) -> None:
+        findings = check([str(FIXTURES / "warnings.sql")])
+        w013 = [f for f in findings.findings if f.rule_id == "W013"]
+        assert len(w013) >= 1
+
+    def test_w013_passes_on_valid_over_clause(self) -> None:
+        from sql_guard.rules.warnings import WindowMissingPartition
+
+        rule = WindowMissingPartition()
+        statement = "SELECT ROW_NUMBER() OVER (PARTITION BY department_id ORDER BY id) AS rn FROM users;"
+    
+        assert rule.check_statement(statement, 1, "test.sql") is None
+
     def test_w016_not_in_with_subquery(self) -> None:
         findings = check([str(FIXTURES / "warnings.sql")])
         w016 = [f for f in findings.findings if f.rule_id == "W016"]