docs: add W014 to CHANGELOG and README, bump key numbers to 41/26

Pawansingh3889 · Pawansingh3889 · commit d9d2fa831f07 · 2026-05-02T11:34:42.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,14 @@ a deprecation window (see `GOVERNANCE.md` § Scope discipline).
 
 ### Added
 
+- **W014 `case-without-else`** - warns when a statement contains a
+  `CASE ... END` expression with no `ELSE` branch. Unmatched rows quietly
+  return `NULL`, which often surprises callers who assumed the `WHEN`
+  conditions were exhaustive. Fires when at least one `CASE`/`END` pair
+  is present and no `ELSE` keyword appears in the statement. Suggests
+  adding `ELSE NULL` for explicitness. Contributed by
+  [@hellozzm](https://github.com/hellozzm)
+  ([#32](https://github.com/Pawansingh3889/sql-guard/pull/32)).
 - W023 `scalar-udf-in-where`: warns on `<schema>.<name>(...)` calls in
   `WHERE`/`HAVING`/`ON` clauses, the canonical T-SQL scalar-UDF
   anti-pattern. Built-ins (no schema prefix) are unaffected.
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ One bad SQL query can delete production data, expose customer records, or bring
 
 | | |
 |---|---|
-| Rules | 40 (10 errors, 25 warnings, 5 Python-source) |
+| Rules | 41 (10 errors, 26 warnings, 5 Python-source) |
 | Tests | 152 |
 | Coverage | 86% |
 | Scan speed | 0.08s across 200 files |
@@ -43,7 +43,7 @@ print(result.summary()) # "1 error, 0 warnings in 1 statement"
 
 ---
 
-Fast, rule-based SQL linter. 40 rules (35 SQL + 5 Python), including SQL Server-focused rules for T-SQL shops. Inline disable, project config, git-changed-only mode, and SARIF output for GitHub Code Scanning. 500+ monthly downloads on PyPI.
+Fast, rule-based SQL linter. 41 rules (36 SQL + 5 Python), including SQL Server-focused rules for T-SQL shops. Inline disable, project config, git-changed-only mode, and SARIF output for GitHub Code Scanning. 500+ monthly downloads on PyPI.
 
 Catches dangerous SQL before it reaches production -- DELETE without WHERE, UPDATE without WHERE, SQL injection patterns, SELECT *, and 20 more. Runs as a **CLI tool**, **pre-commit hook**, and **GitHub Action**.
 
@@ -227,6 +227,7 @@ sql-sop list-rules                       # show every registered rule
 | W009 | `missing-semicolon` | Statement not terminated with `;` |
 | W010 | `commented-out-code` | `-- SELECT * FROM old_table` -- use version control |
 | W013 | `window-missing-partition` | `OVER ()` -- unpredictable results and unclear intent |
+| W014 | `case-without-else` | `CASE WHEN ... THEN ... END` -- unmatched rows return NULL |
 | W016 | `not-in-with-subquery` | `WHERE id NOT IN (SELECT ...)` -- silently returns 0 rows on NULL 
 | W017 | `leading-wildcard-like` | `WHERE name LIKE '%smith'` -- non-SARGable, full scan |
 | W018 | `or-across-columns` | `WHERE a = 1 OR b = 2` -- defeats single-column indexes |
