sca-rules.json

{
  "$schema": "./sca-rules.schema.json",
  "version": "1.3",
  "tool": {
    "name": "StaticCodeAnalyser",
    "version": "0.9.7",
    "informationUri": "https://github.com/nrodear/StaticCodeAnalyser"
  },
  "profiles": {
    "ide-fast": [
      "MemoryLeak", "SQLInjection", "HardcodedSecret", "FormatMismatch",
      "NilDeref", "MissingFinally", "DivByZero", "DeadCode",
      "DebugOutput", "FileReadError",
      "DfmHardcodedDbCreds", "DfmDeadEvent", "DfmDuplicateBinding",
      "DfmSchemaMismatch", "DfmCircularDataSource", "DfmSqlFromUserInput",
      "DfmRequiredFieldUnbound", "DfmRequiredFieldNotVisible",
      "DfmCrossFormCoupling", "DfmActionMismatch"
    ],
    "security": [
      "SQLInjection", "HardcodedSecret", "HardcodedPath",
      "InsecureCryptoAlgorithm", "CommandInjection",
      "DfmHardcodedDbCreds", "DfmSqlFromUserInput"
    ],
    "bugs-only": [
      "MemoryLeak", "FormatMismatch", "NilDeref", "DivByZero",
      "SQLInjection", "HardcodedSecret", "FileReadError",
      "DfmDuplicateBinding", "DfmDeadEvent", "DfmSchemaMismatch",
      "DfmCircularDataSource", "DfmRequiredFieldUnbound",
      "DfmRequiredFieldNotVisible", "DfmCrossFormCoupling",
      "DfmActionMismatch"
    ],
    "code-quality": [
      "EmptyExcept", "UnusedUses", "MissingFinally", "DeadCode",
      "LongMethod", "LongParamList", "MagicNumber", "DebugOutput",
      "DeepNesting", "TodoComment", "EmptyMethod", "CyclomaticComplexity",
      "DuplicateString", "DuplicateBlock",
      "DfmDefaultName", "DfmHardcodedCaption", "DfmOrphanHandler",
      "DfmEmptyBoundEvent", "DfmFieldTypeMismatch", "DfmTabOrderConflict",
      "DfmForbiddenClass", "DfmDbInUiForm", "DfmLayerViolation",
      "DfmGodHandler"
    ],
    "dfm-only": [
      "DfmDefaultName", "DfmHardcodedCaption", "DfmHardcodedDbCreds",
      "DfmDuplicateBinding", "DfmDeadEvent", "DfmOrphanHandler",
      "DfmEmptyBoundEvent", "DfmSchemaMismatch", "DfmCircularDataSource",
      "DfmSqlFromUserInput", "DfmRequiredFieldUnbound",
      "DfmRequiredFieldNotVisible", "DfmFieldTypeMismatch",
      "DfmTabOrderConflict", "DfmForbiddenClass", "DfmDbInUiForm",
      "DfmCrossFormCoupling", "DfmLayerViolation", "DfmGodHandler",
      "DfmActionMismatch"
    ],
    "default": ["*"],
    "strict":  ["*", "UnusedUses"],

    "selftest-quiet": [
      "*",
      "!BeginEndRequired",
      "!TooLongLine",
      "!UnsortedUses",
      "!ConsecutiveSection",
      "!ClassPerFile",
      "!EmptyVisibilitySection",
      "!ConcatToFormat",
      "!NestedTry",
      "!GroupedDeclaration",
      "!NilComparison",
      "!CommentedOutCode"
    ]
  },
  "rules": [
    {
      "id": "SCA001",
      "kind": "MemoryLeak",
      "name": "Object created without try/finally",
      "shortDescription": "Object created but never freed (potential memory leak)",
      "fullDescription": "TObject.Create (or LeakyClass.Create) without a protective try/finally block leaks the instance when subsequent code raises an exception. The Free call must run regardless of how the protected block exits.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["memory", "resource-leak"],
      "cwe": ["CWE-401"],
      "configKey": "[Detectors] LeakyClasses",
      "detectorUnit": "uLeakDetector2.pas",
      "examples": {
        "bad":  "list := TStringList.Create;\nDoStuff(list);   // <-- exception here leaks list",
        "good": "list := TStringList.Create;\ntry\n  DoStuff(list);\nfinally\n  list.Free;\nend;"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA002",
      "kind": "EmptyExcept",
      "name": "Empty except block",
      "shortDescription": "Empty except block silently swallows every exception",
      "fullDescription": "An except-block with no statements catches every exception including unexpected ones (EAccessViolation, EOutOfMemory). Bugs become invisible. At minimum log the exception or re-raise.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["error-handling"],
      "cwe": ["CWE-390"],
      "detectorUnit": "uCodeSmells2.pas",
      "examples": {
        "bad":  "try DoStuff except end;",
        "good": "try DoStuff except on E: Exception do LogError(E.Message); end;"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA003",
      "kind": "SQLInjection",
      "name": "SQL string built via concatenation",
      "shortDescription": "SQL string concatenated with '+' from user-controllable input (injection risk)",
      "fullDescription": "Building SQL via 'WHERE x=' + user_input enables SQL injection if the input is untrusted. Use parameterized queries (Params.ParamByName(...).Value := ...) instead.",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["sql", "injection", "security"],
      "cwe": ["CWE-89"],
      "owasp": ["A03:2021-Injection"],
      "detectorUnit": "uSQLInjection.pas",
      "examples": {
        "bad":  "Query.SQL.Text := 'SELECT * FROM Users WHERE Name=''' + UserName + '''';",
        "good": "Query.SQL.Text := 'SELECT * FROM Users WHERE Name=:n';\nQuery.ParamByName('n').AsString := UserName;"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA004",
      "kind": "HardcodedSecret",
      "name": "Hardcoded credential / API token",
      "shortDescription": "Password / API key / token as string literal in source code",
      "fullDescription": "Credentials in source code end up in version control, build artifacts, decompilers, and stack traces. Move secrets to environment variables, OS credential store, or encrypted configuration.",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["credentials", "security"],
      "cwe": ["CWE-798"],
      "owasp": ["A07:2021-Identification-and-Authentication-Failures"],
      "detectorUnit": "uHardcodedSecret.pas",
      "examples": {
        "bad":  "Password := 'admin123';",
        "good": "Password := GetEnvironmentVariable('DB_PASSWORD');"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "BLOCKER" }
      ]
    },
    {
      "id": "SCA005",
      "kind": "FormatMismatch",
      "name": "Format() placeholder count mismatch",
      "shortDescription": "Format() / FormatUtf8() placeholder count does not match argument count",
      "fullDescription": "Mismatched placeholders cause EConvertError at runtime. Detector handles RTL Format (%s/%d/...) and mORMot bare-% style (FormatUtf8/FormatString).",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["string-formatting"],
      "configKey": "[Detectors] FormatFunctions",
      "detectorUnit": "uFormatMismatch.pas",
      "examples": {
        "bad":  "Format('%s is %d', [Name]);   // <-- Age missing",
        "good": "Format('%s is %d', [Name, Age]);"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA006",
      "kind": "FileReadError",
      "name": "File could not be read or parsed",
      "shortDescription": "Parser/IO error - source file unreadable or syntactically broken",
      "fullDescription": "Special-case finding (no code defect): the file could not be loaded or the lexer/parser failed. Often indicates encoding issues, includes that don't resolve, or genuine syntax errors.",
      "defaultSeverity": "Error",
      "type": "File Error",
      "tags": ["parser", "io"],
      "detectorUnit": "(parser)",
      "examples": {
        "bad":  "(file is not valid UTF-8 or has lexer-breaking content)",
        "good": "(check encoding, fix syntax)"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "INFO" }
      ]
    },
    {
      "id": "SCA007",
      "kind": "UnusedUses",
      "name": "Unused unit in uses clause",
      "shortDescription": "Uses-entry possibly unused (no identifier from it referenced)",
      "fullDescription": "Heuristic: scans for any identifier from the used unit. False positives possible for units that only register classes / initialize global state via initialization sections.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "uses-cleanup"],
      "detectorUnit": "uUnusedUses.pas",
      "examples": {
        "bad":  "uses ..., MyUnusedHelper, ...;",
        "good": "(remove if truly unused; otherwise add a comment why it stays)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA008",
      "kind": "NilDeref",
      "name": "Possible nil-dereference",
      "shortDescription": "Access to a variable that may be nil at this point",
      "fullDescription": "Variable was assigned a value that could be nil (e.g. Find...-method returning nil) and is dereferenced without prior nil-check. Crashes with EAccessViolation at runtime.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["nil-safety"],
      "cwe": ["CWE-476"],
      "detectorUnit": "uNilDeref.pas",
      "examples": {
        "bad":  "obj := FindObject(id);\nobj.DoStuff;   // <-- AV if FindObject returns nil",
        "good": "obj := FindObject(id);\nif Assigned(obj) then obj.DoStuff;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA009",
      "kind": "MissingFinally",
      "name": "Object created without protective try/finally",
      "shortDescription": ".Create call without surrounding try/finally - leak risk on exception",
      "fullDescription": "Similar to MemoryLeak but checked structurally: any .Create followed by code without an enclosing try/finally is flagged regardless of whether Free is called eventually.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["memory", "exception-safety"],
      "detectorUnit": "uMissingFinally.pas",
      "examples": {
        "bad":  "obj := TFoo.Create;\nobj.DoStuff;\nobj.Free;",
        "good": "obj := TFoo.Create;\ntry obj.DoStuff finally obj.Free end;"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA010",
      "kind": "DivByZero",
      "name": "Possible division by zero",
      "shortDescription": "Division by a variable / expression that may be zero",
      "fullDescription": "Right-hand side of div, mod, or / is a variable without prior guard against zero. Integer division crashes with EDivByZero, float division silently produces Inf/NaN.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["arithmetic"],
      "cwe": ["CWE-369"],
      "detectorUnit": "uDivByZero.pas",
      "examples": {
        "bad":  "result := total / count;",
        "good": "if count <> 0 then result := total / count;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA011",
      "kind": "DeadCode",
      "name": "Code after Exit/Raise is unreachable",
      "shortDescription": "Statement after Exit, raise, or Halt is dead code",
      "fullDescription": "Anything after an unconditional terminator (Exit, raise, Halt, Continue, Break) in the same block is never executed. Usually leftover code from refactoring.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["dead-code"],
      "cwe": ["CWE-561"],
      "detectorUnit": "uDeadCode.pas",
      "examples": {
        "bad":  "Exit;\nWriteLn('never reached');",
        "good": "(remove the unreachable line)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA012",
      "kind": "LongMethod",
      "name": "Method exceeds line-count threshold",
      "shortDescription": "Method longer than configured maximum (default 80 lines)",
      "fullDescription": "Methods over ~80 statements are correlated with high defect density (Robert C. Martin, McConnell): the reader keeps context in working memory and once the method spills past one screen, that context overflows. Long methods also resist unit testing - test setup ends up duplicating internal state. Refactor: pull cohesive blocks into private helpers (ParseInput/Validate/Persist), or split per responsibility (data fetch vs. transform vs. emit). Threshold is configurable via [Detectors] LongMethodMax / DetectorMaxBodyLines; lines are counted between the routine's `begin` and matching `end;`, comments and blank lines included. Compound-statement detection ignores nested anonymous methods so a method body that only contains a closure is not falsely reported.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["maintainability", "complexity"],
      "configKey": "[Detectors] LongMethodMax",
      "detectorUnit": "uLongMethod.pas",
      "examples": {
        "bad":  "(150-line procedure doing parsing + validation + persistence)",
        "good": "(extract into ParseInput, Validate, Persist helper methods)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA013",
      "kind": "LongParamList",
      "name": "Too many parameters",
      "shortDescription": "Method has more parameters than configured maximum (default 7)",
      "fullDescription": "High parameter counts are a leading indicator of an SRP violation: the routine is juggling concerns that should be split. Long lists also bring positional confusion (the third Integer is which one again?) and force callers to fill defaults that may not apply. Refactor: group cohesive parameters into a record (TOrderInput), promote configuration to a builder pattern (FluentQuery.Where(...).OrderBy(...)), or split the method by axis (SaveOrder + SaveOrderItems). Threshold via [Detectors] LongParamMax / DetectorMaxParams (default 5). out/var parameters count just like value parameters; the implicit Self for class methods does not count.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["api-design"],
      "configKey": "[Detectors] LongParamMax",
      "detectorUnit": "uLongParamList.pas",
      "examples": {
        "bad":  "procedure SaveOrder(id, customer, address, city, zip, country, total, tax, shipping: ...);",
        "good": "procedure SaveOrder(const Order: TOrder);"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA014",
      "kind": "MagicNumber",
      "name": "Numeric literal without named constant",
      "shortDescription": "Numeric literal in expression - extract to a named constant",
      "fullDescription": "Numeric literals embedded directly in business logic carry no meaning: `if RetryCount > 3` forces every reader to guess what 3 represents and forces every maintenance change to find every occurrence by hand. Extract a named constant so the value has a documented purpose and exactly one source of truth. The detector skips trivials (0, 1, 2, -1, common power-of-2 sizes, indexing into known-tiny collections) - see [Detectors] MagicTrivials for the active list. Loop bounds against `Length(arr)` and array index 0 are also ignored. Use the global config to add project-specific trivials (e.g. a fixed PageSize).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["maintainability"],
      "detectorUnit": "uMagicNumbers.pas",
      "examples": {
        "bad":  "if RetryCount > 3 then ...",
        "good": "const MAX_RETRIES = 3;\nif RetryCount > MAX_RETRIES then ..."
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA015",
      "kind": "DuplicateString",
      "name": "String literal repeated across multiple sites",
      "shortDescription": "Same string literal appears N+ times - extract to constant",
      "fullDescription": "Repeated strings are change-coupling hazards (typo in one place silently diverges from the others). Extract to a const, especially for user-facing messages.",
      "defaultSeverity": "Hint",
      "type": "Code Duplication",
      "tags": ["maintainability"],
      "configKey": "[Detectors] DuplicateStringMin",
      "detectorUnit": "uDuplicateString.pas",
      "examples": {
        "bad":  "ShowMessage('File not found');\n... \nLogError('File not found');",
        "good": "const MSG_FILE_NOT_FOUND = 'File not found';\nShowMessage(MSG_FILE_NOT_FOUND);"
      },
      "cleanCodeAttribute": "DISTINCT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA016",
      "kind": "HardcodedPath",
      "name": "Filesystem path as string literal",
      "shortDescription": "Hardcoded C:\\ / UNC / Linux path in source",
      "fullDescription": "Hardcoded paths break portability and CI deployment. Use config files, environment variables, or platform-aware path helpers (TPath.Combine, etc).",
      "defaultSeverity": "Warning",
      "type": "Security Hotspot",
      "tags": ["portability", "configuration"],
      "detectorUnit": "uHardcodedPath.pas",
      "examples": {
        "bad":  "LogFile := 'C:\\Logs\\app.log';",
        "good": "LogFile := TPath.Combine(GetEnvironmentVariable('LOGDIR'), 'app.log');"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA017",
      "kind": "DebugOutput",
      "name": "WriteLn/ShowMessage in production code",
      "shortDescription": "Debug output statement found in production unit",
      "fullDescription": "WriteLn / ShowMessage / OutputDebugString / OutputDebugStringA in non-test code is almost always leftover debugging: ShowMessage in particular blocks the UI thread and is unfit for any production code path. Replace with a structured logger (TLogger, mORMot TSynLog, log4d) so the call site captures severity, category, and source location, and ops can dial verbosity at runtime. The detector skips units under `*\\tests\\*`, `*\\test\\*` and units flagged by the project as test/cli (`*Console*`, `*TestProject*`). A `// noinspection DebugOutput` marker suppresses individual lines (e.g. interactive CLI banners).",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["debug-code"],
      "detectorUnit": "uDebugOutput.pas",
      "examples": {
        "bad":  "WriteLn('here #3');",
        "good": "Logger.Debug('reached step 3');"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA018",
      "kind": "DeepNesting",
      "name": "Block nesting exceeds threshold",
      "shortDescription": "Nested if/for/while depth higher than configured maximum (default 4)",
      "fullDescription": "Deep nesting hurts readability and indicates the method is doing too much. Use guard clauses (early Exit) or extract inner blocks into helper methods.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["complexity"],
      "configKey": "[Detectors] DeepNestingMax",
      "detectorUnit": "uDeepNesting.pas",
      "examples": {
        "bad":  "if a then\n  if b then\n    if c then\n      if d then DoStuff;",
        "good": "if not a then Exit;\nif not b then Exit;\nif not c then Exit;\nif d then DoStuff;"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA019",
      "kind": "TodoComment",
      "name": "TODO/FIXME marker in comment",
      "shortDescription": "Open TODO / FIXME / HACK / XXX marker - resolve before release",
      "fullDescription": "Open work markers (TODO, FIXME, HACK, XXX, BUG, NOTE) live as a parallel work tracker inside the source. The pattern fails by accretion: markers added years apart never get triaged together, the original author leaves, and the next reader cannot tell whether the TODO is still relevant or has been silently shipped. SCA surfaces every such marker so CI gates can enforce a zero-TODO release branch or PR-time triage. Recognised forms: `// TODO`, `{ TODO ... }`, `(* TODO *)`, case-insensitive, with optional jira-id suffix (`// TODO PROJ-123: ...`). Marker tokens are configurable; the default set matches SonarDelphi.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["work-tracking"],
      "detectorUnit": "uTodoComment.pas",
      "examples": {
        "bad":  "// TODO: handle the case where input is empty",
        "good": "(implement the case OR file an issue and reference it)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA020",
      "kind": "EmptyMethod",
      "name": "Empty method body",
      "shortDescription": "Method body has no statements",
      "fullDescription": "Empty method may indicate a forgotten implementation, a TODO that was never followed up, or an interface stub. Make intent explicit (assert, exception, or comment).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["maintainability"],
      "detectorUnit": "uEmptyMethod.pas",
      "examples": {
        "bad":  "procedure DoStuff;\nbegin\nend;",
        "good": "procedure DoStuff;\nbegin\n  raise ENotImplemented.Create('...');\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA021",
      "kind": "DuplicateBlock",
      "name": "Duplicated code block",
      "shortDescription": "Multiple identical code blocks (>= configured minimum lines)",
      "fullDescription": "Detects N+ consecutive identical lines that appear in two or more places in the codebase (default minimum: 8 lines). The DRY violation creates change-coupling: a bugfix on one copy silently diverges from the others, and reviewers cannot easily tell that a behaviour-fix only addressed one of N call sites. Refactor: extract into a helper method or a shared constant. Tokens are normalised (whitespace collapsed, identifiers lowered) so cosmetic differences do not mask a true duplicate. Trivial duplicates (uses lists, type alias declarations) are skipped. Threshold via [Detectors] DuplicateBlockMinLines.",
      "defaultSeverity": "Hint",
      "type": "Code Duplication",
      "tags": ["dry"],
      "configKey": "[Detectors] DuplicateBlockMinLines",
      "detectorUnit": "uDuplicateBlock.pas",
      "examples": {
        "bad":  "(20 lines of validation code copy-pasted across 3 methods)",
        "good": "(extract into a single ValidateXxx procedure)"
      },
      "cleanCodeAttribute": "DISTINCT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA022",
      "kind": "CyclomaticComplexity",
      "name": "Method exceeds McCabe complexity threshold",
      "shortDescription": "Cyclomatic Complexity > configured threshold (default 10)",
      "fullDescription": "McCabe complexity counts decision points (1 base + if + case-arm + for/while/repeat + on-handler + and/or/xor). High complexity is hard to test and understand.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["complexity", "maintainability", "metrics"],
      "configKey": "[Detectors] CyclomaticMax",
      "detectorUnit": "uCyclomaticComplexity.pas",
      "examples": {
        "bad":  "(method with 15+ if/case/for branches in one body)",
        "good": "(extract decision groups into named helper methods)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA023",
      "kind": "CustomRule",
      "name": "User-defined custom rule",
      "shortDescription": "Pattern matched by a rule loaded from analyser-rules.yml",
      "fullDescription": "Generic kind for user-defined regex / AST rules loaded at runtime from analyser-rules.yml. Specific rule ID, message, and severity come from the YAML entry; this catalog entry is a placeholder so the dispatcher and SARIF exporter have stable metadata.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["custom", "user-defined"],
      "configKey": "analyser-rules.yml",
      "detectorUnit": "uCustomRuleDetector.pas",
      "examples": {
        "bad":  "(pattern from analyser-rules.yml matches)",
        "good": "(fix per the custom rule's message)"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA024",
      "kind": "DfmDefaultName",
      "name": "Component with default name",
      "shortDescription": "Component left at wizard-default name (Button1, Edit3, Panel2 ...)",
      "fullDescription": "Default names hide intent and break find-usages / rename refactorings. Rename UI controls to convey purpose (btnSave, edUserName, pnlToolbar ...).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "naming"],
      "detectorUnit": "uDfmDefaultName.pas",
      "examples": {
        "bad":  "object Button1: TButton\n  Caption = 'Save'\nend",
        "good": "object btnSave: TButton\n  Caption = 'Save'\nend"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA025",
      "kind": "DfmHardcodedCaption",
      "name": "Hardcoded UI text in DFM",
      "shortDescription": "Caption / Hint / Text property as literal in DFM, not via i18n layer",
      "fullDescription": "User-facing strings embedded in a .dfm cannot be localised, A/B-tested, or kept in a translation catalog. Assign at form construction time from a resourcestring or i18n helper.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "i18n", "localization"],
      "detectorUnit": "uDfmHardcodedCaption.pas",
      "examples": {
        "bad":  "object btnSave: TButton\n  Caption = 'Speichern'\nend",
        "good": "btnSave.Caption := _('btn.save');  // i18n at runtime"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA026",
      "kind": "DfmHardcodedDbCreds",
      "name": "Hardcoded DB credentials in DFM",
      "shortDescription": "Plaintext Password / ConnectionString with Pwd= on a DB component",
      "fullDescription": "Database credentials persisted in a .dfm leak into version control, build artifacts, and any decompiler. Move secrets to environment variables, OS credential store, or encrypted configuration and assign at runtime.",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["dfm", "credentials", "security"],
      "cwe": ["CWE-798"],
      "owasp": ["A07:2021-Identification-and-Authentication-Failures"],
      "detectorUnit": "uDfmHardcodedDbCreds.pas",
      "examples": {
        "bad":  "object FDConnection1: TFDConnection\n  Params.Strings = ('Password=admin123' 'User_Name=sa')\nend",
        "good": "FDConnection1.Params.Values['Password'] := GetEnvironmentVariable('DB_PWD');"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "BLOCKER" }
      ]
    },
    {
      "id": "SCA027",
      "kind": "DfmDuplicateBinding",
      "name": "Duplicate (DataSource, DataField) binding",
      "shortDescription": "Two or more controls bind the same (DataSource, DataField) pair",
      "fullDescription": "When the user edits one bound control, the second receives a parallel update from the dataset - racey, hard-to-debug overwrites. Bind each (DataSource, DataField) to exactly one control.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["dfm", "db-binding"],
      "detectorUnit": "uDfmDuplicateBinding.pas",
      "examples": {
        "bad":  "DBEdit1.DataField = 'NAME'\nDBEdit2.DataField = 'NAME'   // same DataSource",
        "good": "(bind 'NAME' to exactly one control)"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA028",
      "kind": "DfmDeadEvent",
      "name": "DFM event handler references missing method",
      "shortDescription": "OnClick / On... points to a method that does not exist in the form class",
      "fullDescription": "DFM streaming crashes at form-load time with 'class TForm has no published method X'. Usually caused by a manual rename in the .pas without updating the .dfm.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["dfm", "streaming", "dead-code"],
      "detectorUnit": "uDfmDeadEvent.pas",
      "examples": {
        "bad":  "object btnSave: TButton\n  OnClick = btnSaveClick   // method removed in .pas\nend",
        "good": "(restore the method or clear OnClick in the designer)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA029",
      "kind": "DfmOrphanHandler",
      "name": "Orphan event handler",
      "shortDescription": "Published TNotifyEvent-shaped method has no DFM binding",
      "fullDescription": "Method looks like an event handler (Sender: TObject) but nothing in any .dfm references it. Likely leftover from a deleted control - remove or wire it up.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "dead-code"],
      "detectorUnit": "uDfmOrphanHandler.pas",
      "examples": {
        "bad":  "procedure TForm1.btnOldClick(Sender: TObject);  // nothing binds this\nbegin\n  ...\nend;",
        "good": "(remove the method or bind it from a control)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA030",
      "kind": "DfmEmptyBoundEvent",
      "name": "Empty bound event handler",
      "shortDescription": "Event is wired in DFM, method exists, body is empty",
      "fullDescription": "An empty handler with a live DFM binding is almost always a stub forgotten after the designer added it. Either remove the binding or implement the handler.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "stub"],
      "detectorUnit": "uDfmEmptyBoundEvent.pas",
      "examples": {
        "bad":  "procedure TForm1.btnSaveClick(Sender: TObject);\nbegin\nend;",
        "good": "(implement the handler or clear OnClick in the designer)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA031",
      "kind": "DfmSchemaMismatch",
      "name": "DFM component without published field",
      "shortDescription": "Component in DFM has no matching published field in the form class",
      "fullDescription": "DFM streaming requires every named component to have a corresponding published field in the host class. A missing field crashes form construction with EReadError.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["dfm", "streaming"],
      "detectorUnit": "uDfmSchemaMismatch.pas",
      "examples": {
        "bad":  "// .dfm contains object btnSave: TButton, but TForm1 has no btnSave: TButton field",
        "good": "(add the field to the published section of TForm1)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA032",
      "kind": "DfmCircularDataSource",
      "name": "Circular DataSource / Master-Detail loop",
      "shortDescription": "Cycle in DataSource.DataSet / DataSet.MasterSource edges",
      "fullDescription": "A cycle in the master-detail graph causes infinite recursion during BeforeOpen or any refresh and stack-overflows the process. Break the cycle by removing one of the links.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["dfm", "data-access", "infinite-loop"],
      "detectorUnit": "uDfmCircularDataSource.pas",
      "examples": {
        "bad":  "QA.MasterSource = dsB   QB.MasterSource = dsA   // cycle",
        "good": "(make one query the parent, the other the detail)"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA033",
      "kind": "DfmSqlFromUserInput",
      "name": "SQL property built from UI input",
      "shortDescription": "Query.SQL assembled from form-control Text / Caption properties",
      "fullDescription": "A DB-query SQL property (TADOQuery / TFDQuery / TUniQuery / TZQuery / TKSQLQuery.SQL.Text) is assembled by concatenating the Text / Caption / Hint / EditText / ItemText property of a UI input control (TEdit, TComboBox, TMaskEdit, ...) - classic SQL injection through the form. A user typing `' OR ''1''=''1' --` into the search field reads any row; `'; DROP TABLE Users; --` is destructive. Refactor: bind named parameters and assign via ParamByName, never concatenate. This detector is the DFM/UI-path companion to SCA003 (lexical SQL injection) and SCA058 (dangerous SQL statement).",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["dfm", "sql", "injection", "security"],
      "cwe": ["CWE-89"],
      "owasp": ["A03:2021-Injection"],
      "detectorUnit": "uDfmSqlFromUserInput.pas",
      "examples": {
        "bad":  "FDQuery1.SQL.Text := 'SELECT * FROM U WHERE Name=''' + EdName.Text + '''';",
        "good": "FDQuery1.SQL.Text := 'SELECT * FROM U WHERE Name=:n';\nFDQuery1.ParamByName('n').AsString := EdName.Text;"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA034",
      "kind": "DfmRequiredFieldUnbound",
      "name": "Required field has no UI binding",
      "shortDescription": "TField with Required=True has no bound input control",
      "fullDescription": "A required field that the user cannot reach makes every insert fail with 'Field X must have a value'. Either bind a control or drop the Required=True.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["dfm", "ux", "required-field"],
      "detectorUnit": "uDfmRequiredField.pas",
      "examples": {
        "bad":  "FieldDefs: Email Required=True   // no DBEdit / DBLookup bound to it",
        "good": "(bind a DBEdit to the Email field)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA035",
      "kind": "DfmRequiredFieldNotVisible",
      "name": "Required field only on hidden controls",
      "shortDescription": "TField with Required=True is bound only to Visible=False controls",
      "fullDescription": "Control exists but the user cannot see or interact with it - inserts fail every time. Make at least one bound control visible or drop the Required=True.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["dfm", "ux", "required-field"],
      "detectorUnit": "uDfmRequiredField.pas",
      "examples": {
        "bad":  "DBEdit1.DataField = 'Email'   DBEdit1.Visible = False",
        "good": "(make the control visible or remove Required=True)"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA036",
      "kind": "DfmFieldTypeMismatch",
      "name": "UI control type mismatched with TField",
      "shortDescription": "DB control class does not match TField.DataType (TDBEdit for TBooleanField)",
      "fullDescription": "User sees the raw value and can corrupt the type. Pick a control compatible with the field type (TDBCheckBox for booleans, TDBLookupComboBox for FKs).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "ux", "db-binding"],
      "detectorUnit": "uDfmFieldTypeMismatch.pas",
      "examples": {
        "bad":  "DBEdit1.DataField = 'IsActive'   // TBooleanField",
        "good": "DBCheckBox1.DataField = 'IsActive'"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA037",
      "kind": "DfmTabOrderConflict",
      "name": "Duplicate TabOrder among siblings",
      "shortDescription": "Two sibling controls in the same parent share the same TabOrder value",
      "fullDescription": "VCL serialisation tolerates duplicate TabOrder but tab navigation becomes order-of-declaration dependent and unpredictable for the user. Renumber so TabOrder is unique per parent.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "ux"],
      "detectorUnit": "uDfmTabOrderConflict.pas",
      "examples": {
        "bad":  "EdA.TabOrder = 0\nEdB.TabOrder = 0   // same parent",
        "good": "EdA.TabOrder = 0\nEdB.TabOrder = 1"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA038",
      "kind": "DfmForbiddenClass",
      "name": "Component uses forbidden class",
      "shortDescription": "Component class is in the project's ForbiddenClasses list",
      "fullDescription": "Style-guide enforcement for project-specific class bans (TQuery, TLabel if you have a TStyledLabel, ...). Detector stays silent unless the project sets `[Components] ForbiddenClasses=...` in analyser.ini.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "style-guide"],
      "configKey": "[Components] ForbiddenClasses",
      "detectorUnit": "uDfmForbiddenClass.pas",
      "examples": {
        "bad":  "object Query1: TQuery   // ForbiddenClasses=TQuery",
        "good": "object FDQuery1: TFDQuery"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA039",
      "kind": "DfmDbInUiForm",
      "name": "DB component on UI form",
      "shortDescription": "TFDQuery / TFDConnection directly on a TForm/TFrame instead of a DataModule",
      "fullDescription": "Database infrastructure on a UI form couples persistence to presentation - hard to reuse, hard to test. Move to a TDataModule and reference it from the form.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "architecture", "data-access"],
      "detectorUnit": "uDfmDbInUiForm.pas",
      "examples": {
        "bad":  "object frmInvoice: TForm\n  object FDQuery1: TFDQuery ...",
        "good": "object dmInvoice: TDataModule\n  object FDQuery1: TFDQuery ..."
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA040",
      "kind": "DfmCrossFormCoupling",
      "name": "Cross-form field access",
      "shortDescription": "Code in Form1 reads / writes Form2.<published_field> directly",
      "fullDescription": "Reaching across forms to grab a child control breaks encapsulation - any rename in Form2 silently breaks Form1. Expose a property or method on Form2 instead.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["dfm", "architecture", "coupling"],
      "detectorUnit": "uDfmCrossFormCoupling.pas",
      "examples": {
        "bad":  "Form2.EdName.Text := 'x';",
        "good": "Form2.UserName := 'x';   // property on Form2"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA041",
      "kind": "DfmLayerViolation",
      "name": "Input control directly on TForm",
      "shortDescription": "Input control sits on the form instead of being embedded in a TPanel / TGroupBox",
      "fullDescription": "Layered layout (Form > Panel > Group > Controls) makes resizing, DPI-scaling, and theming significantly easier. Wrap controls in a layout container.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "layout"],
      "detectorUnit": "uDfmLayerViolation.pas",
      "examples": {
        "bad":  "object frmEdit: TForm\n  object EdName: TEdit  // direct child of form",
        "good": "object frmEdit: TForm\n  object pnlBody: TPanel\n    object EdName: TEdit"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA042",
      "kind": "DfmGodHandler",
      "name": "God event handler",
      "shortDescription": "Single method wired to >= N component events (default N=5)",
      "fullDescription": "Spaghetti indicator: one handler dispatching dozens of events is hard to read, hard to change, and almost always has cohesion problems. Split by responsibility.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "design"],
      "configKey": "[Detectors] DfmGodHandlerMaxEvents",
      "detectorUnit": "uDfmGodHandler.pas",
      "examples": {
        "bad":  "btn1.OnClick = HandleEverything\nbtn2.OnClick = HandleEverything\nbtn3.OnClick = HandleEverything\nbtn4.OnClick = HandleEverything\nbtn5.OnClick = HandleEverything",
        "good": "(one handler per logical action)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA043",
      "kind": "DfmActionMismatch",
      "name": "Component has Action + OnClick",
      "shortDescription": "Action and OnClick both set - Action wins, OnClick is dead code",
      "fullDescription": "When a TAction is assigned, VCL routes events through the action object and the OnClick never fires. Pick one or call the OnClick body from the action's OnExecute.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["dfm", "dead-code"],
      "detectorUnit": "uDfmActionMismatch.pas",
      "examples": {
        "bad":  "object btnSave: TButton\n  Action = actSave\n  OnClick = btnSaveClick   // never fires\nend",
        "good": "(remove OnClick or remove Action)"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA044",
      "kind": "ConcatToFormat",
      "name": "Long string concat - prefer Format()",
      "shortDescription": "Multi-segment string concatenation - extract to a Format() call",
      "fullDescription": "Chains of `'a' + Var + 'b' + IntToStr(N)` (three or more concatenations involving non-literal segments) are harder to scan and harder to translate than `Format('a%sb%d', [Var, N])`: every IntToStr / FloatToStr / FormatDateTime in the middle of a string is one more place where a `resourcestring` cannot capture the message template. The detector triggers from 3 segments / 2 non-literal pieces upward, ignores trivial cases (`'<' + Name + '>'`) and skips lines under an active `// noinspection ConcatToFormat`. The flagged form may be intentional in performance-critical inner loops where Format's varargs box; the suppression marker is for that case.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["maintainability", "string-formatting"],
      "detectorUnit": "uConcatToFormat.pas",
      "examples": {
        "bad":  "Msg := 'User ' + Name + ' has ' + IntToStr(N) + ' open tickets';",
        "good": "Msg := Format('User %s has %d open tickets', [Name, N]);"
      },
      "cleanCodeAttribute": "EFFICIENT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA045",
      "kind": "WithStatement",
      "name": "with X do ...",
      "shortDescription": "with statement - scope-shadowing trap the compiler does not warn about",
      "fullDescription": "Marco Cantu, delphi.org and Stack Overflow consistently rank `with` among the top Delphi bug sources. Identifiers from the outer scope get silently shadowed by members of the with-target. Use a local variable alias instead.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["scope", "delphi-classic"],
      "detectorUnit": "uWithStatement.pas",
      "examples": {
        "bad":  "with Customer do\nbegin\n  Name := SomeName;   // Customer.Name? or local Name?\nend;",
        "good": "C := Customer;\nC.Name := SomeName;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA046",
      "kind": "ReversedForRange",
      "name": "for i := High to Low - missing downto",
      "shortDescription": "for i := 10 to 1 do - loop body never executes",
      "fullDescription": "`for i := 10 to 1 do` is a downto-vs-to typo: in Pascal a `to`-loop with start > end iterates zero times, so the body silently never runs and the bug shows up as missing side-effects with no compiler warning. The detector evaluates compile-time integer expressions on both sides (literals, simple negations, and `Length(arr)-1` for constant-length declarations) so `for i := Length(L)-1 to 0` is flagged. Variable-bounded loops are excluded - they may legitimately do nothing depending on runtime data. To iterate descending, write `downto`; to express 'maybe empty' explicitly, guard with an `if From <= To`.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["loop", "typo"],
      "detectorUnit": "uReversedForRange.pas",
      "examples": {
        "bad":  "for i := 10 to 1 do DoStuff(i);",
        "good": "for i := 10 downto 1 do DoStuff(i);"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA047",
      "kind": "SelfAssignment",
      "name": "x := x",
      "shortDescription": "Self-assignment - no-op or copy-paste typo",
      "fullDescription": "Detector excludes property setters with documented side effects. A bare `x := x` is almost always a typo where one side should be a different variable.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["typo", "no-op"],
      "detectorUnit": "uSelfAssignment.pas",
      "examples": {
        "bad":  "Customer.Name := Customer.Name;",
        "good": "Customer.Name := NewName;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA048",
      "kind": "VirtualCallInCtor",
      "name": "Virtual call in constructor",
      "shortDescription": "Virtual method invoked from constructor - subclass override sees half-initialised Self",
      "fullDescription": "C++ FAQ 23.5 / Effective Java item 17 in Delphi form: virtual dispatch in a ctor runs the most-derived override before subclass fields are initialised. Defer to a non-virtual post-construction hook.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["oop", "initialization-order"],
      "cwe": ["CWE-665"],
      "detectorUnit": "uVirtualCallInCtor.pas",
      "examples": {
        "bad":  "constructor TBase.Create;\nbegin\n  Configure;   // virtual\nend;",
        "good": "constructor TBase.Create;\nbegin\n  // skip virtual call\nend;\nprocedure TBase.AfterConstruction;\nbegin\n  Configure;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA049",
      "kind": "LengthUnderflow",
      "name": "Length(s) - N without guard",
      "shortDescription": "Length / .Count with subtraction - native-uint underflow when empty",
      "fullDescription": "`Length(s) - 1` on an empty string evaluates to 0 - 1 = MaxUInt under NativeUInt arithmetic and indexes into garbage. Guard for emptiness or cast to NativeInt.",
      "defaultSeverity": "Hint",
      "type": "Bug",
      "tags": ["arithmetic", "underflow"],
      "detectorUnit": "uLengthUnderflow.pas",
      "examples": {
        "bad":  "Last := s[Length(s) - 1];",
        "good": "if Length(s) >= 2 then Last := s[Length(s) - 1];"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA050",
      "kind": "CanBeUnitPrivate",
      "name": "Public member could be unit-private",
      "shortDescription": "Public member is referenced only within the current unit - Delphi-classic `private` (unit-scope) suffices",
      "fullDescription": "Single-file analysis: the `public` member is referenced from somewhere in the same unit (other classes, top-level procedures, ...), but NOT exclusively from the declaring class itself. Tightening to Delphi-classic `private` (which is unit-scope, not class-scope) is safe: every legal caller within the unit keeps working. This detector intentionally runs single-file ONLY - the previous cross-unit/cross-project scan produced too many false positives (RTTI/DFM streaming, sibling .dpk/.dproj consumers, generic instantiations, plugin APIs). The hint is a recommendation; if a foreign unit consumes the member, the compiler will catch the broken visibility with E2361 once the change is applied. Skips: published, virtual/abstract/override/dynamic, class constructors/destructors, RTTI-driven base classes (TForm/TFrame/TDataModule/TComponent), pure-class-method utility classes. Suppress per-line with `// noinspection CanBeUnitPrivate` for intentional public surface (library API, plugin entry point).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["encapsulation", "visibility"],
      "detectorUnit": "uVisibilityCheck.pas",
      "examples": {
        "bad":  "type\n  TFoo = class\n  public\n    procedure Helper;\n  end;\n  TBar = class\n    procedure Run;  // calls Foo.Helper - same unit\n  end;",
        "good": "type\n  TFoo = class\n  private\n    procedure Helper;\n  end;\n// Same-unit access stays legal under Delphi-classic `private`."
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA051",
      "kind": "CanBeProtected",
      "name": "Public member could be protected",
      "shortDescription": "Public member referenced only from subclasses, never externally",
      "fullDescription": "Single-file analysis: every visible caller of the public member is itself a method of a class deriving from the declaring class. `protected` is the minimum visibility that satisfies all current call sites and signals the design intent ('this is an extension hook, not part of the consumer API'). Same single-file caveat as CanBeUnitPrivate / CanBeStrictPrivate: cross-unit consumers are invisible to the detector; the compiler verifies the refactor via E2361 if a foreign caller exists. Skips: published / RTTI-exposed members, virtual/override roots that are part of the documented hierarchy. Tighten with confidence inside the declaring project; for shipped library APIs verify external callers manually first.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["encapsulation", "visibility"],
      "detectorUnit": "uVisibilityCheck.pas",
      "examples": {
        "bad":  "public\n  procedure HookForSubclasses; virtual;",
        "good": "protected\n  procedure HookForSubclasses; virtual;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA052",
      "kind": "UnusedPublicMember",
      "name": "Unused public member (dead API)",
      "shortDescription": "Public member is never referenced from any subclass or cross-unit path",
      "fullDescription": "No internal use AND no external use found - dead API surface. Either remove or document as intentionally exported (e.g. for binary compatibility).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "api"],
      "detectorUnit": "uVisibilityCheck.pas",
      "examples": {
        "bad":  "public\n  procedure NeverCalled;",
        "good": "(remove or document why it stays)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA053",
      "kind": "UnusedLocalVar",
      "name": "Unused local variable",
      "shortDescription": "Local var declared but never referenced in method body",
      "fullDescription": "A `var X: T;` in a method body is declared but never read or written in the same body. Mirrors Delphi compiler hint H2164 but emitted as an SCA finding so it can be filtered, suppressed, prioritized and tracked uniformly with the other rules - useful when H2164 is muted project-wide. The body scan recognises `with`-rebound identifiers and ignores variables whose names match an existing field/property (the `with` would rebind them implicitly). Inline-vars introduced by `var X: T := ...` are treated identically. Suppress with `// noinspection UnusedLocalVar` when the variable is intentionally kept (declarative documentation, or required-by-API record initialization).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "locals"],
      "detectorUnit": "uUnusedLocal.pas",
      "examples": {
        "bad":  "var\n  Tmp: Integer;   // never used\nbegin\n  DoStuff;\nend;",
        "good": "(remove the variable)"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA054",
      "kind": "UnusedParameter",
      "name": "Unused method parameter",
      "shortDescription": "Method parameter is never used in the body",
      "fullDescription": "A formal parameter is declared but never read in the method body. The parameter clutters the call site (every caller passes a value that has no effect) and obscures the method's true dependencies. Refactor: drop the parameter, or move the call site to a different overload that doesn't take it. The detector intentionally skips externally constrained signatures: `override` (parent signature is fixed), `; virtual; abstract` placeholder bodies, interface implementations (signature dictated by interface), event handlers (`Sender: TObject` and the rest of the event tuple), and methods registered as DFM event handlers. Suppress per-method with `// noinspection UnusedParameter` for stable-shape callbacks (RTTI/streaming).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "api-design"],
      "detectorUnit": "uUnusedParameter.pas",
      "examples": {
        "bad":  "procedure Process(const Data: TData; Mode: Integer);  // Mode never referenced",
        "good": "procedure Process(const Data: TData);"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA055",
      "kind": "TautologicalBoolExpr",
      "name": "Tautological boolean expression",
      "shortDescription": "Binary operator with identical LHS and RHS: x = x, a and a, (p <> p)",
      "fullDescription": "A binary operator has the textually identical operand on both sides: `x = x`, `a and a`, `(p <> p)`. The expression evaluates to a constant (True or False) at compile time and almost always indicates a typo - the operand was meant to be a similarly named identifier (`a = b`, `p1 <> p2`). The detector tracks: equality / inequality / ordering (`=`, `<>`, `<`, `>`, `<=`, `>=`) and boolean ops (`and`, `or`, `xor`). Arithmetic operators (`+`, `-`, `*`) are intentionally exempt: `x + x` and `a * a` are legitimate idioms. Operand normalisation lowers case and strips redundant whitespace but preserves string-literal content so `'foo' = 'foo'` is correctly flagged. Detector requires identifier-equality across the operator - a function call with side-effects (`Next = Next`) is also flagged because two calls produce the bug regardless.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["typo", "copy-paste"],
      "detectorUnit": "uTautologicalExpr.pas",
      "examples": {
        "bad":  "if (a = a) then ...",
        "good": "if (a = b) then ..."
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA056",
      "kind": "DfmMasterDetailUnlinked",
      "name": "Master-Detail without MasterFields",
      "shortDescription": "TDataSet has MasterSource set but no MasterFields / IndexFieldNames",
      "fullDescription": "VCL silently performs a Cartesian product instead of the intended Master-Detail join - every parent row pulls every detail row at runtime. Fix by setting MasterFields (and IndexFieldNames for IB/FB).",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["dfm", "data-access", "performance"],
      "detectorUnit": "uDfmMasterDetailUnlinked.pas",
      "examples": {
        "bad":  "QDetail.MasterSource = dsMaster   // MasterFields = '' (empty)",
        "good": "QDetail.MasterSource = dsMaster   QDetail.MasterFields = 'OrderID'"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA057",
      "kind": "DfmDataModuleSplitHint",
      "name": "Form has many DB components - split DataModule",
      "shortDescription": "Aggregated hint: form holds >= N DB components",
      "fullDescription": "Aggregate of multiple `DfmDbInUiForm` findings on the same form - once the count reaches the configured threshold (default 3), SCA replaces the N individual findings with a single 'extract a TDataModule' hint to avoid noise and to surface the architectural fix instead of pointing at one component at a time. Moving DB access to a TDataModule cleanly separates data plumbing from UI: the same TFDConnection and queries can be shared by multiple forms, the DB layer is testable without instantiating a TForm, and DesignForm vs RuntimeForm setup stays clean. Threshold via [Detectors] DfmDataModuleSplitMin (default 3 - kept low because once you see 3 DB components on a form, the pattern is already wrong).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dfm", "architecture"],
      "configKey": "[Detectors] DfmDataModuleSplitMin",
      "detectorUnit": "uDfmDataModuleSplitHint.pas",
      "examples": {
        "bad":  "(TForm with 5+ TFDQuery/TFDConnection components)",
        "good": "(move all DB components to a TDataModule)"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA058",
      "kind": "SqlDangerousStatement",
      "name": "UPDATE / DELETE / TRUNCATE without WHERE",
      "shortDescription": "SQL statement modifies every row - missing WHERE clause",
      "fullDescription": "`UPDATE Users SET Active=0` without WHERE flips every row in the table. Same for `DELETE FROM ...` and `TRUNCATE TABLE ...`. Production-disaster waiting to happen.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["sql", "data-loss"],
      "cwe": ["CWE-89"],
      "detectorUnit": "uSqlDangerousStatement.pas",
      "examples": {
        "bad":  "Q.SQL.Text := 'UPDATE Users SET Active=0';",
        "good": "Q.SQL.Text := 'UPDATE Users SET Active=0 WHERE Id=:id';"
      },
      "cleanCodeAttribute": "LAWFUL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA059",
      "kind": "FormatLocaleHint",
      "name": "Format() float spec without TFormatSettings",
      "shortDescription": "%.2f / %.3f without explicit TFormatSettings - comma vs dot decimal trap",
      "fullDescription": "On a DE Windows `Format('%.2f', [3.14])` yields '3,14'; on EN-US it yields '3.14'. For machine-readable output (SQL, JSON, CSV) always pass `TFormatSettings.Invariant`.",
      "defaultSeverity": "Hint",
      "type": "Bug",
      "tags": ["string-formatting", "i18n", "locale"],
      "detectorUnit": "uFormatMismatch.pas",
      "examples": {
        "bad":  "S := Format('%.2f', [Price]);",
        "good": "S := Format('%.2f', [Price], TFormatSettings.Invariant);"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA060",
      "kind": "GotoStatement",
      "name": "goto statement",
      "shortDescription": "`goto` weakens structured control flow",
      "fullDescription": "`goto` and labels make the control flow non-structural: loops, nesting and try/finally become hard to follow. SonarDelphi tracks the same as communitydelphi:GotoStatement. Modern Delphi code rarely justifies goto - even multi-level break is cleaner as an extracted procedure with Exit.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["control-flow", "delphi-classic"],
      "detectorUnit": "uGotoStatement.pas",
      "examples": {
        "bad":  "label MyExit;\nbegin\n  if Failed then goto MyExit;\n  ...\n  MyExit:\nend;",
        "good": "if Failed then Exit;\n..."
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA061",
      "kind": "TabulationCharacter",
      "name": "Tab character in source",
      "shortDescription": "Tab characters render inconsistently across editors - use spaces",
      "fullDescription": "Pascal coding convention has been space-indentation since the 80s. Tabs render at 2/4/8 columns depending on the editor, break code-review side-by-side diffs and confuse alignment. SonarDelphi tracks the same as communitydelphi:TabulationCharacter.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["formatting", "style"],
      "detectorUnit": "uTabulationCharacter.pas",
      "examples": {
        "bad":  "procedure Foo;\nbegin\n<TAB>DoStuff;\nend;",
        "good": "procedure Foo;\nbegin\n  DoStuff;\nend;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA062",
      "kind": "TooLongLine",
      "name": "Source line too long",
      "shortDescription": "Line exceeds 120 characters - wrap or extract subexpression",
      "fullDescription": "Lines over 120 chars don't fit in a standard side-by-side code review (2*120+gutter) and overflow 16:9 monitor thirds. SonarDelphi default and Sun/Java style guides agree on 120. Threshold currently hardcoded; planned config key '[Detectors] MaxLineLength'.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["formatting", "style"],
      "detectorUnit": "uTooLongLine.pas",
      "examples": {
        "bad":  "result := SomeReallyLongFunction(ArgumentOne, ArgumentTwo, ArgumentThree, ArgumentFour, ArgumentFive);",
        "good": "result := SomeReallyLongFunction(\n  ArgumentOne, ArgumentTwo,\n  ArgumentThree, ArgumentFour, ArgumentFive);"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA063",
      "kind": "TrailingWhitespace",
      "name": "Trailing whitespace",
      "shortDescription": "Line ends with space or tab - hygiene for diffs",
      "fullDescription": "Trailing space/tab at end of line creates phantom diff lines whenever an editor with 'trim trailing whitespace on save' touches the file. SonarDelphi tracks the same as communitydelphi:TrailingWhitespace.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["formatting", "style"],
      "detectorUnit": "uTrailingWhitespace.pas",
      "examples": {
        "bad":  "  DoStuff;   <-- trailing spaces",
        "good": "  DoStuff;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA064",
      "kind": "LowercaseKeyword",
      "name": "Pascal keyword not lowercase",
      "shortDescription": "Pascal keywords (`begin`/`end`/`procedure`/...) should be lowercase",
      "fullDescription": "Object-Pascal style guide (Embarcadero DocWiki, Marco Cantu, SonarDelphi) is unambiguous: keywords are lowercase. Mixed-case variants like `Begin`/`End`/`Procedure` are leftovers from Turbo-Pascal/Delphi-1 era and create inconsistency in modern codebases. SonarDelphi tracks the same as communitydelphi:LowercaseKeyword.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["formatting", "style", "convention"],
      "detectorUnit": "uLowercaseKeyword.pas",
      "examples": {
        "bad":  "Procedure Foo;\nBegin\n  If X then DoStuff;\nEnd;",
        "good": "procedure Foo;\nbegin\n  if X then DoStuff;\nend;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA065",
      "kind": "NoSonarMarker",
      "name": "NOSONAR suppression marker",
      "shortDescription": "`// NOSONAR` marker should not silence findings - audit usage",
      "fullDescription": "NOSONAR markers are technical debt: each one silences a finding without fixing the underlying issue. SCA reports every NOSONAR so reviewers can audit suppressions during code review. SCA uses its own `// noinspection` marker for native suppression - NOSONAR-decorated code coming from SonarDelphi should be migrated. Matches SonarDelphi communitydelphi:NoSonar.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["suppression", "audit"],
      "detectorUnit": "uNoSonarMarker.pas",
      "examples": {
        "bad":  "Dispose(P); // NOSONAR - we know about this",
        "good": "// noinspection - covered by integration test\nDispose(P);"
      },
      "cleanCodeAttribute": "TRUSTWORTHY",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA066",
      "kind": "EmptyArgumentList",
      "name": "Empty argument list",
      "shortDescription": "`Foo()` should be `Foo;` - drop empty parens",
      "fullDescription": "Delphi convention is to write parameterless calls without `()`. The C-style `Foo()` form adds noise without communicating anything and is inconsistent with the rest of the language (procedures, properties, function refs all omit parens when no args). Matches SonarDelphi communitydelphi:EmptyArgumentList.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "convention"],
      "detectorUnit": "uEmptyArgumentList.pas",
      "examples": {
        "bad":  "MyProc();\nResult := MyFunc();",
        "good": "MyProc;\nResult := MyFunc;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA067",
      "kind": "InlineAssembly",
      "name": "Inline assembly block",
      "shortDescription": "`asm...end` block - prefer Pascal + compiler intrinsics",
      "fullDescription": "Inline assembly creates platform lock-in (x86/x64-only bytes that don't survive ARM cross-compile or FreePascal targets), bypasses the Delphi optimizer (no inlining or reorg), and is hard to debug. The valid use cases (CPUID detection, MMX/SSE intrinsics) are covered by RTL helpers. Matches SonarDelphi communitydelphi:InlineAssembly.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["portability", "maintainability"],
      "detectorUnit": "uInlineAssembly.pas",
      "examples": {
        "bad":  "function Cpuid: Cardinal;\nasm\n  XOR EAX, EAX\n  CPUID\nend;",
        "good": "function Cpuid: Cardinal;\nbegin\n  Result := GetCpuFeatures;\nend;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA068",
      "kind": "TrailingCommaArgList",
      "name": "Trailing comma in argument list",
      "shortDescription": "`Foo(A, B,)` - drop the comma or add the missing argument",
      "fullDescription": "Trailing comma before `)` in Delphi has no semantic benefit (unlike Python/JS where it stabilizes the diff) and suggests a forgotten argument. Matches SonarDelphi communitydelphi:TrailingCommaArgumentList.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "bug-risk"],
      "detectorUnit": "uTrailingCommaArgList.pas",
      "examples": {
        "bad":  "WriteLn('A', 'B', );\nDoStuff(Param1, Param2,);",
        "good": "WriteLn('A', 'B');\nDoStuff(Param1, Param2);"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA069",
      "kind": "DigitGrouping",
      "name": "Integer literal without digit grouping",
      "shortDescription": "Large integer literals should use `_` separator",
      "fullDescription": "Delphi 10.4+ supports `_` as a digit separator in numeric literals. Constants like timeouts (1_800_000 ms = 30 min), file sizes (1_048_576 = 1 MiB), money cents and the like are dramatically more readable with explicit grouping. Threshold is 5 digits (hardcoded; `[Detectors] DigitGroupingThreshold` is planned). Hex and float literals are exempted (different convention). Matches SonarDelphi communitydelphi:DigitGrouping.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["readability", "modern-delphi"],
      "detectorUnit": "uDigitGrouping.pas",
      "examples": {
        "bad":  "const TIMEOUT_MS = 1800000;\nconst MAX_BYTES = 10485760;",
        "good": "const TIMEOUT_MS = 1_800_000;\nconst MAX_BYTES = 10_485_760;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA070",
      "kind": "CommentedOutCode",
      "name": "Commented-out code",
      "shortDescription": "Comment looks like Pascal code - delete or document",
      "fullDescription": "Heuristic: comment content with 2+ code-style markers (trailing `;`, `:=`, keywords `begin`/`end`/`procedure`/`function`/`if`/`then`/`for`/`while`) is almost certainly commented-out code. Such code rots silently: nobody dares delete it, nobody updates it. Either remove it, or replace with a TODO that explains the intent. Matches SonarDelphi communitydelphi:CommentedOutCode.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["maintenance", "dead-code"],
      "detectorUnit": "uCommentedOutCode.pas",
      "examples": {
        "bad":  "// X := 42;\n// if Active then Process;",
        "good": "// TODO: re-enable once issue #123 is fixed - see history"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA071",
      "kind": "UnitLevelKeywordIndent",
      "name": "Unit-level keyword not at column 1",
      "shortDescription": "`unit`/`interface`/`implementation`/`initialization`/`finalization` should start at column 1",
      "fullDescription": "Object Pascal convention is that the structural section keywords of a unit are flush-left at column 1. Indented section keywords obscure the unit's structure when scanning and may hint at miscounted begin/end nesting. Matches SonarDelphi communitydelphi:UnitLevelKeywordIndentation.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "structure"],
      "detectorUnit": "uUnitLevelKeywordIndent.pas",
      "examples": {
        "bad":  "  implementation\n\n  procedure Foo; ...",
        "good": "implementation\n\nprocedure Foo; ..."
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA072",
      "kind": "RedundantBoolean",
      "name": "Redundant boolean comparison",
      "shortDescription": "`X = True` should be `X` (and `X <> False` likewise)",
      "fullDescription": "Comparing a Boolean to True/False is verbose and creates subtle bugs (WinAPI BOOL where Truthy != 1 evaluates `X = True` to false). The expression itself already is the condition. Matches SonarDelphi communitydelphi:RedundantBoolean. Note: `const X = True;` declarations are excluded (legitimate assignment, not comparison).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "bug-risk"],
      "detectorUnit": "uRedundantBoolean.pas",
      "examples": {
        "bad":  "if Active = True then ...\nif Disabled <> False then ...",
        "good": "if Active then ...\nif Disabled then ..."
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA073",
      "kind": "EmptyInterface",
      "name": "Empty interface declaration",
      "shortDescription": "Interface with no methods/properties carries no contract",
      "fullDescription": "An `IFoo = interface end;` body without any methods or properties is either a refactor leftover or a marker interface in disguise. Marker interfaces are better modeled as attribute classes in Delphi. Matches SonarDelphi communitydelphi:EmptyInterface.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["api-design", "dead-code"],
      "detectorUnit": "uEmptyInterface.pas",
      "examples": {
        "bad":  "type IServiceMarker = interface end;",
        "good": "type ServiceMarkerAttribute = class(TCustomAttribute) end;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA074",
      "kind": "AssertMessage",
      "name": "Assert without message",
      "shortDescription": "`Assert(cond);` - add a `'why'` message for diagnosis",
      "fullDescription": "`Assert(cond)` alone fails with the generic 'Assertion failed at $address' - no clue what was actually expected. `Assert(cond, 'why')` saves debugging hours. Matches SonarDelphi communitydelphi:AssertMessage.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["debuggability", "errors"],
      "detectorUnit": "uAssertMessage.pas",
      "examples": {
        "bad":  "Assert(Items.Count > 0);",
        "good": "Assert(Items.Count > 0, 'caller must ensure non-empty Items');"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA075",
      "kind": "ExplicitTObjectInheritance",
      "name": "Explicit TObject inheritance",
      "shortDescription": "`class(TObject)` is redundant - drop the parens",
      "fullDescription": "Every class implicitly inherits from TObject; `TFoo = class(TObject)` is identical to `TFoo = class`. Removing the explicit base highlights real inheritance changes in diffs. Matches SonarDelphi communitydelphi:ExplicitTObjectInheritance.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "redundancy"],
      "detectorUnit": "uExplicitTObjectInheritance.pas",
      "examples": {
        "bad":  "type TFoo = class(TObject) ... end;",
        "good": "type TFoo = class ... end;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA076",
      "kind": "GroupedDeclaration",
      "name": "Grouped variable / field / parameter declaration",
      "shortDescription": "Split `A, B: Type` into one declaration per line",
      "fullDescription": "Grouped declarations (`A, B, C: Integer;` for vars, fields or parameters) confuse diffs (a new variable changes an existing line), prevent per-variable comments, and complicate type-change refactors. Each declaration on its own line is cleaner. Unifies SonarDelphi communitydelphi:GroupedFieldDeclaration / :GroupedVariableDeclaration / :GroupedParameterDeclaration into one rule (SCA may split later).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "diff-hygiene"],
      "detectorUnit": "uGroupedDeclaration.pas",
      "examples": {
        "bad":  "var A, B, C: Integer;\nfield FX, FY: TPoint;",
        "good": "var A: Integer;\n    B: Integer;\n    C: Integer;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA077",
      "kind": "EmptyBlock",
      "name": "Empty begin..end block",
      "shortDescription": "Empty `begin..end` - delete it or fill in the statement",
      "fullDescription": "An empty `begin..end` is almost always a refactor leftover or never-filled-in placeholder. Either delete it or implement the missing logic. Top-level unit `begin end.` initialization sections are exempted (that is the empty init form, not a refactor rest). Matches SonarDelphi communitydelphi:EmptyBlock.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "refactor"],
      "detectorUnit": "uEmptyBlock.pas",
      "examples": {
        "bad":  "if Active then begin end;",
        "good": "if Active then Activate;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA078",
      "kind": "ExceptOnException",
      "name": "Catch-all on root Exception class",
      "shortDescription": "`on E: Exception do` swallows everything including AV/OOM",
      "fullDescription": "Catching the root `Exception` class catches every error including unrecoverable ones (EAccessViolation, EOutOfMemory, EStackOverflow). Prefer a specific exception type (EDatabaseError, EFOpenError, EConvertError, ...) so unrelated failures aren't masked. Suppress with `// noinspection` if the catch-all is intentional (e.g. logger boundary).",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["error-handling", "bug-risk"],
      "detectorUnit": "uExceptOnException.pas",
      "examples": {
        "bad":  "try Foo; except on E: Exception do Log(E.Message); end;",
        "good": "try Foo; except on E: EDatabaseError do Log(E.Message); end;"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA079",
      "kind": "ConsecutiveSection",
      "name": "Consecutive const/type/var section",
      "shortDescription": "Two `const`/`type`/`var` blocks in a row should be merged",
      "fullDescription": "`const A = 1; const B = 2;` should be `const A = 1; B = 2;` - one section keyword can declare all of them. Same for `type` and `var`. Unifies SonarDelphi communitydelphi:ConsecutiveConstSection / :ConsecutiveTypeSection / :ConsecutiveVarSection into one rule. The section type is in the message.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "structure"],
      "detectorUnit": "uConsecutiveSection.pas",
      "examples": {
        "bad":  "const A = 1;\nconst B = 2;",
        "good": "const\n  A = 1;\n  B = 2;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA080",
      "kind": "RedundantJump",
      "name": "Redundant Exit/Continue/Break before end",
      "shortDescription": "`Exit;` / `Continue;` / `Break;` directly before `end` is a no-op",
      "fullDescription": "If `Exit` is the last statement of a procedure (or `Continue`/`Break` the last in a loop body), control flow already leaves the block - the jump statement is dead. Delete it to clarify intent. Matches SonarDelphi communitydelphi:RedundantJump.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "control-flow"],
      "detectorUnit": "uRedundantJump.pas",
      "examples": {
        "bad":  "procedure Foo;\nbegin\n  DoStuff;\n  Exit;\nend;",
        "good": "procedure Foo;\nbegin\n  DoStuff;\nend;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA081",
      "kind": "ClassPerFile",
      "name": "Multiple class declarations in one file",
      "shortDescription": "One class per unit makes refactoring easier",
      "fullDescription": "When a unit declares two or more public classes, finding and moving them between units is harder than necessary. SonarDelphi communitydelphi:ClassPerFile suggests the same. Forward declarations (`TFoo = class;`) and class-reference types (`TFooClass = class of TFoo`) are exempted.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["organization", "module-boundary"],
      "detectorUnit": "uClassPerFile.pas",
      "examples": {
        "bad":  "type\n  TFoo = class ... end;\n  TBar = class ... end;",
        "good": "// uFoo.pas\ntype TFoo = class ... end;\n// uBar.pas\ntype TBar = class ... end;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA082",
      "kind": "SuperfluousSemicolon",
      "name": "Double semicolon",
      "shortDescription": "`;;` - drop the extra semicolon",
      "fullDescription": "A double semicolon (`;;`) usually means a forgotten typo or a stray paste leftover. Compilers treat the second `;` as an empty statement, so it doesn't break, but it adds noise. Matches SonarDelphi communitydelphi:SuperfluousSemicolon.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["typo", "style"],
      "detectorUnit": "uSuperfluousSemicolon.pas",
      "examples": {
        "bad":  "DoStuff;;",
        "good": "DoStuff;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA083",
      "kind": "EmptyFinallyBlock",
      "name": "Empty finally block",
      "shortDescription": "`try ... finally end;` has no cleanup - either add it or drop the finally",
      "fullDescription": "An empty `finally` block is almost always a forgotten cleanup. If there really is nothing to clean up, drop the `try..finally` wrapper. Matches SonarDelphi communitydelphi:EmptyFinallyBlock.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["resource-leak", "refactor"],
      "detectorUnit": "uEmptyFinallyBlock.pas",
      "examples": {
        "bad":  "Stream := TFileStream.Create(P);\ntry\n  ...\nfinally\nend;",
        "good": "Stream := TFileStream.Create(P);\ntry\n  ...\nfinally\n  Stream.Free;\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA084",
      "kind": "AssignedAndAssignedNil",
      "name": "Redundant Assigned + nil check",
      "shortDescription": "`Assigned(X) and (X <> nil)` - drop the nil check",
      "fullDescription": "`Assigned(X)` for pointers and class instances is semantically identical to `X <> nil`. Combining both is redundant - the second check can never give a different result. Matches SonarDelphi communitydelphi:AssignedAndAssignedNil.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["redundancy", "style"],
      "detectorUnit": "uAssignedAndAssignedNil.pas",
      "examples": {
        "bad":  "if Assigned(Obj) and (Obj <> nil) then ...",
        "good": "if Assigned(Obj) then ..."
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA085",
      "kind": "FreeAndNilHint",
      "name": "X.Free; X := nil; should be FreeAndNil(X)",
      "shortDescription": "Use `FreeAndNil(X)` instead of `X.Free; X := nil;`",
      "fullDescription": "`FreeAndNil(X)` is the canonical Delphi idiom: it does both atomically and avoids a dangling pointer if `X.Free` raises (e.g. destructor failure). Manual two-line form is also more diff-noisy and easier to break apart during later refactors. Matches SonarDelphi communitydelphi:FreeAndNil.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["idiom", "safety"],
      "detectorUnit": "uFreeAndNilHint.pas",
      "examples": {
        "bad":  "Obj.Free;\nObj := nil;",
        "good": "FreeAndNil(Obj);"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA086",
      "kind": "AvoidOut",
      "name": "Avoid out parameter modifier",
      "shortDescription": "Prefer `var` over `out` (out has surprising semantics)",
      "fullDescription": "`out` parameters clear managed types (string/Interface/dynamic arrays) on method entry - the caller's value is discarded before the method runs. Record/simple types stay uninitialized, so reading the incoming value is UB. Both are rarely what was intended. `var` is the safer default unless you need the COM-interop semantics. Matches SonarDelphi communitydelphi:AvoidOut.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["api-design", "bug-risk"],
      "detectorUnit": "uAvoidOut.pas",
      "examples": {
        "bad":  "procedure Foo(out S: string);",
        "good": "procedure Foo(var S: string);"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA087",
      "kind": "EmptyVisibilitySection",
      "name": "Empty visibility section in class",
      "shortDescription": "`public`/`private`/... section header with no members",
      "fullDescription": "A class with a visibility keyword followed immediately by another visibility keyword (or `end`) is usually a refactor leftover - all members of that section moved elsewhere. Delete the empty header. Matches SonarDelphi communitydelphi:EmptyVisibilitySection.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "refactor"],
      "detectorUnit": "uEmptyVisibilitySection.pas",
      "examples": {
        "bad":  "type TFoo = class\n  public\n  private\n    FX: Integer;\n  end;",
        "good": "type TFoo = class\n  private\n    FX: Integer;\n  end;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA088",
      "kind": "LegacyInitializationSection",
      "name": "Legacy unit-init begin..end.",
      "shortDescription": "Use `initialization..end.` instead of legacy `begin..end.`",
      "fullDescription": "Pre-Delphi-2 units marked their init block with `begin..end.`. Since Delphi 2 the idiomatic form is `initialization..end.` which can be paired with an optional `finalization` block for symmetric cleanup. Matches SonarDelphi communitydelphi:LegacyInitializationSection.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["legacy", "modernization"],
      "detectorUnit": "uLegacyInitializationSection.pas",
      "examples": {
        "bad":  "// at end of unit:\nbegin\n  RegisterClass(TFoo);\nend.",
        "good": "initialization\n  RegisterClass(TFoo);\nend."
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA089",
      "kind": "PublicField",
      "name": "Public field in class",
      "shortDescription": "Public field breaks encapsulation - use a property",
      "fullDescription": "A public field exposes the underlying storage; callers can mutate it without the class noticing. A property gives the class the option to add validation/normalization later without breaking callers. Matches SonarDelphi communitydelphi:PublicField.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["encapsulation", "api-design"],
      "detectorUnit": "uPublicField.pas",
      "examples": {
        "bad":  "type TFoo = class\n  public\n    Count: Integer;\n  end;",
        "good": "type TFoo = class\n  private\n    FCount: Integer;\n  public\n    property Count: Integer read FCount write FCount;\n  end;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA090",
      "kind": "NestedTry",
      "name": "Nested try block",
      "shortDescription": "Nested `try..end` - consider extracting inner try into a method",
      "fullDescription": "Nesting try blocks makes the control flow of cleanup / error recovery harder to read. Most cases unwind by either re-ordering the cleanups or extracting the inner block into its own method. Matches SonarDelphi communitydelphi:NestedTry. The detector uses a depth heuristic (counting `try` vs `end` keywords) and may produce a few false positives in heavily nested begin/end code.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["error-handling", "complexity"],
      "detectorUnit": "uNestedTry.pas",
      "examples": {
        "bad":  "try\n  try\n    DoStuff;\n  finally\n    Cleanup;\n  end;\nexcept\n  Log;\nend;",
        "good": "ProtectedDoStuff;  // helper wraps the inner try"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA091",
      "kind": "CaseStatementSize",
      "name": "Large case statement",
      "shortDescription": "`case` with >= 10 branches - consider polymorphism / dispatch table",
      "fullDescription": "A `case` with many branches usually hides a polymorphism or strategy pattern. The code would be more open/closed (new behavior = new class, not new branch) and the file shorter when each branch becomes its own class method or a `TDictionary<Key, TProc>` entry. Matches SonarDelphi communitydelphi:CaseStatementSize. Threshold currently hardcoded; `[Detectors] MaxCaseBranches` is planned.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["complexity", "open-closed"],
      "detectorUnit": "uCaseStatementSize.pas",
      "examples": {
        "bad":  "case Op of\n  opA: ...; opB: ...; opC: ...; opD: ...; opE: ...;\n  opF: ...; opG: ...; opH: ...; opI: ...; opJ: ...;\nend;",
        "good": "FOperations[Op].Execute;  // dispatch table"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA092",
      "kind": "EmptyFile",
      "name": "Unit contains no declarations",
      "shortDescription": "Unit has no type/const/var/procedure/function - delete or fill in",
      "fullDescription": "A `.pas` file with a unit header but no declarations is dead weight. Either delete the file or fill in the placeholder. Matches SonarDelphi communitydelphi:EmptyFile.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "cleanup"],
      "detectorUnit": "uEmptyFile.pas",
      "examples": {
        "bad":  "unit X;\ninterface\nimplementation\nend.",
        "good": "// delete the file"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA093",
      "kind": "TwiceInheritedCalls",
      "name": "Multiple inherited calls in one method",
      "shortDescription": "Two or more `inherited;` in the same method - parent side-effects run twice",
      "fullDescription": "Each `inherited` invocation runs the parent implementation. Two calls fire side-effects (event notifications, refcount updates, log lines) twice. Almost always a copy-paste bug. Matches SonarDelphi communitydelphi:TwiceInheritedCalls.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["inheritance", "bug-risk"],
      "detectorUnit": "uTwiceInheritedCalls.pas",
      "examples": {
        "bad":  "procedure Foo;\nbegin\n  inherited;\n  DoStuff;\n  inherited;\nend;",
        "good": "procedure Foo;\nbegin\n  inherited;\n  DoStuff;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA094",
      "kind": "RedundantParentheses",
      "name": "Redundant double parentheses",
      "shortDescription": "`((Ident))` - drop the outer parens",
      "fullDescription": "Double parentheses around a single identifier, literal or simple expression add nothing - a single pair is sufficient (often none). Matches SonarDelphi communitydelphi:RedundantParentheses. Only the simple-expression case is flagged; complex `((A + B))` may still benefit from inner parens for precedence and is not reported.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "redundancy"],
      "detectorUnit": "uRedundantParentheses.pas",
      "examples": {
        "bad":  "if ((Active)) then ...\nResult := ((42));",
        "good": "if Active then ...\nResult := 42;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA095",
      "kind": "ConsecutiveVisibility",
      "name": "Consecutive visibility section",
      "shortDescription": "Same `public`/`private`/etc. section appears twice in one class",
      "fullDescription": "Two `private` (or `public`/`protected`/`published`) sections in the same class with members between them should be merged into one. Helps reviewers grasp class shape at a glance. Matches SonarDelphi communitydelphi:ConsecutiveVisibilitySection. Note: empty header followed by another header is the related but distinct `EmptyVisibilitySection` rule (SCA087).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["structure", "style"],
      "detectorUnit": "uConsecutiveVisibility.pas",
      "examples": {
        "bad":  "type TFoo = class\n  private FX: Integer;\n  public procedure A;\n  private FY: Integer;\n  end;",
        "good": "type TFoo = class\n  private\n    FX, FY: Integer;\n  public procedure A;\n  end;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA096",
      "kind": "ConstructorWithoutInherited",
      "name": "Constructor without inherited call",
      "shortDescription": "Constructor missing `inherited Create` - parent stays uninitialized",
      "fullDescription": "A constructor that does not call `inherited Create(...)` (or `inherited;`) skips parent-class initialization. Parent fields and registrations end up at default/nil state, which leads to follow-up crashes when methods expect the parent to be ready. Matches SonarDelphi communitydelphi:ConstructorWithoutInherited.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["inheritance", "initialization"],
      "detectorUnit": "uConstructorWithoutInherited.pas",
      "examples": {
        "bad":  "constructor TFoo.Create;\nbegin\n  FX := 0;\nend;",
        "good": "constructor TFoo.Create;\nbegin\n  inherited;\n  FX := 0;\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA097",
      "kind": "DestructorWithoutInherited",
      "name": "Destructor without inherited call",
      "shortDescription": "Destructor missing `inherited Destroy` - parent cleanup is skipped (leak risk)",
      "fullDescription": "A destructor without `inherited Destroy` (or `inherited;`) prevents the parent class from releasing its own fields, unregistering handlers, and updating reference counts. Almost always a leak. Matches SonarDelphi communitydelphi:DestructorWithoutInherited.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["inheritance", "memory-leak"],
      "detectorUnit": "uDestructorWithoutInherited.pas",
      "examples": {
        "bad":  "destructor TFoo.Destroy;\nbegin\n  FreeAndNil(FBar);\nend;",
        "good": "destructor TFoo.Destroy;\nbegin\n  FreeAndNil(FBar);\n  inherited;\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA098",
      "kind": "RedundantConditional",
      "name": "Redundant conditional assignment",
      "shortDescription": "`if Cond then X := True else X := False` should be `X := Cond`",
      "fullDescription": "Two branches assigning True/False to the same variable can be reduced to a single direct assignment (or `not Cond` if the polarity is reversed). Shorter, faster, and matches the boolean expression more directly. Matches SonarDelphi communitydelphi:RedundantConditional.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["simplification", "style"],
      "detectorUnit": "uRedundantConditional.pas",
      "examples": {
        "bad":  "if Active then Result := True else Result := False;",
        "good": "Result := Active;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA099",
      "kind": "IfElseBegin",
      "name": "Asymmetric begin/end in if/else",
      "shortDescription": "then-branch uses `begin..end` but else-branch is a single statement",
      "fullDescription": "When the then-branch uses `begin..end`, the else-branch should too (or both should drop it). The mixed form (`end else DoStuff;`) makes a future reader unsure whether more statements belong in the else-branch but were forgotten. `else if` (else-if chain) and `else begin` are explicitly allowed. Matches SonarDelphi communitydelphi:IfElseBegin.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "consistency"],
      "detectorUnit": "uIfElseBegin.pas",
      "examples": {
        "bad":  "if Active then\nbegin\n  DoA;\n  DoB;\nend\nelse\n  DoC;",
        "good": "if Active then\nbegin\n  DoA;\n  DoB;\nend\nelse\nbegin\n  DoC;\nend;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA100",
      "kind": "PointerName",
      "name": "Pointer type alias not prefixed with P",
      "shortDescription": "`Foo = ^Bar` should be `PBar = ^Bar` (P-prefix convention)",
      "fullDescription": "Delphi convention since day one: a pointer alias on `TXxx` is named `PXxx`. The `P` prefix makes the indirection visible at the call site. Matches SonarDelphi communitydelphi:PointerName. Naming framework will later make the prefix configurable.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uPointerName.pas",
      "examples": {
        "bad":  "type TIntPtr = ^Integer;",
        "good": "type PInteger = ^Integer;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA101",
      "kind": "BeginEndRequired",
      "name": "Branch without begin..end block",
      "shortDescription": "`then`/`else`/`do <stmt>` - prefer explicit `begin..end`",
      "fullDescription": "A single-statement branch without `begin..end` is easy to misread; adding a second statement later without re-blocking is a classic source of indentation-vs-semantics bugs. Style-debated rule (many Delphi codebases use the compact form deliberately) - lsHint, easy to disable in profiles. `else if` chain, `raise`/`exit`/`break`/`continue` and other block-opening statements are explicitly allowed. Matches SonarDelphi communitydelphi:BeginEndRequired.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "bug-risk"],
      "detectorUnit": "uBeginEndRequired.pas",
      "examples": {
        "bad":  "if Active then DoStuff;",
        "good": "if Active then\nbegin\n  DoStuff;\nend;"
      },
      "cleanCodeAttribute": "FORMATTED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA102",
      "kind": "NestedRoutine",
      "name": "Nested routine inside another method",
      "shortDescription": "Local nested procedure/function - extract to unit-level",
      "fullDescription": "Nested routines (a `procedure`/`function` declared inside the local-decl section of another routine) are syntactically allowed but discourage testing and reuse: the inner routine can't be unit-tested or reused from elsewhere. Modern Delphi prefers anonymous methods (lambdas) for the rare cases the nesting was actually needed. Anonymous methods are NOT flagged (they have no name in the AST). Matches SonarDelphi communitydelphi:NestedRoutines.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["modularity", "testing"],
      "detectorUnit": "uNestedRoutines.pas",
      "examples": {
        "bad":  "procedure Outer;\n  procedure Inner; begin DoX; end;\nbegin\n  Inner;\nend;",
        "good": "procedure Inner; begin DoX; end;\nprocedure Outer;\nbegin\n  Inner;\nend;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA103",
      "kind": "FieldName",
      "name": "Class field not prefixed with F",
      "shortDescription": "Class fields should follow `F<Name>` convention",
      "fullDescription": "Delphi convention: class instance fields are named `FFoo` so the reader instantly knows they refer to a class member (vs a local variable or parameter). The `F` prefix avoids naming clashes with public properties (`FFoo` field with `Foo` property is the canonical pair). Only `private` and `protected` field declarations are checked - public/published fields are caught by `PublicField` (SCA089) anyway. Matches SonarDelphi communitydelphi:FieldName.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uFieldName.pas",
      "examples": {
        "bad":  "type TFoo = class\n  private\n    Counter: Integer;\n  end;",
        "good": "type TFoo = class\n  private\n    FCounter: Integer;\n  end;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA104",
      "kind": "TypeName",
      "name": "Class/record type not prefixed with T",
      "shortDescription": "Class and record type aliases should start with `T`",
      "fullDescription": "Delphi convention: class types `TXxx`, records `TXxx` or `RXxx`, interfaces `IXxx`, pointers `PXxx` (SCA100), exceptions `EXxx`. This detector covers the class/record subset only. Forward declarations (`TFoo = class;`), `class of` references (`TFooClass = class of TFoo`) and generic syntax are handled. Matches SonarDelphi communitydelphi:TypeName.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uTypeName.pas",
      "examples": {
        "bad":  "type Counter = class\n  ...\n  end;",
        "good": "type TCounter = class\n  ...\n  end;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA105",
      "kind": "InterfaceName",
      "name": "Interface type not prefixed with I",
      "shortDescription": "Interface aliases should start with `I` (`IFoo = interface`)",
      "fullDescription": "Delphi convention: interfaces are `IXxx`, mirroring `TXxx` for classes and `PXxx` for pointers. The `I` prefix signals contract vs implementation at every callsite. Also covers `dispinterface`. Matches SonarDelphi communitydelphi:InterfaceName.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uInterfaceName.pas",
      "examples": {
        "bad":  "type Service = interface ['{...}'] end;",
        "good": "type IService = interface ['{...}'] end;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA106",
      "kind": "MethodName",
      "name": "Method not in PascalCase",
      "shortDescription": "Methods should start with an uppercase letter (PascalCase)",
      "fullDescription": "Delphi convention is PascalCase (UpperCamel) for routines and methods: `DoSomething`, not `doSomething` or `do_something`. Operator overloads and identifiers starting with `_` are exempted. Matches SonarDelphi communitydelphi:MethodName. AST-based: checks `nkMethod.Name` (qualified `TFoo.bar` splits on the dot).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uMethodName.pas",
      "examples": {
        "bad":  "procedure doStuff;",
        "good": "procedure DoStuff;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA107",
      "kind": "CanBeStrictPrivate",
      "name": "Public member could be strict private",
      "shortDescription": "Public member is referenced ONLY by methods of its declaring class - `strict private` reaches the strongest encapsulation",
      "fullDescription": "Single-file analysis: every visible caller of the `public` member is itself a method of the SAME class (no sibling class, no top-level procedure, no subclass in this unit). `strict private` (D2007+, class-scope, not unit-scope) is the tightest correct visibility. Same single-file caveat as CanBeUnitPrivate: cross-unit consumers are invisible and the compiler enforces correctness via E2361 if the change breaks something. Skips: published, virtual/abstract/override/dynamic, class constructors/destructors, RTTI-driven bases (TForm/TFrame/TDataModule/TComponent), pure-class-method utility classes. Suppress per-line with `// noinspection CanBeStrictPrivate` for intentional public surface.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["encapsulation", "visibility"],
      "detectorUnit": "uVisibilityCheck.pas",
      "examples": {
        "bad":  "type\n  TFoo = class\n  public\n    procedure Helper;       // only TFoo.Run calls it\n    procedure Run;\n  end;",
        "good": "type\n  TFoo = class\n  strict private\n    procedure Helper;\n  public\n    procedure Run;\n  end;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA108",
      "kind": "SynchronizeInDestructor",
      "name": "TThread.Synchronize from destructor",
      "shortDescription": "Synchronize() called from destructor Destroy - classic deadlock between worker and UI thread",
      "fullDescription": "TThread.Synchronize() in a destructor body is the canonical Delphi threading deadlock: the worker thread blocks on the UI thread, but the UI thread is typically already blocked in WaitFor or the implicit WaitFor inside .Free, leading to a permanent hang. Move Synchronize-based finalization to a Terminate / OnTerminate callback that runs before the worker reaches its destructor, or guarantee the destructor is never invoked from a context that holds the UI thread. AST-based: walks every nkMethod whose name ends in '.Destroy' (or whose TypeRef carries the 'destructor' marker) and flags nkCall to 'Synchronize' / '<obj>.Synchronize'.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["concurrency", "deadlock", "threading"],
      "cwe": ["CWE-833"],
      "detectorUnit": "uSynchronizeInDestructor.pas",
      "examples": {
        "bad":  "destructor TWorker.Destroy;\nbegin\n  Synchronize(procedure begin Form1.Log('done') end);  // deadlock\n  inherited;\nend;",
        "good": "// Move the notify outside the destructor:\n// trigger an OnTerminate handler that runs BEFORE TThread.Destroy waits.\nFOnDone := procedure begin Form1.Log('done') end;\nOnTerminate := FOnDone;\n// destructor stays Synchronize-free."
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA109",
      "kind": "LockWithoutTryFinally",
      "name": "Lock acquired without try/finally release",
      "shortDescription": "TCriticalSection / Monitor / WinAPI lock taken without enclosing try..finally - exception leaves the lock held",
      "fullDescription": "Acquiring a lock (TCriticalSection.Enter / .Acquire, TMonitor.Enter, TMultiReadExclusiveWriteSynchronizer.BeginWrite, WinAPI EnterCriticalSection) without immediately following with try..finally containing the matching Leave / Release / EndWrite is one of the most common Delphi threading bugs: any exception between the acquire and the release leaves the lock permanently held, deadlocking every subsequent caller. Lexical detection: matches the acquire patterns and checks whether the next statement after the `;` is `try`. Suppress with `// noinspection LockWithoutTryFinally` for intentionally-unprotected sequences (rare; usually means the next call is itself never going to throw).",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["concurrency", "lock", "exception-safety"],
      "cwe": ["CWE-667"],
      "detectorUnit": "uLockWithoutTryFinally.pas",
      "examples": {
        "bad":  "FLock.Enter;\nDoWork;     // exception here leaves FLock held forever\nFLock.Leave;",
        "good": "FLock.Enter;\ntry\n  DoWork;\nfinally\n  FLock.Leave;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA110",
      "kind": "StringConcatInLoop",
      "name": "String concatenation in loop",
      "shortDescription": "`s := s + x` inside for/while/repeat - quadratic reallocations",
      "fullDescription": "Each `s := s + x` inside a loop body allocates a NEW string of length(s)+length(x) and copies both pieces into it. Across N iterations that is O(N^2) byte copies and Heap pressure. Two idiomatic alternatives in Delphi: (1) build into a TStringBuilder and call ToString once at the end, (2) collect parts in a TStringList and read .Text once. Detector heuristic: lexical match on the LHS == first-RHS-operand pattern (case-insensitive) inside any for/while/repeat block. False positives possible if `s` is intentionally re-used as an accumulator across short loops with tiny payloads; suppress with `// noinspection StringConcatInLoop`.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["performance", "memory"],
      "detectorUnit": "uPerfHotspots.pas",
      "examples": {
        "bad":  "for i := 0 to High(Names) do\n  s := s + Names[i] + ', ';",
        "good": "var SB := TStringBuilder.Create;\ntry\n  for i := 0 to High(Names) do\n    SB.Append(Names[i]).Append(', ');\n  s := SB.ToString;\nfinally SB.Free; end;"
      },
      "cleanCodeAttribute": "EFFICIENT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA111",
      "kind": "ParamByNameInLoop",
      "name": "ParamByName(...) called in loop",
      "shortDescription": "`Query.ParamByName('x').AsXxx := ...` inside a loop - linear lookup per iteration",
      "fullDescription": "ParamByName walks the TParam collection by string-compare on each call (linear in number of params). Inside a Hot-Path / loop this turns one ParamByName per Query.Execute into N per Execute. Cache the TParam reference once outside the loop or use the integer-indexed Params[i] property if the parameter position is known.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["performance", "database"],
      "detectorUnit": "uPerfHotspots.pas",
      "examples": {
        "bad":  "for i := 0 to High(Ids) do begin\n  Q.ParamByName('id').AsInteger := Ids[i];\n  Q.ExecSQL;\nend;",
        "good": "var P := Q.ParamByName('id');\nfor i := 0 to High(Ids) do begin\n  P.AsInteger := Ids[i];\n  Q.ExecSQL;\nend;"
      },
      "cleanCodeAttribute": "EFFICIENT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA112",
      "kind": "FieldByNameInLoop",
      "name": "FieldByName(...) called in loop",
      "shortDescription": "`DataSet.FieldByName('x').AsXxx` inside a loop - linear lookup per row",
      "fullDescription": "FieldByName walks the TFields collection by string-compare for every call. In a DataSet-iteration loop that turns one lookup per Field into N lookups per .Next, sometimes per-row times N-fields = O(N*M). Cache the TField reference once before the loop and read/write it directly. Same fix-path as SCA111 (ParamByName) - just a different collection.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["performance", "database"],
      "detectorUnit": "uPerfHotspots.pas",
      "examples": {
        "bad":  "while not Q.Eof do begin\n  Total := Total + Q.FieldByName('Amount').AsCurrency;\n  Q.Next;\nend;",
        "good": "var Amt := Q.FieldByName('Amount');\nwhile not Q.Eof do begin\n  Total := Total + Amt.AsCurrency;\n  Q.Next;\nend;"
      },
      "cleanCodeAttribute": "EFFICIENT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA113",
      "kind": "ThreadResumeDeprecated",
      "name": "TThread.Resume is deprecated",
      "shortDescription": "`MyThread.Resume` - use `MyThread.Start` (since Delphi 2010)",
      "fullDescription": "TThread.Resume has been deprecated since Delphi 2010 in favor of TThread.Start (suspends-on-create + resume-on-start became one explicit Start call). The compiler emits a deprecation warning, but it is easily missed in larger code-bases. Two fixes: (a) call .Start instead of .Resume, (b) construct with CreateSuspended := False and skip the Resume/Start step entirely. Detector matches any `<ident>.Resume` - if the identifier is NOT a TThread descendant (e.g. a TForm), suppress per line with `// noinspection ThreadResumeDeprecated`.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["concurrency", "deprecated"],
      "detectorUnit": "uConcurrencyExt.pas",
      "examples": {
        "bad":  "MyThread := TWorker.Create(True);\nMyThread.Resume;",
        "good": "MyThread := TWorker.Create(True);\nMyThread.Start;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA114",
      "kind": "TThreadDestroyWithoutTerminate",
      "name": "TThread destroyed without Terminate+WaitFor",
      "shortDescription": "`FreeAndNil(MyThread)` without prior `Terminate; WaitFor` - worker may still run",
      "fullDescription": "Destroying a TThread instance whose Execute is still running causes the destructor to wait via TThread.Free's implicit WaitFor - but if Execute does not honor the Terminated flag, the destructor blocks forever (UI hang), and during that wait the application can hit AVs as half-destroyed state is observed. The safe pattern is `MyThread.Terminate; MyThread.WaitFor; FreeAndNil(MyThread);` (or use FreeOnTerminate=True and never Free manually). Heuristic: matches FreeAndNil(<id>) without `<id>.Terminate` and `<id>.WaitFor` in the preceding ~10 lines. Suppress with `// noinspection TThreadDestroyWithoutTerminate` for non-thread classes.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["concurrency", "lifecycle"],
      "cwe": ["CWE-364"],
      "detectorUnit": "uConcurrencyExt.pas",
      "examples": {
        "bad":  "// inside an OnClick:\nFreeAndNil(FWorker);  // FWorker.Execute still running?",
        "good": "FWorker.Terminate;\nFWorker.WaitFor;\nFreeAndNil(FWorker);"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA115",
      "kind": "HttpInsteadOfHttps",
      "name": "Plaintext HTTP URL",
      "shortDescription": "`'http://...'` literal for a remote endpoint - MITM-vulnerable",
      "fullDescription": "A string literal starting with `http://` for any non-localhost endpoint transmits its payload unencrypted. Credentials, session tokens, and PII travel in plaintext and can be sniffed or modified by any active network actor. The fix is virtually free: change the scheme to `https://` (almost every modern service supports both). Detector skips localhost / 127.x.x.x / [::1] / 0.0.0.0 / host.docker.internal (dev workflows are legitimate) and XML-namespace URIs (`xmlns=`, `schemas`, `w3.org`, ...) which are identities, not network targets.",
      "defaultSeverity": "Warning",
      "type": "Security Hotspot",
      "tags": ["security", "tls", "network"],
      "cwe": ["CWE-319"],
      "owasp": ["A02:2021-Cryptographic Failures"],
      "detectorUnit": "uRestHttpSecurity.pas",
      "examples": {
        "bad":  "Url := 'http://api.example.com/v1/users';",
        "good": "Url := 'https://api.example.com/v1/users';"
      },
      "cleanCodeAttribute": "TRUSTWORTHY",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA116",
      "kind": "DisabledTlsVerification",
      "name": "TLS verification disabled",
      "shortDescription": "Empty `SecureProtocols`, `IgnoreCertificateErrors := True`, or `OnVerifyPeer := nil`",
      "fullDescription": "Three Delphi patterns silently turn off TLS validation: (a) `SecureProtocols := []` removes every protocol, allowing fallback to plaintext or weakest-available, (b) `IgnoreCertificateErrors := True` accepts any certificate including expired and self-signed, (c) `OnVerifyPeer := nil` short-circuits the verification callback. All three are MITM-attractive. Replace with explicit modern-only protocols (`[TLSv1_2, TLSv1_3]`), a real trust store, or a fingerprint-pinning OnVerifyPeer handler. Detector matches the three property-assignment patterns lexically.",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["security", "tls", "network"],
      "cwe": ["CWE-295"],
      "owasp": ["A07:2021-Identification and Authentication Failures"],
      "detectorUnit": "uRestHttpSecurity.pas",
      "examples": {
        "bad":  "Client.SecureProtocols := [];\nClient.IgnoreCertificateErrors := True;",
        "good": "Client.SecureProtocols := [TLSv1_2, TLSv1_3];\nClient.OnVerifyPeer := VerifyPinnedFingerprint;"
      },
      "cleanCodeAttribute": "TRUSTWORTHY",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA117",
      "kind": "PublicMemberWithoutDoc",
      "name": "Public member missing doc comment",
      "shortDescription": "Public method or property in `interface` section with no doc comment directly above",
      "fullDescription": "A public member in a unit's `interface` section is part of the documented API surface that other units consume. Missing doc-comments make the unit harder to use without reading the implementation. The detector accepts any of: `///` XMLDoc, a `{ ... }` block, a `(* ... *)` block, or one-or-more `//` single-line comments directly above the declaration. Skips: constructors `Create` / destructors `Destroy` (self-explanatory by convention), members starting with `_` (private-marker in public sections), `published` members (DFM/RTTI-driven, doc would be noise). Suppression: `// noinspection PublicMemberWithoutDoc` per declaration.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["documentation", "api-design"],
      "detectorUnit": "uPublicMemberWithoutDoc.pas",
      "examples": {
        "bad":  "type\n  TFoo = class\n  public\n    procedure Run;\n  end;",
        "good": "type\n  TFoo = class\n  public\n    /// <summary>Starts the worker.</summary>\n    procedure Run;\n  end;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA118",
      "kind": "ExceptionName",
      "name": "Exception class without `E` prefix",
      "shortDescription": "`class(Exception)`-Descendant should follow Delphi-RTL `E<Name>` convention",
      "fullDescription": "Delphi-RTL convention is unambiguous: exception classes start with `E` (EAbort, EConvertError, EAccessViolation). User-defined exception classes that omit the prefix break the convention and obscure the class kind at the call site (`raise MyError.Create(...)` vs `raise EMyError.Create(...)`). Detector matches any class whose TypeRef inherits from a known Exception class (Exception, EAbort, EAccessViolation, EExternal) and whose name does not start with `E<UpperCase>`.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uNamingExt.pas",
      "examples": {
        "bad":  "type\n  MyError = class(Exception);",
        "good": "type\n  EMyError = class(Exception);"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA119",
      "kind": "LocalConstantName",
      "name": "Local constant not in UPPER_SNAKE_CASE",
      "shortDescription": "`const X = 42;` inside a method - prefer UPPER_SNAKE_CASE for numeric constants",
      "fullDescription": "Local numeric/integer constants inside a method body benefit from UPPER_SNAKE_CASE (`MAX_RETRIES`, `BUFFER_SIZE`, `DEFAULT_TIMEOUT`) - the reader sees instantly that the identifier is a constant, not a variable, and the convention matches the C / Java / Python convention so cross-language readers do not stumble. Detector skips: very-short names (<=2 chars, typically loop counters or temporaries), string/char-typed constants (often UI labels where PascalCase is fine). Suppress with `// noinspection LocalConstantName` for legitimate PascalCase locals.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["naming", "convention"],
      "detectorUnit": "uNamingExt.pas",
      "examples": {
        "bad":  "procedure Foo;\nconst\n  MaxRetries = 3;\nbegin ... end;",
        "good": "procedure Foo;\nconst\n  MAX_RETRIES = 3;\nbegin ... end;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA120",
      "kind": "MissingRaise",
      "name": "Exception constructed but never raised",
      "shortDescription": "`EFoo.Create('msg');` allocates an exception object without `raise` - the error path is silently skipped",
      "fullDescription": "Pattern `EConvertError.Create('bad input');` without a preceding `raise` constructs an exception instance, fails to throw it, and the calling code continues as if nothing happened. The allocated object leaks (classic TObject) or gets immediately collected (ARC), and the intended error branch is gone. Almost always a copy-paste regression from `raise EConvertError.Create(...)` where the `raise` keyword was deleted. Detector heuristic: any `nkCall` named `<Ident>.Create(...)` where `<Ident>` is `Exception` or matches the Delphi `E`-prefix convention (`E` + uppercase letter, e.g. `EConvertError`, `EMyDomainError`). `raise X.Create(...)` is consumed as a string by the raise-statement parser and never produces a `nkCall`, so genuinely raised exceptions are not false-positives. Maps to Sonar-Delphi `MissingRaiseCheck`.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["exception", "error-handling", "sonardelphi"],
      "detectorUnit": "uMissingRaise.pas",
      "examples": {
        "bad":  "procedure Validate(x: Integer);\nbegin\n  if x < 0 then\n    EArgumentOutOfRangeException.Create('x negative');  // never raised!\nend;",
        "good": "procedure Validate(x: Integer);\nbegin\n  if x < 0 then\n    raise EArgumentOutOfRangeException.Create('x negative');\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA121",
      "kind": "RoutineResultUnassigned",
      "name": "Function never assigns Result",
      "shortDescription": "Function body finishes without writing `Result` (or `<FunctionName> := ...`) - return value is undefined",
      "fullDescription": "A function that reaches its `end;` without any `Result := ...` or Pascal-style `<FunctionName> := ...` returns whatever register/stack garbage happens to occupy the result slot. In Release builds the caller therefore receives the value of the last same-sized call - a classic Heisenbug that flips with optimisation level. Detector is intentionally conservative: it skips functions that contain any `Exit` (could be `Exit(value)` - the AST loses the argument) or `raise` (function may always throw). Procedures, abstract/forward/external declarations, and DispatchID-only declarations are also skipped. Partial coverage (Result set in one branch only) is currently a false-negative pending CFG analysis. Maps to Sonar-Delphi `RoutineResultAssignedCheck`.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["function", "uninitialized", "sonardelphi"],
      "detectorUnit": "uRoutineResultAssigned.pas",
      "examples": {
        "bad":  "function GetCount(L: TList): Integer;\nbegin\n  if L = nil then\n    LogMessage('nil list');\n  // Result never set -> garbage\nend;",
        "good": "function GetCount(L: TList): Integer;\nbegin\n  Result := 0;\n  if L <> nil then\n    Result := L.Count;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA122",
      "kind": "ReRaiseException",
      "name": "Re-raise of bound exception variable",
      "shortDescription": "`on E: T do ... raise E;` discards the original stack trace - use bare `raise;` to keep it",
      "fullDescription": "`raise E` inside an `on E: SomeException do ...` handler starts a fresh exception propagation rooted at the re-raise site. The original stack trace - the path from where the exception was first raised down through every called routine until it reached this `except` block - is gone. Crash reports and debugger views then point at the handler, not at the actual fault location, which makes triage dramatically harder. The intent of the developer was almost certainly `raise;` (no argument), which continues propagating the *current* exception object with its existing trace intact. Detector walks each `nkOnHandler` with a non-empty bound variable name and flags every `nkRaise` inside that subtree whose argument is exactly that variable (case-insensitive). `raise;` (no argument) is correct and not flagged; `raise EWrapper.Create(...)` is also accepted (deliberate wrap). Maps to Sonar-Delphi `ReRaiseExceptionCheck`.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["exception", "error-handling", "stack-trace", "sonardelphi"],
      "detectorUnit": "uReRaiseException.pas",
      "examples": {
        "bad":  "try\n  RiskyCall;\nexcept\n  on E: EDivByZero do\n  begin\n    Log(E.Message);\n    raise E;          // loses original trace\n  end;\nend;",
        "good": "try\n  RiskyCall;\nexcept\n  on E: EDivByZero do\n  begin\n    Log(E.Message);\n    raise;            // preserves trace\n  end;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA123",
      "kind": "CastAndFree",
      "name": "Type-cast immediately before Free / Destroy",
      "shortDescription": "`TFoo(x).Free` - the type-cast has no effect on which Destroy runs (Destroy is virtual)",
      "fullDescription": "Writing `TStringList(L).Free` or `TObject(L).Destroy` is a confusion smell. `TObject.Free` is a non-virtual wrapper around the *virtual* `Destroy`, so virtual dispatch happens through the runtime type of `L`, not through the static cast type. Whether you write `L.Free` or `T(L).Free`, the same destructor chain runs. The cast therefore either is redundant (cast to the variable's own type) or is misleading (cast to an unrelated class that suggests Destroy will pick a different override - it will not). If the cast target is wrong, the rest of the surrounding code may rely on that wrong assumption and break under refactoring. Detector pattern-matches `nkCall.Name` against `<Ident>(<expr>).Free[()][;]` and `<Ident>(<expr>).Destroy[()][;]` where `<Ident>` follows the Delphi class/interface naming convention (`T` or `I` plus uppercase letter). Plain `L.Free` and qualified `Owner.Bar(x).Free` (likely a function-result Free) are not flagged. Maps to Sonar-Delphi `CastAndFreeCheck`.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["memory", "destructor", "cast", "sonardelphi"],
      "detectorUnit": "uCastAndFree.pas",
      "examples": {
        "bad":  "procedure Cleanup(L: TObject);\nbegin\n  TStringList(L).Free;     // cast has no effect on dispatch\nend;",
        "good": "procedure Cleanup(L: TObject);\nbegin\n  L.Free;                  // virtual Destroy resolves at runtime\nend;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA124",
      "kind": "InstanceInvokedConstructor",
      "name": "Constructor invoked on instance instead of class",
      "shortDescription": "`obj.Create` - invokes constructor as method on an existing instance, skips allocation and re-runs field initialisation over live data",
      "fullDescription": "Delphi allows a constructor to be invoked on an instance, e.g. `obj.Create;`, but the result is almost never what was intended. When called as a class-method (`TFoo.Create`), the runtime first allocates a fresh memory block via `TObject.NewInstance`, sets up the VMT pointer, and then runs the constructor body. When called on an existing instance, the allocation path is skipped entirely - only the constructor body runs, which re-initialises fields (`FList := TList.Create;` overwrites the previous `FList` without freeing it, managed-type refs get stomped, default values clobber whatever the caller had set). The result is at best a logic bug, at worst memory corruption. Detector heuristic (no type-resolver available): match `nkCall.Name` against `<Ident>.Create[(<args>)][;]` where `<Ident>` starts with a lowercase letter (clearly a variable by Delphi convention, since types use the `T<Upper>` / `I<Upper>` prefix). Skips `Self`, `Result`, `Inherited`, multi-dot paths (`A.B.Create` - ambiguous), cast forms (`T(x).Create`) and class names. Accepts a small known false-positive risk for `TClass`-typed lowercase variables (rare in practice). Maps to Sonar-Delphi `InstanceInvokedConstructorCheck`.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["constructor", "memory", "lifecycle", "sonardelphi"],
      "detectorUnit": "uInstanceInvokedConstructor.pas",
      "examples": {
        "bad":  "procedure Reset;\nvar list: TStringList;\nbegin\n  list := TStringList.Create;\n  ...\n  list.Create;            // no allocation, re-initialises the existing object\nend;",
        "good": "procedure Reset;\nvar list: TStringList;\nbegin\n  list := TStringList.Create;\n  ...\n  list.Clear;             // or FreeAndNil + new TStringList.Create\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA125",
      "kind": "InheritedMethodEmpty",
      "name": "Override whose entire body is `inherited;`",
      "shortDescription": "An override that only forwards to the parent serves no purpose - remove it",
      "fullDescription": "A method declared with `override` whose body contains only `inherited;` (or `inherited <SameName>;`) adds nothing on top of the parent class's behaviour. The compiler's normal virtual dispatch already calls the parent implementation if the subclass does not override - the empty override is therefore pure noise that wastes a VMT slot, slows down code reviews ('does this override do something?' - reader has to read the body to confirm 'no'), and creates dead code that needs to be revisited every time the parent method's signature changes. Detector walks every `nkMethod` whose `TypeRef` contains `;override`, skips bodyless variants (abstract / forward / external / dispid), and flags the method when its body contains exactly one non-parameter child that is `nkInherited` with either no argument expression at all (`inherited;`) or with the same identifier as the method itself (`inherited <SameName>;`). Calls to a *different* parent method (`inherited Other;` - intentional hijack) are deliberately not flagged. Maps to Sonar-Delphi `InheritedMethodWithNoCodeCheck`.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["inheritance", "dead-code", "sonardelphi"],
      "detectorUnit": "uInheritedMethodEmpty.pas",
      "examples": {
        "bad":  "procedure TFooSubclass.AfterConstruction; override;\nbegin\n  inherited;     // adds nothing - drop this whole override\nend;",
        "good": "// Remove the override entirely. The parent's AfterConstruction will\n// be invoked by the normal virtual dispatch."
      },
      "cleanCodeAttribute": "DISTINCT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA126",
      "kind": "NilComparison",
      "name": "Use Assigned() instead of `= nil` / `<> nil`",
      "shortDescription": "Pascal convention: `Assigned(x)` and `not Assigned(x)` are the canonical nil-checks",
      "fullDescription": "Direct comparison against `nil` works for object references but breaks down for method-pointer types and Variants, where the standard library prefers `Assigned`. Sticking to a single form across the code base avoids edge-case bugs and improves readability - the reader does not need to verify which form the variable's type supports. Detector scans every AST node's `Name` and `TypeRef` (the latter holds the textual form of `if`/`while`/`until` conditions and assignment right-hand sides) for the pattern `<op> nil` where `<op>` is `=` or `<>`. String literals (`'nil'`) are stripped before the match, and `:= nil` (assignment), `<= nil` / `>= nil` (rare nonsensical compares) are explicitly excluded. Maps to Sonar-Delphi `NilComparisonCheck`.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["convention", "nil", "sonardelphi"],
      "detectorUnit": "uNilComparison.pas",
      "examples": {
        "bad":  "if Obj = nil then\n  Exit;\nif Obj <> nil then\n  Obj.DoStuff;",
        "good": "if not Assigned(Obj) then\n  Exit;\nif Assigned(Obj) then\n  Obj.DoStuff;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA127",
      "kind": "RaisingRawException",
      "name": "Raise the bare `Exception` base class instead of a specific subclass",
      "shortDescription": "`raise Exception.Create('...')` - the base class carries no semantic information, callers cannot filter selectively",
      "fullDescription": "Raising the RTL base class `Exception` is the equivalent of throwing `new Error('something')` in JavaScript: it tells the caller *that* something went wrong, but not *what*. Calling code is then forced to catch the broadest possible class (`on E: Exception do ...`), which also catches every unrelated runtime error and tends to swallow bugs. Prefer a specific subclass (e.g. `EArgumentOutOfRangeException`, `EFileNotFoundException`, a domain-specific `EMyDomainError`). Detector walks every `nkRaise` node and flags it when the raised expression starts with `Exception.Create` (case-insensitive) or is exactly `Exception` (no Create call). Bare `raise;` (re-raise) and `raise E;` (variable) are not flagged. Maps to Sonar-Delphi `RaisingRawExceptionCheck`.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["exception", "error-handling", "sonardelphi"],
      "detectorUnit": "uRaisingRawException.pas",
      "examples": {
        "bad":  "if x < 0 then\n  raise Exception.Create('x is negative');",
        "good": "if x < 0 then\n  raise EArgumentOutOfRangeException.CreateFmt('x = %d', [x]);"
      },
      "cleanCodeAttribute": "DISTINCT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA128",
      "kind": "DateFormatSettings",
      "name": "Locale-dependent format call without explicit TFormatSettings",
      "shortDescription": "`StrToDate(s)`, `FormatFloat(...)` etc. without TFormatSettings depend on the system locale - breaks across machines / users",
      "fullDescription": "Pascal's locale-aware conversion functions (`StrToDate`, `StrToTime`, `StrToDateTime`, `DateToStr`, `TimeToStr`, `DateTimeToStr`, `StrToFloat`, `StrToCurr`, `FloatToStr`, `CurrToStr`, `FormatDateTime`, `FormatFloat`, `FormatCurr`) default to the global `SysUtils.FormatSettings` record, which is initialised from the operating-system regional settings. The same code therefore behaves differently on a developer's DE-locale machine (`DateSeparator` = '.', `DecimalSeparator` = ',') than on a production server with EN-locale ('/' and '.'). Data exchanged via files, APIs, databases or CSV must always go through an explicit `TFormatSettings` (typically `FormatSettings := TFormatSettings.Invariant` for machine-readable output, or a user-locale snapshot for UI). Detector walks every `nkCall` whose function name matches a known locale-dependent RTL routine and flags the call when its name does not mention `FormatSettings` (case-insensitive substring). `StrToInt` / `IntToStr` and the boolean variants are explicitly **not** locale-dependent and not flagged. Maps to Sonar-Delphi `DateFormatSettingsCheck`.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["locale", "i18n", "sonardelphi"],
      "detectorUnit": "uDateFormatSettings.pas",
      "examples": {
        "bad":  "var d := StrToDate(UserInput);     // breaks under EN locale\nWriteLn(DateToStr(Now));",
        "good": "var FS := TFormatSettings.Invariant;\nvar d := StrToDate(UserInput, FS);\nWriteLn(DateToStr(Now, FS));"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA129",
      "kind": "UnicodeToAnsiCast",
      "name": "Cast from string to 8-bit string type without explicit encoding",
      "shortDescription": "`AnsiString(s)` / `UTF8String(s)` / `RawByteString(s)` silently drops characters outside the active code page",
      "fullDescription": "Casting a `UnicodeString` (or any string typed expression - Delphi `string` is `UnicodeString` since XE) to one of the 8-bit string families (`AnsiString`, `UTF8String`, `RawByteString`, `ShortString`) goes through the implicit `DefaultSystemCodePage` conversion. Every codepoint outside the active code page is silently replaced with `?`. Emoji, non-Latin scripts, and even some Western accented letters disappear, but the assignment compiles cleanly and runs without exception - so the bug surfaces only when the data round-trips back through a Unicode aware consumer (a different DB, an HTTP API, an Excel export). Use a deliberate encoding helper (`UTF8Encode`, `TEncoding.UTF8.GetBytes`, `WideStringToUTF8` ...) instead. Detector walks `nkCall` nodes whose name starts (case-insensitive) with `AnsiString(`, `UTF8String(`, `RawByteString(` or `ShortString(`. Empty string-literal arguments (`AnsiString('')`) are not flagged. Casts to `string` (= `UnicodeString` in modern Delphi) are also not flagged. Accepts the false-positive that the input might already be the same 8-bit type (redundant cast, still suspicious as a smell). Maps to Sonar-Delphi `UnicodeToAnsiCastCheck`.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["encoding", "unicode", "data-loss", "sonardelphi"],
      "detectorUnit": "uUnicodeToAnsiCast.pas",
      "examples": {
        "bad":  "var u: UnicodeString;\nu := 'Smiley: ' + #$1F600;\nlogStream.WriteString(AnsiString(u));   // smiley becomes '?'",
        "good": "var u: UnicodeString;\nu := 'Smiley: ' + #$1F600;\nlogStream.WriteString(UTF8Encode(u));   // explicit, full Unicode"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA130",
      "kind": "CharToCharPointerCast",
      "name": "Cast of Char value to PChar reinterprets codepoint as pointer",
      "shortDescription": "`PChar('A')` is not `PChar(\"A\")` - the cast treats the 16-bit codepoint as a raw memory address",
      "fullDescription": "Delphi happily compiles `PChar(c)` where `c` is of type `Char`, `WideChar` or `AnsiChar`. The result is **not** a null-terminated 1-character string - the cast simply reinterprets the 16-bit/8-bit codepoint as a pointer. So `PChar('A')` returns the pointer value `$00000041`, which points into low-process memory; any dereference is undefined behaviour and typically explodes as an access violation, but on some platforms reads stale data instead. The intended pattern is almost always `PChar(stringExpr)`, which returns a pointer into the actual string buffer. Detector walks `nkCall` nodes whose name begins with `PChar(`, `PWideChar(` or `PAnsiChar(` and flags the call when the argument is recognisably a Char value: a single-character quoted literal (`'A'`), a character-ordinal literal (`#65`, `#$41`), or a `Chr(...)` call. Identifier arguments are not flagged because the detector has no type-resolver to determine whether the variable is a `Char` or a `string`. Maps to Sonar-Delphi `CharacterToCharacterPointerCastCheck`.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["pointer", "char", "undefined-behavior", "sonardelphi"],
      "detectorUnit": "uCharToCharPointerCast.pas",
      "examples": {
        "bad":  "var p: PChar;\np := PChar('A');           // p = $00000041 (not a string)\nShowMessage(p);              // access violation",
        "good": "var p: PChar;\np := PChar(string('A'));    // explicit string wrap\nShowMessage(p);"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA131",
      "kind": "IfThenShortCircuit",
      "name": "IfThen() evaluates both branches - no short-circuit",
      "shortDescription": "`Math.IfThen(cond, A(), B())` / `StrUtils.IfThen` are normal functions - both arms run before the function is called",
      "fullDescription": "Both `Math.IfThen` (Integer/Double overload) and `StrUtils.IfThen` (string overload) are regular functions, not language constructs. Pascal evaluates every argument *before* the call, so the function only sees the final result values - it cannot 'skip' the not-selected branch. Whenever the arms contain function or method calls with side effects (DB read, file IO, state mutation) or with non-trivial performance cost, both run unconditionally. The whole point of writing `IfThen(cond, A, B)` instead of `if cond then x := A else x := B` was usually the assumption of short-circuit semantics - which doesn't exist here. Detector walks `nkCall` nodes whose name matches `IfThen(`, `Math.IfThen(`, or `StrUtils.IfThen(` (case-insensitive). After extracting the outer argument list, it strips string literals (so `'a(b)'` doesn't trip the heuristic) and looks for nested `(` - any nested call is a strong signal of a side-effecting branch. Calls with only literals or simple variables as arms are not flagged. Maps to Sonar-Delphi `IfThenShortCircuitCheck`.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["control-flow", "side-effects", "performance", "sonardelphi"],
      "detectorUnit": "uIfThenShortCircuit.pas",
      "examples": {
        "bad":  "x := Math.IfThen(IsCacheHit, FetchFromCache, FetchFromDb);\n//                            both calls run every time",
        "good": "if IsCacheHit then\n  x := FetchFromCache\nelse\n  x := FetchFromDb;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA132",
      "kind": "ExceptionTooGeneral",
      "name": "except on E: Exception catches every error",
      "shortDescription": "`on E: Exception do ...` catches the base class and therefore every descendant, including system exceptions that should not be silenced (EOutOfMemory, EAccessViolation, EAbort)",
      "fullDescription": "Catching `Exception` itself - the root of Delphi's exception hierarchy - silently swallows error categories the calling code is not prepared to handle: out-of-memory conditions, access violations, the `EAbort`-style flow-control exception, and anything else not derived from a domain-specific base class. Prefer a precise `on E: ESpecific do` clause, or several stacked clauses for the cases you can recover from. If you really need a fallback that re-raises after logging, use `except Log(''...''); raise; end;` - the bare `raise;` keeps the original type and stack. The detector walks `nkOnHandler` nodes and reports those whose `TypeRef` equals `Exception` (case-insensitive). Maps to Sonar-50 rule #11 (`ExceptionTooGeneral`).",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["exception-handling", "error-handling", "sonar50"],
      "detectorUnit": "uExceptionTooGeneral.pas",
      "examples": {
        "bad":  "try\n  ParseConfig(s);\nexcept\n  on E: Exception do        // swallows EOutOfMemory / EAbort / ...\n    Log(E.Message);\nend;",
        "good": "try\n  ParseConfig(s);\nexcept\n  on E: EConvertError do\n    Log(E.Message);\n  on E: EFileNotFoundException do\n    Log(E.Message);\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA133",
      "kind": "RaiseOutsideExcept",
      "name": "Bare raise outside an except/on handler",
      "shortDescription": "`raise;` without an exception expression only works *inside* an except handler (re-raise) - outside it raises NIL and produces an Access Violation",
      "fullDescription": "A bare `raise;` re-raises the exception currently being handled. Outside of `except` / `on E: T do` there *is* no current exception, so the RTL receives a NIL exception pointer and an Access Violation is raised inside `System._Raise` - far away from the actual mistake. The detector recursively walks the method AST while tracking an `InHandler` flag. The flag is set when the walker descends into `nkExceptBlock` or `nkOnHandler`. An `nkRaise` node with `Name = 'raise'` (bare form) that is encountered while the flag is False produces a finding. Bare `raise;` inside `finally` blocks that are themselves outside an except handler is correctly flagged. Maps to Sonar-50 rule #15 (`RaiseWithoutClass`).",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["exception-handling", "crash", "sonar50"],
      "detectorUnit": "uRaiseOutsideExcept.pas",
      "examples": {
        "bad":  "procedure Foo(x: Integer);\nbegin\n  if x < 0 then\n    raise;             // <- no current exception -> AV inside System._Raise\nend;",
        "good": "procedure Foo(x: Integer);\nbegin\n  if x < 0 then\n    raise EArgumentException.CreateFmt('x = %d (must be >= 0)', [x]);\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA134",
      "kind": "UseAfterFree",
      "name": "Variable used after Free / FreeAndNil",
      "shortDescription": "Dereferencing a variable after `Free` or `FreeAndNil` reads a dangling pointer and produces an Access Violation",
      "fullDescription": "After `obj.Free` or `FreeAndNil(obj)` the variable points to freed memory (or NIL). Any subsequent member access, indexer, or call passing the variable as receiver is undefined behavior - typically an Access Violation, sometimes silent corruption if the memory was reused. The detector strips strings + comments from the file, finds each `FreeAndNil(<id>)` and `<id>.Free` occurrence, then forward-scans the remaining method body for the same identifier. A subsequent `<id>.<member>`, `<id>(<args>)`, or `<id>[<idx>]` produces a finding. Reassignments `<id> := ...` or var-section starts `<id> :` end the scan window. Bare appearances without an accessor are intentionally not flagged to avoid FP on comparisons like `if x = oldL then`. Maps to Sonar-50 rule #7. Limitation: no control-flow analysis; `if Cond then Free else Use` may FP since the use is on a different path.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["memory", "lifecycle", "crash", "sonar50"],
      "detectorUnit": "uUseAfterFree.pas",
      "examples": {
        "bad":  "L := TStringList.Create;\nL.Free;\nL.Add('x');           // <- dangling pointer",
        "good": "L := TStringList.Create;\ntry\n  L.Add('x');\nfinally\n  FreeAndNil(L);     // any subsequent L.Method crashes loudly\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA135",
      "kind": "AbstractNotImpl",
      "name": "Concrete subclass inherits an abstract method without override",
      "shortDescription": "Class derives from a base with an `abstract` method but does not override it - calling the method on the subclass instance raises EAbstractError at runtime",
      "fullDescription": "When a class inherits an `abstract` method from its parent and does not override it, instantiating the class compiles fine but any call to the method raises `EAbstractError`. The detector walks `nkClass` nodes; for each derived class it looks up the direct parent in the same unit, collects the parent's `abstract`-flagged methods, and reports each abstract method whose name does not appear among the derived class's method names. Limitations: within-unit only (cross-unit bases like `TForm`/`TStrings` are not seen); only direct parent (multi-level chains check just one step); class helpers / interfaces / records are skipped. Classes themselves marked `class abstract` are allowed to leave methods abstract. Maps to Sonar-50 rule #10.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["oop", "inheritance", "sonar50"],
      "detectorUnit": "uAbstractNotImpl.pas",
      "examples": {
        "bad":  "type\n  TBase = class\n    procedure DoWork; virtual; abstract;\n  end;\n  TDerived = class(TBase)\n    // DoWork not overridden -> EAbstractError on call\n  end;",
        "good": "type\n  TDerived = class(TBase)\n    procedure DoWork; override;\n  end;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA136",
      "kind": "LeakInConstructor",
      "name": "Constructor allocates fields and raises without try/except",
      "shortDescription": "Constructor assigns fields with `<Class>.Create` and raises later - partially initialised fields leak on the exception path",
      "fullDescription": "When a constructor allocates instance fields and then raises (or calls something that may raise), the already-allocated fields are not freed. The RTL invokes `Destroy` on the half-constructed instance only if `inherited Create` has already returned, and even then only fields the destructor explicitly frees are released. The detector walks `nkMethod` nodes whose `TypeRef` starts with `constructor` (skipping class constructors via the `;class` marker), then requires (a) at least one `nkAssign` whose LHS is `F<Name>` / `Self.F<Name>` and whose RHS contains a `.Create` call, (b) at least one `nkRaise` anywhere in the body, and (c) no `nkTryExcept` anywhere in the body. The combination strongly suggests a leak on the exception path. Limitations: no flow analysis (raise BEFORE any field-init still flags); a partial try/except is treated as fully protective. Maps to Sonar-50 rule #12.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["memory", "constructor", "exception-handling", "sonar50"],
      "detectorUnit": "uLeakInConstructor.pas",
      "examples": {
        "bad":  "constructor TFoo.Create;\nbegin\n  FList := TStringList.Create;\n  FOther := TOther.Create;\n  if not Valid then\n    raise EInvalidOp.Create('bad');     // <- FList + FOther leak\nend;",
        "good": "constructor TFoo.Create;\nbegin\n  FList := TStringList.Create;\n  try\n    FOther := TOther.Create;\n    if not Valid then\n      raise EInvalidOp.Create('bad');\n  except\n    FreeAndNil(FOther);\n    FreeAndNil(FList);\n    raise;\n  end;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA137",
      "kind": "IntegerOverflow",
      "name": "Int64 target receives product of two 32-bit operands",
      "shortDescription": "`<Int64-var> := <a> * <b>` evaluates the multiplication in 32-bit before widening - overflow truncates silently",
      "fullDescription": "Delphi evaluates a binary expression in the type of its operands, not the type of the assignment target. When two `Integer` (32-bit) operands are multiplied and the result is assigned to an `Int64`, the multiplication runs in 32-bit; if the true product exceeds `MaxInt`, the value is silently truncated before being widened. The fix is to cast at least one operand to `Int64`. The detector strips strings + comments, scans the cleaned text for `<ident>: Int64|UInt64|QWord` declarations to build a set of 64-bit variables, then scans for assignments `<lhs> := <a> * <b>;` where the LHS is a 64-bit variable but both RHS operands are simple identifiers (no cast, no parenthesised expression) that are not themselves 64-bit. Numeric literals on either side suppress the finding (the compiler can often constant-fold safely). Limitations: no type inference for non-local operands (parameters, fields); only `*` is checked, not `+`/`-`; complex expressions like `(a + b) * c` are not matched. Maps to Sonar-50 rule #14.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["arithmetic", "integer-overflow", "sonar50"],
      "detectorUnit": "uIntegerOverflow.pas",
      "examples": {
        "bad":  "var\n  BytesTotal: Int64;\n  SectorCount, SectorSize: Integer;\nbegin\n  BytesTotal := SectorCount * SectorSize;   // <- 32-bit overflow, then widen",
        "good": "BytesTotal := Int64(SectorCount) * SectorSize;\n// Cast one operand; the other is auto-promoted; multiplication is 64-bit."
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA138",
      "kind": "GodClass",
      "name": "Class has too many methods or fields",
      "shortDescription": "A class with more than 20 methods or more than 15 instance fields concentrates too many responsibilities - hard to test, hard to evolve, hard to review",
      "fullDescription": "God classes are classes that own too much behaviour and state at once: typical examples are UI composite roots, all-in-one manager singletons, or first-generation domain entities that grew with the application. The detector walks `nkClass` nodes, counts direct `nkMethod` and `nkField` children (including those inside `nkVisibilitySection`), and emits a finding when MethodCount > 20 OR FieldCount > 15. Records, interfaces, class helpers, forward declarations and classes marked `class abstract` (designintent contracts) are skipped. Properties are not counted - they are syntactic sugar over getter/setter pairs. Thresholds are hardcoded to the Sonar defaults; god classes typically exceed them by 3-5x so the cutoff does not need to be hyper-tunable. Maps to Sonar-50 rule #31.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["oop", "maintainability", "single-responsibility", "sonar50"],
      "detectorUnit": "uGodClass.pas",
      "examples": {
        "bad":  "TUiController = class             // 60 methods, 80 fields\n  FToolbar, FFilters, FGrid, ...: ...;\n  procedure BuildToolbar;\n  procedure FilterChange(...);\n  procedure GridDrawCell(...);\n  // 50 more methods mixing concerns\nend;",
        "good": "TToolbarSlots    = record ... end;\nTFilterController = class ... end;\nTGridRenderer    = class ... end;\n\nTUiController = class                // ~10 methods, ~5 fields\n  FToolbar: TToolbarSlots;\n  FFilter:  TFilterController;\n  FGrid:    TGridRenderer;\n  procedure Setup;\nend;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA139",
      "kind": "FreeWithoutNil",
      "name": "Free without subsequent nil-out",
      "shortDescription": "`obj.Free;` without `obj := nil;` (or using FreeAndNil) leaves a dangling pointer - any subsequent use is Use-After-Free",
      "fullDescription": "After `obj.Free`, the variable still points at the freed memory. Any further dereference is Use-After-Free, an Access Violation at best, silent corruption at worst. The detector walks `nkCall` nodes whose name matches `<ident>.Free` or `<ident>.Destroy`, then forward-scans the same method for a subsequent `<ident> := nil` or `FreeAndNil(<ident>)`. If neither exists, the call is reported - unless it is the last call in the method body (no follow-up use possible, typical for destructors and try/finally tails). `Self`/`Result`/`inherited` as receivers are excluded since they follow different lifecycle patterns. Maps to Sonar-50 rule #25.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["memory", "lifecycle", "sonar50"],
      "detectorUnit": "uFreeWithoutNil.pas",
      "examples": {
        "bad":  "L := TStringList.Create;\ntry\n  L.Add('x');\nfinally\n  L.Free;             // <- L still points at freed memory\nend;\nWriteLn(L.Count);     // Use-After-Free",
        "good": "L := TStringList.Create;\ntry\n  L.Add('x');\nfinally\n  FreeAndNil(L);      // L is nil; further use raises loudly\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA140",
      "kind": "MultipleExit",
      "name": "Method has too many Exit statements",
      "shortDescription": "A method with more than 3 Exit calls has too many return paths - hard to read, hard to test, easy to miss one",
      "fullDescription": "Multiple early returns are useful for guard clauses, but past a small number they fragment the control flow so badly that future maintainers miss conditions. The detector counts `nkExit` descendants of each `nkMethod`; threshold is 3. Refactoring options: consolidate guards into a single `if (... or ... or ...) then Exit;`, switch from early returns to a single return variable, or extract the inner logic into a helper. Maps to Sonar-50 rule #34.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["control-flow", "maintainability", "sonar50"],
      "detectorUnit": "uMultipleExit.pas",
      "examples": {
        "bad":  "function Find(Id: Integer): TUser;\nbegin\n  if Id < 0 then begin Result := nil; Exit; end;\n  if not Db.Connected then begin Result := nil; Exit; end;\n  if not Cache.Has(Id) then begin Result := DbLoad(Id); Exit; end;\n  Result := Cache.Get(Id);\n  Exit;                              // 4. Exit\nend;",
        "good": "function Find(Id: Integer): TUser;\nbegin\n  Result := nil;\n  if (Id < 0) or not Db.Connected then Exit;\n  if Cache.Has(Id) then\n    Result := Cache.Get(Id)\n  else\n    Result := DbLoad(Id);\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA141",
      "kind": "LargeClass",
      "name": "Class implementation exceeds 500 lines",
      "shortDescription": "A class whose declaration + implementation methods span more than 500 lines has too many responsibilities",
      "fullDescription": "Like GodClass (SCA138), but measured by line span rather than method/field count. Catches classes that look small from member counts but have huge implementation bodies - typical for legacy logic classes that grew over years. The detector walks `nkClass` nodes; for each class it determines a span via min(class-decl-line, first-method-with-prefix-line) .. max(class-decl-children-line, last-method-with-prefix-line). Threshold 500 lines. Records, interfaces, helpers and forwards are skipped. Maps to Sonar-50 rule #35.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["maintainability", "size", "sonar50"],
      "detectorUnit": "uLargeClass.pas",
      "examples": {
        "bad":  "// TMainForm with 800 lines of business logic mixed with UI handlers,\n// database calls and report generation.",
        "good": "// Extract verticals into focused classes:\nTReportRunner   = class ... end;     // own unit\nTDataController = class ... end;     // own unit\n\nTMainForm = class(TForm)\n  FReport: TReportRunner;\n  FData:   TDataController;\nend;"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA142",
      "kind": "UnsortedUses",
      "name": "uses clause is not in alphabetical order",
      "shortDescription": "Entries in a `uses` clause are not in alphabetical order - merges become non-deterministic and review harder",
      "fullDescription": "Alphabetical order keeps merge conflicts deterministic and removes a class of bikeshed in code review. The detector walks `nkUses` nodes, collects `nkUsesItem` children, and compares the actual order with a case-insensitive sort. Any mismatch produces a finding on the `uses` line. Single-entry clauses are skipped. Severity is Hint because many projects deliberately group entries by layer (RTL / VCL / third-party / custom) rather than alphabetically - opt-in style, not a hard rule. Maps to Sonar-50 rule #47.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["style", "convention", "sonar50"],
      "detectorUnit": "uUnsortedUses.pas",
      "examples": {
        "bad":  "uses\n  System.SysUtils,\n  System.Classes,\n  System.IOUtils,                    // <- order broken\n  System.JSON;",
        "good": "uses\n  System.Classes,\n  System.IOUtils,\n  System.JSON,\n  System.SysUtils;"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA143",
      "kind": "MissingUnitHeader",
      "name": "Unit has no descriptive header comment",
      "shortDescription": "Unit starts with `interface` directly, without an explaining comment block between `unit ...;` and `interface`",
      "fullDescription": "A short header comment between the `unit ...;` declaration and the `interface` keyword tells future maintainers what the unit is for - purpose, scope, important invariants, ownership. The detector reads the file's leading lines, finds the `unit` and `interface` markers, and verifies that at least one comment line (`//`, `{...}`, or `(* ... *)`) exists between them. Severity is Hint because many legacy units skip the header without functional consequence. Maps to Sonar-50 rule #48.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["documentation", "convention", "sonar50"],
      "detectorUnit": "uMissingUnitHeader.pas",
      "examples": {
        "bad":  "unit MyUnit;\n\ninterface\n\nuses ...;",
        "good": "unit MyUnit;\n\n// Database-connection pool: wraps FireDAC TFDConnection setup\n// for the report subsystem. Thread-safe; single instance per app.\n\ninterface\n\nuses ...;"
      },
      "cleanCodeAttribute": "IDENTIFIABLE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA144",
      "kind": "FloatEquality",
      "name": "Float equality / inequality comparison",
      "shortDescription": "`a = b` or `a <> b` between Single/Double/Extended operands is unreliable due to IEEE-754 rounding - use SameValue/Math.IsZero",
      "fullDescription": "IEEE-754 floating-point arithmetic does not guarantee exact equality even for results that look identical to the developer (`0.1 + 0.2 = 0.3` is False). Equality checks against floats are a classic silent-bug source - they look fine in tests but occasionally fire wrong. The detector strips strings and comments, then in two phases: (1) collects local variable declarations whose type is `Single`, `Double`, `Extended`, `Real`, or `Currency`; (2) scans for `<ident> = <expr>` or `<ident> <> <expr>` where at least one side references a known float variable. `:=` assignments are excluded via lookbehind. Limitations: no type-inference for function returns or non-local parameters; complex expressions like `a + b = c + d` only fire when at least one operand is a known float variable. Maps to Sonar-50 rule #19. Fix: use `System.Math.SameValue(a, b, Eps)` or `IsZero(a - b)`.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["floating-point", "precision", "sonar50"],
      "detectorUnit": "uFloatEquality.pas",
      "examples": {
        "bad":  "var Ratio: Double;\n...\nif Ratio = 0.5 then DoStuff;     // <- IEEE-754: almost never true after arithmetic",
        "good": "uses System.Math;\n...\nif SameValue(Ratio, 0.5, 1e-9) then DoStuff;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA145",
      "kind": "ExceptInDestructor",
      "name": "Raise inside destructor without try/except",
      "shortDescription": "An unprotected `raise` in a destructor aborts the cleanup chain - inherited Destroy and subsequent FreeAndNil calls are skipped, state stays inconsistent",
      "fullDescription": "A destructor's job is to release the resources of one object instance and then call `inherited Destroy` to let the parent release its part. If the destructor raises an exception that no surrounding handler catches, the whole cleanup chain unwinds: inherited Destroy is never called, the parent's resources leak, the destructor frame is left half-done and the caller (typically the RTL during stack unwind) sees an exception in a context where it usually swallows or escalates incorrectly. The detector walks `nkMethod` nodes whose `TypeRef` starts with `destructor` (and is not a class destructor, which has different semantics), then recursively visits the body with an `InHandler` flag. Each `nkRaise` encountered while the flag is False is reported. Maps to Sonar-50 rule #23.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["exception-handling", "lifecycle", "destructor", "sonar50"],
      "detectorUnit": "uExceptInDestructor.pas",
      "examples": {
        "bad":  "destructor TFoo.Destroy;\nbegin\n  FList.Free;\n  if Bad then raise EInvalidOp.Create('oops');   // <- inherited never runs\n  inherited;\nend;",
        "good": "destructor TFoo.Destroy;\nbegin\n  try\n    FList.Free;\n    if Bad then raise EInvalidOp.Create('oops');\n  except\n    Log('cleanup error');\n  end;\n  inherited;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA146",
      "kind": "BooleanParam",
      "name": "Boolean parameter used as internal branching flag",
      "shortDescription": "A Boolean parameter whose value selects between two completely different code paths is a hidden Strategy - prefer two methods with descriptive names",
      "fullDescription": "When a Boolean parameter's value flips the function between two unrelated behaviours (`SendMsg(s, True)` vs `SendMsg(s, False)`), the call site is opaque: the reader has to either remember the method's API or look it up to know what `True` means. Two methods with descriptive names (`SendErrorMessage` / `SendInfoMessage`) make the intent obvious at the call site without comments. The detector walks `nkMethod` nodes, scans `nkParam` children for Boolean (also LongBool/WordBool/ByteBool), and reports when at least one `nkIfStmt` in the body uses the parameter as a condition. Excluded: property setters (method names starting with `Set`), well-known VCL event-handler parameter names (`Handled`, `CanShow`). Pure pass-through (Bool just forwarded without internal branching) is not flagged. Maps to Sonar-50 rule #33. Severity Hint - this is a refactoring suggestion, not a bug.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["api-design", "readability", "sonar50"],
      "detectorUnit": "uBooleanParam.pas",
      "examples": {
        "bad":  "procedure SendNotification(const Msg: string; IsError: Boolean);\nbegin\n  if IsError then Notify(Msg, clRed) else Notify(Msg, clBlack);\nend;\n// Caller: SendNotification(s, True);     // True = ???",
        "good": "procedure SendErrorNotification(const Msg: string);\nbegin Notify(Msg, clRed); end;\n\nprocedure SendInfoNotification(const Msg: string);\nbegin Notify(Msg, clBlack); end;\n// Caller: SendErrorNotification(s);"
      },
      "cleanCodeAttribute": "FOCUSED",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA147",
      "kind": "UnusedPrivateMethod",
      "name": "Private method has no caller in the unit",
      "shortDescription": "A private method that is never referenced from any other method in the same unit is dead code - delete it or wire it up",
      "fullDescription": "Private methods can only be called from inside the same unit (Delphi-classic) or class (strict private). If no other method references them, they cannot be called at all - they are dead code, often the residue of an incomplete refactoring. The detector walks `nkClass` nodes, finds `nkVisibilitySection` children with name `private` or `strict private`, collects their `nkMethod` names, and then text-scans the (string-and-comment-stripped) file body for word-boundary matches. Two matches per method are tolerated (declaration line + implementation header); more indicate at least one call. Limitations: RTTI-driven invocations via `TypeInfo` / published-by-attribute / interface dispatch are not detected; use `// noinspection UnusedPrivateMethod` to suppress in those cases. Maps to Sonar-50 rule #37.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "maintainability", "sonar50"],
      "detectorUnit": "uUnusedPrivateMethod.pas",
      "examples": {
        "bad":  "TFoo = class\nprivate\n  procedure HelperA;            // <- never called\npublic\n  procedure DoStuff;\nend;",
        "good": "TFoo = class\npublic\n  procedure DoStuff;\nend;\n// or call HelperA from DoStuff to make the dependency explicit"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA148",
      "kind": "CanBeClassMethod",
      "name": "Instance method never accesses Self - could be a class method",
      "shortDescription": "A method that uses only its parameters (no Self, no instance fields, no virtual chain) is functionally a class method - mark it as such to express the stateless intent",
      "fullDescription": "When an instance method never touches `Self`, an instance field, or `inherited`, the implicit `Self` parameter is wasted - the method is effectively stateless. Declaring it `class function ... static` saves a pointer-pass, makes the stateless intent explicit, and allows callers to invoke it without an instance (`TMath.Add(1, 2)` instead of `MyMath.Add(1, 2)`). The detector walks `nkMethod` nodes that belong to a class (qualified name like `TFoo.Bar`), skips already-class methods (`;class` in TypeRef), polymorphic ones (`;virtual`/`;override`/`;dynamic`/`;abstract`), constructors and destructors, then recursively checks for any identifier named `self`, any `inherited`, or any `F<UppercaseLetter>` field reference. None of those -> finding. Limitations: implicit property access without `Self.` prefix is not detected as instance access, so calls like `Bar := ...` for a property could FP. Maps to Sonar-50 rule #50.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["oop", "refactoring", "sonar50"],
      "detectorUnit": "uCanBeClassMethod.pas",
      "examples": {
        "bad":  "function TMath.Add(A, B: Integer): Integer;\nbegin\n  Result := A + B;          // only uses params, no Self\nend;",
        "good": "class function TMath.Add(A, B: Integer): Integer;\nbegin\n  Result := A + B;\nend;\n// Caller: TMath.Add(1, 2)   // no instance needed"
      },
      "cleanCodeAttribute": "MODULAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA149",
      "kind": "MissingOverride",
      "name": "Method shadows a virtual parent method without `override`",
      "shortDescription": "A method redeclared in a subclass with the same name as a virtual/dynamic parent method, but without the `override` directive, breaks polymorphism - the compiler issues warning W1010",
      "fullDescription": "Without `override`, the subclass method is treated as a new method by the compiler. Polymorphic dispatch via the parent's vtable still calls the parent's implementation - `Base := Derived; Base.DoWork` runs `TBase.DoWork`, not `TDerived.DoWork`. The compiler warns (W1010), but many codebases suppress that hint. The detector walks `nkClass` nodes, identifies their direct parent in the same unit, collects parent methods with `;virtual` or `;dynamic` in `TypeRef`, and then checks each subclass method whose unqualified name matches a polymorphic parent name: missing `;override` AND missing `;reintroduce` -> finding. Limitations: within-unit only (cross-unit parents like `TForm`/`TStrings` not seen); only direct parent (multi-level chains check just one step). Maps to Sonar-50 rule #21.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["polymorphism", "oop", "compiler-warning", "sonar50"],
      "detectorUnit": "uMissingOverride.pas",
      "examples": {
        "bad":  "TBase = class\n  procedure DoWork; virtual;\nend;\n\nTDerived = class(TBase)\n  procedure DoWork;          // <- shadows TBase.DoWork (W1010)\nend;",
        "good": "TDerived = class(TBase)\n  procedure DoWork; override;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA150",
      "kind": "BoolAlwaysTrue",
      "name": "Boolean comparison is always true / always false",
      "shortDescription": "Comparisons like `Length(s) >= 0` are tautologies - the Length result is never negative, so the condition can never be false",
      "fullDescription": "Tautological boolean comparisons usually indicate a typo (`< 0` instead of `= 0`, `>= 1` instead of `> 0`) or copy-paste residue from a prior version of the code. The compiler does not warn because the operand type allows the value range syntactically. This narrow detector strips strings + comments, then matches two patterns lexically: `Length(...) >= 0` / `Length(...) < 0` and the mirrored `0 <= Length(...)` / `0 > Length(...)`. Limitations: Cardinal/UInt variables (`<UInt> >= 0` is also always-true) cannot be detected without type inference; complex expressions like `Length(s) - 1 < 0` are not matched. Maps to Sonar-50 rule #18 (narrow form).",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["control-flow", "dead-code", "sonar50"],
      "detectorUnit": "uBoolAlwaysTrue.pas",
      "examples": {
        "bad":  "if Length(s) >= 0 then DoStuff;   // <- always True\nif Length(s) < 0 then DoOther;    // <- always False",
        "good": "if Length(s) > 0 then DoStuff;    // non-empty check\nif Length(s) = 0 then DoOther;    // empty check"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA151",
      "kind": "ConstantReturn",
      "name": "Function always returns the same literal",
      "shortDescription": "All paths in the function assign the same literal value to Result - the conditional logic adds no behavioural difference, replace the function with a constant",
      "fullDescription": "When every assignment to `Result` (or to the function name in classic Pascal style) is the same literal, the function returns that literal regardless of inputs. The conditional structure is dead - either an incomplete refactor (one branch was never updated) or branches that should have produced different values do not. The detector walks `nkMethod` whose `TypeRef` declares a return type, collects `nkAssign` nodes whose LHS equals `result` or the unqualified function name, extracts the RHS literal (number, string literal, True/False/nil), and reports when at least two such assigns share the exact same literal and no non-literal assign exists. Maps to Sonar-50 rule #43.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "refactoring", "sonar50"],
      "detectorUnit": "uConstantReturn.pas",
      "examples": {
        "bad":  "function GetTimeout: Integer;\nbegin\n  if SlowMode then\n    Result := 30\n  else\n    Result := 30;       // <- always 30\nend;",
        "good": "const DEFAULT_TIMEOUT = 30;\n\nfunction GetTimeout: Integer;\nbegin\n  Result := DEFAULT_TIMEOUT;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA152",
      "kind": "HardcodedString",
      "name": "User-visible string assigned as literal",
      "shortDescription": "Caption/Hint/Text assignments and ShowMessage/MessageDlg calls with literal text bypass resourcestring / i18n - the string cannot be translated or replaced for localisation",
      "fullDescription": "Hardcoded user-visible text makes the application untranslatable without source modifications. The detector lexically scans each source line for two narrow patterns: `<ident>.Caption|Hint|Text := '<text>'` and `ShowMessage|MessageDlg('<text>'`. The captured text is reported only when it (a) is at least 2 characters, (b) contains at least one letter (rules out single-char separators like `'-'`, `'.'`, `':'`, and numeric literals), and (c) does not look like a resource key (uppercase + underscores only, or starts with `$`). Line-comments (`//`) are skipped. Limitations: matches on non-UI classes with a Caption/Hint/Text property (e.g. internal helpers) can FP - in that case use the line-suppress marker `// noinspection HardcodedString`. Maps to Sonar-50 rule #46 (narrow form, UI-only).",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["i18n", "localization", "sonar50"],
      "detectorUnit": "uHardcodedString.pas",
      "examples": {
        "bad":  "Form1.Caption := 'Mein Programm';\nButton1.Hint  := 'Klick mich';\nShowMessage('Daten gespeichert');",
        "good": "resourcestring\n  SAppCaption = 'Mein Programm';\n  SBtnHint    = 'Klick mich';\n  SSavedMsg   = 'Daten gespeichert';\n\nForm1.Caption := SAppCaption;\nButton1.Hint  := SBtnHint;\nShowMessage(SSavedMsg);"
      },
      "cleanCodeAttribute": "CONVENTIONAL",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA153",
      "kind": "UnpairedLock",
      "name": "Lock acquired without try/finally release",
      "shortDescription": "<ident>.Lock / EnterCriticalSection / TMonitor.Enter followed by a matching UnLock/Leave/Exit in the same routine without an enclosing try/finally - exception path leaks the lock and deadlocks the next caller",
      "fullDescription": "Scans each source line lexically (comments + strings stripped) for the acquire token `<ident>.Lock`, `Acquire`, `EnterCriticalSection`, or bare `EnterCriticalSection(...)`. A 200-character lookahead window then searches for the matching release token (`UnLock`, `LeaveCriticalSection`, `Release`). When BOTH are present in the window but no `try` keyword precedes the release, the pair is reported - acquiring a lock and then raising before the release causes a deadlock for every subsequent waiter. mORMot-tuned: matches TSynLocker, TRWLock, TLightLock, and the bare-Windows EnterCriticalSection/LeaveCriticalSection pair. Patterns where the release is missing entirely are skipped (likely a lock-helper RAII style with the release in a destructor).",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["concurrency", "mormot", "exception-safety", "sonar50"],
      "detectorUnit": "uUnpairedLock.pas",
      "examples": {
        "bad":  "FLocker.Lock;\nDoStuff;\nFLocker.UnLock;",
        "good": "FLocker.Lock;\ntry\n  DoStuff;\nfinally\n  FLocker.UnLock;\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY",     "severity": "HIGH" },
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA154",
      "kind": "MoveSizeOfPointer",
      "name": "Move/FillChar with SizeOf(pointer-type)",
      "shortDescription": "Move, FillChar, CopyMemory, or ZeroMemory called with SizeOf(PXxx) where PXxx is a pointer type - copies only 4/8 bytes (the pointer size) instead of the intended buffer",
      "fullDescription": "Lexical scan for `Move|FillChar|CopyMemory|ZeroMemory(...SizeOf(<Name>)...)` where <Name> begins with `P` followed by an uppercase letter (Delphi P-prefix convention for pointer types: PByte, PInteger, PCardinal, PChar, PSomeRecord, ...). On 64-bit, SizeOf(PXxx) returns 8 regardless of the pointed-to type; on 32-bit it returns 4. The author almost always meant SizeOf(Xxx) or Length(Buf) - the truncated copy silently leaves the rest of the buffer untouched (FillChar) or only partially copies the source (Move). Common mORMot pitfall: SizeOf(PByte) instead of explicit byte count when copying into a fixed array. Whitelist excludes SizeOf(TXxx) / SizeOf(Integer) / SizeOf(Variable) - only P-prefix-and-uppercase triggers.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["memory", "pointer", "mormot", "sonar50"],
      "detectorUnit": "uMoveSizeOfPointer.pas",
      "examples": {
        "bad":  "var Buf: array[0..255] of Byte; P: PByte;\nMove(Src^, P^, SizeOf(PByte));        // copies 8 bytes (pointer), not the buffer\nFillChar(P^, SizeOf(PInteger), 0);    // zeroes 8 bytes, not the integer",
        "good": "Move(Src^, P^, SizeOf(Byte) * Count);  // explicit element count\nFillChar(V, SizeOf(V), 0);             // matches the variable's size"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA155",
      "kind": "WithMultipleTargets",
      "name": "with statement on multiple targets",
      "shortDescription": "`with A, B do` (two or more comma-separated receivers) makes member lookup ambiguous - adding a method to either A or B silently changes the meaning of the body",
      "fullDescription": "Regex match `\\bwith\\s+<id>,\\s*<id>\\s*do\\b` across the whole file (multiline / comments stripped). One target alone is already a code-smell (covered by fkWithStatement); two or more turn the body into a maintenance trap: a new method added to A or B can silently override what used to dispatch to the other. The compiler picks the closest match and never warns. Renames via the IDE refactor skip these references because the receiver is not named at the call site. mORMot-tuned: matches up to 200 characters per target name to tolerate fully-qualified names like `Owner.SubObject.Component`. Fix: split into separate `with` blocks, or - better - drop `with` entirely and qualify each member explicitly.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["clarity", "with-statement", "sonar50"],
      "detectorUnit": "uWithMultipleTargets.pas",
      "examples": {
        "bad":  "with Form1, List1 do\n  DoStuff;     // From Form1 or List1?",
        "good": "Form1.DoStuff;\nList1.Sort;"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA156",
      "kind": "GetMemWithoutFreeMem",
      "name": "GetMem / AllocMem without try/finally",
      "shortDescription": "GetMem / AllocMem / ReallocMem followed by a matching FreeMem in the same routine without an enclosing try/finally - exception path leaks the buffer permanently",
      "fullDescription": "Lexical scan (comments + strings stripped) for `GetMem(...)`, `AllocMem(...)`, or `ReallocMem(...)`. A 400-character lookahead window searches for the matching `FreeMem`. When both are present in the window but no `try` keyword precedes the FreeMem, the pair is reported - any exception between allocation and release leaks the raw heap buffer. mORMot-tuned: matches the ~20 GetMem occurrences in mORMot core/ that implement high-performance buffer manipulation, where every missing try/finally is a production leak. Patterns where FreeMem is missing entirely are skipped (likely ownership-transfer to caller, or custom allocator).",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["memory-leak", "exception-safety", "mormot", "sonar50"],
      "detectorUnit": "uGetMemWithoutFreeMem.pas",
      "examples": {
        "bad":  "GetMem(P, 1024);\nDoStuff(P);\nFreeMem(P);",
        "good": "GetMem(P, 1024);\ntry\n  DoStuff(P);\nfinally\n  FreeMem(P);\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY",     "severity": "HIGH" },
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA157",
      "kind": "SetLengthAppendInLoop",
      "name": "SetLength(arr, Length(arr) + N) inside a loop",
      "shortDescription": "Dynamic-array grow-by-one (or grow-by-N) inside a for/while/repeat loop - quadratic reallocation cost; grow once before the loop or use a block-grow strategy",
      "fullDescription": "Lexical scan for any `for|while|repeat` keyword followed within 600 characters by `SetLength(<id>, Length(<id>) + ...)` where the two `<id>` names are identical (the array grows itself). Each reallocation copies the existing contents - n iterations cost n*(n+1)/2 element-copies instead of n. At 10_000 items this is ~5000x slower than a one-shot SetLength. Common mORMot performance trap when user code accumulates results without knowing the final size. Only the first grow per loop is reported to avoid spam. `SetLength(A, Length(B)+1)` (different arrays) is NOT flagged - that pattern is rare and usually intentional.",
      "defaultSeverity": "Warning",
      "type": "Code Smell",
      "tags": ["performance", "dynamic-array", "mormot", "sonar50"],
      "detectorUnit": "uSetLengthAppendInLoop.pas",
      "examples": {
        "bad":  "for i := 0 to Source.Count - 1 do\nbegin\n  SetLength(Dest, Length(Dest) + 1);  // O(n*n)\n  Dest[High(Dest)] := Source[i];\nend;",
        "good": "SetLength(Dest, Source.Count);\nfor i := 0 to Source.Count - 1 do\n  Dest[i] := Source[i];"
      },
      "cleanCodeAttribute": "EFFICIENT",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA158",
      "kind": "PointerArithmeticOnString",
      "name": "PChar(s) +/- offset without empty-check",
      "shortDescription": "`PChar(s) + n`, `PAnsiChar(s) + n`, or `PWideChar(s) + n` without a prior empty-check on `s` - PChar('') optimizes to NIL, so arithmetic on the result is a latent Access Violation",
      "fullDescription": "Lexical scan for `PChar|PAnsiChar|PWideChar(<id>) [+-] <offset>`. A 200-character backward window checks for guard patterns: `<id> <> ''`, `<id> = ''`, `Length(<id>) ...`, or `Assigned(<id>)`. When no guard is found, the arithmetic is flagged. The Delphi compiler optimizes `PChar('')` to NIL (not a pointer to a static #0 character), so `PChar(s) + 5` evaluates to address $00000005 when `s` is empty - accessing it triggers Access Violation. mORMot internals consistently guard with explicit empty-checks; user code that copies the PChar arithmetic idiom often skips the guard. Limitations: backward window is 200 chars (long-range checks are missed); arithmetic via `Inc(p, ...)` on a previously-assigned PChar variable is NOT detected (would need flow analysis).",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["pointer", "string", "nil-deref", "mormot", "sonar50"],
      "detectorUnit": "uPointerArithmeticOnString.pas",
      "examples": {
        "bad":  "p := PChar(s) + 5;       // if s='' then PChar(s)=nil -> AV at $00000005",
        "good": "if s <> '' then\n  p := PChar(s) + 5;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA159",
      "kind": "EmptyOnHandler",
      "name": "Typed exception handler with empty body",
      "shortDescription": "`on E: SomeException do ;` (or `on E: ... do begin end;`) silently swallows a specific exception class - worse than a bare `except end` because the typed annotation looks intentional",
      "fullDescription": "Lexical scan for `on [E:] <ExceptionType> do (;|begin end)`. The typed `on E:` form gives the impression of considered handling - a reader assumes the developer thought about this specific exception. An empty body means the failure is invisible in production: no log, no UI feedback, no telemetry. Common mORMot review finding in cleanup code where 'this can be ignored' is not documented. The bare `except end` form is already caught by SCA-001 (EmptyExcept); this rule covers the typed-handler variant.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["exception-handling", "silent-failure", "mormot", "sonar50"],
      "detectorUnit": "uEmptyOnHandler.pas",
      "examples": {
        "bad":  "try DoStuff; except\n  on E: EDatabaseError do ;\nend;",
        "good": "try DoStuff; except\n  on E: EDatabaseError do\n  begin\n    Logger.Error(E.Message);\n    raise;\n  end;\nend;"
      },
      "cleanCodeAttribute": "COMPLETE",
      "impacts": [
        { "softwareQuality": "RELIABILITY",     "severity": "HIGH" },
        { "softwareQuality": "MAINTAINABILITY", "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA160",
      "kind": "StringFromPointer",
      "name": "String cast from raw pointer",
      "shortDescription": "`string(P)` / `AnsiString(P)` / `UTF8String(P)` / `RawByteString(P)` cast from a P-prefixed pointer assumes a null-terminator that may not exist - heap overread",
      "fullDescription": "Lexical scan for `(string|RawByteString|AnsiString|UTF8String|WideString)(<id>)` where `<id>` starts with `P` followed by an uppercase letter (Delphi P-prefix convention for pointer types: PByte, PChar, PSomeRecord, ...). Delphi treats the cast as null-terminated and reads memory until the next #0 - on a buffer without a terminator this walks past the heap-block boundary, causing silent overread and occasional AV. mORMot internals use this pattern with controlled null-termination; user code copying the idiom often skips the terminator guarantee. Use `SetString(s, PChar(Buf), Len)` with explicit length instead. False-positive filter: only P-prefix+uppercase identifiers trigger - `string(IntegerVar)` (Integer-to-String) is not flagged.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["string", "pointer", "heap-overread", "mormot", "sonar50"],
      "detectorUnit": "uStringFromPointer.pas",
      "examples": {
        "bad":  "s := string(Buf);    // PByte cast assumes null-terminator",
        "good": "SetString(s, PChar(Buf), Len);   // explicit length"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" },
        { "softwareQuality": "SECURITY",    "severity": "MEDIUM" }
      ]
    },
    {
      "id": "SCA161",
      "kind": "PointerSubtraction",
      "name": "Pointer subtraction via 32-bit cast",
      "shortDescription": "`Cardinal(P1) - Cardinal(P2)` (or Integer / LongWord / LongInt variants) truncates the upper 32 bits of a 64-bit pointer on Win64 - difference is intermittently wrong",
      "fullDescription": "Lexical scan for `(Cardinal|LongWord|Integer|LongInt)(<id>) - (Cardinal|...)(<id>)` - two 32-bit casts joined by minus. On Win64 a Pointer is 64-bit while Cardinal/Integer/LongWord/LongInt are 32-bit, so the cast drops the upper four bytes of the address. The resulting difference is wrong whenever the allocator hands out high addresses - the code works on Win32 and breaks intermittently on Win64. Common porting bug from Delphi-7 / Delphi-2007 examples that pre-date Win64. Fix: use `PtrUInt(P1) - PtrUInt(P2)` or `NativeInt(P1) - NativeInt(P2)` - pointer-width integer types that match the platform pointer size.",
      "defaultSeverity": "Warning",
      "type": "Bug",
      "tags": ["pointer", "win64", "truncation", "mormot", "sonar50"],
      "detectorUnit": "uPointerSubtraction.pas",
      "examples": {
        "bad":  "Diff := Cardinal(P1) - Cardinal(P2);   // upper 32 bits lost on Win64",
        "good": "Diff := PtrUInt(P1) - PtrUInt(P2);     // pointer-wide cast"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA162",
      "kind": "InsecureCryptoAlgorithm",
      "name": "Use of weak / deprecated cryptographic algorithm",
      "shortDescription": "Algorithm name ('MD5', 'SHA1', 'DES', 'RC4', 'TLS1.0', 'SSLv3') or wrapper class (THashMD5, TIdHashSHA1, ...) referenced - vulnerable to collision / known-plaintext attacks",
      "fullDescription": "MD5 has practical collisions since 2004 (Wang et al.), SHA1 since 2017 (SHAttered chosen-prefix). DES is 56-bit and brute-forceable, 3DES has the Sweet32 CBC collision (CVE-2016-2183). RC4 has documented statistical biases and is prohibited by RFC 7465. TLS 1.0 / 1.1 are RFC 8996 deprecated (BEAST, POODLE, Lucky13). SSLv3 was killed by POODLE (CVE-2014-3566). The detector matches algorithm names with word boundaries inside string literals/identifiers AND a set of well-known wrapper class names (substring match). Fix: switch to SHA-256/SHA-3 for hashing, AES-GCM / AES-CCM for symmetric encryption, TLS 1.2 minimum (1.3 preferred).",
      "defaultSeverity": "Warning",
      "type": "Vulnerability",
      "tags": ["crypto", "security", "compliance"],
      "cwe": ["CWE-327", "CWE-328"],
      "owasp": ["A02:2021-Cryptographic Failures"],
      "detectorUnit": "uInsecureCryptoAlgorithm.pas",
      "examples": {
        "bad":  "algo := 'MD5';\nHash := THashMD5.GetHashString(Input);",
        "good": "algo := 'SHA256';\nHash := THashSHA2.GetHashString(Input);"
      },
      "cleanCodeAttribute": "TRUSTWORTHY",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA163",
      "kind": "CommandInjection",
      "name": "Shell API called with string concatenation in argument",
      "shortDescription": "ShellExecute / CreateProcess / WinExec with `+` in the arguments - if any operand is user-controlled it becomes a command-injection vector",
      "fullDescription": "Building the command string via concatenation (`PChar('cmd /c ' + UserInput)`) allows the attacker to append additional commands when the input is not strictly validated. This detector walks the AST and flags any nkCall whose method name (qualifier-stripped) is one of the known shell entry points AND whose argument list contains a `+` operator OUTSIDE any string literal. Because we cannot statically tell whether an operand is tainted, the finding is emitted with Confidence = Low; it surfaces in the UI only when the minimum-confidence threshold is set to 'low'. Fix: pass arguments via the dedicated parameter array (CreateProcess) or escape/validate before concatenation, prefer ShellExecuteEx with a structured SHELLEXECUTEINFO.",
      "defaultSeverity": "Error",
      "type": "Vulnerability",
      "tags": ["injection", "security", "shell"],
      "cwe": ["CWE-78"],
      "owasp": ["A03:2021-Injection"],
      "detectorUnit": "uCommandInjection.pas",
      "examples": {
        "bad":  "ShellExecute(0, 'open', PChar('cmd /c ' + UserInput), nil, nil, SW_SHOW);",
        "good": "// Validate UserInput against a strict whitelist, then:\nShellExecute(0, 'open', 'cmd.exe', PChar('/c safe_command'), nil, SW_SHOW);"
      },
      "cleanCodeAttribute": "TRUSTWORTHY",
      "impacts": [
        { "softwareQuality": "SECURITY", "severity": "HIGH" }
      ]
    },
    {
      "id": "SCA164",
      "kind": "UnusedRoutine",
      "name": "Top-level routine never called",
      "shortDescription": "Standalone procedure/function in the implementation section is never called from anywhere in the unit and is not exported via the interface section - dead code",
      "fullDescription": "Fills the gap between SCA147 (UnusedPrivateMethod - only class private methods) and the visibility-check family SCA148+ (only class public members). Detects top-level (non-class) routines whose name does not appear as a caller anywhere in the same unit, excluding self-references (a recursive routine that only calls itself is still flagged - mirrors SonarDelphi UnusedRoutineCheck behaviour). False-positive guards: constructors and destructors (not directly callable as a procedure), the `override`/`virtual; abstract`/`message`/`dynamic` directives (cross-class or system dispatch), the IDE-bootstrap `Register` procedure, the enumerator trio (`MoveNext`/`GetEnumerator`/`Current` - invoked implicitly by `for-in`), and any routine forward-declared in the unit's interface section (potential cross-unit consumer). Scope is single-file - cross-unit callers of interface-section routines are not tracked in this MVP, so those are intentionally skipped. Suppress with `// noinspection UnusedRoutine` when the routine is intentionally kept (RTTI-driven invocation, attribute-consumed, plugin-loaded). Maps to SonarDelphi UnusedRoutineCheck.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["dead-code", "maintainability", "sonardelphi"],
      "detectorUnit": "uUnusedRoutine.pas",
      "examples": {
        "bad":  "implementation\nprocedure InternalHelper;     // never called\nbegin\n  WriteLn('hi');\nend;\nend.",
        "good": "implementation\n// remove InternalHelper, or call it from somewhere,\n// or move it to interface if it should be exported"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA165",
      "kind": "UnusedSuppression",
      "name": "Unused noinspection marker",
      "shortDescription": "A `// noinspection X` marker does not suppress any finding at its target line - either the detector improved (suppression no longer needed) or the suppression target was wrong",
      "fullDescription": "The suppression filter (uSuppression) records every `// noinspection KindName` comment and the next code line it targets. After all detectors finish, the filter checks which markers actually suppressed a finding. Markers that never fired are reported as fkUnusedSuppression at the marker line - the user should remove the marker (detector evolution made it obsolete) or check whether the target kind name was wrong. False-negative-resistant: only markers with a clear non-comment target line are considered (markers at EOF or in pure doc-comment blocks are ignored). Profile-aware: in the default profile this hint shows up; users who want suppression-hygiene reports without detector noise can run with --profile selftest-quiet.",
      "defaultSeverity": "Hint",
      "type": "Code Smell",
      "tags": ["suppression", "maintainability", "hygiene"],
      "detectorUnit": "uSuppression.pas",
      "examples": {
        "bad":  "// noinspection MemoryLeak\nWriteLn('hello');   // no leak here - suppression never fires",
        "good": "// (Marker entfernt - das Tool flaggt diese Zeile nicht mehr.)\nWriteLn('hello');"
      },
      "cleanCodeAttribute": "CLEAR",
      "impacts": [
        { "softwareQuality": "MAINTAINABILITY", "severity": "LOW" }
      ]
    },
    {
      "id": "SCA166",
      "kind": "UninitVar",
      "name": "Uninitialised local variable",
      "shortDescription": "Local variable read before being assigned on every code path through the method",
      "fullDescription": "Local variables of non-managed types (Integer, Boolean, Pointer, record, class instance) start with undefined contents. Reading them before assignment yields garbage values or an access violation - a classic crash bug. The detector walks each method's statements in source order, tracks first-write vs first-read per local variable, and flags reads that precede any write. A conservative branch model treats writes inside if/case/try-blocks as 'conditional' (fcMedium confidence; the FP rate vs full path-sensitivity is the documented trade-off, see Konzept_SCA166_UninitVar.md §5.C). Known writers from the RTL (Read, ReadLn, FillChar, Move, ZeroMemory, Initialize, New, GetMem) are detected via allowlist; other var/out-parameter calls are treated pessimistically as Reads (false-negatives but no false-positives). Pascal's auto-initialised managed types (string, dynamic array, interface) are skipped unless opted-in via INI. Methods larger than configurable caps (200 local vars / 5000 statements, default) skip analysis to avoid pathological worst-case cost.",
      "defaultSeverity": "Error",
      "type": "Bug",
      "tags": ["reliability", "memory-safety", "uninit"],
      "configKey": "[Detectors] UninitVarEnabled",
      "detectorUnit": "uUninitVar.pas",
      "examples": {
        "bad":  "procedure Foo;\nvar L: TStringList;\nbegin\n  if Cond then L := TStringList.Create;\n  L.Add('x');   // L undefined if Cond was false -> AV\nend;",
        "good": "procedure Foo;\nvar L: TStringList;\nbegin\n  L := TStringList.Create;\n  try\n    L.Add('x');\n  finally\n    L.Free;\n  end;\nend;"
      },
      "cleanCodeAttribute": "LOGICAL",
      "impacts": [
        { "softwareQuality": "RELIABILITY", "severity": "HIGH" }
      ]
    }
  ]
}