This is a finding from https://github.com/krokoko/cairn (action item CA-10).
Component
Tooling / CI
Describe the feature
Add inline-literal ("magic number") detection with an allowlist:
- ESLint
no-magic-numbers for TypeScript (cdk, cli).
- ruff
PLR2004 for Python (agent).
This targets AI007 (hard-coded values / local-reasoning violations) and steers values that should be named constants into contracts/constants.json.
Use case
AI007 enforcement today is weak — a single bespoke lint rule (md5) plus the constants.json centralization convention. There is no general guard against inline magic numbers, so hard-coded thresholds, sizes, and limits scatter through the code instead of living in the single source of truth (contracts/constants.json). Inline literals are a classic AI-generated-code smell: locally plausible, globally inconsistent, and invisible to review at scale.
Proposed solution
- Enable
no-magic-numbers in the cdk and cli ESLint configs.
- Enable
PLR2004 in ruff for agent.
- Curate an allowlist (e.g.
0, 1, -1, HTTP status codes, well-known constants) to keep the signal high.
- Start advisory, fix the baseline, then make blocking via the required
build check.
Acceptance criteria
Other information
Source report: ai-smells-gates-report.md (AI007 — "No no-magic-numbers/PLR2004"; Quick wins #3). Effort: S. Per ADR-003 this issue needs the approved label before work begins.
Component
Tooling / CI
Describe the feature
Add inline-literal ("magic number") detection with an allowlist:
no-magic-numbersfor TypeScript (cdk,cli).PLR2004for Python (agent).This targets AI007 (hard-coded values / local-reasoning violations) and steers values that should be named constants into
contracts/constants.json.Use case
AI007 enforcement today is weak — a single bespoke lint rule (md5) plus the
constants.jsoncentralization convention. There is no general guard against inline magic numbers, so hard-coded thresholds, sizes, and limits scatter through the code instead of living in the single source of truth (contracts/constants.json). Inline literals are a classic AI-generated-code smell: locally plausible, globally inconsistent, and invisible to review at scale.Proposed solution
no-magic-numbersin thecdkandcliESLint configs.PLR2004in ruff foragent.0,1,-1, HTTP status codes, well-known constants) to keep the signal high.buildcheck.Acceptance criteria
no-magic-numbersenabled (eslint) andPLR2004enabled (ruff) with a tuned allowlist.contracts/constants.json, or baselined.buildcheck once the baseline is clean.contracts/constants.jsonwhere appropriate.Other information
Source report:
ai-smells-gates-report.md(AI007 — "Nono-magic-numbers/PLR2004"; Quick wins #3). Effort: S. Per ADR-003 this issue needs theapprovedlabel before work begins.