AI-pattern detection

EDITH scans for tool-specific signatures in files — @cursor:generated comments, // generated by v0.dev markers, Lovable's div attributes, Bolt's URL hints, Claude's commit signatures.

When a tool is detected, EDITH runs that tool's rule pack on top of the universal checks. The dashboard surfaces which tool wrote each finding so you can see patterns.

Cursor's most common failure modes:

• Hallucinated package names that don't exist on npm
• Outdated model strings (gpt-3.5-turbo, claude-3-opus-20240229)
• process.env.X referenced from a "use client" file without the NEXT_PUBLIC_ prefix
• Server Actions exported with no await getUser() gate
• useEffect deps containing object literals (infinite loop)

Claude's footguns:

• Silent catches around JSON.parse and fetch
• Floating promises in async handlers
• FIXME / TODO / HACK comments left in code shipped to PR
• useEffect with inline-object dependency

v0 ships beautiful UI but its accessibility is consistently weak:

• Missing alt attributes on <img>
• <div onClick> used as a button (no role, no keyboard)
• Heading skips (<h1> → <h3>)
• Form <input> without an associated <label>

Lovable and Bolt are great at first-cut full-stack apps but consistently miss the security baseline:

• Tables created without RLS
• Stripe webhook handlers without constructEvent signature check
• JWT stored in localStorage instead of HttpOnly cookies
• Multi-table writes outside a transaction