v0.4.1: Trust Contract Hardening

Trust Contract

• 18 silent failure paths eliminated in Knex (6) and Sequelize (12) transpilers: every early return that silently dropped migration statements now emits an ExtractionWarning
• Plugin crashes surfaced in structured output (JSON, GitHub, SARIF), not just stderr
• Coverage % fixed: new unanalyzable flag on ExtractionWarning distinguishes truly unanalyzable statements from informational warnings

Bug Fixes

• Trace mode DB connection leak: close clients in finally block
• Policy ignore bleed: fileIgnoredRules restricted to first statement only
• lock-timeout-after-dangerous-statement now suppressible via inline ignore
• Stale adjustedRisk cleared on trace-merge mismatch override
• NaN guard on --max-lock-timeout / --max-statement-timeout
• Stats file and package.json errors include file path and message

LSP

• Format auto-detection failure emits warning instead of silent fallback
• Analysis crash clears stale diagnostics
• Config fetch logs non-capability errors

Docs

• 11 stale comments fixed, verified against PostgreSQL documentation

Tests

• 393 tests (was 371)
• 10 SARIF reporter tests (was zero)
• DROP SCHEMA, DROP SCHEMA CASCADE, DROP CONSTRAINT tests
• 6 adjustRisk boundary tests (exact thresholds)
• REFRESH MATERIALIZED VIEW WITH NO DATA test
• 2 coverage calculation accuracy tests

Full changelog: https://github.com/flvmnt/pgfence/blob/main/CHANGELOG.md