refactor: code review improvements — architecture, safety, tests, docs

Architecture:
- Extract CrossSignalRuleEngine class (R.3–R.7 rules independently testable)
- Export CROSS_SIGNAL_THRESHOLDS const
- Add WindowedMonitorBase abstract class; GcMonitor + CacheMonitor extend it

TypeScript / safety:
- Move cross-signal event types to cross-signal-rule-engine.ts
- Replace silent .catch() blocks with this.emit("warn", err)
- Replace routeTracker non-null assertion with defensive check
- Fix global-regex lastIndex pattern in index-hint-analyzer, migration-scanner, argus-agent

Tests (601 → 627 passing):
- Scenario tests: worker-only, cache-degradation, crash-recovery
- OTLP edge cases: circular payload, ECONNREFUSED, timeout, dropped connection
- Licensing boundary tests: JWT expiry ±1 s, clock-skew at 60 s boundary
- CrossSignalRuleEngine: TTL expiry, stale-query eviction, R.7 warn path, dedup
- Explicit { timeout: 10_000 } on all async tests that use setTimeout

Repo:
- Add .github/PULL_REQUEST_TEMPLATE.md
- Update README: tagline, CI badge, Roadmap section, Used by placeholder
- Add npm keywords: opentelemetry, postgres, mysql, n+1, node-js, sql

Author: sharon77242

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,26 @@
+## Description
+
+<!-- What does this PR do and why? Link to the issue it addresses if applicable. -->
+
+Closes #
+
+## Test plan
+
+- [ ] `pnpm typecheck` passes
+- [ ] `pnpm lint` passes
+- [ ] `pnpm format:check` passes
+- [ ] `pnpm test` passes (all existing + new tests green)
+- [ ] New behaviour is covered by tests
+
+## Breaking changes
+
+<!-- List any breaking changes to the public API. If none, write "None." -->
+
+None.
+
+## Checklist
+
+- [ ] No secrets, tokens, or PEM files committed
+- [ ] No new `console.log` left in production code
+- [ ] README / CHANGELOG updated if this changes the public API or project structure
+- [ ] Reviewed the diff for unintentional whitespace or debug code

README.md

@@ -1,12 +1,15 @@
 # Argus
 
-> **Privacy-first performance diagnostics for Node.js — minimum Node 14.18 as a compiled package, Node 22.6 for source/dev mode**
+> **Privacy-first APM and performance diagnostics for Node.js — zero sidecar, zero raw data exported.**
 
+[![CI](https://github.com/sharon77242/Argus/actions/workflows/ci.yml/badge.svg)](https://github.com/sharon77242/Argus/actions/workflows/ci.yml)
 [![Sponsor](https://img.shields.io/badge/Sponsor-%E2%9D%A4-pink?logo=github)](https://github.com/sponsors/sharon77242)
 [![npm version](https://badge.fury.io/js/argus-apm.svg)](https://badge.fury.io/js/argus-apm)
 [![npm downloads](https://img.shields.io/npm/dm/argus-apm.svg)](https://www.npmjs.com/package/argus-apm)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
+> Minimum Node 14.18 as a compiled package · Node 22.6 for source/dev mode
+
 ![Argus demo](docs/demo.gif)
 
 Named after **Argus Panoptes**, the hundred-eyed watchman of Greek mythology. A lightweight agent that embeds directly into your application — silently tracking runtime behaviour, isolating bottlenecks, and mathematically sanitizing all context before exporting OpenTelemetry (OTLP) telemetry to your observability stack.
@@ -842,13 +845,18 @@ Open `http://localhost:16686` to browse traces.
 
 ---
 
-## SaaS Dashboard — Coming Soon
+## Roadmap
+
+- **SaaS Dashboard** — hosted dashboard with 30-day query history, AI-powered fix suggestions, and cross-service correlation
+- **IDE plugin** — surface suggestions directly in VS Code as you write queries
+
+→ [Watch the repo](https://github.com/sharon77242/Argus) or email [sharon10vp614@gmail.com](mailto:sharon10vp614@gmail.com) to be notified of major releases.
+
+---
 
-Local suggestions fire today with zero account required.
-A hosted dashboard with 30-day query history, AI-powered fix suggestions,
-and cross-service correlation is in development.
+## Used by
 
-→ Subscribe via [this GitHub issue](https://github.com/sharon77242/Argus/issues) or email [sharon10vp614@gmail.com](mailto:sharon10vp614@gmail.com) to be notified at launch.
+Using Argus in production? [Open an issue](https://github.com/sharon77242/Argus/issues) or email [sharon10vp614@gmail.com](mailto:sharon10vp614@gmail.com) to be listed here.
 
 ---
 

packages/agent/package.json

@@ -48,14 +48,20 @@
   "keywords": [
     "argus",
     "node",
+    "node-js",
     "diagnostics",
     "performance",
     "profiling",
     "apm",
     "observability",
     "privacy",
     "monitoring",
-    "tracing"
+    "tracing",
+    "opentelemetry",
+    "postgres",
+    "mysql",
+    "n+1",
+    "sql"
   ],
   "author": "Sharon Alhazov (https://github.com/sharon77242)",
   "license": "Apache-2.0",

packages/agent/src/analysis/cache-monitor.ts

@@ -1,5 +1,6 @@
-import { EventEmitter } from "node:events";
+import type { EventEmitter } from "node:events";
 import type { TracedQuery } from "../instrumentation/engine.ts";
+import { WindowedMonitorBase } from "../profiling/windowed-monitor-base.ts";
 
 interface Sample {
   hit: boolean;
@@ -28,16 +29,13 @@ export interface CacheMonitorOptions {
   minHitRate?: number;
 }
 
-export class CacheMonitor extends EventEmitter {
-  private samples: Sample[] = [];
+export class CacheMonitor extends WindowedMonitorBase<Sample> {
   private sources = new Map<EventEmitter, (q: TracedQuery) => void>();
-  private readonly windowMs: number;
   private readonly minSamples: number;
   private readonly minHitRate: number;
 
   constructor(options: CacheMonitorOptions = {}) {
-    super();
-    this.windowMs = options.windowMs ?? 60_000;
+    super(options.windowMs ?? 60_000);
     this.minSamples = options.minSamples ?? 10;
     this.minHitRate = options.minHitRate ?? 0.5;
   }
@@ -71,7 +69,9 @@ export class CacheMonitor extends EventEmitter {
 
   /** Detach all sources. */
   stop(): void {
-    for (const [src, fn] of this.sources) src.off("query", fn);
+    for (const [src, fn] of this.sources) {
+      src.off("query", fn);
+    }
     this.sources.clear();
   }
 
@@ -121,9 +121,6 @@ export class CacheMonitor extends EventEmitter {
   }
 
   private _evict(now: number): void {
-    const cutoff = now - this.windowMs;
-    while (this.samples.length > 0 && this.samples[0].ts < cutoff) {
-      this.samples.shift();
-    }
+    this.evictSamples(now, (s) => s.ts);
   }
 }

packages/agent/src/analysis/cross-signal-rule-engine.ts

@@ -0,0 +1,253 @@
+import type { EventEmitter } from "node:events";
+import { ColumnUsageAnalyzer } from "./column-usage-analyzer.ts";
+
+interface QueryLike {
+  sanitizedQuery?: string;
+  traceId?: string;
+  correlationId?: string;
+  suggestions?: { rule: string }[];
+}
+
+interface HttpLike {
+  method?: string;
+  url?: string;
+  durationMs?: number;
+  traceId?: string;
+}
+
+interface SlowQueryLike {
+  sanitizedQuery?: string;
+  durationMs?: number;
+  driver?: string;
+}
+
+interface PoolExhaustionLike {
+  driver?: string;
+  waitingCount?: number;
+}
+
+export const CROSS_SIGNAL_THRESHOLDS = {
+  SLOW_HTTP_MS: 1_000,
+  POOL_STARVATION_WINDOW_MS: 10_000,
+  N_PLUS_ONE_TTL_MS: 30_000,
+} as const;
+
+export interface CrossSignalRuleEngineOptions {
+  columnUsageDir?: string | null;
+  columnUsageThreshold?: number;
+  selectStarHits?: Map<string, number>;
+  parseLineFromSourceLine?: (sourceLine: string) => number;
+}
+
+/**
+ * Wires cross-signal correlation rules (R.3–R.7) onto a shared EventEmitter.
+ * Each rule listens for events emitted by individual monitors and combines them
+ * into higher-signal compound anomalies.
+ */
+export class CrossSignalRuleEngine {
+  private readonly emitter: EventEmitter;
+  private readonly opts: CrossSignalRuleEngineOptions;
+  private readonly listeners: [string, (...args: unknown[]) => void][] = [];
+
+  constructor(emitter: EventEmitter, opts: CrossSignalRuleEngineOptions = {}) {
+    this.emitter = emitter;
+    this.opts = opts;
+  }
+
+  wire(): void {
+    const SLOW_HTTP_MS = CROSS_SIGNAL_THRESHOLDS.SLOW_HTTP_MS;
+    const POOL_STARVATION_WINDOW_MS = CROSS_SIGNAL_THRESHOLDS.POOL_STARVATION_WINDOW_MS;
+    const N_PLUS_ONE_TTL_MS = CROSS_SIGNAL_THRESHOLDS.N_PLUS_ONE_TTL_MS;
+
+    // traceId → timestamp of last N+1 detection (R.3)
+    const nPlusOneByTraceId = new Map<string, number>();
+    // query key → { timestamp, sanitizedQuery, durationMs, driver } (R.4)
+    const recentSlowQueries = new Map<
+      string,
+      { timestamp: number; sanitizedQuery: string; durationMs: number; driver?: string }
+    >();
+    // traceId/correlationId of currently open transactions (R.5)
+    const openTransactions = new Set<string>();
+
+    const onQuery = (event: QueryLike): void => {
+      const sql = event.sanitizedQuery ?? "";
+      const traceKey = event.traceId ?? event.correlationId;
+
+      // R.5: track open transactions
+      if (traceKey) {
+        if (/^\s*BEGIN\b/i.test(sql)) {
+          openTransactions.add(traceKey);
+        } else if (/^\s*(COMMIT|ROLLBACK)\b/i.test(sql)) {
+          openTransactions.delete(traceKey);
+        }
+      }
+
+      const hasNPlusOne = event.suggestions?.some((s) => s.rule === "n-plus-one");
+
+      // R.3: record traceIds with active N+1
+      if (hasNPlusOne && event.traceId) {
+        nPlusOneByTraceId.set(event.traceId, Date.now());
+      }
+
+      // R.5: N+1 inside open transaction
+      if (hasNPlusOne && traceKey && openTransactions.has(traceKey)) {
+        this.emitter.emit("anomaly", {
+          type: "n-plus-one-in-transaction",
+          traceId: event.traceId,
+          correlationId: event.correlationId,
+          suggestions: [
+            {
+              severity: "critical",
+              rule: "n-plus-one-in-transaction",
+              message:
+                "N+1 query pattern detected inside an open transaction — each repeated query holds the database connection and delays COMMIT.",
+              suggestedFix:
+                "Batch the repeated queries before opening the transaction, or use a JOIN/IN clause to reduce round-trips.",
+            },
+          ],
+        });
+      }
+    };
+
+    const onHttp = (event: HttpLike): void => {
+      // R.3: correlated-slow-endpoint
+      if (!event.traceId || !event.durationMs || event.durationMs <= SLOW_HTTP_MS) return;
+      const recordedAt = nPlusOneByTraceId.get(event.traceId);
+      if (!recordedAt) return;
+      if (Date.now() - recordedAt > N_PLUS_ONE_TTL_MS) {
+        nPlusOneByTraceId.delete(event.traceId);
+        return;
+      }
+      this.emitter.emit("anomaly", {
+        type: "correlated-slow-endpoint",
+        url: event.url,
+        method: event.method,
+        durationMs: event.durationMs,
+        traceId: event.traceId,
+        suggestions: [
+          {
+            severity: "critical",
+            rule: "correlated-slow-endpoint",
+            message: `${event.method ?? "HTTP"} ${event.url ?? "(unknown)"} took ${event.durationMs}ms — N+1 query pattern active within the same request trace.`,
+            suggestedFix:
+              "Batch the repeated queries with IN (...) or a JOIN before this endpoint can scale.",
+          },
+        ],
+      });
+    };
+
+    const onSlowQuery = (event: SlowQueryLike): void => {
+      // R.4: track recent slow queries keyed by a truncated query fingerprint
+      if (!event.sanitizedQuery) return;
+      const key = `${event.driver ?? ""}:${event.sanitizedQuery.slice(0, 120)}`;
+      recentSlowQueries.set(key, {
+        timestamp: Date.now(),
+        sanitizedQuery: event.sanitizedQuery,
+        durationMs: event.durationMs ?? 0,
+        driver: event.driver,
+      });
+    };
+
+    const onPoolExhaustion = (event: PoolExhaustionLike): void => {
+      // R.4: pool-starvation-by-slow-query
+      const now = Date.now();
+      const culprits: { sanitizedQuery: string; durationMs: number }[] = [];
+
+      for (const [key, sq] of recentSlowQueries) {
+        if (now - sq.timestamp > POOL_STARVATION_WINDOW_MS) {
+          recentSlowQueries.delete(key);
+          continue;
+        }
+        if (!event.driver || !sq.driver || sq.driver === event.driver) {
+          culprits.push({ sanitizedQuery: sq.sanitizedQuery, durationMs: sq.durationMs });
+        }
+      }
+
+      if (culprits.length === 0) return;
+
+      this.emitter.emit("anomaly", {
+        type: "pool-starvation-by-slow-query",
+        driver: event.driver,
+        waitingCount: event.waitingCount,
+        culprits,
+        suggestions: [
+          {
+            severity: "critical",
+            rule: "pool-starvation-by-slow-query",
+            message: `Connection pool exhausted (${event.waitingCount ?? 0} waiting) — ${culprits.length} slow ${event.driver ?? ""} quer${culprits.length === 1 ? "y is" : "ies are"} holding connections.`,
+            suggestedFix:
+              "Optimize the slow queries or increase pool size. Use EXPLAIN to identify missing indexes.",
+          },
+        ],
+      });
+    };
+
+    this.register("query", onQuery as (...args: unknown[]) => void);
+    this.register("http", onHttp as (...args: unknown[]) => void);
+    this.register("slow-query", onSlowQuery as (...args: unknown[]) => void);
+    this.register("pool-exhaustion", onPoolExhaustion as (...args: unknown[]) => void);
+
+    // R.7 hot-path-select-star
+    if (this.opts.columnUsageDir) {
+      const colDir = this.opts.columnUsageDir;
+      const threshold = this.opts.columnUsageThreshold ?? 5;
+      const selectStarHits = this.opts.selectStarHits ?? new Map<string, number>();
+      const parseLine =
+        this.opts.parseLineFromSourceLine ??
+        ((s: string) => {
+          const m = /:(\d+):\d+$/.exec(s);
+          return m ? parseInt(m[1], 10) : 1;
+        });
+      const analyzed = new Set<string>();
+
+      const onQueryForColUsage = (event: Record<string, unknown>): void => {
+        const sq = typeof event.sanitizedQuery === "string" ? event.sanitizedQuery : "";
+        const sourceLine = typeof event.sourceLine === "string" ? event.sourceLine : undefined;
+        if (!sourceLine || !sq.toUpperCase().includes("SELECT *")) return;
+        if (analyzed.has(sourceLine)) return;
+
+        const hits = (selectStarHits.get(sourceLine) ?? 0) + 1;
+        selectStarHits.set(sourceLine, hits);
+        if (hits < threshold) return;
+
+        analyzed.add(sourceLine);
+        ColumnUsageAnalyzer.analyzeFile(
+          colDir,
+          sourceLine.replace(/:\d+:\d+$/, ""),
+          parseLine(sourceLine),
+        )
+          .then((fields) => {
+            if (!fields) return;
+            const suggestion = ColumnUsageAnalyzer.buildSuggestion(
+              fields,
+              sourceLine.replace(/:\d+:\d+$/, ""),
+              parseLine(sourceLine),
+            );
+            this.emitter.emit("anomaly", {
+              type: "hot-path-select-star",
+              sourceLine,
+              fields: [...fields],
+              suggestions: [suggestion],
+            });
+          })
+          .catch((err: unknown) => {
+            this.emitter.emit("warn", err);
+          });
+      };
+
+      this.register("query", onQueryForColUsage);
+    }
+  }
+
+  unwire(): void {
+    for (const [event, fn] of this.listeners) {
+      this.emitter.off(event, fn);
+    }
+    this.listeners.length = 0;
+  }
+
+  private register(event: string, handler: (...args: unknown[]) => void): void {
+    this.emitter.on(event, handler);
+    this.listeners.push([event, handler]);
+  }
+}