packages/unhead/src/validate/predicates/non-absolute-canonical.ts (1)

3-5: Optional: case-insensitive scheme check.

HTTP:///HTTPS:// (uppercase scheme) is technically a valid absolute URL but would currently be flagged as non-absolute. Edge case, but trivially addressed:

-function isAbsolute(url: string): boolean {
-  return url.startsWith('http://') || url.startsWith('https://')
-}
+function isAbsolute(url: string): boolean {
+  return /^https?:\/\//i.test(url)
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/non-absolute-canonical.ts` around
lines 3 - 5, The isAbsolute function currently only checks for 'http://' and
'https://' in lowercase, so URLs with uppercase schemes like 'HTTP://' will be
misclassified; update the isAbsolute(url: string) implementation (function name:
isAbsolute) to perform a case-insensitive scheme check—either by lowercasing the
url before startsWith checks or by using a case-insensitive regex (e.g.,
matching /^https?:\/\//i) so both 'HTTP://' and 'http://' are treated as
absolute.

packages/unhead/src/validate/predicates/preload-rules.ts (1)

17-32: Minor: case-sensitive matching on rel and as.

tag.props.rel !== 'preload' and tag.props.as !== 'font' won't fire on rel="Preload" or as="FONT". HTML attribute values for these are conventionally lowercase, so this is unlikely to bite users in practice, but worth noting if other predicates in this directory normalize casing.

Also, the fix.insert value begins with , and relies on the consumer (applyFix) inserting it directly after the existing as property's value position. Worth a brief comment on the predicate type or fix shape so future predicate authors don't double up the separator.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/preload-rules.ts` around lines 17 -
32, The predicate preloadFontCrossorigin does strict case-sensitive checks on
tag.props.rel and tag.props.as and uses a fix.insert that starts with ", " which
couples it to the consumer; update the predicate to normalize the attribute
values (e.g., coerce tag.props.rel and tag.props.as to lower-case strings before
comparison) so rel="Preload" or as="FONT" match, and change the fix.insert to
not include a leading separator (e.g., use "crossorigin: 'anonymous'") so
applyFix can decide how to insert separators; keep references to
preloadFontCrossorigin and the fix.insert field when making these edits.

packages/unhead/src/validate/predicates/empty-meta-content.ts (1)

10-12: Include http-equiv in the identifier fallback for better messages.

For tags like <meta http-equiv="refresh" content="">, the diagnostic currently reads Meta tag "meta" has empty content. — using http-equiv as a key candidate would produce a more useful message.

♻️ Proposed change

   const key = (typeof tag.props.name === 'string' && tag.props.name)
     || (typeof tag.props.property === 'string' && tag.props.property)
+    || (typeof tag.props['http-equiv'] === 'string' && tag.props['http-equiv'])
     || 'meta'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/empty-meta-content.ts` around lines
10 - 12, The identifier fallback for empty-meta content uses only tag.props.name
and tag.props.property, causing poor messages for meta tags using http-equiv;
update the const key expression in empty-meta-content.ts (the const named key)
to also check for a string-valued tag.props['http-equiv'] (e.g., || (typeof
tag.props['http-equiv'] === 'string' && tag.props['http-equiv']) ) before
falling back to 'meta' so diagnostics show the http-equiv value when present.

packages/eslint-plugin/test/rules.test.ts (1)

22-154: Regex-based message assertions look reasonable.

The patterns are specific enough to avoid cross-rule collisions. Note that this couples tests to the predicate's exact wording — if the message strings in packages/unhead/src/validate/predicates/* are reworded later, these tests will need updating in lockstep. Consider exporting the predicate ruleId constants and asserting on those (or on a stable substring) for resilience.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/eslint-plugin/test/rules.test.ts` around lines 22 - 154, Tests
currently assert error messages with regexes which are brittle; instead import
the stable rule identifier constants from the corresponding predicate modules
(e.g. the predicate modules under packages/unhead/src/validate/predicates that
define twitterHandleMissingAt, robotsConflict, deferOnModuleScript, etc.) and
replace the regex-based errors assertions with errors: [{ ruleId: THE_RULE_ID }]
(or assert on a stable substring constant exported by the predicate) so tests
assert on the exported ruleId symbol rather than the full message text.

packages/unhead/src/validate/predicates/robots-conflict.ts (1)

11-25: Consider handling none / all shorthand directives.

Per the robots meta spec, none is shorthand for noindex, nofollow and all for index, follow. Combinations like none, index or all, noindex are real-world conflicts that this predicate currently misses. Low priority for this PR, but worth tracking.

♻️ Sketch

   const directives = content.toLowerCase().split(',').map(d => d.trim())
+  const hasIndex = directives.includes('index') || directives.includes('all')
+  const hasNoindex = directives.includes('noindex') || directives.includes('none')
+  const hasFollow = directives.includes('follow') || directives.includes('all')
+  const hasNofollow = directives.includes('nofollow') || directives.includes('none')
   const out: Diagnostic[] = []
-  if (directives.includes('index') && directives.includes('noindex')) {
+  if (hasIndex && hasNoindex) {
     out.push({ ... })
   }
-  if (directives.includes('follow') && directives.includes('nofollow')) {
+  if (hasFollow && hasNofollow) {
     out.push({ ... })
   }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/robots-conflict.ts` around lines 11 -
25, The predicate currently checks the raw directives array (variable
directives) for conflicting pairs but ignores shorthand tokens; update the logic
to expand 'none' → ['noindex','nofollow'] and 'all' → ['index','follow'] into
the directives set before conflict checks. Concretely, compute a normalized Set
from directives (expanding any 'none'/'all' entries), then test for the
conflicting pairs ('index' vs 'noindex', 'follow' vs 'nofollow') and push the
same Diagnostics (ruleId 'robots-conflict') into out when found. Ensure you keep
the existing lowercase/trim normalization and return out as before.

packages/unhead/src/validate/predicates/prefer-define-helpers.ts (1)

23-34: Optional: consider an autofix that also inserts the missing import.

Right now the suggestion path hands back the same wrap-tag fix as the hard-fix path and asks the user to import the helper themselves. Since the CLI/ESLint adapters know the source file, an enhancement would be a fix variant that also injects an import { defineX } from 'unhead' (or upgrades an existing import) so accepting the suggestion produces compilable code. Not required for this PR.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/prefer-define-helpers.ts` around
lines 23 - 34, The suggestion should offer an autofix that also inserts or
updates the import when the helper is not already imported: when building the
Diagnostic in prefer-define-helpers, detect ctx.importedHelpers and, for the
suggestions branch (where imported is false), provide a second-kind of fix (or
extend the existing fix object) that not only sets type: 'wrap-tag' and
wrapWith: helper but also includes metadata to add or update an import for the
helper (e.g. import { <helper> } from 'unhead') so the adapter can apply both
AST edits; modify the construction of diag.suggestions (and the exported fix
shape) to carry this import-insertion variant while leaving the imported=true
path unchanged.

packages/eslint-plugin/src/rules/title-rules.ts (1)

5-16: The noHtmlInTitle predicate is currently safe but consider adding meta flags as a defensive measure.

The predicate currently returns diagnostics with no fix or suggestions fields, so reportDiagnostic will not attempt to pass either to ctx.report(). However, if the predicate is updated in the future to emit fixes or suggestions, the rule's meta will be missing the required fixable and hasSuggestions declarations, causing ESLint to throw at runtime. Either add the flags now as a safeguard or document the constraint that this predicate must not emit fixes/suggestions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/eslint-plugin/src/rules/title-rules.ts` around lines 5 - 16, The
rule metadata for noHtmlInTitle is missing declarations for possible
fixes/suggestions, which will cause ESLint to throw if predicate later returns a
fix or suggestions; update the meta object on noHtmlInTitle to include fixable:
'code' if predicate/createHeadInputPredicateRule(predicate) might emit fixes and
hasSuggestions: true if it might emit suggestions (or explicitly document that
predicate will never emit fixes/suggestions), so add the appropriate
fixable/hasSuggestions flags in the meta for noHtmlInTitle to match any future
output from predicate.

packages/cli/src/commands/migrate.ts (1)

45-62: Dry-run skips the errorCount > 0 → exitCode = 1 signal.

In --dry-run the function returns at line 48 before summarise(results) is consulted, so a CI invocation like unhead migrate --dry-run will exit 0 even when audit errors are present. If that's intentional (dry-run treated as purely informational), fine — otherwise consider hoisting the errorCount check above the dry-run branch so both paths agree.

♻️ Suggested adjustment

+    const { errorCount } = summarise(results)
+
     if (dryRun) {
       const fixable = results.reduce((n, r) => n + (r.output ? 1 : 0), 0)
       console.log(`unhead migrate: ${fixable} file${fixable === 1 ? '' : 's'} would be modified (dry run)`)
+      if (errorCount > 0)
+        process.exitCode = 1
       return
     }

     let written = 0
     for (const r of results) {
       if (!r.output)
         continue
       await writeFile(r.filePath, r.output)
       written++
     }
     console.log(`unhead migrate: applied fixes to ${written} file${written === 1 ? '' : 's'}`)

-    const { errorCount } = summarise(results)
     if (errorCount > 0)
       process.exitCode = 1

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/commands/migrate.ts` around lines 45 - 62, The dry-run path
in migrate (guarded by the dryRun variable) returns before checking
summarise(results) so process.exitCode is never set when there are errors; move
or duplicate the errorCount check so both branches consult summarise(results)
and set process.exitCode = 1 when errorCount > 0. Specifically, after computing
const { errorCount } = summarise(results) (or before the dryRun return), ensure
the dry-run branch still prints the fixable message but then sets
process.exitCode based on errorCount (or hoist the summarise call above the
dryRun check) so migrate's behavior is consistent for both dryRun and real runs.

packages/eslint-plugin/src/utils/applyDiagnostic.ts (1)

86-103: Optional: drop suggestions whose fixer can't be built instead of registering a no-op.

When a suggestion's PredicateFix references a missing property, buildFixer returns undefined and the current code falls back to () => null. ESLint will still display the suggestion to the user, but selecting it is a no-op. Filtering these out gives cleaner UX and matches the defensive intent of the comment in buildFixer.

♻️ Suggested change

   ctx.report({
     node,
     message: diag.message,
     fix: fixer,
-    suggest: diag.suggestions?.map(s => ({
-      desc: s.message,
-      fix: buildFixer(obj, s.fix, ctx.sourceCode) ?? (() => null),
-    })),
+    suggest: diag.suggestions
+      ?.map((s) => {
+        const f = buildFixer(obj, s.fix, ctx.sourceCode)
+        return f ? { desc: s.message, fix: f } : undefined
+      })
+      .filter((x): x is { desc: string, fix: (fixer: Rule.RuleFixer) => Rule.Fix | null } => Boolean(x)),
   })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/eslint-plugin/src/utils/applyDiagnostic.ts` around lines 86 - 103,
The reportDiagnostic function currently maps diag.suggestions to objects even
when buildFixer returns undefined (falling back to a no-op), so update
reportDiagnostic to call buildFixer(obj, s.fix, ctx.sourceCode) for each
suggestion and only include suggestions where that fixer is defined: compute a
suggestions array by mapping each s to { desc: s.message, fix: fixer } and
filter out entries with undefined fixer before passing suggest to ctx.report;
reference reportDiagnostic, diag.suggestions and buildFixer to locate the
change.

packages/cli/src/oxc/applyFix.ts (1)

28-84: Add an exhaustive default to the switch.

The function is declared to return boolean, but the switch (fix.type) has no default arm — if PredicateFix gains a new variant in unhead/validate, the CLI silently returns undefined (and applyFix's caller assumes boolean). An exhaustive default with assertNever/throw will make the type system fail compilation when new variants are added.

♻️ Suggested change

     case 'wrap-tag': {
       magic.appendLeft(obj.start + off, `${fix.wrapWith}(`)
       magic.appendRight(obj.end + off, `)`)
       return true
     }
+    default: {
+      const _exhaustive: never = fix
+      throw new Error(`Unknown PredicateFix type: ${(_exhaustive as PredicateFix).type}`)
+    }
   }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/applyFix.ts` around lines 28 - 84, The switch over
fix.type in applyFix currently lacks a default, so add an exhaustive default arm
that calls an assertion helper (e.g., assertNever) or throws a descriptive Error
to ensure the function always returns a boolean and to surface new PredicateFix
variants at compile time; update or add an assertNever(value: never) helper if
needed and reference the switch on fix.type inside applyFix to implement the
default branch that throws/asserts with the unexpected fix value.

packages/cli/test/audit.test.ts (2)

90-144: Five identical runAudit calls per migrate test — consider sharing the result.

Each migrate it() re-parses, re-walks, and re-rewrites input.ts despite asserting on the same output. Hoisting runAudit into beforeEach (or a single it with multiple expects) cuts test runtime ~5×.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/test/audit.test.ts` around lines 90 - 144, Hoist the repeated
runAudit invocation into a shared setup so the file is parsed only once: call
runAudit({ patterns: ['input.ts'], mode: 'migrate', cwd: tmp }) in a beforeEach
(or one encompassing it block) and store its return in a shared variable (e.g.
results/out) that each test uses; update each it() (the tests asserting
rewrites, defer removal, crossorigin, twitter prefixing, and hid→key) to read
from that shared results[0].output instead of calling runAudit again, leaving
existing expect assertions unchanged.

---

86-88: Empty afterEach leaks a temp directory per migrate test.

Each beforeEach creates a fresh mkdtemp and the no-op afterEach never removes it, so every runAudit (migrate) run leaves five orphaned unhead-cli-* directories in os.tmpdir(). The comment dismisses cleanup, but the leak occurs on success too — not just failure. A best-effort rm is one line and avoids unbounded growth on dev machines / CI runners.

🧹 Suggested cleanup

-import { mkdtemp, readFile, writeFile } from 'node:fs/promises'
+import { mkdtemp, readFile, rm, writeFile } from 'node:fs/promises'
@@
-  afterEach(async () => {
-    // Best-effort cleanup; tmp dir leaking on failure isn't worth a try/catch.
-  })
+  afterEach(async () => {
+    await rm(tmp, { recursive: true, force: true })
+  })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/test/audit.test.ts` around lines 86 - 88, The empty afterEach in
the migrate tests is leaking mkdtemp-created temp dirs; update afterEach to
perform a best-effort removal of the temp directory created in beforeEach (the
same variable used by the runAudit (migrate) tests), e.g. await
fs.promises.rm(tempDir, { recursive: true, force: true }) or fs.rmSync with
guards if needed, and swallow any errors so cleanup never fails the test;
reference and use the same temp directory variable created in beforeEach and
keep afterEach async to await the removal.

packages/cli/src/oxc/materialize.ts (1)

6-7: Loose Node = any typing — consider importing oxc-parser's AST types behind a type-only import.

type-only imports (import type { ... } from 'oxc-parser') don't add runtime weight and would catch e.g. accessing p.value on a SpreadElement (which has no value) or relying on start/end if oxc renames offset fields. Today the bug surface is small because getKeyName rejects non-Property nodes early, but the loose typing is a foot-gun if the AST shape ever drifts.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/materialize.ts` around lines 6 - 7, Replace the loose
"type Node = any" with precise type-only imports from oxc-parser: add an import
type line (e.g., import type { Node, Property, SpreadElement, Identifier,
Literal } from 'oxc-parser') and use those types in the code (or use Node as the
AST root type and narrow to Property in getKeyName) so TypeScript will catch
invalid accesses (e.g., accessing .value on SpreadElement) and rely on declared
offset names; update any function signatures that use the old Node alias (such
as getKeyName and any other helpers in this file) to use the imported oxc-parser
types or narrowed unions instead.

packages/unhead/src/plugins/validate.ts (1)

207-211: Object.values(tagPredicates) runs every per-tag predicate on every resolved tag, every resolve cycle.

This is hot path code — tags:afterResolve fires on every head update. Calling 10+ predicates per tag (each scanning its own conditions) is fine for typical tag counts but worth keeping an eye on for apps with large head trees. Most predicates short-circuit on tagType mismatch on their first line, so the overhead should be modest, but consider grouping predicates by tagType (e.g., predicatesByTagType.get(tag.tagType)) if profiling later flags this.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/plugins/validate.ts` around lines 207 - 211, The hot path
currently iterates Object.values(tagPredicates) for every resolved tag in the
tags:afterResolve loop (see tagInputFromRuntime, tagPredicates,
emitFromPredicates), which runs all predicates for every tag; change this to
group predicates by tagType (e.g., build a predicatesByTagType Map at predicate
registration time keyed by predicate.tagType or the tag types they handle) and
in the loop only fetch predicatesByTagType.get(tag.tagType) (falling back to any
global predicates) and run emitFromPredicates for that filtered list; update the
predicate registration/initialization code where tagPredicates is populated so
the grouped map is kept in sync.

packages/unhead/src/validate/predicates/no-deprecated-props.ts (1)

27-36: Hardcoded rename target & ruleId couple this predicate to today's DEPRECATED_PROPS shape.

newKey resolves to 'key' for anything that isn't children, and ruleId is fixed to 'deprecated-prop-hid-vmid' for the same bucket. Adding a new entry to DEPRECATED_PROPS (e.g., a future tagDuplicateStrategy deprecation) will silently rename to key and surface under the misleading deprecated-prop-hid-vmid rule.

Consider sourcing both values from DEPRECATED_PROPS[key] (e.g., a newKey and ruleId field on the table) so the predicate stays data-driven.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/no-deprecated-props.ts` around lines
27 - 36, The predicate currently hardcodes newKey and ruleId (newKey = key ===
'children' ? 'innerHTML' : 'key' and ruleId = key === 'children' ?
'deprecated-prop-children' : 'deprecated-prop-hid-vmid'), coupling behavior to
the current DEPRECATED_PROPS shape; change the logic to read the rename target
and rule id from DEPRECATED_PROPS[key] (e.g., expect each entry to provide
newKey and ruleId), use those values when computing fix (keep the
tag.keys.has(newKey) check) and when setting out.push.ruleId and message so
future deprecations (like tagDuplicateStrategy) are data-driven rather than
hardcoded.

packages/eslint-plugin/src/utils/materialize.ts (1)

13-88: Optional: factor out the shared key-extraction loop.

The two loops in materializeTag (Lines 22–48) and materializeHeadInput (Lines 67–85) duplicate the same Property / computed / Identifier|Literal key-extraction logic and keys/propLocs bookkeeping. A small forEachStaticKey(node, cb) helper would keep both materializers in lockstep when this is extended (e.g., to support string-keyed literals beyond the current set).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/eslint-plugin/src/utils/materialize.ts` around lines 13 - 88, The
two functions materializeTag and materializeHeadInput duplicate the same
Property/computed/Identifier|Literal key extraction and keys/propLocs
bookkeeping; factor that out into a helper like forEachStaticKey(node, cb) that
iterates node.properties, skips non-Property or computed entries, derives the
string key from Identifier or string Literal, adds the key to a provided Set and
records propLocs, and invokes cb(name, property) for further per-key processing;
then replace the for-loops in materializeTag and materializeHeadInput to call
forEachStaticKey and perform only the value-specific logic (type checks,
getStringValue, props assignment) inside the callback so behavior and
bookkeeping remain identical.

packages/unhead/src/validate/predicates/types.ts (1)

50-62: Nit: PredicateFix.remove-prop doc describes adapter behavior, not the contract.

The comment "Remove a property and its surrounding comma" (Line 59) is really an instruction to whoever implements the fix. Worth rewording to make it clear that comma handling is the adapter's responsibility (both applyFix in packages/cli/src/oxc/applyFix.ts and the ESLint adapter need to honor this consistently), so the contract isn't ambiguous when a third adapter is added.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/types.ts` around lines 50 - 62, The
JSDoc for the PredicateFix variant `{ type: 'remove-prop', key: string }`
currently prescribes adapter behavior ("Remove a property and its surrounding
comma"); change it to a contract-style description that clearly separates
responsibilities — e.g. state that `remove-prop` removes the property token(s)
but NOT comma/whitespace handling, and that comma removal/normalization is the
responsibility of adapters (ensure `applyFix` and the ESLint adapter honor this
contract); update the comment on the `PredicateFix` union so callers and all
adapters (including `applyFix` and the ESLint adapter) have an unambiguous
specification.

packages/cli/src/oxc/audit.ts (2)

188-218: runAudit reads and audits files serially.

for (const filePath of files) { await readFile(...); await auditFile(...) } is single-flighted. On Nuxt-sized projects this dominates wall time even though each file is independent. Consider Promise.all with a small concurrency limit (e.g., p-limit or a hand-rolled pool of os.cpus().length).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/audit.ts` around lines 188 - 218, runAudit currently
processes files serially inside the for..of loop (reading each file with
readFile and calling auditFile), causing slow wall time for large projects;
change it to run file processing in parallel with a bounded concurrency (e.g.,
use p-limit or a small worker pool sized to os.cpus().length) by mapping files
to async tasks that call readFile and auditFile and submitting them through the
limiter, then await Promise.all on the limited tasks and collect non-empty
results into the results array; keep existing behavior for predicateNames and
shouldFix, preserve filePath association in each result, and ensure error
handling/ordering remains equivalent.

---

67-77: Repeated lineCol scans become O(file·diagnostics) on large files.

Each diagnostic re-scans source from index 0. With many diagnostics in a large generated file (Nuxt apps can produce dozens per file), this is wasteful. Consider precomputing a sorted array of newline offsets per file and using binary search, or computing line/column only after all diagnostics for the file are collected and sorted by offset so the scan is monotone.

♻️ Sketch (per-file newline index, binary search)

function buildLineIndex(source: string): number[] {
  const nls: number[] = []
  for (let i = 0; i < source.length; i++)
    if (source.charCodeAt(i) === 10) nls.push(i)
  return nls
}

function lineColFromIndex(nls: number[], offset: number) {
  // binary search greatest nl < offset
  let lo = 0, hi = nls.length
  while (lo < hi) {
    const mid = (lo + hi) >>> 1
    if (nls[mid] < offset) lo = mid + 1
    else hi = mid
  }
  const lastNL = lo === 0 ? -1 : nls[lo - 1]
  return { line: lo + 1, column: offset - lastNL }
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/audit.ts` around lines 67 - 77, The current lineCol
function scans from start for every diagnostic causing O(file·diagnostics);
replace it by precomputing a per-file newline index and using binary search or a
monotone scan when diagnostics are sorted. Add a buildLineIndex(source: string):
number[] helper that collects newline offsets, then replace lineCol(offset) with
a lineColFromIndex(nls, offset) that binary-searches nls to find the last
newline and returns {line, column}; alternatively, collect all diagnostics for a
file, sort by offset and compute line/column with a single linear pass over the
source using the same newline index to keep complexity near O(file +
diagnostics). Ensure you update callers that reference lineCol to use the new
API (lineColFromIndex or the post-sorted monotone routine).

packages/cli/src/oxc/walker.ts (1)

31-36: Optional: deduplicate unwrapTS / TS_WRAPPERS.

The same set + helper exists in packages/eslint-plugin/src/utils/visitor.ts (and the materializer relies on it). One copy in unhead/validate (or a tiny shared internal package) would keep the two adapters from drifting on which TS wrapper kinds are recognized.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/walker.ts` around lines 31 - 36, Duplicate logic: the
TS_WRAPPERS set and unwrapTS function are defined here and also in another
module; extract them into a single shared helper and import it where needed.
Create a small internal util that exports TS_WRAPPERS and unwrapTS (preserve the
function name and behavior), replace the local definitions in this file (and in
the other module) with imports from that util, and update any callers (e.g.,
materializer/visitor code) to use the shared symbols so both adapters recognize
the same TS wrapper kinds.

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

packages/unhead/src/validate/predicates/script-rules.ts (1)

19-36: Empty-string innerHTML/textContent is now correctly ignored.

The earlier false-positive concern (flagging innerHTML: '' / textContent: '') is addressed by gating on !== '' alongside keys.has(...).

One minor edge worth being aware of: when a key is present but its value is not statically resolvable, it lands in tag.keys but not in tag.props, so tag.props.innerHTML is undefined and undefined !== '' is true — the diagnostic still fires. That's probably the intended behavior (the user did write innerHTML), but if you'd rather only flag known non-empty content, tighten the check to a string-typed value:

♻️ Optional tightening

-  const hasInner = (tag.keys.has('innerHTML') && tag.props.innerHTML !== '')
-    || (tag.keys.has('textContent') && tag.props.textContent !== '')
+  const inner = tag.props.innerHTML
+  const text = tag.props.textContent
+  const hasInner
+    = (tag.keys.has('innerHTML') && (typeof inner !== 'string' || inner !== ''))
+    || (tag.keys.has('textContent') && (typeof text !== 'string' || text !== ''))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/validate/predicates/script-rules.ts` around lines 19 -
36, The predicate scriptSrcWithContent currently treats presence of
innerHTML/textContent keys with non-string or undefined values as "has content"
because it only checks !== ''; tighten the condition so it only counts known
non-empty string content: replace the hasInner checks to require typeof
tag.props.innerHTML === 'string' && tag.props.innerHTML !== '' (and likewise for
textContent) while still gating on tag.keys.has('innerHTML') /
tag.keys.has('textContent'); this ensures only statically-resolved non-empty
string values trigger the diagnostic in scriptSrcWithContent.

packages/cli/src/oxc/sfc.ts (1)

36-44: Optional: lang="typescript" / lang="javascript" fall through to 'js'.

Only the short forms (ts/tsx/jsx) are recognized; the long forms (which Vue/Svelte tooling do accept) silently downgrade to plain JS, which means oxc will parse TS files without TS support and emit confusing diagnostics. If you want to be defensive, normalize the long forms too.

♻️ Proposed change

-    const declared = langMatch?.[1]?.toLowerCase()
-    const lang: ScriptBlock['lang'] = declared === 'ts'
-      ? 'ts'
-      : declared === 'tsx'
-        ? 'tsx'
-        : declared === 'jsx'
-          ? 'jsx'
-          : 'js'
+    const declared = langMatch?.[1]?.toLowerCase()
+    const lang: ScriptBlock['lang']
+      = declared === 'ts' || declared === 'typescript'
+        ? 'ts'
+        : declared === 'tsx'
+          ? 'tsx'
+          : declared === 'jsx'
+            ? 'jsx'
+            : 'js'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/cli/src/oxc/sfc.ts` around lines 36 - 44, The lang detection
currently only maps short forms and silently treats long forms as 'js'; update
the normalization around LANG_ATTR_RE / langMatch / declared (the variable
assigned with declared = langMatch?.[1]?.toLowerCase()) so it also recognizes
the long names "typescript" -> 'ts' and "javascript" -> 'js' (and
"typescriptreact"/"javascriptreact" or similar if needed), then assign
ScriptBlock['lang'] accordingly instead of defaulting to 'js' for those cases;
keep the toLowerCase normalization and ensure declared aliases map to the same
canonical short tokens used elsewhere.

packages/unhead/src/plugins/validate.ts (1)

247-252: Title's no-html-in-title path bypasses PREDICATE_SEVERITY.

The whole point of the new PREDICATE_SEVERITY table (and the docstring above it) is that severities for predicate-emitted ruleIds live in one place. This branch hardcodes 'warn' instead, so a future change to PREDICATE_SEVERITY['html-in-title'] would silently fail to apply on the runtime title path while still applying everywhere else. Reuse emitFromPredicates (or look up via the table) so the source of truth stays single.

♻️ Proposed refactor

             if (tag.tag === 'title') {
               const titleInput = titleInputFromRuntime(tag)
-              if (titleInput) {
-                for (const diag of headInputPredicates['no-html-in-title'](titleInput))
-                  report(diag.ruleId as ValidationRuleId, diag.message, 'warn', tag)
-              }
+              if (titleInput)
+                emitFromPredicates(headInputPredicates['no-html-in-title'](titleInput), tag)
               const text = tag.textContent || ''

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/unhead/src/plugins/validate.ts` around lines 247 - 252, The title
branch currently calls report(...) with a hardcoded 'warn' severity; change it
to use the centralized predicate-severity logic so it doesn't bypass
PREDICATE_SEVERITY — obtain the emitted entries via emitFromPredicates (or look
up PREDICATE_SEVERITY using the rule id) when handling the runtime title path in
the title handling block (where tag.tag === 'title' and
titleInputFromRuntime(tag) is used), and for each diagnostic from
headInputPredicates['no-html-in-title'] call report(...) with the severity
returned by emitFromPredicates (or the table lookup) rather than the literal
'warn', keeping the same ruleId/message/tag parameters.

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

packages/eslint-plugin/src/utils/createPredicateRule.ts (1)

9-24: HELPER_SOURCES is largely subsumed by the @unhead/ prefix check.

isHelperSource returns true for any @unhead/* source via the prefix branch, so the only entry in HELPER_SOURCES that adds value is 'unhead'. The other five entries are redundant. Consider simplifying:

♻️ Optional simplification

-const HELPER_SOURCES = new Set([
-  'unhead',
-  '@unhead/vue',
-  '@unhead/react',
-  '@unhead/svelte',
-  '@unhead/solid-js',
-  '@unhead/angular',
-])
-
 function isHelperSource(source: string): boolean {
-  if (HELPER_SOURCES.has(source))
-    return true
-  // Be permissive within the `@unhead` namespace so framework subpaths (e.g.
-  // `@unhead/vue/server`) still count.
-  return source.startsWith('@unhead/')
+  return source === 'unhead' || source.startsWith('@unhead/')
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/eslint-plugin/src/utils/createPredicateRule.ts` around lines 9 - 24,
The HELPER_SOURCES set contains entries that are already matched by the
startsWith('@unhead/') check in isHelperSource, so simplify by reducing
HELPER_SOURCES to only the non-@unhead entry (keep 'unhead') and let the prefix
check cover all `@unhead/`* variants; update the HELPER_SOURCES declaration used
by isHelperSource accordingly (referencing HELPER_SOURCES and isHelperSource) so
the function logic remains correct and less redundant.

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes