stack-review

# Stack Compliance Review

Audit code for @outfitter/* pattern compliance.

## 6-Step Audit Process

### Step 1: Scan for Anti-Patterns

Run searches to identify issues:

```bash
# Thrown exceptions (Critical)
rg "throw new" --type ts

# try/catch control flow (Critical)
rg "try \{" --type ts

# Console usage (High)
rg "console\.(log|error|warn)" --type ts

# Hardcoded paths (High)
rg "(homedir|~\/\.)" --type ts

# Custom error classes (Medium)
rg "class \w+Error extends Error" --type ts
```

### Step 2: Review Handler Signatures

Check each handler for:

- Returns `Result<T, E>` not `Promise<T>`
- Has context parameter as second argument
- Error types explicitly listed in union
- Uses `Handler<TInput, TOutput, TError>` type

```bash
# Find handlers
rg "Handler<" --type ts -A 2

# Find missing context
rg "Handler<.*> = async \(input\)" --type ts
```

### Step 3: Check Error Usage

Verify errors:

- Use `@outfitter/contracts` classes
- Have correct category for use case
- Include appropriate details
- Are returned via `Result.err()`, not thrown

### Step 4: Validate Logging

Check logging:

- Uses `ctx.logger`, not console
- Metadata is object, not string concatenation
- Sensitive fields would be redacted
- Child loggers used for request context

### Step 5: Check Path Safety

Verify paths:

- User paths validated with `securePath()`
- XDG helpers used (`getConfigDir`, etc.)
- Atomic writes for file modifications
- No hardcoded home paths

### Step 6: Review Context

Check context:

- `createContext()` at entry points
- Context passed through handler chain
- `requestId` used for tracing

## Quick Audit

```bash
# Critical issues (count)
rg "throw new|catch \(" --type ts -c

# Console usage (count)
rg "console\.(log|error|warn)" --type ts -c

# Handler patterns
rg "Handler<" --type ts -A 2
```

## Checklist

### Result Types

- [ ] Handlers return `Result<T, E>`, not thrown exceptions
- [ ] Errors use taxonomy classes (`ValidationError`, `NotFoundError`, etc.)
- [ ] R