feat(oxlint-plugin): add prefer-schema-validation draft rule

[devin-ai-integration]

Summary

Adds a new prefer-schema-validation rule (in the correctness bucket) that detects functions with 3+ manual type-checking operations (typeof, in, hasOwnProperty/hasOwn) that collectively validate an object shape, and suggests using a schema validation library instead (zod, valibot, superstruct, etc.).

What it flags:

• Functions with 3+ typeof x === "string" / "number" / "boolean" / "object" checks
• Chains of "key" in obj property-existence checks
• hasOwnProperty() / Object.hasOwn() chains
• Mixed combinations of the above

What it skips (false-positive guards):

• typeof x === "undefined" — null safety / existence checks
• typeof x === "function" — callback presence guards
• Files that already import one of 18 recognized schema libraries (zod, yup, joi, valibot, superstruct, io-ts, runtypes, arktype, effect/Schema, typebox, ow, etc.)
• Nested functions counted independently (inner arrow/function bodies don't inflate the parent count)
• Test files via test-noise tag
• Module-scope typeof checks (environment detection)

Files changed:

• packages/oxlint-plugin-react-doctor/src/plugin/rules/correctness/prefer-schema-validation.ts — rule implementation
• packages/oxlint-plugin-react-doctor/src/plugin/rules/correctness/prefer-schema-validation.test.ts — 32 test cases
• packages/oxlint-plugin-react-doctor/src/plugin/constants/thresholds.ts — MANUAL_TYPE_CHECK_THRESHOLD = 3
• packages/oxlint-plugin-react-doctor/src/plugin/rule-registry.ts — auto-generated (286 rules)

Review & Testing Checklist for Human

• Verify the threshold of 3 feels right — should it be 2 or 4 instead? The current value flags 3+ manual checks per function body.
• Review the schema library list — are there any missing libraries your users commonly use?
• Consider whether the rule should also detect Array.isArray() chains or instanceof chains as additional manual validation signals.
• Run npx react-doctor against a few real-world projects to see if the rule produces useful results without excessive noise.

Notes

• The rule is tagged test-noise so it auto-skips test/spec/story files.
• It's placed in the correctness bucket (default category: "Correctness").
• The typeof "undefined" and typeof "function" exclusions are intentional — these are legitimate guard patterns that don't indicate shape validation plumbing.
• One pre-existing test failure exists on main (install-agent-hooks.test.ts) — unrelated to this change.

Link to Devin session: https://app.devin.ai/sessions/f55e61c6625044009ba0fdd26656544b

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring