demo(dist2): VG004-VG006 across SQL/Go/Python

[eitamring]

Purpose

This PR demonstrates selectivity/locking rules across SQL, Go database/sql, Goqu, Python ORM, and Python non-ORM paths.

Expected Findings In This PR

• VG004 (unbounded-select): expected because demo includes boundedness violations (selects without limit).
• VG005 (like-leading-wildcard): expected because demo includes LIKE '%...' patterns.
• VG006 (select-for-update-no-where): expected because demo includes FOR UPDATE without WHERE.

These findings are intentionally introduced to document behavior and reviewer UX.

Why We Previously Failed In CI

The failure was workflow-level (Convert to reviewdog format) due to JSON-shape assumptions in jq, not rule misfires.

This branch includes the jq shape-normalization fix and pins VALK_GUARD_INSTALL_REF to the known-good build used in successful conversion.

How ORM AST Crawl Works In This PR

Valk Guard parses Python AST query forms and emits SQL/synthetic SQL that then flows through the same parser + rule pipeline as SQL files and Go queries.

That unified pipeline is why VG004-VG006 show consistently across ORM and non-ORM examples.

What We Gain

• Cross-engine confidence for pagination/selectivity/locking checks.
• Reproducible fixtures for tuning false positives in query-heavy services.
• Better PR review signal because examples map directly to common production anti-patterns.

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT id, email FROM users WHERE active = true

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG005: LIKE/ILIKE with leading wildcard may prevent index usage; use a suffix pattern or full-text search | Query: SELECT id FROM users WHERE email LIKE '%@example.com' LIMIT 1

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT id FROM users FOR UPDATE

[github-actions]

🚫 [valk-guard] _{reported by reviewdog 🐶}
VG006: SELECT FOR UPDATE without WHERE may lock too many rows; add a WHERE clause | Query: SELECT id FROM users FOR UPDATE

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT id, email FROM users WHERE active = true

[github-actions]

🚫 [valk-guard] _{reported by reviewdog 🐶}
VG006: SELECT FOR UPDATE without WHERE may lock too many rows; add a WHERE clause | Query: SELECT id FROM users FOR UPDATE

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT id, email FROM users WHERE active = true

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG005: LIKE/ILIKE with leading wildcard may prevent index usage; use a suffix pattern or full-text search | Query: SELECT id FROM users WHERE email LIKE '%@example.com' LIMIT 1

[github-actions]

⚠️ [valk-guard] _{reported by reviewdog 🐶}
VG004: SELECT without LIMIT may return unbounded rows; add LIMIT or FETCH FIRST | Query: SELECT id FROM users FOR UPDATE

[github-actions]

🚫 [valk-guard] _{reported by reviewdog 🐶}
VG006: SELECT FOR UPDATE without WHERE may lock too many rows; add a WHERE clause | Query: SELECT id FROM users FOR UPDATE