clang-tidy — integrate static analysis into build and CI

Summary

clang-tidy (LLVM 22.1.0, already installed) provides pattern-based static analysis. It requires compile_commands.json (produced by CI-001).

Key check families useful for this codebase: - bugprone-* — common bug patterns (use-after-move, suspicious memset, etc.) - cppcoreguidelines-* — C++ Core Guidelines violations - modernize-* — C++11/14/17 modernisation (nullptr, range-for, smart pointers) - readability-* — readability issues - clang-analyzer-* — deep static analysis (memory, null-deref, resource leak)

Setup Steps

1. Create .clang-tidy at repo root with an initial conservative check list.
2. Run clang-tidy on a few representative files to establish a baseline warning count.
3. Integrate into VS Code via clangd (already configured by CI-001).
4. Add CI script that runs clang-tidy on changed files only (not full tree).

Starter .clang-tidy Config

# .clang-tidy
Checks: >
  bugprone-*,
  -bugprone-easily-swappable-parameters,
  cppcoreguidelines-avoid-goto,
  cppcoreguidelines-init-variables,
  cppcoreguidelines-no-malloc,
  modernize-use-nullptr,
  modernize-use-override,
  modernize-avoid-bind,
  readability-avoid-const-params-in-decls,
  clang-analyzer-core.*,
  clang-analyzer-cplusplus.*
WarningsAsErrors: ''
HeaderFilterRegex: 'srchybrid/.*'

Start conservative — enable more checks after the baseline is clean.

MFC Considerations

clang-tidy does not understand MFC macros (DECLARE_MESSAGE_MAP, etc.) and will produce false positives on them. Use // NOLINT suppression sparingly or exclude MFC-heavy files from the initial sweep.

Acceptance Criteria

• [ ] .clang-tidy config committed
• [ ] clang-tidy runs on all new/changed files in CI without errors
• [ ] At least the modernize-use-nullptr check is clean across the codebase
• [ ] VS Code shows clang-tidy diagnostics in-editor via clangd

Prerequisite

CI-001 (CMake + compile_commands.json)