npm - @cleartrip/frontguard - Versions diffs - 0.2.0 → 0.2.2 - Mend

@cleartrip/frontguard 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js CHANGED Viewed

@@ -4,7 +4,7 @@ import g, { stdin, stdout, cwd } from 'process';
 import f from 'readline';
 import * as tty from 'tty';
 import { WriteStream } from 'tty';
-import path4, { sep, normalize, delimiter, resolve, dirname } from 'path';
+import path5, { sep, normalize, delimiter, resolve, dirname } from 'path';
 import fs from 'fs/promises';
 import { fileURLToPath, pathToFileURL } from 'url';
 import { execFileSync, spawn } from 'child_process';
@@ -2399,7 +2399,7 @@ async function runMain(cmd, opts = {}) {
   }
 }
 function packageRoot() {
-  return path4.resolve(path4.dirname(fileURLToPath(import.meta.url)), "..");
+  return path5.resolve(path5.dirname(fileURLToPath(import.meta.url)), "..");
 }
 var CONFIG = `import { defineConfig } from '@cleartrip/frontguard'
@@ -2417,7 +2417,16 @@ export default defineConfig({
   // },
   // checks: {
-  //   bundle: { baselineRef: 'main', maxDeltaBytes: 50_000 }, // ref for git baseline file
+  //   bundle: { baselineRef: 'main', maxDeltaBytes: 50_000 },
+  //   coreWebVitals: { scanGlobs: ['src/**/*.{tsx,jsx}'] },
+  //   prSize: {
+  //     tiers: [
+  //       { minLines: 1000, severity: 'warn', message: 'Very large PR (\${lines} lines; \u2265 \${min})' },
+  //       { minLines: 500, severity: 'info', message: 'Consider splitting (\${lines} lines)' },
+  //     ],
+  //   },
+  //   // AI strict: only // @frontguard-ai:start \u2026 :end (or // written by AI: start \u2026 :end) in PR files
+  //   // aiAssistedReview: { strictScanMode: 'decorator' },
   //   cycles: { enabled: true },
   //   deadCode: { enabled: true, gate: 'info' },
   //   // LLM: cloud keys in CI, or local Ollama (no API key) on dev/self-hosted runners:
@@ -2457,8 +2466,8 @@ If **Yes**, list tools and what they touched (helps reviewers run a stricter fir
 `;
 async function initFrontGuard(cwd) {
   const root = packageRoot();
-  const tplPath = path4.join(root, "templates", "bitbucket-pipelines.yml");
-  const outPipeline = path4.join(cwd, "bitbucket-pipelines.frontguard.example.yml");
+  const tplPath = path5.join(root, "templates", "bitbucket-pipelines.yml");
+  const outPipeline = path5.join(cwd, "bitbucket-pipelines.frontguard.example.yml");
   try {
     await fs.access(outPipeline);
   } catch {
@@ -2473,13 +2482,13 @@ async function initFrontGuard(cwd) {
       );
     }
   }
-  const cfgPath = path4.join(cwd, "frontguard.config.js");
+  const cfgPath = path5.join(cwd, "frontguard.config.js");
   try {
     await fs.access(cfgPath);
   } catch {
     await fs.writeFile(cfgPath, CONFIG, "utf8");
   }
-  const tplPr = path4.join(cwd, "pull_request_template.md");
+  const tplPr = path5.join(cwd, "pull_request_template.md");
   try {
     await fs.access(tplPr);
   } catch {
@@ -2654,13 +2663,13 @@ function parseNumstat(output) {
     if (tab2 < 0) continue;
     const aStr = t3.slice(0, tab);
     const dStr = t3.slice(tab + 1, tab2);
-    const path17 = t3.slice(tab2 + 1);
+    const path18 = t3.slice(tab2 + 1);
     const a3 = aStr === "-" ? 0 : Number(aStr);
     const d3 = dStr === "-" ? 0 : Number(dStr);
     if (!Number.isFinite(a3) || !Number.isFinite(d3)) continue;
     additions += a3;
     deletions += d3;
-    if (path17) files.push(path17);
+    if (path18) files.push(path18);
   }
   return { additions, deletions, files };
 }
@@ -2782,6 +2791,7 @@ var defaultConfig = {
     aiAssistedReview: {
       enabled: true,
       gate: "warn",
+      strictScanMode: "both",
       escalate: {
         secretFindingsToBlock: true,
         tsAnyDeltaToBlock: true
@@ -2817,7 +2827,7 @@ var defaultConfig = {
       maxDeltaBytes: null,
       maxTotalBytes: null
     },
-    cwv: {
+    coreWebVitals: {
       enabled: true,
       gate: "warn",
       scanGlobs: ["app/**/*.{tsx,jsx}", "pages/**/*.{tsx,jsx}", "src/**/*.{tsx,jsx}"],
@@ -2838,6 +2848,16 @@ var defaultConfig = {
   }
 };
+// src/config/migrate.ts
+function migrateLegacyConfigKeys(config) {
+  const ch = config.checks;
+  if (!ch) return;
+  if ("cwv" in ch && !("coreWebVitals" in ch)) {
+    ch.coreWebVitals = ch.cwv;
+    delete ch.cwv;
+  }
+}
 // src/config/load.ts
 var CONFIG_NAMES = [
   "frontguard.config.js",
@@ -2860,7 +2880,7 @@ function stripExtends(c4) {
 }
 async function loadExtendsLayer(cwd, spec) {
   if (!spec) return {};
-  const req = createRequire(path4.join(cwd, "package.json"));
+  const req = createRequire(path5.join(cwd, "package.json"));
   const specs = Array.isArray(spec) ? spec : [spec];
   let merged = {};
   for (const s3 of specs) {
@@ -2879,7 +2899,7 @@ async function loadExtendsLayer(cwd, spec) {
 async function loadConfig(cwd) {
   let userFile = null;
   for (const name of CONFIG_NAMES) {
-    const full = path4.join(cwd, name);
+    const full = path5.join(cwd, name);
     if (!fs2.existsSync(full)) continue;
     try {
       const mod = await importConfig(full);
@@ -2891,6 +2911,8 @@ async function loadConfig(cwd) {
   }
   const extendsSpec = userFile?.extends;
   const orgLayer = await loadExtendsLayer(cwd, extendsSpec);
+  migrateLegacyConfigKeys(orgLayer);
+  if (userFile) migrateLegacyConfigKeys(userFile);
   const user = userFile ? stripExtends(userFile) : {};
   const base = structuredClone(defaultConfig);
   const withOrg = defu2(orgLayer, base);
@@ -2909,7 +2931,7 @@ function hasDep(deps, name) {
 async function detectStack(cwd) {
   let pkg = {};
   try {
-    const raw = await fs.readFile(path4.join(cwd, "package.json"), "utf8");
+    const raw = await fs.readFile(path5.join(cwd, "package.json"), "utf8");
     pkg = JSON.parse(raw);
   } catch {
     return {
@@ -2929,7 +2951,7 @@ async function detectStack(cwd) {
   const isMonorepo = Boolean(pkg.workspaces);
   let tsStrict = null;
   try {
-    const tsconfigPath = path4.join(cwd, "tsconfig.json");
+    const tsconfigPath = path5.join(cwd, "tsconfig.json");
     const tsRaw = await fs.readFile(tsconfigPath, "utf8");
     const ts = JSON.parse(tsRaw);
     if (typeof ts.compilerOptions?.strict === "boolean") {
@@ -2939,15 +2961,15 @@ async function detectStack(cwd) {
   }
   let pm = "unknown";
   try {
-    await fs.access(path4.join(cwd, "pnpm-lock.yaml"));
+    await fs.access(path5.join(cwd, "pnpm-lock.yaml"));
     pm = "pnpm";
   } catch {
     try {
-      await fs.access(path4.join(cwd, "yarn.lock"));
+      await fs.access(path5.join(cwd, "yarn.lock"));
       pm = "yarn";
     } catch {
       try {
-        await fs.access(path4.join(cwd, "package-lock.json"));
+        await fs.access(path5.join(cwd, "package-lock.json"));
         pm = "npm";
       } catch {
         pm = "npm";
@@ -2977,6 +2999,65 @@ function formatStackOneLiner(s3) {
   bits.push(`pkg: ${s3.packageManager}`);
   return bits.join(" \xB7 ") || "unknown";
 }
+function normalizePrPath(p2) {
+  return p2.replace(/\\/g, "/").replace(/^\.\//, "");
+}
+function hasPrFileList(pr) {
+  return Boolean(pr?.files?.length);
+}
+function prPathSet(pr) {
+  if (!hasPrFileList(pr)) return null;
+  return new Set(pr.files.map(normalizePrPath));
+}
+function isPathInPrScope(relOrAbs, cwd, prSet) {
+  const raw = relOrAbs.replace(/^file:\/\//, "");
+  let rel = normalizePrPath(raw);
+  if (path5.isAbsolute(raw)) {
+    rel = normalizePrPath(path5.relative(cwd, raw));
+  }
+  if (prSet.has(rel)) return true;
+  const trimmed = rel.replace(/^\.\//, "");
+  if (prSet.has(trimmed)) return true;
+  return false;
+}
+var ESLINT_EXT = /\.(js|cjs|mjs|jsx|ts|tsx)$/i;
+var PRETTIER_EXT = /\.(js|cjs|mjs|jsx|ts|tsx|json|md|css|scss|sass|less|yml|yaml|vue|svelte)$/i;
+var CYCLES_EXT = /\.(tsx?|jsx?|mjs|cjs|js)$/i;
+function filterPrFilesForEslint(pr) {
+  if (!hasPrFileList(pr)) return null;
+  return pr.files.map(normalizePrPath).filter((f4) => ESLINT_EXT.test(f4));
+}
+function filterPrFilesForPrettier(pr) {
+  if (!hasPrFileList(pr)) return null;
+  return pr.files.map(normalizePrPath).filter((f4) => PRETTIER_EXT.test(f4));
+}
+function filterPrFilesForMadge(pr) {
+  if (!hasPrFileList(pr)) return null;
+  return pr.files.map(normalizePrPath).filter((f4) => CYCLES_EXT.test(f4));
+}
+async function existingRepoPaths(cwd, rels) {
+  const out = [];
+  for (const rel of rels) {
+    try {
+      await fs.access(path5.join(cwd, rel));
+      out.push(rel);
+    } catch {
+    }
+  }
+  return out;
+}
+function filterTscOutputToPrFiles(output, cwd, prSet) {
+  const lines = output.split("\n");
+  const kept = [];
+  for (const line of lines) {
+    const m3 = /^(.+?)\(\d+,\d+\):\s/.exec(line);
+    if (m3?.[1]) {
+      if (isPathInPrScope(m3[1], cwd, prSet)) kept.push(line);
+      continue;
+    }
+  }
+  return kept.join("\n").trim();
+}
 function stripFileUrl(p2) {
   let s3 = p2.trim();
   if (!/^file:/i.test(s3)) return s3;
@@ -2988,30 +3069,30 @@ function stripFileUrl(p2) {
   return s3;
 }
 function isUnderDir(parent, child) {
-  const rel = path4.relative(parent, child);
-  return rel === "" || !rel.startsWith("..") && !path4.isAbsolute(rel);
+  const rel = path5.relative(parent, child);
+  return rel === "" || !rel.startsWith("..") && !path5.isAbsolute(rel);
 }
 function toRepoRelativePath(cwd, filePath) {
   if (!filePath?.trim()) return void 0;
   const raw = stripFileUrl(filePath);
-  const resolvedCwd = path4.resolve(cwd);
-  const absFile = path4.isAbsolute(raw) ? path4.resolve(raw) : path4.resolve(resolvedCwd, raw);
+  const resolvedCwd = path5.resolve(cwd);
+  const absFile = path5.isAbsolute(raw) ? path5.resolve(raw) : path5.resolve(resolvedCwd, raw);
   if (!isUnderDir(resolvedCwd, absFile)) {
     return raw.split(/[/\\]/g).join("/");
   }
-  let rel = path4.relative(resolvedCwd, absFile);
+  let rel = path5.relative(resolvedCwd, absFile);
   if (!rel || rel === ".") {
-    return path4.basename(absFile);
+    return path5.basename(absFile);
   }
-  return rel.split(path4.sep).join("/");
+  return rel.split(path5.sep).join("/");
 }
 function stripRepoAbsolutePaths(cwd, text) {
   if (!text || !cwd.trim()) return text;
-  const resolvedCwd = path4.resolve(cwd);
+  const resolvedCwd = path5.resolve(cwd);
   const asPosix = (s3) => s3.replace(/\\/g, "/");
   const cwdPosix = asPosix(resolvedCwd);
   let out = asPosix(text);
-  const prefixes = [.../* @__PURE__ */ new Set([cwdPosix + "/", resolvedCwd + path4.sep])].filter(
+  const prefixes = [.../* @__PURE__ */ new Set([cwdPosix + "/", resolvedCwd + path5.sep])].filter(
     (p2) => p2.length > 1
   );
   for (const prefix of prefixes) {
@@ -3637,7 +3718,7 @@ async function pathExists(file) {
   }
 }
 async function resolveBin(cwd, name) {
-  const local = path4.join(cwd, "node_modules", ".bin", name);
+  const local = path5.join(cwd, "node_modules", ".bin", name);
   if (await pathExists(local)) return local;
   const win = local + ".cmd";
   if (await pathExists(win)) return win;
@@ -3693,7 +3774,7 @@ async function runNpx(cwd, args) {
 // src/checks/eslint.ts
 async function hasEslintDependency(cwd) {
   try {
-    const raw = await fs.readFile(path4.join(cwd, "package.json"), "utf8");
+    const raw = await fs.readFile(path5.join(cwd, "package.json"), "utf8");
     const p2 = JSON.parse(raw);
     return Boolean(p2.devDependencies?.eslint || p2.dependencies?.eslint);
   } catch {
@@ -3705,6 +3786,7 @@ async function hasEslintConfig(cwd) {
     "eslint.config.js",
     "eslint.config.mjs",
     "eslint.config.cjs",
+    "eslint.config.json",
     ".eslintrc",
     ".eslintrc.json",
     ".eslintrc.cjs",
@@ -3712,14 +3794,47 @@ async function hasEslintConfig(cwd) {
     ".eslintrc.yml"
   ];
   for (const c4 of candidates) {
-    if (await pathExists(path4.join(cwd, c4))) return true;
+    if (await pathExists(path5.join(cwd, c4))) return true;
   }
   return false;
 }
 function meaningfulStderr(stderr) {
   return stderr.split("\n").filter((l3) => l3.trim() && !/^npm warn\b/i.test(l3)).join("\n").trim();
 }
-async function runEslint(cwd, config, _stack) {
+var ESLINT_BATCH = 80;
+async function runEslintOnPaths(cwd, relPaths) {
+  let worstExit = 0;
+  const merged = [];
+  let stderrAcc = "";
+  for (let i3 = 0; i3 < relPaths.length; i3 += ESLINT_BATCH) {
+    const batch = relPaths.slice(i3, i3 + ESLINT_BATCH);
+    const args = [
+      ...batch,
+      "--max-warnings",
+      "0",
+      "--no-error-on-unmatched-pattern",
+      "-f",
+      "json"
+    ];
+    const { exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "eslint", args);
+    worstExit = Math.max(worstExit, exitCode ?? 0);
+    stderrAcc += stderr;
+    const t3 = stdout2.trim();
+    if (t3) {
+      try {
+        const rows = JSON.parse(t3);
+        if (Array.isArray(rows)) merged.push(...rows);
+      } catch {
+      }
+    }
+  }
+  return {
+    exitCode: worstExit,
+    stdout: JSON.stringify(merged),
+    stderr: stderrAcc
+  };
+}
+async function runEslint(cwd, config, _stack, pr) {
   const t0 = performance.now();
   if (!config.checks.eslint.enabled) {
     return {
@@ -3740,15 +3855,39 @@ async function runEslint(cwd, config, _stack) {
     };
   }
   const glob = config.checks.eslint.glob ?? "**/*.{js,cjs,mjs,jsx,ts,tsx}";
-  const args = [
-    glob,
-    "--max-warnings",
-    "0",
-    "--no-error-on-unmatched-pattern",
-    "-f",
-    "json"
-  ];
-  const { exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "eslint", args);
+  const prPaths = filterPrFilesForEslint(pr);
+  let exitCode;
+  let stdout2;
+  let stderr;
+  if (prPaths !== null) {
+    if (prPaths.length === 0) {
+      return {
+        checkId: "eslint",
+        findings: [],
+        durationMs: Math.round(performance.now() - t0),
+        skipped: "no lintable files in PR diff"
+      };
+    }
+    const existing = await existingRepoPaths(cwd, prPaths);
+    if (existing.length === 0) {
+      return {
+        checkId: "eslint",
+        findings: [],
+        durationMs: Math.round(performance.now() - t0),
+        skipped: hasPrFileList(pr) ? "no lintable files in PR diff (added/modified only)" : "no files"
+      };
+    }
+    ({ exitCode, stdout: stdout2, stderr } = await runEslintOnPaths(cwd, existing));
+  } else {
+    ({ exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "eslint", [
+      glob,
+      "--max-warnings",
+      "0",
+      "--no-error-on-unmatched-pattern",
+      "-f",
+      "json"
+    ]));
+  }
   const errText = meaningfulStderr(stderr);
   const findings = [];
   if (exitCode === 0) {
@@ -3814,7 +3953,25 @@ function truncate(s3, max) {
 }
 // src/checks/prettier.ts
-async function runPrettier(cwd, config) {
+var PRETTIER_BATCH = 100;
+async function runPrettierOnPaths(cwd, relPaths) {
+  let worstExit = 0;
+  let stdoutAcc = "";
+  let stderrAcc = "";
+  for (let i3 = 0; i3 < relPaths.length; i3 += PRETTIER_BATCH) {
+    const batch = relPaths.slice(i3, i3 + PRETTIER_BATCH);
+    const r4 = await runNpmBinary(cwd, "prettier", [
+      "--check",
+      "--ignore-unknown",
+      ...batch
+    ]);
+    worstExit = Math.max(worstExit, r4.exitCode ?? 0);
+    stdoutAcc += r4.stdout;
+    stderrAcc += r4.stderr;
+  }
+  return { exitCode: worstExit, stdout: stdoutAcc, stderr: stderrAcc };
+}
+async function runPrettier(cwd, config, pr) {
   const t0 = performance.now();
   if (!config.checks.prettier.enabled) {
     return {
@@ -3825,11 +3982,36 @@ async function runPrettier(cwd, config) {
     };
   }
   const glob = config.checks.prettier.glob ?? "**/*.{js,cjs,mjs,jsx,ts,tsx,json,md,css,scss,yml,yaml}";
-  const { exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "prettier", [
-    "--check",
-    glob,
-    "--ignore-unknown"
-  ]);
+  let exitCode;
+  let stdout2;
+  let stderr;
+  const prPaths = filterPrFilesForPrettier(pr);
+  if (prPaths !== null) {
+    if (prPaths.length === 0) {
+      return {
+        checkId: "prettier",
+        findings: [],
+        durationMs: Math.round(performance.now() - t0),
+        skipped: "no formattable files in PR diff"
+      };
+    }
+    const existing = await existingRepoPaths(cwd, prPaths);
+    if (existing.length === 0) {
+      return {
+        checkId: "prettier",
+        findings: [],
+        durationMs: Math.round(performance.now() - t0),
+        skipped: hasPrFileList(pr) ? "no formattable files in PR diff" : "no files"
+      };
+    }
+    ({ exitCode, stdout: stdout2, stderr } = await runPrettierOnPaths(cwd, existing));
+  } else {
+    ({ exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "prettier", [
+      "--check",
+      glob,
+      "--ignore-unknown"
+    ]));
+  }
   const findings = [];
   if (exitCode === 127 || /command not found|not recognized|ENOENT/i.test(stderr)) {
     return {
@@ -3858,7 +4040,7 @@ function truncate2(s3, max) {
   if (s3.length <= max) return s3;
   return s3.slice(0, max) + "\u2026";
 }
-async function runTypeScript(cwd, config, stack) {
+async function runTypeScript(cwd, config, stack, pr) {
   const t0 = performance.now();
   if (!config.checks.typescript.enabled) {
     return {
@@ -3868,7 +4050,7 @@ async function runTypeScript(cwd, config, stack) {
       skipped: "disabled in config"
     };
   }
-  const hasTs = stack.hasTypeScript || await pathExists(path4.join(cwd, "tsconfig.json"));
+  const hasTs = stack.hasTypeScript || await pathExists(path5.join(cwd, "tsconfig.json"));
   if (!hasTs) {
     return {
       checkId: "typescript",
@@ -3877,7 +4059,14 @@ async function runTypeScript(cwd, config, stack) {
       skipped: "no TypeScript project detected"
     };
   }
-  const args = ["--noEmit", ...config.checks.typescript.tscArgs ?? []];
+  const extra = config.checks.typescript.tscArgs ?? [];
+  const hasProject = extra.some((a3) => a3 === "-p" || a3 === "--project");
+  const tsconfigPath = path5.join(cwd, "tsconfig.json");
+  const args = [
+    "--noEmit",
+    ...hasProject || !await pathExists(tsconfigPath) ? [] : ["-p", "tsconfig.json"],
+    ...extra
+  ];
   const { exitCode, stdout: stdout2, stderr } = await runNpmBinary(cwd, "tsc", args);
   const findings = [];
   if (exitCode === 127 || /command not found|not recognized|ENOENT/i.test(stderr)) {
@@ -3890,12 +4079,16 @@ async function runTypeScript(cwd, config, stack) {
   }
   if (exitCode !== 0) {
     const out = [stdout2, stderr].filter(Boolean).join("\n").trim();
-    findings.push({
-      id: "tsc",
-      severity: "warn",
-      message: "TypeScript compiler reported diagnostics",
-      detail: out ? truncate3(out, 8e3) : `exit ${exitCode}`
-    });
+    const prS = prPathSet(pr);
+    const scoped = prS && out ? filterTscOutputToPrFiles(out, cwd, prS) : out;
+    if (scoped) {
+      findings.push({
+        id: "tsc",
+        severity: "warn",
+        message: prS ? "TypeScript: issues in PR-changed files (full project was typechecked)" : "TypeScript compiler reported diagnostics",
+        detail: scoped ? truncate3(scoped, 8e3) : `exit ${exitCode}`
+      });
+    }
   }
   return {
     checkId: "typescript",
@@ -3981,7 +4174,7 @@ async function runSecrets(cwd, config, pr) {
       });
       break;
     }
-    const full = path4.join(cwd, rel);
+    const full = path5.join(cwd, rel);
     let content;
     try {
       content = await fs.readFile(full, "utf8");
@@ -4007,7 +4200,7 @@ async function runSecrets(cwd, config, pr) {
   };
 }
 function isProbablyTextFile(rel) {
-  const ext = path4.extname(rel).toLowerCase();
+  const ext = path5.extname(rel).toLowerCase();
   return TEXT_EXT.has(ext);
 }
@@ -4106,6 +4299,25 @@ function sectionMentioned(body, hint) {
 }
 // src/checks/pr-size.ts
+function expandMessage(template, lines, min) {
+  return template.replaceAll("${lines}", String(lines)).replaceAll("${min}", String(min));
+}
+function defaultTiers(cfg) {
+  return [
+    {
+      minLines: cfg.softBlockLines,
+      severity: "warn",
+      id: "pr-size-large",
+      message: "PR is very large (${lines} lines changed; threshold ${min}). Consider splitting for review."
+    },
+    {
+      minLines: cfg.warnLines,
+      severity: "info",
+      id: "pr-size-medium",
+      message: "PR size is elevated (${lines} lines changed; threshold ${min})."
+    }
+  ];
+}
 function runPrSize(config, pr) {
   const t0 = performance.now();
   if (!config.checks.prSize.enabled) {
@@ -4124,21 +4336,26 @@ function runPrSize(config, pr) {
       skipped: "no PR context (run in a Bitbucket pull-request pipeline so BITBUCKET_PR_* and git diff are available)"
     };
   }
-  const findings = [];
   const lines = pr.additions + pr.deletions;
-  const { warnLines, softBlockLines } = config.checks.prSize;
-  if (lines >= softBlockLines) {
-    findings.push({
-      id: "pr-size-large",
-      severity: "warn",
-      message: `PR is very large (${lines} lines changed; \u2265 ${softBlockLines})`,
-      detail: "Consider splitting to improve review quality."
-    });
-  } else if (lines >= warnLines) {
+  const cfg = config.checks.prSize;
+  const rawTiers = cfg.tiers?.length ? cfg.tiers : defaultTiers(cfg);
+  const sorted = [...rawTiers].sort((a3, b3) => b3.minLines - a3.minLines);
+  const findings = [];
+  let i3 = 0;
+  for (const tier of sorted) {
+    if (lines < tier.minLines) continue;
+    const id = tier.id ?? `pr-size-tier-${i3}`;
+    i3 += 1;
+    const message = tier.message ? expandMessage(tier.message, lines, tier.minLines) : expandMessage(
+      "PR has ${lines} lines changed (\u2265 ${min}).",
+      lines,
+      tier.minLines
+    );
     findings.push({
-      id: "pr-size-medium",
-      severity: "info",
-      message: `PR size is elevated (${lines} lines changed; \u2265 ${warnLines})`
+      id,
+      severity: tier.severity,
+      message,
+      detail: "Total = additions + deletions from the PR diff."
     });
   }
   return {
@@ -4300,7 +4517,7 @@ async function runTsAnyDelta(cwd, config, stack) {
 function gateSeverity2(g4) {
   return g4 === "block" ? "block" : g4 === "info" ? "info" : "warn";
 }
-async function runCycles(cwd, config, stack) {
+async function runCycles(cwd, config, stack, pr) {
   const t0 = performance.now();
   const cfg = config.checks.cycles;
   if (!cfg.enabled || !stack.hasTypeScript) {
@@ -4313,12 +4530,12 @@ async function runCycles(cwd, config, stack) {
   }
   let entry = cfg.entries[0] ?? "src";
   for (const e3 of cfg.entries) {
-    if (await pathExists(path4.join(cwd, e3))) {
+    if (await pathExists(path5.join(cwd, e3))) {
       entry = e3;
       break;
     }
   }
-  if (!await pathExists(path4.join(cwd, entry))) {
+  if (!await pathExists(path5.join(cwd, entry))) {
     return {
       checkId: "cycles",
       findings: [],
@@ -4326,10 +4543,13 @@ async function runCycles(cwd, config, stack) {
       skipped: `entry path not found (${entry})`
     };
   }
+  const prMadge = filterPrFilesForMadge(pr);
+  const prExisting = prMadge?.length ? await existingRepoPaths(cwd, prMadge) : [];
+  const roots = prExisting.length > 0 ? prExisting : [entry];
   const args = [
     "-y",
     "madge@6",
-    entry,
+    ...roots,
     "--extensions",
     "ts,tsx,js,jsx",
     "--circular",
@@ -4351,7 +4571,7 @@ async function runCycles(cwd, config, stack) {
     findings.push({
       id: "import-cycle",
       severity: gateSeverity2(cfg.gate),
-      message: "Circular dependencies detected (madge)",
+      message: prExisting.length > 0 ? "Circular dependencies detected (madge, scoped to PR files)" : "Circular dependencies detected (madge)",
       detail: truncate4(out || `exit ${exitCode}`, 12e3)
     });
   } else if (exitCode !== 0) {
@@ -4442,7 +4662,7 @@ async function sumGlobBytes(cwd, patterns) {
     });
     for (const rel of files) {
       try {
-        const st = await fs.stat(path4.join(cwd, rel));
+        const st = await fs.stat(path5.join(cwd, rel));
         total += st.size;
       } catch {
       }
@@ -4451,7 +4671,7 @@ async function sumGlobBytes(cwd, patterns) {
   return total;
 }
 async function readBaseline(cwd, relPath, baseRef) {
-  const disk = path4.join(cwd, relPath);
+  const disk = path5.join(cwd, relPath);
   try {
     const raw = await fs.readFile(disk, "utf8");
     return JSON.parse(raw);
@@ -4495,7 +4715,7 @@ async function bundleBuildPrecheck(cwd, buildCommand) {
   if (!script) return { run: true };
   let scripts;
   try {
-    const raw = await fs.readFile(path4.join(cwd, "package.json"), "utf8");
+    const raw = await fs.readFile(path5.join(cwd, "package.json"), "utf8");
     const pkg = JSON.parse(raw);
     scripts = pkg.scripts;
   } catch {
@@ -4642,12 +4862,12 @@ async function runBundle(cwd, config, stack) {
 function gateSeverity5(g4) {
   return g4 === "block" ? "block" : g4 === "info" ? "info" : "warn";
 }
-async function runCwv(cwd, config, stack, pr) {
+async function runCoreWebVitals(cwd, config, stack, pr) {
   const t0 = performance.now();
-  const cfg = config.checks.cwv;
+  const cfg = config.checks.coreWebVitals;
   if (!cfg.enabled) {
     return {
-      checkId: "cwv",
+      checkId: "core-web-vitals",
       findings: [],
       durationMs: 0,
       skipped: "disabled in config"
@@ -4655,7 +4875,7 @@ async function runCwv(cwd, config, stack, pr) {
   }
   if (stack.hasReactNative && !stack.hasNext) {
     return {
-      checkId: "cwv",
+      checkId: "core-web-vitals",
       findings: [],
       durationMs: Math.round(performance.now() - t0),
       skipped: "skipped for React Native"
@@ -4671,7 +4891,7 @@ async function runCwv(cwd, config, stack, pr) {
   const findings = [];
   const sev2 = gateSeverity5(cfg.gate);
   for (const rel of toScan.slice(0, 400)) {
-    const full = path4.join(cwd, rel);
+    const full = path5.join(cwd, rel);
     let text;
     try {
       text = await fs.readFile(full, "utf8");
@@ -4681,23 +4901,23 @@ async function runCwv(cwd, config, stack, pr) {
     if (text.length > cfg.maxFileBytes) continue;
     if (stack.hasNext && /<img\b/i.test(text) && !/from\s+['"]next\/image['"]/.test(text)) {
       findings.push({
-        id: "cwv-img-tag",
+        id: "core-web-vitals-img-tag",
         severity: sev2,
-        message: "Raw `<img>` detected \u2014 prefer `next/image` for LCP-friendly delivery",
+        message: "Raw `<img>` \u2014 prefer `next/image` for LCP-friendly delivery",
         file: rel
       });
     }
     if (/dangerouslySetInnerHTML/i.test(text)) {
       findings.push({
-        id: "cwv-dsh",
+        id: "core-web-vitals-dsh",
         severity: "warn",
-        message: "`dangerouslySetInnerHTML` can impact main-thread work \u2014 validate necessity",
+        message: "`dangerouslySetInnerHTML` can add main-thread work \u2014 validate necessity",
         file: rel
       });
     }
   }
   return {
-    checkId: "cwv",
+    checkId: "core-web-vitals",
     findings: dedupeFindings(findings).slice(0, 40),
     durationMs: Math.round(performance.now() - t0)
   };
@@ -4756,7 +4976,7 @@ async function runCustomRules(cwd, config, restrictToFiles) {
       });
       break;
     }
-    const full = path4.join(cwd, rel);
+    const full = path5.join(cwd, rel);
     let content;
     try {
       content = await fs.readFile(full, "utf8");
@@ -4793,6 +5013,115 @@ async function runCustomRules(cwd, config, restrictToFiles) {
     durationMs: Math.round(performance.now() - t0)
   };
 }
+// src/lib/ai-decorators.ts
+var FILE_SCAN_HEAD_LINES = 40;
+function commentInner(line) {
+  const t3 = line.trim();
+  const mLine = /^\/\/\s*(.*)$/.exec(t3);
+  if (mLine) return mLine[1]?.trim() ?? "";
+  const mBlock = /^\/\*\s*(.*?)\s*\*\/\s*$/.exec(t3);
+  if (mBlock) return mBlock[1]?.trim() ?? "";
+  return null;
+}
+function lineMarkerKind(line) {
+  const inner = commentInner(line);
+  if (!inner) return null;
+  if (/@(?:frontguard-ai|ai-written)\s*:\s*file\b/i.test(inner) || /^written\s+by\s+ai\s*:?\s*file\b/i.test(inner))
+    return "file";
+  if (/@(?:frontguard-ai|ai-written)\s*:\s*start\b/i.test(inner) || /^written\s+by\s+ai\s*:?\s*start\b/i.test(inner))
+    return "start";
+  if (/@(?:frontguard-ai|ai-written)\s*:\s*end\b/i.test(inner) || /^written\s+by\s+ai\s*:?\s*end\b/i.test(inner))
+    return "end";
+  return null;
+}
+function isAiFileDirectiveLine(line) {
+  return lineMarkerKind(line) === "file";
+}
+function parseAiMarkedRegions(source, fileHint) {
+  const lines = source.split(/\r?\n/);
+  const parseWarnings = [];
+  const regions = [];
+  let headNonEmpty = 0;
+  for (let i3 = 0; i3 < lines.length && headNonEmpty < FILE_SCAN_HEAD_LINES; i3++) {
+    if (!lines[i3]?.trim()) continue;
+    headNonEmpty++;
+    if (isAiFileDirectiveLine(lines[i3] ?? "")) {
+      const bodyLines = lines.filter((_4, idx) => idx !== i3);
+      regions.push({
+        startLine: 1,
+        endLine: lines.length,
+        text: bodyLines.join("\n")
+      });
+      return { regions, parseWarnings };
+    }
+  }
+  let open = false;
+  let contentStart = null;
+  const buf = [];
+  for (let i3 = 0; i3 < lines.length; i3++) {
+    const line = lines[i3] ?? "";
+    const kind = lineMarkerKind(line);
+    if (kind === "file") {
+      parseWarnings.push(`${fileHint}:${i3 + 1}: @file directive ignored (only honored in first ${FILE_SCAN_HEAD_LINES} non-empty lines)`);
+      if (open) buf.push(line);
+      continue;
+    }
+    if (kind === "start") {
+      if (open) {
+        parseWarnings.push(`${fileHint}:${i3 + 1}: nested AI:start ignored (flatten your regions)`);
+        buf.push(line);
+        continue;
+      }
+      open = true;
+      contentStart = i3 + 2;
+      buf.length = 0;
+      continue;
+    }
+    if (kind === "end") {
+      if (!open) {
+        parseWarnings.push(`${fileHint}:${i3 + 1}: stray AI:end`);
+        continue;
+      }
+      open = false;
+      if (contentStart !== null) {
+        regions.push({
+          startLine: contentStart,
+          endLine: i3,
+          text: buf.join("\n")
+        });
+      }
+      contentStart = null;
+      buf.length = 0;
+      continue;
+    }
+    if (open) buf.push(line);
+  }
+  if (open && contentStart !== null) {
+    parseWarnings.push(`${fileHint}: unclosed AI:start \u2014 treating region as ending at EOF`);
+    regions.push({
+      startLine: contentStart,
+      endLine: lines.length,
+      text: buf.join("\n")
+    });
+  }
+  return { regions, parseWarnings };
+}
+function matchLineNumbersInRegion(regionText, regionStartLine, re) {
+  const flags = re.flags.includes("g") ? re.flags : `${re.flags}g`;
+  const g4 = new RegExp(re.source, flags);
+  const out = [];
+  let m3;
+  const text = regionText;
+  while ((m3 = g4.exec(text)) !== null) {
+    const lineInRegion = text.slice(0, m3.index).split("\n").length;
+    out.push(regionStartLine + lineInRegion - 1);
+    if (m3.index === g4.lastIndex) g4.lastIndex++;
+  }
+  return out;
+}
+// src/checks/ai-assisted-strict.ts
 function sev(gate) {
   return gate === "block" ? "block" : gate === "info" ? "info" : "warn";
 }
@@ -4856,6 +5185,20 @@ var PATTERNS2 = [
     message: "Possible dynamic SQL/string \u2014 ensure parameterization, not string concat."
   }
 ];
+function scanRegion(rel, regionText, regionStartLine, gate, tag, findings) {
+  for (const { id, re, message, forceBlock } of PATTERNS2) {
+    const lines = matchLineNumbersInRegion(regionText, regionStartLine, re);
+    for (const line of lines) {
+      findings.push({
+        id,
+        severity: forceBlock ? "block" : sev(gate),
+        message: `${tag} ${message}`,
+        file: rel,
+        detail: `line ${line}`
+      });
+    }
+  }
+}
 async function runAiAssistedStrict(cwd, config, pr) {
   const t0 = performance.now();
   const cfg = config.checks.aiAssistedReview;
@@ -4872,38 +5215,65 @@ async function runAiAssistedStrict(cwd, config, pr) {
       checkId: "ai-assisted-strict",
       findings: [],
       durationMs: Math.round(performance.now() - t0),
-      skipped: "not a pull request context"
+      skipped: "no PR context (Bitbucket PR pipeline + BITBUCKET_PR_ID required)"
     };
   }
-  if (!pr.aiAssisted) {
+  const mode = cfg.strictScanMode ?? "both";
+  const gate = cfg.gate;
+  const files = (pr.files ?? []).filter((f4) => CODE_EXT.test(f4)).slice(0, 150);
+  const byRel = /* @__PURE__ */ new Map();
+  let anyDecoratorInPr = false;
+  for (const rel of files) {
+    const full = path5.join(cwd, rel);
+    try {
+      const content = await fs.readFile(full, "utf8");
+      if (content.length > 5e5) continue;
+      const parsed = parseAiMarkedRegions(content, rel);
+      byRel.set(rel, { content, parsed });
+      if (parsed.regions.length > 0) anyDecoratorInPr = true;
+    } catch {
+      continue;
+    }
+  }
+  if (mode === "decorator" && !anyDecoratorInPr) {
     return {
       checkId: "ai-assisted-strict",
       findings: [],
       durationMs: Math.round(performance.now() - t0),
-      skipped: "PR does not indicate AI-assisted code"
+      skipped: "strictScanMode=decorator \u2014 no `@frontguard-ai:start` / `written by AI: start` regions in PR files"
     };
   }
-  const files = (pr.files ?? []).filter((f4) => CODE_EXT.test(f4)).slice(0, 150);
-  const gate = cfg.gate;
+  if (mode === "pr-disclosure" && !pr.aiAssisted) {
+    return {
+      checkId: "ai-assisted-strict",
+      findings: [],
+      durationMs: Math.round(performance.now() - t0),
+      skipped: "strictScanMode=pr-disclosure \u2014 PR does not indicate AI-assisted code"
+    };
+  }
+  const useWholeFileFallback = (mode === "pr-disclosure" || mode === "both") && Boolean(pr.aiAssisted);
   const findings = [];
   for (const rel of files) {
-    const full = path4.join(cwd, rel);
-    let content;
-    try {
-      content = await fs.readFile(full, "utf8");
-    } catch {
-      continue;
-    }
-    if (content.length > 5e5) continue;
-    for (const { id, re, message, forceBlock } of PATTERNS2) {
-      if (!re.test(content)) continue;
+    const entry = byRel.get(rel);
+    if (!entry) continue;
+    const { content, parsed } = entry;
+    for (const w3 of parsed.parseWarnings) {
       findings.push({
-        id,
-        severity: forceBlock ? "block" : sev(gate),
-        message: `[AI-assisted strict] ${message}`,
+        id: "ai-decorator-parse",
+        severity: "info",
+        message: `[AI markers] ${w3}`,
         file: rel
       });
     }
+    if (parsed.regions.length > 0) {
+      for (const r4 of parsed.regions) {
+        scanRegion(rel, r4.text, r4.startLine, gate, "[AI-marked code]", findings);
+      }
+      continue;
+    }
+    if (useWholeFileFallback) {
+      scanRegion(rel, content, 1, gate, "[AI-assisted strict]", findings);
+    }
   }
   return {
     checkId: "ai-assisted-strict",
@@ -4915,7 +5285,7 @@ function dedupe(f4) {
   const s3 = /* @__PURE__ */ new Set();
   const out = [];
   for (const x3 of f4) {
-    const k3 = `${x3.id}:${x3.file ?? ""}`;
+    const k3 = `${x3.id}:${x3.file ?? ""}:${x3.detail ?? ""}`;
     if (s3.has(k3)) continue;
     s3.add(k3);
     out.push(x3);
@@ -4952,25 +5322,6 @@ function escapeHtml(s3) {
 }
 // src/report/html-report.ts
-function shieldUrl(label, message, color) {
-  const q2 = new URLSearchParams({ label, message, color, style: "for-the-badge" });
-  return `https://img.shields.io/static/v1?${q2}`;
-}
-function riskColor(risk) {
-  if (risk === "LOW") return "brightgreen";
-  if (risk === "MEDIUM") return "orange";
-  return "red";
-}
-function modeColor(mode) {
-  return mode === "enforce" ? "critical" : "blue";
-}
-function countColor(kind, n3) {
-  if (kind === "block") return n3 === 0 ? "brightgreen" : "critical";
-  if (kind === "info") return n3 === 0 ? "inactive" : "informational";
-  if (n3 === 0) return "brightgreen";
-  if (n3 <= 10) return "yellow";
-  return "orange";
-}
 function parseLineHint(detail) {
   if (!detail) return 0;
   const m3 = /^line\s+(\d+)/i.exec(detail.trim());
@@ -5002,13 +5353,20 @@ function formatDuration(ms) {
   const r4 = s3 % 60;
   return r4 ? `${m3}m ${r4}s` : `${m3}m`;
 }
+function statusDot(r4) {
+  if (r4.skipped) return '<span class="dot dot-skip" title="Skipped"></span>';
+  if (r4.findings.length === 0) return '<span class="dot dot-ok" title="Clean"></span>';
+  if (r4.findings.some((x3) => x3.severity === "block"))
+    return '<span class="dot dot-block" title="Blocking"></span>';
+  return '<span class="dot dot-warn" title="Issues"></span>';
+}
 function renderFindingCard(cwd, r4, f4) {
   const d3 = normalizeFinding(cwd, f4);
   const sevClass = f4.severity === "block" ? "sev-block" : f4.severity === "warn" ? "sev-warn" : "sev-info";
-  const fixBlock = f4.suggestedFix ? `<div class="suggested-fix"><h5>Suggested fix <span class="tag">LLM</span></h5><div class="fix-md">${escapeHtml(f4.suggestedFix.summary)}</div>${f4.suggestedFix.code ? `<pre class="code"><code>${escapeHtml(f4.suggestedFix.code)}</code></pre>` : ""}<p class="disclaimer">Suggestions are non-binding; review and test before applying.</p></div>` : "";
+  const fixBlock = f4.suggestedFix ? `<div class="suggested-fix"><div class="fix-label">Suggested fix <span class="pill pill-llm">LLM</span></div><div class="fix-md">${escapeHtml(f4.suggestedFix.summary)}</div>${f4.suggestedFix.code ? `<pre class="code"><code>${escapeHtml(f4.suggestedFix.code)}</code></pre>` : ""}<p class="disclaimer">Suggestions are non-binding; review before applying.</p></div>` : "";
   const hintRow = d3.detail && !d3.detail.includes("\n") && d3.detail.length <= 220 && !d3.detail.includes("|") ? `<tr><th>Hint</th><td>${escapeHtml(d3.detail)}</td></tr>` : "";
   const detailFence = d3.detail && (d3.detail.includes("\n") || d3.detail.length > 220 || d3.detail.includes("|")) ? `<pre class="code"><code>${escapeHtml(d3.detail)}</code></pre>` : "";
-  return `<article class="card ${sevClass}"><h4>${escapeHtml(d3.file ?? "\u2014")} <span class="muted">\xB7</span> ${escapeHtml(d3.message)}</h4><table class="meta"><tr><th>Check</th><td><code>${escapeHtml(r4.checkId)}</code></td></tr><tr><th>Rule</th><td><code>${escapeHtml(f4.id)}</code></td></tr>${d3.file ? `<tr><th>File</th><td><code>${escapeHtml(d3.file)}</code></td></tr>` : ""}${hintRow}</table>${detailFence}${fixBlock}</article>`;
+  return `<article class="card ${sevClass}"><div class="card-title">${escapeHtml(d3.file ?? "\u2014")}</div><p class="card-msg">${escapeHtml(d3.message)}</p><table class="meta"><tr><th>Check</th><td><code>${escapeHtml(r4.checkId)}</code></td></tr><tr><th>Rule</th><td><code>${escapeHtml(f4.id)}</code></td></tr>${d3.file ? `<tr><th>File</th><td><code>${escapeHtml(d3.file)}</code></td></tr>` : ""}${hintRow}</table>${detailFence}${fixBlock}</article>`;
 }
 function buildHtmlReport(p2) {
   const {
@@ -5024,21 +5382,11 @@ function buildHtmlReport(p2) {
     lines,
     llmAppendix
   } = p2;
-  const modeLabel = mode === "enforce" ? "enforce" : "warn only";
-  const badges = [
-    ["risk", riskScore, riskColor(riskScore)],
-    ["mode", modeLabel, modeColor(mode)],
-    ["blocking", String(blocks), countColor("block", blocks)],
-    ["warnings", String(warns), countColor("warn", warns)],
-    ["info", String(infos), countColor("info", infos)]
-  ];
-  const badgeImgs = badges.map(([l3, m3, c4]) => {
-    const alt = `${l3}: ${m3}`;
-    return `<img class="badge" src="${escapeHtml(shieldUrl(l3, m3, c4))}" alt="${escapeHtml(alt)}" loading="lazy" />`;
-  }).join(" ");
+  const modeLabel = mode === "enforce" ? "Enforce" : "Warn only";
+  const riskClass = riskScore === "LOW" ? "risk-low" : riskScore === "MEDIUM" ? "risk-med" : "risk-high";
   const checkRows = results.map((r4) => {
-    const status = r4.skipped ? `Skipped \u2014 ${escapeHtml(r4.skipped)}` : r4.findings.length === 0 ? "Clean" : `${r4.findings.length} finding(s)`;
-    return `<tr><td>${r4.skipped ? "\u23ED\uFE0F" : r4.findings.length === 0 ? "\u{1F7E2}" : r4.findings.some((x3) => x3.severity === "block") ? "\u{1F534}" : "\u{1F7E1}"}</td><td><strong>${escapeHtml(r4.checkId)}</strong></td><td>${status}</td><td>${r4.skipped ? "\u2014" : r4.findings.length}</td><td>${formatDuration(r4.durationMs)}</td></tr>`;
+    const status = r4.skipped ? `Skipped \u2014 ${escapeHtml(r4.skipped)}` : r4.findings.length === 0 ? "Pass" : `${r4.findings.length} issue(s)`;
+    return `<tr><td class="td-icon">${statusDot(r4)}</td><td><strong class="check-name">${escapeHtml(r4.checkId)}</strong></td><td class="td-status">${status}</td><td class="td-num">${r4.skipped ? "\u2014" : r4.findings.length}</td><td class="td-time">${formatDuration(r4.durationMs)}</td></tr>`;
   }).join("\n");
   const blockItems = sortFindings(
     cwd,
@@ -5065,141 +5413,286 @@ function buildHtmlReport(p2) {
     byCheck.set(item.r.checkId, list);
   }
   const checkOrder = [...byCheck.keys()].sort((a3, b3) => a3.localeCompare(b3));
-  const blockingHtml = blockItems.length === 0 ? '<p class="ok">No blocking findings.</p>' : blockItems.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
+  const blockingHtml = blockItems.length === 0 ? '<p class="empty-state">No blocking findings.</p>' : blockItems.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
   let warningsHtml = "";
   if (warnItems.length === 0) {
-    warningsHtml = '<p class="ok">No warnings.</p>';
+    warningsHtml = '<p class="empty-state">No warnings.</p>';
   } else {
     for (const cid of checkOrder) {
       const group = sortFindings(cwd, byCheck.get(cid));
       const cards = group.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
-      warningsHtml += `<details class="warn-check"><summary>${escapeHtml(cid)} <span class="count">(${group.length})</span></summary><div class="details-body warn-check-body">${cards}</div></details>`;
+      warningsHtml += `<details class="panel nested"><summary><span class="summary-title">${escapeHtml(cid)}</span><span class="summary-count">${group.length}</span></summary><div class="panel-body">${cards}</div></details>`;
     }
   }
-  const infoHtml = infoItems.length === 0 ? '<p class="muted">No info notes.</p>' : infoItems.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
-  const prBlock = pr && lines != null ? `<tr><th>PR size</th><td>${lines} LOC (+${pr.additions} / \u2212${pr.deletions}) \xB7 ${pr.changedFiles} files</td></tr>` : "";
-  const appendix = llmAppendix?.trim() ? `<section class="appendix"><h2>AI / manual appendix</h2><pre class="md-raw">${escapeHtml(llmAppendix.trim())}</pre></section>` : "";
+  const infoHtml = infoItems.length === 0 ? '<p class="empty-state muted">No info notes.</p>' : infoItems.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
+  const prBlock = pr && lines != null ? `<tr><th>Pull request</th><td>${lines} lines changed (+${pr.additions} / \u2212${pr.deletions}) \xB7 ${pr.changedFiles} files</td></tr>` : "";
+  const appendix = llmAppendix?.trim() ? `<section class="section"><h2 class="h2">Appendix</h2><pre class="md-raw">${escapeHtml(llmAppendix.trim())}</pre></section>` : "";
   return `<!DOCTYPE html>
 <html lang="en">
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>FrontGuard report</title>
+  <title>FrontGuard \u2014 Report</title>
   <style>
     :root {
-      --bg: #0f1419;
-      --panel: #1a2332;
-      --text: #e7ecf3;
-      --muted: #8b9aab;
-      --border: #2d3d52;
-      --block: #f87171;
-      --warn: #fbbf24;
-      --info: #38bdf8;
-      --accent: #a78bfa;
-      --ok: #4ade80;
+      --bg: #f8fafc;
+      --surface: #ffffff;
+      --text: #0f172a;
+      --muted: #64748b;
+      --border: #e2e8f0;
+      --accent: #4f46e5;
+      --accent-soft: #eef2ff;
+      --block: #dc2626;
+      --warn: #d97706;
+      --info: #0284c7;
+      --ok: #16a34a;
+      --radius: 10px;
+      --shadow: 0 1px 3px rgba(15, 23, 42, 0.06);
     }
     * { box-sizing: border-box; }
     body {
-      margin: 0; font-family: ui-sans-serif, system-ui, sans-serif;
-      background: var(--bg); color: var(--text); line-height: 1.5;
-      padding: 1.5rem clamp(1rem, 4vw, 2.5rem) 3rem;
-      max-width: 58rem; margin-left: auto; margin-right: auto;
-    }
-    h1 { font-size: 1.5rem; margin: 0 0 1rem; letter-spacing: -0.02em; }
-    h2 { font-size: 1.15rem; margin: 2rem 0 0.75rem; color: var(--accent); border-bottom: 1px solid var(--border); padding-bottom: 0.35rem; }
-    details.warn-check { margin-bottom: 0.45rem; }
-    details.warn-check:last-child { margin-bottom: 0; }
-    details.warn-check > summary { color: var(--warn); font-size: 0.95rem; }
-    details.warn-check .count { color: var(--muted); font-weight: normal; }
-    .warn-check-body { padding-top: 0.35rem; }
-    h4 { font-size: 0.95rem; margin: 0 0 0.5rem; font-weight: 600; }
-    h5 { font-size: 0.8rem; margin: 0 0 0.35rem; text-transform: uppercase; letter-spacing: 0.04em; color: var(--accent); }
-    .badges { margin-bottom: 1.25rem; display: flex; flex-wrap: wrap; gap: 0.35rem; align-items: center; }
-    .badge { height: 28px; width: auto; max-width: 100%; image-rendering: crisp-edges; }
-    details { background: var(--panel); border: 1px solid var(--border); border-radius: 8px; margin-bottom: 0.75rem; }
-    summary {
-      cursor: pointer; padding: 0.65rem 1rem; font-weight: 600;
-      list-style: none; display: flex; align-items: center; gap: 0.5rem;
-    }
-    summary::-webkit-details-marker { display: none; }
-    details[open] > summary { border-bottom: 1px solid var(--border); }
-    .details-body { padding: 0.75rem 1rem 1rem; }
-    table.results { width: 100%; border-collapse: collapse; font-size: 0.875rem; margin: 0.5rem 0 1rem; }
-    table.results th, table.results td { border: 1px solid var(--border); padding: 0.45rem 0.6rem; text-align: left; }
-    table.results th { background: #243044; color: var(--muted); font-weight: 600; }
-    .snapshot { width: 100%; border-collapse: collapse; font-size: 0.9rem; margin: 0.5rem 0; }
-    .snapshot th, .snapshot td { border: 1px solid var(--border); padding: 0.5rem 0.65rem; vertical-align: top; }
-    .snapshot th { width: 10rem; background: #243044; color: var(--muted); text-align: left; }
+      margin: 0;
+      font-family: ui-sans-serif, system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
+      background: var(--bg);
+      color: var(--text);
+      line-height: 1.55;
+      font-size: 15px;
+      padding: 2rem clamp(1rem, 4vw, 3rem) 4rem;
+      max-width: 920px;
+      margin-left: auto;
+      margin-right: auto;
+    }
+    .hero {
+      margin-bottom: 2rem;
+    }
+    .brand {
+      font-size: 0.75rem;
+      font-weight: 600;
+      letter-spacing: 0.12em;
+      text-transform: uppercase;
+      color: var(--muted);
+      margin-bottom: 0.35rem;
+    }
+    h1 {
+      font-size: 1.75rem;
+      font-weight: 700;
+      letter-spacing: -0.03em;
+      margin: 0 0 1rem;
+      color: var(--text);
+    }
+    .metrics {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 0.65rem;
+      margin-bottom: 0.5rem;
+    }
+    .metric {
+      background: var(--surface);
+      border: 1px solid var(--border);
+      border-radius: var(--radius);
+      padding: 0.5rem 0.9rem;
+      box-shadow: var(--shadow);
+      display: flex;
+      align-items: center;
+      gap: 0.5rem;
+    }
+    .metric-label { font-size: 0.72rem; color: var(--muted); text-transform: uppercase; letter-spacing: 0.04em; }
+    .metric-value { font-weight: 600; font-size: 0.95rem; }
+    .risk-low { color: var(--ok); }
+    .risk-med { color: var(--warn); }
+    .risk-high { color: var(--block); }
+    .section { margin-top: 2.25rem; }
+    .h2 {
+      font-size: 1rem;
+      font-weight: 600;
+      margin: 0 0 0.85rem;
+      color: var(--text);
+      letter-spacing: -0.02em;
+    }
+    .snapshot {
+      width: 100%;
+      border-collapse: collapse;
+      font-size: 0.9rem;
+      background: var(--surface);
+      border-radius: var(--radius);
+      overflow: hidden;
+      border: 1px solid var(--border);
+      box-shadow: var(--shadow);
+    }
+    .snapshot th, .snapshot td {
+      padding: 0.65rem 1rem;
+      text-align: left;
+      border-bottom: 1px solid var(--border);
+    }
+    .snapshot tr:last-child th, .snapshot tr:last-child td { border-bottom: none; }
+    .snapshot th {
+      width: 9rem;
+      color: var(--muted);
+      font-weight: 500;
+      background: #f1f5f9;
+    }
+    table.results {
+      width: 100%;
+      border-collapse: collapse;
+      font-size: 0.875rem;
+      background: var(--surface);
+      border-radius: var(--radius);
+      overflow: hidden;
+      border: 1px solid var(--border);
+      box-shadow: var(--shadow);
+    }
+    table.results th, table.results td {
+      padding: 0.55rem 0.85rem;
+      text-align: left;
+      border-bottom: 1px solid var(--border);
+    }
+    table.results tr:last-child td { border-bottom: none; }
+    table.results thead th {
+      background: #f1f5f9;
+      color: var(--muted);
+      font-weight: 600;
+      font-size: 0.72rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+    }
+    .td-icon { width: 2rem; vertical-align: middle; }
+    .td-num, .td-time { color: var(--muted); font-variant-numeric: tabular-nums; }
+    .check-name { font-weight: 600; }
+    .dot {
+      display: inline-block;
+      width: 8px;
+      height: 8px;
+      border-radius: 50%;
+    }
+    .dot-ok { background: var(--ok); }
+    .dot-warn { background: var(--warn); }
+    .dot-block { background: var(--block); }
+    .dot-skip { background: #cbd5e1; }
+    .panel {
+      background: var(--surface);
+      border: 1px solid var(--border);
+      border-radius: var(--radius);
+      margin-bottom: 0.65rem;
+      box-shadow: var(--shadow);
+    }
+    .panel summary {
+      cursor: pointer;
+      padding: 0.85rem 1rem;
+      list-style: none;
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      font-weight: 600;
+      font-size: 0.9rem;
+    }
+    .panel summary::-webkit-details-marker { display: none; }
+    .panel[open] summary { border-bottom: 1px solid var(--border); }
+    .panel-body { padding: 0.75rem 1rem 1rem; }
+    .nested summary { font-weight: 500; color: var(--warn); }
+    .summary-count {
+      font-size: 0.8rem;
+      font-weight: 500;
+      color: var(--muted);
+      background: #f1f5f9;
+      padding: 0.15rem 0.5rem;
+      border-radius: 999px;
+    }
     .card {
-      border: 1px solid var(--border); border-radius: 8px; padding: 0.85rem 1rem;
-      margin-bottom: 0.65rem; background: #131c28;
-    }
-    .card.sev-block { border-left: 4px solid var(--block); }
-    .card.sev-warn { border-left: 4px solid var(--warn); }
-    .card.sev-info { border-left: 4px solid var(--info); }
-    table.meta { width: 100%; font-size: 0.8rem; border-collapse: collapse; margin: 0.5rem 0; }
-    table.meta th { text-align: left; color: var(--muted); width: 5.5rem; padding: 0.2rem 0.5rem 0.2rem 0; vertical-align: top; }
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      padding: 1rem;
+      margin-bottom: 0.65rem;
+      background: #fafafa;
+    }
+    .card:last-child { margin-bottom: 0; }
+    .card.sev-block { border-left: 3px solid var(--block); }
+    .card.sev-warn { border-left: 3px solid var(--warn); }
+    .card.sev-info { border-left: 3px solid var(--info); }
+    .card-title { font-size: 0.8rem; font-weight: 600; color: var(--muted); margin-bottom: 0.35rem; }
+    .card-msg { margin: 0 0 0.65rem; font-size: 0.9rem; }
+    table.meta { width: 100%; font-size: 0.78rem; border-collapse: collapse; margin: 0.35rem 0 0; }
+    table.meta th { text-align: left; color: var(--muted); width: 4.5rem; padding: 0.2rem 0.5rem 0.2rem 0; vertical-align: top; }
     table.meta td { padding: 0.2rem 0; }
+    table.meta code { font-size: 0.85em; background: #f1f5f9; padding: 0.1rem 0.35rem; border-radius: 4px; }
     .muted { color: var(--muted); }
-    .ok { color: var(--ok); }
+    .empty-state { margin: 0; font-size: 0.9rem; color: var(--muted); }
     pre.code {
-      margin: 0.5rem 0 0; padding: 0.65rem 0.75rem; background: #0a0e14; border-radius: 6px;
-      overflow: auto; font-size: 0.78rem; border: 1px solid var(--border);
-    }
-    pre.code code { font-family: ui-monospace, monospace; white-space: pre; }
-    .suggested-fix {
-      margin-top: 0.75rem; padding-top: 0.75rem; border-top: 1px dashed var(--border);
-    }
+      margin: 0.5rem 0 0;
+      padding: 0.75rem;
+      background: #f1f5f9;
+      border-radius: 6px;
+      overflow: auto;
+      font-size: 0.78rem;
+      border: 1px solid var(--border);
+    }
+    pre.code code { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; white-space: pre; }
+    .suggested-fix { margin-top: 0.75rem; padding-top: 0.75rem; border-top: 1px dashed var(--border); }
+    .fix-label { font-size: 0.7rem; font-weight: 600; text-transform: uppercase; letter-spacing: 0.05em; color: var(--accent); margin-bottom: 0.35rem; }
+    .pill-llm { background: var(--accent-soft); color: var(--accent); padding: 0.1rem 0.4rem; border-radius: 4px; font-size: 0.65rem; }
     .fix-md { font-size: 0.85rem; white-space: pre-wrap; margin: 0.25rem 0 0.5rem; }
-    .tag {
-      font-size: 0.65rem; background: var(--accent); color: var(--bg);
-      padding: 0.1rem 0.35rem; border-radius: 4px; vertical-align: middle;
-    }
     .disclaimer { font-size: 0.72rem; color: var(--muted); margin: 0.5rem 0 0; }
-    .appendix pre.md-raw {
-      white-space: pre-wrap; font-size: 0.85rem; background: var(--panel);
-      padding: 1rem; border-radius: 8px; border: 1px solid var(--border);
-    }
-    footer { margin-top: 2.5rem; padding-top: 1rem; border-top: 1px solid var(--border); font-size: 0.8rem; color: var(--muted); }
+    pre.md-raw {
+      white-space: pre-wrap;
+      font-size: 0.85rem;
+      background: var(--surface);
+      padding: 1rem;
+      border-radius: var(--radius);
+      border: 1px solid var(--border);
+      margin: 0;
+    }
+    footer {
+      margin-top: 3rem;
+      padding-top: 1.25rem;
+      border-top: 1px solid var(--border);
+      font-size: 0.8rem;
+      color: var(--muted);
+    }
+    footer a { color: var(--accent); text-decoration: none; }
+    footer a:hover { text-decoration: underline; }
   </style>
 </head>
 <body>
-  <h1>FrontGuard review</h1>
-  <div class="badges">${badgeImgs}</div>
-  <h2>Snapshot</h2>
-  <table class="snapshot">
-    <tr><th>Risk</th><td><strong>${riskScore}</strong> (heuristic)</td></tr>
-    <tr><th>Mode</th><td>${escapeHtml(modeLabel)}</td></tr>
-    <tr><th>Stack</th><td>${escapeHtml(formatStackOneLiner(stack))}</td></tr>
-    ${prBlock}
-  </table>
+  <header class="hero">
+    <div class="brand">FrontGuard</div>
+    <h1>Code review report</h1>
+    <div class="metrics">
+      <div class="metric"><span class="metric-label">Risk</span><span class="metric-value ${riskClass}">${riskScore}</span></div>
+      <div class="metric"><span class="metric-label">Mode</span><span class="metric-value">${escapeHtml(modeLabel)}</span></div>
+      <div class="metric"><span class="metric-label">Blocking</span><span class="metric-value">${blocks}</span></div>
+      <div class="metric"><span class="metric-label">Warnings</span><span class="metric-value">${warns}</span></div>
+      <div class="metric"><span class="metric-label">Info</span><span class="metric-value">${infos}</span></div>
+    </div>
+  </header>
-  <h2>Check results</h2>
-  <table class="results">
-    <thead><tr><th></th><th>Check</th><th>Status</th><th>#</th><th>Time</th></tr></thead>
-    <tbody>${checkRows}</tbody>
-  </table>
+  <section class="section">
+    <h2 class="h2">Overview</h2>
+    <table class="snapshot">
+      <tr><th>Risk score</th><td><strong>${riskScore}</strong> <span class="muted">\u2014 heuristic</span></td></tr>
+      <tr><th>Mode</th><td>${escapeHtml(modeLabel)}</td></tr>
+      <tr><th>Stack</th><td>${escapeHtml(formatStackOneLiner(stack))}</td></tr>
+      ${prBlock}
+    </table>
+  </section>
-  <details>
-    <summary>Blocking (${blocks})</summary>
-    <div class="details-body">${blockingHtml}</div>
-  </details>
+  <section class="section">
+    <h2 class="h2">Checks</h2>
+    <table class="results">
+      <thead><tr><th></th><th>Check</th><th>Status</th><th>#</th><th>Time</th></tr></thead>
+      <tbody>${checkRows}</tbody>
+    </table>
+  </section>
-  <details>
-    <summary>Warnings (${warns})</summary>
-    <div class="details-body">${warningsHtml}</div>
-  </details>
-  <details>
-    <summary>Info (${infos})</summary>
-    <div class="details-body">${infoHtml}</div>
-  </details>
+  <section class="section">
+    <h2 class="h2">Findings</h2>
+    <details class="panel"><summary>Blocking <span class="summary-count">${blocks}</span></summary><div class="panel-body">${blockingHtml}</div></details>
+    <details class="panel"><summary>Warnings <span class="summary-count">${warns}</span></summary><div class="panel-body">${warningsHtml}</div></details>
+    <details class="panel"><summary>Info <span class="summary-count">${infos}</span></summary><div class="panel-body">${infoHtml}</div></details>
+  </section>
   ${appendix}
   <footer>
-    <p>Self-contained HTML report \u2014 open locally or from CI artifacts. Badges load from <a href="https://shields.io" style="color: var(--info);">shields.io</a>.</p>
+    <p>Static report \u2014 open in any browser. Generated by <strong>FrontGuard</strong>.</p>
   </footer>
 </body>
 </html>`;
@@ -5645,10 +6138,10 @@ async function callOllamaChat(opts) {
 // src/llm/finding-fixes.ts
 async function safeReadRepoFile(cwd, rel, maxChars) {
-  const root = path4.resolve(cwd);
-  const abs = path4.resolve(root, rel);
-  const relToRoot = path4.relative(root, abs);
-  if (relToRoot.startsWith("..") || path4.isAbsolute(relToRoot)) return null;
+  const root = path5.resolve(cwd);
+  const abs = path5.resolve(root, rel);
+  const relToRoot = path5.relative(root, abs);
+  if (relToRoot.startsWith("..") || path5.isAbsolute(relToRoot)) return null;
   try {
     let t3 = await fs.readFile(abs, "utf8");
     if (t3.length > maxChars) {
@@ -5677,7 +6170,7 @@ async function enrichFindingsWithOllamaFixes(opts) {
   }
   let pkgSnippet = "";
   try {
-    const pj = await fs.readFile(path4.join(cwd, "package.json"), "utf8");
+    const pj = await fs.readFile(path5.join(cwd, "package.json"), "utf8");
     pkgSnippet = pj.slice(0, 4e3);
   } catch {
     pkgSnippet = "";
@@ -5761,7 +6254,7 @@ async function loadManualAppendix(opts) {
   const envFile = process.env.FRONTGUARD_MANUAL_APPENDIX_FILE?.trim();
   const resolvedPath = filePath?.trim() || envFile;
   if (resolvedPath) {
-    const abs = path4.isAbsolute(resolvedPath) ? resolvedPath : path4.join(cwd, resolvedPath);
+    const abs = path5.isAbsolute(resolvedPath) ? resolvedPath : path5.join(cwd, resolvedPath);
     try {
       let text = await fs.readFile(abs, "utf8");
       if (text.length > MAX_CHARS) {
@@ -5956,21 +6449,21 @@ async function runFrontGuard(opts) {
     prettier,
     typescript,
     secrets,
-    tsAnyDelta,
     cycles,
     deadCode,
-    cwv,
+    coreWebVitals,
+    tsAnyDelta,
     customRules,
     aiStrict
   ] = await Promise.all([
-    runEslint(opts.cwd, config),
-    runPrettier(opts.cwd, config),
-    runTypeScript(opts.cwd, config, stack),
+    runEslint(opts.cwd, config, stack, pr),
+    runPrettier(opts.cwd, config, pr),
+    runTypeScript(opts.cwd, config, stack, pr),
     runSecrets(opts.cwd, config, pr),
-    runTsAnyDelta(opts.cwd, config, stack),
-    runCycles(opts.cwd, config, stack),
+    runCycles(opts.cwd, config, stack, pr),
     runDeadCode(opts.cwd, config, stack, pr),
-    runCwv(opts.cwd, config, stack, pr),
+    runCoreWebVitals(opts.cwd, config, stack, pr),
+    runTsAnyDelta(opts.cwd, config, stack),
     runCustomRules(opts.cwd, config, restrictFiles),
     runAiAssistedStrict(opts.cwd, config, pr)
   ]);
@@ -5982,15 +6475,15 @@ async function runFrontGuard(opts) {
     prettier,
     typescript,
     secrets,
-    tsAnyDelta,
     cycles,
     deadCode,
     bundle,
-    cwv,
-    customRules,
+    coreWebVitals,
     aiStrict,
     prHygiene,
-    prSize
+    prSize,
+    tsAnyDelta,
+    customRules
   ];
   applyAiAssistedEscalation(results, pr, config);
   results = await enrichFindingsWithOllamaFixes({
@@ -6021,7 +6514,7 @@ async function runFrontGuard(opts) {
   }
   if (opts.prCommentOut) {
     const snippet = formatBitbucketPrSnippet(report);
-    const abs = path4.isAbsolute(opts.prCommentOut) ? opts.prCommentOut : path4.join(opts.cwd, opts.prCommentOut);
+    const abs = path5.isAbsolute(opts.prCommentOut) ? opts.prCommentOut : path5.join(opts.cwd, opts.prCommentOut);
     await fs.writeFile(abs, snippet, "utf8");
     g.stderr.write(
       `