@getcodesentinel/codesentinel 1.12.0 → 1.13.0

package/README.md

@@ -94,7 +94,7 @@ CodeSentinel combines three signals into a single, explainable risk profile:
 
 The CLI output now includes a deterministic `risk` block composed from those dimensions:
 
-- `repositoryScore` and `normalizedScore`
+- `riskScore` and `normalizedScore`
 - ranked `hotspots`
 - `fragileClusters` (structural cycles + change coupling components)
 - `dependencyAmplificationZones`
@@ -178,6 +178,9 @@ codesentinel analyze . --author-identity likely_merge
 # Deterministic: strict email identity, no heuristic merging
 codesentinel analyze . --author-identity strict_email
 
+# Personal-project profile (down-weights single-maintainer ownership penalties)
+codesentinel analyze . --risk-profile personal
+
 # Tune recency window (days) used for evolution volatility
 codesentinel analyze . --recent-window-days 60
 
@@ -228,6 +231,10 @@ Notes:
 - `--output summary` (default) prints a compact result for terminal use.
 - `--output json` (or `--json`) prints the full analysis object.
 - `--recent-window-days <days>` customizes the git recency window used to compute `recentVolatility` (default: `30`).
+- `--risk-profile default|personal` selects scoring profile.
+  - `default`: balanced team-oriented defaults.
+  - `personal`: lowers ownership concentration and bus-factor penalties for solo-maintainer repos.
+  - `personal` does not remove structural, churn, volatility, external, or interaction risk; scores can still be elevated when those signals are high.
 
 When running through pnpm, pass CLI arguments after `--`:
 
@@ -355,7 +362,7 @@ Minimal shape:
   "evolution": { "...": "..." },
   "external": { "...": "..." },
   "risk": {
-    "repositoryScore": 0,
+    "riskScore": 0,
     "normalizedScore": 0,
     "hotspots": [],
     "fragileClusters": [],
@@ -366,7 +373,7 @@ Minimal shape:
 
 How to read `risk` first:
 
-- `repositoryScore`: overall repository fragility index (`0..100`).
+- `riskScore`: overall repository fragility index (`0..100`).
 - `hotspots`: ranked files to inspect first.
 - `fragileClusters`: groups of files with structural-cycle or co-change fragility.
 - `dependencyAmplificationZones`: files where external dependency pressure intersects with local fragility.
@@ -391,7 +398,7 @@ These ranges are heuristics for triage, not incident probability.
 
 ### What Moves Scores
 
-`risk.repositoryScore` and `risk.fileScores[*].score` increase when:
+`risk.riskScore` and `risk.fileScores[*].score` increase when:
 
 - structurally central files/modules change frequently,
 - ownership is highly concentrated in volatile files,

package/dist/index.js

@@ -1524,9 +1524,7 @@ var compareSnapshots = (current, baseline) => {
   const hotspots = diffSets(currentHotspots, baselineHotspots);
   const cycles = diffSets(currentCycles, baselineCycles);
   return {
-    repositoryScoreDelta: round43(
-      current.analysis.risk.repositoryScore - baseline.analysis.risk.repositoryScore
-    ),
+    riskScoreDelta: round43(current.analysis.risk.riskScore - baseline.analysis.risk.riskScore),
     normalizedScoreDelta: round43(
       current.analysis.risk.normalizedScore - baseline.analysis.risk.normalizedScore
     ),
@@ -1652,9 +1650,9 @@ var createReport = (snapshot, diff) => {
     generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
     repository: {
       targetPath: snapshot.analysis.structural.targetPath,
-      repositoryScore: snapshot.analysis.risk.repositoryScore,
+      riskScore: snapshot.analysis.risk.riskScore,
       normalizedScore: snapshot.analysis.risk.normalizedScore,
-      riskTier: toRiskTier(snapshot.analysis.risk.repositoryScore),
+      riskTier: toRiskTier(snapshot.analysis.risk.riskScore),
       confidence: repositoryConfidence(snapshot),
       dimensionScores: repositoryDimensionScores(snapshot)
     },
@@ -1706,7 +1704,7 @@ var renderTextDiff = (report) => {
   return [
     "",
     "Diff",
-    `  repositoryScoreDelta: ${report.diff.repositoryScoreDelta}`,
+    `  riskScoreDelta: ${report.diff.riskScoreDelta}`,
     `  normalizedScoreDelta: ${report.diff.normalizedScoreDelta}`,
     `  newHotspots: ${report.diff.newHotspots.join(", ") || "none"}`,
     `  resolvedHotspots: ${report.diff.resolvedHotspots.join(", ") || "none"}`,
@@ -1718,7 +1716,7 @@ var renderTextReport = (report) => {
   const lines = [];
   lines.push("Repository Summary");
   lines.push(`  target: ${report.repository.targetPath}`);
-  lines.push(`  repositoryScore: ${report.repository.repositoryScore}`);
+  lines.push(`  riskScore: ${report.repository.riskScore}`);
   lines.push(`  normalizedScore: ${report.repository.normalizedScore}`);
   lines.push(`  riskTier: ${report.repository.riskTier}`);
   lines.push(`  confidence: ${report.repository.confidence ?? "n/a"}`);
@@ -1780,7 +1778,7 @@ var renderMarkdownDiff = (report) => {
   return [
     "",
     "## Diff",
-    `- repositoryScoreDelta: \`${report.diff.repositoryScoreDelta}\``,
+    `- riskScoreDelta: \`${report.diff.riskScoreDelta}\``,
     `- normalizedScoreDelta: \`${report.diff.normalizedScoreDelta}\``,
     `- newHotspots: ${report.diff.newHotspots.map((item) => `\`${item}\``).join(", ") || "none"}`,
     `- resolvedHotspots: ${report.diff.resolvedHotspots.map((item) => `\`${item}\``).join(", ") || "none"}`,
@@ -1794,7 +1792,7 @@ var renderMarkdownReport = (report) => {
   lines.push("");
   lines.push("## Repository Summary");
   lines.push(`- target: \`${report.repository.targetPath}\``);
-  lines.push(`- repositoryScore: \`${report.repository.repositoryScore}\``);
+  lines.push(`- riskScore: \`${report.repository.riskScore}\``);
   lines.push(`- normalizedScore: \`${report.repository.normalizedScore}\``);
   lines.push(`- riskTier: \`${report.repository.riskTier}\``);
   lines.push(`- confidence: \`${report.repository.confidence ?? "n/a"}\``);
@@ -1973,7 +1971,7 @@ var evaluateGates = (input) => {
   const evaluatedGates = [];
   if (config.maxRepoScore !== void 0) {
     evaluatedGates.push("max-repo-score");
-    const current = input.current.analysis.risk.repositoryScore;
+    const current = input.current.analysis.risk.riskScore;
     if (current > config.maxRepoScore) {
       violations.push(
         makeViolation(
@@ -1981,7 +1979,7 @@ var evaluateGates = (input) => {
           "error",
           `Repository score ${current} exceeds configured max ${config.maxRepoScore}.`,
           [input.current.analysis.structural.targetPath],
-          [{ kind: "repository_metric", metric: "repositoryScore" }]
+          [{ kind: "repository_metric", metric: "riskScore" }]
         )
       );
     }
@@ -2093,7 +2091,7 @@ var renderCheckText = (snapshot, result) => {
   const lines = [];
   lines.push("CodeSentinel Check");
   lines.push(`target: ${snapshot.analysis.structural.targetPath}`);
-  lines.push(`repositoryScore: ${snapshot.analysis.risk.repositoryScore}`);
+  lines.push(`riskScore: ${snapshot.analysis.risk.riskScore}`);
   lines.push(`evaluatedGates: ${result.evaluatedGates.join(", ") || "none"}`);
   lines.push(`violations: ${result.violations.length}`);
   lines.push(`exitCode: ${result.exitCode}`);
@@ -2112,7 +2110,7 @@ var renderCheckMarkdown = (snapshot, result) => {
   const lines = [];
   lines.push("## CodeSentinel CI Summary");
   lines.push(`- target: \`${snapshot.analysis.structural.targetPath}\``);
-  lines.push(`- repositoryScore: \`${snapshot.analysis.risk.repositoryScore}\``);
+  lines.push(`- riskScore: \`${snapshot.analysis.risk.riskScore}\``);
   lines.push(
     `- evaluatedGates: ${result.evaluatedGates.map((item) => `\`${item}\``).join(", ") || "none"}`
   );
@@ -2495,7 +2493,7 @@ var createSummaryShape = (summary) => ({
     reason: summary.external.reason
   },
   risk: {
-    repositoryScore: summary.risk.repositoryScore,
+    riskScore: summary.risk.riskScore,
     normalizedScore: summary.risk.normalizedScore,
     hotspotsTop: summary.risk.hotspots.slice(0, 5).map((hotspot) => ({
       file: hotspot.file,
@@ -2560,7 +2558,7 @@ var formatFactorEvidence = (factor) => {
     return `structural\xD7evolution=${formatNumber(factor.rawMetrics["structuralEvolution"])}, central instability=${formatNumber(factor.rawMetrics["centralInstability"])}, dependency amplification=${formatNumber(factor.rawMetrics["dependencyAmplification"])}`;
   }
   if (factor.factorId === "file.structural") {
-    return `fanIn=${formatNumber(factor.rawMetrics["fanIn"])}, fanOut=${formatNumber(factor.rawMetrics["fanOut"])}, depth=${formatNumber(factor.rawMetrics["depth"])}, inCycle=${formatNumber(factor.rawMetrics["cycleParticipation"])}`;
+    return `fanIn=${formatNumber(factor.rawMetrics["fanIn"])}, fanOut=${formatNumber(factor.rawMetrics["fanOut"])}, depth=${formatNumber(factor.rawMetrics["depth"])}, inCycle=${formatNumber(factor.rawMetrics["cycleParticipation"])}, structuralAttenuation=${formatNumber(factor.rawMetrics["structuralAttenuation"])}`;
   }
   if (factor.factorId === "file.evolution") {
     return `commitCount=${formatNumber(factor.rawMetrics["commitCount"])}, churnTotal=${formatNumber(factor.rawMetrics["churnTotal"])}, recentVolatility=${formatNumber(factor.rawMetrics["recentVolatility"])}`;
@@ -2667,8 +2665,8 @@ var renderText = (payload) => {
   const dimensionScores = repositoryDimensionScores2(repositoryTarget);
   const compositeFactors = repositoryTopFactors.filter((factor) => factor.family === "composite");
   lines.push(`target: ${payload.summary.structural.targetPath}`);
-  lines.push(`repositoryScore: ${payload.summary.risk.repositoryScore}`);
-  lines.push(`riskBand: ${toRiskBand(payload.summary.risk.repositoryScore)}`);
+  lines.push(`riskScore: ${payload.summary.risk.riskScore}`);
+  lines.push(`riskBand: ${toRiskBand(payload.summary.risk.riskScore)}`);
   lines.push(`selectedTargets: ${payload.selectedTargets.length}`);
   lines.push("dimensionScores:");
   lines.push(`  structural: ${formatDimension(dimensionScores.structural)}`);
@@ -2707,8 +2705,8 @@ var renderMarkdown = (payload) => {
   const compositeFactors = repositoryTopFactors.filter((factor) => factor.family === "composite");
   lines.push(`# CodeSentinel Explanation`);
   lines.push(`- target: \`${payload.summary.structural.targetPath}\``);
-  lines.push(`- repositoryScore: \`${payload.summary.risk.repositoryScore}\``);
-  lines.push(`- riskBand: \`${toRiskBand(payload.summary.risk.repositoryScore)}\``);
+  lines.push(`- riskScore: \`${payload.summary.risk.riskScore}\``);
+  lines.push(`- riskBand: \`${toRiskBand(payload.summary.risk.riskScore)}\``);
   lines.push(`- selectedTargets: \`${payload.selectedTargets.length}\``);
   lines.push("");
   lines.push("## Dimension Scores (0-100)");
@@ -4308,6 +4306,17 @@ var DEFAULT_RISK_ENGINE_CONFIG = {
   externalDimension: {
     topDependencyPercentile: 0.85,
     dependencyDepthHalfLife: 6
+  },
+  // Reduce false positives for thin aggregation hubs (for example, barrel/index re-export files)
+  // that are structurally central but have low churn density and no cycle participation.
+  aggregatorAttenuation: {
+    enabled: true,
+    minFanIn: 6,
+    minFanOut: 4,
+    minCommitCount: 4,
+    maxChurnPerCommit: 24,
+    maxChurnPerDependency: 10,
+    maxStructuralReduction: 0.3
   }
 };
 var toUnitInterval = (value) => Number.isFinite(value) ? Math.min(1, Math.max(0, value)) : 0;
@@ -4400,6 +4409,35 @@ var normalizeWithScale = (value, scale) => {
   return toUnitInterval((value - scale.lower) / (scale.upper - scale.lower));
 };
 var normalizePath2 = (path) => path.replaceAll("\\", "/");
+var computeAggregatorAttenuation = (input) => {
+  const { fanIn, fanOut, inCycle, evolutionMetrics, config } = input;
+  if (!config.enabled || inCycle > 0) {
+    return 1;
+  }
+  if (fanIn < config.minFanIn || fanOut < config.minFanOut) {
+    return 1;
+  }
+  if (evolutionMetrics === void 0 || evolutionMetrics.commitCount < config.minCommitCount) {
+    return 1;
+  }
+  const churnPerCommit = evolutionMetrics.churnTotal / Math.max(1, evolutionMetrics.commitCount);
+  const churnPerDependency = evolutionMetrics.churnTotal / Math.max(1, fanOut);
+  if (churnPerCommit > config.maxChurnPerCommit || churnPerDependency > config.maxChurnPerDependency) {
+    return 1;
+  }
+  const fanInSignal = toUnitInterval((fanIn - config.minFanIn) / Math.max(1, config.minFanIn));
+  const fanOutSignal = toUnitInterval((fanOut - config.minFanOut) / Math.max(1, config.minFanOut));
+  const lowChurnPerCommitSignal = 1 - toUnitInterval(churnPerCommit / config.maxChurnPerCommit);
+  const lowChurnPerDependencySignal = 1 - toUnitInterval(churnPerDependency / config.maxChurnPerDependency);
+  const attenuationConfidence = average([
+    fanInSignal,
+    fanOutSignal,
+    lowChurnPerCommitSignal,
+    lowChurnPerDependencySignal
+  ]);
+  const reduction = toUnitInterval(config.maxStructuralReduction) * attenuationConfidence;
+  return round45(toUnitInterval(1 - reduction));
+};
 var dependencySignalWeights = {
   single_maintainer: 0.3,
   abandoned: 0.3,
@@ -4429,6 +4467,29 @@ var computeDependencySignalScore = (ownSignals, inheritedSignals, inheritedSigna
   return toUnitInterval(weightedTotal / maxWeightedTotal);
 };
 var clampConfidence = (value) => round45(toUnitInterval(value));
+var computeExternalMetadataConfidence = (external) => {
+  if (!external.available) {
+    return 0;
+  }
+  return round45(toUnitInterval(0.35 + external.metrics.metadataCoverage * 0.65));
+};
+var computeEvolutionHistoryConfidence = (structural, evolution, evolutionByFile) => {
+  if (!evolution.available) {
+    return 0;
+  }
+  const totalFiles = structural.files.length;
+  if (totalFiles === 0) {
+    return 1;
+  }
+  let coveredFiles = 0;
+  for (const file of structural.files) {
+    if (evolutionByFile.has(normalizePath2(file.id))) {
+      coveredFiles += 1;
+    }
+  }
+  const coverage = coveredFiles / totalFiles;
+  return round45(toUnitInterval(0.3 + coverage * 0.7));
+};
 var buildFactorTraces = (totalScore, inputs) => {
   const positiveInputs = inputs.filter((input) => input.strength > 0);
   const strengthTotal = positiveInputs.reduce((sum, input) => sum + input.strength, 0);
@@ -4529,6 +4590,7 @@ var computeDependencyScores = (external, config) => {
     config.quantileClamp.upper
   );
   const dependencyContexts = /* @__PURE__ */ new Map();
+  const metadataConfidence = computeExternalMetadataConfidence(external);
   const dependencyScores = external.dependencies.map((dependency) => {
     const signalScore = computeDependencySignalScore(
       dependency.ownRiskSignals,
@@ -4563,7 +4625,7 @@ var computeDependencyScores = (external, config) => {
       dependency.busFactor,
       dependency.weeklyDownloads
     ].filter((value) => value !== null).length;
-    const confidence = toUnitInterval(0.5 + availableMetricCount * 0.125);
+    const confidence = toUnitInterval((0.5 + availableMetricCount * 0.125) * metadataConfidence);
     dependencyContexts.set(dependency.name, {
       signalScore: round45(signalScore),
       stalenessRisk: round45(stalenessRisk),
@@ -4762,7 +4824,13 @@ var buildFragileClusters = (structural, evolution, fileScoresByFile, config) =>
 var computeRiskSummary = (structural, evolution, external, config, traceCollector) => {
   const collector = traceCollector;
   const dependencyComputation = computeDependencyScores(external, config);
+  const externalMetadataConfidence = computeExternalMetadataConfidence(external);
   const evolutionByFile = mapEvolutionByFile(evolution);
+  const evolutionHistoryConfidence = computeEvolutionHistoryConfidence(
+    structural,
+    evolution,
+    evolutionByFile
+  );
   const evolutionScales = computeEvolutionScales(evolutionByFile, config);
   const cycleFileSet = new Set(
     structural.cycles.flatMap((cycle) => cycle.nodes.map((node) => normalizePath2(node)))
@@ -4794,10 +4862,10 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
     const fanOutRisk = normalizeWithScale(logScale(file.fanOut), fanOutScale);
     const depthRisk = normalizeWithScale(file.depth, depthScale);
     const structuralWeights = config.structuralFactorWeights;
-    const structuralFactor = toUnitInterval(
+    const structuralFactorRaw = toUnitInterval(
       fanInRisk * structuralWeights.fanIn + fanOutRisk * structuralWeights.fanOut + depthRisk * structuralWeights.depth + inCycle * structuralWeights.cycleParticipation
     );
-    const structuralCentrality = toUnitInterval((fanInRisk + fanOutRisk) / 2);
+    const structuralCentralityRaw = toUnitInterval((fanInRisk + fanOutRisk) / 2);
     let evolutionFactor = 0;
     let frequencyRisk = 0;
     let churnRisk = 0;
@@ -4824,6 +4892,15 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         frequencyRisk * evolutionWeights.frequency + churnRisk * evolutionWeights.churn + volatilityRisk * evolutionWeights.recentVolatility + ownershipConcentrationRisk * evolutionWeights.ownershipConcentration + busFactorRisk * evolutionWeights.busFactorRisk
       );
     }
+    const structuralAttenuation = computeAggregatorAttenuation({
+      fanIn: file.fanIn,
+      fanOut: file.fanOut,
+      inCycle,
+      evolutionMetrics,
+      config: config.aggregatorAttenuation
+    });
+    const structuralFactor = toUnitInterval(structuralFactorRaw * structuralAttenuation);
+    const structuralCentrality = toUnitInterval(structuralCentralityRaw * structuralAttenuation);
     const dependencyAffinity = toUnitInterval(structuralCentrality * 0.6 + evolutionFactor * 0.4);
     const externalFactor = external.available ? toUnitInterval(dependencyComputation.repositoryExternalPressure * dependencyAffinity) : 0;
     const structuralBase = structuralFactor * dimensionWeights.structural;
@@ -4868,7 +4945,8 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         topAuthorShare: evolutionMetrics?.topAuthorShare ?? null,
         busFactor: evolutionMetrics?.busFactor ?? null,
         dependencyAffinity: round45(dependencyAffinity),
-        repositoryExternalPressure: round45(dependencyComputation.repositoryExternalPressure)
+        repositoryExternalPressure: round45(dependencyComputation.repositoryExternalPressure),
+        structuralAttenuation: round45(structuralAttenuation)
       },
       normalizedMetrics: {
         fanInRisk: round45(fanInRisk),
@@ -4911,7 +4989,8 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
             fanIn: context.rawMetrics.fanIn,
             fanOut: context.rawMetrics.fanOut,
             depth: context.rawMetrics.depth,
-            cycleParticipation: context.rawMetrics.cycleParticipation
+            cycleParticipation: context.rawMetrics.cycleParticipation,
+            structuralAttenuation: context.rawMetrics.structuralAttenuation
           },
           normalizedMetrics: {
             fanInRisk: context.normalizedMetrics.fanInRisk,
@@ -4946,7 +5025,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           weight: dimensionWeights.evolution,
           amplification: null,
           evidence: [{ kind: "file_metric", target: context.file, metric: "commitCount" }],
-          confidence: evolution.available ? 1 : 0
+          confidence: evolution.available ? evolutionHistoryConfidence * (context.rawMetrics.commitCount === null ? 0.5 : 1) : 0
         },
         {
           factorId: "file.external",
@@ -4962,7 +5041,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           weight: dimensionWeights.external,
           amplification: null,
           evidence: [{ kind: "repository_metric", metric: "repositoryExternalPressure" }],
-          confidence: external.available ? 0.7 : 0
+          confidence: external.available ? 0.7 * externalMetadataConfidence : 0
         },
         {
           factorId: "file.composite.interactions",
@@ -5090,7 +5169,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           weight: config.dependencyFactorWeights.signals,
           amplification: config.dependencySignals.inheritedSignalMultiplier,
           evidence: [{ kind: "dependency_metric", target: dependency.name, metric: "riskSignals" }],
-          confidence: 0.95
+          confidence: 0.95 * externalMetadataConfidence
         },
         {
           factorId: "dependency.staleness",
@@ -5103,7 +5182,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           evidence: [
             { kind: "dependency_metric", target: dependency.name, metric: "daysSinceLastRelease" }
           ],
-          confidence: hasMetadata ? 0.9 : 0.5
+          confidence: (hasMetadata ? 0.9 : 0.5) * externalMetadataConfidence
         },
         {
           factorId: "dependency.maintainer_concentration",
@@ -5118,7 +5197,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           evidence: [
             { kind: "dependency_metric", target: dependency.name, metric: "maintainerCount" }
           ],
-          confidence: hasMetadata ? 0.9 : 0.5
+          confidence: (hasMetadata ? 0.9 : 0.5) * externalMetadataConfidence
         },
         {
           factorId: "dependency.topology",
@@ -5139,7 +5218,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           evidence: [
             { kind: "dependency_metric", target: dependency.name, metric: "dependencyDepth" }
           ],
-          confidence: 1
+          confidence: 1 * externalMetadataConfidence
         },
         {
           factorId: "dependency.bus_factor",
@@ -5150,7 +5229,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           weight: config.dependencyFactorWeights.busFactorRisk,
           amplification: null,
           evidence: [{ kind: "dependency_metric", target: dependency.name, metric: "busFactor" }],
-          confidence: context.rawMetrics.busFactor === null ? 0.5 : 0.85
+          confidence: (context.rawMetrics.busFactor === null ? 0.5 : 0.85) * externalMetadataConfidence
         },
         {
           factorId: "dependency.popularity_dampening",
@@ -5163,7 +5242,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
           evidence: [
             { kind: "dependency_metric", target: dependency.name, metric: "weeklyDownloads" }
           ],
-          confidence: context.rawMetrics.weeklyDownloads === null ? 0.4 : 0.9
+          confidence: (context.rawMetrics.weeklyDownloads === null ? 0.4 : 0.9) * externalMetadataConfidence
         }
       ]);
       collector.record(
@@ -5197,9 +5276,9 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
     criticalInstability * config.interactionWeights.centralInstability,
     dependencyAmplification * config.interactionWeights.dependencyAmplification
   ]);
-  const repositoryScore = round45(repositoryNormalizedScore * 100);
+  const riskScore = round45(repositoryNormalizedScore * 100);
   if (collector !== void 0) {
-    const repositoryFactors = buildFactorTraces(repositoryScore, [
+    const repositoryFactors = buildFactorTraces(riskScore, [
       {
         factorId: "repository.structural",
         family: "structural",
@@ -5220,7 +5299,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         weight: dimensionWeights.evolution,
         amplification: null,
         evidence: [{ kind: "repository_metric", metric: "evolutionDimension" }],
-        confidence: evolution.available ? 1 : 0
+        confidence: evolution.available ? evolutionHistoryConfidence : 0
       },
       {
         factorId: "repository.external",
@@ -5231,7 +5310,7 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         weight: dimensionWeights.external,
         amplification: null,
         evidence: [{ kind: "repository_metric", metric: "externalDimension" }],
-        confidence: external.available ? 0.8 : 0
+        confidence: external.available ? 0.8 * externalMetadataConfidence : 0
       },
       {
         factorId: "repository.composite.interactions",
@@ -5262,14 +5341,14 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
       buildTargetTrace(
         "repository",
         structural.targetPath,
-        repositoryScore,
+        riskScore,
         repositoryNormalizedScore,
         repositoryFactors
       )
     );
   }
   return {
-    repositoryScore,
+    riskScore,
     normalizedScore: round45(repositoryNormalizedScore),
     hotspots,
     fragileClusters,
@@ -5360,6 +5439,10 @@ var mergeConfig = (overrides) => {
     externalDimension: {
       ...DEFAULT_RISK_ENGINE_CONFIG.externalDimension,
       ...overrides.externalDimension
+    },
+    aggregatorAttenuation: {
+      ...DEFAULT_RISK_ENGINE_CONFIG.aggregatorAttenuation,
+      ...overrides.aggregatorAttenuation
     }
   };
 };
@@ -5391,6 +5474,21 @@ var evaluateRepositoryRisk = (input, options = {}) => {
 
 // src/application/run-analyze-command.ts
 var resolveTargetPath = (inputPath, cwd) => resolve3(cwd, inputPath ?? ".");
+var riskProfileConfig = {
+  default: void 0,
+  personal: {
+    evolutionFactorWeights: {
+      frequency: 0.26,
+      churn: 0.24,
+      recentVolatility: 0.2,
+      ownershipConcentration: 0.08,
+      busFactorRisk: 0.04
+    }
+  }
+};
+var resolveRiskConfigForProfile = (riskProfile) => {
+  return riskProfileConfig[riskProfile ?? "default"];
+};
 var createExternalProgressReporter = (logger) => {
   let lastLoggedProgress = 0;
   return (event) => {
@@ -5558,8 +5656,12 @@ var runAnalyzeCommand = async (inputPath, authorIdentityMode, options = {}, logg
     logger
   );
   logger.info("computing risk summary");
-  const risk = computeRepositoryRiskSummary(analysisInputs);
-  logger.info(`analysis completed (repositoryScore=${risk.repositoryScore})`);
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const risk = computeRepositoryRiskSummary({
+    ...analysisInputs,
+    ...riskConfig === void 0 ? {} : { config: riskConfig }
+  });
+  logger.info(`analysis completed (riskScore=${risk.riskScore})`);
   return {
     ...analysisInputs,
     risk
@@ -5579,7 +5681,14 @@ var buildAnalysisSnapshot = async (inputPath, authorIdentityMode, options, logge
     },
     logger
   );
-  const evaluation = evaluateRepositoryRisk(analysisInputs, { explain: options.includeTrace });
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const evaluation = evaluateRepositoryRisk(
+    {
+      ...analysisInputs,
+      ...riskConfig === void 0 ? {} : { config: riskConfig }
+    },
+    { explain: options.includeTrace }
+  );
   const summary = {
     ...analysisInputs,
     risk: evaluation.summary
@@ -5590,6 +5699,7 @@ var buildAnalysisSnapshot = async (inputPath, authorIdentityMode, options, logge
     analysisConfig: {
       authorIdentityMode,
       includeTrace: options.includeTrace,
+      riskProfile: options.riskProfile ?? "default",
       recentWindowDays: analysisInputs.evolution.available ? analysisInputs.evolution.metrics.recentWindowDays : options.recentWindowDays ?? null
     }
   });
@@ -5624,6 +5734,7 @@ var runCheckCommand = async (inputPath, authorIdentityMode, options, logger = cr
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5692,6 +5803,7 @@ var runCiCommand = async (inputPath, authorIdentityMode, options, logger = creat
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5750,6 +5862,7 @@ var runCiCommand = async (inputPath, authorIdentityMode, options, logger = creat
             authorIdentityMode,
             {
               includeTrace: options.includeTrace,
+              ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
               ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
             },
             logger
@@ -5825,6 +5938,7 @@ var runReportCommand = async (inputPath, authorIdentityMode, options, logger = c
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5881,7 +5995,14 @@ var runExplainCommand = async (inputPath, authorIdentityMode, options, logger =
     logger
   );
   logger.info("computing explainable risk summary");
-  const evaluation = evaluateRepositoryRisk(analysisInputs, { explain: true });
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const evaluation = evaluateRepositoryRisk(
+    {
+      ...analysisInputs,
+      ...riskConfig === void 0 ? {} : { config: riskConfig }
+    },
+    { explain: true }
+  );
   if (evaluation.trace === void 0) {
     throw new Error("risk trace unavailable");
   }
@@ -5889,7 +6010,7 @@ var runExplainCommand = async (inputPath, authorIdentityMode, options, logger =
     ...analysisInputs,
     risk: evaluation.summary
   };
-  logger.info(`explanation completed (repositoryScore=${summary.risk.repositoryScore})`);
+  logger.info(`explanation completed (riskScore=${summary.risk.riskScore})`);
   return {
     summary,
     trace: evaluation.trace,
@@ -5908,8 +6029,12 @@ var parseRecentWindowDays = (value) => {
   }
   return parsed;
 };
+var riskProfileOption = () => new Option(
+  "--risk-profile <profile>",
+  "risk profile: default (balanced) or personal (down-weights single-maintainer ownership penalties)"
+).choices(["default", "personal"]).default("default");
 program.name("codesentinel").description("Structural and evolutionary risk analysis for TypeScript/JavaScript codebases").version(version);
-program.command("analyze").argument("[path]", "path to the project to analyze").addOption(
+program.command("analyze").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -5932,7 +6057,7 @@ program.command("analyze").argument("[path]", "path to the project to analyze").
     const summary = await runAnalyzeCommand(
       path,
       options.authorIdentity,
-      { recentWindowDays: options.recentWindowDays },
+      { recentWindowDays: options.recentWindowDays, riskProfile: options.riskProfile },
       logger
     );
     const outputMode = options.json === true ? "json" : options.output;
@@ -5940,7 +6065,7 @@ program.command("analyze").argument("[path]", "path to the project to analyze").
 `);
   }
 );
-program.command("explain").argument("[path]", "path to the project to analyze").addOption(
+program.command("explain").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -5966,6 +6091,7 @@ program.command("explain").argument("[path]", "path to the project to analyze").
       ...options.module === void 0 ? {} : { module: options.module },
       top: Number.isFinite(top) ? top : 5,
       recentWindowDays: options.recentWindowDays,
+      riskProfile: options.riskProfile,
       format: options.format
     };
     const result = await runExplainCommand(path, options.authorIdentity, explainOptions, logger);
@@ -6003,7 +6129,7 @@ program.command("dependency-risk").argument("<dependency>", "dependency spec to
 `);
   }
 );
-program.command("report").argument("[path]", "path to the project to analyze").addOption(
+program.command("report").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6032,6 +6158,7 @@ program.command("report").argument("[path]", "path to the project to analyze").a
         ...options.compare === void 0 ? {} : { comparePath: options.compare },
         ...options.snapshot === void 0 ? {} : { snapshotPath: options.snapshot },
         includeTrace: options.trace,
+        riskProfile: options.riskProfile,
         recentWindowDays: options.recentWindowDays
       },
       logger
@@ -6083,7 +6210,7 @@ var buildGateConfigFromOptions = (options) => {
     failOn: options.failOn
   };
 };
-program.command("check").argument("[path]", "path to the project to analyze").addOption(
+program.command("check").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6113,6 +6240,7 @@ program.command("check").argument("[path]", "path to the project to analyze").ad
         {
           ...options.compare === void 0 ? {} : { baselinePath: options.compare },
           includeTrace: options.trace,
+          riskProfile: options.riskProfile,
           recentWindowDays: options.recentWindowDays,
           gateConfig,
           outputFormat: options.format,
@@ -6136,7 +6264,7 @@ program.command("check").argument("[path]", "path to the project to analyze").ad
     }
   }
 );
-program.command("ci").argument("[path]", "path to the project to analyze").addOption(
+program.command("ci").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6185,6 +6313,7 @@ program.command("ci").argument("[path]", "path to the project to analyze").addOp
           ...options.report === void 0 ? {} : { reportPath: options.report },
           ...options.jsonOutput === void 0 ? {} : { jsonOutputPath: options.jsonOutput },
           includeTrace: options.trace,
+          riskProfile: options.riskProfile,
           recentWindowDays: options.recentWindowDays,
           gateConfig
         },