npm - @getcodesentinel/codesentinel - Versions diffs - 1.12.1 → 1.13.0 - Mend

@getcodesentinel/codesentinel 1.12.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -94,7 +94,7 @@ CodeSentinel combines three signals into a single, explainable risk profile:
 The CLI output now includes a deterministic `risk` block composed from those dimensions:
-- `repositoryScore` and `normalizedScore`
+- `riskScore` and `normalizedScore`
 - ranked `hotspots`
 - `fragileClusters` (structural cycles + change coupling components)
 - `dependencyAmplificationZones`
@@ -178,6 +178,9 @@ codesentinel analyze . --author-identity likely_merge
 # Deterministic: strict email identity, no heuristic merging
 codesentinel analyze . --author-identity strict_email
+# Personal-project profile (down-weights single-maintainer ownership penalties)
+codesentinel analyze . --risk-profile personal
 # Tune recency window (days) used for evolution volatility
 codesentinel analyze . --recent-window-days 60
@@ -228,6 +231,10 @@ Notes:
 - `--output summary` (default) prints a compact result for terminal use.
 - `--output json` (or `--json`) prints the full analysis object.
 - `--recent-window-days <days>` customizes the git recency window used to compute `recentVolatility` (default: `30`).
+- `--risk-profile default|personal` selects scoring profile.
+  - `default`: balanced team-oriented defaults.
+  - `personal`: lowers ownership concentration and bus-factor penalties for solo-maintainer repos.
+  - `personal` does not remove structural, churn, volatility, external, or interaction risk; scores can still be elevated when those signals are high.
 When running through pnpm, pass CLI arguments after `--`:
@@ -355,7 +362,7 @@ Minimal shape:
   "evolution": { "...": "..." },
   "external": { "...": "..." },
   "risk": {
-    "repositoryScore": 0,
+    "riskScore": 0,
     "normalizedScore": 0,
     "hotspots": [],
     "fragileClusters": [],
@@ -366,7 +373,7 @@ Minimal shape:
 How to read `risk` first:
-- `repositoryScore`: overall repository fragility index (`0..100`).
+- `riskScore`: overall repository fragility index (`0..100`).
 - `hotspots`: ranked files to inspect first.
 - `fragileClusters`: groups of files with structural-cycle or co-change fragility.
 - `dependencyAmplificationZones`: files where external dependency pressure intersects with local fragility.
@@ -391,7 +398,7 @@ These ranges are heuristics for triage, not incident probability.
 ### What Moves Scores
-`risk.repositoryScore` and `risk.fileScores[*].score` increase when:
+`risk.riskScore` and `risk.fileScores[*].score` increase when:
 - structurally central files/modules change frequently,
 - ownership is highly concentrated in volatile files,

package/dist/index.js CHANGED Viewed

@@ -1524,9 +1524,7 @@ var compareSnapshots = (current, baseline) => {
   const hotspots = diffSets(currentHotspots, baselineHotspots);
   const cycles = diffSets(currentCycles, baselineCycles);
   return {
-    repositoryScoreDelta: round43(
-      current.analysis.risk.repositoryScore - baseline.analysis.risk.repositoryScore
-    ),
+    riskScoreDelta: round43(current.analysis.risk.riskScore - baseline.analysis.risk.riskScore),
     normalizedScoreDelta: round43(
       current.analysis.risk.normalizedScore - baseline.analysis.risk.normalizedScore
     ),
@@ -1652,9 +1650,9 @@ var createReport = (snapshot, diff) => {
     generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
     repository: {
       targetPath: snapshot.analysis.structural.targetPath,
-      repositoryScore: snapshot.analysis.risk.repositoryScore,
+      riskScore: snapshot.analysis.risk.riskScore,
       normalizedScore: snapshot.analysis.risk.normalizedScore,
-      riskTier: toRiskTier(snapshot.analysis.risk.repositoryScore),
+      riskTier: toRiskTier(snapshot.analysis.risk.riskScore),
       confidence: repositoryConfidence(snapshot),
       dimensionScores: repositoryDimensionScores(snapshot)
     },
@@ -1706,7 +1704,7 @@ var renderTextDiff = (report) => {
   return [
     "",
     "Diff",
-    `  repositoryScoreDelta: ${report.diff.repositoryScoreDelta}`,
+    `  riskScoreDelta: ${report.diff.riskScoreDelta}`,
     `  normalizedScoreDelta: ${report.diff.normalizedScoreDelta}`,
     `  newHotspots: ${report.diff.newHotspots.join(", ") || "none"}`,
     `  resolvedHotspots: ${report.diff.resolvedHotspots.join(", ") || "none"}`,
@@ -1718,7 +1716,7 @@ var renderTextReport = (report) => {
   const lines = [];
   lines.push("Repository Summary");
   lines.push(`  target: ${report.repository.targetPath}`);
-  lines.push(`  repositoryScore: ${report.repository.repositoryScore}`);
+  lines.push(`  riskScore: ${report.repository.riskScore}`);
   lines.push(`  normalizedScore: ${report.repository.normalizedScore}`);
   lines.push(`  riskTier: ${report.repository.riskTier}`);
   lines.push(`  confidence: ${report.repository.confidence ?? "n/a"}`);
@@ -1780,7 +1778,7 @@ var renderMarkdownDiff = (report) => {
   return [
     "",
     "## Diff",
-    `- repositoryScoreDelta: \`${report.diff.repositoryScoreDelta}\``,
+    `- riskScoreDelta: \`${report.diff.riskScoreDelta}\``,
     `- normalizedScoreDelta: \`${report.diff.normalizedScoreDelta}\``,
     `- newHotspots: ${report.diff.newHotspots.map((item) => `\`${item}\``).join(", ") || "none"}`,
     `- resolvedHotspots: ${report.diff.resolvedHotspots.map((item) => `\`${item}\``).join(", ") || "none"}`,
@@ -1794,7 +1792,7 @@ var renderMarkdownReport = (report) => {
   lines.push("");
   lines.push("## Repository Summary");
   lines.push(`- target: \`${report.repository.targetPath}\``);
-  lines.push(`- repositoryScore: \`${report.repository.repositoryScore}\``);
+  lines.push(`- riskScore: \`${report.repository.riskScore}\``);
   lines.push(`- normalizedScore: \`${report.repository.normalizedScore}\``);
   lines.push(`- riskTier: \`${report.repository.riskTier}\``);
   lines.push(`- confidence: \`${report.repository.confidence ?? "n/a"}\``);
@@ -1973,7 +1971,7 @@ var evaluateGates = (input) => {
   const evaluatedGates = [];
   if (config.maxRepoScore !== void 0) {
     evaluatedGates.push("max-repo-score");
-    const current = input.current.analysis.risk.repositoryScore;
+    const current = input.current.analysis.risk.riskScore;
     if (current > config.maxRepoScore) {
       violations.push(
         makeViolation(
@@ -1981,7 +1979,7 @@ var evaluateGates = (input) => {
           "error",
           `Repository score ${current} exceeds configured max ${config.maxRepoScore}.`,
           [input.current.analysis.structural.targetPath],
-          [{ kind: "repository_metric", metric: "repositoryScore" }]
+          [{ kind: "repository_metric", metric: "riskScore" }]
         )
       );
     }
@@ -2093,7 +2091,7 @@ var renderCheckText = (snapshot, result) => {
   const lines = [];
   lines.push("CodeSentinel Check");
   lines.push(`target: ${snapshot.analysis.structural.targetPath}`);
-  lines.push(`repositoryScore: ${snapshot.analysis.risk.repositoryScore}`);
+  lines.push(`riskScore: ${snapshot.analysis.risk.riskScore}`);
   lines.push(`evaluatedGates: ${result.evaluatedGates.join(", ") || "none"}`);
   lines.push(`violations: ${result.violations.length}`);
   lines.push(`exitCode: ${result.exitCode}`);
@@ -2112,7 +2110,7 @@ var renderCheckMarkdown = (snapshot, result) => {
   const lines = [];
   lines.push("## CodeSentinel CI Summary");
   lines.push(`- target: \`${snapshot.analysis.structural.targetPath}\``);
-  lines.push(`- repositoryScore: \`${snapshot.analysis.risk.repositoryScore}\``);
+  lines.push(`- riskScore: \`${snapshot.analysis.risk.riskScore}\``);
   lines.push(
     `- evaluatedGates: ${result.evaluatedGates.map((item) => `\`${item}\``).join(", ") || "none"}`
   );
@@ -2495,7 +2493,7 @@ var createSummaryShape = (summary) => ({
     reason: summary.external.reason
   },
   risk: {
-    repositoryScore: summary.risk.repositoryScore,
+    riskScore: summary.risk.riskScore,
     normalizedScore: summary.risk.normalizedScore,
     hotspotsTop: summary.risk.hotspots.slice(0, 5).map((hotspot) => ({
       file: hotspot.file,
@@ -2560,7 +2558,7 @@ var formatFactorEvidence = (factor) => {
     return `structural\xD7evolution=${formatNumber(factor.rawMetrics["structuralEvolution"])}, central instability=${formatNumber(factor.rawMetrics["centralInstability"])}, dependency amplification=${formatNumber(factor.rawMetrics["dependencyAmplification"])}`;
   }
   if (factor.factorId === "file.structural") {
-    return `fanIn=${formatNumber(factor.rawMetrics["fanIn"])}, fanOut=${formatNumber(factor.rawMetrics["fanOut"])}, depth=${formatNumber(factor.rawMetrics["depth"])}, inCycle=${formatNumber(factor.rawMetrics["cycleParticipation"])}`;
+    return `fanIn=${formatNumber(factor.rawMetrics["fanIn"])}, fanOut=${formatNumber(factor.rawMetrics["fanOut"])}, depth=${formatNumber(factor.rawMetrics["depth"])}, inCycle=${formatNumber(factor.rawMetrics["cycleParticipation"])}, structuralAttenuation=${formatNumber(factor.rawMetrics["structuralAttenuation"])}`;
   }
   if (factor.factorId === "file.evolution") {
     return `commitCount=${formatNumber(factor.rawMetrics["commitCount"])}, churnTotal=${formatNumber(factor.rawMetrics["churnTotal"])}, recentVolatility=${formatNumber(factor.rawMetrics["recentVolatility"])}`;
@@ -2667,8 +2665,8 @@ var renderText = (payload) => {
   const dimensionScores = repositoryDimensionScores2(repositoryTarget);
   const compositeFactors = repositoryTopFactors.filter((factor) => factor.family === "composite");
   lines.push(`target: ${payload.summary.structural.targetPath}`);
-  lines.push(`repositoryScore: ${payload.summary.risk.repositoryScore}`);
-  lines.push(`riskBand: ${toRiskBand(payload.summary.risk.repositoryScore)}`);
+  lines.push(`riskScore: ${payload.summary.risk.riskScore}`);
+  lines.push(`riskBand: ${toRiskBand(payload.summary.risk.riskScore)}`);
   lines.push(`selectedTargets: ${payload.selectedTargets.length}`);
   lines.push("dimensionScores:");
   lines.push(`  structural: ${formatDimension(dimensionScores.structural)}`);
@@ -2707,8 +2705,8 @@ var renderMarkdown = (payload) => {
   const compositeFactors = repositoryTopFactors.filter((factor) => factor.family === "composite");
   lines.push(`# CodeSentinel Explanation`);
   lines.push(`- target: \`${payload.summary.structural.targetPath}\``);
-  lines.push(`- repositoryScore: \`${payload.summary.risk.repositoryScore}\``);
-  lines.push(`- riskBand: \`${toRiskBand(payload.summary.risk.repositoryScore)}\``);
+  lines.push(`- riskScore: \`${payload.summary.risk.riskScore}\``);
+  lines.push(`- riskBand: \`${toRiskBand(payload.summary.risk.riskScore)}\``);
   lines.push(`- selectedTargets: \`${payload.selectedTargets.length}\``);
   lines.push("");
   lines.push("## Dimension Scores (0-100)");
@@ -4308,6 +4306,17 @@ var DEFAULT_RISK_ENGINE_CONFIG = {
   externalDimension: {
     topDependencyPercentile: 0.85,
     dependencyDepthHalfLife: 6
+  },
+  // Reduce false positives for thin aggregation hubs (for example, barrel/index re-export files)
+  // that are structurally central but have low churn density and no cycle participation.
+  aggregatorAttenuation: {
+    enabled: true,
+    minFanIn: 6,
+    minFanOut: 4,
+    minCommitCount: 4,
+    maxChurnPerCommit: 24,
+    maxChurnPerDependency: 10,
+    maxStructuralReduction: 0.3
   }
 };
 var toUnitInterval = (value) => Number.isFinite(value) ? Math.min(1, Math.max(0, value)) : 0;
@@ -4400,6 +4409,35 @@ var normalizeWithScale = (value, scale) => {
   return toUnitInterval((value - scale.lower) / (scale.upper - scale.lower));
 };
 var normalizePath2 = (path) => path.replaceAll("\\", "/");
+var computeAggregatorAttenuation = (input) => {
+  const { fanIn, fanOut, inCycle, evolutionMetrics, config } = input;
+  if (!config.enabled || inCycle > 0) {
+    return 1;
+  }
+  if (fanIn < config.minFanIn || fanOut < config.minFanOut) {
+    return 1;
+  }
+  if (evolutionMetrics === void 0 || evolutionMetrics.commitCount < config.minCommitCount) {
+    return 1;
+  }
+  const churnPerCommit = evolutionMetrics.churnTotal / Math.max(1, evolutionMetrics.commitCount);
+  const churnPerDependency = evolutionMetrics.churnTotal / Math.max(1, fanOut);
+  if (churnPerCommit > config.maxChurnPerCommit || churnPerDependency > config.maxChurnPerDependency) {
+    return 1;
+  }
+  const fanInSignal = toUnitInterval((fanIn - config.minFanIn) / Math.max(1, config.minFanIn));
+  const fanOutSignal = toUnitInterval((fanOut - config.minFanOut) / Math.max(1, config.minFanOut));
+  const lowChurnPerCommitSignal = 1 - toUnitInterval(churnPerCommit / config.maxChurnPerCommit);
+  const lowChurnPerDependencySignal = 1 - toUnitInterval(churnPerDependency / config.maxChurnPerDependency);
+  const attenuationConfidence = average([
+    fanInSignal,
+    fanOutSignal,
+    lowChurnPerCommitSignal,
+    lowChurnPerDependencySignal
+  ]);
+  const reduction = toUnitInterval(config.maxStructuralReduction) * attenuationConfidence;
+  return round45(toUnitInterval(1 - reduction));
+};
 var dependencySignalWeights = {
   single_maintainer: 0.3,
   abandoned: 0.3,
@@ -4824,10 +4862,10 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
     const fanOutRisk = normalizeWithScale(logScale(file.fanOut), fanOutScale);
     const depthRisk = normalizeWithScale(file.depth, depthScale);
     const structuralWeights = config.structuralFactorWeights;
-    const structuralFactor = toUnitInterval(
+    const structuralFactorRaw = toUnitInterval(
       fanInRisk * structuralWeights.fanIn + fanOutRisk * structuralWeights.fanOut + depthRisk * structuralWeights.depth + inCycle * structuralWeights.cycleParticipation
     );
-    const structuralCentrality = toUnitInterval((fanInRisk + fanOutRisk) / 2);
+    const structuralCentralityRaw = toUnitInterval((fanInRisk + fanOutRisk) / 2);
     let evolutionFactor = 0;
     let frequencyRisk = 0;
     let churnRisk = 0;
@@ -4854,6 +4892,15 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         frequencyRisk * evolutionWeights.frequency + churnRisk * evolutionWeights.churn + volatilityRisk * evolutionWeights.recentVolatility + ownershipConcentrationRisk * evolutionWeights.ownershipConcentration + busFactorRisk * evolutionWeights.busFactorRisk
       );
     }
+    const structuralAttenuation = computeAggregatorAttenuation({
+      fanIn: file.fanIn,
+      fanOut: file.fanOut,
+      inCycle,
+      evolutionMetrics,
+      config: config.aggregatorAttenuation
+    });
+    const structuralFactor = toUnitInterval(structuralFactorRaw * structuralAttenuation);
+    const structuralCentrality = toUnitInterval(structuralCentralityRaw * structuralAttenuation);
     const dependencyAffinity = toUnitInterval(structuralCentrality * 0.6 + evolutionFactor * 0.4);
     const externalFactor = external.available ? toUnitInterval(dependencyComputation.repositoryExternalPressure * dependencyAffinity) : 0;
     const structuralBase = structuralFactor * dimensionWeights.structural;
@@ -4898,7 +4945,8 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
         topAuthorShare: evolutionMetrics?.topAuthorShare ?? null,
         busFactor: evolutionMetrics?.busFactor ?? null,
         dependencyAffinity: round45(dependencyAffinity),
-        repositoryExternalPressure: round45(dependencyComputation.repositoryExternalPressure)
+        repositoryExternalPressure: round45(dependencyComputation.repositoryExternalPressure),
+        structuralAttenuation: round45(structuralAttenuation)
       },
       normalizedMetrics: {
         fanInRisk: round45(fanInRisk),
@@ -4941,7 +4989,8 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
             fanIn: context.rawMetrics.fanIn,
             fanOut: context.rawMetrics.fanOut,
             depth: context.rawMetrics.depth,
-            cycleParticipation: context.rawMetrics.cycleParticipation
+            cycleParticipation: context.rawMetrics.cycleParticipation,
+            structuralAttenuation: context.rawMetrics.structuralAttenuation
           },
           normalizedMetrics: {
             fanInRisk: context.normalizedMetrics.fanInRisk,
@@ -5227,9 +5276,9 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
     criticalInstability * config.interactionWeights.centralInstability,
     dependencyAmplification * config.interactionWeights.dependencyAmplification
   ]);
-  const repositoryScore = round45(repositoryNormalizedScore * 100);
+  const riskScore = round45(repositoryNormalizedScore * 100);
   if (collector !== void 0) {
-    const repositoryFactors = buildFactorTraces(repositoryScore, [
+    const repositoryFactors = buildFactorTraces(riskScore, [
       {
         factorId: "repository.structural",
         family: "structural",
@@ -5292,14 +5341,14 @@ var computeRiskSummary = (structural, evolution, external, config, traceCollecto
       buildTargetTrace(
         "repository",
         structural.targetPath,
-        repositoryScore,
+        riskScore,
         repositoryNormalizedScore,
         repositoryFactors
       )
     );
   }
   return {
-    repositoryScore,
+    riskScore,
     normalizedScore: round45(repositoryNormalizedScore),
     hotspots,
     fragileClusters,
@@ -5390,6 +5439,10 @@ var mergeConfig = (overrides) => {
     externalDimension: {
       ...DEFAULT_RISK_ENGINE_CONFIG.externalDimension,
       ...overrides.externalDimension
+    },
+    aggregatorAttenuation: {
+      ...DEFAULT_RISK_ENGINE_CONFIG.aggregatorAttenuation,
+      ...overrides.aggregatorAttenuation
     }
   };
 };
@@ -5421,6 +5474,21 @@ var evaluateRepositoryRisk = (input, options = {}) => {
 // src/application/run-analyze-command.ts
 var resolveTargetPath = (inputPath, cwd) => resolve3(cwd, inputPath ?? ".");
+var riskProfileConfig = {
+  default: void 0,
+  personal: {
+    evolutionFactorWeights: {
+      frequency: 0.26,
+      churn: 0.24,
+      recentVolatility: 0.2,
+      ownershipConcentration: 0.08,
+      busFactorRisk: 0.04
+    }
+  }
+};
+var resolveRiskConfigForProfile = (riskProfile) => {
+  return riskProfileConfig[riskProfile ?? "default"];
+};
 var createExternalProgressReporter = (logger) => {
   let lastLoggedProgress = 0;
   return (event) => {
@@ -5588,8 +5656,12 @@ var runAnalyzeCommand = async (inputPath, authorIdentityMode, options = {}, logg
     logger
   );
   logger.info("computing risk summary");
-  const risk = computeRepositoryRiskSummary(analysisInputs);
-  logger.info(`analysis completed (repositoryScore=${risk.repositoryScore})`);
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const risk = computeRepositoryRiskSummary({
+    ...analysisInputs,
+    ...riskConfig === void 0 ? {} : { config: riskConfig }
+  });
+  logger.info(`analysis completed (riskScore=${risk.riskScore})`);
   return {
     ...analysisInputs,
     risk
@@ -5609,7 +5681,14 @@ var buildAnalysisSnapshot = async (inputPath, authorIdentityMode, options, logge
     },
     logger
   );
-  const evaluation = evaluateRepositoryRisk(analysisInputs, { explain: options.includeTrace });
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const evaluation = evaluateRepositoryRisk(
+    {
+      ...analysisInputs,
+      ...riskConfig === void 0 ? {} : { config: riskConfig }
+    },
+    { explain: options.includeTrace }
+  );
   const summary = {
     ...analysisInputs,
     risk: evaluation.summary
@@ -5620,6 +5699,7 @@ var buildAnalysisSnapshot = async (inputPath, authorIdentityMode, options, logge
     analysisConfig: {
       authorIdentityMode,
       includeTrace: options.includeTrace,
+      riskProfile: options.riskProfile ?? "default",
       recentWindowDays: analysisInputs.evolution.available ? analysisInputs.evolution.metrics.recentWindowDays : options.recentWindowDays ?? null
     }
   });
@@ -5654,6 +5734,7 @@ var runCheckCommand = async (inputPath, authorIdentityMode, options, logger = cr
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5722,6 +5803,7 @@ var runCiCommand = async (inputPath, authorIdentityMode, options, logger = creat
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5780,6 +5862,7 @@ var runCiCommand = async (inputPath, authorIdentityMode, options, logger = creat
             authorIdentityMode,
             {
               includeTrace: options.includeTrace,
+              ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
               ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
             },
             logger
@@ -5855,6 +5938,7 @@ var runReportCommand = async (inputPath, authorIdentityMode, options, logger = c
     authorIdentityMode,
     {
       includeTrace: options.includeTrace,
+      ...options.riskProfile === void 0 ? {} : { riskProfile: options.riskProfile },
       ...options.recentWindowDays === void 0 ? {} : { recentWindowDays: options.recentWindowDays }
     },
     logger
@@ -5911,7 +5995,14 @@ var runExplainCommand = async (inputPath, authorIdentityMode, options, logger =
     logger
   );
   logger.info("computing explainable risk summary");
-  const evaluation = evaluateRepositoryRisk(analysisInputs, { explain: true });
+  const riskConfig = resolveRiskConfigForProfile(options.riskProfile);
+  const evaluation = evaluateRepositoryRisk(
+    {
+      ...analysisInputs,
+      ...riskConfig === void 0 ? {} : { config: riskConfig }
+    },
+    { explain: true }
+  );
   if (evaluation.trace === void 0) {
     throw new Error("risk trace unavailable");
   }
@@ -5919,7 +6010,7 @@ var runExplainCommand = async (inputPath, authorIdentityMode, options, logger =
     ...analysisInputs,
     risk: evaluation.summary
   };
-  logger.info(`explanation completed (repositoryScore=${summary.risk.repositoryScore})`);
+  logger.info(`explanation completed (riskScore=${summary.risk.riskScore})`);
   return {
     summary,
     trace: evaluation.trace,
@@ -5938,8 +6029,12 @@ var parseRecentWindowDays = (value) => {
   }
   return parsed;
 };
+var riskProfileOption = () => new Option(
+  "--risk-profile <profile>",
+  "risk profile: default (balanced) or personal (down-weights single-maintainer ownership penalties)"
+).choices(["default", "personal"]).default("default");
 program.name("codesentinel").description("Structural and evolutionary risk analysis for TypeScript/JavaScript codebases").version(version);
-program.command("analyze").argument("[path]", "path to the project to analyze").addOption(
+program.command("analyze").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -5962,7 +6057,7 @@ program.command("analyze").argument("[path]", "path to the project to analyze").
     const summary = await runAnalyzeCommand(
       path,
       options.authorIdentity,
-      { recentWindowDays: options.recentWindowDays },
+      { recentWindowDays: options.recentWindowDays, riskProfile: options.riskProfile },
       logger
     );
     const outputMode = options.json === true ? "json" : options.output;
@@ -5970,7 +6065,7 @@ program.command("analyze").argument("[path]", "path to the project to analyze").
 `);
   }
 );
-program.command("explain").argument("[path]", "path to the project to analyze").addOption(
+program.command("explain").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -5996,6 +6091,7 @@ program.command("explain").argument("[path]", "path to the project to analyze").
       ...options.module === void 0 ? {} : { module: options.module },
       top: Number.isFinite(top) ? top : 5,
       recentWindowDays: options.recentWindowDays,
+      riskProfile: options.riskProfile,
       format: options.format
     };
     const result = await runExplainCommand(path, options.authorIdentity, explainOptions, logger);
@@ -6033,7 +6129,7 @@ program.command("dependency-risk").argument("<dependency>", "dependency spec to
 `);
   }
 );
-program.command("report").argument("[path]", "path to the project to analyze").addOption(
+program.command("report").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6062,6 +6158,7 @@ program.command("report").argument("[path]", "path to the project to analyze").a
         ...options.compare === void 0 ? {} : { comparePath: options.compare },
         ...options.snapshot === void 0 ? {} : { snapshotPath: options.snapshot },
         includeTrace: options.trace,
+        riskProfile: options.riskProfile,
         recentWindowDays: options.recentWindowDays
       },
       logger
@@ -6113,7 +6210,7 @@ var buildGateConfigFromOptions = (options) => {
     failOn: options.failOn
   };
 };
-program.command("check").argument("[path]", "path to the project to analyze").addOption(
+program.command("check").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6143,6 +6240,7 @@ program.command("check").argument("[path]", "path to the project to analyze").ad
         {
           ...options.compare === void 0 ? {} : { baselinePath: options.compare },
           includeTrace: options.trace,
+          riskProfile: options.riskProfile,
           recentWindowDays: options.recentWindowDays,
           gateConfig,
           outputFormat: options.format,
@@ -6166,7 +6264,7 @@ program.command("check").argument("[path]", "path to the project to analyze").ad
     }
   }
 );
-program.command("ci").argument("[path]", "path to the project to analyze").addOption(
+program.command("ci").argument("[path]", "path to the project to analyze").addOption(riskProfileOption()).addOption(
   new Option(
     "--author-identity <mode>",
     "author identity mode: likely_merge (heuristic) or strict_email (deterministic)"
@@ -6215,6 +6313,7 @@ program.command("ci").argument("[path]", "path to the project to analyze").addOp
           ...options.report === void 0 ? {} : { reportPath: options.report },
           ...options.jsonOutput === void 0 ? {} : { jsonOutputPath: options.jsonOutput },
           includeTrace: options.trace,
+          riskProfile: options.riskProfile,
           recentWindowDays: options.recentWindowDays,
           gateConfig
         },