@gulu9527/code-trust 0.1.0 → 0.2.1

package/dist/cli/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/cli/index.ts
-import { Command as Command6 } from "commander";
+import { Command as Command7 } from "commander";
 
 // src/cli/commands/scan.ts
 import { Command } from "commander";
@@ -645,6 +645,24 @@ function detectImmediateReassign(context, lines, issues) {
   }
 }
 
+// src/rules/fix-utils.ts
+function lineStartOffset(content, lineNumber) {
+  let offset = 0;
+  const lines = content.split("\n");
+  for (let i = 0; i < lineNumber - 1 && i < lines.length; i++) {
+    offset += lines[i].length + 1;
+  }
+  return offset;
+}
+function lineRange(content, lineNumber) {
+  const lines = content.split("\n");
+  const lineIndex = lineNumber - 1;
+  if (lineIndex < 0 || lineIndex >= lines.length) return [0, 0];
+  const start = lineStartOffset(content, lineNumber);
+  const end = start + lines[lineIndex].length + (lineIndex < lines.length - 1 ? 1 : 0);
+  return [start, end];
+}
+
 // src/parsers/ast.ts
 import { parse, AST_NODE_TYPES } from "@typescript-eslint/typescript-estree";
 
@@ -827,6 +845,19 @@ var unusedVariablesRule = {
   severity: "low",
   title: "Unused variable detected",
   description: "AI-generated code sometimes declares variables that are never used, indicating incomplete or hallucinated logic.",
+  fixable: true,
+  fix(context, issue) {
+    const lines = context.fileContent.split("\n");
+    const lineIndex = issue.startLine - 1;
+    if (lineIndex < 0 || lineIndex >= lines.length) return null;
+    const line = lines[lineIndex].trim();
+    if (/^(const|let|var)\s+\w+\s*[=:;]/.test(line) && !line.includes(",")) {
+      const [start, end] = lineRange(context.fileContent, issue.startLine);
+      if (start === end) return null;
+      return { range: [start, end], text: "" };
+    }
+    return null;
+  },
   check(context) {
     const issues = [];
     let ast;
@@ -1550,6 +1581,23 @@ var unusedImportRule = {
   severity: "low",
   title: "Unused import",
   description: "AI-generated code often imports modules or identifiers that are never used in the file.",
+  fixable: true,
+  fix(context, issue) {
+    const lines = context.fileContent.split("\n");
+    const lineIndex = issue.startLine - 1;
+    if (lineIndex < 0 || lineIndex >= lines.length) return null;
+    const line = lines[lineIndex].trim();
+    const isSingleDefault = /^import\s+\w+\s+from\s+/.test(line);
+    const isSingleNamed = /^import\s*\{\s*\w+\s*\}\s*from\s+/.test(line);
+    const isSingleTypeNamed = /^import\s+type\s*\{\s*\w+\s*\}\s*from\s+/.test(line);
+    const isSingleTypeDefault = /^import\s+type\s+\w+\s+from\s+/.test(line);
+    if (!isSingleDefault && !isSingleNamed && !isSingleTypeNamed && !isSingleTypeDefault) {
+      return null;
+    }
+    const [start, end] = lineRange(context.fileContent, issue.startLine);
+    if (start === end) return null;
+    return { range: [start, end], text: "" };
+  },
   check(context) {
     const issues = [];
     let ast;
@@ -1726,145 +1774,1025 @@ function isInsidePromiseChain(_node, parent) {
   return false;
 }
 
-// src/rules/engine.ts
-var BUILTIN_RULES = [
-  unnecessaryTryCatchRule,
-  overDefensiveRule,
-  deadLogicRule,
-  unusedVariablesRule,
-  duplicateConditionRule,
-  ...securityRules,
-  emptyCatchRule,
-  identicalBranchesRule,
-  redundantElseRule,
-  consoleInCodeRule,
-  phantomImportRule,
-  unusedImportRule,
-  missingAwaitRule
-];
-var RuleEngine = class {
-  rules;
-  constructor(config) {
-    this.rules = BUILTIN_RULES.filter(
-      (rule) => !config.rules.disabled.includes(rule.id)
-    );
+// src/rules/builtin/any-type-abuse.ts
+var anyTypeAbuseRule = {
+  id: "logic/any-type-abuse",
+  category: "logic",
+  severity: "medium",
+  title: "Excessive any type usage",
+  description: "AI-generated code often uses `any` type to bypass TypeScript type checking, reducing type safety.",
+  check(context) {
+    const issues = [];
+    if (!context.filePath.match(/\.tsx?$/)) return issues;
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const lines = context.fileContent.split("\n");
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.TSAnyKeyword) return;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0) return;
+      const lineContent = lines[line - 1] ?? "";
+      const trimmed = lineContent.trim();
+      if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*")) return;
+      const parent = node.parent;
+      if (parent?.type === AST_NODE_TYPES.TSTypeAssertion || parent?.type === AST_NODE_TYPES.TSAsExpression) {
+        let ancestor = parent;
+        while (ancestor) {
+          if (ancestor.type === AST_NODE_TYPES.CatchClause) return;
+          ancestor = ancestor.parent;
+        }
+      }
+      issues.push({
+        ruleId: "logic/any-type-abuse",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine: line,
+        message: t(
+          `Usage of "any" type reduces type safety.`,
+          `\u4F7F\u7528 "any" \u7C7B\u578B\u964D\u4F4E\u4E86\u7C7B\u578B\u5B89\u5168\u6027\u3002`
+        ),
+        suggestion: t(
+          `Replace "any" with a specific type or "unknown" for safer type narrowing.`,
+          `\u5C06 "any" \u66FF\u6362\u4E3A\u5177\u4F53\u7C7B\u578B\u6216\u4F7F\u7528 "unknown" \u8FDB\u884C\u66F4\u5B89\u5168\u7684\u7C7B\u578B\u6536\u7A84\u3002`
+        )
+      });
+    });
+    return issues;
   }
-  run(context) {
-    const allIssues = [];
-    for (const rule of this.rules) {
-      try {
-        const issues = rule.check(context);
-        allIssues.push(...issues);
-      } catch (_err) {
+};
+
+// src/rules/builtin/type-coercion.ts
+var typeCoercionRule = {
+  id: "logic/type-coercion",
+  category: "logic",
+  severity: "medium",
+  title: "Loose equality with type coercion",
+  description: "AI-generated code often uses == instead of ===, leading to implicit type coercion bugs.",
+  fixable: true,
+  fix(context, issue) {
+    const lines = context.fileContent.split("\n");
+    const lineIndex = issue.startLine - 1;
+    if (lineIndex < 0 || lineIndex >= lines.length) return null;
+    const line = lines[lineIndex];
+    const base = lineStartOffset(context.fileContent, issue.startLine);
+    const isNotEqual = issue.message.includes("!=");
+    const searchOp = isNotEqual ? "!=" : "==";
+    const replaceOp = isNotEqual ? "!==" : "===";
+    let pos = -1;
+    for (let j = 0; j < line.length - 1; j++) {
+      if (line[j] === searchOp[0] && line[j + 1] === "=") {
+        if (line[j + 2] === "=") {
+          j += 2;
+          continue;
+        }
+        if (!isNotEqual && j > 0 && (line[j - 1] === "!" || line[j - 1] === "<" || line[j - 1] === ">")) {
+          continue;
+        }
+        pos = j;
+        break;
       }
     }
-    return allIssues;
-  }
-  getRules() {
-    return [...this.rules];
-  }
-  listRules() {
-    return BUILTIN_RULES.map((r) => ({
-      id: r.id,
-      category: r.category,
-      severity: r.severity,
-      title: r.title
-    }));
+    if (pos === -1) return null;
+    return { range: [base + pos, base + pos + searchOp.length], text: replaceOp };
+  },
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//")) continue;
+      const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "");
+      const looseEqRegex = /[^!=<>]==[^=]|[^!]==[^=]|!=[^=]/g;
+      let match;
+      while ((match = looseEqRegex.exec(cleaned)) !== null) {
+        const pos = match.index;
+        const snippet = cleaned.substring(Math.max(0, pos), pos + match[0].length);
+        if (snippet.includes("===") || snippet.includes("!==")) continue;
+        const isNotEqual = snippet.includes("!=");
+        const operator = isNotEqual ? "!=" : "==";
+        const strict = isNotEqual ? "!==" : "===";
+        const afterOp = cleaned.substring(pos + match[0].length - 1).trim();
+        if (afterOp.startsWith("null") || afterOp.startsWith("undefined")) continue;
+        const beforeOp = cleaned.substring(0, pos + 1).trim();
+        if (beforeOp.endsWith("null") || beforeOp.endsWith("undefined")) continue;
+        issues.push({
+          ruleId: "logic/type-coercion",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            `Loose equality "${operator}" can cause implicit type coercion.`,
+            `\u5BBD\u677E\u7B49\u4E8E "${operator}" \u4F1A\u5BFC\u81F4\u9690\u5F0F\u7C7B\u578B\u8F6C\u6362\u3002`
+          ),
+          suggestion: t(
+            `Use strict equality "${strict}" instead of "${operator}".`,
+            `\u4F7F\u7528\u4E25\u683C\u7B49\u4E8E "${strict}" \u4EE3\u66FF "${operator}"\u3002`
+          )
+        });
+      }
+    }
+    return issues;
   }
 };
 
-// src/core/scorer.ts
-var SEVERITY_PENALTY = {
-  high: 15,
-  medium: 8,
-  low: 3,
-  info: 0
-};
-function calculateDimensionScore(issues) {
-  let score = 100;
-  for (const issue of issues) {
-    score -= SEVERITY_PENALTY[issue.severity] ?? 0;
-  }
-  return {
-    score: Math.max(0, Math.min(100, score)),
-    issues
-  };
-}
-function calculateOverallScore(dimensions, weights) {
-  const score = dimensions.security.score * weights.security + dimensions.logic.score * weights.logic + dimensions.structure.score * weights.structure + dimensions.style.score * weights.style + dimensions.coverage.score * weights.coverage;
-  return Math.round(Math.max(0, Math.min(100, score)));
-}
-function getGrade(score) {
-  if (score >= 90) return "HIGH_TRUST";
-  if (score >= 70) return "REVIEW";
-  if (score >= 50) return "LOW_TRUST";
-  return "UNTRUSTED";
-}
-function getGradeEmoji(grade) {
-  switch (grade) {
-    case "HIGH_TRUST":
-      return "\u2705";
-    case "REVIEW":
-      return "\u26A0\uFE0F";
-    case "LOW_TRUST":
-      return "\u26A0\uFE0F";
-    case "UNTRUSTED":
-      return "\u274C";
-  }
-}
-function getGradeLabel(grade) {
-  const isZh = isZhLocale();
-  if (isZh) {
-    switch (grade) {
-      case "HIGH_TRUST":
-        return "\u9AD8\u4FE1\u4EFB \u2014 \u53EF\u5B89\u5168\u5408\u5E76";
-      case "REVIEW":
-        return "\u5EFA\u8BAE\u5BA1\u67E5";
-      case "LOW_TRUST":
-        return "\u4F4E\u4FE1\u4EFB \u2014 \u9700\u4ED4\u7EC6\u5BA1\u67E5";
-      case "UNTRUSTED":
-        return "\u4E0D\u53EF\u4FE1 \u2014 \u4E0D\u5E94\u5408\u5E76";
+// src/rules/builtin/magic-number.ts
+var ALLOWED_NUMBERS = /* @__PURE__ */ new Set([
+  -1,
+  0,
+  1,
+  2,
+  10,
+  100
+]);
+var magicNumberRule = {
+  id: "logic/magic-number",
+  category: "logic",
+  severity: "low",
+  title: "Magic number",
+  description: "AI-generated code often uses unexplained numeric literals instead of named constants.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//")) continue;
+      if (/^\s*(export\s+)?(const|let|var|readonly)\s+[A-Z_][A-Z0-9_]*\s*[=:]/.test(line)) continue;
+      if (/^\s*(export\s+)?enum\s/.test(line)) continue;
+      if (trimmed.startsWith("import ")) continue;
+      if (/^\s*return\s+[0-9]+\s*;?\s*$/.test(line)) continue;
+      const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "");
+      const numRegex = /(?<![.\w])(-?\d+\.?\d*(?:e[+-]?\d+)?)\b/gi;
+      let match;
+      while ((match = numRegex.exec(cleaned)) !== null) {
+        const value = parseFloat(match[1]);
+        if (ALLOWED_NUMBERS.has(value)) continue;
+        if (isNaN(value)) continue;
+        const beforeChar = cleaned[match.index - 1] || "";
+        if (beforeChar === "[") continue;
+        if (beforeChar === "<" || beforeChar === ",") continue;
+        issues.push({
+          ruleId: "logic/magic-number",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            `Magic number ${match[1]} should be extracted to a named constant.`,
+            `\u9B54\u672F\u6570\u5B57 ${match[1]} \u5E94\u63D0\u53D6\u4E3A\u547D\u540D\u5E38\u91CF\u3002`
+          ),
+          suggestion: t(
+            `Define a descriptive constant, e.g., const MAX_RETRIES = ${match[1]};`,
+            `\u5B9A\u4E49\u4E00\u4E2A\u63CF\u8FF0\u6027\u5E38\u91CF\uFF0C\u4F8B\u5982 const MAX_RETRIES = ${match[1]};`
+          )
+        });
+      }
     }
+    return issues;
   }
-  switch (grade) {
-    case "HIGH_TRUST":
-      return "HIGH TRUST \u2014 Safe to merge";
-    case "REVIEW":
-      return "REVIEW RECOMMENDED";
-    case "LOW_TRUST":
-      return "LOW TRUST \u2014 Careful review needed";
-    case "UNTRUSTED":
-      return "UNTRUSTED \u2014 Do not merge without changes";
-  }
-}
-
-// src/analyzers/structure.ts
-var DEFAULT_THRESHOLDS = {
-  maxCyclomaticComplexity: 10,
-  maxCognitiveComplexity: 20,
-  maxFunctionLength: 40,
-  maxNestingDepth: 4,
-  maxParamCount: 5
 };
-function analyzeStructure(code, filePath, thresholds = {}) {
-  const t_ = { ...DEFAULT_THRESHOLDS, ...thresholds };
-  const issues = [];
-  let parsed;
-  try {
-    parsed = parseCode(code, filePath);
-  } catch {
-    return { functions: [], issues: [] };
-  }
-  const functions = extractFunctions(parsed);
-  for (const fn of functions) {
-    if (fn.cyclomaticComplexity > t_.maxCyclomaticComplexity) {
+
+// src/rules/builtin/nested-ternary.ts
+var nestedTernaryRule = {
+  id: "logic/no-nested-ternary",
+  category: "logic",
+  severity: "medium",
+  title: "Nested ternary expression",
+  description: "AI-generated code often produces nested ternary expressions that are hard to read.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const reportedLines = /* @__PURE__ */ new Set();
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.ConditionalExpression) return;
+      const conditional = node;
+      const hasNestedTernary = conditional.consequent.type === AST_NODE_TYPES.ConditionalExpression || conditional.alternate.type === AST_NODE_TYPES.ConditionalExpression;
+      if (!hasNestedTernary) return;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0 || reportedLines.has(line)) return;
+      reportedLines.add(line);
+      let depth = 1;
+      let current = node;
+      while (current.type === AST_NODE_TYPES.ConditionalExpression) {
+        const cond = current;
+        if (cond.consequent.type === AST_NODE_TYPES.ConditionalExpression) {
+          depth++;
+          current = cond.consequent;
+        } else if (cond.alternate.type === AST_NODE_TYPES.ConditionalExpression) {
+          depth++;
+          current = cond.alternate;
+        } else {
+          break;
+        }
+      }
+      const endLine = node.loc?.end.line ?? line;
       issues.push({
-        ruleId: "structure/high-cyclomatic-complexity",
-        severity: fn.cyclomaticComplexity > t_.maxCyclomaticComplexity * 2 ? "high" : "medium",
-        category: "structure",
-        file: filePath,
-        startLine: fn.startLine,
-        endLine: fn.endLine,
+        ruleId: "logic/no-nested-ternary",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine,
+        message: t(
+          `Nested ternary expression (depth: ${depth}) reduces readability.`,
+          `\u5D4C\u5957\u4E09\u5143\u8868\u8FBE\u5F0F\uFF08\u6DF1\u5EA6: ${depth}\uFF09\u964D\u4F4E\u4E86\u53EF\u8BFB\u6027\u3002`
+        ),
+        suggestion: t(
+          `Refactor into if-else statements or use a lookup object/map.`,
+          `\u91CD\u6784\u4E3A if-else \u8BED\u53E5\u6216\u4F7F\u7528\u67E5\u627E\u5BF9\u8C61/\u6620\u5C04\u3002`
+        )
+      });
+    });
+    return issues;
+  }
+};
+
+// src/rules/builtin/duplicate-string.ts
+var MIN_STRING_LENGTH = 6;
+var MIN_OCCURRENCES = 3;
+var duplicateStringRule = {
+  id: "logic/duplicate-string",
+  category: "logic",
+  severity: "low",
+  title: "Duplicate string literal",
+  description: "AI-generated code often repeats the same string literal instead of extracting it into a constant.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    const stringMap = /* @__PURE__ */ new Map();
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//")) continue;
+      if (trimmed.startsWith("import ")) continue;
+      const cleaned = line.replace(/\/\/.*$/, "");
+      const stringRegex = /(['"])([^'"\\](?:(?!\1|\\).|\\.)*)\1/g;
+      let match;
+      while ((match = stringRegex.exec(cleaned)) !== null) {
+        const value = match[2];
+        if (value.length < MIN_STRING_LENGTH) continue;
+        if (value.includes("${")) continue;
+        if (value.startsWith("http") || value.startsWith("/")) continue;
+        if (value.startsWith("test") || value.startsWith("mock")) continue;
+        if (!stringMap.has(value)) {
+          stringMap.set(value, []);
+        }
+        stringMap.get(value).push(i + 1);
+      }
+    }
+    for (const [value, locations] of stringMap) {
+      if (locations.length < MIN_OCCURRENCES) continue;
+      const firstLine = locations[0];
+      const displayValue = value.length > 30 ? value.substring(0, 30) + "..." : value;
+      issues.push({
+        ruleId: "logic/duplicate-string",
+        severity: "low",
+        category: "logic",
+        file: context.filePath,
+        startLine: firstLine,
+        endLine: firstLine,
+        message: t(
+          `String "${displayValue}" is repeated ${locations.length} times.`,
+          `\u5B57\u7B26\u4E32 "${displayValue}" \u91CD\u590D\u51FA\u73B0\u4E86 ${locations.length} \u6B21\u3002`
+        ),
+        suggestion: t(
+          `Extract to a named constant to improve maintainability.`,
+          `\u63D0\u53D6\u4E3A\u547D\u540D\u5E38\u91CF\u4EE5\u63D0\u9AD8\u53EF\u7EF4\u62A4\u6027\u3002`
+        )
+      });
+    }
+    return issues;
+  }
+};
+
+// src/rules/builtin/no-debugger.ts
+var noDebuggerRule = {
+  id: "security/no-debugger",
+  category: "security",
+  severity: "high",
+  title: "Debugger statement",
+  description: "Debugger statements should never be committed to production code.",
+  fixable: true,
+  fix(context, issue) {
+    const [start, end] = lineRange(context.fileContent, issue.startLine);
+    if (start === end) return null;
+    return { range: [start, end], text: "" };
+  },
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//")) continue;
+      const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "");
+      if (/\bdebugger\b/.test(cleaned)) {
+        issues.push({
+          ruleId: "security/no-debugger",
+          severity: "high",
+          category: "security",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            `Debugger statement found. Remove before committing.`,
+            `\u53D1\u73B0 debugger \u8BED\u53E5\u3002\u63D0\u4EA4\u524D\u8BF7\u79FB\u9664\u3002`
+          ),
+          suggestion: t(
+            `Remove the debugger statement.`,
+            `\u79FB\u9664 debugger \u8BED\u53E5\u3002`
+          )
+        });
+      }
+    }
+    return issues;
+  }
+};
+
+// src/rules/builtin/no-non-null-assertion.ts
+var noNonNullAssertionRule = {
+  id: "logic/no-non-null-assertion",
+  category: "logic",
+  severity: "medium",
+  title: "Non-null assertion operator",
+  description: "AI-generated code often uses the ! operator to bypass TypeScript null checks, risking runtime crashes.",
+  check(context) {
+    const issues = [];
+    if (!context.filePath.match(/\.tsx?$/)) return issues;
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.TSNonNullExpression) return;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0) return;
+      issues.push({
+        ruleId: "logic/no-non-null-assertion",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine: line,
+        message: t(
+          `Non-null assertion (!) used \u2014 value could be null/undefined at runtime.`,
+          `\u4F7F\u7528\u4E86\u975E\u7A7A\u65AD\u8A00 (!) \u2014 \u503C\u5728\u8FD0\u884C\u65F6\u53EF\u80FD\u4E3A null/undefined\u3002`
+        ),
+        suggestion: t(
+          `Use optional chaining (?.), nullish coalescing (??), or add a proper null check.`,
+          `\u4F7F\u7528\u53EF\u9009\u94FE (?.)\u3001\u7A7A\u503C\u5408\u5E76 (??) \u6216\u6DFB\u52A0\u9002\u5F53\u7684\u7A7A\u503C\u68C0\u67E5\u3002`
+        )
+      });
+    });
+    return issues;
+  }
+};
+
+// src/rules/builtin/no-self-compare.ts
+var noSelfCompareRule = {
+  id: "logic/no-self-compare",
+  category: "logic",
+  severity: "medium",
+  title: "Self-comparison",
+  description: "Self-comparison (x === x) is always true (or always false for !==). Use Number.isNaN() for NaN checks.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.BinaryExpression) return;
+      const binExpr = node;
+      const op = binExpr.operator;
+      if (!["===", "!==", "==", "!="].includes(op)) return;
+      const left = serializeNode(binExpr.left);
+      const right = serializeNode(binExpr.right);
+      if (left === null || right === null || left !== right) return;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0) return;
+      issues.push({
+        ruleId: "logic/no-self-compare",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine: line,
+        message: t(
+          `Self-comparison "${left} ${op} ${right}" is always ${op.includes("!") ? "false" : "true"}.`,
+          `\u81EA\u6BD4\u8F83 "${left} ${op} ${right}" \u59CB\u7EC8\u4E3A ${op.includes("!") ? "false" : "true"}\u3002`
+        ),
+        suggestion: t(
+          `If checking for NaN, use Number.isNaN(${left}) instead.`,
+          `\u5982\u9700\u68C0\u67E5 NaN\uFF0C\u8BF7\u4F7F\u7528 Number.isNaN(${left})\u3002`
+        )
+      });
+    });
+    return issues;
+  }
+};
+function serializeNode(node) {
+  if (node.type === AST_NODE_TYPES.Identifier) {
+    return node.name;
+  }
+  if (node.type === AST_NODE_TYPES.MemberExpression && !node.computed) {
+    const obj = serializeNode(node.object);
+    const prop = node.property.name;
+    if (obj && prop) return `${obj}.${prop}`;
+  }
+  return null;
+}
+
+// src/rules/builtin/no-return-assign.ts
+var noReturnAssignRule = {
+  id: "logic/no-return-assign",
+  category: "logic",
+  severity: "medium",
+  title: "Assignment in return statement",
+  description: "AI-generated code sometimes uses assignment (=) instead of comparison (===) in return statements.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.ReturnStatement) return;
+      const returnStmt = node;
+      if (!returnStmt.argument) return;
+      if (returnStmt.argument.type === AST_NODE_TYPES.AssignmentExpression) {
+        const assignExpr = returnStmt.argument;
+        if (assignExpr.operator !== "=") return;
+        const line = node.loc?.start.line ?? 0;
+        if (line === 0) return;
+        issues.push({
+          ruleId: "logic/no-return-assign",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: line,
+          endLine: line,
+          message: t(
+            `Assignment in return statement \u2014 did you mean to use === instead of =?`,
+            `return \u8BED\u53E5\u4E2D\u4F7F\u7528\u4E86\u8D4B\u503C \u2014 \u662F\u5426\u5E94\u8BE5\u4F7F\u7528 === \u800C\u975E =\uFF1F`
+          ),
+          suggestion: t(
+            `If comparison was intended, use === instead of =. If assignment is intentional, extract it to a separate line.`,
+            `\u5982\u679C\u610F\u56FE\u662F\u6BD4\u8F83\uFF0C\u8BF7\u4F7F\u7528 === \u4EE3\u66FF =\u3002\u5982\u679C\u786E\u5B9E\u9700\u8981\u8D4B\u503C\uFF0C\u8BF7\u63D0\u53D6\u5230\u5355\u72EC\u7684\u884C\u3002`
+          )
+        });
+      }
+    });
+    return issues;
+  }
+};
+
+// src/rules/builtin/promise-void.ts
+var promiseVoidRule = {
+  id: "logic/promise-void",
+  category: "logic",
+  severity: "medium",
+  title: "Floating promise (not awaited or returned)",
+  description: "AI-generated code often calls async functions without await, causing unhandled rejections.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const asyncFnNames = /* @__PURE__ */ new Set();
+    walkAST(ast, (node) => {
+      if (node.type === AST_NODE_TYPES.FunctionDeclaration && node.async && node.id) {
+        asyncFnNames.add(node.id.name);
+      }
+      if (node.type === AST_NODE_TYPES.VariableDeclarator && node.id.type === AST_NODE_TYPES.Identifier) {
+        const init = node.init;
+        if (init && (init.type === AST_NODE_TYPES.ArrowFunctionExpression || init.type === AST_NODE_TYPES.FunctionExpression) && init.async) {
+          asyncFnNames.add(
+            node.id.name
+          );
+        }
+      }
+    });
+    const commonAsyncPatterns = [
+      /^fetch$/,
+      /^save/,
+      /^load/,
+      /^send/,
+      /^delete/,
+      /^update/,
+      /^create/,
+      /^connect/,
+      /^disconnect/,
+      /^init/
+    ];
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.ExpressionStatement) return;
+      const expr = node.expression;
+      if (expr.type !== AST_NODE_TYPES.CallExpression) return;
+      const callExpr = expr;
+      const fnName = getCallName2(callExpr);
+      if (!fnName) return;
+      const isKnownAsync = asyncFnNames.has(fnName);
+      const matchesPattern = commonAsyncPatterns.some((p) => p.test(fnName));
+      const endsWithAsync = fnName.endsWith("Async") || fnName.endsWith("async");
+      if (!isKnownAsync && !matchesPattern && !endsWithAsync) return;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0) return;
+      issues.push({
+        ruleId: "logic/promise-void",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine: node.loc?.end.line ?? line,
+        message: t(
+          `Call to "${fnName}()" appears to be a floating promise (not awaited or returned).`,
+          `\u8C03\u7528 "${fnName}()" \u7591\u4F3C\u6D6E\u52A8 Promise\uFF08\u672A await \u6216 return\uFF09\u3002`
+        ),
+        suggestion: t(
+          `Add "await" before the call, assign the result, or use "void ${fnName}()" to explicitly discard.`,
+          `\u5728\u8C03\u7528\u524D\u6DFB\u52A0 "await"\uFF0C\u8D4B\u503C\u7ED9\u53D8\u91CF\uFF0C\u6216\u4F7F\u7528 "void ${fnName}()" \u663E\u5F0F\u4E22\u5F03\u3002`
+        )
+      });
+    });
+    return issues;
+  }
+};
+function getCallName2(callExpr) {
+  const callee = callExpr.callee;
+  if (callee.type === AST_NODE_TYPES.Identifier) {
+    return callee.name;
+  }
+  if (callee.type === AST_NODE_TYPES.MemberExpression && !callee.computed && callee.property.type === AST_NODE_TYPES.Identifier) {
+    return callee.property.name;
+  }
+  return null;
+}
+
+// src/rules/builtin/no-reassign-param.ts
+var noReassignParamRule = {
+  id: "logic/no-reassign-param",
+  category: "logic",
+  severity: "low",
+  title: "Parameter reassignment",
+  description: "AI-generated code often reassigns function parameters, creating confusing side-effect patterns.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      const isFn = node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression || node.type === AST_NODE_TYPES.MethodDefinition;
+      if (!isFn) return;
+      let params = [];
+      if (node.type === AST_NODE_TYPES.MethodDefinition) {
+        const method = node;
+        if (method.value && "params" in method.value) {
+          params = method.value.params;
+        }
+      } else {
+        params = node.params;
+      }
+      const paramNames = /* @__PURE__ */ new Set();
+      for (const param of params) {
+        if (param.type === AST_NODE_TYPES.Identifier) {
+          paramNames.add(param.name);
+        }
+        if (param.type === AST_NODE_TYPES.AssignmentPattern) {
+          const left = param.left;
+          if (left.type === AST_NODE_TYPES.Identifier) {
+            paramNames.add(left.name);
+          }
+        }
+      }
+      if (paramNames.size === 0) return;
+      let body = null;
+      if (node.type === AST_NODE_TYPES.MethodDefinition) {
+        body = node.value;
+      } else {
+        body = node;
+      }
+      if (!body || !("body" in body)) return;
+      const fnBody = body.body;
+      if (!fnBody) return;
+      const reportedParams = /* @__PURE__ */ new Set();
+      walkAST(fnBody, (innerNode) => {
+        if (innerNode.type !== AST_NODE_TYPES.AssignmentExpression) return;
+        const assignExpr = innerNode;
+        if (assignExpr.left.type !== AST_NODE_TYPES.Identifier) return;
+        const name = assignExpr.left.name;
+        if (!paramNames.has(name) || reportedParams.has(name)) return;
+        reportedParams.add(name);
+        const line = innerNode.loc?.start.line ?? 0;
+        if (line === 0) return;
+        issues.push({
+          ruleId: "logic/no-reassign-param",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: line,
+          endLine: line,
+          message: t(
+            `Parameter "${name}" is reassigned. This can cause confusion and lose the original value.`,
+            `\u53C2\u6570 "${name}" \u88AB\u91CD\u65B0\u8D4B\u503C\u3002\u8FD9\u53EF\u80FD\u9020\u6210\u6DF7\u6DC6\u5E76\u4E22\u5931\u539F\u59CB\u503C\u3002`
+          ),
+          suggestion: t(
+            `Use a local variable instead: const local${name.charAt(0).toUpperCase() + name.slice(1)} = ...`,
+            `\u4F7F\u7528\u5C40\u90E8\u53D8\u91CF\u4EE3\u66FF\uFF1Aconst local${name.charAt(0).toUpperCase() + name.slice(1)} = ...`
+          )
+        });
+      });
+    });
+    return issues;
+  }
+};
+
+// src/rules/builtin/no-async-without-await.ts
+var noAsyncWithoutAwaitRule = {
+  id: "logic/no-async-without-await",
+  category: "logic",
+  severity: "low",
+  title: "Async function without await",
+  description: "AI-generated code often marks functions as async without using await, adding unnecessary Promise wrapping.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      const isAsyncFn = (node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression) && node.async;
+      if (!isAsyncFn) return;
+      const fnNode = node;
+      const body = fnNode.body;
+      if (!body) return;
+      let hasAwait = false;
+      walkAST(body, (innerNode) => {
+        if (innerNode !== body && (innerNode.type === AST_NODE_TYPES.FunctionDeclaration || innerNode.type === AST_NODE_TYPES.FunctionExpression || innerNode.type === AST_NODE_TYPES.ArrowFunctionExpression) && innerNode.async) {
+          return false;
+        }
+        if (innerNode.type === AST_NODE_TYPES.AwaitExpression) {
+          hasAwait = true;
+          return false;
+        }
+        if (innerNode.type === AST_NODE_TYPES.ForOfStatement && innerNode.await) {
+          hasAwait = true;
+          return false;
+        }
+        return;
+      });
+      if (hasAwait) return false;
+      const line = node.loc?.start.line ?? 0;
+      if (line === 0) return;
+      let fnName = "<anonymous>";
+      if (fnNode.type === AST_NODE_TYPES.FunctionDeclaration && fnNode.id) {
+        fnName = fnNode.id.name;
+      }
+      issues.push({
+        ruleId: "logic/no-async-without-await",
+        severity: "low",
+        category: "logic",
+        file: context.filePath,
+        startLine: line,
+        endLine: node.loc?.end.line ?? line,
+        message: t(
+          `Async function "${fnName}" does not use await.`,
+          `\u5F02\u6B65\u51FD\u6570 "${fnName}" \u5185\u90E8\u6CA1\u6709\u4F7F\u7528 await\u3002`
+        ),
+        suggestion: t(
+          `Remove the async keyword if this function doesn't need to be asynchronous.`,
+          `\u5982\u679C\u6B64\u51FD\u6570\u4E0D\u9700\u8981\u5F02\u6B65\u884C\u4E3A\uFF0C\u8BF7\u79FB\u9664 async \u5173\u952E\u5B57\u3002`
+        )
+      });
+      return false;
+    });
+    return issues;
+  }
+};
+
+// src/rules/builtin/no-useless-constructor.ts
+var noUselessConstructorRule = {
+  id: "logic/no-useless-constructor",
+  category: "logic",
+  severity: "low",
+  title: "Useless constructor",
+  description: "AI-generated code often produces constructors that only call super() or are completely empty.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    walkAST(ast, (node) => {
+      if (node.type !== AST_NODE_TYPES.ClassDeclaration && node.type !== AST_NODE_TYPES.ClassExpression) return;
+      const classNode = node;
+      const hasSuper = classNode.superClass !== null && classNode.superClass !== void 0;
+      const constructor = classNode.body.body.find(
+        (member) => member.type === AST_NODE_TYPES.MethodDefinition && member.kind === "constructor"
+      );
+      if (!constructor) return;
+      const ctorValue = constructor.value;
+      if (!ctorValue.body) return;
+      const bodyStatements = ctorValue.body.body;
+      if (bodyStatements.length === 0) {
+        const line = constructor.loc?.start.line ?? 0;
+        if (line === 0) return;
+        issues.push({
+          ruleId: "logic/no-useless-constructor",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: line,
+          endLine: constructor.loc?.end.line ?? line,
+          message: t(
+            `Empty constructor is unnecessary.`,
+            `\u7A7A\u6784\u9020\u51FD\u6570\u662F\u4E0D\u5FC5\u8981\u7684\u3002`
+          ),
+          suggestion: t(
+            `Remove the empty constructor \u2014 JavaScript provides a default one.`,
+            `\u79FB\u9664\u7A7A\u6784\u9020\u51FD\u6570 \u2014 JavaScript \u4F1A\u81EA\u52A8\u63D0\u4F9B\u9ED8\u8BA4\u6784\u9020\u51FD\u6570\u3002`
+          )
+        });
+        return;
+      }
+      if (hasSuper && bodyStatements.length === 1) {
+        const stmt = bodyStatements[0];
+        if (stmt.type !== AST_NODE_TYPES.ExpressionStatement) return;
+        const expr = stmt.expression;
+        if (expr.type !== AST_NODE_TYPES.CallExpression) return;
+        if (expr.callee.type !== AST_NODE_TYPES.Super) return;
+        const ctorParams = ctorValue.params;
+        const superArgs = expr.arguments;
+        if (ctorParams.length === superArgs.length) {
+          let allMatch = true;
+          for (let i = 0; i < ctorParams.length; i++) {
+            const param = ctorParams[i];
+            const arg = superArgs[i];
+            if (param.type === AST_NODE_TYPES.Identifier && arg.type === AST_NODE_TYPES.Identifier && param.name === arg.name) {
+              continue;
+            }
+            if (param.type === AST_NODE_TYPES.TSParameterProperty && param.parameter.type === AST_NODE_TYPES.Identifier) {
+              allMatch = false;
+              break;
+            }
+            allMatch = false;
+            break;
+          }
+          if (allMatch) {
+            const line = constructor.loc?.start.line ?? 0;
+            if (line === 0) return;
+            issues.push({
+              ruleId: "logic/no-useless-constructor",
+              severity: "low",
+              category: "logic",
+              file: context.filePath,
+              startLine: line,
+              endLine: constructor.loc?.end.line ?? line,
+              message: t(
+                `Constructor only calls super() with the same arguments \u2014 it is unnecessary.`,
+                `\u6784\u9020\u51FD\u6570\u4EC5\u8C03\u7528 super() \u5E76\u4F20\u9012\u76F8\u540C\u53C2\u6570 \u2014 \u8FD9\u662F\u4E0D\u5FC5\u8981\u7684\u3002`
+              ),
+              suggestion: t(
+                `Remove the constructor \u2014 JavaScript automatically calls super() with the same arguments.`,
+                `\u79FB\u9664\u6784\u9020\u51FD\u6570 \u2014 JavaScript \u4F1A\u81EA\u52A8\u7528\u76F8\u540C\u53C2\u6570\u8C03\u7528 super()\u3002`
+              )
+            });
+          }
+        }
+      }
+    });
+    return issues;
+  }
+};
+
+// src/rules/engine.ts
+var BUILTIN_RULES = [
+  unnecessaryTryCatchRule,
+  overDefensiveRule,
+  deadLogicRule,
+  unusedVariablesRule,
+  duplicateConditionRule,
+  ...securityRules,
+  emptyCatchRule,
+  identicalBranchesRule,
+  redundantElseRule,
+  consoleInCodeRule,
+  phantomImportRule,
+  unusedImportRule,
+  missingAwaitRule,
+  anyTypeAbuseRule,
+  typeCoercionRule,
+  magicNumberRule,
+  nestedTernaryRule,
+  duplicateStringRule,
+  noDebuggerRule,
+  noNonNullAssertionRule,
+  noSelfCompareRule,
+  noReturnAssignRule,
+  promiseVoidRule,
+  noReassignParamRule,
+  noAsyncWithoutAwaitRule,
+  noUselessConstructorRule
+];
+var RuleEngine = class {
+  rules;
+  constructor(config) {
+    this.rules = BUILTIN_RULES.filter(
+      (rule) => !config.rules.disabled.includes(rule.id)
+    );
+  }
+  run(context) {
+    const allIssues = [];
+    for (const rule of this.rules) {
+      try {
+        const issues = rule.check(context);
+        allIssues.push(...issues);
+      } catch (_err) {
+      }
+    }
+    return allIssues;
+  }
+  getRules() {
+    return [...this.rules];
+  }
+  listRules() {
+    return BUILTIN_RULES.map((r) => ({
+      id: r.id,
+      category: r.category,
+      severity: r.severity,
+      title: r.title
+    }));
+  }
+};
+
+// src/core/scorer.ts
+var SEVERITY_PENALTY = {
+  high: 15,
+  medium: 8,
+  low: 3,
+  info: 0
+};
+function calculateDimensionScore(issues) {
+  let score = 100;
+  for (const issue of issues) {
+    score -= SEVERITY_PENALTY[issue.severity] ?? 0;
+  }
+  return {
+    score: Math.max(0, Math.min(100, score)),
+    issues
+  };
+}
+function calculateOverallScore(dimensions, weights) {
+  const score = dimensions.security.score * weights.security + dimensions.logic.score * weights.logic + dimensions.structure.score * weights.structure + dimensions.style.score * weights.style + dimensions.coverage.score * weights.coverage;
+  return Math.round(Math.max(0, Math.min(100, score)));
+}
+function getGrade(score) {
+  if (score >= 90) return "HIGH_TRUST";
+  if (score >= 70) return "REVIEW";
+  if (score >= 50) return "LOW_TRUST";
+  return "UNTRUSTED";
+}
+function getGradeEmoji(grade) {
+  switch (grade) {
+    case "HIGH_TRUST":
+      return "\u2705";
+    case "REVIEW":
+      return "\u26A0\uFE0F";
+    case "LOW_TRUST":
+      return "\u26A0\uFE0F";
+    case "UNTRUSTED":
+      return "\u274C";
+  }
+}
+function getGradeLabel(grade) {
+  const isZh = isZhLocale();
+  if (isZh) {
+    switch (grade) {
+      case "HIGH_TRUST":
+        return "\u9AD8\u4FE1\u4EFB \u2014 \u53EF\u5B89\u5168\u5408\u5E76";
+      case "REVIEW":
+        return "\u5EFA\u8BAE\u5BA1\u67E5";
+      case "LOW_TRUST":
+        return "\u4F4E\u4FE1\u4EFB \u2014 \u9700\u4ED4\u7EC6\u5BA1\u67E5";
+      case "UNTRUSTED":
+        return "\u4E0D\u53EF\u4FE1 \u2014 \u4E0D\u5E94\u5408\u5E76";
+    }
+  }
+  switch (grade) {
+    case "HIGH_TRUST":
+      return "HIGH TRUST \u2014 Safe to merge";
+    case "REVIEW":
+      return "REVIEW RECOMMENDED";
+    case "LOW_TRUST":
+      return "LOW TRUST \u2014 Careful review needed";
+    case "UNTRUSTED":
+      return "UNTRUSTED \u2014 Do not merge without changes";
+  }
+}
+
+// src/analyzers/structure.ts
+var DEFAULT_THRESHOLDS = {
+  maxCyclomaticComplexity: 10,
+  maxCognitiveComplexity: 20,
+  maxFunctionLength: 40,
+  maxNestingDepth: 4,
+  maxParamCount: 5
+};
+function analyzeStructure(code, filePath, thresholds = {}) {
+  const t_ = { ...DEFAULT_THRESHOLDS, ...thresholds };
+  const issues = [];
+  let parsed;
+  try {
+    parsed = parseCode(code, filePath);
+  } catch {
+    return { functions: [], issues: [] };
+  }
+  const functions = extractFunctions(parsed);
+  for (const fn of functions) {
+    if (fn.cyclomaticComplexity > t_.maxCyclomaticComplexity) {
+      issues.push({
+        ruleId: "structure/high-cyclomatic-complexity",
+        severity: fn.cyclomaticComplexity > t_.maxCyclomaticComplexity * 2 ? "high" : "medium",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
         message: t(
           `Function "${fn.name}" has cyclomatic complexity of ${fn.cyclomaticComplexity} (threshold: ${t_.maxCyclomaticComplexity}).`,
           `\u51FD\u6570 "${fn.name}" \u7684\u5708\u590D\u6742\u5EA6\u4E3A ${fn.cyclomaticComplexity}\uFF08\u9608\u503C\uFF1A${t_.maxCyclomaticComplexity}\uFF09\u3002`
@@ -2613,19 +3541,238 @@ function createHookCommand() {
   return cmd;
 }
 
+// src/cli/commands/fix.ts
+import { Command as Command6 } from "commander";
+
+// src/core/fix-engine.ts
+import { readFileSync as readFileSync2, writeFileSync } from "fs";
+import pc5 from "picocolors";
+var FixEngine = class {
+  ruleEngine;
+  constructor(config) {
+    this.ruleEngine = new RuleEngine(config);
+  }
+  /**
+   * Fix issues in files. Returns results per file.
+   * Uses text range replacement to preserve formatting.
+   * Applies fixes iteratively (up to maxIterations) to handle cascading issues.
+   */
+  async fix(options) {
+    const results = [];
+    const maxIter = options.maxIterations ?? 10;
+    for (const filePath of options.files) {
+      const result = this.fixFile(filePath, options.dryRun ?? true, options.ruleId, maxIter);
+      if (result.applied > 0 || result.skipped > 0) {
+        results.push(result);
+      }
+    }
+    return results;
+  }
+  fixFile(filePath, dryRun, ruleId, maxIter) {
+    const result = {
+      file: filePath,
+      applied: 0,
+      skipped: 0,
+      details: []
+    };
+    let content;
+    try {
+      content = readFileSync2(filePath, "utf-8");
+    } catch {
+      return result;
+    }
+    for (let iter = 0; iter < maxIter; iter++) {
+      const context = {
+        filePath,
+        fileContent: content,
+        addedLines: []
+      };
+      let issues = this.ruleEngine.run(context);
+      if (ruleId) {
+        issues = issues.filter((i) => i.ruleId === ruleId);
+      }
+      const fixableRules = this.ruleEngine.getRules().filter((r) => r.fixable && r.fix);
+      const fixableRuleMap = new Map(fixableRules.map((r) => [r.id, r]));
+      const fixesWithIssues = [];
+      for (const issue of issues) {
+        const rule = fixableRuleMap.get(issue.ruleId);
+        if (!rule || !rule.fix) continue;
+        const fix = rule.fix(context, issue);
+        if (fix) {
+          fixesWithIssues.push({ fix, issue });
+        }
+      }
+      if (fixesWithIssues.length === 0) break;
+      fixesWithIssues.sort((a, b) => b.fix.range[0] - a.fix.range[0]);
+      const nonConflicting = [];
+      for (const item of fixesWithIssues) {
+        const hasConflict = nonConflicting.some(
+          (existing) => item.fix.range[0] < existing.fix.range[1] && item.fix.range[1] > existing.fix.range[0]
+        );
+        if (hasConflict) {
+          result.skipped++;
+          result.details.push({
+            ruleId: item.issue.ruleId,
+            line: item.issue.startLine,
+            message: item.issue.message,
+            status: "conflict"
+          });
+        } else {
+          nonConflicting.push(item);
+        }
+      }
+      if (nonConflicting.length === 0) break;
+      let newContent = content;
+      for (const { fix, issue } of nonConflicting) {
+        const before = newContent.slice(0, fix.range[0]);
+        const after = newContent.slice(fix.range[1]);
+        newContent = before + fix.text + after;
+        result.applied++;
+        result.details.push({
+          ruleId: issue.ruleId,
+          line: issue.startLine,
+          message: issue.message,
+          status: "applied"
+        });
+      }
+      content = newContent;
+      if (nonConflicting.length === 0) break;
+    }
+    if (!dryRun && result.applied > 0) {
+      writeFileSync(filePath, content, "utf-8");
+    }
+    return result;
+  }
+  /**
+   * Format fix results for terminal output.
+   */
+  static formatResults(results, dryRun) {
+    if (results.length === 0) {
+      return pc5.green(t("No fixable issues found.", "\u672A\u53D1\u73B0\u53EF\u4FEE\u590D\u7684\u95EE\u9898\u3002"));
+    }
+    const lines = [];
+    const modeLabel = dryRun ? pc5.yellow(t("[DRY RUN]", "[\u9884\u6F14\u6A21\u5F0F]")) : pc5.green(t("[APPLIED]", "[\u5DF2\u5E94\u7528]"));
+    lines.push(`
+${modeLabel} ${t("Fix Results:", "\u4FEE\u590D\u7ED3\u679C\uFF1A")}
+`);
+    let totalApplied = 0;
+    let totalSkipped = 0;
+    for (const result of results) {
+      lines.push(pc5.bold(pc5.underline(result.file)));
+      for (const detail of result.details) {
+        const icon = detail.status === "applied" ? pc5.green("\u2713") : detail.status === "conflict" ? pc5.yellow("\u26A0") : pc5.dim("\u2013");
+        const lineRef = pc5.dim(`L${detail.line}`);
+        const ruleRef = pc5.cyan(detail.ruleId);
+        lines.push(`  ${icon} ${lineRef} ${ruleRef} ${detail.message}`);
+      }
+      totalApplied += result.applied;
+      totalSkipped += result.skipped;
+      lines.push("");
+    }
+    lines.push(
+      pc5.bold(
+        t(
+          `${totalApplied} fix(es) ${dryRun ? "would be" : ""} applied, ${totalSkipped} skipped`,
+          `${totalApplied} \u4E2A\u4FEE\u590D${dryRun ? "\u5C06\u88AB" : "\u5DF2"}\u5E94\u7528\uFF0C${totalSkipped} \u4E2A\u8DF3\u8FC7`
+        )
+      )
+    );
+    if (dryRun) {
+      lines.push(
+        pc5.dim(
+          t(
+            "Run without --dry-run to apply fixes.",
+            "\u79FB\u9664 --dry-run \u4EE5\u5E94\u7528\u4FEE\u590D\u3002"
+          )
+        )
+      );
+    }
+    return lines.join("\n");
+  }
+};
+
+// src/cli/commands/fix.ts
+import { resolve as resolve5 } from "path";
+import { readdirSync, statSync } from "fs";
+function collectFiles(dir) {
+  const ignorePatterns = ["node_modules", "dist", ".git", "coverage", ".next", "build"];
+  const results = [];
+  function walk(d) {
+    const entries = readdirSync(d, { withFileTypes: true });
+    for (const entry of entries) {
+      if (ignorePatterns.includes(entry.name)) continue;
+      const fullPath = resolve5(d, entry.name);
+      if (entry.isDirectory()) {
+        walk(fullPath);
+      } else if (/\.(ts|tsx|js|jsx)$/.test(entry.name)) {
+        results.push(fullPath);
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function createFixCommand() {
+  const cmd = new Command6("fix").description("Auto-fix issues in source files").argument("[files...]", "Specific files or directories to fix (default: src/)").option("--dry-run", "Preview fixes without applying them (default)", true).option("--apply", "Actually apply the fixes").option("--rule <ruleId>", "Only fix issues from a specific rule").action(async (files, opts) => {
+    try {
+      const config = await loadConfig();
+      const engine = new FixEngine(config);
+      let targetFiles;
+      if (files.length > 0) {
+        targetFiles = [];
+        for (const f of files) {
+          const resolved = resolve5(f);
+          try {
+            const stat = statSync(resolved);
+            if (stat.isDirectory()) {
+              targetFiles.push(...collectFiles(resolved));
+            } else {
+              targetFiles.push(resolved);
+            }
+          } catch {
+            console.error(`File not found: ${f}`);
+          }
+        }
+      } else {
+        targetFiles = collectFiles(resolve5("src"));
+      }
+      if (targetFiles.length === 0) {
+        console.log("No files to fix.");
+        return;
+      }
+      const dryRun = !opts.apply;
+      const results = await engine.fix({
+        files: targetFiles,
+        dryRun,
+        ruleId: opts.rule
+      });
+      console.log(FixEngine.formatResults(results, dryRun));
+    } catch (err) {
+      if (err instanceof Error) {
+        console.error(`Error: ${err.message}`);
+      } else {
+        console.error("An unexpected error occurred");
+      }
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
 // src/cli/index.ts
-import { readFileSync as readFileSync2 } from "fs";
+import { readFileSync as readFileSync3 } from "fs";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { dirname as dirname4, resolve as resolve5 } from "path";
+import { dirname as dirname4, resolve as resolve6 } from "path";
 var __filename2 = fileURLToPath2(import.meta.url);
 var __dirname2 = dirname4(__filename2);
-var pkg = JSON.parse(readFileSync2(resolve5(__dirname2, "../../package.json"), "utf-8"));
-var program = new Command6();
+var pkg = JSON.parse(readFileSync3(resolve6(__dirname2, "../../package.json"), "utf-8"));
+var program = new Command7();
 program.name("codetrust").description("AI code trust verification tool \u2014 verify AI-generated code with deterministic algorithms").version(pkg.version);
 program.addCommand(createScanCommand());
 program.addCommand(createReportCommand());
 program.addCommand(createInitCommand());
 program.addCommand(createRulesCommand());
 program.addCommand(createHookCommand());
+program.addCommand(createFixCommand());
 program.parse();
 //# sourceMappingURL=index.js.map