@gulu9527/code-trust 0.1.0

package/dist/cli/index.js

@@ -0,0 +1,2631 @@
+#!/usr/bin/env node
+
+// src/cli/index.ts
+import { Command as Command6 } from "commander";
+
+// src/cli/commands/scan.ts
+import { Command } from "commander";
+
+// src/core/config.ts
+import { cosmiconfig } from "cosmiconfig";
+
+// src/types/config.ts
+var DEFAULT_CONFIG = {
+  version: 1,
+  include: ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx"],
+  exclude: [
+    "**/*.test.ts",
+    "**/*.spec.ts",
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/build/**"
+  ],
+  weights: {
+    security: 0.3,
+    logic: 0.25,
+    structure: 0.2,
+    style: 0.1,
+    coverage: 0.15
+  },
+  thresholds: {
+    "min-score": 70,
+    "max-function-length": 40,
+    "max-cyclomatic-complexity": 10,
+    "max-cognitive-complexity": 20,
+    "max-nesting-depth": 4,
+    "max-params": 5
+  },
+  rules: {
+    disabled: [],
+    overrides: {}
+  },
+  detection: {
+    enabled: true,
+    "show-probability": true
+  }
+};
+
+// src/core/config.ts
+var MODULE_NAME = "codetrust";
+async function loadConfig(searchFrom) {
+  const explorer = cosmiconfig(MODULE_NAME, {
+    searchPlaces: [
+      `.${MODULE_NAME}.yml`,
+      `.${MODULE_NAME}.yaml`,
+      `.${MODULE_NAME}.json`,
+      `.${MODULE_NAME}rc`,
+      `${MODULE_NAME}.config.js`,
+      `${MODULE_NAME}.config.ts`
+    ]
+  });
+  const result = await explorer.search(searchFrom);
+  if (!result || result.isEmpty) {
+    return DEFAULT_CONFIG;
+  }
+  return mergeConfig(DEFAULT_CONFIG, result.config);
+}
+function mergeConfig(defaults, overrides) {
+  return {
+    ...defaults,
+    ...overrides,
+    weights: { ...defaults.weights, ...overrides.weights },
+    thresholds: { ...defaults.thresholds, ...overrides.thresholds },
+    rules: {
+      disabled: overrides.rules?.disabled ?? defaults.rules.disabled,
+      overrides: { ...defaults.rules.overrides, ...overrides.rules?.overrides }
+    },
+    detection: { ...defaults.detection, ...overrides.detection }
+  };
+}
+function generateDefaultConfig() {
+  return `# .codetrust.yml
+version: 1
+
+# Scan scope
+include:
+  - "src/**/*.ts"
+  - "src/**/*.js"
+exclude:
+  - "**/*.test.ts"
+  - "**/*.spec.ts"
+  - "**/node_modules/**"
+  - "**/dist/**"
+
+# Dimension weights (must sum to 1.0)
+weights:
+  security: 0.30
+  logic: 0.25
+  structure: 0.20
+  style: 0.10
+  coverage: 0.15
+
+# Thresholds
+thresholds:
+  min-score: 70
+  max-function-length: 40
+  max-cyclomatic-complexity: 10
+  max-nesting-depth: 4
+  max-params: 5
+
+# Rules
+rules:
+  disabled: []
+  overrides: {}
+
+# AI code detection
+detection:
+  enabled: true
+  show-probability: true
+`;
+}
+
+// src/core/engine.ts
+import { readFile } from "fs/promises";
+import { readFileSync, existsSync as existsSync3 } from "fs";
+import { resolve as resolve2, dirname as dirname3 } from "path";
+import { fileURLToPath } from "url";
+
+// src/parsers/diff.ts
+import simpleGit from "simple-git";
+var DiffParser = class {
+  git;
+  constructor(workDir) {
+    this.git = simpleGit(workDir);
+  }
+  async getStagedFiles() {
+    const diffDetail = await this.git.diff(["--cached", "--unified=3"]);
+    return this.parseDiffOutput(diffDetail);
+  }
+  async getDiffFromRef(ref) {
+    const diffDetail = await this.git.diff([ref, "--unified=3"]);
+    return this.parseDiffOutput(diffDetail);
+  }
+  async getChangedFiles() {
+    const diffDetail = await this.git.diff(["--unified=3"]);
+    const stagedDetail = await this.git.diff(["--cached", "--unified=3"]);
+    const allDiff = diffDetail + "\n" + stagedDetail;
+    return this.parseDiffOutput(allDiff);
+  }
+  async getLastCommitDiff() {
+    const diffDetail = await this.git.diff(["HEAD~1", "HEAD", "--unified=3"]);
+    return this.parseDiffOutput(diffDetail);
+  }
+  async getCurrentCommitHash() {
+    try {
+      const hash = await this.git.revparse(["HEAD"]);
+      return hash.trim().slice(0, 7);
+    } catch {
+      return void 0;
+    }
+  }
+  async getFileContent(filePath) {
+    try {
+      const content = await this.git.show([`HEAD:${filePath}`]);
+      return content;
+    } catch {
+      return void 0;
+    }
+  }
+  parseDiffOutput(diffOutput) {
+    const files = [];
+    const fileDiffs = diffOutput.split(/^diff --git /m).filter(Boolean);
+    for (const fileDiff of fileDiffs) {
+      const file = this.parseFileDiff(fileDiff);
+      if (file) {
+        files.push(file);
+      }
+    }
+    return files;
+  }
+  parseFileDiff(fileDiff) {
+    const lines = fileDiff.split("\n");
+    const headerMatch = lines[0]?.match(/a\/(.+?) b\/(.+)/);
+    if (!headerMatch) return null;
+    const filePath = headerMatch[2];
+    let status = "modified";
+    let additions = 0;
+    let deletions = 0;
+    if (fileDiff.includes("new file mode")) {
+      status = "added";
+    } else if (fileDiff.includes("deleted file mode")) {
+      status = "deleted";
+    } else if (fileDiff.includes("rename from")) {
+      status = "renamed";
+    }
+    const hunks = this.parseHunks(fileDiff);
+    for (const line of fileDiff.split("\n")) {
+      if (line.startsWith("+") && !line.startsWith("+++")) {
+        additions++;
+      } else if (line.startsWith("-") && !line.startsWith("---")) {
+        deletions++;
+      }
+    }
+    return {
+      filePath,
+      status,
+      additions,
+      deletions,
+      hunks
+    };
+  }
+  parseHunks(fileDiff) {
+    const hunks = [];
+    const hunkRegex = /^@@ -(\d+),?(\d*) \+(\d+),?(\d*) @@(.*)$/gm;
+    let match;
+    const lines = fileDiff.split("\n");
+    while ((match = hunkRegex.exec(fileDiff)) !== null) {
+      const oldStart = parseInt(match[1], 10);
+      const oldLines = parseInt(match[2] || "1", 10);
+      const newStart = parseInt(match[3], 10);
+      const newLines = parseInt(match[4] || "1", 10);
+      const hunkStartIndex = lines.findIndex((l) => l.includes(match[0]));
+      const hunkContent = [];
+      if (hunkStartIndex >= 0) {
+        for (let i = hunkStartIndex + 1; i < lines.length; i++) {
+          if (lines[i].startsWith("@@ ") || lines[i].startsWith("diff --git ")) {
+            break;
+          }
+          hunkContent.push(lines[i]);
+        }
+      }
+      hunks.push({
+        oldStart,
+        oldLines,
+        newStart,
+        newLines,
+        content: hunkContent.join("\n")
+      });
+    }
+    return hunks;
+  }
+};
+
+// src/i18n/index.ts
+import { execSync } from "child_process";
+var _cachedLocale = null;
+function isZhLocale() {
+  if (_cachedLocale !== null) return _cachedLocale;
+  if (process.env.CODETRUST_LANG?.startsWith("zh")) {
+    _cachedLocale = true;
+    return true;
+  }
+  if (process.env.CODETRUST_LANG && !process.env.CODETRUST_LANG.startsWith("zh")) {
+    _cachedLocale = false;
+    return false;
+  }
+  const envVars = [
+    process.env.LANG,
+    process.env.LC_ALL,
+    process.env.LC_MESSAGES,
+    process.env.LANGUAGE
+  ];
+  for (const v of envVars) {
+    if (v?.startsWith("zh")) {
+      _cachedLocale = true;
+      return true;
+    }
+  }
+  if (process.platform === "darwin") {
+    try {
+      const appleLocale = execSync("defaults read -g AppleLocale 2>/dev/null", {
+        encoding: "utf-8",
+        timeout: 1e3
+      }).trim();
+      if (appleLocale.startsWith("zh")) {
+        _cachedLocale = true;
+        return true;
+      }
+    } catch {
+    }
+  }
+  _cachedLocale = false;
+  return false;
+}
+function t(en2, zh2) {
+  return isZhLocale() ? zh2 : en2;
+}
+
+// src/rules/builtin/unnecessary-try-catch.ts
+var unnecessaryTryCatchRule = {
+  id: "logic/unnecessary-try-catch",
+  category: "logic",
+  severity: "medium",
+  title: "Unnecessary try-catch wrapping simple statement",
+  description: "AI often wraps simple, non-throwing statements in try-catch blocks with generic console.log/error in the catch. This is hallucinated error handling.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let i = 0;
+    while (i < lines.length) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (trimmed.startsWith("try") && trimmed.includes("{")) {
+        const tryBlock = extractBlock(lines, i);
+        if (tryBlock) {
+          const { bodyLines, catchBodyLines, endLine } = tryBlock;
+          const nonEmptyBody = bodyLines.filter((l) => l.trim().length > 0);
+          const nonEmptyCatch = catchBodyLines.filter((l) => l.trim().length > 0);
+          const isSimpleBody = nonEmptyBody.length <= 2;
+          const isGenericCatch = nonEmptyCatch.length <= 2 && nonEmptyCatch.some(
+            (l) => /console\.(log|error|warn)/.test(l) || /throw\s+(new\s+)?Error/.test(l) || l.trim() === ""
+          );
+          const bodyHasOnlyAssignments = nonEmptyBody.every(
+            (l) => /^\s*(const|let|var)\s+/.test(l) || /^\s*\w+(\.\w+)*\s*=\s*/.test(l) || /^\s*return\s+/.test(l)
+          );
+          if (isSimpleBody && isGenericCatch && bodyHasOnlyAssignments) {
+            issues.push({
+              ruleId: "logic/unnecessary-try-catch",
+              severity: "medium",
+              category: "logic",
+              file: context.filePath,
+              startLine: i + 1,
+              endLine: endLine + 1,
+              message: t(
+                "Unnecessary try-catch wrapping a simple statement with generic error handling. This is likely AI-hallucinated error handling.",
+                "\u4E0D\u5FC5\u8981\u7684 try-catch \u5305\u88F9\u4E86\u7B80\u5355\u8BED\u53E5\uFF0Ccatch \u4E2D\u53EA\u6709\u901A\u7528\u7684\u9519\u8BEF\u65E5\u5FD7\u3002\u8FD9\u5F88\u53EF\u80FD\u662F AI \u5E7B\u89C9\u751F\u6210\u7684\u9519\u8BEF\u5904\u7406\u3002"
+              ),
+              suggestion: t(
+                "Remove the try-catch block or add meaningful error recovery logic.",
+                "\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u6DFB\u52A0\u6709\u610F\u4E49\u7684\u9519\u8BEF\u6062\u590D\u903B\u8F91\u3002"
+              )
+            });
+          }
+          i = endLine + 1;
+          continue;
+        }
+      }
+      i++;
+    }
+    return issues;
+  }
+};
+function extractBlock(lines, tryLineIndex) {
+  let braceCount = 0;
+  let foundTryOpen = false;
+  let tryBodyStart = -1;
+  let tryBodyEnd = -1;
+  let catchStart = -1;
+  let catchBodyStart = -1;
+  let catchBodyEnd = -1;
+  for (let i = tryLineIndex; i < lines.length; i++) {
+    const line = lines[i];
+    for (const ch of line) {
+      if (ch === "{") {
+        braceCount++;
+        if (!foundTryOpen) {
+          foundTryOpen = true;
+          tryBodyStart = i;
+        }
+      } else if (ch === "}") {
+        braceCount--;
+        if (braceCount === 0 && tryBodyEnd === -1) {
+          tryBodyEnd = i;
+        } else if (braceCount === 0 && catchBodyEnd === -1 && catchBodyStart !== -1) {
+          catchBodyEnd = i;
+          break;
+        }
+      }
+    }
+    if (tryBodyEnd !== -1 && catchStart === -1) {
+      if (line.includes("catch")) {
+        catchStart = i;
+      }
+    }
+    if (catchStart !== -1 && catchBodyStart === -1 && line.includes("{")) {
+      catchBodyStart = i;
+    }
+    if (catchBodyEnd !== -1) break;
+  }
+  if (tryBodyStart === -1 || tryBodyEnd === -1 || catchBodyStart === -1 || catchBodyEnd === -1) {
+    return null;
+  }
+  const bodyLines = lines.slice(tryBodyStart + 1, tryBodyEnd);
+  const catchBodyLines = lines.slice(catchBodyStart + 1, catchBodyEnd);
+  return {
+    bodyLines,
+    catchStart,
+    catchBodyLines,
+    endLine: catchBodyEnd
+  };
+}
+
+// src/rules/builtin/over-defensive.ts
+var overDefensiveRule = {
+  id: "logic/over-defensive",
+  category: "logic",
+  severity: "low",
+  title: "Over-defensive coding pattern",
+  description: "AI-generated code often includes excessive null/undefined checks, redundant type guards, and unnecessary validations that the type system already handles.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let consecutiveChecks = 0;
+    let checkStartLine = -1;
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
+      if (isDefensiveCheck(trimmed)) {
+        if (consecutiveChecks === 0) {
+          checkStartLine = i;
+        }
+        consecutiveChecks++;
+      } else if (trimmed.length > 0) {
+        if (consecutiveChecks >= 3) {
+          issues.push({
+            ruleId: "logic/over-defensive",
+            severity: "low",
+            category: "logic",
+            file: context.filePath,
+            startLine: checkStartLine + 1,
+            endLine: i,
+            message: t(
+              `${consecutiveChecks} consecutive defensive checks detected. AI tends to add excessive null/undefined guards.`,
+              `\u68C0\u6D4B\u5230 ${consecutiveChecks} \u4E2A\u8FDE\u7EED\u7684\u9632\u5FA1\u6027\u68C0\u67E5\u3002AI \u503E\u5411\u4E8E\u6DFB\u52A0\u8FC7\u591A\u7684 null/undefined \u5B88\u536B\u3002`
+            ),
+            suggestion: t(
+              "Consider if these checks are necessary \u2014 TypeScript types may already prevent these cases. Remove redundant guards.",
+              "\u8003\u8651\u8FD9\u4E9B\u68C0\u67E5\u662F\u5426\u5FC5\u8981 \u2014 TypeScript \u7C7B\u578B\u53EF\u80FD\u5DF2\u7ECF\u9632\u6B62\u4E86\u8FD9\u4E9B\u60C5\u51B5\u3002\u79FB\u9664\u5197\u4F59\u7684\u5B88\u536B\u3002"
+            )
+          });
+        }
+        consecutiveChecks = 0;
+      }
+    }
+    if (consecutiveChecks >= 3) {
+      issues.push({
+        ruleId: "logic/over-defensive",
+        severity: "low",
+        category: "logic",
+        file: context.filePath,
+        startLine: checkStartLine + 1,
+        endLine: lines.length,
+        message: t(
+          `${consecutiveChecks} consecutive defensive checks detected at end of block.`,
+          `\u5728\u4EE3\u7801\u5757\u672B\u5C3E\u68C0\u6D4B\u5230 ${consecutiveChecks} \u4E2A\u8FDE\u7EED\u7684\u9632\u5FA1\u6027\u68C0\u67E5\u3002`
+        ),
+        suggestion: t(
+          "Review if these defensive checks are truly necessary.",
+          "\u68C0\u67E5\u8FD9\u4E9B\u9632\u5FA1\u6027\u68C0\u67E5\u662F\u5426\u771F\u6B63\u5FC5\u8981\u3002"
+        )
+      });
+    }
+    detectRedundantTypeofChecks(context, lines, issues);
+    return issues;
+  }
+};
+function isDefensiveCheck(line) {
+  const patterns = [
+    /^if\s*\(\s*!?\w+(\.\w+)*\s*(===?|!==?)\s*(null|undefined|''|"")\s*\)/,
+    /^if\s*\(\s*!?\w+(\.\w+)*\s*\)\s*\{?\s*(return|throw)/,
+    /^if\s*\(\s*typeof\s+\w+\s*(===?|!==?)\s*['"]undefined['"]\s*\)/,
+    /^if\s*\(\s*\w+(\.\w+)*\s*==\s*null\s*\)/,
+    /^if\s*\(\s*!\w+(\.\w+)*\s*\)\s*\{?\s*$/,
+    /^\w+(\.\w+)*\s*\?\?=/,
+    /^if\s*\(\s*Array\.isArray\(\w+\)\s*&&\s*\w+\.length\s*(>|>=|===?)\s*0\s*\)/
+  ];
+  return patterns.some((p) => p.test(line));
+}
+function detectRedundantTypeofChecks(context, lines, issues) {
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i].trim();
+    const typeofMatch = trimmed.match(
+      /if\s*\(\s*typeof\s+(\w+)\s*(!==?|===?)\s*['"]undefined['"]\s*\)/
+    );
+    if (typeofMatch) {
+      const varName = typeofMatch[1];
+      const prevLines = lines.slice(Math.max(0, i - 5), i);
+      const hasDeclaration = prevLines.some(
+        (l) => new RegExp(`(const|let|var)\\s+${varName}\\s*[:=]`).test(l)
+      );
+      if (hasDeclaration) {
+        issues.push({
+          ruleId: "logic/over-defensive",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            `Redundant typeof check for "${varName}" \u2014 variable is declared within ${prevLines.length} line(s) above and cannot be undefined.`,
+            `\u5BF9 "${varName}" \u7684 typeof \u68C0\u67E5\u662F\u5197\u4F59\u7684 \u2014 \u53D8\u91CF\u5DF2\u5728\u4E0A\u65B9 ${prevLines.length} \u884C\u5185\u58F0\u660E\uFF0C\u4E0D\u53EF\u80FD\u4E3A undefined\u3002`
+          ),
+          suggestion: t(
+            `Remove the typeof check for "${varName}".`,
+            `\u79FB\u9664\u5BF9 "${varName}" \u7684 typeof \u68C0\u67E5\u3002`
+          )
+        });
+      }
+    }
+  }
+}
+
+// src/rules/builtin/dead-logic.ts
+var deadLogicRule = {
+  id: "logic/dead-branch",
+  category: "logic",
+  severity: "medium",
+  title: "Dead logic branch detected",
+  description: "AI-generated code sometimes contains conditions that are always true or false, unreachable code after return/throw, or assign-then-immediately-reassign patterns.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    detectAlwaysTrueFalse(context, lines, issues);
+    detectCodeAfterReturn(context, lines, issues);
+    detectImmediateReassign(context, lines, issues);
+    return issues;
+  }
+};
+function detectAlwaysTrueFalse(context, lines, issues) {
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i].trim();
+    const alwaysTruePatterns = [
+      /if\s*\(\s*true\s*\)/,
+      /if\s*\(\s*1\s*\)/,
+      /if\s*\(\s*['"].+['"]\s*\)/
+    ];
+    const alwaysFalsePatterns = [
+      /if\s*\(\s*false\s*\)/,
+      /if\s*\(\s*0\s*\)/,
+      /if\s*\(\s*null\s*\)/,
+      /if\s*\(\s*undefined\s*\)/,
+      /if\s*\(\s*''\s*\)/,
+      /if\s*\(\s*""\s*\)/
+    ];
+    for (const pattern of alwaysTruePatterns) {
+      if (pattern.test(trimmed)) {
+        issues.push({
+          ruleId: "logic/dead-branch",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            "Condition is always true \u2014 this branch always executes.",
+            "\u6761\u4EF6\u59CB\u7EC8\u4E3A true \u2014 \u6B64\u5206\u652F\u59CB\u7EC8\u4F1A\u6267\u884C\u3002"
+          ),
+          suggestion: t(
+            "Remove the condition and keep only the body, or fix the logic.",
+            "\u79FB\u9664\u6761\u4EF6\u5224\u65AD\u53EA\u4FDD\u7559\u4E3B\u4F53\uFF0C\u6216\u4FEE\u590D\u903B\u8F91\u3002"
+          )
+        });
+      }
+    }
+    for (const pattern of alwaysFalsePatterns) {
+      if (pattern.test(trimmed)) {
+        issues.push({
+          ruleId: "logic/dead-branch",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 1,
+          message: t(
+            "Condition is always false \u2014 this branch never executes.",
+            "\u6761\u4EF6\u59CB\u7EC8\u4E3A false \u2014 \u6B64\u5206\u652F\u6C38\u8FDC\u4E0D\u4F1A\u6267\u884C\u3002"
+          ),
+          suggestion: t(
+            "Remove the dead branch entirely.",
+            "\u5B8C\u5168\u79FB\u9664\u8BE5\u6B7B\u4EE3\u7801\u5206\u652F\u3002"
+          )
+        });
+      }
+    }
+  }
+}
+function detectCodeAfterReturn(context, lines, issues) {
+  let braceDepth = 0;
+  let lastReturnDepth = -1;
+  let lastReturnLine = -1;
+  for (let i = 0; i < lines.length; i++) {
+    const trimmed = lines[i].trim();
+    for (const ch of trimmed) {
+      if (ch === "{") braceDepth++;
+      if (ch === "}") {
+        if (braceDepth === lastReturnDepth) {
+          lastReturnDepth = -1;
+          lastReturnLine = -1;
+        }
+        braceDepth--;
+      }
+    }
+    if (/^(return|throw)\b/.test(trimmed) && !trimmed.includes("=>")) {
+      const endsOpen = /[{(\[,]$/.test(trimmed) || /^(return|throw)\s*$/.test(trimmed);
+      if (endsOpen) continue;
+      lastReturnDepth = braceDepth;
+      lastReturnLine = i;
+    } else if (lastReturnLine !== -1 && braceDepth === lastReturnDepth && trimmed.length > 0 && trimmed !== "}" && trimmed !== "};" && !trimmed.startsWith("//") && !trimmed.startsWith("case ") && !trimmed.startsWith("default:") && !trimmed.startsWith("default :")) {
+      issues.push({
+        ruleId: "logic/dead-branch",
+        severity: "medium",
+        category: "logic",
+        file: context.filePath,
+        startLine: i + 1,
+        endLine: i + 1,
+        message: t(
+          `Unreachable code after return/throw at line ${lastReturnLine + 1}.`,
+          `\u7B2C ${lastReturnLine + 1} \u884C\u7684 return/throw \u4E4B\u540E\u5B58\u5728\u4E0D\u53EF\u8FBE\u4EE3\u7801\u3002`
+        ),
+        suggestion: t(
+          "Remove unreachable code or restructure the logic.",
+          "\u79FB\u9664\u4E0D\u53EF\u8FBE\u4EE3\u7801\u6216\u91CD\u6784\u903B\u8F91\u3002"
+        )
+      });
+      lastReturnDepth = -1;
+      lastReturnLine = -1;
+    }
+  }
+}
+function detectImmediateReassign(context, lines, issues) {
+  for (let i = 0; i < lines.length - 1; i++) {
+    const current = lines[i].trim();
+    const next = lines[i + 1].trim();
+    const assignMatch = current.match(/^(let|var)\s+(\w+)\s*=\s*.+;?\s*$/);
+    if (assignMatch) {
+      const varName = assignMatch[2];
+      const reassignPattern = new RegExp(`^${varName}\\s*=\\s*.+;?\\s*$`);
+      if (reassignPattern.test(next)) {
+        issues.push({
+          ruleId: "logic/dead-branch",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: i + 2,
+          message: t(
+            `Variable "${varName}" is assigned and immediately reassigned on the next line.`,
+            `\u53D8\u91CF "${varName}" \u8D4B\u503C\u540E\u7ACB\u5373\u5728\u4E0B\u4E00\u884C\u88AB\u91CD\u65B0\u8D4B\u503C\u3002`
+          ),
+          suggestion: t(
+            `Remove the first assignment or combine into a single declaration.`,
+            `\u79FB\u9664\u7B2C\u4E00\u6B21\u8D4B\u503C\uFF0C\u6216\u5408\u5E76\u4E3A\u4E00\u6B21\u58F0\u660E\u3002`
+          )
+        });
+      }
+    }
+  }
+}
+
+// src/parsers/ast.ts
+import { parse, AST_NODE_TYPES } from "@typescript-eslint/typescript-estree";
+
+// src/parsers/walk.ts
+function walkAST(node, visitor, parent = null) {
+  const result = visitor(node, parent);
+  if (result === false) return;
+  for (const key of Object.keys(node)) {
+    if (key === "parent") continue;
+    const child = node[key];
+    if (child && typeof child === "object") {
+      if (Array.isArray(child)) {
+        for (const item of child) {
+          if (isASTNode(item)) {
+            walkAST(item, visitor, node);
+          }
+        }
+      } else if (isASTNode(child)) {
+        walkAST(child, visitor, node);
+      }
+    }
+  }
+}
+function isASTNode(value) {
+  return value !== null && typeof value === "object" && "type" in value;
+}
+
+// src/parsers/ast.ts
+var _astCache = /* @__PURE__ */ new Map();
+function parseCode(code, filePath) {
+  const cacheKey = `${filePath}:${code.length}:${simpleHash(code)}`;
+  const cached = _astCache.get(cacheKey);
+  if (cached) return cached;
+  const ast = parse(code, {
+    loc: true,
+    range: true,
+    comment: true,
+    jsx: filePath.endsWith(".tsx") || filePath.endsWith(".jsx"),
+    filePath
+  });
+  const result = { ast, filePath };
+  _astCache.set(cacheKey, result);
+  if (_astCache.size > 50) {
+    const firstKey = _astCache.keys().next().value;
+    if (firstKey) _astCache.delete(firstKey);
+  }
+  return result;
+}
+function simpleHash(str) {
+  let hash = 0;
+  for (let i = 0; i < str.length; i++) {
+    hash = (hash << 5) - hash + str.charCodeAt(i) | 0;
+  }
+  return hash;
+}
+function extractFunctions(parsed) {
+  const functions = [];
+  visitNode(parsed.ast, functions);
+  return functions;
+}
+function visitNode(root, functions) {
+  const methodBodies = /* @__PURE__ */ new WeakSet();
+  walkAST(root, (node) => {
+    if (node.type === AST_NODE_TYPES.FunctionExpression && methodBodies.has(node)) {
+      return false;
+    }
+    if (node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression || node.type === AST_NODE_TYPES.MethodDefinition) {
+      const info = analyzeFunctionNode(node);
+      if (info) functions.push(info);
+      if (node.type === AST_NODE_TYPES.MethodDefinition) {
+        methodBodies.add(node.value);
+      }
+    }
+    return;
+  });
+}
+function analyzeFunctionNode(node) {
+  let name = "<anonymous>";
+  let params = [];
+  let body = null;
+  if (node.type === AST_NODE_TYPES.FunctionDeclaration) {
+    name = node.id?.name ?? "<anonymous>";
+    params = node.params;
+    body = node.body;
+  } else if (node.type === AST_NODE_TYPES.FunctionExpression) {
+    name = node.id?.name ?? "<anonymous>";
+    params = node.params;
+    body = node.body;
+  } else if (node.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+    name = "<arrow>";
+    params = node.params;
+    body = node.body;
+  } else if (node.type === AST_NODE_TYPES.MethodDefinition) {
+    if (node.key.type === AST_NODE_TYPES.Identifier) {
+      name = node.key.name;
+    }
+    const value = node.value;
+    params = value.params;
+    body = value.body;
+  }
+  if (!body || !node.loc) return null;
+  const startLine = node.loc.start.line;
+  const endLine = node.loc.end.line;
+  return {
+    name,
+    startLine,
+    endLine,
+    lineCount: endLine - startLine + 1,
+    paramCount: params.length,
+    cyclomaticComplexity: body ? calculateCyclomaticComplexity(body) : 1,
+    cognitiveComplexity: body ? calculateCognitiveComplexity(body) : 0,
+    maxNestingDepth: body ? calculateMaxNestingDepth(body) : 0
+  };
+}
+function calculateCyclomaticComplexity(root) {
+  let complexity = 1;
+  walkAST(root, (n) => {
+    switch (n.type) {
+      case AST_NODE_TYPES.IfStatement:
+      case AST_NODE_TYPES.ConditionalExpression:
+      case AST_NODE_TYPES.ForStatement:
+      case AST_NODE_TYPES.ForInStatement:
+      case AST_NODE_TYPES.ForOfStatement:
+      case AST_NODE_TYPES.WhileStatement:
+      case AST_NODE_TYPES.DoWhileStatement:
+      case AST_NODE_TYPES.CatchClause:
+        complexity++;
+        break;
+      case AST_NODE_TYPES.SwitchCase:
+        if (n.test) complexity++;
+        break;
+      case AST_NODE_TYPES.LogicalExpression:
+        if (n.operator === "&&" || n.operator === "||" || n.operator === "??") {
+          complexity++;
+        }
+        break;
+    }
+  });
+  return complexity;
+}
+function calculateCognitiveComplexity(root) {
+  let complexity = 0;
+  const depthMap = /* @__PURE__ */ new WeakMap();
+  depthMap.set(root, 0);
+  walkAST(root, (n, parent) => {
+    const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
+    const isNesting = isNestingNode(n);
+    const depth = isNesting ? parentDepth + 1 : parentDepth;
+    depthMap.set(n, depth);
+    if (isNesting) {
+      complexity += 1 + parentDepth;
+    }
+    if (n.type === AST_NODE_TYPES.LogicalExpression && (n.operator === "&&" || n.operator === "||" || n.operator === "??")) {
+      complexity += 1;
+    }
+  });
+  return complexity;
+}
+function calculateMaxNestingDepth(root) {
+  let maxDepth = 0;
+  const depthMap = /* @__PURE__ */ new WeakMap();
+  depthMap.set(root, 0);
+  walkAST(root, (n, parent) => {
+    const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
+    const isNesting = n.type === AST_NODE_TYPES.IfStatement || n.type === AST_NODE_TYPES.ForStatement || n.type === AST_NODE_TYPES.ForInStatement || n.type === AST_NODE_TYPES.ForOfStatement || n.type === AST_NODE_TYPES.WhileStatement || n.type === AST_NODE_TYPES.DoWhileStatement || n.type === AST_NODE_TYPES.SwitchStatement || n.type === AST_NODE_TYPES.TryStatement;
+    const currentDepth = isNesting ? parentDepth + 1 : parentDepth;
+    depthMap.set(n, currentDepth);
+    if (currentDepth > maxDepth) maxDepth = currentDepth;
+  });
+  return maxDepth;
+}
+function isNestingNode(n) {
+  return n.type === AST_NODE_TYPES.IfStatement || n.type === AST_NODE_TYPES.ForStatement || n.type === AST_NODE_TYPES.ForInStatement || n.type === AST_NODE_TYPES.ForOfStatement || n.type === AST_NODE_TYPES.WhileStatement || n.type === AST_NODE_TYPES.DoWhileStatement || n.type === AST_NODE_TYPES.SwitchStatement || n.type === AST_NODE_TYPES.CatchClause || n.type === AST_NODE_TYPES.ConditionalExpression;
+}
+
+// src/rules/builtin/unused-variables.ts
+var unusedVariablesRule = {
+  id: "logic/unused-variables",
+  category: "logic",
+  severity: "low",
+  title: "Unused variable detected",
+  description: "AI-generated code sometimes declares variables that are never used, indicating incomplete or hallucinated logic.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const declarations = /* @__PURE__ */ new Map();
+    const references = /* @__PURE__ */ new Set();
+    collectDeclarationsAndReferences(ast, declarations, references);
+    for (const [name, info] of declarations) {
+      if (name.startsWith("_")) continue;
+      if (info.kind === "export") continue;
+      if (!references.has(name)) {
+        issues.push({
+          ruleId: "logic/unused-variables",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: info.line,
+          endLine: info.line,
+          message: t(
+            `Variable "${name}" is declared but never used.`,
+            `\u53D8\u91CF "${name}" \u5DF2\u58F0\u660E\u4F46\u4ECE\u672A\u4F7F\u7528\u3002`
+          ),
+          suggestion: t(
+            `Remove the unused variable "${name}" or prefix it with _ if intentionally unused.`,
+            `\u79FB\u9664\u672A\u4F7F\u7528\u7684\u53D8\u91CF "${name}"\uFF0C\u6216\u7528 _ \u524D\u7F00\u6807\u8BB0\u4E3A\u6709\u610F\u5FFD\u7565\u3002`
+          )
+        });
+      }
+    }
+    return issues;
+  }
+};
+function collectDeclarationsAndReferences(root, declarations, references) {
+  const exportedNames = /* @__PURE__ */ new Set();
+  walkAST(root, (node) => {
+    if (node.type === AST_NODE_TYPES.ExportNamedDeclaration) {
+      walkAST(node, (inner) => {
+        if (inner.type === AST_NODE_TYPES.VariableDeclarator && inner.id.type === AST_NODE_TYPES.Identifier) {
+          exportedNames.add(inner.id.name);
+        }
+        if (inner.type === AST_NODE_TYPES.FunctionDeclaration && inner.id) {
+          exportedNames.add(inner.id.name);
+        }
+      });
+    }
+  });
+  walkAST(root, (node, parent) => {
+    const parentType = parent?.type;
+    if (node.type === AST_NODE_TYPES.VariableDeclarator) {
+      if (node.id.type === AST_NODE_TYPES.Identifier) {
+        declarations.set(node.id.name, {
+          line: node.loc?.start.line ?? 0,
+          kind: exportedNames.has(node.id.name) ? "export" : "local"
+        });
+      }
+      if (node.init) {
+        walkAST(node.init, (n) => {
+          if (n.type === AST_NODE_TYPES.Identifier) {
+            references.add(n.name);
+          }
+        });
+      }
+      return false;
+    }
+    if (node.type === AST_NODE_TYPES.FunctionDeclaration && node.id) {
+      declarations.set(node.id.name, {
+        line: node.loc?.start.line ?? 0,
+        kind: exportedNames.has(node.id.name) ? "export" : "local"
+      });
+    }
+    if (node.type === AST_NODE_TYPES.Identifier && parentType !== "VariableDeclarator" && parentType !== "FunctionDeclaration") {
+      references.add(node.name);
+    }
+    return;
+  });
+}
+
+// src/rules/builtin/duplicate-condition.ts
+var duplicateConditionRule = {
+  id: "logic/duplicate-condition",
+  category: "logic",
+  severity: "medium",
+  title: "Duplicate condition in if-else chain",
+  description: "AI-generated code sometimes contains duplicate conditions in if-else chains, making later branches unreachable.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const visited = /* @__PURE__ */ new WeakSet();
+    walkAST(ast, (node) => {
+      if (node.type === AST_NODE_TYPES.IfStatement && !visited.has(node)) {
+        const conditions = [];
+        collectIfElseChainConditions(node, conditions, visited);
+        if (conditions.length >= 2) {
+          const seen = /* @__PURE__ */ new Map();
+          for (const cond of conditions) {
+            if (seen.has(cond.text)) {
+              const firstLine = seen.get(cond.text);
+              issues.push({
+                ruleId: "logic/duplicate-condition",
+                severity: "medium",
+                category: "logic",
+                file: context.filePath,
+                startLine: cond.line,
+                endLine: cond.line,
+                message: t(
+                  `Duplicate condition "${truncate(cond.text, 40)}" \u2014 same condition already checked at line ${firstLine}.`,
+                  `\u91CD\u590D\u6761\u4EF6 "${truncate(cond.text, 40)}" \u2014 \u76F8\u540C\u6761\u4EF6\u5DF2\u5728\u7B2C ${firstLine} \u884C\u68C0\u67E5\u8FC7\u3002`
+                ),
+                suggestion: t(
+                  "Remove the duplicate branch or change the condition.",
+                  "\u79FB\u9664\u91CD\u590D\u7684\u5206\u652F\u6216\u4FEE\u6539\u6761\u4EF6\u3002"
+                )
+              });
+            } else {
+              seen.set(cond.text, cond.line);
+            }
+          }
+        }
+      }
+    });
+    return issues;
+  }
+};
+function collectIfElseChainConditions(node, conditions, visited) {
+  visited.add(node);
+  const condText = stringifyCondition(node.test);
+  conditions.push({ text: condText, line: node.loc?.start.line ?? 0 });
+  if (node.alternate?.type === AST_NODE_TYPES.IfStatement) {
+    collectIfElseChainConditions(node.alternate, conditions, visited);
+  }
+}
+function stringifyCondition(node) {
+  switch (node.type) {
+    case AST_NODE_TYPES.Identifier:
+      return node.name;
+    case AST_NODE_TYPES.Literal:
+      return String(node.value);
+    case AST_NODE_TYPES.BinaryExpression:
+    case AST_NODE_TYPES.LogicalExpression:
+      return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
+    case AST_NODE_TYPES.UnaryExpression:
+      return `${node.operator}${stringifyCondition(node.argument)}`;
+    case AST_NODE_TYPES.MemberExpression:
+      return `${stringifyCondition(node.object)}.${stringifyCondition(node.property)}`;
+    case AST_NODE_TYPES.CallExpression:
+      return `${stringifyCondition(node.callee)}(...)`;
+    default:
+      return `[${node.type}]`;
+  }
+}
+function truncate(s, maxLen) {
+  return s.length > maxLen ? s.slice(0, maxLen) + "..." : s;
+}
+
+// src/rules/builtin/security.ts
+var securityRules = [
+  {
+    id: "security/hardcoded-secret",
+    category: "security",
+    severity: "high",
+    title: "Hardcoded secret or API key",
+    description: "Hardcoded secrets, API keys, passwords, or tokens in source code.",
+    check(context) {
+      const issues = [];
+      const lines = context.fileContent.split("\n");
+      const secretPatterns = [
+        // API keys / tokens
+        { pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*['"`][A-Za-z0-9_\-]{16,}['"`]/i, label: "API key" },
+        { pattern: /(?:secret|token|password|passwd|pwd)\s*[:=]\s*['"`][^'"`]{8,}['"`]/i, label: "secret/password" },
+        // AWS
+        { pattern: /AKIA[0-9A-Z]{16}/, label: "AWS Access Key" },
+        // GitHub
+        { pattern: /gh[ps]_[A-Za-z0-9_]{36,}/i, label: "GitHub Token" },
+        // Generic long hex/base64 strings assigned to key-like variables
+        { pattern: /(?:key|secret|token|auth)\s*[:=]\s*['"`][A-Fa-f0-9]{32,}['"`]/i, label: "hex secret" },
+        // Private key
+        { pattern: /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/, label: "private key" },
+        // JWT
+        { pattern: /eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/, label: "JWT token" }
+      ];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("import ")) continue;
+        if (/process\.env\b/.test(line)) continue;
+        for (const { pattern, label } of secretPatterns) {
+          if (pattern.test(line)) {
+            issues.push({
+              ruleId: "security/hardcoded-secret",
+              severity: "high",
+              category: "security",
+              file: context.filePath,
+              startLine: i + 1,
+              endLine: i + 1,
+              message: t(
+                `Possible hardcoded ${label} detected. Never commit secrets to source code.`,
+                `\u68C0\u6D4B\u5230\u53EF\u80FD\u7684\u786C\u7F16\u7801${label}\u3002\u6C38\u8FDC\u4E0D\u8981\u5C06\u5BC6\u94A5\u63D0\u4EA4\u5230\u6E90\u4EE3\u7801\u4E2D\u3002`
+              ),
+              suggestion: t(
+                "Use environment variables or a secrets manager instead.",
+                "\u8BF7\u6539\u7528\u73AF\u5883\u53D8\u91CF\u6216\u5BC6\u94A5\u7BA1\u7406\u670D\u52A1\u3002"
+              )
+            });
+            break;
+          }
+        }
+      }
+      return issues;
+    }
+  },
+  {
+    id: "security/eval-usage",
+    category: "security",
+    severity: "high",
+    title: "Dangerous eval() usage",
+    description: "eval() can execute arbitrary code and is a major security risk.",
+    check(context) {
+      const issues = [];
+      const lines = context.fileContent.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+        const evalPatterns = [
+          { pattern: /\beval\s*\(/, label: "eval()" },
+          { pattern: /new\s+Function\s*\(/, label: "new Function()" },
+          { pattern: /\b(setTimeout|setInterval)\s*\(\s*['"`]/, label: "setTimeout/setInterval with string" }
+        ];
+        for (const { pattern, label } of evalPatterns) {
+          if (pattern.test(lines[i])) {
+            issues.push({
+              ruleId: "security/eval-usage",
+              severity: "high",
+              category: "security",
+              file: context.filePath,
+              startLine: i + 1,
+              endLine: i + 1,
+              message: t(
+                `Dangerous ${label} detected \u2014 can execute arbitrary code.`,
+                `\u68C0\u6D4B\u5230\u5371\u9669\u7684 ${label} \u2014 \u53EF\u6267\u884C\u4EFB\u610F\u4EE3\u7801\u3002`
+              ),
+              suggestion: t(
+                `Avoid ${label}. Use safer alternatives like JSON.parse() or proper function references.`,
+                `\u907F\u514D\u4F7F\u7528 ${label}\u3002\u4F7F\u7528\u66F4\u5B89\u5168\u7684\u66FF\u4EE3\u65B9\u6848\uFF0C\u5982 JSON.parse() \u6216\u51FD\u6570\u5F15\u7528\u3002`
+              )
+            });
+            break;
+          }
+        }
+      }
+      return issues;
+    }
+  },
+  {
+    id: "security/sql-injection",
+    category: "security",
+    severity: "high",
+    title: "Potential SQL injection",
+    description: "String concatenation or template literals in SQL queries can lead to SQL injection.",
+    check(context) {
+      const issues = [];
+      const lines = context.fileContent.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+        const sqlKeywords = /\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER)\b/i;
+        if (sqlKeywords.test(lines[i])) {
+          if (/\$\{[^}]+\}/.test(lines[i]) || /['"]\s*\+\s*\w+/.test(lines[i])) {
+            issues.push({
+              ruleId: "security/sql-injection",
+              severity: "high",
+              category: "security",
+              file: context.filePath,
+              startLine: i + 1,
+              endLine: i + 1,
+              message: t(
+                "Potential SQL injection \u2014 string interpolation in SQL query.",
+                "\u6F5C\u5728\u7684 SQL \u6CE8\u5165 \u2014 SQL \u67E5\u8BE2\u4E2D\u4F7F\u7528\u4E86\u5B57\u7B26\u4E32\u63D2\u503C\u3002"
+              ),
+              suggestion: t(
+                "Use parameterized queries or prepared statements instead.",
+                "\u8BF7\u6539\u7528\u53C2\u6570\u5316\u67E5\u8BE2\u6216\u9884\u7F16\u8BD1\u8BED\u53E5\u3002"
+              )
+            });
+          }
+        }
+      }
+      return issues;
+    }
+  },
+  {
+    id: "security/dangerous-html",
+    category: "security",
+    severity: "medium",
+    title: "Dangerous HTML manipulation",
+    description: "Direct innerHTML/outerHTML assignment can lead to XSS attacks.",
+    check(context) {
+      const issues = [];
+      const lines = context.fileContent.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+        if (/\.(innerHTML|outerHTML)\s*=/.test(lines[i]) || /dangerouslySetInnerHTML/.test(lines[i])) {
+          issues.push({
+            ruleId: "security/dangerous-html",
+            severity: "medium",
+            category: "security",
+            file: context.filePath,
+            startLine: i + 1,
+            endLine: i + 1,
+            message: t(
+              "Direct HTML assignment detected \u2014 potential XSS vulnerability.",
+              "\u68C0\u6D4B\u5230\u76F4\u63A5 HTML \u8D4B\u503C \u2014 \u53EF\u80FD\u5B58\u5728 XSS \u6F0F\u6D1E\u3002"
+            ),
+            suggestion: t(
+              "Use safe DOM APIs like textContent, or sanitize HTML before insertion.",
+              "\u4F7F\u7528\u5B89\u5168\u7684 DOM API\uFF08\u5982 textContent\uFF09\uFF0C\u6216\u5728\u63D2\u5165\u524D\u5BF9 HTML \u8FDB\u884C\u6E05\u6D17\u3002"
+            )
+          });
+        }
+      }
+      return issues;
+    }
+  }
+];
+
+// src/rules/builtin/empty-catch.ts
+var emptyCatchRule = {
+  id: "logic/empty-catch",
+  category: "logic",
+  severity: "medium",
+  title: "Empty or useless catch block",
+  description: "AI-generated code often includes catch blocks that silently swallow errors (empty body) or pointlessly re-throw the same error without modification.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+      const catchMatch = trimmed.match(/\bcatch\s*\(\s*(\w+)?\s*\)\s*\{/);
+      if (!catchMatch) continue;
+      const catchVarName = catchMatch[1] || "";
+      const blockContent = extractCatchBody(lines, i);
+      if (!blockContent) continue;
+      const { bodyLines, endLine } = blockContent;
+      const meaningful = bodyLines.filter(
+        (l) => l.trim().length > 0 && !l.trim().startsWith("//") && !l.trim().startsWith("*")
+      );
+      if (meaningful.length === 0) {
+        issues.push({
+          ruleId: "logic/empty-catch",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: i + 1,
+          endLine: endLine + 1,
+          message: t(
+            "Empty catch block silently swallows errors. This is a common AI hallucination pattern.",
+            "\u7A7A\u7684 catch \u5757\u9759\u9ED8\u541E\u6389\u4E86\u9519\u8BEF\u3002\u8FD9\u662F\u5E38\u89C1\u7684 AI \u5E7B\u89C9\u6A21\u5F0F\u3002"
+          ),
+          suggestion: t(
+            "Add error handling logic, or remove the try-catch if the operation cannot fail.",
+            "\u6DFB\u52A0\u9519\u8BEF\u5904\u7406\u903B\u8F91\uFF0C\u6216\u5728\u64CD\u4F5C\u4E0D\u4F1A\u629B\u9519\u65F6\u79FB\u9664 try-catch\u3002"
+          )
+        });
+        continue;
+      }
+      if (catchVarName && meaningful.length === 1) {
+        const onlyLine = meaningful[0].trim();
+        if (onlyLine === `throw ${catchVarName};` || onlyLine === `throw ${catchVarName}`) {
+          issues.push({
+            ruleId: "logic/empty-catch",
+            severity: "medium",
+            category: "logic",
+            file: context.filePath,
+            startLine: i + 1,
+            endLine: endLine + 1,
+            message: t(
+              `Catch block only re-throws the original error "${catchVarName}" without modification. The try-catch is pointless.`,
+              `catch \u5757\u4EC5\u539F\u6837\u91CD\u65B0\u629B\u51FA\u9519\u8BEF "${catchVarName}"\uFF0C\u6CA1\u6709\u4EFB\u4F55\u4FEE\u6539\u3002try-catch \u6BEB\u65E0\u610F\u4E49\u3002`
+            ),
+            suggestion: t(
+              "Remove the try-catch block entirely, or wrap the error with additional context.",
+              "\u5B8C\u5168\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u5728\u91CD\u65B0\u629B\u51FA\u65F6\u6DFB\u52A0\u989D\u5916\u7684\u4E0A\u4E0B\u6587\u4FE1\u606F\u3002"
+            )
+          });
+        }
+      }
+    }
+    return issues;
+  }
+};
+function extractCatchBody(lines, catchLineIndex) {
+  const catchLine = lines[catchLineIndex];
+  const catchIdx = catchLine.indexOf("catch");
+  if (catchIdx === -1) return null;
+  let braceCount = 0;
+  let started = false;
+  let bodyStart = -1;
+  for (let i = catchLineIndex; i < lines.length; i++) {
+    const line = lines[i];
+    const startJ = i === catchLineIndex ? catchIdx : 0;
+    for (let j = startJ; j < line.length; j++) {
+      const ch = line[j];
+      if (ch === "{") {
+        braceCount++;
+        if (!started) {
+          started = true;
+          bodyStart = i;
+        }
+      } else if (ch === "}") {
+        braceCount--;
+        if (started && braceCount === 0) {
+          return {
+            bodyLines: lines.slice(bodyStart + 1, i),
+            endLine: i
+          };
+        }
+      }
+    }
+  }
+  return null;
+}
+
+// src/rules/builtin/identical-branches.ts
+var identicalBranchesRule = {
+  id: "logic/identical-branches",
+  category: "logic",
+  severity: "medium",
+  title: "Identical if/else branches",
+  description: "AI-generated code sometimes contains if/else blocks where both branches have identical code, making the condition meaningless.",
+  check(context) {
+    const issues = [];
+    const parsed = parseCode(context.fileContent, context.filePath);
+    if (!parsed) return issues;
+    const source = context.fileContent;
+    walkAST(parsed.ast, (node) => {
+      if (node.type === AST_NODE_TYPES.IfStatement && node.consequent && node.alternate) {
+        if (node.alternate.type === AST_NODE_TYPES.IfStatement) return;
+        const thenCode = extractBlockText(source, node.consequent);
+        const elseCode = extractBlockText(source, node.alternate);
+        if (thenCode && elseCode && thenCode === elseCode && thenCode.length > 0) {
+          issues.push({
+            ruleId: "logic/identical-branches",
+            severity: "medium",
+            category: "logic",
+            file: context.filePath,
+            startLine: node.loc?.start.line ?? 0,
+            endLine: node.loc?.end.line ?? 0,
+            message: t(
+              "The if and else branches contain identical code. The condition is meaningless.",
+              "if \u548C else \u5206\u652F\u5305\u542B\u5B8C\u5168\u76F8\u540C\u7684\u4EE3\u7801\uFF0C\u6761\u4EF6\u5224\u65AD\u6BEB\u65E0\u610F\u4E49\u3002"
+            ),
+            suggestion: t(
+              "Remove the if/else and keep only one copy of the code, or fix the branching logic.",
+              "\u79FB\u9664 if/else\uFF0C\u53EA\u4FDD\u7559\u4E00\u4EFD\u4EE3\u7801\uFF1B\u6216\u4FEE\u590D\u5206\u652F\u903B\u8F91\u3002"
+            )
+          });
+        }
+      }
+    });
+    return issues;
+  }
+};
+function extractBlockText(source, node) {
+  if (!node.range) return "";
+  let text = source.slice(node.range[0], node.range[1]);
+  if (text.startsWith("{")) text = text.slice(1);
+  if (text.endsWith("}")) text = text.slice(0, -1);
+  return text.trim().replace(/\s+/g, " ");
+}
+
+// src/rules/builtin/redundant-else.ts
+var redundantElseRule = {
+  id: "logic/redundant-else",
+  category: "logic",
+  severity: "low",
+  title: "Redundant else after return/throw",
+  description: "AI-generated code often uses else blocks after if blocks that already return/throw. The else is unnecessary and adds nesting.",
+  check(context) {
+    const issues = [];
+    const parsed = parseCode(context.fileContent, context.filePath);
+    if (!parsed) return issues;
+    walkAST(parsed.ast, (node) => {
+      if (node.type === AST_NODE_TYPES.IfStatement && node.consequent && node.alternate && node.alternate.type !== AST_NODE_TYPES.IfStatement) {
+        if (blockEndsWithExit(node.consequent)) {
+          issues.push({
+            ruleId: "logic/redundant-else",
+            severity: "low",
+            category: "logic",
+            file: context.filePath,
+            startLine: node.loc?.start.line ?? 0,
+            endLine: node.loc?.end.line ?? 0,
+            message: t(
+              "Unnecessary else \u2014 the if block already returns/throws. The else adds pointless nesting.",
+              "\u4E0D\u5FC5\u8981\u7684 else \u2014 if \u5757\u5DF2\u7ECF return/throw \u4E86\uFF0Celse \u589E\u52A0\u4E86\u65E0\u610F\u4E49\u7684\u5D4C\u5957\u3002"
+            ),
+            suggestion: t(
+              "Remove the else wrapper and place its code after the if block (early return pattern).",
+              "\u79FB\u9664 else \u5305\u88F9\uFF0C\u5C06\u5176\u4EE3\u7801\u653E\u5728 if \u5757\u4E4B\u540E\uFF08\u63D0\u524D\u8FD4\u56DE\u6A21\u5F0F\uFF09\u3002"
+            )
+          });
+        }
+      }
+      return;
+    });
+    return issues;
+  }
+};
+function blockEndsWithExit(node) {
+  if (node.type === AST_NODE_TYPES.BlockStatement) {
+    if (!Array.isArray(node.body)) return false;
+    const body = node.body;
+    if (body.length === 0) return false;
+    const last = body[body.length - 1];
+    return last.type === AST_NODE_TYPES.ReturnStatement || last.type === AST_NODE_TYPES.ThrowStatement;
+  }
+  return node.type === AST_NODE_TYPES.ReturnStatement || node.type === AST_NODE_TYPES.ThrowStatement;
+}
+
+// src/rules/builtin/console-in-code.ts
+var consoleInCodeRule = {
+  id: "logic/console-in-code",
+  category: "logic",
+  severity: "info",
+  title: "Console statement left in code",
+  description: "AI-generated code often includes console.log/warn/error statements intended for debugging that should be removed or replaced with a proper logger.",
+  check(context) {
+    const issues = [];
+    const lines = context.fileContent.split("\n");
+    const lowerPath = context.filePath.toLowerCase();
+    if (lowerPath.includes("/cli/") || lowerPath.includes("logger") || lowerPath.includes("log.") || lowerPath.endsWith(".test.ts") || lowerPath.endsWith(".test.js") || lowerPath.endsWith(".spec.ts") || lowerPath.endsWith(".spec.js")) {
+      return issues;
+    }
+    let count = 0;
+    const locations = [];
+    let inBlockComment = false;
+    for (let i = 0; i < lines.length; i++) {
+      const trimmed = lines[i].trim();
+      if (inBlockComment) {
+        if (trimmed.includes("*/")) inBlockComment = false;
+        continue;
+      }
+      if (trimmed.startsWith("/*")) {
+        if (!trimmed.includes("*/")) inBlockComment = true;
+        continue;
+      }
+      if (trimmed.startsWith("//")) continue;
+      if (/\bconsole\.(log|warn|error|info|debug|trace)\s*\(/.test(trimmed)) {
+        count++;
+        locations.push(i + 1);
+      }
+    }
+    if (count >= 3) {
+      issues.push({
+        ruleId: "logic/console-in-code",
+        severity: "info",
+        category: "logic",
+        file: context.filePath,
+        startLine: locations[0],
+        endLine: locations[locations.length - 1],
+        message: t(
+          `${count} console statements found. AI-generated code often leaves debug logging that should be removed or replaced with a proper logger.`,
+          `\u53D1\u73B0 ${count} \u4E2A console \u8BED\u53E5\u3002AI \u751F\u6210\u7684\u4EE3\u7801\u7ECF\u5E38\u7559\u4E0B\u8C03\u8BD5\u65E5\u5FD7\uFF0C\u5E94\u8BE5\u79FB\u9664\u6216\u66FF\u6362\u4E3A\u6B63\u5F0F\u7684\u65E5\u5FD7\u5DE5\u5177\u3002`
+        ),
+        suggestion: t(
+          "Remove console statements or replace with a structured logger (e.g. winston, pino).",
+          "\u79FB\u9664 console \u8BED\u53E5\u6216\u66FF\u6362\u4E3A\u7ED3\u6784\u5316\u65E5\u5FD7\u5DE5\u5177\uFF08\u5982 winston\u3001pino\uFF09\u3002"
+        )
+      });
+    }
+    return issues;
+  }
+};
+
+// src/rules/builtin/phantom-import.ts
+import { existsSync } from "fs";
+import { resolve, dirname } from "path";
+var phantomImportRule = {
+  id: "logic/phantom-import",
+  category: "logic",
+  severity: "high",
+  title: "Phantom import \u2014 module does not exist",
+  description: "AI-generated code frequently imports from non-existent relative paths, indicating hallucinated modules or functions.",
+  check(context) {
+    const issues = [];
+    if (!context.filePath || context.filePath === "<unknown>") {
+      return issues;
+    }
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const fileDir = dirname(resolve(context.filePath));
+    walkAST(ast, (node) => {
+      if (node.type === AST_NODE_TYPES.ImportDeclaration) {
+        const source = node.source.value;
+        if (typeof source === "string" && isRelativePath(source)) {
+          if (!resolveModulePath(fileDir, source)) {
+            issues.push({
+              ruleId: "logic/phantom-import",
+              severity: "high",
+              category: "logic",
+              file: context.filePath,
+              startLine: node.loc?.start.line ?? 0,
+              endLine: node.loc?.end.line ?? 0,
+              message: t(
+                `Import from "${source}" \u2014 module does not exist.`,
+                `\u5BFC\u5165 "${source}" \u2014 \u6A21\u5757\u4E0D\u5B58\u5728\u3002`
+              ),
+              suggestion: t(
+                "Verify the import path. The AI may have hallucinated this module.",
+                "\u68C0\u67E5\u5BFC\u5165\u8DEF\u5F84\uFF0CAI \u53EF\u80FD\u7F16\u9020\u4E86\u8FD9\u4E2A\u6A21\u5757\u3002"
+              )
+            });
+          }
+        }
+      }
+      if (node.type === AST_NODE_TYPES.ImportExpression && node.source.type === AST_NODE_TYPES.Literal && typeof node.source.value === "string") {
+        const source = node.source.value;
+        if (isRelativePath(source) && !resolveModulePath(fileDir, source)) {
+          issues.push({
+            ruleId: "logic/phantom-import",
+            severity: "high",
+            category: "logic",
+            file: context.filePath,
+            startLine: node.loc?.start.line ?? 0,
+            endLine: node.loc?.end.line ?? 0,
+            message: t(
+              `Dynamic import "${source}" \u2014 module does not exist.`,
+              `\u52A8\u6001\u5BFC\u5165 "${source}" \u2014 \u6A21\u5757\u4E0D\u5B58\u5728\u3002`
+            ),
+            suggestion: t(
+              "Verify the import path. The AI may have hallucinated this module.",
+              "\u68C0\u67E5\u5BFC\u5165\u8DEF\u5F84\uFF0CAI \u53EF\u80FD\u7F16\u9020\u4E86\u8FD9\u4E2A\u6A21\u5757\u3002"
+            )
+          });
+        }
+      }
+      if (node.type === AST_NODE_TYPES.CallExpression && node.callee.type === AST_NODE_TYPES.Identifier && node.callee.name === "require" && node.arguments.length >= 1 && node.arguments[0].type === AST_NODE_TYPES.Literal && typeof node.arguments[0].value === "string") {
+        const source = node.arguments[0].value;
+        if (isRelativePath(source) && !resolveModulePath(fileDir, source)) {
+          issues.push({
+            ruleId: "logic/phantom-import",
+            severity: "high",
+            category: "logic",
+            file: context.filePath,
+            startLine: node.loc?.start.line ?? 0,
+            endLine: node.loc?.end.line ?? 0,
+            message: t(
+              `Require "${source}" \u2014 module does not exist.`,
+              `Require "${source}" \u2014 \u6A21\u5757\u4E0D\u5B58\u5728\u3002`
+            ),
+            suggestion: t(
+              "Verify the require path. The AI may have hallucinated this module.",
+              "\u68C0\u67E5 require \u8DEF\u5F84\uFF0CAI \u53EF\u80FD\u7F16\u9020\u4E86\u8FD9\u4E2A\u6A21\u5757\u3002"
+            )
+          });
+        }
+      }
+    });
+    return issues;
+  }
+};
+function isRelativePath(source) {
+  return source.startsWith("./") || source.startsWith("../");
+}
+function resolveModulePath(dir, importPath) {
+  const resolved = resolve(dir, importPath);
+  if (existsSync(resolved)) return true;
+  const extMap = {
+    ".js": [".ts", ".tsx"],
+    ".jsx": [".tsx"],
+    ".mjs": [".mts"],
+    ".cjs": [".cts"]
+  };
+  for (const [fromExt, toExts] of Object.entries(extMap)) {
+    if (importPath.endsWith(fromExt)) {
+      const base = resolved.slice(0, -fromExt.length);
+      for (const toExt of toExts) {
+        if (existsSync(base + toExt)) return true;
+      }
+    }
+  }
+  const extensions = [".ts", ".tsx", ".js", ".jsx", ".mts", ".mjs", ".cts", ".cjs", ".json"];
+  for (const ext of extensions) {
+    if (existsSync(resolved + ext)) return true;
+  }
+  for (const ext of extensions) {
+    if (existsSync(resolve(resolved, `index${ext}`))) return true;
+  }
+  return false;
+}
+
+// src/rules/builtin/unused-import.ts
+var unusedImportRule = {
+  id: "logic/unused-import",
+  category: "logic",
+  severity: "low",
+  title: "Unused import",
+  description: "AI-generated code often imports modules or identifiers that are never used in the file.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const imports = [];
+    const namespaceImports = /* @__PURE__ */ new Set();
+    for (const node of ast.body) {
+      if (node.type !== AST_NODE_TYPES.ImportDeclaration) continue;
+      const source = String(node.source.value);
+      const isTypeOnlyImport = node.importKind === "type";
+      for (const spec of node.specifiers) {
+        if (spec.type === AST_NODE_TYPES.ImportNamespaceSpecifier) {
+          namespaceImports.add(spec.local.name);
+          continue;
+        }
+        const isTypeOnlySpec = isTypeOnlyImport || spec.type === AST_NODE_TYPES.ImportSpecifier && spec.importKind === "type";
+        imports.push({
+          name: spec.type === AST_NODE_TYPES.ImportSpecifier ? spec.imported.name : "default",
+          local: spec.local.name,
+          line: spec.loc?.start.line ?? 0,
+          isTypeOnly: isTypeOnlySpec,
+          source
+        });
+      }
+    }
+    if (imports.length === 0) return issues;
+    const references = /* @__PURE__ */ new Set();
+    const importNodes = /* @__PURE__ */ new WeakSet();
+    for (const node of ast.body) {
+      if (node.type === AST_NODE_TYPES.ImportDeclaration) {
+        importNodes.add(node);
+      }
+    }
+    walkAST(ast, (node) => {
+      if (importNodes.has(node)) return false;
+      if (node.type === AST_NODE_TYPES.Identifier) {
+        references.add(node.name);
+      }
+      if (node.type === AST_NODE_TYPES.JSXIdentifier) {
+        references.add(node.name);
+      }
+      return;
+    });
+    const typeRefPattern = /\b([A-Z][A-Za-z0-9]*)\b/g;
+    let match;
+    while ((match = typeRefPattern.exec(context.fileContent)) !== null) {
+      references.add(match[1]);
+    }
+    for (const imp of imports) {
+      if (!references.has(imp.local)) {
+        issues.push({
+          ruleId: "logic/unused-import",
+          severity: "low",
+          category: "logic",
+          file: context.filePath,
+          startLine: imp.line,
+          endLine: imp.line,
+          message: t(
+            `Imported "${imp.local}" from "${imp.source}" is never used.`,
+            `\u4ECE "${imp.source}" \u5BFC\u5165\u7684 "${imp.local}" \u4ECE\u672A\u4F7F\u7528\u3002`
+          ),
+          suggestion: t(
+            `Remove the unused import "${imp.local}".`,
+            `\u79FB\u9664\u672A\u4F7F\u7528\u7684\u5BFC\u5165 "${imp.local}"\u3002`
+          )
+        });
+      }
+    }
+    return issues;
+  }
+};
+
+// src/rules/builtin/missing-await.ts
+var missingAwaitRule = {
+  id: "logic/missing-await",
+  category: "logic",
+  severity: "medium",
+  title: "Missing await on async call",
+  description: "AI-generated code often omits `await` when calling async functions, leading to unhandled promises and race conditions.",
+  check(context) {
+    const issues = [];
+    let ast;
+    try {
+      const parsed = parseCode(context.fileContent, context.filePath);
+      ast = parsed.ast;
+    } catch {
+      return issues;
+    }
+    const asyncFuncNames = /* @__PURE__ */ new Set();
+    collectAsyncFunctionNames(ast, asyncFuncNames);
+    walkAST(ast, (node) => {
+      if (!isAsyncFunction(node)) return;
+      const body = getFunctionBody(node);
+      if (!body) return;
+      walkAST(body, (inner, parent) => {
+        if (inner !== body && isAsyncFunction(inner)) return false;
+        if (inner.type !== AST_NODE_TYPES.CallExpression) return;
+        if (parent?.type === AST_NODE_TYPES.AwaitExpression) return;
+        if (parent?.type === AST_NODE_TYPES.ReturnStatement) return;
+        if (isInsidePromiseChain(inner, parent ?? null)) return;
+        if (parent?.type === AST_NODE_TYPES.VariableDeclarator) return;
+        if (parent?.type === AST_NODE_TYPES.AssignmentExpression) return;
+        if (parent?.type === AST_NODE_TYPES.ArrayExpression) return;
+        if (parent?.type === AST_NODE_TYPES.CallExpression && parent !== inner) return;
+        const callName = getCallName(inner);
+        if (!callName) return;
+        if (!asyncFuncNames.has(callName)) return;
+        issues.push({
+          ruleId: "logic/missing-await",
+          severity: "medium",
+          category: "logic",
+          file: context.filePath,
+          startLine: inner.loc?.start.line ?? 0,
+          endLine: inner.loc?.end.line ?? 0,
+          message: t(
+            `Call to async function "${callName}" is missing "await".`,
+            `\u8C03\u7528\u5F02\u6B65\u51FD\u6570 "${callName}" \u65F6\u7F3A\u5C11 "await"\u3002`
+          ),
+          suggestion: t(
+            `Add "await" before the call: await ${callName}(...)`,
+            `\u5728\u8C03\u7528\u524D\u6DFB\u52A0 "await"\uFF1Aawait ${callName}(...)`
+          )
+        });
+      });
+    });
+    return issues;
+  }
+};
+function collectAsyncFunctionNames(ast, names) {
+  walkAST(ast, (node) => {
+    if (node.type === AST_NODE_TYPES.FunctionDeclaration && node.async && node.id) {
+      names.add(node.id.name);
+    }
+    if (node.type === AST_NODE_TYPES.VariableDeclarator && node.id.type === AST_NODE_TYPES.Identifier && node.init && (node.init.type === AST_NODE_TYPES.ArrowFunctionExpression || node.init.type === AST_NODE_TYPES.FunctionExpression) && node.init.async) {
+      names.add(node.id.name);
+    }
+    if (node.type === AST_NODE_TYPES.MethodDefinition && node.key.type === AST_NODE_TYPES.Identifier && node.value.async) {
+      names.add(node.key.name);
+    }
+  });
+}
+function isAsyncFunction(node) {
+  return node.type === AST_NODE_TYPES.FunctionDeclaration && node.async || node.type === AST_NODE_TYPES.FunctionExpression && node.async || node.type === AST_NODE_TYPES.ArrowFunctionExpression && node.async || node.type === AST_NODE_TYPES.MethodDefinition && node.value.async;
+}
+function getFunctionBody(node) {
+  if (node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+    return node.body;
+  }
+  if (node.type === AST_NODE_TYPES.MethodDefinition) {
+    return node.value.body;
+  }
+  return null;
+}
+function getCallName(node) {
+  const callee = node.callee;
+  if (callee.type === AST_NODE_TYPES.Identifier) {
+    return callee.name;
+  }
+  if (callee.type === AST_NODE_TYPES.MemberExpression && callee.property.type === AST_NODE_TYPES.Identifier) {
+    return callee.property.name;
+  }
+  return null;
+}
+function isInsidePromiseChain(_node, parent) {
+  if (!parent) return false;
+  if (parent.type === AST_NODE_TYPES.MemberExpression && parent.property.type === AST_NODE_TYPES.Identifier && (parent.property.name === "then" || parent.property.name === "catch" || parent.property.name === "finally")) {
+    return true;
+  }
+  return false;
+}
+
+// src/rules/engine.ts
+var BUILTIN_RULES = [
+  unnecessaryTryCatchRule,
+  overDefensiveRule,
+  deadLogicRule,
+  unusedVariablesRule,
+  duplicateConditionRule,
+  ...securityRules,
+  emptyCatchRule,
+  identicalBranchesRule,
+  redundantElseRule,
+  consoleInCodeRule,
+  phantomImportRule,
+  unusedImportRule,
+  missingAwaitRule
+];
+var RuleEngine = class {
+  rules;
+  constructor(config) {
+    this.rules = BUILTIN_RULES.filter(
+      (rule) => !config.rules.disabled.includes(rule.id)
+    );
+  }
+  run(context) {
+    const allIssues = [];
+    for (const rule of this.rules) {
+      try {
+        const issues = rule.check(context);
+        allIssues.push(...issues);
+      } catch (_err) {
+      }
+    }
+    return allIssues;
+  }
+  getRules() {
+    return [...this.rules];
+  }
+  listRules() {
+    return BUILTIN_RULES.map((r) => ({
+      id: r.id,
+      category: r.category,
+      severity: r.severity,
+      title: r.title
+    }));
+  }
+};
+
+// src/core/scorer.ts
+var SEVERITY_PENALTY = {
+  high: 15,
+  medium: 8,
+  low: 3,
+  info: 0
+};
+function calculateDimensionScore(issues) {
+  let score = 100;
+  for (const issue of issues) {
+    score -= SEVERITY_PENALTY[issue.severity] ?? 0;
+  }
+  return {
+    score: Math.max(0, Math.min(100, score)),
+    issues
+  };
+}
+function calculateOverallScore(dimensions, weights) {
+  const score = dimensions.security.score * weights.security + dimensions.logic.score * weights.logic + dimensions.structure.score * weights.structure + dimensions.style.score * weights.style + dimensions.coverage.score * weights.coverage;
+  return Math.round(Math.max(0, Math.min(100, score)));
+}
+function getGrade(score) {
+  if (score >= 90) return "HIGH_TRUST";
+  if (score >= 70) return "REVIEW";
+  if (score >= 50) return "LOW_TRUST";
+  return "UNTRUSTED";
+}
+function getGradeEmoji(grade) {
+  switch (grade) {
+    case "HIGH_TRUST":
+      return "\u2705";
+    case "REVIEW":
+      return "\u26A0\uFE0F";
+    case "LOW_TRUST":
+      return "\u26A0\uFE0F";
+    case "UNTRUSTED":
+      return "\u274C";
+  }
+}
+function getGradeLabel(grade) {
+  const isZh = isZhLocale();
+  if (isZh) {
+    switch (grade) {
+      case "HIGH_TRUST":
+        return "\u9AD8\u4FE1\u4EFB \u2014 \u53EF\u5B89\u5168\u5408\u5E76";
+      case "REVIEW":
+        return "\u5EFA\u8BAE\u5BA1\u67E5";
+      case "LOW_TRUST":
+        return "\u4F4E\u4FE1\u4EFB \u2014 \u9700\u4ED4\u7EC6\u5BA1\u67E5";
+      case "UNTRUSTED":
+        return "\u4E0D\u53EF\u4FE1 \u2014 \u4E0D\u5E94\u5408\u5E76";
+    }
+  }
+  switch (grade) {
+    case "HIGH_TRUST":
+      return "HIGH TRUST \u2014 Safe to merge";
+    case "REVIEW":
+      return "REVIEW RECOMMENDED";
+    case "LOW_TRUST":
+      return "LOW TRUST \u2014 Careful review needed";
+    case "UNTRUSTED":
+      return "UNTRUSTED \u2014 Do not merge without changes";
+  }
+}
+
+// src/analyzers/structure.ts
+var DEFAULT_THRESHOLDS = {
+  maxCyclomaticComplexity: 10,
+  maxCognitiveComplexity: 20,
+  maxFunctionLength: 40,
+  maxNestingDepth: 4,
+  maxParamCount: 5
+};
+function analyzeStructure(code, filePath, thresholds = {}) {
+  const t_ = { ...DEFAULT_THRESHOLDS, ...thresholds };
+  const issues = [];
+  let parsed;
+  try {
+    parsed = parseCode(code, filePath);
+  } catch {
+    return { functions: [], issues: [] };
+  }
+  const functions = extractFunctions(parsed);
+  for (const fn of functions) {
+    if (fn.cyclomaticComplexity > t_.maxCyclomaticComplexity) {
+      issues.push({
+        ruleId: "structure/high-cyclomatic-complexity",
+        severity: fn.cyclomaticComplexity > t_.maxCyclomaticComplexity * 2 ? "high" : "medium",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
+        message: t(
+          `Function "${fn.name}" has cyclomatic complexity of ${fn.cyclomaticComplexity} (threshold: ${t_.maxCyclomaticComplexity}).`,
+          `\u51FD\u6570 "${fn.name}" \u7684\u5708\u590D\u6742\u5EA6\u4E3A ${fn.cyclomaticComplexity}\uFF08\u9608\u503C\uFF1A${t_.maxCyclomaticComplexity}\uFF09\u3002`
+        ),
+        suggestion: t(
+          "Break the function into smaller, simpler functions.",
+          "\u5C06\u51FD\u6570\u62C6\u5206\u4E3A\u66F4\u5C0F\u3001\u66F4\u7B80\u5355\u7684\u51FD\u6570\u3002"
+        )
+      });
+    }
+    if (fn.cognitiveComplexity > t_.maxCognitiveComplexity) {
+      issues.push({
+        ruleId: "structure/high-cognitive-complexity",
+        severity: fn.cognitiveComplexity > t_.maxCognitiveComplexity * 2 ? "high" : "medium",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
+        message: t(
+          `Function "${fn.name}" has cognitive complexity of ${fn.cognitiveComplexity} (threshold: ${t_.maxCognitiveComplexity}).`,
+          `\u51FD\u6570 "${fn.name}" \u7684\u8BA4\u77E5\u590D\u6742\u5EA6\u4E3A ${fn.cognitiveComplexity}\uFF08\u9608\u503C\uFF1A${t_.maxCognitiveComplexity}\uFF09\u3002`
+        ),
+        suggestion: t(
+          "Simplify the function by reducing nesting and breaking out helper functions.",
+          "\u901A\u8FC7\u51CF\u5C11\u5D4C\u5957\u548C\u63D0\u53D6\u8F85\u52A9\u51FD\u6570\u6765\u7B80\u5316\u8BE5\u51FD\u6570\u3002"
+        )
+      });
+    }
+    if (fn.lineCount > t_.maxFunctionLength) {
+      issues.push({
+        ruleId: "structure/long-function",
+        severity: fn.lineCount > t_.maxFunctionLength * 2 ? "high" : "medium",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
+        message: t(
+          `Function "${fn.name}" is ${fn.lineCount} lines long (threshold: ${t_.maxFunctionLength}).`,
+          `\u51FD\u6570 "${fn.name}" \u957F\u8FBE ${fn.lineCount} \u884C\uFF08\u9608\u503C\uFF1A${t_.maxFunctionLength}\uFF09\u3002`
+        ),
+        suggestion: t(
+          "Break the function into smaller units with clear responsibilities.",
+          "\u5C06\u51FD\u6570\u62C6\u5206\u4E3A\u804C\u8D23\u6E05\u6670\u7684\u66F4\u5C0F\u5355\u5143\u3002"
+        )
+      });
+    }
+    if (fn.maxNestingDepth > t_.maxNestingDepth) {
+      issues.push({
+        ruleId: "structure/deep-nesting",
+        severity: fn.maxNestingDepth > t_.maxNestingDepth + 2 ? "high" : "medium",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
+        message: t(
+          `Function "${fn.name}" has nesting depth of ${fn.maxNestingDepth} (threshold: ${t_.maxNestingDepth}).`,
+          `\u51FD\u6570 "${fn.name}" \u7684\u5D4C\u5957\u6DF1\u5EA6\u4E3A ${fn.maxNestingDepth}\uFF08\u9608\u503C\uFF1A${t_.maxNestingDepth}\uFF09\u3002`
+        ),
+        suggestion: t(
+          "Use early returns, guard clauses, or extract nested logic into separate functions.",
+          "\u4F7F\u7528\u63D0\u524D\u8FD4\u56DE\u3001\u5B88\u536B\u8BED\u53E5\uFF0C\u6216\u5C06\u5D4C\u5957\u903B\u8F91\u63D0\u53D6\u5230\u5355\u72EC\u7684\u51FD\u6570\u4E2D\u3002"
+        )
+      });
+    }
+    if (fn.paramCount > t_.maxParamCount) {
+      issues.push({
+        ruleId: "structure/too-many-params",
+        severity: "low",
+        category: "structure",
+        file: filePath,
+        startLine: fn.startLine,
+        endLine: fn.endLine,
+        message: t(
+          `Function "${fn.name}" has ${fn.paramCount} parameters (threshold: ${t_.maxParamCount}).`,
+          `\u51FD\u6570 "${fn.name}" \u6709 ${fn.paramCount} \u4E2A\u53C2\u6570\uFF08\u9608\u503C\uFF1A${t_.maxParamCount}\uFF09\u3002`
+        ),
+        suggestion: t(
+          "Consider using an options object to group related parameters.",
+          "\u8003\u8651\u4F7F\u7528\u9009\u9879\u5BF9\u8C61\u6765\u7EC4\u5408\u76F8\u5173\u53C2\u6570\u3002"
+        )
+      });
+    }
+  }
+  return { functions, issues };
+}
+
+// src/analyzers/style.ts
+function analyzeStyle(code, filePath) {
+  const issues = [];
+  const lines = code.split("\n");
+  let commentLines = 0;
+  let codeLines = 0;
+  let inBlockComment = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.length === 0) continue;
+    if (inBlockComment) {
+      commentLines++;
+      if (trimmed.includes("*/")) inBlockComment = false;
+      continue;
+    }
+    if (trimmed.startsWith("/*")) {
+      commentLines++;
+      if (!trimmed.includes("*/")) inBlockComment = true;
+      continue;
+    }
+    if (trimmed.startsWith("//")) {
+      commentLines++;
+      continue;
+    }
+    codeLines++;
+  }
+  const commentDensity = codeLines > 0 ? commentLines / codeLines : 0;
+  let camelCase = 0;
+  let snakeCase = 0;
+  let pascalCase = 0;
+  let totalIdents = 0;
+  try {
+    const parsed = parseCode(code, filePath);
+    collectNamingStyles(parsed.ast, (style) => {
+      totalIdents++;
+      if (style === "camel") camelCase++;
+      else if (style === "snake") snakeCase++;
+      else if (style === "pascal") pascalCase++;
+    });
+  } catch {
+  }
+  const styles = [
+    { name: "camelCase", count: camelCase },
+    { name: "snake_case", count: snakeCase }
+  ].filter((s) => s.count > 0);
+  if (styles.length > 1 && totalIdents >= 5) {
+    const dominant = styles.reduce((a, b) => a.count > b.count ? a : b);
+    const minority = styles.reduce((a, b) => a.count < b.count ? a : b);
+    const ratio = minority.count / totalIdents;
+    if (ratio > 0.15) {
+      issues.push({
+        ruleId: "style/inconsistent-naming",
+        severity: "low",
+        category: "style",
+        file: filePath,
+        startLine: 1,
+        endLine: lines.length,
+        message: t(
+          `Mixed naming styles: ${dominant.count} ${dominant.name} vs ${minority.count} ${minority.name} identifiers.`,
+          `\u547D\u540D\u98CE\u683C\u6DF7\u7528\uFF1A${dominant.count} \u4E2A ${dominant.name} \u4E0E ${minority.count} \u4E2A ${minority.name} \u6807\u8BC6\u7B26\u3002`
+        ),
+        suggestion: t(
+          `Standardize on ${dominant.name} for consistency.`,
+          `\u7EDF\u4E00\u4F7F\u7528 ${dominant.name} \u4EE5\u4FDD\u6301\u4E00\u81F4\u6027\u3002`
+        )
+      });
+    }
+  }
+  return {
+    issues,
+    stats: {
+      camelCaseCount: camelCase,
+      snakeCaseCount: snakeCase,
+      pascalCaseCount: pascalCase,
+      totalIdentifiers: totalIdents,
+      commentLineCount: commentLines,
+      codeLineCount: codeLines,
+      commentDensity
+    }
+  };
+}
+function detectNamingStyle(name) {
+  if (name.length <= 1) return "other";
+  if (name.startsWith("_") || name === name.toUpperCase()) return "other";
+  if (name.includes("_")) return "snake";
+  if (/^[A-Z]/.test(name)) return "pascal";
+  if (/^[a-z]/.test(name)) return "camel";
+  return "other";
+}
+function collectNamingStyles(root, callback) {
+  walkAST(root, (node) => {
+    if (node.type === AST_NODE_TYPES.VariableDeclarator && node.id.type === AST_NODE_TYPES.Identifier) {
+      const style = detectNamingStyle(node.id.name);
+      if (style !== "other") callback(style);
+    }
+    if (node.type === AST_NODE_TYPES.FunctionDeclaration && node.id) {
+      const style = detectNamingStyle(node.id.name);
+      if (style !== "other") callback(style);
+    }
+  });
+}
+
+// src/analyzers/coverage.ts
+import * as fs from "fs";
+import * as path from "path";
+function analyzeCoverage(code, filePath) {
+  const issues = [];
+  const exportedFunctions = [];
+  const testFile = findTestFile(filePath);
+  const hasTestFile = testFile !== null;
+  try {
+    const parsed = parseCode(code, filePath);
+    const functions = extractFunctions(parsed);
+    for (const fn of functions) {
+      if (fn.name !== "<anonymous>" && fn.name !== "<arrow>") {
+        exportedFunctions.push(fn.name);
+      }
+    }
+    if (exportedFunctions.length >= 2 && !hasTestFile) {
+      const basename2 = path.basename(filePath);
+      if (!basename2.includes(".test.") && !basename2.includes(".spec.") && !basename2.startsWith("test")) {
+        issues.push({
+          ruleId: "coverage/missing-test-file",
+          severity: "low",
+          category: "coverage",
+          file: filePath,
+          startLine: 1,
+          endLine: 1,
+          message: t(
+            `File has ${exportedFunctions.length} functions but no corresponding test file found.`,
+            `\u6587\u4EF6\u6709 ${exportedFunctions.length} \u4E2A\u51FD\u6570\uFF0C\u4F46\u672A\u627E\u5230\u5BF9\u5E94\u7684\u6D4B\u8BD5\u6587\u4EF6\u3002`
+          ),
+          suggestion: t(
+            `Create a test file (e.g., ${suggestTestFileName(filePath)}).`,
+            `\u521B\u5EFA\u6D4B\u8BD5\u6587\u4EF6\uFF08\u5982\uFF1A${suggestTestFileName(filePath)}\uFF09\u3002`
+          )
+        });
+      }
+    }
+  } catch {
+  }
+  return { issues, exportedFunctions, hasTestFile };
+}
+function findTestFile(filePath) {
+  const dir = path.dirname(filePath);
+  const ext = path.extname(filePath);
+  const base = path.basename(filePath, ext);
+  const candidates = [
+    // 同目录
+    path.join(dir, `${base}.test${ext}`),
+    path.join(dir, `${base}.spec${ext}`),
+    // tests/ 目录（复数）
+    path.join(dir, "..", "tests", `${base}.test${ext}`),
+    path.join(dir, "..", "tests", `${base}.spec${ext}`),
+    path.join(dir, "..", "..", "tests", `${base}.test${ext}`),
+    path.join(dir, "..", "..", "tests", `${base}.spec${ext}`),
+    // test/ 目录（单数）
+    path.join(dir, "..", "test", `${base}.test${ext}`),
+    path.join(dir, "..", "test", `${base}.spec${ext}`),
+    // __tests__/ 目录
+    path.join(dir, "__tests__", `${base}.test${ext}`),
+    path.join(dir, "__tests__", `${base}.spec${ext}`)
+  ];
+  for (const candidate of candidates) {
+    if (fs.existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function suggestTestFileName(filePath) {
+  const ext = path.extname(filePath);
+  const base = path.basename(filePath, ext);
+  return `${base}.test${ext}`;
+}
+
+// src/core/engine.ts
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = dirname3(__filename);
+var PKG_VERSION = (() => {
+  try {
+    const pkg2 = JSON.parse(readFileSync(resolve2(__dirname, "../../package.json"), "utf-8"));
+    return pkg2.version;
+  } catch {
+    return "0.1.0";
+  }
+})();
+var ScanEngine = class {
+  config;
+  diffParser;
+  ruleEngine;
+  constructor(config, workDir) {
+    this.config = config;
+    this.diffParser = new DiffParser(workDir);
+    this.ruleEngine = new RuleEngine(config);
+  }
+  async scan(options) {
+    const diffFiles = await this.getDiffFiles(options);
+    const allIssues = [];
+    for (const diffFile of diffFiles) {
+      if (diffFile.status === "deleted") continue;
+      const filePath = resolve2(diffFile.filePath);
+      let fileContent;
+      try {
+        if (existsSync3(filePath)) {
+          fileContent = await readFile(filePath, "utf-8");
+        } else {
+          const content = await this.diffParser.getFileContent(diffFile.filePath);
+          if (!content) continue;
+          fileContent = content;
+        }
+      } catch {
+        continue;
+      }
+      const addedLines = diffFile.hunks.flatMap((hunk) => {
+        const lines = hunk.content.split("\n");
+        const result = [];
+        let currentLine = hunk.newStart;
+        for (const line of lines) {
+          if (line.startsWith("+")) {
+            result.push({ lineNumber: currentLine, content: line.slice(1) });
+            currentLine++;
+          } else if (line.startsWith("-")) {
+          } else {
+            currentLine++;
+          }
+        }
+        return result;
+      });
+      const issues = this.ruleEngine.run({
+        filePath: diffFile.filePath,
+        fileContent,
+        addedLines
+      });
+      allIssues.push(...issues);
+      if (this.isTsJsFile(diffFile.filePath)) {
+        const structureResult = analyzeStructure(fileContent, diffFile.filePath, {
+          maxCyclomaticComplexity: this.config.thresholds["max-cyclomatic-complexity"],
+          maxCognitiveComplexity: this.config.thresholds["max-cognitive-complexity"],
+          maxFunctionLength: this.config.thresholds["max-function-length"],
+          maxNestingDepth: this.config.thresholds["max-nesting-depth"],
+          maxParamCount: this.config.thresholds["max-params"]
+        });
+        allIssues.push(...structureResult.issues);
+        const styleResult = analyzeStyle(fileContent, diffFile.filePath);
+        allIssues.push(...styleResult.issues);
+        const coverageResult = analyzeCoverage(fileContent, diffFile.filePath);
+        allIssues.push(...coverageResult.issues);
+      }
+    }
+    const dimensions = this.groupByDimension(allIssues);
+    const overallScore = calculateOverallScore(dimensions, this.config.weights);
+    const grade = getGrade(overallScore);
+    const commitHash = await this.diffParser.getCurrentCommitHash();
+    return {
+      version: PKG_VERSION,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      commit: commitHash,
+      overall: {
+        score: overallScore,
+        grade,
+        filesScanned: diffFiles.filter((f) => f.status !== "deleted").length,
+        issuesFound: allIssues.length
+      },
+      dimensions,
+      issues: allIssues.sort((a, b) => {
+        const severityOrder = { high: 0, medium: 1, low: 2, info: 3 };
+        return severityOrder[a.severity] - severityOrder[b.severity];
+      })
+    };
+  }
+  async getDiffFiles(options) {
+    if (options.staged) {
+      return this.diffParser.getStagedFiles();
+    }
+    if (options.diff) {
+      return this.diffParser.getDiffFromRef(options.diff);
+    }
+    if (options.files && options.files.length > 0) {
+      return Promise.all(
+        options.files.map(async (filePath) => {
+          let content = "";
+          try {
+            content = await readFile(resolve2(filePath), "utf-8");
+          } catch {
+          }
+          return {
+            filePath,
+            status: "modified",
+            additions: content.split("\n").length,
+            deletions: 0,
+            content,
+            hunks: [
+              {
+                oldStart: 1,
+                oldLines: 0,
+                newStart: 1,
+                newLines: content.split("\n").length,
+                content: content.split("\n").map((l) => "+" + l).join("\n")
+              }
+            ]
+          };
+        })
+      );
+    }
+    return this.diffParser.getChangedFiles();
+  }
+  isTsJsFile(filePath) {
+    return /\.(ts|tsx|js|jsx|mts|mjs|cts|cjs)$/.test(filePath);
+  }
+  groupByDimension(issues) {
+    const categories = [
+      "security",
+      "logic",
+      "structure",
+      "style",
+      "coverage"
+    ];
+    const grouped = {};
+    for (const cat of categories) {
+      const catIssues = issues.filter((i) => i.category === cat);
+      grouped[cat] = calculateDimensionScore(catIssues);
+    }
+    return grouped;
+  }
+};
+
+// src/cli/output/terminal.ts
+import pc from "picocolors";
+import Table from "cli-table3";
+var en = {
+  reportTitle: "\u{1F4CA} CodeTrust Report",
+  overallScore: "Overall Trust Score",
+  dimension: "Dimension",
+  score: "Score",
+  details: "Details",
+  noIssues: "No issues",
+  issuesFound: "{{count}} issue(s) found",
+  issuesHeader: "Issues ({{count}}):",
+  noIssuesFound: "No issues found! \u{1F389}",
+  scanned: "Scanned {{count}} file(s)"
+};
+var zh = {
+  reportTitle: "\u{1F4CA} CodeTrust \u62A5\u544A",
+  overallScore: "\u603B\u4F53\u4FE1\u4EFB\u8BC4\u5206",
+  dimension: "\u7EF4\u5EA6",
+  score: "\u8BC4\u5206",
+  details: "\u8BE6\u60C5",
+  noIssues: "\u65E0\u95EE\u9898",
+  issuesFound: "\u53D1\u73B0 {{count}} \u4E2A\u95EE\u9898",
+  issuesHeader: "\u95EE\u9898\u5217\u8868 ({{count}}):",
+  noIssuesFound: "\u672A\u53D1\u73B0\u95EE\u9898! \u{1F389}",
+  scanned: "\u626B\u63CF\u4E86 {{count}} \u4E2A\u6587\u4EF6"
+};
+function renderTerminalReport(report) {
+  const isZh = isZhLocale();
+  const t2 = isZh ? zh : en;
+  const lines = [];
+  const commitLabel = report.commit ? ` \u2014 commit ${report.commit}` : "";
+  lines.push("");
+  lines.push(pc.bold(`${t2.reportTitle}${commitLabel}`));
+  lines.push(pc.dim("\u2550".repeat(50)));
+  lines.push("");
+  const emoji = getGradeEmoji(report.overall.grade);
+  const label = getGradeLabel(report.overall.grade);
+  const scoreColor = getScoreColor(report.overall.score);
+  lines.push(
+    `${t2.overallScore}: ${scoreColor(pc.bold(String(report.overall.score) + "/100"))} ${emoji} ${pc.bold(label)}`
+  );
+  lines.push("");
+  const table = new Table({
+    head: [
+      pc.bold(t2.dimension),
+      pc.bold(t2.score),
+      pc.bold(t2.details)
+    ],
+    style: { head: [], border: [] },
+    colWidths: [16, 8, 40]
+  });
+  const dimLabels = isZh ? {
+    security: "\u5B89\u5168",
+    logic: "\u903B\u8F91",
+    structure: "\u7ED3\u6784",
+    style: "\u98CE\u683C",
+    coverage: "\u8986\u76D6"
+  } : {
+    security: "Security",
+    logic: "Logic",
+    structure: "Structure",
+    style: "Style",
+    coverage: "Coverage"
+  };
+  const dims = ["security", "logic", "structure", "style", "coverage"];
+  for (const dim of dims) {
+    const d = report.dimensions[dim];
+    const dimEmoji = d.score >= 80 ? "\u2705" : d.score >= 60 ? "\u26A0\uFE0F" : "\u274C";
+    const color = getScoreColor(d.score);
+    const issueCount = d.issues.length;
+    const detail = issueCount === 0 ? pc.green(t2.noIssues) : t2.issuesFound.replace("{{count}}", String(issueCount));
+    table.push([
+      `${dimEmoji} ${dimLabels[dim]}`,
+      color(String(d.score)),
+      detail
+    ]);
+  }
+  lines.push(table.toString());
+  lines.push("");
+  if (report.issues.length > 0) {
+    lines.push(pc.bold(t2.issuesHeader.replace("{{count}}", String(report.issues.length))));
+    lines.push("");
+    for (const issue of report.issues) {
+      lines.push(formatIssue(issue, isZh));
+    }
+  } else {
+    lines.push(pc.green(pc.bold(t2.noIssuesFound)));
+  }
+  lines.push("");
+  lines.push(
+    pc.dim(`${t2.scanned.replace("{{count}}", String(report.overall.filesScanned))} \u2022 ${new Date(report.timestamp).toLocaleString()}`)
+  );
+  lines.push("");
+  return lines.join("\n");
+}
+function formatIssue(issue, isZh) {
+  const severityLabel = formatSeverity(issue.severity, isZh);
+  const location = pc.dim(`${issue.file}:${issue.startLine}-${issue.endLine}`);
+  const message = issue.message;
+  const suggestion = issue.suggestion ? `
+           ${pc.dim("\u{1F4A1} " + issue.suggestion)}` : "";
+  return `  ${severityLabel} ${location}
+           ${message}${suggestion}
+`;
+}
+function formatSeverity(severity, isZh) {
+  if (isZh) {
+    switch (severity) {
+      case "high":
+        return pc.red(pc.bold("\u274C \u9AD8  "));
+      case "medium":
+        return pc.yellow(pc.bold("\u26A0\uFE0F \u4E2D"));
+      case "low":
+        return pc.cyan(pc.bold("\u2139\uFE0F \u4F4E  "));
+      case "info":
+        return pc.dim("\u{1F4DD} \u63D0\u793A ");
+      default:
+        return severity;
+    }
+  }
+  switch (severity) {
+    case "high":
+      return pc.red(pc.bold("\u274C HIGH  "));
+    case "medium":
+      return pc.yellow(pc.bold("\u26A0\uFE0F MEDIUM"));
+    case "low":
+      return pc.cyan(pc.bold("\u2139\uFE0F LOW   "));
+    case "info":
+      return pc.dim("\u{1F4DD} INFO  ");
+    default:
+      return severity;
+  }
+}
+function getScoreColor(score) {
+  if (score >= 90) return pc.green;
+  if (score >= 70) return pc.yellow;
+  if (score >= 50) return pc.magenta;
+  return pc.red;
+}
+
+// src/cli/output/json.ts
+function renderJsonReport(report) {
+  return JSON.stringify(report, null, 2);
+}
+
+// src/cli/commands/scan.ts
+function createScanCommand() {
+  const cmd = new Command("scan").description("Scan code changes for trust issues").argument("[files...]", "Specific files to scan").option("--staged", "Scan only git staged files").option("--diff <ref>", "Scan diff against a git ref (e.g. HEAD~1, origin/main)").option("--format <format>", "Output format: terminal, json", "terminal").option("--min-score <score>", "Minimum trust score threshold", "0").action(async (files, opts) => {
+    try {
+      const config = await loadConfig();
+      const engine = new ScanEngine(config);
+      const scanOptions = {
+        staged: opts.staged,
+        diff: opts.diff,
+        files: files.length > 0 ? files : void 0,
+        format: opts.format,
+        minScore: parseInt(opts.minScore, 10)
+      };
+      const report = await engine.scan(scanOptions);
+      if (opts.format === "json") {
+        console.log(renderJsonReport(report));
+      } else {
+        console.log(renderTerminalReport(report));
+      }
+      if (scanOptions.minScore && scanOptions.minScore > 0 && report.overall.score < scanOptions.minScore) {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (err instanceof Error) {
+        console.error(`Error: ${err.message}`);
+      } else {
+        console.error("An unexpected error occurred");
+      }
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/cli/commands/report.ts
+import { Command as Command2 } from "commander";
+function createReportCommand() {
+  const cmd = new Command2("report").description("Generate a trust report for recent changes").option("--json", "Output as JSON").option("--diff <ref>", "Diff against a git ref", "HEAD~1").action(async (opts) => {
+    try {
+      const config = await loadConfig();
+      const engine = new ScanEngine(config);
+      const report = await engine.scan({ diff: opts.diff });
+      if (opts.json) {
+        console.log(renderJsonReport(report));
+      } else {
+        console.log(renderTerminalReport(report));
+      }
+    } catch (err) {
+      if (err instanceof Error) {
+        console.error(`Error: ${err.message}`);
+      } else {
+        console.error("An unexpected error occurred");
+      }
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/cli/commands/init.ts
+import { writeFile } from "fs/promises";
+import { existsSync as existsSync4 } from "fs";
+import { resolve as resolve3 } from "path";
+import { Command as Command3 } from "commander";
+import pc2 from "picocolors";
+function createInitCommand() {
+  const cmd = new Command3("init").description("Initialize CodeTrust configuration file").action(async () => {
+    const configPath = resolve3(".codetrust.yml");
+    if (existsSync4(configPath)) {
+      console.log(pc2.yellow("\u26A0\uFE0F  .codetrust.yml already exists. Skipping."));
+      return;
+    }
+    try {
+      await writeFile(configPath, generateDefaultConfig(), "utf-8");
+      console.log(pc2.green("\u2705 Created .codetrust.yml"));
+      console.log(pc2.dim("   Edit this file to customize scan behavior."));
+    } catch (err) {
+      if (err instanceof Error) {
+        console.error(pc2.red(`Error creating config: ${err.message}`));
+      }
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/cli/commands/rules.ts
+import { Command as Command4 } from "commander";
+import pc3 from "picocolors";
+import Table2 from "cli-table3";
+function createRulesCommand() {
+  const cmd = new Command4("rules").description("Manage analysis rules");
+  cmd.command("list").description("List all available rules").action(async () => {
+    const config = await loadConfig();
+    const ruleEngine = new RuleEngine(config);
+    const rules = ruleEngine.listRules();
+    const table = new Table2({
+      head: [
+        pc3.bold("ID"),
+        pc3.bold("Category"),
+        pc3.bold("Severity"),
+        pc3.bold("Title")
+      ],
+      style: { head: [], border: [] }
+    });
+    for (const rule of rules) {
+      const isDisabled = config.rules.disabled.includes(rule.id);
+      const id = isDisabled ? pc3.strikethrough(pc3.dim(rule.id)) : rule.id;
+      const status = isDisabled ? pc3.dim(" (disabled)") : "";
+      table.push([
+        id + status,
+        rule.category,
+        formatSeverity2(rule.severity),
+        rule.title
+      ]);
+    }
+    console.log("");
+    console.log(pc3.bold("\u{1F4CB} CodeTrust Rules"));
+    console.log("");
+    console.log(table.toString());
+    console.log("");
+    console.log(pc3.dim(`Total: ${rules.length} rules`));
+  });
+  return cmd;
+}
+function formatSeverity2(severity) {
+  switch (severity) {
+    case "high":
+      return pc3.red("HIGH");
+    case "medium":
+      return pc3.yellow("MEDIUM");
+    case "low":
+      return pc3.cyan("LOW");
+    case "info":
+      return pc3.dim("INFO");
+    default:
+      return severity;
+  }
+}
+
+// src/cli/commands/hook.ts
+import { writeFile as writeFile2, chmod, mkdir } from "fs/promises";
+import { existsSync as existsSync5 } from "fs";
+import { resolve as resolve4, join as join2 } from "path";
+import { Command as Command5 } from "commander";
+import pc4 from "picocolors";
+var HOOK_CONTENT = `#!/bin/sh
+# CodeTrust pre-commit hook
+codetrust scan --staged --min-score 70 --format terminal
+if [ $? -ne 0 ]; then
+  echo ""
+  echo "CodeTrust: Trust score below threshold. Use --no-verify to bypass."
+  exit 1
+fi
+`;
+function createHookCommand() {
+  const cmd = new Command5("hook").description("Manage git hooks");
+  cmd.command("install").description("Install pre-commit hook").action(async () => {
+    const gitDir = resolve4(".git");
+    if (!existsSync5(gitDir)) {
+      console.error(pc4.red("Error: Not a git repository."));
+      process.exit(1);
+    }
+    const hooksDir = join2(gitDir, "hooks");
+    const hookPath = join2(hooksDir, "pre-commit");
+    try {
+      if (!existsSync5(hooksDir)) {
+        await mkdir(hooksDir, { recursive: true });
+      }
+      if (existsSync5(hookPath)) {
+        console.log(pc4.yellow("\u26A0\uFE0F  pre-commit hook already exists. Skipping."));
+        console.log(pc4.dim("   Remove .git/hooks/pre-commit to reinstall."));
+        return;
+      }
+      await writeFile2(hookPath, HOOK_CONTENT, "utf-8");
+      await chmod(hookPath, "755");
+      console.log(pc4.green("\u2705 Installed pre-commit hook"));
+      console.log(pc4.dim("   CodeTrust will run on every commit."));
+      console.log(pc4.dim("   Use --no-verify to bypass."));
+    } catch (err) {
+      if (err instanceof Error) {
+        console.error(pc4.red(`Error installing hook: ${err.message}`));
+      }
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/cli/index.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname4, resolve as resolve5 } from "path";
+var __filename2 = fileURLToPath2(import.meta.url);
+var __dirname2 = dirname4(__filename2);
+var pkg = JSON.parse(readFileSync2(resolve5(__dirname2, "../../package.json"), "utf-8"));
+var program = new Command6();
+program.name("codetrust").description("AI code trust verification tool \u2014 verify AI-generated code with deterministic algorithms").version(pkg.version);
+program.addCommand(createScanCommand());
+program.addCommand(createReportCommand());
+program.addCommand(createInitCommand());
+program.addCommand(createRulesCommand());
+program.addCommand(createHookCommand());
+program.parse();
+//# sourceMappingURL=index.js.map