@gulu9527/code-trust 0.3.0 → 0.3.2

package/dist/cli/index.js

@@ -104,6 +104,7 @@ thresholds:
   min-score: 70
   max-function-length: 40
   max-cyclomatic-complexity: 10
+  max-cognitive-complexity: 20
   max-nesting-depth: 4
   max-params: 5
 
@@ -128,33 +129,64 @@ import { fileURLToPath } from "url";
 
 // src/parsers/diff.ts
 import simpleGit from "simple-git";
+var GIT_DIFF_UNIFIED = "--unified=3";
+var SHORT_HASH_LENGTH = 7;
 var DiffParser = class {
   git;
   constructor(workDir) {
     this.git = simpleGit(workDir);
   }
   async getStagedFiles() {
-    const diffDetail = await this.git.diff(["--cached", "--unified=3"]);
+    const diffDetail = await this.git.diff(["--cached", GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getDiffFromRef(ref) {
-    const diffDetail = await this.git.diff([ref, "--unified=3"]);
+    const diffDetail = await this.git.diff([ref, GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getChangedFiles() {
-    const diffDetail = await this.git.diff(["--unified=3"]);
-    const stagedDetail = await this.git.diff(["--cached", "--unified=3"]);
-    const allDiff = diffDetail + "\n" + stagedDetail;
-    return this.parseDiffOutput(allDiff);
+    const diffDetail = await this.git.diff([GIT_DIFF_UNIFIED]);
+    const stagedDetail = await this.git.diff(["--cached", GIT_DIFF_UNIFIED]);
+    const unstagedFiles = this.parseDiffOutput(diffDetail);
+    const stagedFiles = this.parseDiffOutput(stagedDetail);
+    return this.mergeDiffFiles(unstagedFiles, stagedFiles);
+  }
+  /**
+   * Merge two sets of diff files, deduplicating by file path.
+   * When a file appears in both, merge their hunks and combine stats.
+   */
+  mergeDiffFiles(unstaged, staged) {
+    const fileMap = /* @__PURE__ */ new Map();
+    for (const file of unstaged) {
+      fileMap.set(file.filePath, file);
+    }
+    for (const file of staged) {
+      const existing = fileMap.get(file.filePath);
+      if (existing) {
+        fileMap.set(file.filePath, {
+          ...existing,
+          // Combine additions/deletions
+          additions: existing.additions + file.additions,
+          deletions: existing.deletions + file.deletions,
+          // Merge hunks (preserve order: staged first, then unstaged)
+          hunks: [...file.hunks, ...existing.hunks],
+          // Status: if either is 'added', treat as added; otherwise keep modified
+          status: existing.status === "added" || file.status === "added" ? "added" : "modified"
+        });
+      } else {
+        fileMap.set(file.filePath, file);
+      }
+    }
+    return Array.from(fileMap.values());
   }
   async getLastCommitDiff() {
-    const diffDetail = await this.git.diff(["HEAD~1", "HEAD", "--unified=3"]);
+    const diffDetail = await this.git.diff(["HEAD~1", "HEAD", GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getCurrentCommitHash() {
     try {
       const hash = await this.git.revparse(["HEAD"]);
-      return hash.trim().slice(0, 7);
+      return hash.trim().slice(0, SHORT_HASH_LENGTH);
     } catch {
       return void 0;
     }
@@ -180,9 +212,18 @@ var DiffParser = class {
   }
   parseFileDiff(fileDiff) {
     const lines = fileDiff.split("\n");
-    const headerMatch = lines[0]?.match(/a\/(.+?) b\/(.+)/);
-    if (!headerMatch) return null;
-    const filePath = headerMatch[2];
+    let filePath = null;
+    for (const line of lines) {
+      if (line.startsWith("+++ b/")) {
+        filePath = line.slice(6);
+        break;
+      }
+    }
+    if (!filePath) {
+      const headerMatch = lines[0]?.match(/a\/(.+?) b\/(.+)/);
+      if (!headerMatch) return null;
+      filePath = headerMatch[2];
+    }
     let status = "modified";
     let additions = 0;
     let deletions = 0;
@@ -286,6 +327,144 @@ function t(en2, zh2) {
   return isZhLocale() ? zh2 : en2;
 }
 
+// src/rules/brace-utils.ts
+function countBracesInLine(line, startJ, initialDepth, inBlockComment) {
+  let depth = initialDepth;
+  let i = startJ;
+  while (i < line.length) {
+    if (inBlockComment.value) {
+      const closeIdx = line.indexOf("*/", i);
+      if (closeIdx === -1) return depth;
+      inBlockComment.value = false;
+      i = closeIdx + 2;
+      continue;
+    }
+    const ch = line[i];
+    if (ch === "/" && line[i + 1] === "/") return depth;
+    if (ch === "/" && line[i + 1] === "*") {
+      inBlockComment.value = true;
+      i += 2;
+      continue;
+    }
+    if (ch === "'" || ch === '"') {
+      i = skipStringLiteral(line, i, ch);
+      continue;
+    }
+    if (ch === "`") {
+      i = skipTemplateLiteral(line, i);
+      continue;
+    }
+    if (ch === "/" && i > 0) {
+      const prevNonSpace = findPrevNonSpace(line, i);
+      if (prevNonSpace !== -1 && "=(!|&:,;[{?+->~%^".includes(line[prevNonSpace])) {
+        i = skipRegexpLiteral(line, i);
+        continue;
+      }
+    }
+    if (ch === "{") depth++;
+    if (ch === "}") depth--;
+    i++;
+  }
+  return depth;
+}
+function skipStringLiteral(line, start, quote) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === quote) return i + 1;
+    i++;
+  }
+  return i;
+}
+function skipTemplateLiteral(line, start) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === "`") return i + 1;
+    i++;
+  }
+  return i;
+}
+function skipRegexpLiteral(line, start) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === "/") return i + 1;
+    i++;
+  }
+  return i;
+}
+function findPrevNonSpace(line, pos) {
+  for (let i = pos - 1; i >= 0; i--) {
+    if (line[i] !== " " && line[i] !== "	") return i;
+  }
+  return -1;
+}
+function extractBraceBlock(lines, startLineIndex, startCol) {
+  let depth = 0;
+  let started = false;
+  let bodyStart = -1;
+  const blockComment = { value: false };
+  for (let i = startLineIndex; i < lines.length; i++) {
+    const startJ = i === startLineIndex ? startCol : 0;
+    const line = lines[i];
+    let j = startJ;
+    while (j < line.length) {
+      if (blockComment.value) {
+        const closeIdx = line.indexOf("*/", j);
+        if (closeIdx === -1) {
+          j = line.length;
+          continue;
+        }
+        blockComment.value = false;
+        j = closeIdx + 2;
+        continue;
+      }
+      const ch = line[j];
+      if (ch === "/" && line[j + 1] === "/") break;
+      if (ch === "/" && line[j + 1] === "*") {
+        blockComment.value = true;
+        j += 2;
+        continue;
+      }
+      if (ch === "'" || ch === '"') {
+        j = skipStringLiteral(line, j, ch);
+        continue;
+      }
+      if (ch === "`") {
+        j = skipTemplateLiteral(line, j);
+        continue;
+      }
+      if (ch === "{") {
+        depth++;
+        if (!started) {
+          started = true;
+          bodyStart = i;
+        }
+      } else if (ch === "}") {
+        depth--;
+        if (started && depth === 0) {
+          return {
+            bodyLines: lines.slice(bodyStart + 1, i),
+            endLine: i
+          };
+        }
+      }
+      j++;
+    }
+  }
+  return null;
+}
+
 // src/rules/builtin/unnecessary-try-catch.ts
 var unnecessaryTryCatchRule = {
   id: "logic/unnecessary-try-catch",
@@ -301,38 +480,53 @@ var unnecessaryTryCatchRule = {
       const line = lines[i];
       const trimmed = line.trim();
       if (trimmed.startsWith("try") && trimmed.includes("{")) {
-        const tryBlock = extractBlock(lines, i);
+        const tryCol = line.indexOf("try");
+        const tryBlock = extractBraceBlock(lines, i, tryCol);
         if (tryBlock) {
-          const { bodyLines, catchBodyLines, endLine } = tryBlock;
-          const nonEmptyBody = bodyLines.filter((l) => l.trim().length > 0);
-          const nonEmptyCatch = catchBodyLines.filter((l) => l.trim().length > 0);
-          const isSimpleBody = nonEmptyBody.length <= 2;
-          const isGenericCatch = nonEmptyCatch.length <= 2 && nonEmptyCatch.some(
-            (l) => /console\.(log|error|warn)/.test(l) || /throw\s+(new\s+)?Error/.test(l) || l.trim() === ""
-          );
-          const bodyHasOnlyAssignments = nonEmptyBody.every(
-            (l) => /^\s*(const|let|var)\s+/.test(l) || /^\s*\w+(\.\w+)*\s*=\s*/.test(l) || /^\s*return\s+/.test(l)
-          );
-          if (isSimpleBody && isGenericCatch && bodyHasOnlyAssignments) {
-            issues.push({
-              ruleId: "logic/unnecessary-try-catch",
-              severity: "medium",
-              category: "logic",
-              file: context.filePath,
-              startLine: i + 1,
-              endLine: endLine + 1,
-              message: t(
-                "Unnecessary try-catch wrapping a simple statement with generic error handling. This is likely AI-hallucinated error handling.",
-                "\u4E0D\u5FC5\u8981\u7684 try-catch \u5305\u88F9\u4E86\u7B80\u5355\u8BED\u53E5\uFF0Ccatch \u4E2D\u53EA\u6709\u901A\u7528\u7684\u9519\u8BEF\u65E5\u5FD7\u3002\u8FD9\u5F88\u53EF\u80FD\u662F AI \u5E7B\u89C9\u751F\u6210\u7684\u9519\u8BEF\u5904\u7406\u3002"
-              ),
-              suggestion: t(
-                "Remove the try-catch block or add meaningful error recovery logic.",
-                "\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u6DFB\u52A0\u6709\u610F\u4E49\u7684\u9519\u8BEF\u6062\u590D\u903B\u8F91\u3002"
-              )
-            });
+          const { bodyLines: tryBodyLines, endLine: tryEndLine } = tryBlock;
+          let catchLineIdx = -1;
+          for (let k = tryEndLine; k < Math.min(tryEndLine + 2, lines.length); k++) {
+            if (lines[k].includes("catch")) {
+              catchLineIdx = k;
+              break;
+            }
+          }
+          if (catchLineIdx !== -1) {
+            const catchCol = lines[catchLineIdx].indexOf("catch");
+            const catchBlock = extractBraceBlock(lines, catchLineIdx, catchCol);
+            if (catchBlock) {
+              const { bodyLines: catchBodyLines, endLine: catchEndLine } = catchBlock;
+              const nonEmptyBody = tryBodyLines.filter((l) => l.trim().length > 0);
+              const nonEmptyCatch = catchBodyLines.filter((l) => l.trim().length > 0);
+              const isSimpleBody = nonEmptyBody.length <= 2;
+              const isGenericCatch = nonEmptyCatch.length <= 2 && nonEmptyCatch.some(
+                (l) => /console\.(log|error|warn)/.test(l) || /throw\s+(new\s+)?Error/.test(l) || l.trim() === ""
+              );
+              const bodyHasOnlyAssignments = nonEmptyBody.every(
+                (l) => /^\s*(const|let|var)\s+/.test(l) || /^\s*\w+(\.\w+)*\s*=\s*/.test(l) || /^\s*return\s+/.test(l)
+              );
+              if (isSimpleBody && isGenericCatch && bodyHasOnlyAssignments) {
+                issues.push({
+                  ruleId: "logic/unnecessary-try-catch",
+                  severity: "medium",
+                  category: "logic",
+                  file: context.filePath,
+                  startLine: i + 1,
+                  endLine: catchEndLine + 1,
+                  message: t(
+                    "Unnecessary try-catch wrapping a simple statement with generic error handling. This is likely AI-hallucinated error handling.",
+                    "\u4E0D\u5FC5\u8981\u7684 try-catch \u5305\u88F9\u4E86\u7B80\u5355\u8BED\u53E5\uFF0Ccatch \u4E2D\u53EA\u6709\u901A\u7528\u7684\u9519\u8BEF\u65E5\u5FD7\u3002\u8FD9\u5F88\u53EF\u80FD\u662F AI \u5E7B\u89C9\u751F\u6210\u7684\u9519\u8BEF\u5904\u7406\u3002"
+                  ),
+                  suggestion: t(
+                    "Remove the try-catch block or add meaningful error recovery logic.",
+                    "\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u6DFB\u52A0\u6709\u610F\u4E49\u7684\u9519\u8BEF\u6062\u590D\u903B\u8F91\u3002"
+                  )
+                });
+              }
+              i = catchEndLine + 1;
+              continue;
+            }
           }
-          i = endLine + 1;
-          continue;
         }
       }
       i++;
@@ -340,55 +534,6 @@ var unnecessaryTryCatchRule = {
     return issues;
   }
 };
-function extractBlock(lines, tryLineIndex) {
-  let braceCount = 0;
-  let foundTryOpen = false;
-  let tryBodyStart = -1;
-  let tryBodyEnd = -1;
-  let catchStart = -1;
-  let catchBodyStart = -1;
-  let catchBodyEnd = -1;
-  for (let i = tryLineIndex; i < lines.length; i++) {
-    const line = lines[i];
-    for (const ch of line) {
-      if (ch === "{") {
-        braceCount++;
-        if (!foundTryOpen) {
-          foundTryOpen = true;
-          tryBodyStart = i;
-        }
-      } else if (ch === "}") {
-        braceCount--;
-        if (braceCount === 0 && tryBodyEnd === -1) {
-          tryBodyEnd = i;
-        } else if (braceCount === 0 && catchBodyEnd === -1 && catchBodyStart !== -1) {
-          catchBodyEnd = i;
-          break;
-        }
-      }
-    }
-    if (tryBodyEnd !== -1 && catchStart === -1) {
-      if (line.includes("catch")) {
-        catchStart = i;
-      }
-    }
-    if (catchStart !== -1 && catchBodyStart === -1 && line.includes("{")) {
-      catchBodyStart = i;
-    }
-    if (catchBodyEnd !== -1) break;
-  }
-  if (tryBodyStart === -1 || tryBodyEnd === -1 || catchBodyStart === -1 || catchBodyEnd === -1) {
-    return null;
-  }
-  const bodyLines = lines.slice(tryBodyStart + 1, tryBodyEnd);
-  const catchBodyLines = lines.slice(catchBodyStart + 1, catchBodyEnd);
-  return {
-    bodyLines,
-    catchStart,
-    catchBodyLines,
-    endLine: catchBodyEnd
-  };
-}
 
 // src/rules/builtin/over-defensive.ts
 var overDefensiveRule = {
@@ -577,18 +722,10 @@ function detectCodeAfterReturn(context, lines, issues) {
   let braceDepth = 0;
   let lastReturnDepth = -1;
   let lastReturnLine = -1;
+  const blockComment = { value: false };
   for (let i = 0; i < lines.length; i++) {
     const trimmed = lines[i].trim();
-    for (const ch of trimmed) {
-      if (ch === "{") braceDepth++;
-      if (ch === "}") {
-        if (braceDepth === lastReturnDepth) {
-          lastReturnDepth = -1;
-          lastReturnLine = -1;
-        }
-        braceDepth--;
-      }
-    }
+    braceDepth = countBracesInLine(lines[i], 0, braceDepth, blockComment);
     if (/^(return|throw)\b/.test(trimmed) && !trimmed.includes("=>")) {
       const endsOpen = /[[{(,]$/.test(trimmed) || /^(return|throw)\s*$/.test(trimmed);
       if (endsOpen) continue;
@@ -614,6 +751,10 @@ function detectCodeAfterReturn(context, lines, issues) {
       lastReturnDepth = -1;
       lastReturnLine = -1;
     }
+    if (braceDepth < lastReturnDepth) {
+      lastReturnDepth = -1;
+      lastReturnLine = -1;
+    }
   }
 }
 function detectImmediateReassign(context, lines, issues) {
@@ -647,7 +788,21 @@ function detectImmediateReassign(context, lines, issues) {
 }
 
 // src/rules/fix-utils.ts
-function lineStartOffset(content, lineNumber) {
+function buildLineOffsets(content) {
+  const offsets = [0];
+  for (let i = 0; i < content.length; i++) {
+    if (content[i] === "\n") {
+      offsets.push(i + 1);
+    }
+  }
+  return offsets;
+}
+function lineStartOffset(content, lineNumber, offsets) {
+  if (offsets) {
+    const idx = lineNumber - 1;
+    if (idx < 0 || idx >= offsets.length) return content.length;
+    return offsets[idx];
+  }
   let offset = 0;
   const lines = content.split("\n");
   for (let i = 0; i < lineNumber - 1 && i < lines.length; i++) {
@@ -655,12 +810,13 @@ function lineStartOffset(content, lineNumber) {
   }
   return offset;
 }
-function lineRange(content, lineNumber) {
-  const lines = content.split("\n");
+function lineRange(content, lineNumber, offsets) {
+  const table = offsets ?? buildLineOffsets(content);
   const lineIndex = lineNumber - 1;
-  if (lineIndex < 0 || lineIndex >= lines.length) return [0, 0];
-  const start = lineStartOffset(content, lineNumber);
-  const end = start + lines[lineIndex].length + (lineIndex < lines.length - 1 ? 1 : 0);
+  if (lineIndex < 0 || lineIndex >= table.length) return [0, 0];
+  const start = table[lineIndex];
+  const nextLineStart = lineIndex + 1 < table.length ? table[lineIndex + 1] : content.length;
+  const end = lineIndex + 1 < table.length ? nextLineStart : nextLineStart;
   return [start, end];
 }
 
@@ -726,12 +882,12 @@ function extractFunctions(parsed) {
 }
 function visitNode(root, functions) {
   const methodBodies = /* @__PURE__ */ new WeakSet();
-  walkAST(root, (node) => {
+  walkAST(root, (node, parent) => {
     if (node.type === AST_NODE_TYPES.FunctionExpression && methodBodies.has(node)) {
       return false;
     }
     if (node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression || node.type === AST_NODE_TYPES.MethodDefinition) {
-      const info = analyzeFunctionNode(node);
+      const info = analyzeFunctionNode(node, parent);
       if (info) functions.push(info);
       if (node.type === AST_NODE_TYPES.MethodDefinition) {
         methodBodies.add(node.value);
@@ -740,7 +896,7 @@ function visitNode(root, functions) {
     return;
   });
 }
-function analyzeFunctionNode(node) {
+function analyzeFunctionNode(node, parent) {
   let name = "<anonymous>";
   let params = [];
   let body = null;
@@ -753,7 +909,11 @@ function analyzeFunctionNode(node) {
     params = node.params;
     body = node.body;
   } else if (node.type === AST_NODE_TYPES.ArrowFunctionExpression) {
-    name = "<arrow>";
+    if (parent?.type === AST_NODE_TYPES.VariableDeclarator && parent.id.type === AST_NODE_TYPES.Identifier) {
+      name = parent.id.name;
+    } else {
+      name = "<arrow>";
+    }
     params = node.params;
     body = node.body;
   } else if (node.type === AST_NODE_TYPES.MethodDefinition) {
@@ -781,6 +941,9 @@ function analyzeFunctionNode(node) {
 function calculateCyclomaticComplexity(root) {
   let complexity = 1;
   walkAST(root, (n) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     switch (n.type) {
       case AST_NODE_TYPES.IfStatement:
       case AST_NODE_TYPES.ConditionalExpression:
@@ -809,6 +972,9 @@ function calculateCognitiveComplexity(root) {
   const depthMap = /* @__PURE__ */ new WeakMap();
   depthMap.set(root, 0);
   walkAST(root, (n, parent) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
     const isNesting = isNestingNode(n);
     const depth = isNesting ? parentDepth + 1 : parentDepth;
@@ -827,6 +993,9 @@ function calculateMaxNestingDepth(root) {
   const depthMap = /* @__PURE__ */ new WeakMap();
   depthMap.set(root, 0);
   walkAST(root, (n, parent) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
     const isNesting = n.type === AST_NODE_TYPES.IfStatement || n.type === AST_NODE_TYPES.ForStatement || n.type === AST_NODE_TYPES.ForInStatement || n.type === AST_NODE_TYPES.ForOfStatement || n.type === AST_NODE_TYPES.WhileStatement || n.type === AST_NODE_TYPES.DoWhileStatement || n.type === AST_NODE_TYPES.SwitchStatement || n.type === AST_NODE_TYPES.TryStatement;
     const currentDepth = isNesting ? parentDepth + 1 : parentDepth;
@@ -934,7 +1103,24 @@ function collectDeclarationsAndReferences(root, declarations, references) {
         kind: exportedNames.has(node.id.name) ? "export" : "local"
       });
     }
-    if (node.type === AST_NODE_TYPES.Identifier && parentType !== "VariableDeclarator" && parentType !== "FunctionDeclaration") {
+    if (node.type === AST_NODE_TYPES.ClassDeclaration && node.id) {
+      declarations.set(node.id.name, {
+        line: node.loc?.start.line ?? 0,
+        kind: exportedNames.has(node.id.name) ? "export" : "local"
+      });
+    }
+    const declarationParentTypes = /* @__PURE__ */ new Set([
+      "VariableDeclarator",
+      "FunctionDeclaration",
+      "ClassDeclaration",
+      "MethodDefinition",
+      "TSEnumDeclaration",
+      "TSEnumMember",
+      "TSTypeAliasDeclaration",
+      "TSInterfaceDeclaration",
+      "TSModuleDeclaration"
+    ]);
+    if (node.type === AST_NODE_TYPES.Identifier && !declarationParentTypes.has(parentType ?? "")) {
       references.add(node.name);
     }
     return;
@@ -1008,16 +1194,38 @@ function stringifyCondition(node) {
     case AST_NODE_TYPES.Literal:
       return String(node.value);
     case AST_NODE_TYPES.BinaryExpression:
+      return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
     case AST_NODE_TYPES.LogicalExpression:
       return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
     case AST_NODE_TYPES.UnaryExpression:
       return `${node.operator}${stringifyCondition(node.argument)}`;
     case AST_NODE_TYPES.MemberExpression:
       return `${stringifyCondition(node.object)}.${stringifyCondition(node.property)}`;
-    case AST_NODE_TYPES.CallExpression:
-      return `${stringifyCondition(node.callee)}(...)`;
+    case AST_NODE_TYPES.CallExpression: {
+      const args = node.arguments.map((arg) => stringifyCondition(arg)).join(", ");
+      return `${stringifyCondition(node.callee)}(${args})`;
+    }
+    case AST_NODE_TYPES.ConditionalExpression:
+      return `${stringifyCondition(node.test)} ? ${stringifyCondition(node.consequent)} : ${stringifyCondition(node.alternate)}`;
+    case AST_NODE_TYPES.TemplateLiteral:
+      return `\`template@${node.loc?.start.line}:${node.loc?.start.column}\``;
+    case AST_NODE_TYPES.ArrayExpression:
+      return `[${node.elements.map((e) => e ? stringifyCondition(e) : "empty").join(", ")}]`;
+    case AST_NODE_TYPES.ObjectExpression:
+      return `{obj@${node.loc?.start.line}:${node.loc?.start.column}}`;
+    case AST_NODE_TYPES.AssignmentExpression:
+      return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
+    case AST_NODE_TYPES.NewExpression:
+      return `new ${stringifyCondition(node.callee)}(${node.arguments.map((a) => stringifyCondition(a)).join(", ")})`;
+    case AST_NODE_TYPES.TSAsExpression:
+    case AST_NODE_TYPES.TSNonNullExpression:
+      return stringifyCondition(node.expression);
+    case AST_NODE_TYPES.AwaitExpression:
+      return `await ${stringifyCondition(node.argument)}`;
+    case AST_NODE_TYPES.ChainExpression:
+      return stringifyCondition(node.expression);
     default:
-      return `[${node.type}]`;
+      return `[${node.type}@${node.loc?.start.line}:${node.loc?.start.column}]`;
   }
 }
 function truncate(s, maxLen) {
@@ -1176,9 +1384,11 @@ var securityRules = [
       const issues = [];
       const lines = context.fileContent.split("\n");
       for (let i = 0; i < lines.length; i++) {
-        const trimmed = lines[i].trim();
+        const line = lines[i];
+        const trimmed = line.trim();
         if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
-        if (/\.(innerHTML|outerHTML)\s*=/.test(lines[i]) || /dangerouslySetInnerHTML/.test(lines[i])) {
+        const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "").replace(/\/[^/]+\/[dgimsuvy]*/g, '""');
+        if (/\.(innerHTML|outerHTML)\s*=/.test(cleaned) || /dangerouslySetInnerHTML/.test(cleaned)) {
           issues.push({
             ruleId: "security/dangerous-html",
             severity: "medium",
@@ -1227,7 +1437,8 @@ var emptyCatchRule = {
       const catchMatch = trimmed.match(/\bcatch\s*\(\s*(\w+)?\s*\)\s*\{/);
       if (!catchMatch) continue;
       const catchVarName = catchMatch[1] || "";
-      const blockContent = extractCatchBody(lines, i);
+      const catchIdx = lines[i].indexOf("catch");
+      const blockContent = extractBraceBlock(lines, i, catchIdx);
       if (!blockContent) continue;
       const { bodyLines, endLine } = blockContent;
       const meaningful = bodyLines.filter(
@@ -1277,37 +1488,6 @@ var emptyCatchRule = {
     return issues;
   }
 };
-function extractCatchBody(lines, catchLineIndex) {
-  const catchLine = lines[catchLineIndex];
-  const catchIdx = catchLine.indexOf("catch");
-  if (catchIdx === -1) return null;
-  let braceCount = 0;
-  let started = false;
-  let bodyStart = -1;
-  for (let i = catchLineIndex; i < lines.length; i++) {
-    const line = lines[i];
-    const startJ = i === catchLineIndex ? catchIdx : 0;
-    for (let j = startJ; j < line.length; j++) {
-      const ch = line[j];
-      if (ch === "{") {
-        braceCount++;
-        if (!started) {
-          started = true;
-          bodyStart = i;
-        }
-      } else if (ch === "}") {
-        braceCount--;
-        if (started && braceCount === 0) {
-          return {
-            bodyLines: lines.slice(bodyStart + 1, i),
-            endLine: i
-          };
-        }
-      }
-    }
-  }
-  return null;
-}
 
 // src/rules/builtin/identical-branches.ts
 var identicalBranchesRule = {
@@ -1654,10 +1834,25 @@ var unusedImportRule = {
       }
       return;
     });
-    const typeRefPattern = /\b([A-Z][A-Za-z0-9]*)\b/g;
-    let match;
-    while ((match = typeRefPattern.exec(context.fileContent)) !== null) {
-      references.add(match[1]);
+    const codeLines = context.fileContent.split("\n");
+    let inBlock = false;
+    for (const codeLine of codeLines) {
+      const trimmedCode = codeLine.trim();
+      if (inBlock) {
+        if (trimmedCode.includes("*/")) inBlock = false;
+        continue;
+      }
+      if (trimmedCode.startsWith("/*")) {
+        if (!trimmedCode.includes("*/")) inBlock = true;
+        continue;
+      }
+      if (trimmedCode.startsWith("//") || trimmedCode.startsWith("*")) continue;
+      const cleaned = codeLine.replace(/\/\/.*$/, "").replace(/\/\*.*?\*\//g, "").replace(/'(?:[^'\\]|\\.)*'/g, "").replace(/"(?:[^"\\]|\\.)*"/g, "").replace(/`(?:[^`\\]|\\.)*`/g, "");
+      const typeRefPattern = /\b([A-Z][A-Za-z0-9]*)\b/g;
+      let match;
+      while ((match = typeRefPattern.exec(cleaned)) !== null) {
+        references.add(match[1]);
+      }
     }
     for (const imp of imports) {
       if (!references.has(imp.local)) {
@@ -1706,6 +1901,9 @@ var missingAwaitRule = {
       const body = getFunctionBody(node);
       if (!body) return;
       walkAST(body, (inner, parent) => {
+        if (inner.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+          return;
+        }
         if (inner !== body && isAsyncFunction(inner)) return false;
         if (inner.type !== AST_NODE_TYPES.CallExpression) return;
         if (parent?.type === AST_NODE_TYPES.AwaitExpression) return;
@@ -1715,6 +1913,9 @@ var missingAwaitRule = {
         if (parent?.type === AST_NODE_TYPES.AssignmentExpression) return;
         if (parent?.type === AST_NODE_TYPES.ArrayExpression) return;
         if (parent?.type === AST_NODE_TYPES.CallExpression && parent !== inner) return;
+        if (parent?.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+          return;
+        }
         const callName = getCallName(inner);
         if (!callName) return;
         if (!asyncFuncNames.has(callName)) return;
@@ -1926,9 +2127,28 @@ var typeCoercionRule = {
 var ALLOWED_NUMBERS = /* @__PURE__ */ new Set([
   -1,
   0,
+  0.1,
+  0.1,
+  0.15,
+  0.2,
+  0.2,
+  0.25,
+  0.3,
+  0.3,
+  0.5,
   1,
   2,
+  3,
+  4,
+  5,
   10,
+  15,
+  20,
+  30,
+  40,
+  50,
+  70,
+  90,
   100
 ]);
 var magicNumberRule = {
@@ -1957,6 +2177,7 @@ var magicNumberRule = {
       if (/^\s*(export\s+)?enum\s/.test(line)) continue;
       if (trimmed.startsWith("import ")) continue;
       if (/^\s*return\s+[0-9]+\s*;?\s*$/.test(line)) continue;
+      if (/^\s*['"]?[-\w]+['"]?\s*:\s*-?\d+\.?\d*(?:e[+-]?\d+)?\s*,?\s*$/.test(trimmed)) continue;
       const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "");
       const numRegex = /(?<![.\w])(-?\d+\.?\d*(?:e[+-]?\d+)?)\b/gi;
       let match;
@@ -2053,6 +2274,17 @@ var nestedTernaryRule = {
 // src/rules/builtin/duplicate-string.ts
 var MIN_STRING_LENGTH = 6;
 var MIN_OCCURRENCES = 3;
+var IGNORED_LITERALS = /* @__PURE__ */ new Set([
+  "high",
+  "medium",
+  "low",
+  "info",
+  "logic",
+  "security",
+  "structure",
+  "style",
+  "coverage"
+]);
 var duplicateStringRule = {
   id: "logic/duplicate-string",
   category: "logic",
@@ -2083,6 +2315,7 @@ var duplicateStringRule = {
       while ((match = stringRegex.exec(cleaned)) !== null) {
         const value = match[2];
         if (value.length < MIN_STRING_LENGTH) continue;
+        if (IGNORED_LITERALS.has(value)) continue;
         if (value.includes("${")) continue;
         if (value.startsWith("http") || value.startsWith("/")) continue;
         if (value.startsWith("test") || value.startsWith("mock")) continue;
@@ -2352,13 +2585,28 @@ var promiseVoidRule = {
       /^save/,
       /^load/,
       /^send/,
-      /^delete/,
       /^update/,
       /^create/,
       /^connect/,
       /^disconnect/,
       /^init/
     ];
+    const syncMethods = [
+      "delete",
+      // Map.delete(), Set.delete(), Object.delete() are synchronous
+      "has",
+      // Map.has(), Set.has() are synchronous
+      "get",
+      // Map.get() is synchronous
+      "set",
+      // Map.set() is synchronous (though some consider it potentially async)
+      "keys",
+      // Object.keys() is synchronous
+      "values",
+      // Object.values() is synchronous
+      "entries"
+      // Object.entries() is synchronous
+    ];
     walkAST(ast, (node) => {
       if (node.type !== AST_NODE_TYPES.ExpressionStatement) return;
       const expr = node.expression;
@@ -2369,6 +2617,7 @@ var promiseVoidRule = {
       const isKnownAsync = asyncFnNames.has(fnName);
       const matchesPattern = commonAsyncPatterns.some((p) => p.test(fnName));
       const endsWithAsync = fnName.endsWith("Async") || fnName.endsWith("async");
+      if (syncMethods.includes(fnName)) return;
       if (!isKnownAsync && !matchesPattern && !endsWithAsync) return;
       const line = node.loc?.start.line ?? 0;
       if (line === 0) return;
@@ -2729,13 +2978,20 @@ var SEVERITY_PENALTY = {
   low: 3,
   info: 0
 };
+var DIMINISHING_FACTOR = 0.7;
 function calculateDimensionScore(issues) {
   let score = 100;
+  const severityCounts = {};
   for (const issue of issues) {
-    score -= SEVERITY_PENALTY[issue.severity] ?? 0;
+    const base = SEVERITY_PENALTY[issue.severity] ?? 0;
+    if (base === 0) continue;
+    const n = severityCounts[issue.severity] ?? 0;
+    severityCounts[issue.severity] = n + 1;
+    const penalty = base * Math.pow(DIMINISHING_FACTOR, n);
+    score -= penalty;
   }
   return {
-    score: Math.max(0, Math.min(100, score)),
+    score: Math.round(Math.max(0, Math.min(100, score)) * 10) / 10,
     issues
   };
 }
@@ -3088,7 +3344,7 @@ var PKG_VERSION = (() => {
   }
 })();
 var REPORT_SCHEMA_VERSION = "1.0.0";
-var FINGERPRINT_VERSION = "1";
+var FINGERPRINT_VERSION = "2";
 var ScanEngine = class {
   config;
   diffParser;
@@ -3120,7 +3376,11 @@ var ScanEngine = class {
       }
     }
     const issuesWithFingerprints = this.attachFingerprints(allIssues);
-    const dimensions = this.groupByDimension(issuesWithFingerprints);
+    const baseline = await this.loadBaseline(options.baseline);
+    const issuesWithLifecycle = this.attachLifecycle(issuesWithFingerprints, baseline);
+    const fixedIssues = this.getFixedIssues(issuesWithLifecycle, baseline);
+    const lifecycle = this.buildLifecycleSummary(issuesWithLifecycle, fixedIssues, baseline);
+    const dimensions = this.groupByDimension(issuesWithLifecycle);
     const overallScore = calculateOverallScore(dimensions, this.config.weights);
     const grade = getGrade(overallScore);
     const commitHash = await this.diffParser.getCurrentCommitHash();
@@ -3134,7 +3394,7 @@ var ScanEngine = class {
         score: overallScore,
         grade,
         filesScanned,
-        issuesFound: issuesWithFingerprints.length
+        issuesFound: issuesWithLifecycle.length
       },
       toolHealth: {
         rulesExecuted,
@@ -3147,70 +3407,75 @@ var ScanEngine = class {
         ruleFailures
       },
       dimensions,
-      issues: issuesWithFingerprints.sort((a, b) => {
+      issues: issuesWithLifecycle.sort((a, b) => {
         const severityOrder = { high: 0, medium: 1, low: 2, info: 3 };
         return severityOrder[a.severity] - severityOrder[b.severity];
-      })
+      }),
+      lifecycle,
+      fixedIssues
     };
   }
   async scanFile(diffFile) {
     if (diffFile.status === "deleted") {
-      return {
-        issues: [],
-        ruleFailures: [],
-        rulesExecuted: 0,
-        rulesFailed: 0,
-        scanErrors: [
-          {
-            type: "deleted-file",
-            file: diffFile.filePath,
-            message: `Skipped deleted file: ${diffFile.filePath}`
-          }
-        ],
-        scanned: false
-      };
+      return this.createSkippedResult(diffFile, "deleted-file", `Skipped deleted file: ${diffFile.filePath}`);
     }
     if (!this.isTsJsFile(diffFile.filePath)) {
-      return {
-        issues: [],
-        ruleFailures: [],
-        rulesExecuted: 0,
-        rulesFailed: 0,
-        scanErrors: [
-          {
-            type: "unsupported-file-type",
-            file: diffFile.filePath,
-            message: `Skipped unsupported file type: ${diffFile.filePath}`
-          }
-        ],
-        scanned: false
-      };
+      return this.createSkippedResult(diffFile, "unsupported-file-type", `Skipped unsupported file type: ${diffFile.filePath}`);
     }
+    const fileContent = await this.readFileContent(diffFile);
+    if (!fileContent) {
+      return this.createErrorResult(diffFile, "missing-file-content", `Unable to read file content for ${diffFile.filePath}`);
+    }
+    const addedLines = this.extractAddedLines(diffFile);
+    const ruleResult = this.ruleEngine.runWithDiagnostics({
+      filePath: diffFile.filePath,
+      fileContent,
+      addedLines
+    });
+    const issues = [...ruleResult.issues];
+    issues.push(...this.runStructureAnalysis(fileContent, diffFile.filePath));
+    issues.push(...analyzeStyle(fileContent, diffFile.filePath).issues);
+    issues.push(...analyzeCoverage(fileContent, diffFile.filePath).issues);
+    return {
+      issues,
+      ruleFailures: ruleResult.ruleFailures,
+      rulesExecuted: ruleResult.rulesExecuted,
+      rulesFailed: ruleResult.rulesFailed,
+      scanErrors: [],
+      scanned: true
+    };
+  }
+  createSkippedResult(diffFile, type, message) {
+    return {
+      issues: [],
+      ruleFailures: [],
+      rulesExecuted: 0,
+      rulesFailed: 0,
+      scanErrors: [{ type, file: diffFile.filePath, message }],
+      scanned: false
+    };
+  }
+  createErrorResult(diffFile, type, message) {
+    return {
+      issues: [],
+      ruleFailures: [],
+      rulesExecuted: 0,
+      rulesFailed: 0,
+      scanErrors: [{ type, file: diffFile.filePath, message }],
+      scanned: false
+    };
+  }
+  async readFileContent(diffFile) {
     const filePath = resolve2(diffFile.filePath);
-    let fileContent;
     try {
-      fileContent = await readFile(filePath, "utf-8");
+      return await readFile(filePath, "utf-8");
     } catch {
       const content = await this.diffParser.getFileContent(diffFile.filePath);
-      if (!content) {
-        return {
-          issues: [],
-          ruleFailures: [],
-          rulesExecuted: 0,
-          rulesFailed: 0,
-          scanErrors: [
-            {
-              type: "missing-file-content",
-              file: diffFile.filePath,
-              message: `Unable to read file content for ${diffFile.filePath}`
-            }
-          ],
-          scanned: false
-        };
-      }
-      fileContent = content;
+      return content ?? null;
     }
-    const addedLines = diffFile.hunks.flatMap((hunk) => {
+  }
+  extractAddedLines(diffFile) {
+    return diffFile.hunks.flatMap((hunk) => {
       const lines = hunk.content.split("\n");
       const result = [];
       let currentLine = hunk.newStart;
@@ -3225,32 +3490,15 @@ var ScanEngine = class {
       }
       return result;
     });
-    const ruleResult = this.ruleEngine.runWithDiagnostics({
-      filePath: diffFile.filePath,
-      fileContent,
-      addedLines
-    });
-    const issues = [...ruleResult.issues];
-    const structureResult = analyzeStructure(fileContent, diffFile.filePath, {
+  }
+  runStructureAnalysis(fileContent, filePath) {
+    return analyzeStructure(fileContent, filePath, {
       maxCyclomaticComplexity: this.config.thresholds["max-cyclomatic-complexity"],
       maxCognitiveComplexity: this.config.thresholds["max-cognitive-complexity"],
       maxFunctionLength: this.config.thresholds["max-function-length"],
       maxNestingDepth: this.config.thresholds["max-nesting-depth"],
       maxParamCount: this.config.thresholds["max-params"]
-    });
-    issues.push(...structureResult.issues);
-    const styleResult = analyzeStyle(fileContent, diffFile.filePath);
-    issues.push(...styleResult.issues);
-    const coverageResult = analyzeCoverage(fileContent, diffFile.filePath);
-    issues.push(...coverageResult.issues);
-    return {
-      issues,
-      ruleFailures: ruleResult.ruleFailures,
-      rulesExecuted: ruleResult.rulesExecuted,
-      rulesFailed: ruleResult.rulesFailed,
-      scanErrors: [],
-      scanned: true
-    };
+    }).issues;
   }
   async getScanCandidates(options) {
     const scanMode = this.getScanMode(options);
@@ -3291,7 +3539,7 @@ var ScanEngine = class {
     }
     return "changed";
   }
-  async getDiffFiles(options) {
+  getDiffFiles(options) {
     if (options.staged) {
       return this.diffParser.getStagedFiles();
     }
@@ -3348,13 +3596,14 @@ var ScanEngine = class {
     const occurrenceCounts = /* @__PURE__ */ new Map();
     return issues.map((issue) => {
       const normalizedFile = this.normalizeRelativePath(issue.file);
-      const locationComponent = `${issue.startLine}:${issue.endLine}`;
+      const contentSource = issue.codeSnippet ? issue.codeSnippet : `${issue.startLine}:${issue.endLine}`;
+      const contentDigest = createHash("sha256").update(contentSource).digest("hex").slice(0, 16);
       const baseKey = [
         issue.ruleId,
         normalizedFile,
         issue.category,
         issue.severity,
-        locationComponent
+        contentDigest
       ].join("|");
       const occurrenceIndex = occurrenceCounts.get(baseKey) ?? 0;
       occurrenceCounts.set(baseKey, occurrenceIndex + 1);
@@ -3372,18 +3621,110 @@ var ScanEngine = class {
     const relativePath = relative(process.cwd(), absolutePath) || filePath;
     return relativePath.split(sep).join("/");
   }
+  async loadBaseline(baselinePath) {
+    if (!baselinePath) {
+      return void 0;
+    }
+    const baselineContent = await readFile(resolve2(baselinePath), "utf-8");
+    const parsed = JSON.parse(baselineContent);
+    const issues = this.parseBaselineIssues(parsed.issues);
+    return {
+      issues,
+      fingerprintSet: new Set(issues.map((issue) => issue.fingerprint)),
+      commit: typeof parsed.commit === "string" ? parsed.commit : void 0,
+      timestamp: typeof parsed.timestamp === "string" ? parsed.timestamp : void 0
+    };
+  }
+  parseBaselineIssues(input) {
+    if (!Array.isArray(input)) {
+      return [];
+    }
+    return input.flatMap((item) => {
+      const issue = this.parseBaselineIssue(item);
+      return issue ? [issue] : [];
+    });
+  }
+  parseBaselineIssue(input) {
+    if (!input || typeof input !== "object") {
+      return void 0;
+    }
+    const issue = input;
+    if (!this.isValidBaselineIssue(issue)) {
+      return void 0;
+    }
+    return {
+      ruleId: issue.ruleId,
+      severity: issue.severity,
+      category: issue.category,
+      file: issue.file,
+      startLine: issue.startLine,
+      endLine: issue.endLine,
+      message: issue.message,
+      fingerprint: issue.fingerprint,
+      fingerprintVersion: typeof issue.fingerprintVersion === "string" ? issue.fingerprintVersion : void 0
+    };
+  }
+  isValidBaselineIssue(issue) {
+    return typeof issue.ruleId === "string" && this.isSeverity(issue.severity) && this.isRuleCategory(issue.category) && typeof issue.file === "string" && typeof issue.startLine === "number" && typeof issue.endLine === "number" && typeof issue.message === "string" && typeof issue.fingerprint === "string";
+  }
+  attachLifecycle(issues, baseline) {
+    if (!baseline) {
+      return issues;
+    }
+    return issues.map((issue) => ({
+      ...issue,
+      lifecycle: baseline.fingerprintSet.has(issue.fingerprint) ? "existing" : "new"
+    }));
+  }
+  getFixedIssues(issues, baseline) {
+    if (!baseline) {
+      return [];
+    }
+    const currentFingerprints = new Set(issues.map((issue) => issue.fingerprint));
+    return baseline.issues.filter((issue) => !currentFingerprints.has(issue.fingerprint));
+  }
+  buildLifecycleSummary(issues, fixedIssues, baseline) {
+    if (!baseline) {
+      return void 0;
+    }
+    let newIssues = 0;
+    let existingIssues = 0;
+    for (const issue of issues) {
+      if (issue.lifecycle === "existing") {
+        existingIssues++;
+      } else {
+        newIssues++;
+      }
+    }
+    return {
+      newIssues,
+      existingIssues,
+      fixedIssues: fixedIssues.length,
+      baselineUsed: true,
+      baselineCommit: baseline.commit,
+      baselineTimestamp: baseline.timestamp
+    };
+  }
+  isSeverity(value) {
+    return value === "high" || value === "medium" || value === "low" || value === "info";
+  }
+  isRuleCategory(value) {
+    return ["security", "logic", "structure", "style", "coverage"].includes(value);
+  }
   groupByDimension(issues) {
-    const categories = [
-      "security",
-      "logic",
-      "structure",
-      "style",
-      "coverage"
-    ];
+    const buckets = {
+      security: [],
+      logic: [],
+      structure: [],
+      style: [],
+      coverage: []
+    };
+    for (const issue of issues) {
+      buckets[issue.category]?.push(issue);
+    }
     const grouped = {};
-    for (const cat of categories) {
-      const catIssues = issues.filter((issue) => issue.category === cat);
-      grouped[cat] = calculateDimensionScore(catIssues);
+    for (const cat of Object.keys(buckets)) {
+      grouped[cat] = calculateDimensionScore(buckets[cat]);
     }
     return grouped;
   }
@@ -3406,7 +3747,9 @@ var en = {
   healthHeader: "Tool Health",
   rulesFailed: "Failed rules: {{count}}",
   filesSkipped: "Skipped files: {{count}}",
-  filesExcluded: "Excluded files: {{count}}"
+  filesExcluded: "Excluded files: {{count}}",
+  lifecycleHeader: "Lifecycle",
+  lifecycleSummary: "New: {{new}}  Existing: {{existing}}  Fixed: {{fixed}}"
 };
 var zh = {
   reportTitle: "\u{1F4CA} CodeTrust \u62A5\u544A",
@@ -3422,7 +3765,9 @@ var zh = {
   healthHeader: "\u5DE5\u5177\u5065\u5EB7\u5EA6",
   rulesFailed: "\u5931\u8D25\u89C4\u5219\u6570\uFF1A{{count}}",
   filesSkipped: "\u8DF3\u8FC7\u6587\u4EF6\u6570\uFF1A{{count}}",
-  filesExcluded: "\u6392\u9664\u6587\u4EF6\u6570\uFF1A{{count}}"
+  filesExcluded: "\u6392\u9664\u6587\u4EF6\u6570\uFF1A{{count}}",
+  lifecycleHeader: "\u751F\u547D\u5468\u671F",
+  lifecycleSummary: "\u65B0\u589E\uFF1A{{new}}  \u5DF2\u5B58\u5728\uFF1A{{existing}}  \u5DF2\u4FEE\u590D\uFF1A{{fixed}}"
 };
 function renderTerminalReport(report) {
   const isZh = isZhLocale();
@@ -3490,6 +3835,11 @@ function renderTerminalReport(report) {
     }
     lines.push("");
   }
+  if (report.lifecycle) {
+    lines.push(pc.bold(t2.lifecycleHeader));
+    lines.push(`  ${t2.lifecycleSummary.replace("{{new}}", String(report.lifecycle.newIssues)).replace("{{existing}}", String(report.lifecycle.existingIssues)).replace("{{fixed}}", String(report.lifecycle.fixedIssues))}`);
+    lines.push("");
+  }
   if (report.issues.length > 0) {
     lines.push(pc.bold(t2.issuesHeader.replace("{{count}}", String(report.issues.length))));
     lines.push("");
@@ -3562,23 +3912,31 @@ function renderJsonReport(report) {
     overall: report.overall,
     toolHealth: report.toolHealth,
     dimensions: report.dimensions,
-    issues: report.issues
+    issues: report.issues,
+    lifecycle: report.lifecycle,
+    fixedIssues: report.fixedIssues
   };
   return JSON.stringify(payload, null, 2);
 }
 
 // src/cli/commands/scan.ts
 function createScanCommand() {
-  const cmd = new Command("scan").description("Run the primary live trust analysis command").argument("[files...]", "Specific files to scan").option("--staged", "Scan only git staged files").option("--diff <ref>", "Scan diff against a git ref (e.g. HEAD~1, origin/main)").option("--format <format>", "Output format: terminal, json", "terminal").option("--min-score <score>", "Minimum trust score threshold", "0").action(async (files, opts) => {
+  const cmd = new Command("scan").description("Run the primary live trust analysis command").argument("[files...]", "Specific files to scan").option("--staged", "Scan only git staged files").option("--diff <ref>", "Scan diff against a git ref (e.g. HEAD~1, origin/main)").option("--format <format>", "Output format: terminal, json", "terminal").option("--min-score <score>", "Minimum trust score threshold", "0").option("--baseline <path>", "Compare current findings against a prior CodeTrust JSON report").action(async (files, opts) => {
     try {
       const config = await loadConfig();
       const engine = new ScanEngine(config);
+      const parsedMinScore = parseInt(opts.minScore, 10);
+      if (isNaN(parsedMinScore)) {
+        console.error(`Error: Invalid --min-score value "${opts.minScore}". Must be a number.`);
+        process.exit(1);
+      }
       const scanOptions = {
         staged: opts.staged,
         diff: opts.diff,
         files: files.length > 0 ? files : void 0,
         format: opts.format,
-        minScore: parseInt(opts.minScore, 10)
+        minScore: parsedMinScore,
+        baseline: opts.baseline
       };
       const report = await engine.scan(scanOptions);
       if (opts.format === "json") {