@gulu9527/code-trust 0.3.1 → 0.3.2

package/README-CN.md

@@ -81,6 +81,21 @@ CodeTrust 从五个维度评估代码，加权计算总分（0-100）：
 | 覆盖 | 15% | 测试文件覆盖 |
 | 风格 | 10% | 命名一致性 |
 
+### 评分模型
+
+每个问题按严重度扣分，相同严重度的重复问题使用**递减惩罚**：
+
+| 严重度 | 基础扣分 | 递减因子 |
+|--------|---------|---------|
+| high | 15 | × 0.7 每次重复 |
+| medium | 8 | × 0.7 每次重复 |
+| low | 3 | × 0.7 每次重复 |
+| info | 0 | — |
+
+例如，3 个 high 级别问题扣分为 15 + 10.5 + 7.35 = 32.85（而非 45），避免单一规则类别过度主导总分。
+
+每个问题通过**内容哈希指纹**（SHA256 of 规则ID + 文件路径 + 代码片段）标识，使发现结果在无关行号变动时保持稳定。
+
 ### 等级
 
 | 分数 | 等级 | 含义 |

package/README.md

@@ -81,6 +81,21 @@ CodeTrust evaluates code across five dimensions, weighted into a total score (0-
 | Coverage | 15% | Test file coverage |
 | Style | 10% | Naming consistency |
 
+### Scoring Model
+
+Each issue deducts points based on severity, with **diminishing penalties** for repeated issues of the same severity:
+
+| Severity | Base Penalty | Diminishing Factor |
+|----------|-------------|-------------------|
+| high | 15 | × 0.7 per repeat |
+| medium | 8 | × 0.7 per repeat |
+| low | 3 | × 0.7 per repeat |
+| info | 0 | — |
+
+For example, 3 high-severity issues deduct 15 + 10.5 + 7.35 = 32.85 (not 45). This prevents a single rule category from dominating the score unfairly.
+
+Each issue is identified by a **content-hash fingerprint** (SHA256 of rule ID + file path + code snippet), making findings stable across unrelated line shifts.
+
 ### Grades
 
 | Score | Grade | Meaning |

package/action.yml

@@ -38,5 +38,9 @@ runs:
 
     - name: Run CodeTrust scan
       shell: bash
+      env:
+        DIFF_REF: ${{ inputs.diff-ref }}
+        FORMAT: ${{ inputs.format }}
+        MIN_SCORE: ${{ inputs.min-score }}
       run: |
-        codetrust scan --diff ${{ inputs.diff-ref }} --format ${{ inputs.format }} --min-score ${{ inputs.min-score }}
+        codetrust scan --diff "$DIFF_REF" --format "$FORMAT" --min-score "$MIN_SCORE"