@gulu9527/code-trust 0.3.1 → 0.3.2

package/dist/index.js

@@ -90,9 +90,18 @@ var DiffParser = class {
   }
   parseFileDiff(fileDiff) {
     const lines = fileDiff.split("\n");
-    const headerMatch = lines[0]?.match(/a\/(.+?) b\/(.+)/);
-    if (!headerMatch) return null;
-    const filePath = headerMatch[2];
+    let filePath = null;
+    for (const line of lines) {
+      if (line.startsWith("+++ b/")) {
+        filePath = line.slice(6);
+        break;
+      }
+    }
+    if (!filePath) {
+      const headerMatch = lines[0]?.match(/a\/(.+?) b\/(.+)/);
+      if (!headerMatch) return null;
+      filePath = headerMatch[2];
+    }
     let status = "modified";
     let additions = 0;
     let deletions = 0;
@@ -196,6 +205,144 @@ function t(en, zh) {
   return isZhLocale() ? zh : en;
 }
 
+// src/rules/brace-utils.ts
+function countBracesInLine(line, startJ, initialDepth, inBlockComment) {
+  let depth = initialDepth;
+  let i = startJ;
+  while (i < line.length) {
+    if (inBlockComment.value) {
+      const closeIdx = line.indexOf("*/", i);
+      if (closeIdx === -1) return depth;
+      inBlockComment.value = false;
+      i = closeIdx + 2;
+      continue;
+    }
+    const ch = line[i];
+    if (ch === "/" && line[i + 1] === "/") return depth;
+    if (ch === "/" && line[i + 1] === "*") {
+      inBlockComment.value = true;
+      i += 2;
+      continue;
+    }
+    if (ch === "'" || ch === '"') {
+      i = skipStringLiteral(line, i, ch);
+      continue;
+    }
+    if (ch === "`") {
+      i = skipTemplateLiteral(line, i);
+      continue;
+    }
+    if (ch === "/" && i > 0) {
+      const prevNonSpace = findPrevNonSpace(line, i);
+      if (prevNonSpace !== -1 && "=(!|&:,;[{?+->~%^".includes(line[prevNonSpace])) {
+        i = skipRegexpLiteral(line, i);
+        continue;
+      }
+    }
+    if (ch === "{") depth++;
+    if (ch === "}") depth--;
+    i++;
+  }
+  return depth;
+}
+function skipStringLiteral(line, start, quote) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === quote) return i + 1;
+    i++;
+  }
+  return i;
+}
+function skipTemplateLiteral(line, start) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === "`") return i + 1;
+    i++;
+  }
+  return i;
+}
+function skipRegexpLiteral(line, start) {
+  let i = start + 1;
+  while (i < line.length) {
+    if (line[i] === "\\") {
+      i += 2;
+      continue;
+    }
+    if (line[i] === "/") return i + 1;
+    i++;
+  }
+  return i;
+}
+function findPrevNonSpace(line, pos) {
+  for (let i = pos - 1; i >= 0; i--) {
+    if (line[i] !== " " && line[i] !== "	") return i;
+  }
+  return -1;
+}
+function extractBraceBlock(lines, startLineIndex, startCol) {
+  let depth = 0;
+  let started = false;
+  let bodyStart = -1;
+  const blockComment = { value: false };
+  for (let i = startLineIndex; i < lines.length; i++) {
+    const startJ = i === startLineIndex ? startCol : 0;
+    const line = lines[i];
+    let j = startJ;
+    while (j < line.length) {
+      if (blockComment.value) {
+        const closeIdx = line.indexOf("*/", j);
+        if (closeIdx === -1) {
+          j = line.length;
+          continue;
+        }
+        blockComment.value = false;
+        j = closeIdx + 2;
+        continue;
+      }
+      const ch = line[j];
+      if (ch === "/" && line[j + 1] === "/") break;
+      if (ch === "/" && line[j + 1] === "*") {
+        blockComment.value = true;
+        j += 2;
+        continue;
+      }
+      if (ch === "'" || ch === '"') {
+        j = skipStringLiteral(line, j, ch);
+        continue;
+      }
+      if (ch === "`") {
+        j = skipTemplateLiteral(line, j);
+        continue;
+      }
+      if (ch === "{") {
+        depth++;
+        if (!started) {
+          started = true;
+          bodyStart = i;
+        }
+      } else if (ch === "}") {
+        depth--;
+        if (started && depth === 0) {
+          return {
+            bodyLines: lines.slice(bodyStart + 1, i),
+            endLine: i
+          };
+        }
+      }
+      j++;
+    }
+  }
+  return null;
+}
+
 // src/rules/builtin/unnecessary-try-catch.ts
 var unnecessaryTryCatchRule = {
   id: "logic/unnecessary-try-catch",
@@ -211,38 +358,53 @@ var unnecessaryTryCatchRule = {
       const line = lines[i];
       const trimmed = line.trim();
       if (trimmed.startsWith("try") && trimmed.includes("{")) {
-        const tryBlock = extractBlock(lines, i);
+        const tryCol = line.indexOf("try");
+        const tryBlock = extractBraceBlock(lines, i, tryCol);
         if (tryBlock) {
-          const { bodyLines, catchBodyLines, endLine } = tryBlock;
-          const nonEmptyBody = bodyLines.filter((l) => l.trim().length > 0);
-          const nonEmptyCatch = catchBodyLines.filter((l) => l.trim().length > 0);
-          const isSimpleBody = nonEmptyBody.length <= 2;
-          const isGenericCatch = nonEmptyCatch.length <= 2 && nonEmptyCatch.some(
-            (l) => /console\.(log|error|warn)/.test(l) || /throw\s+(new\s+)?Error/.test(l) || l.trim() === ""
-          );
-          const bodyHasOnlyAssignments = nonEmptyBody.every(
-            (l) => /^\s*(const|let|var)\s+/.test(l) || /^\s*\w+(\.\w+)*\s*=\s*/.test(l) || /^\s*return\s+/.test(l)
-          );
-          if (isSimpleBody && isGenericCatch && bodyHasOnlyAssignments) {
-            issues.push({
-              ruleId: "logic/unnecessary-try-catch",
-              severity: "medium",
-              category: "logic",
-              file: context.filePath,
-              startLine: i + 1,
-              endLine: endLine + 1,
-              message: t(
-                "Unnecessary try-catch wrapping a simple statement with generic error handling. This is likely AI-hallucinated error handling.",
-                "\u4E0D\u5FC5\u8981\u7684 try-catch \u5305\u88F9\u4E86\u7B80\u5355\u8BED\u53E5\uFF0Ccatch \u4E2D\u53EA\u6709\u901A\u7528\u7684\u9519\u8BEF\u65E5\u5FD7\u3002\u8FD9\u5F88\u53EF\u80FD\u662F AI \u5E7B\u89C9\u751F\u6210\u7684\u9519\u8BEF\u5904\u7406\u3002"
-              ),
-              suggestion: t(
-                "Remove the try-catch block or add meaningful error recovery logic.",
-                "\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u6DFB\u52A0\u6709\u610F\u4E49\u7684\u9519\u8BEF\u6062\u590D\u903B\u8F91\u3002"
-              )
-            });
+          const { bodyLines: tryBodyLines, endLine: tryEndLine } = tryBlock;
+          let catchLineIdx = -1;
+          for (let k = tryEndLine; k < Math.min(tryEndLine + 2, lines.length); k++) {
+            if (lines[k].includes("catch")) {
+              catchLineIdx = k;
+              break;
+            }
+          }
+          if (catchLineIdx !== -1) {
+            const catchCol = lines[catchLineIdx].indexOf("catch");
+            const catchBlock = extractBraceBlock(lines, catchLineIdx, catchCol);
+            if (catchBlock) {
+              const { bodyLines: catchBodyLines, endLine: catchEndLine } = catchBlock;
+              const nonEmptyBody = tryBodyLines.filter((l) => l.trim().length > 0);
+              const nonEmptyCatch = catchBodyLines.filter((l) => l.trim().length > 0);
+              const isSimpleBody = nonEmptyBody.length <= 2;
+              const isGenericCatch = nonEmptyCatch.length <= 2 && nonEmptyCatch.some(
+                (l) => /console\.(log|error|warn)/.test(l) || /throw\s+(new\s+)?Error/.test(l) || l.trim() === ""
+              );
+              const bodyHasOnlyAssignments = nonEmptyBody.every(
+                (l) => /^\s*(const|let|var)\s+/.test(l) || /^\s*\w+(\.\w+)*\s*=\s*/.test(l) || /^\s*return\s+/.test(l)
+              );
+              if (isSimpleBody && isGenericCatch && bodyHasOnlyAssignments) {
+                issues.push({
+                  ruleId: "logic/unnecessary-try-catch",
+                  severity: "medium",
+                  category: "logic",
+                  file: context.filePath,
+                  startLine: i + 1,
+                  endLine: catchEndLine + 1,
+                  message: t(
+                    "Unnecessary try-catch wrapping a simple statement with generic error handling. This is likely AI-hallucinated error handling.",
+                    "\u4E0D\u5FC5\u8981\u7684 try-catch \u5305\u88F9\u4E86\u7B80\u5355\u8BED\u53E5\uFF0Ccatch \u4E2D\u53EA\u6709\u901A\u7528\u7684\u9519\u8BEF\u65E5\u5FD7\u3002\u8FD9\u5F88\u53EF\u80FD\u662F AI \u5E7B\u89C9\u751F\u6210\u7684\u9519\u8BEF\u5904\u7406\u3002"
+                  ),
+                  suggestion: t(
+                    "Remove the try-catch block or add meaningful error recovery logic.",
+                    "\u79FB\u9664 try-catch \u5757\uFF0C\u6216\u6DFB\u52A0\u6709\u610F\u4E49\u7684\u9519\u8BEF\u6062\u590D\u903B\u8F91\u3002"
+                  )
+                });
+              }
+              i = catchEndLine + 1;
+              continue;
+            }
           }
-          i = endLine + 1;
-          continue;
         }
       }
       i++;
@@ -250,55 +412,6 @@ var unnecessaryTryCatchRule = {
     return issues;
   }
 };
-function extractBlock(lines, tryLineIndex) {
-  let braceCount = 0;
-  let foundTryOpen = false;
-  let tryBodyStart = -1;
-  let tryBodyEnd = -1;
-  let catchStart = -1;
-  let catchBodyStart = -1;
-  let catchBodyEnd = -1;
-  for (let i = tryLineIndex; i < lines.length; i++) {
-    const line = lines[i];
-    for (const ch of line) {
-      if (ch === "{") {
-        braceCount++;
-        if (!foundTryOpen) {
-          foundTryOpen = true;
-          tryBodyStart = i;
-        }
-      } else if (ch === "}") {
-        braceCount--;
-        if (braceCount === 0 && tryBodyEnd === -1) {
-          tryBodyEnd = i;
-        } else if (braceCount === 0 && catchBodyEnd === -1 && catchBodyStart !== -1) {
-          catchBodyEnd = i;
-          break;
-        }
-      }
-    }
-    if (tryBodyEnd !== -1 && catchStart === -1) {
-      if (line.includes("catch")) {
-        catchStart = i;
-      }
-    }
-    if (catchStart !== -1 && catchBodyStart === -1 && line.includes("{")) {
-      catchBodyStart = i;
-    }
-    if (catchBodyEnd !== -1) break;
-  }
-  if (tryBodyStart === -1 || tryBodyEnd === -1 || catchBodyStart === -1 || catchBodyEnd === -1) {
-    return null;
-  }
-  const bodyLines = lines.slice(tryBodyStart + 1, tryBodyEnd);
-  const catchBodyLines = lines.slice(catchBodyStart + 1, catchBodyEnd);
-  return {
-    bodyLines,
-    catchStart,
-    catchBodyLines,
-    endLine: catchBodyEnd
-  };
-}
 
 // src/rules/builtin/over-defensive.ts
 var overDefensiveRule = {
@@ -487,18 +600,10 @@ function detectCodeAfterReturn(context, lines, issues) {
   let braceDepth = 0;
   let lastReturnDepth = -1;
   let lastReturnLine = -1;
+  const blockComment = { value: false };
   for (let i = 0; i < lines.length; i++) {
     const trimmed = lines[i].trim();
-    for (const ch of trimmed) {
-      if (ch === "{") braceDepth++;
-      if (ch === "}") {
-        if (braceDepth === lastReturnDepth) {
-          lastReturnDepth = -1;
-          lastReturnLine = -1;
-        }
-        braceDepth--;
-      }
-    }
+    braceDepth = countBracesInLine(lines[i], 0, braceDepth, blockComment);
     if (/^(return|throw)\b/.test(trimmed) && !trimmed.includes("=>")) {
       const endsOpen = /[[{(,]$/.test(trimmed) || /^(return|throw)\s*$/.test(trimmed);
       if (endsOpen) continue;
@@ -524,6 +629,10 @@ function detectCodeAfterReturn(context, lines, issues) {
       lastReturnDepth = -1;
       lastReturnLine = -1;
     }
+    if (braceDepth < lastReturnDepth) {
+      lastReturnDepth = -1;
+      lastReturnLine = -1;
+    }
   }
 }
 function detectImmediateReassign(context, lines, issues) {
@@ -557,7 +666,21 @@ function detectImmediateReassign(context, lines, issues) {
 }
 
 // src/rules/fix-utils.ts
-function lineStartOffset(content, lineNumber) {
+function buildLineOffsets(content) {
+  const offsets = [0];
+  for (let i = 0; i < content.length; i++) {
+    if (content[i] === "\n") {
+      offsets.push(i + 1);
+    }
+  }
+  return offsets;
+}
+function lineStartOffset(content, lineNumber, offsets) {
+  if (offsets) {
+    const idx = lineNumber - 1;
+    if (idx < 0 || idx >= offsets.length) return content.length;
+    return offsets[idx];
+  }
   let offset = 0;
   const lines = content.split("\n");
   for (let i = 0; i < lineNumber - 1 && i < lines.length; i++) {
@@ -565,12 +688,13 @@ function lineStartOffset(content, lineNumber) {
   }
   return offset;
 }
-function lineRange(content, lineNumber) {
-  const lines = content.split("\n");
+function lineRange(content, lineNumber, offsets) {
+  const table = offsets ?? buildLineOffsets(content);
   const lineIndex = lineNumber - 1;
-  if (lineIndex < 0 || lineIndex >= lines.length) return [0, 0];
-  const start = lineStartOffset(content, lineNumber);
-  const end = start + lines[lineIndex].length + (lineIndex < lines.length - 1 ? 1 : 0);
+  if (lineIndex < 0 || lineIndex >= table.length) return [0, 0];
+  const start = table[lineIndex];
+  const nextLineStart = lineIndex + 1 < table.length ? table[lineIndex + 1] : content.length;
+  const end = lineIndex + 1 < table.length ? nextLineStart : nextLineStart;
   return [start, end];
 }
 
@@ -636,12 +760,12 @@ function extractFunctions(parsed) {
 }
 function visitNode(root, functions) {
   const methodBodies = /* @__PURE__ */ new WeakSet();
-  walkAST(root, (node) => {
+  walkAST(root, (node, parent) => {
     if (node.type === AST_NODE_TYPES.FunctionExpression && methodBodies.has(node)) {
       return false;
     }
     if (node.type === AST_NODE_TYPES.FunctionDeclaration || node.type === AST_NODE_TYPES.FunctionExpression || node.type === AST_NODE_TYPES.ArrowFunctionExpression || node.type === AST_NODE_TYPES.MethodDefinition) {
-      const info = analyzeFunctionNode(node);
+      const info = analyzeFunctionNode(node, parent);
       if (info) functions.push(info);
       if (node.type === AST_NODE_TYPES.MethodDefinition) {
         methodBodies.add(node.value);
@@ -650,7 +774,7 @@ function visitNode(root, functions) {
     return;
   });
 }
-function analyzeFunctionNode(node) {
+function analyzeFunctionNode(node, parent) {
   let name = "<anonymous>";
   let params = [];
   let body = null;
@@ -663,7 +787,11 @@ function analyzeFunctionNode(node) {
     params = node.params;
     body = node.body;
   } else if (node.type === AST_NODE_TYPES.ArrowFunctionExpression) {
-    name = "<arrow>";
+    if (parent?.type === AST_NODE_TYPES.VariableDeclarator && parent.id.type === AST_NODE_TYPES.Identifier) {
+      name = parent.id.name;
+    } else {
+      name = "<arrow>";
+    }
     params = node.params;
     body = node.body;
   } else if (node.type === AST_NODE_TYPES.MethodDefinition) {
@@ -853,7 +981,24 @@ function collectDeclarationsAndReferences(root, declarations, references) {
         kind: exportedNames.has(node.id.name) ? "export" : "local"
       });
     }
-    if (node.type === AST_NODE_TYPES.Identifier && parentType !== "VariableDeclarator" && parentType !== "FunctionDeclaration") {
+    if (node.type === AST_NODE_TYPES.ClassDeclaration && node.id) {
+      declarations.set(node.id.name, {
+        line: node.loc?.start.line ?? 0,
+        kind: exportedNames.has(node.id.name) ? "export" : "local"
+      });
+    }
+    const declarationParentTypes = /* @__PURE__ */ new Set([
+      "VariableDeclarator",
+      "FunctionDeclaration",
+      "ClassDeclaration",
+      "MethodDefinition",
+      "TSEnumDeclaration",
+      "TSEnumMember",
+      "TSTypeAliasDeclaration",
+      "TSInterfaceDeclaration",
+      "TSModuleDeclaration"
+    ]);
+    if (node.type === AST_NODE_TYPES.Identifier && !declarationParentTypes.has(parentType ?? "")) {
       references.add(node.name);
     }
     return;
@@ -940,8 +1085,25 @@ function stringifyCondition(node) {
     }
     case AST_NODE_TYPES.ConditionalExpression:
       return `${stringifyCondition(node.test)} ? ${stringifyCondition(node.consequent)} : ${stringifyCondition(node.alternate)}`;
+    case AST_NODE_TYPES.TemplateLiteral:
+      return `\`template@${node.loc?.start.line}:${node.loc?.start.column}\``;
+    case AST_NODE_TYPES.ArrayExpression:
+      return `[${node.elements.map((e) => e ? stringifyCondition(e) : "empty").join(", ")}]`;
+    case AST_NODE_TYPES.ObjectExpression:
+      return `{obj@${node.loc?.start.line}:${node.loc?.start.column}}`;
+    case AST_NODE_TYPES.AssignmentExpression:
+      return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
+    case AST_NODE_TYPES.NewExpression:
+      return `new ${stringifyCondition(node.callee)}(${node.arguments.map((a) => stringifyCondition(a)).join(", ")})`;
+    case AST_NODE_TYPES.TSAsExpression:
+    case AST_NODE_TYPES.TSNonNullExpression:
+      return stringifyCondition(node.expression);
+    case AST_NODE_TYPES.AwaitExpression:
+      return `await ${stringifyCondition(node.argument)}`;
+    case AST_NODE_TYPES.ChainExpression:
+      return stringifyCondition(node.expression);
     default:
-      return `[${node.type}]`;
+      return `[${node.type}@${node.loc?.start.line}:${node.loc?.start.column}]`;
   }
 }
 function truncate(s, maxLen) {
@@ -1153,7 +1315,8 @@ var emptyCatchRule = {
       const catchMatch = trimmed.match(/\bcatch\s*\(\s*(\w+)?\s*\)\s*\{/);
       if (!catchMatch) continue;
       const catchVarName = catchMatch[1] || "";
-      const blockContent = extractCatchBody(lines, i);
+      const catchIdx = lines[i].indexOf("catch");
+      const blockContent = extractBraceBlock(lines, i, catchIdx);
       if (!blockContent) continue;
       const { bodyLines, endLine } = blockContent;
       const meaningful = bodyLines.filter(
@@ -1203,37 +1366,6 @@ var emptyCatchRule = {
     return issues;
   }
 };
-function extractCatchBody(lines, catchLineIndex) {
-  const catchLine = lines[catchLineIndex];
-  const catchIdx = catchLine.indexOf("catch");
-  if (catchIdx === -1) return null;
-  let braceCount = 0;
-  let started = false;
-  let bodyStart = -1;
-  for (let i = catchLineIndex; i < lines.length; i++) {
-    const line = lines[i];
-    const startJ = i === catchLineIndex ? catchIdx : 0;
-    for (let j = startJ; j < line.length; j++) {
-      const ch = line[j];
-      if (ch === "{") {
-        braceCount++;
-        if (!started) {
-          started = true;
-          bodyStart = i;
-        }
-      } else if (ch === "}") {
-        braceCount--;
-        if (started && braceCount === 0) {
-          return {
-            bodyLines: lines.slice(bodyStart + 1, i),
-            endLine: i
-          };
-        }
-      }
-    }
-  }
-  return null;
-}
 
 // src/rules/builtin/identical-branches.ts
 var identicalBranchesRule = {
@@ -1580,10 +1712,25 @@ var unusedImportRule = {
       }
       return;
     });
-    const typeRefPattern = /\b([A-Z][A-Za-z0-9]*)\b/g;
-    let match;
-    while ((match = typeRefPattern.exec(context.fileContent)) !== null) {
-      references.add(match[1]);
+    const codeLines = context.fileContent.split("\n");
+    let inBlock = false;
+    for (const codeLine of codeLines) {
+      const trimmedCode = codeLine.trim();
+      if (inBlock) {
+        if (trimmedCode.includes("*/")) inBlock = false;
+        continue;
+      }
+      if (trimmedCode.startsWith("/*")) {
+        if (!trimmedCode.includes("*/")) inBlock = true;
+        continue;
+      }
+      if (trimmedCode.startsWith("//") || trimmedCode.startsWith("*")) continue;
+      const cleaned = codeLine.replace(/\/\/.*$/, "").replace(/\/\*.*?\*\//g, "").replace(/'(?:[^'\\]|\\.)*'/g, "").replace(/"(?:[^"\\]|\\.)*"/g, "").replace(/`(?:[^`\\]|\\.)*`/g, "");
+      const typeRefPattern = /\b([A-Z][A-Za-z0-9]*)\b/g;
+      let match;
+      while ((match = typeRefPattern.exec(cleaned)) !== null) {
+        references.add(match[1]);
+      }
     }
     for (const imp of imports) {
       if (!references.has(imp.local)) {
@@ -2709,13 +2856,20 @@ var SEVERITY_PENALTY = {
   low: 3,
   info: 0
 };
+var DIMINISHING_FACTOR = 0.7;
 function calculateDimensionScore(issues) {
   let score = 100;
+  const severityCounts = {};
   for (const issue of issues) {
-    score -= SEVERITY_PENALTY[issue.severity] ?? 0;
+    const base = SEVERITY_PENALTY[issue.severity] ?? 0;
+    if (base === 0) continue;
+    const n = severityCounts[issue.severity] ?? 0;
+    severityCounts[issue.severity] = n + 1;
+    const penalty = base * Math.pow(DIMINISHING_FACTOR, n);
+    score -= penalty;
   }
   return {
-    score: Math.max(0, Math.min(100, score)),
+    score: Math.round(Math.max(0, Math.min(100, score)) * 10) / 10,
     issues
   };
 }
@@ -3068,7 +3222,7 @@ var PKG_VERSION = (() => {
   }
 })();
 var REPORT_SCHEMA_VERSION = "1.0.0";
-var FINGERPRINT_VERSION = "1";
+var FINGERPRINT_VERSION = "2";
 var ScanEngine = class {
   config;
   diffParser;
@@ -3320,13 +3474,14 @@ var ScanEngine = class {
     const occurrenceCounts = /* @__PURE__ */ new Map();
     return issues.map((issue) => {
       const normalizedFile = this.normalizeRelativePath(issue.file);
-      const locationComponent = `${issue.startLine}:${issue.endLine}`;
+      const contentSource = issue.codeSnippet ? issue.codeSnippet : `${issue.startLine}:${issue.endLine}`;
+      const contentDigest = createHash("sha256").update(contentSource).digest("hex").slice(0, 16);
       const baseKey = [
         issue.ruleId,
         normalizedFile,
         issue.category,
         issue.severity,
-        locationComponent
+        contentDigest
       ].join("|");
       const occurrenceIndex = occurrenceCounts.get(baseKey) ?? 0;
       occurrenceCounts.set(baseKey, occurrenceIndex + 1);
@@ -3435,17 +3590,19 @@ var ScanEngine = class {
     return ["security", "logic", "structure", "style", "coverage"].includes(value);
   }
   groupByDimension(issues) {
-    const categories = [
-      "security",
-      "logic",
-      "structure",
-      "style",
-      "coverage"
-    ];
+    const buckets = {
+      security: [],
+      logic: [],
+      structure: [],
+      style: [],
+      coverage: []
+    };
+    for (const issue of issues) {
+      buckets[issue.category]?.push(issue);
+    }
     const grouped = {};
-    for (const cat of categories) {
-      const catIssues = issues.filter((issue) => issue.category === cat);
-      grouped[cat] = calculateDimensionScore(catIssues);
+    for (const cat of Object.keys(buckets)) {
+      grouped[cat] = calculateDimensionScore(buckets[cat]);
     }
     return grouped;
   }
@@ -3549,6 +3706,7 @@ thresholds:
   min-score: 70
   max-function-length: 40
   max-cyclomatic-complexity: 10
+  max-cognitive-complexity: 20
   max-nesting-depth: 4
   max-params: 5