@nebulord/sickbay-core 0.1.0

package/dist/index.js

@@ -0,0 +1,2992 @@
+// src/runner.ts
+import { relative } from "path";
+
+// src/utils/detect-project.ts
+import { readFileSync, existsSync } from "fs";
+import { join, dirname } from "path";
+async function detectProject(projectPath) {
+  const pkgPath = join(projectPath, "package.json");
+  if (!existsSync(pkgPath)) {
+    throw new Error(`No package.json found at ${projectPath}`);
+  }
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+  const deps = pkg.dependencies ?? {};
+  const devDeps = pkg.devDependencies ?? {};
+  const catalog = loadPnpmCatalog(projectPath);
+  if (catalog) {
+    for (const [name, ver] of Object.entries(deps)) {
+      if (ver.startsWith("catalog:")) deps[name] = catalog[name] ?? ver;
+    }
+    for (const [name, ver] of Object.entries(devDeps)) {
+      if (ver.startsWith("catalog:")) devDeps[name] = catalog[name] ?? ver;
+    }
+  }
+  const allDeps = { ...deps, ...devDeps };
+  const rawOverrides = pkg.pnpm?.overrides ?? pkg.overrides ?? pkg.resolutions ?? void 0;
+  const overrides = rawOverrides && Object.keys(rawOverrides).length > 0 ? rawOverrides : void 0;
+  return {
+    name: pkg.name ?? "unknown",
+    version: pkg.version ?? "0.0.0",
+    hasTypeScript: existsSync(join(projectPath, "tsconfig.json")) || "typescript" in allDeps,
+    hasESLint: existsSync(join(projectPath, ".eslintrc.js")) || existsSync(join(projectPath, ".eslintrc.json")) || existsSync(join(projectPath, "eslint.config.js")) || "eslint" in allDeps,
+    hasPrettier: existsSync(join(projectPath, ".prettierrc")) || existsSync(join(projectPath, ".prettierrc.json")) || "prettier" in allDeps,
+    framework: detectFramework(allDeps),
+    packageManager: detectPackageManager(projectPath),
+    totalDependencies: Object.keys(allDeps).length,
+    dependencies: deps,
+    devDependencies: devDeps,
+    overrides
+  };
+}
+function detectFramework(deps) {
+  if ("next" in deps) return "next";
+  if ("@vitejs/plugin-react" in deps || "vite" in deps) return "vite";
+  if ("react-scripts" in deps) return "cra";
+  if ("react" in deps) return "react";
+  if ("express" in deps) return "express";
+  if ("fastify" in deps) return "fastify";
+  if ("koa" in deps) return "koa";
+  if ("hono" in deps) return "hono";
+  if ("@hapi/hapi" in deps || "hapi" in deps) return "hapi";
+  return "node";
+}
+function detectPackageManager(projectPath) {
+  let dir = projectPath;
+  while (true) {
+    if (existsSync(join(dir, "pnpm-lock.yaml"))) return "pnpm";
+    if (existsSync(join(dir, "yarn.lock"))) return "yarn";
+    if (existsSync(join(dir, "bun.lockb")) || existsSync(join(dir, "bun.lock"))) return "bun";
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return "npm";
+}
+async function detectContext(projectPath) {
+  const pkgPath = join(projectPath, "package.json");
+  if (!existsSync(pkgPath)) {
+    return { runtime: "unknown", frameworks: [], buildTool: "unknown", testFramework: null };
+  }
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+  const deps = pkg.dependencies ?? {};
+  const devDeps = pkg.devDependencies ?? {};
+  const allDeps = { ...deps, ...devDeps };
+  const frameworks = [];
+  if ("@angular/core" in allDeps) frameworks.push("angular");
+  if ("next" in allDeps) {
+    frameworks.push("react", "next");
+  } else if ("@remix-run/react" in allDeps) {
+    frameworks.push("react", "remix");
+  } else if ("react" in allDeps) {
+    frameworks.push("react");
+  }
+  if ("vue" in allDeps) frameworks.push("vue");
+  if ("svelte" in allDeps) frameworks.push("svelte");
+  const runtime = frameworks.length === 0 ? "node" : "browser";
+  let buildTool = "unknown";
+  if ("vite" in allDeps || "@vitejs/plugin-react" in allDeps) buildTool = "vite";
+  else if ("webpack" in allDeps) buildTool = "webpack";
+  else if ("esbuild" in allDeps) buildTool = "esbuild";
+  else if ("rollup" in allDeps) buildTool = "rollup";
+  else if ("next" in allDeps) buildTool = "webpack";
+  else if ("typescript" in allDeps) buildTool = "tsc";
+  let testFramework = null;
+  if ("vitest" in allDeps) testFramework = "vitest";
+  else if ("jest" in allDeps) testFramework = "jest";
+  else if ("mocha" in allDeps) testFramework = "mocha";
+  return { runtime, frameworks, buildTool, testFramework };
+}
+function loadPnpmCatalog(projectPath) {
+  let dir = projectPath;
+  while (true) {
+    const wsPath = join(dir, "pnpm-workspace.yaml");
+    if (existsSync(wsPath)) {
+      try {
+        const content = readFileSync(wsPath, "utf-8");
+        return parseCatalogFromYaml(content);
+      } catch {
+        return null;
+      }
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+function parseCatalogFromYaml(content) {
+  const lines = content.split("\n");
+  const catalog = {};
+  let inCatalog = false;
+  for (const line of lines) {
+    if (/^catalog:\s*$/.test(line)) {
+      inCatalog = true;
+      continue;
+    }
+    if (inCatalog && /^\S/.test(line)) {
+      break;
+    }
+    if (inCatalog) {
+      const match = line.match(/^\s+['"]?([^'":\s][^'":]*?)['"]?\s*:\s*(.+)$/);
+      if (match) {
+        catalog[match[1].trim()] = match[2].trim();
+      }
+    }
+  }
+  return Object.keys(catalog).length > 0 ? catalog : null;
+}
+
+// src/utils/detect-monorepo.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
+import { join as join2, resolve } from "path";
+import { globby } from "globby";
+function parseYamlPackagesArray(content) {
+  const results = [];
+  const lines = content.split("\n");
+  let inPackages = false;
+  for (const line of lines) {
+    if (/^packages\s*:/.test(line)) {
+      inPackages = true;
+      continue;
+    }
+    if (inPackages) {
+      const match = /^\s+-\s+['"]?([^'"#\n]+?)['"]?\s*$/.exec(line);
+      if (match) {
+        results.push(match[1].trim());
+      } else if (/^\S/.test(line)) {
+        break;
+      }
+    }
+  }
+  return results;
+}
+async function discoverPackages(rootPath, patterns) {
+  if (patterns.length === 0) return [];
+  const matched = await globby(patterns, {
+    cwd: rootPath,
+    onlyDirectories: true,
+    expandDirectories: false,
+    absolute: true,
+    ignore: ["**/node_modules/**"]
+  });
+  return matched.filter((dir) => {
+    return dir !== resolve(rootPath) && existsSync2(join2(dir, "package.json"));
+  });
+}
+function detectSignals(rootPath) {
+  const pnpmWs = join2(rootPath, "pnpm-workspace.yaml");
+  if (existsSync2(pnpmWs)) {
+    try {
+      const content = readFileSync2(pnpmWs, "utf-8");
+      const patterns = parseYamlPackagesArray(content);
+      return { type: "pnpm", patterns: patterns.length > 0 ? patterns : ["packages/*", "apps/*"] };
+    } catch {
+      return { type: "pnpm", patterns: ["packages/*", "apps/*"] };
+    }
+  }
+  const lernaJson = join2(rootPath, "lerna.json");
+  if (existsSync2(lernaJson)) {
+    try {
+      const lerna = JSON.parse(readFileSync2(lernaJson, "utf-8"));
+      const patterns = Array.isArray(lerna.packages) ? lerna.packages : ["packages/*"];
+      return { type: "lerna", patterns };
+    } catch {
+      return { type: "lerna", patterns: ["packages/*"] };
+    }
+  }
+  const pkgJson = join2(rootPath, "package.json");
+  if (existsSync2(pkgJson)) {
+    try {
+      const pkg = JSON.parse(readFileSync2(pkgJson, "utf-8"));
+      const workspaces = Array.isArray(pkg.workspaces) ? pkg.workspaces : Array.isArray(pkg.workspaces?.packages) ? pkg.workspaces.packages : void 0;
+      if (workspaces && workspaces.length > 0) {
+        if (existsSync2(join2(rootPath, "turbo.json"))) {
+          return { type: "turbo", patterns: workspaces };
+        }
+        if (existsSync2(join2(rootPath, "nx.json"))) {
+          return { type: "nx", patterns: workspaces };
+        }
+        const hasYarn = existsSync2(join2(rootPath, "yarn.lock"));
+        return { type: hasYarn ? "yarn" : "npm", patterns: workspaces };
+      }
+    } catch {
+    }
+  }
+  if (existsSync2(join2(rootPath, "turbo.json"))) {
+    return { type: "turbo", patterns: ["packages/*", "apps/*"] };
+  }
+  if (existsSync2(join2(rootPath, "nx.json"))) {
+    return { type: "nx", patterns: ["packages/*", "apps/*", "libs/*"] };
+  }
+  return null;
+}
+async function detectMonorepo(rootPath) {
+  const signals = detectSignals(rootPath);
+  if (!signals) return { isMonorepo: false };
+  const packagePaths = await discoverPackages(rootPath, signals.patterns);
+  if (packagePaths.length === 0) return { isMonorepo: false };
+  const packageManager = detectPackageManager(rootPath);
+  return {
+    isMonorepo: true,
+    type: signals.type,
+    packageManager,
+    packagePaths
+  };
+}
+
+// src/constants.ts
+var WARN_LINES = 400;
+var CRITICAL_LINES = 600;
+var SCORE_EXCELLENT = 90;
+var SCORE_GOOD = 80;
+var SCORE_FAIR = 60;
+
+// src/scoring.ts
+var CATEGORY_WEIGHTS = {
+  dependencies: 0.25,
+  security: 0.3,
+  "code-quality": 0.25,
+  performance: 0.15,
+  git: 0.05
+};
+function calculateOverallScore(checks) {
+  const active = checks.filter((c) => c.status !== "skipped");
+  if (active.length === 0) return 0;
+  let totalWeight = 0;
+  let weightedScore = 0;
+  for (const check of active) {
+    const weight = CATEGORY_WEIGHTS[check.category] ?? 0.1;
+    weightedScore += check.score * weight;
+    totalWeight += weight;
+  }
+  return totalWeight > 0 ? Math.round(weightedScore / totalWeight) : 0;
+}
+function buildSummary(checks) {
+  const summary = { critical: 0, warnings: 0, info: 0 };
+  for (const check of checks) {
+    for (const issue of check.issues) {
+      if (issue.severity === "critical") summary.critical++;
+      else if (issue.severity === "warning") summary.warnings++;
+      else summary.info++;
+    }
+  }
+  return summary;
+}
+function getScoreColor(score) {
+  if (score >= SCORE_GOOD) return "green";
+  if (score >= SCORE_FAIR) return "yellow";
+  return "red";
+}
+function getScoreEmoji(score) {
+  if (score >= SCORE_EXCELLENT) return "Good";
+  if (score >= SCORE_GOOD) return "Fair";
+  if (score >= SCORE_FAIR) return "Poor";
+  return "Bad";
+}
+
+// src/quotes/startrek.json
+var startrek_default = {
+  critical: [
+    { text: "He's dead, Jim.", source: "Dr. McCoy" },
+    { text: "I'm a doctor, not a miracle worker!", source: "Dr. McCoy" },
+    { text: "It's worse than that. He's really dead, Jim.", source: "Dr. McCoy" },
+    { text: "Please state the nature of the medical emergency.", source: "The Doctor" },
+    { text: "I swear, this project is held together with spit and baling wire.", source: "Dr. McCoy" },
+    { text: "If we don't operate immediately, the patient will die.", source: "Dr. Crusher" },
+    { text: "I'm going to have to ask you to get the hell out of my sickbay.", source: "T'Ana" },
+    { text: "What you're describing is medically impossible, yet here we are.", source: "Dr. Bashir" },
+    { text: "The patient is coding! Clear the area!", source: "Dr. Crusher" },
+    { text: "This isn't a patient, it's a catastrophe with a pulse.", source: "T'Ana" }
+  ],
+  warning: [
+    { text: "I'm a doctor, not an engineer!", source: "Dr. McCoy" },
+    { text: "You're not seriously going to deploy this, are you?", source: "The Doctor" },
+    { text: "I don't have a magic wand. I need time and proper resources.", source: "Dr. Crusher" },
+    { text: "I would advise caution, Captain. The readings are... concerning.", source: "Dr. Bashir" },
+    { text: "In my medical opinion, this needs bed rest. A lot of it.", source: "Dr. McCoy" },
+    { text: "The patient will survive, but I wouldn't call this thriving.", source: "The Doctor" },
+    { text: "Optimism is wonderful, but have you looked at these charts?", source: "Dr. Phlox" },
+    { text: "I've seen healthier-looking specimens in the morgue.", source: "T'Ana" },
+    { text: "The prognosis is guarded. I'd recommend close monitoring.", source: "Dr. Crusher" },
+    { text: "I must say, I've treated Klingon targs in better shape than this.", source: "Dr. Bashir" }
+  ],
+  info: [
+    { text: "I'm a doctor, not a DevOps engineer.", source: "Dr. McCoy" },
+    { text: "The prognosis is... acceptable.", source: "The Doctor" },
+    { text: "A little suffering is good for the soul.", source: "Dr. McCoy" },
+    { text: "I've noticed some minor irregularities, but nothing life-threatening.", source: "Dr. Crusher" },
+    { text: "Fascinating. From a medical perspective, of course.", source: "Dr. Bashir" },
+    { text: "I find the resilience of this organism quite remarkable!", source: "Dr. Phlox" },
+    { text: "My diagnosis: mildly irritating, but you'll live.", source: "T'Ana" },
+    { text: "I've noted some areas for improvement in my medical log.", source: "The Doctor" },
+    { text: "You're in fair health, but don't let that go to your head.", source: "Dr. McCoy" },
+    { text: "The patient is stable, though I'd like to run a few more scans.", source: "Dr. Phlox" }
+  ],
+  allClear: [
+    { text: "Vital signs are stable. For now.", source: "Dr. McCoy" },
+    { text: "Optimism, Captain! It's what keeps me going.", source: "Dr. Phlox" },
+    { text: "I must say, I'm impressed. Don't let it happen again.", source: "The Doctor" },
+    { text: "Well, would you look at that. A clean bill of health.", source: "Dr. Crusher" },
+    { text: "I'm not sure what you did, but keep doing it.", source: "T'Ana" },
+    { text: "For once, I have nothing to complain about. Medically speaking.", source: "Dr. McCoy" },
+    { text: "The patient is in remarkable condition. Textbook, even.", source: "Dr. Bashir" },
+    { text: "This calls for a celebration! Perhaps a nice Denobulan sausage.", source: "Dr. Phlox" },
+    { text: "All systems nominal. I almost don't know what to do with myself.", source: "The Doctor" },
+    { text: "Full marks. Now get out of my sickbay before something breaks.", source: "T'Ana" }
+  ]
+};
+
+// src/quotes/index.ts
+function getQuote(overallScore) {
+  const severity = scoreToTier(overallScore);
+  const pool = startrek_default[severity];
+  const entry = pool[Math.floor(Math.random() * pool.length)];
+  return {
+    text: entry.text,
+    source: entry.source,
+    severity
+  };
+}
+function scoreToTier(score) {
+  if (score < 60) return "critical";
+  if (score < 80) return "warning";
+  if (score < 90) return "info";
+  return "allClear";
+}
+
+// src/integrations/knip.ts
+import { execa as execa2 } from "execa";
+import { readFileSync as readFileSync4, existsSync as existsSync4 } from "fs";
+import { join as join4 } from "path";
+
+// src/utils/file-helpers.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { join as join3, dirname as dirname2 } from "path";
+import { fileURLToPath } from "url";
+import { execa } from "execa";
+var coreLocalDir = dirname2(dirname2(fileURLToPath(import.meta.url)));
+function readPackageJson(projectPath) {
+  const pkgPath = join3(projectPath, "package.json");
+  return JSON.parse(readFileSync3(pkgPath, "utf-8"));
+}
+async function isCommandAvailable(cmd) {
+  if (existsSync3(join3(coreLocalDir, "node_modules", ".bin", cmd))) return true;
+  try {
+    await execa("which", [cmd]);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function fileExists(projectPath, ...parts) {
+  return existsSync3(join3(projectPath, ...parts));
+}
+function timer() {
+  const start = Date.now();
+  return () => Date.now() - start;
+}
+function parseJsonOutput(stdout, fallback = "{}") {
+  if (!stdout || !stdout.trim()) {
+    return JSON.parse(fallback);
+  }
+  const cleaned = stdout.replace(/\u001b\[[0-9;]*m/g, "");
+  try {
+    return JSON.parse(cleaned);
+  } catch {
+  }
+  const lines = cleaned.split("\n");
+  const jsonLines = [];
+  let foundStart = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!foundStart && (trimmed.startsWith("{") || trimmed.startsWith("["))) {
+      foundStart = true;
+    }
+    if (foundStart) {
+      jsonLines.push(line);
+      const candidate = jsonLines.join("\n");
+      try {
+        return JSON.parse(candidate);
+      } catch {
+      }
+    }
+  }
+  if (jsonLines.length > 0) {
+    try {
+      return JSON.parse(jsonLines.join("\n"));
+    } catch {
+    }
+  }
+  return JSON.parse(fallback);
+}
+
+// src/integrations/base.ts
+var BaseRunner = class {
+  applicableFrameworks;
+  applicableRuntimes;
+  isApplicableToContext(context) {
+    if (this.applicableFrameworks) {
+      const hasMatch = this.applicableFrameworks.some((f) => context.frameworks.includes(f));
+      if (!hasMatch) return false;
+    }
+    if (this.applicableRuntimes) {
+      if (!this.applicableRuntimes.includes(context.runtime)) return false;
+    }
+    return true;
+  }
+  async isApplicable(_projectPath, _context) {
+    return true;
+  }
+  elapsed = timer;
+  skipped(reason) {
+    return {
+      id: this.name,
+      category: this.category,
+      name: this.name,
+      score: 100,
+      status: "skipped",
+      issues: [],
+      toolsUsed: [this.name],
+      duration: 0,
+      metadata: { reason }
+    };
+  }
+};
+
+// src/integrations/knip.ts
+var TEST_ONLY_PACKAGE_PREFIXES = ["@testing-library/"];
+var TEST_RUNNER_PACKAGES = ["vitest", "jest", "@jest/core", "@jest/globals"];
+var KnipRunner = class extends BaseRunner {
+  name = "knip";
+  category = "dependencies";
+  async run(projectPath) {
+    const elapsed = timer();
+    const available = await isCommandAvailable("knip");
+    if (!available) {
+      return this.skipped("knip not installed \u2014 run: npm i -g knip");
+    }
+    try {
+      const { stdout } = await execa2("knip", ["--reporter", "json", "--no-progress"], {
+        cwd: projectPath,
+        reject: false,
+        preferLocal: true,
+        localDir: coreLocalDir
+      });
+      const data = parseJsonOutput(stdout, "{}");
+      const issues = [];
+      let hasTestRunner = false;
+      let workspaceScope = null;
+      const pkgPath = join4(projectPath, "package.json");
+      if (existsSync4(pkgPath)) {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+        hasTestRunner = TEST_RUNNER_PACKAGES.some((p) => p in allDeps);
+        const scopeMatch = pkg.name?.match(/^(@[^/]+)\//);
+        if (scopeMatch) workspaceScope = scopeMatch[1];
+      }
+      const deps = /* @__PURE__ */ new Set();
+      const devDeps = /* @__PURE__ */ new Set();
+      const unusedExports = [];
+      const unusedFiles = [];
+      for (const fileIssue of data.issues ?? []) {
+        (fileIssue.files ?? []).forEach((f) => {
+          const filePath = f.name || fileIssue.file;
+          unusedFiles.push(filePath);
+          issues.push({
+            severity: "warning",
+            message: `Unused file: ${filePath}`,
+            file: filePath,
+            fix: { description: `Remove ${filePath}` },
+            reportedBy: ["knip"]
+          });
+        });
+        (fileIssue.dependencies ?? []).forEach((d) => {
+          if (workspaceScope && d.name.startsWith(`${workspaceScope}/`)) return;
+          deps.add(d.name);
+        });
+        (fileIssue.devDependencies ?? []).forEach((d) => {
+          if (workspaceScope && d.name.startsWith(`${workspaceScope}/`)) return;
+          const isTestOnly = TEST_ONLY_PACKAGE_PREFIXES.some(
+            (prefix) => d.name.startsWith(prefix)
+          );
+          if (!isTestOnly || !hasTestRunner) devDeps.add(d.name);
+        });
+        (fileIssue.exports ?? []).forEach(
+          (e) => unusedExports.push(`${fileIssue.file}: ${e.name}`)
+        );
+      }
+      deps.forEach(
+        (dep) => issues.push({
+          severity: "warning",
+          message: `Unused dependency: ${dep}`,
+          fix: { description: `Remove ${dep}` },
+          reportedBy: ["knip"]
+        })
+      );
+      devDeps.forEach(
+        (dep) => issues.push({
+          severity: "info",
+          message: `Unused devDependency: ${dep}`,
+          fix: { description: `Remove ${dep}` },
+          reportedBy: ["knip"]
+        })
+      );
+      unusedExports.slice(0, 5).forEach(
+        (exp) => issues.push({
+          severity: "info",
+          message: `Unused export: ${exp}`,
+          reportedBy: ["knip"]
+        })
+      );
+      if (unusedExports.length > 5) {
+        issues.push({
+          severity: "info",
+          message: `...and ${unusedExports.length - 5} more unused exports`,
+          reportedBy: ["knip"]
+        });
+      }
+      const totalIssues = issues.length;
+      const score = Math.max(0, 100 - totalIssues * 5);
+      return {
+        id: "knip",
+        category: this.category,
+        name: "Unused Code",
+        score,
+        status: totalIssues === 0 ? "pass" : totalIssues > 10 ? "fail" : "warning",
+        issues,
+        toolsUsed: ["knip"],
+        duration: elapsed(),
+        metadata: {
+          unusedFiles: unusedFiles.length,
+          unusedDeps: deps.size,
+          unusedDevDeps: devDeps.size,
+          unusedExports: unusedExports.length
+        }
+      };
+    } catch (err) {
+      return {
+        id: "knip",
+        category: this.category,
+        name: "Unused Code",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `knip failed: ${err}`, reportedBy: ["knip"] }],
+        toolsUsed: ["knip"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/outdated.ts
+import { execa as execa3 } from "execa";
+var OutdatedRunner = class extends BaseRunner {
+  name = "outdated";
+  category = "dependencies";
+  async run(projectPath) {
+    const elapsed = timer();
+    const pm = detectPackageManager(projectPath);
+    if (pm === "yarn" || pm === "bun") {
+      return this.skipped(`${pm} outdated not supported \u2014 run: ${pm} outdated`);
+    }
+    try {
+      const { stdout } = await execa3(pm, ["outdated", "--json"], {
+        cwd: projectPath,
+        reject: false,
+        timeout: 6e4
+      });
+      const entries = parseOutdated(stdout);
+      const issues = entries.map((e) => {
+        const updateType = getUpdateType(e.current, e.latest);
+        const isMajor = updateType === "major";
+        return {
+          severity: isMajor ? "warning" : "info",
+          message: `${e.name}: ${e.current} \u2192 ${e.latest} (${updateType})`,
+          fix: isMajor ? {
+            description: `Update ${e.name} to ${e.latest} (major \u2014 review changelog before upgrading)`
+          } : {
+            description: `Update ${e.name} to ${e.latest}`,
+            command: `${pm} update ${e.name}`,
+            nextSteps: "Run tests to verify nothing broke"
+          },
+          reportedBy: ["outdated"]
+        };
+      });
+      const count = issues.length;
+      return {
+        id: "outdated",
+        category: this.category,
+        name: "Outdated Packages",
+        score: Math.max(0, 100 - count * 3),
+        status: count === 0 ? "pass" : count > 15 ? "fail" : "warning",
+        issues,
+        toolsUsed: [pm],
+        duration: elapsed(),
+        metadata: { outdatedCount: count }
+      };
+    } catch (err) {
+      return {
+        id: "outdated",
+        category: this.category,
+        name: "Outdated Packages",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `${pm} outdated failed: ${err}`, reportedBy: ["outdated"] }],
+        toolsUsed: [pm],
+        duration: elapsed()
+      };
+    }
+  }
+};
+function parseOutdated(stdout) {
+  if (!stdout.trim()) return [];
+  try {
+    const raw = JSON.parse(stdout);
+    return Object.entries(raw).filter(([_, info]) => info.current && info.latest).map(([name, info]) => ({
+      name,
+      current: info.current,
+      latest: info.latest,
+      dev: (info.type ?? info.dependencyType ?? "") === "devDependencies"
+    }));
+  } catch {
+    return [];
+  }
+}
+function getVersionParts(version) {
+  if (!version) return [0, 0, 0];
+  const cleaned = version.replace(/^[^0-9]*/, "");
+  const parts = cleaned.split(".");
+  return [
+    parseInt(parts[0] ?? "0", 10),
+    parseInt(parts[1] ?? "0", 10),
+    parseInt(parts[2] ?? "0", 10)
+  ];
+}
+function getUpdateType(current, latest) {
+  const [curMaj, curMin] = getVersionParts(current);
+  const [latMaj, latMin] = getVersionParts(latest);
+  if (curMaj < latMaj) return "major";
+  if (curMin < latMin) return "minor";
+  return "patch";
+}
+
+// src/integrations/npm-audit.ts
+import { execa as execa4 } from "execa";
+var NpmAuditRunner = class extends BaseRunner {
+  name = "npm-audit";
+  category = "security";
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const { stdout } = await execa4("npm", ["audit", "--json"], {
+        cwd: projectPath,
+        reject: false
+      });
+      const data = parseJsonOutput(stdout, "{}");
+      const issues = [];
+      const meta = data.metadata?.vulnerabilities;
+      const vulnerablePackages = {};
+      for (const [pkgName, vuln] of Object.entries(data.vulnerabilities ?? {})) {
+        const advisoryCount = Array.isArray(vuln.via) ? vuln.via.filter((v) => typeof v === "object" && v !== null && "title" in v).length : 0;
+        vulnerablePackages[pkgName] = Math.max(advisoryCount, 1);
+      }
+      for (const [, vuln] of Object.entries(data.vulnerabilities ?? {})) {
+        const via = Array.isArray(vuln.via) ? vuln.via[0] : null;
+        const title = typeof via === "object" && via?.title ? via.title : `Vulnerability in ${vuln.name}`;
+        const url = typeof via === "object" && via?.url ? via.url : void 0;
+        issues.push({
+          severity: vuln.severity === "critical" || vuln.severity === "high" ? "critical" : "warning",
+          message: title,
+          fix: typeof vuln.fixAvailable === "object" ? { description: `Upgrade to ${vuln.fixAvailable.name}@${vuln.fixAvailable.version}` } : { description: "No automatic fix available" },
+          reportedBy: ["npm-audit"],
+          ...url && { file: url }
+        });
+      }
+      const critical = (meta?.critical ?? 0) + (meta?.high ?? 0);
+      const score = critical > 0 ? Math.max(0, 60 - critical * 15) : Math.max(0, 100 - (meta?.moderate ?? 0) * 10 - (meta?.low ?? 0) * 2);
+      return {
+        id: "npm-audit",
+        category: this.category,
+        name: "Security Vulnerabilities",
+        score,
+        status: critical > 0 ? "fail" : issues.length > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["npm-audit"],
+        duration: elapsed(),
+        metadata: { ...meta, vulnerablePackages }
+      };
+    } catch (err) {
+      return {
+        id: "npm-audit",
+        category: this.category,
+        name: "Security Vulnerabilities",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `npm audit failed: ${err}`, reportedBy: ["npm-audit"] }],
+        toolsUsed: ["npm-audit"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/depcheck.ts
+import { execa as execa5 } from "execa";
+var DepcheckRunner = class extends BaseRunner {
+  name = "depcheck";
+  category = "dependencies";
+  async run(projectPath) {
+    const elapsed = timer();
+    const available = await isCommandAvailable("depcheck");
+    if (!available) {
+      return this.skipped("depcheck not installed \u2014 run: npm i -g depcheck");
+    }
+    try {
+      const { stdout } = await execa5("depcheck", ["--json"], {
+        cwd: projectPath,
+        reject: false,
+        preferLocal: true,
+        localDir: coreLocalDir
+      });
+      const data = parseJsonOutput(stdout, "{}");
+      const issues = [];
+      for (const [dep, files] of Object.entries(data.missing ?? {})) {
+        if (dep.startsWith("virtual:") || dep.startsWith("node:")) {
+          continue;
+        }
+        issues.push({
+          severity: "critical",
+          message: `Missing dependency: ${dep} (used in ${files.length} file${files.length > 1 ? "s" : ""})`,
+          fix: { description: `Install ${dep}` },
+          reportedBy: ["depcheck"]
+        });
+      }
+      const score = Math.max(0, 100 - issues.length * 5);
+      return {
+        id: "depcheck",
+        category: this.category,
+        name: "Dependency Health",
+        score,
+        status: issues.length === 0 ? "pass" : issues[0].severity === "critical" ? "fail" : "warning",
+        issues,
+        toolsUsed: ["depcheck"],
+        duration: elapsed(),
+        metadata: {
+          unused: data.dependencies?.length ?? 0,
+          missing: Object.keys(data.missing ?? {}).length
+        }
+      };
+    } catch (err) {
+      return {
+        id: "depcheck",
+        category: this.category,
+        name: "Dependency Health",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `depcheck failed: ${err}`, reportedBy: ["depcheck"] }],
+        toolsUsed: ["depcheck"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/madge.ts
+import { execa as execa6 } from "execa";
+function findCircularDeps(graph) {
+  const circles = [];
+  const visited = /* @__PURE__ */ new Set();
+  const stack = /* @__PURE__ */ new Set();
+  function dfs(node, path) {
+    if (stack.has(node)) {
+      const cycleStart = path.indexOf(node);
+      if (cycleStart !== -1) {
+        circles.push(path.slice(cycleStart));
+      }
+      return;
+    }
+    if (visited.has(node)) return;
+    visited.add(node);
+    stack.add(node);
+    path.push(node);
+    for (const dep of graph[node] ?? []) {
+      dfs(dep, [...path]);
+    }
+    stack.delete(node);
+  }
+  for (const node of Object.keys(graph)) {
+    dfs(node, []);
+  }
+  const seen = /* @__PURE__ */ new Set();
+  return circles.filter((cycle) => {
+    const sorted = [...cycle].sort().join("|");
+    if (seen.has(sorted)) return false;
+    seen.add(sorted);
+    return true;
+  });
+}
+var MadgeRunner = class extends BaseRunner {
+  name = "madge";
+  category = "code-quality";
+  async run(projectPath) {
+    const elapsed = timer();
+    const available = await isCommandAvailable("madge");
+    if (!available) {
+      return this.skipped("madge not installed \u2014 run: npm i -g madge");
+    }
+    try {
+      const tsConfig = fileExists(projectPath, "tsconfig.app.json") ? "tsconfig.app.json" : fileExists(projectPath, "tsconfig.json") ? "tsconfig.json" : null;
+      const args = ["--json", "--extensions", "ts,tsx,js,jsx"];
+      if (tsConfig) args.push("--ts-config", tsConfig);
+      args.push("src");
+      const { stdout } = await execa6("madge", args, {
+        cwd: projectPath,
+        reject: false,
+        preferLocal: true,
+        localDir: coreLocalDir
+      });
+      let graph;
+      try {
+        graph = parseJsonOutput(stdout, "{}");
+      } catch {
+        graph = {};
+      }
+      const circles = findCircularDeps(graph);
+      const issues = circles.map((cycle) => ({
+        severity: "warning",
+        message: `Circular dependency: ${cycle.join(" \u2192 ")}`,
+        fix: { description: "Refactor to break the circular dependency cycle" },
+        reportedBy: ["madge"]
+      }));
+      return {
+        id: "madge",
+        category: this.category,
+        name: "Circular Dependencies",
+        score: circles.length === 0 ? 100 : Math.max(0, 100 - circles.length * 10),
+        status: circles.length === 0 ? "pass" : circles.length > 5 ? "fail" : "warning",
+        issues,
+        toolsUsed: ["madge"],
+        duration: elapsed(),
+        metadata: { circularCount: circles.length, graph }
+      };
+    } catch (err) {
+      return {
+        id: "madge",
+        category: this.category,
+        name: "Circular Dependencies",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `madge failed: ${err}`, reportedBy: ["madge"] }],
+        toolsUsed: ["madge"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/source-map-explorer.ts
+import { execa as execa7 } from "execa";
+import { globby as globby2 } from "globby";
+import { statSync, readFileSync as readFileSync5 } from "fs";
+import { join as join5 } from "path";
+var SIZE_THRESHOLD_WARN = 500 * 1024;
+var SIZE_THRESHOLD_FAIL = 1024 * 1024;
+function findEntryChunks(buildPath) {
+  try {
+    const html = readFileSync5(join5(buildPath, "index.html"), "utf8");
+    const matches = [...html.matchAll(/<script[^>]+src="([^"]+\.js)"[^>]*>/gi)];
+    return matches.map((m) => join5(buildPath, m[1].replace(/^\//, "")));
+  } catch {
+    return [];
+  }
+}
+var SourceMapExplorerRunner = class extends BaseRunner {
+  name = "source-map-explorer";
+  category = "performance";
+  applicableRuntimes = ["browser"];
+  async run(projectPath) {
+    const elapsed = timer();
+    const buildDir = fileExists(projectPath, "dist") ? "dist" : "build";
+    const buildPath = join5(projectPath, buildDir);
+    const mapFiles = await globby2("**/*.js.map", {
+      cwd: buildPath,
+      absolute: false
+    });
+    const hasSourceMaps = mapFiles.length > 0;
+    if (hasSourceMaps) {
+      const available = await isCommandAvailable("source-map-explorer");
+      if (available) {
+        try {
+          const { stdout } = await execa7(
+            "source-map-explorer",
+            [`${buildDir}/**/*.js`, "--json"],
+            {
+              cwd: projectPath,
+              reject: false,
+              preferLocal: true,
+              localDir: coreLocalDir
+            }
+          );
+          if (stdout && stdout.trim().startsWith("{")) {
+            const data = parseJsonOutput(stdout, "{}");
+            const results = data.results ?? [];
+            if (results.length > 0) {
+              const totalBytes = results.reduce((sum, r) => sum + r.totalBytes, 0);
+              const largestBytes = Math.max(...results.map((r) => r.totalBytes));
+              const totalKB = Math.round(totalBytes / 1024);
+              const largestKB = Math.round(largestBytes / 1024);
+              const issues = [];
+              if (largestBytes > SIZE_THRESHOLD_FAIL) {
+                issues.push({
+                  severity: "critical",
+                  message: `Largest bundle is ${largestKB}KB \u2014 exceeds 1MB threshold`,
+                  fix: {
+                    description: "Use code splitting and lazy imports to reduce bundle size"
+                  },
+                  reportedBy: ["source-map-explorer"]
+                });
+              } else if (largestBytes > SIZE_THRESHOLD_WARN) {
+                issues.push({
+                  severity: "warning",
+                  message: `Largest bundle is ${largestKB}KB \u2014 consider optimizing`,
+                  fix: {
+                    description: "Review large dependencies and consider tree-shaking"
+                  },
+                  reportedBy: ["source-map-explorer"]
+                });
+              }
+              const score = largestBytes > SIZE_THRESHOLD_FAIL ? 40 : largestBytes > SIZE_THRESHOLD_WARN ? 70 : 100;
+              return {
+                id: "source-map-explorer",
+                category: this.category,
+                name: "Bundle Size",
+                score,
+                status: issues.length === 0 ? "pass" : issues[0].severity === "critical" ? "fail" : "warning",
+                issues,
+                toolsUsed: ["source-map-explorer"],
+                duration: elapsed(),
+                metadata: {
+                  largestBytes,
+                  largestKB,
+                  totalBytes,
+                  totalKB,
+                  bundleCount: results.length,
+                  method: "source-map-explorer"
+                }
+              };
+            }
+          }
+        } catch {
+        }
+      }
+    }
+    try {
+      const jsFiles = await globby2("**/*.js", {
+        cwd: buildPath,
+        absolute: true,
+        ignore: ["**/*.map"]
+      });
+      if (jsFiles.length === 0) {
+        return this.skipped(`No JavaScript files found in ${buildDir}/`);
+      }
+      const totalBytes = jsFiles.reduce((sum, file) => {
+        try {
+          return sum + statSync(file).size;
+        } catch {
+          return sum;
+        }
+      }, 0);
+      const entryChunks = findEntryChunks(buildPath);
+      const hasEntryChunkInfo = entryChunks.length > 0;
+      const initialBytes = hasEntryChunkInfo ? entryChunks.reduce((sum, file) => {
+        try {
+          return sum + statSync(file).size;
+        } catch {
+          return sum;
+        }
+      }, 0) : totalBytes;
+      const totalKB = Math.round(totalBytes / 1024);
+      const initialKB = Math.round(initialBytes / 1024);
+      const issues = [];
+      if (initialBytes > SIZE_THRESHOLD_FAIL) {
+        issues.push({
+          severity: "critical",
+          message: `Initial bundle is ${initialKB}KB \u2014 exceeds 1MB threshold`,
+          fix: {
+            description: hasSourceMaps ? "Use code splitting and lazy imports to reduce bundle size" : "Use code splitting and lazy imports to reduce bundle size. Enable source maps (sourcemap: true) for detailed analysis"
+          },
+          reportedBy: ["bundle-size-check"]
+        });
+      } else if (initialBytes > SIZE_THRESHOLD_WARN) {
+        issues.push({
+          severity: "warning",
+          message: `Initial bundle is ${initialKB}KB \u2014 consider optimizing`,
+          fix: {
+            description: hasSourceMaps ? "Review large dependencies and consider tree-shaking" : "Review large dependencies and consider tree-shaking. Enable source maps (sourcemap: true) for detailed analysis"
+          },
+          reportedBy: ["bundle-size-check"]
+        });
+      }
+      const score = initialBytes > SIZE_THRESHOLD_FAIL ? 40 : initialBytes > SIZE_THRESHOLD_WARN ? 70 : 100;
+      return {
+        id: "source-map-explorer",
+        category: this.category,
+        name: "Bundle Size",
+        score,
+        status: issues.length === 0 ? "pass" : issues[0].severity === "critical" ? "fail" : "warning",
+        issues,
+        toolsUsed: ["file-size-analysis"],
+        duration: elapsed(),
+        metadata: {
+          initialBytes,
+          initialKB,
+          totalBytes,
+          totalKB,
+          fileCount: jsFiles.length,
+          entryChunks: entryChunks.length,
+          method: "file-size-analysis",
+          note: hasEntryChunkInfo ? `Total bundle: ${totalKB}KB across ${jsFiles.length} chunks` : hasSourceMaps ? "Source maps found but analysis failed" : "No source maps \u2014 using total bundle size"
+        }
+      };
+    } catch (err) {
+      return {
+        id: "source-map-explorer",
+        category: this.category,
+        name: "Bundle Size",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `Bundle analysis failed: ${err}`,
+            reportedBy: ["bundle-size-check"]
+          }
+        ],
+        toolsUsed: ["file-size-analysis"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/coverage.ts
+import { readFileSync as readFileSync6, existsSync as existsSync5, unlinkSync } from "fs";
+import { join as join6, dirname as dirname3 } from "path";
+import { tmpdir } from "os";
+import { execa as execa8 } from "execa";
+var COVERAGE_PATHS = [
+  "coverage/coverage-summary.json",
+  "coverage/coverage-final.json"
+];
+var CoverageRunner = class extends BaseRunner {
+  name = "coverage";
+  category = "code-quality";
+  async isApplicable(projectPath) {
+    return COVERAGE_PATHS.some((p) => existsSync5(join6(projectPath, p))) || this.detectTestRunner(projectPath) !== null;
+  }
+  detectTestRunner(projectPath) {
+    try {
+      const pkg = readPackageJson(projectPath);
+      const deps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+      if ("vitest" in deps) return "vitest";
+      if ("jest" in deps || "@jest/core" in deps) return "jest";
+    } catch {
+    }
+    return null;
+  }
+  hasCoverageProvider(projectPath, runner) {
+    if (runner === "vitest") {
+      let dir = projectPath;
+      while (true) {
+        if (existsSync5(join6(dir, "node_modules", "@vitest", "coverage-v8")) || existsSync5(join6(dir, "node_modules", "@vitest", "coverage-istanbul"))) {
+          return true;
+        }
+        const parent = dirname3(dir);
+        if (parent === dir) break;
+        dir = parent;
+      }
+      return false;
+    }
+    return true;
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    const runner = this.detectTestRunner(projectPath);
+    if (!runner) {
+      return this.readExistingCoverage(projectPath, elapsed);
+    }
+    try {
+      const hasCoverage = this.hasCoverageProvider(projectPath, runner);
+      const tmpFile = join6(tmpdir(), `sickbay-test-${Date.now()}.json`);
+      const args = runner === "vitest" ? ["run", "--reporter=json", `--outputFile=${tmpFile}`, ...hasCoverage ? ["--coverage", "--coverage.reporter=json-summary"] : []] : ["--json", `--outputFile=${tmpFile}`, ...hasCoverage ? ["--coverage"] : []];
+      await execa8(runner, args, {
+        cwd: projectPath,
+        reject: false,
+        // localDir ensures we use the project's own vitest, not sickbay' hoisted binary
+        localDir: projectPath,
+        preferLocal: true,
+        timeout: 12e4
+      });
+      let testCounts = { total: 0, passed: 0, failed: 0, skipped: 0 };
+      if (existsSync5(tmpFile)) {
+        try {
+          const parsed = JSON.parse(readFileSync6(tmpFile, "utf-8"));
+          testCounts = {
+            total: parsed.numTotalTests ?? 0,
+            passed: parsed.numPassedTests ?? 0,
+            failed: parsed.numFailedTests ?? 0,
+            skipped: parsed.numSkippedTests ?? 0
+          };
+        } finally {
+          try {
+            unlinkSync(tmpFile);
+          } catch {
+          }
+        }
+      }
+      const coveragePath = COVERAGE_PATHS.map((p) => join6(projectPath, p)).find(existsSync5);
+      let coverageData = null;
+      if (coveragePath) {
+        try {
+          const raw = JSON.parse(readFileSync6(coveragePath, "utf-8"));
+          const candidate = raw.total ?? raw;
+          if (candidate?.lines?.pct !== void 0 && candidate?.statements?.pct !== void 0) {
+            coverageData = candidate;
+          }
+        } catch {
+        }
+      }
+      const packageManager = detectPackageManager(projectPath);
+      return this.buildResult(elapsed, testCounts, coverageData, runner, hasCoverage, packageManager);
+    } catch (err) {
+      return {
+        id: "coverage",
+        category: this.category,
+        name: "Tests & Coverage",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `Test run failed: ${err}`, reportedBy: ["coverage"] }],
+        toolsUsed: [runner],
+        duration: elapsed()
+      };
+    }
+  }
+  buildResult(elapsed, counts, coverage, runner, hasCoverage, packageManager = "npm") {
+    const issues = [];
+    if (counts.failed > 0) {
+      issues.push({
+        severity: "critical",
+        message: `${counts.failed} test${counts.failed > 1 ? "s" : ""} failing (${counts.passed}/${counts.total} passing)`,
+        fix: { description: "Fix failing tests" },
+        reportedBy: ["coverage"]
+      });
+    }
+    if (coverage) {
+      if (coverage.lines.pct < 80) {
+        issues.push({
+          severity: coverage.lines.pct < 50 ? "critical" : "warning",
+          message: `Line coverage: ${coverage.lines.pct.toFixed(1)}% (target: 80%)`,
+          fix: { description: "Add tests to improve coverage" },
+          reportedBy: ["coverage"]
+        });
+      }
+      if (coverage.functions.pct < 80) {
+        issues.push({
+          severity: "warning",
+          message: `Function coverage: ${coverage.functions.pct.toFixed(1)}% (target: 80%)`,
+          fix: { description: "Add tests for uncovered functions" },
+          reportedBy: ["coverage"]
+        });
+      }
+    } else if (!hasCoverage && counts.total > 0) {
+      issues.push({
+        severity: "info",
+        message: "Coverage data unavailable \u2014 install @vitest/coverage-v8 for coverage reporting",
+        fix: { description: "Add coverage provider", command: `${packageManager} add -D @vitest/coverage-v8` },
+        reportedBy: ["coverage"]
+      });
+    }
+    let score = 100;
+    if (counts.total > 0 && counts.failed > 0) {
+      score = Math.round(100 * (counts.passed / counts.total));
+    }
+    if (coverage) {
+      const covAvg = (coverage.lines.pct + coverage.statements.pct + coverage.functions.pct + coverage.branches.pct) / 4;
+      score = Math.round(score * 0.6 + covAvg * 0.4);
+    }
+    const status = counts.failed > 0 ? "fail" : coverage && coverage.lines.pct < 50 ? "fail" : coverage && coverage.lines.pct < 80 ? "warning" : issues.length > 0 ? "warning" : "pass";
+    return {
+      id: "coverage",
+      category: this.category,
+      name: "Tests & Coverage",
+      score,
+      status,
+      issues,
+      toolsUsed: [runner],
+      duration: elapsed(),
+      metadata: {
+        testRunner: runner,
+        totalTests: counts.total,
+        passed: counts.passed,
+        failed: counts.failed,
+        skipped: counts.skipped,
+        ...coverage ? {
+          lines: coverage.lines.pct,
+          statements: coverage.statements.pct,
+          functions: coverage.functions.pct,
+          branches: coverage.branches.pct
+        } : {}
+      }
+    };
+  }
+  readExistingCoverage(projectPath, elapsed) {
+    const coveragePath = COVERAGE_PATHS.map((p) => join6(projectPath, p)).find(existsSync5);
+    if (!coveragePath) {
+      return this.skipped("No test runner or coverage report found");
+    }
+    try {
+      const raw = JSON.parse(readFileSync6(coveragePath, "utf-8"));
+      const candidate = raw.total ?? raw;
+      if (!candidate?.lines?.pct || !candidate?.statements?.pct) {
+        return this.skipped("Coverage report format not recognized");
+      }
+      const { lines, statements, functions, branches } = candidate;
+      const avg = (lines.pct + statements.pct + functions.pct + branches.pct) / 4;
+      const issues = [];
+      if (lines.pct < 80) {
+        issues.push({
+          severity: lines.pct < 50 ? "critical" : "warning",
+          message: `Line coverage: ${lines.pct.toFixed(1)}% (target: 80%)`,
+          reportedBy: ["coverage"]
+        });
+      }
+      return {
+        id: "coverage",
+        category: this.category,
+        name: "Tests & Coverage",
+        score: Math.round(avg),
+        status: avg >= 80 ? "pass" : avg >= 50 ? "warning" : "fail",
+        issues,
+        toolsUsed: ["coverage"],
+        duration: elapsed(),
+        metadata: { lines: lines.pct, statements: statements.pct, functions: functions.pct, branches: branches.pct }
+      };
+    } catch (err) {
+      return {
+        id: "coverage",
+        category: this.category,
+        name: "Tests & Coverage",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `Failed to parse coverage: ${err}`, reportedBy: ["coverage"] }],
+        toolsUsed: ["coverage"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/license-checker.ts
+import { execa as execa9 } from "execa";
+var PROBLEMATIC_LICENSES = ["GPL-2.0", "GPL-3.0", "AGPL-3.0", "LGPL-2.1", "LGPL-3.0", "CC-BY-NC"];
+var LicenseCheckerRunner = class extends BaseRunner {
+  name = "license-checker";
+  category = "security";
+  async run(projectPath) {
+    const elapsed = timer();
+    const available = await isCommandAvailable("license-checker");
+    if (!available) {
+      return this.skipped("license-checker not installed \u2014 run: npm i -g license-checker");
+    }
+    try {
+      const { stdout } = await execa9("license-checker", ["--json", "--production"], {
+        cwd: projectPath,
+        reject: false,
+        preferLocal: true,
+        localDir: coreLocalDir
+      });
+      const licenses = parseJsonOutput(stdout, "{}");
+      const issues = [];
+      for (const [pkg, info] of Object.entries(licenses)) {
+        const license = info.licenses;
+        if (PROBLEMATIC_LICENSES.some((l) => license.includes(l))) {
+          issues.push({
+            severity: "warning",
+            message: `${pkg} uses ${license} license \u2014 may be incompatible with commercial use`,
+            fix: { description: `Review or replace ${pkg.split("@")[0]}` },
+            reportedBy: ["license-checker"]
+          });
+        }
+      }
+      return {
+        id: "license-checker",
+        category: this.category,
+        name: "License Compliance",
+        score: issues.length === 0 ? 100 : Math.max(60, 100 - issues.length * 10),
+        status: issues.length === 0 ? "pass" : "warning",
+        issues,
+        toolsUsed: ["license-checker"],
+        duration: elapsed(),
+        metadata: { totalPackages: Object.keys(licenses).length, flagged: issues.length }
+      };
+    } catch (err) {
+      return {
+        id: "license-checker",
+        category: this.category,
+        name: "License Compliance",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `license-checker failed: ${err}`, reportedBy: ["license-checker"] }],
+        toolsUsed: ["license-checker"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/jscpd.ts
+import { execa as execa10 } from "execa";
+var JscpdRunner = class extends BaseRunner {
+  name = "jscpd";
+  category = "code-quality";
+  async run(projectPath) {
+    const elapsed = timer();
+    const available = await isCommandAvailable("jscpd");
+    if (!available) {
+      return this.skipped("jscpd not installed \u2014 run: npm i -g jscpd");
+    }
+    try {
+      const { stdout } = await execa10(
+        "jscpd",
+        [
+          "src",
+          "--reporters",
+          "json",
+          "--output",
+          "/tmp/jscpd-sickbay",
+          "--silent"
+        ],
+        {
+          cwd: projectPath,
+          reject: false,
+          preferLocal: true,
+          localDir: coreLocalDir
+        }
+      );
+      let data = {};
+      try {
+        data = parseJsonOutput(stdout, "{}");
+      } catch {
+      }
+      const percentage = data.statistics?.total.percentage ?? 0;
+      const clones = data.statistics?.total.clones ?? 0;
+      const issues = [];
+      if (percentage > 5) {
+        issues.push({
+          severity: percentage > 20 ? "critical" : "warning",
+          message: `${percentage.toFixed(1)}% code duplication detected (${clones} clone${clones !== 1 ? "s" : ""})`,
+          fix: {
+            description: "Extract duplicated code into shared utilities or components"
+          },
+          reportedBy: ["jscpd"]
+        });
+      }
+      return {
+        id: "jscpd",
+        category: this.category,
+        name: "Code Duplication",
+        score: Math.max(0, 100 - Math.round(percentage * 3)),
+        status: percentage === 0 ? "pass" : percentage > 20 ? "fail" : percentage > 5 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["jscpd"],
+        duration: elapsed(),
+        metadata: { percentage, clones }
+      };
+    } catch (err) {
+      return {
+        id: "jscpd",
+        category: this.category,
+        name: "Code Duplication",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `jscpd failed: ${err}`,
+            reportedBy: ["jscpd"]
+          }
+        ],
+        toolsUsed: ["jscpd"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/git.ts
+import { execa as execa11 } from "execa";
+var GitRunner = class extends BaseRunner {
+  name = "git";
+  category = "git";
+  async isApplicable(projectPath) {
+    return fileExists(projectPath, ".git");
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const [lastCommitResult, logCountResult, contributorsResult] = await Promise.allSettled([
+        execa11("git", ["log", "-1", "--format=%cr"], { cwd: projectPath }),
+        execa11("git", ["rev-list", "--count", "HEAD"], { cwd: projectPath }),
+        execa11("git", ["shortlog", "-sn", "--no-merges", "HEAD"], { cwd: projectPath })
+      ]);
+      const remotesResult = await execa11("git", ["remote"], { cwd: projectPath, reject: false });
+      const hasRemote = remotesResult.stdout.trim().length > 0;
+      let remoteBranches = 0;
+      if (hasRemote) {
+        const branchResult = await execa11("git", ["branch", "-r"], { cwd: projectPath, reject: false });
+        remoteBranches = branchResult.stdout.trim().split("\n").filter(Boolean).length;
+      }
+      const lastCommit = lastCommitResult.status === "fulfilled" ? lastCommitResult.value.stdout.trim() : "unknown";
+      const commitCount = logCountResult.status === "fulfilled" ? parseInt(logCountResult.value.stdout.trim(), 10) : 0;
+      const contributorCount = contributorsResult.status === "fulfilled" ? contributorsResult.value.stdout.trim().split("\n").filter(Boolean).length : 0;
+      const issues = [];
+      const isStale = lastCommit.includes("year") || lastCommit.includes("month") && parseInt(lastCommit) > 6;
+      if (isStale) {
+        issues.push({
+          severity: "warning",
+          message: `Last commit was ${lastCommit} \u2014 project may be stale`,
+          reportedBy: ["git"]
+        });
+      }
+      if (remoteBranches > 20) {
+        issues.push({
+          severity: "info",
+          message: `${remoteBranches} remote branches \u2014 consider pruning stale branches`,
+          fix: { description: "Clean up merged branches", command: "git remote prune origin" },
+          reportedBy: ["git"]
+        });
+      }
+      return {
+        id: "git",
+        category: this.category,
+        name: "Git Health",
+        score: issues.length === 0 ? 100 : 80,
+        status: issues.length === 0 ? "pass" : "warning",
+        issues,
+        toolsUsed: ["git"],
+        duration: elapsed(),
+        metadata: { lastCommit, commitCount, contributorCount, remoteBranches }
+      };
+    } catch (err) {
+      return {
+        id: "git",
+        category: this.category,
+        name: "Git Health",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `git analysis failed: ${err}`, reportedBy: ["git"] }],
+        toolsUsed: ["git"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/eslint.ts
+import { execa as execa12 } from "execa";
+import { existsSync as existsSync6 } from "fs";
+import { join as join7 } from "path";
+var ESLintRunner = class extends BaseRunner {
+  name = "eslint";
+  category = "code-quality";
+  async isApplicable(projectPath) {
+    return existsSync6(join7(projectPath, ".eslintrc.js")) || existsSync6(join7(projectPath, ".eslintrc.cjs")) || existsSync6(join7(projectPath, ".eslintrc.json")) || existsSync6(join7(projectPath, ".eslintrc.yml")) || existsSync6(join7(projectPath, "eslint.config.js")) || existsSync6(join7(projectPath, "eslint.config.mjs")) || existsSync6(join7(projectPath, "eslint.config.cjs"));
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const candidateDirs = ["src", "lib", "app"];
+      const dirsToScan = candidateDirs.filter((d) => existsSync6(join7(projectPath, d)));
+      if (dirsToScan.length === 0) {
+        return this.skipped("No source directory found (looked for src, lib, app)");
+      }
+      const { stdout } = await execa12(
+        "eslint",
+        [...dirsToScan, "--format", "json", "--no-error-on-unmatched-pattern"],
+        { cwd: projectPath, reject: false, preferLocal: true, timeout: 6e4 }
+      );
+      const results = parseJsonOutput(stdout, "[]");
+      let totalErrors = 0;
+      let totalWarnings = 0;
+      const issues = [];
+      for (const file of results) {
+        totalErrors += file.errorCount;
+        totalWarnings += file.warningCount;
+        if (file.errorCount > 0 || file.warningCount > 0) {
+          const relPath = file.filePath.replace(projectPath + "/", "");
+          const parts = [];
+          if (file.errorCount > 0) parts.push(`${file.errorCount} error${file.errorCount > 1 ? "s" : ""}`);
+          if (file.warningCount > 0) parts.push(`${file.warningCount} warning${file.warningCount > 1 ? "s" : ""}`);
+          issues.push({
+            severity: file.errorCount > 0 ? "warning" : "info",
+            message: `${relPath}: ${parts.join(", ")}`,
+            fix: { description: `Fix ESLint issues in ${relPath}`, command: `eslint ${relPath} --fix`, modifiesSource: true },
+            reportedBy: ["eslint"]
+          });
+        }
+      }
+      const score = Math.max(0, 100 - totalErrors * 5 - Math.round(totalWarnings * 0.5));
+      return {
+        id: "eslint",
+        category: this.category,
+        name: "Lint",
+        score,
+        status: totalErrors > 10 ? "fail" : totalErrors > 0 ? "warning" : totalWarnings > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["eslint"],
+        duration: elapsed(),
+        metadata: { errors: totalErrors, warnings: totalWarnings, files: results.length }
+      };
+    } catch (err) {
+      return {
+        id: "eslint",
+        category: this.category,
+        name: "Lint",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `ESLint failed: ${err}`, reportedBy: ["eslint"] }],
+        toolsUsed: ["eslint"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/typescript.ts
+import { execa as execa13 } from "execa";
+import { existsSync as existsSync7 } from "fs";
+import { join as join8 } from "path";
+var TypeScriptRunner = class extends BaseRunner {
+  name = "typescript";
+  category = "code-quality";
+  async isApplicable(projectPath) {
+    return existsSync7(join8(projectPath, "tsconfig.json"));
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const { stdout, stderr } = await execa13(
+        "tsc",
+        ["--noEmit", "--pretty", "false"],
+        {
+          cwd: projectPath,
+          reject: false,
+          preferLocal: true,
+          timeout: 12e4
+        }
+      );
+      const output = (stdout + stderr).trim();
+      const errorLines = output.split("\n").map((l) => l.trim()).filter((l) => l.includes(": error TS"));
+      const count = errorLines.length;
+      const issues = errorLines.slice(0, 25).map((line) => {
+        const match = line.match(/^(.+)\(\d+,\d+\): error (TS\d+: .+)$/);
+        return {
+          severity: "warning",
+          message: match ? `${match[1]}: ${match[2]}` : line,
+          reportedBy: ["tsc"]
+        };
+      });
+      if (count > 25) {
+        issues.push({
+          severity: "info",
+          message: `...and ${count - 25} more type errors`,
+          reportedBy: ["tsc"]
+        });
+      }
+      const score = Math.max(0, 100 - count * 5);
+      return {
+        id: "typescript",
+        category: this.category,
+        name: "Type Safety",
+        score,
+        status: count === 0 ? "pass" : count > 20 ? "fail" : "warning",
+        issues,
+        toolsUsed: ["tsc"],
+        duration: elapsed(),
+        metadata: { errors: count }
+      };
+    } catch (err) {
+      return {
+        id: "typescript",
+        category: this.category,
+        name: "Type Safety",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `tsc failed: ${err}`,
+            reportedBy: ["tsc"]
+          }
+        ],
+        toolsUsed: ["tsc"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/todo-scanner.ts
+import { readFileSync as readFileSync7, readdirSync, statSync as statSync2, existsSync as existsSync8 } from "fs";
+import { join as join9, extname } from "path";
+var TODO_PATTERN = /\b(TODO|FIXME|HACK)\b[:\s]*(.*)/i;
+var STRING_LITERAL_RE = /("(?:[^"\\]|\\.)*"|'(?:[^'\\]|\\.)*'|`(?:[^`\\]|\\.)*`)/g;
+function stripStringLiterals(line) {
+  return line.replace(STRING_LITERAL_RE, (m) => " ".repeat(m.length));
+}
+var SOURCE_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".ts",
+  ".tsx",
+  ".js",
+  ".jsx",
+  ".mts",
+  ".cts"
+]);
+var TodoScannerRunner = class extends BaseRunner {
+  name = "todo-scanner";
+  category = "code-quality";
+  async isApplicable(projectPath) {
+    return existsSync8(join9(projectPath, "src"));
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const todos = scanDirectory(join9(projectPath, "src"), projectPath);
+      const issues = todos.map((t) => ({
+        severity: t.kind === "FIXME" || t.kind === "HACK" ? "warning" : "info",
+        message: `${t.file}:${t.line} \u2014 ${t.kind}: ${t.text || "(no description)"}`,
+        reportedBy: ["todo-scanner"]
+      }));
+      const fixmeCount = todos.filter(
+        (t) => t.kind === "FIXME" || t.kind === "HACK"
+      ).length;
+      const score = Math.max(50, 100 - todos.length * 3);
+      return {
+        id: "todo-scanner",
+        category: this.category,
+        name: "Technical Debt",
+        score,
+        status: todos.length === 0 ? "pass" : fixmeCount > 5 || todos.length > 20 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["todo-scanner"],
+        duration: elapsed(),
+        metadata: {
+          total: todos.length,
+          todo: todos.filter((t) => t.kind === "TODO").length,
+          fixme: fixmeCount,
+          hack: todos.filter((t) => t.kind === "HACK").length
+        }
+      };
+    } catch (err) {
+      return {
+        id: "todo-scanner",
+        category: this.category,
+        name: "Technical Debt",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `Todo scan failed: ${err}`,
+            reportedBy: ["todo-scanner"]
+          }
+        ],
+        toolsUsed: ["todo-scanner"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+var SELF_REFERENCING_FILES = /* @__PURE__ */ new Set(["todo-scanner.ts", "todo-scanner.test.ts"]);
+function scanDirectory(dir, projectRoot) {
+  const todos = [];
+  try {
+    for (const entry of readdirSync(dir)) {
+      if (entry.startsWith(".") || entry === "node_modules") continue;
+      if (SELF_REFERENCING_FILES.has(entry)) continue;
+      const fullPath = join9(dir, entry);
+      const stat = statSync2(fullPath);
+      if (stat.isDirectory()) {
+        todos.push(...scanDirectory(fullPath, projectRoot));
+      } else if (SOURCE_EXTENSIONS.has(extname(entry))) {
+        todos.push(...scanFile(fullPath, projectRoot));
+      }
+    }
+  } catch {
+  }
+  return todos;
+}
+function scanFile(filePath, projectRoot) {
+  const todos = [];
+  try {
+    const lines = readFileSync7(filePath, "utf-8").split("\n");
+    const relPath = filePath.replace(projectRoot + "/", "");
+    for (let i = 0; i < lines.length; i++) {
+      const match = stripStringLiterals(lines[i]).match(TODO_PATTERN);
+      if (match) {
+        todos.push({
+          file: relPath,
+          line: i + 1,
+          kind: match[1].toUpperCase(),
+          text: match[2].trim().slice(0, 100)
+        });
+      }
+    }
+  } catch {
+  }
+  return todos;
+}
+
+// src/integrations/complexity.ts
+import { readFileSync as readFileSync8, readdirSync as readdirSync2, statSync as statSync3, existsSync as existsSync9 } from "fs";
+import { join as join10, extname as extname2 } from "path";
+var SOURCE_EXTENSIONS2 = /* @__PURE__ */ new Set([
+  ".ts",
+  ".tsx",
+  ".js",
+  ".jsx",
+  ".mts",
+  ".cts"
+]);
+var ComplexityRunner = class extends BaseRunner {
+  name = "complexity";
+  category = "code-quality";
+  async isApplicable(projectPath) {
+    return existsSync9(join10(projectPath, "src"));
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const files = scanDirectory2(join10(projectPath, "src"), projectPath);
+      const oversized = files.filter((f) => f.lines >= WARN_LINES);
+      const issues = oversized.map((f) => ({
+        severity: f.lines >= CRITICAL_LINES ? "warning" : "info",
+        message: `${f.path}: ${f.lines} lines \u2014 consider splitting into smaller modules`,
+        fix: { description: "Extract concerns into smaller, focused files" },
+        reportedBy: ["complexity"]
+      }));
+      const totalLines = files.reduce((sum, f) => sum + f.lines, 0);
+      const avgLines = files.length > 0 ? Math.round(totalLines / files.length) : 0;
+      const score = Math.max(0, 100 - oversized.length * 10);
+      const topFiles = [...files].sort((a, b) => b.lines - a.lines).slice(0, 10);
+      return {
+        id: "complexity",
+        category: this.category,
+        name: "File Complexity",
+        score,
+        status: oversized.some((f) => f.lines >= CRITICAL_LINES) ? "warning" : oversized.length > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["complexity"],
+        duration: elapsed(),
+        metadata: {
+          totalFiles: files.length,
+          totalLines,
+          avgLines,
+          oversizedCount: oversized.length,
+          topFiles
+        }
+      };
+    } catch (err) {
+      return {
+        id: "complexity",
+        category: this.category,
+        name: "File Complexity",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `Complexity scan failed: ${err}`,
+            reportedBy: ["complexity"]
+          }
+        ],
+        toolsUsed: ["complexity"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+function scanDirectory2(dir, projectRoot) {
+  const files = [];
+  try {
+    for (const entry of readdirSync2(dir)) {
+      if (entry.startsWith(".") || entry === "node_modules" || entry === "__tests__" || entry === "test" || entry === "tests")
+        continue;
+      const fullPath = join10(dir, entry);
+      const stat = statSync3(fullPath);
+      if (stat.isDirectory()) {
+        files.push(...scanDirectory2(fullPath, projectRoot));
+      } else if (SOURCE_EXTENSIONS2.has(extname2(entry)) && !isTestFile(entry)) {
+        try {
+          const lines = readFileSync8(fullPath, "utf-8").split("\n").filter((l) => l.trim()).length;
+          files.push({ path: fullPath.replace(projectRoot + "/", ""), lines });
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return files;
+}
+function isTestFile(filename) {
+  return /\.(test|spec)\.(ts|tsx|js|jsx|mts|cts)$/.test(filename);
+}
+
+// src/integrations/secrets.ts
+import { readFileSync as readFileSync9, readdirSync as readdirSync3, statSync as statSync4, existsSync as existsSync10 } from "fs";
+import { join as join11, extname as extname3, basename } from "path";
+var SCAN_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".ts",
+  ".tsx",
+  ".js",
+  ".jsx",
+  ".mts",
+  ".cts",
+  ".json",
+  ".yaml",
+  ".yml",
+  ".toml"
+]);
+var SKIP_FILES = /* @__PURE__ */ new Set([
+  "package-lock.json",
+  "pnpm-lock.yaml",
+  "yarn.lock",
+  ".env.example",
+  ".env.sample",
+  ".env.template"
+]);
+var PATTERNS = [
+  { name: "AWS Access Key", regex: /AKIA[0-9A-Z]{16}/ },
+  { name: "GitHub Token", regex: /gh[pousr]_[A-Za-z0-9_]{36,}/ },
+  { name: "Slack Token", regex: /xox[baprs]-[0-9A-Za-z-]{10,}/ },
+  { name: "Google API Key", regex: /AIza[0-9A-Za-z\-_]{35}/ },
+  { name: "Stripe Key", regex: /[rs]k_live_[0-9a-zA-Z]{24}/ },
+  {
+    name: "Private Key",
+    regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/
+  },
+  {
+    name: "Hardcoded password",
+    regex: /(?:^|[^a-z])(?:password|passwd|pwd)\s*[=:]\s*["'][^"']{8,}["']/i
+  },
+  {
+    name: "Hardcoded API key",
+    regex: /(?:^|[^a-z])(?:api_?key|apikey)\s*[=:]\s*["'][A-Za-z0-9+/=_-]{16,}["']/i
+  },
+  {
+    name: "Hardcoded secret",
+    regex: /(?:^|[^a-z])(?:secret)\s*[=:]\s*["'][A-Za-z0-9+/=_-]{16,}["']/i
+  }
+];
+var SecretsRunner = class extends BaseRunner {
+  name = "secrets";
+  category = "security";
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const findings = [];
+      const envFiles = [".env", ".env.local", ".env.production"];
+      for (const envFile of envFiles) {
+        if (existsSync10(join11(projectPath, envFile))) {
+          const gitignorePath = join11(projectPath, ".gitignore");
+          let ignored = false;
+          try {
+            const gitignore = readFileSync9(gitignorePath, "utf-8");
+            ignored = gitignore.includes(envFile) || gitignore.includes(".env");
+          } catch {
+          }
+          if (!ignored) {
+            findings.push({
+              file: envFile,
+              line: 0,
+              pattern: ".env file not in .gitignore"
+            });
+          }
+        }
+      }
+      if (existsSync10(join11(projectPath, "src"))) {
+        findings.push(...scanDirectory3(join11(projectPath, "src"), projectPath));
+      }
+      const issues = findings.map((f) => ({
+        severity: "critical",
+        message: f.line > 0 ? `${f.file}:${f.line} \u2014 ${f.pattern} detected` : `${f.file} \u2014 ${f.pattern}`,
+        file: f.file,
+        fix: {
+          description: "Move secrets to environment variables",
+          codeChange: f.codeSnippet ? {
+            before: f.codeSnippet,
+            after: "Use process.env.YOUR_SECRET_NAME instead"
+          } : void 0
+        },
+        reportedBy: ["secrets"]
+      }));
+      const count = findings.length;
+      const score = Math.max(0, 100 - count * 25);
+      return {
+        id: "secrets",
+        category: this.category,
+        name: "Secrets Detection",
+        score,
+        status: count === 0 ? "pass" : "fail",
+        issues,
+        toolsUsed: ["secrets"],
+        duration: elapsed(),
+        metadata: { findings: count }
+      };
+    } catch (err) {
+      return {
+        id: "secrets",
+        category: this.category,
+        name: "Secrets Detection",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `Secrets scan failed: ${err}`,
+            reportedBy: ["secrets"]
+          }
+        ],
+        toolsUsed: ["secrets"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+function scanDirectory3(dir, projectRoot) {
+  const findings = [];
+  try {
+    for (const entry of readdirSync3(dir)) {
+      if (entry.startsWith(".") || entry === "node_modules" || entry === "__tests__" || entry === "test" || entry === "tests")
+        continue;
+      const fullPath = join11(dir, entry);
+      const stat = statSync4(fullPath);
+      if (stat.isDirectory()) {
+        findings.push(...scanDirectory3(fullPath, projectRoot));
+      } else if (SCAN_EXTENSIONS.has(extname3(entry)) && !SKIP_FILES.has(basename(entry)) && !isTestFile2(entry)) {
+        findings.push(...scanFile2(fullPath, projectRoot));
+      }
+    }
+  } catch {
+  }
+  return findings;
+}
+function isTestFile2(filename) {
+  return /\.(test|spec)\.(ts|tsx|js|jsx|mts|cts)$/.test(filename);
+}
+function scanFile2(filePath, projectRoot) {
+  const findings = [];
+  try {
+    const content = readFileSync9(filePath, "utf-8");
+    const lines = content.split("\n");
+    const relPath = filePath.replace(projectRoot + "/", "");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      if (line.includes("process.env") || line.includes("import.meta.env"))
+        continue;
+      if (line.trim().startsWith("//") || line.trim().startsWith("#") || line.trim().startsWith("*"))
+        continue;
+      for (const pattern of PATTERNS) {
+        if (pattern.regex.test(line)) {
+          findings.push({
+            file: relPath,
+            line: i + 1,
+            pattern: pattern.name,
+            codeSnippet: line.trim()
+          });
+          break;
+        }
+      }
+    }
+  } catch {
+  }
+  return findings;
+}
+
+// src/integrations/heavy-deps.ts
+import { readFileSync as readFileSync10 } from "fs";
+import { join as join12 } from "path";
+var HEAVY_DEPS = {
+  "moment": {
+    alternative: "dayjs or date-fns",
+    reason: "moment is 300KB+ and mutable \u2014 modern alternatives are ~2KB",
+    severity: "warning"
+  },
+  "lodash": {
+    alternative: "lodash-es or individual lodash/* imports",
+    reason: "Full lodash bundle is 70KB+ \u2014 use tree-shakeable imports instead",
+    severity: "warning"
+  },
+  "underscore": {
+    alternative: "native JS methods (map, filter, reduce, etc.)",
+    reason: "Most underscore utilities have native equivalents",
+    severity: "warning"
+  },
+  "jquery": {
+    alternative: "native DOM APIs (querySelector, fetch, classList, etc.)",
+    reason: "Modern browsers cover virtually all jQuery use cases natively",
+    severity: "warning"
+  },
+  "request": {
+    alternative: "native fetch or undici",
+    reason: "request is deprecated and heavy",
+    severity: "warning"
+  },
+  "bluebird": {
+    alternative: "native Promises",
+    reason: "Native Promises are performant in modern Node/browsers",
+    severity: "info"
+  },
+  "axios": {
+    alternative: "native fetch",
+    reason: "fetch is built-in to Node 18+ and all modern browsers",
+    severity: "info"
+  },
+  "left-pad": {
+    alternative: "String.prototype.padStart()",
+    reason: "padStart is a native JS method",
+    severity: "info"
+  },
+  "is-even": {
+    alternative: "n % 2 === 0",
+    reason: "Trivial one-liner \u2014 no package needed",
+    severity: "info"
+  },
+  "is-odd": {
+    alternative: "n % 2 !== 0",
+    reason: "Trivial one-liner \u2014 no package needed",
+    severity: "info"
+  },
+  "is-number": {
+    alternative: 'typeof n === "number" or Number.isFinite()',
+    reason: "Trivial check \u2014 no package needed",
+    severity: "info"
+  },
+  "classnames": {
+    alternative: "clsx (lighter drop-in replacement)",
+    reason: "clsx is smaller and faster",
+    severity: "info"
+  },
+  "node-fetch": {
+    alternative: "native fetch (Node 18+)",
+    reason: "fetch is built-in to Node 18+",
+    severity: "info"
+  },
+  "moment-timezone": {
+    alternative: "Intl.DateTimeFormat or date-fns-tz",
+    reason: "moment-timezone bundles all IANA timezone data \u2014 500KB+ unminified",
+    severity: "warning"
+  },
+  "uuid": {
+    alternative: "crypto.randomUUID()",
+    reason: "crypto.randomUUID() is native in Node 14.17+ and all modern browsers",
+    severity: "info"
+  },
+  "rimraf": {
+    alternative: "fs.rm(path, { recursive: true, force: true })",
+    reason: "fs.rm with recursive option is built into Node 14.14+",
+    severity: "info"
+  },
+  "mkdirp": {
+    alternative: "fs.mkdir(path, { recursive: true })",
+    reason: "fs.mkdir with recursive option is built into Node 10.12+",
+    severity: "info"
+  },
+  "qs": {
+    alternative: "URLSearchParams",
+    reason: "URLSearchParams handles query string parsing natively in Node and browsers",
+    severity: "info"
+  }
+};
+var HeavyDepsRunner = class extends BaseRunner {
+  name = "heavy-deps";
+  category = "performance";
+  async isApplicable(projectPath) {
+    return fileExists(projectPath, "package.json");
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const pkg = JSON.parse(readFileSync10(join12(projectPath, "package.json"), "utf-8"));
+      const allDeps = {
+        ...pkg.dependencies,
+        ...pkg.devDependencies
+      };
+      const depNames = Object.keys(allDeps || {});
+      const found = [];
+      for (const dep of depNames) {
+        const info = HEAVY_DEPS[dep];
+        if (info) {
+          found.push({ name: dep, info });
+        }
+      }
+      const issues = found.map((f) => ({
+        severity: f.info.severity,
+        message: `${f.name} \u2014 ${f.info.reason}`,
+        fix: {
+          description: `Consider replacing with ${f.info.alternative}`
+        },
+        reportedBy: ["heavy-deps"]
+      }));
+      const warningCount = found.filter((f) => f.info.severity === "warning").length;
+      const infoCount = found.filter((f) => f.info.severity === "info").length;
+      const score = Math.max(30, 100 - warningCount * 10 - infoCount * 5);
+      return {
+        id: "heavy-deps",
+        category: this.category,
+        name: "Heavy Dependencies",
+        score,
+        status: warningCount > 0 ? "warning" : infoCount > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["heavy-deps"],
+        duration: elapsed(),
+        metadata: {
+          totalDeps: depNames.length,
+          heavyDepsFound: found.length,
+          heavyDeps: found.map((f) => f.name)
+        }
+      };
+    } catch (err) {
+      return {
+        id: "heavy-deps",
+        category: this.category,
+        name: "Heavy Dependencies",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `Heavy deps check failed: ${err}`, reportedBy: ["heavy-deps"] }],
+        toolsUsed: ["heavy-deps"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+
+// src/integrations/react-perf.ts
+import { readFileSync as readFileSync11, readdirSync as readdirSync4, statSync as statSync5 } from "fs";
+import { join as join13, extname as extname4 } from "path";
+var COMPONENT_EXTENSIONS = /* @__PURE__ */ new Set([".tsx", ".jsx"]);
+var ReactPerfRunner = class extends BaseRunner {
+  name = "react-perf";
+  category = "performance";
+  applicableFrameworks = ["react", "next", "remix"];
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const hasReactCompiler = detectReactCompiler(projectPath);
+      const findings = [];
+      const files = scanDirectory4(join13(projectPath, "src"), projectPath);
+      for (const file of files) {
+        findings.push(...analyzeFile(file.path, file.fullPath, file.lines));
+      }
+      const activeFindings = hasReactCompiler ? findings.filter((f) => !f.pattern.includes("Inline object")) : findings;
+      const issues = activeFindings.map((f) => ({
+        severity: f.severity,
+        message: f.line > 0 ? `${f.file}:${f.line} \u2014 ${f.pattern}` : `${f.file} \u2014 ${f.pattern}`,
+        file: f.file,
+        fix: { description: getFixDescription(f.pattern) },
+        reportedBy: ["react-perf"]
+      }));
+      const warningCount = activeFindings.filter(
+        (f) => f.severity === "warning"
+      ).length;
+      const infoCount = activeFindings.filter((f) => f.severity === "info").length;
+      const score = Math.max(20, 100 - warningCount * 3 - infoCount * 1);
+      return {
+        id: "react-perf",
+        category: this.category,
+        name: "React Performance",
+        score,
+        status: warningCount > 0 ? "warning" : infoCount > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["react-perf"],
+        duration: elapsed(),
+        metadata: {
+          filesScanned: files.length,
+          reactCompiler: hasReactCompiler,
+          totalFindings: activeFindings.length,
+          inlineObjects: activeFindings.filter((f) => f.pattern.includes("Inline")).length,
+          indexAsKey: activeFindings.filter((f) => f.pattern.includes("index as key")).length,
+          largeComponents: activeFindings.filter(
+            (f) => f.pattern.includes("Large component")
+          ).length
+        }
+      };
+    } catch (err) {
+      return {
+        id: "react-perf",
+        category: this.category,
+        name: "React Performance",
+        score: 0,
+        status: "fail",
+        issues: [
+          {
+            severity: "critical",
+            message: `React perf check failed: ${err}`,
+            reportedBy: ["react-perf"]
+          }
+        ],
+        toolsUsed: ["react-perf"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+function detectReactCompiler(projectPath) {
+  try {
+    const pkg = JSON.parse(
+      readFileSync11(join13(projectPath, "package.json"), "utf-8")
+    );
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return "babel-plugin-react-compiler" in allDeps || "@react-compiler/babel" in allDeps;
+  } catch {
+    return false;
+  }
+}
+function scanDirectory4(dir, projectRoot) {
+  const files = [];
+  try {
+    for (const entry of readdirSync4(dir)) {
+      if (entry.startsWith(".") || entry === "node_modules" || entry === "__tests__" || entry === "__mocks__" || entry.includes(".test.") || entry.includes(".spec."))
+        continue;
+      const fullPath = join13(dir, entry);
+      const stat = statSync5(fullPath);
+      if (stat.isDirectory()) {
+        files.push(...scanDirectory4(fullPath, projectRoot));
+      } else if (COMPONENT_EXTENSIONS.has(extname4(entry))) {
+        try {
+          const content = readFileSync11(fullPath, "utf-8");
+          const lineCount = content.split("\n").length;
+          files.push({
+            path: fullPath.replace(projectRoot + "/", ""),
+            fullPath,
+            lines: lineCount
+          });
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return files;
+}
+function analyzeFile(relPath, fullPath, lineCount) {
+  const findings = [];
+  try {
+    const content = readFileSync11(fullPath, "utf-8");
+    const lines = content.split("\n");
+    if (lineCount > WARN_LINES) {
+      findings.push({
+        file: relPath,
+        line: 0,
+        pattern: `Large component file (${lineCount} lines) \u2014 consider splitting`,
+        severity: "info"
+      });
+    }
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      const trimmed = line.trim();
+      if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*"))
+        continue;
+      if (/\w+=\{\{/.test(line) && !trimmed.startsWith("//")) {
+        if (!/className=\{\{/.test(line)) {
+          findings.push({
+            file: relPath,
+            line: i + 1,
+            pattern: "Inline object in JSX prop \u2014 creates new reference every render",
+            severity: "warning"
+          });
+        }
+      }
+      if (/\.map\s*\(/.test(line) || i > 0 && /\.map\s*\(/.test(lines[i - 1])) {
+        if (/key=\{(?:index|i|idx)\}/.test(line)) {
+          findings.push({
+            file: relPath,
+            line: i + 1,
+            pattern: "Using index as key in list \u2014 can cause rendering issues with dynamic lists",
+            severity: "warning"
+          });
+        }
+      }
+    }
+    checkLazyRoutes(content, relPath, findings);
+  } catch {
+  }
+  return findings;
+}
+function checkLazyRoutes(content, relPath, findings) {
+  if (!content.includes("<Route") && !content.includes("createBrowserRouter"))
+    return;
+  const hasLazy = content.includes("React.lazy") || content.includes("lazy(");
+  const importLines = content.split("\n").filter((l) => l.startsWith("import ") && !l.includes("react-router"));
+  if (!hasLazy && importLines.length > 3) {
+    findings.push({
+      file: relPath,
+      line: 0,
+      pattern: "Route file with static imports \u2014 consider React.lazy() for code splitting",
+      severity: "info"
+    });
+  }
+}
+function getFixDescription(pattern) {
+  if (pattern.includes("Inline object")) {
+    return "Extract the object to a constant outside the component or use useMemo()";
+  }
+  if (pattern.includes("index as key")) {
+    return "Use a unique identifier (id, slug, etc.) as the key instead of the array index";
+  }
+  if (pattern.includes("Large component")) {
+    return "Break into smaller, focused components to improve readability and render performance";
+  }
+  if (pattern.includes("lazy")) {
+    return "Use React.lazy() and Suspense for route-level code splitting";
+  }
+  return "Review and optimize for better rendering performance";
+}
+
+// src/integrations/asset-size.ts
+import { readdirSync as readdirSync5, statSync as statSync6 } from "fs";
+import { join as join14, extname as extname5 } from "path";
+var ASSET_DIRS = ["public", "src/assets", "static", "assets"];
+var IMAGE_EXTENSIONS = /* @__PURE__ */ new Set([".png", ".jpg", ".jpeg", ".gif", ".webp", ".bmp", ".ico"]);
+var SVG_EXTENSION = ".svg";
+var FONT_EXTENSIONS = /* @__PURE__ */ new Set([".woff", ".woff2", ".ttf", ".otf", ".eot"]);
+var SKIP_EXTENSIONS = /* @__PURE__ */ new Set([".mp4", ".webm", ".ogg", ".mp3", ".wav", ".flac", ".avi", ".mov"]);
+var IMAGE_WARN = 500 * 1024;
+var IMAGE_CRITICAL = 2 * 1024 * 1024;
+var SVG_WARN = 100 * 1024;
+var FONT_WARN = 500 * 1024;
+var TOTAL_WARN = 5 * 1024 * 1024;
+var TOTAL_CRITICAL = 10 * 1024 * 1024;
+var AssetSizeRunner = class extends BaseRunner {
+  name = "asset-size";
+  category = "performance";
+  applicableRuntimes = ["browser"];
+  async run(projectPath) {
+    const elapsed = timer();
+    try {
+      const assets = [];
+      for (const dir of ASSET_DIRS) {
+        if (fileExists(projectPath, dir)) {
+          scanAssets(join14(projectPath, dir), projectPath, assets);
+        }
+      }
+      const issues = [];
+      let totalSize = 0;
+      for (const asset of assets) {
+        totalSize += asset.size;
+        const sizeKB = Math.round(asset.size / 1024);
+        const sizeMB = (asset.size / (1024 * 1024)).toFixed(1);
+        if (asset.type === "image") {
+          if (asset.size > IMAGE_CRITICAL) {
+            issues.push({
+              severity: "critical",
+              message: `${asset.path} \u2014 ${sizeMB}MB image (exceeds 2MB)`,
+              file: asset.path,
+              fix: { description: "Compress with tools like squoosh.app, tinypng.com, or convert to WebP/AVIF format" },
+              reportedBy: ["asset-size"]
+            });
+          } else if (asset.size > IMAGE_WARN) {
+            issues.push({
+              severity: "warning",
+              message: `${asset.path} \u2014 ${sizeKB}KB image (exceeds 500KB)`,
+              file: asset.path,
+              fix: { description: "Compress or convert to a more efficient format (WebP, AVIF)" },
+              reportedBy: ["asset-size"]
+            });
+          }
+        } else if (asset.type === "svg") {
+          if (asset.size > SVG_WARN) {
+            issues.push({
+              severity: "warning",
+              message: `${asset.path} \u2014 ${sizeKB}KB SVG (exceeds 100KB, likely unoptimized)`,
+              file: asset.path,
+              fix: { description: "Optimize with SVGO or svgomg.net \u2014 remove metadata, simplify paths" },
+              reportedBy: ["asset-size"]
+            });
+          }
+        } else if (asset.type === "font") {
+          if (asset.size > FONT_WARN) {
+            issues.push({
+              severity: "warning",
+              message: `${asset.path} \u2014 ${sizeKB}KB font (exceeds 500KB)`,
+              file: asset.path,
+              fix: { description: "Subset the font to include only needed characters, or use WOFF2 format" },
+              reportedBy: ["asset-size"]
+            });
+          }
+        }
+      }
+      const totalMB = (totalSize / (1024 * 1024)).toFixed(1);
+      if (totalSize > TOTAL_CRITICAL) {
+        issues.push({
+          severity: "critical",
+          message: `Total asset size is ${totalMB}MB \u2014 exceeds 10MB threshold`,
+          fix: { description: "Review and optimize all static assets to reduce total payload" },
+          reportedBy: ["asset-size"]
+        });
+      } else if (totalSize > TOTAL_WARN) {
+        issues.push({
+          severity: "warning",
+          message: `Total asset size is ${totalMB}MB \u2014 consider optimizing`,
+          fix: { description: "Compress images, subset fonts, and remove unused assets" },
+          reportedBy: ["asset-size"]
+        });
+      }
+      const criticalCount = issues.filter((i) => i.severity === "critical").length;
+      const warningCount = issues.filter((i) => i.severity === "warning").length;
+      const score = Math.max(20, 100 - criticalCount * 20 - warningCount * 8);
+      return {
+        id: "asset-size",
+        category: this.category,
+        name: "Asset Sizes",
+        score,
+        status: criticalCount > 0 ? "fail" : warningCount > 0 ? "warning" : "pass",
+        issues,
+        toolsUsed: ["asset-size"],
+        duration: elapsed(),
+        metadata: {
+          totalAssets: assets.length,
+          totalSizeBytes: totalSize,
+          totalSizeMB: totalMB,
+          images: assets.filter((a) => a.type === "image").length,
+          svgs: assets.filter((a) => a.type === "svg").length,
+          fonts: assets.filter((a) => a.type === "font").length
+        }
+      };
+    } catch (err) {
+      return {
+        id: "asset-size",
+        category: this.category,
+        name: "Asset Sizes",
+        score: 0,
+        status: "fail",
+        issues: [{ severity: "critical", message: `Asset size check failed: ${err}`, reportedBy: ["asset-size"] }],
+        toolsUsed: ["asset-size"],
+        duration: elapsed()
+      };
+    }
+  }
+};
+function scanAssets(dir, projectRoot, assets) {
+  try {
+    for (const entry of readdirSync5(dir)) {
+      if (entry.startsWith(".") || entry === "node_modules") continue;
+      const fullPath = join14(dir, entry);
+      const stat = statSync6(fullPath);
+      if (stat.isDirectory()) {
+        scanAssets(fullPath, projectRoot, assets);
+      } else {
+        const ext = extname5(entry).toLowerCase();
+        if (SKIP_EXTENSIONS.has(ext)) continue;
+        let type = "other";
+        if (IMAGE_EXTENSIONS.has(ext)) type = "image";
+        else if (ext === SVG_EXTENSION) type = "svg";
+        else if (FONT_EXTENSIONS.has(ext)) type = "font";
+        else continue;
+        assets.push({
+          path: fullPath.replace(projectRoot + "/", ""),
+          size: stat.size,
+          type
+        });
+      }
+    }
+  } catch {
+  }
+}
+
+// src/integrations/node-security.ts
+import { readFileSync as readFileSync12, existsSync as existsSync11 } from "fs";
+import { join as join15 } from "path";
+var HELMET_PACKAGES = ["helmet", "koa-helmet", "fastify-helmet"];
+var CORS_PACKAGES = ["cors", "@koa/cors", "@fastify/cors", "koa2-cors"];
+var RATE_LIMIT_PACKAGES = [
+  "express-rate-limit",
+  "rate-limiter-flexible",
+  "@fastify/rate-limit",
+  "koa-ratelimit"
+];
+var HTTP_SERVER_PACKAGES = [
+  "express",
+  "fastify",
+  "koa",
+  "hapi",
+  "@hapi/hapi",
+  "restify",
+  "polka",
+  "micro",
+  "@nestjs/core",
+  "h3"
+];
+var NodeSecurityRunner = class extends BaseRunner {
+  name = "node-security";
+  category = "security";
+  applicableRuntimes = ["node"];
+  async isApplicable(projectPath, _context) {
+    const pkgPath = join15(projectPath, "package.json");
+    if (!existsSync11(pkgPath)) return false;
+    const pkg = JSON.parse(readFileSync12(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+    return HTTP_SERVER_PACKAGES.some((p) => p in allDeps);
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    const pkgPath = join15(projectPath, "package.json");
+    if (!existsSync11(pkgPath)) {
+      return this.skipped("No package.json found");
+    }
+    const pkg = JSON.parse(readFileSync12(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+    const hasHelmet = HELMET_PACKAGES.some((p) => p in allDeps);
+    const hasCors = CORS_PACKAGES.some((p) => p in allDeps);
+    const hasRateLimit = RATE_LIMIT_PACKAGES.some((p) => p in allDeps);
+    const issues = [];
+    let score = 0;
+    if (hasHelmet) {
+      score += 35;
+    } else {
+      issues.push({
+        severity: "critical",
+        message: "Missing security headers middleware (helmet). HTTP security headers protect against XSS, clickjacking, MIME sniffing, and other common attacks.",
+        fix: {
+          description: "Install helmet and add app.use(helmet()) before your routes",
+          command: "npm install helmet",
+          nextSteps: "Add app.use(helmet()) before your routes"
+        },
+        reportedBy: ["node-security"]
+      });
+    }
+    if (hasCors) {
+      score += 30;
+    } else {
+      issues.push({
+        severity: "warning",
+        message: "Missing CORS middleware. Without explicit CORS configuration your API may be inaccessible from browser clients or accept requests from any origin.",
+        fix: {
+          description: "Install cors and configure allowed origins explicitly",
+          command: "npm install cors",
+          nextSteps: "Configure allowed origins explicitly with cors({ origin: [...] })"
+        },
+        reportedBy: ["node-security"]
+      });
+    }
+    if (hasRateLimit) {
+      score += 35;
+    } else {
+      issues.push({
+        severity: "warning",
+        message: "Missing rate limiting middleware. Without rate limiting your API is vulnerable to DoS attacks and credential brute-forcing.",
+        fix: {
+          description: "Install express-rate-limit and configure limits per route or globally",
+          command: "npm install express-rate-limit",
+          nextSteps: "Configure rate limits per route or globally"
+        },
+        reportedBy: ["node-security"]
+      });
+    }
+    const status = score >= 80 ? "pass" : score >= 50 ? "warning" : "fail";
+    return {
+      id: "node-security",
+      category: this.category,
+      name: "Node Security Middleware",
+      score,
+      status,
+      issues,
+      toolsUsed: ["node-security"],
+      duration: elapsed()
+    };
+  }
+};
+
+// src/integrations/node-input-validation.ts
+import { readFileSync as readFileSync13, existsSync as existsSync12 } from "fs";
+import { join as join16 } from "path";
+var VALIDATION_PACKAGES = [
+  "zod",
+  "joi",
+  "express-validator",
+  "yup",
+  "ajv",
+  "@sinclair/typebox",
+  "valibot"
+];
+var HTTP_SERVER_PACKAGES2 = [
+  "express",
+  "fastify",
+  "koa",
+  "hapi",
+  "@hapi/hapi",
+  "restify",
+  "polka",
+  "micro",
+  "@nestjs/core",
+  "h3"
+];
+var NodeInputValidationRunner = class extends BaseRunner {
+  name = "node-input-validation";
+  category = "code-quality";
+  applicableRuntimes = ["node"];
+  async isApplicable(projectPath, _context) {
+    const pkgPath = join16(projectPath, "package.json");
+    if (!existsSync12(pkgPath)) return false;
+    const pkg = JSON.parse(readFileSync13(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+    return HTTP_SERVER_PACKAGES2.some((p) => p in allDeps);
+  }
+  async run(projectPath) {
+    const elapsed = timer();
+    const pkgPath = join16(projectPath, "package.json");
+    if (!existsSync12(pkgPath)) {
+      return this.skipped("No package.json found");
+    }
+    const pkg = JSON.parse(readFileSync13(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+    const found = VALIDATION_PACKAGES.find((p) => p in allDeps);
+    if (found) {
+      const issues2 = [
+        {
+          severity: "info",
+          message: `Input validation library detected: ${found}`,
+          reportedBy: ["node-input-validation"]
+        }
+      ];
+      return {
+        id: "node-input-validation",
+        category: this.category,
+        name: "Input Validation",
+        score: 85,
+        status: "pass",
+        issues: issues2,
+        toolsUsed: ["node-input-validation"],
+        duration: elapsed()
+      };
+    }
+    const issues = [
+      {
+        severity: "warning",
+        message: "No input validation library found. Without validation, your API may accept malformed data leading to runtime errors or security vulnerabilities.",
+        fix: {
+          description: "Add an input validation library and validate all incoming request data",
+          command: "npm install zod",
+          nextSteps: "Add input validation schemas to all incoming request data"
+        },
+        reportedBy: ["node-input-validation"]
+      }
+    ];
+    return {
+      id: "node-input-validation",
+      category: this.category,
+      name: "Input Validation",
+      score: 20,
+      status: "warning",
+      issues,
+      toolsUsed: ["node-input-validation"],
+      duration: elapsed()
+    };
+  }
+};
+
+// src/integrations/node-async-errors.ts
+import { readFileSync as readFileSync14, existsSync as existsSync13, readdirSync as readdirSync6, statSync as statSync7 } from "fs";
+import { join as join17, extname as extname6 } from "path";
+var SOURCE_EXTENSIONS3 = /* @__PURE__ */ new Set([".js", ".ts", ".mjs", ".cjs"]);
+var SKIP_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", "coverage", "test", "tests", "__tests__"]);
+var ASYNC_ROUTE_RE = /(?:app|router)\s*\.\s*(?:get|post|put|patch|delete|all)\s*\([^;]*\basync\b/s;
+var TRY_CATCH_RE = /\btry\s*\{/;
+var ASYNC_ERRORS_RE = /require\s*\(\s*['"]express-async-errors['"]\s*\)|from\s+['"]express-async-errors['"]/;
+var ERROR_MIDDLEWARE_RE = /\(\s*(?:err|error)\s*,\s*\w+\s*,\s*\w+\s*,\s*\w+\s*\)\s*(?:=>|\{)/;
+function collectSourceFiles(dir) {
+  if (!existsSync13(dir)) return [];
+  const files = [];
+  for (const entry of readdirSync6(dir)) {
+    if (SKIP_DIRS.has(entry)) continue;
+    const full = join17(dir, entry);
+    try {
+      const stat = statSync7(full);
+      if (stat.isDirectory()) {
+        files.push(...collectSourceFiles(full));
+      } else if (SOURCE_EXTENSIONS3.has(extname6(entry))) {
+        files.push(full);
+      }
+    } catch {
+    }
+  }
+  return files;
+}
+var NodeAsyncErrorsRunner = class extends BaseRunner {
+  name = "node-async-errors";
+  category = "code-quality";
+  applicableRuntimes = ["node"];
+  async run(projectPath) {
+    const elapsed = timer();
+    const pkgPath = join17(projectPath, "package.json");
+    if (!existsSync13(pkgPath)) {
+      return this.skipped("No package.json found");
+    }
+    const pkg = JSON.parse(readFileSync14(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies ?? {}, ...pkg.devDependencies ?? {} };
+    if ("express-async-errors" in allDeps) {
+      return {
+        id: "node-async-errors",
+        category: this.category,
+        name: "Async Error Handling",
+        score: 100,
+        status: "pass",
+        issues: [
+          {
+            severity: "info",
+            message: "express-async-errors detected \u2014 all async route handlers are automatically protected.",
+            reportedBy: ["node-async-errors"]
+          }
+        ],
+        toolsUsed: ["node-async-errors"],
+        duration: elapsed()
+      };
+    }
+    const srcDir = join17(projectPath, "src");
+    const files = collectSourceFiles(existsSync13(srcDir) ? srcDir : projectPath);
+    let routeFiles = 0;
+    let protectedFiles = 0;
+    let hasErrorMiddleware = false;
+    for (const file of files) {
+      try {
+        const content = readFileSync14(file, "utf-8");
+        if (ASYNC_ERRORS_RE.test(content)) {
+          hasErrorMiddleware = true;
+          continue;
+        }
+        if (ERROR_MIDDLEWARE_RE.test(content)) hasErrorMiddleware = true;
+        if (!ASYNC_ROUTE_RE.test(content)) continue;
+        routeFiles++;
+        if (TRY_CATCH_RE.test(content)) protectedFiles++;
+      } catch {
+      }
+    }
+    const issues = [];
+    if (routeFiles === 0) {
+      return {
+        id: "node-async-errors",
+        category: this.category,
+        name: "Async Error Handling",
+        score: 100,
+        status: "pass",
+        issues,
+        toolsUsed: ["node-async-errors"],
+        duration: elapsed()
+      };
+    }
+    const unprotectedFiles = routeFiles - protectedFiles;
+    const protectionRatio = protectedFiles / routeFiles;
+    if (unprotectedFiles > 0) {
+      issues.push({
+        severity: unprotectedFiles === routeFiles ? "critical" : "warning",
+        message: `${unprotectedFiles} of ${routeFiles} route file(s) contain async handlers without try/catch. Unhandled promise rejections will crash the process in Node.js <15 or produce silent failures.`,
+        fix: {
+          description: "Wrap async route handlers in try/catch or use express-async-errors to auto-wrap all handlers"
+        },
+        reportedBy: ["node-async-errors"]
+      });
+    }
+    if (!hasErrorMiddleware) {
+      issues.push({
+        severity: "warning",
+        message: "No Express error handling middleware found (4-parameter function: err, req, res, next). Without it, errors passed to next() have no centralized handler.",
+        fix: {
+          description: "Add app.use((err, req, res, next) => { res.status(500).json({ error: err.message }); }) after all routes"
+        },
+        reportedBy: ["node-async-errors"]
+      });
+    }
+    const baseScore = Math.round(protectionRatio * 80);
+    const middlewareBonus = hasErrorMiddleware ? 20 : 0;
+    const score = Math.min(100, baseScore + middlewareBonus);
+    const status = score >= 80 ? "pass" : score >= 50 ? "warning" : "fail";
+    return {
+      id: "node-async-errors",
+      category: this.category,
+      name: "Async Error Handling",
+      score,
+      status,
+      issues,
+      toolsUsed: ["node-async-errors"],
+      duration: elapsed()
+    };
+  }
+};
+
+// src/runner.ts
+var ALL_RUNNERS = [
+  new KnipRunner(),
+  new DepcheckRunner(),
+  new OutdatedRunner(),
+  new NpmAuditRunner(),
+  new MadgeRunner(),
+  new SourceMapExplorerRunner(),
+  new CoverageRunner(),
+  new LicenseCheckerRunner(),
+  new JscpdRunner(),
+  new GitRunner(),
+  new ESLintRunner(),
+  new TypeScriptRunner(),
+  new TodoScannerRunner(),
+  new ComplexityRunner(),
+  new SecretsRunner(),
+  new HeavyDepsRunner(),
+  new ReactPerfRunner(),
+  new AssetSizeRunner(),
+  new NodeSecurityRunner(),
+  new NodeInputValidationRunner(),
+  new NodeAsyncErrorsRunner()
+];
+async function runSickbay(options = {}) {
+  const projectPath = options.projectPath ?? process.cwd();
+  const projectInfo = await detectProject(projectPath);
+  const context = await detectContext(projectPath);
+  const candidateRunners = options.checks ? ALL_RUNNERS.filter((r) => options.checks.includes(r.name)) : ALL_RUNNERS;
+  const runners = candidateRunners.filter((r) => r.isApplicableToContext(context));
+  options.onRunnersReady?.(runners.map((r) => r.name));
+  const checks = [];
+  const results = await Promise.allSettled(
+    runners.map(async (runner) => {
+      const applicable = await runner.isApplicable(projectPath, context);
+      if (!applicable) return null;
+      options.onCheckStart?.(runner.name);
+      const result = await runner.run(projectPath, { verbose: options.verbose });
+      options.onCheckComplete?.(result);
+      return result;
+    })
+  );
+  for (const result of results) {
+    if (result.status === "fulfilled" && result.value) {
+      checks.push(result.value);
+    }
+  }
+  const overallScore = calculateOverallScore(checks);
+  const summary = buildSummary(checks);
+  return {
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    projectPath,
+    projectInfo,
+    checks,
+    overallScore,
+    summary,
+    quote: options.quotes !== false ? getQuote(overallScore) : void 0
+  };
+}
+async function runSickbayMonorepo(options = {}) {
+  const rootPath = options.projectPath ?? process.cwd();
+  const monorepoInfo = await detectMonorepo(rootPath);
+  if (!monorepoInfo.isMonorepo) {
+    throw new Error(`Not a monorepo root: ${rootPath}`);
+  }
+  const packageReports = await Promise.all(
+    monorepoInfo.packagePaths.map(async (pkgPath) => {
+      const report = await runSickbay({ ...options, projectPath: pkgPath });
+      const context = await detectContext(pkgPath);
+      options.onPackageStart?.(report.projectInfo.name);
+      const packageReport = {
+        name: report.projectInfo.name,
+        path: pkgPath,
+        relativePath: relative(rootPath, pkgPath),
+        framework: report.projectInfo.framework,
+        runtime: context.runtime,
+        checks: report.checks,
+        score: report.overallScore,
+        summary: report.summary,
+        dependencies: report.projectInfo.dependencies,
+        devDependencies: report.projectInfo.devDependencies
+      };
+      options.onPackageComplete?.(packageReport);
+      return packageReport;
+    })
+  );
+  const overallScore = packageReports.length > 0 ? Math.round(packageReports.reduce((sum, p) => sum + p.score, 0) / packageReports.length) : 0;
+  const summary = packageReports.reduce(
+    (acc, p) => ({
+      critical: acc.critical + p.summary.critical,
+      warnings: acc.warnings + p.summary.warnings,
+      info: acc.info + p.summary.info
+    }),
+    { critical: 0, warnings: 0, info: 0 }
+  );
+  return {
+    isMonorepo: true,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    rootPath,
+    monorepoType: monorepoInfo.type,
+    packageManager: monorepoInfo.packageManager,
+    packages: packageReports,
+    overallScore,
+    summary,
+    quote: options.quotes !== false ? getQuote(overallScore) : void 0
+  };
+}
+
+// src/utils/dep-tree.ts
+import { execa as execa14 } from "execa";
+function normalizeDeps(raw) {
+  if (!raw) return {};
+  const result = {};
+  for (const [name, info] of Object.entries(raw)) {
+    result[name] = {
+      name,
+      version: info.version ?? "unknown",
+      ...info.dependencies && Object.keys(info.dependencies).length > 0 ? { dependencies: normalizeDeps(info.dependencies) } : {}
+    };
+  }
+  return result;
+}
+async function getDependencyTree(projectPath, packageManager) {
+  const empty = {
+    name: "",
+    version: "",
+    packageManager,
+    dependencies: {}
+  };
+  if (packageManager === "bun") return empty;
+  try {
+    const args = packageManager === "yarn" ? ["list", "--json", "--depth", "1"] : ["ls", "--json", "--depth", "1"];
+    const { stdout } = await execa14(packageManager, args, {
+      cwd: projectPath,
+      reject: false,
+      timeout: 3e4
+    });
+    const parsed = JSON.parse(stdout);
+    const root = Array.isArray(parsed) ? parsed[0] : parsed;
+    return {
+      name: root.name ?? "",
+      version: root.version ?? "",
+      packageManager,
+      dependencies: normalizeDeps(root.dependencies)
+    };
+  } catch {
+    return empty;
+  }
+}
+export {
+  CRITICAL_LINES,
+  SCORE_EXCELLENT,
+  SCORE_FAIR,
+  SCORE_GOOD,
+  WARN_LINES,
+  buildSummary,
+  calculateOverallScore,
+  detectContext,
+  detectMonorepo,
+  detectPackageManager,
+  detectProject,
+  getDependencyTree,
+  getScoreColor,
+  getScoreEmoji,
+  runSickbay,
+  runSickbayMonorepo
+};