@nerviq/cli 1.2.6 → 1.3.0

package/src/techniques.js

@@ -117,6 +117,18 @@ function isGoProject(ctx) {
   return ctx.__nerviqIsGo;
 }
 
+function isRustProject(ctx) {
+  if (ctx.__nerviqIsRust !== undefined) return ctx.__nerviqIsRust;
+  ctx.__nerviqIsRust = hasProjectFile(ctx, /(^|\/)Cargo\.toml$/i);
+  return ctx.__nerviqIsRust;
+}
+
+function isJavaProject(ctx) {
+  if (ctx.__nerviqIsJava !== undefined) return ctx.__nerviqIsJava;
+  ctx.__nerviqIsJava = hasProjectFile(ctx, /(^|\/)(pom\.xml|build\.gradle|build\.gradle\.kts)$/i);
+  return ctx.__nerviqIsJava;
+}
+
 function getPythonFiles(ctx) {
   if (ctx.__nerviqPythonFiles) return ctx.__nerviqPythonFiles;
   ctx.__nerviqPythonFiles = findProjectFiles(ctx, /\.py$/i);
@@ -150,6 +162,34 @@ function getGoFiles(ctx) {
   return ctx.__nerviqGoFiles;
 }
 
+function getRustFiles(ctx) {
+  if (ctx.__nerviqRustFiles) return ctx.__nerviqRustFiles;
+  ctx.__nerviqRustFiles = findProjectFiles(ctx, /\.rs$/i);
+  return ctx.__nerviqRustFiles;
+}
+
+function getMainRustFiles(ctx) {
+  if (ctx.__nerviqMainRustFiles) return ctx.__nerviqMainRustFiles;
+  ctx.__nerviqMainRustFiles = getRustFiles(ctx)
+    .filter(file => !/(^|\/)(tests|target)\//i.test(file))
+    .slice(0, 60);
+  return ctx.__nerviqMainRustFiles;
+}
+
+function getJavaFiles(ctx) {
+  if (ctx.__nerviqJavaFiles) return ctx.__nerviqJavaFiles;
+  ctx.__nerviqJavaFiles = findProjectFiles(ctx, /\.java$/i);
+  return ctx.__nerviqJavaFiles;
+}
+
+function getMainJavaFiles(ctx) {
+  if (ctx.__nerviqMainJavaFiles) return ctx.__nerviqMainJavaFiles;
+  ctx.__nerviqMainJavaFiles = getJavaFiles(ctx)
+    .filter(file => !/(^|\/)(test|tests|src\/test)\//i.test(file))
+    .slice(0, 60);
+  return ctx.__nerviqMainJavaFiles;
+}
+
 function getMainGoFiles(ctx) {
   if (ctx.__nerviqMainGoFiles) return ctx.__nerviqMainGoFiles;
   ctx.__nerviqMainGoFiles = getGoFiles(ctx).filter(file => !/_test\.go$/i.test(file)).slice(0, 60);
@@ -180,6 +220,42 @@ function getGoProjectText(ctx) {
   return ctx.__nerviqGoProjectText;
 }
 
+function getRustProjectText(ctx) {
+  if (ctx.__nerviqRustProjectText) return ctx.__nerviqRustProjectText;
+  ctx.__nerviqRustProjectText = [
+    readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i),
+    readProjectFiles(ctx, /(^|\/)(clippy\.toml|\.clippy\.toml|rustfmt\.toml|\.rustfmt\.toml|build\.rs)$/i),
+    readProjectFiles(ctx, /(^|\/)\.cargo\/config\.toml$/i),
+    getWorkflowContent(ctx),
+    getMainRustFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').filter(Boolean).join('\n'),
+  ].filter(Boolean).join('\n');
+  return ctx.__nerviqRustProjectText;
+}
+
+function getJavaBuildText(ctx) {
+  if (ctx.__nerviqJavaBuildText) return ctx.__nerviqJavaBuildText;
+  ctx.__nerviqJavaBuildText = [
+    readProjectFiles(ctx, /(^|\/)pom\.xml$/i),
+    readProjectFiles(ctx, /(^|\/)build\.gradle$/i),
+    readProjectFiles(ctx, /(^|\/)build\.gradle\.kts$/i),
+    readProjectFiles(ctx, /(^|\/)settings\.gradle$/i),
+    readProjectFiles(ctx, /(^|\/)settings\.gradle\.kts$/i),
+  ].filter(Boolean).join('\n');
+  return ctx.__nerviqJavaBuildText;
+}
+
+function getJavaProjectText(ctx) {
+  if (ctx.__nerviqJavaProjectText) return ctx.__nerviqJavaProjectText;
+  ctx.__nerviqJavaProjectText = [
+    getJavaBuildText(ctx),
+    getWorkflowContent(ctx),
+    readProjectFiles(ctx, /(^|\/)\.editorconfig$/i),
+    readProjectFiles(ctx, /(^|\/)(application\.properties|application\.ya?ml|logback.*\.xml|log4j2?.*\.xml)$/i),
+    getMainJavaFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').filter(Boolean).join('\n'),
+  ].filter(Boolean).join('\n');
+  return ctx.__nerviqJavaProjectText;
+}
+
 function getGoInterfaceBlocks(ctx) {
   if (ctx.__nerviqGoInterfaces) return ctx.__nerviqGoInterfaces;
   const blocks = [];
@@ -1618,277 +1694,386 @@ const TECHNIQUES = {
   // === PYTHON STACK CHECKS (category: 'python') ===============
   // ============================================================
 
-  pythonProjectExists: {
-    id: 'CL-PY01',
-    name: 'Python project detected (pyproject.toml / setup.py / requirements.txt)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return true; },
+  pyprojectTomlExists: {
+    id: 120001,
+    name: 'pyproject.toml exists for Python packaging',
+    check: (ctx) => { if (!isPythonProject(ctx)) return null; return hasProjectFile(ctx, /(^|\/)pyproject\.toml$/i); },
     impact: 'high',
     category: 'python',
-    fix: 'Ensure pyproject.toml, setup.py, or requirements.txt exists for Python projects.',
+    fix: 'Add pyproject.toml to declare modern Python packaging, tooling, and metadata.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonVersionSpecified: {
-    id: 'CL-PY02',
-    name: 'Python version specified (.python-version or requires-python)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /\.python-version$/.test(f)) || /requires-python/i.test(ctx.fileContent('pyproject.toml') || ''); },
+  pythonTypeHints: {
+    id: 120002,
+    name: 'Type hints used in Python code',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      if (hasProjectFile(ctx, /(^|\/)(mypy\.ini|py\.typed|pyrightconfig\.json)$/i)) return true;
+      const pyproject = readProjectFiles(ctx, /(^|\/)pyproject\.toml$/i);
+      if (/\[tool\.(mypy|pyright)\]/i.test(pyproject)) return true;
+      const files = getMainPythonFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /from typing import|import typing|from __future__ import annotations|->\s*[\w\[\]., ]+|:\s*[\w\[\]., ]+\s*=/.test(ctx.fileContent(file) || ''));
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Create .python-version or add requires-python to pyproject.toml.',
+    fix: 'Add type hints in main Python modules or configure mypy/pyright with py.typed support.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonVenvMentioned: {
-    id: 'CL-PY03',
-    name: 'Virtual environment mentioned in instructions',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /venv|virtualenv|conda|poetry shell|uv venv/i.test(docs); },
+  pythonLinter: {
+    id: 120003,
+    name: 'Python linter configured',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const config = `${getPythonProjectText(ctx)}\n${readProjectFiles(ctx, /(^|\/)(\.flake8|\.pylintrc|pylintrc|ruff\.toml|\.ruff\.toml)$/i)}`;
+      return /\[tool\.ruff\]|\[flake8\]|\[tool\.flake8\]|\[tool\.pylint\]|ruff|flake8|pylint/i.test(config);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Document virtual environment setup in project instructions.',
+    fix: 'Configure a Python linter such as ruff, flake8, or pylint in pyproject.toml or a dedicated config file.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonLockfileExists: {
-    id: 'CL-PY04',
-    name: 'Python lockfile exists (poetry.lock / uv.lock / Pipfile.lock / pinned requirements)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /poetry\.lock$|uv\.lock$|Pipfile\.lock$/.test(f)) || /==/m.test(ctx.fileContent('requirements.txt') || ''); },
-    impact: 'high',
+  pythonFormatter: {
+    id: 120004,
+    name: 'Python formatter configured',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const pyproject = getPythonProjectText(ctx);
+      const prettier = readProjectFiles(ctx, /(^|\/)\.prettierrc(\.(json|ya?ml|toml))?$/i);
+      return /\[tool\.black\]|\[tool\.ruff\.format\]|\[tool\.isort\]/i.test(pyproject) ||
+        /python|\.py\b/i.test(prettier);
+    },
+    impact: 'medium',
     category: 'python',
-    fix: 'Add a lockfile (poetry.lock, uv.lock, Pipfile.lock) or pin versions with == in requirements.txt.',
+    fix: 'Configure formatting with black, ruff format, isort, or a Prettier override that explicitly covers Python files.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonPytestConfigured: {
-    id: 'CL-PY05',
-    name: 'pytest configured (pyproject.toml [tool.pytest] / pytest.ini / conftest.py)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return /\[tool\.pytest/i.test(ctx.fileContent('pyproject.toml') || '') || ctx.files.some(f => /pytest\.ini$|conftest\.py$/.test(f)); },
+  pythonTestFramework: {
+    id: 120005,
+    name: 'Python test framework present',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      return /\[tool\.pytest/i.test(getPythonProjectText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)(pytest\.ini|tox\.ini|conftest\.py)$/i);
+    },
     impact: 'high',
     category: 'python',
-    fix: 'Configure pytest in pyproject.toml [tool.pytest.ini_options] or create pytest.ini.',
+    fix: 'Add pytest.ini, conftest.py, tox.ini, or pyproject.toml pytest configuration so the test framework is explicit.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonLinterConfigured: {
-    id: 'CL-PY06',
-    name: 'Python linter configured (ruff / flake8 / pylint)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const pp = ctx.fileContent('pyproject.toml') || ''; return /\[tool\.ruff|\[tool\.flake8|\[tool\.pylint/i.test(pp) || ctx.files.some(f => /\.flake8$|pylintrc$|\.pylintrc$|ruff\.toml$/.test(f)); },
+  pythonVenvIgnored: {
+    id: 120006,
+    name: 'Virtual environment directories ignored in git',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const gitignore = ctx.fileContent('.gitignore') || '';
+      return /(^|\n)\s*\.venv\/?\s*($|\n)|(^|\n)\s*venv\/?\s*($|\n)|(^|\n)\s*env\/?\s*($|\n)/i.test(gitignore);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Configure ruff, flake8, or pylint in pyproject.toml or dedicated config file.',
+    fix: 'Ignore `.venv/`, `venv/`, or `env/` in .gitignore so local environments do not get committed.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonTypeCheckerConfigured: {
-    id: 'CL-PY07',
-    name: 'Type checker configured (mypy / pyright)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const pp = ctx.fileContent('pyproject.toml') || ''; return /\[tool\.mypy|\[tool\.pyright/i.test(pp) || ctx.files.some(f => /mypy\.ini$|pyrightconfig\.json$/.test(f)); },
-    impact: 'medium',
+  pythonRequirementsPinned: {
+    id: 120007,
+    name: 'Requirements files use pinned versions',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const files = findProjectFiles(ctx, /(^|\/)requirements[^/]*\.txt$/i);
+      if (files.length === 0) return null;
+      const lines = files
+        .flatMap(file => (ctx.fileContent(file) || '').split(/\r?\n/))
+        .map(line => line.trim())
+        .filter(line => line && !line.startsWith('#'));
+      if (lines.length === 0) return null;
+      return lines.every(line => /^(-r|-c|--)/.test(line) || /==| @ /.test(line));
+    },
+    impact: 'high',
     category: 'python',
-    fix: 'Configure mypy or pyright in pyproject.toml or dedicated config file.',
+    fix: 'Pin Python requirements with `==` or direct references so installs stay reproducible.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonFormatterConfigured: {
-    id: 'CL-PY08',
-    name: 'Formatter configured (black / isort / ruff format)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const pp = ctx.fileContent('pyproject.toml') || ''; return /\[tool\.black|\[tool\.isort|\[tool\.ruff\.format/i.test(pp); },
+  pythonSecurityScanner: {
+    id: 120008,
+    name: 'Python security scanner configured',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getWorkflowContent(ctx)}\n${getPreCommitContent(ctx)}`;
+      return /bandit|pip-audit|safety/i.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Configure black, isort, or ruff format in pyproject.toml.',
+    fix: 'Configure bandit, safety, or pip-audit in dependencies, pre-commit, or CI.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonDjangoSettingsDocumented: {
-    id: 'CL-PY09',
-    name: 'Django settings documented if Django project',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; if (!ctx.files.some(f => /manage\.py$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /django|settings\.py|DJANGO_SETTINGS_MODULE/i.test(docs); },
-    impact: 'high',
+  pythonPreCommitHooks: {
+    id: 120009,
+    name: 'pre-commit configured with Python hooks',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const preCommit = getPreCommitContent(ctx);
+      if (!preCommit) return false;
+      return /ruff|black|mypy|pyupgrade|pytest|bandit|isort|flake8|pylint/i.test(preCommit);
+    },
+    impact: 'medium',
     category: 'python',
-    fix: 'Document Django settings module and configuration in project instructions.',
+    fix: 'Add `.pre-commit-config.yaml` with Python-focused hooks such as ruff, black, mypy, or bandit.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonFastapiEntryDocumented: {
-    id: 'CL-PY10',
-    name: 'FastAPI entry point documented if FastAPI project',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); if (!/fastapi/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /fastapi|uvicorn|app\.py|main\.py/i.test(docs); },
-    impact: 'high',
+  pythonDocstrings: {
+    id: 120010,
+    name: 'Docstrings present in main Python files',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const files = getMainPythonFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /(^|\n)\s*(def|class)\s+\w+.*:\s*\n\s*("""|''')|^\s*("""|''')/m.test(ctx.fileContent(file) || ''));
+    },
+    impact: 'low',
     category: 'python',
-    fix: 'Document FastAPI entry point and how to run the development server.',
+    fix: 'Add module, class, or function docstrings in the main Python source files.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonMigrationsDocumented: {
-    id: 'CL-PY11',
-    name: 'Database migrations mentioned (alembic / Django migrations)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /alembic|migrate|makemigrations|django.{0,10}migration/i.test(docs) || ctx.files.some(f => /alembic[.]ini$|alembic[/]/.test(f)); },
-    impact: 'medium',
+  pythonCIConfigured: {
+    id: 120011,
+    name: 'CI runs Python tests',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      return /pytest|python -m pytest|python -m unittest|tox\b|nox\b/i.test(getWorkflowContent(ctx));
+    },
+    impact: 'high',
     category: 'python',
-    fix: 'Document database migration workflow (alembic or Django migrations).',
+    fix: 'Run Python tests in CI with pytest, unittest, tox, or nox.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonEnvHandlingDocumented: {
-    id: 'CL-PY12',
-    name: '.env handling documented (python-dotenv)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); if (!/dotenv|python-dotenv|environs/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /\.env|dotenv|environment.{0,10}variable/i.test(docs); },
+  pythonCoverage: {
+    id: 120012,
+    name: 'Python coverage configured',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getWorkflowContent(ctx)}\n${readProjectFiles(ctx, /(^|\/)\.coveragerc$/i)}`;
+      return /\[tool\.coverage|pytest-cov|coverage\b|--cov\b/i.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Document .env file usage and python-dotenv configuration.',
+    fix: 'Configure coverage.py or pytest-cov in project config or CI.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonPreCommitConfigured: {
-    id: 'CL-PY13',
-    name: 'pre-commit hooks configured (.pre-commit-config.yaml)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /\.pre-commit-config\.yaml$/.test(f)); },
+  pythonPackageManager: {
+    id: 120013,
+    name: 'Modern Python package manager lockfile present',
+    check: (ctx) => { if (!isPythonProject(ctx)) return null; return hasProjectFile(ctx, /(^|\/)(poetry\.lock|pdm\.lock|uv\.lock|Pipfile\.lock)$/); },
     impact: 'medium',
     category: 'python',
-    fix: 'Add .pre-commit-config.yaml with Python-specific hooks (ruff, mypy, etc.).',
+    fix: 'Commit a Poetry, PDM, uv, or Pipenv lockfile for reproducible dependency resolution.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonDockerBaseImage: {
-    id: 'CL-PY14',
-    name: 'Docker uses Python base image correctly',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const df = ctx.fileContent('Dockerfile') || ''; if (!df) return null; return /FROM.*python:/i.test(df); },
+  pythonMinVersionSpecified: {
+    id: 120014,
+    name: 'Minimum Python version specified',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${readProjectFiles(ctx, /(^|\/)\.python-version$/i)}`;
+      return /requires-python|python_requires|(^|\n)\s*python\s*=|^\s*\d+\.\d+(\.\d+)?\s*$/im.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Use official Python base image in Dockerfile (e.g., FROM python:3.12-slim).',
+    fix: 'Specify the supported Python version with `.python-version`, `requires-python`, or `python_requires`.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonTestMatrixConfigured: {
-    id: 'CL-PY15',
-    name: 'Test matrix configured (tox.ini / noxfile.py)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /tox\.ini$|noxfile\.py$/.test(f)); },
+  pythonAsyncPatterns: {
+    id: 120015,
+    name: 'Async Python patterns used',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getMainPythonFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').join('\n')}`;
+      return /asyncio|aiohttp|fastapi|starlette|trio|anyio|async def|await /i.test(content);
+    },
     impact: 'low',
     category: 'python',
-    fix: 'Configure tox or nox for multi-environment testing.',
+    fix: 'Adopt explicit async patterns such as asyncio, aiohttp, FastAPI, or `async def` where concurrent workflows matter.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonValidationUsed: {
-    id: 'CL-PY16',
-    name: 'Pydantic or dataclass validation used',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); return /pydantic|dataclass/i.test(deps); },
+  pythonEnvExample: {
+    id: 120016,
+    name: 'Python project includes an environment example file',
+    check: (ctx) => { if (!isPythonProject(ctx)) return null; return hasProjectFile(ctx, /(^|\/)\.env(\.example|\.sample)$/i); },
     impact: 'medium',
     category: 'python',
-    fix: 'Use pydantic or dataclasses for data validation and type safety.',
+    fix: 'Add `.env.example` or `.env.sample` so required Python environment variables are documented.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonAsyncDocumented: {
-    id: 'CL-PY17',
-    name: 'Async patterns documented if async project',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); if (!/asyncio|aiohttp|fastapi|starlette|httpx/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /async|await|asyncio|event.{0,5}loop/i.test(docs); },
+  pythonMigrations: {
+    id: 120017,
+    name: 'Python database migration tooling present',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getMainPythonFiles(ctx).slice(0, 20).map(file => ctx.fileContent(file) || '').join('\n')}`;
+      return /alembic|django\.db\.migrations|makemigrations|migrate/i.test(content) ||
+        hasProjectFile(ctx, /(^|\/)alembic\.ini$/i) ||
+        hasProjectFile(ctx, /(^|\/)(alembic|migrations)\//i);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Document async patterns and conventions used in the project.',
+    fix: 'Use Alembic or Django migrations and keep the migration surface committed in the repo.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonPinnedVersions: {
-    id: 'CL-PY18',
-    name: 'Requirements have pinned versions (== in requirements.txt)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const req = ctx.fileContent('requirements.txt') || ''; if (!req.trim()) return null; const lines = req.split('\n').filter(l => l.trim() && !l.startsWith('#')); return lines.length > 0 && lines.every(l => /==/.test(l) || /^-/.test(l.trim())); },
-    impact: 'high',
+  pythonLogging: {
+    id: 120018,
+    name: 'Python structured logging configured',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getMainPythonFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').join('\n')}`;
+      return /structlog|loguru|logging\.config|dictConfig|getLogger|basicConfig/i.test(content);
+    },
+    impact: 'medium',
     category: 'python',
-    fix: 'Pin all dependency versions with == in requirements.txt for reproducible builds.',
+    fix: 'Configure logging with Python logging config, structlog, or loguru for consistent operational signals.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonPackageStructure: {
-    id: 'CL-PY19',
-    name: 'Python package has proper structure (src/ layout or __init__.py)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /src[/].*[/]__init__\.py$|^[^/]+[/]__init__\.py$/.test(f)); },
+  pythonAPISchema: {
+    id: 120019,
+    name: 'Python API schema or model definitions present',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getMainPythonFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').join('\n')}`;
+      return /openapi|swagger|BaseModel|pydantic|Schema\)|marshmallow|TypedDict/i.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Use src/ layout or ensure packages have __init__.py files.',
+    fix: 'Define API schemas with OpenAPI, Pydantic, Marshmallow, or typed request/response models.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonDocsToolConfigured: {
-    id: 'CL-PY20',
-    name: 'Documentation tool configured (sphinx / mkdocs)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; return ctx.files.some(f => /mkdocs\.yml$|conf\.py$|docs[/]/.test(f)) || /sphinx|mkdocs/i.test(ctx.fileContent('pyproject.toml') || ''); },
-    impact: 'low',
+  pythonContainerized: {
+    id: 120020,
+    name: 'Python container image uses a Python base',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const dockerfile = ctx.fileContent('Dockerfile') || '';
+      if (!dockerfile) return null;
+      return /FROM\s+python[:\d.-]/i.test(dockerfile);
+    },
+    impact: 'medium',
     category: 'python',
-    fix: 'Configure sphinx or mkdocs for project documentation.',
+    fix: 'Use an official Python image such as `python:3.12-slim` when containerizing Python services.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonCoverageConfigured: {
-    id: 'CL-PY21',
-    name: 'Coverage configured (coverage / pytest-cov)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const pp = ctx.fileContent('pyproject.toml') || ''; return /\[tool\.coverage|pytest-cov|coverage/i.test(pp) || ctx.files.some(f => /\.coveragerc$/.test(f)); },
+  pythonDependencyGroups: {
+    id: 120021,
+    name: 'Python dev and test dependency groups separated',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = getPythonProjectText(ctx);
+      return /\[tool\.poetry\.group\.[^\]]+\]|\[project\.optional-dependencies\]|extras_require|dependency-groups/i.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Configure coverage reporting with pytest-cov or coverage.py.',
+    fix: 'Separate Python dev and test dependencies with Poetry groups, optional-dependencies, or extras_require.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonNoSecretsInSettings: {
-    id: 'CL-PY22',
-    name: 'No secrets in Django settings.py',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const settings = ctx.fileContent('settings.py') || ctx.files.filter(f => /settings\.py$/.test(f)).map(f => ctx.fileContent(f) || '').join(''); if (!settings) return null; return !/SECRET_KEY\s*=\s*['"][^'"]{10,}/i.test(settings); },
-    impact: 'critical',
+  pythonPathConfig: {
+    id: 120022,
+    name: 'Python tool path configuration present',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      if (hasProjectFile(ctx, /(^|\/)pyrightconfig\.json$/i)) return true;
+      const vscodeSettings = findProjectFiles(ctx, /(^|\/)\.vscode\/settings\.json$/i)
+        .map(file => ctx.jsonFile(file) || {})
+        .find(settings => Object.keys(settings).some(key => key.toLowerCase().includes('python')));
+      return !!vscodeSettings;
+    },
+    impact: 'low',
     category: 'python',
-    fix: 'Move SECRET_KEY and other secrets to environment variables, not hardcoded in settings.py.',
+    fix: 'Add `pyrightconfig.json` or VS Code Python settings so tooling resolves imports and environments consistently.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonWsgiAsgiDocumented: {
-    id: 'CL-PY23',
-    name: 'WSGI/ASGI server documented (gunicorn / uvicorn)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); if (!/gunicorn|uvicorn|daphne|hypercorn/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /gunicorn|uvicorn|daphne|hypercorn|wsgi|asgi/i.test(docs); },
-    impact: 'medium',
+  pythonMonorepo: {
+    id: 120023,
+    name: 'Python monorepo-friendly package layout present',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = getPythonProjectText(ctx);
+      return ctx.hasDir('src') ||
+        /namespace_packages|find_namespace:|from\s*=\s*["']src["']|package-dir/i.test(content);
+    },
+    impact: 'low',
     category: 'python',
-    fix: 'Document WSGI/ASGI server configuration (gunicorn, uvicorn).',
+    fix: 'Use a `src/` layout or namespace package configuration for larger multi-package Python repos.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonTaskQueueDocumented: {
-    id: 'CL-PY24',
-    name: 'Task queue documented if used (celery / rq)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const deps = (ctx.fileContent('pyproject.toml') || '') + (ctx.fileContent('requirements.txt') || ''); if (!/celery|rq|dramatiq|huey/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /celery|rq|dramatiq|huey|task.{0,10}queue|worker/i.test(docs); },
-    impact: 'medium',
+  pythonErrorHandling: {
+    id: 120024,
+    name: 'Custom Python exception classes defined',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const files = getMainPythonFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /class\s+\w+(Error|Exception)\s*\((?:[\w.]*Exception|[\w.]*Error)\)\s*:/i.test(ctx.fileContent(file) || ''));
+    },
+    impact: 'low',
     category: 'python',
-    fix: 'Document task queue configuration and worker setup.',
+    fix: 'Define custom exception classes for domain-specific Python error handling instead of only raising generic exceptions.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  pythonGitignore: {
-    id: 'CL-PY25',
-    name: 'Python-specific .gitignore (__pycache__, *.pyc, .venv)',
-    check: (ctx) => { const hasPy = ctx.files.some(f => /pyproject\.toml$|requirements\.txt$|setup\.py$|manage\.py$/.test(f)); if (!hasPy) return null; const gi = ctx.fileContent('.gitignore') || ''; return /__pycache__|\*\.pyc|\.venv/i.test(gi); },
+  pythonDataValidation: {
+    id: 120025,
+    name: 'Python data validation library used',
+    check: (ctx) => {
+      if (!isPythonProject(ctx)) return null;
+      const content = `${getPythonProjectText(ctx)}\n${getMainPythonFiles(ctx).slice(0, 30).map(file => ctx.fileContent(file) || '').join('\n')}`;
+      return /pydantic|marshmallow|attrs|attr\.s|BaseModel|Schema\)/i.test(content);
+    },
     impact: 'medium',
     category: 'python',
-    fix: 'Add Python-specific entries to .gitignore (__pycache__, *.pyc, .venv, *.egg-info).',
+    fix: 'Use Pydantic, Marshmallow, attrs, or similar validation libraries for structured Python inputs and models.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
@@ -1898,221 +2083,307 @@ const TECHNIQUES = {
   // ============================================================
 
   goModExists: {
-    id: 'CL-GO01',
-    name: 'go.mod exists',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; return true; },
+    id: 120101,
+    name: 'go.mod exists for Go module management',
+    check: (ctx) => { if (!isGoProject(ctx)) return null; return true; },
     impact: 'high',
     category: 'go',
-    fix: 'Initialize Go module with go mod init.',
+    fix: 'Initialize the repository as a Go module with `go mod init` and commit `go.mod`.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goSumCommitted: {
-    id: 'CL-GO02',
-    name: 'go.sum committed',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; return ctx.files.some(f => /go\.sum$/.test(f)); },
-    impact: 'high',
-    category: 'go',
-    fix: 'Commit go.sum to version control for reproducible builds.',
-    // sourceUrl assigned by attachSourceUrls via category mapping
-    confidence: 0.7,
-  },
-
-  golangciLintConfigured: {
-    id: 'CL-GO03',
-    name: 'golangci-lint configured (.golangci.yml)',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; return ctx.files.some(f => /\.golangci\.ya?ml$|\.golangci\.toml$/.test(f)); },
+  goLinter: {
+    id: 120102,
+    name: 'Go linter configured',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const content = `${getGoProjectText(ctx)}\n${readProjectFiles(ctx, /(^|\/)\.golangci\.(ya?ml|toml)$/i)}`;
+      return /\.golangci\.|golangci-lint/i.test(content);
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Add .golangci.yml to configure linting rules.',
+    fix: 'Configure golangci-lint in the repo or CI for consistent Go lint enforcement.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goTestDocumented: {
-    id: 'CL-GO04',
-    name: 'go test documented in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /go test/i.test(docs); },
+  goTestFiles: {
+    id: 120103,
+    name: 'Go test files present',
+    check: (ctx) => { if (!isGoProject(ctx)) return null; return hasProjectFile(ctx, /_test\.go$/i); },
     impact: 'high',
     category: 'go',
-    fix: 'Document go test command in project instructions.',
+    fix: 'Add `_test.go` files so Go packages have executable unit or integration tests.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goBuildDocumented: {
-    id: 'CL-GO05',
-    name: 'go build documented in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /go build|go install/i.test(docs); },
-    impact: 'high',
+  goVet: {
+    id: 120104,
+    name: 'go vet runs in automation',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const content = `${getWorkflowContent(ctx)}\n${ctx.fileContent('Makefile') || ''}`;
+      return /go vet/i.test(content);
+    },
+    impact: 'medium',
     category: 'go',
-    fix: 'Document go build command in project instructions.',
+    fix: 'Run `go vet` in CI or the project Makefile to catch common Go mistakes.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goStandardLayout: {
-    id: 'CL-GO06',
-    name: 'Standard Go layout (cmd/ / internal/ / pkg/)',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; return ctx.files.some(f => /^cmd[/]|^internal[/]|^pkg[/]/.test(f)); },
+  goFmt: {
+    id: 120105,
+    name: 'gofmt or goimports enforced',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const content = `${getWorkflowContent(ctx)}\n${ctx.fileContent('Makefile') || ''}\n${getPreCommitContent(ctx)}`;
+      return /gofmt|goimports/i.test(content);
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Use standard Go project layout with cmd/, internal/, and/or pkg/ directories.',
+    fix: 'Run `gofmt` or `goimports` in CI, pre-commit, or developer tooling.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goErrorHandlingDocumented: {
-    id: 'CL-GO07',
-    name: 'Error handling patterns documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /error handling|errors?\.(?:New|Wrap|Is|As)|fmt\.Errorf/i.test(docs); },
+  goModTidy: {
+    id: 120106,
+    name: 'go mod tidy runs in automation',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const content = `${getWorkflowContent(ctx)}\n${ctx.fileContent('Makefile') || ''}`;
+      return /go mod tidy/i.test(content);
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Document error handling conventions (error wrapping, sentinel errors, etc.).',
+    fix: 'Run `go mod tidy` in CI or the Makefile so module metadata stays clean.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goContextUsageDocumented: {
-    id: 'CL-GO08',
-    name: 'Context usage documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /context\.Context|ctx\.Done|context\.WithCancel|context\.WithTimeout/i.test(docs); },
-    impact: 'medium',
+  goBuildTags: {
+    id: 120107,
+    name: 'Go build tags or constraints used',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const files = getGoFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /\/\/go:build|\/\/ \+build/.test(ctx.fileContent(file) || ''));
+    },
+    impact: 'low',
     category: 'go',
-    fix: 'Document context.Context usage patterns for cancellation and timeouts.',
+    fix: 'Use `//go:build` constraints when a Go package depends on build tags or platform-specific variants.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goroutineSafetyDocumented: {
-    id: 'CL-GO09',
-    name: 'Goroutine safety documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /goroutine|sync\.Mutex|sync\.WaitGroup|channel|concurren/i.test(docs); },
+  goErrorWrapping: {
+    id: 120108,
+    name: 'Go errors use wrapping patterns',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const files = getMainGoFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /fmt\.Errorf\([^)]*%w|errors\.Join\(/.test(ctx.fileContent(file) || ''));
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Document goroutine safety patterns, mutex usage, and channel conventions.',
+    fix: 'Wrap Go errors with `fmt.Errorf(... %w ...)` or similar patterns to preserve context.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goModTidyMentioned: {
-    id: 'CL-GO10',
-    name: 'go mod tidy mentioned in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /go mod tidy/i.test(docs); },
+  goInterfaceSegregation: {
+    id: 120109,
+    name: 'Go interfaces stay small',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const interfaces = getGoInterfaceBlocks(ctx);
+      if (interfaces.length === 0) return null;
+      return interfaces.every(block => countGoInterfaceMethods(block) <= 5);
+    },
     impact: 'low',
     category: 'go',
-    fix: 'Document go mod tidy in project workflow instructions.',
+    fix: 'Keep Go interfaces small and focused; split interfaces that define more than five methods.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goVetConfigured: {
-    id: 'CL-GO11',
-    name: 'go vet or staticcheck configured',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; const ci = ctx.fileContent('.github/workflows/ci.yml') || ctx.fileContent('.github/workflows/go.yml') || ''; return /go vet|staticcheck/i.test(docs + ci); },
+  goContextUsage: {
+    id: 120110,
+    name: 'Go services use context.Context',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const files = getMainGoFiles(ctx);
+      if (files.length === 0) return null;
+      return files.some(file => /context\.Context|context\.With(Cancel|Timeout|Deadline)|ctx\s+context\.Context/.test(ctx.fileContent(file) || ''));
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Configure go vet and/or staticcheck in CI or project instructions.',
+    fix: 'Pass `context.Context` through handlers and services so cancellation and deadlines are propagated correctly.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goMakefileExists: {
-    id: 'CL-GO12',
-    name: 'Makefile or Taskfile exists for Go project',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; return ctx.files.some(f => /^Makefile$|^Taskfile\.ya?ml$/.test(f)); },
-    impact: 'medium',
+  goStructTags: {
+    id: 120111,
+    name: 'Exported Go structs include tags',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const structBlocks = [];
+      for (const file of getMainGoFiles(ctx)) {
+        const content = ctx.fileContent(file) || '';
+        for (const match of content.matchAll(/type\s+([A-Z]\w*)\s+struct\s*\{([\s\S]*?)\}/g)) {
+          structBlocks.push(match[2]);
+        }
+      }
+      if (structBlocks.length === 0) return null;
+      return structBlocks.some(block => /`[^`]*(json|yaml|db):"/.test(block));
+    },
+    impact: 'low',
     category: 'go',
-    fix: 'Add Makefile or Taskfile.yml with common Go targets (build, test, lint).',
+    fix: 'Add struct tags such as `json`, `yaml`, or `db` on exported Go types that cross boundaries.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goDockerMultiStage: {
-    id: 'CL-GO13',
-    name: 'Docker multi-stage build for Go',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const df = ctx.fileContent('Dockerfile') || ''; if (!df) return null; return /FROM.*golang.*AS/i.test(df) && /FROM.*(?:alpine|scratch|distroless|gcr\.io)/i.test(df); },
+  goMakefile: {
+    id: 120112,
+    name: 'Go Makefile includes build, test, and lint targets',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const makefile = ctx.fileContent('Makefile') || '';
+      if (!makefile) return false;
+      return /^\s*build:/m.test(makefile) && /^\s*test:/m.test(makefile) && /^\s*lint:/m.test(makefile);
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Use multi-stage Docker build: build in golang image, run in minimal image (alpine/scratch/distroless).',
+    fix: 'Add a Makefile with `build`, `test`, and `lint` targets for common Go workflows.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goCgoDocumented: {
-    id: 'CL-GO14',
-    name: 'CGO documented if used',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const goMod = ctx.fileContent('go.mod') || ''; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; if (!/CGO_ENABLED|import "C"/i.test(goMod + docs)) return null; return /CGO|cgo/i.test(docs); },
+  goDocComments: {
+    id: 120113,
+    name: 'Exported Go functions have doc comments',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const files = getMainGoFiles(ctx);
+      if (files.length === 0) return null;
+      const documented = files.some(file => /\/\/\s*[A-Z]\w+.*\nfunc\s+(?:\([^)]+\)\s*)?[A-Z]\w+\s*\(/.test(ctx.fileContent(file) || ''));
+      const exported = files.some(file => /func\s+(?:\([^)]+\)\s*)?[A-Z]\w+\s*\(/.test(ctx.fileContent(file) || ''));
+      if (!exported) return null;
+      return documented;
+    },
     impact: 'low',
     category: 'go',
-    fix: 'Document CGO usage, dependencies, and build requirements.',
+    fix: 'Add Go doc comments above exported functions so package APIs remain self-describing.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goWorkForMonorepo: {
-    id: 'CL-GO15',
-    name: 'go.work for monorepo',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const multiMod = ctx.files.filter(f => /go\.mod$/.test(f)).length > 1; if (!multiMod) return null; return ctx.files.some(f => /go\.work$/.test(f)); },
+  goSecurityScanner: {
+    id: 120114,
+    name: 'Go security scanner configured',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      return /gosec|staticcheck/i.test(getGoProjectText(ctx));
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Use go.work for Go workspace in monorepo with multiple modules.',
+    fix: 'Configure `gosec` or `staticcheck` in CI or the Makefile for Go security and static analysis checks.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goBenchmarkTests: {
-    id: 'CL-GO16',
-    name: 'Benchmark tests mentioned',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /go test.*-bench|Benchmark/i.test(docs); },
-    impact: 'low',
+  goCIConfigured: {
+    id: 120115,
+    name: 'CI runs Go tests',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      return /go test(\s|$)|go test \.\/\.\.\./i.test(getWorkflowContent(ctx));
+    },
+    impact: 'high',
     category: 'go',
-    fix: 'Document benchmark testing with go test -bench.',
+    fix: 'Run `go test ./...` in CI so Go packages are verified on every change.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goRaceDetector: {
-    id: 'CL-GO17',
-    name: 'Race detector (-race) documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; const ci = ctx.fileContent('.github/workflows/ci.yml') || ctx.fileContent('.github/workflows/go.yml') || ''; return /-race/i.test(docs + ci); },
+  goContainerized: {
+    id: 120116,
+    name: 'Go Dockerfile uses multi-stage build',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const dockerfile = ctx.fileContent('Dockerfile') || '';
+      if (!dockerfile) return null;
+      return /FROM\s+golang[:\d.-].*\bAS\b/i.test(dockerfile) &&
+        /FROM\s+(alpine|scratch|distroless|gcr\.io|cgr\.dev)/i.test(dockerfile);
+    },
     impact: 'medium',
     category: 'go',
-    fix: 'Document and enable race detector with go test -race.',
+    fix: 'Use a multi-stage Go Dockerfile: compile in a `golang` image and run from a minimal final image.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goGenerateDocumented: {
-    id: 'CL-GO18',
-    name: 'go generate documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /go generate/i.test(docs) || ctx.files.some(f => /generate\.go$/.test(f)); },
-    impact: 'low',
+  goCoverageConfigured: {
+    id: 120117,
+    name: 'Go coverage reporting configured',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      const content = `${getWorkflowContent(ctx)}\n${ctx.fileContent('Makefile') || ''}`;
+      return /go test[^\n]*-cover/i.test(content);
+    },
+    impact: 'medium',
     category: 'go',
-    fix: 'Document go generate usage and generated files.',
+    fix: 'Add `go test -cover` to CI or developer commands so Go coverage is tracked explicitly.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goInterfaceDesignDocumented: {
-    id: 'CL-GO19',
-    name: 'Interface-based design documented',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /interface|mock|stub|dependency injection/i.test(docs); },
+  goAPIFramework: {
+    id: 120118,
+    name: 'Go HTTP framework detected',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      return /gin-gonic\/gin|labstack\/echo|gofiber\/fiber|go-chi\/chi|gin\.Default\(|echo\.New\(|fiber\.New\(|chi\.NewRouter\(/i.test(getGoProjectText(ctx));
+    },
     impact: 'low',
     category: 'go',
-    fix: 'Document interface-based design patterns for testability and dependency injection.',
+    fix: 'Use a well-supported Go HTTP framework such as Gin, Echo, Fiber, or Chi when building API services.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  goGitignore: {
-    id: 'CL-GO20',
-    name: 'Go-specific .gitignore entries',
-    check: (ctx) => { if (!ctx.files.some(f => /go\.mod$/.test(f))) return null; const gi = ctx.fileContent('.gitignore') || ''; return /vendor[/]|\*\.exe|\*\.test|\*\.out|[/]bin[/]/i.test(gi); },
+  goMigrationTool: {
+    id: 120119,
+    name: 'Go database migration tooling present',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      return /golang-migrate|pressly\/goose|atlasgo|atlas\s/i.test(getGoProjectText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)(migrations|db\/migrations)\//i);
+    },
+    impact: 'medium',
+    category: 'go',
+    fix: 'Add a Go migration tool such as golang-migrate, goose, or Atlas and keep migration files in the repo.',
+    // sourceUrl assigned by attachSourceUrls via category mapping
+    confidence: 0.7,
+  },
+
+  goDependencyInjection: {
+    id: 120120,
+    name: 'Go dependency injection pattern present',
+    check: (ctx) => {
+      if (!isGoProject(ctx)) return null;
+      return /google\/wire|uber-go\/fx|uber-go\/dig|wire\.Build\(|fx\.New\(|dig\.New\(/i.test(getGoProjectText(ctx));
+    },
     impact: 'low',
     category: 'go',
-    fix: 'Add Go-specific entries to .gitignore (vendor/, *.exe, *.test, /bin/).',
+    fix: 'Use Wire, Fx, Dig, or an equivalent composition pattern when Go dependency graphs become complex.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
@@ -2120,222 +2391,300 @@ const TECHNIQUES = {
   // === RUST STACK CHECKS (category: 'rust') ===================
   // ============================================================
 
-  rustCargoTomlExists: {
-    id: 'CL-RS01',
-    name: 'Cargo.toml exists with edition field',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; return /edition\s*=/.test(cargo); },
+  cargoTomlExists: {
+    id: 120201,
+    name: 'Cargo.toml exists',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return true;
+    },
     impact: 'high',
     category: 'rust',
-    fix: 'Ensure Cargo.toml exists and specifies the edition field (e.g., edition = "2021").',
+    fix: 'Add a `Cargo.toml` manifest so Rust dependencies, metadata, and build settings are tracked explicitly.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustCargoLockCommitted: {
-    id: 'CL-RS02',
-    name: 'Cargo.lock committed (for binary crates)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; return ctx.files.some(f => /Cargo\.lock$/.test(f)); },
+  rustEdition: {
+    id: 120202,
+    name: 'Rust edition specified in Cargo.toml',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /edition\s*=\s*"20(18|21|24)"/i.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
     impact: 'high',
     category: 'rust',
-    fix: 'Commit Cargo.lock for binary crates to ensure reproducible builds.',
+    fix: 'Specify a Rust edition such as `edition = "2021"` in `Cargo.toml` so tooling and language semantics are pinned.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustClippyConfigured: {
-    id: 'CL-RS03',
-    name: 'Clippy configured (CI or .cargo/config.toml)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const ci = ctx.fileContent('.github/workflows/ci.yml') || ctx.fileContent('.github/workflows/rust.yml') || ''; const cargoConfig = ctx.fileContent('.cargo/config.toml') || ''; return /clippy/i.test(ci + cargoConfig); },
+  rustClippy: {
+    id: 120203,
+    name: 'Clippy configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return hasProjectFile(ctx, /(^|\/)(clippy\.toml|\.clippy\.toml)$/i) ||
+        /clippy/i.test(`${readProjectFiles(ctx, /(^|\/)\.cargo\/config\.toml$/i)}\n${getWorkflowContent(ctx)}\n${getPreCommitContent(ctx)}`);
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Configure clippy in CI or .cargo/config.toml for lint enforcement.',
+    fix: 'Configure `cargo clippy` in CI, pre-commit, or `.cargo/config.toml` so linting is enforced consistently.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustFmtConfigured: {
-    id: 'CL-RS04',
-    name: 'rustfmt configured (rustfmt.toml or .rustfmt.toml)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; return ctx.files.some(f => /rustfmt\.toml$|\.rustfmt\.toml$/.test(f)); },
+  rustFmt: {
+    id: 120204,
+    name: 'rustfmt configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return hasProjectFile(ctx, /(^|\/)(rustfmt\.toml|\.rustfmt\.toml)$/i);
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Create rustfmt.toml or .rustfmt.toml to configure code formatting.',
+    fix: 'Add `rustfmt.toml` or `.rustfmt.toml` to capture Rust formatting expectations in version control.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustCargoTestDocumented: {
-    id: 'CL-RS05',
-    name: 'cargo test documented in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /cargo test/i.test(docs); },
+  rustTestsExist: {
+    id: 120205,
+    name: 'Rust tests exist',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      const files = getRustFiles(ctx);
+      if (files.length === 0) return null;
+      return hasProjectFile(ctx, /(^|\/)tests\//i) ||
+        files.some(file => /#\s*\[\s*test\s*\]/.test(ctx.fileContent(file) || ''));
+    },
     impact: 'high',
     category: 'rust',
-    fix: 'Document cargo test command in project instructions.',
+    fix: 'Add Rust unit or integration tests using `#[test]` functions or a `tests/` directory.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustCargoBuildDocumented: {
-    id: 'CL-RS06',
-    name: 'cargo build/check documented in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /cargo (?:build|check)/i.test(docs); },
-    impact: 'high',
+  rustBenchmarks: {
+    id: 120206,
+    name: 'Rust benchmarks present',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return hasProjectFile(ctx, /(^|\/)benches\//i) ||
+        /#\s*\[\s*bench\s*\]|criterion/i.test(getRustProjectText(ctx));
+    },
+    impact: 'low',
     category: 'rust',
-    fix: 'Document cargo build or cargo check command in project instructions.',
+    fix: 'Add Rust benchmarks through `benches/`, `criterion`, or benchmark annotations when performance-sensitive code matters.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustUnsafePolicyDocumented: {
-    id: 'CL-RS07',
-    name: 'Unsafe code policy documented',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /unsafe|#!?\[forbid\(unsafe|#!?\[deny\(unsafe/i.test(docs); },
+  rustCIConfigured: {
+    id: 120207,
+    name: 'CI runs cargo test',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /cargo test(\s|$)/i.test(getWorkflowContent(ctx));
+    },
     impact: 'high',
     category: 'rust',
-    fix: 'Document unsafe code policy (forbidden, minimized, or where allowed).',
+    fix: 'Run `cargo test` in CI so Rust correctness is verified automatically on every change.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustErrorHandlingStrategy: {
-    id: 'CL-RS08',
-    name: 'Error handling strategy (anyhow/thiserror in deps)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; return /anyhow|thiserror|eyre|color-eyre/i.test(cargo); },
+  rustCargoLock: {
+    id: 120208,
+    name: 'Cargo.lock handling is appropriate',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      const cargoText = readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i);
+      const hasLock = hasProjectFile(ctx, /(^|\/)Cargo\.lock$/i);
+      const gitignore = ctx.fileContent('.gitignore') || '';
+      const libraryOnly = /\[lib\]/i.test(cargoText) && !/\[\[bin\]\]|src\/main\.rs/i.test(getRustProjectText(ctx));
+      if (libraryOnly) return hasLock || /(^|\r?\n)\s*Cargo\.lock\s*$/m.test(gitignore);
+      return hasLock;
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Use anyhow (applications) or thiserror (libraries) for structured error handling.',
+    fix: 'Commit `Cargo.lock` for binaries, or explicitly ignore it for library-only crates when that is your chosen policy.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustFeatureFlagsDocumented: {
-    id: 'CL-RS09',
-    name: 'Feature flags documented (Cargo.toml [features])',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; if (!/\[features\]/i.test(cargo)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /feature|--features|--all-features/i.test(docs); },
+  rustUnsafeBlocks: {
+    id: 120209,
+    name: 'Unsafe blocks are documented',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      const files = getRustFiles(ctx);
+      const unsafeFiles = files.filter(file => /\bunsafe\b/.test(ctx.fileContent(file) || ''));
+      if (unsafeFiles.length === 0) return true;
+      return unsafeFiles.every(file => /SAFETY:|\/\/\s*SAFETY|\/\*\s*SAFETY/i.test(ctx.fileContent(file) || ''));
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Document feature flags and their purpose in project instructions.',
+    fix: 'Document each `unsafe` block with a nearby `SAFETY:` comment explaining the invariants being upheld.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustWorkspaceConfig: {
-    id: 'CL-RS10',
-    name: 'Workspace config if multi-crate (Cargo.toml [workspace])',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; if (ctx.files.filter(f => /Cargo\.toml$/.test(f)).length <= 1) return null; return /\[workspace\]/i.test(cargo); },
+  rustErrorHandling: {
+    id: 120210,
+    name: 'Rust error handling strategy present',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /thiserror|anyhow|eyre|impl\s+std::error::Error|enum\s+\w+Error|struct\s+\w+Error/i.test(getRustProjectText(ctx));
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Configure [workspace] in root Cargo.toml for multi-crate projects.',
+    fix: 'Use `thiserror`, `anyhow`, or explicit error types so Rust errors remain structured and descriptive.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustMsrvSpecified: {
-    id: 'CL-RS11',
-    name: 'MSRV specified (rust-version field)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; return /rust-version\s*=/.test(cargo); },
+  rustAsync: {
+    id: 120211,
+    name: 'Rust async runtime configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /tokio|async-std|smol/i.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Specify rust-version (MSRV) in Cargo.toml for compatibility guarantees.',
+    fix: 'Declare an async runtime such as Tokio or async-std when the Rust project uses asynchronous workflows.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustDocCommentsEncouraged: {
-    id: 'CL-RS12',
-    name: 'Doc comments (///) encouraged in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /doc comment|\/{3}|rustdoc|cargo doc/i.test(docs); },
+  rustSerde: {
+    id: 120212,
+    name: 'Serde serialization configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /\bserde(_json|_yaml)?\b/i.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
     impact: 'low',
     category: 'rust',
-    fix: 'Encourage /// doc comments and cargo doc in project instructions.',
+    fix: 'Add `serde` and related crates when Rust data crosses process, storage, or network boundaries.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustBenchmarksConfigured: {
-    id: 'CL-RS13',
-    name: 'Criterion benchmarks mentioned (benches/ dir)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; return ctx.files.some(f => /benches[/]/.test(f)) || /criterion/i.test(ctx.fileContent('Cargo.toml') || ''); },
+  rustDocComments: {
+    id: 120213,
+    name: 'Public Rust items have doc comments',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      const files = getMainRustFiles(ctx);
+      const exported = files.some(file => /\bpub\s+(fn|struct|enum|trait|mod|const|type)\b/.test(ctx.fileContent(file) || ''));
+      if (!exported) return null;
+      return files.some(file => /\/\/\/[^\n]*\n\s*pub\s+(fn|struct|enum|trait|mod|const|type)\b/.test(ctx.fileContent(file) || ''));
+    },
     impact: 'low',
     category: 'rust',
-    fix: 'Set up criterion benchmarks in benches/ directory.',
+    fix: 'Add `///` doc comments above public Rust APIs so crates are easier to consume and maintain.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustCrossCompilationDocumented: {
-    id: 'CL-RS14',
-    name: 'Cross-compilation documented',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /cross.?compil|--target|rustup target|cargo build.*--target/i.test(docs); },
-    impact: 'low',
+  rustSecurityAudit: {
+    id: 120214,
+    name: 'Rust security audit tooling configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /cargo-audit|cargo deny|cargo-deny/i.test(getRustProjectText(ctx));
+    },
+    impact: 'medium',
     category: 'rust',
-    fix: 'Document cross-compilation targets and setup instructions.',
+    fix: 'Configure `cargo-audit` or `cargo-deny` in CI or project automation to scan Rust dependencies for risk.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustMemorySafetyDocumented: {
-    id: 'CL-RS15',
-    name: 'Memory safety patterns documented',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /ownership|borrow|lifetime|memory.?safe|Arc|Rc|RefCell/i.test(docs); },
+  rustMSRV: {
+    id: 120215,
+    name: 'Minimum supported Rust version specified',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /rust-version\s*=/.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Document memory safety patterns (ownership, borrowing, lifetime conventions).',
+    fix: 'Set `rust-version` in `Cargo.toml` so the project’s MSRV is explicit for contributors and CI.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustAsyncRuntimeDocumented: {
-    id: 'CL-RS16',
-    name: 'Async runtime documented (tokio/async-std in deps)',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; if (!/tokio|async-std|smol/i.test(cargo)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /tokio|async-std|async|await|runtime/i.test(docs); },
+  rustWorkspace: {
+    id: 120216,
+    name: 'Cargo workspace configured for multi-crate projects',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      const cargoFiles = findProjectFiles(ctx, /(^|\/)Cargo\.toml$/i);
+      if (cargoFiles.length <= 1) return null;
+      return /\[workspace\]/i.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
     impact: 'medium',
     category: 'rust',
-    fix: 'Document async runtime choice and patterns (tokio, async-std).',
+    fix: 'Add a root Cargo workspace when the Rust repository contains multiple crates.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustSerdeDocumented: {
-    id: 'CL-RS17',
-    name: 'Serde patterns documented',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; if (!/serde/i.test(cargo)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /serde|Serialize|Deserialize|serde_json|serde_yaml/i.test(docs); },
-    impact: 'medium',
+  rustBuildScript: {
+    id: 120217,
+    name: 'Rust build script present when needed',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return hasProjectFile(ctx, /(^|\/)build\.rs$/i);
+    },
+    impact: 'low',
     category: 'rust',
-    fix: 'Document serde serialization/deserialization patterns and conventions.',
+    fix: 'Use `build.rs` when the project needs generated bindings, codegen, or compile-time environment setup.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustCargoAuditConfigured: {
-    id: 'CL-RS18',
-    name: 'cargo-audit configured in CI',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const ci = ctx.fileContent('.github/workflows/ci.yml') || ctx.fileContent('.github/workflows/rust.yml') || ctx.fileContent('.github/workflows/audit.yml') || ''; return /cargo.?audit|advisory/i.test(ci); },
-    impact: 'medium',
+  rustFeatureFlags: {
+    id: 120218,
+    name: 'Rust feature flags defined',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /\[features\]/i.test(readProjectFiles(ctx, /(^|\/)Cargo\.toml$/i));
+    },
+    impact: 'low',
     category: 'rust',
-    fix: 'Configure cargo-audit in CI for vulnerability scanning.',
+    fix: 'Define Cargo feature flags when Rust functionality needs optional capabilities or slimmed dependency sets.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustWasmTargetDocumented: {
-    id: 'CL-RS19',
-    name: 'WASM target documented if applicable',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const cargo = ctx.fileContent('Cargo.toml') || ''; if (!/wasm|wasm-bindgen|wasm-pack/i.test(cargo)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /wasm|WebAssembly|wasm-pack|wasm-bindgen/i.test(docs); },
+  rustCrossCompilation: {
+    id: 120219,
+    name: 'Rust cross-compilation targets configured',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /--target|rustup target add|target\.[\w.-]+|cross build|cross test|cargo zigbuild/i.test(getRustProjectText(ctx));
+    },
     impact: 'low',
     category: 'rust',
-    fix: 'Document WASM target configuration and build process.',
+    fix: 'Configure Rust cross-compilation targets in CI or `.cargo/config.toml` when builds must run across architectures or platforms.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  rustGitignore: {
-    id: 'CL-RS20',
-    name: 'Rust .gitignore includes target/',
-    check: (ctx) => { if (!ctx.files.some(f => /Cargo\.toml$/.test(f))) return null; const gi = ctx.fileContent('.gitignore') || ''; return /target[/]|[/]target/i.test(gi); },
-    impact: 'medium',
+  rustContainerized: {
+    id: 120220,
+    name: 'Rust Dockerfile present',
+    check: (ctx) => {
+      if (!isRustProject(ctx)) return null;
+      return /FROM\s+rust|cargo\s+(build|chef|install|test)/i.test(ctx.fileContent('Dockerfile') || '');
+    },
+    impact: 'low',
     category: 'rust',
-    fix: 'Add target/ to .gitignore for Rust build artifacts.',
+    fix: 'Use a Dockerfile that references Rust or Cargo when the project’s build and release flow is containerized.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
@@ -2344,222 +2693,294 @@ const TECHNIQUES = {
   // === JAVA/SPRING STACK CHECKS (category: 'java') ============
   // ============================================================
 
-  javaBuildFileExists: {
-    id: 'CL-JV01',
-    name: 'pom.xml or build.gradle exists',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return true; },
+  mavenOrGradle: {
+    id: 120301,
+    name: 'Maven or Gradle build file exists',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return true;
+    },
     impact: 'high',
     category: 'java',
-    fix: 'Ensure pom.xml or build.gradle exists for Java projects.',
+    fix: 'Add `pom.xml`, `build.gradle`, or `build.gradle.kts` so the Java build is defined in version control.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaVersionSpecified: {
-    id: 'CL-JV02',
+  javaVersion: {
+    id: 120302,
     name: 'Java version specified',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const pom = ctx.fileContent('pom.xml') || ''; const gradle = ctx.fileContent('build.gradle') || ctx.fileContent('build.gradle.kts') || ''; return /java\.version|maven\.compiler\.source|sourceCompatibility|JavaVersion/i.test(pom + gradle) || ctx.files.some(f => /\.java-version$/.test(f)); },
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /java\.version|maven\.compiler\.(source|target|release)|sourceCompatibility|targetCompatibility|JavaLanguageVersion|toolchain/i.test(getJavaBuildText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)\.java-version$/i);
+    },
     impact: 'high',
     category: 'java',
-    fix: 'Specify Java version in pom.xml properties, build.gradle, or .java-version file.',
+    fix: 'Specify the Java version in Maven or Gradle so compilation and runtime expectations stay explicit.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaWrapperCommitted: {
-    id: 'CL-JV03',
-    name: 'Maven/Gradle wrapper committed (mvnw or gradlew)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /mvnw$|gradlew$/.test(f)); },
-    impact: 'high',
+  springBootDetected: {
+    id: 120303,
+    name: 'Spring Boot detected',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /spring-boot/i.test(getJavaBuildText(ctx));
+    },
+    impact: 'medium',
     category: 'java',
-    fix: 'Commit mvnw (Maven) or gradlew (Gradle) wrapper for reproducible builds.',
+    fix: 'Use Spring Boot dependencies when the Java service relies on Spring auto-configuration and conventions.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaSpringBootVersion: {
-    id: 'CL-JV04',
-    name: 'Spring Boot version documented if Spring project',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const pom = ctx.fileContent('pom.xml') || ''; const gradle = ctx.fileContent('build.gradle') || ctx.fileContent('build.gradle.kts') || ''; if (!/spring-boot/i.test(pom + gradle)) return null; return /spring-boot.*\d+\.\d+/i.test(pom + gradle); },
+  javaTestFramework: {
+    id: 120304,
+    name: 'Java test framework configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /junit|testng|spring-boot-starter-test/i.test(getJavaBuildText(ctx));
+    },
     impact: 'high',
     category: 'java',
-    fix: 'Document Spring Boot version in build configuration.',
+    fix: 'Add JUnit, TestNG, or Spring Boot test dependencies so Java tests have a standard runner.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaApplicationConfig: {
-    id: 'CL-JV05',
-    name: 'application.yml or application.properties exists',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /application\.ya?ml$|application\.properties$/.test(f)); },
+  javaLinter: {
+    id: 120305,
+    name: 'Java linter configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /checkstyle|spotbugs|pmd/i.test(getJavaProjectText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)(checkstyle\.xml|spotbugs.*\.xml|pmd\.xml)$/i);
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Create application.yml or application.properties for Spring configuration.',
+    fix: 'Configure Checkstyle, SpotBugs, or PMD so Java code quality rules run consistently.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaTestFramework: {
-    id: 'CL-JV06',
-    name: 'Test framework configured (JUnit/TestNG in deps)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const pom = ctx.fileContent('pom.xml') || ''; const gradle = ctx.fileContent('build.gradle') || ctx.fileContent('build.gradle.kts') || ''; return /junit|testng|spring-boot-starter-test/i.test(pom + gradle); },
-    impact: 'high',
+  javaFormatter: {
+    id: 120306,
+    name: 'Java formatter configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /google-java-format|spotless/i.test(getJavaBuildText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)\.editorconfig$/i);
+    },
+    impact: 'medium',
     category: 'java',
-    fix: 'Configure JUnit or TestNG test framework in project dependencies.',
+    fix: 'Configure Spotless, google-java-format, or an `.editorconfig` so Java formatting stays consistent.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaCodeStyleConfigured: {
-    id: 'CL-JV07',
-    name: 'Code style configured (checkstyle.xml, spotbugs)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /checkstyle\.xml$|spotbugs.*\.xml$/.test(f)) || /checkstyle|spotbugs|google-java-format/i.test((ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || '')); },
-    impact: 'medium',
+  javaCIConfigured: {
+    id: 120307,
+    name: 'CI runs Java tests',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /(?:mvn|mvnw)\s+test|(?:gradle|gradlew)\s+test/i.test(getWorkflowContent(ctx));
+    },
+    impact: 'high',
     category: 'java',
-    fix: 'Configure checkstyle or spotbugs for code quality enforcement.',
+    fix: 'Run `mvn test`, `mvnw test`, `gradle test`, or `gradlew test` in CI so Java changes are validated automatically.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaSpringProfilesDocumented: {
-    id: 'CL-JV08',
-    name: 'Spring profiles documented',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); if (!/spring/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /spring[.]profiles|@Profile|SPRING_PROFILES_ACTIVE/i.test(docs); },
+  javaSecurityScanner: {
+    id: 120308,
+    name: 'Java security scanner configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /dependency-check|snyk|spotbugs-security|findsecbugs/i.test(getJavaProjectText(ctx));
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Document Spring profiles and their configuration in project instructions.',
+    fix: 'Configure OWASP Dependency-Check, Snyk, or SpotBugs security rules for Java dependency and code scanning.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaDatabaseMigration: {
-    id: 'CL-JV09',
-    name: 'Database migration configured (flyway/liquibase)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); return /flyway|liquibase/i.test(deps) || ctx.files.some(f => /db[/]migration|flyway|liquibase/i.test(f)); },
-    impact: 'medium',
+  javaDocumentation: {
+    id: 120309,
+    name: 'Java documentation configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      if (/javadoc/i.test(getJavaBuildText(ctx))) return true;
+      const files = getMainJavaFiles(ctx);
+      const publicTypes = files.some(file => /\bpublic\s+(class|interface|enum|record)\s+[A-Z]\w*/.test(ctx.fileContent(file) || ''));
+      if (!publicTypes) return null;
+      return files.some(file => /\/\*\*[\s\S]*?\*\/\s*public\s+(class|interface|enum|record)\s+[A-Z]\w*/.test(ctx.fileContent(file) || ''));
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Configure database migration tool (Flyway or Liquibase) for schema management.',
+    fix: 'Generate Javadocs or add doc comments on public Java types so the API remains understandable to contributors.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaLombokDocumented: {
-    id: 'CL-JV10',
-    name: 'Lombok/MapStruct documented if used',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); if (!/lombok|mapstruct/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /lombok|mapstruct/i.test(docs); },
+  javaProfiles: {
+    id: 120310,
+    name: 'Java profiles or build variants configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /<profiles>|spring\.profiles|@Profile|profiles\s*\{|buildTypes\s*\{|productFlavors\s*\{/i.test(getJavaProjectText(ctx));
+    },
     impact: 'low',
     category: 'java',
-    fix: 'Document Lombok/MapStruct usage and IDE setup requirements.',
+    fix: 'Use Maven profiles, Spring profiles, or Gradle build variants when Java environments need explicit separation.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaApiDocsConfigured: {
-    id: 'CL-JV11',
-    name: 'API docs configured (springdoc/swagger deps)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); return /springdoc|swagger|openapi/i.test(deps); },
-    impact: 'medium',
+  javaContainerized: {
+    id: 120311,
+    name: 'Java Dockerfile references Java build/runtime',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /FROM\s+(?:maven|gradle|openjdk|eclipse-temurin|amazoncorretto)|\bjava\b|\bmvn\b|\bgradle\b/i.test(ctx.fileContent('Dockerfile') || '');
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Configure API documentation with springdoc-openapi or Swagger.',
+    fix: 'Use a Dockerfile or build image that references Java, Maven, or Gradle when the application is containerized.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaSecurityConfigured: {
-    id: 'CL-JV12',
-    name: 'Security configuration documented',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); if (!/spring-security|spring-boot-starter-security/i.test(deps)) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /security|authentication|authorization|SecurityConfig|@EnableWebSecurity/i.test(docs); },
-    impact: 'high',
+  javaAPIFramework: {
+    id: 120312,
+    name: 'Java API framework detected',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /spring-web|spring-boot-starter-web|@RestController|@Controller|javax\.ws\.rs|jakarta\.ws\.rs|micronaut-http|io\.micronaut/i.test(getJavaProjectText(ctx));
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Document Spring Security configuration and authentication setup.',
+    fix: 'Use Spring MVC, JAX-RS, or Micronaut conventions explicitly when the Java project exposes an API.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaActuatorConfigured: {
-    id: 'CL-JV13',
-    name: 'Actuator/health checks configured',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); return /actuator|spring-boot-starter-actuator/i.test(deps); },
+  javaMigrations: {
+    id: 120313,
+    name: 'Java database migration tooling present',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /flyway|liquibase/i.test(getJavaProjectText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)(db\/migration|db\/migrations|migrations)\//i) ||
+        hasProjectFile(ctx, /(^|\/)(schema|data)\.sql$/i);
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Configure Spring Boot Actuator for health checks and monitoring.',
+    fix: 'Add Flyway, Liquibase, or repo-managed migration files so Java schema changes are repeatable and reviewable.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaLoggingConfigured: {
-    id: 'CL-JV14',
-    name: 'Logging configured (logback.xml or log4j2.xml)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /logback.*\.xml$|log4j2?.*\.xml$|logging\.properties$/.test(f)); },
-    impact: 'medium',
+  javaMessageQueue: {
+    id: 120314,
+    name: 'Java message queue integration detected',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /kafka|rabbitmq|amqp|jms|spring-kafka|spring-rabbit/i.test(getJavaProjectText(ctx));
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Configure logging with logback.xml or log4j2.xml.',
+    fix: 'Use explicit Kafka, RabbitMQ, or JMS integrations when the Java service relies on asynchronous messaging.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaMultiModuleProject: {
-    id: 'CL-JV15',
-    name: 'Multi-module project configured if applicable',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const buildFiles = ctx.files.filter(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f)); if (buildFiles.length <= 1) return null; const rootPom = ctx.fileContent('pom.xml') || ''; const rootGradle = ctx.fileContent('settings.gradle') || ctx.fileContent('settings.gradle.kts') || ''; return /<modules>|include\s/i.test(rootPom + rootGradle); },
-    impact: 'medium',
+  javaCaching: {
+    id: 120315,
+    name: 'Java caching configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /redis|ehcache|spring-cache|@Cacheable|caffeine/i.test(getJavaProjectText(ctx));
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Configure multi-module project structure in root build file.',
+    fix: 'Configure Redis, Ehcache, Caffeine, or Spring Cache when Java services benefit from explicit caching layers.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaDockerConfigured: {
-    id: 'CL-JV16',
-    name: 'Docker build configured (Dockerfile or Jib plugin)',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const df = ctx.fileContent('Dockerfile') || ''; const deps = (ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || ''); return /FROM.*(?:openjdk|eclipse-temurin|amazoncorretto)/i.test(df) || /jib/i.test(deps); },
+  javaMonitoring: {
+    id: 120316,
+    name: 'Java monitoring dependencies detected',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /actuator|micrometer|prometheus/i.test(getJavaProjectText(ctx));
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Configure Docker build with Dockerfile or Jib plugin.',
+    fix: 'Add Actuator, Micrometer, or Prometheus integrations so Java services expose health and metrics data.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaEnvConfigsSeparated: {
-    id: 'CL-JV17',
-    name: 'Environment-specific configs separated',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /application-(?:dev|prod|staging|test|local)\.(?:ya?ml|properties)$/.test(f)); },
+  javaLogging: {
+    id: 120317,
+    name: 'Java logging configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /slf4j|logback|log4j/i.test(getJavaProjectText(ctx)) ||
+        hasProjectFile(ctx, /(^|\/)(logback.*\.xml|log4j2?.*\.xml)$/i);
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Separate environment configs (application-dev.yml, application-prod.yml, etc.).',
+    fix: 'Use SLF4J, Logback, or Log4j so Java application logging is explicit and configurable.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaNoSecretsInConfig: {
-    id: 'CL-JV18',
-    name: 'No secrets in application.yml/properties',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const appYml = ctx.files.filter(f => /application.*\.ya?ml$|application.*\.properties$/.test(f)).map(f => ctx.fileContent(f) || '').join(''); if (!appYml) return null; return !/password\s*[:=]\s*[^$\{\s][^\s]{8,}|secret\s*[:=]\s*[^$\{\s][^\s]{8,}/i.test(appYml); },
-    impact: 'critical',
+  javaMultiModule: {
+    id: 120318,
+    name: 'Java multi-module structure configured',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      const buildFiles = findProjectFiles(ctx, /(^|\/)(pom\.xml|build\.gradle|build\.gradle\.kts)$/i);
+      if (buildFiles.length <= 1) return null;
+      return /<modules>|include\s*\(|include\s+['":]/i.test(getJavaBuildText(ctx));
+    },
+    impact: 'medium',
     category: 'java',
-    fix: 'Move secrets to environment variables or external secret management, not application config files.',
+    fix: 'Configure a root Maven or Gradle multi-module definition when the Java repository contains multiple modules.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaIntegrationTestsSeparate: {
-    id: 'CL-JV19',
-    name: 'Integration tests separate from unit tests',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; return ctx.files.some(f => /src[/](?:integration-?test|it)[/]|IT\.java$|Integration(?:Test)?\.java$/.test(f)) || /failsafe|integration-test/i.test((ctx.fileContent('pom.xml') || '') + (ctx.fileContent('build.gradle') || '') + (ctx.fileContent('build.gradle.kts') || '')); },
+  javaDependencyInjection: {
+    id: 120319,
+    name: 'Java dependency injection pattern present',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return /spring-context|guice|dagger|@Autowired|@Inject|@Bean|@Component|@Service/i.test(getJavaProjectText(ctx));
+    },
     impact: 'medium',
     category: 'java',
-    fix: 'Separate integration tests from unit tests using Maven Failsafe or dedicated source set.',
+    fix: 'Use Spring DI, Guice, or Dagger patterns so Java object graphs stay explicit and testable.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },
 
-  javaBuildCommandDocumented: {
-    id: 'CL-JV20',
-    name: 'Build command documented in instructions',
-    check: (ctx) => { if (!ctx.files.some(f => /pom\.xml$|build\.gradle$|build\.gradle\.kts$/.test(f))) return null; const docs = (ctx.claudeMdContent ? ctx.claudeMdContent() : ctx.fileContent('CLAUDE.md')) || ctx.fileContent('README.md') || ''; return /mvn|gradle|mvnw|gradlew|maven|./i.test(docs) && /build|compile|package|install/i.test(docs); },
-    impact: 'high',
+  javaPropertyFiles: {
+    id: 120320,
+    name: 'Java application property files exist',
+    check: (ctx) => {
+      if (!isJavaProject(ctx)) return null;
+      return hasProjectFile(ctx, /(^|\/)application\.(properties|ya?ml)$/i);
+    },
+    impact: 'low',
     category: 'java',
-    fix: 'Document build command (mvnw package, gradlew build) in project instructions.',
+    fix: 'Add `application.properties` or `application.yml` when the Java service relies on conventional runtime configuration files.',
     // sourceUrl assigned by attachSourceUrls via category mapping
     confidence: 0.7,
   },