@rigour-labs/core 2.22.0 → 3.0.0

package/README.md

@@ -0,0 +1,58 @@
+# @rigour-labs/core
+
+[![npm version](https://img.shields.io/npm/v/@rigour-labs/core?color=cyan)](https://www.npmjs.com/package/@rigour-labs/core)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**Deterministic quality gate engine for AI-generated code.**
+
+The core library powering [Rigour](https://rigour.run) — AST analysis, AI drift detection, security scanning, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#/.NET.
+
+> This package is the engine. For the CLI, use [`@rigour-labs/cli`](https://www.npmjs.com/package/@rigour-labs/cli). For MCP integration, use [`@rigour-labs/mcp`](https://www.npmjs.com/package/@rigour-labs/mcp).
+
+## What's Inside
+
+### 23 Quality Gates
+
+**Structural:** File size, cyclomatic complexity, method count, parameter count, nesting depth, required docs, content hygiene.
+
+**Security:** Hardcoded secrets, SQL injection, XSS, command injection, path traversal.
+
+**AI-Native Drift Detection:** Duplication drift, hallucinated imports, inconsistent error handling, context window artifacts, async & error safety (promise safety).
+
+**Agent Governance:** Multi-agent scope isolation, checkpoint supervision, context drift, retry loop breaker.
+
+### Multi-Language Support
+
+All gates support: TypeScript, JavaScript, Python, Go, Ruby, and C#/.NET.
+
+### Two-Score System
+
+Every failure carries a **provenance tag** (`ai-drift`, `traditional`, `security`, `governance`) and contributes to two sub-scores:
+
+- **AI Health Score** (0–100) — AI-specific failures
+- **Structural Score** (0–100) — Traditional code quality
+
+### Fix Packets (v2)
+
+Machine-readable JSON diagnostics with severity, provenance, file, line number, and step-by-step remediation instructions that AI agents can consume directly.
+
+## Usage
+
+```typescript
+import { GateRunner } from '@rigour-labs/core';
+
+const runner = new GateRunner(config, projectRoot);
+const report = await runner.run();
+
+console.log(report.pass);      // true or false
+console.log(report.score);     // 0-100
+console.log(report.failures);  // Failure[]
+```
+
+## Documentation
+
+**[Full docs at docs.rigour.run](https://docs.rigour.run)**
+
+## License
+
+MIT © [Rigour Labs](https://github.com/rigour-labs)

package/dist/context.test.js

@@ -2,9 +2,8 @@ import { describe, it, expect, beforeAll, afterAll } from 'vitest';
 import { GateRunner } from '../src/gates/runner.js';
 import fs from 'fs-extra';
 import path from 'path';
-import { fileURLToPath } from 'url';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const TEST_CWD = path.join(__dirname, '../temp-test-context');
+import os from 'os';
+const TEST_CWD = path.join(os.tmpdir(), 'rigour-temp-test-context-' + process.pid);
 describe('Context Awareness Engine', () => {
     beforeAll(async () => {
         await fs.ensureDir(TEST_CWD);

package/dist/environment.test.js

@@ -3,8 +3,9 @@ import { GateRunner } from './gates/runner.js';
 import { ConfigSchema } from './types/index.js';
 import fs from 'fs-extra';
 import path from 'path';
+import os from 'os';
 describe('Environment Alignment Gate', () => {
-    const testDir = path.join(process.cwd(), 'temp-test-env');
+    const testDir = path.join(os.tmpdir(), 'rigour-temp-test-env-' + process.pid);
     beforeEach(async () => {
         await fs.ensureDir(testDir);
     });

package/dist/gates/agent-team.d.ts

@@ -12,7 +12,7 @@
  * @since v2.14.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface AgentRegistration {
     agentId: string;
     taskScope: string[];
@@ -46,5 +46,6 @@ export declare function clearSession(cwd: string): void;
 export declare class AgentTeamGate extends Gate {
     private config;
     constructor(config?: AgentTeamConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
 }

package/dist/gates/agent-team.js

@@ -120,6 +120,7 @@ export class AgentTeamGate extends Gate {
             task_ownership: config.task_ownership ?? 'strict',
         };
     }
+    get provenance() { return 'governance'; }
     async run(context) {
         if (!this.config.enabled) {
             return [];

package/dist/gates/base.d.ts

@@ -1,5 +1,5 @@
 import { GoldenRecord } from '../services/context-engine.js';
-import { Failure, Severity } from '../types/index.js';
+import { Failure, Severity, Provenance } from '../types/index.js';
 export interface GateContext {
     cwd: string;
     record?: GoldenRecord;
@@ -11,5 +11,7 @@ export declare abstract class Gate {
     readonly title: string;
     constructor(id: string, title: string);
     abstract run(context: GateContext): Promise<Failure[]>;
+    /** Default provenance for this gate — subclasses override */
+    protected get provenance(): Provenance;
     protected createFailure(details: string, files?: string[], hint?: string, title?: string, line?: number, endLine?: number, severity?: Severity): Failure;
 }

package/dist/gates/base.js

@@ -5,12 +5,15 @@ export class Gate {
         this.id = id;
         this.title = title;
     }
+    /** Default provenance for this gate — subclasses override */
+    get provenance() { return 'traditional'; }
     createFailure(details, files, hint, title, line, endLine, severity) {
         return {
             id: this.id,
             title: title || this.title,
             details,
             severity: severity || 'medium',
+            provenance: this.provenance,
             files,
             line,
             endLine,

package/dist/gates/checkpoint.d.ts

@@ -13,7 +13,7 @@
  * @since v2.14.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface CheckpointEntry {
     checkpointId: string;
     timestamp: Date;
@@ -68,5 +68,6 @@ export declare function clearCheckpointSession(cwd: string): void;
 export declare class CheckpointGate extends Gate {
     private config;
     constructor(config?: CheckpointConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
 }

package/dist/gates/checkpoint.js

@@ -198,6 +198,7 @@ export class CheckpointGate extends Gate {
             auto_save_on_failure: config.auto_save_on_failure ?? true,
         };
     }
+    get provenance() { return 'governance'; }
     async run(context) {
         if (!this.config.enabled) {
             return [];
@@ -217,13 +218,13 @@ export class CheckpointGate extends Gate {
         // Check 2: Quality threshold
         const lastCheckpoint = session.checkpoints[session.checkpoints.length - 1];
         if (lastCheckpoint.qualityScore < (this.config.quality_threshold ?? 80)) {
-            failures.push(this.createFailure(`Quality score ${lastCheckpoint.qualityScore}% is below threshold ${this.config.quality_threshold}%`, lastCheckpoint.filesChanged, 'Review recent changes and address quality issues before continuing', 'Quality Below Threshold'));
+            failures.push(this.createFailure(`Quality score ${lastCheckpoint.qualityScore}% is below threshold ${this.config.quality_threshold}%`, lastCheckpoint.filesChanged, 'Review recent changes and address quality issues before continuing', 'Quality Below Threshold', undefined, undefined, 'high'));
         }
         // Check 3: Drift detection
         if (this.config.drift_detection) {
             const { hasDrift, trend } = detectDrift(session.checkpoints);
             if (hasDrift && trend === 'degrading') {
-                failures.push(this.createFailure(`Quality drift detected: scores are degrading over time`, undefined, 'Agent performance is declining. Consider pausing and reviewing recent work.', 'Quality Drift Detected'));
+                failures.push(this.createFailure(`Quality drift detected: scores are degrading over time`, undefined, 'Agent performance is declining. Consider pausing and reviewing recent work.', 'Quality Drift Detected', undefined, undefined, 'high'));
             }
         }
         return failures;

package/dist/gates/context-window-artifacts.d.ts

@@ -16,7 +16,7 @@
  * @since v2.16.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface ContextWindowArtifactsConfig {
     enabled?: boolean;
     min_file_lines?: number;
@@ -26,6 +26,7 @@ export interface ContextWindowArtifactsConfig {
 export declare class ContextWindowArtifactsGate extends Gate {
     private config;
     constructor(config?: ContextWindowArtifactsConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private analyzeFile;
     private measureHalf;

package/dist/gates/context-window-artifacts.js

@@ -31,6 +31,7 @@ export class ContextWindowArtifactsGate extends Gate {
             signals_required: config.signals_required ?? 2,
         };
     }
+    get provenance() { return 'ai-drift'; }
     async run(context) {
         if (!this.config.enabled)
             return [];
@@ -68,8 +69,8 @@ export class ContextWindowArtifactsGate extends Gate {
         const bottomMetrics = this.measureHalf(bottomContent);
         const signals = [];
         let degradationScore = 0;
-        // Signal 1: Comment density drops
-        if (topMetrics.commentDensity > 0) {
+        // Signal 1: Comment density drops (use threshold to avoid tiny-denominator noise)
+        if (topMetrics.commentDensity > 0.01) {
             const commentRatio = bottomMetrics.commentDensity / topMetrics.commentDensity;
             if (commentRatio < 0.5) {
                 signals.push(`Comment density drops ${((1 - commentRatio) * 100).toFixed(0)}% in bottom half`);
@@ -130,9 +131,11 @@ export class ContextWindowArtifactsGate extends Gate {
     measureHalf(content) {
         const lines = content.split('\n');
         const codeLines = lines.filter(l => l.trim() && !l.trim().startsWith('//') && !l.trim().startsWith('#') && !l.trim().startsWith('*'));
+        // Only count inline comments (//), not JSDoc/block comments (/** ... */ or * ...)
+        // JSDoc tends to cluster at file top, skewing "degradation" unfairly
         const commentLines = lines.filter(l => {
             const trimmed = l.trim();
-            return trimmed.startsWith('//') || trimmed.startsWith('#') || trimmed.startsWith('*') || trimmed.startsWith('/*');
+            return trimmed.startsWith('//') || trimmed.startsWith('#');
         });
         // Comment density
         const commentDensity = codeLines.length > 0 ? commentLines.length / codeLines.length : 0;

package/dist/gates/context.d.ts

@@ -1,5 +1,5 @@
 import { Gate, GateContext } from './base.js';
-import { Failure, Gates } from '../types/index.js';
+import { Failure, Gates, Provenance } from '../types/index.js';
 /**
  * Extended Context Configuration (v2.14+)
  * For 1M token frontier models like Opus 4.6
@@ -17,6 +17,7 @@ export declare class ContextGate extends Gate {
     private config;
     private extendedConfig;
     constructor(config: Gates);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private checkEnvDrift;
     /**

package/dist/gates/context.js

@@ -18,6 +18,7 @@ export class ContextGate extends Gate {
             max_cross_file_depth: 50,
         };
     }
+    get provenance() { return 'ai-drift'; }
     async run(context) {
         const failures = [];
         const record = context.record;

package/dist/gates/coverage.js

@@ -35,7 +35,9 @@ export class CoverageGate extends Gate {
                     title: `Low coverage for high-risk file: ${file}`,
                     details: `Current coverage: ${coverage.toFixed(2)}%. Required: ${threshold}% due to structural risk.`,
                     files: [file],
-                    hint: `Add dynamic tests to cover complex logical branches in this file.`
+                    hint: `Add dynamic tests to cover complex logical branches in this file.`,
+                    severity: 'medium',
+                    provenance: 'traditional'
                 });
             }
         }

package/dist/gates/dependency.js

@@ -25,7 +25,7 @@ export class DependencyGate extends Gate {
                 };
                 for (const dep of forbidden) {
                     if (allDeps[dep]) {
-                        failures.push(this.createFailure(`The package '${dep}' is forbidden by project standards.`, ['package.json'], `Remove '${dep}' from package.json and use approved alternatives.`, 'Forbidden Dependency'));
+                        failures.push(this.createFailure(`The package '${dep}' is forbidden by project standards.`, ['package.json'], `Remove '${dep}' from package.json and use approved alternatives.`, 'Forbidden Dependency', undefined, undefined, 'medium'));
                     }
                 }
             }
@@ -37,7 +37,7 @@ export class DependencyGate extends Gate {
             const content = await fs.readFile(reqPath, 'utf-8');
             for (const dep of forbidden) {
                 if (new RegExp(`^${dep}([=<>! ]|$)`, 'm').test(content)) {
-                    failures.push(this.createFailure(`The Python package '${dep}' is forbidden.`, ['requirements.txt'], `Remove '${dep}' from requirements.txt.`, 'Forbidden Dependency'));
+                    failures.push(this.createFailure(`The Python package '${dep}' is forbidden.`, ['requirements.txt'], `Remove '${dep}' from requirements.txt.`, 'Forbidden Dependency', undefined, undefined, 'medium'));
                 }
             }
         }
@@ -46,7 +46,7 @@ export class DependencyGate extends Gate {
             const content = await fs.readFile(pyprojPath, 'utf-8');
             for (const dep of forbidden) {
                 if (new RegExp(`^${dep}\\s*=`, 'm').test(content)) {
-                    failures.push(this.createFailure(`The Python package '${dep}' is forbidden in pyproject.toml.`, ['pyproject.toml'], `Remove '${dep}' from pyproject.toml dependencies.`, 'Forbidden Dependency'));
+                    failures.push(this.createFailure(`The Python package '${dep}' is forbidden in pyproject.toml.`, ['pyproject.toml'], `Remove '${dep}' from pyproject.toml dependencies.`, 'Forbidden Dependency', undefined, undefined, 'medium'));
                 }
             }
         }
@@ -56,7 +56,7 @@ export class DependencyGate extends Gate {
             const content = await fs.readFile(goModPath, 'utf-8');
             for (const dep of forbidden) {
                 if (content.includes(dep)) {
-                    failures.push(this.createFailure(`The Go module '${dep}' is forbidden.`, ['go.mod'], `Remove '${dep}' from go.mod.`, 'Forbidden Dependency'));
+                    failures.push(this.createFailure(`The Go module '${dep}' is forbidden.`, ['go.mod'], `Remove '${dep}' from go.mod.`, 'Forbidden Dependency', undefined, undefined, 'medium'));
                 }
             }
         }
@@ -66,7 +66,7 @@ export class DependencyGate extends Gate {
             const content = await fs.readFile(pomPath, 'utf-8');
             for (const dep of forbidden) {
                 if (content.includes(`<artifactId>${dep}</artifactId>`)) {
-                    failures.push(this.createFailure(`The Java artifact '${dep}' is forbidden.`, ['pom.xml'], `Remove '${dep}' from pom.xml.`, 'Forbidden Dependency'));
+                    failures.push(this.createFailure(`The Java artifact '${dep}' is forbidden.`, ['pom.xml'], `Remove '${dep}' from pom.xml.`, 'Forbidden Dependency', undefined, undefined, 'medium'));
                 }
             }
         }

package/dist/gates/duplication-drift.d.ts

@@ -13,7 +13,7 @@
  * @since v2.16.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface DuplicationDriftConfig {
     enabled?: boolean;
     similarity_threshold?: number;
@@ -22,6 +22,7 @@ export interface DuplicationDriftConfig {
 export declare class DuplicationDriftGate extends Gate {
     private config;
     constructor(config?: DuplicationDriftConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private extractJSFunctions;
     private extractPyFunctions;

package/dist/gates/duplication-drift.js

@@ -27,6 +27,7 @@ export class DuplicationDriftGate extends Gate {
             min_body_lines: config.min_body_lines ?? 5,
         };
     }
+    get provenance() { return 'ai-drift'; }
     async run(context) {
         if (!this.config.enabled)
             return [];
@@ -157,8 +158,10 @@ export class DuplicationDriftGate extends Gate {
             .replace(/\/\/.*/g, '') // strip single-line comments
             .replace(/\/\*[\s\S]*?\*\//g, '') // strip multi-line comments
             .replace(/#.*/g, '') // strip Python comments
+            .replace(/`[^`]*`/g, '"STR"') // normalize template literals to placeholder
+            .replace(/\basync\s+/g, '') // normalize async modifier
             .replace(/\s+/g, ' ') // collapse whitespace
-            .replace(/['"`]/g, '"') // normalize quotes
+            .replace(/['"]/g, '"') // normalize single/double quotes (NOT backticks)
             .trim();
     }
     hash(text) {

package/dist/gates/environment.js

@@ -26,22 +26,22 @@ export class EnvironmentGate extends Gate {
                 if (versionMatch) {
                     const version = versionMatch[1];
                     if (!semver.satisfies(version, semverRange)) {
-                        failures.push(this.createFailure(`Environment Alignment: Tool '${tool}' version mismatch.`, [], `Project requires '${tool} ${semverRange}' (discovered from contract), but found version '${version}'. Please align your local environment to prevent drift.`));
+                        failures.push(this.createFailure(`Environment Alignment: Tool '${tool}' version mismatch.`, [], `Project requires '${tool} ${semverRange}' (discovered from contract), but found version '${version}'. Please align your local environment to prevent drift.`, undefined, undefined, undefined, 'medium'));
                     }
                 }
                 else {
-                    failures.push(this.createFailure(`Environment Alignment: Could not determine version for '${tool}'.`, [], `Ensure '${tool} --version' returns a standard SemVer string.`));
+                    failures.push(this.createFailure(`Environment Alignment: Could not determine version for '${tool}'.`, [], `Ensure '${tool} --version' returns a standard SemVer string.`, undefined, undefined, undefined, 'medium'));
                 }
             }
             catch (e) {
-                failures.push(this.createFailure(`Environment Alignment: Required tool '${tool}' is missing.`, [], `Install '${tool}' and ensure it is in your $PATH.`));
+                failures.push(this.createFailure(`Environment Alignment: Required tool '${tool}' is missing.`, [], `Install '${tool}' and ensure it is in your $PATH.`, undefined, undefined, undefined, 'medium'));
             }
         }
         // 2. Verify Required Env Vars
         const requiredEnv = envConfig.required_env || [];
         for (const envVar of requiredEnv) {
             if (!process.env[envVar]) {
-                failures.push(this.createFailure(`Environment Alignment: Missing required environment variable '${envVar}'.`, [], `Ensure '${envVar}' is defined in your environment or .env file.`));
+                failures.push(this.createFailure(`Environment Alignment: Missing required environment variable '${envVar}'.`, [], `Ensure '${envVar}' is defined in your environment or .env file.`, undefined, undefined, undefined, 'medium'));
             }
         }
         return failures;

package/dist/gates/hallucinated-imports.d.ts

@@ -11,16 +11,20 @@
  * 2. For relative imports: verify the target file exists
  * 3. For package imports: verify the package exists in node_modules or package.json
  * 4. For Python imports: verify the module exists in the project or site-packages
+ * 5. For Go imports: verify relative package paths exist in the project
+ * 6. For Ruby/C#: verify relative require/using paths exist
+ *
+ * Supported languages: JS/TS, Python, Go, Ruby, C#
  *
  * @since v2.16.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface HallucinatedImport {
     file: string;
     line: number;
     importPath: string;
-    type: 'relative' | 'package' | 'python';
+    type: 'relative' | 'package' | 'python' | 'go' | 'ruby' | 'csharp';
     reason: string;
 }
 export interface HallucinatedImportsConfig {
@@ -32,6 +36,7 @@ export interface HallucinatedImportsConfig {
 export declare class HallucinatedImportsGate extends Gate {
     private config;
     constructor(config?: HallucinatedImportsConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private checkJSImports;
     private checkPyImports;
@@ -40,5 +45,19 @@ export declare class HallucinatedImportsGate extends Gate {
     private shouldIgnore;
     private isNodeBuiltin;
     private isPythonStdlib;
+    /**
+     * Check Go imports — verify relative/project package paths exist
+     * Go stdlib packages are skipped; only project-relative imports are checked
+     */
+    private checkGoImports;
+    /**
+     * Check Ruby imports — verify require_relative paths exist
+     */
+    private checkRubyImports;
+    /**
+     * Check C# imports — verify relative using paths match project namespaces
+     * (C# uses namespaces, not file paths — we check for obviously wrong namespaces)
+     */
+    private checkCSharpImports;
     private loadPackageJson;
 }

package/dist/gates/hallucinated-imports.js

@@ -11,6 +11,10 @@
  * 2. For relative imports: verify the target file exists
  * 3. For package imports: verify the package exists in node_modules or package.json
  * 4. For Python imports: verify the module exists in the project or site-packages
+ * 5. For Go imports: verify relative package paths exist in the project
+ * 6. For Ruby/C#: verify relative require/using paths exist
+ *
+ * Supported languages: JS/TS, Python, Go, Ruby, C#
  *
  * @since v2.16.0
  */
@@ -33,6 +37,7 @@ export class HallucinatedImportsGate extends Gate {
             ],
         };
     }
+    get provenance() { return 'ai-drift'; }
     async run(context) {
         if (!this.config.enabled)
             return [];
@@ -40,8 +45,9 @@ export class HallucinatedImportsGate extends Gate {
         const hallucinated = [];
         const files = await FileScanner.findFiles({
             cwd: context.cwd,
-            patterns: ['**/*.{ts,js,tsx,jsx,py}'],
-            ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/build/**', '**/.venv/**'],
+            patterns: ['**/*.{ts,js,tsx,jsx,py,go,rb,cs}'],
+            ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/build/**',
+                '**/.venv/**', '**/venv/**', '**/vendor/**', '**/bin/Debug/**', '**/bin/Release/**', '**/obj/**'],
         });
         Logger.info(`Hallucinated Imports: Scanning ${files.length} files`);
         // Build lookup sets for fast resolution
@@ -65,6 +71,15 @@ export class HallucinatedImportsGate extends Gate {
                 else if (ext === '.py') {
                     await this.checkPyImports(content, file, context.cwd, projectFiles, hallucinated);
                 }
+                else if (ext === '.go') {
+                    this.checkGoImports(content, file, context.cwd, projectFiles, hallucinated);
+                }
+                else if (ext === '.rb') {
+                    this.checkRubyImports(content, file, projectFiles, hallucinated);
+                }
+                else if (ext === '.cs') {
+                    this.checkCSharpImports(content, file, projectFiles, hallucinated);
+                }
             }
             catch (e) { }
         }
@@ -279,6 +294,105 @@ export class HallucinatedImportsGate extends Gate {
         ]);
         return stdlibs.has(topLevel);
     }
+    /**
+     * Check Go imports — verify relative/project package paths exist
+     * Go stdlib packages are skipped; only project-relative imports are checked
+     */
+    checkGoImports(content, file, cwd, projectFiles, hallucinated) {
+        const lines = content.split('\n');
+        let inImportBlock = false;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            // Detect import block: import ( ... )
+            if (/^import\s*\(/.test(line)) {
+                inImportBlock = true;
+                continue;
+            }
+            if (inImportBlock && line === ')') {
+                inImportBlock = false;
+                continue;
+            }
+            // Single import: import "path"
+            const singleMatch = line.match(/^import\s+"([^"]+)"/);
+            const blockMatch = inImportBlock ? line.match(/^\s*"([^"]+)"/) : null;
+            const importPath = singleMatch?.[1] || blockMatch?.[1];
+            if (!importPath)
+                continue;
+            // Skip Go stdlib (no dots in path = stdlib or well-known)
+            if (!importPath.includes('.') && !importPath.includes('/'))
+                continue;
+            // Project-relative imports (contain module path from go.mod)
+            // We only flag imports that look like project paths but don't resolve
+            if (importPath.includes('/') && !importPath.startsWith('github.com') && !importPath.startsWith('golang.org')) {
+                // Check if the path maps to a directory in the project
+                const dirPath = importPath.split('/').slice(-2).join('/');
+                const hasMatchingFile = [...projectFiles].some(f => f.includes(dirPath));
+                if (!hasMatchingFile) {
+                    hallucinated.push({
+                        file, line: i + 1, importPath, type: 'go',
+                        reason: `Go import '${importPath}' — package path not found in project`,
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Check Ruby imports — verify require_relative paths exist
+     */
+    checkRubyImports(content, file, projectFiles, hallucinated) {
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            // require_relative 'path' — should resolve to a real file
+            const relMatch = line.match(/require_relative\s+['"]([^'"]+)['"]/);
+            if (relMatch) {
+                const reqPath = relMatch[1];
+                const dir = path.dirname(file);
+                const resolved = path.join(dir, reqPath).replace(/\\/g, '/');
+                const candidates = [resolved + '.rb', resolved];
+                if (!candidates.some(c => projectFiles.has(c))) {
+                    hallucinated.push({
+                        file, line: i + 1, importPath: reqPath, type: 'ruby',
+                        reason: `require_relative '${reqPath}' — file not found in project`,
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Check C# imports — verify relative using paths match project namespaces
+     * (C# uses namespaces, not file paths — we check for obviously wrong namespaces)
+     */
+    checkCSharpImports(content, file, projectFiles, hallucinated) {
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            // using ProjectName.Something — check if namespace maps to project files
+            const usingMatch = line.match(/^using\s+([\w.]+)\s*;/);
+            if (!usingMatch)
+                continue;
+            const namespace = usingMatch[1];
+            // Skip System.* and Microsoft.* and common framework namespaces
+            if (/^(?:System|Microsoft|Newtonsoft|NUnit|Xunit|Moq|AutoMapper)\b/.test(namespace))
+                continue;
+            // Check if the namespace maps to any .cs file path in the project
+            const nsPath = namespace.replace(/\./g, '/');
+            const hasMatch = [...projectFiles].some(f => f.endsWith('.cs') && (f.includes(nsPath) || f.includes(namespace.split('.')[0])));
+            // Only flag if the project has NO files that could match this namespace
+            if (!hasMatch && namespace.includes('.')) {
+                // Could be a NuGet package — we can't verify without .csproj parsing
+                // Only flag obvious project-relative namespaces
+                const topLevel = namespace.split('.')[0];
+                const hasProjectFiles = [...projectFiles].some(f => f.endsWith('.cs') && f.includes(topLevel));
+                if (hasProjectFiles) {
+                    hallucinated.push({
+                        file, line: i + 1, importPath: namespace, type: 'csharp',
+                        reason: `Namespace '${namespace}' — no matching files found in project`,
+                    });
+                }
+            }
+        }
+    }
     async loadPackageJson(cwd) {
         try {
             const pkgPath = path.join(cwd, 'package.json');

package/dist/gates/inconsistent-error-handling.d.ts

@@ -20,7 +20,7 @@
  * @since v2.16.0
  */
 import { Gate, GateContext } from './base.js';
-import { Failure } from '../types/index.js';
+import { Failure, Provenance } from '../types/index.js';
 export interface InconsistentErrorHandlingConfig {
     enabled?: boolean;
     max_strategies_per_type?: number;
@@ -30,6 +30,7 @@ export interface InconsistentErrorHandlingConfig {
 export declare class InconsistentErrorHandlingGate extends Gate {
     private config;
     constructor(config?: InconsistentErrorHandlingConfig);
+    protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
     private extractErrorHandlers;
     private classifyStrategy;