@rigour-labs/core 4.0.4 → 4.1.0

package/dist/gates/ast-handlers/typescript.js

@@ -20,7 +20,7 @@ export class TypeScriptHandler extends ASTHandler {
         const maxMethods = astConfig.max_methods || 10;
         const maxParams = astConfig.max_params || 5;
         // Limit failures per file to avoid output bloat on large files
-        const MAX_FAILURES_PER_FILE = 50;
+        const MAX_FAILURES_PER_FILE = 5;
         const fileFailureCount = {};
         const addFailure = (failure) => {
             const ruleId = failure.id;
@@ -36,7 +36,9 @@ export class TypeScriptHandler extends ASTHandler {
                     title: `More than ${MAX_FAILURES_PER_FILE} ${ruleId} violations in ${relativePath}`,
                     details: `Truncated output: showing first ${MAX_FAILURES_PER_FILE} violations. Consider fixing the root cause.`,
                     files: [relativePath],
-                    hint: `This file has many violations. Fix them systematically or exclude the file if it's legacy code.`
+                    hint: `This file has many violations. Fix them systematically or exclude the file if it's legacy code.`,
+                    severity: 'medium',
+                    provenance: 'traditional',
                 });
             }
             return false;
@@ -61,7 +63,9 @@ export class TypeScriptHandler extends ASTHandler {
                         details: `Use 'const' or 'let' instead of 'var' in ${relativePath}:${line}`,
                         files: [relativePath],
                         line,
-                        hint: `Replace 'var' with 'const' (preferred) or 'let' for modern JavaScript.`
+                        hint: `Replace 'var' with 'const' (preferred) or 'let' for modern JavaScript.`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }
@@ -75,7 +79,9 @@ export class TypeScriptHandler extends ASTHandler {
                         details: `Use ES6 'import' instead of 'require()' in ${relativePath}:${line}`,
                         files: [relativePath],
                         line,
-                        hint: `Replace require('module') with import module from 'module'.`
+                        hint: `Replace require('module') with import module from 'module'.`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }
@@ -91,7 +97,9 @@ export class TypeScriptHandler extends ASTHandler {
                         details: `Use rest parameters (...args) instead of 'arguments' in ${relativePath}:${line}`,
                         files: [relativePath],
                         line,
-                        hint: `Replace 'arguments' with rest parameters: function(...args) { }`
+                        hint: `Replace 'arguments' with rest parameters: function(...args) { }`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }
@@ -105,7 +113,9 @@ export class TypeScriptHandler extends ASTHandler {
                     details: `Prototype pollution vulnerability in ${relativePath}:${line}`,
                     files: [relativePath],
                     line,
-                    hint: `Use Object.getPrototypeOf() or Object.setPrototypeOf() instead of __proto__.`
+                    hint: `Use Object.getPrototypeOf() or Object.setPrototypeOf() instead of __proto__.`,
+                    severity: 'critical',
+                    provenance: 'security',
                 });
             }
             // Check for bracket notation __proto__ access: obj["__proto__"]
@@ -119,7 +129,9 @@ export class TypeScriptHandler extends ASTHandler {
                         details: `Potential prototype pollution via bracket notation in ${relativePath}:${line}`,
                         files: [relativePath],
                         line,
-                        hint: `Block access to '${accessKey}' property when handling user input. Use allowlist for object keys.`
+                        hint: `Block access to '${accessKey}' property when handling user input. Use allowlist for object keys.`,
+                        severity: 'critical',
+                        provenance: 'security',
                     });
                 }
             }
@@ -139,7 +151,9 @@ export class TypeScriptHandler extends ASTHandler {
                                 details: `Object.assign({}, ...) can propagate prototype pollution in ${relativePath}:${line}`,
                                 files: [relativePath],
                                 line,
-                                hint: `Validate and sanitize source objects before merging. Block __proto__ and constructor keys.`
+                                hint: `Validate and sanitize source objects before merging. Block __proto__ and constructor keys.`,
+                                severity: 'high',
+                                provenance: 'security',
                             });
                         }
                     }
@@ -154,11 +168,18 @@ export class TypeScriptHandler extends ASTHandler {
                         title: `Function '${name}' has ${node.parameters.length} parameters (max: ${maxParams})`,
                         details: `High parameter count detected in ${relativePath}`,
                         files: [relativePath],
-                        hint: `Reduce number of parameters or use an options object.`
+                        hint: `Reduce number of parameters or use an options object.`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
                 let complexity = 1;
                 const countComplexity = (n) => {
+                    // Nested functions have their own complexity budget.
+                    // Do not attribute their branches to the parent function.
+                    if (n !== node && ts.isFunctionLike(n)) {
+                        return;
+                    }
                     if (ts.isIfStatement(n) || ts.isCaseClause(n) || ts.isDefaultClause(n) ||
                         ts.isForStatement(n) || ts.isForInStatement(n) || ts.isForOfStatement(n) ||
                         ts.isWhileStatement(n) || ts.isDoStatement(n) || ts.isConditionalExpression(n)) {
@@ -179,7 +200,9 @@ export class TypeScriptHandler extends ASTHandler {
                         title: `Function '${name}' has cyclomatic complexity of ${complexity} (max: ${maxComplexity})`,
                         details: `High complexity detected in ${relativePath}`,
                         files: [relativePath],
-                        hint: `Refactor '${name}' into smaller, more focused functions.`
+                        hint: `Refactor '${name}' into smaller, more focused functions.`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }
@@ -192,7 +215,9 @@ export class TypeScriptHandler extends ASTHandler {
                         title: `Class '${name}' has ${methods.length} methods (max: ${maxMethods})`,
                         details: `God Object pattern detected in ${relativePath}`,
                         files: [relativePath],
-                        hint: `Class '${name}' is becoming too large. Split it into smaller services.`
+                        hint: `Class '${name}' is becoming too large. Split it into smaller services.`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }
@@ -217,7 +242,9 @@ export class TypeScriptHandler extends ASTHandler {
                         title: `Architectural Violation`,
                         details: `'${relativePath}' is forbidden from importing '${importPath}' (denied by boundary rule).`,
                         files: [relativePath],
-                        hint: `Remove this import to maintain architectural layering.`
+                        hint: `Remove this import to maintain architectural layering.`,
+                        severity: 'high',
+                        provenance: 'traditional',
                     });
                 }
             }

package/dist/gates/ast-handlers/universal.js

@@ -114,7 +114,9 @@ export class UniversalASTHandler extends ASTHandler {
                             title: `Method '${name}' has high cognitive load (${cognitive})`,
                             details: `Deeply nested or complex logic detected in ${context.file}.`,
                             files: [context.file],
-                            hint: `Flatten logical branches and extract nested loops.`
+                            hint: `Flatten logical branches and extract nested loops.`,
+                            severity: 'medium',
+                            provenance: 'traditional',
                         });
                     }
                 }
@@ -129,7 +131,9 @@ export class UniversalASTHandler extends ASTHandler {
                         title: `Unsafe function call detected: ${capture.node.text}`,
                         details: `Potentially dangerous execution in ${context.file}.`,
                         files: [context.file],
-                        hint: `Avoid using shell execution or eval. Use safe alternatives.`
+                        hint: `Avoid using shell execution or eval. Use safe alternatives.`,
+                        severity: 'high',
+                        provenance: 'security',
                     });
                 }
             }
@@ -143,7 +147,9 @@ export class UniversalASTHandler extends ASTHandler {
                         title: `Ecosystem anti-pattern detected`,
                         details: `Violation of ${ext} best practices in ${context.file}.`,
                         files: [context.file],
-                        hint: `Review language-specific best practices (e.g., error handling or mutable defaults).`
+                        hint: `Review language-specific best practices (e.g., error handling or mutable defaults).`,
+                        severity: 'medium',
+                        provenance: 'traditional',
                     });
                 }
             }

package/dist/gates/ast.js

@@ -18,7 +18,21 @@ export class ASTGate extends Gate {
     async run(context) {
         const failures = [];
         const patterns = (context.patterns || ['**/*.{ts,js,tsx,jsx,py,go,rs,cs,java,rb,c,cpp,php,swift,kt}']).map(p => p.replace(/\\/g, '/'));
-        const ignore = (context.ignore || ['**/node_modules/**', '**/dist/**', '**/build/**', '**/*.test.*', '**/*.spec.*', '**/__pycache__/**']).map(p => p.replace(/\\/g, '/'));
+        const defaultIgnore = [
+            '**/node_modules/**',
+            '**/dist/**',
+            '**/build/**',
+            '**/studio-dist/**',
+            '**/.next/**',
+            '**/coverage/**',
+            '**/out/**',
+            '**/target/**',
+            '**/examples/**',
+            '**/*.test.*',
+            '**/*.spec.*',
+            '**/__pycache__/**',
+        ];
+        const ignore = [...new Set([...(context.ignore || []), ...defaultIgnore])].map(p => p.replace(/\\/g, '/'));
         const normalizedCwd = context.cwd.replace(/\\/g, '/');
         // Find all supported files
         const files = await globby(patterns, {

package/dist/gates/ast.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/gates/ast.test.js

@@ -0,0 +1,112 @@
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { ASTGate } from './ast.js';
+describe('ASTGate ignore behavior', () => {
+    let testDir;
+    beforeEach(() => {
+        testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ast-gate-test-'));
+    });
+    afterEach(() => {
+        fs.rmSync(testDir, { recursive: true, force: true });
+    });
+    it('keeps default ignores when context.ignore is an empty array', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 1 },
+        });
+        fs.mkdirSync(path.join(testDir, 'node_modules', 'example'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'node_modules', 'example', 'bad.js'), 'function fromDeps(a, b, c) { return a + b + c; }', 'utf-8');
+        fs.mkdirSync(path.join(testDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'src', 'ok.js'), 'function ok(a) { return a; }', 'utf-8');
+        const failures = await gate.run({
+            cwd: testDir,
+            ignore: [],
+        });
+        expect(failures).toHaveLength(0);
+    });
+    it('merges user ignore patterns with default ignores', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 1 },
+        });
+        fs.mkdirSync(path.join(testDir, 'generated'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'generated', 'bad.js'), 'function generated(a, b, c) { return a + b + c; }', 'utf-8');
+        fs.mkdirSync(path.join(testDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'src', 'ok.js'), 'function ok(a) { return a; }', 'utf-8');
+        const failures = await gate.run({
+            cwd: testDir,
+            ignore: ['generated/**'],
+        });
+        expect(failures).toHaveLength(0);
+    });
+    it('ignores generated studio-dist assets by default', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 1 },
+        });
+        fs.mkdirSync(path.join(testDir, 'packages', 'rigour-cli', 'studio-dist', 'assets'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'packages', 'rigour-cli', 'studio-dist', 'assets', 'index.js'), 'function fromBundle(a, b, c) { return a + b + c; }', 'utf-8');
+        const failures = await gate.run({
+            cwd: testDir,
+            ignore: [],
+        });
+        expect(failures).toHaveLength(0);
+    });
+    it('ignores examples directory by default', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 1 },
+        });
+        fs.mkdirSync(path.join(testDir, 'examples', 'demo', 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'examples', 'demo', 'src', 'bad.js'), 'function noisy(a, b, c) { return a + b + c; }', 'utf-8');
+        const failures = await gate.run({
+            cwd: testDir,
+            ignore: [],
+        });
+        expect(failures).toHaveLength(0);
+    });
+    it('sets severity and provenance on AST violations', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 1 },
+        });
+        fs.mkdirSync(path.join(testDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'src', 'bad.js'), 'function tooMany(a, b, c) { return a + b + c; }', 'utf-8');
+        const failures = await gate.run({ cwd: testDir, ignore: [] });
+        const target = failures.find((failure) => failure.id === 'AST_MAX_PARAMS');
+        expect(target).toBeDefined();
+        expect(target?.severity).toBe('medium');
+        expect(target?.provenance).toBe('traditional');
+    });
+    it('marks prototype pollution findings as security-critical', async () => {
+        const gate = new ASTGate({
+            ast: { max_params: 10 },
+        });
+        fs.mkdirSync(path.join(testDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'src', 'pollute.js'), 'const target = {}; target.__proto__ = {};', 'utf-8');
+        const failures = await gate.run({ cwd: testDir, ignore: [] });
+        const target = failures.find((failure) => failure.id === 'SECURITY_PROTOTYPE_POLLUTION');
+        expect(target).toBeDefined();
+        expect(target?.severity).toBe('critical');
+        expect(target?.provenance).toBe('security');
+    });
+    it('does not attribute nested function complexity to parent function', async () => {
+        const gate = new ASTGate({
+            ast: { complexity: 3, max_params: 10 },
+        });
+        fs.mkdirSync(path.join(testDir, 'src'), { recursive: true });
+        fs.writeFileSync(path.join(testDir, 'src', 'nested.ts'), `
+            function outer(flag: boolean) {
+              function inner(x: number) {
+                if (x > 0) { return 1; }
+                if (x < 0) { return -1; }
+                if (x === 0) { return 0; }
+                return 0;
+              }
+              return flag ? inner(1) : inner(-1);
+            }
+            `, 'utf-8');
+        const failures = await gate.run({ cwd: testDir, ignore: [] });
+        const complexityTitles = failures
+            .filter((failure) => failure.id === 'AST_COMPLEXITY')
+            .map((failure) => failure.title);
+        expect(complexityTitles.some((title) => title.includes("'outer'"))).toBe(false);
+    });
+});

package/dist/gates/content.d.ts

@@ -8,4 +8,9 @@ export declare class ContentGate extends Gate {
     private config;
     constructor(config: ContentGateConfig);
     run(context: GateContext): Promise<Failure[]>;
+    private shouldScanFile;
+    private shouldSkipFile;
+    private extractCommentText;
+    private normalizeCommentText;
+    private hasForbiddenMarker;
 }

package/dist/gates/content.js

@@ -1,5 +1,6 @@
 import { Gate } from './base.js';
 import { FileScanner } from '../utils/scanner.js';
+import path from 'path';
 export class ContentGate extends Gate {
     config;
     constructor(config) {
@@ -7,12 +8,12 @@ export class ContentGate extends Gate {
         this.config = config;
     }
     async run(context) {
-        const patterns = [];
+        const markers = [];
         if (this.config.forbidTodos)
-            patterns.push(/TODO/i);
+            markers.push('TODO');
         if (this.config.forbidFixme)
-            patterns.push(/FIXME/i);
-        if (patterns.length === 0)
+            markers.push('FIXME');
+        if (markers.length === 0)
             return [];
         const files = await FileScanner.findFiles({
             cwd: context.cwd,
@@ -22,15 +23,73 @@ export class ContentGate extends Gate {
         const contents = await FileScanner.readFiles(context.cwd, files);
         const failures = [];
         for (const [file, content] of contents) {
+            if (!this.shouldScanFile(file))
+                continue;
+            if (this.shouldSkipFile(file))
+                continue;
             const lines = content.split('\n');
             lines.forEach((line, index) => {
-                for (const pattern of patterns) {
-                    if (pattern.test(line)) {
-                        failures.push(this.createFailure(`Forbidden placeholder '${pattern.source}' found`, [file], 'Remove forbidden comments. address the root cause or create a tracked issue.', undefined, index + 1, index + 1, 'info'));
+                const commentText = this.extractCommentText(line);
+                if (!commentText)
+                    return;
+                const normalizedComment = this.normalizeCommentText(commentText);
+                for (const marker of markers) {
+                    if (this.hasForbiddenMarker(normalizedComment, marker)) {
+                        failures.push(this.createFailure(`Forbidden placeholder '${marker}' found`, [file], 'Remove forbidden comments. address the root cause or create a tracked issue.', undefined, index + 1, index + 1, 'info'));
                     }
                 }
             });
         }
         return failures;
     }
+    shouldScanFile(file) {
+        const ext = path.extname(file).toLowerCase();
+        return new Set([
+            '.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs',
+            '.py', '.go', '.rb', '.java', '.kt', '.cs',
+            '.rs', '.php', '.swift', '.scala', '.sh', '.bash',
+            '.yml', '.yaml', '.json'
+        ]).has(ext);
+    }
+    shouldSkipFile(file) {
+        const normalized = file.replace(/\\/g, '/');
+        return (normalized.includes('/examples/') ||
+            normalized.includes('/__tests__/') ||
+            /\.test\.[^.]+$/i.test(normalized) ||
+            /\.spec\.[^.]+$/i.test(normalized));
+    }
+    extractCommentText(line) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            return null;
+        // Whole-line comments across common languages.
+        if (trimmed.startsWith('//') ||
+            trimmed.startsWith('#') ||
+            trimmed.startsWith('/*') ||
+            trimmed.startsWith('*') ||
+            trimmed.startsWith('<!--')) {
+            return trimmed;
+        }
+        // Inline comments (JS/TS/Go style)
+        const slashIdx = line.indexOf('//');
+        if (slashIdx >= 0)
+            return line.slice(slashIdx);
+        // Inline Python/Ruby shell-style comments
+        const hashIdx = line.indexOf('#');
+        if (hashIdx >= 0)
+            return line.slice(hashIdx);
+        return null;
+    }
+    normalizeCommentText(commentText) {
+        return commentText
+            .trim()
+            .replace(/^(?:\/\/+|#+|\/\*+|\*+|<!--+)\s*/, '')
+            .trim();
+    }
+    hasForbiddenMarker(commentText, marker) {
+        // Treat placeholder markers only when used as actionable prefixes,
+        // e.g. "TODO: ...", not as explanatory references like "count TODO markers".
+        const placeholderPrefix = new RegExp(`^${marker}\\b(?:\\s*[:\\-]|\\s|$)`, 'i');
+        return placeholderPrefix.test(commentText);
+    }
 }

package/dist/gates/content.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/gates/content.test.js

@@ -0,0 +1,73 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { ContentGate } from './content.js';
+describe('ContentGate', () => {
+    let testDir;
+    beforeEach(() => {
+        testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'content-gate-test-'));
+    });
+    afterEach(() => {
+        fs.rmSync(testDir, { recursive: true, force: true });
+    });
+    it('flags TODO and FIXME in comments', async () => {
+        fs.writeFileSync(path.join(testDir, 'app.ts'), `
+            // TODO: remove temporary fallback
+            const value = 1;
+            const x = value; // FIXME clean this before release
+        `);
+        const gate = new ContentGate({ forbidTodos: true, forbidFixme: true });
+        const failures = await gate.run({ cwd: testDir });
+        expect(failures).toHaveLength(2);
+    });
+    it('does not flag TODO or FIXME in non-comment string literals', async () => {
+        fs.writeFileSync(path.join(testDir, 'app.ts'), `
+            const message = "TODO this is user-facing text";
+            const note = "FIXME should not trigger in strings";
+        `);
+        const gate = new ContentGate({ forbidTodos: true, forbidFixme: true });
+        const failures = await gate.run({ cwd: testDir });
+        expect(failures).toHaveLength(0);
+    });
+    it('does not scan markdown files', async () => {
+        fs.writeFileSync(path.join(testDir, 'README.md'), `
+            # TODO
+            This is a product roadmap item.
+        `);
+        const gate = new ContentGate({ forbidTodos: true, forbidFixme: true });
+        const failures = await gate.run({ cwd: testDir });
+        expect(failures).toHaveLength(0);
+    });
+    it('respects config toggles', async () => {
+        fs.writeFileSync(path.join(testDir, 'app.ts'), `
+            // TODO: one
+            // FIXME: two
+        `);
+        const todoOnly = new ContentGate({ forbidTodos: true, forbidFixme: false });
+        const todoFailures = await todoOnly.run({ cwd: testDir });
+        expect(todoFailures).toHaveLength(1);
+        expect(todoFailures[0].details).toContain("TODO");
+        const fixmeOnly = new ContentGate({ forbidTodos: false, forbidFixme: true });
+        const fixmeFailures = await fixmeOnly.run({ cwd: testDir });
+        expect(fixmeFailures).toHaveLength(1);
+        expect(fixmeFailures[0].details).toContain("FIXME");
+    });
+    it('does not flag explanatory mentions of TODO/FIXME in comments', async () => {
+        fs.writeFileSync(path.join(testDir, 'notes.ts'), `
+            // counts TODO and FIXME markers from parsed files
+            const metrics = true;
+        `);
+        const gate = new ContentGate({ forbidTodos: true, forbidFixme: true });
+        const failures = await gate.run({ cwd: testDir });
+        expect(failures).toHaveLength(0);
+    });
+    it('skips test/spec files', async () => {
+        fs.writeFileSync(path.join(testDir, 'sample.test.ts'), `
+            // TODO: this should not be checked by content gate
+        `);
+        const gate = new ContentGate({ forbidTodos: true, forbidFixme: true });
+        const failures = await gate.run({ cwd: testDir });
+        expect(failures).toHaveLength(0);
+    });
+});

package/dist/gates/context-window-artifacts.d.ts

@@ -28,6 +28,7 @@ export declare class ContextWindowArtifactsGate extends Gate {
     constructor(config?: ContextWindowArtifactsConfig);
     protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
+    private shouldSkipFile;
     private analyzeFile;
     private measureHalf;
     private measureFunctionLengths;

package/dist/gates/context-window-artifacts.js

@@ -26,9 +26,9 @@ export class ContextWindowArtifactsGate extends Gate {
         super('context-window-artifacts', 'Context Window Artifact Detection');
         this.config = {
             enabled: config.enabled ?? true,
-            min_file_lines: config.min_file_lines ?? 100,
-            degradation_threshold: config.degradation_threshold ?? 0.4,
-            signals_required: config.signals_required ?? 2,
+            min_file_lines: config.min_file_lines ?? 180,
+            degradation_threshold: config.degradation_threshold ?? 0.55,
+            signals_required: config.signals_required ?? 4,
         };
     }
     get provenance() { return 'ai-drift'; }
@@ -43,6 +43,8 @@ export class ContextWindowArtifactsGate extends Gate {
         });
         Logger.info(`Context Window Artifacts: Scanning ${files.length} files`);
         for (const file of files) {
+            if (this.shouldSkipFile(file))
+                continue;
             try {
                 const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
                 const lines = content.split('\n');
@@ -60,6 +62,11 @@ export class ContextWindowArtifactsGate extends Gate {
         }
         return failures;
     }
+    shouldSkipFile(file) {
+        const normalized = file.replace(/\\/g, '/');
+        return (normalized.includes('/examples/') ||
+            normalized.includes('/src/gates/'));
+    }
     analyzeFile(content, file) {
         const lines = content.split('\n');
         const midpoint = Math.floor(lines.length / 2);

package/dist/gates/context.d.ts

@@ -41,4 +41,5 @@ export declare class ContextGate extends Gate {
      */
     private detectCasing;
     private addPattern;
+    private stripComments;
 }

package/dist/gates/context.js

@@ -24,7 +24,13 @@ export class ContextGate extends Gate {
         const record = context.record;
         if (!record || !this.extendedConfig.enabled)
             return [];
-        const files = await FileScanner.findFiles({ cwd: context.cwd });
+        const files = await FileScanner.findFiles({
+            cwd: context.cwd,
+            patterns: ['**/*.{ts,js,tsx,jsx,py,go,java,cs,rb,kt,swift,rs,php}'],
+            ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/build/**',
+                '**/studio-dist/**', '**/.next/**', '**/coverage/**', '**/out/**',
+                '**/*.test.*', '**/*.spec.*', '**/examples/**', '**/docs/**'],
+        });
         const envAnchors = record.anchors.filter(a => a.type === 'env' && a.confidence >= 1);
         // Collect all patterns across files for cross-file analysis
         const namingPatterns = new Map();
@@ -32,12 +38,13 @@ export class ContextGate extends Gate {
         for (const file of files) {
             try {
                 const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
+                const codeContent = this.stripComments(content);
                 // 1. Original: Detect Redundant Suffixes (The Golden Example)
-                this.checkEnvDrift(content, file, envAnchors, failures);
+                this.checkEnvDrift(codeContent, file, envAnchors, failures);
                 // 2. NEW: Cross-file pattern collection
                 if (this.extendedConfig.cross_file_patterns) {
-                    this.collectNamingPatterns(content, file, namingPatterns);
-                    this.collectImportPatterns(content, file, importPatterns);
+                    this.collectNamingPatterns(codeContent, file, namingPatterns);
+                    this.collectImportPatterns(codeContent, file, importPatterns);
                 }
             }
             catch (e) { }
@@ -158,11 +165,13 @@ export class ContextGate extends Gate {
                 if (imp.startsWith('.') || imp.startsWith('..')) {
                     relativeCount.set(file, (relativeCount.get(file) || 0) + 1);
                 }
-                else if (!imp.startsWith('@') && !imp.includes('/')) {
-                    // Skip external packages
-                }
                 else {
-                    absoluteCount.set(file, (absoluteCount.get(file) || 0) + 1);
+                    // Count only local alias styles as "absolute local imports".
+                    // Scoped packages like @rigour-labs/core should be treated as external.
+                    const isLocalAlias = imp.startsWith('@/') || imp.startsWith('~/') || imp.startsWith('src/');
+                    if (isLocalAlias) {
+                        absoluteCount.set(file, (absoluteCount.get(file) || 0) + 1);
+                    }
                 }
             }
         }
@@ -203,4 +212,16 @@ export class ContextGate extends Gate {
         }
         patterns.get(type).push(entry);
     }
+    stripComments(content) {
+        // Remove block comments first, then strip line comments.
+        const noBlockComments = content.replace(/\/\*[\s\S]*?\*\//g, '');
+        const lines = noBlockComments.split('\n').map((line) => {
+            const trimmed = line.trim();
+            if (trimmed.startsWith('//') || trimmed.startsWith('#')) {
+                return '';
+            }
+            return line.replace(/\/\/.*$/, '');
+        });
+        return lines.join('\n');
+    }
 }

package/dist/gates/deep-analysis.js

@@ -40,10 +40,10 @@ export class DeepAnalysisGate extends Gate {
             ]);
             const isLocal = !this.config.options.apiKey || this.config.options.provider === 'local';
             if (isLocal) {
-                onProgress?.('\n  🔒 100% local analysis. Your code never leaves this machine.\n');
+                onProgress?.('\n  🔒 Local sidecar/model execution. Code remains on this machine.\n');
             }
             else {
-                onProgress?.(`\n  ☁️  Using ${this.config.options.provider} API. Code is sent to cloud.\n`);
+                onProgress?.(`\n  ☁️  Using ${this.config.options.provider} API. Code context may be sent to the provider.\n`);
             }
             // Step 1: AST extracts facts
             onProgress?.('  Extracting code facts...');

package/dist/gates/deprecated-apis.d.ts

@@ -46,6 +46,7 @@ export declare class DeprecatedApisGate extends Gate {
     constructor(config?: DeprecatedApisConfig);
     protected get provenance(): Provenance;
     run(context: GateContext): Promise<Failure[]>;
+    private shouldSkipFile;
     private checkNodeDeprecated;
     private checkWebDeprecated;
     private checkPythonDeprecated;