@rigour-labs/core 5.1.0 → 5.1.2

package/dist/gates/ast.js

@@ -39,22 +39,26 @@ export class ASTGate extends Gate {
             cwd: normalizedCwd,
             ignore: ignore,
         });
-        for (const file of files) {
-            const handler = this.handlers.find(h => h.supports(file));
-            if (!handler)
-                continue;
-            const fullPath = path.join(context.cwd, file);
-            try {
+        // Process files concurrently in batches for performance
+        const CONCURRENCY = 16;
+        for (let i = 0; i < files.length; i += CONCURRENCY) {
+            const batch = files.slice(i, i + CONCURRENCY);
+            const results = await Promise.allSettled(batch.map(async (file) => {
+                const handler = this.handlers.find(h => h.supports(file));
+                if (!handler)
+                    return [];
+                const fullPath = path.join(context.cwd, file);
                 const content = await fs.readFile(fullPath, 'utf-8');
-                const gateFailures = await handler.run({
+                return handler.run({
                     cwd: context.cwd,
                     file: file,
                     content
                 });
-                failures.push(...gateFailures);
-            }
-            catch (error) {
-                // Individual file read failures shouldn't crash the whole run
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled' && result.value.length > 0) {
+                    failures.push(...result.value);
+                }
             }
         }
         return failures;

package/dist/gates/context-window-artifacts.js

@@ -43,23 +43,29 @@ export class ContextWindowArtifactsGate extends Gate {
             ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/*.test.*', '**/*.spec.*', '**/*.min.*'],
         });
         Logger.info(`Context Window Artifacts: Scanning ${files.length} files`);
-        for (const file of files) {
-            if (this.shouldSkipFile(file))
-                continue;
-            try {
+        const CONCURRENCY = 16;
+        for (let i = 0; i < files.length; i += CONCURRENCY) {
+            const batch = files.slice(i, i + CONCURRENCY);
+            const results = await Promise.allSettled(batch.map(async (file) => {
+                if (this.shouldSkipFile(file))
+                    return null;
                 const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
                 const lines = content.split('\n');
                 if (lines.length < this.config.min_file_lines)
-                    continue;
+                    return null;
                 const metrics = this.analyzeFile(content, file, path.join(context.cwd, file));
                 if (metrics && metrics.signals.length >= this.config.signals_required &&
                     metrics.degradationScore >= this.config.degradation_threshold) {
                     const signalList = metrics.signals.map(s => `  • ${s}`).join('\n');
                     const midpoint = Math.floor(metrics.totalLines / 2);
-                    failures.push(this.createFailure(`Context window artifact detected in ${file} (${metrics.totalLines} lines, degradation: ${(metrics.degradationScore * 100).toFixed(0)}%):\n${signalList}`, [file], `This file shows quality degradation from top to bottom, a pattern typical of AI context window exhaustion. Consider refactoring the bottom half or splitting the file. The quality drop begins around line ${midpoint}.`, 'Context Window Artifacts', midpoint, undefined, 'high'));
+                    return this.createFailure(`Context window artifact detected in ${file} (${metrics.totalLines} lines, degradation: ${(metrics.degradationScore * 100).toFixed(0)}%):\n${signalList}`, [file], `This file shows quality degradation from top to bottom, a pattern typical of AI context window exhaustion. Consider refactoring the bottom half or splitting the file. The quality drop begins around line ${midpoint}.`, 'Context Window Artifacts', midpoint, undefined, 'high');
                 }
+                return null;
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled' && result.value)
+                    failures.push(result.value);
             }
-            catch (e) { }
         }
         return failures;
     }

package/dist/gates/deep-analysis.js

@@ -50,9 +50,20 @@ export class DeepAnalysisGate extends Gate {
             // Step 0: Initialize inference provider (with timeout)
             onProgress?.('\n  Setting up Rigour Brain...\n');
             this.provider = createProvider(this.config.options);
+            // Pre-check availability to fail fast instead of hanging on install
+            const isLocalProvider = !this.config.options.apiKey || this.config.options.provider === 'local';
+            if (isLocalProvider) {
+                const available = await this.provider.isAvailable();
+                if (!available) {
+                    onProgress?.('  ⚠ Local inference binary not found. Attempting auto-install...');
+                    onProgress?.('  (This may take a moment on first run)');
+                }
+            }
             await Promise.race([
                 this.provider.setup(onProgress),
-                new Promise((_, reject) => setTimeout(() => reject(new Error('Setup timed out. Check network or model availability.')), SETUP_TIMEOUT_MS)),
+                new Promise((_, reject) => setTimeout(() => reject(new Error('Deep analysis setup timed out.\n' +
+                    '  If local: run `rigour doctor` to check sidecar binary status.\n' +
+                    '  If cloud: check your API key with `rigour settings show`.')), SETUP_TIMEOUT_MS)),
             ]);
             const isLocal = !this.config.options.apiKey || this.config.options.provider === 'local';
             if (isLocal) {

package/dist/gates/environment.js

@@ -21,7 +21,7 @@ export class EnvironmentGate extends Gate {
             // Ensure range is a string
             const semverRange = String(range);
             try {
-                const { stdout } = await execa(tool, ['--version'], { shell: true });
+                const { stdout } = await execa(tool, ['--version']);
                 const versionMatch = stdout.match(/(\d+\.\d+\.\d+)/);
                 if (versionMatch) {
                     const version = versionMatch[1];

package/dist/gates/inconsistent-error-handling.js

@@ -48,17 +48,20 @@ export class InconsistentErrorHandlingGate extends Gate {
             ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/*.test.*', '**/*.spec.*'],
         });
         Logger.info(`Inconsistent Error Handling: Scanning ${files.length} files`);
-        for (const file of files) {
-            if (this.shouldSkipFile(file))
-                continue;
-            try {
+        const CONCURRENCY = 16;
+        for (let i = 0; i < files.length; i += CONCURRENCY) {
+            const batch = files.slice(i, i + CONCURRENCY);
+            const results = await Promise.allSettled(batch.map(async (file) => {
+                if (this.shouldSkipFile(file))
+                    return [];
                 const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
                 const adapter = languageAdapters.getAdapter(file);
                 if (!adapter)
-                    continue;
+                    return [];
+                const localHandlers = [];
                 const errorHandlerFacts = adapter.extractErrorHandlers(content);
                 for (const fact of errorHandlerFacts) {
-                    handlers.push({
+                    localHandlers.push({
                         file,
                         line: fact.startLine,
                         errorType: fact.type,
@@ -66,8 +69,12 @@ export class InconsistentErrorHandlingGate extends Gate {
                         rawPattern: fact.body.split('\n')[0]?.trim() || '',
                     });
                 }
+                return localHandlers;
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled')
+                    handlers.push(...result.value);
             }
-            catch (e) { }
         }
         // Group by error type
         const byType = new Map();

package/dist/gates/promise-safety.js

@@ -44,21 +44,19 @@ export class PromiseSafetyGate extends Gate {
                 '**/bin/Debug/**', '**/bin/Release/**', '**/obj/**', '**/venv/**', '**/.venv/**'],
         });
         Logger.info(`Async Safety: Scanning ${files.length} files across all languages`);
-        for (const file of files) {
-            if (this.config.ignore_patterns.some(p => new RegExp(p).test(file)))
-                continue;
-            if (this.shouldSkipFile(file))
-                continue;
-            const lang = detectLang(file);
-            if (lang === 'unknown')
-                continue;
-            try {
+        const CONCURRENCY = 16;
+        const filteredFiles = files.filter(file => !this.config.ignore_patterns.some(p => new RegExp(p).test(file)) &&
+            !this.shouldSkipFile(file) &&
+            detectLang(file) !== 'unknown');
+        for (let i = 0; i < filteredFiles.length; i += CONCURRENCY) {
+            const batch = filteredFiles.slice(i, i + CONCURRENCY);
+            await Promise.allSettled(batch.map(async (file) => {
+                const lang = detectLang(file);
                 const fullPath = path.join(context.cwd, file);
                 const content = await fs.readFile(fullPath, 'utf-8');
                 const lines = content.split('\n');
                 this.scanFile(lang, lines, content, file, violations);
-            }
-            catch { /* skip */ }
+            }));
         }
         return this.buildFailures(violations);
     }

package/dist/gates/runner.js

@@ -139,8 +139,13 @@ export class GateRunner {
         // Create shared file cache for all gates (solves memory bloat on large repos)
         const fileCache = new FileSystemCache();
         // 1. Run internal gates
+        const onProgress = deepOptions?.onProgress;
+        const totalGates = this.gates.length;
+        let gateIndex = 0;
         for (const gate of this.gates) {
+            gateIndex++;
             try {
+                onProgress?.(`  [${gateIndex}/${totalGates}] Running ${gate.id}...`);
                 const gateFailures = await gate.run({ cwd, record, ignore, patterns, fileCache });
                 if (gateFailures.length > 0) {
                     failures.push(...gateFailures);
@@ -173,7 +178,10 @@ export class GateRunner {
                 }
                 try {
                     Logger.info(`Running command gate: ${key} (${cmd})`);
-                    await execa(cmd, { shell: true, cwd });
+                    const parts = cmd.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g) || [cmd];
+                    const bin = parts[0];
+                    const args = parts.slice(1).map(a => a.replace(/^["']|["']$/g, ''));
+                    await execa(bin, args, { cwd });
                     summary[key] = 'PASS';
                 }
                 catch (error) {
@@ -219,7 +227,7 @@ export class GateRunner {
                     enabled: true,
                     tier: deepTier,
                     model: isLocalDeepExecution
-                        ? (deepOptions.pro ? 'Qwen2.5-Coder-1.5B' : 'Qwen3.5-0.8B')
+                        ? (deepOptions.pro ? 'Qwen2.5-Coder-1.5B' : 'Qwen2.5-Coder-0.5B')
                         : (deepOptions.modelName || deepOptions.provider || 'cloud'),
                     total_ms: Date.now() - deepSetupStart,
                     findings_count: deepFailures.length,
@@ -247,8 +255,10 @@ export class GateRunner {
         // Replace failures array with deduplicated version
         failures.length = 0;
         failures.push(...deduped);
-        // Step 2: Calculate per-gate deductions with cap
-        const PER_GATE_CAP = 30; // No single gate can deduct more than 30 points
+        // Step 2: Calculate per-gate deductions with dynamic cap
+        // Cap scales with number of failing gates so score doesn't floor at 0 too easily
+        const uniqueFailingGates = new Set(failures.map(f => f.id || 'unknown')).size;
+        const PER_GATE_CAP = uniqueFailingGates > 0 ? Math.max(5, Math.floor(80 / uniqueFailingGates)) : 30;
         const severityBreakdown = {};
         const gateDeductions = new Map();
         for (const f of failures) {
@@ -258,12 +268,16 @@ export class GateRunner {
             const gateId = f.id || 'unknown';
             gateDeductions.set(gateId, (gateDeductions.get(gateId) || 0) + weight);
         }
-        // Step 3: Apply cap per gate and sum
+        // Step 3: Apply cap per gate and sum (max deduction capped at 90 so score never hits 0)
         let totalDeduction = 0;
         for (const [_gateId, deduction] of gateDeductions) {
             totalDeduction += Math.min(deduction, PER_GATE_CAP);
         }
-        const score = Math.max(0, 100 - totalDeduction);
+        // Cap total deduction at 90 so score has a meaningful floor
+        // (0 is reserved for catastrophic failures only)
+        const hasCritical = failures.some(f => f.severity === 'critical');
+        const maxDeduction = hasCritical ? 100 : 90;
+        const score = Math.max(0, 100 - Math.min(totalDeduction, maxDeduction));
         // Two-score system: separate AI health from structural quality
         // IMPORTANT: Only ai-drift affects ai_health_score, only traditional affects structural_score.
         // Security and governance affect the overall score but NOT the sub-scores,

package/dist/gates/runner.test.js

@@ -35,7 +35,7 @@ describe('GateRunner deep stats execution mode', () => {
             pro: false,
         });
         expect(report.stats.deep?.tier).toBe('lite');
-        expect(report.stats.deep?.model).toBe('Qwen3.5-0.8B');
+        expect(report.stats.deep?.model).toBe('Qwen2.5-Coder-0.5B');
     });
     it('reports local deep tier when provider=local and pro=true', async () => {
         vi.spyOn(DeepAnalysisGate.prototype, 'run').mockResolvedValue([]);

package/dist/gates/side-effect-analysis/index.js

@@ -95,20 +95,19 @@ export class SideEffectAnalysisGate extends Gate {
             ],
         });
         Logger.info(`Side-Effect Analysis: Scanning ${files.length} files`);
-        for (const file of files) {
-            if (this.cfg.ignore_patterns.some(p => new RegExp(p).test(file)))
-                continue;
-            const ext = path.extname(file).toLowerCase();
-            const lang = LANG_MAP[ext];
-            if (!lang)
-                continue;
-            try {
+        const CONCURRENCY = 16;
+        const filteredFiles = files.filter(file => !this.cfg.ignore_patterns.some(p => new RegExp(p).test(file)) &&
+            LANG_MAP[path.extname(file).toLowerCase()]);
+        for (let i = 0; i < filteredFiles.length; i += CONCURRENCY) {
+            const batch = filteredFiles.slice(i, i + CONCURRENCY);
+            await Promise.allSettled(batch.map(async (file) => {
+                const ext = path.extname(file).toLowerCase();
+                const lang = LANG_MAP[ext];
                 const fullPath = path.join(context.cwd, file);
                 const content = await fs.readFile(fullPath, 'utf-8');
                 const lines = content.split('\n');
                 this.scanFile(lang, lines, content, file, violations);
-            }
-            catch { /* skip unreadable files */ }
+            }));
         }
         return violations.map(v => violationToFailure(v, (msg, files, hint, title, sl, el, sev) => this.createFailure(msg, files, hint, title, sl, el, sev)));
     }

package/dist/gates/test-quality.js

@@ -68,36 +68,47 @@ export class TestQualityGate extends Gate {
                 '**/target/**', '**/.gradle/**', '**/out/**'],
         });
         Logger.info(`Test Quality: Scanning ${files.length} test files`);
-        for (const file of files) {
-            try {
+        const CONCURRENCY = 16;
+        for (let i = 0; i < files.length; i += CONCURRENCY) {
+            const batch = files.slice(i, i + CONCURRENCY);
+            const results = await Promise.allSettled(batch.map(async (file) => {
                 const fullPath = path.join(context.cwd, file);
                 const content = await fs.readFile(fullPath, 'utf-8');
                 const ext = path.extname(file);
                 const adapter = languageAdapters.getAdapter(file);
                 if (!adapter)
-                    continue;
-                const langConfig = {
-                    check_empty_tests: this.config.check_empty_tests,
-                    check_tautological: this.config.check_tautological,
-                    check_mock_heavy: this.config.check_mock_heavy,
-                    max_mocks_per_test: this.config.max_mocks_per_test,
-                };
+                    return [];
+                const localIssues = [];
                 switch (adapter.id) {
                     case 'js':
-                        this.checkJSTestQuality(content, file, issues);
+                        this.checkJSTestQuality(content, file, localIssues);
                         break;
                     case 'python':
-                        this.checkPythonTestQuality(content, file, issues);
+                        this.checkPythonTestQuality(content, file, localIssues);
                         break;
                     case 'go':
-                        checkGoTestQuality(content, file, issues, langConfig);
+                        checkGoTestQuality(content, file, localIssues, {
+                            check_empty_tests: this.config.check_empty_tests,
+                            check_tautological: this.config.check_tautological,
+                            check_mock_heavy: this.config.check_mock_heavy,
+                            max_mocks_per_test: this.config.max_mocks_per_test,
+                        });
                         break;
                     case 'java':
-                        checkJavaKotlinTestQuality(content, file, ext, issues, langConfig);
+                        checkJavaKotlinTestQuality(content, file, ext, localIssues, {
+                            check_empty_tests: this.config.check_empty_tests,
+                            check_tautological: this.config.check_tautological,
+                            check_mock_heavy: this.config.check_mock_heavy,
+                            max_mocks_per_test: this.config.max_mocks_per_test,
+                        });
                         break;
                 }
+                return localIssues;
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled')
+                    issues.push(...result.value);
             }
-            catch { /* skip */ }
         }
         // Group by file
         const byFile = new Map();

package/dist/hooks/dlp-templates.d.ts

@@ -7,7 +7,7 @@
  *
  * Hook events:
  * - Claude Code: PreToolUse matcher (all tools)
- * - Cursor: beforeFileEdit event
+ * - Cursor: beforeSubmitPrompt event (scans user input before agent sees it)
  * - Cline: PreToolUse executable script
  * - Windsurf: pre_write_code event
  *

package/dist/hooks/dlp-templates.js

@@ -7,7 +7,7 @@
  *
  * Hook events:
  * - Claude Code: PreToolUse matcher (all tools)
- * - Cursor: beforeFileEdit event
+ * - Cursor: beforeSubmitPrompt event (scans user input before agent sees it)
  * - Cline: PreToolUse executable script
  * - Windsurf: pre_write_code event
  *
@@ -61,7 +61,7 @@ function generateCursorDLPHooks(checkerCommand) {
     const hooks = {
         version: 1,
         hooks: {
-            beforeFileEdit: [
+            beforeSubmitPrompt: [
                 {
                     command: `${checkerCommand} --mode dlp --stdin`,
                 }

package/dist/index.d.ts

@@ -9,6 +9,7 @@ export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
 export { SideEffectAnalysisGate } from './gates/side-effect-analysis/index.js';
 export { FrontendSecretExposureGate } from './gates/frontend-secret-exposure.js';
 export * from './utils/logger.js';
+export { FileScanner } from './utils/scanner.js';
 export * from './services/score-history.js';
 export * from './hooks/index.js';
 export { loadSettings, saveSettings, getSettingsPath, resolveDeepOptions, getProviderKey, getAgentConfig, getCliPreferences, updateProviderKey, removeProviderKey } from './settings.js';
@@ -27,3 +28,5 @@ export { generateTemporalDriftReport, formatDriftSummary } from './services/temp
 export type { TemporalDriftReport, ProvenanceStream, MonthlyBucket, WeeklyBucket, DriftDirection } from './services/temporal-drift.js';
 export { getProvenanceTrends, getQualityTrend } from './services/adaptive-thresholds.js';
 export type { ProvenanceTrends, ProvenanceRunData } from './services/adaptive-thresholds.js';
+export { IncrementalCache } from './services/incremental-cache.js';
+export type { IncrementalResult } from './services/incremental-cache.js';

package/dist/index.js

@@ -9,6 +9,7 @@ export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
 export { SideEffectAnalysisGate } from './gates/side-effect-analysis/index.js';
 export { FrontendSecretExposureGate } from './gates/frontend-secret-exposure.js';
 export * from './utils/logger.js';
+export { FileScanner } from './utils/scanner.js';
 export * from './services/score-history.js';
 export * from './hooks/index.js';
 // Settings Module (Global user config at ~/.rigour/settings.json)
@@ -27,6 +28,8 @@ export { checkLocalPatterns, persistAndReinforce, getProjectStats } from './stor
 export { generateTemporalDriftReport, formatDriftSummary } from './services/temporal-drift.js';
 // Adaptive Thresholds (v5 — Z-score + per-provenance trends)
 export { getProvenanceTrends, getQualityTrend } from './services/adaptive-thresholds.js';
+// Incremental Cache (cross-run file change detection)
+export { IncrementalCache } from './services/incremental-cache.js';
 // Pattern Index is intentionally NOT exported here to prevent
 // native dependency issues (sharp/transformers) from leaking into
 // non-AI parts of the system.

package/dist/inference/index.js

@@ -19,7 +19,7 @@ export function createProvider(options) {
     }
     // Default: local sidecar
     // deep = Qwen2.5-Coder-1.5B (full power, company-hosted)
-    // lite = Qwen3.5-0.8B (lightweight, default CLI sidecar)
+    // lite = Qwen2.5-Coder-0.5B (lightweight, default CLI sidecar)
     const tier = options.pro ? 'deep' : 'lite';
     return new SidecarProvider(tier);
 }

package/dist/services/incremental-cache.d.ts

@@ -0,0 +1,42 @@
+/**
+ * IncrementalCache — Cross-run file change detection.
+ *
+ * Stores file metadata (mtime + size) in .rigour/scan-cache.json.
+ * On subsequent runs, compares against current state to detect changes.
+ * If zero files changed, the cached report can be reused instantly.
+ *
+ * This turns repeated scans from O(files × gates) → O(files) stat calls.
+ * Demo moment: "Second scan finishes in 50ms because nothing changed."
+ */
+import type { Report } from '../types/index.js';
+export interface IncrementalResult {
+    /** true = all files unchanged, report is valid */
+    hit: boolean;
+    /** Cached report (only if hit=true) */
+    report?: Report;
+    /** Files that changed since last scan (only if hit=false) */
+    changedFiles?: string[];
+    /** Total files checked */
+    totalFiles: number;
+    /** Time spent on cache check (ms) */
+    checkMs: number;
+}
+export declare class IncrementalCache {
+    private cwd;
+    private cachePath;
+    constructor(cwd: string);
+    /**
+     * Check if files have changed since last scan.
+     * Returns { hit: true, report } if nothing changed.
+     * Returns { hit: false, changedFiles } otherwise.
+     */
+    check(currentFiles: string[], configStr: string): Promise<IncrementalResult>;
+    /**
+     * Save current scan results for next incremental check.
+     */
+    save(files: string[], configStr: string, report: Report): Promise<void>;
+    /**
+     * Invalidate the cache (e.g., for --no-cache).
+     */
+    invalidate(): Promise<void>;
+}

package/dist/services/incremental-cache.js

@@ -0,0 +1,157 @@
+/**
+ * IncrementalCache — Cross-run file change detection.
+ *
+ * Stores file metadata (mtime + size) in .rigour/scan-cache.json.
+ * On subsequent runs, compares against current state to detect changes.
+ * If zero files changed, the cached report can be reused instantly.
+ *
+ * This turns repeated scans from O(files × gates) → O(files) stat calls.
+ * Demo moment: "Second scan finishes in 50ms because nothing changed."
+ */
+import fs from 'fs-extra';
+import path from 'path';
+/**
+ * Simple string hash for config diffing (not cryptographic).
+ */
+function quickHash(str) {
+    let hash = 0;
+    for (let i = 0; i < str.length; i++) {
+        const char = str.charCodeAt(i);
+        hash = ((hash << 5) - hash) + char;
+        hash |= 0; // Convert to 32-bit integer
+    }
+    return hash.toString(36);
+}
+export class IncrementalCache {
+    cwd;
+    cachePath;
+    constructor(cwd) {
+        this.cwd = cwd;
+        this.cachePath = path.join(cwd, '.rigour', 'scan-cache.json');
+    }
+    /**
+     * Check if files have changed since last scan.
+     * Returns { hit: true, report } if nothing changed.
+     * Returns { hit: false, changedFiles } otherwise.
+     */
+    async check(currentFiles, configStr) {
+        const start = Date.now();
+        // Load previous cache
+        let cache = null;
+        try {
+            if (await fs.pathExists(this.cachePath)) {
+                cache = await fs.readJson(this.cachePath);
+            }
+        }
+        catch {
+            // Corrupted cache — treat as miss
+            cache = null;
+        }
+        // No cache or version mismatch → full scan
+        if (!cache || cache.version !== 2) {
+            return { hit: false, totalFiles: currentFiles.length, checkMs: Date.now() - start };
+        }
+        // Config changed → full scan (gates may have changed)
+        const currentConfigHash = quickHash(configStr);
+        if (cache.configHash !== currentConfigHash) {
+            return { hit: false, totalFiles: currentFiles.length, checkMs: Date.now() - start };
+        }
+        // Check for file changes: added, removed, or modified
+        const previousFiles = new Set(Object.keys(cache.files));
+        const currentSet = new Set(currentFiles);
+        const changedFiles = [];
+        // Stat all current files in parallel (batched for OS fd limits)
+        const BATCH = 64;
+        const statMap = new Map();
+        for (let i = 0; i < currentFiles.length; i += BATCH) {
+            const batch = currentFiles.slice(i, i + BATCH);
+            const results = await Promise.allSettled(batch.map(async (file) => {
+                const fullPath = path.join(this.cwd, file);
+                const stat = await fs.stat(fullPath);
+                return { file, mtimeMs: stat.mtimeMs, size: stat.size };
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled') {
+                    statMap.set(result.value.file, {
+                        mtimeMs: result.value.mtimeMs,
+                        size: result.value.size,
+                    });
+                }
+            }
+        }
+        // Detect changes
+        for (const file of currentFiles) {
+            const current = statMap.get(file);
+            if (!current)
+                continue; // couldn't stat — consider changed
+            const prev = cache.files[file];
+            if (!prev) {
+                // New file
+                changedFiles.push(file);
+            }
+            else if (current.mtimeMs !== prev.mtimeMs || current.size !== prev.size) {
+                // Modified file
+                changedFiles.push(file);
+            }
+        }
+        // Check for removed files
+        for (const prevFile of previousFiles) {
+            if (!currentSet.has(prevFile)) {
+                changedFiles.push(prevFile); // Removed file counts as "changed"
+            }
+        }
+        const checkMs = Date.now() - start;
+        if (changedFiles.length === 0) {
+            // Cache hit! Reuse the report but update the timestamp in report
+            const cachedReport = cache.report;
+            cachedReport.stats.duration_ms = checkMs;
+            cachedReport.stats.cached = true;
+            return { hit: true, report: cachedReport, totalFiles: currentFiles.length, checkMs };
+        }
+        return { hit: false, changedFiles, totalFiles: currentFiles.length, checkMs };
+    }
+    /**
+     * Save current scan results for next incremental check.
+     */
+    async save(files, configStr, report) {
+        // Stat all files for the cache
+        const fileEntries = {};
+        const BATCH = 64;
+        for (let i = 0; i < files.length; i += BATCH) {
+            const batch = files.slice(i, i + BATCH);
+            const results = await Promise.allSettled(batch.map(async (file) => {
+                const fullPath = path.join(this.cwd, file);
+                const stat = await fs.stat(fullPath);
+                return { file, mtimeMs: stat.mtimeMs, size: stat.size };
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled') {
+                    fileEntries[result.value.file] = {
+                        mtimeMs: result.value.mtimeMs,
+                        size: result.value.size,
+                    };
+                }
+            }
+        }
+        const cache = {
+            version: 2,
+            timestamp: new Date().toISOString(),
+            configHash: quickHash(configStr),
+            files: fileEntries,
+            report,
+        };
+        await fs.ensureDir(path.dirname(this.cachePath));
+        await fs.writeJson(this.cachePath, cache);
+    }
+    /**
+     * Invalidate the cache (e.g., for --no-cache).
+     */
+    async invalidate() {
+        try {
+            await fs.remove(this.cachePath);
+        }
+        catch {
+            // Ignore
+        }
+    }
+}

package/dist/services/score-history.js

@@ -86,13 +86,21 @@ export function getScoreTrend(cwd) {
     }
     const previousAvg = previousScores.reduce((a, b) => a + b, 0) / previousScores.length;
     const delta = recentAvg - previousAvg;
+    // If all recent scores are the same (e.g. all 0 or all 100), trend is stable
+    const allSame = recentScores.every(s => s === recentScores[0]);
     let direction;
-    if (delta > 3)
+    if (allSame && previousScores.length > 0 && previousScores.every(s => s === recentScores[0])) {
+        direction = 'stable';
+    }
+    else if (delta > 3) {
         direction = 'improving';
-    else if (delta < -3)
+    }
+    else if (delta < -3) {
         direction = 'degrading';
-    else
+    }
+    else {
         direction = 'stable';
+    }
     return {
         direction,
         delta: Math.round(delta * 10) / 10,

package/dist/services/temporal-drift.js

@@ -79,6 +79,7 @@ function toWeekKey(timestamp) {
     return monday.toISOString().split('T')[0];
 }
 // ─── Main Engine ────────────────────────────────────────────────────
+let _sqliteWarningShown = false;
 /**
  * Generate a complete temporal drift report for a project.
  *
@@ -91,7 +92,10 @@ function toWeekKey(timestamp) {
 export async function generateTemporalDriftReport(cwd, maxScans = 200) {
     const db = await openDatabase();
     if (!db) {
-        Logger.warn('Temporal drift: SQLite not available');
+        if (!_sqliteWarningShown) {
+            _sqliteWarningShown = true;
+            Logger.warn('Temporal drift: SQLite not available — install sqlite3 to enable scan history');
+        }
         return null;
     }
     const repo = path.basename(cwd);

package/dist/storage/db.js

@@ -19,13 +19,27 @@ function loadSqlite3() {
     if (_resolved)
         return sqlite3Module;
     _resolved = true;
-    try {
-        const require = createRequire(import.meta.url);
-        sqlite3Module = require('sqlite3');
-    }
-    catch {
-        sqlite3Module = null;
+    // Try multiple resolution paths:
+    // 1. Relative to this package (works when sqlite3 is installed in monorepo)
+    // 2. Relative to cwd (works when user installs sqlite3 in their project)
+    // 3. Relative to global node_modules (works for global installs)
+    const searchPaths = [
+        import.meta.url,
+        `file://${process.cwd()}/package.json`,
+        `file://${path.join(os.homedir(), '.rigour', 'package.json')}`,
+    ];
+    for (const base of searchPaths) {
+        try {
+            const req = createRequire(base);
+            sqlite3Module = req('sqlite3');
+            if (sqlite3Module)
+                return sqlite3Module;
+        }
+        catch {
+            // Try next path
+        }
     }
+    sqlite3Module = null;
     return sqlite3Module;
 }
 const RIGOUR_DIR = path.join(os.homedir(), '.rigour');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/core",
-  "version": "5.1.0",
+  "version": "5.1.2",
   "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -59,11 +59,11 @@
     "@xenova/transformers": "^2.17.2",
     "sqlite3": "^5.1.7",
     "openai": "^4.104.0",
-    "@rigour-labs/brain-darwin-arm64": "5.1.0",
-    "@rigour-labs/brain-darwin-x64": "5.1.0",
-    "@rigour-labs/brain-win-x64": "5.1.0",
-    "@rigour-labs/brain-linux-arm64": "5.1.0",
-    "@rigour-labs/brain-linux-x64": "5.1.0"
+    "@rigour-labs/brain-darwin-arm64": "5.1.2",
+    "@rigour-labs/brain-linux-x64": "5.1.2",
+    "@rigour-labs/brain-linux-arm64": "5.1.2",
+    "@rigour-labs/brain-win-x64": "5.1.2",
+    "@rigour-labs/brain-darwin-x64": "5.1.2"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",