@safetnsr/vet 0.1.0 → 0.2.1

package/README.md

@@ -13,49 +13,102 @@ works with Claude Code, Cursor, Copilot, Codex, Aider, Windsurf, Cline — anyth
 | check | what | how |
 |-------|------|-----|
 | **ready** | is your codebase AI-friendly? | scans structure, docs, types, tests |
-| **diff** | did the AI leave anti-patterns? | checks staged/unstaged changes for secrets, stubs, empty catches |
-| **models** | using deprecated AI models? | scans code for sunset model strings |
+| **diff** | did the AI leave anti-patterns? | AI-specific patterns: wholesale rewrites, orphaned imports, catch-alls, over-commenting, plus secrets & stubs |
+| **models** | using deprecated AI models? | scans code for sunset model strings across OpenAI, Anthropic, Google, Cohere |
 | **links** | broken markdown links? | validates relative links and wikilinks |
-| **config** | agent configs in place? | checks for CLAUDE.md, .cursorrules, copilot-instructions, etc. |
+| **config** | agent configs in place? | deep analysis of CLAUDE.md, .cursorrules, copilot-instructions — checks completeness, consistency, and specificity against your actual codebase |
 | **history** | git patterns healthy? | analyzes commit churn, AI attribution, large changes |
 
 ## usage
 
 ```bash
-# run all checks (default)
+# run all checks
 npx @safetnsr/vet
 
 # check a specific directory
 npx @safetnsr/vet ./my-project
 
+# auto-fix: generate CLAUDE.md, .cursorrules, fix deprecated models
+npx @safetnsr/vet --fix
+
+# check specific commit range
+npx @safetnsr/vet --since HEAD~5
+
+# live monitoring during AI sessions
+npx @safetnsr/vet --watch
+
 # CI mode — exit code 1 if score below threshold
 npx @safetnsr/vet --ci
 
-# auto-fix what we can
-npx @safetnsr/vet --fix
-
 # JSON output
 npx @safetnsr/vet --json
 
-# set up config + agent files + pre-commit hook
+# generate configs + pre-commit hook
 npx @safetnsr/vet init
 ```
 
 ## output
 
 ```
-  my-project  8.2/10
+  my-project  6.2/10
 
-  ready       ████████░░   8    structure + docs look good
-  diff        ██████████  10    clean diff, no issues
+  ready       ████░░░░░░   4    3 readiness issues
+  diff        ████████░░   8    3 issues (2 AI-specific) in 5 files
   models      ██████████  10    all models current
   links       ██████░░░░   6    3 broken links in docs/
-  config      ████████░░   8    CLAUDE.md missing react patterns
-  history     ████████░░   8    2 high-churn files
+  config      ███░░░░░░░   3    Cursor — needs work (3/10)
+  history     █████████░   9    41 commits (~15% AI-attributed)
+
+  ✗ no README — AI agents have no project context
+  ✗ no tests — AI agents produce better code when tests exist
+  ! [ai] wholesale rewrite: 40 lines removed, 45 added in utils.ts
+  ! [ai] imported "lodash" but never used in new code
 
   run --fix to auto-repair 4 issues
 ```
 
+## --fix
+
+`vet --fix` doesn't just scaffold — it analyzes your codebase and generates project-specific configs:
+
+```bash
+$ npx @safetnsr/vet --fix
+
+  vet --fix
+
+  + CLAUDE.md (generated from codebase: Next.js + React, Vitest, Tailwind CSS, TypeScript)
+  + .cursorrules (generated)
+  ✓ src/api.ts: "gpt-3.5-turbo" → "gpt-4o-mini"
+
+  fixed 3 issues
+```
+
+the generated CLAUDE.md includes your actual stack, directory structure, and framework-specific rules — not generic boilerplate.
+
+## AI-specific diff patterns
+
+vet catches things that are specific to AI-generated code:
+
+| pattern | what it catches |
+|---------|----------------|
+| `[ai] wholesale rewrite` | AI rewrote an entire function when a small edit would suffice |
+| `[ai] orphaned imports` | AI added imports it never uses |
+| `[ai] catch-all handling` | `catch(e) { console.error(e) }` instead of specific error handling |
+| `[ai] comment density` | AI over-commented obvious code |
+| `[ai] empty test body` | AI stubbed a test without implementation |
+| `[ai] trivial assertion` | `expect(true).toBe(true)` — test proves nothing |
+
+## config analysis
+
+the config check does deep analysis — not just "does CLAUDE.md exist":
+
+```
+config score breakdown:
+  completeness:  4/10 — mentions typescript but not react, vitest
+  consistency:   7/10 — "strict TS" but tsconfig.strict is false
+  specificity:   3/10 — generic rules, nothing project-specific
+```
+
 ## config
 
 create `.vetrc` in your project root (optional):
@@ -68,14 +121,6 @@ create `.vetrc` in your project root (optional):
 }
 ```
 
-## init
-
-`npx @safetnsr/vet init` creates:
-- `.vetrc` with sensible defaults
-- `CLAUDE.md` generated from your codebase
-- `.cursorrules` matching your project
-- `.git/hooks/pre-commit` that runs vet before every commit
-
 ## ci
 
 ```yaml

package/dist/checks/config.js

@@ -11,92 +11,196 @@ const AGENT_CONFIGS = {
     windsurf: { files: ['.windsurfrules'], name: 'Windsurf' },
     cline: { files: ['.clinerules', '.cline/settings.json'], name: 'Cline' },
 };
+function analyzeConfig(cwd, configFile, agentName, files) {
+    const content = readFile(join(cwd, configFile)) || '';
+    const contentLower = content.toLowerCase();
+    const suggestions = [];
+    // Existence: it exists, so 10
+    const existence = 10;
+    // Completeness: does it cover the project's actual stack?
+    let completenessScore = 5; // base
+    let completenessChecks = 0;
+    let completenessHits = 0;
+    const pkgJson = readFile(join(cwd, 'package.json'));
+    const deps = {};
+    let projectName = '';
+    if (pkgJson) {
+        try {
+            const pkg = JSON.parse(pkgJson);
+            projectName = pkg.name || '';
+            Object.assign(deps, pkg.dependencies, pkg.devDependencies);
+        }
+        catch { /* */ }
+    }
+    // Framework detection + config coverage
+    const frameworkMap = {
+        react: { keywords: ['react', 'jsx', 'tsx', 'component', 'hook', 'usestate', 'useeffect'], category: 'UI framework' },
+        next: { keywords: ['next', 'nextjs', 'app router', 'pages router', 'server component'], category: 'framework' },
+        vue: { keywords: ['vue', 'composition api', 'options api', 'ref(', 'reactive'], category: 'UI framework' },
+        svelte: { keywords: ['svelte', 'sveltekit', '$:'], category: 'UI framework' },
+        express: { keywords: ['express', 'middleware', 'router', 'req, res'], category: 'backend' },
+        hono: { keywords: ['hono', 'c.json', 'c.text'], category: 'backend' },
+        fastify: { keywords: ['fastify', 'schema', 'route'], category: 'backend' },
+        vitest: { keywords: ['vitest', 'describe', 'it(', 'expect', 'test('], category: 'testing' },
+        jest: { keywords: ['jest', 'describe', 'it(', 'expect', 'test('], category: 'testing' },
+        tailwind: { keywords: ['tailwind', 'className', 'tw-'], category: 'styling' },
+        prisma: { keywords: ['prisma', 'schema.prisma', 'prismaClient'], category: 'database' },
+        drizzle: { keywords: ['drizzle', 'drizzle-orm'], category: 'database' },
+    };
+    for (const [dep, info] of Object.entries(frameworkMap)) {
+        if (deps[dep] || deps[`@${dep}/core`] || deps[`${dep}-dom`]) {
+            completenessChecks++;
+            if (info.keywords.some(k => contentLower.includes(k))) {
+                completenessHits++;
+            }
+            else {
+                suggestions.push(`add ${dep} conventions (${info.category} detected in dependencies)`);
+            }
+        }
+    }
+    if (completenessChecks > 0) {
+        completenessScore = Math.round((completenessHits / completenessChecks) * 10);
+    }
+    // Consistency: cross-reference with actual project config
+    let consistencyScore = 10;
+    const tsconfig = readFile(join(cwd, 'tsconfig.json'));
+    if (tsconfig) {
+        try {
+            const tc = JSON.parse(tsconfig);
+            const strict = tc.compilerOptions?.strict;
+            if (contentLower.includes('strict') && strict === false) {
+                consistencyScore -= 4;
+                suggestions.push('config says "strict" but tsconfig.strict is false — resolve contradiction');
+            }
+            if (contentLower.includes('esm') && tc.compilerOptions?.module?.toLowerCase()?.includes('commonjs')) {
+                consistencyScore -= 3;
+                suggestions.push('config mentions ESM but tsconfig uses CommonJS');
+            }
+        }
+        catch { /* */ }
+    }
+    // Check if config mentions testing but no test framework installed
+    if ((contentLower.includes('test') || contentLower.includes('spec')) && !deps.vitest && !deps.jest && !deps.mocha && !deps.ava) {
+        consistencyScore -= 2;
+        suggestions.push('config mentions tests but no test framework in dependencies');
+    }
+    // Specificity: generic platitudes vs project-specific rules
+    let specificityScore = 5;
+    const genericPhrases = [
+        'keep functions small', 'write clean code', 'follow best practices',
+        'use meaningful names', 'handle errors', 'write tests', 'be consistent',
+        'follow conventions', 'keep it simple',
+    ];
+    let genericCount = 0;
+    for (const phrase of genericPhrases) {
+        if (contentLower.includes(phrase))
+            genericCount++;
+    }
+    // Specific indicators: file paths, function names, patterns, architecture
+    const specificIndicators = [
+        /\.(ts|js|py|rs|go)\b/, // mentions specific file types with context
+        /src\/|lib\/|app\/|pages\/|components\//, // directory structure
+        /import .+ from/, // code examples
+        /```/, // code blocks
+        /\bapi\/|route|endpoint/i, // API patterns
+        /\bmigration|schema|model\b/i, // data patterns
+    ];
+    let specificCount = 0;
+    for (const pattern of specificIndicators) {
+        if (pattern.test(content))
+            specificCount++;
+    }
+    if (genericCount > 3 && specificCount < 2) {
+        specificityScore = 2;
+        suggestions.push('mostly generic rules — add project-specific conventions, file paths, architecture patterns');
+    }
+    else if (specificCount >= 4) {
+        specificityScore = 9;
+    }
+    else if (specificCount >= 2) {
+        specificityScore = 6;
+    }
+    // Length-based adjustments
+    if (content.length < 100) {
+        specificityScore = Math.min(specificityScore, 2);
+        completenessScore = Math.min(completenessScore, 2);
+        suggestions.push('config is very sparse — add project context, conventions, and constraints');
+    }
+    else if (content.length < 300) {
+        specificityScore = Math.min(specificityScore, 5);
+        suggestions.push('config could be richer — consider adding architecture decisions and code patterns');
+    }
+    return {
+        file: configFile,
+        agent: agentName,
+        length: content.length,
+        existence,
+        completeness: Math.max(0, completenessScore),
+        consistency: Math.max(0, consistencyScore),
+        specificity: Math.max(0, specificityScore),
+        suggestions,
+    };
+}
 export function checkConfig(cwd, ignore) {
     const issues = [];
     const files = walkFiles(cwd, ignore);
     // Detect which agents have config
-    const detected = [];
-    const missing = [];
+    const analyses = [];
     for (const [agent, info] of Object.entries(AGENT_CONFIGS)) {
-        const found = info.files.some(f => fileExists(join(cwd, f)));
-        if (found)
-            detected.push(info.name);
+        for (const configFile of info.files) {
+            if (fileExists(join(cwd, configFile))) {
+                analyses.push(analyzeConfig(cwd, configFile, info.name, files));
+            }
+        }
     }
-    if (detected.length === 0) {
+    if (analyses.length === 0) {
         issues.push({
-            severity: 'warning',
-            message: 'no AI agent config found — add CLAUDE.md, .cursorrules, or similar to guide AI behavior',
+            severity: 'error',
+            message: 'no AI agent config found — add CLAUDE.md, .cursorrules, or similar',
             fixable: true,
             fixHint: 'run vet init to generate agent config',
         });
+        return {
+            name: 'config',
+            score: 1,
+            maxScore: 10,
+            issues,
+            summary: 'no agent configs — critically under-configured',
+        };
     }
-    // Check quality of found configs
-    for (const [agent, info] of Object.entries(AGENT_CONFIGS)) {
-        for (const configFile of info.files) {
-            const content = readFile(join(cwd, configFile));
-            if (!content)
-                continue;
-            // Too short to be useful
-            if (content.length < 50) {
-                issues.push({
-                    severity: 'warning',
-                    message: `${configFile} is only ${content.length} chars — probably too sparse to guide AI effectively`,
-                    file: configFile,
-                    fixable: false,
-                });
-            }
-            // Check if config mentions key project patterns
-            const pkgJson = readFile(join(cwd, 'package.json'));
-            if (pkgJson) {
-                try {
-                    const pkg = JSON.parse(pkgJson);
-                    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
-                    // Major frameworks that should be mentioned
-                    const frameworks = {
-                        react: ['react', 'jsx', 'tsx', 'component'],
-                        next: ['next', 'nextjs', 'app router', 'pages router'],
-                        vue: ['vue', 'composition api', 'options api'],
-                        svelte: ['svelte', 'sveltekit'],
-                        express: ['express', 'middleware', 'router'],
-                        hono: ['hono'],
-                        fastify: ['fastify'],
-                        django: ['django'],
-                        flask: ['flask'],
-                    };
-                    const contentLower = content.toLowerCase();
-                    for (const [framework, keywords] of Object.entries(frameworks)) {
-                        if (deps[framework] && !keywords.some(k => contentLower.includes(k))) {
-                            issues.push({
-                                severity: 'info',
-                                message: `${configFile} doesn't mention ${framework} — but it's in your dependencies`,
-                                file: configFile,
-                                fixable: false,
-                            });
-                        }
-                    }
-                }
-                catch { /* invalid package.json, skip */ }
-            }
-        }
+    // Aggregate scores from best config
+    const best = analyses.reduce((a, b) => (a.completeness + a.consistency + a.specificity) > (b.completeness + b.consistency + b.specificity) ? a : b);
+    // Generate issues from analysis
+    if (best.completeness < 5) {
+        issues.push({ severity: 'warning', message: `${best.file}: low completeness (${best.completeness}/10) — doesn't mention key dependencies`, fixable: true, fixHint: 'run vet --fix to enrich' });
+    }
+    if (best.consistency < 7) {
+        issues.push({ severity: 'warning', message: `${best.file}: consistency issues (${best.consistency}/10) — contradicts project config`, fixable: false });
+    }
+    if (best.specificity < 5) {
+        issues.push({ severity: 'warning', message: `${best.file}: too generic (${best.specificity}/10) — add project-specific rules`, fixable: true, fixHint: 'run vet --fix to add specifics' });
     }
-    // Check for .gitignore (agents need to know what to ignore)
+    if (best.length < 100) {
+        issues.push({ severity: 'warning', message: `${best.file}: only ${best.length} chars — too sparse to guide AI`, fixable: true });
+    }
+    for (const suggestion of best.suggestions.slice(0, 5)) {
+        issues.push({ severity: 'info', message: suggestion, file: best.file, fixable: false });
+    }
+    // Check .gitignore
     if (!fileExists(join(cwd, '.gitignore'))) {
-        issues.push({
-            severity: 'info',
-            message: 'no .gitignore — agents may create files in wrong directories',
-            fixable: false,
-        });
+        issues.push({ severity: 'warning', message: 'no .gitignore — agents may write to wrong directories', fixable: false });
     }
-    const errors = issues.filter(i => i.severity === 'error').length;
-    const warnings = issues.filter(i => i.severity === 'warning').length;
-    const infos = issues.filter(i => i.severity === 'info').length;
-    const score = Math.max(0, Math.min(10, 10 - errors * 2 - warnings * 1.5 - infos * 0.3));
-    const configSummary = detected.length > 0 ? `configs: ${detected.join(', ')}` : 'no agent configs';
+    // Score: weighted average of sub-scores
+    const subScore = (best.existence * 0.2 + best.completeness * 0.3 + best.consistency * 0.25 + best.specificity * 0.25);
+    const gitignorePenalty = fileExists(join(cwd, '.gitignore')) ? 0 : 1;
+    const finalScore = Math.max(0, Math.min(10, subScore - gitignorePenalty));
+    const agents = analyses.map(a => a.agent);
+    const uniqueAgents = [...new Set(agents)];
     return {
         name: 'config',
-        score: Math.round(score * 10) / 10,
+        score: Math.round(finalScore * 10) / 10,
         maxScore: 10,
         issues,
-        summary: issues.length === 0 ? `${configSummary} — well configured` : `${configSummary} — ${issues.length} suggestions`,
+        summary: `${uniqueAgents.join(', ')} — ${best.completeness >= 7 && best.specificity >= 7 ? 'well configured' : `needs work (${Math.round(finalScore)}/10)`}`,
     };
 }

package/dist/checks/diff.d.ts

@@ -1,2 +1,2 @@
-import type { CheckResult } from '../types.js';
-export declare function checkDiff(cwd: string): CheckResult;
+import type { CheckResult, DiffOptions } from '../types.js';
+export declare function checkDiff(cwd: string, opts?: DiffOptions): CheckResult;

package/dist/checks/diff.js

@@ -1,49 +1,52 @@
 import { git } from '../util.js';
-const PATTERNS = [
+// Generic patterns (still useful but not the star)
+const GENERIC_PATTERNS = [
     // Secrets
     { regex: /(?:api[_-]?key|secret|token|password|credential)\s*[:=]\s*['"][^'"]{8,}['"]/i, message: 'possible hardcoded secret', severity: 'error' },
     { regex: /sk-[a-zA-Z0-9]{20,}/, message: 'possible OpenAI API key', severity: 'error' },
     { regex: /AKIA[0-9A-Z]{16}/, message: 'possible AWS access key', severity: 'error' },
     { regex: /AIza[0-9A-Za-z_-]{35}/, message: 'possible Google API key', severity: 'error' },
-    // AI anti-patterns
-    { regex: /\/\/\s*TODO[:\s]/i, message: 'TODO comment left in code', severity: 'warning' },
-    { regex: /\/\/\s*FIXME[:\s]/i, message: 'FIXME comment left in code', severity: 'warning' },
-    { regex: /\/\/\s*HACK[:\s]/i, message: 'HACK comment left in code', severity: 'warning' },
-    { regex: /console\.log\(/, message: 'console.log left in code', severity: 'warning' },
-    { regex: /catch\s*\([^)]*\)\s*\{\s*\}/, message: 'empty catch block — error silently swallowed', severity: 'error' },
-    { regex: /catch\s*\([^)]*\)\s*\{\s*\/\//, message: 'catch block with only a comment — errors need handling', severity: 'warning' },
-    { regex: /it\(\s*['"].*['"]\s*,\s*(?:async\s*)?\(\)\s*=>\s*\{\s*\}\s*\)/, message: 'empty test body — stubbed test', severity: 'error' },
-    { regex: /test\(\s*['"].*['"]\s*,\s*(?:async\s*)?\(\)\s*=>\s*\{\s*\}\s*\)/, message: 'empty test body — stubbed test', severity: 'error' },
-    { regex: /expect\(true\)\.toBe\(true\)/, message: 'trivial assertion — test proves nothing', severity: 'error' },
-    { regex: /assert\s+True\s*$/, message: 'trivial assertion — test proves nothing', severity: 'error' },
-    { regex: /\.only\(/, message: '.only() left in test — other tests will be skipped', severity: 'error' },
-    { regex: /debugger;/, message: 'debugger statement left in code', severity: 'error' },
+    { regex: /debugger;/, message: 'debugger statement', severity: 'error' },
+    { regex: /\.only\(/, message: '.only() left in test — other tests skipped', severity: 'error' },
 ];
-export function checkDiff(cwd) {
-    const issues = [];
-    // Get staged + unstaged diff
+// AI-specific patterns — things AI agents do that humans typically don't
+const AI_PATTERNS = [
+    // Empty/trivial tests
+    { regex: /(?:it|test)\(\s*['"].*['"]\s*,\s*(?:async\s*)?\(\)\s*=>\s*\{\s*\}\s*\)/, message: '[ai] empty test body — stubbed test', severity: 'error' },
+    { regex: /expect\(true\)\.toBe\(true\)/, message: '[ai] trivial assertion — test proves nothing', severity: 'error' },
+    { regex: /assert\s+True\s*$/, message: '[ai] trivial assertion', severity: 'error' },
+    // Catch-all error handling (AI defaults to generic catches)
+    { regex: /catch\s*\([^)]*\)\s*\{\s*\}/, message: '[ai] empty catch block — error silently swallowed', severity: 'error' },
+    { regex: /catch\s*\(\w+\)\s*\{\s*console\.(log|error)\(\w+\)\s*;?\s*\}/, message: '[ai] catch-all with just console.log — handle errors specifically', severity: 'warning' },
+    // Over-commenting (AI tends to add obvious comments)
+    { regex: /\/\/\s*(set|get|return|create|initialize|import|export|define)\s+(the|a)\s+/i, message: '[ai] obvious comment — "// get the value" adds no information', severity: 'warning' },
+];
+function getDiff(cwd, opts) {
+    if (opts.since) {
+        return git(`diff ${opts.since}`, cwd);
+    }
+    // Default: last commit + working changes
     let diff = git('diff HEAD', cwd);
     if (!diff)
         diff = git('diff --cached', cwd);
     if (!diff)
         diff = git('diff', cwd);
-    if (!diff) {
-        return {
-            name: 'diff',
-            score: 10,
-            maxScore: 10,
-            issues: [],
-            summary: 'no uncommitted changes to check',
-        };
-    }
-    // Parse diff: only check added lines
-    let currentFile = '';
+    // If still nothing, diff last commit against its parent
+    if (!diff)
+        diff = git('diff HEAD~1..HEAD', cwd);
+    return diff;
+}
+function parseDiff(diff) {
+    const files = [];
+    let current = null;
     let lineNum = 0;
     for (const line of diff.split('\n')) {
         if (line.startsWith('diff --git')) {
             const match = line.match(/b\/(.+)$/);
-            if (match)
-                currentFile = match[1];
+            if (match) {
+                current = { path: match[1], addedLines: [], removedLines: [], addedCount: 0, removedCount: 0 };
+                files.push(current);
+            }
             lineNum = 0;
             continue;
         }
@@ -53,46 +56,122 @@ export function checkDiff(cwd) {
                 lineNum = parseInt(match[1]) - 1;
             continue;
         }
+        if (!current)
+            continue;
         if (line.startsWith('+') && !line.startsWith('+++')) {
             lineNum++;
-            const added = line.slice(1);
-            for (const pattern of PATTERNS) {
-                if (pattern.regex.test(added)) {
-                    issues.push({
-                        severity: pattern.severity,
-                        message: pattern.message,
-                        file: currentFile,
-                        line: lineNum,
-                        fixable: false,
-                    });
-                    break; // one issue per line
+            current.addedLines.push({ num: lineNum, text: line.slice(1) });
+            current.addedCount++;
+        }
+        else if (line.startsWith('-') && !line.startsWith('---')) {
+            current.removedLines.push(line.slice(1));
+            current.removedCount++;
+        }
+        else {
+            lineNum++;
+        }
+    }
+    return files;
+}
+export function checkDiff(cwd, opts = {}) {
+    const issues = [];
+    const diff = getDiff(cwd, opts);
+    if (!diff) {
+        return { name: 'diff', score: 10, maxScore: 10, issues: [], summary: 'no changes to check' };
+    }
+    const files = parseDiff(diff);
+    const allPatterns = [...GENERIC_PATTERNS, ...AI_PATTERNS];
+    // Pattern matching on added lines
+    for (const file of files) {
+        for (const { num, text } of file.addedLines) {
+            for (const pattern of allPatterns) {
+                if (pattern.regex.test(text)) {
+                    issues.push({ severity: pattern.severity, message: pattern.message, file: file.path, line: num, fixable: false });
+                    break;
                 }
             }
         }
-        else if (!line.startsWith('-')) {
-            lineNum++;
+    }
+    // AI-specific: wholesale function rewrite detection
+    for (const file of files) {
+        if (file.removedCount > 10 && file.addedCount > 10) {
+            const ratio = Math.min(file.removedCount, file.addedCount) / Math.max(file.removedCount, file.addedCount);
+            if (ratio > 0.7 && file.removedCount > 20) {
+                issues.push({
+                    severity: 'warning',
+                    message: `[ai] ${file.path}: ${file.removedCount} lines removed, ${file.addedCount} added — looks like a wholesale rewrite, verify intent`,
+                    file: file.path,
+                    fixable: false,
+                });
+            }
         }
     }
-    // Check for deleted error handling
+    // AI-specific: orphaned imports (added import lines without corresponding usage)
+    for (const file of files) {
+        const addedImports = file.addedLines.filter(l => /^import\s/.test(l.text) || /^from\s/.test(l.text) || /require\(/.test(l.text));
+        for (const imp of addedImports) {
+            // Extract imported name
+            const nameMatch = imp.text.match(/import\s+(?:\{([^}]+)\}|(\w+))/);
+            if (nameMatch) {
+                const names = (nameMatch[1] || nameMatch[2] || '').split(',').map(n => n.trim().split(' as ').pop()?.trim()).filter(Boolean);
+                for (const name of names) {
+                    if (!name || name.length < 2)
+                        continue;
+                    // Check if name is used in any other added line
+                    const usedElsewhere = file.addedLines.some(l => l !== imp && l.text.includes(name));
+                    if (!usedElsewhere && file.addedLines.length > 3) {
+                        issues.push({
+                            severity: 'warning',
+                            message: `[ai] imported "${name}" but never used in new code`,
+                            file: file.path,
+                            line: imp.num,
+                            fixable: false,
+                        });
+                        break; // one per import line
+                    }
+                }
+            }
+        }
+    }
+    // AI-specific: comment density spike
+    for (const file of files) {
+        if (file.addedCount < 10)
+            continue;
+        const commentLines = file.addedLines.filter(l => /^\s*(\/\/|#|\/\*|\*)/.test(l.text)).length;
+        const ratio = commentLines / file.addedCount;
+        if (ratio > 0.4 && commentLines > 5) {
+            issues.push({
+                severity: 'info',
+                message: `[ai] ${file.path}: ${Math.round(ratio * 100)}% of new lines are comments — AI tends to over-comment`,
+                file: file.path,
+                fixable: false,
+            });
+        }
+    }
+    // Deleted error handling
     let deletedErrorHandling = 0;
-    for (const line of diff.split('\n')) {
-        if (line.startsWith('-') && !line.startsWith('---')) {
-            if (/catch|throw|Error|reject|finally/.test(line)) {
+    for (const file of files) {
+        for (const line of file.removedLines) {
+            if (/catch|throw new|\.reject\(|finally\s*\{/.test(line))
                 deletedErrorHandling++;
-            }
         }
     }
     if (deletedErrorHandling > 3) {
-        issues.push({ severity: 'warning', message: `${deletedErrorHandling} lines of error handling removed — verify this was intentional`, fixable: false });
+        issues.push({ severity: 'warning', message: `${deletedErrorHandling} lines of error handling removed — verify intentional`, fixable: false });
     }
+    // Recalibrated scoring
     const errors = issues.filter(i => i.severity === 'error').length;
     const warnings = issues.filter(i => i.severity === 'warning').length;
-    const score = Math.max(0, Math.min(10, 10 - errors * 1.5 - warnings * 0.5));
+    const score = Math.max(0, Math.min(10, 10 - errors * 2 - warnings * 0.75));
+    const aiIssues = issues.filter(i => i.message.startsWith('[ai]')).length;
+    const totalFiles = files.length;
     return {
         name: 'diff',
         score: Math.round(score * 10) / 10,
         maxScore: 10,
         issues,
-        summary: issues.length === 0 ? 'clean diff, no issues' : `${issues.length} issues in uncommitted changes`,
+        summary: issues.length === 0
+            ? `${totalFiles} file${totalFiles !== 1 ? 's' : ''} changed, clean`
+            : `${issues.length} issues (${aiIssues} AI-specific) in ${totalFiles} files`,
     };
 }

package/dist/checks/models.d.ts

@@ -1,2 +1,2 @@
 import type { CheckResult } from '../types.js';
-export declare function checkModels(cwd: string, ignore: string[]): CheckResult;
+export declare function checkModels(cwd: string, ignore: string[]): Promise<CheckResult>;