@yawlabs/ctxlint 0.3.0 → 0.5.0

package/dist/chunk-FHTSMC5D.js

@@ -0,0 +1,2550 @@
+#!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/utils/fs.ts
+import * as fs from "fs";
+import * as path from "path";
+function loadPackageJson(projectRoot) {
+  try {
+    const content = fs.readFileSync(path.join(projectRoot, "package.json"), "utf-8");
+    return JSON.parse(content);
+  } catch {
+    return null;
+  }
+}
+function fileExists(filePath) {
+  try {
+    fs.accessSync(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function isDirectory(filePath) {
+  try {
+    return fs.statSync(filePath).isDirectory();
+  } catch {
+    return false;
+  }
+}
+function isSymlink(filePath) {
+  try {
+    return fs.lstatSync(filePath).isSymbolicLink();
+  } catch {
+    return false;
+  }
+}
+function readSymlinkTarget(filePath) {
+  try {
+    return fs.readlinkSync(filePath);
+  } catch {
+    return void 0;
+  }
+}
+function readFileContent(filePath) {
+  return fs.readFileSync(filePath, "utf-8");
+}
+var IGNORED_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  "vendor",
+  ".next",
+  ".nuxt",
+  "coverage",
+  "__pycache__"
+]);
+function getAllProjectFiles(projectRoot) {
+  const files = [];
+  function walk(dir, depth) {
+    if (depth > 10) return;
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (IGNORED_DIRS.has(entry.name)) continue;
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+          walk(fullPath, depth + 1);
+        } else {
+          files.push(path.relative(projectRoot, fullPath));
+        }
+      }
+    } catch {
+    }
+  }
+  walk(projectRoot, 0);
+  return files;
+}
+
+// src/core/scanner.ts
+import * as fs2 from "fs";
+import * as path2 from "path";
+import { glob } from "glob";
+var CONTEXT_FILE_PATTERNS = [
+  // Claude Code
+  "CLAUDE.md",
+  "CLAUDE.local.md",
+  ".claude/rules/*.md",
+  // AGENTS.md (AAIF / Linux Foundation standard)
+  "AGENTS.md",
+  "AGENT.md",
+  "AGENTS.override.md",
+  // Cursor
+  ".cursorrules",
+  ".cursor/rules/*.md",
+  ".cursor/rules/*.mdc",
+  ".cursor/rules/*/RULE.md",
+  // GitHub Copilot
+  ".github/copilot-instructions.md",
+  ".github/instructions/*.md",
+  ".github/git-commit-instructions.md",
+  // Windsurf
+  ".windsurfrules",
+  ".windsurf/rules/*.md",
+  // Gemini CLI
+  "GEMINI.md",
+  // Cline
+  ".clinerules",
+  // Aider — note: .aiderules has no file extension; this is the intended format
+  ".aiderules",
+  // Aide / Codestory
+  ".aide/rules/*.md",
+  // Amazon Q Developer
+  ".amazonq/rules/*.md",
+  // Goose (Block)
+  ".goose/instructions.md",
+  ".goosehints",
+  // JetBrains Junie
+  ".junie/guidelines.md",
+  ".junie/AGENTS.md",
+  // JetBrains AI Assistant
+  ".aiassistant/rules/*.md",
+  // Continue
+  ".continuerules",
+  ".continue/rules/*.md",
+  // Zed
+  ".rules",
+  // Replit
+  "replit.md"
+];
+var IGNORED_DIRS2 = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", "vendor"]);
+async function scanForContextFiles(projectRoot, options = {}) {
+  const maxDepth = options.depth ?? 2;
+  const patterns = [...CONTEXT_FILE_PATTERNS, ...options.extraPatterns || []];
+  const found = [];
+  const seen = /* @__PURE__ */ new Set();
+  const dirsToScan = [projectRoot];
+  function collectDirs(dir, currentDepth) {
+    if (currentDepth >= maxDepth) return;
+    try {
+      const entries = fs2.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (entry.isDirectory() && !IGNORED_DIRS2.has(entry.name) && !entry.name.startsWith(".")) {
+          const fullPath = path2.join(dir, entry.name);
+          dirsToScan.push(fullPath);
+          collectDirs(fullPath, currentDepth + 1);
+        }
+      }
+    } catch {
+    }
+  }
+  collectDirs(projectRoot, 0);
+  for (const dir of dirsToScan) {
+    for (const pattern of patterns) {
+      const matches = await glob(pattern, {
+        cwd: dir,
+        absolute: true,
+        nodir: true,
+        dot: true
+      });
+      for (const match of matches) {
+        const normalized = path2.normalize(match);
+        if (seen.has(normalized)) continue;
+        seen.add(normalized);
+        const relativePath = path2.relative(projectRoot, normalized);
+        const symlink = isSymlink(normalized);
+        const target = symlink ? readSymlinkTarget(normalized) : void 0;
+        found.push({
+          absolutePath: normalized,
+          relativePath: relativePath.replace(/\\/g, "/"),
+          isSymlink: symlink,
+          symlinkTarget: target,
+          type: "context"
+        });
+      }
+    }
+  }
+  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+}
+var MCP_CONFIG_PATTERNS = [
+  ".mcp.json",
+  ".cursor/mcp.json",
+  ".vscode/mcp.json",
+  ".amazonq/mcp.json",
+  ".continue/mcpServers/*.json"
+];
+async function scanForMcpConfigs(projectRoot) {
+  const found = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const pattern of MCP_CONFIG_PATTERNS) {
+    const matches = await glob(pattern, {
+      cwd: projectRoot,
+      absolute: true,
+      nodir: true,
+      dot: true
+    });
+    for (const match of matches) {
+      const normalized = path2.normalize(match);
+      if (seen.has(normalized)) continue;
+      seen.add(normalized);
+      const relativePath = path2.relative(projectRoot, normalized);
+      const symlink = isSymlink(normalized);
+      const target = symlink ? readSymlinkTarget(normalized) : void 0;
+      found.push({
+        absolutePath: normalized,
+        relativePath: relativePath.replace(/\\/g, "/"),
+        isSymlink: symlink,
+        symlinkTarget: target,
+        type: "mcp-config"
+      });
+    }
+  }
+  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+}
+async function scanGlobalMcpConfigs() {
+  const found = [];
+  const seen = /* @__PURE__ */ new Set();
+  const home = process.env.HOME || process.env.USERPROFILE || "";
+  const globalPaths = [
+    path2.join(home, ".claude.json"),
+    path2.join(home, ".claude", "settings.json"),
+    path2.join(home, ".cursor", "mcp.json"),
+    path2.join(home, ".codeium", "windsurf", "mcp_config.json"),
+    path2.join(home, ".aws", "amazonq", "mcp.json")
+  ];
+  if (process.platform === "darwin") {
+    globalPaths.push(
+      path2.join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json")
+    );
+  } else if (process.platform === "win32") {
+    const appData = process.env.APPDATA || path2.join(home, "AppData", "Roaming");
+    globalPaths.push(path2.join(appData, "Claude", "claude_desktop_config.json"));
+  }
+  for (const filePath of globalPaths) {
+    const normalized = path2.normalize(filePath);
+    if (seen.has(normalized)) continue;
+    seen.add(normalized);
+    try {
+      fs2.accessSync(normalized);
+    } catch {
+      continue;
+    }
+    const symlink = isSymlink(normalized);
+    const target = symlink ? readSymlinkTarget(normalized) : void 0;
+    found.push({
+      absolutePath: normalized,
+      relativePath: "~/" + path2.relative(home, normalized).replace(/\\/g, "/"),
+      isSymlink: symlink,
+      symlinkTarget: target,
+      type: "mcp-config"
+    });
+  }
+  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+}
+
+// src/utils/tokens.ts
+import { encoding_for_model } from "tiktoken";
+var encoder = null;
+function getEncoder() {
+  if (!encoder) {
+    encoder = encoding_for_model("gpt-4");
+  }
+  return encoder;
+}
+function countTokens(text) {
+  try {
+    const enc = getEncoder();
+    const tokens = enc.encode(text);
+    return tokens.length;
+  } catch {
+    return Math.ceil(text.length / 4);
+  }
+}
+function freeEncoder() {
+  if (encoder) {
+    encoder.free();
+    encoder = null;
+  }
+}
+
+// src/core/parser.ts
+var PATH_PATTERN = /(?:^|[\s`"'(])((\.{0,2}\/)?(?:[\w@.-]+\/)+[\w.*-]+(?:\.\w+)?)(?=[\s`"'),;:]|$)/gm;
+var PATH_EXCLUDE = /^(https?:\/\/|ftp:\/\/|mailto:|n\/a|w\/o|I\/O|i\/o|e\.g\.|N\/A|\.deb\/|\.rpm[.\/]|\.tar[.\/]|\.zip[.\/])/i;
+var COMMAND_PREFIXES = /^\s*[\$>]\s+(.+)$/;
+var COMMON_COMMANDS = /^(npm\s+run|npx|pnpm|yarn|make|cargo|go\s+(run|build|test)|python|pytest|vitest|jest|bun|deno)\b/;
+function parseContextFile(file) {
+  const content = readFileContent(file.absolutePath);
+  const lines = content.split("\n");
+  const sections = parseSections(lines);
+  const paths = extractPathReferences(lines, sections);
+  const commands = extractCommandReferences(lines, sections);
+  return {
+    filePath: file.absolutePath,
+    relativePath: file.relativePath,
+    isSymlink: file.isSymlink,
+    symlinkTarget: file.symlinkTarget,
+    totalTokens: countTokens(content),
+    totalLines: lines.length,
+    content,
+    sections,
+    references: {
+      paths,
+      commands
+    }
+  };
+}
+function parseSections(lines) {
+  const sections = [];
+  for (let i = 0; i < lines.length; i++) {
+    const match = lines[i].match(/^(#{1,6})\s+(.+)/);
+    if (match) {
+      if (sections.length > 0) {
+        const prev = sections[sections.length - 1];
+        if (prev.endLine === -1) {
+          prev.endLine = i - 1;
+        }
+      }
+      sections.push({
+        title: match[2].trim(),
+        startLine: i + 1,
+        // 1-indexed
+        endLine: -1,
+        level: match[1].length
+      });
+    }
+  }
+  if (sections.length > 0) {
+    const last = sections[sections.length - 1];
+    if (last.endLine === -1) {
+      last.endLine = lines.length;
+    }
+  }
+  return sections;
+}
+function getSectionForLine(line, sections) {
+  for (let i = sections.length - 1; i >= 0; i--) {
+    if (line >= sections[i].startLine) {
+      return sections[i].title;
+    }
+  }
+  return void 0;
+}
+function extractPathReferences(lines, sections) {
+  const paths = [];
+  let inCodeBlock = false;
+  let codeBlockLang = "";
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line.trimStart().startsWith("```")) {
+      if (!inCodeBlock) {
+        inCodeBlock = true;
+        codeBlockLang = line.trimStart().slice(3).trim().toLowerCase();
+      } else {
+        inCodeBlock = false;
+        codeBlockLang = "";
+      }
+      continue;
+    }
+    if (inCodeBlock && isExampleCodeBlock(codeBlockLang)) {
+      continue;
+    }
+    PATH_PATTERN.lastIndex = 0;
+    let match;
+    while ((match = PATH_PATTERN.exec(line)) !== null) {
+      const value = match[1];
+      if (PATH_EXCLUDE.test(value)) continue;
+      if (value.length < 3) continue;
+      if (/^v?\d+\.\d+\//.test(value)) continue;
+      const column = match.index + match[0].length - match[1].length + 1;
+      paths.push({
+        value,
+        line: i + 1,
+        // 1-indexed
+        column,
+        section: getSectionForLine(i + 1, sections)
+      });
+    }
+  }
+  return paths;
+}
+function isExampleCodeBlock(lang) {
+  return [
+    "javascript",
+    "js",
+    "typescript",
+    "ts",
+    "python",
+    "py",
+    "go",
+    "rust",
+    "java",
+    "c",
+    "cpp",
+    "ruby",
+    "php",
+    "json",
+    "yaml",
+    "yml",
+    "toml",
+    "xml",
+    "html",
+    "css",
+    "sql",
+    "graphql",
+    "jsx",
+    "tsx"
+  ].includes(lang);
+}
+function extractCommandReferences(lines, sections) {
+  const commands = [];
+  let inCodeBlock = false;
+  let codeBlockLang = "";
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line.trimStart().startsWith("```")) {
+      if (!inCodeBlock) {
+        inCodeBlock = true;
+        codeBlockLang = line.trimStart().slice(3).trim().toLowerCase();
+      } else {
+        inCodeBlock = false;
+        codeBlockLang = "";
+      }
+      continue;
+    }
+    const prefixMatch = line.match(COMMAND_PREFIXES);
+    if (prefixMatch) {
+      commands.push({
+        value: prefixMatch[1].trim(),
+        line: i + 1,
+        column: prefixMatch.index + prefixMatch[0].length - prefixMatch[1].length + 1,
+        section: getSectionForLine(i + 1, sections)
+      });
+      continue;
+    }
+    if (inCodeBlock && ["bash", "sh", "shell", "zsh", ""].includes(codeBlockLang)) {
+      const trimmed = line.trim();
+      if (trimmed && !trimmed.startsWith("#") && !trimmed.startsWith("//")) {
+        if (COMMON_COMMANDS.test(trimmed) || trimmed.startsWith("$") || trimmed.startsWith(">")) {
+          const cmd = trimmed.replace(/^\s*[\$>]\s*/, "");
+          if (cmd) {
+            const cmdStart = line.indexOf(trimmed) + trimmed.indexOf(cmd);
+            commands.push({
+              value: cmd,
+              line: i + 1,
+              column: cmdStart + 1,
+              section: getSectionForLine(i + 1, sections)
+            });
+          }
+        }
+      }
+      continue;
+    }
+    const inlineMatches = line.matchAll(/`([^`]+)`/g);
+    for (const m of inlineMatches) {
+      const cmd = m[1].trim();
+      if (COMMON_COMMANDS.test(cmd)) {
+        commands.push({
+          value: cmd,
+          line: i + 1,
+          column: (m.index ?? 0) + 2,
+          section: getSectionForLine(i + 1, sections)
+        });
+      }
+    }
+  }
+  return commands;
+}
+
+// src/utils/git.ts
+import simpleGit from "simple-git";
+var gitInstance = null;
+var gitProjectRoot = null;
+function getGit(projectRoot) {
+  if (!gitInstance || gitProjectRoot !== projectRoot) {
+    gitInstance = simpleGit(projectRoot);
+    gitProjectRoot = projectRoot;
+  }
+  return gitInstance;
+}
+function resetGit() {
+  gitInstance = null;
+  gitProjectRoot = null;
+}
+async function isGitRepo(projectRoot) {
+  try {
+    const git = simpleGit(projectRoot);
+    await git.revparse(["--is-inside-work-tree"]);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function getFileLastModified(projectRoot, filePath) {
+  try {
+    const git = getGit(projectRoot);
+    const log = await git.log({ file: filePath, maxCount: 1 });
+    if (log.latest?.date) {
+      return new Date(log.latest.date);
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+async function getCommitsSince(projectRoot, filePath, since) {
+  try {
+    const git = getGit(projectRoot);
+    const log = await git.log({
+      file: filePath,
+      "--since": since.toISOString()
+    });
+    return log.total;
+  } catch {
+    return 0;
+  }
+}
+async function findRenames(projectRoot, filePath) {
+  try {
+    const git = getGit(projectRoot);
+    const result = await git.raw([
+      "log",
+      "--diff-filter=R",
+      "--find-renames",
+      "--name-status",
+      "--format=%H %ai",
+      "-10",
+      "--",
+      filePath
+    ]);
+    if (!result.trim()) return null;
+    const lines = result.trim().split("\n");
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      if (line.startsWith("R")) {
+        const parts = line.split("	");
+        if (parts.length >= 3) {
+          const hashLine = lines[i - 1] || "";
+          const hashMatch = hashLine.match(/^([a-f0-9]+)\s+(.+)/);
+          const commitHash = hashMatch?.[1]?.substring(0, 7) || "unknown";
+          const dateStr = hashMatch?.[2];
+          const daysAgo = dateStr ? Math.floor((Date.now() - new Date(dateStr).getTime()) / (1e3 * 60 * 60 * 24)) : 0;
+          return {
+            oldPath: parts[1],
+            newPath: parts[2],
+            commitHash,
+            daysAgo
+          };
+        }
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+// src/core/checks/paths.ts
+import * as path3 from "path";
+import levenshteinPkg from "fast-levenshtein";
+import { glob as glob2 } from "glob";
+var levenshtein = levenshteinPkg.get;
+var cachedProjectFiles = null;
+function getProjectFiles(projectRoot) {
+  if (cachedProjectFiles?.root === projectRoot) return cachedProjectFiles.files;
+  const files = getAllProjectFiles(projectRoot);
+  cachedProjectFiles = { root: projectRoot, files };
+  return files;
+}
+function resetPathsCache() {
+  cachedProjectFiles = null;
+}
+async function checkPaths(file, projectRoot) {
+  const issues = [];
+  const projectFiles = getProjectFiles(projectRoot);
+  const contextDir = path3.dirname(file.filePath);
+  for (const ref of file.references.paths) {
+    const baseDir = ref.value.startsWith("./") || ref.value.startsWith("../") ? contextDir : projectRoot;
+    const resolvedPath = path3.resolve(baseDir, ref.value);
+    const normalizedRef = ref.value.replace(/\\/g, "/");
+    if (normalizedRef.includes("*")) {
+      const matches = await glob2(normalizedRef, { cwd: baseDir, nodir: false });
+      if (matches.length === 0) {
+        issues.push({
+          severity: "error",
+          check: "paths",
+          line: ref.line,
+          message: `${ref.value} matches no files`,
+          suggestion: "Verify the glob pattern is correct"
+        });
+      }
+      continue;
+    }
+    const isDir = normalizedRef.endsWith("/");
+    if (isDir) {
+      const dirPath = path3.resolve(baseDir, normalizedRef);
+      if (!isDirectory(dirPath)) {
+        issues.push({
+          severity: "error",
+          check: "paths",
+          line: ref.line,
+          message: `${ref.value} directory does not exist`
+        });
+      }
+      continue;
+    }
+    if (fileExists(resolvedPath) || isDirectory(resolvedPath)) {
+      continue;
+    }
+    let suggestion;
+    let detail;
+    let fixTarget;
+    const rename = await findRenames(projectRoot, ref.value);
+    if (rename) {
+      fixTarget = rename.newPath;
+      suggestion = `Did you mean ${rename.newPath}?`;
+      detail = `Renamed ${rename.daysAgo} days ago in commit ${rename.commitHash}`;
+    } else {
+      const match = findClosestMatch(normalizedRef, projectFiles);
+      if (match) {
+        fixTarget = match;
+        suggestion = `Did you mean ${match}?`;
+      }
+    }
+    issues.push({
+      severity: "error",
+      check: "paths",
+      line: ref.line,
+      message: `${ref.value} does not exist`,
+      suggestion,
+      detail,
+      fix: fixTarget ? { file: file.filePath, line: ref.line, oldText: ref.value, newText: fixTarget } : void 0
+    });
+  }
+  return issues;
+}
+function findClosestMatch(target, files) {
+  const targetNorm = target.replace(/\\/g, "/");
+  const targetBase = path3.basename(targetNorm);
+  let bestMatch = null;
+  let bestDistance = Infinity;
+  for (const file of files) {
+    const fileNorm = file.replace(/\\/g, "/");
+    if (path3.basename(fileNorm) === targetBase && fileNorm !== targetNorm) {
+      const dist = levenshtein(targetNorm, fileNorm);
+      if (dist < bestDistance) {
+        bestDistance = dist;
+        bestMatch = fileNorm;
+      }
+    }
+  }
+  if (!bestMatch) {
+    for (const file of files) {
+      const fileNorm = file.replace(/\\/g, "/");
+      const dist = levenshtein(targetNorm, fileNorm);
+      if (dist < bestDistance && dist <= Math.max(targetNorm.length * 0.4, 5)) {
+        bestDistance = dist;
+        bestMatch = fileNorm;
+      }
+    }
+  }
+  return bestMatch;
+}
+
+// src/core/checks/tokens.ts
+var DEFAULT_THRESHOLDS = {
+  info: 1e3,
+  warning: 3e3,
+  error: 8e3,
+  aggregate: 5e3
+};
+var currentThresholds = DEFAULT_THRESHOLDS;
+function setTokenThresholds(overrides) {
+  currentThresholds = { ...DEFAULT_THRESHOLDS, ...overrides };
+}
+function resetTokenThresholds() {
+  currentThresholds = DEFAULT_THRESHOLDS;
+}
+async function checkTokens(file, _projectRoot) {
+  const issues = [];
+  const tokens = file.totalTokens;
+  if (tokens >= currentThresholds.error) {
+    issues.push({
+      severity: "error",
+      check: "tokens",
+      line: 1,
+      message: `${tokens.toLocaleString()} tokens \u2014 consumes significant context window space`,
+      suggestion: "Consider splitting into focused sections or removing redundant content."
+    });
+  } else if (tokens >= currentThresholds.warning) {
+    issues.push({
+      severity: "warning",
+      check: "tokens",
+      line: 1,
+      message: `${tokens.toLocaleString()} tokens \u2014 large context file`,
+      suggestion: "Consider trimming \u2014 research shows diminishing returns past ~300 lines."
+    });
+  } else if (tokens >= currentThresholds.info) {
+    issues.push({
+      severity: "info",
+      check: "tokens",
+      line: 1,
+      message: `Uses ~${tokens.toLocaleString()} tokens per session`
+    });
+  }
+  return issues;
+}
+function checkAggregateTokens(files) {
+  const total = files.reduce((sum, f) => sum + f.tokens, 0);
+  if (total > currentThresholds.aggregate && files.length > 1) {
+    return {
+      severity: "warning",
+      check: "tokens",
+      line: 0,
+      message: `${files.length} context files consume ${total.toLocaleString()} tokens combined`,
+      suggestion: "Consider consolidating or trimming to reduce per-session context cost."
+    };
+  }
+  return null;
+}
+
+// src/version.ts
+function loadVersion() {
+  if (true) return "0.5.0";
+  const fs6 = __require("fs");
+  const path8 = __require("path");
+  const pkgPath = path8.resolve(__dirname, "../package.json");
+  const pkg = JSON.parse(fs6.readFileSync(pkgPath, "utf-8"));
+  return pkg.version;
+}
+var VERSION = loadVersion();
+
+// src/core/mcp-parser.ts
+import { execSync } from "child_process";
+function parseMcpConfig(file, projectRoot, scopeOverride) {
+  const content = readFileContent(file.absolutePath);
+  const client = detectClient(file.relativePath);
+  const scope = scopeOverride ?? detectScope(file.relativePath);
+  const expectedRootKey = client === "vscode" ? "servers" : "mcpServers";
+  const isGitTracked = checkGitTracked(file.absolutePath, projectRoot);
+  const result = {
+    filePath: file.absolutePath,
+    relativePath: file.relativePath,
+    client,
+    scope,
+    expectedRootKey,
+    actualRootKey: null,
+    servers: [],
+    parseErrors: [],
+    content,
+    isGitTracked
+  };
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    result.parseErrors.push(message);
+    return result;
+  }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    result.parseErrors.push("MCP config must be a JSON object");
+    return result;
+  }
+  const rootKey = findRootKey(parsed);
+  result.actualRootKey = rootKey;
+  if (!rootKey) {
+    return result;
+  }
+  const serversObj = parsed[rootKey];
+  if (typeof serversObj !== "object" || serversObj === null || Array.isArray(serversObj)) {
+    result.parseErrors.push(`"${rootKey}" must be an object`);
+    return result;
+  }
+  const lines = content.split("\n");
+  for (const [name, value] of Object.entries(serversObj)) {
+    if (typeof value !== "object" || value === null || Array.isArray(value)) {
+      continue;
+    }
+    const raw = value;
+    const line = findServerLine(lines, name);
+    const transport = inferTransport(raw);
+    const entry = {
+      name,
+      transport,
+      line,
+      raw
+    };
+    if (typeof raw.command === "string") entry.command = raw.command;
+    if (Array.isArray(raw.args)) entry.args = raw.args.map(String);
+    if (isStringRecord(raw.env)) entry.env = raw.env;
+    if (typeof raw.url === "string") entry.url = raw.url;
+    if (isStringRecord(raw.headers)) entry.headers = raw.headers;
+    if (typeof raw.disabled === "boolean") entry.disabled = raw.disabled;
+    if (Array.isArray(raw.autoApprove)) entry.autoApprove = raw.autoApprove.map(String);
+    if (typeof raw.timeout === "number") entry.timeout = raw.timeout;
+    if (typeof raw.oauth === "object" && raw.oauth !== null)
+      entry.oauth = raw.oauth;
+    if (typeof raw.headersHelper === "string") entry.headersHelper = raw.headersHelper;
+    result.servers.push(entry);
+  }
+  return result;
+}
+function detectClient(relativePath) {
+  const normalized = relativePath.replace(/\\/g, "/");
+  if (normalized.includes(".vscode/")) return "vscode";
+  if (normalized.includes(".cursor/")) return "cursor";
+  if (normalized.includes(".amazonq/") || normalized.includes(".aws/amazonq/")) return "amazonq";
+  if (normalized.includes(".continue/")) return "continue";
+  if (normalized.includes(".codeium/windsurf/")) return "windsurf";
+  if (normalized.includes("Claude/claude_desktop_config.json") || normalized.includes("Application Support/Claude/")) {
+    return "claude-desktop";
+  }
+  return "claude-code";
+}
+function detectScope(_relativePath) {
+  return "project";
+}
+function findRootKey(parsed) {
+  if ("mcpServers" in parsed) return "mcpServers";
+  if ("servers" in parsed) return "servers";
+  return null;
+}
+function inferTransport(raw) {
+  if (typeof raw.type === "string") {
+    if (raw.type === "stdio" || raw.type === "http" || raw.type === "sse") {
+      return raw.type;
+    }
+    return "unknown";
+  }
+  if ("command" in raw) return "stdio";
+  if ("url" in raw) return "http";
+  return "unknown";
+}
+function findServerLine(lines, serverName) {
+  const escaped = serverName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(`"${escaped}"\\s*:`);
+  for (let i = 0; i < lines.length; i++) {
+    if (pattern.test(lines[i])) {
+      return i + 1;
+    }
+  }
+  return 1;
+}
+function isStringRecord(value) {
+  if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
+  return Object.values(value).every((v) => typeof v === "string");
+}
+function checkGitTracked(filePath, projectRoot) {
+  try {
+    execSync(`git ls-files --error-unmatch "${filePath}"`, {
+      cwd: projectRoot,
+      stdio: "pipe"
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/core/checks/commands.ts
+import * as fs3 from "fs";
+import * as path4 from "path";
+var NPM_SCRIPT_PATTERN = /^(?:npm\s+run|pnpm(?:\s+run)?|yarn(?:\s+run)?|bun(?:\s+run)?)\s+(\S+)/;
+var MAKE_PATTERN = /^make\s+(\S+)/;
+var NPX_PATTERN = /^npx\s+(\S+)/;
+async function checkCommands(file, projectRoot) {
+  const issues = [];
+  const pkgJson = loadPackageJson(projectRoot);
+  const makefile = loadMakefile(projectRoot);
+  for (const ref of file.references.commands) {
+    const cmd = ref.value;
+    const scriptMatch = cmd.match(NPM_SCRIPT_PATTERN);
+    if (scriptMatch && pkgJson) {
+      const scriptName = scriptMatch[1];
+      if (pkgJson.scripts && !(scriptName in pkgJson.scripts)) {
+        const available = Object.keys(pkgJson.scripts).join(", ");
+        issues.push({
+          severity: "error",
+          check: "commands",
+          line: ref.line,
+          message: `"${cmd}" \u2014 script "${scriptName}" not found in package.json`,
+          suggestion: available ? `Available scripts: ${available}` : void 0
+        });
+      }
+      continue;
+    }
+    const shorthandMatch = cmd.match(
+      /^(npm|pnpm|yarn|bun)\s+(test|start|build|dev|lint|format|check|typecheck|clean|serve|preview|e2e)\b/
+    );
+    if (shorthandMatch && pkgJson) {
+      const scriptName = shorthandMatch[2];
+      if (pkgJson.scripts && !(scriptName in pkgJson.scripts)) {
+        issues.push({
+          severity: "error",
+          check: "commands",
+          line: ref.line,
+          message: `"${cmd}" \u2014 script "${scriptName}" not found in package.json`
+        });
+      }
+      continue;
+    }
+    const npxMatch = cmd.match(NPX_PATTERN);
+    if (npxMatch && pkgJson) {
+      const pkgName = npxMatch[1];
+      if (pkgName.startsWith("-")) continue;
+      const allDeps = {
+        ...pkgJson.dependencies,
+        ...pkgJson.devDependencies
+      };
+      if (!(pkgName in allDeps)) {
+        const binPath = path4.join(projectRoot, "node_modules", ".bin", pkgName);
+        try {
+          fs3.accessSync(binPath);
+        } catch {
+          issues.push({
+            severity: "warning",
+            check: "commands",
+            line: ref.line,
+            message: `"${cmd}" \u2014 "${pkgName}" not found in dependencies`,
+            suggestion: "If this is a global tool, consider adding it to devDependencies for reproducibility"
+          });
+        }
+      }
+      continue;
+    }
+    const makeMatch = cmd.match(MAKE_PATTERN);
+    if (makeMatch) {
+      const target = makeMatch[1];
+      if (makefile && !hasMakeTarget(makefile, target)) {
+        issues.push({
+          severity: "error",
+          check: "commands",
+          line: ref.line,
+          message: `"${cmd}" \u2014 target "${target}" not found in Makefile`
+        });
+      } else if (!makefile) {
+        issues.push({
+          severity: "error",
+          check: "commands",
+          line: ref.line,
+          message: `"${cmd}" \u2014 no Makefile found in project`
+        });
+      }
+      continue;
+    }
+    const toolMatch = cmd.match(/^(vitest|jest|pytest|mocha|eslint|prettier|tsc)\b/);
+    if (toolMatch && pkgJson) {
+      const tool = toolMatch[1];
+      const allDeps = {
+        ...pkgJson.dependencies,
+        ...pkgJson.devDependencies
+      };
+      if (!(tool in allDeps)) {
+        const binPath = path4.join(projectRoot, "node_modules", ".bin", tool);
+        try {
+          fs3.accessSync(binPath);
+        } catch {
+          issues.push({
+            severity: "warning",
+            check: "commands",
+            line: ref.line,
+            message: `"${cmd}" \u2014 "${tool}" not found in dependencies or node_modules/.bin`
+          });
+        }
+      }
+    }
+  }
+  return issues;
+}
+function loadMakefile(projectRoot) {
+  try {
+    return fs3.readFileSync(path4.join(projectRoot, "Makefile"), "utf-8");
+  } catch {
+    return null;
+  }
+}
+function hasMakeTarget(makefile, target) {
+  const pattern = new RegExp(`^${target.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\s*:`, "m");
+  return pattern.test(makefile);
+}
+
+// src/core/checks/staleness.ts
+import * as path5 from "path";
+var WARNING_DAYS = 30;
+var INFO_DAYS = 14;
+async function checkStaleness(file, projectRoot) {
+  const issues = [];
+  if (!await isGitRepo(projectRoot)) {
+    return issues;
+  }
+  const relativePath = path5.relative(projectRoot, file.filePath).replace(/\\/g, "/");
+  const lastModified = await getFileLastModified(projectRoot, relativePath);
+  if (!lastModified || isNaN(lastModified.getTime())) {
+    return issues;
+  }
+  const daysSinceUpdate = Math.floor((Date.now() - lastModified.getTime()) / (1e3 * 60 * 60 * 24));
+  if (daysSinceUpdate < INFO_DAYS) {
+    return issues;
+  }
+  const referencedPaths = /* @__PURE__ */ new Set();
+  for (const ref of file.references.paths) {
+    const parts = ref.value.split("/");
+    if (parts.length > 1) {
+      referencedPaths.add(parts.slice(0, -1).join("/"));
+    }
+    referencedPaths.add(ref.value);
+  }
+  let totalCommits = 0;
+  let mostActiveRef = "";
+  let mostActiveCommits = 0;
+  for (const refPath of referencedPaths) {
+    const commits = await getCommitsSince(projectRoot, refPath, lastModified);
+    totalCommits += commits;
+    if (commits > mostActiveCommits) {
+      mostActiveCommits = commits;
+      mostActiveRef = refPath;
+    }
+  }
+  if (totalCommits === 0) {
+    return issues;
+  }
+  const severity = daysSinceUpdate >= WARNING_DAYS ? "warning" : "info";
+  issues.push({
+    severity,
+    check: "staleness",
+    line: 1,
+    message: `Last updated ${daysSinceUpdate} days ago. ${mostActiveRef} has ${mostActiveCommits} commits since.`,
+    suggestion: "Review and update this context file to reflect recent changes.",
+    detail: `${totalCommits} total commits to referenced paths since last update.`
+  });
+  return issues;
+}
+
+// src/core/checks/redundancy.ts
+import * as path6 from "path";
+var PACKAGE_TECH_MAP = {
+  react: ["React", "react"],
+  "react-dom": ["React DOM", "ReactDOM"],
+  next: ["Next.js", "NextJS", "next.js"],
+  express: ["Express", "express.js"],
+  fastify: ["Fastify"],
+  typescript: ["TypeScript"],
+  vue: ["Vue", "Vue.js", "vue.js"],
+  angular: ["Angular"],
+  svelte: ["Svelte", "SvelteKit"],
+  tailwindcss: ["Tailwind", "TailwindCSS", "tailwind"],
+  prisma: ["Prisma"],
+  drizzle: ["Drizzle"],
+  "drizzle-orm": ["Drizzle"],
+  jest: ["Jest"],
+  vitest: ["Vitest"],
+  mocha: ["Mocha"],
+  eslint: ["ESLint"],
+  prettier: ["Prettier"],
+  webpack: ["Webpack"],
+  vite: ["Vite"],
+  esbuild: ["esbuild"],
+  tsup: ["tsup"],
+  rollup: ["Rollup"],
+  graphql: ["GraphQL"],
+  mongoose: ["Mongoose"],
+  sequelize: ["Sequelize"],
+  "socket.io": ["Socket.IO", "socket.io"],
+  redis: ["Redis"],
+  ioredis: ["Redis"],
+  postgres: ["PostgreSQL", "Postgres"],
+  pg: ["PostgreSQL", "Postgres"],
+  mysql2: ["MySQL"],
+  sqlite3: ["SQLite"],
+  "better-sqlite3": ["SQLite"],
+  zod: ["Zod"],
+  joi: ["Joi"],
+  axios: ["Axios"],
+  lodash: ["Lodash", "lodash"],
+  underscore: ["Underscore"],
+  moment: ["Moment", "moment.js"],
+  dayjs: ["Day.js", "dayjs"],
+  "date-fns": ["date-fns"],
+  docker: ["Docker"],
+  kubernetes: ["Kubernetes", "K8s"],
+  terraform: ["Terraform"],
+  storybook: ["Storybook"],
+  playwright: ["Playwright"],
+  cypress: ["Cypress"],
+  puppeteer: ["Puppeteer"]
+};
+function compilePatterns(allDeps) {
+  const compiled = [];
+  for (const [pkg, mentions] of Object.entries(PACKAGE_TECH_MAP)) {
+    if (!allDeps.has(pkg)) continue;
+    for (const mention of mentions) {
+      const escaped = escapeRegex(mention);
+      compiled.push({
+        pkg,
+        mention,
+        patterns: [
+          new RegExp(`\\b(?:use|using|built with|powered by|written in)\\s+${escaped}\\b`, "i"),
+          new RegExp(`\\bwe\\s+use\\s+${escaped}\\b`, "i"),
+          new RegExp(`\\b${escaped}\\s+(?:project|app|application|codebase)\\b`, "i"),
+          new RegExp(`\\bThis is a\\s+${escaped}\\b`, "i")
+        ]
+      });
+    }
+  }
+  return compiled;
+}
+async function checkRedundancy(file, projectRoot) {
+  const issues = [];
+  const pkgJson = loadPackageJson(projectRoot);
+  if (pkgJson) {
+    const allDeps = /* @__PURE__ */ new Set([
+      ...Object.keys(pkgJson.dependencies || {}),
+      ...Object.keys(pkgJson.devDependencies || {})
+    ]);
+    const compiledPatterns = compilePatterns(allDeps);
+    const lines2 = file.content.split("\n");
+    for (let i = 0; i < lines2.length; i++) {
+      const line = lines2[i];
+      for (const { pkg, mention, patterns } of compiledPatterns) {
+        let matched = false;
+        for (const pattern of patterns) {
+          if (pattern.test(line)) {
+            matched = true;
+            break;
+          }
+        }
+        if (matched) {
+          const wastedTokens = countTokens(line.trim());
+          issues.push({
+            severity: "info",
+            check: "redundancy",
+            line: i + 1,
+            message: `"${mention}" is in package.json ${pkgJson.dependencies?.[pkg] ? "dependencies" : "devDependencies"} \u2014 agent can infer this`,
+            suggestion: `~${wastedTokens} tokens could be saved`
+          });
+        }
+      }
+    }
+  }
+  const lines = file.content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const dirMatch = line.match(
+      /(?:are|go|live|found|located|stored)\s+(?:in|at|under)\s+[`"]?(\S+\/)[`"]?/i
+    );
+    if (dirMatch) {
+      const dir = dirMatch[1].replace(/[`"]/g, "");
+      const fullPath = path6.resolve(projectRoot, dir);
+      if (isDirectory(fullPath)) {
+        issues.push({
+          severity: "info",
+          check: "redundancy",
+          line: i + 1,
+          message: `Directory "${dir}" exists and is discoverable \u2014 agent can find this by listing files`,
+          suggestion: "Only keep if there is non-obvious context about this directory"
+        });
+      }
+    }
+  }
+  return issues;
+}
+function checkDuplicateContent(files) {
+  const issues = [];
+  for (let i = 0; i < files.length; i++) {
+    for (let j = i + 1; j < files.length; j++) {
+      const overlap = calculateLineOverlap(files[i].content, files[j].content);
+      if (overlap > 0.6) {
+        issues.push({
+          severity: "warning",
+          check: "redundancy",
+          line: 1,
+          message: `${files[i].relativePath} and ${files[j].relativePath} have ${Math.round(overlap * 100)}% content overlap`,
+          suggestion: "Consider consolidating into a single context file"
+        });
+      }
+    }
+  }
+  return issues;
+}
+function calculateLineOverlap(contentA, contentB) {
+  const linesA = new Set(
+    contentA.split("\n").map((l) => l.trim()).filter((l) => l.length > 10)
+  );
+  const linesB = new Set(
+    contentB.split("\n").map((l) => l.trim()).filter((l) => l.length > 10)
+  );
+  if (linesA.size === 0 || linesB.size === 0) return 0;
+  let overlap = 0;
+  for (const line of linesA) {
+    if (linesB.has(line)) overlap++;
+  }
+  return overlap / Math.min(linesA.size, linesB.size);
+}
+function escapeRegex(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+// src/core/checks/contradictions.ts
+var DIRECTIVE_CATEGORIES = [
+  {
+    name: "testing framework",
+    options: [
+      {
+        label: "Jest",
+        patterns: [/\buse\s+jest\b/i, /\bjest\s+for\s+test/i, /\btest.*with\s+jest\b/i]
+      },
+      {
+        label: "Vitest",
+        patterns: [/\buse\s+vitest\b/i, /\bvitest\s+for\s+test/i, /\btest.*with\s+vitest\b/i]
+      },
+      {
+        label: "Mocha",
+        patterns: [/\buse\s+mocha\b/i, /\bmocha\s+for\s+test/i, /\btest.*with\s+mocha\b/i]
+      },
+      {
+        label: "pytest",
+        patterns: [/\buse\s+pytest\b/i, /\bpytest\s+for\s+test/i, /\btest.*with\s+pytest\b/i]
+      },
+      {
+        label: "Playwright",
+        patterns: [/\buse\s+playwright\b/i, /\bplaywright\s+for\s+(?:e2e|test)/i]
+      },
+      { label: "Cypress", patterns: [/\buse\s+cypress\b/i, /\bcypress\s+for\s+(?:e2e|test)/i] }
+    ]
+  },
+  {
+    name: "package manager",
+    options: [
+      {
+        label: "npm",
+        patterns: [
+          /\buse\s+npm\b/i,
+          /\bnpm\s+as\s+(?:the\s+)?package\s+manager/i,
+          /\balways\s+use\s+npm\b/i
+        ]
+      },
+      {
+        label: "pnpm",
+        patterns: [
+          /\buse\s+pnpm\b/i,
+          /\bpnpm\s+as\s+(?:the\s+)?package\s+manager/i,
+          /\balways\s+use\s+pnpm\b/i
+        ]
+      },
+      {
+        label: "yarn",
+        patterns: [
+          /\buse\s+yarn\b/i,
+          /\byarn\s+as\s+(?:the\s+)?package\s+manager/i,
+          /\balways\s+use\s+yarn\b/i
+        ]
+      },
+      {
+        label: "bun",
+        patterns: [
+          /\buse\s+bun\b/i,
+          /\bbun\s+as\s+(?:the\s+)?package\s+manager/i,
+          /\balways\s+use\s+bun\b/i
+        ]
+      }
+    ]
+  },
+  {
+    name: "indentation style",
+    options: [
+      {
+        label: "tabs",
+        patterns: [/\buse\s+tabs\b/i, /\btab\s+indentation\b/i, /\bindent\s+with\s+tabs\b/i]
+      },
+      {
+        label: "2 spaces",
+        patterns: [
+          /\b2[\s-]?space\s+indent/i,
+          /\bindent\s+with\s+2\s+spaces/i,
+          /\b2[\s-]?space\s+tabs?\b/i
+        ]
+      },
+      {
+        label: "4 spaces",
+        patterns: [
+          /\b4[\s-]?space\s+indent/i,
+          /\bindent\s+with\s+4\s+spaces/i,
+          /\b4[\s-]?space\s+tabs?\b/i
+        ]
+      }
+    ]
+  },
+  {
+    name: "semicolons",
+    options: [
+      {
+        label: "semicolons",
+        patterns: [
+          /\buse\s+semicolons\b/i,
+          /\balways\s+(?:use\s+)?semicolons\b/i,
+          /\bsemicolons:\s*(?:true|yes)\b/i
+        ]
+      },
+      {
+        label: "no semicolons",
+        patterns: [
+          /\bno\s+semicolons\b/i,
+          /\bavoid\s+semicolons\b/i,
+          /\bomit\s+semicolons\b/i,
+          /\bsemicolons:\s*(?:false|no)\b/i
+        ]
+      }
+    ]
+  },
+  {
+    name: "quote style",
+    options: [
+      {
+        label: "single quotes",
+        patterns: [
+          /\bsingle\s+quotes?\b/i,
+          /\buse\s+(?:single\s+)?['']single['']?\s+quotes?\b/i,
+          /\bprefer\s+single\s+quotes?\b/i
+        ]
+      },
+      {
+        label: "double quotes",
+        patterns: [
+          /\bdouble\s+quotes?\b/i,
+          /\buse\s+(?:double\s+)?[""]double[""]?\s+quotes?\b/i,
+          /\bprefer\s+double\s+quotes?\b/i
+        ]
+      }
+    ]
+  },
+  {
+    name: "naming convention",
+    options: [
+      {
+        label: "camelCase",
+        patterns: [/\bcamelCase\b/, /\bcamel[\s-]?case\s+(?:for|naming|convention)/i]
+      },
+      {
+        label: "snake_case",
+        patterns: [/\bsnake_case\b/, /\bsnake[\s-]?case\s+(?:for|naming|convention)/i]
+      },
+      {
+        label: "PascalCase",
+        patterns: [/\bPascalCase\b/, /\bpascal[\s-]?case\s+(?:for|naming|convention)/i]
+      },
+      {
+        label: "kebab-case",
+        patterns: [/\bkebab-case\b/, /\bkebab[\s-]?case\s+(?:for|naming|convention)/i]
+      }
+    ]
+  },
+  {
+    name: "CSS approach",
+    options: [
+      { label: "Tailwind", patterns: [/\buse\s+tailwind/i, /\btailwind\s+for\s+styl/i] },
+      {
+        label: "CSS Modules",
+        patterns: [/\buse\s+css\s+modules\b/i, /\bcss\s+modules\s+for\s+styl/i]
+      },
+      {
+        label: "styled-components",
+        patterns: [/\buse\s+styled[\s-]?components\b/i, /\bstyled[\s-]?components\s+for\s+styl/i]
+      },
+      { label: "CSS-in-JS", patterns: [/\buse\s+css[\s-]?in[\s-]?js\b/i] }
+    ]
+  },
+  {
+    name: "state management",
+    options: [
+      { label: "Redux", patterns: [/\buse\s+redux\b/i, /\bredux\s+for\s+state/i] },
+      { label: "Zustand", patterns: [/\buse\s+zustand\b/i, /\bzustand\s+for\s+state/i] },
+      { label: "MobX", patterns: [/\buse\s+mobx\b/i, /\bmobx\s+for\s+state/i] },
+      { label: "Jotai", patterns: [/\buse\s+jotai\b/i, /\bjotai\s+for\s+state/i] },
+      { label: "Recoil", patterns: [/\buse\s+recoil\b/i, /\brecoil\s+for\s+state/i] }
+    ]
+  }
+];
+function detectDirectives(file) {
+  const directives = [];
+  const lines = file.content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    for (const category of DIRECTIVE_CATEGORIES) {
+      for (const option of category.options) {
+        for (const pattern of option.patterns) {
+          if (pattern.test(line)) {
+            directives.push({
+              file: file.relativePath,
+              category: category.name,
+              label: option.label,
+              line: i + 1,
+              text: line.trim()
+            });
+            break;
+          }
+        }
+      }
+    }
+  }
+  return directives;
+}
+function checkContradictions(files) {
+  if (files.length < 2) return [];
+  const issues = [];
+  const allDirectives = [];
+  for (const file of files) {
+    allDirectives.push(...detectDirectives(file));
+  }
+  const byCategory = /* @__PURE__ */ new Map();
+  for (const d of allDirectives) {
+    const existing = byCategory.get(d.category) || [];
+    existing.push(d);
+    byCategory.set(d.category, existing);
+  }
+  for (const [category, directives] of byCategory) {
+    const byFile = /* @__PURE__ */ new Map();
+    for (const d of directives) {
+      const existing = byFile.get(d.file) || [];
+      existing.push(d);
+      byFile.set(d.file, existing);
+    }
+    const labels = new Set(directives.map((d) => d.label));
+    if (labels.size <= 1) continue;
+    const fileLabels = /* @__PURE__ */ new Map();
+    for (const d of directives) {
+      const existing = fileLabels.get(d.file) || /* @__PURE__ */ new Set();
+      existing.add(d.label);
+      fileLabels.set(d.file, existing);
+    }
+    const fileEntries = [...fileLabels.entries()];
+    for (let i = 0; i < fileEntries.length; i++) {
+      for (let j = i + 1; j < fileEntries.length; j++) {
+        const [fileA, labelsA] = fileEntries[i];
+        const [fileB, labelsB] = fileEntries[j];
+        for (const labelA of labelsA) {
+          for (const labelB of labelsB) {
+            if (labelA !== labelB) {
+              const directiveA = directives.find((d) => d.file === fileA && d.label === labelA);
+              const directiveB = directives.find((d) => d.file === fileB && d.label === labelB);
+              issues.push({
+                severity: "warning",
+                check: "contradictions",
+                line: directiveA.line,
+                message: `${category} conflict: "${directiveA.label}" in ${fileA} vs "${directiveB.label}" in ${fileB}`,
+                suggestion: `Align on one ${category} across all context files`,
+                detail: `${fileA}:${directiveA.line} says "${directiveA.text}" but ${fileB}:${directiveB.line} says "${directiveB.text}"`
+              });
+            }
+          }
+        }
+      }
+    }
+  }
+  return issues;
+}
+
+// src/core/checks/frontmatter.ts
+function parseFrontmatter(content) {
+  const lines = content.split("\n");
+  if (lines[0]?.trim() !== "---") {
+    return { found: false, fields: {}, endLine: 0 };
+  }
+  const fields = {};
+  let endLine = 0;
+  for (let i = 1; i < lines.length; i++) {
+    const line = lines[i].trim();
+    if (line === "---") {
+      endLine = i + 1;
+      break;
+    }
+    const match = line.match(/^(\w+)\s*:\s*(.*)$/);
+    if (match) {
+      fields[match[1]] = match[2].trim();
+    }
+  }
+  if (endLine === 0) {
+    return { found: true, fields, endLine: lines.length };
+  }
+  return { found: true, fields, endLine };
+}
+function isCursorMdc(file) {
+  return file.relativePath.endsWith(".mdc");
+}
+function isCopilotInstructions(file) {
+  return file.relativePath.includes(".github/instructions/") && file.relativePath.endsWith(".md");
+}
+function isWindsurfRule(file) {
+  return file.relativePath.includes(".windsurf/rules/") && file.relativePath.endsWith(".md");
+}
+var VALID_WINDSURF_TRIGGERS = ["always_on", "glob", "manual", "model"];
+async function checkFrontmatter(file, _projectRoot) {
+  const issues = [];
+  if (isCursorMdc(file)) {
+    issues.push(...validateCursorMdc(file));
+  } else if (isCopilotInstructions(file)) {
+    issues.push(...validateCopilotInstructions(file));
+  } else if (isWindsurfRule(file)) {
+    issues.push(...validateWindsurfRule(file));
+  }
+  return issues;
+}
+function validateCursorMdc(file) {
+  const issues = [];
+  const fm = parseFrontmatter(file.content);
+  if (!fm.found) {
+    issues.push({
+      severity: "warning",
+      check: "frontmatter",
+      line: 1,
+      message: "Cursor .mdc file is missing frontmatter",
+      suggestion: "Add YAML frontmatter with description, globs, and alwaysApply fields"
+    });
+    return issues;
+  }
+  if (!fm.fields["description"]) {
+    issues.push({
+      severity: "warning",
+      check: "frontmatter",
+      line: 1,
+      message: 'Missing "description" field in Cursor .mdc frontmatter',
+      suggestion: "Add a description so Cursor knows when to apply this rule"
+    });
+  }
+  if (!("alwaysApply" in fm.fields) && !("globs" in fm.fields)) {
+    issues.push({
+      severity: "info",
+      check: "frontmatter",
+      line: 1,
+      message: 'No "alwaysApply" or "globs" field \u2014 rule may not be applied automatically',
+      suggestion: "Set alwaysApply: true or specify globs for targeted activation"
+    });
+  }
+  if ("alwaysApply" in fm.fields) {
+    const val = fm.fields["alwaysApply"].toLowerCase();
+    if (!["true", "false"].includes(val)) {
+      issues.push({
+        severity: "error",
+        check: "frontmatter",
+        line: 1,
+        message: `Invalid alwaysApply value: "${fm.fields["alwaysApply"]}"`,
+        suggestion: "alwaysApply must be true or false"
+      });
+    }
+  }
+  if ("globs" in fm.fields) {
+    const val = fm.fields["globs"];
+    if (val && !val.startsWith("[") && !val.startsWith('"') && !val.includes("*") && !val.includes("/")) {
+      issues.push({
+        severity: "warning",
+        check: "frontmatter",
+        line: 1,
+        message: `Possibly invalid globs value: "${val}"`,
+        suggestion: 'globs should be a glob pattern like "src/**/*.ts" or an array like ["*.ts", "*.tsx"]'
+      });
+    }
+  }
+  return issues;
+}
+function validateCopilotInstructions(file) {
+  const issues = [];
+  const fm = parseFrontmatter(file.content);
+  if (!fm.found) {
+    issues.push({
+      severity: "info",
+      check: "frontmatter",
+      line: 1,
+      message: "Copilot instructions file has no frontmatter",
+      suggestion: "Add applyTo frontmatter to target specific file patterns"
+    });
+    return issues;
+  }
+  if (!fm.fields["applyTo"]) {
+    issues.push({
+      severity: "warning",
+      check: "frontmatter",
+      line: 1,
+      message: 'Missing "applyTo" field in Copilot instructions frontmatter',
+      suggestion: 'Add applyTo to specify which files this instruction applies to (e.g., applyTo: "**/*.ts")'
+    });
+  }
+  return issues;
+}
+function validateWindsurfRule(file) {
+  const issues = [];
+  const fm = parseFrontmatter(file.content);
+  if (!fm.found) {
+    issues.push({
+      severity: "info",
+      check: "frontmatter",
+      line: 1,
+      message: "Windsurf rule file has no frontmatter",
+      suggestion: "Add YAML frontmatter with a trigger field (always_on, glob, manual, model)"
+    });
+    return issues;
+  }
+  if (!fm.fields["trigger"]) {
+    issues.push({
+      severity: "warning",
+      check: "frontmatter",
+      line: 1,
+      message: 'Missing "trigger" field in Windsurf rule frontmatter',
+      suggestion: `Set trigger to one of: ${VALID_WINDSURF_TRIGGERS.join(", ")}`
+    });
+  } else {
+    const trigger = fm.fields["trigger"].replace(/['"]/g, "");
+    if (!VALID_WINDSURF_TRIGGERS.includes(trigger)) {
+      issues.push({
+        severity: "error",
+        check: "frontmatter",
+        line: 1,
+        message: `Invalid trigger value: "${trigger}"`,
+        suggestion: `Valid triggers: ${VALID_WINDSURF_TRIGGERS.join(", ")}`
+      });
+    }
+  }
+  return issues;
+}
+
+// src/core/checks/mcp/schema.ts
+async function checkMcpSchema(config, _projectRoot) {
+  const issues = [];
+  if (config.parseErrors.length > 0) {
+    for (const err of config.parseErrors) {
+      issues.push({
+        severity: "error",
+        check: "mcp-schema",
+        ruleId: "invalid-json",
+        line: 1,
+        message: `MCP config is not valid JSON: ${err}`
+      });
+    }
+    return issues;
+  }
+  if (!config.actualRootKey) {
+    issues.push({
+      severity: "error",
+      check: "mcp-schema",
+      ruleId: "missing-root-key",
+      line: 1,
+      message: `MCP config has no "${config.expectedRootKey}" key`
+    });
+    return issues;
+  }
+  if (config.actualRootKey !== config.expectedRootKey) {
+    const line = findKeyLine(config.content, config.actualRootKey);
+    issues.push({
+      severity: "error",
+      check: "mcp-schema",
+      ruleId: "wrong-root-key",
+      line,
+      message: `${config.relativePath} must use "${config.expectedRootKey}" as root key, not "${config.actualRootKey}"`,
+      fix: {
+        file: config.filePath,
+        line,
+        oldText: `"${config.actualRootKey}"`,
+        newText: `"${config.expectedRootKey}"`
+      }
+    });
+  }
+  if (config.servers.length === 0 && config.actualRootKey) {
+    issues.push({
+      severity: "info",
+      check: "mcp-schema",
+      ruleId: "empty-servers",
+      line: 1,
+      message: "MCP config has no server entries"
+    });
+    return issues;
+  }
+  for (const server of config.servers) {
+    if (!server.name) {
+      issues.push({
+        severity: "error",
+        check: "mcp-schema",
+        ruleId: "no-name-field",
+        line: server.line,
+        message: "Server name cannot be empty"
+      });
+      continue;
+    }
+    if (server.transport === "unknown") {
+      const typeVal = server.raw.type;
+      if (typeof typeVal === "string") {
+        issues.push({
+          severity: "warning",
+          check: "mcp-schema",
+          ruleId: "unknown-transport",
+          line: server.line,
+          message: `Server "${server.name}" has unknown transport type "${typeVal}"`
+        });
+      }
+    }
+    if (server.command && server.url) {
+      issues.push({
+        severity: "warning",
+        check: "mcp-schema",
+        ruleId: "ambiguous-transport",
+        line: server.line,
+        message: `Server "${server.name}" has both "command" and "url" \u2014 transport is ambiguous`
+      });
+    }
+    if (server.transport === "stdio" && !server.command) {
+      issues.push({
+        severity: "error",
+        check: "mcp-schema",
+        ruleId: "missing-command",
+        line: server.line,
+        message: `Server "${server.name}" has no "command" field`
+      });
+    }
+    if ((server.transport === "http" || server.transport === "sse") && !server.url) {
+      issues.push({
+        severity: "error",
+        check: "mcp-schema",
+        ruleId: "missing-url",
+        line: server.line,
+        message: `Server "${server.name}" has no "url" field`
+      });
+    }
+  }
+  return issues;
+}
+function findKeyLine(content, key) {
+  const lines = content.split("\n");
+  const escaped = key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(`"${escaped}"\\s*:`);
+  for (let i = 0; i < lines.length; i++) {
+    if (pattern.test(lines[i])) {
+      return i + 1;
+    }
+  }
+  return 1;
+}
+
+// src/core/checks/mcp/security.ts
+var API_KEY_PATTERNS = [
+  /sk-[a-zA-Z0-9]{20,}/,
+  // OpenAI / generic
+  /ghp_[a-zA-Z0-9]{36}/,
+  // GitHub PAT
+  /ghu_[a-zA-Z0-9]{36}/,
+  // GitHub user token
+  /github_pat_[a-zA-Z0-9_]{80,}/,
+  // GitHub fine-grained PAT
+  /xoxb-[0-9]{10,}/,
+  // Slack bot
+  /xoxp-[0-9]{10,}/,
+  // Slack user
+  /AKIA[0-9A-Z]{16}/,
+  // AWS access key
+  /AGE-SECRET-KEY-1[a-zA-Z0-9]+/,
+  // age encryption key
+  /glpat-[a-zA-Z0-9_\-]{20}/,
+  // GitLab PAT
+  /sq0atp-[a-zA-Z0-9_\-]{22}/
+  // Square
+];
+var ENV_VAR_REF = /\$\{[^}]+\}/;
+var HIGH_ENTROPY_PATTERN = /^[A-Za-z0-9+/=_-]{21,}$/;
+var URL_SECRET_PARAMS = /[?&](key|token|api_key|apikey|secret|password|access_token)=/i;
+function isEnvVarRef(value) {
+  return ENV_VAR_REF.test(value);
+}
+function isKnownApiKey(value) {
+  return API_KEY_PATTERNS.some((p) => p.test(value));
+}
+function isHighEntropySecret(value) {
+  if (isEnvVarRef(value)) return false;
+  return HIGH_ENTROPY_PATTERN.test(value);
+}
+function deriveEnvVarName(serverName, suffix) {
+  return serverName.replace(/[^a-zA-Z0-9]+/g, "_").toUpperCase().replace(/^_|_$/g, "") + "_" + suffix;
+}
+async function checkMcpSecurity(config, _projectRoot) {
+  const issues = [];
+  if (!config.isGitTracked) return issues;
+  if (config.parseErrors.length > 0) return issues;
+  for (const server of config.servers) {
+    if (server.headers) {
+      for (const [headerName, headerValue] of Object.entries(server.headers)) {
+        if (headerName.toLowerCase() === "authorization") {
+          const bearerMatch = headerValue.match(/^Bearer\s+(.+)$/i);
+          if (bearerMatch) {
+            const token = bearerMatch[1];
+            if (!isEnvVarRef(token)) {
+              const envVar = deriveEnvVarName(server.name, "API_KEY");
+              issues.push({
+                severity: "error",
+                check: "mcp-security",
+                ruleId: "hardcoded-bearer",
+                line: server.line,
+                message: `Server "${server.name}" has a hardcoded Bearer token in a git-tracked file`,
+                fix: {
+                  file: config.filePath,
+                  line: server.line,
+                  oldText: `Bearer ${token}`,
+                  newText: `Bearer \${${envVar}}`
+                }
+              });
+            }
+          }
+        }
+        if (!isEnvVarRef(headerValue) && isKnownApiKey(headerValue)) {
+          issues.push({
+            severity: "error",
+            check: "mcp-security",
+            ruleId: "hardcoded-api-key",
+            line: server.line,
+            message: `Server "${server.name}" has a hardcoded API key in a git-tracked file`
+          });
+        }
+      }
+    }
+    if (server.env) {
+      for (const envValue of Object.values(server.env)) {
+        if (!isEnvVarRef(envValue) && (isKnownApiKey(envValue) || isHighEntropySecret(envValue))) {
+          const envVar = deriveEnvVarName(server.name, "API_KEY");
+          issues.push({
+            severity: "error",
+            check: "mcp-security",
+            ruleId: "hardcoded-api-key",
+            line: server.line,
+            message: `Server "${server.name}" has a hardcoded API key in a git-tracked file`,
+            fix: {
+              file: config.filePath,
+              line: server.line,
+              oldText: envValue,
+              newText: `\${${envVar}}`
+            }
+          });
+        }
+      }
+    }
+    if (server.url && !isEnvVarRef(server.url) && URL_SECRET_PARAMS.test(server.url)) {
+      issues.push({
+        severity: "error",
+        check: "mcp-security",
+        ruleId: "secret-in-url",
+        line: server.line,
+        message: `Server "${server.name}" has a secret in the URL query string`
+      });
+    }
+    if (server.url) {
+      try {
+        if (!isEnvVarRef(server.url)) {
+          const parsed = new URL(server.url);
+          if (parsed.protocol === "http:" && parsed.hostname !== "localhost" && parsed.hostname !== "127.0.0.1" && parsed.hostname !== "::1") {
+            issues.push({
+              severity: "warning",
+              check: "mcp-security",
+              ruleId: "http-no-tls",
+              line: server.line,
+              message: `Server "${server.name}" uses HTTP without TLS`
+            });
+          }
+        }
+      } catch {
+      }
+    }
+  }
+  return issues;
+}
+
+// src/core/checks/mcp/commands.ts
+import * as fs4 from "fs";
+import * as path7 from "path";
+var LOCAL_PATH_PATTERN = /^\.\.?\//;
+var FILE_PATH_PATTERN = /^[^-].*\/.*\.\w+$/;
+async function checkMcpCommands(config, projectRoot) {
+  const issues = [];
+  if (config.parseErrors.length > 0) return issues;
+  for (const server of config.servers) {
+    if (server.transport !== "stdio" || !server.command) continue;
+    if (process.platform === "win32" && config.scope === "project" && server.command === "npx") {
+      issues.push({
+        severity: "error",
+        check: "mcp-commands",
+        ruleId: "windows-npx-no-wrapper",
+        line: server.line,
+        message: `Server "${server.name}": npx requires "cmd /c" wrapper on Windows`,
+        suggestion: 'Change command to "cmd" and prepend "/c", "npx" to args: ["/c", "npx", ...]',
+        fix: buildNpxFix(config, server.name, server.args)
+      });
+    }
+    if (LOCAL_PATH_PATTERN.test(server.command)) {
+      const resolved = path7.resolve(projectRoot, server.command);
+      if (!fileExistsSafe(resolved)) {
+        issues.push({
+          severity: "warning",
+          check: "mcp-commands",
+          ruleId: "command-not-found",
+          line: server.line,
+          message: `Server "${server.name}": command "${server.command}" not found`
+        });
+      }
+    }
+    if (server.args) {
+      for (const arg of server.args) {
+        if (LOCAL_PATH_PATTERN.test(arg) || FILE_PATH_PATTERN.test(arg)) {
+          const resolved = path7.resolve(projectRoot, arg);
+          if (!fileExistsSafe(resolved)) {
+            issues.push({
+              severity: "warning",
+              check: "mcp-commands",
+              ruleId: "args-path-missing",
+              line: server.line,
+              message: `Server "${server.name}": arg "${arg}" looks like a file path but doesn't exist`
+            });
+          }
+        }
+      }
+    }
+  }
+  return issues;
+}
+function fileExistsSafe(filePath) {
+  try {
+    fs4.accessSync(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function buildNpxFix(config, serverName, _args) {
+  const lines = config.content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line.includes('"command"') && line.includes('"npx"')) {
+      let inRightServer = false;
+      for (let j = i - 1; j >= 0; j--) {
+        if (lines[j].includes(`"${serverName}"`)) {
+          inRightServer = true;
+          break;
+        }
+        if (lines[j].includes('"command"')) break;
+      }
+      if (!inRightServer) continue;
+      return {
+        file: config.filePath,
+        line: i + 1,
+        oldText: '"npx"',
+        newText: '"cmd"'
+      };
+    }
+  }
+  return void 0;
+}
+
+// src/core/checks/mcp/deprecated.ts
+async function checkMcpDeprecated(config, _projectRoot) {
+  const issues = [];
+  if (config.parseErrors.length > 0) return issues;
+  for (const server of config.servers) {
+    if (server.transport === "sse") {
+      const line = findTypeLine(config.content, server.name) || server.line;
+      issues.push({
+        severity: "warning",
+        check: "mcp-deprecated",
+        ruleId: "sse-transport",
+        line,
+        message: `Server "${server.name}" uses deprecated SSE transport \u2014 use "http" (Streamable HTTP) instead`,
+        fix: {
+          file: config.filePath,
+          line,
+          oldText: '"sse"',
+          newText: '"http"'
+        }
+      });
+    }
+  }
+  return issues;
+}
+function findTypeLine(content, serverName) {
+  const lines = content.split("\n");
+  let inServer = false;
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i].includes(`"${serverName}"`)) {
+      inServer = true;
+    }
+    if (inServer && lines[i].includes('"type"') && lines[i].includes('"sse"')) {
+      return i + 1;
+    }
+    if (inServer && i > 0 && lines[i].match(/^\s{4}"\w/) && !lines[i].includes(`"${serverName}"`)) {
+      const indent = lines[i].search(/\S/);
+      const serverIndent = lines.findIndex((l) => l.includes(`"${serverName}"`));
+      if (serverIndent >= 0) {
+        const origIndent = lines[serverIndent].search(/\S/);
+        if (indent <= origIndent) break;
+      }
+    }
+  }
+  return null;
+}
+
+// src/core/checks/mcp/env.ts
+var HAS_CURSOR_SYNTAX = /\$\{env:[^}]+\}/;
+var HAS_CLAUDE_SYNTAX = /\$\{[A-Za-z_][A-Za-z0-9_]*(?::-.*)?\}/;
+var HAS_CONTINUE_SYNTAX = /\$\{\{\s*secrets\.[^}]+\}\}/;
+var ANY_ENV_REF = /\$\{[^}]+\}/g;
+function extractEnvVarRefs(value) {
+  const refs = [];
+  let match;
+  ANY_ENV_REF.lastIndex = 0;
+  while ((match = ANY_ENV_REF.exec(value)) !== null) {
+    const full = match[0];
+    let varName = null;
+    const cursorMatch = full.match(/^\$\{env:([A-Za-z_][A-Za-z0-9_]*)\}$/);
+    if (cursorMatch) {
+      varName = cursorMatch[1];
+    }
+    const continueMatch = full.match(/^\$\{\{\s*secrets\.([A-Za-z_][A-Za-z0-9_]*)\s*\}\}$/);
+    if (continueMatch) {
+      varName = continueMatch[1];
+    }
+    const claudeMatch = full.match(/^\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}$/);
+    if (!varName && claudeMatch) {
+      varName = claudeMatch[1];
+    }
+    if (varName) {
+      refs.push({ varName, fullMatch: full });
+    }
+  }
+  return refs;
+}
+function collectAllStringValues(server) {
+  const values = [];
+  if (server.command) values.push(server.command);
+  if (server.args) values.push(...server.args);
+  if (server.url) values.push(server.url);
+  if (server.headers) values.push(...Object.values(server.headers));
+  if (server.env) values.push(...Object.values(server.env));
+  return values;
+}
+async function checkMcpEnv(config, _projectRoot) {
+  const issues = [];
+  if (config.parseErrors.length > 0) return issues;
+  for (const server of config.servers) {
+    const allValues = collectAllStringValues(server);
+    for (const value of allValues) {
+      if (config.client === "claude-code") {
+        if (HAS_CURSOR_SYNTAX.test(value)) {
+          issues.push({
+            severity: "error",
+            check: "mcp-env",
+            ruleId: "wrong-syntax",
+            line: server.line,
+            message: `Server "${server.name}": Claude Code uses \${VAR}, not \${env:VAR}`,
+            fix: buildSyntaxFix(config, server.line, value, "claude-code")
+          });
+        }
+      }
+      if (config.client === "cursor") {
+        if (HAS_CLAUDE_SYNTAX.test(value) && !HAS_CURSOR_SYNTAX.test(value) && !HAS_CONTINUE_SYNTAX.test(value)) {
+          issues.push({
+            severity: "error",
+            check: "mcp-env",
+            ruleId: "wrong-syntax",
+            line: server.line,
+            message: `Server "${server.name}": Cursor uses \${env:VAR}, not \${VAR}`,
+            fix: buildSyntaxFix(config, server.line, value, "cursor")
+          });
+        }
+      }
+      if (config.client === "continue") {
+        if ((HAS_CLAUDE_SYNTAX.test(value) || HAS_CURSOR_SYNTAX.test(value)) && !HAS_CONTINUE_SYNTAX.test(value)) {
+          issues.push({
+            severity: "error",
+            check: "mcp-env",
+            ruleId: "wrong-syntax",
+            line: server.line,
+            message: `Server "${server.name}": Continue uses \${{ secrets.VAR }}, not \${VAR}`,
+            fix: buildSyntaxFix(config, server.line, value, "continue")
+          });
+        }
+      }
+    }
+    for (const value of allValues) {
+      const refs = extractEnvVarRefs(value);
+      for (const ref of refs) {
+        if (!(ref.varName in process.env)) {
+          issues.push({
+            severity: "info",
+            check: "mcp-env",
+            ruleId: "unset-variable",
+            line: server.line,
+            message: `Server "${server.name}": environment variable "${ref.varName}" is not set`
+          });
+        }
+      }
+    }
+    if (server.env && Object.keys(server.env).length === 0) {
+      issues.push({
+        severity: "info",
+        check: "mcp-env",
+        ruleId: "empty-env-block",
+        line: server.line,
+        message: `Server "${server.name}": empty "env" block can be removed`
+      });
+    }
+  }
+  return issues;
+}
+function buildSyntaxFix(config, line, value, targetClient) {
+  if (targetClient === "claude-code") {
+    const fixed = value.replace(/\$\{env:([^}]+)\}/g, "${$1}");
+    return { file: config.filePath, line, oldText: value, newText: fixed };
+  }
+  if (targetClient === "cursor") {
+    const fixed = value.replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}/g, (match, varName) => {
+      if (match.startsWith("${env:")) return match;
+      return `\${env:${varName}}`;
+    });
+    return { file: config.filePath, line, oldText: value, newText: fixed };
+  }
+  if (targetClient === "continue") {
+    let fixed = value.replace(/\$\{env:([A-Za-z_][A-Za-z0-9_]*)\}/g, "${{ secrets.$1 }}");
+    fixed = fixed.replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}/g, (match) => {
+      if (match.includes("secrets.")) return match;
+      const varMatch = match.match(/\$\{([A-Za-z_][A-Za-z0-9_]*)/);
+      return varMatch ? `\${{ secrets.${varMatch[1]} }}` : match;
+    });
+    return { file: config.filePath, line, oldText: value, newText: fixed };
+  }
+  return void 0;
+}
+
+// src/core/checks/mcp/urls.ts
+var ENV_VAR_REF2 = /\$\{[^}]+\}/;
+async function checkMcpUrls(config, _projectRoot) {
+  const issues = [];
+  if (config.parseErrors.length > 0) return issues;
+  for (const server of config.servers) {
+    if (!server.url) continue;
+    if (ENV_VAR_REF2.test(server.url)) continue;
+    let parsed;
+    try {
+      parsed = new URL(server.url);
+    } catch {
+      issues.push({
+        severity: "error",
+        check: "mcp-urls",
+        ruleId: "malformed-url",
+        line: server.line,
+        message: `Server "${server.name}": invalid URL "${server.url}"`
+      });
+      continue;
+    }
+    if (config.scope === "project" && (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1")) {
+      issues.push({
+        severity: "warning",
+        check: "mcp-urls",
+        ruleId: "localhost-in-project-config",
+        line: server.line,
+        message: `Server "${server.name}": localhost URL in project config won't work for teammates`
+      });
+    }
+    if (!parsed.pathname || parsed.pathname === "/") {
+      issues.push({
+        severity: "info",
+        check: "mcp-urls",
+        ruleId: "missing-path",
+        line: server.line,
+        message: `Server "${server.name}": URL has no path \u2014 most MCP servers expect /mcp`
+      });
+    }
+  }
+  return issues;
+}
+
+// src/core/checks/mcp/consistency.ts
+async function checkMcpConsistency(configs) {
+  const issues = [];
+  if (configs.length < 2) {
+    return checkSingleFileIssues(configs).concat(checkMissingFromClient(configs));
+  }
+  const serverMap = /* @__PURE__ */ new Map();
+  for (const config of configs) {
+    for (const server of config.servers) {
+      const existing = serverMap.get(server.name) || [];
+      existing.push({
+        config,
+        command: server.command,
+        url: server.url,
+        args: server.args,
+        line: server.line
+      });
+      serverMap.set(server.name, existing);
+    }
+  }
+  for (const [name, entries] of serverMap) {
+    if (entries.length < 2) continue;
+    for (let i = 0; i < entries.length; i++) {
+      for (let j = i + 1; j < entries.length; j++) {
+        const a = entries[i];
+        const b = entries[j];
+        const aKey = JSON.stringify({ cmd: a.command, url: a.url, args: a.args });
+        const bKey = JSON.stringify({ cmd: b.command, url: b.url, args: b.args });
+        if (aKey !== bKey) {
+          issues.push({
+            severity: "warning",
+            check: "mcp-consistency",
+            ruleId: "same-server-different-config",
+            line: a.line,
+            message: `Server "${name}" is configured differently in ${a.config.relativePath} and ${b.config.relativePath}`
+          });
+        }
+      }
+    }
+  }
+  issues.push(...checkMissingFromClient(configs));
+  issues.push(...checkSingleFileIssues(configs));
+  return issues;
+}
+function checkMissingFromClient(configs) {
+  const issues = [];
+  const primary = configs.find((c) => c.relativePath === ".mcp.json" && c.scope === "project");
+  if (!primary) return issues;
+  const otherConfigs = configs.filter(
+    (c) => c !== primary && c.scope === "project" && (c.relativePath.includes(".cursor/") || c.relativePath.includes(".vscode/") || c.relativePath.includes(".amazonq/"))
+  );
+  for (const other of otherConfigs) {
+    const otherNames = new Set(other.servers.map((s) => s.name));
+    for (const primaryServer of primary.servers) {
+      if (!otherNames.has(primaryServer.name)) {
+        issues.push({
+          severity: "info",
+          check: "mcp-consistency",
+          ruleId: "missing-from-client",
+          line: primaryServer.line,
+          message: `Server "${primaryServer.name}" is in .mcp.json but missing from ${other.relativePath}`
+        });
+      }
+    }
+  }
+  return issues;
+}
+function checkSingleFileIssues(configs) {
+  const issues = [];
+  for (const config of configs) {
+    const nameCount = /* @__PURE__ */ new Map();
+    const lines = config.content.split("\n");
+    for (const server of config.servers) {
+      const escaped = server.name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+      const pattern = new RegExp(`"${escaped}"\\s*:`, "g");
+      let count = 0;
+      for (const line of lines) {
+        if (pattern.test(line)) count++;
+        pattern.lastIndex = 0;
+      }
+      nameCount.set(server.name, count);
+    }
+    for (const [name, count] of nameCount) {
+      if (count > 1) {
+        issues.push({
+          severity: "warning",
+          check: "mcp-consistency",
+          ruleId: "duplicate-server-name",
+          line: 1,
+          message: `Duplicate server name "${name}" in ${config.relativePath} \u2014 only the last definition is used`
+        });
+      }
+    }
+  }
+  return issues;
+}
+
+// src/core/checks/mcp/redundancy.ts
+async function checkMcpRedundancy(configs) {
+  const issues = [];
+  for (const config of configs) {
+    for (const server of config.servers) {
+      if (server.disabled === true) {
+        issues.push({
+          severity: "info",
+          check: "mcp-redundancy",
+          ruleId: "disabled-server",
+          line: server.line,
+          message: `Server "${server.name}" is disabled \u2014 consider removing it if no longer needed`
+        });
+      }
+    }
+  }
+  const projectConfigs = configs.filter((c) => c.scope === "project");
+  const globalConfigs = configs.filter((c) => c.scope === "user" || c.scope === "global");
+  for (const projectConfig of projectConfigs) {
+    for (const projectServer of projectConfig.servers) {
+      for (const globalConfig of globalConfigs) {
+        const globalServer = globalConfig.servers.find((s) => s.name === projectServer.name);
+        if (!globalServer) continue;
+        const projectKey = JSON.stringify({
+          command: projectServer.command,
+          args: projectServer.args,
+          url: projectServer.url,
+          env: projectServer.env
+        });
+        const globalKey = JSON.stringify({
+          command: globalServer.command,
+          args: globalServer.args,
+          url: globalServer.url,
+          env: globalServer.env
+        });
+        if (projectKey === globalKey) {
+          issues.push({
+            severity: "info",
+            check: "mcp-redundancy",
+            ruleId: "identical-across-scopes",
+            line: projectServer.line,
+            message: `Server "${projectServer.name}" is identically configured in both ${projectConfig.relativePath} and ${globalConfig.relativePath}`
+          });
+        }
+      }
+    }
+  }
+  return issues;
+}
+
+// src/core/audit.ts
+var ALL_CHECKS = [
+  "paths",
+  "commands",
+  "staleness",
+  "tokens",
+  "redundancy",
+  "contradictions",
+  "frontmatter"
+];
+var ALL_MCP_CHECKS = [
+  "mcp-schema",
+  "mcp-security",
+  "mcp-commands",
+  "mcp-deprecated",
+  "mcp-env",
+  "mcp-urls",
+  "mcp-consistency",
+  "mcp-redundancy"
+];
+function hasMcpChecks(checks) {
+  return checks.some((c) => c.startsWith("mcp-"));
+}
+async function runAudit(projectRoot, activeChecks, options = {}) {
+  const fileResults = [];
+  const shouldRunContextChecks = !options.mcpOnly;
+  const shouldRunMcpChecks = options.mcp || options.mcpGlobal || options.mcpOnly || hasMcpChecks(activeChecks);
+  if (shouldRunContextChecks) {
+    const discovered = await scanForContextFiles(projectRoot, {
+      depth: options.depth,
+      extraPatterns: options.extraPatterns
+    });
+    const parsed = discovered.map((f) => parseContextFile(f));
+    for (const file of parsed) {
+      const checkPromises = [];
+      if (activeChecks.includes("paths")) checkPromises.push(checkPaths(file, projectRoot));
+      if (activeChecks.includes("commands")) checkPromises.push(checkCommands(file, projectRoot));
+      if (activeChecks.includes("staleness")) checkPromises.push(checkStaleness(file, projectRoot));
+      if (activeChecks.includes("tokens")) checkPromises.push(checkTokens(file, projectRoot));
+      if (activeChecks.includes("redundancy"))
+        checkPromises.push(checkRedundancy(file, projectRoot));
+      if (activeChecks.includes("frontmatter"))
+        checkPromises.push(checkFrontmatter(file, projectRoot));
+      const results = await Promise.all(checkPromises);
+      const issues = results.flat();
+      fileResults.push({
+        path: file.relativePath,
+        isSymlink: file.isSymlink,
+        symlinkTarget: file.symlinkTarget,
+        tokens: file.totalTokens,
+        lines: file.totalLines,
+        issues
+      });
+    }
+    if (activeChecks.includes("tokens")) {
+      const aggIssue = checkAggregateTokens(
+        fileResults.map((f) => ({ path: f.path, tokens: f.tokens }))
+      );
+      if (aggIssue && fileResults.length > 0) fileResults[0].issues.push(aggIssue);
+    }
+    if (activeChecks.includes("redundancy")) {
+      const dupIssues = checkDuplicateContent(parsed);
+      if (dupIssues.length > 0 && fileResults.length > 0) fileResults[0].issues.push(...dupIssues);
+    }
+    if (activeChecks.includes("contradictions")) {
+      const contradictionIssues = checkContradictions(parsed);
+      if (contradictionIssues.length > 0 && fileResults.length > 0)
+        fileResults[0].issues.push(...contradictionIssues);
+    }
+  }
+  if (shouldRunMcpChecks) {
+    const mcpFiles = await scanForMcpConfigs(projectRoot);
+    const mcpConfigs = mcpFiles.map(
+      (f) => parseMcpConfig(f, projectRoot, "project")
+    );
+    if (options.mcpGlobal) {
+      const globalFiles = await scanGlobalMcpConfigs();
+      mcpConfigs.push(...globalFiles.map((f) => parseMcpConfig(f, projectRoot, "user")));
+    }
+    const activeMcpChecks = activeChecks.filter((c) => c.startsWith("mcp-"));
+    const mcpChecksToRun = activeMcpChecks.length > 0 ? activeMcpChecks : options.mcp || options.mcpGlobal || options.mcpOnly ? ALL_MCP_CHECKS : [];
+    for (const config of mcpConfigs) {
+      const checkPromises = [];
+      if (mcpChecksToRun.includes("mcp-schema"))
+        checkPromises.push(checkMcpSchema(config, projectRoot));
+      if (mcpChecksToRun.includes("mcp-security"))
+        checkPromises.push(checkMcpSecurity(config, projectRoot));
+      if (mcpChecksToRun.includes("mcp-commands"))
+        checkPromises.push(checkMcpCommands(config, projectRoot));
+      if (mcpChecksToRun.includes("mcp-deprecated"))
+        checkPromises.push(checkMcpDeprecated(config, projectRoot));
+      if (mcpChecksToRun.includes("mcp-env")) checkPromises.push(checkMcpEnv(config, projectRoot));
+      if (mcpChecksToRun.includes("mcp-urls"))
+        checkPromises.push(checkMcpUrls(config, projectRoot));
+      const results = await Promise.all(checkPromises);
+      const issues = results.flat();
+      const lines = config.content.split("\n").length;
+      fileResults.push({
+        path: config.relativePath,
+        isSymlink: false,
+        tokens: 0,
+        lines,
+        issues
+      });
+    }
+    if (mcpChecksToRun.includes("mcp-consistency")) {
+      const consistencyIssues = await checkMcpConsistency(mcpConfigs);
+      if (consistencyIssues.length > 0) {
+        const firstMcpResult = fileResults.find(
+          (f) => mcpConfigs.some((c) => c.relativePath === f.path)
+        );
+        if (firstMcpResult) {
+          firstMcpResult.issues.push(...consistencyIssues);
+        }
+      }
+    }
+    if (mcpChecksToRun.includes("mcp-redundancy")) {
+      const redundancyIssues = await checkMcpRedundancy(mcpConfigs);
+      if (redundancyIssues.length > 0) {
+        const firstMcpResult = fileResults.find(
+          (f) => mcpConfigs.some((c) => c.relativePath === f.path)
+        );
+        if (firstMcpResult) {
+          firstMcpResult.issues.push(...redundancyIssues);
+        }
+      }
+    }
+  }
+  let estimatedWaste = 0;
+  for (const fr of fileResults) {
+    for (const issue of fr.issues) {
+      if (issue.check === "redundancy" && issue.suggestion) {
+        const tokenMatch = issue.suggestion.match(/~(\d+)\s+tokens/);
+        if (tokenMatch) estimatedWaste += parseInt(tokenMatch[1], 10);
+      }
+    }
+  }
+  return {
+    version: VERSION,
+    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    projectRoot,
+    files: fileResults,
+    summary: {
+      errors: fileResults.reduce(
+        (sum, f) => sum + f.issues.filter((i) => i.severity === "error").length,
+        0
+      ),
+      warnings: fileResults.reduce(
+        (sum, f) => sum + f.issues.filter((i) => i.severity === "warning").length,
+        0
+      ),
+      info: fileResults.reduce(
+        (sum, f) => sum + f.issues.filter((i) => i.severity === "info").length,
+        0
+      ),
+      totalTokens: fileResults.reduce((sum, f) => sum + f.tokens, 0),
+      estimatedWaste
+    }
+  };
+}
+
+// src/core/fixer.ts
+import * as fs5 from "fs";
+import chalk from "chalk";
+function applyFixes(result) {
+  const fixesByFile = /* @__PURE__ */ new Map();
+  for (const file of result.files) {
+    for (const issue of file.issues) {
+      if (issue.fix) {
+        const existing = fixesByFile.get(issue.fix.file) || [];
+        existing.push(issue.fix);
+        fixesByFile.set(issue.fix.file, existing);
+      }
+    }
+  }
+  let totalFixes = 0;
+  const filesModified = [];
+  for (const [filePath, fixes] of fixesByFile) {
+    const content = fs5.readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    let modified = false;
+    const sortedFixes = [...fixes].sort((a, b) => b.line - a.line);
+    for (const fix of sortedFixes) {
+      const lineIdx = fix.line - 1;
+      if (lineIdx < 0 || lineIdx >= lines.length) continue;
+      const line = lines[lineIdx];
+      if (line.includes(fix.oldText)) {
+        lines[lineIdx] = line.replace(fix.oldText, fix.newText);
+        modified = true;
+        totalFixes++;
+        console.log(
+          chalk.green("  Fixed") + ` Line ${fix.line}: ${chalk.dim(fix.oldText)} ${chalk.dim("\u2192")} ${fix.newText}`
+        );
+      }
+    }
+    if (modified) {
+      const newContent = lines.join("\n");
+      if (filePath.endsWith(".json")) {
+        try {
+          JSON.parse(newContent);
+        } catch {
+          console.log(chalk.yellow("  Skipped") + ` ${filePath}: fix would produce invalid JSON`);
+          continue;
+        }
+      }
+      fs5.writeFileSync(filePath, newContent, "utf-8");
+      filesModified.push(filePath);
+    }
+  }
+  return { totalFixes, filesModified };
+}
+
+export {
+  fileExists,
+  isDirectory,
+  scanForContextFiles,
+  freeEncoder,
+  parseContextFile,
+  resetGit,
+  findRenames,
+  resetPathsCache,
+  setTokenThresholds,
+  resetTokenThresholds,
+  VERSION,
+  ALL_CHECKS,
+  ALL_MCP_CHECKS,
+  runAudit,
+  applyFixes
+};