@yawlabs/ctxlint 0.7.0 → 0.9.0

package/dist/mcp/server.js

@@ -1,3330 +0,0 @@
-import {
-  __require
-} from "./chunk-MCKGQKYU.js";
-
-// src/mcp/server.ts
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { z } from "zod";
-
-// src/core/scanner.ts
-import * as fs2 from "fs";
-import * as path2 from "path";
-import { glob } from "glob";
-
-// src/utils/fs.ts
-import * as fs from "fs";
-import * as path from "path";
-function loadPackageJson(projectRoot) {
-  try {
-    const content = fs.readFileSync(path.join(projectRoot, "package.json"), "utf-8");
-    return JSON.parse(content);
-  } catch {
-    return null;
-  }
-}
-function fileExists(filePath) {
-  try {
-    fs.accessSync(filePath);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function isDirectory(filePath) {
-  try {
-    return fs.statSync(filePath).isDirectory();
-  } catch {
-    return false;
-  }
-}
-function isSymlink(filePath) {
-  try {
-    return fs.lstatSync(filePath).isSymbolicLink();
-  } catch {
-    return false;
-  }
-}
-function readSymlinkTarget(filePath) {
-  try {
-    return fs.readlinkSync(filePath);
-  } catch {
-    return void 0;
-  }
-}
-function readFileContent(filePath) {
-  return fs.readFileSync(filePath, "utf-8");
-}
-var IGNORED_DIRS = /* @__PURE__ */ new Set([
-  "node_modules",
-  ".git",
-  "dist",
-  "build",
-  "vendor",
-  ".next",
-  ".nuxt",
-  "coverage",
-  "__pycache__"
-]);
-function getAllProjectFiles(projectRoot) {
-  const files = [];
-  function walk(dir, depth) {
-    if (depth > 10) return;
-    try {
-      const entries = fs.readdirSync(dir, { withFileTypes: true });
-      for (const entry of entries) {
-        if (IGNORED_DIRS.has(entry.name)) continue;
-        const fullPath = path.join(dir, entry.name);
-        if (entry.isDirectory()) {
-          walk(fullPath, depth + 1);
-        } else {
-          files.push(path.relative(projectRoot, fullPath));
-        }
-      }
-    } catch {
-    }
-  }
-  walk(projectRoot, 0);
-  return files;
-}
-
-// src/core/scanner.ts
-var CONTEXT_FILE_PATTERNS = [
-  // Claude Code
-  "CLAUDE.md",
-  "CLAUDE.local.md",
-  ".claude/rules/*.md",
-  // AGENTS.md (AAIF / Linux Foundation standard)
-  "AGENTS.md",
-  "AGENT.md",
-  "AGENTS.override.md",
-  // Cursor
-  ".cursorrules",
-  ".cursor/rules/*.md",
-  ".cursor/rules/*.mdc",
-  ".cursor/rules/*/RULE.md",
-  // GitHub Copilot
-  ".github/copilot-instructions.md",
-  ".github/instructions/*.md",
-  ".github/git-commit-instructions.md",
-  // Windsurf
-  ".windsurfrules",
-  ".windsurf/rules/*.md",
-  // Gemini CLI
-  "GEMINI.md",
-  // Cline
-  ".clinerules",
-  // Aider — note: .aiderules has no file extension; this is the intended format
-  ".aiderules",
-  // Aide / Codestory
-  ".aide/rules/*.md",
-  // Amazon Q Developer
-  ".amazonq/rules/*.md",
-  // Goose (Block)
-  ".goose/instructions.md",
-  ".goosehints",
-  // JetBrains Junie
-  ".junie/guidelines.md",
-  ".junie/AGENTS.md",
-  // JetBrains AI Assistant
-  ".aiassistant/rules/*.md",
-  // Continue
-  ".continuerules",
-  ".continue/rules/*.md",
-  // Zed
-  ".rules",
-  // Replit
-  "replit.md"
-];
-var IGNORED_DIRS2 = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", "vendor"]);
-async function scanForContextFiles(projectRoot, options = {}) {
-  const maxDepth = options.depth ?? 2;
-  const patterns = [...CONTEXT_FILE_PATTERNS, ...options.extraPatterns || []];
-  const found = [];
-  const seen = /* @__PURE__ */ new Set();
-  const dirsToScan = [projectRoot];
-  function collectDirs(dir, currentDepth) {
-    if (currentDepth >= maxDepth) return;
-    try {
-      const entries = fs2.readdirSync(dir, { withFileTypes: true });
-      for (const entry of entries) {
-        if (entry.isDirectory() && !IGNORED_DIRS2.has(entry.name) && !entry.name.startsWith(".")) {
-          const fullPath = path2.join(dir, entry.name);
-          dirsToScan.push(fullPath);
-          collectDirs(fullPath, currentDepth + 1);
-        }
-      }
-    } catch {
-    }
-  }
-  collectDirs(projectRoot, 0);
-  for (const dir of dirsToScan) {
-    for (const pattern of patterns) {
-      const matches = await glob(pattern, {
-        cwd: dir,
-        absolute: true,
-        nodir: true,
-        dot: true
-      });
-      for (const match of matches) {
-        const normalized = path2.normalize(match);
-        if (seen.has(normalized)) continue;
-        seen.add(normalized);
-        const relativePath = path2.relative(projectRoot, normalized);
-        const symlink = isSymlink(normalized);
-        const target = symlink ? readSymlinkTarget(normalized) : void 0;
-        found.push({
-          absolutePath: normalized,
-          relativePath: relativePath.replace(/\\/g, "/"),
-          isSymlink: symlink,
-          symlinkTarget: target,
-          type: "context"
-        });
-      }
-    }
-  }
-  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
-}
-var MCP_CONFIG_PATTERNS = [
-  ".mcp.json",
-  ".cursor/mcp.json",
-  ".vscode/mcp.json",
-  ".amazonq/mcp.json",
-  ".continue/mcpServers/*.json"
-];
-async function scanForMcpConfigs(projectRoot) {
-  const found = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const pattern of MCP_CONFIG_PATTERNS) {
-    const matches = await glob(pattern, {
-      cwd: projectRoot,
-      absolute: true,
-      nodir: true,
-      dot: true
-    });
-    for (const match of matches) {
-      const normalized = path2.normalize(match);
-      if (seen.has(normalized)) continue;
-      seen.add(normalized);
-      const relativePath = path2.relative(projectRoot, normalized);
-      const symlink = isSymlink(normalized);
-      const target = symlink ? readSymlinkTarget(normalized) : void 0;
-      found.push({
-        absolutePath: normalized,
-        relativePath: relativePath.replace(/\\/g, "/"),
-        isSymlink: symlink,
-        symlinkTarget: target,
-        type: "mcp-config"
-      });
-    }
-  }
-  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
-}
-async function scanGlobalMcpConfigs() {
-  const found = [];
-  const seen = /* @__PURE__ */ new Set();
-  const home2 = process.env.HOME || process.env.USERPROFILE || "";
-  const globalPaths = [
-    path2.join(home2, ".claude.json"),
-    path2.join(home2, ".claude", "settings.json"),
-    path2.join(home2, ".cursor", "mcp.json"),
-    path2.join(home2, ".codeium", "windsurf", "mcp_config.json"),
-    path2.join(home2, ".aws", "amazonq", "mcp.json")
-  ];
-  if (process.platform === "darwin") {
-    globalPaths.push(
-      path2.join(home2, "Library", "Application Support", "Claude", "claude_desktop_config.json")
-    );
-  } else if (process.platform === "win32") {
-    const appData = process.env.APPDATA || path2.join(home2, "AppData", "Roaming");
-    globalPaths.push(path2.join(appData, "Claude", "claude_desktop_config.json"));
-  }
-  for (const filePath of globalPaths) {
-    const normalized = path2.normalize(filePath);
-    if (seen.has(normalized)) continue;
-    seen.add(normalized);
-    try {
-      fs2.accessSync(normalized);
-    } catch {
-      continue;
-    }
-    const symlink = isSymlink(normalized);
-    const target = symlink ? readSymlinkTarget(normalized) : void 0;
-    found.push({
-      absolutePath: normalized,
-      relativePath: "~/" + path2.relative(home2, normalized).replace(/\\/g, "/"),
-      isSymlink: symlink,
-      symlinkTarget: target,
-      type: "mcp-config"
-    });
-  }
-  return found.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
-}
-
-// src/utils/tokens.ts
-var encodingForModel = null;
-try {
-  const tiktoken = await import("./tiktoken-MWTCLHI2.js");
-  encodingForModel = tiktoken.encoding_for_model;
-} catch {
-}
-var encoder = null;
-function getEncoder() {
-  if (!encoder && encodingForModel) {
-    encoder = encodingForModel("gpt-4");
-  }
-  return encoder;
-}
-function countTokens(text) {
-  const enc = getEncoder();
-  if (!enc) {
-    return Math.ceil(text.length / 4);
-  }
-  try {
-    return enc.encode(text).length;
-  } catch {
-    return Math.ceil(text.length / 4);
-  }
-}
-function freeEncoder() {
-  if (encoder) {
-    encoder.free();
-    encoder = null;
-  }
-}
-
-// src/core/parser.ts
-var PATH_PATTERN = /(?:^|[\s`"'(])((\.{0,2}\/)?(?:[\w@.-]+\/)+[\w.*-]+(?:\.\w+)?)(?=[\s`"'),;:]|$)/gm;
-var PATH_EXCLUDE = /^(https?:\/\/|ftp:\/\/|mailto:|n\/a|w\/o|I\/O|i\/o|e\.g\.|N\/A|\.deb\/|\.rpm[.\/]|\.tar[.\/]|\.zip[.\/])/i;
-var COMMAND_PREFIXES = /^\s*[\$>]\s+(.+)$/;
-var COMMON_COMMANDS = /^(npm\s+run|npx|pnpm|yarn|make|cargo|go\s+(run|build|test)|python|pytest|vitest|jest|bun|deno)\b/;
-function parseContextFile(file) {
-  const content = readFileContent(file.absolutePath);
-  const lines = content.split("\n");
-  const sections = parseSections(lines);
-  const paths = extractPathReferences(lines, sections);
-  const commands = extractCommandReferences(lines, sections);
-  return {
-    filePath: file.absolutePath,
-    relativePath: file.relativePath,
-    isSymlink: file.isSymlink,
-    symlinkTarget: file.symlinkTarget,
-    totalTokens: countTokens(content),
-    totalLines: lines.length,
-    content,
-    sections,
-    references: {
-      paths,
-      commands
-    }
-  };
-}
-function parseSections(lines) {
-  const sections = [];
-  for (let i = 0; i < lines.length; i++) {
-    const match = lines[i].match(/^(#{1,6})\s+(.+)/);
-    if (match) {
-      if (sections.length > 0) {
-        const prev = sections[sections.length - 1];
-        if (prev.endLine === -1) {
-          prev.endLine = i - 1;
-        }
-      }
-      sections.push({
-        title: match[2].trim(),
-        startLine: i + 1,
-        // 1-indexed
-        endLine: -1,
-        level: match[1].length
-      });
-    }
-  }
-  if (sections.length > 0) {
-    const last = sections[sections.length - 1];
-    if (last.endLine === -1) {
-      last.endLine = lines.length;
-    }
-  }
-  return sections;
-}
-function getSectionForLine(line, sections) {
-  for (let i = sections.length - 1; i >= 0; i--) {
-    if (line >= sections[i].startLine) {
-      return sections[i].title;
-    }
-  }
-  return void 0;
-}
-function extractPathReferences(lines, sections) {
-  const paths = [];
-  let inCodeBlock = false;
-  let codeBlockLang = "";
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    if (line.trimStart().startsWith("```")) {
-      if (!inCodeBlock) {
-        inCodeBlock = true;
-        codeBlockLang = line.trimStart().slice(3).trim().toLowerCase();
-      } else {
-        inCodeBlock = false;
-        codeBlockLang = "";
-      }
-      continue;
-    }
-    if (inCodeBlock && isExampleCodeBlock(codeBlockLang)) {
-      continue;
-    }
-    PATH_PATTERN.lastIndex = 0;
-    let match;
-    while ((match = PATH_PATTERN.exec(line)) !== null) {
-      const value = match[1];
-      if (PATH_EXCLUDE.test(value)) continue;
-      if (value.length < 3) continue;
-      if (/^v?\d+\.\d+\//.test(value)) continue;
-      const column = match.index + match[0].length - match[1].length + 1;
-      paths.push({
-        value,
-        line: i + 1,
-        // 1-indexed
-        column,
-        section: getSectionForLine(i + 1, sections)
-      });
-    }
-  }
-  return paths;
-}
-function isExampleCodeBlock(lang) {
-  return [
-    "javascript",
-    "js",
-    "typescript",
-    "ts",
-    "python",
-    "py",
-    "go",
-    "rust",
-    "java",
-    "c",
-    "cpp",
-    "ruby",
-    "php",
-    "json",
-    "yaml",
-    "yml",
-    "toml",
-    "xml",
-    "html",
-    "css",
-    "sql",
-    "graphql",
-    "jsx",
-    "tsx"
-  ].includes(lang);
-}
-function extractCommandReferences(lines, sections) {
-  const commands = [];
-  let inCodeBlock = false;
-  let codeBlockLang = "";
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    if (line.trimStart().startsWith("```")) {
-      if (!inCodeBlock) {
-        inCodeBlock = true;
-        codeBlockLang = line.trimStart().slice(3).trim().toLowerCase();
-      } else {
-        inCodeBlock = false;
-        codeBlockLang = "";
-      }
-      continue;
-    }
-    const prefixMatch = line.match(COMMAND_PREFIXES);
-    if (prefixMatch) {
-      commands.push({
-        value: prefixMatch[1].trim(),
-        line: i + 1,
-        column: prefixMatch.index + prefixMatch[0].length - prefixMatch[1].length + 1,
-        section: getSectionForLine(i + 1, sections)
-      });
-      continue;
-    }
-    if (inCodeBlock && ["bash", "sh", "shell", "zsh", ""].includes(codeBlockLang)) {
-      const trimmed = line.trim();
-      if (trimmed && !trimmed.startsWith("#") && !trimmed.startsWith("//")) {
-        if (COMMON_COMMANDS.test(trimmed) || trimmed.startsWith("$") || trimmed.startsWith(">")) {
-          const cmd = trimmed.replace(/^\s*[\$>]\s*/, "");
-          if (cmd) {
-            const cmdStart = line.indexOf(trimmed) + trimmed.indexOf(cmd);
-            commands.push({
-              value: cmd,
-              line: i + 1,
-              column: cmdStart + 1,
-              section: getSectionForLine(i + 1, sections)
-            });
-          }
-        }
-      }
-      continue;
-    }
-    const inlineMatches = line.matchAll(/`([^`]+)`/g);
-    for (const m of inlineMatches) {
-      const cmd = m[1].trim();
-      if (COMMON_COMMANDS.test(cmd)) {
-        commands.push({
-          value: cmd,
-          line: i + 1,
-          column: (m.index ?? 0) + 2,
-          section: getSectionForLine(i + 1, sections)
-        });
-      }
-    }
-  }
-  return commands;
-}
-
-// src/core/mcp-parser.ts
-import { execSync } from "child_process";
-function parseMcpConfig(file, projectRoot, scopeOverride) {
-  const content = readFileContent(file.absolutePath);
-  const client = detectClient(file.relativePath);
-  const scope = scopeOverride ?? detectScope(file.relativePath);
-  const expectedRootKey = client === "vscode" ? "servers" : "mcpServers";
-  const isGitTracked = checkGitTracked(file.absolutePath, projectRoot);
-  const result = {
-    filePath: file.absolutePath,
-    relativePath: file.relativePath,
-    client,
-    scope,
-    expectedRootKey,
-    actualRootKey: null,
-    servers: [],
-    parseErrors: [],
-    content,
-    isGitTracked
-  };
-  let parsed;
-  try {
-    parsed = JSON.parse(content);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    result.parseErrors.push(message);
-    return result;
-  }
-  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-    result.parseErrors.push("MCP config must be a JSON object");
-    return result;
-  }
-  const rootKey = findRootKey(parsed);
-  result.actualRootKey = rootKey;
-  if (!rootKey) {
-    return result;
-  }
-  const serversObj = parsed[rootKey];
-  if (typeof serversObj !== "object" || serversObj === null || Array.isArray(serversObj)) {
-    result.parseErrors.push(`"${rootKey}" must be an object`);
-    return result;
-  }
-  const lines = content.split("\n");
-  for (const [name, value] of Object.entries(serversObj)) {
-    if (typeof value !== "object" || value === null || Array.isArray(value)) {
-      continue;
-    }
-    const raw = value;
-    const line = findServerLine(lines, name);
-    const transport2 = inferTransport(raw);
-    const entry = {
-      name,
-      transport: transport2,
-      line,
-      raw
-    };
-    if (typeof raw.command === "string") entry.command = raw.command;
-    if (Array.isArray(raw.args)) entry.args = raw.args.map(String);
-    if (isStringRecord(raw.env)) entry.env = raw.env;
-    if (typeof raw.url === "string") entry.url = raw.url;
-    if (isStringRecord(raw.headers)) entry.headers = raw.headers;
-    if (typeof raw.disabled === "boolean") entry.disabled = raw.disabled;
-    if (Array.isArray(raw.autoApprove)) entry.autoApprove = raw.autoApprove.map(String);
-    if (typeof raw.timeout === "number") entry.timeout = raw.timeout;
-    if (typeof raw.oauth === "object" && raw.oauth !== null)
-      entry.oauth = raw.oauth;
-    if (typeof raw.headersHelper === "string") entry.headersHelper = raw.headersHelper;
-    result.servers.push(entry);
-  }
-  return result;
-}
-function detectClient(relativePath) {
-  const normalized = relativePath.replace(/\\/g, "/");
-  if (normalized.includes(".vscode/")) return "vscode";
-  if (normalized.includes(".cursor/")) return "cursor";
-  if (normalized.includes(".amazonq/") || normalized.includes(".aws/amazonq/")) return "amazonq";
-  if (normalized.includes(".continue/")) return "continue";
-  if (normalized.includes(".codeium/windsurf/")) return "windsurf";
-  if (normalized.includes("Claude/claude_desktop_config.json") || normalized.includes("Application Support/Claude/")) {
-    return "claude-desktop";
-  }
-  return "claude-code";
-}
-function detectScope(_relativePath) {
-  return "project";
-}
-function findRootKey(parsed) {
-  if ("mcpServers" in parsed) return "mcpServers";
-  if ("servers" in parsed) return "servers";
-  return null;
-}
-function inferTransport(raw) {
-  if (typeof raw.type === "string") {
-    if (raw.type === "stdio" || raw.type === "http" || raw.type === "sse") {
-      return raw.type;
-    }
-    return "unknown";
-  }
-  if ("command" in raw) return "stdio";
-  if ("url" in raw) return "http";
-  return "unknown";
-}
-function findServerLine(lines, serverName) {
-  const escaped = serverName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  const pattern = new RegExp(`"${escaped}"\\s*:`);
-  for (let i = 0; i < lines.length; i++) {
-    if (pattern.test(lines[i])) {
-      return i + 1;
-    }
-  }
-  return 1;
-}
-function isStringRecord(value) {
-  if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
-  return Object.values(value).every((v) => typeof v === "string");
-}
-function checkGitTracked(filePath, projectRoot) {
-  try {
-    execSync(`git ls-files --error-unmatch "${filePath}"`, {
-      cwd: projectRoot,
-      stdio: "pipe"
-    });
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-// src/core/checks/paths.ts
-import * as path3 from "path";
-import levenshteinPkg from "fast-levenshtein";
-import { glob as glob2 } from "glob";
-
-// src/utils/git.ts
-import simpleGit from "simple-git";
-var gitInstance = null;
-var gitProjectRoot = null;
-function getGit(projectRoot) {
-  if (!gitInstance || gitProjectRoot !== projectRoot) {
-    gitInstance = simpleGit(projectRoot);
-    gitProjectRoot = projectRoot;
-  }
-  return gitInstance;
-}
-function resetGit() {
-  gitInstance = null;
-  gitProjectRoot = null;
-}
-async function isGitRepo(projectRoot) {
-  try {
-    const git = simpleGit(projectRoot);
-    await git.revparse(["--is-inside-work-tree"]);
-    return true;
-  } catch {
-    return false;
-  }
-}
-async function getFileLastModified(projectRoot, filePath) {
-  try {
-    const git = getGit(projectRoot);
-    const log = await git.log({ file: filePath, maxCount: 1 });
-    if (log.latest?.date) {
-      return new Date(log.latest.date);
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-async function getCommitsSince(projectRoot, filePath, since) {
-  try {
-    const git = getGit(projectRoot);
-    const log = await git.log({
-      file: filePath,
-      "--since": since.toISOString()
-    });
-    return log.total;
-  } catch {
-    return 0;
-  }
-}
-async function findRenames(projectRoot, filePath) {
-  try {
-    const git = getGit(projectRoot);
-    const result = await git.raw([
-      "log",
-      "--diff-filter=R",
-      "--find-renames",
-      "--name-status",
-      "--format=%H %ai",
-      "-10",
-      "--",
-      filePath
-    ]);
-    if (!result.trim()) return null;
-    const lines = result.trim().split("\n");
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i];
-      if (line.startsWith("R")) {
-        const parts = line.split("	");
-        if (parts.length >= 3) {
-          const hashLine = lines[i - 1] || "";
-          const hashMatch = hashLine.match(/^([a-f0-9]+)\s+(.+)/);
-          const commitHash = hashMatch?.[1]?.substring(0, 7) || "unknown";
-          const dateStr = hashMatch?.[2];
-          const daysAgo = dateStr ? Math.floor((Date.now() - new Date(dateStr).getTime()) / (1e3 * 60 * 60 * 24)) : 0;
-          return {
-            oldPath: parts[1],
-            newPath: parts[2],
-            commitHash,
-            daysAgo
-          };
-        }
-      }
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-// src/core/checks/paths.ts
-var levenshtein = levenshteinPkg.get;
-var cachedProjectFiles = null;
-function getProjectFiles(projectRoot) {
-  if (cachedProjectFiles?.root === projectRoot) return cachedProjectFiles.files;
-  const files = getAllProjectFiles(projectRoot);
-  cachedProjectFiles = { root: projectRoot, files };
-  return files;
-}
-async function checkPaths(file, projectRoot) {
-  const issues = [];
-  const projectFiles = getProjectFiles(projectRoot);
-  const contextDir = path3.dirname(file.filePath);
-  for (const ref of file.references.paths) {
-    const baseDir = ref.value.startsWith("./") || ref.value.startsWith("../") ? contextDir : projectRoot;
-    const resolvedPath = path3.resolve(baseDir, ref.value);
-    const normalizedRef = ref.value.replace(/\\/g, "/");
-    if (normalizedRef.includes("*")) {
-      const matches = await glob2(normalizedRef, { cwd: baseDir, nodir: false });
-      if (matches.length === 0) {
-        issues.push({
-          severity: "error",
-          check: "paths",
-          line: ref.line,
-          message: `${ref.value} matches no files`,
-          suggestion: "Verify the glob pattern is correct"
-        });
-      }
-      continue;
-    }
-    const isDir = normalizedRef.endsWith("/");
-    if (isDir) {
-      const dirPath = path3.resolve(baseDir, normalizedRef);
-      if (!isDirectory(dirPath)) {
-        issues.push({
-          severity: "error",
-          check: "paths",
-          line: ref.line,
-          message: `${ref.value} directory does not exist`
-        });
-      }
-      continue;
-    }
-    if (fileExists(resolvedPath) || isDirectory(resolvedPath)) {
-      continue;
-    }
-    let suggestion;
-    let detail;
-    let fixTarget;
-    const rename = await findRenames(projectRoot, ref.value);
-    if (rename) {
-      fixTarget = rename.newPath;
-      suggestion = `Did you mean ${rename.newPath}?`;
-      detail = `Renamed ${rename.daysAgo} days ago in commit ${rename.commitHash}`;
-    } else {
-      const match = findClosestMatch(normalizedRef, projectFiles);
-      if (match) {
-        fixTarget = match;
-        suggestion = `Did you mean ${match}?`;
-      }
-    }
-    issues.push({
-      severity: "error",
-      check: "paths",
-      line: ref.line,
-      message: `${ref.value} does not exist`,
-      suggestion,
-      detail,
-      fix: fixTarget ? { file: file.filePath, line: ref.line, oldText: ref.value, newText: fixTarget } : void 0
-    });
-  }
-  return issues;
-}
-function findClosestMatch(target, files) {
-  const targetNorm = target.replace(/\\/g, "/");
-  const targetBase = path3.basename(targetNorm);
-  let bestMatch = null;
-  let bestDistance = Infinity;
-  for (const file of files) {
-    const fileNorm = file.replace(/\\/g, "/");
-    if (path3.basename(fileNorm) === targetBase && fileNorm !== targetNorm) {
-      const dist = levenshtein(targetNorm, fileNorm);
-      if (dist < bestDistance) {
-        bestDistance = dist;
-        bestMatch = fileNorm;
-      }
-    }
-  }
-  if (!bestMatch) {
-    for (const file of files) {
-      const fileNorm = file.replace(/\\/g, "/");
-      const dist = levenshtein(targetNorm, fileNorm);
-      if (dist < bestDistance && dist <= Math.max(targetNorm.length * 0.4, 5)) {
-        bestDistance = dist;
-        bestMatch = fileNorm;
-      }
-    }
-  }
-  return bestMatch;
-}
-
-// src/core/checks/commands.ts
-import * as fs3 from "fs";
-import * as path4 from "path";
-var NPM_SCRIPT_PATTERN = /^(?:npm\s+run|pnpm(?:\s+run)?|yarn(?:\s+run)?|bun(?:\s+run)?)\s+(\S+)/;
-var MAKE_PATTERN = /^make\s+(\S+)/;
-var NPX_PATTERN = /^npx\s+(\S+)/;
-async function checkCommands(file, projectRoot) {
-  const issues = [];
-  const pkgJson = loadPackageJson(projectRoot);
-  const makefile = loadMakefile(projectRoot);
-  for (const ref of file.references.commands) {
-    const cmd = ref.value;
-    const scriptMatch = cmd.match(NPM_SCRIPT_PATTERN);
-    if (scriptMatch && pkgJson) {
-      const scriptName = scriptMatch[1];
-      if (pkgJson.scripts && !(scriptName in pkgJson.scripts)) {
-        const available = Object.keys(pkgJson.scripts).join(", ");
-        issues.push({
-          severity: "error",
-          check: "commands",
-          line: ref.line,
-          message: `"${cmd}" \u2014 script "${scriptName}" not found in package.json`,
-          suggestion: available ? `Available scripts: ${available}` : void 0
-        });
-      }
-      continue;
-    }
-    const shorthandMatch = cmd.match(
-      /^(npm|pnpm|yarn|bun)\s+(test|start|build|dev|lint|format|check|typecheck|clean|serve|preview|e2e)\b/
-    );
-    if (shorthandMatch && pkgJson) {
-      const scriptName = shorthandMatch[2];
-      if (pkgJson.scripts && !(scriptName in pkgJson.scripts)) {
-        issues.push({
-          severity: "error",
-          check: "commands",
-          line: ref.line,
-          message: `"${cmd}" \u2014 script "${scriptName}" not found in package.json`
-        });
-      }
-      continue;
-    }
-    const npxMatch = cmd.match(NPX_PATTERN);
-    if (npxMatch && pkgJson) {
-      const pkgName = npxMatch[1];
-      if (pkgName.startsWith("-")) continue;
-      const allDeps = {
-        ...pkgJson.dependencies,
-        ...pkgJson.devDependencies
-      };
-      if (!(pkgName in allDeps)) {
-        const binPath = path4.join(projectRoot, "node_modules", ".bin", pkgName);
-        try {
-          fs3.accessSync(binPath);
-        } catch {
-          issues.push({
-            severity: "warning",
-            check: "commands",
-            line: ref.line,
-            message: `"${cmd}" \u2014 "${pkgName}" not found in dependencies`,
-            suggestion: "If this is a global tool, consider adding it to devDependencies for reproducibility"
-          });
-        }
-      }
-      continue;
-    }
-    const makeMatch = cmd.match(MAKE_PATTERN);
-    if (makeMatch) {
-      const target = makeMatch[1];
-      if (makefile && !hasMakeTarget(makefile, target)) {
-        issues.push({
-          severity: "error",
-          check: "commands",
-          line: ref.line,
-          message: `"${cmd}" \u2014 target "${target}" not found in Makefile`
-        });
-      } else if (!makefile) {
-        issues.push({
-          severity: "error",
-          check: "commands",
-          line: ref.line,
-          message: `"${cmd}" \u2014 no Makefile found in project`
-        });
-      }
-      continue;
-    }
-    const toolMatch = cmd.match(/^(vitest|jest|pytest|mocha|eslint|prettier|tsc)\b/);
-    if (toolMatch && pkgJson) {
-      const tool = toolMatch[1];
-      const allDeps = {
-        ...pkgJson.dependencies,
-        ...pkgJson.devDependencies
-      };
-      if (!(tool in allDeps)) {
-        const binPath = path4.join(projectRoot, "node_modules", ".bin", tool);
-        try {
-          fs3.accessSync(binPath);
-        } catch {
-          issues.push({
-            severity: "warning",
-            check: "commands",
-            line: ref.line,
-            message: `"${cmd}" \u2014 "${tool}" not found in dependencies or node_modules/.bin`
-          });
-        }
-      }
-    }
-  }
-  return issues;
-}
-function loadMakefile(projectRoot) {
-  try {
-    return fs3.readFileSync(path4.join(projectRoot, "Makefile"), "utf-8");
-  } catch {
-    return null;
-  }
-}
-function hasMakeTarget(makefile, target) {
-  const pattern = new RegExp(`^${target.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\s*:`, "m");
-  return pattern.test(makefile);
-}
-
-// src/core/checks/staleness.ts
-import * as path5 from "path";
-var WARNING_DAYS = 30;
-var INFO_DAYS = 14;
-async function checkStaleness(file, projectRoot) {
-  const issues = [];
-  if (!await isGitRepo(projectRoot)) {
-    return issues;
-  }
-  const relativePath = path5.relative(projectRoot, file.filePath).replace(/\\/g, "/");
-  const lastModified = await getFileLastModified(projectRoot, relativePath);
-  if (!lastModified || isNaN(lastModified.getTime())) {
-    return issues;
-  }
-  const daysSinceUpdate = Math.floor((Date.now() - lastModified.getTime()) / (1e3 * 60 * 60 * 24));
-  if (daysSinceUpdate < INFO_DAYS) {
-    return issues;
-  }
-  const referencedPaths = /* @__PURE__ */ new Set();
-  for (const ref of file.references.paths) {
-    const parts = ref.value.split("/");
-    if (parts.length > 1) {
-      referencedPaths.add(parts.slice(0, -1).join("/"));
-    }
-    referencedPaths.add(ref.value);
-  }
-  let totalCommits = 0;
-  let mostActiveRef = "";
-  let mostActiveCommits = 0;
-  for (const refPath of referencedPaths) {
-    const commits = await getCommitsSince(projectRoot, refPath, lastModified);
-    totalCommits += commits;
-    if (commits > mostActiveCommits) {
-      mostActiveCommits = commits;
-      mostActiveRef = refPath;
-    }
-  }
-  if (totalCommits === 0) {
-    return issues;
-  }
-  const severity = daysSinceUpdate >= WARNING_DAYS ? "warning" : "info";
-  issues.push({
-    severity,
-    check: "staleness",
-    line: 1,
-    message: `Last updated ${daysSinceUpdate} days ago. ${mostActiveRef} has ${mostActiveCommits} commits since.`,
-    suggestion: "Review and update this context file to reflect recent changes.",
-    detail: `${totalCommits} total commits to referenced paths since last update.`
-  });
-  return issues;
-}
-
-// src/core/checks/tokens.ts
-var DEFAULT_THRESHOLDS = {
-  info: 1e3,
-  warning: 3e3,
-  error: 8e3,
-  aggregate: 5e3
-};
-var currentThresholds = DEFAULT_THRESHOLDS;
-async function checkTokens(file, _projectRoot) {
-  const issues = [];
-  const tokens = file.totalTokens;
-  if (tokens >= currentThresholds.error) {
-    issues.push({
-      severity: "error",
-      check: "tokens",
-      line: 1,
-      message: `${tokens.toLocaleString()} tokens \u2014 consumes significant context window space`,
-      suggestion: "Consider splitting into focused sections or removing redundant content."
-    });
-  } else if (tokens >= currentThresholds.warning) {
-    issues.push({
-      severity: "warning",
-      check: "tokens",
-      line: 1,
-      message: `${tokens.toLocaleString()} tokens \u2014 large context file`,
-      suggestion: "Consider trimming \u2014 research shows diminishing returns past ~300 lines."
-    });
-  } else if (tokens >= currentThresholds.info) {
-    issues.push({
-      severity: "info",
-      check: "tokens",
-      line: 1,
-      message: `Uses ~${tokens.toLocaleString()} tokens per session`
-    });
-  }
-  return issues;
-}
-function checkAggregateTokens(files) {
-  const total = files.reduce((sum, f) => sum + f.tokens, 0);
-  if (total > currentThresholds.aggregate && files.length > 1) {
-    return {
-      severity: "warning",
-      check: "tokens",
-      line: 0,
-      message: `${files.length} context files consume ${total.toLocaleString()} tokens combined`,
-      suggestion: "Consider consolidating or trimming to reduce per-session context cost."
-    };
-  }
-  return null;
-}
-
-// src/core/checks/redundancy.ts
-import * as path6 from "path";
-var PACKAGE_TECH_MAP = {
-  react: ["React", "react"],
-  "react-dom": ["React DOM", "ReactDOM"],
-  next: ["Next.js", "NextJS", "next.js"],
-  express: ["Express", "express.js"],
-  fastify: ["Fastify"],
-  typescript: ["TypeScript"],
-  vue: ["Vue", "Vue.js", "vue.js"],
-  angular: ["Angular"],
-  svelte: ["Svelte", "SvelteKit"],
-  tailwindcss: ["Tailwind", "TailwindCSS", "tailwind"],
-  prisma: ["Prisma"],
-  drizzle: ["Drizzle"],
-  "drizzle-orm": ["Drizzle"],
-  jest: ["Jest"],
-  vitest: ["Vitest"],
-  mocha: ["Mocha"],
-  eslint: ["ESLint"],
-  prettier: ["Prettier"],
-  webpack: ["Webpack"],
-  vite: ["Vite"],
-  esbuild: ["esbuild"],
-  tsup: ["tsup"],
-  rollup: ["Rollup"],
-  graphql: ["GraphQL"],
-  mongoose: ["Mongoose"],
-  sequelize: ["Sequelize"],
-  "socket.io": ["Socket.IO", "socket.io"],
-  redis: ["Redis"],
-  ioredis: ["Redis"],
-  postgres: ["PostgreSQL", "Postgres"],
-  pg: ["PostgreSQL", "Postgres"],
-  mysql2: ["MySQL"],
-  sqlite3: ["SQLite"],
-  "better-sqlite3": ["SQLite"],
-  zod: ["Zod"],
-  joi: ["Joi"],
-  axios: ["Axios"],
-  lodash: ["Lodash", "lodash"],
-  underscore: ["Underscore"],
-  moment: ["Moment", "moment.js"],
-  dayjs: ["Day.js", "dayjs"],
-  "date-fns": ["date-fns"],
-  docker: ["Docker"],
-  kubernetes: ["Kubernetes", "K8s"],
-  terraform: ["Terraform"],
-  storybook: ["Storybook"],
-  playwright: ["Playwright"],
-  cypress: ["Cypress"],
-  puppeteer: ["Puppeteer"]
-};
-function compilePatterns(allDeps) {
-  const compiled = [];
-  for (const [pkg, mentions] of Object.entries(PACKAGE_TECH_MAP)) {
-    if (!allDeps.has(pkg)) continue;
-    for (const mention of mentions) {
-      const escaped = escapeRegex(mention);
-      compiled.push({
-        pkg,
-        mention,
-        patterns: [
-          new RegExp(`\\b(?:use|using|built with|powered by|written in)\\s+${escaped}\\b`, "i"),
-          new RegExp(`\\bwe\\s+use\\s+${escaped}\\b`, "i"),
-          new RegExp(`\\b${escaped}\\s+(?:project|app|application|codebase)\\b`, "i"),
-          new RegExp(`\\bThis is a\\s+${escaped}\\b`, "i")
-        ]
-      });
-    }
-  }
-  return compiled;
-}
-async function checkRedundancy(file, projectRoot) {
-  const issues = [];
-  const pkgJson = loadPackageJson(projectRoot);
-  if (pkgJson) {
-    const allDeps = /* @__PURE__ */ new Set([
-      ...Object.keys(pkgJson.dependencies || {}),
-      ...Object.keys(pkgJson.devDependencies || {})
-    ]);
-    const compiledPatterns = compilePatterns(allDeps);
-    const lines2 = file.content.split("\n");
-    for (let i = 0; i < lines2.length; i++) {
-      const line = lines2[i];
-      for (const { pkg, mention, patterns } of compiledPatterns) {
-        let matched = false;
-        for (const pattern of patterns) {
-          if (pattern.test(line)) {
-            matched = true;
-            break;
-          }
-        }
-        if (matched) {
-          const wastedTokens = countTokens(line.trim());
-          issues.push({
-            severity: "info",
-            check: "redundancy",
-            line: i + 1,
-            message: `"${mention}" is in package.json ${pkgJson.dependencies?.[pkg] ? "dependencies" : "devDependencies"} \u2014 agent can infer this`,
-            suggestion: `~${wastedTokens} tokens could be saved`
-          });
-        }
-      }
-    }
-  }
-  const lines = file.content.split("\n");
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    const dirMatch = line.match(
-      /(?:are|go|live|found|located|stored)\s+(?:in|at|under)\s+[`"]?(\S+\/)[`"]?/i
-    );
-    if (dirMatch) {
-      const dir = dirMatch[1].replace(/[`"]/g, "");
-      const fullPath = path6.resolve(projectRoot, dir);
-      if (isDirectory(fullPath)) {
-        issues.push({
-          severity: "info",
-          check: "redundancy",
-          line: i + 1,
-          message: `Directory "${dir}" exists and is discoverable \u2014 agent can find this by listing files`,
-          suggestion: "Only keep if there is non-obvious context about this directory"
-        });
-      }
-    }
-  }
-  return issues;
-}
-function checkDuplicateContent(files) {
-  const issues = [];
-  for (let i = 0; i < files.length; i++) {
-    for (let j = i + 1; j < files.length; j++) {
-      const overlap = calculateLineOverlap(files[i].content, files[j].content);
-      if (overlap > 0.6) {
-        issues.push({
-          severity: "warning",
-          check: "redundancy",
-          line: 1,
-          message: `${files[i].relativePath} and ${files[j].relativePath} have ${Math.round(overlap * 100)}% content overlap`,
-          suggestion: "Consider consolidating into a single context file"
-        });
-      }
-    }
-  }
-  return issues;
-}
-function calculateLineOverlap(contentA, contentB) {
-  const linesA = new Set(
-    contentA.split("\n").map((l) => l.trim()).filter((l) => l.length > 10)
-  );
-  const linesB = new Set(
-    contentB.split("\n").map((l) => l.trim()).filter((l) => l.length > 10)
-  );
-  if (linesA.size === 0 || linesB.size === 0) return 0;
-  let overlap = 0;
-  for (const line of linesA) {
-    if (linesB.has(line)) overlap++;
-  }
-  return overlap / Math.min(linesA.size, linesB.size);
-}
-function escapeRegex(str) {
-  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-
-// src/core/checks/contradictions.ts
-var DIRECTIVE_CATEGORIES = [
-  {
-    name: "testing framework",
-    options: [
-      {
-        label: "Jest",
-        patterns: [/\buse\s+jest\b/i, /\bjest\s+for\s+test/i, /\btest.*with\s+jest\b/i]
-      },
-      {
-        label: "Vitest",
-        patterns: [/\buse\s+vitest\b/i, /\bvitest\s+for\s+test/i, /\btest.*with\s+vitest\b/i]
-      },
-      {
-        label: "Mocha",
-        patterns: [/\buse\s+mocha\b/i, /\bmocha\s+for\s+test/i, /\btest.*with\s+mocha\b/i]
-      },
-      {
-        label: "pytest",
-        patterns: [/\buse\s+pytest\b/i, /\bpytest\s+for\s+test/i, /\btest.*with\s+pytest\b/i]
-      },
-      {
-        label: "Playwright",
-        patterns: [/\buse\s+playwright\b/i, /\bplaywright\s+for\s+(?:e2e|test)/i]
-      },
-      { label: "Cypress", patterns: [/\buse\s+cypress\b/i, /\bcypress\s+for\s+(?:e2e|test)/i] }
-    ]
-  },
-  {
-    name: "package manager",
-    options: [
-      {
-        label: "npm",
-        patterns: [
-          /\buse\s+npm\b/i,
-          /\bnpm\s+as\s+(?:the\s+)?package\s+manager/i,
-          /\balways\s+use\s+npm\b/i
-        ]
-      },
-      {
-        label: "pnpm",
-        patterns: [
-          /\buse\s+pnpm\b/i,
-          /\bpnpm\s+as\s+(?:the\s+)?package\s+manager/i,
-          /\balways\s+use\s+pnpm\b/i
-        ]
-      },
-      {
-        label: "yarn",
-        patterns: [
-          /\buse\s+yarn\b/i,
-          /\byarn\s+as\s+(?:the\s+)?package\s+manager/i,
-          /\balways\s+use\s+yarn\b/i
-        ]
-      },
-      {
-        label: "bun",
-        patterns: [
-          /\buse\s+bun\b/i,
-          /\bbun\s+as\s+(?:the\s+)?package\s+manager/i,
-          /\balways\s+use\s+bun\b/i
-        ]
-      }
-    ]
-  },
-  {
-    name: "indentation style",
-    options: [
-      {
-        label: "tabs",
-        patterns: [/\buse\s+tabs\b/i, /\btab\s+indentation\b/i, /\bindent\s+with\s+tabs\b/i]
-      },
-      {
-        label: "2 spaces",
-        patterns: [
-          /\b2[\s-]?space\s+indent/i,
-          /\bindent\s+with\s+2\s+spaces/i,
-          /\b2[\s-]?space\s+tabs?\b/i
-        ]
-      },
-      {
-        label: "4 spaces",
-        patterns: [
-          /\b4[\s-]?space\s+indent/i,
-          /\bindent\s+with\s+4\s+spaces/i,
-          /\b4[\s-]?space\s+tabs?\b/i
-        ]
-      }
-    ]
-  },
-  {
-    name: "semicolons",
-    options: [
-      {
-        label: "semicolons",
-        patterns: [
-          /\buse\s+semicolons\b/i,
-          /\balways\s+(?:use\s+)?semicolons\b/i,
-          /\bsemicolons:\s*(?:true|yes)\b/i
-        ]
-      },
-      {
-        label: "no semicolons",
-        patterns: [
-          /\bno\s+semicolons\b/i,
-          /\bavoid\s+semicolons\b/i,
-          /\bomit\s+semicolons\b/i,
-          /\bsemicolons:\s*(?:false|no)\b/i
-        ]
-      }
-    ]
-  },
-  {
-    name: "quote style",
-    options: [
-      {
-        label: "single quotes",
-        patterns: [
-          /\bsingle\s+quotes?\b/i,
-          /\buse\s+(?:single\s+)?['']single['']?\s+quotes?\b/i,
-          /\bprefer\s+single\s+quotes?\b/i
-        ]
-      },
-      {
-        label: "double quotes",
-        patterns: [
-          /\bdouble\s+quotes?\b/i,
-          /\buse\s+(?:double\s+)?[""]double[""]?\s+quotes?\b/i,
-          /\bprefer\s+double\s+quotes?\b/i
-        ]
-      }
-    ]
-  },
-  {
-    name: "naming convention",
-    options: [
-      {
-        label: "camelCase",
-        patterns: [/\bcamelCase\b/, /\bcamel[\s-]?case\s+(?:for|naming|convention)/i]
-      },
-      {
-        label: "snake_case",
-        patterns: [/\bsnake_case\b/, /\bsnake[\s-]?case\s+(?:for|naming|convention)/i]
-      },
-      {
-        label: "PascalCase",
-        patterns: [/\bPascalCase\b/, /\bpascal[\s-]?case\s+(?:for|naming|convention)/i]
-      },
-      {
-        label: "kebab-case",
-        patterns: [/\bkebab-case\b/, /\bkebab[\s-]?case\s+(?:for|naming|convention)/i]
-      }
-    ]
-  },
-  {
-    name: "CSS approach",
-    options: [
-      { label: "Tailwind", patterns: [/\buse\s+tailwind/i, /\btailwind\s+for\s+styl/i] },
-      {
-        label: "CSS Modules",
-        patterns: [/\buse\s+css\s+modules\b/i, /\bcss\s+modules\s+for\s+styl/i]
-      },
-      {
-        label: "styled-components",
-        patterns: [/\buse\s+styled[\s-]?components\b/i, /\bstyled[\s-]?components\s+for\s+styl/i]
-      },
-      { label: "CSS-in-JS", patterns: [/\buse\s+css[\s-]?in[\s-]?js\b/i] }
-    ]
-  },
-  {
-    name: "state management",
-    options: [
-      { label: "Redux", patterns: [/\buse\s+redux\b/i, /\bredux\s+for\s+state/i] },
-      { label: "Zustand", patterns: [/\buse\s+zustand\b/i, /\bzustand\s+for\s+state/i] },
-      { label: "MobX", patterns: [/\buse\s+mobx\b/i, /\bmobx\s+for\s+state/i] },
-      { label: "Jotai", patterns: [/\buse\s+jotai\b/i, /\bjotai\s+for\s+state/i] },
-      { label: "Recoil", patterns: [/\buse\s+recoil\b/i, /\brecoil\s+for\s+state/i] }
-    ]
-  }
-];
-function detectDirectives(file) {
-  const directives = [];
-  const lines = file.content.split("\n");
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    for (const category of DIRECTIVE_CATEGORIES) {
-      for (const option of category.options) {
-        for (const pattern of option.patterns) {
-          if (pattern.test(line)) {
-            directives.push({
-              file: file.relativePath,
-              category: category.name,
-              label: option.label,
-              line: i + 1,
-              text: line.trim()
-            });
-            break;
-          }
-        }
-      }
-    }
-  }
-  return directives;
-}
-function checkContradictions(files) {
-  if (files.length < 2) return [];
-  const issues = [];
-  const allDirectives = [];
-  for (const file of files) {
-    allDirectives.push(...detectDirectives(file));
-  }
-  const byCategory = /* @__PURE__ */ new Map();
-  for (const d of allDirectives) {
-    const existing = byCategory.get(d.category) || [];
-    existing.push(d);
-    byCategory.set(d.category, existing);
-  }
-  for (const [category, directives] of byCategory) {
-    const byFile = /* @__PURE__ */ new Map();
-    for (const d of directives) {
-      const existing = byFile.get(d.file) || [];
-      existing.push(d);
-      byFile.set(d.file, existing);
-    }
-    const labels = new Set(directives.map((d) => d.label));
-    if (labels.size <= 1) continue;
-    const fileLabels = /* @__PURE__ */ new Map();
-    for (const d of directives) {
-      const existing = fileLabels.get(d.file) || /* @__PURE__ */ new Set();
-      existing.add(d.label);
-      fileLabels.set(d.file, existing);
-    }
-    const fileEntries = [...fileLabels.entries()];
-    for (let i = 0; i < fileEntries.length; i++) {
-      for (let j = i + 1; j < fileEntries.length; j++) {
-        const [fileA, labelsA] = fileEntries[i];
-        const [fileB, labelsB] = fileEntries[j];
-        for (const labelA of labelsA) {
-          for (const labelB of labelsB) {
-            if (labelA !== labelB) {
-              const directiveA = directives.find((d) => d.file === fileA && d.label === labelA);
-              const directiveB = directives.find((d) => d.file === fileB && d.label === labelB);
-              issues.push({
-                severity: "warning",
-                check: "contradictions",
-                line: directiveA.line,
-                message: `${category} conflict: "${directiveA.label}" in ${fileA} vs "${directiveB.label}" in ${fileB}`,
-                suggestion: `Align on one ${category} across all context files`,
-                detail: `${fileA}:${directiveA.line} says "${directiveA.text}" but ${fileB}:${directiveB.line} says "${directiveB.text}"`
-              });
-            }
-          }
-        }
-      }
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/frontmatter.ts
-function parseFrontmatter(content) {
-  const lines = content.split("\n");
-  if (lines[0]?.trim() !== "---") {
-    return { found: false, fields: {}, endLine: 0 };
-  }
-  const fields = {};
-  let endLine = 0;
-  for (let i = 1; i < lines.length; i++) {
-    const line = lines[i].trim();
-    if (line === "---") {
-      endLine = i + 1;
-      break;
-    }
-    const match = line.match(/^(\w+)\s*:\s*(.*)$/);
-    if (match) {
-      fields[match[1]] = match[2].trim();
-    }
-  }
-  if (endLine === 0) {
-    return { found: true, fields, endLine: lines.length };
-  }
-  return { found: true, fields, endLine };
-}
-function isCursorMdc(file) {
-  return file.relativePath.endsWith(".mdc");
-}
-function isCopilotInstructions(file) {
-  return file.relativePath.includes(".github/instructions/") && file.relativePath.endsWith(".md");
-}
-function isWindsurfRule(file) {
-  return file.relativePath.includes(".windsurf/rules/") && file.relativePath.endsWith(".md");
-}
-var VALID_WINDSURF_TRIGGERS = ["always_on", "glob", "manual", "model"];
-async function checkFrontmatter(file, _projectRoot) {
-  const issues = [];
-  if (isCursorMdc(file)) {
-    issues.push(...validateCursorMdc(file));
-  } else if (isCopilotInstructions(file)) {
-    issues.push(...validateCopilotInstructions(file));
-  } else if (isWindsurfRule(file)) {
-    issues.push(...validateWindsurfRule(file));
-  }
-  return issues;
-}
-function validateCursorMdc(file) {
-  const issues = [];
-  const fm = parseFrontmatter(file.content);
-  if (!fm.found) {
-    issues.push({
-      severity: "warning",
-      check: "frontmatter",
-      line: 1,
-      message: "Cursor .mdc file is missing frontmatter",
-      suggestion: "Add YAML frontmatter with description, globs, and alwaysApply fields"
-    });
-    return issues;
-  }
-  if (!fm.fields["description"]) {
-    issues.push({
-      severity: "warning",
-      check: "frontmatter",
-      line: 1,
-      message: 'Missing "description" field in Cursor .mdc frontmatter',
-      suggestion: "Add a description so Cursor knows when to apply this rule"
-    });
-  }
-  if (!("alwaysApply" in fm.fields) && !("globs" in fm.fields)) {
-    issues.push({
-      severity: "info",
-      check: "frontmatter",
-      line: 1,
-      message: 'No "alwaysApply" or "globs" field \u2014 rule may not be applied automatically',
-      suggestion: "Set alwaysApply: true or specify globs for targeted activation"
-    });
-  }
-  if ("alwaysApply" in fm.fields) {
-    const val = fm.fields["alwaysApply"].toLowerCase();
-    if (!["true", "false"].includes(val)) {
-      issues.push({
-        severity: "error",
-        check: "frontmatter",
-        line: 1,
-        message: `Invalid alwaysApply value: "${fm.fields["alwaysApply"]}"`,
-        suggestion: "alwaysApply must be true or false"
-      });
-    }
-  }
-  if ("globs" in fm.fields) {
-    const val = fm.fields["globs"];
-    if (val && !val.startsWith("[") && !val.startsWith('"') && !val.includes("*") && !val.includes("/")) {
-      issues.push({
-        severity: "warning",
-        check: "frontmatter",
-        line: 1,
-        message: `Possibly invalid globs value: "${val}"`,
-        suggestion: 'globs should be a glob pattern like "src/**/*.ts" or an array like ["*.ts", "*.tsx"]'
-      });
-    }
-  }
-  return issues;
-}
-function validateCopilotInstructions(file) {
-  const issues = [];
-  const fm = parseFrontmatter(file.content);
-  if (!fm.found) {
-    issues.push({
-      severity: "info",
-      check: "frontmatter",
-      line: 1,
-      message: "Copilot instructions file has no frontmatter",
-      suggestion: "Add applyTo frontmatter to target specific file patterns"
-    });
-    return issues;
-  }
-  if (!fm.fields["applyTo"]) {
-    issues.push({
-      severity: "warning",
-      check: "frontmatter",
-      line: 1,
-      message: 'Missing "applyTo" field in Copilot instructions frontmatter',
-      suggestion: 'Add applyTo to specify which files this instruction applies to (e.g., applyTo: "**/*.ts")'
-    });
-  }
-  return issues;
-}
-function validateWindsurfRule(file) {
-  const issues = [];
-  const fm = parseFrontmatter(file.content);
-  if (!fm.found) {
-    issues.push({
-      severity: "info",
-      check: "frontmatter",
-      line: 1,
-      message: "Windsurf rule file has no frontmatter",
-      suggestion: "Add YAML frontmatter with a trigger field (always_on, glob, manual, model)"
-    });
-    return issues;
-  }
-  if (!fm.fields["trigger"]) {
-    issues.push({
-      severity: "warning",
-      check: "frontmatter",
-      line: 1,
-      message: 'Missing "trigger" field in Windsurf rule frontmatter',
-      suggestion: `Set trigger to one of: ${VALID_WINDSURF_TRIGGERS.join(", ")}`
-    });
-  } else {
-    const trigger = fm.fields["trigger"].replace(/['"]/g, "");
-    if (!VALID_WINDSURF_TRIGGERS.includes(trigger)) {
-      issues.push({
-        severity: "error",
-        check: "frontmatter",
-        line: 1,
-        message: `Invalid trigger value: "${trigger}"`,
-        suggestion: `Valid triggers: ${VALID_WINDSURF_TRIGGERS.join(", ")}`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/mcp/schema.ts
-async function checkMcpSchema(config, _projectRoot) {
-  const issues = [];
-  if (config.parseErrors.length > 0) {
-    for (const err of config.parseErrors) {
-      issues.push({
-        severity: "error",
-        check: "mcp-schema",
-        ruleId: "invalid-json",
-        line: 1,
-        message: `MCP config is not valid JSON: ${err}`
-      });
-    }
-    return issues;
-  }
-  if (!config.actualRootKey) {
-    issues.push({
-      severity: "error",
-      check: "mcp-schema",
-      ruleId: "missing-root-key",
-      line: 1,
-      message: `MCP config has no "${config.expectedRootKey}" key`
-    });
-    return issues;
-  }
-  if (config.actualRootKey !== config.expectedRootKey) {
-    const line = findKeyLine(config.content, config.actualRootKey);
-    issues.push({
-      severity: "error",
-      check: "mcp-schema",
-      ruleId: "wrong-root-key",
-      line,
-      message: `${config.relativePath} must use "${config.expectedRootKey}" as root key, not "${config.actualRootKey}"`,
-      fix: {
-        file: config.filePath,
-        line,
-        oldText: `"${config.actualRootKey}"`,
-        newText: `"${config.expectedRootKey}"`
-      }
-    });
-  }
-  if (config.servers.length === 0 && config.actualRootKey) {
-    issues.push({
-      severity: "info",
-      check: "mcp-schema",
-      ruleId: "empty-servers",
-      line: 1,
-      message: "MCP config has no server entries"
-    });
-    return issues;
-  }
-  for (const server2 of config.servers) {
-    if (!server2.name) {
-      issues.push({
-        severity: "error",
-        check: "mcp-schema",
-        ruleId: "no-name-field",
-        line: server2.line,
-        message: "Server name cannot be empty"
-      });
-      continue;
-    }
-    if (server2.transport === "unknown") {
-      const typeVal = server2.raw.type;
-      if (typeof typeVal === "string") {
-        issues.push({
-          severity: "warning",
-          check: "mcp-schema",
-          ruleId: "unknown-transport",
-          line: server2.line,
-          message: `Server "${server2.name}" has unknown transport type "${typeVal}"`
-        });
-      }
-    }
-    if (server2.command && server2.url) {
-      issues.push({
-        severity: "warning",
-        check: "mcp-schema",
-        ruleId: "ambiguous-transport",
-        line: server2.line,
-        message: `Server "${server2.name}" has both "command" and "url" \u2014 transport is ambiguous`
-      });
-    }
-    if (server2.transport === "stdio" && !server2.command) {
-      issues.push({
-        severity: "error",
-        check: "mcp-schema",
-        ruleId: "missing-command",
-        line: server2.line,
-        message: `Server "${server2.name}" has no "command" field`
-      });
-    }
-    if ((server2.transport === "http" || server2.transport === "sse") && !server2.url) {
-      issues.push({
-        severity: "error",
-        check: "mcp-schema",
-        ruleId: "missing-url",
-        line: server2.line,
-        message: `Server "${server2.name}" has no "url" field`
-      });
-    }
-  }
-  return issues;
-}
-function findKeyLine(content, key) {
-  const lines = content.split("\n");
-  const escaped = key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  const pattern = new RegExp(`"${escaped}"\\s*:`);
-  for (let i = 0; i < lines.length; i++) {
-    if (pattern.test(lines[i])) {
-      return i + 1;
-    }
-  }
-  return 1;
-}
-
-// src/core/checks/mcp/security.ts
-var API_KEY_PATTERNS = [
-  /sk-[a-zA-Z0-9]{20,}/,
-  // OpenAI / generic
-  /ghp_[a-zA-Z0-9]{36}/,
-  // GitHub PAT
-  /ghu_[a-zA-Z0-9]{36}/,
-  // GitHub user token
-  /github_pat_[a-zA-Z0-9_]{80,}/,
-  // GitHub fine-grained PAT
-  /xoxb-[0-9]{10,}/,
-  // Slack bot
-  /xoxp-[0-9]{10,}/,
-  // Slack user
-  /AKIA[0-9A-Z]{16}/,
-  // AWS access key
-  /AGE-SECRET-KEY-1[a-zA-Z0-9]+/,
-  // age encryption key
-  /glpat-[a-zA-Z0-9_\-]{20}/,
-  // GitLab PAT
-  /sq0atp-[a-zA-Z0-9_\-]{22}/
-  // Square
-];
-var ENV_VAR_REF = /\$\{[^}]+\}/;
-var HIGH_ENTROPY_PATTERN = /^[A-Za-z0-9+/=_-]{21,}$/;
-var URL_SECRET_PARAMS = /[?&](key|token|api_key|apikey|secret|password|access_token)=/i;
-function isEnvVarRef(value) {
-  return ENV_VAR_REF.test(value);
-}
-function isKnownApiKey(value) {
-  return API_KEY_PATTERNS.some((p) => p.test(value));
-}
-function isHighEntropySecret(value) {
-  if (isEnvVarRef(value)) return false;
-  return HIGH_ENTROPY_PATTERN.test(value);
-}
-function deriveEnvVarName(serverName, suffix) {
-  return serverName.replace(/[^a-zA-Z0-9]+/g, "_").toUpperCase().replace(/^_|_$/g, "") + "_" + suffix;
-}
-async function checkMcpSecurity(config, _projectRoot) {
-  const issues = [];
-  if (!config.isGitTracked) return issues;
-  if (config.parseErrors.length > 0) return issues;
-  for (const server2 of config.servers) {
-    if (server2.headers) {
-      for (const [headerName, headerValue] of Object.entries(server2.headers)) {
-        if (headerName.toLowerCase() === "authorization") {
-          const bearerMatch = headerValue.match(/^Bearer\s+(.+)$/i);
-          if (bearerMatch) {
-            const token = bearerMatch[1];
-            if (!isEnvVarRef(token)) {
-              const envVar = deriveEnvVarName(server2.name, "API_KEY");
-              issues.push({
-                severity: "error",
-                check: "mcp-security",
-                ruleId: "hardcoded-bearer",
-                line: server2.line,
-                message: `Server "${server2.name}" has a hardcoded Bearer token in a git-tracked file`,
-                fix: {
-                  file: config.filePath,
-                  line: server2.line,
-                  oldText: `Bearer ${token}`,
-                  newText: `Bearer \${${envVar}}`
-                }
-              });
-            }
-          }
-        }
-        if (!isEnvVarRef(headerValue) && isKnownApiKey(headerValue)) {
-          issues.push({
-            severity: "error",
-            check: "mcp-security",
-            ruleId: "hardcoded-api-key",
-            line: server2.line,
-            message: `Server "${server2.name}" has a hardcoded API key in a git-tracked file`
-          });
-        }
-      }
-    }
-    if (server2.env) {
-      for (const envValue of Object.values(server2.env)) {
-        if (!isEnvVarRef(envValue) && (isKnownApiKey(envValue) || isHighEntropySecret(envValue))) {
-          const envVar = deriveEnvVarName(server2.name, "API_KEY");
-          issues.push({
-            severity: "error",
-            check: "mcp-security",
-            ruleId: "hardcoded-api-key",
-            line: server2.line,
-            message: `Server "${server2.name}" has a hardcoded API key in a git-tracked file`,
-            fix: {
-              file: config.filePath,
-              line: server2.line,
-              oldText: envValue,
-              newText: `\${${envVar}}`
-            }
-          });
-        }
-      }
-    }
-    if (server2.url && !isEnvVarRef(server2.url) && URL_SECRET_PARAMS.test(server2.url)) {
-      issues.push({
-        severity: "error",
-        check: "mcp-security",
-        ruleId: "secret-in-url",
-        line: server2.line,
-        message: `Server "${server2.name}" has a secret in the URL query string`
-      });
-    }
-    if (server2.url) {
-      try {
-        if (!isEnvVarRef(server2.url)) {
-          const parsed = new URL(server2.url);
-          if (parsed.protocol === "http:" && parsed.hostname !== "localhost" && parsed.hostname !== "127.0.0.1" && parsed.hostname !== "::1") {
-            issues.push({
-              severity: "warning",
-              check: "mcp-security",
-              ruleId: "http-no-tls",
-              line: server2.line,
-              message: `Server "${server2.name}" uses HTTP without TLS`
-            });
-          }
-        }
-      } catch {
-      }
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/mcp/commands.ts
-import * as fs4 from "fs";
-import * as path7 from "path";
-var LOCAL_PATH_PATTERN = /^\.\.?\//;
-var FILE_PATH_PATTERN = /^[^-].*\/.*\.\w+$/;
-async function checkMcpCommands(config, projectRoot) {
-  const issues = [];
-  if (config.parseErrors.length > 0) return issues;
-  for (const server2 of config.servers) {
-    if (server2.transport !== "stdio" || !server2.command) continue;
-    if (process.platform === "win32" && config.scope === "project" && server2.command === "npx") {
-      issues.push({
-        severity: "error",
-        check: "mcp-commands",
-        ruleId: "windows-npx-no-wrapper",
-        line: server2.line,
-        message: `Server "${server2.name}": npx requires "cmd /c" wrapper on Windows`,
-        suggestion: 'Change command to "cmd" and prepend "/c", "npx" to args: ["/c", "npx", ...]',
-        fix: buildNpxFix(config, server2.name, server2.args)
-      });
-    }
-    if (LOCAL_PATH_PATTERN.test(server2.command)) {
-      const resolved = path7.resolve(projectRoot, server2.command);
-      if (!fileExistsSafe(resolved)) {
-        issues.push({
-          severity: "warning",
-          check: "mcp-commands",
-          ruleId: "command-not-found",
-          line: server2.line,
-          message: `Server "${server2.name}": command "${server2.command}" not found`
-        });
-      }
-    }
-    if (server2.args) {
-      for (const arg of server2.args) {
-        if (LOCAL_PATH_PATTERN.test(arg) || FILE_PATH_PATTERN.test(arg)) {
-          const resolved = path7.resolve(projectRoot, arg);
-          if (!fileExistsSafe(resolved)) {
-            issues.push({
-              severity: "warning",
-              check: "mcp-commands",
-              ruleId: "args-path-missing",
-              line: server2.line,
-              message: `Server "${server2.name}": arg "${arg}" looks like a file path but doesn't exist`
-            });
-          }
-        }
-      }
-    }
-  }
-  return issues;
-}
-function fileExistsSafe(filePath) {
-  try {
-    fs4.accessSync(filePath);
-    return true;
-  } catch {
-    return false;
-  }
-}
-function buildNpxFix(config, serverName, _args) {
-  const lines = config.content.split("\n");
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    if (line.includes('"command"') && line.includes('"npx"')) {
-      let inRightServer = false;
-      for (let j = i - 1; j >= 0; j--) {
-        if (lines[j].includes(`"${serverName}"`)) {
-          inRightServer = true;
-          break;
-        }
-        if (lines[j].includes('"command"')) break;
-      }
-      if (!inRightServer) continue;
-      return {
-        file: config.filePath,
-        line: i + 1,
-        oldText: '"npx"',
-        newText: '"cmd"'
-      };
-    }
-  }
-  return void 0;
-}
-
-// src/core/checks/mcp/deprecated.ts
-async function checkMcpDeprecated(config, _projectRoot) {
-  const issues = [];
-  if (config.parseErrors.length > 0) return issues;
-  for (const server2 of config.servers) {
-    if (server2.transport === "sse") {
-      const line = findTypeLine(config.content, server2.name) || server2.line;
-      issues.push({
-        severity: "warning",
-        check: "mcp-deprecated",
-        ruleId: "sse-transport",
-        line,
-        message: `Server "${server2.name}" uses deprecated SSE transport \u2014 use "http" (Streamable HTTP) instead`,
-        fix: {
-          file: config.filePath,
-          line,
-          oldText: '"sse"',
-          newText: '"http"'
-        }
-      });
-    }
-  }
-  return issues;
-}
-function findTypeLine(content, serverName) {
-  const lines = content.split("\n");
-  let inServer = false;
-  for (let i = 0; i < lines.length; i++) {
-    if (lines[i].includes(`"${serverName}"`)) {
-      inServer = true;
-    }
-    if (inServer && lines[i].includes('"type"') && lines[i].includes('"sse"')) {
-      return i + 1;
-    }
-    if (inServer && i > 0 && lines[i].match(/^\s{4}"\w/) && !lines[i].includes(`"${serverName}"`)) {
-      const indent = lines[i].search(/\S/);
-      const serverIndent = lines.findIndex((l) => l.includes(`"${serverName}"`));
-      if (serverIndent >= 0) {
-        const origIndent = lines[serverIndent].search(/\S/);
-        if (indent <= origIndent) break;
-      }
-    }
-  }
-  return null;
-}
-
-// src/core/checks/mcp/env.ts
-var HAS_CURSOR_SYNTAX = /\$\{env:[^}]+\}/;
-var HAS_CLAUDE_SYNTAX = /\$\{[A-Za-z_][A-Za-z0-9_]*(?::-.*)?\}/;
-var HAS_CONTINUE_SYNTAX = /\$\{\{\s*secrets\.[^}]+\}\}/;
-var ANY_ENV_REF = /\$\{[^}]+\}/g;
-function extractEnvVarRefs(value) {
-  const refs = [];
-  let match;
-  ANY_ENV_REF.lastIndex = 0;
-  while ((match = ANY_ENV_REF.exec(value)) !== null) {
-    const full = match[0];
-    let varName = null;
-    const cursorMatch = full.match(/^\$\{env:([A-Za-z_][A-Za-z0-9_]*)\}$/);
-    if (cursorMatch) {
-      varName = cursorMatch[1];
-    }
-    const continueMatch = full.match(/^\$\{\{\s*secrets\.([A-Za-z_][A-Za-z0-9_]*)\s*\}\}$/);
-    if (continueMatch) {
-      varName = continueMatch[1];
-    }
-    const claudeMatch = full.match(/^\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}$/);
-    if (!varName && claudeMatch) {
-      varName = claudeMatch[1];
-    }
-    if (varName) {
-      refs.push({ varName, fullMatch: full });
-    }
-  }
-  return refs;
-}
-function collectAllStringValues(server2) {
-  const values = [];
-  if (server2.command) values.push(server2.command);
-  if (server2.args) values.push(...server2.args);
-  if (server2.url) values.push(server2.url);
-  if (server2.headers) values.push(...Object.values(server2.headers));
-  if (server2.env) values.push(...Object.values(server2.env));
-  return values;
-}
-async function checkMcpEnv(config, _projectRoot) {
-  const issues = [];
-  if (config.parseErrors.length > 0) return issues;
-  for (const server2 of config.servers) {
-    const allValues = collectAllStringValues(server2);
-    for (const value of allValues) {
-      if (config.client === "claude-code") {
-        if (HAS_CURSOR_SYNTAX.test(value)) {
-          issues.push({
-            severity: "error",
-            check: "mcp-env",
-            ruleId: "wrong-syntax",
-            line: server2.line,
-            message: `Server "${server2.name}": Claude Code uses \${VAR}, not \${env:VAR}`,
-            fix: buildSyntaxFix(config, server2.line, value, "claude-code")
-          });
-        }
-      }
-      if (config.client === "cursor") {
-        if (HAS_CLAUDE_SYNTAX.test(value) && !HAS_CURSOR_SYNTAX.test(value) && !HAS_CONTINUE_SYNTAX.test(value)) {
-          issues.push({
-            severity: "error",
-            check: "mcp-env",
-            ruleId: "wrong-syntax",
-            line: server2.line,
-            message: `Server "${server2.name}": Cursor uses \${env:VAR}, not \${VAR}`,
-            fix: buildSyntaxFix(config, server2.line, value, "cursor")
-          });
-        }
-      }
-      if (config.client === "continue") {
-        if ((HAS_CLAUDE_SYNTAX.test(value) || HAS_CURSOR_SYNTAX.test(value)) && !HAS_CONTINUE_SYNTAX.test(value)) {
-          issues.push({
-            severity: "error",
-            check: "mcp-env",
-            ruleId: "wrong-syntax",
-            line: server2.line,
-            message: `Server "${server2.name}": Continue uses \${{ secrets.VAR }}, not \${VAR}`,
-            fix: buildSyntaxFix(config, server2.line, value, "continue")
-          });
-        }
-      }
-    }
-    for (const value of allValues) {
-      const refs = extractEnvVarRefs(value);
-      for (const ref of refs) {
-        if (!(ref.varName in process.env)) {
-          issues.push({
-            severity: "info",
-            check: "mcp-env",
-            ruleId: "unset-variable",
-            line: server2.line,
-            message: `Server "${server2.name}": environment variable "${ref.varName}" is not set`
-          });
-        }
-      }
-    }
-    if (server2.env && Object.keys(server2.env).length === 0) {
-      issues.push({
-        severity: "info",
-        check: "mcp-env",
-        ruleId: "empty-env-block",
-        line: server2.line,
-        message: `Server "${server2.name}": empty "env" block can be removed`
-      });
-    }
-  }
-  return issues;
-}
-function buildSyntaxFix(config, line, value, targetClient) {
-  if (targetClient === "claude-code") {
-    const fixed = value.replace(/\$\{env:([^}]+)\}/g, "${$1}");
-    return { file: config.filePath, line, oldText: value, newText: fixed };
-  }
-  if (targetClient === "cursor") {
-    const fixed = value.replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}/g, (match, varName) => {
-      if (match.startsWith("${env:")) return match;
-      return `\${env:${varName}}`;
-    });
-    return { file: config.filePath, line, oldText: value, newText: fixed };
-  }
-  if (targetClient === "continue") {
-    let fixed = value.replace(/\$\{env:([A-Za-z_][A-Za-z0-9_]*)\}/g, "${{ secrets.$1 }}");
-    fixed = fixed.replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-.*)?\}/g, (match) => {
-      if (match.includes("secrets.")) return match;
-      const varMatch = match.match(/\$\{([A-Za-z_][A-Za-z0-9_]*)/);
-      return varMatch ? `\${{ secrets.${varMatch[1]} }}` : match;
-    });
-    return { file: config.filePath, line, oldText: value, newText: fixed };
-  }
-  return void 0;
-}
-
-// src/core/checks/mcp/urls.ts
-var ENV_VAR_REF2 = /\$\{[^}]+\}/;
-async function checkMcpUrls(config, _projectRoot) {
-  const issues = [];
-  if (config.parseErrors.length > 0) return issues;
-  for (const server2 of config.servers) {
-    if (!server2.url) continue;
-    if (ENV_VAR_REF2.test(server2.url)) continue;
-    let parsed;
-    try {
-      parsed = new URL(server2.url);
-    } catch {
-      issues.push({
-        severity: "error",
-        check: "mcp-urls",
-        ruleId: "malformed-url",
-        line: server2.line,
-        message: `Server "${server2.name}": invalid URL "${server2.url}"`
-      });
-      continue;
-    }
-    if (config.scope === "project" && (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1")) {
-      issues.push({
-        severity: "warning",
-        check: "mcp-urls",
-        ruleId: "localhost-in-project-config",
-        line: server2.line,
-        message: `Server "${server2.name}": localhost URL in project config won't work for teammates`
-      });
-    }
-    if (!parsed.pathname || parsed.pathname === "/") {
-      issues.push({
-        severity: "info",
-        check: "mcp-urls",
-        ruleId: "missing-path",
-        line: server2.line,
-        message: `Server "${server2.name}": URL has no path \u2014 most MCP servers expect /mcp`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/mcp/consistency.ts
-async function checkMcpConsistency(configs) {
-  const issues = [];
-  if (configs.length < 2) {
-    return checkSingleFileIssues(configs).concat(checkMissingFromClient(configs));
-  }
-  const serverMap = /* @__PURE__ */ new Map();
-  for (const config of configs) {
-    for (const server2 of config.servers) {
-      const existing = serverMap.get(server2.name) || [];
-      existing.push({
-        config,
-        command: server2.command,
-        url: server2.url,
-        args: server2.args,
-        line: server2.line
-      });
-      serverMap.set(server2.name, existing);
-    }
-  }
-  for (const [name, entries] of serverMap) {
-    if (entries.length < 2) continue;
-    for (let i = 0; i < entries.length; i++) {
-      for (let j = i + 1; j < entries.length; j++) {
-        const a = entries[i];
-        const b = entries[j];
-        const aKey = JSON.stringify({ cmd: a.command, url: a.url, args: a.args });
-        const bKey = JSON.stringify({ cmd: b.command, url: b.url, args: b.args });
-        if (aKey !== bKey) {
-          issues.push({
-            severity: "warning",
-            check: "mcp-consistency",
-            ruleId: "same-server-different-config",
-            line: a.line,
-            message: `Server "${name}" is configured differently in ${a.config.relativePath} and ${b.config.relativePath}`
-          });
-        }
-      }
-    }
-  }
-  issues.push(...checkMissingFromClient(configs));
-  issues.push(...checkSingleFileIssues(configs));
-  return issues;
-}
-function checkMissingFromClient(configs) {
-  const issues = [];
-  const primary = configs.find((c) => c.relativePath === ".mcp.json" && c.scope === "project");
-  if (!primary) return issues;
-  const otherConfigs = configs.filter(
-    (c) => c !== primary && c.scope === "project" && (c.relativePath.includes(".cursor/") || c.relativePath.includes(".vscode/") || c.relativePath.includes(".amazonq/"))
-  );
-  for (const other of otherConfigs) {
-    const otherNames = new Set(other.servers.map((s) => s.name));
-    for (const primaryServer of primary.servers) {
-      if (!otherNames.has(primaryServer.name)) {
-        issues.push({
-          severity: "info",
-          check: "mcp-consistency",
-          ruleId: "missing-from-client",
-          line: primaryServer.line,
-          message: `Server "${primaryServer.name}" is in .mcp.json but missing from ${other.relativePath}`
-        });
-      }
-    }
-  }
-  return issues;
-}
-function checkSingleFileIssues(configs) {
-  const issues = [];
-  for (const config of configs) {
-    const nameCount = /* @__PURE__ */ new Map();
-    const lines = config.content.split("\n");
-    for (const server2 of config.servers) {
-      const escaped = server2.name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-      const pattern = new RegExp(`"${escaped}"\\s*:`, "g");
-      let count = 0;
-      for (const line of lines) {
-        if (pattern.test(line)) count++;
-        pattern.lastIndex = 0;
-      }
-      nameCount.set(server2.name, count);
-    }
-    for (const [name, count] of nameCount) {
-      if (count > 1) {
-        issues.push({
-          severity: "warning",
-          check: "mcp-consistency",
-          ruleId: "duplicate-server-name",
-          line: 1,
-          message: `Duplicate server name "${name}" in ${config.relativePath} \u2014 only the last definition is used`
-        });
-      }
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/mcp/redundancy.ts
-async function checkMcpRedundancy(configs) {
-  const issues = [];
-  for (const config of configs) {
-    for (const server2 of config.servers) {
-      if (server2.disabled === true) {
-        issues.push({
-          severity: "info",
-          check: "mcp-redundancy",
-          ruleId: "disabled-server",
-          line: server2.line,
-          message: `Server "${server2.name}" is disabled \u2014 consider removing it if no longer needed`
-        });
-      }
-    }
-  }
-  const projectConfigs = configs.filter((c) => c.scope === "project");
-  const globalConfigs = configs.filter((c) => c.scope === "user" || c.scope === "global");
-  for (const projectConfig of projectConfigs) {
-    for (const projectServer of projectConfig.servers) {
-      for (const globalConfig of globalConfigs) {
-        const globalServer = globalConfig.servers.find((s) => s.name === projectServer.name);
-        if (!globalServer) continue;
-        const projectKey = JSON.stringify({
-          command: projectServer.command,
-          args: projectServer.args,
-          url: projectServer.url,
-          env: projectServer.env
-        });
-        const globalKey = JSON.stringify({
-          command: globalServer.command,
-          args: globalServer.args,
-          url: globalServer.url,
-          env: globalServer.env
-        });
-        if (projectKey === globalKey) {
-          issues.push({
-            severity: "info",
-            check: "mcp-redundancy",
-            ruleId: "identical-across-scopes",
-            line: projectServer.line,
-            message: `Server "${projectServer.name}" is identically configured in both ${projectConfig.relativePath} and ${globalConfig.relativePath}`
-          });
-        }
-      }
-    }
-  }
-  return issues;
-}
-
-// src/core/session-scanner.ts
-import { readFile as readFile2, readdir, stat } from "fs/promises";
-import { dirname as dirname2, join as join4, resolve as resolve4 } from "path";
-import { existsSync } from "fs";
-import { simpleGit as simpleGit2 } from "simple-git";
-
-// src/core/session-parser.ts
-import { readFile } from "fs/promises";
-var PATH_PATTERN2 = /(?:^|\s|['"`(])([.~/][^\s'"`),;:!?]+)/g;
-function decodeProjectDir(dirName) {
-  const parts = dirName.split("--");
-  if (parts.length <= 1) return dirName;
-  if (parts[0].length === 1 && /^[A-Z]$/i.test(parts[0])) {
-    return parts[0] + ":/" + parts.slice(1).join("/");
-  }
-  return "/" + parts.join("/");
-}
-function extractPaths(content) {
-  const paths = [];
-  for (const match of content.matchAll(PATH_PATTERN2)) {
-    const p = match[1].replace(/[)}\]]+$/, "");
-    if (p.length > 2 && !p.startsWith("http") && !p.startsWith("//")) {
-      paths.push(p);
-    }
-  }
-  return [...new Set(paths)];
-}
-function parseFrontmatter2(content) {
-  const lines = content.split("\n");
-  if (lines[0]?.trim() !== "---") {
-    return { body: content };
-  }
-  const endIdx = lines.indexOf("---", 1);
-  if (endIdx === -1) {
-    return { body: content };
-  }
-  const frontmatter = {};
-  for (let i = 1; i < endIdx; i++) {
-    const line = lines[i];
-    const colonIdx = line.indexOf(":");
-    if (colonIdx > 0) {
-      const key = line.slice(0, colonIdx).trim();
-      const value = line.slice(colonIdx + 1).trim();
-      frontmatter[key] = value;
-    }
-  }
-  return {
-    name: frontmatter["name"],
-    description: frontmatter["description"],
-    type: frontmatter["type"],
-    body: lines.slice(endIdx + 1).join("\n")
-  };
-}
-async function parseMemoryFile(filePath, projectDir) {
-  const content = await readFile(filePath, "utf-8");
-  const { name, description, type, body } = parseFrontmatter2(content);
-  const referencedPaths = extractPaths(body);
-  return {
-    filePath,
-    projectDir,
-    name,
-    description,
-    type,
-    content: body,
-    referencedPaths
-  };
-}
-
-// src/core/session-scanner.ts
-var home = process.env.HOME || process.env.USERPROFILE || "";
-var AGENT_DIRS = [
-  { provider: "claude-code", dir: join4(home, ".claude"), historyFile: "history.jsonl" },
-  { provider: "codex-cli", dir: join4(home, ".codex"), historyFile: "history.jsonl" },
-  { provider: "vibe-cli", dir: join4(home, ".vibe") },
-  {
-    provider: "amazon-q",
-    dir: join4(home, ".aws", "amazonq")
-  },
-  {
-    provider: "goose",
-    dir: process.platform === "win32" ? join4(process.env.APPDATA || "", "Block", "goose") : join4(home, ".config", "goose")
-  },
-  { provider: "continue", dir: join4(home, ".continue") },
-  {
-    provider: "windsurf",
-    dir: join4(home, ".windsurf")
-  }
-];
-function detectProviders() {
-  return AGENT_DIRS.filter((a) => existsSync(a.dir)).map((a) => a.provider);
-}
-async function parseJsonlFiltered(filePath, filter) {
-  if (!existsSync(filePath)) return [];
-  const content = await readFile2(filePath, "utf-8");
-  const results = [];
-  for (const line of content.split("\n")) {
-    if (!line.trim()) continue;
-    try {
-      const parsed = JSON.parse(line);
-      const result = filter(parsed);
-      if (result) results.push(result);
-    } catch {
-    }
-  }
-  return results;
-}
-async function readClaudeHistory() {
-  const historyPath = join4(home, ".claude", "history.jsonl");
-  return parseJsonlFiltered(historyPath, (entry) => {
-    if (!entry.display || !entry.project) return null;
-    return {
-      display: entry.display,
-      timestamp: entry.timestamp || 0,
-      project: entry.project.replace(/\\/g, "/"),
-      sessionId: entry.sessionId || "",
-      provider: "claude-code"
-    };
-  });
-}
-async function readCodexHistory() {
-  const historyPath = join4(home, ".codex", "history.jsonl");
-  return parseJsonlFiltered(historyPath, (entry) => {
-    if (!entry.display && !entry.command) return null;
-    return {
-      display: entry.display || entry.command || "",
-      timestamp: entry.timestamp || 0,
-      project: (entry.project || entry.cwd || "").replace(/\\/g, "/"),
-      sessionId: entry.sessionId || "",
-      provider: "codex-cli"
-    };
-  });
-}
-async function readClaudeMemories() {
-  const projectsDir = join4(home, ".claude", "projects");
-  if (!existsSync(projectsDir)) return [];
-  const memories = [];
-  const projectDirs = await readdir(projectsDir).catch(() => []);
-  for (const projDir of projectDirs) {
-    const memoryDir = join4(projectsDir, projDir, "memory");
-    if (!existsSync(memoryDir)) continue;
-    const decodedPath = decodeProjectDir(projDir);
-    const files = await readdir(memoryDir).catch(() => []);
-    for (const file of files) {
-      if (!file.endsWith(".md") || file === "MEMORY.md") continue;
-      try {
-        const entry = await parseMemoryFile(join4(memoryDir, file), decodedPath);
-        memories.push(entry);
-      } catch {
-      }
-    }
-  }
-  return memories;
-}
-function detectAiderInSiblings(siblings) {
-  for (const sib of siblings) {
-    if (existsSync(join4(sib.path, ".aider.chat.history.md"))) {
-      return "aider";
-    }
-  }
-  return null;
-}
-async function detectSiblings(projectRoot) {
-  const parentDir = dirname2(resolve4(projectRoot));
-  const siblings = [];
-  let entries;
-  try {
-    entries = await readdir(parentDir);
-  } catch {
-    return [];
-  }
-  for (const entry of entries) {
-    const fullPath = join4(parentDir, entry);
-    const entryPath = resolve4(fullPath);
-    if (entryPath === resolve4(projectRoot)) continue;
-    try {
-      const s = await stat(fullPath);
-      if (!s.isDirectory()) continue;
-    } catch {
-      continue;
-    }
-    if (entry.startsWith(".") || entry === "node_modules") continue;
-    const isProject = existsSync(join4(fullPath, ".git")) || existsSync(join4(fullPath, "package.json")) || existsSync(join4(fullPath, "Cargo.toml")) || existsSync(join4(fullPath, "go.mod")) || existsSync(join4(fullPath, "pyproject.toml"));
-    if (!isProject) continue;
-    const sibling = {
-      path: entryPath.replace(/\\/g, "/"),
-      name: entry
-    };
-    try {
-      const git = simpleGit2(fullPath);
-      const remotes = await git.getRemotes(true);
-      const origin = remotes.find((r) => r.name === "origin");
-      if (origin?.refs?.fetch) {
-        sibling.gitRemoteUrl = origin.refs.fetch;
-        const orgMatch = origin.refs.fetch.match(/github\.com[:/]([^/]+)\//);
-        if (orgMatch) sibling.gitOrg = orgMatch[1];
-      }
-    } catch {
-    }
-    siblings.push(sibling);
-  }
-  if (siblings.length > 50) {
-    const currentGit = simpleGit2(projectRoot);
-    let currentOrg;
-    try {
-      const remotes = await currentGit.getRemotes(true);
-      const origin = remotes.find((r) => r.name === "origin");
-      const orgMatch = origin?.refs?.fetch?.match(/github\.com[:/]([^/]+)\//);
-      if (orgMatch) currentOrg = orgMatch[1];
-    } catch {
-    }
-    if (currentOrg) {
-      return siblings.filter((s) => s.gitOrg === currentOrg);
-    }
-  }
-  return siblings;
-}
-async function scanSessionData(projectRoot) {
-  const providers = detectProviders();
-  const historyPromises = [];
-  if (providers.includes("claude-code")) historyPromises.push(readClaudeHistory());
-  if (providers.includes("codex-cli")) historyPromises.push(readCodexHistory());
-  const [histories, memories, siblings] = await Promise.all([
-    Promise.all(historyPromises).then((arrays) => arrays.flat()),
-    providers.includes("claude-code") ? readClaudeMemories() : Promise.resolve([]),
-    detectSiblings(projectRoot)
-  ]);
-  const aider = detectAiderInSiblings(siblings);
-  if (aider && !providers.includes("aider")) {
-    providers.push("aider");
-  }
-  return {
-    history: histories,
-    memories,
-    siblings,
-    currentProject: resolve4(projectRoot).replace(/\\/g, "/"),
-    providers
-  };
-}
-
-// src/core/checks/session/missing-secret.ts
-import { resolve as resolve5 } from "path";
-var SECRET_SET_PATTERN = /gh\s+secret\s+set\s+(\S+)\s+(?:--repo\s+(\S+)|.*-b\s+)/;
-var SECRET_SET_SIMPLE = /gh\s+secret\s+set\s+(\S+)/;
-async function checkMissingSecret(ctx) {
-  const issues = [];
-  const secrets = [];
-  for (const entry of ctx.history) {
-    const match = entry.display.match(SECRET_SET_PATTERN) || entry.display.match(SECRET_SET_SIMPLE);
-    if (!match) continue;
-    secrets.push({
-      name: match[1],
-      repo: match[2],
-      project: entry.project
-    });
-  }
-  if (secrets.length === 0) return issues;
-  const byName = /* @__PURE__ */ new Map();
-  for (const s of secrets) {
-    if (!byName.has(s.name)) byName.set(s.name, /* @__PURE__ */ new Set());
-    byName.get(s.name).add(s.project);
-    if (s.repo) byName.get(s.name).add(s.repo);
-  }
-  const currentNorm = resolve5(ctx.currentProject).replace(/\\/g, "/");
-  for (const [secretName, projects] of byName) {
-    const currentHas = [...projects].some(
-      (p) => p.includes(currentNorm) || currentNorm.includes(p.replace(/\\/g, "/")) || p.includes(resolve5(ctx.currentProject).split(/[/\\]/).pop() || "")
-    );
-    if (currentHas) continue;
-    const siblingMatches = ctx.siblings.filter(
-      (sib) => [...projects].some(
-        (p) => p.replace(/\\/g, "/").includes(sib.name) || p.includes(sib.path)
-      )
-    );
-    if (siblingMatches.length >= 2) {
-      const sibNames = siblingMatches.map((s) => s.name).join(", ");
-      issues.push({
-        severity: "error",
-        check: "session-missing-secret",
-        ruleId: "session/missing-secret",
-        line: 0,
-        message: `GitHub secret "${secretName}" is set on ${siblingMatches.length} sibling repos (${sibNames}) but not on this project`,
-        suggestion: `Run: gh secret set ${secretName} --repo <owner>/<repo>`,
-        detail: `Found in agent history: ${siblingMatches.length} sibling repos have this secret configured`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/session/diverged-file.ts
-import { readFile as readFile3 } from "fs/promises";
-import { join as join5 } from "path";
-import { existsSync as existsSync2 } from "fs";
-var CANONICAL_FILES = [
-  "release.sh",
-  ".github/workflows/ci.yml",
-  ".github/workflows/release.yml",
-  "biome.json",
-  ".prettierrc",
-  ".eslintrc.json",
-  "tsconfig.json",
-  ".gitignore"
-];
-function calculateOverlap(a, b) {
-  const linesA = a.split("\n").map((l) => l.trim()).filter((l) => l.length > 3);
-  const linesB = new Set(
-    b.split("\n").map((l) => l.trim()).filter((l) => l.length > 3)
-  );
-  if (linesA.length === 0 && linesB.size === 0) return 1;
-  if (linesA.length === 0 || linesB.size === 0) return 0;
-  let matches = 0;
-  for (const line of linesA) {
-    if (linesB.has(line)) matches++;
-  }
-  return matches / Math.max(linesA.length, linesB.size);
-}
-async function checkDivergedFile(ctx) {
-  const issues = [];
-  for (const fileName of CANONICAL_FILES) {
-    const currentPath = join5(ctx.currentProject, fileName);
-    if (!existsSync2(currentPath)) continue;
-    let currentContent;
-    try {
-      currentContent = await readFile3(currentPath, "utf-8");
-    } catch {
-      continue;
-    }
-    const diverged = [];
-    for (const sib of ctx.siblings) {
-      const sibPath = join5(sib.path, fileName);
-      if (!existsSync2(sibPath)) continue;
-      try {
-        const sibContent = await readFile3(sibPath, "utf-8");
-        const overlap = calculateOverlap(currentContent, sibContent);
-        if (overlap >= 0.2 && overlap < 0.9) {
-          diverged.push({ sibling: sib.name, overlap: Math.round(overlap * 100) });
-        }
-      } catch {
-        continue;
-      }
-    }
-    if (diverged.length > 0) {
-      const details = diverged.map((d) => `${d.sibling} (${d.overlap}% overlap)`).join(", ");
-      issues.push({
-        severity: "warning",
-        check: "session-diverged-file",
-        ruleId: "session/diverged-file",
-        line: 0,
-        message: `${fileName} has diverged from sibling repos: ${details}`,
-        suggestion: `Compare with sibling versions to identify unintentional drift`,
-        detail: `Files with the same name across sibling repos should be kept in sync when they serve the same purpose`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/session/missing-workflow.ts
-import { readdir as readdir2 } from "fs/promises";
-import { join as join6 } from "path";
-import { existsSync as existsSync3 } from "fs";
-async function checkMissingWorkflow(ctx) {
-  const issues = [];
-  const currentWorkflowDir = join6(ctx.currentProject, ".github", "workflows");
-  if (!existsSync3(join6(ctx.currentProject, ".github"))) return issues;
-  const currentWorkflows = /* @__PURE__ */ new Set();
-  if (existsSync3(currentWorkflowDir)) {
-    try {
-      const files = await readdir2(currentWorkflowDir);
-      for (const f of files) {
-        if (f.endsWith(".yml") || f.endsWith(".yaml")) currentWorkflows.add(f);
-      }
-    } catch {
-    }
-  }
-  const workflowMap = /* @__PURE__ */ new Map();
-  for (const sib of ctx.siblings) {
-    const sibWorkflowDir = join6(sib.path, ".github", "workflows");
-    if (!existsSync3(sibWorkflowDir)) continue;
-    try {
-      const files = await readdir2(sibWorkflowDir);
-      for (const f of files) {
-        if (!(f.endsWith(".yml") || f.endsWith(".yaml"))) continue;
-        if (!workflowMap.has(f)) workflowMap.set(f, []);
-        workflowMap.get(f).push(sib.name);
-      }
-    } catch {
-      continue;
-    }
-  }
-  for (const [workflow, siblings] of workflowMap) {
-    if (currentWorkflows.has(workflow)) continue;
-    if (siblings.length < 2) continue;
-    const sibNames = siblings.join(", ");
-    issues.push({
-      severity: "warning",
-      check: "session-missing-workflow",
-      ruleId: "session/missing-workflow",
-      line: 0,
-      message: `GitHub Actions workflow "${workflow}" exists in ${siblings.length} sibling repos (${sibNames}) but not in this project`,
-      suggestion: `Consider adding .github/workflows/${workflow} for consistency`,
-      detail: `Sibling repos with this workflow: ${sibNames}`
-    });
-  }
-  return issues;
-}
-
-// src/core/checks/session/stale-memory.ts
-import { existsSync as existsSync4 } from "fs";
-import { resolve as resolve6, isAbsolute } from "path";
-async function checkStaleMemory(ctx) {
-  const issues = [];
-  const currentNorm = ctx.currentProject.replace(/\\/g, "/");
-  const projectMemories = ctx.memories.filter(
-    (m) => m.projectDir.replace(/\\/g, "/") === currentNorm
-  );
-  for (const mem of projectMemories) {
-    const brokenPaths = [];
-    for (const ref of mem.referencedPaths) {
-      const fullPath = isAbsolute(ref) ? ref : resolve6(ctx.currentProject, ref);
-      if (!existsSync4(fullPath)) {
-        brokenPaths.push(ref);
-      }
-    }
-    if (brokenPaths.length > 0) {
-      const name = mem.name || mem.filePath.split(/[/\\]/).pop() || "unknown";
-      issues.push({
-        severity: "info",
-        check: "session-stale-memory",
-        ruleId: "session/stale-memory",
-        line: 0,
-        message: `Memory "${name}" references ${brokenPaths.length} path(s) that no longer exist: ${brokenPaths.join(", ")}`,
-        suggestion: `Update or remove the memory file: ${mem.filePath}`,
-        detail: `Memory files with broken path references may cause the AI agent to follow stale instructions`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/core/checks/session/duplicate-memory.ts
-function calculateLineOverlap2(a, b) {
-  const linesA = a.split("\n").map((l) => l.trim()).filter((l) => l.length > 5);
-  const linesB = new Set(
-    b.split("\n").map((l) => l.trim()).filter((l) => l.length > 5)
-  );
-  if (linesA.length === 0 || linesB.size === 0) return 0;
-  let matches = 0;
-  for (const line of linesA) {
-    if (linesB.has(line)) matches++;
-  }
-  return matches / Math.max(linesA.length, linesB.size);
-}
-async function checkDuplicateMemory(ctx) {
-  const issues = [];
-  const reported = /* @__PURE__ */ new Set();
-  for (let i = 0; i < ctx.memories.length; i++) {
-    for (let j = i + 1; j < ctx.memories.length; j++) {
-      const a = ctx.memories[i];
-      const b = ctx.memories[j];
-      if (a.projectDir.replace(/\\/g, "/") === b.projectDir.replace(/\\/g, "/")) continue;
-      if (a.content.length < 50 || b.content.length < 50) continue;
-      const overlap = calculateLineOverlap2(a.content, b.content);
-      if (overlap < 0.6) continue;
-      const pairKey = [a.filePath, b.filePath].sort().join("::");
-      if (reported.has(pairKey)) continue;
-      reported.add(pairKey);
-      const nameA = a.name || a.filePath.split(/[/\\]/).pop() || "unknown";
-      const nameB = b.name || b.filePath.split(/[/\\]/).pop() || "unknown";
-      const projA = a.projectDir.split(/[/\\]/).pop() || a.projectDir;
-      const projB = b.projectDir.split(/[/\\]/).pop() || b.projectDir;
-      issues.push({
-        severity: "info",
-        check: "session-duplicate-memory",
-        ruleId: "session/duplicate-memory",
-        line: 0,
-        message: `Memory "${nameA}" (${projA}) and "${nameB}" (${projB}) have ${Math.round(overlap * 100)}% overlap`,
-        suggestion: `Consider consolidating into a shared memory or removing the duplicate`,
-        detail: `Near-duplicate memories across projects waste context and may drift out of sync`
-      });
-    }
-  }
-  return issues;
-}
-
-// src/version.ts
-function loadVersion() {
-  if (true) return "0.7.0";
-  const fs6 = __require("fs");
-  const path9 = __require("path");
-  const pkgPath = path9.resolve(__dirname, "../package.json");
-  const pkg = JSON.parse(fs6.readFileSync(pkgPath, "utf-8"));
-  return pkg.version;
-}
-var VERSION = loadVersion();
-
-// src/core/audit.ts
-var ALL_CHECKS = [
-  "paths",
-  "commands",
-  "staleness",
-  "tokens",
-  "redundancy",
-  "contradictions",
-  "frontmatter"
-];
-var ALL_MCP_CHECKS = [
-  "mcp-schema",
-  "mcp-security",
-  "mcp-commands",
-  "mcp-deprecated",
-  "mcp-env",
-  "mcp-urls",
-  "mcp-consistency",
-  "mcp-redundancy"
-];
-var ALL_SESSION_CHECKS = [
-  "session-missing-secret",
-  "session-diverged-file",
-  "session-missing-workflow",
-  "session-stale-memory",
-  "session-duplicate-memory"
-];
-function hasMcpChecks(checks) {
-  return checks.some((c) => c.startsWith("mcp-"));
-}
-function hasSessionChecks(checks) {
-  return checks.some((c) => c.startsWith("session-"));
-}
-async function runAudit(projectRoot, activeChecks, options = {}) {
-  const fileResults = [];
-  const shouldRunContextChecks = !options.mcpOnly && !options.sessionOnly;
-  const shouldRunMcpChecks = options.mcp || options.mcpGlobal || options.mcpOnly || hasMcpChecks(activeChecks);
-  const shouldRunSessionChecks = options.session || options.sessionOnly || hasSessionChecks(activeChecks);
-  if (shouldRunContextChecks) {
-    const discovered = await scanForContextFiles(projectRoot, {
-      depth: options.depth,
-      extraPatterns: options.extraPatterns
-    });
-    const parsed = discovered.map((f) => parseContextFile(f));
-    for (const file of parsed) {
-      const checkPromises = [];
-      if (activeChecks.includes("paths")) checkPromises.push(checkPaths(file, projectRoot));
-      if (activeChecks.includes("commands")) checkPromises.push(checkCommands(file, projectRoot));
-      if (activeChecks.includes("staleness")) checkPromises.push(checkStaleness(file, projectRoot));
-      if (activeChecks.includes("tokens")) checkPromises.push(checkTokens(file, projectRoot));
-      if (activeChecks.includes("redundancy"))
-        checkPromises.push(checkRedundancy(file, projectRoot));
-      if (activeChecks.includes("frontmatter"))
-        checkPromises.push(checkFrontmatter(file, projectRoot));
-      const results = await Promise.all(checkPromises);
-      const issues = results.flat();
-      fileResults.push({
-        path: file.relativePath,
-        isSymlink: file.isSymlink,
-        symlinkTarget: file.symlinkTarget,
-        tokens: file.totalTokens,
-        lines: file.totalLines,
-        issues
-      });
-    }
-    if (activeChecks.includes("tokens")) {
-      const aggIssue = checkAggregateTokens(
-        fileResults.map((f) => ({ path: f.path, tokens: f.tokens }))
-      );
-      if (aggIssue && fileResults.length > 0) fileResults[0].issues.push(aggIssue);
-    }
-    if (activeChecks.includes("redundancy")) {
-      const dupIssues = checkDuplicateContent(parsed);
-      if (dupIssues.length > 0 && fileResults.length > 0) fileResults[0].issues.push(...dupIssues);
-    }
-    if (activeChecks.includes("contradictions")) {
-      const contradictionIssues = checkContradictions(parsed);
-      if (contradictionIssues.length > 0 && fileResults.length > 0)
-        fileResults[0].issues.push(...contradictionIssues);
-    }
-  }
-  if (shouldRunMcpChecks) {
-    const mcpFiles = await scanForMcpConfigs(projectRoot);
-    const mcpConfigs = mcpFiles.map(
-      (f) => parseMcpConfig(f, projectRoot, "project")
-    );
-    if (options.mcpGlobal) {
-      const globalFiles = await scanGlobalMcpConfigs();
-      mcpConfigs.push(...globalFiles.map((f) => parseMcpConfig(f, projectRoot, "user")));
-    }
-    const activeMcpChecks = activeChecks.filter((c) => c.startsWith("mcp-"));
-    const mcpChecksToRun = activeMcpChecks.length > 0 ? activeMcpChecks : options.mcp || options.mcpGlobal || options.mcpOnly ? ALL_MCP_CHECKS : [];
-    for (const config of mcpConfigs) {
-      const checkPromises = [];
-      if (mcpChecksToRun.includes("mcp-schema"))
-        checkPromises.push(checkMcpSchema(config, projectRoot));
-      if (mcpChecksToRun.includes("mcp-security"))
-        checkPromises.push(checkMcpSecurity(config, projectRoot));
-      if (mcpChecksToRun.includes("mcp-commands"))
-        checkPromises.push(checkMcpCommands(config, projectRoot));
-      if (mcpChecksToRun.includes("mcp-deprecated"))
-        checkPromises.push(checkMcpDeprecated(config, projectRoot));
-      if (mcpChecksToRun.includes("mcp-env")) checkPromises.push(checkMcpEnv(config, projectRoot));
-      if (mcpChecksToRun.includes("mcp-urls"))
-        checkPromises.push(checkMcpUrls(config, projectRoot));
-      const results = await Promise.all(checkPromises);
-      const issues = results.flat();
-      const lines = config.content.split("\n").length;
-      fileResults.push({
-        path: config.relativePath,
-        isSymlink: false,
-        tokens: 0,
-        lines,
-        issues
-      });
-    }
-    if (mcpChecksToRun.includes("mcp-consistency")) {
-      const consistencyIssues = await checkMcpConsistency(mcpConfigs);
-      if (consistencyIssues.length > 0) {
-        const firstMcpResult = fileResults.find(
-          (f) => mcpConfigs.some((c) => c.relativePath === f.path)
-        );
-        if (firstMcpResult) {
-          firstMcpResult.issues.push(...consistencyIssues);
-        }
-      }
-    }
-    if (mcpChecksToRun.includes("mcp-redundancy")) {
-      const redundancyIssues = await checkMcpRedundancy(mcpConfigs);
-      if (redundancyIssues.length > 0) {
-        const firstMcpResult = fileResults.find(
-          (f) => mcpConfigs.some((c) => c.relativePath === f.path)
-        );
-        if (firstMcpResult) {
-          firstMcpResult.issues.push(...redundancyIssues);
-        }
-      }
-    }
-  }
-  if (shouldRunSessionChecks) {
-    const activeSessionChecks = activeChecks.filter(
-      (c) => c.startsWith("session-")
-    );
-    const sessionChecksToRun = activeSessionChecks.length > 0 ? activeSessionChecks : options.session || options.sessionOnly ? ALL_SESSION_CHECKS : [];
-    if (sessionChecksToRun.length > 0) {
-      const sessionCtx = await scanSessionData(projectRoot);
-      const sessionPromises = [];
-      if (sessionChecksToRun.includes("session-missing-secret"))
-        sessionPromises.push(checkMissingSecret(sessionCtx));
-      if (sessionChecksToRun.includes("session-diverged-file"))
-        sessionPromises.push(checkDivergedFile(sessionCtx));
-      if (sessionChecksToRun.includes("session-missing-workflow"))
-        sessionPromises.push(checkMissingWorkflow(sessionCtx));
-      if (sessionChecksToRun.includes("session-stale-memory"))
-        sessionPromises.push(checkStaleMemory(sessionCtx));
-      if (sessionChecksToRun.includes("session-duplicate-memory"))
-        sessionPromises.push(checkDuplicateMemory(sessionCtx));
-      const sessionResults = await Promise.all(sessionPromises);
-      const sessionIssues = sessionResults.flat();
-      if (sessionIssues.length > 0) {
-        fileResults.push({
-          path: "~/.claude/ (session audit)",
-          isSymlink: false,
-          tokens: 0,
-          lines: 0,
-          issues: sessionIssues
-        });
-      }
-    }
-  }
-  let estimatedWaste = 0;
-  for (const fr of fileResults) {
-    for (const issue of fr.issues) {
-      if (issue.check === "redundancy" && issue.suggestion) {
-        const tokenMatch = issue.suggestion.match(/~(\d+)\s+tokens/);
-        if (tokenMatch) estimatedWaste += parseInt(tokenMatch[1], 10);
-      }
-    }
-  }
-  return {
-    version: VERSION,
-    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    projectRoot,
-    files: fileResults,
-    summary: {
-      errors: fileResults.reduce(
-        (sum, f) => sum + f.issues.filter((i) => i.severity === "error").length,
-        0
-      ),
-      warnings: fileResults.reduce(
-        (sum, f) => sum + f.issues.filter((i) => i.severity === "warning").length,
-        0
-      ),
-      info: fileResults.reduce(
-        (sum, f) => sum + f.issues.filter((i) => i.severity === "info").length,
-        0
-      ),
-      totalTokens: fileResults.reduce((sum, f) => sum + f.tokens, 0),
-      estimatedWaste
-    }
-  };
-}
-
-// src/core/fixer.ts
-import * as fs5 from "fs";
-import chalk from "chalk";
-function applyFixes(result) {
-  const fixesByFile = /* @__PURE__ */ new Map();
-  for (const file of result.files) {
-    for (const issue of file.issues) {
-      if (issue.fix) {
-        const existing = fixesByFile.get(issue.fix.file) || [];
-        existing.push(issue.fix);
-        fixesByFile.set(issue.fix.file, existing);
-      }
-    }
-  }
-  let totalFixes = 0;
-  const filesModified = [];
-  for (const [filePath, fixes] of fixesByFile) {
-    const content = fs5.readFileSync(filePath, "utf-8");
-    const lines = content.split("\n");
-    let modified = false;
-    const sortedFixes = [...fixes].sort((a, b) => b.line - a.line);
-    for (const fix of sortedFixes) {
-      const lineIdx = fix.line - 1;
-      if (lineIdx < 0 || lineIdx >= lines.length) continue;
-      const line = lines[lineIdx];
-      if (line.includes(fix.oldText)) {
-        lines[lineIdx] = line.replace(fix.oldText, fix.newText);
-        modified = true;
-        totalFixes++;
-        console.log(
-          chalk.green("  Fixed") + ` Line ${fix.line}: ${chalk.dim(fix.oldText)} ${chalk.dim("\u2192")} ${fix.newText}`
-        );
-      }
-    }
-    if (modified) {
-      const newContent = lines.join("\n");
-      if (filePath.endsWith(".json")) {
-        try {
-          JSON.parse(newContent);
-        } catch {
-          console.log(chalk.yellow("  Skipped") + ` ${filePath}: fix would produce invalid JSON`);
-          continue;
-        }
-      }
-      fs5.writeFileSync(filePath, newContent, "utf-8");
-      filesModified.push(filePath);
-    }
-  }
-  return { totalFixes, filesModified };
-}
-
-// src/mcp/server.ts
-import * as path8 from "path";
-var checkEnum = z.enum([
-  "paths",
-  "commands",
-  "staleness",
-  "tokens",
-  "redundancy",
-  "contradictions",
-  "frontmatter",
-  "mcp-schema",
-  "mcp-security",
-  "mcp-commands",
-  "mcp-deprecated",
-  "mcp-env",
-  "mcp-urls",
-  "mcp-consistency",
-  "mcp-redundancy",
-  "session-missing-secret",
-  "session-diverged-file",
-  "session-missing-workflow",
-  "session-stale-memory",
-  "session-duplicate-memory"
-]);
-var server = new McpServer({
-  name: "ctxlint",
-  version: VERSION
-});
-server.tool(
-  "ctxlint_audit",
-  "Audit all AI agent context files (CLAUDE.md, AGENTS.md, etc.) and optionally MCP server configs in the project. Checks for stale references, invalid commands, redundant content, contradictions, frontmatter issues, token waste, and MCP config errors.",
-  {
-    projectPath: z.string().optional().describe("Path to the project root. Defaults to current working directory."),
-    checks: z.array(checkEnum).optional().describe("Which checks to run. Defaults to all.")
-  },
-  {
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: false
-  },
-  async ({ projectPath, checks }) => {
-    const root = path8.resolve(projectPath || process.cwd());
-    const activeChecks = checks || ALL_CHECKS;
-    try {
-      const result = await runAudit(root, activeChecks);
-      return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      freeEncoder();
-      resetGit();
-    }
-  }
-);
-server.tool(
-  "ctxlint_validate_path",
-  "Check if a file path referenced in a context file actually exists in the project. Returns the file status and suggests corrections if the path is invalid.",
-  {
-    path: z.string().describe("The file path to validate"),
-    projectPath: z.string().optional().describe("Project root. Defaults to cwd.")
-  },
-  {
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: false
-  },
-  async ({ path: filePath, projectPath }) => {
-    try {
-      const root = path8.resolve(projectPath || process.cwd());
-      const resolved = path8.resolve(root, filePath);
-      const result = {
-        path: filePath,
-        exists: fileExists(resolved) || isDirectory(resolved)
-      };
-      if (!result.exists) {
-        const rename = await findRenames(root, filePath);
-        if (rename) {
-          result.renamed = true;
-          result.newPath = rename.newPath;
-          result.renameCommit = rename.commitHash;
-          result.daysAgo = rename.daysAgo;
-        }
-      }
-      return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      resetGit();
-    }
-  }
-);
-server.tool(
-  "ctxlint_token_report",
-  "Get a token count breakdown for all context files in the project. Shows per-file and aggregate token usage, plus estimated waste from redundant content.",
-  {
-    projectPath: z.string().optional().describe("Project root. Defaults to cwd.")
-  },
-  {
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: false
-  },
-  async ({ projectPath }) => {
-    const root = path8.resolve(projectPath || process.cwd());
-    try {
-      const discovered = await scanForContextFiles(root);
-      const parsed = discovered.map((f) => parseContextFile(f));
-      const files = parsed.map((f) => ({
-        path: f.relativePath,
-        tokens: f.totalTokens,
-        lines: f.totalLines,
-        isSymlink: f.isSymlink
-      }));
-      const totalTokens = files.reduce((sum, f) => sum + f.tokens, 0);
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(
-              { files, totalTokens, note: "Token counts use GPT-4 cl100k_base tokenizer" },
-              null,
-              2
-            )
-          }
-        ]
-      };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      freeEncoder();
-    }
-  }
-);
-server.tool(
-  "ctxlint_fix",
-  "Run the linter with --fix mode to auto-correct broken file paths in context files using git history and fuzzy matching. Returns a summary of what was fixed.",
-  {
-    projectPath: z.string().optional().describe("Path to the project root. Defaults to current working directory."),
-    checks: z.array(checkEnum).optional().describe("Which checks to run before fixing. Defaults to all.")
-  },
-  {
-    readOnlyHint: false,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: false
-  },
-  async ({ projectPath, checks }) => {
-    const root = path8.resolve(projectPath || process.cwd());
-    const activeChecks = checks || ALL_CHECKS;
-    try {
-      const result = await runAudit(root, activeChecks);
-      const fixSummary = applyFixes(result);
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify(
-              {
-                totalFixes: fixSummary.totalFixes,
-                filesModified: fixSummary.filesModified,
-                remainingIssues: result.summary
-              },
-              null,
-              2
-            )
-          }
-        ]
-      };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      freeEncoder();
-      resetGit();
-    }
-  }
-);
-server.tool(
-  "ctxlint_mcp_audit",
-  "Lint MCP server configuration files in a project. Checks for schema errors, hardcoded secrets, deprecated transports, wrong env var syntax, URL issues, and cross-client inconsistencies.",
-  {
-    projectPath: z.string().optional().describe("Path to the project root. Defaults to current working directory."),
-    checks: z.array(checkEnum).optional().describe("Specific MCP checks to run (default: all mcp-* checks)."),
-    includeGlobal: z.boolean().optional().describe("Also scan global/user-level MCP configs.")
-  },
-  {
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: false
-  },
-  async ({ projectPath, checks, includeGlobal }) => {
-    const root = path8.resolve(projectPath || process.cwd());
-    const activeChecks = checks || ALL_MCP_CHECKS;
-    try {
-      const result = await runAudit(root, activeChecks, {
-        mcp: true,
-        mcpOnly: true,
-        mcpGlobal: includeGlobal || false
-      });
-      return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      freeEncoder();
-      resetGit();
-    }
-  }
-);
-server.tool(
-  "ctxlint_session_audit",
-  "Audit AI agent session data for cross-project consistency. Checks for missing GitHub secrets, diverged config files, missing workflows, stale memory entries, and duplicate memories across sibling repositories.",
-  {
-    projectPath: z.string().optional().describe("Path to the project root. Defaults to current working directory."),
-    checks: z.array(checkEnum).optional().describe("Specific session checks to run (default: all session-* checks).")
-  },
-  {
-    readOnlyHint: true,
-    destructiveHint: false,
-    idempotentHint: true,
-    openWorldHint: true
-  },
-  async ({ projectPath, checks }) => {
-    const root = path8.resolve(projectPath || process.cwd());
-    const activeChecks = checks || ALL_SESSION_CHECKS;
-    try {
-      const result = await runAudit(root, activeChecks, {
-        session: true,
-        sessionOnly: true
-      });
-      return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      return {
-        content: [{ type: "text", text: JSON.stringify({ error: msg }) }],
-        isError: true
-      };
-    } finally {
-      freeEncoder();
-      resetGit();
-    }
-  }
-);
-var transport = new StdioServerTransport();
-await server.connect(transport);