aislop 0.1.0

package/dist/cli.js

@@ -0,0 +1,4349 @@
+#!/usr/bin/env node
+import { createRequire } from "node:module";
+import { Command } from "commander";
+import path from "node:path";
+import { performance } from "node:perf_hooks";
+import fs from "node:fs";
+import YAML from "yaml";
+import { z } from "zod/v4";
+import { spawn, spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
+import os from "node:os";
+import pc from "picocolors";
+import ora from "ora";
+import { emitKeypressEvents } from "node:readline";
+
+//#region src/config/defaults.ts
+const DEFAULT_CONFIG = {
+	version: 1,
+	engines: {
+		format: true,
+		lint: true,
+		"code-quality": true,
+		"ai-slop": true,
+		architecture: false,
+		security: true
+	},
+	quality: {
+		maxFunctionLoc: 80,
+		maxFileLoc: 400,
+		maxNesting: 5,
+		maxParams: 6
+	},
+	security: {
+		audit: true,
+		auditTimeout: 25e3
+	},
+	scoring: {
+		weights: {
+			format: .5,
+			lint: 1,
+			"code-quality": 1.5,
+			"ai-slop": 1,
+			architecture: 1,
+			security: 2
+		},
+		thresholds: {
+			good: 75,
+			ok: 50
+		}
+	},
+	ci: {
+		failBelow: 0,
+		format: "json"
+	}
+};
+const DEFAULT_CONFIG_YAML = `version: 1
+
+engines:
+  format: true
+  lint: true
+  code-quality: true
+  ai-slop: true
+  architecture: false
+  security: true
+
+quality:
+  maxFunctionLoc: 80
+  maxFileLoc: 400
+  maxNesting: 5
+  maxParams: 6
+
+security:
+  audit: true
+  auditTimeout: 25000
+
+scoring:
+  weights:
+    format: 0.5
+    lint: 1.0
+    code-quality: 1.5
+    ai-slop: 1.0
+    architecture: 1.0
+    security: 2.0
+  thresholds:
+    good: 75
+    ok: 50
+
+ci:
+  failBelow: 0
+  format: json
+`;
+const DEFAULT_RULES_YAML = `# Architecture rules (BYO)
+# Uncomment and customize to enforce your project's conventions.
+#
+# rules:
+#   - name: no-axios
+#     type: forbid_import
+#     match: "axios"
+#     severity: error
+#
+#   - name: controller-no-db
+#     type: forbid_import_from_path
+#     from: "src/controllers/**"
+#     forbid: "src/db/**"
+#     severity: error
+`;
+
+//#endregion
+//#region src/config/schema.ts
+const DEFAULT_WEIGHTS = {
+	format: .5,
+	lint: 1,
+	"code-quality": 1.5,
+	"ai-slop": 1,
+	architecture: 1,
+	security: 2
+};
+const EnginesSchema = z.object({
+	format: z.boolean().default(true),
+	lint: z.boolean().default(true),
+	"code-quality": z.boolean().default(true),
+	"ai-slop": z.boolean().default(true),
+	architecture: z.boolean().default(false),
+	security: z.boolean().default(true)
+});
+const QualitySchema = z.object({
+	maxFunctionLoc: z.number().positive().default(80),
+	maxFileLoc: z.number().positive().default(400),
+	maxNesting: z.number().positive().default(5),
+	maxParams: z.number().positive().default(6)
+});
+const SecurityConfigSchema = z.object({
+	audit: z.boolean().default(true),
+	auditTimeout: z.number().positive().default(25e3)
+});
+const ThresholdsSchema = z.object({
+	good: z.number().default(75),
+	ok: z.number().default(50)
+});
+const ScoringSchema = z.object({
+	weights: z.record(z.string(), z.number()).default(DEFAULT_WEIGHTS),
+	thresholds: ThresholdsSchema.default(() => ({
+		good: 75,
+		ok: 50
+	}))
+});
+const CiSchema = z.object({
+	failBelow: z.number().default(0),
+	format: z.enum(["json"]).default("json")
+});
+const AislopConfigSchema = z.object({
+	version: z.number().default(1),
+	engines: EnginesSchema.default(() => ({
+		format: true,
+		lint: true,
+		"code-quality": true,
+		"ai-slop": true,
+		architecture: false,
+		security: true
+	})),
+	quality: QualitySchema.default(() => ({
+		maxFunctionLoc: 80,
+		maxFileLoc: 400,
+		maxNesting: 5,
+		maxParams: 6
+	})),
+	security: SecurityConfigSchema.default(() => ({
+		audit: true,
+		auditTimeout: 25e3
+	})),
+	scoring: ScoringSchema.default(() => ({
+		weights: { ...DEFAULT_WEIGHTS },
+		thresholds: {
+			good: 75,
+			ok: 50
+		}
+	})),
+	ci: CiSchema.default(() => ({
+		failBelow: 0,
+		format: "json"
+	}))
+});
+const defaults = AislopConfigSchema.parse({});
+/**
+* Pre-merge scoring weights so partial overrides extend the defaults
+* rather than replacing them entirely (z.record replaces by default).
+*/
+const preMergeWeights = (raw) => {
+	const scoring = raw.scoring;
+	if (!scoring) return;
+	const userWeights = scoring.weights;
+	if (!userWeights || typeof userWeights !== "object") return;
+	scoring.weights = {
+		...DEFAULT_WEIGHTS,
+		...userWeights
+	};
+};
+const parseConfig = (raw) => {
+	if (!raw || typeof raw !== "object") return defaults;
+	try {
+		const input = raw;
+		preMergeWeights(input);
+		return AislopConfigSchema.parse(input);
+	} catch {
+		return defaults;
+	}
+};
+
+//#endregion
+//#region src/config/index.ts
+const CONFIG_DIR = ".aislop";
+const CONFIG_FILE = "config.yml";
+const RULES_FILE = "rules.yml";
+const findConfigDir = (startDir) => {
+	let current = path.resolve(startDir);
+	while (true) {
+		const candidate = path.join(current, CONFIG_DIR);
+		if (fs.existsSync(candidate) && fs.statSync(candidate).isDirectory()) return candidate;
+		const parent = path.dirname(current);
+		if (parent === current) break;
+		current = parent;
+	}
+	return null;
+};
+const loadConfig = (directory) => {
+	const configDir = findConfigDir(directory);
+	if (!configDir) return DEFAULT_CONFIG;
+	const configPath = path.join(configDir, CONFIG_FILE);
+	if (!fs.existsSync(configPath)) return DEFAULT_CONFIG;
+	try {
+		const raw = fs.readFileSync(configPath, "utf-8");
+		return parseConfig(YAML.parse(raw));
+	} catch {
+		return DEFAULT_CONFIG;
+	}
+};
+
+//#endregion
+//#region src/utils/source-files.ts
+const MAX_BUFFER$1 = 50 * 1024 * 1024;
+const SOURCE_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const EXCLUDED_DIRS = [
+	"node_modules",
+	"dist",
+	"build",
+	".git",
+	"vendor",
+	"tests",
+	"test",
+	"__tests__",
+	"__test__",
+	"spec",
+	"__mocks__",
+	"fixtures",
+	"test_data",
+	".next",
+	".nuxt",
+	"coverage",
+	".turbo"
+];
+const FIND_PRUNE_DIRS = [
+	"node_modules",
+	"dist",
+	"build",
+	".git",
+	"vendor",
+	".next",
+	".nuxt",
+	"coverage",
+	".turbo"
+];
+const TEST_FILE_PATTERNS = [
+	/(?:^|\/).*\.test\.[^/]+$/i,
+	/(?:^|\/).*\.spec\.[^/]+$/i,
+	/(?:^|\/)test_[^/]+\.(?:py|rb|php|js|jsx|ts|tsx|java)$/i,
+	/(?:^|\/)[^/]+_test\.(?:py|go|rb|php|js|jsx|ts|tsx|java)$/i
+];
+const AUTO_GENERATED_PATTERNS = [
+	/auto-generated/i,
+	/@generated/i,
+	/DO NOT (?:EDIT|MODIFY)/i,
+	/this file (?:is|was) (?:auto-?)?generated/i,
+	/automatically generated/i,
+	/generated by/i
+];
+const toProjectPath = (rootDirectory, filePath) => {
+	const absolutePath = path.isAbsolute(filePath) ? filePath : path.resolve(rootDirectory, filePath);
+	return path.relative(rootDirectory, absolutePath).split(path.sep).join("/");
+};
+const isWithinProject = (relativePath) => relativePath.length > 0 && !relativePath.startsWith("..");
+const hasAllowedExtension = (filePath, extraExtensions) => {
+	const extension = path.extname(filePath);
+	return SOURCE_EXTENSIONS.has(extension) || extraExtensions.has(extension);
+};
+const isExcludedPath = (filePath) => EXCLUDED_DIRS.some((dir) => filePath === dir || filePath.startsWith(`${dir}/`) || filePath.includes(`/${dir}/`));
+const isTestFile = (filePath) => TEST_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
+const getIgnoredPaths = (rootDirectory, files) => {
+	if (files.length === 0) return /* @__PURE__ */ new Set();
+	const result = spawnSync("git", [
+		"check-ignore",
+		"--no-index",
+		"--stdin"
+	], {
+		cwd: rootDirectory,
+		encoding: "utf-8",
+		input: files.join("\n"),
+		maxBuffer: MAX_BUFFER$1
+	});
+	if (result.error || result.status !== 0 && result.status !== 1) return /* @__PURE__ */ new Set();
+	return new Set(result.stdout.split("\n").map((file) => file.trim()).filter((file) => file.length > 0));
+};
+const listProjectFiles = (rootDirectory) => {
+	const result = spawnSync("git", [
+		"ls-files",
+		"--cached",
+		"--others",
+		"--exclude-standard"
+	], {
+		cwd: rootDirectory,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER$1
+	});
+	if (!result.error && result.status === 0) return result.stdout.split("\n").filter((file) => file.length > 0);
+	const findResult = spawnSync("find", [
+		".",
+		"(",
+		...FIND_PRUNE_DIRS.flatMap((dir, index) => index === 0 ? ["-name", dir] : [
+			"-o",
+			"-name",
+			dir
+		]),
+		")",
+		"-prune",
+		"-o",
+		"-type",
+		"f",
+		"-print"
+	], {
+		cwd: rootDirectory,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER$1
+	});
+	if (findResult.error || findResult.status !== 0) return [];
+	return findResult.stdout.split("\n").filter((file) => file.length > 0).map((file) => file.replace(/^\.\//, ""));
+};
+const filterProjectFiles = (rootDirectory, files, extraExtensions = []) => {
+	const extraSet = new Set(extraExtensions);
+	const normalizedFiles = files.map((file) => {
+		const absolutePath = path.isAbsolute(file) ? file : path.resolve(rootDirectory, file);
+		return {
+			absolutePath,
+			relativePath: toProjectPath(rootDirectory, absolutePath)
+		};
+	}).filter(({ relativePath }) => isWithinProject(relativePath));
+	const ignoredPaths = getIgnoredPaths(rootDirectory, normalizedFiles.map(({ relativePath }) => relativePath));
+	return normalizedFiles.filter(({ relativePath }) => hasAllowedExtension(relativePath, extraSet) && !isExcludedPath(relativePath) && !isTestFile(relativePath) && !ignoredPaths.has(relativePath)).map(({ absolutePath }) => absolutePath);
+};
+const filterExplicitFiles = (rootDirectory, files, extraExtensions = []) => {
+	const extraSet = new Set(extraExtensions);
+	return files.map((file) => {
+		const absolutePath = path.isAbsolute(file) ? file : path.resolve(rootDirectory, file);
+		return {
+			absolutePath,
+			relativePath: toProjectPath(rootDirectory, absolutePath)
+		};
+	}).filter(({ relativePath }) => isWithinProject(relativePath) && hasAllowedExtension(relativePath, extraSet)).map(({ absolutePath }) => absolutePath);
+};
+const isAutoGenerated = (filePath) => {
+	try {
+		const fd = fs.openSync(filePath, "r");
+		const buf = Buffer.alloc(512);
+		const bytesRead = fs.readSync(fd, buf, 0, 512, 0);
+		fs.closeSync(fd);
+		const header = buf.toString("utf-8", 0, bytesRead);
+		return AUTO_GENERATED_PATTERNS.some((pattern) => pattern.test(header));
+	} catch {
+		return false;
+	}
+};
+const getSourceFilesForRoot = (rootDirectory) => filterProjectFiles(rootDirectory, listProjectFiles(rootDirectory));
+const getSourceFiles = (context) => {
+	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files);
+	return getSourceFilesForRoot(context.rootDirectory);
+};
+const getSourceFilesWithExtras = (context, extraExtensions) => {
+	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files, extraExtensions);
+	return filterProjectFiles(context.rootDirectory, listProjectFiles(context.rootDirectory), extraExtensions);
+};
+
+//#endregion
+//#region src/engines/ai-slop/abstractions.ts
+const THIN_WRAPPER_PATTERNS = [
+	/(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
+	/(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
+	/def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm
+];
+const AI_NAMING_PATTERNS = [/(?:helper|util|handler|process|do|handle|execute|perform)_?\d+/i, /(?:data|temp|result|value|item|obj|arr|str|num|val)\d+/];
+const FRAMEWORK_METHOD_NAMES = /^(?:setUp|tearDown|setUpClass|tearDownClass|setUpModule|tearDownModule)$/;
+const DUNDER_PATTERN = /^__\w+__$/;
+const hasHardcodedArgs = (matchText) => {
+	const innerCallMatch = matchText.match(/=>\s*\w+\(([^)]*)\)\s*;?\s*$/);
+	if (!innerCallMatch) {
+		const returnCallMatch = matchText.match(/return\s+\w+\(([^)]*)\)\s*;?\s*\}/);
+		if (!returnCallMatch) return false;
+		return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(returnCallMatch[1]);
+	}
+	return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(innerCallMatch[1]);
+};
+const isUseContextWrapper = (matchText) => /\buse\w+/.test(matchText) && /useContext\s*\(/.test(matchText);
+const detectThinWrappers = (content, relativePath) => {
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (const pattern of THIN_WRAPPER_PATTERNS) {
+		const regex = new RegExp(pattern.source, pattern.flags);
+		let match;
+		while ((match = regex.exec(content)) !== null) {
+			const funcName = match[1];
+			const matchText = match[0];
+			const lineNumber = content.slice(0, match.index).split("\n").length;
+			if (DUNDER_PATTERN.test(funcName)) continue;
+			if (FRAMEWORK_METHOD_NAMES.test(funcName)) continue;
+			if (lineNumber >= 2) {
+				const prevLine = lines[lineNumber - 2]?.trim();
+				if (prevLine && prevLine.startsWith("@")) continue;
+			}
+			if (hasHardcodedArgs(matchText)) continue;
+			if (isUseContextWrapper(matchText)) continue;
+			diagnostics.push({
+				filePath: relativePath,
+				engine: "ai-slop",
+				rule: "ai-slop/thin-wrapper",
+				severity: "warning",
+				message: `Function '${funcName}' is a thin wrapper that only calls another function`,
+				help: "Consider calling the inner function directly instead of wrapping it",
+				line: lineNumber,
+				column: 0,
+				category: "AI Slop",
+				fixable: false
+			});
+		}
+	}
+	return diagnostics;
+};
+const detectAiNaming = (content, relativePath) => {
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		const declMatch = lines[i].match(/(?:const|let|var|function|def|func|fn)\s+(\w+)/);
+		if (!declMatch) continue;
+		const name = declMatch[1];
+		if (!AI_NAMING_PATTERNS.some((pattern) => pattern.test(name))) continue;
+		diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/generic-naming",
+			severity: "info",
+			message: `'${name}' uses generic AI-style naming`,
+			help: "Use descriptive names that explain what the code does",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const detectOverAbstraction = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		diagnostics.push(...detectThinWrappers(content, relativePath));
+		diagnostics.push(...detectAiNaming(content, relativePath));
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/ai-slop/comments.ts
+const TRIVIAL_JS_COMMENT_PATTERNS = [
+	/\/\/\s*This (?:function|method|class|variable|constant) (?:will |is used to |is responsible for )?/i,
+	/\/\/\s*Import(?:ing|s)?\s+/i,
+	/\/\/\s*Defin(?:e|ing)\s+(?:the\s+)?/i,
+	/\/\/\s*Initializ(?:e|ing)\s+(?:the\s+)?/i,
+	/\/\/\s*Set(?:ting)?\s+\w+\s+to\s+/i,
+	/\/\/\s*Return(?:ing|s)?\s+(?:the\s+)?/i,
+	/\/\/\s*Check(?:ing)?\s+(?:if|whether)\s+/i,
+	/\/\/\s*(?:Loop(?:ing)?\s+through|Iterat(?:e|ing)\s+over)\s+/i,
+	/\/\/\s*Creat(?:e|ing)\s+(?:a\s+(?:new\s+)?)?/i,
+	/\/\/\s*Updat(?:e|ing)\s+(?:the\s+)?/i,
+	/\/\/\s*(?:Delet|Remov)(?:e|ing)\s+(?:the\s+)?/i,
+	/\/\/\s*Handl(?:e|ing)\s+(?:the\s+)?/i,
+	/\/\/\s*(?:Get(?:ting)?|Fetch(?:ing)?)\s+(?:the\s+)?/i,
+	/\/\/\s*(?:Increment|Decrement)(?:ing)?\s+/i
+];
+const TRIVIAL_PYTHON_COMMENT_PATTERNS = [/^#\s*This (?:function|method|class) (?:will |is used to )?/i, /^#\s*(?:Import|Define|Initialize|Return|Check|Create|Update|Delete|Handle|Get|Fetch)/i];
+const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?)\b/i;
+const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
+const MAX_TRIVIAL_COMMENT_LENGTH = 60;
+const isJsComment = (trimmed) => trimmed.startsWith("//");
+const isPythonComment = (trimmed) => trimmed.startsWith("#") && !trimmed.startsWith("#!");
+/**
+* Extract just the comment text after the comment marker.
+*/
+const getCommentBody = (trimmed) => {
+	if (trimmed.startsWith("//")) return trimmed.slice(2).trim();
+	if (trimmed.startsWith("#")) return trimmed.slice(1).trim();
+	return trimmed;
+};
+const isTrivialComment = (trimmed, nextLine) => {
+	const isJs = isJsComment(trimmed);
+	const isPy = isPythonComment(trimmed);
+	if (!isJs && !isPy) return false;
+	const commentBody = getCommentBody(trimmed);
+	if (commentBody.length > MAX_TRIVIAL_COMMENT_LENGTH) return false;
+	if (EXPLANATORY_KEYWORDS.test(commentBody)) return false;
+	if (commentBody.includes("(") && commentBody.includes(")")) return false;
+	if (COMMENTED_CODE_CHARS.test(commentBody)) return false;
+	if (nextLine !== void 0 && nextLine.trim() === "") return false;
+	if (/[─━═╌╍┄┅│┃]/.test(commentBody)) return false;
+	if (/^-{3,}|─{3,}/.test(commentBody)) return false;
+	return (isJs ? TRIVIAL_JS_COMMENT_PATTERNS : TRIVIAL_PYTHON_COMMENT_PATTERNS).some((pattern) => pattern.test(trimmed));
+};
+const scanFileForTrivialComments = (content, relativePath) => {
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		if (!isTrivialComment(lines[i].trim(), i + 1 < lines.length ? lines[i + 1] : void 0)) continue;
+		diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/trivial-comment",
+			severity: "warning",
+			message: "Trivial comment that restates the code",
+			help: "Remove comments that don't add information beyond what the code already expresses",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: true
+		});
+	}
+	return diagnostics;
+};
+const detectTrivialComments = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		diagnostics.push(...scanFileForTrivialComments(content, relativePath));
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/ai-slop/dead-patterns.ts
+const JS_EXTENSIONS$1 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const CONSOLE_LOG_PATTERN = /\bconsole\.(?:log|debug|info|trace|dir|table)\s*\(/;
+const LOGGER_FILE_PATTERN = /(?:^|\/)(?:logger|logging|log)\.[^/]+$/i;
+const SCRIPT_DIR_PATTERN = /(?:^|\/)(scripts|bin)\//;
+const detectConsoleLeftovers = (content, relativePath, ext) => {
+	if (!JS_EXTENSIONS$1.has(ext)) return [];
+	if (LOGGER_FILE_PATTERN.test(relativePath)) return [];
+	if (SCRIPT_DIR_PATTERN.test(relativePath)) return [];
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+		if (CONSOLE_LOG_PATTERN.test(trimmed)) {
+			if (/console\.(?:error|warn)\s*\(/.test(trimmed)) continue;
+			if (/console\.log\(\s*JSON\.stringify\b/.test(trimmed)) continue;
+			diagnostics.push({
+				filePath: relativePath,
+				engine: "ai-slop",
+				rule: "ai-slop/console-leftover",
+				severity: "warning",
+				message: "console.log/debug/info statement left in production code",
+				help: "Remove debugging console statements or replace with a proper logger",
+				line: i + 1,
+				column: 0,
+				category: "AI Slop",
+				fixable: true
+			});
+		}
+	}
+	return diagnostics;
+};
+const TODO_PATTERN = new RegExp(`\\b(?:${[
+	"TODO",
+	"FIXME",
+	"HACK",
+	"XXX"
+].join("|")}|TEMP|PLACEHOLDER|STUB)\\b[:\\s]`, "i");
+const detectTodoStubs = (content, relativePath) => {
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		if (!trimmed.startsWith("//") && !trimmed.startsWith("#") && !trimmed.startsWith("*") && !trimmed.startsWith("/*")) continue;
+		if (TODO_PATTERN.test(trimmed)) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/todo-stub",
+			severity: "info",
+			message: "Unresolved TODO/FIXME/HACK comment indicates incomplete code",
+			help: "Resolve the TODO or create a tracked issue for it",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const detectDeadCodePatterns = (content, relativePath, ext) => {
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		const nextLine = i + 1 < lines.length ? lines[i + 1]?.trim() : void 0;
+		if (JS_EXTENSIONS$1.has(ext) && /^(?:return|throw)\b/.test(trimmed) && trimmed.endsWith(";") && nextLine && nextLine.length > 0 && !nextLine.startsWith("}") && !nextLine.startsWith("//") && !nextLine.startsWith("/*") && !nextLine.startsWith("case ") && !nextLine.startsWith("default:") && !nextLine.startsWith("if ") && !nextLine.startsWith("if(") && !nextLine.startsWith("else")) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/unreachable-code",
+			severity: "warning",
+			message: "Code after return/throw statement is unreachable",
+			help: "Remove the unreachable code or restructure the control flow",
+			line: i + 2,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+		if (/\bif\s*\(\s*(?:false|true|0|1)\s*\)/.test(trimmed) && !trimmed.startsWith("//") && !trimmed.startsWith("*") && !/["'`].*\bif\s*\(/.test(trimmed) && !/\/.*\bif\s*\(/.test(trimmed.replace(/\/\/.*$/, ""))) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/constant-condition",
+			severity: "warning",
+			message: "Conditional with a constant value — likely debugging leftover",
+			help: "Remove the constant condition or replace with proper logic",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+		if (JS_EXTENSIONS$1.has(ext) && /(?:function\s+\w+|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/empty-function",
+			severity: "info",
+			message: "Empty function body — possible stub or unfinished implementation",
+			help: "Implement the function body or add a comment explaining why it's empty",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const asAnyPattern = new RegExp(`\\bas\\s+any\\b`);
+const doubleAssertPattern = new RegExp(`\\bas\\s+unknown\\s+as\\s+`);
+const detectUnsafeTypePatterns = (content, relativePath, ext) => {
+	if (ext !== ".ts" && ext !== ".tsx") return [];
+	const diagnostics = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		if (/\/\/\s*@ts-(?:ignore|expect-error)/.test(trimmed) || /\/\*\s*@ts-(?:ignore|expect-error)/.test(trimmed)) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/ts-directive",
+			severity: "info",
+			message: "@ts-ignore/@ts-expect-error suppresses type checking — review if still needed",
+			help: "Fix the underlying type issue instead of suppressing the error",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+		if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
+		if (/\bRegExp\b|new\s+RegExp|\/.*\\b/.test(trimmed)) continue;
+		if (/["'`].*\\b.*["'`]/.test(trimmed)) continue;
+		if (asAnyPattern.test(trimmed)) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/unsafe-type-assertion",
+			severity: "warning",
+			message: `'as any' bypasses type safety`,
+			help: "Use a proper type or a more specific assertion",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+		if (doubleAssertPattern.test(trimmed)) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/double-type-assertion",
+			severity: "warning",
+			message: `Double type assertion (as unknown as X) bypasses type checking`,
+			help: "Refactor to avoid needing a double assertion — it usually indicates a design issue",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const detectDeadPatterns = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const ext = path.extname(filePath);
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		diagnostics.push(...detectConsoleLeftovers(content, relativePath, ext));
+		diagnostics.push(...detectTodoStubs(content, relativePath));
+		diagnostics.push(...detectDeadCodePatterns(content, relativePath, ext));
+		diagnostics.push(...detectUnsafeTypePatterns(content, relativePath, ext));
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/ai-slop/exceptions.ts
+const SWALLOWED_EXCEPTION_PATTERNS = [
+	{
+		pattern: /catch\s*\([^)]*\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}/,
+		languages: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs"
+		],
+		message: "Empty catch block swallows errors silently"
+	},
+	{
+		pattern: /catch\s*\([^)]*\)\s*\{\s*console\.log\([^)]*\);\s*\}/,
+		languages: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs"
+		],
+		message: "Catch block only logs error without proper handling"
+	},
+	{
+		pattern: /except(?:\s+\w+)?:\s*\n\s*pass/,
+		languages: [".py"],
+		message: "Bare except with pass swallows errors silently"
+	},
+	{
+		pattern: /except\s+\w+(?:\s+as\s+\w+)?:\s*\n\s*print\(/,
+		languages: [".py"],
+		message: "Catch block only prints error without proper handling"
+	},
+	{
+		pattern: /\w+,\s*_\s*:?=\s*\w+\(/,
+		languages: [".go"],
+		message: "Error return value is being ignored"
+	},
+	{
+		pattern: /rescue(?:\s+\w+)?\s*(?:=>?\s*\w+)?\s*\n\s*(?:nil|#)/,
+		languages: [".rb"],
+		message: "Rescue block swallows errors silently"
+	},
+	{
+		pattern: /catch\s*\(\w+\s+\w+\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}/,
+		languages: [".java"],
+		message: "Empty catch block swallows errors silently"
+	}
+];
+const detectSwallowedExceptions = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const ext = path.extname(filePath);
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		for (const { pattern, languages, message } of SWALLOWED_EXCEPTION_PATTERNS) {
+			if (!languages.includes(ext)) continue;
+			let match;
+			const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes("g") ? "" : "g"));
+			while ((match = regex.exec(content)) !== null) {
+				const line = content.slice(0, match.index).split("\n").length;
+				diagnostics.push({
+					filePath: relativePath,
+					engine: "ai-slop",
+					rule: "ai-slop/swallowed-exception",
+					severity: "error",
+					message,
+					help: "Handle errors explicitly: log with context, rethrow, or return an error value",
+					line,
+					column: 0,
+					category: "AI Slop",
+					fixable: false
+				});
+			}
+		}
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/ai-slop/unused-imports.ts
+const JS_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const PY_EXTENSIONS = new Set([".py"]);
+const extractJsImportedSymbols = (lines) => {
+	const symbols = [];
+	const importLines = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		if (!trimmed.startsWith("import ")) continue;
+		importLines.add(i);
+		if (/^import\s+["']/.test(trimmed)) continue;
+		if (/^import\s+type\s/.test(trimmed)) continue;
+		let fullImport = trimmed;
+		let endLine = i;
+		while (!fullImport.includes("from") && endLine < lines.length - 1) {
+			endLine++;
+			fullImport += ` ${lines[endLine].trim()}`;
+			importLines.add(endLine);
+		}
+		const namespaceMatch = fullImport.match(/import\s+\*\s+as\s+(\w+)\s+from/);
+		if (namespaceMatch) {
+			symbols.push({
+				name: namespaceMatch[1],
+				line: i + 1,
+				isDefault: false,
+				isNamespace: true
+			});
+			continue;
+		}
+		const defaultMatch = fullImport.match(/import\s+(\w+)\s*(?:,\s*\{[^}]*\})?\s+from/);
+		if (defaultMatch && defaultMatch[1] !== "type") symbols.push({
+			name: defaultMatch[1],
+			line: i + 1,
+			isDefault: true,
+			isNamespace: false
+		});
+		const namedMatch = fullImport.match(/\{([^}]+)\}/);
+		if (namedMatch) {
+			const namedImports = namedMatch[1].split(",");
+			for (const ni of namedImports) {
+				const parts = ni.trim().split(/\s+as\s+/);
+				if (parts.length === 0 || !parts[0]) continue;
+				const cleanParts = parts.map((p) => p.trim().replace(/^type\s+/, ""));
+				const localName = cleanParts.length > 1 ? cleanParts[1] : cleanParts[0];
+				if (localName && /^\w+$/.test(localName)) symbols.push({
+					name: localName,
+					line: i + 1,
+					isDefault: false,
+					isNamespace: false
+				});
+			}
+		}
+	}
+	return {
+		symbols,
+		importLines
+	};
+};
+const extractPyImportedSymbols = (lines) => {
+	const symbols = [];
+	const importLines = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		const trimmed = lines[i].trim();
+		const fromMatch = trimmed.match(/^from\s+[\w.]+\s+import\s+(.+)/);
+		if (fromMatch) {
+			importLines.add(i);
+			const importPart = fromMatch[1].replace(/#.*$/, "").trim();
+			if (importPart === "*") continue;
+			const cleaned = importPart.replace(/[()]/g, "");
+			for (const item of cleaned.split(",")) {
+				const parts = item.trim().split(/\s+as\s+/);
+				const localName = parts.length > 1 ? parts[1].trim() : parts[0].trim();
+				if (localName && /^\w+$/.test(localName)) symbols.push({
+					name: localName,
+					line: i + 1,
+					isDefault: false,
+					isNamespace: false
+				});
+			}
+			continue;
+		}
+		const importMatch = trimmed.match(/^import\s+([\w.]+)(?:\s+as\s+(\w+))?/);
+		if (importMatch) {
+			importLines.add(i);
+			const simpleName = (importMatch[2] ?? importMatch[1]).split(".")[0];
+			if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
+				name: simpleName,
+				line: i + 1,
+				isDefault: false,
+				isNamespace: true
+			});
+		}
+	}
+	return {
+		symbols,
+		importLines
+	};
+};
+const isSymbolUsed = (name, content, importLines, lines) => {
+	const pattern = new RegExp(`\\b${name}\\b`, "g");
+	let match;
+	while ((match = pattern.exec(content)) !== null) {
+		const lineIndex = content.slice(0, match.index).split("\n").length - 1;
+		if (!importLines.has(lineIndex)) return true;
+	}
+	for (let i = 0; i < lines.length; i++) {
+		if (importLines.has(i)) continue;
+		if (lines[i].includes(name)) return true;
+	}
+	return false;
+};
+const detectUnusedImports = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const ext = path.extname(filePath);
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const lines = content.split("\n");
+		let symbols;
+		let importLinesSet;
+		if (JS_EXTENSIONS.has(ext)) {
+			const result = extractJsImportedSymbols(lines);
+			symbols = result.symbols;
+			importLinesSet = result.importLines;
+		} else if (PY_EXTENSIONS.has(ext)) {
+			const result = extractPyImportedSymbols(lines);
+			symbols = result.symbols;
+			importLinesSet = result.importLines;
+		} else continue;
+		for (const symbol of symbols) if (!isSymbolUsed(symbol.name, content, importLinesSet, lines)) diagnostics.push({
+			filePath: relativePath,
+			engine: "ai-slop",
+			rule: "ai-slop/unused-import",
+			severity: "warning",
+			message: `Imported symbol '${symbol.name}' is never used`,
+			help: "Remove unused imports to keep the code clean",
+			line: symbol.line,
+			column: 0,
+			category: "AI Slop",
+			fixable: true
+		});
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/ai-slop/index.ts
+const aiSlopEngine = {
+	name: "ai-slop",
+	async run(context) {
+		const diagnostics = [];
+		const results = await Promise.allSettled([
+			detectTrivialComments(context),
+			detectSwallowedExceptions(context),
+			detectOverAbstraction(context),
+			detectDeadPatterns(context),
+			detectUnusedImports(context)
+		]);
+		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+		return {
+			engine: "ai-slop",
+			diagnostics,
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/architecture/matchers.ts
+const minimatch = (filePath, pattern) => {
+	let regex = "";
+	let i = 0;
+	while (i < pattern.length) {
+		const ch = pattern[i];
+		if (ch === "*" && pattern[i + 1] === "*") {
+			regex += ".*";
+			i += 2;
+			if (pattern[i] === "/") i++;
+		} else if (ch === "*") {
+			regex += "[^/]*";
+			i++;
+		} else if (ch === "?") {
+			regex += "[^/]";
+			i++;
+		} else if (ch === "[") {
+			const closeIndex = pattern.indexOf("]", i + 1);
+			if (closeIndex === -1) {
+				regex += "\\[";
+				i++;
+			} else {
+				regex += pattern.slice(i, closeIndex + 1);
+				i = closeIndex + 1;
+			}
+		} else if (".+^${}()|\\".includes(ch)) {
+			regex += `\\${ch}`;
+			i++;
+		} else {
+			regex += ch;
+			i++;
+		}
+	}
+	return new RegExp(`^${regex}$`).test(filePath);
+};
+const extractImports = (content, ext) => {
+	const imports = [];
+	if ([
+		".ts",
+		".tsx",
+		".js",
+		".jsx",
+		".mjs",
+		".cjs"
+	].includes(ext)) {
+		const esPattern = /(?:import|from)\s+["']([^"']+)["']/g;
+		let match;
+		while ((match = esPattern.exec(content)) !== null) imports.push(match[1]);
+		const reqPattern = /require\s*\(\s*["']([^"']+)["']\s*\)/g;
+		while ((match = reqPattern.exec(content)) !== null) imports.push(match[1]);
+	}
+	if (ext === ".py") {
+		const pyPattern = /(?:from|import)\s+([\w.]+)/g;
+		let match;
+		while ((match = pyPattern.exec(content)) !== null) imports.push(match[1]);
+	}
+	if (ext === ".go") {
+		const goSingleImport = /^\s*import\s+"([^"]+)"/gm;
+		let match;
+		while ((match = goSingleImport.exec(content)) !== null) imports.push(match[1]);
+		const goMultiImport = /import\s*\(([^)]*)\)/gs;
+		while ((match = goMultiImport.exec(content)) !== null) {
+			const block = match[1];
+			const pkgPattern = /"([^"]+)"/g;
+			let pkgMatch;
+			while ((pkgMatch = pkgPattern.exec(block)) !== null) imports.push(pkgMatch[1]);
+		}
+	}
+	return imports;
+};
+const applyForbidImport = (rule, imports, content, relativePath) => {
+	if (!rule.match) return [];
+	return imports.filter((imp) => imp.includes(rule.match)).map((imp) => ({
+		filePath: relativePath,
+		engine: "architecture",
+		rule: `arch/${rule.name}`,
+		severity: rule.severity,
+		message: `Forbidden import '${imp}' (rule: ${rule.name})`,
+		help: `This import is not allowed by your architecture rules`,
+		line: findImportLine(content, imp),
+		column: 0,
+		category: "Architecture",
+		fixable: false
+	}));
+};
+const applyForbidImportFromPath = (rule, imports, content, relativePath) => {
+	if (!rule.from || !rule.forbid) return [];
+	if (!minimatch(relativePath, rule.from)) return [];
+	return imports.filter((imp) => minimatch(imp, rule.forbid) || imp.includes(rule.forbid.replace(/\*\*/g, ""))).map((imp) => ({
+		filePath: relativePath,
+		engine: "architecture",
+		rule: `arch/${rule.name}`,
+		severity: rule.severity,
+		message: `Import '${imp}' is forbidden from '${rule.from}' (rule: ${rule.name})`,
+		help: `Files in '${rule.from}' cannot import from '${rule.forbid}'`,
+		line: findImportLine(content, imp),
+		column: 0,
+		category: "Architecture",
+		fixable: false
+	}));
+};
+const applyRequirePattern = (rule, content, relativePath) => {
+	if (!rule.where || !rule.pattern) return [];
+	if (!minimatch(relativePath, rule.where)) return [];
+	if (content.includes(rule.pattern)) return [];
+	return [{
+		filePath: relativePath,
+		engine: "architecture",
+		rule: `arch/${rule.name}`,
+		severity: rule.severity,
+		message: `Required pattern '${rule.pattern}' not found (rule: ${rule.name})`,
+		help: `Files matching '${rule.where}' must contain '${rule.pattern}'`,
+		line: 0,
+		column: 0,
+		category: "Architecture",
+		fixable: false
+	}];
+};
+const applyRule = (rule, imports, content, relativePath) => {
+	switch (rule.type) {
+		case "forbid_import": return applyForbidImport(rule, imports, content, relativePath);
+		case "forbid_import_from_path": return applyForbidImportFromPath(rule, imports, content, relativePath);
+		case "require_pattern": return applyRequirePattern(rule, content, relativePath);
+		default: return [];
+	}
+};
+const checkRules = async (context, rules) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const imports = extractImports(content, path.extname(filePath));
+		for (const rule of rules) diagnostics.push(...applyRule(rule, imports, content, relativePath));
+	}
+	return diagnostics;
+};
+const findImportLine = (content, importPath) => {
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i++) if (lines[i].includes(importPath)) return i + 1;
+	return 0;
+};
+
+//#endregion
+//#region src/engines/architecture/rule-loader.ts
+const loadArchitectureRules = (rulesPath) => {
+	if (!fs.existsSync(rulesPath)) return [];
+	try {
+		const content = fs.readFileSync(rulesPath, "utf-8");
+		return YAML.parse(content)?.rules ?? [];
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/architecture/index.ts
+const architectureEngine = {
+	name: "architecture",
+	async run(context) {
+		if (!context.config.architectureRulesPath) return {
+			engine: "architecture",
+			diagnostics: [],
+			elapsed: 0,
+			skipped: true,
+			skipReason: "No architecture rules configured"
+		};
+		const rules = loadArchitectureRules(context.config.architectureRulesPath);
+		if (rules.length === 0) return {
+			engine: "architecture",
+			diagnostics: [],
+			elapsed: 0,
+			skipped: true,
+			skipReason: "No rules found in rules file"
+		};
+		return {
+			engine: "architecture",
+			diagnostics: await checkRules(context, rules),
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/code-quality/complexity.ts
+const FUNCTION_PATTERNS = [
+	{
+		regex: /^\s*(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [
+			".js",
+			".ts",
+			".jsx",
+			".tsx",
+			".mjs",
+			".cjs"
+		]
+	},
+	{
+		regex: /^\s*(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\(([^)]*)\)\s*(?:=>|:\s*\w)/,
+		langFilter: [
+			".js",
+			".ts",
+			".jsx",
+			".tsx",
+			".mjs",
+			".cjs"
+		]
+	},
+	{
+		regex: /^\s*def\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".py"]
+	},
+	{
+		regex: /^\s*func\s+(?:\([^)]*\)\s+)?(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".go"]
+	},
+	{
+		regex: /^\s*fn\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".rs"]
+	},
+	{
+		regex: /^\s*(?:public|private|protected)?\s*(?:static\s+)?(?:\w+\s+)(\w+)\s*\(([^)]*)\)/,
+		langFilter: [
+			".java",
+			".cs",
+			".cpp",
+			".c",
+			".php"
+		]
+	}
+];
+const countParams = (paramStr) => {
+	if (!paramStr.trim()) return 0;
+	return paramStr.split(",").length;
+};
+const matchFunctionOnLine = (line, ext) => {
+	for (let i = 0; i < FUNCTION_PATTERNS.length; i++) {
+		const pattern = FUNCTION_PATTERNS[i];
+		if (!pattern.langFilter.includes(ext)) continue;
+		const match = line.match(pattern.regex);
+		if (match) return {
+			name: match[1],
+			params: match[2] ?? "",
+			patternIndex: i
+		};
+	}
+	return null;
+};
+const PYTHON_CONTROL_FLOW_RE = /^\s*(?:if|for|while|with|try|except|else|elif|finally|def|class)\b/;
+const findFunctionEnd = (lines, startIndex, isPython) => {
+	if (isPython) return findPythonFunctionEnd(lines, startIndex);
+	return findBraceFunctionEnd(lines, startIndex);
+};
+const isControlFlowBrace = (lineText, braceIndex) => {
+	const before = lineText.substring(0, braceIndex).trimEnd();
+	if (before.endsWith(")")) return true;
+	if (before.endsWith("=>")) return true;
+	if (/\b(?:else|try|finally|do)$/.test(before)) return true;
+	return false;
+};
+const findBraceFunctionEnd = (lines, startIndex) => {
+	let depth = 0;
+	let started = false;
+	let endLine = startIndex;
+	let maxNesting = 0;
+	let functionStartDepth = 0;
+	const braceStack = [];
+	for (let j = startIndex; j < lines.length; j++) {
+		const l = lines[j];
+		for (let ci = 0; ci < l.length; ci++) {
+			const ch = l[ci];
+			if (ch === "{") {
+				depth++;
+				if (!started) {
+					started = true;
+					functionStartDepth = depth;
+					braceStack.push(false);
+				} else {
+					const isCF = isControlFlowBrace(l, ci);
+					braceStack.push(isCF);
+					if (isCF) {
+						let cfCount = 0;
+						for (const b of braceStack) if (b) cfCount++;
+						if (cfCount > maxNesting) maxNesting = cfCount;
+					}
+				}
+			} else if (ch === "}") {
+				depth--;
+				braceStack.pop();
+			}
+		}
+		if (started && depth < functionStartDepth && j > startIndex) {
+			endLine = j;
+			break;
+		}
+		if (j === lines.length - 1) endLine = j;
+	}
+	if (!started) return {
+		endLine: startIndex,
+		maxNesting: 0
+	};
+	return {
+		endLine,
+		maxNesting
+	};
+};
+const findPythonFunctionEnd = (lines, startIndex) => {
+	const baseIndent = lines[startIndex].match(/^(\s*)/)?.[1].length ?? 0;
+	let endLine = startIndex;
+	let maxNesting = 0;
+	const controlIndentStack = [];
+	for (let j = startIndex + 1; j < lines.length; j++) {
+		const l = lines[j];
+		if (l.trim() === "") {
+			endLine = j;
+			continue;
+		}
+		const currentIndent = l.match(/^(\s*)/)?.[1].length ?? 0;
+		if (currentIndent <= baseIndent) break;
+		endLine = j;
+		while (controlIndentStack.length > 0 && currentIndent <= controlIndentStack[controlIndentStack.length - 1]) controlIndentStack.pop();
+		if (PYTHON_CONTROL_FLOW_RE.test(l)) {
+			controlIndentStack.push(currentIndent);
+			const nesting = controlIndentStack.length;
+			if (nesting > maxNesting) maxNesting = nesting;
+		}
+	}
+	return {
+		endLine,
+		maxNesting
+	};
+};
+const isDataFile = (content) => {
+	const nonEmpty = content.split("\n").filter((l) => l.trim().length > 0);
+	if (nonEmpty.length === 0) return false;
+	const dataLinePattern = /^\s*[{}[\]"']/;
+	return nonEmpty.filter((l) => dataLinePattern.test(l)).length / nonEmpty.length > .8;
+};
+const isBlockArrow = (lines, startIndex) => {
+	if (/=>\s*\{/.test(lines[startIndex])) return true;
+	if (/=>\s*$/.test(lines[startIndex])) {
+		const next = lines[startIndex + 1];
+		if (next && /^\s*\{/.test(next)) return true;
+	}
+	for (let j = startIndex + 1; j < Math.min(startIndex + 3, lines.length); j++) {
+		const l = lines[j];
+		if (l.trim() === "" || /^(?:export\s+)?(?:const|let|var|function|class)\s/.test(l.trim())) break;
+		if (/=>\s*\{/.test(l)) return true;
+		if (/^\s*\{/.test(l)) return true;
+	}
+	return false;
+};
+const analyzeFunctions = (content, ext) => {
+	const lines = content.split("\n");
+	const functions = [];
+	for (let i = 0; i < lines.length; i++) {
+		const fnMatch = matchFunctionOnLine(lines[i], ext);
+		if (!fnMatch) continue;
+		const isPython = fnMatch.patternIndex === 2;
+		if (fnMatch.patternIndex === 1 && !isBlockArrow(lines, i)) continue;
+		const { endLine, maxNesting } = findFunctionEnd(lines, i, isPython);
+		functions.push({
+			name: fnMatch.name,
+			startLine: i + 1,
+			lineCount: endLine - i + 1,
+			maxNesting,
+			paramCount: countParams(fnMatch.params)
+		});
+	}
+	return functions;
+};
+const checkFileDiagnostics = (relativePath, content, limits) => {
+	const results = [];
+	const lineCount = content.split("\n").length;
+	const ext = path.extname(relativePath).toLowerCase();
+	if (isDataFile(content)) return results;
+	const effectiveMax = ext === ".jsx" || ext === ".tsx" ? limits.maxFileLoc * 2 : limits.maxFileLoc;
+	if (lineCount > effectiveMax) results.push({
+		filePath: relativePath,
+		engine: "code-quality",
+		rule: "complexity/file-too-large",
+		severity: "warning",
+		message: `File has ${lineCount} lines (max: ${effectiveMax})`,
+		help: "Consider splitting this file into smaller modules",
+		line: 0,
+		column: 0,
+		category: "Complexity",
+		fixable: false
+	});
+	return results;
+};
+const checkFunctionDiagnostics = (relativePath, fn, limits) => {
+	const results = [];
+	if (fn.lineCount > limits.maxFunctionLoc) results.push({
+		filePath: relativePath,
+		engine: "code-quality",
+		rule: "complexity/function-too-long",
+		severity: "warning",
+		message: `Function '${fn.name}' has ${fn.lineCount} lines (max: ${limits.maxFunctionLoc})`,
+		help: "Consider breaking this function into smaller pieces",
+		line: fn.startLine,
+		column: 0,
+		category: "Complexity",
+		fixable: false
+	});
+	if (fn.maxNesting > limits.maxNesting) results.push({
+		filePath: relativePath,
+		engine: "code-quality",
+		rule: "complexity/deep-nesting",
+		severity: "warning",
+		message: `Function '${fn.name}' has nesting depth ${fn.maxNesting} (max: ${limits.maxNesting})`,
+		help: "Consider using early returns or extracting nested logic",
+		line: fn.startLine,
+		column: 0,
+		category: "Complexity",
+		fixable: false
+	});
+	if (fn.paramCount > limits.maxParams) results.push({
+		filePath: relativePath,
+		engine: "code-quality",
+		rule: "complexity/too-many-params",
+		severity: "warning",
+		message: `Function '${fn.name}' has ${fn.paramCount} parameters (max: ${limits.maxParams})`,
+		help: "Consider using an options object parameter",
+		line: fn.startLine,
+		column: 0,
+		category: "Complexity",
+		fixable: false
+	});
+	return results;
+};
+const checkFileComplexity = (filePath, rootDirectory, limits) => {
+	let content;
+	try {
+		content = fs.readFileSync(filePath, "utf-8");
+	} catch {
+		return [];
+	}
+	const relativePath = path.relative(rootDirectory, filePath);
+	const ext = path.extname(filePath).toLowerCase();
+	const diagnostics = checkFileDiagnostics(relativePath, content, limits);
+	for (const fn of analyzeFunctions(content, ext)) diagnostics.push(...checkFunctionDiagnostics(relativePath, fn, limits));
+	return diagnostics;
+};
+const checkComplexity = async (context) => {
+	const files = getSourceFiles(context);
+	const limits = context.config.quality;
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		diagnostics.push(...checkFileComplexity(filePath, context.rootDirectory, limits));
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/code-quality/duplication.ts
+const MIN_DUPLICATE_LINES = 12;
+const MIN_DUPLICATE_CHARS = 240;
+const MAX_DUPLICATE_REPORTS = 50;
+const isIgnorableLine = (line) => {
+	const trimmed = line.trim();
+	return trimmed.length === 0 || trimmed.startsWith("//") || trimmed.startsWith("/*") || trimmed.startsWith("*") || trimmed.startsWith("#");
+};
+const normalizeLine = (line) => line.trim().replace(/\s+/g, " ");
+const extractDuplicateBlocks = (content) => {
+	const blocks = [];
+	const lines = content.split("\n");
+	for (let i = 0; i <= lines.length - MIN_DUPLICATE_LINES; i++) {
+		const segment = lines.slice(i, i + MIN_DUPLICATE_LINES);
+		if (segment.some(isIgnorableLine)) continue;
+		const key = segment.map(normalizeLine).join("\n");
+		if (key.length < MIN_DUPLICATE_CHARS) continue;
+		blocks.push({
+			key,
+			startLine: i + 1
+		});
+	}
+	return blocks;
+};
+const checkDuplication = async (context) => {
+	const files = getSourceFiles(context);
+	const duplicates = /* @__PURE__ */ new Map();
+	for (const absoluteFilePath of files) {
+		if (isAutoGenerated(absoluteFilePath)) continue;
+		let content = "";
+		try {
+			content = fs.readFileSync(absoluteFilePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativeFilePath = path.relative(context.rootDirectory, absoluteFilePath);
+		for (const block of extractDuplicateBlocks(content)) {
+			const occurrence = {
+				filePath: relativeFilePath,
+				startLine: block.startLine
+			};
+			const list = duplicates.get(block.key) ?? [];
+			list.push(occurrence);
+			duplicates.set(block.key, list);
+		}
+	}
+	const diagnostics = [];
+	const reportedPairs = /* @__PURE__ */ new Set();
+	for (const occurrences of duplicates.values()) {
+		if (occurrences.length < 2) continue;
+		const source = occurrences[0];
+		for (const occurrence of occurrences.slice(1)) {
+			if (diagnostics.length >= MAX_DUPLICATE_REPORTS) return diagnostics;
+			if (occurrence.filePath === source.filePath && occurrence.startLine === source.startLine) continue;
+			if (occurrence.filePath === source.filePath) continue;
+			const pairKey = `${source.filePath}->${occurrence.filePath}`;
+			if (reportedPairs.has(pairKey)) continue;
+			reportedPairs.add(pairKey);
+			diagnostics.push({
+				filePath: occurrence.filePath,
+				engine: "code-quality",
+				rule: "duplication/block",
+				severity: "warning",
+				message: `Possible duplicated code block (${MIN_DUPLICATE_LINES}+ lines) also found at ${source.filePath}:${source.startLine}`,
+				help: "Extract shared logic into a reusable function or module",
+				line: occurrence.startLine,
+				column: 0,
+				category: "Duplication",
+				fixable: false
+			});
+		}
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/utils/subprocess.ts
+const runSubprocess = (command, args, options = {}) => {
+	return new Promise((resolve, reject) => {
+		const child = spawn(command, args, {
+			cwd: options.cwd,
+			env: {
+				...process.env,
+				...options.env
+			},
+			stdio: [
+				"ignore",
+				"pipe",
+				"pipe"
+			],
+			windowsHide: true
+		});
+		const stdoutBuffers = [];
+		const stderrBuffers = [];
+		child.stdout?.on("data", (buffer) => stdoutBuffers.push(buffer));
+		child.stderr?.on("data", (buffer) => stderrBuffers.push(buffer));
+		let settled = false;
+		let timer;
+		const finalize = (callback) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			callback();
+		};
+		if (options.timeout && options.timeout > 0) {
+			timer = setTimeout(() => {
+				child.kill("SIGTERM");
+				setTimeout(() => child.kill("SIGKILL"), 1e3).unref();
+				finalize(() => reject(/* @__PURE__ */ new Error(`Command timed out after ${options.timeout}ms: ${command}`)));
+			}, options.timeout);
+			timer.unref();
+		}
+		child.once("error", (error) => finalize(() => reject(/* @__PURE__ */ new Error(`Failed to run ${command}: ${error.message}`))));
+		child.once("close", (code) => {
+			finalize(() => resolve({
+				stdout: Buffer.concat(stdoutBuffers).toString("utf-8").trim(),
+				stderr: Buffer.concat(stderrBuffers).toString("utf-8").trim(),
+				exitCode: code
+			}));
+		});
+	});
+};
+const isToolInstalled = async (tool) => {
+	try {
+		const result = await runSubprocess("which", [tool]);
+		return result.exitCode === 0 && result.stdout.length > 0;
+	} catch {
+		return false;
+	}
+};
+
+//#endregion
+//#region src/engines/code-quality/knip.ts
+const KNIP_MESSAGE_MAP = {
+	files: "Unused file",
+	exports: "Unused export",
+	types: "Unused type",
+	duplicates: "Duplicate export"
+};
+const collectIssues = (fileIssue, issueType, rootDir, knipCwd) => {
+	const diagnostics = [];
+	const issues = issueType === "exports" ? fileIssue.exports ?? [] : issueType === "types" ? fileIssue.types ?? [] : fileIssue.duplicates ?? [];
+	for (const issue of issues) {
+		const symbol = issue.name ?? issue.symbol ?? "unknown";
+		const absolutePath = path.resolve(knipCwd, fileIssue.file);
+		diagnostics.push({
+			filePath: path.relative(rootDir, absolutePath),
+			engine: "code-quality",
+			rule: `knip/${issueType}`,
+			severity: "warning",
+			message: `${KNIP_MESSAGE_MAP[issueType]}: ${symbol}`,
+			help: "",
+			line: issue.line ?? 0,
+			column: issue.col ?? 0,
+			category: "Dead Code",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const findMonorepoRoot = (directory) => {
+	let current = path.dirname(directory);
+	while (current !== path.dirname(current)) {
+		if (fs.existsSync(path.join(current, "pnpm-workspace.yaml")) || (() => {
+			const pkgPath = path.join(current, "package.json");
+			if (!fs.existsSync(pkgPath)) return false;
+			const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+			return Array.isArray(pkg.workspaces) || pkg.workspaces?.packages;
+		})()) return current;
+		current = path.dirname(current);
+	}
+	return null;
+};
+const KNIP_RELATIVE_BIN = path.join("node_modules", "knip", "bin", "knip.js");
+const findKnipBin = (rootDirectory, monorepoRoot) => {
+	const localPath = path.join(rootDirectory, KNIP_RELATIVE_BIN);
+	if (fs.existsSync(localPath)) return {
+		binPath: localPath,
+		cwd: rootDirectory
+	};
+	if (monorepoRoot) {
+		const monorepoPath = path.join(monorepoRoot, KNIP_RELATIVE_BIN);
+		if (fs.existsSync(monorepoPath)) return {
+			binPath: monorepoPath,
+			cwd: monorepoRoot
+		};
+	}
+	return null;
+};
+const runKnip = async (rootDirectory) => {
+	const knipRuntime = findKnipBin(rootDirectory, findMonorepoRoot(rootDirectory));
+	if (!knipRuntime) return [];
+	try {
+		const args = [
+			knipRuntime.binPath,
+			"--no-progress",
+			"--reporter",
+			"json",
+			"--no-exit-code"
+		];
+		const result = await runSubprocess(process.execPath, args, {
+			cwd: knipRuntime.cwd,
+			timeout: 2e4,
+			env: { FORCE_COLOR: "0" }
+		});
+		if (!result.stdout) return [];
+		const parsed = JSON.parse(result.stdout);
+		const diagnostics = [];
+		const files = parsed.files ?? [];
+		for (const unusedFile of files) diagnostics.push({
+			filePath: path.relative(rootDirectory, path.resolve(knipRuntime.cwd, unusedFile)),
+			engine: "code-quality",
+			rule: "knip/files",
+			severity: "warning",
+			message: KNIP_MESSAGE_MAP.files,
+			help: "This file is not imported by any other file in the project.",
+			line: 0,
+			column: 0,
+			category: "Dead Code",
+			fixable: false
+		});
+		const issues = parsed.issues ?? [];
+		for (const fileIssue of issues) for (const type of [
+			"exports",
+			"types",
+			"duplicates"
+		]) diagnostics.push(...collectIssues(fileIssue, type, rootDirectory, knipRuntime.cwd));
+		return diagnostics;
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/code-quality/index.ts
+const codeQualityEngine = {
+	name: "code-quality",
+	async run(context) {
+		const diagnostics = [];
+		const promises = [];
+		if (context.languages.includes("typescript") || context.languages.includes("javascript")) promises.push(runKnip(context.rootDirectory));
+		promises.push(checkComplexity(context));
+		promises.push(checkDuplication(context));
+		const results = await Promise.allSettled(promises);
+		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+		return {
+			engine: "code-quality",
+			diagnostics,
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/format/biome.ts
+const esmRequire$2 = createRequire(import.meta.url);
+const resolveLocalBiomeScript = () => {
+	try {
+		const packageJsonPath = esmRequire$2.resolve("@biomejs/biome/package.json");
+		return path.join(path.dirname(packageJsonPath), "bin", "biome");
+	} catch {
+		return null;
+	}
+};
+const runBiome = async (args, rootDirectory, timeout) => {
+	const localScript = resolveLocalBiomeScript();
+	if (localScript) return runSubprocess(process.execPath, [localScript, ...args], {
+		cwd: rootDirectory,
+		timeout
+	});
+	return runSubprocess("biome", args, {
+		cwd: rootDirectory,
+		timeout
+	});
+};
+const BIOME_EXTENSIONS = new Set([
+	".js",
+	".jsx",
+	".ts",
+	".tsx",
+	".mjs",
+	".cjs"
+]);
+const getBiomeTargets = (context) => getSourceFiles(context).filter((filePath) => BIOME_EXTENSIONS.has(path.extname(filePath))).map((filePath) => path.relative(context.rootDirectory, filePath));
+const projectUsesDecorators = (rootDir) => {
+	try {
+		const tsconfigPath = path.join(rootDir, "tsconfig.json");
+		if (!fs.existsSync(tsconfigPath)) return false;
+		const content = fs.readFileSync(tsconfigPath, "utf-8");
+		return /experimentalDecorators.*true/i.test(content);
+	} catch {
+		return false;
+	}
+};
+const runBiomeFormat = async (context) => {
+	const targets = getBiomeTargets(context);
+	if (targets.length === 0) return [];
+	const args = [
+		"format",
+		"--reporter=json",
+		...targets
+	];
+	try {
+		const result = await runBiome(args, context.rootDirectory, 6e4);
+		const output = [result.stdout, result.stderr].filter(Boolean).join("\n");
+		if (!output) return [];
+		let diagnostics = parseBiomeJsonOutput(output, context.rootDirectory);
+		if (projectUsesDecorators(context.rootDirectory)) diagnostics = diagnostics.filter((d) => {
+			const msg = d.message.toLowerCase();
+			return !msg.includes("decorator") && !msg.includes("parsing error");
+		});
+		return diagnostics;
+	} catch {
+		return [];
+	}
+};
+const parseBiomeJsonOutput = (output, rootDir) => {
+	const diagnostics = [];
+	for (const line of output.split("\n")) {
+		const trimmed = line.trim();
+		if (!trimmed.startsWith("{")) continue;
+		let parsed = null;
+		try {
+			parsed = JSON.parse(trimmed);
+		} catch {
+			parsed = null;
+		}
+		if (!parsed || !Array.isArray(parsed.diagnostics)) continue;
+		for (const entry of parsed.diagnostics) {
+			const rawPath = entry.location?.path;
+			if (!rawPath) continue;
+			const severity = entry.severity === "error" ? "error" : "warning";
+			diagnostics.push({
+				filePath: path.isAbsolute(rawPath) ? path.relative(rootDir, rawPath) : rawPath,
+				engine: "format",
+				rule: "formatting",
+				severity,
+				message: entry.message ?? "File is not formatted correctly",
+				help: "Run `aislop fix` to auto-format",
+				line: entry.location?.start?.line ?? 0,
+				column: entry.location?.start?.column ?? 0,
+				category: "Format",
+				fixable: true
+			});
+		}
+	}
+	return diagnostics;
+};
+const fixBiomeFormat = async (context) => {
+	const targets = getBiomeTargets(context);
+	if (targets.length === 0) return;
+	const result = await runBiome([
+		"check",
+		"--write",
+		"--formatter-enabled=true",
+		"--linter-enabled=false",
+		...targets
+	], context.rootDirectory, 6e4);
+	if (result.exitCode !== 0) throw new Error(result.stderr || result.stdout || `Biome exited with code ${result.exitCode}`);
+};
+
+//#endregion
+//#region src/engines/format/generic.ts
+const FORMATTERS = {
+	rust: {
+		command: "cargo",
+		checkArgs: ["fmt", "--check"],
+		fixArgs: ["fmt"],
+		parseOutput: (output, _rootDir) => {
+			const diagnostics = [];
+			const lines = output.split("\n").filter((l) => l.startsWith("Diff in"));
+			for (const line of lines) {
+				const match = line.match(/Diff in (.+) at line (\d+)/);
+				if (match) diagnostics.push({
+					filePath: match[1],
+					engine: "format",
+					rule: "rust-formatting",
+					severity: "warning",
+					message: "Rust file is not formatted correctly",
+					help: "Run `aislop fix` to auto-format with rustfmt",
+					line: parseInt(match[2], 10),
+					column: 0,
+					category: "Format",
+					fixable: true
+				});
+			}
+			return diagnostics;
+		}
+	},
+	ruby: {
+		command: "rubocop",
+		checkArgs: [
+			"--format",
+			"json",
+			"--only",
+			"Layout"
+		],
+		fixArgs: [
+			"--auto-correct",
+			"--only",
+			"Layout"
+		],
+		parseOutput: (output) => {
+			try {
+				const parsed = JSON.parse(output);
+				const diagnostics = [];
+				for (const file of parsed.files ?? []) for (const offense of file.offenses ?? []) diagnostics.push({
+					filePath: file.path,
+					engine: "format",
+					rule: offense.cop_name ?? "ruby-formatting",
+					severity: "warning",
+					message: offense.message ?? "Ruby formatting issue",
+					help: "Run `aislop fix` to auto-format",
+					line: offense.location?.start_line ?? 0,
+					column: offense.location?.start_column ?? 0,
+					category: "Format",
+					fixable: offense.correctable ?? false
+				});
+				return diagnostics;
+			} catch {
+				return [];
+			}
+		}
+	},
+	php: {
+		command: "php-cs-fixer",
+		checkArgs: [
+			"fix",
+			"--dry-run",
+			"--format=json",
+			"."
+		],
+		fixArgs: ["fix", "."],
+		parseOutput: (output) => {
+			try {
+				const parsed = JSON.parse(output);
+				const diagnostics = [];
+				for (const file of parsed.files ?? []) diagnostics.push({
+					filePath: file.name,
+					engine: "format",
+					rule: "php-formatting",
+					severity: "warning",
+					message: "PHP file is not formatted correctly",
+					help: "Run `aislop fix` to auto-format",
+					line: 0,
+					column: 0,
+					category: "Format",
+					fixable: true
+				});
+				return diagnostics;
+			} catch {
+				return [];
+			}
+		}
+	}
+};
+const runGenericFormatter = async (context, language) => {
+	const config = FORMATTERS[language];
+	if (!config) return [];
+	try {
+		const result = await runSubprocess(config.command, config.checkArgs, {
+			cwd: context.rootDirectory,
+			timeout: 6e4
+		});
+		const output = result.stdout || result.stderr;
+		if (!output) return [];
+		return config.parseOutput(output, context.rootDirectory);
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/format/gofmt.ts
+const runGofmt = async (context) => {
+	try {
+		const result = await runSubprocess("gofmt", ["-l", context.rootDirectory], {
+			cwd: context.rootDirectory,
+			timeout: 6e4
+		});
+		if (!result.stdout) return [];
+		return result.stdout.split("\n").filter((f) => f.length > 0).map((file) => ({
+			filePath: path.relative(context.rootDirectory, file),
+			engine: "format",
+			rule: "go-formatting",
+			severity: "warning",
+			message: "Go file is not formatted correctly",
+			help: "Run `aislop fix` to auto-format with gofmt",
+			line: 0,
+			column: 0,
+			category: "Format",
+			fixable: true
+		}));
+	} catch {
+		return [];
+	}
+};
+const fixGofmt = async (rootDirectory) => {
+	const result = await runSubprocess("gofmt", ["-w", rootDirectory], {
+		cwd: rootDirectory,
+		timeout: 6e4
+	});
+	if (result.exitCode !== 0) throw new Error(result.stderr || result.stdout || `gofmt exited with code ${result.exitCode}`);
+};
+
+//#endregion
+//#region src/utils/tooling.ts
+const THIS_FILE = fileURLToPath(import.meta.url);
+const esmRequire$1 = createRequire(import.meta.url);
+const resolvePackageRoot = (startFile) => {
+	let current = path.dirname(startFile);
+	while (true) {
+		const packageJsonPath = path.join(current, "package.json");
+		if (fs.existsSync(packageJsonPath)) try {
+			if (JSON.parse(fs.readFileSync(packageJsonPath, "utf-8")).name === "aislop") return current;
+		} catch {}
+		const parent = path.dirname(current);
+		if (parent === current) break;
+		current = parent;
+	}
+	return path.resolve(path.dirname(startFile), "..", "..");
+};
+const PACKAGE_ROOT = resolvePackageRoot(THIS_FILE);
+const TOOLS_BIN_DIR = path.join(PACKAGE_ROOT, "tools", "bin");
+const BUNDLED_TOOL_NAMES = new Set(["ruff", "golangci-lint"]);
+const withExecutableExtension = (toolName) => process.platform === "win32" ? `${toolName}.exe` : toolName;
+const getBundledToolPath = (toolName) => {
+	if (!BUNDLED_TOOL_NAMES.has(toolName)) return null;
+	const candidate = path.join(TOOLS_BIN_DIR, withExecutableExtension(toolName));
+	return fs.existsSync(candidate) ? candidate : null;
+};
+const resolveToolBinary = (toolName) => getBundledToolPath(toolName) ?? toolName;
+const isBundledTool = (toolName) => getBundledToolPath(toolName) !== null;
+const isToolAvailable = async (toolName) => {
+	if (isBundledTool(toolName)) return true;
+	return isToolInstalled(toolName);
+};
+const isNodePackageAvailable = (packageName) => {
+	try {
+		esmRequire$1.resolve(`${packageName}/package.json`);
+		return true;
+	} catch {
+		return false;
+	}
+};
+
+//#endregion
+//#region src/engines/format/ruff-format.ts
+const runRuffFormat = async (context) => {
+	const ruffBinary = resolveToolBinary("ruff");
+	try {
+		const result = await runSubprocess(ruffBinary, [
+			"format",
+			"--check",
+			"--diff",
+			context.rootDirectory
+		], {
+			cwd: context.rootDirectory,
+			timeout: 6e4
+		});
+		if (result.exitCode === 0) return [];
+		return parseRuffFormatOutput(result.stdout || result.stderr, context.rootDirectory);
+	} catch {
+		return [];
+	}
+};
+const parseRuffFormatOutput = (output, rootDir) => {
+	const diagnostics = [];
+	const filePattern = /^--- (.+)$/gm;
+	let match;
+	while ((match = filePattern.exec(output)) !== null) {
+		const filePath = match[1].replace(/^a\//, "");
+		diagnostics.push({
+			filePath: path.relative(rootDir, filePath),
+			engine: "format",
+			rule: "python-formatting",
+			severity: "warning",
+			message: "Python file is not formatted correctly",
+			help: "Run `aislop fix` to auto-format with ruff",
+			line: 0,
+			column: 0,
+			category: "Format",
+			fixable: true
+		});
+	}
+	return diagnostics;
+};
+const fixRuffFormat = async (rootDirectory) => {
+	const result = await runSubprocess(resolveToolBinary("ruff"), ["format", rootDirectory], {
+		cwd: rootDirectory,
+		timeout: 6e4
+	});
+	if (result.exitCode !== 0) throw new Error(result.stderr || result.stdout || `ruff format exited with code ${result.exitCode}`);
+};
+
+//#endregion
+//#region src/engines/format/index.ts
+const formatEngine = {
+	name: "format",
+	async run(context) {
+		const diagnostics = [];
+		const { languages, installedTools } = context;
+		const promises = [];
+		if (languages.includes("typescript") || languages.includes("javascript")) promises.push(runBiomeFormat(context));
+		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffFormat(context));
+		if (languages.includes("go") && installedTools["gofmt"]) promises.push(runGofmt(context));
+		if (languages.includes("rust") && installedTools["rustfmt"]) promises.push(runGenericFormatter(context, "rust"));
+		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericFormatter(context, "ruby"));
+		if (languages.includes("php") && installedTools["php-cs-fixer"]) promises.push(runGenericFormatter(context, "php"));
+		const results = await Promise.allSettled(promises);
+		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+		return {
+			engine: "format",
+			diagnostics,
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/lint/generic.ts
+const runGenericLinter = async (context, language) => {
+	switch (language) {
+		case "rust": return runClippy(context);
+		case "ruby": return runRubocop(context);
+		default: return [];
+	}
+};
+const runClippy = async (context) => {
+	try {
+		return parseClippyDiagnostics((await runSubprocess("cargo", [
+			"clippy",
+			"--message-format=json",
+			"--quiet"
+		], {
+			cwd: context.rootDirectory,
+			timeout: 12e4
+		})).stdout);
+	} catch {
+		return [];
+	}
+};
+const parseClippyEntry = (line) => {
+	if (!line.startsWith("{")) return null;
+	try {
+		return JSON.parse(line);
+	} catch {
+		return null;
+	}
+};
+const toClippyDiagnostic = (entry) => {
+	if (entry.reason !== "compiler-message" || !entry.message) return null;
+	const message = entry.message;
+	const span = message.spans?.[0];
+	return {
+		filePath: span?.file_name ?? "",
+		engine: "lint",
+		rule: `clippy/${message.code?.code ?? "unknown"}`,
+		severity: message.level === "error" ? "error" : "warning",
+		message: message.message ?? "",
+		help: message.children?.[0]?.message ?? "",
+		line: span?.line_start ?? 0,
+		column: span?.column_start ?? 0,
+		category: "Rust Lint",
+		fixable: false
+	};
+};
+const parseClippyDiagnostics = (output) => {
+	const diagnostics = [];
+	for (const line of output.split("\n")) {
+		const entry = parseClippyEntry(line);
+		if (!entry) continue;
+		const diagnostic = toClippyDiagnostic(entry);
+		if (diagnostic) diagnostics.push(diagnostic);
+	}
+	return diagnostics;
+};
+const runRubocop = async (context) => {
+	try {
+		const output = (await runSubprocess("rubocop", [
+			"--format",
+			"json",
+			"--except",
+			"Layout"
+		], {
+			cwd: context.rootDirectory,
+			timeout: 6e4
+		})).stdout;
+		if (!output) return [];
+		const parsed = JSON.parse(output);
+		const diagnostics = [];
+		for (const file of parsed.files ?? []) for (const offense of file.offenses ?? []) diagnostics.push({
+			filePath: file.path,
+			engine: "lint",
+			rule: `rubocop/${offense.cop_name}`,
+			severity: offense.severity === "error" || offense.severity === "fatal" ? "error" : "warning",
+			message: offense.message,
+			help: "",
+			line: offense.location?.start_line ?? 0,
+			column: offense.location?.start_column ?? 0,
+			category: "Ruby Lint",
+			fixable: offense.correctable ?? false
+		});
+		return diagnostics;
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/lint/golangci.ts
+const runGolangciLint = async (context) => {
+	const golangciBinary = resolveToolBinary("golangci-lint");
+	try {
+		const output = (await runSubprocess(golangciBinary, [
+			"run",
+			"--out-format=json",
+			"./..."
+		], {
+			cwd: context.rootDirectory,
+			timeout: 12e4
+		})).stdout;
+		if (!output) return [];
+		let parsed;
+		try {
+			parsed = JSON.parse(output);
+		} catch {
+			return [];
+		}
+		return (parsed.Issues ?? []).map((issue) => ({
+			filePath: path.relative(context.rootDirectory, issue.Pos.Filename),
+			engine: "lint",
+			rule: `go/${issue.FromLinter}`,
+			severity: "warning",
+			message: issue.Text,
+			help: "",
+			line: issue.Pos.Line,
+			column: issue.Pos.Column,
+			category: "Go Lint",
+			fixable: false
+		}));
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/lint/oxlint-config.ts
+const createOxlintConfig = (options) => {
+	const plugins = [
+		"import",
+		"unicorn",
+		"typescript"
+	];
+	const rules = {
+		"no-unused-vars": "warn",
+		"no-undef": "error",
+		"no-constant-condition": "warn",
+		"no-debugger": "warn",
+		"no-empty": "warn",
+		"no-extra-boolean-cast": "warn",
+		"no-irregular-whitespace": "warn",
+		"no-loss-of-precision": "error",
+		"import/no-duplicates": "warn",
+		"unicorn/no-unnecessary-await": "warn"
+	};
+	if (options.framework === "react" || options.framework === "nextjs" || options.framework === "vite" || options.framework === "remix") {
+		plugins.push("react", "react-hooks", "jsx-a11y");
+		Object.assign(rules, {
+			"react/no-direct-mutation-state": "error",
+			"react-hooks/rules-of-hooks": "error",
+			"react-hooks/exhaustive-deps": "warn"
+		});
+	}
+	if (options.framework === "nextjs") plugins.push("nextjs");
+	const env = {
+		browser: true,
+		node: true,
+		es2022: true
+	};
+	const globals = {};
+	if (options.testFramework === "jest") {
+		globals.jest = "readonly";
+		globals.describe = "readonly";
+		globals.it = "readonly";
+		globals.expect = "readonly";
+		globals.test = "readonly";
+		globals.beforeAll = "readonly";
+		globals.afterAll = "readonly";
+		globals.beforeEach = "readonly";
+		globals.afterEach = "readonly";
+	} else if (options.testFramework === "vitest") {
+		globals.describe = "readonly";
+		globals.it = "readonly";
+		globals.expect = "readonly";
+		globals.test = "readonly";
+		globals.beforeAll = "readonly";
+		globals.afterAll = "readonly";
+		globals.beforeEach = "readonly";
+		globals.afterEach = "readonly";
+		globals.vi = "readonly";
+	} else if (options.testFramework === "mocha") {
+		globals.describe = "readonly";
+		globals.it = "readonly";
+		globals.before = "readonly";
+		globals.after = "readonly";
+		globals.beforeEach = "readonly";
+		globals.afterEach = "readonly";
+	}
+	if (options.framework === "expo" || options.framework === "react") globals.__DEV__ = "readonly";
+	return {
+		plugins,
+		rules,
+		env,
+		globals,
+		settings: {}
+	};
+};
+
+//#endregion
+//#region src/engines/lint/oxlint.ts
+const esmRequire = createRequire(import.meta.url);
+const resolveOxlintBinary = () => {
+	try {
+		const oxlintMainPath = esmRequire.resolve("oxlint");
+		const oxlintDir = path.resolve(path.dirname(oxlintMainPath), "..");
+		return path.join(oxlintDir, "bin", "oxlint");
+	} catch {
+		return "oxlint";
+	}
+};
+const parseRuleCode = (code) => {
+	const match = code.match(/^(.+)\((.+)\)$/);
+	if (!match) return {
+		plugin: "unknown",
+		rule: code
+	};
+	return {
+		plugin: match[1].replace(/^eslint-plugin-/, ""),
+		rule: match[2]
+	};
+};
+const detectTestFramework = (rootDir) => {
+	try {
+		const raw = fs.readFileSync(path.join(rootDir, "package.json"), "utf-8");
+		const pkg = JSON.parse(raw);
+		const allDeps = {
+			...pkg.dependencies,
+			...pkg.devDependencies
+		};
+		if (allDeps.vitest) return "vitest";
+		if (allDeps.jest || allDeps["ts-jest"] || allDeps["@jest/core"]) return "jest";
+		if (allDeps.mocha) return "mocha";
+		if (fs.existsSync(path.join(rootDir, "jest.config.js")) || fs.existsSync(path.join(rootDir, "jest.config.ts")) || fs.existsSync(path.join(rootDir, "jest.config.mjs"))) return "jest";
+		if (fs.existsSync(path.join(rootDir, "vitest.config.ts")) || fs.existsSync(path.join(rootDir, "vitest.config.js"))) return "vitest";
+		if (fs.existsSync(path.join(rootDir, ".mocharc.yml"))) return "mocha";
+	} catch {}
+	return null;
+};
+const runOxlint = async (context) => {
+	const configPath = path.join(os.tmpdir(), `aislop-oxlintrc-${process.pid}.json`);
+	const config = createOxlintConfig({
+		framework: context.frameworks.find((f) => f !== "none"),
+		testFramework: detectTestFramework(context.rootDirectory)
+	});
+	try {
+		fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+		const args = [
+			resolveOxlintBinary(),
+			"-c",
+			configPath,
+			"--format",
+			"json"
+		];
+		if (context.languages.includes("typescript") && fs.existsSync(path.join(context.rootDirectory, "tsconfig.json"))) args.push("--tsconfig", "./tsconfig.json");
+		args.push(".");
+		const result = await runSubprocess(process.execPath, args, {
+			cwd: context.rootDirectory,
+			timeout: 12e4
+		});
+		if (!result.stdout) return [];
+		let output;
+		try {
+			output = JSON.parse(result.stdout);
+		} catch {
+			return [];
+		}
+		return output.diagnostics.map((d) => {
+			const { plugin, rule } = parseRuleCode(d.code);
+			const label = d.labels[0];
+			return {
+				filePath: d.filename,
+				engine: "lint",
+				rule: `${plugin}/${rule}`,
+				severity: d.severity,
+				message: d.message.replace(/\S+\.\w+:\d+:\d+[\s\S]*$/, "").trim() || d.message,
+				help: d.help || "",
+				line: label?.span.line ?? 0,
+				column: label?.span.column ?? 0,
+				category: plugin === "react" ? "React" : plugin === "import" ? "Imports" : "Lint",
+				fixable: false
+			};
+		});
+	} finally {
+		if (fs.existsSync(configPath)) fs.unlinkSync(configPath);
+	}
+};
+const fixOxlint = async (context) => {
+	const configPath = path.join(os.tmpdir(), `aislop-oxlintrc-fix-${process.pid}.json`);
+	const config = createOxlintConfig({
+		framework: context.frameworks.find((f) => f !== "none"),
+		testFramework: detectTestFramework(context.rootDirectory)
+	});
+	try {
+		fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+		const args = [
+			resolveOxlintBinary(),
+			"-c",
+			configPath,
+			"--fix",
+			"."
+		];
+		const result = await runSubprocess(process.execPath, args, {
+			cwd: context.rootDirectory,
+			timeout: 12e4
+		});
+		if (result.exitCode !== 0) throw new Error(result.stderr || result.stdout || `Oxlint exited with code ${result.exitCode}`);
+	} finally {
+		if (fs.existsSync(configPath)) fs.unlinkSync(configPath);
+	}
+};
+
+//#endregion
+//#region src/engines/lint/ruff.ts
+const runRuffLint = async (context) => {
+	const ruffBinary = resolveToolBinary("ruff");
+	try {
+		const output = (await runSubprocess(ruffBinary, [
+			"check",
+			"--output-format=json",
+			context.rootDirectory
+		], {
+			cwd: context.rootDirectory,
+			timeout: 6e4
+		})).stdout;
+		if (!output) return [];
+		return JSON.parse(output).map((d) => ({
+			filePath: path.relative(context.rootDirectory, d.filename),
+			engine: "lint",
+			rule: `ruff/${d.code}`,
+			severity: d.code.startsWith("E") || d.code.startsWith("F") ? "error" : "warning",
+			message: d.message,
+			help: "",
+			line: d.location.row,
+			column: d.location.column,
+			category: "Python Lint",
+			fixable: d.fix?.applicability === "safe"
+		}));
+	} catch {
+		return [];
+	}
+};
+const fixRuffLint = async (rootDirectory) => {
+	const result = await runSubprocess(resolveToolBinary("ruff"), [
+		"check",
+		"--fix",
+		rootDirectory
+	], {
+		cwd: rootDirectory,
+		timeout: 6e4
+	});
+	if (result.exitCode !== 0) throw new Error(result.stderr || result.stdout || `ruff check --fix exited with code ${result.exitCode}`);
+};
+
+//#endregion
+//#region src/engines/lint/index.ts
+const lintEngine = {
+	name: "lint",
+	async run(context) {
+		const diagnostics = [];
+		const { languages, installedTools } = context;
+		const promises = [];
+		if (languages.includes("typescript") || languages.includes("javascript")) promises.push(runOxlint(context));
+		if (context.frameworks.includes("expo")) promises.push(import("./expo-doctor-vDz4kh9-.js").then((mod) => mod.runExpoDoctor(context)));
+		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffLint(context));
+		if (languages.includes("go") && installedTools["golangci-lint"]) promises.push(runGolangciLint(context));
+		if (languages.includes("rust") && installedTools["cargo"]) promises.push(runGenericLinter(context, "rust"));
+		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericLinter(context, "ruby"));
+		const results = await Promise.allSettled(promises);
+		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+		return {
+			engine: "lint",
+			diagnostics,
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/security/audit.ts
+const runDependencyAudit = async (context) => {
+	const diagnostics = [];
+	const timeout = context.config.security.auditTimeout;
+	const promises = [];
+	if (context.languages.includes("typescript") || context.languages.includes("javascript")) {
+		if (fs.existsSync(path.join(context.rootDirectory, "pnpm-lock.yaml"))) promises.push(runPnpmAudit(context.rootDirectory, timeout));
+		else if (fs.existsSync(path.join(context.rootDirectory, "package-lock.json")) || fs.existsSync(path.join(context.rootDirectory, "package.json"))) promises.push(runNpmAudit(context.rootDirectory, timeout));
+	}
+	if (context.languages.includes("python") && context.installedTools["pip-audit"]) promises.push(runPipAudit(context.rootDirectory, timeout));
+	if (context.languages.includes("go") && context.installedTools["govulncheck"]) promises.push(runGovulncheck(context.rootDirectory, timeout));
+	if (context.languages.includes("rust")) promises.push(runCargoAudit(context.rootDirectory, timeout));
+	const results = await Promise.allSettled(promises);
+	for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+	return diagnostics;
+};
+const runNpmAudit = async (rootDir, timeout) => {
+	try {
+		return parseJsAudit((await runSubprocess("npm", ["audit", "--json"], {
+			cwd: rootDir,
+			timeout
+		})).stdout, "npm audit");
+	} catch {
+		return [];
+	}
+};
+const runPnpmAudit = async (rootDir, timeout) => {
+	try {
+		return parseJsAudit((await runSubprocess("pnpm", ["audit", "--json"], {
+			cwd: rootDir,
+			timeout
+		})).stdout, "pnpm audit");
+	} catch {
+		return [];
+	}
+};
+const toSeverity = (value) => value === "critical" || value === "high" ? "error" : "warning";
+const defaultAuditFixCommand = (source) => source === "pnpm audit" ? "pnpm audit --fix" : "npm audit fix";
+const parseLegacyAdvisories = (advisories, source) => {
+	const diagnostics = [];
+	for (const [key, advisory] of Object.entries(advisories)) {
+		const packageName = advisory.module_name ?? advisory.name ?? advisory.package ?? key;
+		const severity = (advisory.severity ?? "moderate").toLowerCase();
+		const recommendation = advisory.recommendation ?? advisory.title ?? `Run \`${defaultAuditFixCommand(source)}\` to resolve`;
+		diagnostics.push({
+			filePath: "package.json",
+			engine: "security",
+			rule: "security/vulnerable-dependency",
+			severity: toSeverity(severity),
+			message: `Vulnerable dependency (${source}): ${packageName} (${severity})`,
+			help: recommendation,
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const parseModernVulnerabilities = (vulnerabilities, source) => {
+	const diagnostics = [];
+	for (const [packageName, vulnerability] of Object.entries(vulnerabilities)) {
+		const severity = (vulnerability.severity ?? "moderate").toLowerCase();
+		const fixAvailable = vulnerability.fixAvailable;
+		let recommendation = `Run \`${defaultAuditFixCommand(source)}\` to resolve`;
+		if (fixAvailable === false) recommendation = "No automatic fix available.";
+		else if (fixAvailable && typeof fixAvailable === "object" && "name" in fixAvailable && "version" in fixAvailable) {
+			const target = fixAvailable;
+			if (target.name && target.version) recommendation = `Upgrade to ${target.name}@${target.version}.`;
+		}
+		diagnostics.push({
+			filePath: "package.json",
+			engine: "security",
+			rule: "security/vulnerable-dependency",
+			severity: toSeverity(severity),
+			message: `Vulnerable dependency (${source}): ${packageName} (${severity})`,
+			help: recommendation,
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		});
+	}
+	return diagnostics;
+};
+const parseJsAudit = (output, source) => {
+	if (!output) return [];
+	try {
+		const parsed = JSON.parse(output);
+		const error = parsed.error;
+		if (error?.code === "ENOLOCK") return [{
+			filePath: "package.json",
+			engine: "security",
+			rule: "security/dependency-audit-skipped",
+			severity: "info",
+			message: `Dependency audit skipped (${source}): lockfile is missing`,
+			help: error.detail ?? "Generate a lockfile, then re-run `aislop scan` for dependency vulnerability checks.",
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		}];
+		if (error?.summary || error?.code) return [{
+			filePath: "package.json",
+			engine: "security",
+			rule: "security/dependency-audit-skipped",
+			severity: "info",
+			message: `Dependency audit did not complete (${source})`,
+			help: error.detail ?? error.summary ?? "Re-run dependency audit directly to inspect the underlying error.",
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		}];
+		const advisories = parsed.advisories;
+		if (advisories && typeof advisories === "object") return parseLegacyAdvisories(advisories, source);
+		const vulnerabilities = parsed.vulnerabilities;
+		if (vulnerabilities && typeof vulnerabilities === "object") return parseModernVulnerabilities(vulnerabilities, source);
+		return [];
+	} catch {
+		return [];
+	}
+};
+const runPipAudit = async (rootDir, timeout) => {
+	try {
+		const result = await runSubprocess("pip-audit", ["--format=json"], {
+			cwd: rootDir,
+			timeout
+		});
+		if (!result.stdout) return [];
+		return (JSON.parse(result.stdout).dependencies ?? []).filter((d) => Array.isArray(d.vulns) && d.vulns.length > 0).map((d) => ({
+			filePath: "requirements.txt",
+			engine: "security",
+			rule: "security/vulnerable-dependency",
+			severity: "error",
+			message: `Vulnerable Python dependency: ${d.name}`,
+			help: `Upgrade ${d.name} to fix known vulnerabilities`,
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		}));
+	} catch {
+		return [];
+	}
+};
+const runGovulncheck = async (rootDir, timeout) => {
+	try {
+		const result = await runSubprocess("govulncheck", ["-json", "./..."], {
+			cwd: rootDir,
+			timeout
+		});
+		if (!result.stdout) return [];
+		return parseGovulncheckOutput(result.stdout);
+	} catch {
+		return [];
+	}
+};
+const toGovulnDiagnostic = (entry) => {
+	if (!entry.vulnerability) return null;
+	return {
+		filePath: "go.mod",
+		engine: "security",
+		rule: "security/vulnerable-dependency",
+		severity: "error",
+		message: `Go vulnerability: ${entry.vulnerability.id ?? "unknown"}`,
+		help: entry.vulnerability.details ?? "",
+		line: 0,
+		column: 0,
+		category: "Security",
+		fixable: false
+	};
+};
+const parseGovulncheckOutput = (output) => {
+	const diagnostics = [];
+	for (const line of output.split("\n")) {
+		if (!line.startsWith("{")) continue;
+		let parsed = null;
+		try {
+			parsed = JSON.parse(line);
+		} catch {
+			parsed = null;
+		}
+		if (!parsed) continue;
+		const diagnostic = toGovulnDiagnostic(parsed);
+		if (diagnostic) diagnostics.push(diagnostic);
+	}
+	return diagnostics;
+};
+const runCargoAudit = async (rootDir, timeout) => {
+	try {
+		const result = await runSubprocess("cargo", ["audit", "--json"], {
+			cwd: rootDir,
+			timeout
+		});
+		if (!result.stdout) return [];
+		return (JSON.parse(result.stdout).vulnerabilities?.list ?? []).map((v) => ({
+			filePath: "Cargo.toml",
+			engine: "security",
+			rule: "security/vulnerable-dependency",
+			severity: "error",
+			message: `Rust vulnerability: ${v.advisory?.id ?? "unknown"}`,
+			help: v.advisory?.title ?? "",
+			line: 0,
+			column: 0,
+			category: "Security",
+			fixable: false
+		}));
+	} catch {
+		return [];
+	}
+};
+
+//#endregion
+//#region src/engines/security/risky.ts
+const ev = "eval";
+const Fn = "Function";
+const RISKY_PATTERNS = [
+	{
+		pattern: new RegExp(`\\b${ev}\\s*\\(`, "g"),
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs",
+			".py",
+			".rb",
+			".php"
+		],
+		name: "eval",
+		message: `Use of ${ev}() is a security risk`,
+		help: `Avoid ${ev} — use safer alternatives like JSON.parse, Function constructor, or AST-based approaches`
+	},
+	{
+		pattern: new RegExp(`new\\s+${Fn}\\s*\\(`, "g"),
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs"
+		],
+		name: "new-function",
+		message: `Use of new ${Fn}() is similar to ${ev} and can be a security risk`,
+		help: "Avoid dynamic code execution — refactor to use static code paths"
+	},
+	{
+		pattern: /\.innerHTML\s*=/g,
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx"
+		],
+		name: "innerhtml",
+		message: "Direct innerHTML assignment can lead to XSS",
+		help: "Use textContent, DOM APIs, or a sanitization library instead"
+	},
+	{
+		pattern: /dangerouslySetInnerHTML/g,
+		extensions: [".tsx", ".jsx"],
+		name: "dangerously-set-innerhtml",
+		message: "dangerouslySetInnerHTML can lead to XSS if not sanitized",
+		help: "Ensure the HTML is sanitized with DOMPurify or similar before rendering"
+	},
+	{
+		pattern: /pickle\.loads?\s*\(/g,
+		extensions: [".py"],
+		name: "pickle-load",
+		message: "pickle.load can execute arbitrary code — unsafe deserialization",
+		help: "Use JSON, MessagePack, or other safe serialization formats for untrusted data"
+	},
+	{
+		pattern: new RegExp(`\\bexec\\s*\\(`, "g"),
+		extensions: [".py"],
+		name: "python-exec",
+		message: "Use of exec() can execute arbitrary code",
+		help: "Avoid exec — use safer alternatives"
+	},
+	{
+		pattern: /(?:child_process|subprocess|os\.system|exec|spawn)\s*\([^)]*\$\{/g,
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs",
+			".py"
+		],
+		name: "shell-injection",
+		message: "Possible shell injection — user input in command execution",
+		help: "Use parameterized commands or a safe shell execution library"
+	},
+	{
+		pattern: /(?:query|execute|raw)\s*\(\s*`[^`]*\$\{/g,
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs"
+		],
+		name: "sql-injection",
+		message: "Possible SQL injection — template literal in query",
+		help: "Use parameterized queries or an ORM instead of string interpolation"
+	},
+	{
+		pattern: /(?:query|execute|raw)\s*\(\s*["'][^"']*["']\s*\+/g,
+		extensions: [
+			".ts",
+			".tsx",
+			".js",
+			".jsx",
+			".mjs",
+			".cjs"
+		],
+		name: "sql-injection",
+		message: "Possible SQL injection — string concatenation in query",
+		help: "Use parameterized queries or an ORM instead of string concatenation"
+	}
+];
+const detectRiskyConstructs = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		const ext = path.extname(filePath);
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const normalizedPath = relativePath.split(path.sep).join("/");
+		const isMigrationOrSeeder = /(?:^|\/)(migrations|seeders|seeds|migrate)\//.test(normalizedPath);
+		for (const { pattern, extensions, name, message, help } of RISKY_PATTERNS) {
+			if (!extensions.includes(ext)) continue;
+			if (isMigrationOrSeeder && name === "sql-injection") continue;
+			const regex = new RegExp(pattern.source, pattern.flags);
+			let match;
+			while ((match = regex.exec(content)) !== null) {
+				const line = content.slice(0, match.index).split("\n").length;
+				if (name === "sql-injection") {
+					const afterMatch = content.slice(match.index + match[0].length, match.index + match[0].length + 100);
+					if (/^(?:\w+\.join\s*\(|[A-Z_]+\}|tableName\}|table\})/.test(afterMatch)) continue;
+				}
+				diagnostics.push({
+					filePath: relativePath,
+					engine: "security",
+					rule: `security/${name}`,
+					severity: "error",
+					message,
+					help,
+					line,
+					column: 0,
+					category: "Security",
+					fixable: false
+				});
+			}
+		}
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/security/secrets.ts
+const SECRET_PATTERNS = [
+	{
+		pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*["']([A-Za-z0-9_-]{20,})["']/gi,
+		name: "API key"
+	},
+	{
+		pattern: /AKIA[0-9A-Z]{16}/g,
+		name: "AWS Access Key"
+	},
+	{
+		pattern: /(?:aws[_-]?secret|secret[_-]?key)\s*[:=]\s*["']([A-Za-z0-9/+=]{40})["']/gi,
+		name: "AWS Secret Key"
+	},
+	{
+		pattern: /(?:password|passwd|pwd|secret)\s*[:=]\s*["']([^"']{8,})["']/gi,
+		name: "Hardcoded password/secret"
+	},
+	{
+		pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g,
+		name: "Private key"
+	},
+	{
+		pattern: /eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+		name: "JWT token"
+	},
+	{
+		pattern: /(?:token|bearer)\s*[:=]\s*["']([A-Za-z0-9_-]{20,})["']/gi,
+		name: "Authentication token"
+	},
+	{
+		pattern: /gh[pousr]_[A-Za-z0-9_]{36,}/g,
+		name: "GitHub token"
+	},
+	{
+		pattern: /xox[baprs]-[A-Za-z0-9-]+/g,
+		name: "Slack token"
+	},
+	{
+		pattern: /(?:mongodb|postgres|mysql|redis):\/\/[^"'\s]+:[^"'\s]+@/gi,
+		name: "Database connection string with credentials"
+	}
+];
+const PLACEHOLDER_EXACT = new Set([
+	"changeme",
+	"password",
+	"secret",
+	"xxx",
+	"todo",
+	"replace_me"
+]);
+const isPlaceholderValue = (matchedText) => {
+	if (/env\(/i.test(matchedText)) return true;
+	if (matchedText.includes("process.env")) return true;
+	if (matchedText.includes("os.environ")) return true;
+	if (matchedText.includes("${")) return true;
+	if (matchedText.includes("<") && matchedText.includes(">")) return true;
+	if (/^your_/i.test(matchedText)) return true;
+	if (PLACEHOLDER_EXACT.has(matchedText.toLowerCase())) return true;
+	return false;
+};
+const scanSecrets = async (context) => {
+	const files = getSourceFilesWithExtras(context, [
+		".env",
+		".yaml",
+		".yml",
+		".json",
+		".toml"
+	]);
+	const diagnostics = [];
+	for (const filePath of files) {
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		for (const { pattern, name } of SECRET_PATTERNS) {
+			const regex = new RegExp(pattern.source, pattern.flags);
+			let match;
+			while ((match = regex.exec(content)) !== null) {
+				if (isPlaceholderValue(match[1] ?? match[0])) continue;
+				const line = content.slice(0, match.index).split("\n").length;
+				diagnostics.push({
+					filePath: relativePath,
+					engine: "security",
+					rule: "security/hardcoded-secret",
+					severity: "error",
+					message: `Possible ${name} detected in source code`,
+					help: "Move secrets to environment variables or a secrets manager",
+					line,
+					column: 0,
+					category: "Security",
+					fixable: false
+				});
+			}
+		}
+	}
+	return diagnostics;
+};
+
+//#endregion
+//#region src/engines/security/index.ts
+const securityEngine = {
+	name: "security",
+	async run(context) {
+		const diagnostics = [];
+		const promises = [scanSecrets(context), detectRiskyConstructs(context)];
+		if (context.config.security.audit) promises.push(runDependencyAudit(context));
+		const results = await Promise.allSettled(promises);
+		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
+		return {
+			engine: "security",
+			diagnostics,
+			elapsed: 0,
+			skipped: false
+		};
+	}
+};
+
+//#endregion
+//#region src/engines/orchestrator.ts
+const ALL_ENGINES = [
+	formatEngine,
+	lintEngine,
+	codeQualityEngine,
+	aiSlopEngine,
+	architectureEngine,
+	securityEngine
+];
+const runEngines = async (context, enabledEngines, onStart, onComplete) => {
+	const engines = ALL_ENGINES.filter((e) => enabledEngines[e.name] !== false);
+	return (await Promise.allSettled(engines.map(async (engine) => {
+		onStart?.(engine.name);
+		const start = performance.now();
+		try {
+			const result = await engine.run(context);
+			result.elapsed = performance.now() - start;
+			onComplete?.(result);
+			return result;
+		} catch (error) {
+			const result = {
+				engine: engine.name,
+				diagnostics: [],
+				elapsed: performance.now() - start,
+				skipped: true,
+				skipReason: error instanceof Error ? error.message : String(error)
+			};
+			onComplete?.(result);
+			return result;
+		}
+	}))).map((r, i) => r.status === "fulfilled" ? r.value : {
+		engine: engines[i].name,
+		diagnostics: [],
+		elapsed: 0,
+		skipped: true,
+		skipReason: r.reason instanceof Error ? r.reason.message : String(r.reason)
+	});
+};
+
+//#endregion
+//#region src/output/engine-info.ts
+const ENGINE_INFO = {
+	format: {
+		label: "Formatting",
+		description: "Whitespace, indentation, line wrapping, and import ordering"
+	},
+	lint: {
+		label: "Linting",
+		description: "Static analysis for likely bugs and bad patterns"
+	},
+	"code-quality": {
+		label: "Code Quality",
+		description: "Complexity limits, dead code detection, and duplication checks"
+	},
+	"ai-slop": {
+		label: "Maintainability",
+		description: "Over-abstraction, swallowed errors, and low-signal code patterns"
+	},
+	architecture: {
+		label: "Architecture",
+		description: "Project-specific import and layering rules"
+	},
+	security: {
+		label: "Security",
+		description: "Secret leaks, risky APIs, and dependency vulnerabilities"
+	}
+};
+const getEngineLabel = (engine) => ENGINE_INFO[engine].label;
+
+//#endregion
+//#region src/utils/highlighter.ts
+const highlighter = {
+	error: pc.red,
+	warn: pc.yellow,
+	info: pc.cyan,
+	success: pc.green,
+	dim: pc.dim,
+	bold: pc.bold
+};
+
+//#endregion
+//#region src/utils/logger.ts
+const logger = {
+	error(...args) {
+		console.log(highlighter.error(args.join(" ")));
+	},
+	warn(...args) {
+		console.log(highlighter.warn(args.join(" ")));
+	},
+	info(...args) {
+		console.log(highlighter.info(args.join(" ")));
+	},
+	success(...args) {
+		console.log(highlighter.success(args.join(" ")));
+	},
+	dim(...args) {
+		console.log(highlighter.dim(args.join(" ")));
+	},
+	log(...args) {
+		console.log(args.join(" "));
+	},
+	break() {
+		console.log("");
+	}
+};
+
+//#endregion
+//#region src/version.ts
+/**
+* Application version — injected at build time by tsdown from package.json.
+* The fallback should always match the "version" field in package.json.
+*/
+const APP_VERSION = "0.1.0";
+
+//#endregion
+//#region src/output/layout.ts
+const formatElapsed$1 = (elapsedMs) => elapsedMs < 1e3 ? `${Math.round(elapsedMs)}ms` : `${(elapsedMs / 1e3).toFixed(1)}s`;
+const printCommandHeader = (commandName) => {
+	logger.log(highlighter.bold(`aislop ${commandName}`));
+	logger.log(highlighter.dim(`v${APP_VERSION}`));
+	logger.break();
+};
+const formatProjectSummary = (project) => `Project ${highlighter.info(project.projectName)} (${highlighter.info(project.languages.join(", "))})`;
+const printProjectMetadata = (project) => {
+	logger.log(`  Source files: ${highlighter.info(String(project.sourceFileCount))}`);
+	const frameworks = project.frameworks.filter((framework) => framework !== "none");
+	if (frameworks.length > 0) logger.log(`  Frameworks: ${highlighter.info(frameworks.join(", "))}`);
+	logger.break();
+};
+
+//#endregion
+//#region src/output/pager.ts
+const DEFAULT_COLUMNS = 80;
+const DEFAULT_ROWS = 24;
+const ANSI_PATTERN = new RegExp(String.raw`\u001B\[[0-?]*[ -/]*[@-~]`, "g");
+const stripAnsi = (text) => text.replace(ANSI_PATTERN, "");
+const resolvePagerCommand = () => {
+	const pager = process.env.PAGER?.trim();
+	if (pager) {
+		const [command, ...args] = pager.split(/\s+/);
+		if (command) return {
+			command,
+			args
+		};
+	}
+	return {
+		command: "less",
+		args: [
+			"-R",
+			"-F",
+			"-X"
+		]
+	};
+};
+const writeToStdout = (text) => {
+	process.stdout.write(text);
+};
+const pipeToPager = async (command, args, text) => new Promise((resolve) => {
+	let settled = false;
+	const finish = (success) => {
+		if (settled) return;
+		settled = true;
+		resolve(success);
+	};
+	try {
+		const child = spawn(command, args, {
+			stdio: [
+				"pipe",
+				"inherit",
+				"inherit"
+			],
+			windowsHide: true
+		});
+		child.once("error", () => finish(false));
+		child.once("close", (code) => finish(code === 0));
+		child.stdin?.on("error", () => void 0);
+		child.stdin?.end(text);
+	} catch {
+		finish(false);
+	}
+});
+const countRenderedLines = (text, columns = DEFAULT_COLUMNS) => {
+	const width = Math.max(1, columns);
+	return text.split("\n").reduce((count, line) => {
+		const visibleLine = stripAnsi(line).replaceAll("	", "    ");
+		return count + Math.max(1, Math.ceil(visibleLine.length / width));
+	}, 0);
+};
+const shouldPageOutput = (text, options = {}) => {
+	if (text.trim().length === 0) return false;
+	const stdinIsTTY = options.stdinIsTTY ?? Boolean(process.stdin.isTTY);
+	const stdoutIsTTY = options.stdoutIsTTY ?? Boolean(process.stdout.isTTY);
+	if (!stdinIsTTY || !stdoutIsTTY) return false;
+	const rows = Math.max(1, options.rows ?? process.stdout.rows ?? DEFAULT_ROWS);
+	return countRenderedLines(text, Math.max(1, options.columns ?? process.stdout.columns ?? DEFAULT_COLUMNS)) > rows - 1;
+};
+const printMaybePaged = async (text) => {
+	if (!shouldPageOutput(text)) {
+		writeToStdout(text);
+		return;
+	}
+	const pager = resolvePagerCommand();
+	if (!await pipeToPager(pager.command, pager.args, text)) writeToStdout(text);
+};
+
+//#endregion
+//#region src/output/scan-progress.ts
+const SPINNER_FRAMES = [
+	"⠋",
+	"⠙",
+	"⠹",
+	"⠸",
+	"⠼",
+	"⠴",
+	"⠦",
+	"⠧",
+	"⠇",
+	"⠏"
+];
+const shouldRenderLiveScanProgress = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
+const formatElapsed = (elapsedMs) => elapsedMs < 1e3 ? `${Math.round(elapsedMs)}ms` : `${(elapsedMs / 1e3).toFixed(1)}s`;
+const truncateText = (text, maxLength = 52) => text.length <= maxLength ? text : `${text.slice(0, maxLength - 1)}…`;
+const getIssueSummary = (result) => {
+	const errors = result.diagnostics.filter((d) => d.severity === "error").length;
+	const warnings = result.diagnostics.filter((d) => d.severity === "warning").length;
+	if (errors === 0 && warnings === 0) return `Done (0 issues, ${formatElapsed(result.elapsed)})`;
+	const parts = [];
+	if (errors > 0) parts.push(`${errors} error${errors === 1 ? "" : "s"}`);
+	if (warnings > 0) parts.push(`${warnings} warning${warnings === 1 ? "" : "s"}`);
+	return `Done (${parts.join(", ")}, ${formatElapsed(result.elapsed)})`;
+};
+const getStatusParts = (state, frameIndex) => {
+	if (state.status === "running") return {
+		icon: highlighter.info(SPINNER_FRAMES[frameIndex % SPINNER_FRAMES.length]),
+		detail: highlighter.info("Running")
+	};
+	if (state.status === "done") {
+		const result = state.result;
+		if (!result) return {
+			icon: highlighter.success("✓"),
+			detail: highlighter.dim("Done")
+		};
+		const hasErrors = result.diagnostics.some((d) => d.severity === "error");
+		const hasWarnings = result.diagnostics.some((d) => d.severity === "warning");
+		let icon = highlighter.success("✓");
+		if (hasErrors) icon = highlighter.error("✗");
+		else if (hasWarnings) icon = highlighter.warn("!");
+		return {
+			icon,
+			detail: highlighter.dim(getIssueSummary(result))
+		};
+	}
+	if (state.status === "skipped") {
+		const reason = state.result?.skipReason?.split("\n").find((line) => line.trim().length > 0) ?? "Skipped";
+		return {
+			icon: highlighter.warn("!"),
+			detail: highlighter.dim(`Skipped (${truncateText(reason)})`)
+		};
+	}
+	return {
+		icon: highlighter.dim("○"),
+		detail: highlighter.dim("Waiting")
+	};
+};
+const renderScanProgressBlock = (states, frameIndex) => {
+	if (states.length === 0) return `  ${highlighter.bold("Engines 0/0")} ${highlighter.dim("nothing to run")}\n`;
+	const completedCount = states.filter((state) => state.status === "done" || state.status === "skipped").length;
+	const runningCount = states.filter((state) => state.status === "running").length;
+	const labelWidth = Math.max(...states.map((state) => getEngineLabel(state.engine).length));
+	const headingStatus = completedCount === states.length ? highlighter.dim("complete") : runningCount > 0 ? highlighter.dim(`${runningCount} running`) : highlighter.dim("starting");
+	return `${[`  ${highlighter.bold(`Engines ${completedCount}/${states.length}`)} ${headingStatus}`, ...states.map((state) => {
+		const label = getEngineLabel(state.engine).padEnd(labelWidth, " ");
+		const { icon, detail } = getStatusParts(state, frameIndex);
+		return `    ${icon} ${label}  ${detail}`;
+	})].join("\n")}\n`;
+};
+const clearRenderedLines$1 = (lineCount) => {
+	if (lineCount === 0) return;
+	process.stderr.write(`\u001B[${lineCount}F`);
+	for (let index = 0; index < lineCount; index += 1) {
+		process.stderr.write("\x1B[2K");
+		if (index < lineCount - 1) process.stderr.write("\x1B[1E");
+	}
+	if (lineCount > 1) process.stderr.write(`\u001B[${lineCount - 1}F`);
+};
+var ScanProgressRenderer = class {
+	states;
+	previousLineCount = 0;
+	frameIndex = 0;
+	timer;
+	constructor(engines) {
+		this.states = engines.map((engine) => ({
+			engine,
+			status: "pending"
+		}));
+	}
+	start() {
+		if (!shouldRenderLiveScanProgress()) return;
+		this.render();
+		this.timer = setInterval(() => {
+			this.frameIndex += 1;
+			this.render();
+		}, 100);
+		this.timer.unref();
+	}
+	markStarted(engine) {
+		const state = this.states.find((entry) => entry.engine === engine);
+		if (!state) return;
+		state.status = "running";
+		this.render();
+	}
+	markComplete(result) {
+		const state = this.states.find((entry) => entry.engine === result.engine);
+		if (!state) return;
+		state.status = result.skipped ? "skipped" : "done";
+		state.result = result;
+		this.render();
+	}
+	stop() {
+		if (this.timer) {
+			clearInterval(this.timer);
+			this.timer = void 0;
+		}
+		if (!shouldRenderLiveScanProgress()) return;
+		this.render();
+	}
+	render() {
+		if (!shouldRenderLiveScanProgress()) return;
+		if (this.previousLineCount > 0) clearRenderedLines$1(this.previousLineCount);
+		const output = renderScanProgressBlock(this.states, this.frameIndex);
+		process.stderr.write(output);
+		this.previousLineCount = output.split("\n").length - 1;
+	}
+};
+
+//#endregion
+//#region src/scoring/index.ts
+const PERFECT_SCORE$1 = 100;
+const calculateScore = (diagnostics, weights, thresholds) => {
+	if (diagnostics.length === 0) return {
+		score: PERFECT_SCORE$1,
+		label: "Healthy"
+	};
+	let deductions = 0;
+	for (const d of diagnostics) {
+		const engineWeight = weights[d.engine] ?? 1;
+		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
+		deductions += severityPenalty * engineWeight;
+	}
+	const score = Math.max(0, Math.round(PERFECT_SCORE$1 - PERFECT_SCORE$1 * Math.log1p(deductions) / Math.log1p(PERFECT_SCORE$1 + deductions)));
+	return {
+		score,
+		label: score >= thresholds.good ? "Healthy" : score >= thresholds.ok ? "Needs Work" : "Critical"
+	};
+};
+const getScoreColor = (score, thresholds) => {
+	if (score >= thresholds.good) return "success";
+	if (score >= thresholds.ok) return "warn";
+	return "error";
+};
+
+//#endregion
+//#region src/output/terminal.ts
+const PERFECT_SCORE = 100;
+const groupBy = (items, key) => {
+	const map = /* @__PURE__ */ new Map();
+	for (const item of items) {
+		const k = key(item);
+		const group = map.get(k) ?? [];
+		group.push(item);
+		map.set(k, group);
+	}
+	return map;
+};
+const colorBySeverity = (text, severity) => severity === "error" ? highlighter.error(text) : highlighter.warn(text);
+const colorByScore = (text, score, thresholds) => {
+	return highlighter[getScoreColor(score, thresholds)](text);
+};
+const toElapsedLabel = (elapsedMs) => elapsedMs < 1e3 ? `${Math.round(elapsedMs)}ms` : `${(elapsedMs / 1e3).toFixed(1)}s`;
+const toSeverityLabel = (severity) => {
+	if (severity === "error") return "ERROR";
+	if (severity === "warning") return "WARN";
+	return "INFO";
+};
+const toLocationLabel = (diagnostic) => {
+	const line = diagnostic.line > 0 ? `:${diagnostic.line}` : "";
+	const column = diagnostic.column > 0 ? `:${diagnostic.column}` : "";
+	return `${diagnostic.filePath}${line}${column}`;
+};
+const renderDiagnostics = (diagnostics, verbose) => {
+	const lines = [];
+	const byEngine = groupBy(diagnostics, (d) => d.engine);
+	for (const [engine, engineDiags] of byEngine) {
+		const label = getEngineLabel(engine);
+		lines.push(`  ${highlighter.bold(`➤ ${label}`)}`);
+		const sorted = [...groupBy(engineDiags, (d) => `${d.rule}:${d.message}`).entries()].sort(([, a], [, b]) => {
+			return (a[0].severity === "error" ? 0 : a[0].severity === "warning" ? 1 : 2) - (b[0].severity === "error" ? 0 : b[0].severity === "warning" ? 1 : 2);
+		});
+		for (const [, ruleDiags] of sorted) {
+			const first = ruleDiags[0];
+			const level = toSeverityLabel(first.severity);
+			const count = ruleDiags.length > 1 ? ` (${ruleDiags.length})` : "";
+			const status = colorBySeverity(level, first.severity);
+			lines.push(`    [${status}] ${first.message}${count}`);
+			const locations = verbose ? ruleDiags : ruleDiags.slice(0, 3);
+			for (const diagnostic of locations) lines.push(highlighter.dim(`      ${toLocationLabel(diagnostic)}`));
+			if (!verbose && ruleDiags.length > locations.length) lines.push(highlighter.dim(`      +${ruleDiags.length - locations.length} more location(s), use -d for full list`));
+			if (first.help) lines.push(highlighter.dim(`      ${first.help}`));
+			lines.push("");
+		}
+	}
+	return `${lines.join("\n")}\n`;
+};
+const renderSummary = (diagnostics, scoreResult, elapsedMs, fileCount, thresholds) => {
+	const errorCount = diagnostics.filter((d) => d.severity === "error").length;
+	const warningCount = diagnostics.filter((d) => d.severity === "warning").length;
+	const fixableCount = diagnostics.filter((d) => d.fixable).length;
+	const elapsed = toElapsedLabel(elapsedMs);
+	return `${[
+		highlighter.dim("------------------------------------------------------------"),
+		highlighter.bold("Summary"),
+		`  Score: ${colorByScore(`${scoreResult.score}/${PERFECT_SCORE}`, scoreResult.score, thresholds)} ${colorByScore(`(${scoreResult.label})`, scoreResult.score, thresholds)}`,
+		`  Issues: ${highlighter.error(`${errorCount} error${errorCount === 1 ? "" : "s"}`)}, ${highlighter.warn(`${warningCount} warning${warningCount === 1 ? "" : "s"}`)}`,
+		`  Auto-fixable: ${highlighter.info(String(fixableCount))}`,
+		`  Files: ${highlighter.info(String(fileCount))}`,
+		`  Time: ${highlighter.info(elapsed)}`,
+		highlighter.dim("------------------------------------------------------------")
+	].join("\n")}\n`;
+};
+const printEngineStatus = (result) => {
+	const label = getEngineLabel(result.engine);
+	const elapsed = toElapsedLabel(result.elapsed);
+	if (result.skipped) logger.warn(`  ! ${label}: skipped${result.skipReason ? ` (${result.skipReason})` : ""}`);
+	else if (result.diagnostics.length === 0) logger.success(`  ✓ ${label}: done (0 issues, ${elapsed})`);
+	else {
+		const errors = result.diagnostics.filter((d) => d.severity === "error").length;
+		const warnings = result.diagnostics.filter((d) => d.severity === "warning").length;
+		const parts = [];
+		if (errors > 0) parts.push(`${errors} error${errors === 1 ? "" : "s"}`);
+		if (warnings > 0) parts.push(`${warnings} warning${warnings === 1 ? "" : "s"}`);
+		const statusText = `${parts.join(", ")}, ${elapsed}`;
+		if (errors > 0) logger.error(`  ✗ ${label}: done (${statusText})`);
+		else logger.warn(`  ! ${label}: done (${statusText})`);
+	}
+};
+
+//#endregion
+//#region src/utils/discover.ts
+const LANGUAGE_SIGNALS = {
+	"tsconfig.json": "typescript",
+	"go.mod": "go",
+	"Cargo.toml": "rust",
+	Gemfile: "ruby",
+	"composer.json": "php"
+};
+const PYTHON_SIGNALS = [
+	"requirements.txt",
+	"pyproject.toml",
+	"setup.py",
+	"setup.cfg",
+	"Pipfile",
+	"poetry.lock"
+];
+const JAVA_SIGNALS = [
+	"pom.xml",
+	"build.gradle",
+	"build.gradle.kts"
+];
+const FRAMEWORK_PACKAGES = {
+	next: "nextjs",
+	react: "react",
+	vite: "vite",
+	"@remix-run/react": "remix",
+	expo: "expo"
+};
+const PYTHON_FRAMEWORKS = {
+	django: "django",
+	flask: "flask",
+	fastapi: "fastapi"
+};
+const NEXT_CONFIG_FILENAMES = [
+	"next.config.js",
+	"next.config.mjs",
+	"next.config.ts",
+	"next.config.cjs"
+];
+const readPackageJson = (filePath) => {
+	try {
+		return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+	} catch {
+		return null;
+	}
+};
+const countSourceFiles = (rootDirectory) => getSourceFilesForRoot(rootDirectory).length;
+const detectLanguages = (directory) => {
+	const languages = /* @__PURE__ */ new Set();
+	for (const [file, lang] of Object.entries(LANGUAGE_SIGNALS)) if (fs.existsSync(path.join(directory, file))) languages.add(lang);
+	if (readPackageJson(path.join(directory, "package.json"))) if (fs.existsSync(path.join(directory, "tsconfig.json"))) languages.add("typescript");
+	else languages.add("javascript");
+	for (const signal of PYTHON_SIGNALS) if (fs.existsSync(path.join(directory, signal))) {
+		languages.add("python");
+		break;
+	}
+	for (const signal of JAVA_SIGNALS) if (fs.existsSync(path.join(directory, signal))) {
+		languages.add("java");
+		break;
+	}
+	return [...languages];
+};
+const detectFrameworks = (directory) => {
+	const frameworks = /* @__PURE__ */ new Set();
+	const packageJson = readPackageJson(path.join(directory, "package.json"));
+	if (packageJson) {
+		const allDeps = {
+			...packageJson.dependencies,
+			...packageJson.devDependencies
+		};
+		for (const [pkg, fw] of Object.entries(FRAMEWORK_PACKAGES)) if (allDeps[pkg]) frameworks.add(fw);
+	}
+	for (const configFile of NEXT_CONFIG_FILENAMES) if (fs.existsSync(path.join(directory, configFile))) {
+		frameworks.add("nextjs");
+		break;
+	}
+	const requirementsPath = path.join(directory, "requirements.txt");
+	if (fs.existsSync(requirementsPath)) try {
+		const content = fs.readFileSync(requirementsPath, "utf-8").toLowerCase();
+		for (const [pkg, fw] of Object.entries(PYTHON_FRAMEWORKS)) if (content.includes(pkg)) frameworks.add(fw);
+	} catch {}
+	if (frameworks.size === 0) frameworks.add("none");
+	return [...frameworks];
+};
+const TOOLS_TO_CHECK = [
+	"oxlint",
+	"biome",
+	"ruff",
+	"golangci-lint",
+	"npm",
+	"pnpm",
+	"govulncheck",
+	"gofmt",
+	"pip-audit",
+	"cargo",
+	"clippy-driver",
+	"rustfmt",
+	"rubocop",
+	"phpcs",
+	"php-cs-fixer"
+];
+const checkInstalledTools = async () => {
+	const results = {};
+	await Promise.all(TOOLS_TO_CHECK.map(async (tool) => {
+		results[tool] = await isToolAvailable(tool);
+	}));
+	return results;
+};
+const discoverProject = async (directory) => {
+	const resolvedDir = path.resolve(directory);
+	const languages = detectLanguages(resolvedDir);
+	const frameworks = detectFrameworks(resolvedDir);
+	const sourceFileCount = countSourceFiles(resolvedDir);
+	const installedTools = await checkInstalledTools();
+	return {
+		rootDirectory: resolvedDir,
+		projectName: readPackageJson(path.join(resolvedDir, "package.json"))?.name ?? path.basename(resolvedDir),
+		languages,
+		frameworks,
+		sourceFileCount,
+		installedTools
+	};
+};
+
+//#endregion
+//#region src/utils/git.ts
+const MAX_BUFFER = 50 * 1024 * 1024;
+const getChangedFiles = (cwd, base) => {
+	const result = spawnSync("git", [
+		"diff",
+		"--name-only",
+		"--diff-filter=ACMR",
+		base ?? "HEAD"
+	], {
+		cwd,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER
+	});
+	if (result.error || result.status !== 0) return [];
+	return result.stdout.split("\n").filter((f) => f.length > 0).map((f) => path.resolve(cwd, f));
+};
+const getStagedFiles = (cwd) => {
+	const result = spawnSync("git", [
+		"diff",
+		"--cached",
+		"--name-only",
+		"--diff-filter=ACMR"
+	], {
+		cwd,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER
+	});
+	if (result.error || result.status !== 0) return [];
+	return result.stdout.split("\n").filter((f) => f.length > 0).map((f) => path.resolve(cwd, f));
+};
+
+//#endregion
+//#region src/utils/spinner.ts
+const createNoopHandle = () => ({
+	succeed: () => void 0,
+	fail: () => void 0,
+	stop: () => void 0
+});
+const shouldRenderSpinner = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
+const spinner = (text) => ({ start() {
+	if (!shouldRenderSpinner()) return createNoopHandle();
+	const instance = ora({ text }).start();
+	return {
+		succeed: (displayText) => instance.succeed(displayText),
+		fail: (displayText) => instance.fail(displayText),
+		stop: () => instance.stop()
+	};
+} });
+
+//#endregion
+//#region src/commands/scan.ts
+const shouldUseSpinner = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
+const ALL_ENGINE_NAMES = Object.keys(ENGINE_INFO);
+const scanCommand = async (directory, config, options) => {
+	const startTime = performance.now();
+	const resolvedDir = path.resolve(directory);
+	const showHeader = options.showHeader !== false;
+	const useLiveProgress = !options.json && shouldUseSpinner();
+	if (!options.json && showHeader) printCommandHeader("Scan");
+	const discoverSpinner = options.json || !shouldUseSpinner() || !showHeader ? null : spinner("Discovering project...").start();
+	const projectInfo = await discoverProject(resolvedDir);
+	const projectSummary = formatProjectSummary(projectInfo);
+	if (discoverSpinner) discoverSpinner.succeed(projectSummary);
+	else if (!options.json) logger.success(`  ✓ ${projectSummary}`);
+	if (!options.json) printProjectMetadata(projectInfo);
+	let files;
+	if (options.staged) {
+		files = filterProjectFiles(resolvedDir, getStagedFiles(resolvedDir));
+		if (!options.json) {
+			logger.dim(`  Scope: ${files.length} staged file(s)`);
+			logger.break();
+		}
+	} else if (options.changes) {
+		files = filterProjectFiles(resolvedDir, getChangedFiles(resolvedDir));
+		if (!options.json) {
+			logger.dim(`  Scope: ${files.length} changed file(s)`);
+			logger.break();
+		}
+	}
+	const configDir = findConfigDir(resolvedDir);
+	const rulesPath = configDir ? path.join(configDir, RULES_FILE) : void 0;
+	const engineConfig = {
+		quality: config.quality,
+		security: config.security,
+		architectureRulesPath: config.engines.architecture ? rulesPath : void 0
+	};
+	const progressRenderer = useLiveProgress ? new ScanProgressRenderer(ALL_ENGINE_NAMES.filter((engine) => config.engines[engine] !== false)) : null;
+	progressRenderer?.start();
+	const results = await runEngines({
+		rootDirectory: resolvedDir,
+		languages: projectInfo.languages,
+		frameworks: projectInfo.frameworks,
+		files,
+		installedTools: projectInfo.installedTools,
+		config: engineConfig
+	}, config.engines, (engine) => {
+		progressRenderer?.markStarted(engine);
+	}, (result) => {
+		progressRenderer?.markComplete(result);
+		if (!options.json && !progressRenderer) printEngineStatus(result);
+	});
+	progressRenderer?.stop();
+	const allDiagnostics = results.flatMap((r) => r.diagnostics);
+	const elapsedMs = performance.now() - startTime;
+	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds);
+	const exitCode = scoreResult.score < config.ci.failBelow ? 1 : 0;
+	if (options.json) {
+		const { buildJsonOutput } = await import("./json-L5x3hQdy.js");
+		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
+		console.log(JSON.stringify(jsonOut, null, 2));
+		return { exitCode };
+	}
+	await printMaybePaged([
+		"",
+		allDiagnostics.length === 0 ? `${highlighter.success("  ✓ No issues found.")}\n` : renderDiagnostics(allDiagnostics, options.verbose),
+		renderSummary(allDiagnostics, scoreResult, elapsedMs, projectInfo.sourceFileCount, config.scoring.thresholds),
+		""
+	].join("\n"));
+	return { exitCode };
+};
+
+//#endregion
+//#region src/commands/ci.ts
+const ciCommand = async (directory, config) => {
+	return scanCommand(directory, config, {
+		changes: false,
+		staged: false,
+		verbose: false,
+		json: true
+	});
+};
+
+//#endregion
+//#region src/commands/doctor.ts
+const LANGUAGE_TOOLS = {
+	typescript: [{
+		name: "oxlint",
+		purpose: "Lint (JS/TS)"
+	}, {
+		name: "biome",
+		purpose: "Format (JS/TS)"
+	}],
+	javascript: [{
+		name: "oxlint",
+		purpose: "Lint (JS)"
+	}, {
+		name: "biome",
+		purpose: "Format (JS)"
+	}],
+	python: [{
+		name: "ruff",
+		purpose: "Lint + Format (Python)"
+	}, {
+		name: "pip-audit",
+		purpose: "Dependency vulnerability scan (Python)"
+	}],
+	go: [
+		{
+			name: "golangci-lint",
+			purpose: "Lint (Go)"
+		},
+		{
+			name: "gofmt",
+			purpose: "Format (Go)"
+		},
+		{
+			name: "govulncheck",
+			purpose: "Dependency vulnerability scan (Go)"
+		}
+	],
+	rust: [{
+		name: "cargo",
+		purpose: "Lint + Format (Rust)"
+	}],
+	java: [],
+	ruby: [{
+		name: "rubocop",
+		purpose: "Lint + Format (Ruby)"
+	}],
+	php: [{
+		name: "phpcs",
+		purpose: "Lint (PHP)"
+	}, {
+		name: "php-cs-fixer",
+		purpose: "Format (PHP)"
+	}]
+};
+const printProjectDetails = (projectInfo) => {
+	logger.success(`  ✓ ${formatProjectSummary(projectInfo)}`);
+	printProjectMetadata(projectInfo);
+	logger.log("  Checks");
+	logger.break();
+};
+const createToolReporter = () => {
+	let allGood = true;
+	const seenTools = /* @__PURE__ */ new Set();
+	const reportTool = (name, purpose, options = { installed: false }) => {
+		if (seenTools.has(name)) return;
+		seenTools.add(name);
+		if (options.installed) {
+			const sourceLabel = options.bundled ? " (bundled)" : "";
+			logger.success(`  ✓ ${name}${sourceLabel} — ${purpose}`);
+			return;
+		}
+		logger.warn(`  ✗ ${name} — ${purpose} (not installed)`);
+		allGood = false;
+	};
+	return {
+		reportTool,
+		isAllGood: () => allGood
+	};
+};
+const reportBundledTools = () => {
+	logger.success("  ✓ oxlint (bundled)");
+	logger.success("  ✓ biome (bundled)");
+	logger.success("  ✓ knip (bundled)");
+};
+const reportLanguageTools = (projectInfo, reportTool) => {
+	for (const lang of projectInfo.languages) for (const tool of LANGUAGE_TOOLS[lang] ?? []) {
+		if (tool.name === "oxlint" || tool.name === "biome") continue;
+		reportTool(tool.name, tool.purpose, {
+			installed: projectInfo.installedTools[tool.name] === true,
+			bundled: isBundledTool(tool.name)
+		});
+	}
+};
+const reportJsAuditTool = (resolvedDir, projectInfo, reportTool) => {
+	if (!(projectInfo.languages.includes("typescript") || projectInfo.languages.includes("javascript"))) return;
+	const hasPnpmLock = fs.existsSync(path.join(resolvedDir, "pnpm-lock.yaml"));
+	const hasNpmLock = fs.existsSync(path.join(resolvedDir, "package-lock.json"));
+	if (hasPnpmLock) {
+		reportTool("pnpm", "Dependency vulnerability scan (JS/TS via pnpm audit)", { installed: projectInfo.installedTools["pnpm"] === true });
+		return;
+	}
+	if (hasNpmLock || fs.existsSync(path.join(resolvedDir, "package.json"))) reportTool("npm", "Dependency vulnerability scan (JS/TS via npm audit)", { installed: projectInfo.installedTools["npm"] === true });
+};
+const reportFrameworkTools = (projectInfo, reportTool) => {
+	if (!projectInfo.frameworks.includes("expo")) return;
+	const hasExpoDoctor = isNodePackageAvailable("expo-doctor");
+	reportTool("expo-doctor", "Expo project health checks", {
+		installed: hasExpoDoctor,
+		bundled: hasExpoDoctor
+	});
+};
+const printDoctorConclusion = (allGood) => {
+	logger.break();
+	if (allGood) logger.success("  All tools are available. You're good to go!");
+	else {
+		logger.warn("  Some tools are missing. Install them for full coverage.");
+		logger.dim("  Missing tools will be skipped during scans.");
+	}
+	logger.break();
+};
+const doctorCommand = async (directory) => {
+	const resolvedDir = path.resolve(directory);
+	printCommandHeader("Doctor");
+	const projectInfo = await discoverProject(resolvedDir);
+	printProjectDetails(projectInfo);
+	const { reportTool, isAllGood } = createToolReporter();
+	reportBundledTools();
+	reportLanguageTools(projectInfo, reportTool);
+	reportJsAuditTool(resolvedDir, projectInfo, reportTool);
+	reportFrameworkTools(projectInfo, reportTool);
+	printDoctorConclusion(isAllGood());
+};
+
+//#endregion
+//#region src/commands/fix.ts
+const uniqueFiles = (diagnostics) => [...new Set(diagnostics.map((d) => d.filePath))];
+const uniqueFileCount = (diagnostics) => uniqueFiles(diagnostics).length;
+const getFilePreviewLines = (title, files, verbose) => {
+	if (files.length === 0) return [];
+	const lines = [highlighter.dim(`    ${title}: ${files.length} file(s)`)];
+	const preview = verbose ? files : files.slice(0, 5);
+	for (const file of preview) lines.push(highlighter.dim(`      ${file}`));
+	if (!verbose && files.length > preview.length) lines.push(highlighter.dim(`      +${files.length - preview.length} more file(s), use -d for full list`));
+	return lines;
+};
+const getReasonLines = (reason) => {
+	return {
+		firstLine: reason.split("\n").find((line) => line.trim().length > 0) ?? reason,
+		printable: reason
+	};
+};
+const getStepStatusLine = (result, name, elapsedLabel) => {
+	if (result.failed) return highlighter.error(`  ✗ ${name}: failed (${result.afterIssues} issue${result.afterIssues === 1 ? "" : "s"} remain, ${elapsedLabel})`);
+	if (result.beforeIssues === 0) return highlighter.success(`  ✓ ${name}: done (0 issues, ${elapsedLabel})`);
+	if (result.afterIssues === 0) return highlighter.success(`  ✓ ${name}: done (${result.resolvedIssues} resolved across ${result.beforeFiles} file(s), ${elapsedLabel})`);
+	if (result.resolvedIssues > 0) return highlighter.warn(`  ! ${name}: done (${result.resolvedIssues} resolved, ${result.afterIssues} remaining, ${elapsedLabel})`);
+	return highlighter.warn(`  ! ${name}: done (no auto-fix changes, ${result.afterIssues} issue${result.afterIssues === 1 ? "" : "s"}, ${elapsedLabel})`);
+};
+const runFixStep = async (name, detect, applyFix, options) => {
+	const stepStart = performance.now();
+	const before = await detect();
+	let applyError = null;
+	try {
+		await applyFix();
+	} catch (error) {
+		applyError = error;
+	}
+	const after = await detect();
+	const elapsedMs = performance.now() - stepStart;
+	const result = {
+		name,
+		beforeIssues: before.length,
+		afterIssues: after.length,
+		resolvedIssues: Math.max(0, before.length - after.length),
+		beforeFiles: uniqueFileCount(before),
+		failed: applyError !== null && before.length === after.length,
+		elapsedMs
+	};
+	const lines = [getStepStatusLine(result, name, formatElapsed$1(result.elapsedMs))];
+	if (applyError) {
+		const reasonLines = getReasonLines(applyError instanceof Error ? applyError.message : String(applyError));
+		const reasonToPrint = options.verbose ? reasonLines.printable : reasonLines.firstLine;
+		for (const line of reasonToPrint.split("\n")) lines.push(highlighter.dim(`      ${line}`));
+		if (!options.verbose && reasonLines.printable !== reasonToPrint) lines.push(highlighter.dim("      Re-run with -d for full tool output."));
+	}
+	lines.push(...getFilePreviewLines("Affected", uniqueFiles(before), options.verbose));
+	if (after.length > 0) lines.push(...getFilePreviewLines("Remaining", uniqueFiles(after), options.verbose));
+	await printMaybePaged(`${lines.join("\n")}\n\n`);
+	return result;
+};
+const createEngineContext = (rootDirectory, projectInfo, config) => ({
+	rootDirectory,
+	languages: projectInfo.languages,
+	frameworks: projectInfo.frameworks,
+	installedTools: projectInfo.installedTools,
+	config: {
+		quality: config.quality,
+		security: config.security
+	}
+});
+const summarizeFixRun = (steps) => {
+	const totals = steps.reduce((acc, step) => {
+		acc.beforeIssues += step.beforeIssues;
+		acc.afterIssues += step.afterIssues;
+		acc.resolvedIssues += step.resolvedIssues;
+		if (step.failed) acc.failedSteps += 1;
+		return acc;
+	}, {
+		beforeIssues: 0,
+		afterIssues: 0,
+		resolvedIssues: 0,
+		failedSteps: 0
+	});
+	if (totals.failedSteps > 0) {
+		logger.log(`  Fix summary: checked ${steps.length} step(s), resolved ${totals.resolvedIssues} issue(s).`);
+		logger.warn(`  ${totals.failedSteps} step(s) reported tool errors; unresolved issue count is unknown for failed steps.`);
+	} else logger.log(`  Fix summary: checked ${steps.length} step(s), resolved ${totals.resolvedIssues} issue(s), remaining ${totals.afterIssues}.`);
+	if (totals.failedSteps === 0 && totals.beforeIssues > 0 && totals.resolvedIssues === 0) logger.dim("  No auto-fixable changes were applied. Current findings are likely manual-fix categories.");
+};
+const fixCommand = async (directory, config, options = {
+	verbose: false,
+	showHeader: true
+}) => {
+	const resolvedDir = path.resolve(directory);
+	if (options.showHeader !== false) printCommandHeader("Fix");
+	const projectInfo = await discoverProject(resolvedDir);
+	logger.success(`  ✓ ${formatProjectSummary(projectInfo)}`);
+	printProjectMetadata(projectInfo);
+	const context = createEngineContext(resolvedDir, projectInfo, config);
+	const steps = [];
+	if (config.engines.format) {
+		if (projectInfo.languages.includes("typescript") || projectInfo.languages.includes("javascript")) steps.push(await runFixStep("JS/TS formatting", () => runBiomeFormat(context), () => fixBiomeFormat(context), options));
+		if (projectInfo.languages.includes("python") && projectInfo.installedTools.ruff) steps.push(await runFixStep("Python formatting", () => runRuffFormat(context), () => fixRuffFormat(resolvedDir), options));
+		else if (projectInfo.languages.includes("python")) logger.warn("  Python detected but ruff is not installed; skipping Python formatting fixes.");
+		if (projectInfo.languages.includes("go") && projectInfo.installedTools.gofmt) steps.push(await runFixStep("Go formatting", () => runGofmt(context), () => fixGofmt(resolvedDir), options));
+		else if (projectInfo.languages.includes("go")) logger.warn("  Go detected but gofmt is not installed; skipping Go formatting fixes.");
+	}
+	if (config.engines.lint) {
+		if (projectInfo.languages.includes("typescript") || projectInfo.languages.includes("javascript")) steps.push(await runFixStep("JS/TS lint fixes", () => runOxlint(context), () => fixOxlint(context), options));
+		if (projectInfo.languages.includes("python") && projectInfo.installedTools.ruff) steps.push(await runFixStep("Python lint fixes", () => runRuffLint(context), () => fixRuffLint(resolvedDir), options));
+		else if (projectInfo.languages.includes("python")) logger.warn("  Python detected but ruff is not installed; skipping Python lint fixes.");
+	}
+	if (steps.length === 0) logger.dim("  No applicable auto-fixers found for this project.");
+	else {
+		logger.break();
+		summarizeFixRun(steps);
+	}
+	logger.break();
+	logger.success("  ✓ Done. Run `aislop scan` to verify.");
+	logger.break();
+};
+
+//#endregion
+//#region src/commands/init.ts
+const initCommand = async (directory) => {
+	const resolvedDir = path.resolve(directory);
+	printCommandHeader("Init");
+	const s1 = spinner("Detecting project...").start();
+	const projectInfo = await discoverProject(resolvedDir);
+	s1.stop();
+	logger.success(`  ✓ ${formatProjectSummary(projectInfo)}`);
+	printProjectMetadata(projectInfo);
+	const configDir = path.join(resolvedDir, CONFIG_DIR);
+	if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+	const configPath = path.join(configDir, CONFIG_FILE);
+	if (fs.existsSync(configPath)) logger.dim(`  ${CONFIG_DIR}/${CONFIG_FILE} already exists, skipping`);
+	else {
+		fs.writeFileSync(configPath, DEFAULT_CONFIG_YAML);
+		spinner(`Creating ${CONFIG_DIR}/${CONFIG_FILE}...`).start().succeed(`Created ${highlighter.info(`${CONFIG_DIR}/${CONFIG_FILE}`)}`);
+	}
+	const rulesPath = path.join(configDir, RULES_FILE);
+	if (fs.existsSync(rulesPath)) logger.dim(`  ${CONFIG_DIR}/${RULES_FILE} already exists, skipping`);
+	else {
+		fs.writeFileSync(rulesPath, DEFAULT_RULES_YAML);
+		spinner(`Creating ${CONFIG_DIR}/${RULES_FILE}...`).start().succeed(`Created ${highlighter.info(`${CONFIG_DIR}/${RULES_FILE}`)}`);
+	}
+	logger.break();
+	logger.log("  Next steps:");
+	logger.dim("  1. Edit .aislop/config.yml to customize engines and thresholds");
+	logger.dim("  2. Edit .aislop/rules.yml to add architecture rules");
+	logger.dim("  3. Run `aislop scan` to see your score");
+	logger.dim("  4. Add `aislop scan --staged` to your pre-commit hook");
+	logger.break();
+};
+
+//#endregion
+//#region src/commands/rules.ts
+const BUILTIN_RULES = [
+	{
+		engine: "format",
+		rules: [
+			"formatting",
+			"import-order",
+			"python-formatting",
+			"go-formatting",
+			"rust-formatting"
+		]
+	},
+	{
+		engine: "lint",
+		rules: [
+			"oxlint/*",
+			"ruff/*",
+			"go/*",
+			"clippy/*",
+			"rubocop/*"
+		]
+	},
+	{
+		engine: "code-quality",
+		rules: [
+			"knip/files",
+			"knip/exports",
+			"knip/types",
+			"complexity/file-too-large",
+			"complexity/function-too-long",
+			"complexity/deep-nesting",
+			"complexity/too-many-params"
+		]
+	},
+	{
+		engine: "ai-slop",
+		rules: [
+			"ai-slop/trivial-comment",
+			"ai-slop/swallowed-exception",
+			"ai-slop/thin-wrapper",
+			"ai-slop/generic-naming",
+			"ai-slop/unused-import",
+			"ai-slop/console-leftover",
+			"ai-slop/todo-stub",
+			"ai-slop/unreachable-code",
+			"ai-slop/constant-condition",
+			"ai-slop/empty-function",
+			"ai-slop/unsafe-type-assertion",
+			"ai-slop/double-type-assertion",
+			"ai-slop/ts-directive"
+		]
+	},
+	{
+		engine: "security",
+		rules: [
+			"security/hardcoded-secret",
+			"security/vulnerable-dependency",
+			"security/eval",
+			"security/innerhtml",
+			"security/sql-injection",
+			"security/shell-injection"
+		]
+	}
+];
+const rulesCommand = async (directory) => {
+	const resolvedDir = path.resolve(directory);
+	printCommandHeader("Rules");
+	const lines = ["  Rule sets", ""];
+	for (const { engine, rules } of BUILTIN_RULES) {
+		lines.push(`  ${highlighter.bold(engine)}`);
+		for (const rule of rules) lines.push(highlighter.dim(`    ${rule}`));
+		lines.push("");
+	}
+	const configDir = findConfigDir(resolvedDir);
+	if (configDir) {
+		const archRules = loadArchitectureRules(path.join(configDir, RULES_FILE));
+		if (archRules.length > 0) {
+			lines.push(`  ${highlighter.bold("architecture")} (from .aislop/rules.yml)`);
+			for (const rule of archRules) lines.push(highlighter.dim(`    arch/${rule.name} (${rule.severity})`));
+			lines.push("");
+		}
+	}
+	await printMaybePaged(`${lines.join("\n")}\n`);
+};
+
+//#endregion
+//#region src/commands/interactive.ts
+const MENU_OPTIONS = [
+	{
+		key: "1",
+		action: "scan",
+		label: "Scan",
+		description: "Analyze code quality and risk"
+	},
+	{
+		key: "2",
+		action: "fix",
+		label: "Fix",
+		description: "Apply safe auto-fixes"
+	},
+	{
+		key: "3",
+		action: "init",
+		label: "Init",
+		description: "Create aislop config files"
+	},
+	{
+		key: "4",
+		action: "doctor",
+		label: "Doctor",
+		description: "Check toolchain and coverage"
+	},
+	{
+		key: "5",
+		action: "rules",
+		label: "Rules",
+		description: "List all rule families"
+	},
+	{
+		key: "Q",
+		action: "quit",
+		label: "Quit",
+		description: "Exit"
+	}
+];
+const MENU_LABEL_WIDTH = Math.max(...MENU_OPTIONS.map((option) => option.label.length));
+const clearRenderedLines = (lineCount) => {
+	if (lineCount === 0) return;
+	process.stdout.write(`\u001B[${lineCount}F`);
+	for (let index = 0; index < lineCount; index += 1) {
+		process.stdout.write("\x1B[2K");
+		if (index < lineCount - 1) process.stdout.write("\x1B[1E");
+	}
+	if (lineCount > 1) process.stdout.write(`\u001B[${lineCount - 1}F`);
+};
+const parseInteractiveActionInput = (input) => {
+	switch (input.trim().toLowerCase()) {
+		case "1":
+		case "scan":
+		case "s": return "scan";
+		case "2":
+		case "fix":
+		case "f": return "fix";
+		case "3":
+		case "init":
+		case "i": return "init";
+		case "4":
+		case "doctor":
+		case "d": return "doctor";
+		case "5":
+		case "rules":
+		case "r": return "rules";
+		case "q":
+		case "quit": return "quit";
+		default: return null;
+	}
+};
+const moveInteractiveSelection = (currentIndex, direction) => {
+	const nextIndex = currentIndex + direction;
+	if (nextIndex < 0) return MENU_OPTIONS.length - 1;
+	if (nextIndex >= MENU_OPTIONS.length) return 0;
+	return nextIndex;
+};
+const renderInteractiveMenu = (selectedIndex) => {
+	return `${[
+		highlighter.bold(`aislop v${APP_VERSION}`),
+		highlighter.dim("Use ↑↓ or 1-5, Enter select, q quit, Ctrl+C exit"),
+		"",
+		...MENU_OPTIONS.map((option, index) => {
+			const cursor = index === selectedIndex ? "➤" : " ";
+			const paddedLabel = option.label.padEnd(MENU_LABEL_WIDTH, " ");
+			const label = index === selectedIndex ? highlighter.bold(paddedLabel) : paddedLabel;
+			return `${cursor} ${option.key}. ${label}  ${option.description}`;
+		}),
+		""
+	].join("\n")}\n`;
+};
+const promptForAction = async () => new Promise((resolve) => {
+	let selectedIndex = 0;
+	let renderedLineCount = 0;
+	const render = () => {
+		if (renderedLineCount > 0) clearRenderedLines(renderedLineCount);
+		const output = renderInteractiveMenu(selectedIndex);
+		process.stdout.write(output);
+		renderedLineCount = output.split("\n").length - 1;
+	};
+	const cleanup = () => {
+		process.stdin.removeListener("keypress", onKeypress);
+		if (process.stdin.isTTY) process.stdin.setRawMode(false);
+		process.stdin.pause();
+	};
+	const finish = (action) => {
+		cleanup();
+		resolve(action);
+	};
+	const onKeypress = (str, key) => {
+		if (key.ctrl && key.name === "c") {
+			process.stdout.write("\n");
+			finish("quit");
+			return;
+		}
+		if (key.name === "up") {
+			selectedIndex = moveInteractiveSelection(selectedIndex, -1);
+			render();
+			return;
+		}
+		if (key.name === "down") {
+			selectedIndex = moveInteractiveSelection(selectedIndex, 1);
+			render();
+			return;
+		}
+		if (key.name === "return" || key.name === "enter") {
+			finish(MENU_OPTIONS[selectedIndex].action);
+			return;
+		}
+		const action = parseInteractiveActionInput(str);
+		if (action) finish(action);
+	};
+	emitKeypressEvents(process.stdin);
+	if (process.stdin.isTTY) process.stdin.setRawMode(true);
+	process.stdin.resume();
+	process.stdin.on("keypress", onKeypress);
+	render();
+});
+const promptForNextAction = async () => new Promise((resolve) => {
+	const message = "\nNext: Enter menu, 1-5 run another command, q quit. ";
+	const cleanup = () => {
+		process.stdin.removeListener("keypress", onKeypress);
+		if (process.stdin.isTTY) process.stdin.setRawMode(false);
+		process.stdin.pause();
+	};
+	const finish = (action) => {
+		cleanup();
+		process.stdout.write("\n");
+		resolve(action);
+	};
+	const onKeypress = (str, key) => {
+		if (key.ctrl && key.name === "c") {
+			finish("quit");
+			return;
+		}
+		if (key.name === "return" || key.name === "enter") {
+			finish("menu");
+			return;
+		}
+		const action = parseInteractiveActionInput(str);
+		if (action) finish(action);
+	};
+	process.stdout.write(message);
+	emitKeypressEvents(process.stdin);
+	if (process.stdin.isTTY) process.stdin.setRawMode(true);
+	process.stdin.resume();
+	process.stdin.on("keypress", onKeypress);
+});
+const runInteractiveAction = async (action, directory, config) => {
+	switch (action) {
+		case "scan":
+			await scanCommand(directory, config, {
+				changes: false,
+				staged: false,
+				verbose: false,
+				json: false,
+				showHeader: false
+			});
+			return;
+		case "fix":
+			await fixCommand(directory, config, {
+				verbose: false,
+				showHeader: false
+			});
+			return;
+		case "init":
+			await initCommand(directory);
+			return;
+		case "doctor":
+			await doctorCommand(directory);
+			return;
+		case "rules":
+			await rulesCommand(directory);
+			return;
+		case "quit": return;
+	}
+};
+const interactiveCommand = async (directory, config) => {
+	let action = "menu";
+	while (true) {
+		if (action === "menu") action = await promptForAction();
+		if (action === "quit") return;
+		if (process.stdout.isTTY) process.stdout.write("\x1B[2J\x1B[H");
+		await runInteractiveAction(action, directory, config);
+		action = await promptForNextAction();
+		if (action === "menu" && process.stdout.isTTY) process.stdout.write("\x1B[2J\x1B[H");
+	}
+};
+
+//#endregion
+//#region src/cli.ts
+process.on("SIGINT", () => process.exit(0));
+process.on("SIGTERM", () => process.exit(0));
+const program = new Command().name("aislop").description("The unified code quality CLI").version(APP_VERSION, "-v, --version").argument("[directory]", "project directory to scan", ".").option("--changes", "only scan changed files (git diff)").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON instead of terminal UI").action(async (directory, flags) => {
+	const config = loadConfig(directory);
+	if (!flags.changes && !flags.staged && !flags.verbose && !flags.json && process.stdin.isTTY) try {
+		await interactiveCommand(directory, config);
+		return;
+	} catch {}
+	const { exitCode } = await scanCommand(directory, config, {
+		changes: Boolean(flags.changes),
+		staged: Boolean(flags.staged),
+		verbose: Boolean(flags.verbose),
+		json: Boolean(flags.json)
+	});
+	if (exitCode !== 0) process.exit(exitCode);
+}).addHelpText("after", `
+${highlighter.dim("Commands:")}
+  aislop scan [dir]      Full code quality scan
+  aislop fix [dir]       Auto-fix formatting and lint issues
+  aislop init [dir]      Initialize aislop config
+  aislop doctor [dir]    Check installed tools
+  aislop ci [dir]        CI-friendly JSON output
+  aislop rules [dir]     List all rules
+
+${highlighter.dim("Examples:")}
+  aislop                 Interactive menu
+  aislop scan            Scan entire project
+  aislop scan -d         Scan with file/line details
+  aislop scan --changes  Scan only changed files
+  aislop scan --staged   Scan only staged files (for hooks)
+  aislop fix             Auto-fix issues
+  aislop ci              JSON output for CI pipelines
+`);
+program.command("scan [directory]").description("Run full code quality scan").option("--changes", "only scan changed files").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON").action(async (directory = ".", _flags, command) => {
+	const flags = command.optsWithGlobals();
+	const { exitCode } = await scanCommand(directory, loadConfig(directory), {
+		changes: Boolean(flags.changes),
+		staged: Boolean(flags.staged),
+		verbose: Boolean(flags.verbose),
+		json: Boolean(flags.json)
+	});
+	if (exitCode !== 0) process.exit(exitCode);
+});
+program.command("fix [directory]").description("Auto-fix formatting and lint issues").option("-d, --verbose", "show detailed fix progress").action(async (directory = ".", _flags, command) => {
+	const flags = command.optsWithGlobals();
+	await fixCommand(directory, loadConfig(directory), { verbose: Boolean(flags.verbose) });
+});
+program.command("init [directory]").description("Initialize aislop config in project").action(async (directory = ".") => {
+	await initCommand(directory);
+});
+program.command("doctor [directory]").description("Check installed tools and environment").action(async (directory = ".") => {
+	await doctorCommand(directory);
+});
+program.command("ci [directory]").description("CI-friendly JSON output with exit codes").action(async (directory = ".") => {
+	const { exitCode } = await ciCommand(directory, loadConfig(directory));
+	if (exitCode !== 0) process.exit(exitCode);
+});
+program.command("rules [directory]").description("List all available rules").action(async (directory = ".") => {
+	await rulesCommand(directory);
+});
+const main = async () => {
+	await program.parseAsync();
+};
+main();
+
+//#endregion
+export { ENGINE_INFO as n, runSubprocess as r, APP_VERSION as t };