aislop 0.1.1 → 0.1.3

package/README.md

@@ -217,8 +217,6 @@ Custom import and path rules defined in `.aislop/rules.yml`.
 
 ---
 
-## Scoring
-
 Every diagnostic contributes a weighted penalty:
 
 | Severity | Penalty |
@@ -227,7 +225,7 @@ Every diagnostic contributes a weighted penalty:
 | Warning | 1.0 |
 | Info | 0.25 |
 
-Penalties are multiplied by engine weight (configurable, security defaults to 2x). The final score uses logarithmic scaling so a few issues cause a noticeable drop, but the score does not collapse to zero from minor findings.
+Penalties are multiplied by engine weight (configurable, security defaults to 2x). The final score uses logarithmic scaling with issue-density normalization (relative to source file count), so a few issues still matter but a single finding in an otherwise clean project remains proportional.
 
 | Score | Label |
 |---|---|
@@ -356,4 +354,4 @@ See [SECURITY.md](SECURITY.md) for reporting vulnerabilities.
 
 ## License
 
-[MIT](LICENSE) -- see the [LICENSE](LICENSE) file.
+[MIT](LICENSE) -- see the [LICENSE](LICENSE) file.

package/dist/cli.js

@@ -46,7 +46,8 @@ const DEFAULT_CONFIG = {
 		thresholds: {
 			good: 75,
 			ok: 50
-		}
+		},
+		smoothing: 10
 	},
 	ci: {
 		failBelow: 0,
@@ -146,7 +147,8 @@ const ScoringSchema = z.object({
 	thresholds: ThresholdsSchema.default(() => ({
 		good: 75,
 		ok: 50
-	}))
+	})),
+	smoothing: z.number().nonnegative().default(10)
 });
 const CiSchema = z.object({
 	failBelow: z.number().default(0),
@@ -178,7 +180,8 @@ const AislopConfigSchema = z.object({
 		thresholds: {
 			good: 75,
 			ok: 50
-		}
+		},
+		smoothing: 10
 	})),
 	ci: CiSchema.default(() => ({
 		failBelow: 0,
@@ -1279,10 +1282,7 @@ const FUNCTION_PATTERNS = [
 		]
 	}
 ];
-const countParams = (paramStr) => {
-	if (!paramStr.trim()) return 0;
-	return paramStr.split(",").length;
-};
+const countParams = (p) => p.trim() ? p.split(",").length : 0;
 const matchFunctionOnLine = (line, ext) => {
 	for (let i = 0; i < FUNCTION_PATTERNS.length; i++) {
 		const pattern = FUNCTION_PATTERNS[i];
@@ -2760,7 +2760,7 @@ const RISKY_PATTERNS = [
 		help: "Avoid dynamic code execution — refactor to use static code paths"
 	},
 	{
-		pattern: /\.innerHTML\s*=/g,
+		pattern: new RegExp(`\\.innerHTML\\s*=`, "g"),
 		extensions: [
 			".ts",
 			".tsx",
@@ -2857,6 +2857,10 @@ const detectRiskyConstructs = async (context) => {
 			let match;
 			while ((match = regex.exec(content)) !== null) {
 				const line = content.slice(0, match.index).split("\n").length;
+				if (name === "innerhtml") {
+					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
+					if (/(?:template|tmpl|tpl)$/i.test(beforeMatch.trimEnd()) || /createElement\s*\(\s*['"]template['"]\s*\)$/.test(beforeMatch.trimEnd())) continue;
+				}
 				if (name === "sql-injection") {
 					const afterMatch = content.slice(match.index + match[0].length, match.index + match[0].length + 100);
 					if (/^(?:\w+\.join\s*\(|[A-Z_]+\}|tableName\}|table\})/.test(afterMatch)) continue;
@@ -3114,7 +3118,7 @@ const logger = {
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.1.1";
+const APP_VERSION = "0.1.3";
 
 //#endregion
 //#region src/output/layout.ts
@@ -3340,7 +3344,12 @@ var ScanProgressRenderer = class {
 //#endregion
 //#region src/scoring/index.ts
 const PERFECT_SCORE$1 = 100;
-const calculateScore = (diagnostics, weights, thresholds) => {
+const getEffectiveFileCount = (diagnostics, sourceFileCount) => {
+	if (typeof sourceFileCount === "number" && sourceFileCount > 0) return sourceFileCount;
+	const filesWithDiagnostics = new Set(diagnostics.map((d) => d.filePath)).size;
+	return Math.max(1, filesWithDiagnostics);
+};
+const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoothing) => {
 	if (diagnostics.length === 0) return {
 		score: PERFECT_SCORE$1,
 		label: "Healthy"
@@ -3351,7 +3360,11 @@ const calculateScore = (diagnostics, weights, thresholds) => {
 		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
 		deductions += severityPenalty * engineWeight;
 	}
-	const score = Math.max(0, Math.round(PERFECT_SCORE$1 - PERFECT_SCORE$1 * Math.log1p(deductions) / Math.log1p(PERFECT_SCORE$1 + deductions)));
+	const effectiveFileCount = getEffectiveFileCount(diagnostics, sourceFileCount);
+	const smoothingConstant = typeof smoothing === "number" ? smoothing : 10;
+	const issueDensity = Math.min(1, diagnostics.length / (effectiveFileCount + smoothingConstant));
+	const scaledDeductions = deductions * Math.sqrt(issueDensity);
+	const score = Math.max(0, Math.round(PERFECT_SCORE$1 - PERFECT_SCORE$1 * Math.log1p(scaledDeductions) / Math.log1p(PERFECT_SCORE$1 + scaledDeductions)));
 	return {
 		score,
 		label: score >= thresholds.good ? "Healthy" : score >= thresholds.ok ? "Needs Work" : "Critical"
@@ -3767,8 +3780,8 @@ const scanCommand = async (directory, config, options) => {
 	progressRenderer?.stop();
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
-	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds);
-	const exitCode = scoreResult.score < config.ci.failBelow ? 1 : 0;
+	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds, projectInfo.sourceFileCount, config.scoring.smoothing);
+	const exitCode = allDiagnostics.some((d) => d.severity === "error") || scoreResult.score < config.ci.failBelow ? 1 : 0;
 	if (!isTelemetryDisabled(config.telemetry?.enabled)) {
 		const engineIssues = {};
 		const engineTimings = {};

package/dist/{engine-info-Bw_OOj3G.js → engine-info-Bi8pE12U.js}

@@ -3,7 +3,7 @@
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.1.1";
+const APP_VERSION = "0.1.3";
 
 //#endregion
 //#region src/output/engine-info.ts

package/dist/index.d.ts

@@ -30,6 +30,7 @@ declare const AislopConfigSchema: z.ZodObject<{
       good: z.ZodDefault<z.ZodNumber>;
       ok: z.ZodDefault<z.ZodNumber>;
     }, z.core.$strip>>;
+    smoothing: z.ZodDefault<z.ZodNumber>;
   }, z.core.$strip>>;
   ci: z.ZodDefault<z.ZodObject<{
     failBelow: z.ZodDefault<z.ZodNumber>;
@@ -114,6 +115,6 @@ interface ScoreResult {
 declare const calculateScore: (diagnostics: Diagnostic[], weights: Record<string, number>, thresholds: {
   good: number;
   ok: number;
-}) => ScoreResult;
+}, sourceFileCount?: number, smoothing?: number) => ScoreResult;
 //#endregion
 export { type AislopConfig, type Diagnostic, type EngineName, type EngineResult, type Framework, type Language, type ProjectInfo, type ScoreResult, type Severity, calculateScore, discoverProject, doctorCommand, fixCommand, initCommand, loadConfig, scanCommand };

package/dist/index.js

@@ -1,4 +1,4 @@
-import { n as getEngineLabel, r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bw_OOj3G.js";
+import { n as getEngineLabel, r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bi8pE12U.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-99puEEGl.js";
 import { createRequire } from "node:module";
 import fs from "node:fs";
@@ -1273,7 +1273,8 @@ const DEFAULT_CONFIG = {
 		thresholds: {
 			good: 75,
 			ok: 50
-		}
+		},
+		smoothing: 10
 	},
 	ci: {
 		failBelow: 0,
@@ -1373,7 +1374,8 @@ const ScoringSchema = z.object({
 	thresholds: ThresholdsSchema.default(() => ({
 		good: 75,
 		ok: 50
-	}))
+	})),
+	smoothing: z.number().nonnegative().default(10)
 });
 const CiSchema = z.object({
 	failBelow: z.number().default(0),
@@ -1405,7 +1407,8 @@ const AislopConfigSchema = z.object({
 		thresholds: {
 			good: 75,
 			ok: 50
-		}
+		},
+		smoothing: 10
 	})),
 	ci: CiSchema.default(() => ({
 		failBelow: 0,
@@ -2392,10 +2395,7 @@ const FUNCTION_PATTERNS = [
 		]
 	}
 ];
-const countParams = (paramStr) => {
-	if (!paramStr.trim()) return 0;
-	return paramStr.split(",").length;
-};
+const countParams = (p) => p.trim() ? p.split(",").length : 0;
 const matchFunctionOnLine = (line, ext) => {
 	for (let i = 0; i < FUNCTION_PATTERNS.length; i++) {
 		const pattern = FUNCTION_PATTERNS[i];
@@ -3358,7 +3358,7 @@ const RISKY_PATTERNS = [
 		help: "Avoid dynamic code execution — refactor to use static code paths"
 	},
 	{
-		pattern: /\.innerHTML\s*=/g,
+		pattern: new RegExp(`\\.innerHTML\\s*=`, "g"),
 		extensions: [
 			".ts",
 			".tsx",
@@ -3455,6 +3455,10 @@ const detectRiskyConstructs = async (context) => {
 			let match;
 			while ((match = regex.exec(content)) !== null) {
 				const line = content.slice(0, match.index).split("\n").length;
+				if (name === "innerhtml") {
+					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
+					if (/(?:template|tmpl|tpl)$/i.test(beforeMatch.trimEnd()) || /createElement\s*\(\s*['"]template['"]\s*\)$/.test(beforeMatch.trimEnd())) continue;
+				}
 				if (name === "sql-injection") {
 					const afterMatch = content.slice(match.index + match[0].length, match.index + match[0].length + 100);
 					if (/^(?:\w+\.join\s*\(|[A-Z_]+\}|tableName\}|table\})/.test(afterMatch)) continue;
@@ -3772,7 +3776,12 @@ var ScanProgressRenderer = class {
 //#endregion
 //#region src/scoring/index.ts
 const PERFECT_SCORE$1 = 100;
-const calculateScore = (diagnostics, weights, thresholds) => {
+const getEffectiveFileCount = (diagnostics, sourceFileCount) => {
+	if (typeof sourceFileCount === "number" && sourceFileCount > 0) return sourceFileCount;
+	const filesWithDiagnostics = new Set(diagnostics.map((d) => d.filePath)).size;
+	return Math.max(1, filesWithDiagnostics);
+};
+const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoothing) => {
 	if (diagnostics.length === 0) return {
 		score: PERFECT_SCORE$1,
 		label: "Healthy"
@@ -3783,7 +3792,11 @@ const calculateScore = (diagnostics, weights, thresholds) => {
 		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
 		deductions += severityPenalty * engineWeight;
 	}
-	const score = Math.max(0, Math.round(PERFECT_SCORE$1 - PERFECT_SCORE$1 * Math.log1p(deductions) / Math.log1p(PERFECT_SCORE$1 + deductions)));
+	const effectiveFileCount = getEffectiveFileCount(diagnostics, sourceFileCount);
+	const smoothingConstant = typeof smoothing === "number" ? smoothing : 10;
+	const issueDensity = Math.min(1, diagnostics.length / (effectiveFileCount + smoothingConstant));
+	const scaledDeductions = deductions * Math.sqrt(issueDensity);
+	const score = Math.max(0, Math.round(PERFECT_SCORE$1 - PERFECT_SCORE$1 * Math.log1p(scaledDeductions) / Math.log1p(PERFECT_SCORE$1 + scaledDeductions)));
 	return {
 		score,
 		label: score >= thresholds.good ? "Healthy" : score >= thresholds.ok ? "Needs Work" : "Critical"
@@ -3967,8 +3980,8 @@ const scanCommand = async (directory, config, options) => {
 	progressRenderer?.stop();
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
-	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds);
-	const exitCode = scoreResult.score < config.ci.failBelow ? 1 : 0;
+	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds, projectInfo.sourceFileCount, config.scoring.smoothing);
+	const exitCode = allDiagnostics.some((d) => d.severity === "error") || scoreResult.score < config.ci.failBelow ? 1 : 0;
 	if (!isTelemetryDisabled(config.telemetry?.enabled)) {
 		const engineIssues = {};
 		const engineTimings = {};
@@ -3987,7 +4000,7 @@ const scanCommand = async (directory, config, options) => {
 		});
 	}
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-SHDiefXX.js");
+		const { buildJsonOutput } = await import("./json-66-1kHeg.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return { exitCode };

package/dist/{json-SHDiefXX.js → json-66-1kHeg.js}

@@ -1,4 +1,4 @@
-import { r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bw_OOj3G.js";
+import { r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bi8pE12U.js";
 
 //#region src/output/json.ts
 const buildJsonOutput = (results, scoreResult, fileCount, elapsedMs) => {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "aislop",
-	"version": "0.1.1",
+	"version": "0.1.3",
 	"description": "Stop AI slop from shipping. A unified code quality CLI that catches the lazy patterns AI coding tools leave behind.",
 	"type": "module",
 	"bin": {