aislop 0.10.0 → 0.10.1

package/dist/cli.js

@@ -34,7 +34,7 @@ var __exportAll = (all, no_symbols) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.10.0";
+const APP_VERSION = "0.10.1";
 
 //#endregion
 //#region src/telemetry/env.ts
@@ -183,7 +183,7 @@ const redactProperties = (props) => {
 const POSTHOG_HOST = process.env.AISLOP_POSTHOG_HOST ?? "https://eu.i.posthog.com";
 const POSTHOG_KEY = process.env.AISLOP_POSTHOG_KEY ?? "phc_eY2cOMFva9q24GrWeOuvuVIOhCIdjOALxeAR3ItrqbJ";
 const SCHEMA_VERSION = "v2";
-const REQUEST_TIMEOUT_MS = 3e3;
+const REQUEST_TIMEOUT_MS$1 = 3e3;
 const isTelemetryDisabled = (config) => {
 	const env = process.env;
 	if (env.AISLOP_NO_TELEMETRY === "1" || env.DO_NOT_TRACK === "1") return true;
@@ -237,7 +237,7 @@ const track = (input) => {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
 		body: JSON.stringify(payload),
-		signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+		signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS$1)
 	}).then(() => {}).catch(() => {}).finally(() => {
 		pendingRequests.delete(request);
 	});
@@ -836,6 +836,218 @@ const loadConfig = (directory) => {
 	}
 };
 
+//#endregion
+//#region src/utils/source-masker.ts
+const JS_EXTS$2 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const PY_EXTS = new Set([".py"]);
+const RB_EXTS = new Set([".rb"]);
+const PHP_EXTS = new Set([".php"]);
+const familyForExt = (ext) => {
+	if (JS_EXTS$2.has(ext)) return "js";
+	if (PY_EXTS.has(ext)) return "py";
+	if (RB_EXTS.has(ext)) return "rb";
+	if (PHP_EXTS.has(ext)) return "php";
+	return "none";
+};
+const maskStringsAndComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, true);
+	return maskSimple(content, family, true);
+};
+const maskComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, false);
+	return maskSimple(content, family, false);
+};
+const handleQuotesAndComments = (content, i, tplStack, mask, maskStrings) => {
+	const len = content.length;
+	const c = content[i];
+	const next = content[i + 1];
+	if (c === "\"" || c === "'") {
+		const strStart = i;
+		const end = consumeQuotedString(content, i, c);
+		if (maskStrings) mask(strStart + 1, end - 1);
+		return {
+			handled: true,
+			nextI: end
+		};
+	}
+	if (c === "`") {
+		const scan = consumeTemplateString(content, i + 1);
+		if (maskStrings) mask(i + 1, scan.maskEnd);
+		if (scan.openedInterp) tplStack.push(0);
+		return {
+			handled: true,
+			nextI: scan.resumeAt
+		};
+	}
+	if (c === "/" && next === "/") {
+		const strStart = i;
+		let k = i;
+		while (k < len && content[k] !== "\n") k++;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	if (c === "/" && next === "*") {
+		const strStart = i;
+		let k = i + 2;
+		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
+		if (k < len - 1) k += 2;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	return {
+		handled: false,
+		nextI: i
+	};
+};
+const maskJs = (content, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	const tplStack = [];
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		if (tplStack.length > 0) {
+			if (c === "{") {
+				tplStack[tplStack.length - 1]++;
+				i++;
+				continue;
+			}
+			if (c === "}") {
+				if (tplStack[tplStack.length - 1] === 0) {
+					tplStack.pop();
+					const scan = consumeTemplateString(content, i + 1);
+					if (maskStrings) mask(i + 1, scan.maskEnd);
+					if (scan.openedInterp) tplStack.push(0);
+					i = scan.resumeAt;
+					continue;
+				}
+				tplStack[tplStack.length - 1]--;
+				i++;
+				continue;
+			}
+		}
+		const handled = handleQuotesAndComments(content, i, tplStack, mask, maskStrings);
+		if (handled.handled) {
+			i = handled.nextI;
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+const consumeQuotedString = (content, start, quote) => {
+	const len = content.length;
+	let i = start + 1;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === quote) return i + 1;
+		if (c === "\n") return i;
+		i++;
+	}
+	return i;
+};
+const consumeTemplateString = (content, start) => {
+	const len = content.length;
+	let i = start;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === "`") return {
+			maskEnd: i,
+			resumeAt: i + 1,
+			openedInterp: false
+		};
+		if (c === "$" && content[i + 1] === "{") return {
+			maskEnd: i,
+			resumeAt: i + 2,
+			openedInterp: true
+		};
+		i++;
+	}
+	return {
+		maskEnd: i,
+		resumeAt: i,
+		openedInterp: false
+	};
+};
+const maskSimple = (content, family, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		const next = content[i + 1];
+		if (family === "py" && (c === "\"" || c === "'")) {
+			if (content[i + 1] === c && content[i + 2] === c) {
+				const triple = c + c + c;
+				const end = content.indexOf(triple, i + 3);
+				const stop = end === -1 ? len : end + 3;
+				if (maskStrings) mask(i + 3, stop - 3);
+				i = stop;
+				continue;
+			}
+		}
+		if (c === "\"" || c === "'") {
+			const strStart = i;
+			i = consumeQuotedString(content, i, c);
+			if (maskStrings) mask(strStart + 1, i - 1);
+			continue;
+		}
+		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "/") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "*") {
+			const strStart = i;
+			i += 2;
+			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+			if (i < len - 1) i += 2;
+			mask(strStart, i);
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+
 //#endregion
 //#region src/utils/source-files.ts
 const MAX_BUFFER$1 = 50 * 1024 * 1024;
@@ -1086,7 +1298,7 @@ const getSourceFilesWithExtras = (context, extraExtensions) => {
 
 //#endregion
 //#region src/engines/ai-slop/abstractions.ts
-const JS_EXTS$2 = new Set([
+const JS_EXTS$1 = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -1097,11 +1309,11 @@ const JS_EXTS$2 = new Set([
 const THIN_WRAPPER_PATTERNS = [
 	{
 		pattern: /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
-		extensions: JS_EXTS$2
+		extensions: JS_EXTS$1
 	},
 	{
 		pattern: /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
-		extensions: JS_EXTS$2
+		extensions: JS_EXTS$1
 	},
 	{
 		pattern: /def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm,
@@ -1194,8 +1406,9 @@ const detectOverAbstraction = async (context) => {
 		}
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		const ext = path.extname(filePath);
-		diagnostics.push(...detectThinWrappers(content, relativePath, ext));
-		diagnostics.push(...detectAiNaming(content, relativePath));
+		const codeOnly = maskComments(content, ext);
+		diagnostics.push(...detectThinWrappers(codeOnly, relativePath, ext));
+		diagnostics.push(...detectAiNaming(codeOnly, relativePath));
 	}
 	return diagnostics;
 };
@@ -1551,9 +1764,10 @@ const detectDeadPatterns = async (context) => {
 		}
 		const ext = path.extname(filePath);
 		const relativePath = path.relative(context.rootDirectory, filePath);
-		diagnostics.push(...detectConsoleLeftovers(content, relativePath, ext));
+		const codeOnly = maskComments(content, ext);
+		diagnostics.push(...detectConsoleLeftovers(codeOnly, relativePath, ext));
 		diagnostics.push(...detectTodoStubs(content, relativePath));
-		diagnostics.push(...detectDeadCodePatterns(content, relativePath, ext));
+		diagnostics.push(...detectDeadCodePatterns(codeOnly, relativePath, ext));
 		diagnostics.push(...detectUnsafeTypePatterns(content, relativePath, ext));
 	}
 	return diagnostics;
@@ -1743,6 +1957,7 @@ const JS_EXTENSIONS$3 = new Set([
 const IMPORT_FROM_RE$1 = /^\s*import\s+([^;]*?)\s+from\s+["']([^"']+)["']/;
 const TYPE_ONLY_RE = /^\s*type\b/;
 const VALUE_BINDING_RE = /\{([^}]*)\}/;
+const NAMESPACE_RE = /\*\s+as\s+/;
 const isTypeOnly = (clause) => {
 	if (TYPE_ONLY_RE.test(clause)) return true;
 	const braces = VALUE_BINDING_RE.exec(clause);
@@ -1760,7 +1975,8 @@ const extractImportLines = (content) => {
 		results.push({
 			spec: match[2],
 			line: i + 1,
-			typeOnly: isTypeOnly(match[1])
+			typeOnly: isTypeOnly(match[1]),
+			namespace: NAMESPACE_RE.test(match[1])
 		});
 	}
 	return results;
@@ -1777,11 +1993,11 @@ const detectDuplicateImports = async (context) => {
 		} catch {
 			continue;
 		}
-		const imports = extractImportLines(content);
+		const imports = extractImportLines(maskComments(content, path.extname(filePath)));
 		if (imports.length < 2) continue;
 		const byBucket = /* @__PURE__ */ new Map();
 		for (const imp of imports) {
-			const key = `${imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
+			const key = `${imp.namespace ? "ns" : imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
 			const list = byBucket.get(key) ?? [];
 			list.push(imp);
 			byBucket.set(key, list);
@@ -2148,7 +2364,7 @@ const detectHardcodedConfigLiterals = async (context) => {
 		}
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		const ext = path.extname(filePath);
-		diagnostics.push(...scanFileForConfigLiterals(content, relativePath, ext));
+		diagnostics.push(...scanFileForConfigLiterals(maskComments(content, ext), relativePath, ext));
 	}
 	return diagnostics;
 };
@@ -3654,7 +3870,7 @@ const detectRustPatterns = async (context) => {
 
 //#endregion
 //#region src/engines/ai-slop/silent-recovery.ts
-const JS_EXTS$1 = new Set([
+const JS_EXTS = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -3783,7 +3999,7 @@ const detectSilentRecovery = async (context) => {
 	for (const filePath of files) {
 		if (isAutoGenerated(filePath)) continue;
 		const ext = path.extname(filePath);
-		const isJs = JS_EXTS$1.has(ext);
+		const isJs = JS_EXTS.has(ext);
 		if (!isJs && !(ext === ".py")) continue;
 		const relPath = path.relative(context.rootDirectory, filePath);
 		if (isNonProductionPath(relPath)) continue;
@@ -4263,12 +4479,92 @@ const findBraceFunctionEnd = (lines, startIndex) => {
 		maxNesting
 	};
 };
-const findPythonFunctionEnd = (lines, startIndex) => {
-	const baseIndent = lines[startIndex].match(/^(\s*)/)?.[1].length ?? 0;
-	let endLine = startIndex;
+const extractPythonSignature = (lines, startIndex) => {
+	let depth = 0;
+	let started = false;
+	let params = "";
+	for (let j = startIndex; j < lines.length; j++) {
+		const l = lines[j];
+		for (let ci = 0; ci < l.length; ci++) {
+			const ch = l[ci];
+			if (ch === "(") {
+				depth++;
+				if (depth === 1 && !started) {
+					started = true;
+					continue;
+				}
+			} else if (ch === ")") {
+				depth--;
+				if (depth === 0) return {
+					params,
+					sigEndIndex: j
+				};
+			}
+			if (started) params += ch;
+		}
+		if (started) params += " ";
+	}
+	return {
+		params,
+		sigEndIndex: startIndex
+	};
+};
+const countPythonParams = (signature) => {
+	let depth = 0;
+	const parts = [];
+	let current = "";
+	for (const ch of signature) {
+		if (ch === "(" || ch === "[" || ch === "{") depth++;
+		else if (ch === ")" || ch === "]" || ch === "}") depth--;
+		if (ch === "," && depth === 0) {
+			parts.push(current);
+			current = "";
+			continue;
+		}
+		current += ch;
+	}
+	parts.push(current);
+	let count = 0;
+	for (const raw of parts) {
+		const p = raw.trim();
+		if (p.length === 0 || p === "*" || p === "/") continue;
+		if (p.startsWith("*")) continue;
+		if (p.includes("=")) continue;
+		const name = p.split(":")[0].trim();
+		if (name === "self" || name === "cls") continue;
+		count++;
+	}
+	return count;
+};
+const countPythonBodyCodeLines = (lines, sigEndIndex, endLine) => {
+	let count = 0;
+	let inDoc = false;
+	let delim = "";
+	for (let j = sigEndIndex + 1; j <= endLine && j < lines.length; j++) {
+		const t = lines[j].trim();
+		if (inDoc) {
+			if (t.includes(delim)) inDoc = false;
+			continue;
+		}
+		if (t === "" || t.startsWith("#")) continue;
+		const opener = t.startsWith("\"\"\"") ? "\"\"\"" : t.startsWith("'''") ? "'''" : "";
+		if (opener) {
+			if (!t.slice(3).includes(opener)) {
+				inDoc = true;
+				delim = opener;
+			}
+			continue;
+		}
+		count++;
+	}
+	return count;
+};
+const findPythonFunctionEnd = (lines, defIndex, bodyStartIndex) => {
+	const baseIndent = lines[defIndex].match(/^(\s*)/)?.[1].length ?? 0;
+	let endLine = bodyStartIndex;
 	let maxNesting = 0;
 	const controlIndentStack = [];
-	for (let j = startIndex + 1; j < lines.length; j++) {
+	for (let j = bodyStartIndex + 1; j < lines.length; j++) {
 		const l = lines[j];
 		if (l.trim() === "") {
 			endLine = j;
@@ -4290,7 +4586,10 @@ const findPythonFunctionEnd = (lines, startIndex) => {
 	};
 };
 const findFunctionEnd = (lines, startIndex, isPython) => {
-	if (isPython) return findPythonFunctionEnd(lines, startIndex);
+	if (isPython) {
+		const { sigEndIndex } = extractPythonSignature(lines, startIndex);
+		return findPythonFunctionEnd(lines, startIndex, sigEndIndex);
+	}
 	return findBraceFunctionEnd(lines, startIndex);
 };
 const isBlockArrow = (lines, startIndex) => {
@@ -4355,7 +4654,7 @@ const FUNCTION_PATTERNS = [
 		]
 	},
 	{
-		regex: /^\s*def\s+(\w+)\s*\(([^)]*)\)/,
+		regex: /^\s*(?:async\s+)?def\s+(\w+)\s*\(/,
 		langFilter: [".py"]
 	},
 	{
@@ -4412,14 +4711,23 @@ const analyzeFunctions = (content, ext) => {
 		const isPython = fnMatch.patternIndex === 2;
 		if (fnMatch.patternIndex === 1 && !isBlockArrow(lines, i)) continue;
 		const { endLine, maxNesting } = findFunctionEnd(lines, i, isPython);
-		const bodyLines = lines.slice(i + 1, endLine);
-		const templateLines = isPython ? 0 : countTemplateLines(bodyLines);
+		let templateLines;
+		let paramCount;
+		if (isPython) {
+			const sig = extractPythonSignature(lines, i);
+			const codeLines = countPythonBodyCodeLines(lines, sig.sigEndIndex, endLine);
+			templateLines = endLine - i + 1 - codeLines;
+			paramCount = countPythonParams(sig.params);
+		} else {
+			templateLines = countTemplateLines(lines.slice(i + 1, endLine));
+			paramCount = countParams(fnMatch.params);
+		}
 		functions.push({
 			name: fnMatch.name,
 			startLine: i + 1,
 			lineCount: endLine - i + 1,
 			maxNesting,
-			paramCount: countParams(fnMatch.params),
+			paramCount,
 			templateLines
 		});
 	}
@@ -6629,212 +6937,6 @@ const runCargoAudit = async (rootDir, timeout) => {
 	}
 };
 
-//#endregion
-//#region src/utils/source-masker.ts
-const JS_EXTS = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs"
-]);
-const PY_EXTS = new Set([".py"]);
-const RB_EXTS = new Set([".rb"]);
-const PHP_EXTS = new Set([".php"]);
-const familyForExt = (ext) => {
-	if (JS_EXTS.has(ext)) return "js";
-	if (PY_EXTS.has(ext)) return "py";
-	if (RB_EXTS.has(ext)) return "rb";
-	if (PHP_EXTS.has(ext)) return "php";
-	return "none";
-};
-const maskStringsAndComments = (content, ext) => {
-	const family = familyForExt(ext);
-	if (family === "none") return content;
-	if (family === "js") return maskJs(content);
-	return maskSimple(content, family);
-};
-const handleQuotesAndComments = (content, i, tplStack, mask) => {
-	const len = content.length;
-	const c = content[i];
-	const next = content[i + 1];
-	if (c === "\"" || c === "'") {
-		const strStart = i;
-		const end = consumeQuotedString(content, i, c);
-		mask(strStart + 1, end - 1);
-		return {
-			handled: true,
-			nextI: end
-		};
-	}
-	if (c === "`") {
-		const scan = consumeTemplateString(content, i + 1);
-		mask(i + 1, scan.maskEnd);
-		if (scan.openedInterp) tplStack.push(0);
-		return {
-			handled: true,
-			nextI: scan.resumeAt
-		};
-	}
-	if (c === "/" && next === "/") {
-		const strStart = i;
-		let k = i;
-		while (k < len && content[k] !== "\n") k++;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	if (c === "/" && next === "*") {
-		const strStart = i;
-		let k = i + 2;
-		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
-		if (k < len - 1) k += 2;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	return {
-		handled: false,
-		nextI: i
-	};
-};
-const maskJs = (content) => {
-	const out = content.split("");
-	const len = content.length;
-	const tplStack = [];
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		if (tplStack.length > 0) {
-			if (c === "{") {
-				tplStack[tplStack.length - 1]++;
-				i++;
-				continue;
-			}
-			if (c === "}") {
-				if (tplStack[tplStack.length - 1] === 0) {
-					tplStack.pop();
-					const scan = consumeTemplateString(content, i + 1);
-					mask(i + 1, scan.maskEnd);
-					if (scan.openedInterp) tplStack.push(0);
-					i = scan.resumeAt;
-					continue;
-				}
-				tplStack[tplStack.length - 1]--;
-				i++;
-				continue;
-			}
-		}
-		const handled = handleQuotesAndComments(content, i, tplStack, mask);
-		if (handled.handled) {
-			i = handled.nextI;
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
-const consumeQuotedString = (content, start, quote) => {
-	const len = content.length;
-	let i = start + 1;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === quote) return i + 1;
-		if (c === "\n") return i;
-		i++;
-	}
-	return i;
-};
-const consumeTemplateString = (content, start) => {
-	const len = content.length;
-	let i = start;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === "`") return {
-			maskEnd: i,
-			resumeAt: i + 1,
-			openedInterp: false
-		};
-		if (c === "$" && content[i + 1] === "{") return {
-			maskEnd: i,
-			resumeAt: i + 2,
-			openedInterp: true
-		};
-		i++;
-	}
-	return {
-		maskEnd: i,
-		resumeAt: i,
-		openedInterp: false
-	};
-};
-const maskSimple = (content, family) => {
-	const out = content.split("");
-	const len = content.length;
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		const next = content[i + 1];
-		if (family === "py" && (c === "\"" || c === "'")) {
-			if (content[i + 1] === c && content[i + 2] === c) {
-				const triple = c + c + c;
-				const end = content.indexOf(triple, i + 3);
-				const stop = end === -1 ? len : end + 3;
-				mask(i + 3, stop - 3);
-				i = stop;
-				continue;
-			}
-		}
-		if (c === "\"" || c === "'") {
-			const strStart = i;
-			i = consumeQuotedString(content, i, c);
-			mask(strStart + 1, i - 1);
-			continue;
-		}
-		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "/") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "*") {
-			const strStart = i;
-			i += 2;
-			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
-			if (i < len - 1) i += 2;
-			mask(strStart, i);
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
-
 //#endregion
 //#region src/engines/security/risky.ts
 const ev = "eval";
@@ -7109,6 +7211,7 @@ const scanSecrets = async (context) => {
 		} catch {
 			continue;
 		}
+		content = maskComments(content, path.extname(filePath));
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		for (const { pattern, name, keywordPrefixed } of SECRET_PATTERNS) {
 			const regex = new RegExp(pattern.source, pattern.flags);
@@ -11730,7 +11833,7 @@ const runNpmAuditFix = async (rootDir, onProgress) => {
 	});
 	if (installResult.exitCode !== 0) throw new Error(installResult.stderr || installResult.stdout || "npm install failed after audit fix");
 };
-const fetchLatestVersion = async (rootDir, pkgName, pm) => {
+const fetchLatestVersion$1 = async (rootDir, pkgName, pm) => {
 	try {
 		const result = await runSubprocess(pm, [
 			"view",
@@ -11750,7 +11853,7 @@ const collectOverrides = async (rootDir, vulnerabilities, pm) => {
 	const overrides = {};
 	for (const [pkgName, vuln] of Object.entries(vulnerabilities)) {
 		if (vuln.fixAvailable !== false || !vuln.range) continue;
-		const latest = await fetchLatestVersion(rootDir, pkgName, pm);
+		const latest = await fetchLatestVersion$1(rootDir, pkgName, pm);
 		if (latest) overrides[pkgName] = latest;
 	}
 	return overrides;
@@ -12713,6 +12816,86 @@ const trendCommand = (directory, limit) => {
 	}));
 };
 
+//#endregion
+//#region src/update-notifier.ts
+const REGISTRY_URL = "https://registry.npmjs.org/aislop/latest";
+const CHECK_INTERVAL_MS = 1440 * 60 * 1e3;
+const REQUEST_TIMEOUT_MS = 2e3;
+const CACHE_BASENAME = "update_check.json";
+const isUpdateNotifierDisabled = (env = process.env) => {
+	if (env.AISLOP_NO_UPDATE_NOTIFIER === "1") return true;
+	if (env.NO_UPDATE_NOTIFIER === "1") return true;
+	if (env.DO_NOT_TRACK === "1") return true;
+	return isCiEnv(env);
+};
+const resolveUpdateCachePath = (homedir = os.homedir(), env = process.env) => {
+	if (process.platform === "linux" && env.XDG_STATE_HOME) return path.join(env.XDG_STATE_HOME, "aislop", CACHE_BASENAME);
+	return path.join(homedir, ".aislop", CACHE_BASENAME);
+};
+const parseVersion = (raw) => {
+	const m = raw.trim().replace(/^v/, "").split(/[-+]/, 1)[0].match(/^(\d+)\.(\d+)\.(\d+)$/);
+	if (!m) return null;
+	return {
+		major: Number(m[1]),
+		minor: Number(m[2]),
+		patch: Number(m[3])
+	};
+};
+const isOutdated = (current, latest) => {
+	const c = parseVersion(current);
+	const l = parseVersion(latest);
+	if (!c || !l) return false;
+	if (l.major !== c.major) return l.major > c.major;
+	if (l.minor !== c.minor) return l.minor > c.minor;
+	return l.patch > c.patch;
+};
+const formatUpdateNotice = (current, latest) => `\nUpdate available: ${current} -> ${latest}. Run npx aislop@latest to upgrade.\n`;
+const readCache = (cachePath) => {
+	try {
+		const parsed = JSON.parse(fs.readFileSync(cachePath, "utf-8"));
+		if (typeof parsed?.latest === "string" && typeof parsed?.checkedAt === "number") return {
+			latest: parsed.latest,
+			checkedAt: parsed.checkedAt
+		};
+		return null;
+	} catch {
+		return null;
+	}
+};
+const writeCache = (cachePath, cache) => {
+	try {
+		fs.mkdirSync(path.dirname(cachePath), { recursive: true });
+		fs.writeFileSync(cachePath, JSON.stringify(cache));
+		return true;
+	} catch {
+		return false;
+	}
+};
+const fetchLatestVersion = async () => {
+	try {
+		const res = await fetch(REGISTRY_URL, { signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS) });
+		if (!res.ok) return null;
+		const data = await res.json();
+		return typeof data.version === "string" ? data.version : null;
+	} catch {
+		return null;
+	}
+};
+const maybeNotifyUpdate = async (now = Date.now()) => {
+	if (isUpdateNotifierDisabled()) return;
+	if (!process.stderr.isTTY) return;
+	const cachePath = resolveUpdateCachePath();
+	const cache = readCache(cachePath);
+	if (cache && isOutdated(APP_VERSION, cache.latest)) process.stderr.write(formatUpdateNotice(APP_VERSION, cache.latest));
+	if (!cache || now - cache.checkedAt > CHECK_INTERVAL_MS) {
+		const latest = await fetchLatestVersion();
+		if (latest) writeCache(cachePath, {
+			latest,
+			checkedAt: now
+		});
+	}
+};
+
 //#endregion
 //#region src/cli.ts
 process.on("SIGINT", () => process.exit(0));
@@ -12966,6 +13149,7 @@ const main = async () => {
 	fireInstalledOnce();
 	await program.parseAsync();
 	await flushTelemetry();
+	await maybeNotifyUpdate();
 };
 main();