npm - aislop - Versions diffs - 0.10.0 → 0.10.2 - Mend

aislop 0.10.0 → 0.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +56 -8
package/dist/cli.js +1145 -631
package/dist/{expo-doctor-BcIkOte5.js → expo-doctor-c-jE6pR2.js} +1 -1
package/dist/{generic-D_T4cUaC.js → generic-BsQa13CS.js} +1 -1
package/dist/index.d.ts +10 -1
package/dist/index.js +3094 -2664
package/dist/{json-DaFOYHcf.js → json-B01i-GOz.js} +7 -5
package/dist/{json-OIzja7OM.js → json-CXV4D0Ib.js} +5 -3
package/dist/mcp.js +656 -470
package/dist/{sarif-BtSQ92c6.js → sarif-cy5SiDDq.js} +1 -1
package/dist/{typecheck-DQSzG8fX.js → typecheck-BdQ7uFyK.js} +1 -1
package/dist/version-BfJVwhN2.js +5 -0
package/package.json +8 -11
package/dist/version-DYg_ShBx.js +0 -5
/package/dist/{engine-info-DCvIfZ0f.js → engine-info-Cpt36DqZ.js} +0 -0
/package/dist/{subprocess-CQUJDGgn.js → subprocess-0uXz8HdE.js} +0 -0

package/dist/mcp.js CHANGED Viewed

@@ -16,6 +16,10 @@ import { fileURLToPath } from "node:url";
 import os from "node:os";
 import { randomUUID } from "node:crypto";
+//#region src/version.ts
+const APP_VERSION = "0.10.2";
+//#endregion
 //#region src/config/defaults.ts
 const DEFAULT_CONFIG = {
 	version: 1,
@@ -68,6 +72,22 @@ const DEFAULT_CONFIG = {
 	telemetry: { enabled: true },
 	rules: {}
 };
+const DEFAULT_GITHUB_WORKFLOW_YAML = `name: aislop
+on:
+  push:
+    branches: [main]
+  pull_request:
+jobs:
+  quality-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: scanaislop/aislop@v${APP_VERSION}
+        with:
+          version: ${APP_VERSION}
+`;
 //#endregion
 //#region src/config/extends.ts
@@ -512,7 +532,7 @@ const getSourceFilesWithExtras = (context, extraExtensions) => {
 };
 //#endregion
-//#region src/engines/ai-slop/abstractions.ts
+//#region src/utils/source-masker.ts
 const JS_EXTS$2 = new Set([
 	".ts",
 	".tsx",
@@ -521,14 +541,226 @@ const JS_EXTS$2 = new Set([
 	".mjs",
 	".cjs"
 ]);
+const PY_EXTS = new Set([".py"]);
+const RB_EXTS = new Set([".rb"]);
+const PHP_EXTS = new Set([".php"]);
+const familyForExt = (ext) => {
+	if (JS_EXTS$2.has(ext)) return "js";
+	if (PY_EXTS.has(ext)) return "py";
+	if (RB_EXTS.has(ext)) return "rb";
+	if (PHP_EXTS.has(ext)) return "php";
+	return "none";
+};
+const maskStringsAndComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, true);
+	return maskSimple(content, family, true);
+};
+const maskComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, false);
+	return maskSimple(content, family, false);
+};
+const handleQuotesAndComments = (content, i, tplStack, mask, maskStrings) => {
+	const len = content.length;
+	const c = content[i];
+	const next = content[i + 1];
+	if (c === "\"" || c === "'") {
+		const strStart = i;
+		const end = consumeQuotedString(content, i, c);
+		if (maskStrings) mask(strStart + 1, end - 1);
+		return {
+			handled: true,
+			nextI: end
+		};
+	}
+	if (c === "`") {
+		const scan = consumeTemplateString(content, i + 1);
+		if (maskStrings) mask(i + 1, scan.maskEnd);
+		if (scan.openedInterp) tplStack.push(0);
+		return {
+			handled: true,
+			nextI: scan.resumeAt
+		};
+	}
+	if (c === "/" && next === "/") {
+		const strStart = i;
+		let k = i;
+		while (k < len && content[k] !== "\n") k++;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	if (c === "/" && next === "*") {
+		const strStart = i;
+		let k = i + 2;
+		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
+		if (k < len - 1) k += 2;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	return {
+		handled: false,
+		nextI: i
+	};
+};
+const maskJs = (content, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	const tplStack = [];
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		if (tplStack.length > 0) {
+			if (c === "{") {
+				tplStack[tplStack.length - 1]++;
+				i++;
+				continue;
+			}
+			if (c === "}") {
+				if (tplStack[tplStack.length - 1] === 0) {
+					tplStack.pop();
+					const scan = consumeTemplateString(content, i + 1);
+					if (maskStrings) mask(i + 1, scan.maskEnd);
+					if (scan.openedInterp) tplStack.push(0);
+					i = scan.resumeAt;
+					continue;
+				}
+				tplStack[tplStack.length - 1]--;
+				i++;
+				continue;
+			}
+		}
+		const handled = handleQuotesAndComments(content, i, tplStack, mask, maskStrings);
+		if (handled.handled) {
+			i = handled.nextI;
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+const consumeQuotedString = (content, start, quote) => {
+	const len = content.length;
+	let i = start + 1;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === quote) return i + 1;
+		if (c === "\n") return i;
+		i++;
+	}
+	return i;
+};
+const consumeTemplateString = (content, start) => {
+	const len = content.length;
+	let i = start;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === "`") return {
+			maskEnd: i,
+			resumeAt: i + 1,
+			openedInterp: false
+		};
+		if (c === "$" && content[i + 1] === "{") return {
+			maskEnd: i,
+			resumeAt: i + 2,
+			openedInterp: true
+		};
+		i++;
+	}
+	return {
+		maskEnd: i,
+		resumeAt: i,
+		openedInterp: false
+	};
+};
+const maskSimple = (content, family, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		const next = content[i + 1];
+		if (family === "py" && (c === "\"" || c === "'")) {
+			if (content[i + 1] === c && content[i + 2] === c) {
+				const triple = c + c + c;
+				const end = content.indexOf(triple, i + 3);
+				const stop = end === -1 ? len : end + 3;
+				if (maskStrings) mask(i + 3, stop - 3);
+				i = stop;
+				continue;
+			}
+		}
+		if (c === "\"" || c === "'") {
+			const strStart = i;
+			i = consumeQuotedString(content, i, c);
+			if (maskStrings) mask(strStart + 1, i - 1);
+			continue;
+		}
+		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "/") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "*") {
+			const strStart = i;
+			i += 2;
+			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+			if (i < len - 1) i += 2;
+			mask(strStart, i);
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+//#endregion
+//#region src/engines/ai-slop/abstractions.ts
+const JS_EXTS$1 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
 const THIN_WRAPPER_PATTERNS = [
 	{
 		pattern: /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
-		extensions: JS_EXTS$2
+		extensions: JS_EXTS$1
 	},
 	{
 		pattern: /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
-		extensions: JS_EXTS$2
+		extensions: JS_EXTS$1
 	},
 	{
 		pattern: /def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm,
@@ -556,16 +788,14 @@ const detectThinWrappers = (content, relativePath, ext) => {
 	for (const { pattern, extensions } of THIN_WRAPPER_PATTERNS) {
 		if (!extensions.has(ext)) continue;
 		const regex = new RegExp(pattern.source, pattern.flags);
-		let match;
-		while ((match = regex.exec(content)) !== null) {
+		for (const match of content.matchAll(regex)) {
 			const funcName = match[1];
 			const matchText = match[0];
 			const lineNumber = content.slice(0, match.index).split("\n").length;
 			if (DUNDER_PATTERN.test(funcName)) continue;
 			if (FRAMEWORK_METHOD_NAMES.test(funcName)) continue;
 			if (lineNumber >= 2) {
-				const prevLine = lines[lineNumber - 2]?.trim();
-				if (prevLine && prevLine.startsWith("@")) continue;
+				if ((lines[lineNumber - 2]?.trim())?.startsWith("@")) continue;
 			}
 			if (!isIdentityForward(matchText)) continue;
 			if (isUseContextWrapper(matchText)) continue;
@@ -621,8 +851,9 @@ const detectOverAbstraction = async (context) => {
 		}
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		const ext = path.extname(filePath);
-		diagnostics.push(...detectThinWrappers(content, relativePath, ext));
-		diagnostics.push(...detectAiNaming(content, relativePath));
+		const codeOnly = maskComments(content, ext);
+		diagnostics.push(...detectThinWrappers(codeOnly, relativePath, ext));
+		diagnostics.push(...detectAiNaming(codeOnly, relativePath));
 	}
 	return diagnostics;
 };
@@ -941,7 +1172,7 @@ const detectDeadCodePatterns = (content, relativePath, ext) => {
 		const nextLine = i + 1 < lines.length ? lines[i + 1]?.trim() : void 0;
 		if (JS_EXTENSIONS$3.has(ext) && /^(?:return|throw)\b/.test(trimmed) && trimmed.endsWith(";") && nextLine && nextLine.length > 0 && !isGuardedSingleLineExit(lines, i) && !isBlockCloserAfterReturn(nextLine) && !nextLine.startsWith("//") && !nextLine.startsWith("/*") && !nextLine.startsWith("case ") && !nextLine.startsWith("default:") && !nextLine.startsWith("if ") && !nextLine.startsWith("if(") && !nextLine.startsWith("else")) diagnostics.push(slop(relativePath, i + 2, "ai-slop/unreachable-code", "warning", "Code after return/throw statement is unreachable", "Remove the unreachable code or restructure the control flow", false));
 		if (/\bif\s*\(\s*(?:false|true|0|1)\s*\)/.test(trimmed) && !trimmed.startsWith("//") && !trimmed.startsWith("*") && !/["'`].*\bif\s*\(/.test(trimmed) && !/\/.*\bif\s*\(/.test(trimmed.replace(/\/\/.*$/, ""))) diagnostics.push(slop(relativePath, i + 1, "ai-slop/constant-condition", "warning", "Conditional with a constant value — likely debugging leftover", "Remove the constant condition or replace with proper logic", false));
-		if (JS_EXTENSIONS$3.has(ext) && /(?:function\s+\w+|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push(slop(relativePath, i + 1, "ai-slop/empty-function", "info", "Empty function body — possible stub or unfinished implementation", "Implement the function body or add a comment explaining why it's empty", false));
+		if (JS_EXTENSIONS$3.has(ext) && /(?:function\s+\w+\s*\([^)]*\)|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push(slop(relativePath, i + 1, "ai-slop/empty-function", "info", "Empty function body — possible stub or unfinished implementation", "Implement the function body or add a comment explaining why it's empty", false));
 	}
 	return diagnostics;
 };
@@ -978,9 +1209,10 @@ const detectDeadPatterns = async (context) => {
 		}
 		const ext = path.extname(filePath);
 		const relativePath = path.relative(context.rootDirectory, filePath);
-		diagnostics.push(...detectConsoleLeftovers(content, relativePath, ext));
+		const codeOnly = maskComments(content, ext);
+		diagnostics.push(...detectConsoleLeftovers(codeOnly, relativePath, ext));
 		diagnostics.push(...detectTodoStubs(content, relativePath));
-		diagnostics.push(...detectDeadCodePatterns(content, relativePath, ext));
+		diagnostics.push(...detectDeadCodePatterns(codeOnly, relativePath, ext));
 		diagnostics.push(...detectUnsafeTypePatterns(content, relativePath, ext));
 	}
 	return diagnostics;
@@ -1170,6 +1402,7 @@ const JS_EXTENSIONS$2 = new Set([
 const IMPORT_FROM_RE = /^\s*import\s+([^;]*?)\s+from\s+["']([^"']+)["']/;
 const TYPE_ONLY_RE = /^\s*type\b/;
 const VALUE_BINDING_RE = /\{([^}]*)\}/;
+const NAMESPACE_RE = /\*\s+as\s+/;
 const isTypeOnly = (clause) => {
 	if (TYPE_ONLY_RE.test(clause)) return true;
 	const braces = VALUE_BINDING_RE.exec(clause);
@@ -1187,7 +1420,8 @@ const extractImportLines = (content) => {
 		results.push({
 			spec: match[2],
 			line: i + 1,
-			typeOnly: isTypeOnly(match[1])
+			typeOnly: isTypeOnly(match[1]),
+			namespace: NAMESPACE_RE.test(match[1])
 		});
 	}
 	return results;
@@ -1204,11 +1438,11 @@ const detectDuplicateImports = async (context) => {
 		} catch {
 			continue;
 		}
-		const imports = extractImportLines(content);
+		const imports = extractImportLines(maskComments(content, path.extname(filePath)));
 		if (imports.length < 2) continue;
 		const byBucket = /* @__PURE__ */ new Map();
 		for (const imp of imports) {
-			const key = `${imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
+			const key = `${imp.namespace ? "ns" : imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
 			const list = byBucket.get(key) ?? [];
 			list.push(imp);
 			byBucket.set(key, list);
@@ -1324,9 +1558,8 @@ const detectSwallowedExceptions = async (context) => {
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		for (const { pattern, languages, message } of SWALLOWED_EXCEPTION_PATTERNS) {
 			if (!languages.includes(ext)) continue;
-			let match;
 			const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes("g") ? "" : "g"));
-			while ((match = regex.exec(content)) !== null) {
+			for (const match of content.matchAll(regex)) {
 				if (isIntentionalIgnore(match[0], ext)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
 				diagnostics.push({
@@ -1421,170 +1654,10 @@ const detectGoPatterns = async (context) => {
 };
 //#endregion
-//#region src/engines/ai-slop/hardcoded-config.ts
-const SOURCE_EXTENSIONS = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs",
-	".py",
-	".go",
-	".rs",
-	".rb",
-	".java",
-	".php"
-]);
-const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
-const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
-const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
-const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
-const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
-const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
-const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
-const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
-const PLACEHOLDER_HOSTS = new Set([
-	"example.com",
-	"example.org",
-	"example.net"
-]);
-const LOOPBACK_HOSTS = new Set([
-	"localhost",
-	"127.0.0.1",
-	"0.0.0.0",
-	"::1"
-]);
-const VENDOR_API_DOMAINS = [
-	"github.com",
-	"githubusercontent.com",
-	"googleapis.com",
-	"accounts.google.com",
-	"stripe.com",
-	"openai.com",
-	"anthropic.com",
-	"slack.com",
-	"twilio.com",
-	"sendgrid.com",
-	"mailgun.net",
-	"cloudflare.com",
-	"discord.com",
-	"telegram.org",
-	"login.microsoftonline.com",
-	"graph.microsoft.com",
-	"twitter.com",
-	"x.com",
-	"twimg.com",
-	"t.co",
-	"api.telegram.org"
-];
-const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
-const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
-const HARDCODED_URL_FINDING = {
-	rule: "ai-slop/hardcoded-url",
-	message: "Hardcoded environment URL in production code",
-	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
-};
-const HARDCODED_ID_FINDING = {
-	rule: "ai-slop/hardcoded-id",
-	message: "Hardcoded provider/project ID in production code",
-	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
-};
-const makeFinding = (filePath, line, spec) => ({
-	filePath,
-	engine: "ai-slop",
-	rule: spec.rule,
-	severity: "warning",
-	message: spec.message,
-	help: spec.help,
-	line,
-	column: 0,
-	category: "AI Slop",
-	fixable: false
-});
-const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
-const commentStartsBefore = (line, index, ext) => {
-	const prefix = line.slice(0, index);
-	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
-	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
-	return prefix.includes("//") || prefix.includes("/*");
-};
-const safeUrlHost = (urlText) => {
-	try {
-		return new URL(urlText).hostname.toLowerCase();
-	} catch {
-		return null;
-	}
-};
-const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
-const shouldFlagUrlLiteral = (line, urlText) => {
-	if (isEnvBackedLine(line)) return false;
-	const host = safeUrlHost(urlText);
-	if (!host) return false;
-	if (PLACEHOLDER_HOSTS.has(host)) return false;
-	if (LOOPBACK_HOSTS.has(host)) return false;
-	if (isVendorApiHost(host)) return false;
-	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
-	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
-};
-const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
-const hasUsefulIdShape = (value) => {
-	if (PLACEHOLDER_ID_RE.test(value)) return false;
-	if (ENV_VAR_NAME_RE.test(value)) return false;
-	if (/^https?:\/\//i.test(value)) return false;
-	if (/^[A-Za-z]+$/.test(value)) return false;
-	return /[0-9]/.test(value);
-};
-const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
-	const diagnostics = [];
-	if (isCommentOnlyLine(line.trim())) return diagnostics;
-	URL_LITERAL_RE.lastIndex = 0;
-	let urlMatch;
-	while ((urlMatch = URL_LITERAL_RE.exec(line)) !== null) {
-		const urlText = urlMatch[2];
-		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
-		if (!shouldFlagUrlLiteral(line, urlText)) continue;
-		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
-	}
-	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
-	ID_LITERAL_RE.lastIndex = 0;
-	let idMatch;
-	while ((idMatch = ID_LITERAL_RE.exec(line)) !== null) {
-		const value = idMatch[2];
-		if (commentStartsBefore(line, idMatch.index, ext)) continue;
-		if (!hasUsefulIdShape(value)) continue;
-		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
-	}
-	return diagnostics;
-};
-const scanFileForConfigLiterals = (content, relativePath, ext) => {
-	if (!SOURCE_EXTENSIONS.has(ext)) return [];
-	if (isNonProductionPath(relativePath)) return [];
-	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
-	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
-};
-const detectHardcodedConfigLiterals = async (context) => {
-	const diagnostics = [];
-	for (const filePath of getSourceFiles(context)) {
-		if (isAutoGenerated(filePath)) continue;
-		let content;
-		try {
-			content = fs.readFileSync(filePath, "utf-8");
-		} catch {
-			continue;
-		}
-		const relativePath = path.relative(context.rootDirectory, filePath);
-		const ext = path.extname(filePath);
-		diagnostics.push(...scanFileForConfigLiterals(content, relativePath, ext));
-	}
-	return diagnostics;
-};
-//#endregion
-//#region src/engines/ai-slop/js-import-aliases.ts
-const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
-const JS_RESOLUTION_EXTENSIONS = [
-	"",
+//#region src/engines/ai-slop/js-import-aliases.ts
+const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
+const JS_RESOLUTION_EXTENSIONS = [
+	"",
 	".ts",
 	".tsx",
 	".js",
@@ -1677,15 +1750,18 @@ const readWorkspaceGlobs = (rootDir, rootPkg) => {
 	}
 	return globs;
 };
+const readWorkspaceEntries = (dir) => {
+	try {
+		return fs.readdirSync(dir, { withFileTypes: true });
+	} catch {
+		return [];
+	}
+};
 const expandWorkspaceDirs = (rootDir, globs) => {
 	const dirs = [];
 	for (const glob of globs) if (glob.endsWith("/*")) {
 		const parent = path.join(rootDir, glob.slice(0, -2));
-		try {
-			for (const entry of fs.readdirSync(parent, { withFileTypes: true })) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
-		} catch {
-			continue;
-		}
+		for (const entry of readWorkspaceEntries(parent)) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
 	} else if (!glob.includes("*")) dirs.push(path.join(rootDir, glob));
 	return dirs;
 };
@@ -2318,6 +2394,167 @@ const detectHallucinatedImports = async (context) => {
 	return diagnostics;
 };
+//#endregion
+//#region src/engines/ai-slop/hardcoded-config.ts
+const SOURCE_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
+const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
+const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
+const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
+const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
+const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
+const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
+const PLACEHOLDER_HOSTS = new Set([
+	"example.com",
+	"example.org",
+	"example.net"
+]);
+const LOOPBACK_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1"
+]);
+const VENDOR_API_DOMAINS = [
+	"github.com",
+	"githubusercontent.com",
+	"googleapis.com",
+	"accounts.google.com",
+	"stripe.com",
+	"openai.com",
+	"anthropic.com",
+	"slack.com",
+	"twilio.com",
+	"sendgrid.com",
+	"mailgun.net",
+	"cloudflare.com",
+	"discord.com",
+	"telegram.org",
+	"login.microsoftonline.com",
+	"graph.microsoft.com",
+	"twitter.com",
+	"x.com",
+	"twimg.com",
+	"t.co",
+	"api.telegram.org"
+];
+const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
+const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
+const HARDCODED_URL_FINDING = {
+	rule: "ai-slop/hardcoded-url",
+	message: "Hardcoded environment URL in production code",
+	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
+};
+const HARDCODED_ID_FINDING = {
+	rule: "ai-slop/hardcoded-id",
+	message: "Hardcoded provider/project ID in production code",
+	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
+};
+const makeFinding = (filePath, line, spec) => ({
+	filePath,
+	engine: "ai-slop",
+	rule: spec.rule,
+	severity: "warning",
+	message: spec.message,
+	help: spec.help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
+const commentStartsBefore = (line, index, ext) => {
+	const prefix = line.slice(0, index);
+	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
+	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
+	return prefix.includes("//") || prefix.includes("/*");
+};
+const safeUrlHost = (urlText) => {
+	try {
+		return new URL(urlText).hostname.toLowerCase();
+	} catch {
+		return null;
+	}
+};
+const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
+const shouldFlagUrlLiteral = (line, urlText) => {
+	if (isEnvBackedLine(line)) return false;
+	const host = safeUrlHost(urlText);
+	if (!host) return false;
+	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (LOOPBACK_HOSTS.has(host)) return false;
+	if (isVendorApiHost(host)) return false;
+	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
+	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
+};
+const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
+const hasUsefulIdShape = (value) => {
+	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (ENV_VAR_NAME_RE.test(value)) return false;
+	if (/^https?:\/\//i.test(value)) return false;
+	if (/^[A-Za-z]+$/.test(value)) return false;
+	return /[0-9]/.test(value);
+};
+const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
+	const diagnostics = [];
+	if (isCommentOnlyLine(line.trim())) return diagnostics;
+	for (const urlMatch of line.matchAll(URL_LITERAL_RE)) {
+		const urlText = urlMatch[2];
+		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
+		if (!shouldFlagUrlLiteral(line, urlText)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
+	}
+	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
+	for (const idMatch of line.matchAll(ID_LITERAL_RE)) {
+		const value = idMatch[2];
+		if (commentStartsBefore(line, idMatch.index, ext)) continue;
+		if (!hasUsefulIdShape(value)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
+	}
+	return diagnostics;
+};
+const scanFileForConfigLiterals = (content, relativePath, ext) => {
+	if (!SOURCE_EXTENSIONS.has(ext)) return [];
+	if (isNonProductionPath(relativePath)) return [];
+	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
+	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
+};
+const detectHardcodedConfigLiterals = async (context) => {
+	const diagnostics = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const ext = path.extname(filePath);
+		diagnostics.push(...scanFileForConfigLiterals(maskComments(content, ext), relativePath, ext));
+	}
+	return diagnostics;
+};
+//#endregion
+//#region src/utils/suppress.ts
+const DIRECTIVE_RE = /(?:\/\/|\/\*|#|<!--|\*)\s*aislop-ignore-(next-line|line|file)\b([^\n]*)/;
+const isAislopDirectiveLine = (line) => DIRECTIVE_RE.test(line);
 //#endregion
 //#region src/engines/ai-slop/comment-blocks.ts
 const stripJsdocLine = (line) => line.replace(/^\s*\/\*\*+\s?/, "").replace(/\s*\*+\/\s*$/, "").replace(/^\s*\*\s?/, "").trim();
@@ -2341,6 +2578,7 @@ const getCommentSyntax = (ext) => {
 };
 const getMatchedLinePrefix = (line, syntax) => {
 	const trimmed = line.trimStart();
+	if (isAislopDirectiveLine(trimmed)) return null;
 	for (const prefix of syntax.linePrefixes) {
 		if (!trimmed.startsWith(prefix)) continue;
 		if (prefix === "#" && trimmed.startsWith("#!")) return null;
@@ -3081,7 +3319,7 @@ const detectRustPatterns = async (context) => {
 //#endregion
 //#region src/engines/ai-slop/silent-recovery.ts
-const JS_EXTS$1 = new Set([
+const JS_EXTS = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -3140,9 +3378,7 @@ const isLogOnlyBody = (body) => {
 };
 const detectJsSilentRecovery = (content, relPath) => {
 	const out = [];
-	CATCH_HEAD_RE.lastIndex = 0;
-	let match;
-	while ((match = CATCH_HEAD_RE.exec(content)) !== null) {
+	for (const match of content.matchAll(CATCH_HEAD_RE)) {
 		const body = extractCatchBody(content, match.index + match[0].length - 1);
 		if (body === null) continue;
 		if (!isLogOnlyBody(body)) continue;
@@ -3210,7 +3446,7 @@ const detectSilentRecovery = async (context) => {
 	for (const filePath of files) {
 		if (isAutoGenerated(filePath)) continue;
 		const ext = path.extname(filePath);
-		const isJs = JS_EXTS$1.has(ext);
+		const isJs = JS_EXTS.has(ext);
 		if (!isJs && !(ext === ".py")) continue;
 		const relPath = path.relative(context.rootDirectory, filePath);
 		if (isNonProductionPath(relPath)) continue;
@@ -3318,18 +3554,22 @@ const extractPyImportedSymbols = (lines) => {
 			}
 			continue;
 		}
-		const importMatch = trimmed.match(/^import\s+([\w.]+)(?:\s+as\s+(\w+))?/);
+		const importMatch = trimmed.match(/^import\s+(.+)/);
 		if (importMatch) {
 			importLines.add(i);
-			const alias = importMatch[2];
-			if (alias && alias === importMatch[1]) continue;
-			const simpleName = (alias ?? importMatch[1]).split(".")[0];
-			if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
-				name: simpleName,
-				line: i + 1,
-				isDefault: false,
-				isNamespace: true
-			});
+			for (const clause of importMatch[1].replace(/#.*$/, "").split(",")) {
+				const clauseMatch = clause.trim().match(/^([\w.]+)(?:\s+as\s+(\w+))?/);
+				if (!clauseMatch) continue;
+				const alias = clauseMatch[2];
+				if (alias && alias === clauseMatch[1]) continue;
+				const simpleName = (alias ?? clauseMatch[1]).split(".")[0];
+				if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
+					name: simpleName,
+					line: i + 1,
+					isDefault: false,
+					isNamespace: true
+				});
+			}
 		}
 	}
 	return {
@@ -3339,8 +3579,7 @@ const extractPyImportedSymbols = (lines) => {
 };
 const isSymbolUsed = (name, content, importLines, lines) => {
 	const pattern = new RegExp(`\\b${name}\\b`, "g");
-	let match;
-	while ((match = pattern.exec(content)) !== null) {
+	for (const match of content.matchAll(pattern)) {
 		const lineIndex = content.slice(0, match.index).split("\n").length - 1;
 		if (!importLines.has(lineIndex)) return true;
 	}
@@ -3441,6 +3680,18 @@ const aiSlopEngine = {
 //#endregion
 //#region src/engines/architecture/matchers.ts
+const REGEX_SPECIAL_CHARS = new Set([
+	".",
+	"+",
+	"^",
+	"$",
+	"{",
+	"}",
+	"(",
+	")",
+	"|",
+	"\\"
+]);
 const minimatch = (filePath, pattern) => {
 	let regex = "";
 	let i = 0;
@@ -3465,7 +3716,7 @@ const minimatch = (filePath, pattern) => {
 				regex += pattern.slice(i, closeIndex + 1);
 				i = closeIndex + 1;
 			}
-		} else if (".+^${}()|\\".includes(ch)) {
+		} else if (REGEX_SPECIAL_CHARS.has(ch)) {
 			regex += `\\${ch}`;
 			i++;
 		} else {
@@ -3485,27 +3736,15 @@ const extractImports = (content, ext) => {
 		".mjs",
 		".cjs"
 	].includes(ext)) {
-		const esPattern = /(?:import|from)\s+["']([^"']+)["']/g;
-		let match;
-		while ((match = esPattern.exec(content)) !== null) imports.push(match[1]);
-		const reqPattern = /require\s*\(\s*["']([^"']+)["']\s*\)/g;
-		while ((match = reqPattern.exec(content)) !== null) imports.push(match[1]);
-	}
-	if (ext === ".py") {
-		const pyPattern = /(?:from|import)\s+([\w.]+)/g;
-		let match;
-		while ((match = pyPattern.exec(content)) !== null) imports.push(match[1]);
+		for (const match of content.matchAll(/(?:import|from)\s+["']([^"']+)["']/g)) imports.push(match[1]);
+		for (const match of content.matchAll(/require\s*\(\s*["']([^"']+)["']\s*\)/g)) imports.push(match[1]);
 	}
+	if (ext === ".py") for (const match of content.matchAll(/(?:from|import)\s+([\w.]+)/g)) imports.push(match[1]);
 	if (ext === ".go") {
-		const goSingleImport = /^\s*import\s+"([^"]+)"/gm;
-		let match;
-		while ((match = goSingleImport.exec(content)) !== null) imports.push(match[1]);
-		const goMultiImport = /import\s*\(([^)]*)\)/gs;
-		while ((match = goMultiImport.exec(content)) !== null) {
+		for (const match of content.matchAll(/^\s*import\s+"([^"]+)"/gm)) imports.push(match[1]);
+		for (const match of content.matchAll(/import\s*\(([^)]*)\)/gs)) {
 			const block = match[1];
-			const pkgPattern = /"([^"]+)"/g;
-			let pkgMatch;
-			while ((pkgMatch = pkgPattern.exec(block)) !== null) imports.push(pkgMatch[1]);
+			for (const pkgMatch of block.matchAll(/"([^"]+)"/g)) imports.push(pkgMatch[1]);
 		}
 	}
 	return imports;
@@ -3632,10 +3871,10 @@ const architectureEngine = {
 //#endregion
 //#region src/engines/code-quality/function-boundaries.ts
 const PYTHON_CONTROL_FLOW_RE = /^\s*(?:if|for|while|with|try|except|else|elif|finally|def|class)\b/;
-const ARROW_BLOCK_RE = /* @__PURE__ */ new RegExp("=>\\s*\\{");
-const ARROW_END_RE = /* @__PURE__ */ new RegExp("=>\\s*$");
-const BRACE_START_RE = /* @__PURE__ */ new RegExp("^\\s*\\{");
-const NEW_STATEMENT_RE = /* @__PURE__ */ new RegExp("^(?:export\\s+)?(?:const|let|var|function|class)\\s");
+const ARROW_BLOCK_RE = /=>\s*\{/;
+const ARROW_END_RE = /=>\s*$/;
+const BRACE_START_RE = /^\s*\{/;
+const NEW_STATEMENT_RE = /^(?:export\s+)?(?:const|let|var|function|class)\s/;
 const isControlFlowBrace = (lineText, braceIndex) => {
 	const before = lineText.substring(0, braceIndex).trimEnd();
 	if (before.endsWith(")")) return true;
@@ -3689,12 +3928,92 @@ const findBraceFunctionEnd = (lines, startIndex) => {
 		maxNesting
 	};
 };
-const findPythonFunctionEnd = (lines, startIndex) => {
-	const baseIndent = lines[startIndex].match(/^(\s*)/)?.[1].length ?? 0;
-	let endLine = startIndex;
+const extractPythonSignature = (lines, startIndex) => {
+	let depth = 0;
+	let started = false;
+	let params = "";
+	for (let j = startIndex; j < lines.length; j++) {
+		const l = lines[j];
+		for (let ci = 0; ci < l.length; ci++) {
+			const ch = l[ci];
+			if (ch === "(") {
+				depth++;
+				if (depth === 1 && !started) {
+					started = true;
+					continue;
+				}
+			} else if (ch === ")") {
+				depth--;
+				if (depth === 0) return {
+					params,
+					sigEndIndex: j
+				};
+			}
+			if (started) params += ch;
+		}
+		if (started) params += " ";
+	}
+	return {
+		params,
+		sigEndIndex: startIndex
+	};
+};
+const countPythonParams = (signature) => {
+	let depth = 0;
+	const parts = [];
+	let current = "";
+	for (const ch of signature) {
+		if (ch === "(" || ch === "[" || ch === "{") depth++;
+		else if (ch === ")" || ch === "]" || ch === "}") depth--;
+		if (ch === "," && depth === 0) {
+			parts.push(current);
+			current = "";
+			continue;
+		}
+		current += ch;
+	}
+	parts.push(current);
+	let count = 0;
+	for (const raw of parts) {
+		const p = raw.trim();
+		if (p.length === 0 || p === "*" || p === "/") continue;
+		if (p.startsWith("*")) continue;
+		if (p.includes("=")) continue;
+		const name = p.split(":")[0].trim();
+		if (name === "self" || name === "cls") continue;
+		count++;
+	}
+	return count;
+};
+const countPythonBodyCodeLines = (lines, sigEndIndex, endLine) => {
+	let count = 0;
+	let inDoc = false;
+	let delim = "";
+	for (let j = sigEndIndex + 1; j <= endLine && j < lines.length; j++) {
+		const t = lines[j].trim();
+		if (inDoc) {
+			if (t.includes(delim)) inDoc = false;
+			continue;
+		}
+		if (t === "" || t.startsWith("#")) continue;
+		const opener = t.startsWith("\"\"\"") ? "\"\"\"" : t.startsWith("'''") ? "'''" : "";
+		if (opener) {
+			if (!t.slice(3).includes(opener)) {
+				inDoc = true;
+				delim = opener;
+			}
+			continue;
+		}
+		count++;
+	}
+	return count;
+};
+const findPythonFunctionEnd = (lines, defIndex, bodyStartIndex) => {
+	const baseIndent = lines[defIndex].match(/^(\s*)/)?.[1].length ?? 0;
+	let endLine = bodyStartIndex;
 	let maxNesting = 0;
 	const controlIndentStack = [];
-	for (let j = startIndex + 1; j < lines.length; j++) {
+	for (let j = bodyStartIndex + 1; j < lines.length; j++) {
 		const l = lines[j];
 		if (l.trim() === "") {
 			endLine = j;
@@ -3716,7 +4035,10 @@ const findPythonFunctionEnd = (lines, startIndex) => {
 	};
 };
 const findFunctionEnd = (lines, startIndex, isPython) => {
-	if (isPython) return findPythonFunctionEnd(lines, startIndex);
+	if (isPython) {
+		const { sigEndIndex } = extractPythonSignature(lines, startIndex);
+		return findPythonFunctionEnd(lines, startIndex, sigEndIndex);
+	}
 	return findBraceFunctionEnd(lines, startIndex);
 };
 const isBlockArrow = (lines, startIndex) => {
@@ -3738,14 +4060,14 @@ const countTemplateLines = (bodyLines) => {
 	let templateLineCount = 0;
 	for (const line of bodyLines) {
 		const startedInside = insideTemplate;
-		let escape = false;
+		let escaped = false;
 		for (const ch of line) {
-			if (escape) {
-				escape = false;
+			if (escaped) {
+				escaped = false;
 				continue;
 			}
 			if (ch === "\\") {
-				escape = true;
+				escaped = true;
 				continue;
 			}
 			if (ch === "`") insideTemplate = !insideTemplate;
@@ -3781,7 +4103,7 @@ const FUNCTION_PATTERNS = [
 		]
 	},
 	{
-		regex: /^\s*def\s+(\w+)\s*\(([^)]*)\)/,
+		regex: /^\s*(?:async\s+)?def\s+(\w+)\s*\(/,
 		langFilter: [".py"]
 	},
 	{
@@ -3838,14 +4160,23 @@ const analyzeFunctions = (content, ext) => {
 		const isPython = fnMatch.patternIndex === 2;
 		if (fnMatch.patternIndex === 1 && !isBlockArrow(lines, i)) continue;
 		const { endLine, maxNesting } = findFunctionEnd(lines, i, isPython);
-		const bodyLines = lines.slice(i + 1, endLine);
-		const templateLines = isPython ? 0 : countTemplateLines(bodyLines);
+		let templateLines;
+		let paramCount;
+		if (isPython) {
+			const sig = extractPythonSignature(lines, i);
+			const codeLines = countPythonBodyCodeLines(lines, sig.sigEndIndex, endLine);
+			templateLines = endLine - i + 1 - codeLines;
+			paramCount = countPythonParams(sig.params);
+		} else {
+			templateLines = countTemplateLines(lines.slice(i + 1, endLine));
+			paramCount = countParams(fnMatch.params);
+		}
 		functions.push({
 			name: fnMatch.name,
 			startLine: i + 1,
 			lineCount: endLine - i + 1,
 			maxNesting,
-			paramCount: countParams(fnMatch.params),
+			paramCount,
 			templateLines
 		});
 	}
@@ -4656,9 +4987,7 @@ const runRuffFormat = async (context) => {
 };
 const parseRuffFormatOutput = (output, rootDir) => {
 	const diagnostics = [];
-	const filePattern = /^--- (.+)$/gm;
-	let match;
-	while ((match = filePattern.exec(output)) !== null) {
+	for (const match of output.matchAll(/^--- (.+)$/gm)) {
 		const filePath = getRuffDiagnosticPath(rootDir, match[1]);
 		diagnostics.push({
 			filePath,
@@ -4685,10 +5014,10 @@ const formatEngine = {
 		const { languages, installedTools } = context;
 		const promises = [];
 		if (languages.includes("typescript") || languages.includes("javascript")) promises.push(runBiomeFormat(context));
-		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffFormat(context));
-		if (languages.includes("go") && installedTools["gofmt"]) promises.push(runGofmt(context));
-		if (languages.includes("rust") && installedTools["rustfmt"]) promises.push(runGenericFormatter(context, "rust"));
-		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericFormatter(context, "ruby"));
+		if (languages.includes("python") && installedTools.ruff) promises.push(runRuffFormat(context));
+		if (languages.includes("go") && installedTools.gofmt) promises.push(runGofmt(context));
+		if (languages.includes("rust") && installedTools.rustfmt) promises.push(runGenericFormatter(context, "rust"));
+		if (languages.includes("ruby") && installedTools.rubocop) promises.push(runGenericFormatter(context, "ruby"));
 		if (languages.includes("php") && installedTools["php-cs-fixer"]) promises.push(runGenericFormatter(context, "php"));
 		const results = await Promise.allSettled(promises);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
@@ -4892,6 +5221,8 @@ const createOxlintConfig = (options) => {
 	if (options.mode === "fix") {
 		rules["no-unused-vars"] = "off";
 		rules["react-hooks/exhaustive-deps"] = "off";
+		rules["jsx-a11y/no-aria-hidden-on-focusable"] = "off";
+		rules["unicorn/no-useless-fallback-in-spread"] = "off";
 	}
 	const plugins = [
 		"import",
@@ -5056,9 +5387,7 @@ const collectAmbientGlobals = (rootDir) => {
 		if (!relativePath.endsWith(".d.ts")) continue;
 		const content = readTextFile$1(path.join(rootDir, relativePath));
 		if (!content) continue;
-		AMBIENT_GLOBAL_RE.lastIndex = 0;
-		let match;
-		while ((match = AMBIENT_GLOBAL_RE.exec(content)) !== null) globals.add(match[1]);
+		for (const match of content.matchAll(AMBIENT_GLOBAL_RE)) globals.add(match[1]);
 	}
 	const deps = collectPackageNames(rootDir);
 	if (deps.has("@types/bun") || deps.has("bun-types")) globals.add("Bun");
@@ -5274,10 +5603,10 @@ const lintEngine = {
 			if (context.config.lint.typecheck) promises.push(import("./typecheck-By967nny.js").then((mod) => mod.runTypecheck(context)));
 		}
 		if (context.frameworks.includes("expo")) promises.push(import("./expo-doctor-T4DswmX5.js").then((mod) => mod.runExpoDoctor(context)));
-		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffLint(context));
+		if (languages.includes("python") && installedTools.ruff) promises.push(runRuffLint(context));
 		if (languages.includes("go") && installedTools["golangci-lint"]) promises.push(runGolangciLint(context));
-		if (languages.includes("rust") && installedTools["cargo"]) promises.push(runGenericLinter(context, "rust"));
-		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericLinter(context, "ruby"));
+		if (languages.includes("rust") && installedTools.cargo) promises.push(runGenericLinter(context, "rust"));
+		if (languages.includes("ruby") && installedTools.rubocop) promises.push(runGenericLinter(context, "ruby"));
 		const results = await Promise.allSettled(promises);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
 		return {
@@ -5307,7 +5636,7 @@ const runDependencyAudit = async (context) => {
 		else if (fs.existsSync(path.join(context.rootDirectory, "package-lock.json")) || fs.existsSync(path.join(context.rootDirectory, "package.json"))) promises.push(runNpmAudit(context.rootDirectory, timeout));
 	}
 	if (context.languages.includes("python") && context.installedTools["pip-audit"]) promises.push(runPipAudit(context.rootDirectory, timeout));
-	if (context.languages.includes("go") && context.installedTools["govulncheck"]) promises.push(runGovulncheck(context.rootDirectory, timeout));
+	if (context.languages.includes("go") && context.installedTools.govulncheck) promises.push(runGovulncheck(context.rootDirectory, timeout));
 	if (context.languages.includes("rust")) promises.push(runCargoAudit(context.rootDirectory, timeout));
 	const results = await Promise.allSettled(promises);
 	for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
@@ -5412,9 +5741,12 @@ const parseLegacyAdvisories = (advisories, source) => {
 	for (const [key, advisory] of Object.entries(advisories)) upsertVuln(bucket, advisory.module_name ?? advisory.name ?? advisory.package ?? key, (advisory.severity ?? "moderate").toLowerCase(), advisory.recommendation ?? advisory.title ?? "");
 	return [...bucket.values()].map((agg) => aggregateToDiagnostic(agg, source));
 };
+const carriesAdvisory = (vulnerability) => Array.isArray(vulnerability.via) && vulnerability.via.some((entry) => entry !== null && typeof entry === "object");
 const parseModernVulnerabilities = (vulnerabilities, source) => {
 	const bucket = /* @__PURE__ */ new Map();
+	const hasRootCauses = Object.values(vulnerabilities).some(carriesAdvisory);
 	for (const [packageName, vulnerability] of Object.entries(vulnerabilities)) {
+		if (hasRootCauses && !carriesAdvisory(vulnerability)) continue;
 		const severity = (vulnerability.severity ?? "moderate").toLowerCase();
 		const fixAvailable = vulnerability.fixAvailable;
 		const isDirect = vulnerability.isDirect === true;
@@ -5557,212 +5889,6 @@ const runCargoAudit = async (rootDir, timeout) => {
 	}
 };
-//#endregion
-//#region src/utils/source-masker.ts
-const JS_EXTS = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs"
-]);
-const PY_EXTS = new Set([".py"]);
-const RB_EXTS = new Set([".rb"]);
-const PHP_EXTS = new Set([".php"]);
-const familyForExt = (ext) => {
-	if (JS_EXTS.has(ext)) return "js";
-	if (PY_EXTS.has(ext)) return "py";
-	if (RB_EXTS.has(ext)) return "rb";
-	if (PHP_EXTS.has(ext)) return "php";
-	return "none";
-};
-const maskStringsAndComments = (content, ext) => {
-	const family = familyForExt(ext);
-	if (family === "none") return content;
-	if (family === "js") return maskJs(content);
-	return maskSimple(content, family);
-};
-const handleQuotesAndComments = (content, i, tplStack, mask) => {
-	const len = content.length;
-	const c = content[i];
-	const next = content[i + 1];
-	if (c === "\"" || c === "'") {
-		const strStart = i;
-		const end = consumeQuotedString(content, i, c);
-		mask(strStart + 1, end - 1);
-		return {
-			handled: true,
-			nextI: end
-		};
-	}
-	if (c === "`") {
-		const scan = consumeTemplateString(content, i + 1);
-		mask(i + 1, scan.maskEnd);
-		if (scan.openedInterp) tplStack.push(0);
-		return {
-			handled: true,
-			nextI: scan.resumeAt
-		};
-	}
-	if (c === "/" && next === "/") {
-		const strStart = i;
-		let k = i;
-		while (k < len && content[k] !== "\n") k++;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	if (c === "/" && next === "*") {
-		const strStart = i;
-		let k = i + 2;
-		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
-		if (k < len - 1) k += 2;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	return {
-		handled: false,
-		nextI: i
-	};
-};
-const maskJs = (content) => {
-	const out = content.split("");
-	const len = content.length;
-	const tplStack = [];
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		if (tplStack.length > 0) {
-			if (c === "{") {
-				tplStack[tplStack.length - 1]++;
-				i++;
-				continue;
-			}
-			if (c === "}") {
-				if (tplStack[tplStack.length - 1] === 0) {
-					tplStack.pop();
-					const scan = consumeTemplateString(content, i + 1);
-					mask(i + 1, scan.maskEnd);
-					if (scan.openedInterp) tplStack.push(0);
-					i = scan.resumeAt;
-					continue;
-				}
-				tplStack[tplStack.length - 1]--;
-				i++;
-				continue;
-			}
-		}
-		const handled = handleQuotesAndComments(content, i, tplStack, mask);
-		if (handled.handled) {
-			i = handled.nextI;
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
-const consumeQuotedString = (content, start, quote) => {
-	const len = content.length;
-	let i = start + 1;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === quote) return i + 1;
-		if (c === "\n") return i;
-		i++;
-	}
-	return i;
-};
-const consumeTemplateString = (content, start) => {
-	const len = content.length;
-	let i = start;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === "`") return {
-			maskEnd: i,
-			resumeAt: i + 1,
-			openedInterp: false
-		};
-		if (c === "$" && content[i + 1] === "{") return {
-			maskEnd: i,
-			resumeAt: i + 2,
-			openedInterp: true
-		};
-		i++;
-	}
-	return {
-		maskEnd: i,
-		resumeAt: i,
-		openedInterp: false
-	};
-};
-const maskSimple = (content, family) => {
-	const out = content.split("");
-	const len = content.length;
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		const next = content[i + 1];
-		if (family === "py" && (c === "\"" || c === "'")) {
-			if (content[i + 1] === c && content[i + 2] === c) {
-				const triple = c + c + c;
-				const end = content.indexOf(triple, i + 3);
-				const stop = end === -1 ? len : end + 3;
-				mask(i + 3, stop - 3);
-				i = stop;
-				continue;
-			}
-		}
-		if (c === "\"" || c === "'") {
-			const strStart = i;
-			i = consumeQuotedString(content, i, c);
-			mask(strStart + 1, i - 1);
-			continue;
-		}
-		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "/") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "*") {
-			const strStart = i;
-			i += 2;
-			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
-			if (i < len - 1) i += 2;
-			mask(strStart, i);
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
 //#endregion
 //#region src/engines/security/risky.ts
 const ev = "eval";
@@ -5908,8 +6034,7 @@ const detectRiskyConstructs = async (context) => {
 			if (!extensions.includes(ext)) continue;
 			if (isMigrationOrSeeder && name === "sql-injection") continue;
 			const regex = new RegExp(pattern.source, pattern.flags);
-			let match;
-			while ((match = regex.exec(masked)) !== null) {
+			for (const match of masked.matchAll(regex)) {
 				const line = content.slice(0, match.index).split("\n").length;
 				if (name === "innerhtml") {
 					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
@@ -6037,11 +6162,11 @@ const scanSecrets = async (context) => {
 		} catch {
 			continue;
 		}
+		content = maskComments(content, path.extname(filePath));
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		for (const { pattern, name, keywordPrefixed } of SECRET_PATTERNS) {
 			const regex = new RegExp(pattern.source, pattern.flags);
-			let match;
-			while ((match = regex.exec(content)) !== null) {
+			for (const match of content.matchAll(regex)) {
 				if (isPlaceholderValue(match[1] ?? match[0])) continue;
 				if (keywordPrefixed && isInsideStringLiteral(content, match.index)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
@@ -6162,6 +6287,64 @@ const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoot
 //#endregion
 //#region src/utils/discover.ts
+const UNSUPPORTED_CODE_EXTENSIONS = {
+	".c": "C/C++",
+	".h": "C/C++",
+	".cc": "C/C++",
+	".cpp": "C/C++",
+	".cxx": "C/C++",
+	".hpp": "C/C++",
+	".hh": "C/C++",
+	".hxx": "C/C++",
+	".cs": "C#",
+	".swift": "Swift",
+	".kt": "Kotlin",
+	".kts": "Kotlin",
+	".m": "Objective-C",
+	".mm": "Objective-C",
+	".scala": "Scala",
+	".dart": "Dart",
+	".ex": "Elixir",
+	".exs": "Elixir",
+	".erl": "Erlang",
+	".hs": "Haskell",
+	".clj": "Clojure",
+	".cljs": "Clojure",
+	".lua": "Lua",
+	".jl": "Julia",
+	".zig": "Zig",
+	".nim": "Nim",
+	".ml": "OCaml",
+	".fs": "F#",
+	".sol": "Solidity",
+	".groovy": "Groovy"
+};
+const analyzeCoverage = (rootDirectory, excludePatterns = []) => {
+	const allFiles = listProjectFiles(rootDirectory);
+	const supportedFiles = filterProjectFiles(rootDirectory, allFiles, [], excludePatterns).length;
+	const counts = /* @__PURE__ */ new Map();
+	let unsupportedFiles = 0;
+	const candidates = filterProjectFiles(rootDirectory, allFiles, Object.keys(UNSUPPORTED_CODE_EXTENSIONS), excludePatterns);
+	for (const file of candidates) {
+		const lang = UNSUPPORTED_CODE_EXTENSIONS[path.extname(file).toLowerCase()];
+		if (!lang) continue;
+		unsupportedFiles += 1;
+		counts.set(lang, (counts.get(lang) ?? 0) + 1);
+	}
+	let dominantUnsupported = null;
+	let max = 0;
+	for (const [lang, count] of counts) if (count > max) {
+		max = count;
+		dominantUnsupported = lang;
+	}
+	const negligible = supportedFiles === 0 || unsupportedFiles >= 10 && unsupportedFiles > supportedFiles * 3;
+	return {
+		supportedFiles,
+		unsupportedFiles,
+		dominantUnsupported,
+		scoreable: !negligible
+	};
+};
 const LANGUAGE_SIGNALS = {
 	"tsconfig.json": "typescript",
 	"go.mod": "go",
@@ -6281,11 +6464,12 @@ const checkInstalledTools = async () => {
 	}));
 	return results;
 };
-const discoverProject = async (directory) => {
+const discoverProject = async (directory, excludePatterns = []) => {
 	const resolvedDir = path.resolve(directory);
 	const languages = detectLanguages(resolvedDir);
 	const frameworks = detectFrameworks(resolvedDir);
 	const sourceFileCount = countSourceFiles(resolvedDir);
+	const coverage = analyzeCoverage(resolvedDir, excludePatterns);
 	const installedTools = await checkInstalledTools();
 	return {
 		rootDirectory: resolvedDir,
@@ -6293,6 +6477,7 @@ const discoverProject = async (directory) => {
 		languages,
 		frameworks,
 		sourceFileCount,
+		coverage,
 		installedTools
 	};
 };
@@ -6512,10 +6697,6 @@ const handleAislopBaseline = (input) => {
 	};
 };
-//#endregion
-//#region src/version.ts
-const APP_VERSION = "0.10.0";
 //#endregion
 //#region src/telemetry/env.ts
 const detectPackageManager = (env = process.env) => {
@@ -6710,9 +6891,14 @@ const track = (input) => {
 	pendingRequests.add(request);
 	return { installCreated };
 };
-const flushTelemetry = async () => {
+const flushTelemetry = async (timeoutMs) => {
 	if (pendingRequests.size === 0) return;
-	await Promise.all(pendingRequests);
+	const all = Promise.all(pendingRequests);
+	if (timeoutMs == null) {
+		await all;
+		return;
+	}
+	await Promise.race([all, new Promise((resolve) => setTimeout(resolve, timeoutMs))]);
 };
 //#endregion