npm - aislop - Versions diffs - 0.10.1 → 0.10.2 - Mend

aislop 0.10.1 → 0.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +56 -8
package/dist/cli.js +942 -612
package/dist/{expo-doctor-BcIkOte5.js → expo-doctor-c-jE6pR2.js} +1 -1
package/dist/{generic-D_T4cUaC.js → generic-BsQa13CS.js} +1 -1
package/dist/index.d.ts +10 -1
package/dist/index.js +2673 -2346
package/dist/{json-Bqkcl1DF.js → json-B01i-GOz.js} +7 -5
package/dist/{json-OIzja7OM.js → json-CXV4D0Ib.js} +5 -3
package/dist/mcp.js +584 -501
package/dist/{sarif-C-vh4wcC.js → sarif-cy5SiDDq.js} +1 -1
package/dist/{typecheck-DQSzG8fX.js → typecheck-BdQ7uFyK.js} +1 -1
package/dist/version-BfJVwhN2.js +5 -0
package/package.json +8 -11
package/dist/version-rlhQD8Qh.js +0 -5
/package/dist/{engine-info-DCvIfZ0f.js → engine-info-Cpt36DqZ.js} +0 -0
/package/dist/{subprocess-CQUJDGgn.js → subprocess-0uXz8HdE.js} +0 -0

package/dist/mcp.js CHANGED Viewed

@@ -16,6 +16,10 @@ import { fileURLToPath } from "node:url";
 import os from "node:os";
 import { randomUUID } from "node:crypto";
+//#region src/version.ts
+const APP_VERSION = "0.10.2";
+//#endregion
 //#region src/config/defaults.ts
 const DEFAULT_CONFIG = {
 	version: 1,
@@ -68,6 +72,22 @@ const DEFAULT_CONFIG = {
 	telemetry: { enabled: true },
 	rules: {}
 };
+const DEFAULT_GITHUB_WORKFLOW_YAML = `name: aislop
+on:
+  push:
+    branches: [main]
+  pull_request:
+jobs:
+  quality-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: scanaislop/aislop@v${APP_VERSION}
+        with:
+          version: ${APP_VERSION}
+`;
 //#endregion
 //#region src/config/extends.ts
@@ -263,218 +283,6 @@ const loadConfig = (directory) => {
 	}
 };
-//#endregion
-//#region src/utils/source-masker.ts
-const JS_EXTS$2 = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs"
-]);
-const PY_EXTS = new Set([".py"]);
-const RB_EXTS = new Set([".rb"]);
-const PHP_EXTS = new Set([".php"]);
-const familyForExt = (ext) => {
-	if (JS_EXTS$2.has(ext)) return "js";
-	if (PY_EXTS.has(ext)) return "py";
-	if (RB_EXTS.has(ext)) return "rb";
-	if (PHP_EXTS.has(ext)) return "php";
-	return "none";
-};
-const maskStringsAndComments = (content, ext) => {
-	const family = familyForExt(ext);
-	if (family === "none") return content;
-	if (family === "js") return maskJs(content, true);
-	return maskSimple(content, family, true);
-};
-const maskComments = (content, ext) => {
-	const family = familyForExt(ext);
-	if (family === "none") return content;
-	if (family === "js") return maskJs(content, false);
-	return maskSimple(content, family, false);
-};
-const handleQuotesAndComments = (content, i, tplStack, mask, maskStrings) => {
-	const len = content.length;
-	const c = content[i];
-	const next = content[i + 1];
-	if (c === "\"" || c === "'") {
-		const strStart = i;
-		const end = consumeQuotedString(content, i, c);
-		if (maskStrings) mask(strStart + 1, end - 1);
-		return {
-			handled: true,
-			nextI: end
-		};
-	}
-	if (c === "`") {
-		const scan = consumeTemplateString(content, i + 1);
-		if (maskStrings) mask(i + 1, scan.maskEnd);
-		if (scan.openedInterp) tplStack.push(0);
-		return {
-			handled: true,
-			nextI: scan.resumeAt
-		};
-	}
-	if (c === "/" && next === "/") {
-		const strStart = i;
-		let k = i;
-		while (k < len && content[k] !== "\n") k++;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	if (c === "/" && next === "*") {
-		const strStart = i;
-		let k = i + 2;
-		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
-		if (k < len - 1) k += 2;
-		mask(strStart, k);
-		return {
-			handled: true,
-			nextI: k
-		};
-	}
-	return {
-		handled: false,
-		nextI: i
-	};
-};
-const maskJs = (content, maskStrings) => {
-	const out = content.split("");
-	const len = content.length;
-	const tplStack = [];
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		if (tplStack.length > 0) {
-			if (c === "{") {
-				tplStack[tplStack.length - 1]++;
-				i++;
-				continue;
-			}
-			if (c === "}") {
-				if (tplStack[tplStack.length - 1] === 0) {
-					tplStack.pop();
-					const scan = consumeTemplateString(content, i + 1);
-					if (maskStrings) mask(i + 1, scan.maskEnd);
-					if (scan.openedInterp) tplStack.push(0);
-					i = scan.resumeAt;
-					continue;
-				}
-				tplStack[tplStack.length - 1]--;
-				i++;
-				continue;
-			}
-		}
-		const handled = handleQuotesAndComments(content, i, tplStack, mask, maskStrings);
-		if (handled.handled) {
-			i = handled.nextI;
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
-const consumeQuotedString = (content, start, quote) => {
-	const len = content.length;
-	let i = start + 1;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === quote) return i + 1;
-		if (c === "\n") return i;
-		i++;
-	}
-	return i;
-};
-const consumeTemplateString = (content, start) => {
-	const len = content.length;
-	let i = start;
-	while (i < len) {
-		const c = content[i];
-		if (c === "\\" && i + 1 < len) {
-			i += 2;
-			continue;
-		}
-		if (c === "`") return {
-			maskEnd: i,
-			resumeAt: i + 1,
-			openedInterp: false
-		};
-		if (c === "$" && content[i + 1] === "{") return {
-			maskEnd: i,
-			resumeAt: i + 2,
-			openedInterp: true
-		};
-		i++;
-	}
-	return {
-		maskEnd: i,
-		resumeAt: i,
-		openedInterp: false
-	};
-};
-const maskSimple = (content, family, maskStrings) => {
-	const out = content.split("");
-	const len = content.length;
-	let i = 0;
-	const mask = (start, end) => {
-		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
-	};
-	while (i < len) {
-		const c = content[i];
-		const next = content[i + 1];
-		if (family === "py" && (c === "\"" || c === "'")) {
-			if (content[i + 1] === c && content[i + 2] === c) {
-				const triple = c + c + c;
-				const end = content.indexOf(triple, i + 3);
-				const stop = end === -1 ? len : end + 3;
-				if (maskStrings) mask(i + 3, stop - 3);
-				i = stop;
-				continue;
-			}
-		}
-		if (c === "\"" || c === "'") {
-			const strStart = i;
-			i = consumeQuotedString(content, i, c);
-			if (maskStrings) mask(strStart + 1, i - 1);
-			continue;
-		}
-		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "/") {
-			const strStart = i;
-			while (i < len && content[i] !== "\n") i++;
-			mask(strStart, i);
-			continue;
-		}
-		if (family === "php" && c === "/" && next === "*") {
-			const strStart = i;
-			i += 2;
-			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
-			if (i < len - 1) i += 2;
-			mask(strStart, i);
-			continue;
-		}
-		i++;
-	}
-	return out.join("");
-};
 //#endregion
 //#region src/utils/source-files.ts
 const MAX_BUFFER = 50 * 1024 * 1024;
@@ -713,14 +521,226 @@ const isAutoGenerated = (filePath) => {
 		} catch {}
 	}
 };
-const getSourceFilesForRoot = (rootDirectory) => filterProjectFiles(rootDirectory, listProjectFiles(rootDirectory));
-const getSourceFiles = (context) => {
-	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files);
-	return getSourceFilesForRoot(context.rootDirectory);
+const getSourceFilesForRoot = (rootDirectory) => filterProjectFiles(rootDirectory, listProjectFiles(rootDirectory));
+const getSourceFiles = (context) => {
+	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files);
+	return getSourceFilesForRoot(context.rootDirectory);
+};
+const getSourceFilesWithExtras = (context, extraExtensions) => {
+	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files, extraExtensions);
+	return filterProjectFiles(context.rootDirectory, listProjectFiles(context.rootDirectory), extraExtensions);
+};
+//#endregion
+//#region src/utils/source-masker.ts
+const JS_EXTS$2 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const PY_EXTS = new Set([".py"]);
+const RB_EXTS = new Set([".rb"]);
+const PHP_EXTS = new Set([".php"]);
+const familyForExt = (ext) => {
+	if (JS_EXTS$2.has(ext)) return "js";
+	if (PY_EXTS.has(ext)) return "py";
+	if (RB_EXTS.has(ext)) return "rb";
+	if (PHP_EXTS.has(ext)) return "php";
+	return "none";
+};
+const maskStringsAndComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, true);
+	return maskSimple(content, family, true);
+};
+const maskComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content, false);
+	return maskSimple(content, family, false);
+};
+const handleQuotesAndComments = (content, i, tplStack, mask, maskStrings) => {
+	const len = content.length;
+	const c = content[i];
+	const next = content[i + 1];
+	if (c === "\"" || c === "'") {
+		const strStart = i;
+		const end = consumeQuotedString(content, i, c);
+		if (maskStrings) mask(strStart + 1, end - 1);
+		return {
+			handled: true,
+			nextI: end
+		};
+	}
+	if (c === "`") {
+		const scan = consumeTemplateString(content, i + 1);
+		if (maskStrings) mask(i + 1, scan.maskEnd);
+		if (scan.openedInterp) tplStack.push(0);
+		return {
+			handled: true,
+			nextI: scan.resumeAt
+		};
+	}
+	if (c === "/" && next === "/") {
+		const strStart = i;
+		let k = i;
+		while (k < len && content[k] !== "\n") k++;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	if (c === "/" && next === "*") {
+		const strStart = i;
+		let k = i + 2;
+		while (k < len - 1 && !(content[k] === "*" && content[k + 1] === "/")) k++;
+		if (k < len - 1) k += 2;
+		mask(strStart, k);
+		return {
+			handled: true,
+			nextI: k
+		};
+	}
+	return {
+		handled: false,
+		nextI: i
+	};
+};
+const maskJs = (content, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	const tplStack = [];
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		if (tplStack.length > 0) {
+			if (c === "{") {
+				tplStack[tplStack.length - 1]++;
+				i++;
+				continue;
+			}
+			if (c === "}") {
+				if (tplStack[tplStack.length - 1] === 0) {
+					tplStack.pop();
+					const scan = consumeTemplateString(content, i + 1);
+					if (maskStrings) mask(i + 1, scan.maskEnd);
+					if (scan.openedInterp) tplStack.push(0);
+					i = scan.resumeAt;
+					continue;
+				}
+				tplStack[tplStack.length - 1]--;
+				i++;
+				continue;
+			}
+		}
+		const handled = handleQuotesAndComments(content, i, tplStack, mask, maskStrings);
+		if (handled.handled) {
+			i = handled.nextI;
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+const consumeQuotedString = (content, start, quote) => {
+	const len = content.length;
+	let i = start + 1;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === quote) return i + 1;
+		if (c === "\n") return i;
+		i++;
+	}
+	return i;
+};
+const consumeTemplateString = (content, start) => {
+	const len = content.length;
+	let i = start;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === "`") return {
+			maskEnd: i,
+			resumeAt: i + 1,
+			openedInterp: false
+		};
+		if (c === "$" && content[i + 1] === "{") return {
+			maskEnd: i,
+			resumeAt: i + 2,
+			openedInterp: true
+		};
+		i++;
+	}
+	return {
+		maskEnd: i,
+		resumeAt: i,
+		openedInterp: false
+	};
 };
-const getSourceFilesWithExtras = (context, extraExtensions) => {
-	if (context.files) return filterExplicitFiles(context.rootDirectory, context.files, extraExtensions);
-	return filterProjectFiles(context.rootDirectory, listProjectFiles(context.rootDirectory), extraExtensions);
+const maskSimple = (content, family, maskStrings) => {
+	const out = content.split("");
+	const len = content.length;
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		const next = content[i + 1];
+		if (family === "py" && (c === "\"" || c === "'")) {
+			if (content[i + 1] === c && content[i + 2] === c) {
+				const triple = c + c + c;
+				const end = content.indexOf(triple, i + 3);
+				const stop = end === -1 ? len : end + 3;
+				if (maskStrings) mask(i + 3, stop - 3);
+				i = stop;
+				continue;
+			}
+		}
+		if (c === "\"" || c === "'") {
+			const strStart = i;
+			i = consumeQuotedString(content, i, c);
+			if (maskStrings) mask(strStart + 1, i - 1);
+			continue;
+		}
+		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "/") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "*") {
+			const strStart = i;
+			i += 2;
+			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+			if (i < len - 1) i += 2;
+			mask(strStart, i);
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
 };
 //#endregion
@@ -768,16 +788,14 @@ const detectThinWrappers = (content, relativePath, ext) => {
 	for (const { pattern, extensions } of THIN_WRAPPER_PATTERNS) {
 		if (!extensions.has(ext)) continue;
 		const regex = new RegExp(pattern.source, pattern.flags);
-		let match;
-		while ((match = regex.exec(content)) !== null) {
+		for (const match of content.matchAll(regex)) {
 			const funcName = match[1];
 			const matchText = match[0];
 			const lineNumber = content.slice(0, match.index).split("\n").length;
 			if (DUNDER_PATTERN.test(funcName)) continue;
 			if (FRAMEWORK_METHOD_NAMES.test(funcName)) continue;
 			if (lineNumber >= 2) {
-				const prevLine = lines[lineNumber - 2]?.trim();
-				if (prevLine && prevLine.startsWith("@")) continue;
+				if ((lines[lineNumber - 2]?.trim())?.startsWith("@")) continue;
 			}
 			if (!isIdentityForward(matchText)) continue;
 			if (isUseContextWrapper(matchText)) continue;
@@ -1154,7 +1172,7 @@ const detectDeadCodePatterns = (content, relativePath, ext) => {
 		const nextLine = i + 1 < lines.length ? lines[i + 1]?.trim() : void 0;
 		if (JS_EXTENSIONS$3.has(ext) && /^(?:return|throw)\b/.test(trimmed) && trimmed.endsWith(";") && nextLine && nextLine.length > 0 && !isGuardedSingleLineExit(lines, i) && !isBlockCloserAfterReturn(nextLine) && !nextLine.startsWith("//") && !nextLine.startsWith("/*") && !nextLine.startsWith("case ") && !nextLine.startsWith("default:") && !nextLine.startsWith("if ") && !nextLine.startsWith("if(") && !nextLine.startsWith("else")) diagnostics.push(slop(relativePath, i + 2, "ai-slop/unreachable-code", "warning", "Code after return/throw statement is unreachable", "Remove the unreachable code or restructure the control flow", false));
 		if (/\bif\s*\(\s*(?:false|true|0|1)\s*\)/.test(trimmed) && !trimmed.startsWith("//") && !trimmed.startsWith("*") && !/["'`].*\bif\s*\(/.test(trimmed) && !/\/.*\bif\s*\(/.test(trimmed.replace(/\/\/.*$/, ""))) diagnostics.push(slop(relativePath, i + 1, "ai-slop/constant-condition", "warning", "Conditional with a constant value — likely debugging leftover", "Remove the constant condition or replace with proper logic", false));
-		if (JS_EXTENSIONS$3.has(ext) && /(?:function\s+\w+|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push(slop(relativePath, i + 1, "ai-slop/empty-function", "info", "Empty function body — possible stub or unfinished implementation", "Implement the function body or add a comment explaining why it's empty", false));
+		if (JS_EXTENSIONS$3.has(ext) && /(?:function\s+\w+\s*\([^)]*\)|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push(slop(relativePath, i + 1, "ai-slop/empty-function", "info", "Empty function body — possible stub or unfinished implementation", "Implement the function body or add a comment explaining why it's empty", false));
 	}
 	return diagnostics;
 };
@@ -1540,9 +1558,8 @@ const detectSwallowedExceptions = async (context) => {
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		for (const { pattern, languages, message } of SWALLOWED_EXCEPTION_PATTERNS) {
 			if (!languages.includes(ext)) continue;
-			let match;
 			const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes("g") ? "" : "g"));
-			while ((match = regex.exec(content)) !== null) {
+			for (const match of content.matchAll(regex)) {
 				if (isIntentionalIgnore(match[0], ext)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
 				diagnostics.push({
@@ -1576,222 +1593,62 @@ const detectPackageName = (lines) => {
 		const m = PACKAGE_DECL_RE.exec(line);
 		if (m) return m[1];
 	}
-	return null;
-};
-const PANIC_INTENT_LOOKBACK = 3;
-const hasIntentComment$1 = (lines, panicLineIdx) => {
-	for (let j = panicLineIdx - 1; j >= Math.max(0, panicLineIdx - PANIC_INTENT_LOOKBACK); j--) if (COMMENT_LINE_RE$1.test(lines[j])) return true;
-	return false;
-};
-const isNilGuardPanic = (lines, panicLineIdx, line) => {
-	if (!SHORT_STRING_PANIC_RE.test(line)) return false;
-	for (let j = panicLineIdx - 1; j >= Math.max(0, panicLineIdx - 2); j--) {
-		const prev = lines[j];
-		if (prev.trim() === "") continue;
-		return NIL_GUARD_RE.test(prev);
-	}
-	return false;
-};
-const flagLibraryPanic = (lines, relPath, pkg, out) => {
-	if (pkg === "main") return;
-	for (let i = 0; i < lines.length; i++) {
-		const line = lines[i];
-		if (COMMENT_LINE_RE$1.test(line)) continue;
-		PANIC_CALL_RE.lastIndex = 0;
-		if (!PANIC_CALL_RE.test(line)) continue;
-		if (hasIntentComment$1(lines, i)) continue;
-		if (isNilGuardPanic(lines, i, line)) continue;
-		out.push({
-			filePath: relPath,
-			engine: "ai-slop",
-			rule: "ai-slop/go-library-panic",
-			severity: "warning",
-			message: `\`panic()\` in package \`${pkg}\` (non-main, non-test). Library code should return errors, not unwind the goroutine.`,
-			help: "Convert to `return fmt.Errorf(...)` (or a wrapped error) and let the caller decide. Reserve `panic` for genuinely-impossible states (corrupt internal invariants), and mark those with a comment so future readers know it's intentional.",
-			line: i + 1,
-			column: 1,
-			category: "AI Slop",
-			fixable: false
-		});
-	}
-};
-const detectGoPatterns = async (context) => {
-	const diagnostics = [];
-	const files = getSourceFiles(context);
-	for (const filePath of files) {
-		if (!GO_EXTENSIONS.has(path.extname(filePath))) continue;
-		if (isAutoGenerated(filePath)) continue;
-		if (filePath.endsWith("_test.go")) continue;
-		let content;
-		try {
-			content = fs.readFileSync(filePath, "utf-8");
-		} catch {
-			continue;
-		}
-		const lines = content.split("\n");
-		const pkg = detectPackageName(lines);
-		if (!pkg) continue;
-		flagLibraryPanic(lines, path.relative(context.rootDirectory, filePath), pkg, diagnostics);
-	}
-	return diagnostics;
-};
-//#endregion
-//#region src/engines/ai-slop/hardcoded-config.ts
-const SOURCE_EXTENSIONS = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs",
-	".py",
-	".go",
-	".rs",
-	".rb",
-	".java",
-	".php"
-]);
-const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
-const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
-const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
-const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
-const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
-const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
-const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
-const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
-const PLACEHOLDER_HOSTS = new Set([
-	"example.com",
-	"example.org",
-	"example.net"
-]);
-const LOOPBACK_HOSTS = new Set([
-	"localhost",
-	"127.0.0.1",
-	"0.0.0.0",
-	"::1"
-]);
-const VENDOR_API_DOMAINS = [
-	"github.com",
-	"githubusercontent.com",
-	"googleapis.com",
-	"accounts.google.com",
-	"stripe.com",
-	"openai.com",
-	"anthropic.com",
-	"slack.com",
-	"twilio.com",
-	"sendgrid.com",
-	"mailgun.net",
-	"cloudflare.com",
-	"discord.com",
-	"telegram.org",
-	"login.microsoftonline.com",
-	"graph.microsoft.com",
-	"twitter.com",
-	"x.com",
-	"twimg.com",
-	"t.co",
-	"api.telegram.org"
-];
-const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
-const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
-const HARDCODED_URL_FINDING = {
-	rule: "ai-slop/hardcoded-url",
-	message: "Hardcoded environment URL in production code",
-	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
-};
-const HARDCODED_ID_FINDING = {
-	rule: "ai-slop/hardcoded-id",
-	message: "Hardcoded provider/project ID in production code",
-	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
-};
-const makeFinding = (filePath, line, spec) => ({
-	filePath,
-	engine: "ai-slop",
-	rule: spec.rule,
-	severity: "warning",
-	message: spec.message,
-	help: spec.help,
-	line,
-	column: 0,
-	category: "AI Slop",
-	fixable: false
-});
-const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
-const commentStartsBefore = (line, index, ext) => {
-	const prefix = line.slice(0, index);
-	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
-	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
-	return prefix.includes("//") || prefix.includes("/*");
-};
-const safeUrlHost = (urlText) => {
-	try {
-		return new URL(urlText).hostname.toLowerCase();
-	} catch {
-		return null;
-	}
-};
-const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
-const shouldFlagUrlLiteral = (line, urlText) => {
-	if (isEnvBackedLine(line)) return false;
-	const host = safeUrlHost(urlText);
-	if (!host) return false;
-	if (PLACEHOLDER_HOSTS.has(host)) return false;
-	if (LOOPBACK_HOSTS.has(host)) return false;
-	if (isVendorApiHost(host)) return false;
-	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
-	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
+	return null;
 };
-const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
-const hasUsefulIdShape = (value) => {
-	if (PLACEHOLDER_ID_RE.test(value)) return false;
-	if (ENV_VAR_NAME_RE.test(value)) return false;
-	if (/^https?:\/\//i.test(value)) return false;
-	if (/^[A-Za-z]+$/.test(value)) return false;
-	return /[0-9]/.test(value);
+const PANIC_INTENT_LOOKBACK = 3;
+const hasIntentComment$1 = (lines, panicLineIdx) => {
+	for (let j = panicLineIdx - 1; j >= Math.max(0, panicLineIdx - PANIC_INTENT_LOOKBACK); j--) if (COMMENT_LINE_RE$1.test(lines[j])) return true;
+	return false;
 };
-const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
-	const diagnostics = [];
-	if (isCommentOnlyLine(line.trim())) return diagnostics;
-	URL_LITERAL_RE.lastIndex = 0;
-	let urlMatch;
-	while ((urlMatch = URL_LITERAL_RE.exec(line)) !== null) {
-		const urlText = urlMatch[2];
-		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
-		if (!shouldFlagUrlLiteral(line, urlText)) continue;
-		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
-	}
-	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
-	ID_LITERAL_RE.lastIndex = 0;
-	let idMatch;
-	while ((idMatch = ID_LITERAL_RE.exec(line)) !== null) {
-		const value = idMatch[2];
-		if (commentStartsBefore(line, idMatch.index, ext)) continue;
-		if (!hasUsefulIdShape(value)) continue;
-		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
+const isNilGuardPanic = (lines, panicLineIdx, line) => {
+	if (!SHORT_STRING_PANIC_RE.test(line)) return false;
+	for (let j = panicLineIdx - 1; j >= Math.max(0, panicLineIdx - 2); j--) {
+		const prev = lines[j];
+		if (prev.trim() === "") continue;
+		return NIL_GUARD_RE.test(prev);
 	}
-	return diagnostics;
+	return false;
 };
-const scanFileForConfigLiterals = (content, relativePath, ext) => {
-	if (!SOURCE_EXTENSIONS.has(ext)) return [];
-	if (isNonProductionPath(relativePath)) return [];
-	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
-	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
+const flagLibraryPanic = (lines, relPath, pkg, out) => {
+	if (pkg === "main") return;
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (COMMENT_LINE_RE$1.test(line)) continue;
+		PANIC_CALL_RE.lastIndex = 0;
+		if (!PANIC_CALL_RE.test(line)) continue;
+		if (hasIntentComment$1(lines, i)) continue;
+		if (isNilGuardPanic(lines, i, line)) continue;
+		out.push({
+			filePath: relPath,
+			engine: "ai-slop",
+			rule: "ai-slop/go-library-panic",
+			severity: "warning",
+			message: `\`panic()\` in package \`${pkg}\` (non-main, non-test). Library code should return errors, not unwind the goroutine.`,
+			help: "Convert to `return fmt.Errorf(...)` (or a wrapped error) and let the caller decide. Reserve `panic` for genuinely-impossible states (corrupt internal invariants), and mark those with a comment so future readers know it's intentional.",
+			line: i + 1,
+			column: 1,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
 };
-const detectHardcodedConfigLiterals = async (context) => {
+const detectGoPatterns = async (context) => {
 	const diagnostics = [];
-	for (const filePath of getSourceFiles(context)) {
+	const files = getSourceFiles(context);
+	for (const filePath of files) {
+		if (!GO_EXTENSIONS.has(path.extname(filePath))) continue;
 		if (isAutoGenerated(filePath)) continue;
+		if (filePath.endsWith("_test.go")) continue;
 		let content;
 		try {
 			content = fs.readFileSync(filePath, "utf-8");
 		} catch {
 			continue;
 		}
-		const relativePath = path.relative(context.rootDirectory, filePath);
-		const ext = path.extname(filePath);
-		diagnostics.push(...scanFileForConfigLiterals(maskComments(content, ext), relativePath, ext));
+		const lines = content.split("\n");
+		const pkg = detectPackageName(lines);
+		if (!pkg) continue;
+		flagLibraryPanic(lines, path.relative(context.rootDirectory, filePath), pkg, diagnostics);
 	}
 	return diagnostics;
 };
@@ -1893,15 +1750,18 @@ const readWorkspaceGlobs = (rootDir, rootPkg) => {
 	}
 	return globs;
 };
+const readWorkspaceEntries = (dir) => {
+	try {
+		return fs.readdirSync(dir, { withFileTypes: true });
+	} catch {
+		return [];
+	}
+};
 const expandWorkspaceDirs = (rootDir, globs) => {
 	const dirs = [];
 	for (const glob of globs) if (glob.endsWith("/*")) {
 		const parent = path.join(rootDir, glob.slice(0, -2));
-		try {
-			for (const entry of fs.readdirSync(parent, { withFileTypes: true })) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
-		} catch {
-			continue;
-		}
+		for (const entry of readWorkspaceEntries(parent)) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
 	} else if (!glob.includes("*")) dirs.push(path.join(rootDir, glob));
 	return dirs;
 };
@@ -2534,6 +2394,167 @@ const detectHallucinatedImports = async (context) => {
 	return diagnostics;
 };
+//#endregion
+//#region src/engines/ai-slop/hardcoded-config.ts
+const SOURCE_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
+const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
+const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
+const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
+const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
+const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
+const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
+const PLACEHOLDER_HOSTS = new Set([
+	"example.com",
+	"example.org",
+	"example.net"
+]);
+const LOOPBACK_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1"
+]);
+const VENDOR_API_DOMAINS = [
+	"github.com",
+	"githubusercontent.com",
+	"googleapis.com",
+	"accounts.google.com",
+	"stripe.com",
+	"openai.com",
+	"anthropic.com",
+	"slack.com",
+	"twilio.com",
+	"sendgrid.com",
+	"mailgun.net",
+	"cloudflare.com",
+	"discord.com",
+	"telegram.org",
+	"login.microsoftonline.com",
+	"graph.microsoft.com",
+	"twitter.com",
+	"x.com",
+	"twimg.com",
+	"t.co",
+	"api.telegram.org"
+];
+const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
+const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
+const HARDCODED_URL_FINDING = {
+	rule: "ai-slop/hardcoded-url",
+	message: "Hardcoded environment URL in production code",
+	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
+};
+const HARDCODED_ID_FINDING = {
+	rule: "ai-slop/hardcoded-id",
+	message: "Hardcoded provider/project ID in production code",
+	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
+};
+const makeFinding = (filePath, line, spec) => ({
+	filePath,
+	engine: "ai-slop",
+	rule: spec.rule,
+	severity: "warning",
+	message: spec.message,
+	help: spec.help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
+const commentStartsBefore = (line, index, ext) => {
+	const prefix = line.slice(0, index);
+	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
+	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
+	return prefix.includes("//") || prefix.includes("/*");
+};
+const safeUrlHost = (urlText) => {
+	try {
+		return new URL(urlText).hostname.toLowerCase();
+	} catch {
+		return null;
+	}
+};
+const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
+const shouldFlagUrlLiteral = (line, urlText) => {
+	if (isEnvBackedLine(line)) return false;
+	const host = safeUrlHost(urlText);
+	if (!host) return false;
+	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (LOOPBACK_HOSTS.has(host)) return false;
+	if (isVendorApiHost(host)) return false;
+	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
+	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
+};
+const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
+const hasUsefulIdShape = (value) => {
+	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (ENV_VAR_NAME_RE.test(value)) return false;
+	if (/^https?:\/\//i.test(value)) return false;
+	if (/^[A-Za-z]+$/.test(value)) return false;
+	return /[0-9]/.test(value);
+};
+const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
+	const diagnostics = [];
+	if (isCommentOnlyLine(line.trim())) return diagnostics;
+	for (const urlMatch of line.matchAll(URL_LITERAL_RE)) {
+		const urlText = urlMatch[2];
+		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
+		if (!shouldFlagUrlLiteral(line, urlText)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
+	}
+	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
+	for (const idMatch of line.matchAll(ID_LITERAL_RE)) {
+		const value = idMatch[2];
+		if (commentStartsBefore(line, idMatch.index, ext)) continue;
+		if (!hasUsefulIdShape(value)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
+	}
+	return diagnostics;
+};
+const scanFileForConfigLiterals = (content, relativePath, ext) => {
+	if (!SOURCE_EXTENSIONS.has(ext)) return [];
+	if (isNonProductionPath(relativePath)) return [];
+	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
+	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
+};
+const detectHardcodedConfigLiterals = async (context) => {
+	const diagnostics = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const ext = path.extname(filePath);
+		diagnostics.push(...scanFileForConfigLiterals(maskComments(content, ext), relativePath, ext));
+	}
+	return diagnostics;
+};
+//#endregion
+//#region src/utils/suppress.ts
+const DIRECTIVE_RE = /(?:\/\/|\/\*|#|<!--|\*)\s*aislop-ignore-(next-line|line|file)\b([^\n]*)/;
+const isAislopDirectiveLine = (line) => DIRECTIVE_RE.test(line);
 //#endregion
 //#region src/engines/ai-slop/comment-blocks.ts
 const stripJsdocLine = (line) => line.replace(/^\s*\/\*\*+\s?/, "").replace(/\s*\*+\/\s*$/, "").replace(/^\s*\*\s?/, "").trim();
@@ -2557,6 +2578,7 @@ const getCommentSyntax = (ext) => {
 };
 const getMatchedLinePrefix = (line, syntax) => {
 	const trimmed = line.trimStart();
+	if (isAislopDirectiveLine(trimmed)) return null;
 	for (const prefix of syntax.linePrefixes) {
 		if (!trimmed.startsWith(prefix)) continue;
 		if (prefix === "#" && trimmed.startsWith("#!")) return null;
@@ -3356,9 +3378,7 @@ const isLogOnlyBody = (body) => {
 };
 const detectJsSilentRecovery = (content, relPath) => {
 	const out = [];
-	CATCH_HEAD_RE.lastIndex = 0;
-	let match;
-	while ((match = CATCH_HEAD_RE.exec(content)) !== null) {
+	for (const match of content.matchAll(CATCH_HEAD_RE)) {
 		const body = extractCatchBody(content, match.index + match[0].length - 1);
 		if (body === null) continue;
 		if (!isLogOnlyBody(body)) continue;
@@ -3534,18 +3554,22 @@ const extractPyImportedSymbols = (lines) => {
 			}
 			continue;
 		}
-		const importMatch = trimmed.match(/^import\s+([\w.]+)(?:\s+as\s+(\w+))?/);
+		const importMatch = trimmed.match(/^import\s+(.+)/);
 		if (importMatch) {
 			importLines.add(i);
-			const alias = importMatch[2];
-			if (alias && alias === importMatch[1]) continue;
-			const simpleName = (alias ?? importMatch[1]).split(".")[0];
-			if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
-				name: simpleName,
-				line: i + 1,
-				isDefault: false,
-				isNamespace: true
-			});
+			for (const clause of importMatch[1].replace(/#.*$/, "").split(",")) {
+				const clauseMatch = clause.trim().match(/^([\w.]+)(?:\s+as\s+(\w+))?/);
+				if (!clauseMatch) continue;
+				const alias = clauseMatch[2];
+				if (alias && alias === clauseMatch[1]) continue;
+				const simpleName = (alias ?? clauseMatch[1]).split(".")[0];
+				if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
+					name: simpleName,
+					line: i + 1,
+					isDefault: false,
+					isNamespace: true
+				});
+			}
 		}
 	}
 	return {
@@ -3555,8 +3579,7 @@ const extractPyImportedSymbols = (lines) => {
 };
 const isSymbolUsed = (name, content, importLines, lines) => {
 	const pattern = new RegExp(`\\b${name}\\b`, "g");
-	let match;
-	while ((match = pattern.exec(content)) !== null) {
+	for (const match of content.matchAll(pattern)) {
 		const lineIndex = content.slice(0, match.index).split("\n").length - 1;
 		if (!importLines.has(lineIndex)) return true;
 	}
@@ -3657,6 +3680,18 @@ const aiSlopEngine = {
 //#endregion
 //#region src/engines/architecture/matchers.ts
+const REGEX_SPECIAL_CHARS = new Set([
+	".",
+	"+",
+	"^",
+	"$",
+	"{",
+	"}",
+	"(",
+	")",
+	"|",
+	"\\"
+]);
 const minimatch = (filePath, pattern) => {
 	let regex = "";
 	let i = 0;
@@ -3681,7 +3716,7 @@ const minimatch = (filePath, pattern) => {
 				regex += pattern.slice(i, closeIndex + 1);
 				i = closeIndex + 1;
 			}
-		} else if (".+^${}()|\\".includes(ch)) {
+		} else if (REGEX_SPECIAL_CHARS.has(ch)) {
 			regex += `\\${ch}`;
 			i++;
 		} else {
@@ -3701,27 +3736,15 @@ const extractImports = (content, ext) => {
 		".mjs",
 		".cjs"
 	].includes(ext)) {
-		const esPattern = /(?:import|from)\s+["']([^"']+)["']/g;
-		let match;
-		while ((match = esPattern.exec(content)) !== null) imports.push(match[1]);
-		const reqPattern = /require\s*\(\s*["']([^"']+)["']\s*\)/g;
-		while ((match = reqPattern.exec(content)) !== null) imports.push(match[1]);
-	}
-	if (ext === ".py") {
-		const pyPattern = /(?:from|import)\s+([\w.]+)/g;
-		let match;
-		while ((match = pyPattern.exec(content)) !== null) imports.push(match[1]);
+		for (const match of content.matchAll(/(?:import|from)\s+["']([^"']+)["']/g)) imports.push(match[1]);
+		for (const match of content.matchAll(/require\s*\(\s*["']([^"']+)["']\s*\)/g)) imports.push(match[1]);
 	}
+	if (ext === ".py") for (const match of content.matchAll(/(?:from|import)\s+([\w.]+)/g)) imports.push(match[1]);
 	if (ext === ".go") {
-		const goSingleImport = /^\s*import\s+"([^"]+)"/gm;
-		let match;
-		while ((match = goSingleImport.exec(content)) !== null) imports.push(match[1]);
-		const goMultiImport = /import\s*\(([^)]*)\)/gs;
-		while ((match = goMultiImport.exec(content)) !== null) {
+		for (const match of content.matchAll(/^\s*import\s+"([^"]+)"/gm)) imports.push(match[1]);
+		for (const match of content.matchAll(/import\s*\(([^)]*)\)/gs)) {
 			const block = match[1];
-			const pkgPattern = /"([^"]+)"/g;
-			let pkgMatch;
-			while ((pkgMatch = pkgPattern.exec(block)) !== null) imports.push(pkgMatch[1]);
+			for (const pkgMatch of block.matchAll(/"([^"]+)"/g)) imports.push(pkgMatch[1]);
 		}
 	}
 	return imports;
@@ -3848,10 +3871,10 @@ const architectureEngine = {
 //#endregion
 //#region src/engines/code-quality/function-boundaries.ts
 const PYTHON_CONTROL_FLOW_RE = /^\s*(?:if|for|while|with|try|except|else|elif|finally|def|class)\b/;
-const ARROW_BLOCK_RE = /* @__PURE__ */ new RegExp("=>\\s*\\{");
-const ARROW_END_RE = /* @__PURE__ */ new RegExp("=>\\s*$");
-const BRACE_START_RE = /* @__PURE__ */ new RegExp("^\\s*\\{");
-const NEW_STATEMENT_RE = /* @__PURE__ */ new RegExp("^(?:export\\s+)?(?:const|let|var|function|class)\\s");
+const ARROW_BLOCK_RE = /=>\s*\{/;
+const ARROW_END_RE = /=>\s*$/;
+const BRACE_START_RE = /^\s*\{/;
+const NEW_STATEMENT_RE = /^(?:export\s+)?(?:const|let|var|function|class)\s/;
 const isControlFlowBrace = (lineText, braceIndex) => {
 	const before = lineText.substring(0, braceIndex).trimEnd();
 	if (before.endsWith(")")) return true;
@@ -4037,14 +4060,14 @@ const countTemplateLines = (bodyLines) => {
 	let templateLineCount = 0;
 	for (const line of bodyLines) {
 		const startedInside = insideTemplate;
-		let escape = false;
+		let escaped = false;
 		for (const ch of line) {
-			if (escape) {
-				escape = false;
+			if (escaped) {
+				escaped = false;
 				continue;
 			}
 			if (ch === "\\") {
-				escape = true;
+				escaped = true;
 				continue;
 			}
 			if (ch === "`") insideTemplate = !insideTemplate;
@@ -4964,9 +4987,7 @@ const runRuffFormat = async (context) => {
 };
 const parseRuffFormatOutput = (output, rootDir) => {
 	const diagnostics = [];
-	const filePattern = /^--- (.+)$/gm;
-	let match;
-	while ((match = filePattern.exec(output)) !== null) {
+	for (const match of output.matchAll(/^--- (.+)$/gm)) {
 		const filePath = getRuffDiagnosticPath(rootDir, match[1]);
 		diagnostics.push({
 			filePath,
@@ -4993,10 +5014,10 @@ const formatEngine = {
 		const { languages, installedTools } = context;
 		const promises = [];
 		if (languages.includes("typescript") || languages.includes("javascript")) promises.push(runBiomeFormat(context));
-		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffFormat(context));
-		if (languages.includes("go") && installedTools["gofmt"]) promises.push(runGofmt(context));
-		if (languages.includes("rust") && installedTools["rustfmt"]) promises.push(runGenericFormatter(context, "rust"));
-		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericFormatter(context, "ruby"));
+		if (languages.includes("python") && installedTools.ruff) promises.push(runRuffFormat(context));
+		if (languages.includes("go") && installedTools.gofmt) promises.push(runGofmt(context));
+		if (languages.includes("rust") && installedTools.rustfmt) promises.push(runGenericFormatter(context, "rust"));
+		if (languages.includes("ruby") && installedTools.rubocop) promises.push(runGenericFormatter(context, "ruby"));
 		if (languages.includes("php") && installedTools["php-cs-fixer"]) promises.push(runGenericFormatter(context, "php"));
 		const results = await Promise.allSettled(promises);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
@@ -5200,6 +5221,8 @@ const createOxlintConfig = (options) => {
 	if (options.mode === "fix") {
 		rules["no-unused-vars"] = "off";
 		rules["react-hooks/exhaustive-deps"] = "off";
+		rules["jsx-a11y/no-aria-hidden-on-focusable"] = "off";
+		rules["unicorn/no-useless-fallback-in-spread"] = "off";
 	}
 	const plugins = [
 		"import",
@@ -5364,9 +5387,7 @@ const collectAmbientGlobals = (rootDir) => {
 		if (!relativePath.endsWith(".d.ts")) continue;
 		const content = readTextFile$1(path.join(rootDir, relativePath));
 		if (!content) continue;
-		AMBIENT_GLOBAL_RE.lastIndex = 0;
-		let match;
-		while ((match = AMBIENT_GLOBAL_RE.exec(content)) !== null) globals.add(match[1]);
+		for (const match of content.matchAll(AMBIENT_GLOBAL_RE)) globals.add(match[1]);
 	}
 	const deps = collectPackageNames(rootDir);
 	if (deps.has("@types/bun") || deps.has("bun-types")) globals.add("Bun");
@@ -5582,10 +5603,10 @@ const lintEngine = {
 			if (context.config.lint.typecheck) promises.push(import("./typecheck-By967nny.js").then((mod) => mod.runTypecheck(context)));
 		}
 		if (context.frameworks.includes("expo")) promises.push(import("./expo-doctor-T4DswmX5.js").then((mod) => mod.runExpoDoctor(context)));
-		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffLint(context));
+		if (languages.includes("python") && installedTools.ruff) promises.push(runRuffLint(context));
 		if (languages.includes("go") && installedTools["golangci-lint"]) promises.push(runGolangciLint(context));
-		if (languages.includes("rust") && installedTools["cargo"]) promises.push(runGenericLinter(context, "rust"));
-		if (languages.includes("ruby") && installedTools["rubocop"]) promises.push(runGenericLinter(context, "ruby"));
+		if (languages.includes("rust") && installedTools.cargo) promises.push(runGenericLinter(context, "rust"));
+		if (languages.includes("ruby") && installedTools.rubocop) promises.push(runGenericLinter(context, "ruby"));
 		const results = await Promise.allSettled(promises);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
 		return {
@@ -5615,7 +5636,7 @@ const runDependencyAudit = async (context) => {
 		else if (fs.existsSync(path.join(context.rootDirectory, "package-lock.json")) || fs.existsSync(path.join(context.rootDirectory, "package.json"))) promises.push(runNpmAudit(context.rootDirectory, timeout));
 	}
 	if (context.languages.includes("python") && context.installedTools["pip-audit"]) promises.push(runPipAudit(context.rootDirectory, timeout));
-	if (context.languages.includes("go") && context.installedTools["govulncheck"]) promises.push(runGovulncheck(context.rootDirectory, timeout));
+	if (context.languages.includes("go") && context.installedTools.govulncheck) promises.push(runGovulncheck(context.rootDirectory, timeout));
 	if (context.languages.includes("rust")) promises.push(runCargoAudit(context.rootDirectory, timeout));
 	const results = await Promise.allSettled(promises);
 	for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
@@ -5720,9 +5741,12 @@ const parseLegacyAdvisories = (advisories, source) => {
 	for (const [key, advisory] of Object.entries(advisories)) upsertVuln(bucket, advisory.module_name ?? advisory.name ?? advisory.package ?? key, (advisory.severity ?? "moderate").toLowerCase(), advisory.recommendation ?? advisory.title ?? "");
 	return [...bucket.values()].map((agg) => aggregateToDiagnostic(agg, source));
 };
+const carriesAdvisory = (vulnerability) => Array.isArray(vulnerability.via) && vulnerability.via.some((entry) => entry !== null && typeof entry === "object");
 const parseModernVulnerabilities = (vulnerabilities, source) => {
 	const bucket = /* @__PURE__ */ new Map();
+	const hasRootCauses = Object.values(vulnerabilities).some(carriesAdvisory);
 	for (const [packageName, vulnerability] of Object.entries(vulnerabilities)) {
+		if (hasRootCauses && !carriesAdvisory(vulnerability)) continue;
 		const severity = (vulnerability.severity ?? "moderate").toLowerCase();
 		const fixAvailable = vulnerability.fixAvailable;
 		const isDirect = vulnerability.isDirect === true;
@@ -6010,8 +6034,7 @@ const detectRiskyConstructs = async (context) => {
 			if (!extensions.includes(ext)) continue;
 			if (isMigrationOrSeeder && name === "sql-injection") continue;
 			const regex = new RegExp(pattern.source, pattern.flags);
-			let match;
-			while ((match = regex.exec(masked)) !== null) {
+			for (const match of masked.matchAll(regex)) {
 				const line = content.slice(0, match.index).split("\n").length;
 				if (name === "innerhtml") {
 					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
@@ -6143,8 +6166,7 @@ const scanSecrets = async (context) => {
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		for (const { pattern, name, keywordPrefixed } of SECRET_PATTERNS) {
 			const regex = new RegExp(pattern.source, pattern.flags);
-			let match;
-			while ((match = regex.exec(content)) !== null) {
+			for (const match of content.matchAll(regex)) {
 				if (isPlaceholderValue(match[1] ?? match[0])) continue;
 				if (keywordPrefixed && isInsideStringLiteral(content, match.index)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
@@ -6265,6 +6287,64 @@ const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoot
 //#endregion
 //#region src/utils/discover.ts
+const UNSUPPORTED_CODE_EXTENSIONS = {
+	".c": "C/C++",
+	".h": "C/C++",
+	".cc": "C/C++",
+	".cpp": "C/C++",
+	".cxx": "C/C++",
+	".hpp": "C/C++",
+	".hh": "C/C++",
+	".hxx": "C/C++",
+	".cs": "C#",
+	".swift": "Swift",
+	".kt": "Kotlin",
+	".kts": "Kotlin",
+	".m": "Objective-C",
+	".mm": "Objective-C",
+	".scala": "Scala",
+	".dart": "Dart",
+	".ex": "Elixir",
+	".exs": "Elixir",
+	".erl": "Erlang",
+	".hs": "Haskell",
+	".clj": "Clojure",
+	".cljs": "Clojure",
+	".lua": "Lua",
+	".jl": "Julia",
+	".zig": "Zig",
+	".nim": "Nim",
+	".ml": "OCaml",
+	".fs": "F#",
+	".sol": "Solidity",
+	".groovy": "Groovy"
+};
+const analyzeCoverage = (rootDirectory, excludePatterns = []) => {
+	const allFiles = listProjectFiles(rootDirectory);
+	const supportedFiles = filterProjectFiles(rootDirectory, allFiles, [], excludePatterns).length;
+	const counts = /* @__PURE__ */ new Map();
+	let unsupportedFiles = 0;
+	const candidates = filterProjectFiles(rootDirectory, allFiles, Object.keys(UNSUPPORTED_CODE_EXTENSIONS), excludePatterns);
+	for (const file of candidates) {
+		const lang = UNSUPPORTED_CODE_EXTENSIONS[path.extname(file).toLowerCase()];
+		if (!lang) continue;
+		unsupportedFiles += 1;
+		counts.set(lang, (counts.get(lang) ?? 0) + 1);
+	}
+	let dominantUnsupported = null;
+	let max = 0;
+	for (const [lang, count] of counts) if (count > max) {
+		max = count;
+		dominantUnsupported = lang;
+	}
+	const negligible = supportedFiles === 0 || unsupportedFiles >= 10 && unsupportedFiles > supportedFiles * 3;
+	return {
+		supportedFiles,
+		unsupportedFiles,
+		dominantUnsupported,
+		scoreable: !negligible
+	};
+};
 const LANGUAGE_SIGNALS = {
 	"tsconfig.json": "typescript",
 	"go.mod": "go",
@@ -6384,11 +6464,12 @@ const checkInstalledTools = async () => {
 	}));
 	return results;
 };
-const discoverProject = async (directory) => {
+const discoverProject = async (directory, excludePatterns = []) => {
 	const resolvedDir = path.resolve(directory);
 	const languages = detectLanguages(resolvedDir);
 	const frameworks = detectFrameworks(resolvedDir);
 	const sourceFileCount = countSourceFiles(resolvedDir);
+	const coverage = analyzeCoverage(resolvedDir, excludePatterns);
 	const installedTools = await checkInstalledTools();
 	return {
 		rootDirectory: resolvedDir,
@@ -6396,6 +6477,7 @@ const discoverProject = async (directory) => {
 		languages,
 		frameworks,
 		sourceFileCount,
+		coverage,
 		installedTools
 	};
 };
@@ -6615,10 +6697,6 @@ const handleAislopBaseline = (input) => {
 	};
 };
-//#endregion
-//#region src/version.ts
-const APP_VERSION = "0.10.1";
 //#endregion
 //#region src/telemetry/env.ts
 const detectPackageManager = (env = process.env) => {
@@ -6813,9 +6891,14 @@ const track = (input) => {
 	pendingRequests.add(request);
 	return { installCreated };
 };
-const flushTelemetry = async () => {
+const flushTelemetry = async (timeoutMs) => {
 	if (pendingRequests.size === 0) return;
-	await Promise.all(pendingRequests);
+	const all = Promise.all(pendingRequests);
+	if (timeoutMs == null) {
+		await all;
+		return;
+	}
+	await Promise.race([all, new Promise((resolve) => setTimeout(resolve, timeoutMs))]);
 };
 //#endregion