aislop 0.5.0 → 0.6.0

package/dist/cli.js

@@ -12,6 +12,7 @@ import { fileURLToPath } from "node:url";
 import os from "node:os";
 import ts from "typescript";
 import wcwidth from "wcwidth";
+import crypto from "node:crypto";
 import { isCancel, multiselect, select, text } from "@clack/prompts";
 
 //#region \0rolldown/runtime.js
@@ -982,7 +983,7 @@ const detectSwallowedExceptions = async (context) => {
 };
 
 //#endregion
-//#region src/engines/ai-slop/narrative-comments.ts
+//#region src/engines/ai-slop/narrative-comments-patterns.ts
 const DECORATIVE_SEPARATOR = /^[-=─━~_*#]{6,}$/;
 const DECORATIVE_SECTION_HEADER = /^[-=─━~_*#]{3,}[\s\S]+?[-=─━~_*#]{3,}$/;
 const SECTION_HEADER = /^(Phase|Step|Section|Part)\s+\d+[:.-]/i;
@@ -1025,7 +1026,49 @@ const MEANINGFUL_JSDOC_TAGS = new Set([
 	"todo",
 	"link",
 	"license",
-	"preserve"
+	"preserve",
+	"swagger",
+	"openapi",
+	"route",
+	"group",
+	"summary",
+	"description",
+	"operationid",
+	"response",
+	"responses",
+	"request",
+	"requestbody",
+	"security",
+	"tag",
+	"tags",
+	"path",
+	"body",
+	"query",
+	"queryparam",
+	"header",
+	"headers",
+	"produces",
+	"accept",
+	"middleware",
+	"api",
+	"apiname",
+	"apidefine",
+	"apigroup",
+	"apiparam",
+	"apiquery",
+	"apibody",
+	"apiheader",
+	"apisuccess",
+	"apierror",
+	"apiexample",
+	"apiversion",
+	"apidescription",
+	"apipermission",
+	"apiuse",
+	"apiignore",
+	"apiprivate",
+	"namespace",
+	"category"
 ]);
 const SUPPORTED_EXTS = new Set([
 	".ts",
@@ -1041,6 +1084,19 @@ const SUPPORTED_EXTS = new Set([
 	".java",
 	".php"
 ]);
+const DECL_START = /^(\s*)(export\s+)?(async\s+)?(const|let|var|function|class|type|interface|enum|abstract\s+class)\s+/;
+const EXPORT_DEFAULT = /^\s*export\s+default\b/;
+const TS_MEMBER_DECL_START = /^\s*(?:readonly\s+|static\s+|public\s+|private\s+|protected\s+|abstract\s+|override\s+)*[\w$]+\??\s*:/;
+const PY_DECL_START = /^\s*(async\s+def|def|class)\s+/;
+const GO_DECL_START = /^\s*(func|type|var|const)\s+/;
+const RUST_DECL_START = /^\s*(pub\s+)?(async\s+)?(fn|struct|enum|trait|impl|const|static|type|mod)\s+/;
+const RUBY_DECL_START = /^\s*(class|module|def)\s+/;
+const JAVA_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|sealed|non-sealed|\s)+(?:class|interface|enum|record|@interface|\w[^(){};=]*\s+\w+\s*\()/;
+const JAVA_DECL_START_FALLBACK = /^\s*(class|interface|enum|record|@interface)\s+/;
+const PHP_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|readonly\s+)*(function|class|interface|trait|enum|const)\s+/;
+
+//#endregion
+//#region src/engines/ai-slop/narrative-comments.ts
 const stripJsdocLine = (line) => line.replace(/^\s*\/\*\*+\s?/, "").replace(/\s*\*+\/\s*$/, "").replace(/^\s*\*\s?/, "").trim();
 const stripLineComment = (line) => line.replace(/^\s*(?:(?:\/\/)|#)\s?/, "");
 const getCommentSyntax = (ext) => {
@@ -1132,16 +1188,6 @@ const collectBlocks = (sourceLines, syntax) => {
 	}
 	return blocks;
 };
-const DECL_START = /^(\s*)(export\s+)?(async\s+)?(const|let|var|function|class|type|interface|enum|abstract\s+class)\s+/;
-const EXPORT_DEFAULT = /^\s*export\s+default\b/;
-const TS_MEMBER_DECL_START = /^\s*(?:readonly\s+|static\s+|public\s+|private\s+|protected\s+|abstract\s+|override\s+)*[\w$]+\??\s*:/;
-const PY_DECL_START = /^\s*(async\s+def|def|class)\s+/;
-const GO_DECL_START = /^\s*(func|type|var|const)\s+/;
-const RUST_DECL_START = /^\s*(pub\s+)?(async\s+)?(fn|struct|enum|trait|impl|const|static|type|mod)\s+/;
-const RUBY_DECL_START = /^\s*(class|module|def)\s+/;
-const JAVA_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|sealed|non-sealed|\s)+(?:class|interface|enum|record|@interface|\w[^(){};=]*\s+\w+\s*\()/;
-const JAVA_DECL_START_FALLBACK = /^\s*(class|interface|enum|record|@interface)\s+/;
-const PHP_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|readonly\s+)*(function|class|interface|trait|enum|const)\s+/;
 const looksLikeDeclarationPreamble = (nextLine, ext) => {
 	if (nextLine === null) return false;
 	if (DECL_START.test(nextLine) || EXPORT_DEFAULT.test(nextLine)) return true;
@@ -1682,72 +1728,12 @@ const architectureEngine = {
 };
 
 //#endregion
-//#region src/engines/code-quality/complexity.ts
-const FUNCTION_PATTERNS = [
-	{
-		regex: /^\s*(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\(([^)]*)\)/,
-		langFilter: [
-			".js",
-			".ts",
-			".jsx",
-			".tsx",
-			".mjs",
-			".cjs"
-		]
-	},
-	{
-		regex: /^\s*(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\(([^)]*)\)\s*(?:=>|:\s*\w)/,
-		langFilter: [
-			".js",
-			".ts",
-			".jsx",
-			".tsx",
-			".mjs",
-			".cjs"
-		]
-	},
-	{
-		regex: /^\s*def\s+(\w+)\s*\(([^)]*)\)/,
-		langFilter: [".py"]
-	},
-	{
-		regex: /^\s*func\s+(?:\([^)]*\)\s+)?(\w+)\s*\(([^)]*)\)/,
-		langFilter: [".go"]
-	},
-	{
-		regex: /^\s*fn\s+(\w+)\s*\(([^)]*)\)/,
-		langFilter: [".rs"]
-	},
-	{
-		regex: /^\s*(?:public|private|protected)?\s*(?:static\s+)?(?:\w+\s+)(\w+)\s*\(([^)]*)\)/,
-		langFilter: [
-			".java",
-			".cs",
-			".cpp",
-			".c",
-			".php"
-		]
-	}
-];
-const countParams = (p) => p.trim() ? p.split(",").length : 0;
-const matchFunctionOnLine = (line, ext) => {
-	for (let i = 0; i < FUNCTION_PATTERNS.length; i++) {
-		const pattern = FUNCTION_PATTERNS[i];
-		if (!pattern.langFilter.includes(ext)) continue;
-		const match = line.match(pattern.regex);
-		if (match) return {
-			name: match[1],
-			params: match[2] ?? "",
-			patternIndex: i
-		};
-	}
-	return null;
-};
+//#region src/engines/code-quality/function-boundaries.ts
 const PYTHON_CONTROL_FLOW_RE = /^\s*(?:if|for|while|with|try|except|else|elif|finally|def|class)\b/;
-const findFunctionEnd = (lines, startIndex, isPython) => {
-	if (isPython) return findPythonFunctionEnd(lines, startIndex);
-	return findBraceFunctionEnd(lines, startIndex);
-};
+const ARROW_BLOCK_RE = /* @__PURE__ */ new RegExp("=>\\s*\\{");
+const ARROW_END_RE = /* @__PURE__ */ new RegExp("=>\\s*$");
+const BRACE_START_RE = /* @__PURE__ */ new RegExp("^\\s*\\{");
+const NEW_STATEMENT_RE = /* @__PURE__ */ new RegExp("^(?:export\\s+)?(?:const|let|var|function|class)\\s");
 const isControlFlowBrace = (lineText, braceIndex) => {
 	const before = lineText.substring(0, braceIndex).trimEnd();
 	if (before.endsWith(")")) return true;
@@ -1827,16 +1813,10 @@ const findPythonFunctionEnd = (lines, startIndex) => {
 		maxNesting
 	};
 };
-const isDataFile = (content) => {
-	const nonEmpty = content.split("\n").filter((l) => l.trim().length > 0);
-	if (nonEmpty.length === 0) return false;
-	const dataLinePattern = /^\s*[{}[\]"']/;
-	return nonEmpty.filter((l) => dataLinePattern.test(l)).length / nonEmpty.length > .8;
+const findFunctionEnd = (lines, startIndex, isPython) => {
+	if (isPython) return findPythonFunctionEnd(lines, startIndex);
+	return findBraceFunctionEnd(lines, startIndex);
 };
-const ARROW_BLOCK_RE = /* @__PURE__ */ new RegExp("=>\\s*\\{");
-const ARROW_END_RE = /* @__PURE__ */ new RegExp("=>\\s*$");
-const BRACE_START_RE = /* @__PURE__ */ new RegExp("^\\s*\\{");
-const NEW_STATEMENT_RE = /* @__PURE__ */ new RegExp("^(?:export\\s+)?(?:const|let|var|function|class)\\s");
 const isBlockArrow = (lines, startIndex) => {
 	if (ARROW_BLOCK_RE.test(lines[startIndex])) return true;
 	if (ARROW_END_RE.test(lines[startIndex])) {
@@ -1872,6 +1852,75 @@ const countTemplateLines = (bodyLines) => {
 	}
 	return templateLineCount;
 };
+
+//#endregion
+//#region src/engines/code-quality/complexity.ts
+const FUNCTION_PATTERNS = [
+	{
+		regex: /^\s*(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [
+			".js",
+			".ts",
+			".jsx",
+			".tsx",
+			".mjs",
+			".cjs"
+		]
+	},
+	{
+		regex: /^\s*(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\(([^)]*)\)\s*(?:=>|:\s*\w)/,
+		langFilter: [
+			".js",
+			".ts",
+			".jsx",
+			".tsx",
+			".mjs",
+			".cjs"
+		]
+	},
+	{
+		regex: /^\s*def\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".py"]
+	},
+	{
+		regex: /^\s*func\s+(?:\([^)]*\)\s+)?(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".go"]
+	},
+	{
+		regex: /^\s*fn\s+(\w+)\s*\(([^)]*)\)/,
+		langFilter: [".rs"]
+	},
+	{
+		regex: /^\s*(?:public|private|protected)?\s*(?:static\s+)?(?:\w+\s+)(\w+)\s*\(([^)]*)\)/,
+		langFilter: [
+			".java",
+			".cs",
+			".cpp",
+			".c",
+			".php"
+		]
+	}
+];
+const countParams = (p) => p.trim() ? p.split(",").length : 0;
+const matchFunctionOnLine = (line, ext) => {
+	for (let i = 0; i < FUNCTION_PATTERNS.length; i++) {
+		const pattern = FUNCTION_PATTERNS[i];
+		if (!pattern.langFilter.includes(ext)) continue;
+		const match = line.match(pattern.regex);
+		if (match) return {
+			name: match[1],
+			params: match[2] ?? "",
+			patternIndex: i
+		};
+	}
+	return null;
+};
+const isDataFile = (content) => {
+	const nonEmpty = content.split("\n").filter((l) => l.trim().length > 0);
+	if (nonEmpty.length === 0) return false;
+	const dataLinePattern = /^\s*[{}[\]"']/;
+	return nonEmpty.filter((l) => dataLinePattern.test(l)).length / nonEmpty.length > .8;
+};
 const analyzeFunctions = (content, ext) => {
 	const lines = content.split("\n");
 	const functions = [];
@@ -1894,13 +1943,14 @@ const analyzeFunctions = (content, ext) => {
 	}
 	return functions;
 };
+const JSX_FILE_LOC_MULTIPLIER = 1.5;
 const checkFileDiagnostics = (relativePath, content, limits) => {
 	const results = [];
 	const lineCount = content.split("\n").length;
 	const ext = path.extname(relativePath).toLowerCase();
 	if (isDataFile(content)) return results;
-	const effectiveMax = ext === ".jsx" || ext === ".tsx" ? limits.maxFileLoc * 2 : limits.maxFileLoc;
-	if (lineCount > Math.ceil(effectiveMax * 1.1)) results.push({
+	const effectiveMax = ext === ".jsx" || ext === ".tsx" ? Math.ceil(limits.maxFileLoc * JSX_FILE_LOC_MULTIPLIER) : limits.maxFileLoc;
+	if (lineCount > effectiveMax) results.push({
 		filePath: relativePath,
 		engine: "code-quality",
 		rule: "complexity/file-too-large",
@@ -3581,6 +3631,216 @@ const runCargoAudit = async (rootDir, timeout) => {
 	}
 };
 
+//#endregion
+//#region src/utils/source-masker.ts
+const JS_EXTS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const PY_EXTS = new Set([".py"]);
+const RB_EXTS = new Set([".rb"]);
+const PHP_EXTS = new Set([".php"]);
+const familyForExt = (ext) => {
+	if (JS_EXTS.has(ext)) return "js";
+	if (PY_EXTS.has(ext)) return "py";
+	if (RB_EXTS.has(ext)) return "rb";
+	if (PHP_EXTS.has(ext)) return "php";
+	return "none";
+};
+const maskStringsAndComments = (content, ext) => {
+	const family = familyForExt(ext);
+	if (family === "none") return content;
+	if (family === "js") return maskJs(content);
+	return maskSimple(content, family);
+};
+const maskJs = (content) => {
+	const out = content.split("");
+	const len = content.length;
+	const tplStack = [];
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		const next = content[i + 1];
+		if (tplStack.length > 0) {
+			if (c === "{") {
+				tplStack[tplStack.length - 1]++;
+				i++;
+				continue;
+			}
+			if (c === "}") {
+				if (tplStack[tplStack.length - 1] === 0) {
+					tplStack.pop();
+					const scan = consumeTemplateString(content, i + 1);
+					mask(i + 1, scan.maskEnd);
+					if (scan.openedInterp) tplStack.push(0);
+					i = scan.resumeAt;
+					continue;
+				}
+				tplStack[tplStack.length - 1]--;
+				i++;
+				continue;
+			}
+			if (c === "\"" || c === "'") {
+				const strStart = i;
+				i = consumeQuotedString(content, i, c);
+				mask(strStart + 1, i - 1);
+				continue;
+			}
+			if (c === "`") {
+				const scan = consumeTemplateString(content, i + 1);
+				mask(i + 1, scan.maskEnd);
+				if (scan.openedInterp) tplStack.push(0);
+				i = scan.resumeAt;
+				continue;
+			}
+			if (c === "/" && next === "/") {
+				const strStart = i;
+				while (i < len && content[i] !== "\n") i++;
+				mask(strStart, i);
+				continue;
+			}
+			if (c === "/" && next === "*") {
+				const strStart = i;
+				i += 2;
+				while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+				if (i < len - 1) i += 2;
+				mask(strStart, i);
+				continue;
+			}
+			i++;
+			continue;
+		}
+		if (c === "\"" || c === "'") {
+			const strStart = i;
+			i = consumeQuotedString(content, i, c);
+			mask(strStart + 1, i - 1);
+			continue;
+		}
+		if (c === "`") {
+			const scan = consumeTemplateString(content, i + 1);
+			mask(i + 1, scan.maskEnd);
+			if (scan.openedInterp) tplStack.push(0);
+			i = scan.resumeAt;
+			continue;
+		}
+		if (c === "/" && next === "/") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (c === "/" && next === "*") {
+			const strStart = i;
+			i += 2;
+			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+			if (i < len - 1) i += 2;
+			mask(strStart, i);
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+const consumeQuotedString = (content, start, quote) => {
+	const len = content.length;
+	let i = start + 1;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === quote) return i + 1;
+		if (c === "\n") return i;
+		i++;
+	}
+	return i;
+};
+const consumeTemplateString = (content, start) => {
+	const len = content.length;
+	let i = start;
+	while (i < len) {
+		const c = content[i];
+		if (c === "\\" && i + 1 < len) {
+			i += 2;
+			continue;
+		}
+		if (c === "`") return {
+			maskEnd: i,
+			resumeAt: i + 1,
+			openedInterp: false
+		};
+		if (c === "$" && content[i + 1] === "{") return {
+			maskEnd: i,
+			resumeAt: i + 2,
+			openedInterp: true
+		};
+		i++;
+	}
+	return {
+		maskEnd: i,
+		resumeAt: i,
+		openedInterp: false
+	};
+};
+const maskSimple = (content, family) => {
+	const out = content.split("");
+	const len = content.length;
+	let i = 0;
+	const mask = (start, end) => {
+		for (let k = start; k < end; k++) if (out[k] !== "\n") out[k] = " ";
+	};
+	while (i < len) {
+		const c = content[i];
+		const next = content[i + 1];
+		if (family === "py" && (c === "\"" || c === "'")) {
+			if (content[i + 1] === c && content[i + 2] === c) {
+				const triple = c + c + c;
+				const end = content.indexOf(triple, i + 3);
+				const stop = end === -1 ? len : end + 3;
+				mask(i + 3, stop - 3);
+				i = stop;
+				continue;
+			}
+		}
+		if (c === "\"" || c === "'") {
+			const strStart = i;
+			i = consumeQuotedString(content, i, c);
+			mask(strStart + 1, i - 1);
+			continue;
+		}
+		if ((family === "py" || family === "rb" || family === "php") && c === "#") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "/") {
+			const strStart = i;
+			while (i < len && content[i] !== "\n") i++;
+			mask(strStart, i);
+			continue;
+		}
+		if (family === "php" && c === "/" && next === "*") {
+			const strStart = i;
+			i += 2;
+			while (i < len - 1 && !(content[i] === "*" && content[i + 1] === "/")) i++;
+			if (i < len - 1) i += 2;
+			mask(strStart, i);
+			continue;
+		}
+		i++;
+	}
+	return out.join("");
+};
+
 //#endregion
 //#region src/engines/security/risky.ts
 const ev = "eval";
@@ -3710,12 +3970,13 @@ const detectRiskyConstructs = async (context) => {
 		const relativePath = path.relative(context.rootDirectory, filePath);
 		const normalizedPath = relativePath.split(path.sep).join("/");
 		const isMigrationOrSeeder = /(?:^|\/)(migrations|seeders|seeds|migrate)\//.test(normalizedPath);
+		const masked = maskStringsAndComments(content, ext);
 		for (const { pattern, extensions, name, message, help } of RISKY_PATTERNS) {
 			if (!extensions.includes(ext)) continue;
 			if (isMigrationOrSeeder && name === "sql-injection") continue;
 			const regex = new RegExp(pattern.source, pattern.flags);
 			let match;
-			while ((match = regex.exec(content)) !== null) {
+			while ((match = regex.exec(masked)) !== null) {
 				const line = content.slice(0, match.index).split("\n").length;
 				if (name === "innerhtml") {
 					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
@@ -4438,7 +4699,7 @@ const discoverProject = async (directory) => {
 //#region src/utils/git.ts
 const MAX_BUFFER = 50 * 1024 * 1024;
 const getChangedFiles = (cwd, base) => {
-	const result = spawnSync("git", [
+	const diff = spawnSync("git", [
 		"diff",
 		"--name-only",
 		"--diff-filter=ACMR",
@@ -4448,8 +4709,22 @@ const getChangedFiles = (cwd, base) => {
 		encoding: "utf-8",
 		maxBuffer: MAX_BUFFER
 	});
-	if (result.error || result.status !== 0) return [];
-	return result.stdout.split("\n").filter((f) => f.length > 0).map((f) => path.resolve(cwd, f));
+	if (diff.error || diff.status !== 0) return [];
+	const untracked = spawnSync("git", [
+		"ls-files",
+		"--others",
+		"--exclude-standard"
+	], {
+		cwd,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER
+	});
+	const names = /* @__PURE__ */ new Set();
+	for (const line of diff.stdout.split("\n")) if (line.length > 0) names.add(line);
+	if (!untracked.error && untracked.status === 0) {
+		for (const line of untracked.stdout.split("\n")) if (line.length > 0) names.add(line);
+	}
+	return Array.from(names).map((f) => path.resolve(cwd, f));
 };
 const getStagedFiles = (cwd) => {
 	const result = spawnSync("git", [
@@ -4472,7 +4747,7 @@ const getStagedFiles = (cwd) => {
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.5.0";
+const APP_VERSION = "0.6.0";
 
 //#endregion
 //#region src/utils/telemetry.ts
@@ -6071,42 +6346,46 @@ const runExpoDoctor = async (context) => {
 
 //#endregion
 //#region src/commands/fix-force.ts
-const getJsAuditFixCommand = (rootDirectory) => {
-	if (fs.existsSync(path.join(rootDirectory, "pnpm-lock.yaml"))) return {
-		command: "pnpm",
-		args: ["audit", "--fix"]
-	};
-	if (fs.existsSync(path.join(rootDirectory, "package-lock.json")) || fs.existsSync(path.join(rootDirectory, "package.json"))) return {
-		command: "npm",
-		args: ["audit", "fix"]
-	};
+const INSTALL_TIMEOUT = 1800 * 1e3;
+const AUDIT_TIMEOUT = 60 * 1e3;
+const detectPackageManager = (rootDirectory) => {
+	if (fs.existsSync(path.join(rootDirectory, "pnpm-lock.yaml"))) return "pnpm";
+	if (fs.existsSync(path.join(rootDirectory, "package-lock.json")) || fs.existsSync(path.join(rootDirectory, "package.json"))) return "npm";
 	return null;
 };
-const INSTALL_TIMEOUT = 1800 * 1e3;
 const fixDependencyAudit = async (context, onProgress) => {
-	const auditFix = getJsAuditFixCommand(context.rootDirectory);
-	if (!auditFix) return;
-	onProgress?.(`Dependency audit fixes · running ${auditFix.command} audit fix (can take a few minutes)`);
-	const result = await runSubprocess(auditFix.command, auditFix.args, {
-		cwd: context.rootDirectory,
+	const pm = detectPackageManager(context.rootDirectory);
+	if (!pm) return;
+	if (pm === "npm") {
+		await runNpmAuditFix(context.rootDirectory, onProgress);
+		await tryNpmOverrides(context.rootDirectory, onProgress);
+		return;
+	}
+	if (await tryPnpmOverrides(context.rootDirectory, onProgress)) return;
+	if (fs.existsSync(path.join(context.rootDirectory, "package-lock.json"))) {
+		await runNpmAuditFix(context.rootDirectory, onProgress);
+		await tryNpmOverrides(context.rootDirectory, onProgress);
+		return;
+	}
+	onProgress?.("Dependency audit fixes · skipping (pnpm audit unavailable and no package-lock.json for npm fallback)");
+};
+const runNpmAuditFix = async (rootDir, onProgress) => {
+	onProgress?.("Dependency audit fixes · running npm audit fix (can take a few minutes)");
+	const result = await runSubprocess("npm", ["audit", "fix"], {
+		cwd: rootDir,
 		timeout: INSTALL_TIMEOUT
 	});
-	if (result.exitCode !== 0 && !result.stdout && !result.stderr) throw new Error(`${auditFix.command} audit fix failed`);
-	onProgress?.(`Dependency audit fixes · running ${auditFix.command} install`);
-	const installResult = await runSubprocess(auditFix.command, ["install"], {
-		cwd: context.rootDirectory,
+	if (result.exitCode !== 0 && !result.stdout && !result.stderr) throw new Error("npm audit fix failed");
+	onProgress?.("Dependency audit fixes · running npm install");
+	const installResult = await runSubprocess("npm", ["install"], {
+		cwd: rootDir,
 		timeout: INSTALL_TIMEOUT
 	});
-	if (installResult.exitCode !== 0) throw new Error(installResult.stderr || installResult.stdout || `${auditFix.command} install failed after audit fix`);
-	if (auditFix.command === "npm") await tryNpmOverrides(context.rootDirectory, onProgress);
+	if (installResult.exitCode !== 0) throw new Error(installResult.stderr || installResult.stdout || "npm install failed after audit fix");
 };
-/**
-* For unresolvable transitive vulnerabilities, attempt to add npm overrides
-* in package.json. This forces a newer version of the vulnerable transitive dep.
-*/
-const fetchLatestVersion = async (rootDir, pkgName) => {
+const fetchLatestVersion = async (rootDir, pkgName, pm) => {
 	try {
-		const result = await runSubprocess("npm", [
+		const result = await runSubprocess(pm, [
 			"view",
 			pkgName,
 			"version",
@@ -6120,11 +6399,11 @@ const fetchLatestVersion = async (rootDir, pkgName) => {
 		return null;
 	}
 };
-const collectOverrides = async (rootDir, vulnerabilities) => {
+const collectOverrides = async (rootDir, vulnerabilities, pm) => {
 	const overrides = {};
 	for (const [pkgName, vuln] of Object.entries(vulnerabilities)) {
 		if (vuln.fixAvailable !== false || !vuln.range) continue;
-		const latest = await fetchLatestVersion(rootDir, pkgName);
+		const latest = await fetchLatestVersion(rootDir, pkgName, pm);
 		if (latest) overrides[pkgName] = latest;
 	}
 	return overrides;
@@ -6133,12 +6412,12 @@ const tryNpmOverrides = async (rootDir, onProgress) => {
 	try {
 		const auditResult = await runSubprocess("npm", ["audit", "--json"], {
 			cwd: rootDir,
-			timeout: 3e4
+			timeout: AUDIT_TIMEOUT
 		});
 		if (!auditResult.stdout) return;
 		const vulnerabilities = JSON.parse(auditResult.stdout).vulnerabilities;
 		if (!vulnerabilities) return;
-		const overrides = await collectOverrides(rootDir, vulnerabilities);
+		const overrides = await collectOverrides(rootDir, vulnerabilities, "npm");
 		if (Object.keys(overrides).length === 0) return;
 		const pkgPath = path.join(rootDir, "package.json");
 		const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
@@ -6146,7 +6425,7 @@ const tryNpmOverrides = async (rootDir, onProgress) => {
 			...pkg.overrides || {},
 			...overrides
 		};
-		fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
+		fs.writeFileSync(pkgPath, `${JSON.stringify(pkg, null, 2)}\n`);
 		onProgress?.("Dependency audit fixes · applying npm overrides (npm install)");
 		await runSubprocess("npm", ["install"], {
 			cwd: rootDir,
@@ -6154,6 +6433,70 @@ const tryNpmOverrides = async (rootDir, onProgress) => {
 		});
 	} catch {}
 };
+const patchedRangeToVersion = (patched) => {
+	const match = patched.match(/^\s*>=?\s*([0-9]+\.[0-9]+\.[0-9]+[^\s]*)/);
+	return match ? `^${match[1]}` : null;
+};
+const overrideKey = (name, vulnerable, patched) => {
+	if (vulnerable && vulnerable.trim().length > 0 && !/^\*$/.test(vulnerable.trim())) return `${name}@${vulnerable.trim()}`;
+	const first = patched.match(/([0-9]+\.[0-9]+\.[0-9]+)/)?.[1];
+	return first ? `${name}@<${first}` : name;
+};
+const collectPnpmOverrides = (advisories) => {
+	const overrides = {};
+	for (const adv of Object.values(advisories)) {
+		if (!adv.module_name || !adv.patched_versions) continue;
+		const target = patchedRangeToVersion(adv.patched_versions);
+		if (!target) continue;
+		const key = overrideKey(adv.module_name, adv.vulnerable_versions, adv.patched_versions);
+		overrides[key] = target;
+	}
+	return overrides;
+};
+const isPnpmAuditRetired = (stdout, stderr) => {
+	const haystack = `${stdout}\n${stderr}`.toLowerCase();
+	return haystack.includes("410") || haystack.includes("gone") || haystack.includes("retired") || haystack.includes("endpoint") || haystack.includes("err_pnpm_audit") || haystack.includes("audit endpoint");
+};
+const tryPnpmOverrides = async (rootDir, onProgress) => {
+	onProgress?.("Dependency audit fixes · running pnpm audit");
+	const auditResult = await runSubprocess("pnpm", ["audit", "--json"], {
+		cwd: rootDir,
+		timeout: AUDIT_TIMEOUT
+	});
+	if (!auditResult.stdout) {
+		if (isPnpmAuditRetired(auditResult.stdout ?? "", auditResult.stderr ?? "")) return false;
+		return auditResult.exitCode === 0;
+	}
+	let parsed;
+	try {
+		parsed = JSON.parse(auditResult.stdout);
+	} catch {
+		if (auditResult.exitCode !== 0 || isPnpmAuditRetired(auditResult.stdout, auditResult.stderr ?? "")) return false;
+		return true;
+	}
+	const advisories = parsed.advisories;
+	if (!advisories || Object.keys(advisories).length === 0) return true;
+	const overrides = collectPnpmOverrides(advisories);
+	if (Object.keys(overrides).length === 0) return true;
+	const pkgPath = path.join(rootDir, "package.json");
+	const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+	const pnpmBlock = pkg.pnpm ?? {};
+	const existing = pnpmBlock.overrides ?? {};
+	pkg.pnpm = {
+		...pnpmBlock,
+		overrides: {
+			...existing,
+			...overrides
+		}
+	};
+	fs.writeFileSync(pkgPath, `${JSON.stringify(pkg, null, 2)}\n`);
+	onProgress?.("Dependency audit fixes · applying pnpm overrides (pnpm install)");
+	await runSubprocess("pnpm", ["install"], {
+		cwd: rootDir,
+		timeout: INSTALL_TIMEOUT
+	});
+	return true;
+};
 const fixExpoDependencies = async (context, onProgress) => {
 	await removeDisallowedExpoPackages(context.rootDirectory, onProgress);
 	onProgress?.("Expo dependency alignment · running expo install --fix (can take a few minutes)");
@@ -6268,8 +6611,9 @@ const runFormattingStep = async (deps) => {
 const runForceSteps = async (deps) => {
 	if (!deps.force) return;
 	if (deps.config.engines["code-quality"] && hasJsOrTs(deps.projectInfo)) await deps.runStep("Remove unused files", () => runKnipUnusedFiles(deps.resolvedDir), () => fixUnusedFiles(deps.resolvedDir));
-	if (deps.config.engines.security) await deps.runStep("Dependency audit fixes", () => runDependencyAudit(deps.context), () => fixDependencyAudit(deps.context, deps.rail.setActiveLabel));
-	if (deps.projectInfo.frameworks.includes("expo")) await deps.runStep("Expo dependency alignment", () => runExpoDoctor(deps.context), () => fixExpoDependencies(deps.context, deps.rail.setActiveLabel));
+	const railUpdate = (label) => deps.rail.setActiveLabel(label);
+	if (deps.config.engines.security) await deps.runStep("Dependency audit fixes", () => runDependencyAudit(deps.context), () => fixDependencyAudit(deps.context, railUpdate));
+	if (deps.projectInfo.frameworks.includes("expo")) await deps.runStep("Expo dependency alignment", () => runExpoDoctor(deps.context), () => fixExpoDependencies(deps.context, railUpdate));
 };
 
 //#endregion
@@ -6433,6 +6777,1244 @@ const fixCommand = async (directory, config, options = {
 	}
 };
 
+//#endregion
+//#region src/hooks/feedback.ts
+const MAX_FINDINGS = 20;
+const toFinding = (d, rootDirectory) => {
+	if (d.severity !== "error" && d.severity !== "warning") return null;
+	const file = path.isAbsolute(d.filePath) ? path.relative(rootDirectory, d.filePath) : d.filePath;
+	return {
+		ruleId: d.rule,
+		severity: d.severity,
+		category: d.category,
+		file,
+		line: d.line,
+		col: d.column || void 0,
+		message: d.message
+	};
+};
+const buildNextSteps = (findings) => {
+	const steps = [];
+	const errorCount = findings.filter((f) => f.severity === "error").length;
+	if (errorCount > 0) steps.push(`Fix ${errorCount} error${errorCount === 1 ? "" : "s"} before the next turn.`);
+	const byFile = /* @__PURE__ */ new Map();
+	for (const f of findings) {
+		const list = byFile.get(f.file) ?? [];
+		list.push(f);
+		byFile.set(f.file, list);
+	}
+	for (const [file, list] of Array.from(byFile.entries()).slice(0, 3)) {
+		const lines = list.map((f) => f.line).slice(0, 3).join(", ");
+		steps.push(`Address ${list.length} finding${list.length === 1 ? "" : "s"} in ${file} (line${list.length === 1 ? "" : "s"} ${lines}).`);
+	}
+	return steps;
+};
+const buildFeedback = (diagnostics, score, rootDirectory, baseline) => {
+	const all = diagnostics.map((d) => toFinding(d, rootDirectory)).filter((x) => x !== null);
+	const capped = all.slice(0, MAX_FINDINGS);
+	const elided = all.length > MAX_FINDINGS ? all.length - MAX_FINDINGS : void 0;
+	const counts = {
+		error: diagnostics.filter((d) => d.severity === "error").length,
+		warning: diagnostics.filter((d) => d.severity === "warning").length,
+		fixable: diagnostics.filter((d) => d.fixable).length,
+		total: all.length
+	};
+	return {
+		schema: "aislop.hook.v1",
+		score,
+		baseline,
+		regressed: typeof baseline === "number" ? score < baseline : false,
+		counts,
+		findings: capped,
+		elided,
+		nextSteps: buildNextSteps(capped)
+	};
+};
+
+//#endregion
+//#region src/hooks/io/scan-lock.ts
+const LOCK_DIR = ".aislop";
+const LOCK_FILE = "hook.lock";
+const STALE_MS = 3e4;
+const lockPath = (cwd) => path.join(cwd, LOCK_DIR, LOCK_FILE);
+const readLock = (target) => {
+	try {
+		const raw = fs.readFileSync(target, "utf-8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.pid !== "number" || typeof parsed.ts !== "number") return null;
+		return parsed;
+	} catch {
+		return null;
+	}
+};
+const acquireHookLock = (cwd) => {
+	const target = lockPath(cwd);
+	const existing = readLock(target);
+	if (existing && Date.now() - existing.ts < STALE_MS) return null;
+	try {
+		fs.mkdirSync(path.dirname(target), { recursive: true });
+		fs.writeFileSync(target, JSON.stringify({
+			pid: process.pid,
+			ts: Date.now()
+		}));
+	} catch {
+		return null;
+	}
+	return () => {
+		try {
+			if (readLock(target)?.pid === process.pid) fs.unlinkSync(target);
+		} catch {}
+	};
+};
+
+//#endregion
+//#region src/hooks/io/scoped-scan.ts
+const existingAbsolutePaths = (cwd, files) => files.map((f) => path.isAbsolute(f) ? f : path.join(cwd, f)).filter((p) => {
+	try {
+		return fs.statSync(p).isFile();
+	} catch {
+		return false;
+	}
+});
+const resolveHookFiles = (cwd, files) => {
+	const direct = existingAbsolutePaths(cwd, files);
+	if (direct.length > 0) return direct;
+	return existingAbsolutePaths(cwd, getChangedFiles(cwd));
+};
+const runScopedScan = async (cwd, filePaths) => {
+	const project = await discoverProject(cwd);
+	const config = loadConfig(cwd);
+	const configDir = findConfigDir(project.rootDirectory);
+	const rulesPath = configDir ? path.join(configDir, RULES_FILE) : void 0;
+	const diagnostics = (await runEngines({
+		rootDirectory: project.rootDirectory,
+		languages: project.languages,
+		frameworks: project.frameworks,
+		files: filterProjectFiles(project.rootDirectory, filePaths),
+		installedTools: project.installedTools,
+		config: {
+			quality: config.quality,
+			security: {
+				audit: false,
+				auditTimeout: 0
+			},
+			architectureRulesPath: config.engines.architecture ? rulesPath : void 0
+		}
+	}, {
+		format: config.engines.format,
+		lint: config.engines.lint,
+		"code-quality": config.engines["code-quality"],
+		"ai-slop": config.engines["ai-slop"],
+		architecture: config.engines.architecture,
+		security: false
+	})).flatMap((r) => r.diagnostics);
+	const { score } = calculateScore(diagnostics, config.scoring.weights, config.scoring.thresholds, project.sourceFileCount, config.scoring.smoothing);
+	return {
+		diagnostics,
+		score,
+		rootDirectory: project.rootDirectory
+	};
+};
+
+//#endregion
+//#region src/hooks/io/atomic-write.ts
+const atomicWrite = (targetPath, content) => {
+	const dir = path.dirname(targetPath);
+	fs.mkdirSync(dir, { recursive: true });
+	const rand = Math.random().toString(36).slice(2, 10);
+	const tmp = path.join(dir, `.aislop-tmp-${process.pid}-${rand}`);
+	fs.writeFileSync(tmp, content, "utf-8");
+	fs.renameSync(tmp, targetPath);
+};
+const readIfExists = (targetPath) => {
+	try {
+		return fs.readFileSync(targetPath, "utf-8");
+	} catch {
+		return null;
+	}
+};
+
+//#endregion
+//#region src/hooks/quality-gate/baseline.ts
+const BASELINE_REL = path.join(".aislop", "baseline.json");
+const baselinePath = (cwd) => path.join(cwd, BASELINE_REL);
+const readBaseline = (cwd) => {
+	const raw = readIfExists(baselinePath(cwd));
+	if (!raw) return null;
+	try {
+		const parsed = JSON.parse(raw);
+		if (parsed.schema !== "aislop.baseline.v1") return null;
+		return parsed;
+	} catch {
+		return null;
+	}
+};
+const writeBaseline = (cwd, baseline) => {
+	const target = baselinePath(cwd);
+	atomicWrite(target, `${JSON.stringify(baseline, null, 2)}\n`);
+	return target;
+};
+const captureBaseline = async (cwd) => {
+	const project = await discoverProject(cwd);
+	const config = loadConfig(cwd);
+	const results = await runEngines({
+		rootDirectory: project.rootDirectory,
+		languages: project.languages,
+		frameworks: project.frameworks,
+		files: [],
+		installedTools: project.installedTools,
+		config: {
+			quality: config.quality,
+			security: {
+				audit: false,
+				auditTimeout: 0
+			}
+		}
+	}, {
+		format: config.engines.format,
+		lint: config.engines.lint,
+		"code-quality": config.engines["code-quality"],
+		"ai-slop": config.engines["ai-slop"],
+		architecture: config.engines.architecture,
+		security: false
+	});
+	const diagnostics = results.flatMap((r) => r.diagnostics);
+	const { score } = calculateScore(diagnostics, config.scoring.weights, config.scoring.thresholds, project.sourceFileCount, config.scoring.smoothing);
+	const byEngine = {};
+	for (const r of results) {
+		const { score: engineScore } = calculateScore(diagnostics.filter((d) => r.diagnostics.includes(d)), config.scoring.weights, config.scoring.thresholds, project.sourceFileCount, config.scoring.smoothing);
+		byEngine[r.engine] = engineScore;
+	}
+	const target = writeBaseline(cwd, {
+		schema: "aislop.baseline.v1",
+		updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		score,
+		byEngine,
+		fileCount: project.sourceFileCount
+	});
+	return {
+		score,
+		fileCount: project.sourceFileCount,
+		path: target
+	};
+};
+const appendSessionFiles = (cwd, files) => {
+	if (files.length === 0) return;
+	const target = path.join(cwd, ".aislop", "session.jsonl");
+	try {
+		fs.mkdirSync(path.dirname(target), { recursive: true });
+		const line = `${JSON.stringify({
+			ts: Date.now(),
+			files
+		})}\n`;
+		fs.appendFileSync(target, line);
+	} catch {}
+};
+const readSessionFiles = (cwd) => {
+	const raw = readIfExists(path.join(cwd, ".aislop", "session.jsonl"));
+	if (!raw) return [];
+	const files = /* @__PURE__ */ new Set();
+	for (const line of raw.split("\n")) {
+		if (!line.trim()) continue;
+		try {
+			const entry = JSON.parse(line);
+			for (const f of entry.files ?? []) files.add(f);
+		} catch {}
+	}
+	return Array.from(files);
+};
+const clearSessionFiles = (cwd) => {
+	const target = path.join(cwd, ".aislop", "session.jsonl");
+	try {
+		fs.unlinkSync(target);
+	} catch {}
+};
+
+//#endregion
+//#region src/hooks/adapters/claude.ts
+const extractFiles$2 = (stdin) => {
+	const files = /* @__PURE__ */ new Set();
+	const input = stdin.tool_input ?? {};
+	if (typeof input.file_path === "string" && input.file_path.length > 0) files.add(input.file_path);
+	if (Array.isArray(input.edits)) {
+		for (const e of input.edits) if (e && typeof e.file_path === "string" && e.file_path.length > 0) files.add(e.file_path);
+	}
+	return Array.from(files);
+};
+const parseClaudeStdin = (raw) => {
+	if (!raw.trim()) return {};
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return {};
+	}
+};
+const readStdin$2 = async () => {
+	if (process.stdin.isTTY) return "";
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(chunk);
+	return Buffer.concat(chunks).toString("utf-8");
+};
+const renderClaudeOutput = (additional, block) => {
+	const out = { hookSpecificOutput: {
+		hookEventName: "PostToolUse",
+		additionalContext: additional
+	} };
+	if (block) {
+		out.decision = "block";
+		out.reason = block.reason;
+	}
+	return out;
+};
+const runClaudeHook = async (deps = {}) => {
+	const getStdin = deps.stdin ?? readStdin$2;
+	const write = deps.write ?? ((s) => process.stdout.write(s));
+	const input = parseClaudeStdin(await getStdin());
+	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
+	const files = resolveHookFiles(cwd, extractFiles$2(input));
+	if (files.length === 0) return 0;
+	const release = acquireHookLock(cwd);
+	if (!release) return 0;
+	try {
+		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
+		const baseline = readBaseline(cwd);
+		appendSessionFiles(cwd, files);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory, baseline?.score);
+		const envelope = renderClaudeOutput(JSON.stringify(feedback));
+		write(JSON.stringify(envelope));
+		return 0;
+	} catch {
+		return 0;
+	} finally {
+		release();
+	}
+};
+const parseClaudeStopStdin = (raw) => {
+	if (!raw.trim()) return {};
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return {};
+	}
+};
+const runClaudeStopHook = async (deps = {}) => {
+	const getStdin = deps.stdin ?? readStdin$2;
+	const write = deps.write ?? ((s) => process.stdout.write(s));
+	const input = parseClaudeStopStdin(await getStdin());
+	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
+	if (input.stop_hook_active) return 0;
+	const baseline = readBaseline(cwd);
+	if (!baseline) return 0;
+	const sessionFiles = readSessionFiles(cwd);
+	if (sessionFiles.length === 0) return 0;
+	const release = acquireHookLock(cwd);
+	if (!release) return 0;
+	try {
+		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, sessionFiles);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory, baseline.score);
+		if (!feedback.regressed) {
+			clearSessionFiles(cwd);
+			return 0;
+		}
+		const envelope = renderClaudeOutput(JSON.stringify(feedback), { reason: `aislop: score dropped from ${baseline.score} to ${score}. Fix the ${feedback.counts.total} finding${feedback.counts.total === 1 ? "" : "s"} before finishing.` });
+		write(JSON.stringify(envelope));
+		return 0;
+	} catch {
+		return 0;
+	} finally {
+		release();
+	}
+};
+
+//#endregion
+//#region src/hooks/adapters/cursor.ts
+const extractFiles$1 = (stdin) => {
+	const files = /* @__PURE__ */ new Set();
+	if (typeof stdin.file_path === "string" && stdin.file_path.length > 0) files.add(stdin.file_path);
+	if (Array.isArray(stdin.edits)) {
+		for (const e of stdin.edits) if (e && typeof e.file_path === "string" && e.file_path.length > 0) files.add(e.file_path);
+	}
+	const input = stdin.tool_input ?? {};
+	if (typeof input.file_path === "string" && input.file_path.length > 0) files.add(input.file_path);
+	if (Array.isArray(input.edits)) {
+		for (const e of input.edits) if (e && typeof e.file_path === "string" && e.file_path.length > 0) files.add(e.file_path);
+	}
+	return Array.from(files);
+};
+const parseCursorStdin = (raw) => {
+	if (!raw.trim()) return {};
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return {};
+	}
+};
+const renderCursorOutput = (additional, event = "afterFileEdit") => ({ hookSpecificOutput: {
+	hookEventName: event,
+	additionalContext: additional
+} });
+const readStdin$1 = async () => {
+	if (process.stdin.isTTY) return "";
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(chunk);
+	return Buffer.concat(chunks).toString("utf-8");
+};
+const runCursorHook = async (deps = {}) => {
+	const getStdin = deps.stdin ?? readStdin$1;
+	const write = deps.write ?? ((s) => process.stdout.write(s));
+	const writeErr = deps.writeErr ?? ((s) => process.stderr.write(s));
+	const input = parseCursorStdin(await getStdin());
+	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
+	const files = resolveHookFiles(cwd, extractFiles$1(input));
+	if (files.length === 0) return 0;
+	const release = acquireHookLock(cwd);
+	if (!release) return 0;
+	try {
+		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory);
+		const serialized = JSON.stringify(feedback);
+		write(JSON.stringify(renderCursorOutput(serialized)));
+		writeErr(`${serialized}\n`);
+		return 0;
+	} catch {
+		return 0;
+	} finally {
+		release();
+	}
+};
+
+//#endregion
+//#region src/hooks/adapters/gemini.ts
+const extractFiles = (stdin) => {
+	const files = /* @__PURE__ */ new Set();
+	const input = stdin.tool_input ?? {};
+	if (typeof input.file_path === "string" && input.file_path.length > 0) files.add(input.file_path);
+	if (typeof input.path === "string" && input.path.length > 0) files.add(input.path);
+	return Array.from(files);
+};
+const parseGeminiStdin = (raw) => {
+	if (!raw.trim()) return {};
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return {};
+	}
+};
+const renderGeminiOutput = (additional) => ({ hookSpecificOutput: {
+	hookEventName: "AfterTool",
+	additionalContext: additional
+} });
+const readStdin = async () => {
+	if (process.stdin.isTTY) return "";
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(chunk);
+	return Buffer.concat(chunks).toString("utf-8");
+};
+const runGeminiHook = async (deps = {}) => {
+	const getStdin = deps.stdin ?? readStdin;
+	const write = deps.write ?? ((s) => process.stdout.write(s));
+	const input = parseGeminiStdin(await getStdin());
+	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
+	const files = resolveHookFiles(cwd, extractFiles(input));
+	if (files.length === 0) return 0;
+	const release = acquireHookLock(cwd);
+	if (!release) return 0;
+	try {
+		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory);
+		write(JSON.stringify(renderGeminiOutput(JSON.stringify(feedback))));
+		return 0;
+	} catch {
+		return 0;
+	} finally {
+		release();
+	}
+};
+
+//#endregion
+//#region src/hooks/assets.ts
+const AISLOP_MD_BODY = `# aislop — agent instructions
+
+[aislop](https://github.com/scanaislop/aislop) is your guardrail for shipping clean, maintainable, production-grade code. It catches the patterns AI coding tools leave behind: dead imports, redundant code, duplicate logic, unsafe any-typed casts, narrative comments, swallowed errors, oversized functions, risky security constructs — and grades the project out of 100 so regressions are visible. Treat its findings as blocking, not advisory: the goal is code a human maintainer would happily inherit.
+
+## On every edit
+
+A PostToolUse hook runs \`aislop hook claude\` after every Edit, Write, or MultiEdit. It scans the touched files and returns findings as JSON \`additionalContext\` shaped like \`AislopFeedback\` (schema \`aislop.hook.v1\`). Act on them the same turn.
+
+## Severity ladder
+
+- \`error\` — MUST fix this turn.
+- \`warning\` + \`fixable: true\` — MUST fix this turn.
+- \`warning\` + \`fixable: false\` — fix if trivially mechanical, otherwise surface in your reply.
+
+## Rules
+
+- \`.aislop/config.yaml\` — thresholds and engine toggles. Treat as authoritative; don't edit without user consent.
+- \`.aislop/rules.yaml\` — project-specific architecture rules (may be absent). When a finding cites \`architecture/*\`, open this file and follow it.
+- Custom rules can change between sessions. Trust what the scan returns, not a cached understanding of what the rules are.
+
+## Principles
+
+- Do not disable rules to pass the scan. Fix the underlying issue.
+- If a finding is a false positive, leave it and explain in your reply — do not delete the rule config.
+- The findings payload includes \`nextSteps[]\` — treat those as your plan for the turn.
+`;
+
+//#endregion
+//#region src/hooks/io/sentinel.ts
+const sentinelHash = (content) => `sha256:${crypto.createHash("sha256").update(content).digest("hex").slice(0, 32)}`;
+const BEGIN_RE = /<!--\s*aislop:begin\s+v(\d+)(?:\s+hash=([^\s>]+))?\s*-->/;
+const END_RE = /<!--\s*aislop:end\s+v\d+\s*-->/;
+const renderFence = (body, hash) => [
+	`<!-- aislop:begin v1 hash=${hash} -->`,
+	body.trimEnd(),
+	"<!-- aislop:end v1 -->"
+].join("\n");
+const upsertMarkdownFence = (existing, body, hash) => {
+	const fenced = renderFence(body, hash);
+	if (existing == null || existing.length === 0) return {
+		nextContent: `${fenced}\n`,
+		replaced: false
+	};
+	const begin = existing.match(BEGIN_RE);
+	const end = existing.match(END_RE);
+	if (begin && end && (end.index ?? 0) > (begin.index ?? 0)) return {
+		nextContent: `${existing.slice(0, begin.index)}${fenced}${existing.slice((end.index ?? 0) + end[0].length)}`,
+		replaced: true
+	};
+	return {
+		nextContent: `${existing}${existing.endsWith("\n") ? "" : "\n"}\n${fenced}\n`,
+		replaced: false
+	};
+};
+
+//#endregion
+//#region src/hooks/install/types.ts
+const emptyResult = () => ({
+	wrote: [],
+	skipped: [],
+	planned: []
+});
+const applyContent = (result, opts, target, nextContent, summary) => {
+	if (readIfExists(target) === nextContent) {
+		result.skipped.push(target);
+		return;
+	}
+	if (opts.dryRun) {
+		result.planned.push({
+			path: target,
+			summary
+		});
+		return;
+	}
+	atomicWrite(target, nextContent);
+	result.wrote.push(target);
+};
+const applyRemoval = (result, opts, target, nextContent) => {
+	const existing = readIfExists(target);
+	if (existing == null) {
+		result.skipped.push(target);
+		return;
+	}
+	if (existing === (nextContent ?? "")) {
+		result.skipped.push(target);
+		return;
+	}
+	if (opts.dryRun) {
+		result.removed.push(target);
+		return;
+	}
+	if (nextContent == null) try {
+		fs.unlinkSync(target);
+	} catch {}
+	else atomicWrite(target, nextContent);
+	result.removed.push(target);
+};
+
+//#endregion
+//#region src/hooks/install/rules-only.ts
+const installRulesOnly = (opts, paths, summary) => {
+	const result = emptyResult();
+	const next = upsertMarkdownFence(readIfExists(paths.rules), AISLOP_MD_BODY, sentinelHash(AISLOP_MD_BODY)).nextContent;
+	applyContent(result, opts, paths.rules, next, summary);
+	if (paths.host && paths.marker) {
+		const host = readIfExists(paths.host) ?? "";
+		if (!host.includes(paths.marker)) {
+			const joiner = host.endsWith("\n") || host.length === 0 ? "" : "\n";
+			const prefix = host.length === 0 ? "" : `${host}${joiner}\n`;
+			applyContent(result, opts, paths.host, `${prefix}${paths.marker}\n`, `append ${paths.marker} reference`);
+		} else result.skipped.push(paths.host);
+	}
+	return result;
+};
+const uninstallRulesOnly = (opts, paths) => {
+	const result = {
+		removed: [],
+		skipped: []
+	};
+	if (readIfExists(paths.rules) != null) applyRemoval(result, opts, paths.rules, null);
+	else result.skipped.push(paths.rules);
+	if (paths.host && paths.marker) {
+		const host = readIfExists(paths.host);
+		if (host != null && host.includes(paths.marker)) {
+			const stripped = host.split("\n").filter((l) => l.trim() !== paths.marker).join("\n").replace(/\n{3,}/g, "\n\n").trim();
+			applyRemoval(result, opts, paths.host, stripped.length === 0 ? null : `${stripped}\n`);
+		} else result.skipped.push(paths.host);
+	}
+	return result;
+};
+
+//#endregion
+//#region src/hooks/install/antigravity.ts
+const resolveAntigravityPaths = (opts) => ({ rules: path.join(opts.cwd, ".agents", "rules", "antigravity-aislop-rules.md") });
+const installAntigravity = (opts) => {
+	if (opts.scope !== "project") return {
+		wrote: [],
+		skipped: [],
+		planned: [{
+			path: ".agents/rules/antigravity-aislop-rules.md",
+			summary: "Antigravity is project-scope only; pass --project"
+		}]
+	};
+	return installRulesOnly(opts, resolveAntigravityPaths(opts), "write .agents/rules/antigravity-aislop-rules.md");
+};
+const uninstallAntigravity = (opts) => {
+	if (opts.scope !== "project") return {
+		removed: [],
+		skipped: []
+	};
+	return uninstallRulesOnly(opts, resolveAntigravityPaths(opts));
+};
+
+//#endregion
+//#region src/hooks/io/json-patch.ts
+const AISLOP_SENTINEL_KEY = "__aislop";
+const isAislopManaged = (x) => typeof x === "object" && x !== null && AISLOP_SENTINEL_KEY in x && x[AISLOP_SENTINEL_KEY] != null;
+const groupIsAislop = (group) => {
+	if (typeof group !== "object" || group === null) return false;
+	const hooks = group.hooks;
+	if (!Array.isArray(hooks)) return false;
+	return hooks.some((h) => isAislopManaged(h));
+};
+const upsertHookGroup = (config, event, group) => {
+	const next = { ...config };
+	const hooks = next.hooks && typeof next.hooks === "object" ? next.hooks : {};
+	const cleaned = (Array.isArray(hooks[event]) ? hooks[event] : []).filter((g) => !groupIsAislop(g));
+	next.hooks = {
+		...hooks,
+		[event]: [...cleaned, group]
+	};
+	return next;
+};
+const upsertFlatHook = (config, event, entry) => {
+	const next = { ...config };
+	const hooks = next.hooks && typeof next.hooks === "object" ? next.hooks : {};
+	const cleaned = (Array.isArray(hooks[event]) ? hooks[event] : []).filter((e) => !isAislopManaged(e));
+	next.hooks = {
+		...hooks,
+		[event]: [...cleaned, entry]
+	};
+	return next;
+};
+const removeAislopEntries = (config, event) => {
+	const next = { ...config };
+	const hooks = next.hooks && typeof next.hooks === "object" ? next.hooks : {};
+	const existing = Array.isArray(hooks[event]) ? hooks[event] : [];
+	const cleaned = existing.filter((e) => !isAislopManaged(e) && !groupIsAislop(e));
+	const removed = existing.length - cleaned.length;
+	const nextHooks = { ...hooks };
+	if (cleaned.length === 0) delete nextHooks[event];
+	else nextHooks[event] = cleaned;
+	if (Object.keys(nextHooks).length === 0) delete next.hooks;
+	else next.hooks = nextHooks;
+	return {
+		next,
+		removed
+	};
+};
+
+//#endregion
+//#region src/hooks/install/claude.ts
+const resolveClaudePaths = (opts) => {
+	const root = opts.scope === "project" ? path.join(opts.cwd, ".claude") : path.join(opts.home, ".claude");
+	return {
+		settings: path.join(root, "settings.json"),
+		aislopMd: path.join(root, "AISLOP.md"),
+		claudeMd: path.join(root, "CLAUDE.md")
+	};
+};
+const buildHookGroup$1 = () => {
+	const hashBody = JSON.stringify({
+		command: "aislop hook claude",
+		matcher: "Edit|Write|MultiEdit"
+	});
+	return {
+		matcher: "Edit|Write|MultiEdit",
+		hooks: [{
+			type: "command",
+			command: "aislop hook claude",
+			[AISLOP_SENTINEL_KEY]: {
+				v: 1,
+				managed: true,
+				hash: sentinelHash(hashBody)
+			}
+		}]
+	};
+};
+const buildStopHookGroup = () => {
+	const hashBody = JSON.stringify({ command: "aislop hook claude --stop" });
+	return {
+		matcher: "",
+		hooks: [{
+			type: "command",
+			command: "aislop hook claude --stop",
+			[AISLOP_SENTINEL_KEY]: {
+				v: 1,
+				managed: true,
+				hash: sentinelHash(hashBody)
+			}
+		}]
+	};
+};
+const renderSettings$1 = (existingRaw, qualityGate) => {
+	let obj = {};
+	if (existingRaw) try {
+		obj = JSON.parse(existingRaw);
+	} catch {
+		obj = {};
+	}
+	let next = upsertHookGroup(obj, "PostToolUse", buildHookGroup$1());
+	if (qualityGate) next = upsertHookGroup(next, "Stop", buildStopHookGroup());
+	else next = removeAislopEntries(next, "Stop").next;
+	return `${JSON.stringify(next, null, 2)}\n`;
+};
+const installClaude = (opts) => {
+	const paths = resolveClaudePaths(opts);
+	const result = emptyResult();
+	const nextSettings = renderSettings$1(readIfExists(paths.settings), Boolean(opts.qualityGate));
+	applyContent(result, opts, paths.settings, nextSettings, "register PostToolUse hook");
+	const mdHash = sentinelHash(AISLOP_MD_BODY);
+	const fenced = upsertMarkdownFence(readIfExists(paths.aislopMd), AISLOP_MD_BODY, mdHash);
+	applyContent(result, opts, paths.aislopMd, fenced.nextContent, "write AISLOP.md rules");
+	const existingClaudeMd = readIfExists(paths.claudeMd) ?? "";
+	const marker = "@AISLOP.md";
+	if (!existingClaudeMd.includes(marker)) {
+		const joiner = existingClaudeMd.endsWith("\n") || existingClaudeMd.length === 0 ? "" : "\n";
+		const prefix = existingClaudeMd.length === 0 ? "" : `${existingClaudeMd}${joiner}\n`;
+		applyContent(result, opts, paths.claudeMd, `${prefix}${marker}\n`, "append @AISLOP.md reference");
+	} else result.skipped.push(paths.claudeMd);
+	return result;
+};
+const uninstallClaude = (opts) => {
+	const paths = resolveClaudePaths({
+		...opts,
+		qualityGate: false
+	});
+	const result = {
+		removed: [],
+		skipped: []
+	};
+	const settingsRaw = readIfExists(paths.settings);
+	if (settingsRaw) {
+		let obj = {};
+		try {
+			obj = JSON.parse(settingsRaw);
+		} catch {
+			obj = {};
+		}
+		const stripped = removeAislopEntries(removeAislopEntries(obj, "PostToolUse").next, "Stop").next;
+		const stillHasHooks = stripped.hooks && typeof stripped.hooks === "object" && Object.keys(stripped.hooks).length > 0;
+		const otherKeys = Object.keys(stripped).filter((k) => k !== "hooks");
+		if (!stillHasHooks && otherKeys.length === 0) applyRemoval(result, opts, paths.settings, null);
+		else applyRemoval(result, opts, paths.settings, `${JSON.stringify(stripped, null, 2)}\n`);
+	} else result.skipped.push(paths.settings);
+	if (readIfExists(paths.aislopMd) != null) applyRemoval(result, opts, paths.aislopMd, null);
+	else result.skipped.push(paths.aislopMd);
+	const claudeMd = readIfExists(paths.claudeMd);
+	if (claudeMd != null && claudeMd.includes("@AISLOP.md")) {
+		const stripped = claudeMd.split("\n").filter((line) => line.trim() !== "@AISLOP.md").join("\n").replace(/\n{3,}/g, "\n\n").trim();
+		applyRemoval(result, opts, paths.claudeMd, stripped.length === 0 ? null : `${stripped}\n`);
+	} else result.skipped.push(paths.claudeMd);
+	return result;
+};
+
+//#endregion
+//#region src/hooks/install/cline.ts
+const resolveClinePaths = (opts) => ({ rules: path.join(opts.cwd, ".clinerules") });
+const resolveRooPaths = (opts) => ({ rules: path.join(opts.cwd, ".roo", "rules", "aislop.md") });
+const installCline = (opts) => {
+	if (opts.scope !== "project") return {
+		wrote: [],
+		skipped: [],
+		planned: [{
+			path: ".clinerules",
+			summary: "Cline is project-scope only; pass --project"
+		}]
+	};
+	const cline = installRulesOnly(opts, resolveClinePaths(opts), "write .clinerules");
+	const roo = installRulesOnly(opts, resolveRooPaths(opts), "write .roo/rules/aislop.md");
+	return {
+		wrote: [...cline.wrote, ...roo.wrote],
+		skipped: [...cline.skipped, ...roo.skipped],
+		planned: [...cline.planned, ...roo.planned]
+	};
+};
+const uninstallCline = (opts) => {
+	if (opts.scope !== "project") return {
+		removed: [],
+		skipped: []
+	};
+	const a = uninstallRulesOnly(opts, resolveClinePaths(opts));
+	const b = uninstallRulesOnly(opts, resolveRooPaths(opts));
+	return {
+		removed: [...a.removed, ...b.removed],
+		skipped: [...a.skipped, ...b.skipped]
+	};
+};
+
+//#endregion
+//#region src/hooks/install/codex.ts
+const resolveCodexPaths = (opts) => ({ rules: opts.scope === "project" ? path.join(opts.cwd, "AGENTS.md") : path.join(opts.home, ".codex", "AGENTS.md") });
+const installCodex = (opts) => installRulesOnly(opts, resolveCodexPaths(opts), "write AGENTS.md rules for Codex");
+const uninstallCodex = (opts) => uninstallRulesOnly(opts, resolveCodexPaths(opts));
+
+//#endregion
+//#region src/hooks/install/copilot.ts
+const resolveCopilotPaths = (opts) => ({ rules: path.join(opts.cwd, ".github", "copilot-instructions.md") });
+const installCopilot = (opts) => {
+	if (opts.scope !== "project") return {
+		wrote: [],
+		skipped: [],
+		planned: [{
+			path: ".github/copilot-instructions.md",
+			summary: "Copilot is project-scope only; pass --project"
+		}]
+	};
+	return installRulesOnly(opts, resolveCopilotPaths(opts), "write .github/copilot-instructions.md");
+};
+const uninstallCopilot = (opts) => {
+	if (opts.scope !== "project") return {
+		removed: [],
+		skipped: []
+	};
+	return uninstallRulesOnly(opts, resolveCopilotPaths(opts));
+};
+
+//#endregion
+//#region src/hooks/install/cursor.ts
+const resolveCursorPaths = (opts) => {
+	const root = opts.scope === "project" ? path.join(opts.cwd, ".cursor") : path.join(opts.home, ".cursor");
+	return {
+		hooks: path.join(root, "hooks.json"),
+		rules: path.join(opts.cwd, ".cursor", "rules", "aislop.mdc")
+	};
+};
+const buildHookEntry = () => {
+	const hashBody = JSON.stringify({
+		command: "aislop hook cursor",
+		timeout: 5e3
+	});
+	return {
+		command: "aislop hook cursor",
+		type: "command",
+		timeout: 5e3,
+		[AISLOP_SENTINEL_KEY]: {
+			v: 1,
+			managed: true,
+			hash: sentinelHash(hashBody)
+		}
+	};
+};
+const renderHooksJson = (existingRaw) => {
+	let obj = { version: 1 };
+	if (existingRaw) try {
+		obj = JSON.parse(existingRaw);
+	} catch {
+		obj = { version: 1 };
+	}
+	if (typeof obj.version !== "number") obj.version = 1;
+	const next = upsertFlatHook(obj, "afterFileEdit", buildHookEntry());
+	return `${JSON.stringify(next, null, 2)}\n`;
+};
+const installCursor = (opts) => {
+	const paths = resolveCursorPaths(opts);
+	const result = emptyResult();
+	const nextHooks = renderHooksJson(readIfExists(paths.hooks));
+	applyContent(result, opts, paths.hooks, nextHooks, "register afterFileEdit hook");
+	if (opts.scope === "project") {
+		const rules = upsertMarkdownFence(readIfExists(paths.rules), AISLOP_MD_BODY, sentinelHash(AISLOP_MD_BODY)).nextContent;
+		applyContent(result, opts, paths.rules, rules, "write .cursor/rules/aislop.mdc");
+	}
+	return result;
+};
+const uninstallCursor = (opts) => {
+	const paths = resolveCursorPaths(opts);
+	const result = {
+		removed: [],
+		skipped: []
+	};
+	const raw = readIfExists(paths.hooks);
+	if (raw) {
+		let obj = {};
+		try {
+			obj = JSON.parse(raw);
+		} catch {
+			obj = {};
+		}
+		const stripped = removeAislopEntries(obj, "afterFileEdit").next;
+		const stillHasHooks = stripped.hooks && typeof stripped.hooks === "object" && Object.keys(stripped.hooks).length > 0;
+		const otherKeys = Object.keys(stripped).filter((k) => k !== "hooks" && k !== "version");
+		if (!stillHasHooks && otherKeys.length === 0) applyRemoval(result, opts, paths.hooks, null);
+		else applyRemoval(result, opts, paths.hooks, `${JSON.stringify(stripped, null, 2)}\n`);
+	} else result.skipped.push(paths.hooks);
+	if (opts.scope === "project") applyRemoval(result, opts, paths.rules, null);
+	return result;
+};
+
+//#endregion
+//#region src/hooks/install/gemini.ts
+const resolveGeminiPaths = (opts) => {
+	const root = opts.scope === "project" ? path.join(opts.cwd, ".gemini") : path.join(opts.home, ".gemini");
+	return {
+		settings: path.join(root, "settings.json"),
+		aislopMd: path.join(root, "AISLOP.md"),
+		geminiMd: path.join(root, "GEMINI.md")
+	};
+};
+const buildHookGroup = () => {
+	const hashBody = JSON.stringify({
+		command: "aislop hook gemini",
+		matcher: "write_file|replace"
+	});
+	return {
+		matcher: "write_file|replace",
+		hooks: [{
+			name: "aislop",
+			type: "command",
+			command: "aislop hook gemini",
+			timeout: 5e3,
+			[AISLOP_SENTINEL_KEY]: {
+				v: 1,
+				managed: true,
+				hash: sentinelHash(hashBody)
+			}
+		}]
+	};
+};
+const renderSettings = (existingRaw) => {
+	let obj = {};
+	if (existingRaw) try {
+		obj = JSON.parse(existingRaw);
+	} catch {
+		obj = {};
+	}
+	const next = upsertHookGroup(obj, "AfterTool", buildHookGroup());
+	return `${JSON.stringify(next, null, 2)}\n`;
+};
+const installGemini = (opts) => {
+	const paths = resolveGeminiPaths(opts);
+	const result = emptyResult();
+	const next = renderSettings(readIfExists(paths.settings));
+	applyContent(result, opts, paths.settings, next, "register AfterTool hook");
+	const fenced = upsertMarkdownFence(readIfExists(paths.aislopMd), AISLOP_MD_BODY, sentinelHash(AISLOP_MD_BODY)).nextContent;
+	applyContent(result, opts, paths.aislopMd, fenced, "write AISLOP.md rules");
+	const existingGeminiMd = readIfExists(paths.geminiMd) ?? "";
+	const marker = "@AISLOP.md";
+	if (!existingGeminiMd.includes(marker)) {
+		const joiner = existingGeminiMd.endsWith("\n") || existingGeminiMd.length === 0 ? "" : "\n";
+		const prefix = existingGeminiMd.length === 0 ? "" : `${existingGeminiMd}${joiner}\n`;
+		applyContent(result, opts, paths.geminiMd, `${prefix}${marker}\n`, "append @AISLOP.md reference");
+	} else result.skipped.push(paths.geminiMd);
+	return result;
+};
+const uninstallGemini = (opts) => {
+	const paths = resolveGeminiPaths(opts);
+	const result = {
+		removed: [],
+		skipped: []
+	};
+	const raw = readIfExists(paths.settings);
+	if (raw) {
+		let obj = {};
+		try {
+			obj = JSON.parse(raw);
+		} catch {
+			obj = {};
+		}
+		const stripped = removeAislopEntries(obj, "AfterTool").next;
+		const stillHasHooks = stripped.hooks && typeof stripped.hooks === "object" && Object.keys(stripped.hooks).length > 0;
+		const otherKeys = Object.keys(stripped).filter((k) => k !== "hooks");
+		if (!stillHasHooks && otherKeys.length === 0) applyRemoval(result, opts, paths.settings, null);
+		else applyRemoval(result, opts, paths.settings, `${JSON.stringify(stripped, null, 2)}\n`);
+	} else result.skipped.push(paths.settings);
+	if (readIfExists(paths.aislopMd) != null) applyRemoval(result, opts, paths.aislopMd, null);
+	else result.skipped.push(paths.aislopMd);
+	const geminiMd = readIfExists(paths.geminiMd);
+	if (geminiMd != null && geminiMd.includes("@AISLOP.md")) {
+		const stripped = geminiMd.split("\n").filter((l) => l.trim() !== "@AISLOP.md").join("\n").replace(/\n{3,}/g, "\n\n").trim();
+		applyRemoval(result, opts, paths.geminiMd, stripped.length === 0 ? null : `${stripped}\n`);
+	} else result.skipped.push(paths.geminiMd);
+	return result;
+};
+
+//#endregion
+//#region src/hooks/install/kilocode.ts
+const resolveKilocodePaths = (opts) => ({ rules: path.join(opts.cwd, ".kilocode", "rules", "aislop-rules.md") });
+const installKilocode = (opts) => {
+	if (opts.scope !== "project") return {
+		wrote: [],
+		skipped: [],
+		planned: [{
+			path: ".kilocode/rules/aislop-rules.md",
+			summary: "Kilo Code is project-scope only; pass --project"
+		}]
+	};
+	return installRulesOnly(opts, resolveKilocodePaths(opts), "write .kilocode/rules/aislop-rules.md");
+};
+const uninstallKilocode = (opts) => {
+	if (opts.scope !== "project") return {
+		removed: [],
+		skipped: []
+	};
+	return uninstallRulesOnly(opts, resolveKilocodePaths(opts));
+};
+
+//#endregion
+//#region src/hooks/install/windsurf.ts
+const resolveWindsurfPaths = (opts) => ({ rules: path.join(opts.cwd, ".windsurfrules") });
+const installWindsurf = (opts) => {
+	if (opts.scope !== "project") return {
+		wrote: [],
+		skipped: [],
+		planned: [{
+			path: ".windsurfrules",
+			summary: "Windsurf is project-scope only; pass --project"
+		}]
+	};
+	return installRulesOnly(opts, resolveWindsurfPaths(opts), "write .windsurfrules");
+};
+const uninstallWindsurf = (opts) => {
+	if (opts.scope !== "project") return {
+		removed: [],
+		skipped: []
+	};
+	return uninstallRulesOnly(opts, resolveWindsurfPaths(opts));
+};
+
+//#endregion
+//#region src/hooks/install/registry.ts
+const ALL_AGENTS = [
+	"claude",
+	"cursor",
+	"gemini",
+	"codex",
+	"windsurf",
+	"cline",
+	"kilocode",
+	"antigravity",
+	"copilot"
+];
+const AGENTS_PROJECT_ONLY = [
+	"windsurf",
+	"cline",
+	"kilocode",
+	"antigravity",
+	"copilot"
+];
+const AGENTS_SUPPORTING_BOTH_SCOPES = [
+	"claude",
+	"cursor",
+	"gemini",
+	"codex"
+];
+const paths = {
+	claude: (opts) => {
+		const p = resolveClaudePaths(opts);
+		return [
+			p.settings,
+			p.aislopMd,
+			p.claudeMd
+		];
+	},
+	cursor: (opts) => {
+		const p = resolveCursorPaths(opts);
+		return opts.scope === "project" ? [p.hooks, p.rules] : [p.hooks];
+	},
+	gemini: (opts) => {
+		const p = resolveGeminiPaths(opts);
+		return [
+			p.settings,
+			p.aislopMd,
+			p.geminiMd
+		];
+	},
+	codex: (opts) => [resolveCodexPaths(opts).rules],
+	windsurf: (opts) => [resolveWindsurfPaths(opts).rules],
+	cline: (opts) => [resolveClinePaths(opts).rules, resolveRooPaths(opts).rules],
+	kilocode: (opts) => [resolveKilocodePaths(opts).rules],
+	antigravity: (opts) => [resolveAntigravityPaths(opts).rules],
+	copilot: (opts) => [resolveCopilotPaths(opts).rules]
+};
+const REGISTRY = {
+	claude: {
+		install: installClaude,
+		uninstall: uninstallClaude,
+		paths: paths.claude
+	},
+	cursor: {
+		install: installCursor,
+		uninstall: uninstallCursor,
+		paths: paths.cursor
+	},
+	gemini: {
+		install: installGemini,
+		uninstall: uninstallGemini,
+		paths: paths.gemini
+	},
+	codex: {
+		install: installCodex,
+		uninstall: uninstallCodex,
+		paths: paths.codex
+	},
+	windsurf: {
+		install: installWindsurf,
+		uninstall: uninstallWindsurf,
+		paths: paths.windsurf
+	},
+	cline: {
+		install: installCline,
+		uninstall: uninstallCline,
+		paths: paths.cline
+	},
+	kilocode: {
+		install: installKilocode,
+		uninstall: uninstallKilocode,
+		paths: paths.kilocode
+	},
+	antigravity: {
+		install: installAntigravity,
+		uninstall: uninstallAntigravity,
+		paths: paths.antigravity
+	},
+	copilot: {
+		install: installCopilot,
+		uninstall: uninstallCopilot,
+		paths: paths.copilot
+	}
+};
+const defaultScopeFor = (agent) => AGENTS_PROJECT_ONLY.includes(agent) ? "project" : "global";
+const detectInstalledAgents = (opts) => {
+	const hits = [];
+	for (const agent of ALL_AGENTS) {
+		const scope = defaultScopeFor(agent);
+		if (REGISTRY[agent].paths({
+			home: opts.home,
+			cwd: opts.cwd,
+			scope
+		}).some((p) => fs.existsSync(p))) hits.push(agent);
+	}
+	return hits;
+};
+
+//#endregion
+//#region src/commands/hook.ts
+const resolveOpts = (agent, flags) => {
+	const scope = AGENTS_PROJECT_ONLY.includes(agent) ? "project" : flags.scope;
+	return {
+		home: os.homedir(),
+		cwd: process.cwd(),
+		scope,
+		dryRun: flags.dryRun,
+		qualityGate: flags.qualityGate
+	};
+};
+const printPlan = (agent, result) => {
+	if (result.planned.length === 0) {
+		process.stdout.write(`  ${agent}: already up to date\n`);
+		return;
+	}
+	process.stdout.write(`  ${agent}:\n`);
+	for (const op of result.planned) process.stdout.write(`    ${style(theme, "dim", "+")} ${op.path} — ${op.summary}\n`);
+};
+const hookInstall = async (flags) => {
+	if (flags.dryRun) process.stdout.write("aislop hook install (dry-run)\n\n");
+	for (const agent of flags.agents) {
+		const opts = resolveOpts(agent, flags);
+		const result = REGISTRY[agent].install(opts);
+		if (flags.dryRun) {
+			printPlan(agent, result);
+			continue;
+		}
+		if (result.wrote.length === 0) {
+			process.stdout.write(`${agent}: nothing to do (already up to date)\n`);
+			continue;
+		}
+		for (const f of result.wrote) process.stdout.write(`  wrote  ${f}\n`);
+		for (const f of result.skipped) process.stdout.write(`  skip   ${f}\n`);
+	}
+	if (flags.dryRun) process.stdout.write("\nNo files touched. Re-run without --dry-run to apply.\n");
+};
+const hookUninstall = async (flags) => {
+	if (flags.dryRun) process.stdout.write("aislop hook uninstall (dry-run)\n\n");
+	for (const agent of flags.agents) {
+		const opts = resolveOpts(agent, flags);
+		const result = REGISTRY[agent].uninstall(opts);
+		if (result.removed.length === 0) {
+			process.stdout.write(`${agent}: nothing installed\n`);
+			continue;
+		}
+		for (const f of result.removed) process.stdout.write(`  remove  ${f}\n`);
+		for (const f of result.skipped) process.stdout.write(`  skip    ${f}\n`);
+	}
+};
+const hookStatus = async () => {
+	const home = os.homedir();
+	const cwd = process.cwd();
+	process.stdout.write("aislop hook status\n\n");
+	const installed = new Set(detectInstalledAgents({
+		home,
+		cwd
+	}));
+	for (const agent of ALL_AGENTS) {
+		const scope = defaultScopeFor(agent);
+		const hits = REGISTRY[agent].paths({
+			home,
+			cwd,
+			scope
+		}).filter((p) => fs.existsSync(p));
+		const status = installed.has(agent) ? "installed" : "not installed";
+		const marker = installed.has(agent) ? "✓" : "·";
+		process.stdout.write(`  ${marker} ${agent.padEnd(12)} ${scope.padEnd(8)} ${status}\n`);
+		for (const p of hits) process.stdout.write(`      ${p}\n`);
+	}
+};
+const hookRun = async (agent, flags) => {
+	let exitCode = 0;
+	if (agent === "claude") exitCode = flags?.stop ? await runClaudeStopHook() : await runClaudeHook();
+	else if (agent === "cursor") exitCode = await runCursorHook();
+	else if (agent === "gemini") exitCode = await runGeminiHook();
+	else {
+		process.stderr.write(`hook: agent "${agent}" has no runtime adapter (rules-file-only)\n`);
+		process.exit(0);
+	}
+	process.exit(exitCode);
+};
+const hookBaseline = async () => {
+	const result = await captureBaseline(process.cwd());
+	process.stdout.write(`baseline captured: score=${result.score} files=${result.fileCount}\n`);
+	process.stdout.write(`  -> ${result.path}\n`);
+};
+const parseAgentFlag = (raw, fallback) => {
+	if (!raw) return fallback;
+	const parts = raw.split(",").map((s) => s.trim()).filter(Boolean);
+	const unknown = parts.filter((p) => !ALL_AGENTS.includes(p));
+	if (unknown.length > 0) throw new Error(`Unknown agent(s): ${unknown.join(", ")}. Valid: ${ALL_AGENTS.join(", ")}`);
+	return parts;
+};
+const defaultInstallTargets = () => {
+	return AGENTS_SUPPORTING_BOTH_SCOPES;
+};
+
 //#endregion
 //#region src/commands/init.ts
 const buildInitSuccessRender = (input) => {
@@ -7004,6 +8586,45 @@ program.command("ci [directory]").description("CI-friendly JSON output with exit
 program.command("rules [directory]").description("List all available rules").action(async (directory = ".") => {
 	await rulesCommand(directory);
 });
+const hook = program.command("hook").description("Install or invoke AI-agent integration hooks");
+const resolveScope = (flags) => {
+	if (flags.project) return "project";
+	if (flags.global) return "global";
+	return "global";
+};
+hook.command("install").description("Install aislop hooks for one or more coding agents").option("--agent <names>", "comma-separated agent list (claude,cursor,gemini,codex,windsurf,cline,kilocode,antigravity,copilot). default: all non-project-only agents").option("-g, --global", "install to the user-scope config (default for agents that support it)").option("--project", "install to the project-scope config").option("--dry-run", "print the planned diff without writing").option("--yes", "skip the confirmation prompt (reserved)").option("--quality-gate", "add a Stop hook that blocks when score regresses below baseline (Claude only)").action(async (opts) => {
+	await hookInstall({
+		agents: parseAgentFlag(opts.agent, defaultInstallTargets()),
+		scope: resolveScope(opts),
+		dryRun: Boolean(opts.dryRun),
+		yes: Boolean(opts.yes),
+		qualityGate: Boolean(opts.qualityGate)
+	});
+});
+hook.command("uninstall").description("Uninstall aislop hooks for one or more agents").option("--agent <names>", "comma-separated agent list. default: all agents with installed hooks").option("-g, --global", "uninstall from user-scope config").option("--project", "uninstall from project-scope config").option("--dry-run", "print the planned removal without writing").action(async (opts) => {
+	await hookUninstall({
+		agents: parseAgentFlag(opts.agent, defaultInstallTargets()),
+		scope: resolveScope(opts),
+		dryRun: Boolean(opts.dryRun),
+		yes: true,
+		qualityGate: false
+	});
+});
+hook.command("status").description("Show which agent hooks are installed").action(async () => {
+	await hookStatus();
+});
+hook.command("baseline").description("Capture the current project score as the quality-gate baseline").action(async () => {
+	await hookBaseline();
+});
+hook.command("claude").description("Internal: Claude Code PostToolUse / Stop callback (reads stdin)").option("--stop", "run in Stop-hook mode for the quality gate").action(async (opts) => {
+	await hookRun("claude", { stop: Boolean(opts.stop) });
+});
+hook.command("cursor").description("Internal: Cursor afterFileEdit callback (reads stdin)").action(async () => {
+	await hookRun("cursor");
+});
+hook.command("gemini").description("Internal: Gemini CLI AfterTool callback (reads stdin)").action(async () => {
+	await hookRun("gemini");
+});
 const main = async () => {
 	await program.parseAsync();
 	await flushTelemetry();