aislop 0.9.0 → 0.9.2

package/dist/cli.js

@@ -34,7 +34,7 @@ var __exportAll = (all, no_symbols) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.0";
+const APP_VERSION = "0.9.2";
 
 //#endregion
 //#region src/telemetry/env.ts
@@ -464,7 +464,21 @@ const buildSuggestedActions = (diagnostics, findings, regressed, delta) => {
 	});
 	return actions;
 };
-const buildFeedback = (diagnostics, score, rootDirectory, baseline) => {
+const buildAccountability = (meta, findings, regressed, newSinceBaseline) => {
+	if (!meta?.agent && (!meta?.touchedFiles || meta.touchedFiles.length === 0)) return void 0;
+	const touchedFiles = Array.from(new Set(meta.touchedFiles ?? []));
+	const newFindingCount = newSinceBaseline?.length ?? findings.length;
+	const mustFixBeforeDone = regressed || findings.some((f) => f.severity === "error");
+	const reason = mustFixBeforeDone ? regressed ? "Score regressed against the captured baseline. The agent should fix or justify the new findings before finishing." : "Error-severity findings remain in files touched by this agent turn." : "No blocking regression detected for this agent turn.";
+	return {
+		agent: meta.agent,
+		touchedFiles,
+		newFindingCount,
+		mustFixBeforeDone,
+		reason
+	};
+};
+const buildFeedback = (diagnostics, score, rootDirectory, baseline, meta) => {
 	const all = diagnostics.map((d) => toFinding(d, rootDirectory)).filter((x) => x !== null);
 	const capped = all.slice(0, MAX_FINDINGS);
 	const elided = all.length > MAX_FINDINGS ? all.length - MAX_FINDINGS : void 0;
@@ -492,6 +506,7 @@ const buildFeedback = (diagnostics, score, rootDirectory, baseline) => {
 		baseline: baselineScore,
 		delta,
 		regressed,
+		accountability: buildAccountability(meta, capped, regressed, newSinceBaseline),
 		counts,
 		findings: capped,
 		elided,
@@ -548,6 +563,7 @@ const DEFAULT_CONFIG = {
 		"build",
 		"coverage"
 	],
+	include: [],
 	engines: {
 		format: true,
 		lint: true,
@@ -583,7 +599,7 @@ const DEFAULT_CONFIG = {
 		smoothing: 20
 	},
 	ci: {
-		failBelow: 0,
+		failBelow: 70,
 		format: "json"
 	},
 	telemetry: { enabled: true }
@@ -709,7 +725,7 @@ const ScoringSchema = z.object({
 	smoothing: z.number().nonnegative().default(20)
 });
 const CiSchema = z.object({
-	failBelow: z.number().default(0),
+	failBelow: z.number().default(70),
 	format: z.enum(["json"]).default("json")
 });
 const TelemetrySchema = z.object({ enabled: z.boolean().default(true) });
@@ -743,7 +759,7 @@ const AislopConfigSchema = z.object({
 		smoothing: 20
 	})),
 	ci: CiSchema.default(() => ({
-		failBelow: 0,
+		failBelow: 70,
 		format: "json"
 	})),
 	telemetry: TelemetrySchema.default(() => ({ enabled: true })),
@@ -753,7 +769,8 @@ const AislopConfigSchema = z.object({
 		"dist",
 		"build",
 		"coverage"
-	])
+	]),
+	include: z.array(z.string()).default(() => [])
 });
 const defaults = AislopConfigSchema.parse({});
 /**
@@ -833,31 +850,68 @@ const EXCLUDED_DIRS = [
 	"dist",
 	"build",
 	".git",
+	".agents",
 	"vendor",
+	"examples",
+	"example",
+	"demos",
+	"demo",
+	"bench",
+	"benches",
+	"benchmarks",
+	"fixtures",
+	"fixture",
+	"samples",
+	"sample",
+	"tutorials",
+	"tutorial",
+	"code_samples",
+	"code-samples",
+	"notebooks",
 	"tests",
 	"test",
 	"__tests__",
 	"__test__",
 	"spec",
 	"__mocks__",
-	"fixtures",
 	"test_data",
 	".next",
 	".nuxt",
 	"coverage",
-	".turbo"
+	".turbo",
+	"public"
 ];
 const FIND_PRUNE_DIRS = [
 	"node_modules",
 	"dist",
 	"build",
 	".git",
+	".agents",
 	"vendor",
+	"examples",
+	"example",
+	"demos",
+	"demo",
+	"bench",
+	"benches",
+	"benchmarks",
+	"fixtures",
+	"fixture",
+	"samples",
+	"sample",
+	"tutorials",
+	"tutorial",
+	"code_samples",
+	"code-samples",
+	"notebooks",
 	".next",
 	".nuxt",
 	"coverage",
-	".turbo"
+	".turbo",
+	"public"
 ];
+const BUILD_CACHE_FILE_PATTERNS = [/\.timestamp-\d+-[a-z0-9]+\.[mc]?js$/i];
+const isBuildCacheFile = (filePath) => BUILD_CACHE_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
 const TEST_FILE_PATTERNS = [
 	/(?:^|\/).*\.test\.[^/]+$/i,
 	/(?:^|\/).*\.spec\.[^/]+$/i,
@@ -882,6 +936,7 @@ const hasAllowedExtension = (filePath, extraExtensions) => {
 	return SOURCE_EXTENSIONS.has(extension) || extraExtensions.has(extension);
 };
 const isExcludedPath = (filePath) => EXCLUDED_DIRS.some((dir) => filePath === dir || filePath.startsWith(`${dir}/`) || filePath.includes(`/${dir}/`));
+const isExcludedFromScan = (relativePath) => isExcludedPath(relativePath) || isBuildCacheFile(relativePath);
 const isTestFile$2 = (filePath) => TEST_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
 const getIgnoredPaths = (rootDirectory, files) => {
 	if (files.length === 0) return /* @__PURE__ */ new Set();
@@ -940,7 +995,7 @@ const normalizeExcludePatterns = (patterns) => {
 		return [p];
 	});
 };
-const filterProjectFiles = (rootDirectory, files, extraExtensions = [], exclude = []) => {
+const filterProjectFiles = (rootDirectory, files, extraExtensions = [], exclude = [], include = []) => {
 	const extraSet = new Set(extraExtensions);
 	const normalizedFiles = files.map((file) => {
 		const absolutePath = path.isAbsolute(file) ? file : path.resolve(rootDirectory, file);
@@ -955,8 +1010,16 @@ const filterProjectFiles = (rootDirectory, files, extraExtensions = [], exclude
 		if (!normalizedExcludePatterns.length) return false;
 		return micromatch.isMatch(relativePath, normalizedExcludePatterns, { dot: true });
 	};
+	const hasIncludePatterns = include.length > 0;
+	const isUserIncluded = (relativePath) => {
+		if (!hasIncludePatterns) return true;
+		return micromatch.isMatch(relativePath, include, { dot: true });
+	};
 	return normalizedFiles.filter(({ absolutePath, relativePath }) => {
-		return hasAllowedExtension(relativePath, extraSet) && !isExcludedPath(relativePath) && !isTestFile$2(relativePath) && !ignoredPaths.has(relativePath) && !isUserExcluded(relativePath) && fs.existsSync(absolutePath);
+		if (!fs.existsSync(absolutePath) || !isWithinProject(relativePath) || isExcludedPath(relativePath) || isTestFile$2(relativePath) || isBuildCacheFile(relativePath) || ignoredPaths.has(relativePath)) return false;
+		if (!isUserIncluded(relativePath)) return false;
+		if (isUserExcluded(relativePath)) return false;
+		return hasAllowedExtension(relativePath, extraSet);
 	}).map(({ absolutePath }) => absolutePath);
 };
 const filterExplicitFiles = (rootDirectory, files, extraExtensions = []) => {
@@ -1686,6 +1749,86 @@ const PYTHON_IMPORT_TO_PIP = {
 	redis: "redis"
 };
 
+//#endregion
+//#region src/engines/ai-slop/python-manifest.ts
+const addPyDep = (pyDeps, name) => {
+	const normalized = name.toLowerCase().replace(/_/g, "-");
+	pyDeps.add(normalized);
+};
+const collectFromRequirementsTxt = (rootDir, pyDeps) => {
+	const reqPath = path.join(rootDir, "requirements.txt");
+	if (!fs.existsSync(reqPath)) return false;
+	try {
+		const content = fs.readFileSync(reqPath, "utf-8");
+		for (const line of content.split("\n")) {
+			const trimmed = line.trim();
+			if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-")) continue;
+			const match = trimmed.match(/^([a-zA-Z0-9_\-.]+)/);
+			if (match) addPyDep(pyDeps, match[1]);
+		}
+		return true;
+	} catch {
+		return false;
+	}
+};
+const collectFromPyproject = (rootDir, pyDeps) => {
+	const pyprojPath = path.join(rootDir, "pyproject.toml");
+	if (!fs.existsSync(pyprojPath)) return false;
+	try {
+		const content = fs.readFileSync(pyprojPath, "utf-8");
+		const projectNameMatch = content.match(/\[project\][\s\S]*?^\s*name\s*=\s*["']([^"']+)/m);
+		if (projectNameMatch) addPyDep(pyDeps, projectNameMatch[1]);
+		const poetryNameMatch = content.match(/\[tool\.poetry\][\s\S]*?^\s*name\s*=\s*["']([^"']+)/m);
+		if (poetryNameMatch) addPyDep(pyDeps, poetryNameMatch[1]);
+		const pep621 = content.match(/^\s*dependencies\s*=\s*\[([\s\S]*?)\]/m);
+		if (pep621) for (const line of pep621[1].split("\n")) {
+			const m = line.match(/["']\s*([a-zA-Z0-9_\-.]+)/);
+			if (m) addPyDep(pyDeps, m[1]);
+		}
+		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
+		let match = poetryRe.exec(content);
+		while (match !== null) {
+			for (const line of match[1].split("\n")) {
+				const m = line.trim().match(/^([a-zA-Z0-9_\-.]+)\s*=/);
+				if (m && m[1] !== "python") addPyDep(pyDeps, m[1]);
+			}
+			match = poetryRe.exec(content);
+		}
+		return true;
+	} catch {
+		return false;
+	}
+};
+const collectFromPipfile = (rootDir, pyDeps) => {
+	const pipfilePath = path.join(rootDir, "Pipfile");
+	if (!fs.existsSync(pipfilePath)) return false;
+	try {
+		const content = fs.readFileSync(pipfilePath, "utf-8");
+		const sectionRe = /\[(packages|dev-packages)\]([\s\S]*?)(?=\n\[|$)/g;
+		let match = sectionRe.exec(content);
+		while (match !== null) {
+			for (const line of match[2].split("\n")) {
+				const m = line.trim().match(/^([a-zA-Z0-9_\-.]+)\s*=/);
+				if (m) addPyDep(pyDeps, m[1]);
+			}
+			match = sectionRe.exec(content);
+		}
+		return true;
+	} catch {
+		return false;
+	}
+};
+const collectPythonDeps = (rootDir) => {
+	const pyDeps = /* @__PURE__ */ new Set();
+	const hasReq = collectFromRequirementsTxt(rootDir, pyDeps);
+	const hasPyproject = collectFromPyproject(rootDir, pyDeps);
+	const hasPipfile = collectFromPipfile(rootDir, pyDeps);
+	return {
+		pyDeps,
+		hasPyManifest: hasReq || hasPyproject || hasPipfile
+	};
+};
+
 //#endregion
 //#region src/engines/ai-slop/hallucinated-imports.ts
 const JS_EXTENSIONS$2 = new Set([
@@ -1822,10 +1965,26 @@ const buildAliasMatcher = (key) => {
 };
 const collectAliasMatchersFromConfig = (configPath, matchers) => {
 	const opts = readJson(configPath)?.compilerOptions;
-	if (!opts || typeof opts !== "object") return;
+	if (!opts) return;
 	const paths = opts.paths;
-	if (!paths || typeof paths !== "object") return;
-	for (const key of Object.keys(paths)) matchers.push(buildAliasMatcher(key));
+	if (paths && typeof paths === "object") for (const key of Object.keys(paths)) matchers.push(buildAliasMatcher(key));
+	const baseUrl = opts.baseUrl;
+	if (typeof baseUrl === "string") {
+		const baseUrlDir = path.resolve(path.dirname(configPath), baseUrl);
+		let entries;
+		try {
+			entries = fs.readdirSync(baseUrlDir);
+		} catch {
+			return;
+		}
+		const baseSpecifiers = /* @__PURE__ */ new Set();
+		for (const entry of entries) {
+			if (entry.startsWith(".") || entry === "node_modules") continue;
+			const base = entry.replace(/\.(?:[jt]sx?|mjs|cjs|d\.ts)$/i, "");
+			if (base.length > 0) baseSpecifiers.add(base);
+		}
+		for (const name of baseSpecifiers) matchers.push((spec) => spec === name || spec.startsWith(`${name}/`));
+	}
 };
 const collectTsPathAliases = (rootDir) => {
 	const matchers = [];
@@ -1833,97 +1992,35 @@ const collectTsPathAliases = (rootDir) => {
 	for (const dir of dirs) for (const fname of TS_CONFIG_FILES) collectAliasMatchersFromConfig(path.join(dir, fname), matchers);
 	return matchers;
 };
-const addPyDep = (pyDeps, name) => {
-	const normalized = name.toLowerCase().replace(/_/g, "-");
-	pyDeps.add(normalized);
-};
-const collectFromRequirementsTxt = (rootDir, pyDeps) => {
-	const reqPath = path.join(rootDir, "requirements.txt");
-	if (!fs.existsSync(reqPath)) return false;
-	try {
-		const content = fs.readFileSync(reqPath, "utf-8");
-		for (const line of content.split("\n")) {
-			const trimmed = line.trim();
-			if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-")) continue;
-			const match = trimmed.match(/^([a-zA-Z0-9_\-.]+)/);
-			if (match) addPyDep(pyDeps, match[1]);
-		}
-		return true;
-	} catch {
-		return false;
-	}
-};
-const collectFromPyproject = (rootDir, pyDeps) => {
-	const pyprojPath = path.join(rootDir, "pyproject.toml");
-	if (!fs.existsSync(pyprojPath)) return false;
-	try {
-		const content = fs.readFileSync(pyprojPath, "utf-8");
-		const projectNameMatch = content.match(/\[project\][\s\S]*?^\s*name\s*=\s*["']([^"']+)/m);
-		if (projectNameMatch) addPyDep(pyDeps, projectNameMatch[1]);
-		const poetryNameMatch = content.match(/\[tool\.poetry\][\s\S]*?^\s*name\s*=\s*["']([^"']+)/m);
-		if (poetryNameMatch) addPyDep(pyDeps, poetryNameMatch[1]);
-		const pep621 = content.match(/^\s*dependencies\s*=\s*\[([\s\S]*?)\]/m);
-		if (pep621) for (const line of pep621[1].split("\n")) {
-			const m = line.match(/["']\s*([a-zA-Z0-9_\-.]+)/);
-			if (m) addPyDep(pyDeps, m[1]);
-		}
-		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
-		let match = poetryRe.exec(content);
-		while (match !== null) {
-			for (const line of match[1].split("\n")) {
-				const m = line.trim().match(/^([a-zA-Z0-9_\-.]+)\s*=/);
-				if (m && m[1] !== "python") addPyDep(pyDeps, m[1]);
-			}
-			match = poetryRe.exec(content);
-		}
-		return true;
-	} catch {
-		return false;
-	}
-};
-const collectFromPipfile = (rootDir, pyDeps) => {
-	const pipfilePath = path.join(rootDir, "Pipfile");
-	if (!fs.existsSync(pipfilePath)) return false;
-	try {
-		const content = fs.readFileSync(pipfilePath, "utf-8");
-		const sectionRe = /\[(packages|dev-packages)\]([\s\S]*?)(?=\n\[|$)/g;
-		let match = sectionRe.exec(content);
-		while (match !== null) {
-			for (const line of match[2].split("\n")) {
-				const m = line.trim().match(/^([a-zA-Z0-9_\-.]+)\s*=/);
-				if (m) addPyDep(pyDeps, m[1]);
-			}
-			match = sectionRe.exec(content);
-		}
-		return true;
-	} catch {
-		return false;
-	}
-};
 const loadManifest = (rootDir) => {
 	const jsDeps = /* @__PURE__ */ new Set();
-	const pyDeps = /* @__PURE__ */ new Set();
 	const hasJsManifest = collectJsDeps(rootDir, jsDeps);
-	const hasReq = collectFromRequirementsTxt(rootDir, pyDeps);
-	const hasPyproject = collectFromPyproject(rootDir, pyDeps);
-	const hasPipfile = collectFromPipfile(rootDir, pyDeps);
+	const { pyDeps, hasPyManifest } = collectPythonDeps(rootDir);
 	return {
 		jsDeps,
 		pyDeps,
 		hasJsManifest,
-		hasPyManifest: hasReq || hasPyproject || hasPipfile
+		hasPyManifest
 	};
 };
 const isJsRelativeOrAbsolute = (spec) => spec.startsWith(".") || spec.startsWith("/") || spec.startsWith("~/");
+const RUNTIME_BUILTINS = new Set(["bun"]);
 const isJsBuiltin = (spec) => {
+	if (RUNTIME_BUILTINS.has(spec)) return true;
 	return isBuiltin(spec.startsWith("node:") ? spec.slice(5) : spec) || isBuiltin(spec);
 };
 const VIRTUAL_MODULE_PREFIXES = [
 	"astro:",
 	"virtual:",
-	"bun:"
+	"bun:",
+	"~icons/"
 ];
 const isJsVirtualModule = (spec) => VIRTUAL_MODULE_PREFIXES.some((p) => spec.startsWith(p));
+const stripImportQuery = (spec) => {
+	const idx = spec.indexOf("?");
+	return idx === -1 ? spec : spec.slice(0, idx);
+};
+const VIRTUAL_ASSET_FILES = { "unfonts.css": "unplugin-fonts" };
 const TEMPLATE_PLACEHOLDER_RE = /\$\{/;
 const isLikelyRealImportSpec = (spec) => {
 	if (spec.length === 0) return false;
@@ -1990,10 +2087,14 @@ const extractPyImports = (content) => {
 	}
 	return results;
 };
-const checkJsImport = (spec, manifest, tsAliasMatchers) => {
+const checkJsImport = (rawSpec, manifest, tsAliasMatchers) => {
+	const spec = stripImportQuery(rawSpec);
+	if (spec.length === 0) return null;
 	if (isJsRelativeOrAbsolute(spec)) return null;
 	if (isJsBuiltin(spec)) return null;
 	if (isJsVirtualModule(spec)) return null;
+	const virtualOwner = VIRTUAL_ASSET_FILES[spec];
+	if (virtualOwner && manifest.jsDeps.has(virtualOwner)) return null;
 	if (tsAliasMatchers.some((m) => m(spec))) return null;
 	const pkg = packageNameFromImport(spec);
 	if (manifest.jsDeps.has(pkg)) return null;
@@ -3349,64 +3450,88 @@ const analyzeFunctions = (content, ext) => {
 	}
 	return functions;
 };
-const JSX_FILE_LOC_MULTIPLIER = 1.5;
+const FILE_LOC_MULTIPLIERS = {
+	".tsx": 1.5,
+	".jsx": 1.5,
+	".rs": 2.5,
+	".go": 1.5
+};
+const DECLARATION_FILE_RE = /\.d\.ts$/i;
+const fileLocBudget = (ext, relativePath, base) => {
+	if (DECLARATION_FILE_RE.test(relativePath)) return Number.POSITIVE_INFINITY;
+	const multiplier = FILE_LOC_MULTIPLIERS[ext] ?? 1;
+	return Math.ceil(base * multiplier);
+};
 const checkFileDiagnostics = (relativePath, content, limits) => {
 	const results = [];
 	const lineCount = content.split("\n").length;
 	const ext = path.extname(relativePath).toLowerCase();
 	if (isDataFile(content)) return results;
-	const configuredMax = ext === ".jsx" || ext === ".tsx" ? Math.ceil(limits.maxFileLoc * JSX_FILE_LOC_MULTIPLIER) : limits.maxFileLoc;
+	const configuredMax = fileLocBudget(ext, relativePath, limits.maxFileLoc);
+	if (!Number.isFinite(configuredMax)) return results;
 	if (lineCount > Math.ceil(configuredMax * 1.1)) results.push({
 		filePath: relativePath,
 		engine: "code-quality",
 		rule: "complexity/file-too-large",
 		severity: "warning",
-		message: `File has ${lineCount} lines (max: ${configuredMax})`,
+		message: `File too large (max: ${configuredMax})`,
 		help: "Consider splitting this file into smaller modules",
 		line: 0,
 		column: 0,
 		category: "Complexity",
-		fixable: false
+		fixable: false,
+		detail: `${lineCount} lines`
 	});
 	return results;
 };
-const checkFunctionDiagnostics = (relativePath, fn, limits) => {
+const JSX_EXTENSIONS = new Set([".tsx", ".jsx"]);
+const isComponentFunction = (name, ext) => JSX_EXTENSIONS.has(ext) && /^[A-Z]/.test(name);
+const functionLocBudget = (fn, ext, base) => {
+	if (isComponentFunction(fn.name, ext)) return Math.ceil(base * 2);
+	if (ext === ".rs") return Math.ceil(base * 1.5);
+	return base;
+};
+const checkFunctionDiagnostics = (relativePath, fn, limits, ext) => {
 	const results = [];
-	if (fn.lineCount - fn.templateLines > Math.ceil(limits.maxFunctionLoc * 1.1)) results.push({
+	const fnMax = functionLocBudget(fn, ext, limits.maxFunctionLoc);
+	if (fn.lineCount - fn.templateLines > Math.ceil(fnMax * 1.1)) results.push({
 		filePath: relativePath,
 		engine: "code-quality",
 		rule: "complexity/function-too-long",
 		severity: "warning",
-		message: `Function '${fn.name}' has ${fn.lineCount} lines (max: ${limits.maxFunctionLoc})`,
+		message: `Function too long (max: ${fnMax})`,
 		help: "Consider breaking this function into smaller pieces",
 		line: fn.startLine,
 		column: 0,
 		category: "Complexity",
-		fixable: false
+		fixable: false,
+		detail: `${fn.name} · ${fn.lineCount} lines`
 	});
 	if (fn.maxNesting > limits.maxNesting) results.push({
 		filePath: relativePath,
 		engine: "code-quality",
 		rule: "complexity/deep-nesting",
 		severity: "warning",
-		message: `Function '${fn.name}' has nesting depth ${fn.maxNesting} (max: ${limits.maxNesting})`,
+		message: `Function nested too deeply (max: ${limits.maxNesting})`,
 		help: "Consider using early returns or extracting nested logic",
 		line: fn.startLine,
 		column: 0,
 		category: "Complexity",
-		fixable: false
+		fixable: false,
+		detail: `${fn.name} · depth ${fn.maxNesting}`
 	});
 	if (fn.paramCount > limits.maxParams) results.push({
 		filePath: relativePath,
 		engine: "code-quality",
 		rule: "complexity/too-many-params",
 		severity: "warning",
-		message: `Function '${fn.name}' has ${fn.paramCount} parameters (max: ${limits.maxParams})`,
+		message: `Function has too many parameters (max: ${limits.maxParams})`,
 		help: "Consider using an options object parameter",
 		line: fn.startLine,
 		column: 0,
 		category: "Complexity",
-		fixable: false
+		fixable: false,
+		detail: `${fn.name} · ${fn.paramCount} params`
 	});
 	return results;
 };
@@ -3421,7 +3546,7 @@ const checkFileComplexity = (filePath, rootDirectory, limits) => {
 	}
 	const ext = path.extname(filePath).toLowerCase();
 	const diagnostics = checkFileDiagnostics(relativePath, content, limits);
-	for (const fn of analyzeFunctions(content, ext)) diagnostics.push(...checkFunctionDiagnostics(relativePath, fn, limits));
+	for (const fn of analyzeFunctions(content, ext)) diagnostics.push(...checkFunctionDiagnostics(relativePath, fn, limits, ext));
 	return diagnostics;
 };
 const checkComplexity = async (context) => {
@@ -3526,17 +3651,19 @@ const findDuplicateBlocks = (content, relativePath) => {
 		});
 	}
 	return reports.map((r) => {
+		const span = r.currentEnd - r.currentStart + 1;
 		return {
 			filePath: relativePath,
 			engine: "code-quality",
 			rule: "code-quality/duplicate-block",
 			severity: "warning",
-			message: `${r.currentEnd - r.currentStart + 1}-line block at line ${r.currentStart} duplicates a block starting at line ${r.priorStart}. Extract a shared helper.`,
+			message: "Duplicate code block — extract a shared helper",
 			help: `Pull the shared logic into a function both sites can call. Keeps one version of the truth and makes future changes one-shot instead of N-shot.`,
 			line: r.currentStart,
 			column: 0,
 			category: "Complexity",
-			fixable: false
+			fixable: false,
+			detail: `${span} lines duplicate block at L${r.priorStart}`
 		};
 	});
 };
@@ -4202,16 +4329,34 @@ const isToolAvailable = async (toolName) => {
 	return isToolInstalled(toolName);
 };
 
+//#endregion
+//#region src/engines/python-targets.ts
+const PYTHON_EXTENSIONS = new Set([".py", ".pyi"]);
+const normalizeProjectPath = (filePath) => filePath.split(path.sep).join("/");
+const getPythonTargets = (context) => {
+	const targets = (context.files ?? getSourceFiles(context)).filter((filePath) => PYTHON_EXTENSIONS.has(path.extname(filePath).toLowerCase())).map((filePath) => {
+		const absolutePath = path.isAbsolute(filePath) ? filePath : path.resolve(context.rootDirectory, filePath);
+		return normalizeProjectPath(path.relative(context.rootDirectory, absolutePath));
+	}).filter((filePath) => filePath.length > 0 && !filePath.startsWith(".."));
+	return [...new Set(targets)];
+};
+const getRuffDiagnosticPath = (rootDirectory, filePath) => {
+	const normalizedPath = filePath.replace(/^a\//, "");
+	return normalizeProjectPath(path.isAbsolute(normalizedPath) ? path.relative(rootDirectory, normalizedPath) : normalizedPath);
+};
+
 //#endregion
 //#region src/engines/format/ruff-format.ts
 const runRuffFormat = async (context) => {
 	const ruffBinary = resolveToolBinary("ruff");
+	const targets = getPythonTargets(context);
+	if (targets.length === 0) return [];
 	try {
 		const result = await runSubprocess(ruffBinary, [
 			"format",
 			"--check",
 			"--diff",
-			context.rootDirectory
+			...targets
 		], {
 			cwd: context.rootDirectory,
 			timeout: 6e4
@@ -4227,9 +4372,9 @@ const parseRuffFormatOutput = (output, rootDir) => {
 	const filePattern = /^--- (.+)$/gm;
 	let match;
 	while ((match = filePattern.exec(output)) !== null) {
-		const filePath = match[1].replace(/^a\//, "");
+		const filePath = getRuffDiagnosticPath(rootDir, match[1]);
 		diagnostics.push({
-			filePath: path.relative(rootDir, filePath),
+			filePath,
 			engine: "format",
 			rule: "python-formatting",
 			severity: "warning",
@@ -4738,6 +4883,95 @@ const resolveOxlintBinary = () => {
 		return "oxlint";
 	}
 };
+const VITE_QUERY_RE = /["'][^"']*\?(worker|sharedworker|worker-url|url|raw|inline|init)\b/;
+const isViteVirtualImportFalsePositive = (rule, message) => rule.startsWith("import/") && VITE_QUERY_RE.test(message);
+const AMBIENT_GLOBAL_DEPS = [
+	"unplugin-icons",
+	"@types/bun",
+	"bun-types"
+];
+const SST_PLATFORM_REF_RE = /\/\/\/\s*<reference\s+path=["'][^"']*sst[\\/]+platform[\\/]+config\.d\.ts["']/;
+const ICON_AUTOIMPORT_RE = /^Icon[A-Z]/;
+const NO_UNDEF_IDENT_RE = /^['‘"`]([^'’"`]+)['’"`]/;
+const detectAmbientSources = (rootDir) => {
+	const found = /* @__PURE__ */ new Set();
+	const skipDirs = new Set([
+		"node_modules",
+		".git",
+		"dist",
+		"build",
+		"out",
+		"target",
+		"coverage",
+		".next",
+		".turbo"
+	]);
+	const walk = (dir, depth) => {
+		if (depth > 4 || found.size === AMBIENT_GLOBAL_DEPS.length) return;
+		let entries;
+		try {
+			entries = fs.readdirSync(dir, { withFileTypes: true });
+		} catch {
+			return;
+		}
+		for (const entry of entries) {
+			if (found.size === AMBIENT_GLOBAL_DEPS.length) return;
+			if (entry.name.startsWith(".") && entry.name !== ".github") continue;
+			if (skipDirs.has(entry.name)) continue;
+			const full = path.join(dir, entry.name);
+			if (entry.isDirectory()) walk(full, depth + 1);
+			else if (entry.name === "package.json") try {
+				const pkg = JSON.parse(fs.readFileSync(full, "utf-8"));
+				const allDeps = {
+					...pkg.dependencies ?? {},
+					...pkg.devDependencies ?? {},
+					...pkg.peerDependencies ?? {}
+				};
+				for (const dep of AMBIENT_GLOBAL_DEPS) if (dep in allDeps) found.add(dep);
+			} catch {}
+		}
+	};
+	walk(rootDir, 0);
+	return found;
+};
+const extractNoUndefIdentifier = (message) => {
+	return NO_UNDEF_IDENT_RE.exec(message)?.[1] ?? null;
+};
+const isAmbientFalsePositive = (rule, message, sources) => {
+	if (rule !== "eslint/no-undef") return false;
+	const ident = extractNoUndefIdentifier(message);
+	if (!ident) return false;
+	if (sources.has("unplugin-icons") && ICON_AUTOIMPORT_RE.test(ident)) return true;
+	if ((sources.has("@types/bun") || sources.has("bun-types")) && ident === "Bun") return true;
+	return false;
+};
+const sstReferencedFiles = /* @__PURE__ */ new Map();
+const fileReferencesSstPlatform = (rootDir, relativeFilePath) => {
+	const cached = sstReferencedFiles.get(relativeFilePath);
+	if (cached !== void 0) return cached;
+	const absolute = path.isAbsolute(relativeFilePath) ? relativeFilePath : path.join(rootDir, relativeFilePath);
+	let referenced = false;
+	try {
+		const fd = fs.openSync(absolute, "r");
+		try {
+			const buf = Buffer.alloc(512);
+			const bytesRead = fs.readSync(fd, buf, 0, 512, 0);
+			referenced = SST_PLATFORM_REF_RE.test(buf.toString("utf-8", 0, bytesRead));
+		} finally {
+			fs.closeSync(fd);
+		}
+	} catch {
+		referenced = false;
+	}
+	sstReferencedFiles.set(relativeFilePath, referenced);
+	return referenced;
+};
+const UNUSED_VAR_IDENT_RE = /(?:Variable|Parameter|Catch parameter) '([^']+)' (?:is declared but never used|is caught but never used)/;
+const isUnderscoreUnusedVar = (rule, message) => {
+	if (rule !== "eslint/no-unused-vars") return false;
+	const match = UNUSED_VAR_IDENT_RE.exec(message);
+	return match ? match[1].startsWith("_") : false;
+};
 const parseRuleCode = (code) => {
 	if (!code) return {
 		plugin: "eslint",
@@ -4834,6 +5068,8 @@ const runOxlint = async (context) => {
 		framework: context.frameworks.find((f) => f !== "none"),
 		testFramework: detectTestFramework(context.rootDirectory)
 	});
+	const ambientSources = detectAmbientSources(context.rootDirectory);
+	sstReferencedFiles.clear();
 	try {
 		fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
 		const args = [
@@ -4873,6 +5109,11 @@ const runOxlint = async (context) => {
 				fixable: false
 			};
 		}).filter((d) => {
+			if (isExcludedFromScan(path.isAbsolute(d.filePath) ? path.relative(context.rootDirectory, d.filePath) : d.filePath)) return false;
+			if (isViteVirtualImportFalsePositive(d.rule, d.message)) return false;
+			if (isAmbientFalsePositive(d.rule, d.message, ambientSources)) return false;
+			if (isUnderscoreUnusedVar(d.rule, d.message)) return false;
+			if (d.rule === "eslint/no-undef" && fileReferencesSstPlatform(context.rootDirectory, d.filePath)) return false;
 			const key = `${d.filePath}:${d.line}:${d.rule}:${d.message}`;
 			if (seen.has(key)) return false;
 			seen.add(key);
@@ -4936,18 +5177,20 @@ const fixOxlint = async (context, options = {}) => {
 //#region src/engines/lint/ruff.ts
 const runRuffLint = async (context) => {
 	const ruffBinary = resolveToolBinary("ruff");
+	const targets = getPythonTargets(context);
+	if (targets.length === 0) return [];
 	try {
 		const output = (await runSubprocess(ruffBinary, [
 			"check",
 			"--output-format=json",
-			context.rootDirectory
+			...targets
 		], {
 			cwd: context.rootDirectory,
 			timeout: 6e4
 		})).stdout;
 		if (!output) return [];
 		return JSON.parse(output).map((d) => ({
-			filePath: path.relative(context.rootDirectory, d.filename),
+			filePath: getRuffDiagnosticPath(context.rootDirectory, d.filename),
 			engine: "lint",
 			rule: `ruff/${d.code}`,
 			severity: d.code.startsWith("E") || d.code.startsWith("F") ? "error" : "warning",
@@ -5065,56 +5308,94 @@ const runPnpmAuditWithFallback = async (rootDir, timeout) => {
 		return [];
 	}
 };
+const SEVERITY_RANK = {
+	critical: 4,
+	high: 3,
+	moderate: 2,
+	low: 1
+};
 const toSeverity = (value) => value === "critical" || value === "high" ? "error" : "warning";
-const defaultAuditFixCommand = (source) => source === "pnpm audit" ? "pnpm audit --fix" : "npm audit fix";
+const upsertVuln = (bucket, packageName, severity, recommendation) => {
+	const existing = bucket.get(packageName);
+	if (existing) {
+		existing.advisories++;
+		if ((SEVERITY_RANK[severity] ?? 0) > (SEVERITY_RANK[existing.worstSeverity] ?? 0)) existing.worstSeverity = severity;
+		if (recommendation) existing.recommendations.add(recommendation);
+	} else bucket.set(packageName, {
+		packageName,
+		worstSeverity: severity,
+		advisories: 1,
+		recommendations: recommendation ? new Set([recommendation]) : /* @__PURE__ */ new Set()
+	});
+};
+const SEMVER_RE = /(\d+)\.(\d+)\.(\d+)/;
+const cmpSemver = (a, b) => {
+	const [, a1, a2, a3] = SEMVER_RE.exec(a) ?? [
+		"",
+		"0",
+		"0",
+		"0"
+	];
+	const [, b1, b2, b3] = SEMVER_RE.exec(b) ?? [
+		"",
+		"0",
+		"0",
+		"0"
+	];
+	if (Number(a1) !== Number(b1)) return Number(a1) - Number(b1);
+	if (Number(a2) !== Number(b2)) return Number(a2) - Number(b2);
+	return Number(a3) - Number(b3);
+};
+const pickBestRecommendation = (recs) => {
+	if (recs.length <= 1) return recs[0] ?? "";
+	const versioned = recs.filter((r) => SEMVER_RE.test(r));
+	if (versioned.length === 0) return recs[0];
+	return versioned.reduce((best, r) => cmpSemver(r, best) > 0 ? r : best);
+};
+const cleanRecommendation = (raw) => {
+	const t = raw.trim();
+	if (!t || t.toLowerCase() === "none") return "no fix available";
+	return t;
+};
+const aggregateToDiagnostic = (agg, source) => {
+	const best = cleanRecommendation(pickBestRecommendation([...agg.recommendations]));
+	const countLabel = agg.advisories > 1 ? ` (${agg.advisories} advisories)` : "";
+	const recLabel = best ? ` — ${best}` : "";
+	return {
+		filePath: "package.json",
+		engine: "security",
+		rule: "security/vulnerable-dependency",
+		severity: toSeverity(agg.worstSeverity),
+		message: `${agg.packageName} (${agg.worstSeverity})${recLabel}${countLabel}`,
+		help: "",
+		line: 0,
+		column: 0,
+		category: "Security",
+		fixable: false,
+		detail: source === "npm audit" ? "npm" : "pnpm"
+	};
+};
 const parseLegacyAdvisories = (advisories, source) => {
-	const diagnostics = [];
-	for (const [key, advisory] of Object.entries(advisories)) {
-		const packageName = advisory.module_name ?? advisory.name ?? advisory.package ?? key;
-		const severity = (advisory.severity ?? "moderate").toLowerCase();
-		const recommendation = advisory.recommendation ?? advisory.title ?? `Run \`${defaultAuditFixCommand(source)}\` to resolve`;
-		diagnostics.push({
-			filePath: "package.json",
-			engine: "security",
-			rule: "security/vulnerable-dependency",
-			severity: toSeverity(severity),
-			message: `Vulnerable dependency (${source}): ${packageName} (${severity})`,
-			help: withFixHint(recommendation),
-			line: 0,
-			column: 0,
-			category: "Security",
-			fixable: false
-		});
-	}
-	return diagnostics;
+	const bucket = /* @__PURE__ */ new Map();
+	for (const [key, advisory] of Object.entries(advisories)) upsertVuln(bucket, advisory.module_name ?? advisory.name ?? advisory.package ?? key, (advisory.severity ?? "moderate").toLowerCase(), advisory.recommendation ?? advisory.title ?? "");
+	return [...bucket.values()].map((agg) => aggregateToDiagnostic(agg, source));
 };
 const parseModernVulnerabilities = (vulnerabilities, source) => {
-	const diagnostics = [];
+	const bucket = /* @__PURE__ */ new Map();
 	for (const [packageName, vulnerability] of Object.entries(vulnerabilities)) {
 		const severity = (vulnerability.severity ?? "moderate").toLowerCase();
 		const fixAvailable = vulnerability.fixAvailable;
 		const isDirect = vulnerability.isDirect === true;
-		let recommendation = `Run \`${defaultAuditFixCommand(source)}\` to resolve`;
-		if (fixAvailable === false) recommendation = isDirect ? "No automatic fix — check for a newer major version" : "Transitive with no fix — add an override or upgrade the parent";
-		else if (!isDirect && fixAvailable === true) recommendation = "Transitive dep — may need an override or parent upgrade";
+		let recommendation = "";
+		if (fixAvailable === false) recommendation = isDirect ? "no automatic fix" : "transitive — needs override or parent upgrade";
+		else if (!isDirect && fixAvailable === true) recommendation = "transitive — may need override or parent upgrade";
 		else if (fixAvailable && typeof fixAvailable === "object" && "name" in fixAvailable && "version" in fixAvailable) {
 			const target = fixAvailable;
-			if (target.name && target.version) recommendation = `Upgrade to ${target.name}@${target.version}.`;
+			if (target.name && target.version) recommendation = `upgrade to ${target.name}@${target.version}`;
 		}
-		diagnostics.push({
-			filePath: "package.json",
-			engine: "security",
-			rule: "security/vulnerable-dependency",
-			severity: toSeverity(severity),
-			message: `Vulnerable dependency (${source}): ${packageName} (${severity})`,
-			help: withFixHint(recommendation),
-			line: 0,
-			column: 0,
-			category: "Security",
-			fixable: false
-		});
+		upsertVuln(bucket, packageName, severity, recommendation);
 	}
-	return diagnostics;
+	return [...bucket.values()].map((agg) => aggregateToDiagnostic(agg, source));
 };
 const parseJsAudit = (output, source) => {
 	if (!output) return [];
@@ -6214,7 +6495,10 @@ const runClaudeHook = async (deps = {}) => {
 		const feedback = buildFeedback(diagnostics, score, rootDirectory, baseline ? {
 			score: baseline.score,
 			findingFingerprints: baseline.findingFingerprints
-		} : void 0);
+		} : void 0, {
+			agent: "claude",
+			touchedFiles: files
+		});
 		track({
 			event: "hook_scan_completed",
 			properties: buildHookScanCompletedProps({
@@ -6295,6 +6579,9 @@ const runClaudeStopHook = async (deps = {}) => {
 		const feedback = buildFeedback(diagnostics, score, rootDirectory, {
 			score: baseline.score,
 			findingFingerprints: baseline.findingFingerprints
+		}, {
+			agent: "claude",
+			touchedFiles: sessionFiles
 		});
 		if (!feedback.regressed) {
 			clearSessionFiles(cwd);
@@ -6355,7 +6642,10 @@ const runCursorHook = async (deps = {}) => {
 	if (!release) return 0;
 	try {
 		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
-		const feedback = buildFeedback(diagnostics, score, rootDirectory);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory, void 0, {
+			agent: "cursor",
+			touchedFiles: files
+		});
 		track({
 			event: "hook_scan_completed",
 			properties: buildHookScanCompletedProps({
@@ -6414,7 +6704,10 @@ const runGeminiHook = async (deps = {}) => {
 	if (!release) return 0;
 	try {
 		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
-		const feedback = buildFeedback(diagnostics, score, rootDirectory);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory, void 0, {
+			agent: "gemini",
+			touchedFiles: files
+		});
 		track({
 			event: "hook_scan_completed",
 			properties: buildHookScanCompletedProps({
@@ -7745,8 +8038,53 @@ const wrapHelpText = (text, maxWidth, indent) => {
 };
 const terminalWidth = () => {
 	const raw = process.stdout.columns;
-	if (typeof raw !== "number" || raw <= 0) return 100;
-	return Math.min(raw, 100);
+	if (typeof raw !== "number" || raw <= 0) return 120;
+	return Math.min(raw, 120);
+};
+const renderRuleHeader = (first, count, lines) => {
+	const level = toSeverityLabel(first.severity);
+	const countLabel = count > 1 ? ` (${count})` : "";
+	const status = colorBySeverity(level, first.severity);
+	const fixableTag = first.fixable ? ` ${style(theme, "muted", "[auto]")}` : "";
+	const fixableWidth = first.fixable ? 7 : 0;
+	const badgePrefix = `    [${status}]${fixableTag} `;
+	const badgePrefixWidth = 5 + level.length + 1 + fixableWidth + 1;
+	const wrapped = wrapText(`${first.message}${countLabel}`, terminalWidth(), badgePrefixWidth, "      ");
+	lines.push(`${badgePrefix}${wrapped[0]}`);
+	for (let i = 1; i < wrapped.length; i++) lines.push(wrapped[i]);
+};
+const renderLocations = (ruleDiags, verbose, lines) => {
+	const unique = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const d of ruleDiags) {
+		const label = toLocationLabel(d);
+		const detail = d.detail ?? "";
+		const key = `${label}|${detail}`;
+		if (seen.has(key)) continue;
+		seen.add(key);
+		unique.push({
+			label,
+			detail
+		});
+	}
+	const shown = verbose ? unique : unique.slice(0, 3);
+	const maxLabel = shown.reduce((w, l) => Math.max(w, l.label.length), 0);
+	for (const { label, detail } of shown) {
+		const padded = detail ? `${label.padEnd(maxLabel)}  ${detail}` : label;
+		lines.push(style(theme, "muted", `      ${padded}`));
+	}
+	if (!verbose && unique.length > shown.length) lines.push(style(theme, "muted", `      +${unique.length - shown.length} more location(s), use -d for full list`));
+};
+const renderHiddenFooter = (sorted, maxRules, lines) => {
+	const hidden = sorted.slice(maxRules);
+	const hiddenErrors = hidden.reduce((acc, [, diags]) => acc + (diags[0].severity === "error" ? diags.length : 0), 0);
+	const hiddenWarnings = hidden.reduce((acc, [, diags]) => acc + (diags[0].severity === "warning" ? diags.length : 0), 0);
+	const parts = [];
+	if (hiddenErrors > 0) parts.push(`${hiddenErrors} error${hiddenErrors === 1 ? "" : "s"}`);
+	if (hiddenWarnings > 0) parts.push(`${hiddenWarnings} warning${hiddenWarnings === 1 ? "" : "s"}`);
+	const detail = parts.length > 0 ? ` (${parts.join(", ")})` : "";
+	lines.push(style(theme, "muted", `    ... and ${hidden.length} more rules hidden${detail}. Run with -v or --verbose to see full output.`));
+	lines.push("");
 };
 const renderDiagnostics = (diagnostics, verbose) => {
 	const lines = [];
@@ -7755,29 +8093,23 @@ const renderDiagnostics = (diagnostics, verbose) => {
 		const label = getEngineLabel(engine);
 		lines.push(`  ${style(theme, "bold", `${symbols.engineActive} ${label}`)}`);
 		const sorted = [...groupBy(engineDiags, (d) => `${d.rule}:${d.message}`).entries()].sort(([, a], [, b]) => {
-			return (a[0].severity === "error" ? 0 : a[0].severity === "warning" ? 1 : 2) - (b[0].severity === "error" ? 0 : b[0].severity === "warning" ? 1 : 2);
+			const sa = a[0].severity === "error" ? 0 : a[0].severity === "warning" ? 1 : 2;
+			const sb = b[0].severity === "error" ? 0 : b[0].severity === "warning" ? 1 : 2;
+			if (sa !== sb) return sa - sb;
+			return b.length - a.length;
 		});
-		for (const [, ruleDiags] of sorted) {
+		const maxRules = verbose ? Infinity : 40;
+		for (const [, ruleDiags] of sorted.slice(0, maxRules)) {
 			const first = ruleDiags[0];
-			const level = toSeverityLabel(first.severity);
-			const count = ruleDiags.length > 1 ? ` (${ruleDiags.length})` : "";
-			const status = colorBySeverity(level, first.severity);
-			const fixableTag = first.fixable ? ` ${style(theme, "muted", "[auto]")}` : "";
-			const fixableWidth = first.fixable ? 7 : 0;
-			const badgePrefix = `    [${status}]${fixableTag} `;
-			const badgePrefixWidth = 5 + level.length + 1 + fixableWidth + 1;
-			const wrappedMsg = wrapText(`${first.message}${count}`, terminalWidth(), badgePrefixWidth, "      ");
-			lines.push(`${badgePrefix}${wrappedMsg[0]}`);
-			for (let i = 1; i < wrappedMsg.length; i++) lines.push(wrappedMsg[i]);
-			const locations = verbose ? ruleDiags : ruleDiags.slice(0, 3);
-			for (const diagnostic of locations) lines.push(style(theme, "muted", `      ${toLocationLabel(diagnostic)}`));
-			if (!verbose && ruleDiags.length > locations.length) lines.push(style(theme, "muted", `      +${ruleDiags.length - locations.length} more location(s), use -d for full list`));
+			renderRuleHeader(first, ruleDiags.length, lines);
+			renderLocations(ruleDiags, verbose, lines);
 			if (first.help) {
 				const wrapped = wrapHelpText(first.help, terminalWidth(), "      ");
 				for (const line of wrapped) lines.push(style(theme, "muted", line));
 			}
 			lines.push("");
 		}
+		if (sorted.length > maxRules) renderHiddenFooter(sorted, maxRules, lines);
 	}
 	return `${lines.join("\n")}\n`;
 };
@@ -7956,6 +8288,81 @@ var LiveGrid = class {
 	}
 };
 
+//#endregion
+//#region src/output/rule-labels.ts
+const RULE_LABELS = {
+	formatting: "Code not formatted",
+	"code-quality/duplicate-block": "Duplicate code block",
+	"complexity/file-too-large": "File too large",
+	"complexity/function-too-long": "Function too long",
+	"complexity/deep-nesting": "Deeply nested code",
+	"complexity/too-many-params": "Too many parameters",
+	"knip/files": "Unused file",
+	"knip/dependencies": "Unused dependency",
+	"knip/devDependencies": "Unused dev dependency",
+	"knip/unlisted": "Used but not in package.json",
+	"knip/unresolved": "Unresolved import",
+	"knip/binaries": "Unused binary",
+	"knip/exports": "Unused export",
+	"knip/types": "Unused type",
+	"ai-slop/trivial-comment": "Trivial restating comment",
+	"ai-slop/swallowed-exception": "Empty catch (swallowed error)",
+	"ai-slop/thin-wrapper": "Thin function wrapper",
+	"ai-slop/generic-naming": "Generic/vague identifier name",
+	"ai-slop/unused-import": "Unused import",
+	"ai-slop/console-leftover": "console.log left in code",
+	"ai-slop/todo-stub": "Unresolved TODO/FIXME",
+	"ai-slop/unreachable-code": "Unreachable code",
+	"ai-slop/constant-condition": "Constant condition",
+	"ai-slop/empty-function": "Empty function body",
+	"ai-slop/unsafe-type-assertion": "Unsafe type cast",
+	"ai-slop/double-type-assertion": "Double type cast",
+	"ai-slop/ts-directive": "@ts-ignore / @ts-expect-error",
+	"ai-slop/narrative-comment": "Narrative comment block",
+	"ai-slop/duplicate-import": "Duplicate import statement",
+	"ai-slop/python-bare-except": "Bare except",
+	"ai-slop/python-broad-except": "Broad except",
+	"ai-slop/python-mutable-default": "Mutable default argument",
+	"ai-slop/python-print-debug": "print() left in code",
+	"ai-slop/go-library-panic": "panic() in Go library code",
+	"ai-slop/rust-non-test-unwrap": "Rust .unwrap() in production code",
+	"ai-slop/rust-todo-stub": "Rust todo!() stub",
+	"ai-slop/hallucinated-import": "Import not in package.json",
+	"security/hardcoded-secret": "Possible hardcoded secret",
+	"security/vulnerable-dependency": "Vulnerable dependency",
+	"security/eval": "eval() usage",
+	"security/innerhtml": "innerHTML assignment",
+	"security/dangerously-set-innerhtml": "dangerouslySetInnerHTML (XSS risk)",
+	"security/sql-injection": "Possible SQL injection",
+	"security/shell-injection": "Possible shell injection",
+	"eslint/no-undef": "Undefined identifier",
+	"eslint/no-unused-vars": "Unused variable",
+	"eslint/no-unassigned-vars": "Variable never assigned",
+	"eslint/no-empty": "Empty block statement",
+	"eslint/no-unused-expressions": "Unused expression",
+	"eslint/no-shadow-restricted-names": "Shadowing restricted name",
+	"eslint/no-constant-binary-expression": "Constant binary expression",
+	"eslint/no-unsafe-optional-chaining": "Unsafe optional chaining",
+	"eslint/require-yield": "Generator with no yield",
+	"import/no-duplicates": "Duplicate import path",
+	"import/default": "Missing default export",
+	"import/named": "Missing named export",
+	"import/namespace": "Invalid namespace import",
+	"typescript-eslint/triple-slash-reference": "Triple-slash reference",
+	"unicorn/no-useless-fallback-in-spread": "Useless spread fallback",
+	"unicorn/no-invalid-remove-event-listener": "Invalid removeEventListener",
+	"unicorn/no-empty-file": "Empty file",
+	"unicorn/no-useless-length-check": "Useless array length check",
+	"unicorn/no-new-array": "Avoid new Array(n)",
+	"unicorn/no-useless-spread": "Useless spread",
+	"unicorn/no-single-promise-in-promise-methods": "Single-element Promise.all"
+};
+const prettifyFallback = (ruleId) => {
+	const spaced = (ruleId.includes("/") ? ruleId.slice(ruleId.indexOf("/") + 1) : ruleId).replace(/[-_]/g, " ").replace(/\//g, " · ");
+	return spaced.charAt(0).toUpperCase() + spaced.slice(1);
+};
+const labelForRule = (ruleId) => RULE_LABELS[ruleId] ?? prettifyFallback(ruleId);
+
 //#endregion
 //#region src/ui/summary.ts
 const elapsed = (ms) => ms < 1e3 ? `${Math.round(ms)}ms` : `${(ms / 1e3).toFixed(1)}s`;
@@ -7982,6 +8389,34 @@ const renderSummary = (input, deps = {}) => {
 		`   ${style(t, "muted", `${input.files} files`)}  ${sep}  ${style(t, "muted", `${input.engines} engines`)}  ${sep}  ${style(t, "muted", elapsed(input.elapsedMs))}`,
 		""
 	];
+	if (input.breakdown && input.breakdown.rows.length > 0) {
+		lines.push(` ${style(t, "bold", "Top findings")}`);
+		const maxCountWidth = input.breakdown.rows.reduce((w, r) => Math.max(w, String(r.errors + r.warnings + r.info).length), 0);
+		const labels = input.breakdown.rows.map((r) => labelForRule(r.rule));
+		const maxLabelWidth = labels.reduce((w, l) => Math.max(w, l.length), 0);
+		for (let i = 0; i < input.breakdown.rows.length; i++) {
+			const row = input.breakdown.rows[i];
+			const total = row.errors + row.warnings + row.info;
+			const count = String(total).padStart(maxCountWidth);
+			const label = padEnd(labels[i], maxLabelWidth);
+			const tags = [];
+			if (row.errors > 0) tags.push(style(t, "danger", `${row.errors} err`));
+			if (row.warnings > 0) tags.push(style(t, "warn", `${row.warnings} warn`));
+			if (row.info > 0) tags.push(style(t, "muted", `${row.info} info`));
+			if (row.fixable > 0) tags.push(style(t, "success", `${row.fixable} fix`));
+			const tagBlock = tags.length > 0 ? `  ${style(t, "muted", "·")}  ${tags.join("  ")}` : "";
+			const ruleHint = style(t, "muted", `(${row.rule})`);
+			lines.push(`   ${style(t, "muted", count)}  ${label}  ${ruleHint}${tagBlock}`);
+		}
+		if (input.breakdown.hiddenRules > 0) {
+			const hiddenParts = [];
+			if (input.breakdown.hiddenErrors > 0) hiddenParts.push(`${input.breakdown.hiddenErrors} error${input.breakdown.hiddenErrors === 1 ? "" : "s"}`);
+			if (input.breakdown.hiddenWarnings > 0) hiddenParts.push(`${input.breakdown.hiddenWarnings} warning${input.breakdown.hiddenWarnings === 1 ? "" : "s"}`);
+			const detail = hiddenParts.length > 0 ? ` (${hiddenParts.join(", ")})` : "";
+			lines.push(style(t, "muted", `   +${input.breakdown.hiddenRules} more rule${input.breakdown.hiddenRules === 1 ? "" : "s"}${detail}. Run with -v for the full list.`));
+		}
+		lines.push("");
+	}
 	if (input.nextSteps.length > 0) {
 		for (const step of input.nextSteps) {
 			const glyph = step.emphasis === "primary" ? s.hint : s.bullet;
@@ -8008,6 +8443,39 @@ const renderCleanRun = (input, deps = {}) => {
 //#region src/commands/scan.ts
 const shouldUseSpinner = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
 const ALL_ENGINE_NAMES = Object.keys(ENGINE_INFO);
+const BREAKDOWN_TOP_N = 10;
+const computeBreakdown = (diagnostics) => {
+	const byRule = /* @__PURE__ */ new Map();
+	for (const d of diagnostics) {
+		const row = byRule.get(d.rule) ?? {
+			rule: d.rule,
+			errors: 0,
+			warnings: 0,
+			info: 0,
+			fixable: 0
+		};
+		if (d.severity === "error") row.errors++;
+		else if (d.severity === "warning") row.warnings++;
+		else row.info++;
+		if (d.fixable) row.fixable++;
+		byRule.set(d.rule, row);
+	}
+	const sorted = [...byRule.values()].sort((a, b) => {
+		const aTotal = a.errors + a.warnings + a.info;
+		const bTotal = b.errors + b.warnings + b.info;
+		if (aTotal !== bTotal) return bTotal - aTotal;
+		if (a.errors !== b.errors) return b.errors - a.errors;
+		return a.rule.localeCompare(b.rule);
+	});
+	const rows = sorted.slice(0, BREAKDOWN_TOP_N);
+	const hidden = sorted.slice(BREAKDOWN_TOP_N);
+	return {
+		rows,
+		hiddenRules: hidden.length,
+		hiddenErrors: hidden.reduce((acc, r) => acc + r.errors, 0),
+		hiddenWarnings: hidden.reduce((acc, r) => acc + r.warnings, 0)
+	};
+};
 const buildScanRender = (input) => {
 	const deps = {
 		theme: createTheme(),
@@ -8057,6 +8525,7 @@ const buildScanRender = (input) => {
 		engines: input.results.length,
 		elapsedMs: input.elapsedMs,
 		nextSteps,
+		breakdown: computeBreakdown(input.diagnostics),
 		thresholds: input.thresholds
 	}, deps)}`;
 };
@@ -10383,10 +10852,18 @@ const promptForConfigChoices = async () => {
 	return {
 		engines: enginesSelection,
 		failBelow: Number(failBelowRaw),
+		typecheck: DEFAULT_CONFIG.lint.typecheck,
 		telemetryEnabled: telemetryChoice === "enabled",
 		writeGithubWorkflow: workflowChoice === "yes"
 	};
 };
+const strictChoices = () => ({
+	engines: Object.keys(DEFAULT_CONFIG.engines),
+	failBelow: 85,
+	typecheck: true,
+	telemetryEnabled: DEFAULT_CONFIG.telemetry.enabled,
+	writeGithubWorkflow: true
+});
 const writeAislopConfig = (configDir, configPath, choices) => {
 	const selected = new Set(choices.engines);
 	const engines = {
@@ -10401,6 +10878,7 @@ const writeAislopConfig = (configDir, configPath, choices) => {
 		version: DEFAULT_CONFIG.version,
 		engines,
 		quality: { ...DEFAULT_CONFIG.quality },
+		lint: { typecheck: choices.typecheck },
 		security: { ...DEFAULT_CONFIG.security },
 		scoring: {
 			weights: { ...DEFAULT_CONFIG.scoring.weights },
@@ -10453,7 +10931,7 @@ const initCommand = async (directory, options = {}) => {
 			return;
 		}
 	}
-	const choices = await promptForConfigChoices();
+	const choices = options.strict ? strictChoices() : await promptForConfigChoices();
 	if (!choices) return;
 	writeAislopConfig(configDir, configPath, choices);
 	const steps = [{
@@ -10757,29 +11235,31 @@ const fireInstalledOnce = () => {
 		config: loadConfig(process.cwd()).telemetry
 	});
 };
-const excludeParser = (value, previous = []) => {
+const commaSeparatedParser = (value, previous = []) => {
 	const parts = value.split(",").map((v) => v.trim()).filter(Boolean);
 	return [...previous, ...parts];
 };
 const runScan = async (directory, flags) => {
 	const config = loadConfig(directory);
-	const { exitCode } = await scanCommand(directory, flags.exclude?.length ? {
+	const { exitCode } = await scanCommand(directory, {
 		...config,
-		exclude: [...config.exclude ?? [], ...flags.exclude]
-	} : config, {
+		exclude: [...config.exclude ?? [], ...flags.exclude ?? []],
+		include: [...config.include ?? [], ...flags.include ?? []]
+	}, {
 		changes: Boolean(flags.changes),
 		staged: Boolean(flags.staged),
 		verbose: Boolean(flags.verbose),
 		json: Boolean(flags.json),
-		exclude: flags.exclude
+		exclude: flags.exclude,
+		include: flags.include
 	});
 	if (exitCode !== 0) {
 		await flushTelemetry();
-		process.exit(exitCode);
+		process.exitCode = exitCode;
 	}
 };
-const noFlagsPassed = (flags) => !flags.changes && !flags.staged && !flags.verbose && !flags.json && !(flags.exclude && flags.exclude.length > 0);
-const program = new Command().name("aislop").description("The unified code quality CLI").version(APP_VERSION, "-v, --version").argument("[directory]", "project directory to scan", ".").option("--changes", "only scan changed files (git diff)").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON instead of terminal UI").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", excludeParser, []).action(async (directory, flags) => {
+const noFlagsPassed = (flags) => !flags.changes && !flags.staged && !flags.verbose && !flags.json && !(flags.exclude && flags.exclude.length > 0) && !(flags.include && flags.include.length > 0);
+const program = new Command().name("aislop").description("The unified code quality CLI").version(APP_VERSION, "-v, --version").argument("[directory]", "project directory to scan", ".").option("--changes", "only scan changed files (git diff)").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON instead of terminal UI").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory, flags) => {
 	if (noFlagsPassed(flags) && process.stdin.isTTY) try {
 		await interactiveCommand(directory, loadConfig(directory));
 		return;
@@ -10815,7 +11295,7 @@ ${style(theme, "dim", "Examples:")}
   npx aislop scan --exclude node_modules --exclude dist --exclude **/*.ts
 ${renderHintLine("Run npx aislop scan to scan your project").trimEnd()}
 `);
-program.command("scan [directory]").description("Run full code quality scan").option("--changes", "only scan changed files").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", excludeParser, []).action(async (directory = ".", _flags, command) => {
+program.command("scan [directory]").description("Run full code quality scan").option("--changes", "only scan changed files").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory = ".", _flags, command) => {
 	await runScan(directory, command.optsWithGlobals());
 });
 const FIX_AGENT_FLAGS = [
@@ -10904,12 +11384,13 @@ fixProgram.action(async (directory = ".", _flags, command) => {
 		agent: matchFixAgent(flags)
 	});
 });
-program.command("init [directory]").description("Initialize aislop config in project").action(async (directory = ".") => {
+program.command("init [directory]").description("Initialize aislop config in project").option("--strict", "write an enterprise-grade default config: all engines, typecheck on, CI failBelow 85, workflow included").action(async (directory = ".", _flags, command) => {
+	const flags = command.optsWithGlobals();
 	await withCommandLifecycle({
 		command: "init",
 		config: loadConfig(directory).telemetry
 	}, async () => {
-		await initCommand(directory);
+		await initCommand(directory, { strict: Boolean(flags.strict) });
 		return { exitCode: 0 };
 	});
 });
@@ -10927,7 +11408,7 @@ program.command("ci [directory]").description("CI-friendly JSON output with exit
 	const { exitCode } = await ciCommand(directory, loadConfig(directory), { human: Boolean(flags.human) });
 	if (exitCode !== 0) {
 		await flushTelemetry();
-		process.exit(exitCode);
+		process.exitCode = exitCode;
 	}
 });
 program.command("rules [directory]").description("List all available rules").action(async (directory = ".") => {
@@ -10955,7 +11436,8 @@ program.command("badge [directory]").description("Print the public score badge U
 			return { exitCode: 0 };
 		});
 	} catch (err) {
-		process.stderr.write(`${err?.message ?? "Failed to print badge"}\n`);
+		const message = err instanceof Error ? err.message : "Failed to print badge";
+		process.stderr.write(`${message}\n`);
 		process.exit(1);
 	}
 });