aislop 0.9.2 → 0.9.4

package/dist/mcp.js

@@ -278,6 +278,7 @@ const EXCLUDED_DIRS = [
 	"build",
 	".git",
 	".agents",
+	".pnpm-store",
 	"vendor",
 	"examples",
 	"example",
@@ -314,6 +315,7 @@ const FIND_PRUNE_DIRS = [
 	"build",
 	".git",
 	".agents",
+	".pnpm-store",
 	"vendor",
 	"examples",
 	"example",
@@ -337,7 +339,11 @@ const FIND_PRUNE_DIRS = [
 	".turbo",
 	"public"
 ];
-const BUILD_CACHE_FILE_PATTERNS = [/\.timestamp-\d+-[a-z0-9]+\.[mc]?js$/i];
+const BUILD_CACHE_FILE_PATTERNS = [
+	/\.timestamp-\d+-[a-z0-9]+\.[mc]?js$/i,
+	/\.min\.(?:js|css|mjs|cjs)$/i,
+	/\.bundle\.(?:js|css|mjs|cjs)$/i
+];
 const isBuildCacheFile = (filePath) => BUILD_CACHE_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
 const TEST_FILE_PATTERNS = [
 	/(?:^|\/).*\.test\.[^/]+$/i,
@@ -365,6 +371,17 @@ const hasAllowedExtension = (filePath, extraExtensions) => {
 const isExcludedPath = (filePath) => EXCLUDED_DIRS.some((dir) => filePath === dir || filePath.startsWith(`${dir}/`) || filePath.includes(`/${dir}/`));
 const isExcludedFromScan = (relativePath) => isExcludedPath(relativePath) || isBuildCacheFile(relativePath);
 const isTestFile$2 = (filePath) => TEST_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
+const readBiomeExcludePatterns = (rootDirectory) => {
+	const biomePath = path.join(rootDirectory, "biome.json");
+	if (!fs.existsSync(biomePath)) return [];
+	try {
+		const includes = JSON.parse(fs.readFileSync(biomePath, "utf-8")).files?.includes;
+		if (!Array.isArray(includes)) return [];
+		return includes.filter((entry) => typeof entry === "string").filter((entry) => entry.startsWith("!") && entry.length > 1).map((entry) => entry.slice(1));
+	} catch {
+		return [];
+	}
+};
 const getIgnoredPaths = (rootDirectory, files) => {
 	if (files.length === 0) return /* @__PURE__ */ new Set();
 	const result = spawnSync("git", [
@@ -432,7 +449,8 @@ const filterProjectFiles = (rootDirectory, files, extraExtensions = [], exclude
 		};
 	}).filter(({ relativePath }) => isWithinProject(relativePath));
 	const ignoredPaths = getIgnoredPaths(rootDirectory, normalizedFiles.map(({ relativePath }) => relativePath));
-	const normalizedExcludePatterns = exclude.length ? normalizeExcludePatterns(exclude) : [];
+	const excludePatterns = [...readBiomeExcludePatterns(rootDirectory), ...exclude];
+	const normalizedExcludePatterns = excludePatterns.length ? normalizeExcludePatterns(excludePatterns) : [];
 	const isUserExcluded = (relativePath) => {
 		if (!normalizedExcludePatterns.length) return false;
 		return micromatch.isMatch(relativePath, normalizedExcludePatterns, { dot: true });
@@ -487,10 +505,27 @@ const getSourceFilesWithExtras = (context, extraExtensions) => {
 
 //#endregion
 //#region src/engines/ai-slop/abstractions.ts
+const JS_EXTS$1 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
 const THIN_WRAPPER_PATTERNS = [
-	/(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
-	/(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
-	/def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm
+	{
+		pattern: /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
+		extensions: JS_EXTS$1
+	},
+	{
+		pattern: /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
+		extensions: JS_EXTS$1
+	},
+	{
+		pattern: /def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm,
+		extensions: new Set([".py"])
+	}
 ];
 const AI_NAMING_PATTERNS = [/(?:helper|util|handler|process|do|handle|execute|perform)_?\d+/i, /(?:data|temp|result|value|item|obj|arr|str|num|val)\d+/];
 const FRAMEWORK_METHOD_NAMES = /^(?:setUp|tearDown|setUpClass|tearDownClass|setUpModule|tearDownModule)$/;
@@ -505,10 +540,11 @@ const hasHardcodedArgs = (matchText) => {
 	return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(innerCallMatch[1]);
 };
 const isUseContextWrapper = (matchText) => /\buse\w+/.test(matchText) && /useContext\s*\(/.test(matchText);
-const detectThinWrappers = (content, relativePath) => {
+const detectThinWrappers = (content, relativePath, ext) => {
 	const diagnostics = [];
 	const lines = content.split("\n");
-	for (const pattern of THIN_WRAPPER_PATTERNS) {
+	for (const { pattern, extensions } of THIN_WRAPPER_PATTERNS) {
+		if (!extensions.has(ext)) continue;
 		const regex = new RegExp(pattern.source, pattern.flags);
 		let match;
 		while ((match = regex.exec(content)) !== null) {
@@ -574,12 +610,133 @@ const detectOverAbstraction = async (context) => {
 			continue;
 		}
 		const relativePath = path.relative(context.rootDirectory, filePath);
-		diagnostics.push(...detectThinWrappers(content, relativePath));
+		const ext = path.extname(filePath);
+		diagnostics.push(...detectThinWrappers(content, relativePath, ext));
 		diagnostics.push(...detectAiNaming(content, relativePath));
 	}
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/narrative-comments-patterns.ts
+const DECORATIVE_SEPARATOR = /^[-=─━~_*#]{6,}$/;
+const DECORATIVE_SECTION_HEADER = /^[-=─━~_*#]{3,}[\s\S]+?[-=─━~_*#]{3,}$/;
+const SECTION_HEADER = /^(Phase|Step|Section|Part)\s+\d+[:.-]/i;
+const CROSS_REFERENCE_PHRASES = [
+	/\bwill then be\b/i,
+	/\bused by\b/i,
+	/\bcalled from\b/i,
+	/\bcalled later\b/i,
+	/\bsee (?:above|below|later|earlier)\b/i,
+	/\breplaces the\b/i,
+	/\bmatches the one\b/i,
+	/\bwe moved\b/i,
+	/\bwe used to\b/i,
+	/\brefactor(?:ed)? from\b/i,
+	/\bcombined with\b.*\bthis\b/i
+];
+const JUSTIFICATION_OPENERS = [
+	/^(The idea here|The trick is|This was needed|Originally,?)/i,
+	/^This\s+(?:function|method|class|module|component|hook|util|helper|handler|service)\b/i,
+	/^It\s+(?:does|handles|takes|returns|processes|reads|writes|sends|fetches|loads|creates|deletes|updates|parses|validates)\b/i,
+	/^(?:First|Then|Finally|Next|Lastly|Subsequently),?\s+(?:it|we|the\s+(?:function|method|class))\b/i
+];
+const EXPLANATORY_OPENERS = /^(Matches|Detects|Represents|Holds|Stores|Tracks|Handles|Manages|Controls|Contains|Captures|Encapsulates|Wraps|Describes)\s+[A-Za-z`'"]/;
+const STEP_COMMENT_VERB_RE = /^(?:Render|Enable|Disable|Initialize|Init|Setup|Set|Get|Fetch|Load|Save|Build|Create|Delete|Remove|Add|Update|Process|Execute|Run|Start|Stop|Clean|Cleanup|Configure|Validate|Check|Verify|Parse|Extract|Apply|Wait|Sleep|Skip|Allow|Deny|Lock|Unlock|Refresh|Reload|Reset|Clear|Send|Receive|Read|Write|Print|Log|Emit|Dispatch|Fire|Open|Close|Bind|Connect|Disconnect|Register|Unregister|Push|Pop|Insert|Append|Prepend|Sort|Filter|Find|Search|Replace|Encode|Decode|Convert|Transform|Map|Reduce|Iterate|Loop|Walk|Visit|Mark|Unmark|Toggle|Switch|Restart|Resume|Pause|Abort|Cancel|Compute|Calculate|Resolve|Reject|Ignore|Handle|Track|Trace|Increment|Decrement|Round|Truncate|Resize|Move|Copy|Clone|Merge|Split|Join|Wrap|Unwrap|Bump|Drain|Flush|Sync|Persist|Commit|Rollback|Yield|Return|Discard|Defer|Pin|Unpin|Mount|Unmount|Spawn|Kill|Restore)(?:\s|$)/;
+const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design)\b/i;
+const MEANINGFUL_JSDOC_TAGS = new Set([
+	"deprecated",
+	"see",
+	"example",
+	"type",
+	"returns",
+	"return",
+	"param",
+	"throws",
+	"typedef",
+	"callback",
+	"override",
+	"template",
+	"internal",
+	"public",
+	"private",
+	"protected",
+	"experimental",
+	"alpha",
+	"beta",
+	"since",
+	"todo",
+	"link",
+	"license",
+	"preserve",
+	"swagger",
+	"openapi",
+	"route",
+	"group",
+	"summary",
+	"description",
+	"operationid",
+	"response",
+	"responses",
+	"request",
+	"requestbody",
+	"security",
+	"tag",
+	"tags",
+	"path",
+	"body",
+	"query",
+	"queryparam",
+	"header",
+	"headers",
+	"produces",
+	"accept",
+	"middleware",
+	"api",
+	"apiname",
+	"apidefine",
+	"apigroup",
+	"apiparam",
+	"apiquery",
+	"apibody",
+	"apiheader",
+	"apisuccess",
+	"apierror",
+	"apiexample",
+	"apiversion",
+	"apidescription",
+	"apipermission",
+	"apiuse",
+	"apiignore",
+	"apiprivate",
+	"namespace",
+	"category"
+]);
+const SUPPORTED_EXTS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const DECL_START = /^(\s*)(export\s+)?(async\s+)?(const|let|var|function|class|type|interface|enum|abstract\s+class)\s+/;
+const EXPORT_DEFAULT = /^\s*export\s+default\b/;
+const TS_MEMBER_DECL_START = /^\s*(?:readonly\s+|static\s+|public\s+|private\s+|protected\s+|abstract\s+|override\s+)*[\w$]+\??\s*:/;
+const PY_DECL_START = /^\s*(async\s+def|def|class)\s+/;
+const GO_DECL_START = /^\s*(func|type|var|const|import)\b/;
+const RUST_DECL_START = /^\s*(pub\s+)?(async\s+)?(fn|struct|enum|trait|impl|const|static|type|mod)\s+/;
+const RUBY_DECL_START = /^\s*(class|module|def)\s+/;
+const JAVA_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|sealed|non-sealed|\s)+(?:class|interface|enum|record|@interface|\w[^(){};=]*\s+\w+\s*\()/;
+const JAVA_DECL_START_FALLBACK = /^\s*(class|interface|enum|record|@interface)\s+/;
+const PHP_DECL_START = /^\s*(?:(?:public|private|protected|static|final|abstract|readonly)\s+)*(function|class|interface|trait|enum|const)\s+/;
+
 //#endregion
 //#region src/engines/ai-slop/non-production-paths.ts
 const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
@@ -618,11 +775,37 @@ const isTrivialComment = (trimmed, nextLine) => {
 	if (/^-{3,}|─{3,}/.test(commentBody)) return false;
 	return (isJs ? TRIVIAL_JS_COMMENT_PATTERNS : TRIVIAL_PYTHON_COMMENT_PATTERNS).some((pattern) => pattern.test(trimmed));
 };
-const scanFileForTrivialComments = (content, relativePath) => {
+const declStartForExt = (ext) => {
+	switch (ext) {
+		case ".rb": return [RUBY_DECL_START];
+		case ".java": return [JAVA_DECL_START, JAVA_DECL_START_FALLBACK];
+		case ".php": return [PHP_DECL_START];
+		default: return [];
+	}
+};
+const isCommentLineForExt = (line, ext) => {
+	const trimmed = line.trim();
+	if (ext === ".rb") return trimmed.startsWith("#") && !trimmed.startsWith("#!");
+	if (ext === ".java" || ext === ".php") return trimmed.startsWith("//") || trimmed.startsWith("#");
+	return false;
+};
+const isDocCommentForDeclaration = (lines, lineIdx, ext) => {
+	const patterns = declStartForExt(ext);
+	if (patterns.length === 0) return false;
+	for (let j = lineIdx + 1; j < lines.length; j++) {
+		const candidate = lines[j];
+		if (candidate.trim() === "") continue;
+		if (isCommentLineForExt(candidate, ext)) continue;
+		return patterns.some((re) => re.test(candidate));
+	}
+	return false;
+};
+const scanFileForTrivialComments = (content, relativePath, ext) => {
 	const diagnostics = [];
 	const lines = content.split("\n");
 	for (let i = 0; i < lines.length; i++) {
 		if (!isTrivialComment(lines[i].trim(), i + 1 < lines.length ? lines[i + 1] : void 0)) continue;
+		if (isDocCommentForDeclaration(lines, i, ext)) continue;
 		diagnostics.push({
 			filePath: relativePath,
 			engine: "ai-slop",
@@ -651,7 +834,7 @@ const detectTrivialComments = async (context) => {
 		} catch {
 			continue;
 		}
-		diagnostics.push(...scanFileForTrivialComments(content, relativePath));
+		diagnostics.push(...scanFileForTrivialComments(content, relativePath, path.extname(filePath)));
 	}
 	return diagnostics;
 };
@@ -707,6 +890,19 @@ const TODO_PATTERN = new RegExp(`\\b(?:${[
 	"PLACEHOLDER",
 	"STUB"
 ].join("|")})[:\\s]`);
+const isBlockCloserAfterReturn = (line) => line.startsWith("}") || line.startsWith("};") || line.startsWith("),") || line.startsWith(");") || line.startsWith("],") || line.startsWith("]);");
+const isGuardedSingleLineExit = (lines, lineIndex) => {
+	const contextLines = [];
+	for (let i = lineIndex - 1; i >= 0 && contextLines.length < 16; i--) {
+		const trimmed = lines[i].trim();
+		if (!trimmed || trimmed.startsWith("//")) continue;
+		contextLines.unshift(trimmed);
+		if (/^(?:if|else\s+if|for|while)\b/.test(trimmed) || /^}\s*else\s+if\b/.test(trimmed)) break;
+		if (/;\s*$/.test(trimmed)) break;
+	}
+	const control = contextLines.join(" ");
+	return /(?:^|[}\s])(?:if|else\s+if|for|while)\s*\(/.test(control) && !/{\s*$/.test(control);
+};
 const detectTodoStubs = (content, relativePath) => {
 	const diagnostics = [];
 	const lines = content.split("\n");
@@ -723,7 +919,7 @@ const detectDeadCodePatterns = (content, relativePath, ext) => {
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
 		const nextLine = i + 1 < lines.length ? lines[i + 1]?.trim() : void 0;
-		if (JS_EXTENSIONS$3.has(ext) && /^(?:return|throw)\b/.test(trimmed) && trimmed.endsWith(";") && nextLine && nextLine.length > 0 && !nextLine.startsWith("}") && !nextLine.startsWith("//") && !nextLine.startsWith("/*") && !nextLine.startsWith("case ") && !nextLine.startsWith("default:") && !nextLine.startsWith("if ") && !nextLine.startsWith("if(") && !nextLine.startsWith("else")) diagnostics.push(slop(relativePath, i + 2, "ai-slop/unreachable-code", "warning", "Code after return/throw statement is unreachable", "Remove the unreachable code or restructure the control flow", false));
+		if (JS_EXTENSIONS$3.has(ext) && /^(?:return|throw)\b/.test(trimmed) && trimmed.endsWith(";") && nextLine && nextLine.length > 0 && !isGuardedSingleLineExit(lines, i) && !isBlockCloserAfterReturn(nextLine) && !nextLine.startsWith("//") && !nextLine.startsWith("/*") && !nextLine.startsWith("case ") && !nextLine.startsWith("default:") && !nextLine.startsWith("if ") && !nextLine.startsWith("if(") && !nextLine.startsWith("else")) diagnostics.push(slop(relativePath, i + 2, "ai-slop/unreachable-code", "warning", "Code after return/throw statement is unreachable", "Remove the unreachable code or restructure the control flow", false));
 		if (/\bif\s*\(\s*(?:false|true|0|1)\s*\)/.test(trimmed) && !trimmed.startsWith("//") && !trimmed.startsWith("*") && !/["'`].*\bif\s*\(/.test(trimmed) && !/\/.*\bif\s*\(/.test(trimmed.replace(/\/\/.*$/, ""))) diagnostics.push(slop(relativePath, i + 1, "ai-slop/constant-condition", "warning", "Conditional with a constant value — likely debugging leftover", "Remove the constant condition or replace with proper logic", false));
 		if (JS_EXTENSIONS$3.has(ext) && /(?:function\s+\w+|=>\s*)\s*\{\s*\}\s*;?\s*$/.test(trimmed) && !trimmed.startsWith("interface") && !trimmed.startsWith("type ")) diagnostics.push(slop(relativePath, i + 1, "ai-slop/empty-function", "info", "Empty function body — possible stub or unfinished implementation", "Implement the function body or add a comment explaining why it's empty", false));
 	}
@@ -891,6 +1087,25 @@ const SWALLOWED_EXCEPTION_PATTERNS = [
 		message: "Empty catch block swallows errors silently"
 	}
 ];
+const INTENTIONAL_IGNORE_NAMES = new Set([
+	"ignored",
+	"ignore",
+	"tolerated",
+	"expected",
+	"unused",
+	"_",
+	"_e",
+	"_err",
+	"_ex",
+	"_t"
+]);
+const CATCH_PARAM_RE = /catch\s*\(\s*(?:\w+\s+)?([\w$]+)/;
+const RESCUE_PARAM_RE = /rescue(?:\s+[\w:]+)?\s*=>\s*([\w$]+)/;
+const isIntentionalIgnore = (matchText, ext) => {
+	const m = (ext === ".rb" ? RESCUE_PARAM_RE : CATCH_PARAM_RE).exec(matchText);
+	if (!m) return false;
+	return INTENTIONAL_IGNORE_NAMES.has(m[1].toLowerCase());
+};
 const detectSwallowedExceptions = async (context) => {
 	const files = getSourceFiles(context);
 	const diagnostics = [];
@@ -909,6 +1124,7 @@ const detectSwallowedExceptions = async (context) => {
 			let match;
 			const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes("g") ? "" : "g"));
 			while ((match = regex.exec(content)) !== null) {
+				if (isIntentionalIgnore(match[0], ext)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
 				diagnostics.push({
 					filePath: relativePath,
@@ -1001,6 +1217,117 @@ const detectGoPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/js-import-aliases.ts
+const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
+const JS_RESOLUTION_EXTENSIONS = [
+	"",
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".json",
+	"/index.ts",
+	"/index.tsx",
+	"/index.js",
+	"/index.jsx"
+];
+const readJson$2 = (filePath) => {
+	try {
+		return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+	} catch {
+		return null;
+	}
+};
+const buildAliasMatcher = (key) => {
+	const starIdx = key.indexOf("*");
+	if (starIdx === -1) return (spec) => spec === key;
+	const before = key.slice(0, starIdx);
+	const after = key.slice(starIdx + 1);
+	return (spec) => spec.length >= before.length + after.length && spec.startsWith(before) && spec.endsWith(after);
+};
+const collectAliasMatchersFromConfig = (configPath, matchers) => {
+	const opts = readJson$2(configPath)?.compilerOptions;
+	if (!opts || typeof opts !== "object") return;
+	const configDir = path.dirname(configPath);
+	const paths = opts.paths;
+	if (paths && typeof paths === "object") for (const key of Object.keys(paths)) matchers.push(buildAliasMatcher(key));
+	const baseUrl = opts.baseUrl;
+	if (typeof baseUrl === "string") {
+		const baseDir = path.resolve(configDir, baseUrl);
+		matchers.push((spec) => {
+			if (spec.startsWith(".") || spec.startsWith("/") || spec.startsWith("@")) return false;
+			return JS_RESOLUTION_EXTENSIONS.some((suffix) => fs.existsSync(path.join(baseDir, `${spec}${suffix}`)));
+		});
+	}
+};
+const collectTsPathAliases = (rootDir, workspaceDirs) => {
+	const matchers = [];
+	const dirs = [rootDir, ...workspaceDirs];
+	for (const dir of dirs) for (const fname of TS_CONFIG_FILES) collectAliasMatchersFromConfig(path.join(dir, fname), matchers);
+	return matchers;
+};
+
+//#endregion
+//#region src/engines/ai-slop/js-workspaces.ts
+const readJson$1 = (filePath) => {
+	try {
+		return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+	} catch {
+		return null;
+	}
+};
+const readWorkspaceGlobs = (rootDir, rootPkg) => {
+	const globs = [];
+	if (rootPkg && typeof rootPkg === "object") {
+		const ws = rootPkg.workspaces;
+		if (Array.isArray(ws)) {
+			for (const g of ws) if (typeof g === "string") globs.push(g);
+		} else if (ws && typeof ws === "object") {
+			const pkgs = ws.packages;
+			if (Array.isArray(pkgs)) {
+				for (const g of pkgs) if (typeof g === "string") globs.push(g);
+			}
+		}
+	}
+	const lerna = readJson$1(path.join(rootDir, "lerna.json"));
+	if (lerna && Array.isArray(lerna.packages)) {
+		for (const g of lerna.packages) if (typeof g === "string") globs.push(g);
+	}
+	try {
+		const pnpmWs = fs.readFileSync(path.join(rootDir, "pnpm-workspace.yaml"), "utf-8");
+		let inPackages = false;
+		for (const rawLine of pnpmWs.split("\n")) {
+			if (/^packages\s*:\s*$/.test(rawLine)) {
+				inPackages = true;
+				continue;
+			}
+			if (!inPackages) continue;
+			if (/^\S/.test(rawLine)) break;
+			const m = rawLine.match(/^\s*-\s*["']?([^"'\n]+?)["']?\s*$/);
+			if (m) globs.push(m[1].trim());
+		}
+	} catch {
+		return globs;
+	}
+	return globs;
+};
+const expandWorkspaceDirs = (rootDir, globs) => {
+	const dirs = [];
+	for (const glob of globs) if (glob.endsWith("/*")) {
+		const parent = path.join(rootDir, glob.slice(0, -2));
+		try {
+			for (const entry of fs.readdirSync(parent, { withFileTypes: true })) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
+		} catch {
+			continue;
+		}
+	} else if (!glob.includes("*")) dirs.push(path.join(rootDir, glob));
+	return dirs;
+};
+const collectWorkspaceDirs = (rootDir, rootPkg) => expandWorkspaceDirs(rootDir, readWorkspaceGlobs(rootDir, rootPkg));
+
 //#endregion
 //#region src/engines/ai-slop/python-data.ts
 const PYTHON_STDLIB = new Set([
@@ -1245,11 +1572,35 @@ const collectFromPipfile = (rootDir, pyDeps) => {
 		return false;
 	}
 };
+const LOCAL_PACKAGE_ROOTS = [
+	"",
+	"src",
+	"lib"
+];
+const collectLocalPythonPackages = (rootDir, pyDeps) => {
+	for (const sub of LOCAL_PACKAGE_ROOTS) {
+		const dir = sub ? path.join(rootDir, sub) : rootDir;
+		let entries;
+		try {
+			entries = fs.readdirSync(dir, { withFileTypes: true });
+		} catch {
+			continue;
+		}
+		for (const entry of entries) {
+			if (!entry.isDirectory()) continue;
+			if (entry.name.startsWith(".")) continue;
+			if (entry.name === "node_modules" || entry.name === "__pycache__") continue;
+			const initPath = path.join(dir, entry.name, "__init__.py");
+			if (fs.existsSync(initPath)) addPyDep(pyDeps, entry.name);
+		}
+	}
+};
 const collectPythonDeps = (rootDir) => {
 	const pyDeps = /* @__PURE__ */ new Set();
 	const hasReq = collectFromRequirementsTxt(rootDir, pyDeps);
 	const hasPyproject = collectFromPyproject(rootDir, pyDeps);
 	const hasPipfile = collectFromPipfile(rootDir, pyDeps);
+	collectLocalPythonPackages(rootDir, pyDeps);
 	return {
 		pyDeps,
 		hasPyManifest: hasReq || hasPyproject || hasPipfile
@@ -1286,51 +1637,6 @@ const addDepsFromPkg = (pkg, jsDeps) => {
 		if (deps && typeof deps === "object") for (const name of Object.keys(deps)) jsDeps.add(name);
 	}
 };
-const readWorkspaceGlobs = (rootDir, rootPkg) => {
-	const globs = [];
-	if (rootPkg && typeof rootPkg === "object") {
-		const ws = rootPkg.workspaces;
-		if (Array.isArray(ws)) {
-			for (const g of ws) if (typeof g === "string") globs.push(g);
-		} else if (ws && typeof ws === "object") {
-			const pkgs = ws.packages;
-			if (Array.isArray(pkgs)) {
-				for (const g of pkgs) if (typeof g === "string") globs.push(g);
-			}
-		}
-	}
-	const lerna = readJson(path.join(rootDir, "lerna.json"));
-	if (lerna && Array.isArray(lerna.packages)) {
-		for (const g of lerna.packages) if (typeof g === "string") globs.push(g);
-	}
-	try {
-		const pnpmWs = fs.readFileSync(path.join(rootDir, "pnpm-workspace.yaml"), "utf-8");
-		let inPackages = false;
-		for (const rawLine of pnpmWs.split("\n")) {
-			if (/^packages\s*:\s*$/.test(rawLine)) {
-				inPackages = true;
-				continue;
-			}
-			if (!inPackages) continue;
-			if (/^\S/.test(rawLine)) break;
-			const m = rawLine.match(/^\s*-\s*["']?([^"'\n]+?)["']?\s*$/);
-			if (m) globs.push(m[1].trim());
-		}
-	} catch {}
-	return globs;
-};
-const expandWorkspaceDirs = (rootDir, globs) => {
-	const dirs = [];
-	for (const glob of globs) if (glob.endsWith("/*")) {
-		const parent = path.join(rootDir, glob.slice(0, -2));
-		try {
-			for (const entry of fs.readdirSync(parent, { withFileTypes: true })) if (entry.isDirectory()) dirs.push(path.join(parent, entry.name));
-		} catch {
-			continue;
-		}
-	} else if (!glob.includes("*")) dirs.push(path.join(rootDir, glob));
-	return dirs;
-};
 const SKIP_DIRS = new Set([
 	"node_modules",
 	".git",
@@ -1362,62 +1668,25 @@ const collectNestedManifests = (rootDir, jsDeps) => {
 				addDepsFromPkg(wsPkg, jsDeps);
 			}
 		}
-	};
-	walk(rootDir, 0);
-};
-const collectJsDeps = (rootDir, jsDeps) => {
-	const pkgPath = path.join(rootDir, "package.json");
-	if (!fs.existsSync(pkgPath)) return false;
-	const pkg = readJson(pkgPath);
-	if (!pkg || typeof pkg !== "object") return false;
-	addDepsFromPkg(pkg, jsDeps);
-	if (typeof pkg.name === "string") jsDeps.add(pkg.name);
-	const workspaceDirs = expandWorkspaceDirs(rootDir, readWorkspaceGlobs(rootDir, pkg));
-	for (const wsDir of workspaceDirs) {
-		const wsPkg = readJson(path.join(wsDir, "package.json"));
-		if (!wsPkg) continue;
-		if (typeof wsPkg.name === "string") jsDeps.add(wsPkg.name);
-		addDepsFromPkg(wsPkg, jsDeps);
-	}
-	collectNestedManifests(rootDir, jsDeps);
-	return true;
-};
-const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
-const buildAliasMatcher = (key) => {
-	const starIdx = key.indexOf("*");
-	if (starIdx === -1) return (spec) => spec === key;
-	const before = key.slice(0, starIdx);
-	const after = key.slice(starIdx + 1);
-	return (spec) => spec.length >= before.length + after.length && spec.startsWith(before) && spec.endsWith(after);
-};
-const collectAliasMatchersFromConfig = (configPath, matchers) => {
-	const opts = readJson(configPath)?.compilerOptions;
-	if (!opts) return;
-	const paths = opts.paths;
-	if (paths && typeof paths === "object") for (const key of Object.keys(paths)) matchers.push(buildAliasMatcher(key));
-	const baseUrl = opts.baseUrl;
-	if (typeof baseUrl === "string") {
-		const baseUrlDir = path.resolve(path.dirname(configPath), baseUrl);
-		let entries;
-		try {
-			entries = fs.readdirSync(baseUrlDir);
-		} catch {
-			return;
-		}
-		const baseSpecifiers = /* @__PURE__ */ new Set();
-		for (const entry of entries) {
-			if (entry.startsWith(".") || entry === "node_modules") continue;
-			const base = entry.replace(/\.(?:[jt]sx?|mjs|cjs|d\.ts)$/i, "");
-			if (base.length > 0) baseSpecifiers.add(base);
-		}
-		for (const name of baseSpecifiers) matchers.push((spec) => spec === name || spec.startsWith(`${name}/`));
-	}
+	};
+	walk(rootDir, 0);
 };
-const collectTsPathAliases = (rootDir) => {
-	const matchers = [];
-	const dirs = [rootDir, ...expandWorkspaceDirs(rootDir, readWorkspaceGlobs(rootDir, readJson(path.join(rootDir, "package.json"))))];
-	for (const dir of dirs) for (const fname of TS_CONFIG_FILES) collectAliasMatchersFromConfig(path.join(dir, fname), matchers);
-	return matchers;
+const collectJsDeps = (rootDir, jsDeps) => {
+	const pkgPath = path.join(rootDir, "package.json");
+	if (!fs.existsSync(pkgPath)) return false;
+	const pkg = readJson(pkgPath);
+	if (!pkg || typeof pkg !== "object") return false;
+	addDepsFromPkg(pkg, jsDeps);
+	if (typeof pkg.name === "string") jsDeps.add(pkg.name);
+	const workspaceDirs = collectWorkspaceDirs(rootDir, pkg);
+	for (const wsDir of workspaceDirs) {
+		const wsPkg = readJson(path.join(wsDir, "package.json"));
+		if (!wsPkg) continue;
+		if (typeof wsPkg.name === "string") jsDeps.add(wsPkg.name);
+		addDepsFromPkg(wsPkg, jsDeps);
+	}
+	collectNestedManifests(rootDir, jsDeps);
+	return true;
 };
 const loadManifest = (rootDir) => {
 	const jsDeps = /* @__PURE__ */ new Set();
@@ -1440,14 +1709,19 @@ const VIRTUAL_MODULE_PREFIXES = [
 	"astro:",
 	"virtual:",
 	"bun:",
-	"~icons/"
+	"file:"
 ];
-const isJsVirtualModule = (spec) => VIRTUAL_MODULE_PREFIXES.some((p) => spec.startsWith(p));
+const isJsVirtualModule = (spec, manifest) => {
+	if (VIRTUAL_MODULE_PREFIXES.some((p) => spec.startsWith(p))) return true;
+	if (spec === "bun") return true;
+	if (spec === "unfonts.css" && manifest.jsDeps.has("unplugin-fonts")) return true;
+	if (spec.startsWith("~icons/") && manifest.jsDeps.has("unplugin-icons")) return true;
+	return false;
+};
 const stripImportQuery = (spec) => {
 	const idx = spec.indexOf("?");
 	return idx === -1 ? spec : spec.slice(0, idx);
 };
-const VIRTUAL_ASSET_FILES = { "unfonts.css": "unplugin-fonts" };
 const TEMPLATE_PLACEHOLDER_RE = /\$\{/;
 const isLikelyRealImportSpec = (spec) => {
 	if (spec.length === 0) return false;
@@ -1519,9 +1793,7 @@ const checkJsImport = (rawSpec, manifest, tsAliasMatchers) => {
 	if (spec.length === 0) return null;
 	if (isJsRelativeOrAbsolute(spec)) return null;
 	if (isJsBuiltin(spec)) return null;
-	if (isJsVirtualModule(spec)) return null;
-	const virtualOwner = VIRTUAL_ASSET_FILES[spec];
-	if (virtualOwner && manifest.jsDeps.has(virtualOwner)) return null;
+	if (isJsVirtualModule(spec, manifest)) return null;
 	if (tsAliasMatchers.some((m) => m(spec))) return null;
 	const pkg = packageNameFromImport(spec);
 	if (manifest.jsDeps.has(pkg)) return null;
@@ -1541,9 +1813,11 @@ const checkPyImport = (spec, manifest) => {
 	return root;
 };
 const detectHallucinatedImports = async (context) => {
+	const rootPkg = readJson(path.join(context.rootDirectory, "package.json"));
+	const workspaceDirs = collectWorkspaceDirs(context.rootDirectory, rootPkg);
 	const manifest = loadManifest(context.rootDirectory);
 	if (!manifest.hasJsManifest && !manifest.hasPyManifest) return [];
-	const tsAliasMatchers = manifest.hasJsManifest ? collectTsPathAliases(context.rootDirectory) : [];
+	const tsAliasMatchers = manifest.hasJsManifest ? collectTsPathAliases(context.rootDirectory, workspaceDirs) : [];
 	const diagnostics = [];
 	const files = getSourceFiles(context);
 	for (const filePath of files) {
@@ -1584,121 +1858,7 @@ const detectHallucinatedImports = async (context) => {
 };
 
 //#endregion
-//#region src/engines/ai-slop/narrative-comments-patterns.ts
-const DECORATIVE_SEPARATOR = /^[-=─━~_*#]{6,}$/;
-const DECORATIVE_SECTION_HEADER = /^[-=─━~_*#]{3,}[\s\S]+?[-=─━~_*#]{3,}$/;
-const SECTION_HEADER = /^(Phase|Step|Section|Part)\s+\d+[:.-]/i;
-const CROSS_REFERENCE_PHRASES = [
-	/\bwill then be\b/i,
-	/\bused by\b/i,
-	/\bcalled from\b/i,
-	/\bcalled later\b/i,
-	/\bsee (?:above|below|later|earlier)\b/i,
-	/\breplaces the\b/i,
-	/\bmatches the one\b/i,
-	/\bwe moved\b/i,
-	/\bwe used to\b/i,
-	/\brefactor(?:ed)? from\b/i,
-	/\bcombined with\b.*\bthis\b/i
-];
-const JUSTIFICATION_OPENERS = [/^(The idea here|The trick is|This was needed|Originally,?)/i];
-const EXPLANATORY_OPENERS = /^(Matches|Detects|Represents|Holds|Stores|Tracks|Handles|Manages|Controls|Contains|Captures|Encapsulates|Wraps|Describes)\s+[A-Za-z`'"]/;
-const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:)\b/i;
-const MEANINGFUL_JSDOC_TAGS = new Set([
-	"deprecated",
-	"see",
-	"example",
-	"type",
-	"returns",
-	"return",
-	"param",
-	"throws",
-	"typedef",
-	"callback",
-	"override",
-	"template",
-	"internal",
-	"public",
-	"private",
-	"protected",
-	"experimental",
-	"alpha",
-	"beta",
-	"since",
-	"todo",
-	"link",
-	"license",
-	"preserve",
-	"swagger",
-	"openapi",
-	"route",
-	"group",
-	"summary",
-	"description",
-	"operationid",
-	"response",
-	"responses",
-	"request",
-	"requestbody",
-	"security",
-	"tag",
-	"tags",
-	"path",
-	"body",
-	"query",
-	"queryparam",
-	"header",
-	"headers",
-	"produces",
-	"accept",
-	"middleware",
-	"api",
-	"apiname",
-	"apidefine",
-	"apigroup",
-	"apiparam",
-	"apiquery",
-	"apibody",
-	"apiheader",
-	"apisuccess",
-	"apierror",
-	"apiexample",
-	"apiversion",
-	"apidescription",
-	"apipermission",
-	"apiuse",
-	"apiignore",
-	"apiprivate",
-	"namespace",
-	"category"
-]);
-const SUPPORTED_EXTS = new Set([
-	".ts",
-	".tsx",
-	".js",
-	".jsx",
-	".mjs",
-	".cjs",
-	".py",
-	".go",
-	".rs",
-	".rb",
-	".java",
-	".php"
-]);
-const DECL_START = /^(\s*)(export\s+)?(async\s+)?(const|let|var|function|class|type|interface|enum|abstract\s+class)\s+/;
-const EXPORT_DEFAULT = /^\s*export\s+default\b/;
-const TS_MEMBER_DECL_START = /^\s*(?:readonly\s+|static\s+|public\s+|private\s+|protected\s+|abstract\s+|override\s+)*[\w$]+\??\s*:/;
-const PY_DECL_START = /^\s*(async\s+def|def|class)\s+/;
-const GO_DECL_START = /^\s*(func|type|var|const)\s+/;
-const RUST_DECL_START = /^\s*(pub\s+)?(async\s+)?(fn|struct|enum|trait|impl|const|static|type|mod)\s+/;
-const RUBY_DECL_START = /^\s*(class|module|def)\s+/;
-const JAVA_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|sealed|non-sealed|\s)+(?:class|interface|enum|record|@interface|\w[^(){};=]*\s+\w+\s*\()/;
-const JAVA_DECL_START_FALLBACK = /^\s*(class|interface|enum|record|@interface)\s+/;
-const PHP_DECL_START = /^\s*(?:public|private|protected|static|final|abstract|readonly\s+)*(function|class|interface|trait|enum|const)\s+/;
-
-//#endregion
-//#region src/engines/ai-slop/narrative-comments.ts
+//#region src/engines/ai-slop/comment-blocks.ts
 const stripJsdocLine = (line) => line.replace(/^\s*\/\*\*+\s?/, "").replace(/\s*\*+\/\s*$/, "").replace(/^\s*\*\s?/, "").trim();
 const stripLineComment = (line) => line.replace(/^\s*(?:(?:\/\/)|#)\s?/, "");
 const getCommentSyntax = (ext) => {
@@ -1798,6 +1958,9 @@ const collectBlocks = (sourceLines, syntax) => {
 	}
 	return blocks;
 };
+
+//#endregion
+//#region src/engines/ai-slop/narrative-comments.ts
 const looksLikeDeclarationPreamble = (nextLine, ext) => {
 	if (nextLine === null) return false;
 	if (DECL_START.test(nextLine) || EXPORT_DEFAULT.test(nextLine)) return true;
@@ -1827,6 +1990,7 @@ const isBareSectionLabel = (prose) => {
 	if (!BARE_LABEL_RE.test(prose)) return false;
 	if (prose.endsWith(".")) return false;
 	if (prose.split(/\s+/).length > 3) return false;
+	if (STEP_COMMENT_VERB_RE.test(prose)) return false;
 	return true;
 };
 const DATA_ENTRY_START = /^\s*(?:\{|\[|["'`]|\d|\w+:\s|case\s)/;
@@ -1841,15 +2005,45 @@ const nextLineLooksLikeDataEntry = (nextLine) => {
 };
 const looksLikeSuppressDirective = (block) => block.rawLines.some((l) => /\b(biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(l));
 const GO_DECL_NAME_RE = /^(?:func|type|var|const)\s+(?:\([^)]*\)\s*)?(\w+)/;
+const GO_FIELD_LEAD_RE = /^(\w+)\s+/;
+const GO_KEYWORDS = new Set([
+	"return",
+	"if",
+	"for",
+	"switch",
+	"case",
+	"default",
+	"go",
+	"select",
+	"defer",
+	"else",
+	"break",
+	"continue",
+	"goto",
+	"package",
+	"import",
+	"map",
+	"chan",
+	"range"
+]);
 const looksLikeGoDocComment = (block, ext) => {
 	if (ext !== ".go" || block.kind !== "line") return false;
 	const next = block.nextNonBlankLine;
 	if (!next) return false;
-	const declMatch = GO_DECL_NAME_RE.exec(next.trim());
-	if (!declMatch) return false;
-	return ((block.prose.find((l) => l.length > 0) ?? "").split(/\s+/)[0] ?? "") === declMatch[1];
+	const trimmedNext = next.trim();
+	const firstWord = (block.prose.find((l) => l.length > 0) ?? "").split(/\s+/)[0] ?? "";
+	const declMatch = GO_DECL_NAME_RE.exec(trimmedNext);
+	if (declMatch && firstWord === declMatch[1]) return true;
+	const fieldMatch = GO_FIELD_LEAD_RE.exec(trimmedNext);
+	if (fieldMatch && !GO_KEYWORDS.has(fieldMatch[1]) && firstWord === fieldMatch[1]) return true;
+	return false;
 };
-const DOC_INDICATOR_RE = /`[^`]+`|\|\s*[-:]+\s*\||```|\b(?:note|warning|warn|caveat|example|caution|see):|\(e\.g\.[^)]+\)|\(i\.e\.[^)]+\)/i;
+const RUBY_DOC_INDICATORS = /^\s*#\s*(?:#|@\w+|:[\w-]+:|=begin|=end)/;
+const looksLikeRubyDocBlock = (block, ext) => {
+	if (ext !== ".rb" || block.kind !== "line") return false;
+	return block.rawLines.some((line) => RUBY_DOC_INDICATORS.test(line));
+};
+const DOC_INDICATOR_RE = /`[^`]+`|\|\s*[-:]+\s*\||```|\b(?:note|warning|warn|caveat|example|caution|see|todo|fixme|hack|reason|deprecated|deprecation|migration|legacy|historical|context):|\(e\.g\.[^)]+\)|\(i\.e\.[^)]+\)|\b\w+\.\w+(?:\.\w+)+\b|\[[\w/.-]+\]/i;
 const hasDocIndicator = (block) => {
 	const joined = block.prose.join(" ");
 	if (DOC_INDICATOR_RE.test(joined)) return true;
@@ -1885,6 +2079,10 @@ const detectNarrativeInBlock = (block, ext) => {
 		matched: false,
 		reason: ""
 	};
+	if (looksLikeRubyDocBlock(block, ext)) return {
+		matched: false,
+		reason: ""
+	};
 	if (block.kind === "line" && block.prose.some((l) => DECORATIVE_SEPARATOR.test(l) || DECORATIVE_SECTION_HEADER.test(l))) return {
 		matched: true,
 		reason: "decorative separator"
@@ -1893,17 +2091,17 @@ const detectNarrativeInBlock = (block, ext) => {
 		matched: true,
 		reason: "phase/section header"
 	};
-	if (block.kind === "line" && block.prose.length === 1 && isBareSectionLabel(block.prose[0]) && !nextLineLooksLikeDataEntry(block.nextNonBlankLine)) return {
+	if (block.kind === "line" && block.prose.length === 1 && isBareSectionLabel(block.prose[0]) && !nextLineLooksLikeDataEntry(block.nextNonBlankLine) && !looksLikeDeclarationPreamble(block.nextNonBlankLine, ext)) return {
 		matched: true,
 		reason: "bare section label"
 	};
 	const joined = block.prose.join(" ");
 	const hasWhyMarker = EXPLANATORY_WHY_MARKERS.test(joined);
-	if ((hasWhyMarker || hasDocIndicator(block)) && block.kind === "jsdoc") return {
+	if (hasWhyMarker || hasDocIndicator(block)) return {
 		matched: false,
 		reason: ""
 	};
-	if (block.kind === "line" && block.prose.length >= 3 && looksLikeDeclarationPreamble(block.nextNonBlankLine, ext)) return {
+	if (block.kind === "line" && block.prose.length >= 3 && looksLikeDeclarationPreamble(block.nextNonBlankLine, ext) && hasPreambleSlopSignal(block)) return {
 		matched: true,
 		reason: "multi-line preamble before declaration"
 	};
@@ -1926,11 +2124,18 @@ const detectNarrativeInBlock = (block, ext) => {
 		reason: "explanatory preamble"
 	};
 	const nonEmptyProseCount = block.prose.filter((l) => l.length > 0).length;
-	if (nonEmptyProseCount >= 5) return {
-		matched: true,
-		reason: "long narrative block"
-	};
-	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line") return {
+	const isAboveDeclaration = looksLikeDeclarationPreamble(block.nextNonBlankLine, ext);
+	if (nonEmptyProseCount >= 5) {
+		if (isAboveDeclaration) return {
+			matched: false,
+			reason: ""
+		};
+		return {
+			matched: true,
+			reason: "long narrative block"
+		};
+	}
+	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration) return {
 		matched: true,
 		reason: "multi-line narrative prose"
 	};
@@ -1985,6 +2190,11 @@ const BROAD_EXCEPT_RE = /^\s*except\s+(Exception|BaseException)\s*(?:as\s+\w+)?\
 const PRINT_RE = /^\s*print\s*\(/;
 const DEF_RE = /^\s*(?:async\s+)?def\s+\w+\s*\(/;
 const MUTABLE_DEFAULT_RE = /(\w+)\s*(?::\s*[^,)=]+)?\s*=\s*(\[\s*\]|\{\s*\}|set\(\s*\))/;
+const RANGE_LEN_LOOP_RE = /^\s*for\s+([A-Za-z_]\w*)\s+in\s+range\s*\(\s*len\s*\(\s*([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*\)\s*\)\s*:\s*(?:#.*)?$/;
+const CHAINED_DICT_GET_RE = /\.get\s*\([^)]*,\s*\{\s*\}\s*\)\s*\.get\s*\(/;
+const SAME_VALUE_BRANCH_RE = /^(\s*)(?:if|elif)\s+([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*==\s*["'][^"']+["']\s*:/;
+const INSTANCE_BRANCH_RE = /^(\s*)(?:if|elif)\s+isinstance\s*\(\s*([A-Za-z_]\w*)\s*,\s*[^)]+\)\s*:/;
+const BRANCH_LADDER_THRESHOLD = 4;
 const isTestFile$1 = (relPath, basename) => basename.startsWith("test_") || basename.endsWith("_test.py") || basename === "conftest.py" || relPath.split(path.sep).some((seg) => seg === "tests" || seg === "test");
 const isScriptOrEntrypoint = (basename) => basename === "__main__.py" || basename === "manage.py" || basename === "setup.py";
 const SCRIPT_DIR_NAMES = new Set([
@@ -2037,6 +2247,13 @@ const pushFinding = (out, a) => {
 		fixable: false
 	});
 };
+const pushLineFinding = (out, relPath, line, finding) => {
+	pushFinding(out, {
+		relPath,
+		line,
+		...finding
+	});
+};
 const flagBareExcept = (lines, relPath, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		if (!BARE_EXCEPT_RE.test(lines[i])) continue;
@@ -2118,6 +2335,76 @@ const flagPrintInProduction = (lines, relPath, basename, out) => {
 		});
 	}
 };
+const flagRangeLenLoops = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		const match = RANGE_LEN_LOOP_RE.exec(lines[i]);
+		if (!match) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-range-len-loop",
+			severity: "info",
+			message: `\`range(len(${match[2]}))\` loop — usually a hand-rolled iteration pattern.`,
+			help: "Prefer direct iteration (`for item in items`) or `enumerate(items)` when the index is needed. Keeping index plumbing out of the loop reduces checkpoint-to-checkpoint bloat."
+		});
+	}
+};
+const flagChainedDictGets = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		if (!CHAINED_DICT_GET_RE.test(lines[i])) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-chained-dict-get",
+			severity: "warning",
+			message: "Chained `.get(..., {})` defaults hide missing-data cases.",
+			help: "Normalize the input at the boundary, use a typed object, or split the lookup into explicit steps. Empty-dict fallback chains are a common agent shortcut that becomes brittle as schemas evolve."
+		});
+	}
+};
+const countBranchLadder = (lines, start, pattern, selector, indent) => {
+	let count = 1;
+	for (let i = start + 1; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (trimmed === "" || trimmed.startsWith("#")) continue;
+		const match = pattern.exec(line);
+		if (match?.[1] === indent && match[2] === selector) {
+			count++;
+			continue;
+		}
+		if (line.startsWith(`${indent}elif `)) break;
+		if (line.length - line.trimStart().length <= indent.length && !line.startsWith(`${indent}else`)) break;
+	}
+	return count;
+};
+const flagBranchLadders = (lines, relPath, out) => {
+	const reported = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		if (reported.has(i)) continue;
+		const valueMatch = SAME_VALUE_BRANCH_RE.exec(lines[i]);
+		if (valueMatch) {
+			const count = countBranchLadder(lines, i, SAME_VALUE_BRANCH_RE, valueMatch[2], valueMatch[1]);
+			if (count >= BRANCH_LADDER_THRESHOLD) {
+				reported.add(i);
+				pushLineFinding(out, relPath, i + 1, {
+					rule: "ai-slop/python-repetitive-dispatch",
+					severity: "warning",
+					message: `${count} repeated branches dispatch on \`${valueMatch[2]}\`.`,
+					help: "Use a table, set membership, or handler map when branches share the same shape. SlopCodeBench highlights these selector ladders as code that keeps growing instead of absorbing new cases cleanly."
+				});
+			}
+			continue;
+		}
+		const instanceMatch = INSTANCE_BRANCH_RE.exec(lines[i]);
+		if (!instanceMatch) continue;
+		const count = countBranchLadder(lines, i, INSTANCE_BRANCH_RE, instanceMatch[2], instanceMatch[1]);
+		if (count < BRANCH_LADDER_THRESHOLD) continue;
+		reported.add(i);
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-isinstance-ladder",
+			severity: "warning",
+			message: `${count} repeated \`isinstance(${instanceMatch[2]}, ...)\` branches.`,
+			help: "Prefer a handler map, protocol, or normalized intermediate representation when each type branch has the same role. Repeated type ladders are one of the maintainability smells SCBench-style checks look for."
+		});
+	}
+};
 const detectPythonPatterns = async (context) => {
 	const diagnostics = [];
 	const files = getSourceFiles(context);
@@ -2137,6 +2424,9 @@ const detectPythonPatterns = async (context) => {
 		flagBroadExceptWithSilentBody(lines, relPath, diagnostics);
 		flagMutableDefaults(lines, relPath, diagnostics);
 		flagPrintInProduction(lines, relPath, basename, diagnostics);
+		flagRangeLenLoops(lines, relPath, diagnostics);
+		flagChainedDictGets(lines, relPath, diagnostics);
+		flagBranchLadders(lines, relPath, diagnostics);
 	}
 	return diagnostics;
 };
@@ -2162,7 +2452,23 @@ const isTestFile = (relPath) => {
 	if (segments.some((s) => TEST_CRATE_SEGMENT_RE.test(s))) return true;
 	const basename = segments[segments.length - 1] ?? "";
 	if (TEST_BASENAMES.has(basename)) return true;
-	return basename.endsWith("_tests.rs") || basename.endsWith("_testutil.rs");
+	return basename.endsWith("_tests.rs") || basename.endsWith("_test.rs") || basename.endsWith("_testutil.rs");
+};
+const buildBlockCommentRanges = (lines) => {
+	const ranges = [];
+	let openLine = -1;
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (openLine === -1) {
+			const openIdx = line.indexOf("/*");
+			if (openIdx !== -1 && line.indexOf("*/", openIdx + 2) === -1) openLine = i;
+		} else if (line.indexOf("*/") !== -1) {
+			ranges.push([openLine, i]);
+			openLine = -1;
+		}
+	}
+	if (openLine !== -1) ranges.push([openLine, lines.length - 1]);
+	return ranges;
 };
 const isExampleFile = (relPath) => relPath.split(path.sep).some((seg) => seg === "examples" || seg === "benches");
 const UNWRAP_INTENT_LOOKBACK = 2;
@@ -2193,11 +2499,12 @@ const buildTestRanges = (lines) => {
 	return ranges;
 };
 const isInRange = (ranges, lineIdx) => ranges.some(([start, end]) => lineIdx >= start && lineIdx <= end);
-const flagNonTestUnwrap = (lines, relPath, testRanges, out) => {
+const flagNonTestUnwrap = (lines, relPath, testRanges, blockCommentRanges, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		const line = lines[i];
 		if (COMMENT_LINE_RE.test(line)) continue;
 		if (isInRange(testRanges, i)) continue;
+		if (isInRange(blockCommentRanges, i)) continue;
 		if (!UNWRAP_CALL_RE.test(line)) continue;
 		if (WRITELN_UNWRAP_RE.test(line)) continue;
 		if (hasIntentComment(lines, i)) continue;
@@ -2254,7 +2561,7 @@ const detectRustPatterns = async (context) => {
 			flagTodoMacro(lines, relPath, diagnostics);
 			continue;
 		}
-		flagNonTestUnwrap(lines, relPath, buildTestRanges(lines), diagnostics);
+		flagNonTestUnwrap(lines, relPath, buildTestRanges(lines), buildBlockCommentRanges(lines), diagnostics);
 		flagTodoMacro(lines, relPath, diagnostics);
 	}
 	return diagnostics;
@@ -2339,7 +2646,9 @@ const extractPyImportedSymbols = (lines) => {
 			const cleaned = importPart.replace(/[()]/g, "");
 			for (const item of cleaned.split(",")) {
 				const parts = item.trim().split(/\s+as\s+/);
-				const localName = parts.length > 1 ? parts[1].trim() : parts[0].trim();
+				const original = parts[0].trim();
+				const localName = parts.length > 1 ? parts[1].trim() : original;
+				if (parts.length > 1 && original === localName) continue;
 				if (localName && /^\w+$/.test(localName)) symbols.push({
 					name: localName,
 					line: i + 1,
@@ -2352,7 +2661,9 @@ const extractPyImportedSymbols = (lines) => {
 		const importMatch = trimmed.match(/^import\s+([\w.]+)(?:\s+as\s+(\w+))?/);
 		if (importMatch) {
 			importLines.add(i);
-			const simpleName = (importMatch[2] ?? importMatch[1]).split(".")[0];
+			const alias = importMatch[2];
+			if (alias && alias === importMatch[1]) continue;
+			const simpleName = (alias ?? importMatch[1]).split(".")[0];
 			if (simpleName && /^\w+$/.test(simpleName)) symbols.push({
 				name: simpleName,
 				line: i + 1,
@@ -3008,9 +3319,17 @@ const isTrivialLine = (line) => {
 	if (trimmed.startsWith("/*") || trimmed.startsWith("*")) return true;
 	return false;
 };
+const SVG_MARKUP_RE = /<\/?(?:svg|path|polyline|line|circle|rect|g)\b|(?:xmlns|viewBox|stroke(?:-width|-linecap|-linejoin)?|fill|fill-opacity|d|points|x1|x2|y1|y2)=/;
+const DATA_LITERAL_RE = /^\s*(?:[A-Za-z_$][\w$-]*:\s*(?:["'`[{]|\d|true\b|false\b|null\b)|["'`][^"'`]*["'`],?\s*$|[{}\]],?\s*$|\),?\s*$)/;
 const SUPPRESS_RE = /aislop[- ]ignore(?:-next-block|-file)?\b.*\b(?:duplicate-block|code-quality\/duplicate-block)\b/;
 const FILE_SUPPRESS_RE = /aislop[- ]ignore-file\b.*\b(?:duplicate-block|code-quality\/duplicate-block)\b/;
 const fileHasSuppression = (content) => FILE_SUPPRESS_RE.test(content);
+const isLowSignalMarkupWindow = (lines) => {
+	return lines.filter((line) => SVG_MARKUP_RE.test(line)).length >= Math.ceil(WINDOW_SIZE / 2);
+};
+const isLowSignalDataWindow = (lines) => {
+	return lines.filter((line) => DATA_LITERAL_RE.test(line)).length >= WINDOW_SIZE - 1;
+};
 const findSuppressedLines = (lines) => {
 	const suppressed = /* @__PURE__ */ new Set();
 	for (let i = 0; i < lines.length; i++) {
@@ -3037,6 +3356,8 @@ const collectMeaningfulLines = (content) => {
 		if (suppressed.has(i + 1)) continue;
 		const window = lines.slice(i, i + WINDOW_SIZE);
 		if (window.some((l) => !MEANINGFUL_LINE.test(l))) continue;
+		if (isLowSignalMarkupWindow(window)) continue;
+		if (isLowSignalDataWindow(window)) continue;
 		if (window.every(isTrivialLine)) continue;
 		const normalised = window.map(normaliseLine);
 		if (normalised.filter((n) => n.length > 0 && n !== "}" && n !== "{").length < WINDOW_SIZE - 1) continue;
@@ -3915,7 +4236,20 @@ const createOxlintConfig = (options) => {
 		...buildFrameworkPlugins(options.framework)
 	];
 	const globals = buildTestGlobals(options.testFramework ?? null);
-	if (options.framework === "expo" || options.framework === "react") globals.__DEV__ = "readonly";
+	for (const name of [
+		"__DEV__",
+		"__TEST__",
+		"__BROWSER__",
+		"__NODE__",
+		"__GLOBAL__",
+		"__SSR__",
+		"__ESM_BROWSER__",
+		"__ESM_BUNDLER__",
+		"__VERSION__",
+		"__COMMIT__",
+		"__BUILD__"
+	]) globals[name] = "readonly";
+	for (const globalName of options.globals ?? []) globals[globalName] = "readonly";
 	if (options.framework === "astro") {
 		globals.Astro = "readonly";
 		rules["no-undef"] = "off";
@@ -3935,19 +4269,7 @@ const createOxlintConfig = (options) => {
 };
 
 //#endregion
-//#region src/engines/lint/oxlint.ts
-const esmRequire = createRequire(import.meta.url);
-const resolveOxlintBinary = () => {
-	try {
-		const oxlintMainPath = esmRequire.resolve("oxlint");
-		const oxlintDir = path.resolve(path.dirname(oxlintMainPath), "..");
-		return path.join(oxlintDir, "bin", "oxlint");
-	} catch {
-		return "oxlint";
-	}
-};
-const VITE_QUERY_RE = /["'][^"']*\?(worker|sharedworker|worker-url|url|raw|inline|init)\b/;
-const isViteVirtualImportFalsePositive = (rule, message) => rule.startsWith("import/") && VITE_QUERY_RE.test(message);
+//#region src/engines/lint/oxlint-context-filters.ts
 const AMBIENT_GLOBAL_DEPS = [
 	"unplugin-icons",
 	"@types/bun",
@@ -4009,6 +4331,9 @@ const isAmbientFalsePositive = (rule, message, sources) => {
 	return false;
 };
 const sstReferencedFiles = /* @__PURE__ */ new Map();
+const clearSstReferenceCache = () => {
+	sstReferencedFiles.clear();
+};
 const fileReferencesSstPlatform = (rootDir, relativeFilePath) => {
 	const cached = sstReferencedFiles.get(relativeFilePath);
 	if (cached !== void 0) return cached;
@@ -4029,12 +4354,114 @@ const fileReferencesSstPlatform = (rootDir, relativeFilePath) => {
 	sstReferencedFiles.set(relativeFilePath, referenced);
 	return referenced;
 };
+
+//#endregion
+//#region src/engines/lint/oxlint-globals.ts
+const readTextFile$1 = (filePath) => {
+	try {
+		return fs.readFileSync(filePath, "utf-8");
+	} catch {
+		return null;
+	}
+};
+const collectPackageNames = (dir) => {
+	const names = /* @__PURE__ */ new Set();
+	const raw = readTextFile$1(path.join(dir, "package.json"));
+	if (!raw) return names;
+	try {
+		const pkg = JSON.parse(raw);
+		for (const section of [
+			"dependencies",
+			"devDependencies",
+			"peerDependencies",
+			"optionalDependencies"
+		]) {
+			const deps = pkg[section];
+			if (deps && typeof deps === "object") for (const name of Object.keys(deps)) names.add(name);
+		}
+	} catch {
+		return names;
+	}
+	return names;
+};
+const AMBIENT_GLOBAL_RE = /^\s*(?:declare\s+)?(?:const|let|var|function|class)\s+([A-Za-z_$][\w$]*)/gm;
+const collectAmbientGlobals = (rootDir) => {
+	const globals = /* @__PURE__ */ new Set();
+	const projectFiles = listProjectFiles(rootDir);
+	for (const relativePath of projectFiles) {
+		if (!relativePath.endsWith(".d.ts")) continue;
+		const content = readTextFile$1(path.join(rootDir, relativePath));
+		if (!content) continue;
+		AMBIENT_GLOBAL_RE.lastIndex = 0;
+		let match;
+		while ((match = AMBIENT_GLOBAL_RE.exec(content)) !== null) globals.add(match[1]);
+	}
+	const deps = collectPackageNames(rootDir);
+	if (deps.has("@types/bun") || deps.has("bun-types")) globals.add("Bun");
+	if (projectFiles.some((filePath) => /(?:^|\/)sst\.config\.ts$/.test(filePath))) for (const name of [
+		"$app",
+		"$config",
+		"$dev",
+		"$interpolate",
+		"$resolve",
+		"$jsonParse",
+		"$jsonStringify",
+		"aws",
+		"cloudflare",
+		"docker",
+		"random",
+		"sst",
+		"vercel",
+		"pulumi"
+	]) globals.add(name);
+	return [...globals];
+};
+
+//#endregion
+//#region src/engines/lint/oxlint.ts
+const esmRequire = createRequire(import.meta.url);
+const OXLINT_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const resolveOxlintBinary = () => {
+	try {
+		const oxlintMainPath = esmRequire.resolve("oxlint");
+		const oxlintDir = path.resolve(path.dirname(oxlintMainPath), "..");
+		return path.join(oxlintDir, "bin", "oxlint");
+	} catch {
+		return "oxlint";
+	}
+};
+const VITE_QUERY_RE = /["'][^"']*\?(worker|sharedworker|worker-url|url|raw|inline|init)\b/;
+const isViteVirtualImportFalsePositive = (rule, message) => rule.startsWith("import/") && VITE_QUERY_RE.test(message);
 const UNUSED_VAR_IDENT_RE = /(?:Variable|Parameter|Catch parameter) '([^']+)' (?:is declared but never used|is caught but never used)/;
 const isUnderscoreUnusedVar = (rule, message) => {
 	if (rule !== "eslint/no-unused-vars") return false;
 	const match = UNUSED_VAR_IDENT_RE.exec(message);
 	return match ? match[1].startsWith("_") : false;
 };
+const readTextFile = (filePath) => {
+	try {
+		return fs.readFileSync(filePath, "utf-8");
+	} catch {
+		return null;
+	}
+};
+const isSolidRefFalsePositive = (context, diagnostic) => {
+	if (diagnostic.rule !== "eslint/no-unassigned-vars") return false;
+	const name = diagnostic.message.match(/^'([^']+)' is always 'undefined'/)?.[1];
+	if (!name) return false;
+	const content = readTextFile(path.isAbsolute(diagnostic.filePath) ? diagnostic.filePath : path.join(context.rootDirectory, diagnostic.filePath));
+	if (!content) return false;
+	const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+	return new RegExp(`\\bref=\\{\\s*${escaped}\\s*\\}`).test(content);
+};
+const isContextualTypeScriptFalsePositive = (diagnostic) => diagnostic.rule === "typescript-eslint/triple-slash-reference" && (diagnostic.filePath.endsWith(".d.ts") || /(?:^|\/)sst\.config\.ts$/.test(diagnostic.filePath));
 const parseRuleCode = (code) => {
 	if (!code) return {
 		plugin: "eslint",
@@ -4067,14 +4494,20 @@ const detectTestFramework = (rootDir) => {
 	} catch {}
 	return null;
 };
+const getOxlintTargets = (context) => getSourceFiles(context).filter((filePath) => OXLINT_EXTENSIONS.has(path.extname(filePath).toLowerCase())).filter((filePath) => !isAutoGenerated(filePath)).map((filePath) => path.relative(context.rootDirectory, filePath).split(path.sep).join("/"));
 const runOxlint = async (context) => {
 	const configPath = path.join(os.tmpdir(), `aislop-oxlintrc-${process.pid}.json`);
+	const framework = context.frameworks.find((f) => f !== "none");
+	const testFramework = detectTestFramework(context.rootDirectory);
+	const targets = getOxlintTargets(context);
+	if (targets.length === 0) return [];
 	const config = createOxlintConfig({
-		framework: context.frameworks.find((f) => f !== "none"),
-		testFramework: detectTestFramework(context.rootDirectory)
+		framework,
+		testFramework,
+		globals: collectAmbientGlobals(context.rootDirectory)
 	});
 	const ambientSources = detectAmbientSources(context.rootDirectory);
-	sstReferencedFiles.clear();
+	clearSstReferenceCache();
 	try {
 		fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
 		const args = [
@@ -4085,7 +4518,7 @@ const runOxlint = async (context) => {
 			"json"
 		];
 		if (context.languages.includes("typescript") && fs.existsSync(path.join(context.rootDirectory, "tsconfig.json"))) args.push("--tsconfig", "./tsconfig.json");
-		args.push(".");
+		args.push(...targets);
 		const result = await runSubprocess(process.execPath, args, {
 			cwd: context.rootDirectory,
 			timeout: 12e4
@@ -4117,6 +4550,8 @@ const runOxlint = async (context) => {
 			if (isExcludedFromScan(path.isAbsolute(d.filePath) ? path.relative(context.rootDirectory, d.filePath) : d.filePath)) return false;
 			if (isViteVirtualImportFalsePositive(d.rule, d.message)) return false;
 			if (isAmbientFalsePositive(d.rule, d.message, ambientSources)) return false;
+			if (isSolidRefFalsePositive(context, d)) return false;
+			if (isContextualTypeScriptFalsePositive(d)) return false;
 			if (isUnderscoreUnusedVar(d.rule, d.message)) return false;
 			if (d.rule === "eslint/no-undef" && fileReferencesSstPlatform(context.rootDirectory, d.filePath)) return false;
 			const key = `${d.filePath}:${d.line}:${d.rule}:${d.message}`;
@@ -4672,7 +5107,7 @@ const DB_RECEIVER = "(?:db|database|knex|client|connection|conn|pool|sql|prisma|
 const DB_METHOD = "(?:query|execute|exec|raw|\\$queryRaw|\\$queryRawUnsafe|\\$executeRaw|\\$executeRawUnsafe)";
 const RISKY_PATTERNS = [
 	{
-		pattern: new RegExp(`\\b${ev}\\s*\\(`, "g"),
+		pattern: new RegExp(`(?<![\\w.>:\\\\])\\b${ev}\\s*\\(`, "g"),
 		extensions: [
 			".ts",
 			".tsx",
@@ -4779,6 +5214,16 @@ const RISKY_PATTERNS = [
 		help: "Use parameterized queries or an ORM instead of string concatenation"
 	}
 ];
+const hasDangerouslySetInnerHtmlIgnore = (lines, lineIndex) => {
+	const start = Math.max(0, lineIndex - 2);
+	return lines.slice(start, lineIndex + 1).some((line) => /(?:biome-ignore|eslint-disable|aislop-ignore).*(?:noDangerouslySetInnerHtml|dangerouslySetInnerHTML|dangerously-set-innerhtml)/i.test(line));
+};
+const isStructuredDataScript = (content, matchIndex) => {
+	const before = content.slice(Math.max(0, matchIndex - 300), matchIndex);
+	if (/type=["']application\/ld\+json["']/.test(before)) return true;
+	const after = content.slice(matchIndex, Math.min(content.length, matchIndex + 180));
+	return /__html\s*:\s*JSON\.stringify\s*\(/.test(after);
+};
 const detectRiskyConstructs = async (context) => {
 	const files = getSourceFiles(context);
 	const diagnostics = [];
@@ -4794,6 +5239,7 @@ const detectRiskyConstructs = async (context) => {
 		const normalizedPath = relativePath.split(path.sep).join("/");
 		const isMigrationOrSeeder = /(?:^|\/)(migrations|seeders|seeds|migrate)\//.test(normalizedPath);
 		const masked = maskStringsAndComments(content, ext);
+		const lines = content.split("\n");
 		for (const { pattern, extensions, name, message, help } of RISKY_PATTERNS) {
 			if (!extensions.includes(ext)) continue;
 			if (isMigrationOrSeeder && name === "sql-injection") continue;
@@ -4805,6 +5251,10 @@ const detectRiskyConstructs = async (context) => {
 					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
 					if (/(?:template|tmpl|tpl)$/i.test(beforeMatch.trimEnd()) || /createElement\s*\(\s*['"]template['"]\s*\)$/.test(beforeMatch.trimEnd())) continue;
 				}
+				if (name === "dangerously-set-innerhtml") {
+					if (hasDangerouslySetInnerHtmlIgnore(lines, line - 1)) continue;
+					if (isStructuredDataScript(content, match.index)) continue;
+				}
 				diagnostics.push({
 					filePath: relativePath,
 					engine: "security",
@@ -4828,7 +5278,8 @@ const detectRiskyConstructs = async (context) => {
 const SECRET_PATTERNS = [
 	{
 		pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*["']([A-Za-z0-9_-]{20,})["']/gi,
-		name: "API key"
+		name: "API key",
+		keywordPrefixed: true
 	},
 	{
 		pattern: /AKIA[0-9A-Z]{16}/g,
@@ -4836,11 +5287,13 @@ const SECRET_PATTERNS = [
 	},
 	{
 		pattern: /(?:aws[_-]?secret|secret[_-]?key)\s*[:=]\s*["']([A-Za-z0-9/+=]{40})["']/gi,
-		name: "AWS Secret Key"
+		name: "AWS Secret Key",
+		keywordPrefixed: true
 	},
 	{
 		pattern: /(?:password|passwd|pwd|secret)\s*[:=]\s*["']([^"']{8,})["']/gi,
-		name: "Hardcoded password/secret"
+		name: "Hardcoded password/secret",
+		keywordPrefixed: true
 	},
 	{
 		pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g,
@@ -4852,7 +5305,8 @@ const SECRET_PATTERNS = [
 	},
 	{
 		pattern: /(?:token|bearer)\s*[:=]\s*["']([A-Za-z0-9_-]{20,})["']/gi,
-		name: "Authentication token"
+		name: "Authentication token",
+		keywordPrefixed: true
 	},
 	{
 		pattern: /gh[pousr]_[A-Za-z0-9_]{36,}/g,
@@ -4867,6 +5321,24 @@ const SECRET_PATTERNS = [
 		name: "Database connection string with credentials"
 	}
 ];
+const isInsideStringLiteral = (content, matchIndex) => {
+	const lineStart = content.lastIndexOf("\n", matchIndex - 1) + 1;
+	const prefix = content.slice(lineStart, matchIndex);
+	let inDouble = false;
+	let inSingle = false;
+	let inBacktick = false;
+	for (let i = 0; i < prefix.length; i++) {
+		const ch = prefix[i];
+		if (ch === "\\") {
+			i++;
+			continue;
+		}
+		if (ch === "\"" && !inSingle && !inBacktick) inDouble = !inDouble;
+		else if (ch === "'" && !inDouble && !inBacktick) inSingle = !inSingle;
+		else if (ch === "`" && !inDouble && !inSingle) inBacktick = !inBacktick;
+	}
+	return inDouble || inSingle || inBacktick;
+};
 const PLACEHOLDER_EXACT = new Set([
 	"changeme",
 	"password",
@@ -4902,11 +5374,12 @@ const scanSecrets = async (context) => {
 			continue;
 		}
 		const relativePath = path.relative(context.rootDirectory, filePath);
-		for (const { pattern, name } of SECRET_PATTERNS) {
+		for (const { pattern, name, keywordPrefixed } of SECRET_PATTERNS) {
 			const regex = new RegExp(pattern.source, pattern.flags);
 			let match;
 			while ((match = regex.exec(content)) !== null) {
 				if (isPlaceholderValue(match[1] ?? match[0])) continue;
+				if (keywordPrefixed && isInsideStringLiteral(content, match.index)) continue;
 				const line = content.slice(0, match.index).split("\n").length;
 				diagnostics.push({
 					filePath: relativePath,
@@ -5369,7 +5842,7 @@ const handleAislopBaseline = (input) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.2";
+const APP_VERSION = "0.9.4";
 
 //#endregion
 //#region src/telemetry/env.ts