aislop 0.9.3 → 0.9.4

package/README.md

@@ -1,6 +1,6 @@
 # aislop
 
-**The engineering standards layer and quality gate for AI-written code.**
+**Catch the slop AI coding agents leave in your code.**
 
 [![npm version](https://img.shields.io/npm/v/aislop.svg)](https://www.npmjs.com/package/aislop)
 [![npm downloads](https://img.shields.io/npm/dm/aislop.svg)](https://www.npmjs.com/package/aislop)
@@ -9,7 +9,9 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 [![Node >= 20](https://img.shields.io/badge/node-%3E%3D20-brightgreen.svg)](https://nodejs.org)
 
-Catches the slop AI agents leave behind: dead code, oversized functions and files, unused imports, `as any` casts, swallowed errors, hallucinated imports, todo stubs, narrative comments. Scores 0–100. Deterministic (regex + AST, no LLMs). 8+ languages.
+The patterns Claude Code, Cursor, Codex, and OpenCode leave behind: narrative comments above self-explanatory code, swallowed exceptions, `as any` casts, hallucinated imports, duplicated helpers, dead code, todo stubs, oversized functions. Tests pass. Lint passes. The code rots anyway.
+
+aislop catches them. 40+ rules across 7 languages (TS/JS, Python, Go, Rust, Ruby, PHP, Java). Scores every change 0–100. Sub-second. Deterministic — no LLM in the runtime path, same code in, same score out. MIT-licensed, free CLI.
 
 ## Quick start
 
@@ -265,6 +267,10 @@ See the full [rules reference](docs/rules.md).
 
 [Installation](docs/installation.md) · [Commands](docs/commands.md) · [Rules](docs/rules.md) · [Config](docs/configuration.md) · [Scoring](docs/scoring.md) · [CI/CD](docs/ci.md) · [Telemetry](docs/telemetry.md)
 
+## Community
+
+[Discussions](https://github.com/scanaislop/aislop/discussions) for questions, rule requests, and false-positive triage · [Issues](https://github.com/scanaislop/aislop/issues) for bugs
+
 ## Contributing
 
 See [CONTRIBUTING.md](CONTRIBUTING.md). AI assistants: [AGENTS.md](AGENTS.md).

package/dist/cli.js

@@ -34,7 +34,7 @@ var __exportAll = (all, no_symbols) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.3";
+const APP_VERSION = "0.9.4";
 
 //#endregion
 //#region src/telemetry/env.ts
@@ -2763,6 +2763,11 @@ const BROAD_EXCEPT_RE = /^\s*except\s+(Exception|BaseException)\s*(?:as\s+\w+)?\
 const PRINT_RE = /^\s*print\s*\(/;
 const DEF_RE = /^\s*(?:async\s+)?def\s+\w+\s*\(/;
 const MUTABLE_DEFAULT_RE = /(\w+)\s*(?::\s*[^,)=]+)?\s*=\s*(\[\s*\]|\{\s*\}|set\(\s*\))/;
+const RANGE_LEN_LOOP_RE = /^\s*for\s+([A-Za-z_]\w*)\s+in\s+range\s*\(\s*len\s*\(\s*([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*\)\s*\)\s*:\s*(?:#.*)?$/;
+const CHAINED_DICT_GET_RE = /\.get\s*\([^)]*,\s*\{\s*\}\s*\)\s*\.get\s*\(/;
+const SAME_VALUE_BRANCH_RE = /^(\s*)(?:if|elif)\s+([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*==\s*["'][^"']+["']\s*:/;
+const INSTANCE_BRANCH_RE = /^(\s*)(?:if|elif)\s+isinstance\s*\(\s*([A-Za-z_]\w*)\s*,\s*[^)]+\)\s*:/;
+const BRANCH_LADDER_THRESHOLD = 4;
 const isTestFile$1 = (relPath, basename) => basename.startsWith("test_") || basename.endsWith("_test.py") || basename === "conftest.py" || relPath.split(path.sep).some((seg) => seg === "tests" || seg === "test");
 const isScriptOrEntrypoint = (basename) => basename === "__main__.py" || basename === "manage.py" || basename === "setup.py";
 const SCRIPT_DIR_NAMES = new Set([
@@ -2815,6 +2820,13 @@ const pushFinding = (out, a) => {
 		fixable: false
 	});
 };
+const pushLineFinding = (out, relPath, line, finding) => {
+	pushFinding(out, {
+		relPath,
+		line,
+		...finding
+	});
+};
 const flagBareExcept = (lines, relPath, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		if (!BARE_EXCEPT_RE.test(lines[i])) continue;
@@ -2896,6 +2908,76 @@ const flagPrintInProduction = (lines, relPath, basename, out) => {
 		});
 	}
 };
+const flagRangeLenLoops = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		const match = RANGE_LEN_LOOP_RE.exec(lines[i]);
+		if (!match) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-range-len-loop",
+			severity: "info",
+			message: `\`range(len(${match[2]}))\` loop — usually a hand-rolled iteration pattern.`,
+			help: "Prefer direct iteration (`for item in items`) or `enumerate(items)` when the index is needed. Keeping index plumbing out of the loop reduces checkpoint-to-checkpoint bloat."
+		});
+	}
+};
+const flagChainedDictGets = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		if (!CHAINED_DICT_GET_RE.test(lines[i])) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-chained-dict-get",
+			severity: "warning",
+			message: "Chained `.get(..., {})` defaults hide missing-data cases.",
+			help: "Normalize the input at the boundary, use a typed object, or split the lookup into explicit steps. Empty-dict fallback chains are a common agent shortcut that becomes brittle as schemas evolve."
+		});
+	}
+};
+const countBranchLadder = (lines, start, pattern, selector, indent) => {
+	let count = 1;
+	for (let i = start + 1; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (trimmed === "" || trimmed.startsWith("#")) continue;
+		const match = pattern.exec(line);
+		if (match?.[1] === indent && match[2] === selector) {
+			count++;
+			continue;
+		}
+		if (line.startsWith(`${indent}elif `)) break;
+		if (line.length - line.trimStart().length <= indent.length && !line.startsWith(`${indent}else`)) break;
+	}
+	return count;
+};
+const flagBranchLadders = (lines, relPath, out) => {
+	const reported = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		if (reported.has(i)) continue;
+		const valueMatch = SAME_VALUE_BRANCH_RE.exec(lines[i]);
+		if (valueMatch) {
+			const count = countBranchLadder(lines, i, SAME_VALUE_BRANCH_RE, valueMatch[2], valueMatch[1]);
+			if (count >= BRANCH_LADDER_THRESHOLD) {
+				reported.add(i);
+				pushLineFinding(out, relPath, i + 1, {
+					rule: "ai-slop/python-repetitive-dispatch",
+					severity: "warning",
+					message: `${count} repeated branches dispatch on \`${valueMatch[2]}\`.`,
+					help: "Use a table, set membership, or handler map when branches share the same shape. SlopCodeBench highlights these selector ladders as code that keeps growing instead of absorbing new cases cleanly."
+				});
+			}
+			continue;
+		}
+		const instanceMatch = INSTANCE_BRANCH_RE.exec(lines[i]);
+		if (!instanceMatch) continue;
+		const count = countBranchLadder(lines, i, INSTANCE_BRANCH_RE, instanceMatch[2], instanceMatch[1]);
+		if (count < BRANCH_LADDER_THRESHOLD) continue;
+		reported.add(i);
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-isinstance-ladder",
+			severity: "warning",
+			message: `${count} repeated \`isinstance(${instanceMatch[2]}, ...)\` branches.`,
+			help: "Prefer a handler map, protocol, or normalized intermediate representation when each type branch has the same role. Repeated type ladders are one of the maintainability smells SCBench-style checks look for."
+		});
+	}
+};
 const detectPythonPatterns = async (context) => {
 	const diagnostics = [];
 	const files = getSourceFiles(context);
@@ -2915,6 +2997,9 @@ const detectPythonPatterns = async (context) => {
 		flagBroadExceptWithSilentBody(lines, relPath, diagnostics);
 		flagMutableDefaults(lines, relPath, diagnostics);
 		flagPrintInProduction(lines, relPath, basename, diagnostics);
+		flagRangeLenLoops(lines, relPath, diagnostics);
+		flagChainedDictGets(lines, relPath, diagnostics);
+		flagBranchLadders(lines, relPath, diagnostics);
 	}
 	return diagnostics;
 };
@@ -8717,6 +8802,10 @@ const RULE_LABELS = {
 	"ai-slop/python-broad-except": "Broad except",
 	"ai-slop/python-mutable-default": "Mutable default argument",
 	"ai-slop/python-print-debug": "print() left in code",
+	"ai-slop/python-range-len-loop": "range(len(...)) loop",
+	"ai-slop/python-chained-dict-get": "Chained dict get",
+	"ai-slop/python-repetitive-dispatch": "Repetitive dispatch ladder",
+	"ai-slop/python-isinstance-ladder": "isinstance ladder",
 	"ai-slop/go-library-panic": "panic() in Go library code",
 	"ai-slop/rust-non-test-unwrap": "Rust .unwrap() in production code",
 	"ai-slop/rust-todo-stub": "Rust todo!() stub",
@@ -8820,6 +8909,9 @@ const renderSummary = (input, deps = {}) => {
 	}
 	return lines.join("\n");
 };
+const renderStarCta = (deps = {}) => {
+	return `\n ${style(deps.theme ?? theme, "muted", "★ Found this useful? Star us at github.com/scanaislop/aislop")}\n`;
+};
 const renderCleanRun = (input, deps = {}) => {
 	const t = deps.theme ?? theme;
 	const s = deps.symbols ?? symbols;
@@ -8889,11 +8981,12 @@ const buildScanRender = (input) => {
 	const warnings = input.diagnostics.filter((d) => d.severity === "warning").length;
 	const fixable = input.diagnostics.filter((d) => d.fixable).length;
 	const hasVulnerableDeps = input.diagnostics.some((d) => d.rule === "security/vulnerable-dependency");
+	const starCta = input.printBrand !== false ? renderStarCta(deps) : "";
 	if (input.diagnostics.length === 0 && input.score.score === 100) return `${header}${renderCleanRun({
 		score: input.score.score,
 		label: input.score.label,
 		elapsedMs: input.elapsedMs
-	}, deps)}`;
+	}, deps)}${starCta}`;
 	const diagBlock = input.diagnostics.length === 0 ? "" : renderDiagnostics(input.diagnostics, input.verbose);
 	const nextSteps = [];
 	if (fixable > 0) nextSteps.push({
@@ -8920,7 +9013,7 @@ const buildScanRender = (input) => {
 		nextSteps,
 		breakdown: computeBreakdown(input.diagnostics),
 		thresholds: input.thresholds
-	}, deps)}`;
+	}, deps)}${starCta}`;
 };
 const scanCommand = async (directory, config, options) => {
 	const resolvedDir = path.resolve(directory);
@@ -11459,6 +11552,10 @@ const BUILTIN_RULES = [
 			"ai-slop/python-broad-except",
 			"ai-slop/python-mutable-default",
 			"ai-slop/python-print-debug",
+			"ai-slop/python-range-len-loop",
+			"ai-slop/python-chained-dict-get",
+			"ai-slop/python-repetitive-dispatch",
+			"ai-slop/python-isinstance-ladder",
 			"ai-slop/go-library-panic",
 			"ai-slop/rust-non-test-unwrap",
 			"ai-slop/rust-todo-stub",

package/dist/index.js

@@ -1,4 +1,4 @@
-import { n as ENGINE_INFO, r as getEngineLabel, t as APP_VERSION } from "./version-BNO_Lw7E.js";
+import { n as ENGINE_INFO, r as getEngineLabel, t as APP_VERSION } from "./version-C45P3Q1N.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-CQUJDGgn.js";
 import { r as runGenericLinter, t as fixRubyLint } from "./generic-BrcWMW7E.js";
 import { n as runExpoDoctor } from "./expo-doctor-Bz0LZhQ6.js";
@@ -2931,6 +2931,11 @@ const BROAD_EXCEPT_RE = /^\s*except\s+(Exception|BaseException)\s*(?:as\s+\w+)?\
 const PRINT_RE = /^\s*print\s*\(/;
 const DEF_RE = /^\s*(?:async\s+)?def\s+\w+\s*\(/;
 const MUTABLE_DEFAULT_RE = /(\w+)\s*(?::\s*[^,)=]+)?\s*=\s*(\[\s*\]|\{\s*\}|set\(\s*\))/;
+const RANGE_LEN_LOOP_RE = /^\s*for\s+([A-Za-z_]\w*)\s+in\s+range\s*\(\s*len\s*\(\s*([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*\)\s*\)\s*:\s*(?:#.*)?$/;
+const CHAINED_DICT_GET_RE = /\.get\s*\([^)]*,\s*\{\s*\}\s*\)\s*\.get\s*\(/;
+const SAME_VALUE_BRANCH_RE = /^(\s*)(?:if|elif)\s+([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*==\s*["'][^"']+["']\s*:/;
+const INSTANCE_BRANCH_RE = /^(\s*)(?:if|elif)\s+isinstance\s*\(\s*([A-Za-z_]\w*)\s*,\s*[^)]+\)\s*:/;
+const BRANCH_LADDER_THRESHOLD = 4;
 const isTestFile$1 = (relPath, basename) => basename.startsWith("test_") || basename.endsWith("_test.py") || basename === "conftest.py" || relPath.split(path.sep).some((seg) => seg === "tests" || seg === "test");
 const isScriptOrEntrypoint = (basename) => basename === "__main__.py" || basename === "manage.py" || basename === "setup.py";
 const SCRIPT_DIR_NAMES = new Set([
@@ -2983,6 +2988,13 @@ const pushFinding = (out, a) => {
 		fixable: false
 	});
 };
+const pushLineFinding = (out, relPath, line, finding) => {
+	pushFinding(out, {
+		relPath,
+		line,
+		...finding
+	});
+};
 const flagBareExcept = (lines, relPath, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		if (!BARE_EXCEPT_RE.test(lines[i])) continue;
@@ -3064,6 +3076,76 @@ const flagPrintInProduction = (lines, relPath, basename, out) => {
 		});
 	}
 };
+const flagRangeLenLoops = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		const match = RANGE_LEN_LOOP_RE.exec(lines[i]);
+		if (!match) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-range-len-loop",
+			severity: "info",
+			message: `\`range(len(${match[2]}))\` loop — usually a hand-rolled iteration pattern.`,
+			help: "Prefer direct iteration (`for item in items`) or `enumerate(items)` when the index is needed. Keeping index plumbing out of the loop reduces checkpoint-to-checkpoint bloat."
+		});
+	}
+};
+const flagChainedDictGets = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		if (!CHAINED_DICT_GET_RE.test(lines[i])) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-chained-dict-get",
+			severity: "warning",
+			message: "Chained `.get(..., {})` defaults hide missing-data cases.",
+			help: "Normalize the input at the boundary, use a typed object, or split the lookup into explicit steps. Empty-dict fallback chains are a common agent shortcut that becomes brittle as schemas evolve."
+		});
+	}
+};
+const countBranchLadder = (lines, start, pattern, selector, indent) => {
+	let count = 1;
+	for (let i = start + 1; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (trimmed === "" || trimmed.startsWith("#")) continue;
+		const match = pattern.exec(line);
+		if (match?.[1] === indent && match[2] === selector) {
+			count++;
+			continue;
+		}
+		if (line.startsWith(`${indent}elif `)) break;
+		if (line.length - line.trimStart().length <= indent.length && !line.startsWith(`${indent}else`)) break;
+	}
+	return count;
+};
+const flagBranchLadders = (lines, relPath, out) => {
+	const reported = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		if (reported.has(i)) continue;
+		const valueMatch = SAME_VALUE_BRANCH_RE.exec(lines[i]);
+		if (valueMatch) {
+			const count = countBranchLadder(lines, i, SAME_VALUE_BRANCH_RE, valueMatch[2], valueMatch[1]);
+			if (count >= BRANCH_LADDER_THRESHOLD) {
+				reported.add(i);
+				pushLineFinding(out, relPath, i + 1, {
+					rule: "ai-slop/python-repetitive-dispatch",
+					severity: "warning",
+					message: `${count} repeated branches dispatch on \`${valueMatch[2]}\`.`,
+					help: "Use a table, set membership, or handler map when branches share the same shape. SlopCodeBench highlights these selector ladders as code that keeps growing instead of absorbing new cases cleanly."
+				});
+			}
+			continue;
+		}
+		const instanceMatch = INSTANCE_BRANCH_RE.exec(lines[i]);
+		if (!instanceMatch) continue;
+		const count = countBranchLadder(lines, i, INSTANCE_BRANCH_RE, instanceMatch[2], instanceMatch[1]);
+		if (count < BRANCH_LADDER_THRESHOLD) continue;
+		reported.add(i);
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-isinstance-ladder",
+			severity: "warning",
+			message: `${count} repeated \`isinstance(${instanceMatch[2]}, ...)\` branches.`,
+			help: "Prefer a handler map, protocol, or normalized intermediate representation when each type branch has the same role. Repeated type ladders are one of the maintainability smells SCBench-style checks look for."
+		});
+	}
+};
 const detectPythonPatterns = async (context) => {
 	const diagnostics = [];
 	const files = getSourceFiles(context);
@@ -3083,6 +3165,9 @@ const detectPythonPatterns = async (context) => {
 		flagBroadExceptWithSilentBody(lines, relPath, diagnostics);
 		flagMutableDefaults(lines, relPath, diagnostics);
 		flagPrintInProduction(lines, relPath, basename, diagnostics);
+		flagRangeLenLoops(lines, relPath, diagnostics);
+		flagChainedDictGets(lines, relPath, diagnostics);
+		flagBranchLadders(lines, relPath, diagnostics);
 	}
 	return diagnostics;
 };
@@ -7170,6 +7255,10 @@ const RULE_LABELS = {
 	"ai-slop/python-broad-except": "Broad except",
 	"ai-slop/python-mutable-default": "Mutable default argument",
 	"ai-slop/python-print-debug": "print() left in code",
+	"ai-slop/python-range-len-loop": "range(len(...)) loop",
+	"ai-slop/python-chained-dict-get": "Chained dict get",
+	"ai-slop/python-repetitive-dispatch": "Repetitive dispatch ladder",
+	"ai-slop/python-isinstance-ladder": "isinstance ladder",
 	"ai-slop/go-library-panic": "panic() in Go library code",
 	"ai-slop/rust-non-test-unwrap": "Rust .unwrap() in production code",
 	"ai-slop/rust-todo-stub": "Rust todo!() stub",
@@ -7273,6 +7362,9 @@ const renderSummary = (input, deps = {}) => {
 	}
 	return lines.join("\n");
 };
+const renderStarCta = (deps = {}) => {
+	return `\n ${style(deps.theme ?? theme, "muted", "★ Found this useful? Star us at github.com/scanaislop/aislop")}\n`;
+};
 const renderCleanRun = (input, deps = {}) => {
 	const t = deps.theme ?? theme;
 	const s = deps.symbols ?? symbols;
@@ -7388,11 +7480,12 @@ const buildScanRender = (input) => {
 	const warnings = input.diagnostics.filter((d) => d.severity === "warning").length;
 	const fixable = input.diagnostics.filter((d) => d.fixable).length;
 	const hasVulnerableDeps = input.diagnostics.some((d) => d.rule === "security/vulnerable-dependency");
+	const starCta = input.printBrand !== false ? renderStarCta(deps) : "";
 	if (input.diagnostics.length === 0 && input.score.score === 100) return `${header}${renderCleanRun({
 		score: input.score.score,
 		label: input.score.label,
 		elapsedMs: input.elapsedMs
-	}, deps)}`;
+	}, deps)}${starCta}`;
 	const diagBlock = input.diagnostics.length === 0 ? "" : renderDiagnostics(input.diagnostics, input.verbose);
 	const nextSteps = [];
 	if (fixable > 0) nextSteps.push({
@@ -7419,7 +7512,7 @@ const buildScanRender = (input) => {
 		nextSteps,
 		breakdown: computeBreakdown(input.diagnostics),
 		thresholds: input.thresholds
-	}, deps)}`;
+	}, deps)}${starCta}`;
 };
 const scanCommand = async (directory, config, options) => {
 	const resolvedDir = path.resolve(directory);
@@ -7530,7 +7623,7 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 		engineTimings
 	};
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-BhO1Ufj3.js");
+		const { buildJsonOutput } = await import("./json-CXiEvR_M.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return completion;
@@ -9355,6 +9448,10 @@ const BUILTIN_RULES = [
 			"ai-slop/python-broad-except",
 			"ai-slop/python-mutable-default",
 			"ai-slop/python-print-debug",
+			"ai-slop/python-range-len-loop",
+			"ai-slop/python-chained-dict-get",
+			"ai-slop/python-repetitive-dispatch",
+			"ai-slop/python-isinstance-ladder",
 			"ai-slop/go-library-panic",
 			"ai-slop/rust-non-test-unwrap",
 			"ai-slop/rust-todo-stub",

package/dist/{json-BhO1Ufj3.js → json-CXiEvR_M.js}

@@ -1,4 +1,4 @@
-import { n as ENGINE_INFO, t as APP_VERSION } from "./version-BNO_Lw7E.js";
+import { n as ENGINE_INFO, t as APP_VERSION } from "./version-C45P3Q1N.js";
 
 //#region src/output/json.ts
 const buildJsonOutput = (results, scoreResult, fileCount, elapsedMs) => {

package/dist/mcp.js

@@ -2190,6 +2190,11 @@ const BROAD_EXCEPT_RE = /^\s*except\s+(Exception|BaseException)\s*(?:as\s+\w+)?\
 const PRINT_RE = /^\s*print\s*\(/;
 const DEF_RE = /^\s*(?:async\s+)?def\s+\w+\s*\(/;
 const MUTABLE_DEFAULT_RE = /(\w+)\s*(?::\s*[^,)=]+)?\s*=\s*(\[\s*\]|\{\s*\}|set\(\s*\))/;
+const RANGE_LEN_LOOP_RE = /^\s*for\s+([A-Za-z_]\w*)\s+in\s+range\s*\(\s*len\s*\(\s*([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*\)\s*\)\s*:\s*(?:#.*)?$/;
+const CHAINED_DICT_GET_RE = /\.get\s*\([^)]*,\s*\{\s*\}\s*\)\s*\.get\s*\(/;
+const SAME_VALUE_BRANCH_RE = /^(\s*)(?:if|elif)\s+([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*==\s*["'][^"']+["']\s*:/;
+const INSTANCE_BRANCH_RE = /^(\s*)(?:if|elif)\s+isinstance\s*\(\s*([A-Za-z_]\w*)\s*,\s*[^)]+\)\s*:/;
+const BRANCH_LADDER_THRESHOLD = 4;
 const isTestFile$1 = (relPath, basename) => basename.startsWith("test_") || basename.endsWith("_test.py") || basename === "conftest.py" || relPath.split(path.sep).some((seg) => seg === "tests" || seg === "test");
 const isScriptOrEntrypoint = (basename) => basename === "__main__.py" || basename === "manage.py" || basename === "setup.py";
 const SCRIPT_DIR_NAMES = new Set([
@@ -2242,6 +2247,13 @@ const pushFinding = (out, a) => {
 		fixable: false
 	});
 };
+const pushLineFinding = (out, relPath, line, finding) => {
+	pushFinding(out, {
+		relPath,
+		line,
+		...finding
+	});
+};
 const flagBareExcept = (lines, relPath, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		if (!BARE_EXCEPT_RE.test(lines[i])) continue;
@@ -2323,6 +2335,76 @@ const flagPrintInProduction = (lines, relPath, basename, out) => {
 		});
 	}
 };
+const flagRangeLenLoops = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		const match = RANGE_LEN_LOOP_RE.exec(lines[i]);
+		if (!match) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-range-len-loop",
+			severity: "info",
+			message: `\`range(len(${match[2]}))\` loop — usually a hand-rolled iteration pattern.`,
+			help: "Prefer direct iteration (`for item in items`) or `enumerate(items)` when the index is needed. Keeping index plumbing out of the loop reduces checkpoint-to-checkpoint bloat."
+		});
+	}
+};
+const flagChainedDictGets = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		if (!CHAINED_DICT_GET_RE.test(lines[i])) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-chained-dict-get",
+			severity: "warning",
+			message: "Chained `.get(..., {})` defaults hide missing-data cases.",
+			help: "Normalize the input at the boundary, use a typed object, or split the lookup into explicit steps. Empty-dict fallback chains are a common agent shortcut that becomes brittle as schemas evolve."
+		});
+	}
+};
+const countBranchLadder = (lines, start, pattern, selector, indent) => {
+	let count = 1;
+	for (let i = start + 1; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (trimmed === "" || trimmed.startsWith("#")) continue;
+		const match = pattern.exec(line);
+		if (match?.[1] === indent && match[2] === selector) {
+			count++;
+			continue;
+		}
+		if (line.startsWith(`${indent}elif `)) break;
+		if (line.length - line.trimStart().length <= indent.length && !line.startsWith(`${indent}else`)) break;
+	}
+	return count;
+};
+const flagBranchLadders = (lines, relPath, out) => {
+	const reported = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		if (reported.has(i)) continue;
+		const valueMatch = SAME_VALUE_BRANCH_RE.exec(lines[i]);
+		if (valueMatch) {
+			const count = countBranchLadder(lines, i, SAME_VALUE_BRANCH_RE, valueMatch[2], valueMatch[1]);
+			if (count >= BRANCH_LADDER_THRESHOLD) {
+				reported.add(i);
+				pushLineFinding(out, relPath, i + 1, {
+					rule: "ai-slop/python-repetitive-dispatch",
+					severity: "warning",
+					message: `${count} repeated branches dispatch on \`${valueMatch[2]}\`.`,
+					help: "Use a table, set membership, or handler map when branches share the same shape. SlopCodeBench highlights these selector ladders as code that keeps growing instead of absorbing new cases cleanly."
+				});
+			}
+			continue;
+		}
+		const instanceMatch = INSTANCE_BRANCH_RE.exec(lines[i]);
+		if (!instanceMatch) continue;
+		const count = countBranchLadder(lines, i, INSTANCE_BRANCH_RE, instanceMatch[2], instanceMatch[1]);
+		if (count < BRANCH_LADDER_THRESHOLD) continue;
+		reported.add(i);
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-isinstance-ladder",
+			severity: "warning",
+			message: `${count} repeated \`isinstance(${instanceMatch[2]}, ...)\` branches.`,
+			help: "Prefer a handler map, protocol, or normalized intermediate representation when each type branch has the same role. Repeated type ladders are one of the maintainability smells SCBench-style checks look for."
+		});
+	}
+};
 const detectPythonPatterns = async (context) => {
 	const diagnostics = [];
 	const files = getSourceFiles(context);
@@ -2342,6 +2424,9 @@ const detectPythonPatterns = async (context) => {
 		flagBroadExceptWithSilentBody(lines, relPath, diagnostics);
 		flagMutableDefaults(lines, relPath, diagnostics);
 		flagPrintInProduction(lines, relPath, basename, diagnostics);
+		flagRangeLenLoops(lines, relPath, diagnostics);
+		flagChainedDictGets(lines, relPath, diagnostics);
+		flagBranchLadders(lines, relPath, diagnostics);
 	}
 	return diagnostics;
 };
@@ -5757,7 +5842,7 @@ const handleAislopBaseline = (input) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.3";
+const APP_VERSION = "0.9.4";
 
 //#endregion
 //#region src/telemetry/env.ts

package/dist/{version-BNO_Lw7E.js → version-C45P3Q1N.js}

@@ -29,7 +29,7 @@ const getEngineLabel = (engine) => ENGINE_INFO[engine].label;
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.3";
+const APP_VERSION = "0.9.4";
 
 //#endregion
 export { ENGINE_INFO as n, getEngineLabel as r, APP_VERSION as t };

package/package.json

@@ -1,93 +1,94 @@
 {
-	"name": "aislop",
-	"version": "0.9.3",
-	"description": "The engineering standards layer and quality gate for AI-written code. Define your standard once. Every agent — Claude Code, Cursor, Codex — is held to it automatically, on every edit and every PR. Catches the slop they leave behind, enforces the rules your team sets. 8+ languages. Deterministic.",
-	"type": "module",
-	"bin": {
-		"aislop": "./dist/cli.js",
-		"aislop-mcp": "./dist/mcp.js"
-	},
-	"files": [
-		"dist",
-		"scripts"
-	],
-	"exports": {
-		".": {
-			"types": "./dist/index.d.ts",
-			"default": "./dist/index.js"
-		}
-	},
-	"scripts": {
-		"dev": "tsdown --watch",
-		"build": "rm -rf dist && NODE_ENV=production tsdown",
-		"postinstall": "node scripts/postinstall-tools.mjs",
-		"typecheck": "tsc --noEmit",
-		"test": "pnpm build && vitest run",
-		"scan": "pnpm build && node dist/cli.js scan .",
-		"scan:exclude": "pnpm build && node dist/cli.js scan . --exclude .idea --exclude .gitnore --exclude node_modules",
-		"scan:include": "pnpm build && node dist/cli.js scan . --include src --include tests",
-		"scan:json": "pnpm build && node dist/cli.js scan . --json",
-		"quality": "pnpm typecheck && pnpm test && node dist/cli.js scan . --json"
-	},
-	"keywords": [
-		"aislop",
-		"ai-slop",
-		"code-quality",
-		"linter",
-		"formatter",
-		"cli",
-		"ai",
-		"copilot",
-		"code-review",
-		"static-analysis",
-		"typescript",
-		"javascript",
-		"python",
-		"go",
-		"rust",
-		"ruby",
-		"php"
-	],
-	"author": "heavykenny",
-	"license": "MIT",
-	"homepage": "https://github.com/scanaislop/aislop#readme",
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/scanaislop/aislop.git"
-	},
-	"bugs": {
-		"url": "https://github.com/scanaislop/aislop/issues"
-	},
-	"engines": {
-		"node": ">=20"
-	},
-	"packageManager": "pnpm@10.28.0",
-	"dependencies": {
-		"@biomejs/biome": "^2.4.5",
-		"@clack/prompts": "^1.2.0",
-		"@modelcontextprotocol/sdk": "^1.29.0",
-		"adm-zip": "^0.5.16",
-		"commander": "^14.0.3",
-		"expo-doctor": "^1.18.10",
-		"knip": "^5.85.0",
-		"micromatch": "^4.0.8",
-		"oxlint": "^1.51.0",
-		"picocolors": "^1.1.1",
-		"tar": "^7.5.11",
-		"typescript": "^5.9.3",
-		"wcwidth": "^1.0.1",
-		"yaml": "^2.8.2",
-		"zod": "^4.3.6"
-	},
-	"devDependencies": {
-		"@types/micromatch": "^4.0.10",
-		"@types/node": "^25.6.0",
-		"tsdown": "^0.20.3",
-		"vitest": "^4.0.18"
-	},
-	"pnpm": {
-		"overrides": {
-			"postcss@<8.5.10": "^8.5.10"
-		}
-	}
+  "name": "aislop",
+  "version": "0.9.4",
+  "description": "The engineering standards layer and quality gate for AI-written code. Define your standard once. Every agent — Claude Code, Cursor, Codex — is held to it automatically, on every edit and every PR. Catches the slop they leave behind, enforces the rules your team sets. 8+ languages. Deterministic.",
+  "type": "module",
+  "bin": {
+    "aislop": "./dist/cli.js",
+    "aislop-mcp": "./dist/mcp.js"
+  },
+  "files": [
+    "dist",
+    "scripts"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "dev": "tsdown --watch",
+    "build": "rm -rf dist && NODE_ENV=production tsdown",
+    "postinstall": "node scripts/postinstall-tools.mjs",
+    "typecheck": "tsc --noEmit",
+    "test": "pnpm build && vitest run",
+    "scan": "pnpm build && node dist/cli.js scan .",
+    "scan:exclude": "pnpm build && node dist/cli.js scan . --exclude .idea --exclude .gitnore --exclude node_modules",
+    "scan:include": "pnpm build && node dist/cli.js scan . --include src --include tests",
+    "scan:json": "pnpm build && node dist/cli.js scan . --json",
+    "quality": "pnpm typecheck && pnpm test && node dist/cli.js scan . --json"
+  },
+  "keywords": [
+    "aislop",
+    "ai-slop",
+    "code-quality",
+    "linter",
+    "formatter",
+    "cli",
+    "ai",
+    "copilot",
+    "code-review",
+    "static-analysis",
+    "typescript",
+    "javascript",
+    "python",
+    "go",
+    "rust",
+    "ruby",
+    "php"
+  ],
+  "author": "heavykenny",
+  "license": "MIT",
+  "homepage": "https://github.com/scanaislop/aislop#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/scanaislop/aislop.git"
+  },
+  "bugs": {
+    "url": "https://github.com/scanaislop/aislop/issues"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "packageManager": "pnpm@10.28.0",
+  "dependencies": {
+    "@biomejs/biome": "^2.4.5",
+    "@clack/prompts": "^1.2.0",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "adm-zip": "^0.5.16",
+    "commander": "^14.0.3",
+    "expo-doctor": "^1.18.10",
+    "knip": "^5.85.0",
+    "micromatch": "^4.0.8",
+    "oxlint": "^1.51.0",
+    "picocolors": "^1.1.1",
+    "tar": "^7.5.11",
+    "typescript": "^5.9.3",
+    "wcwidth": "^1.0.1",
+    "yaml": "^2.8.2",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/micromatch": "^4.0.10",
+    "@types/node": "^25.6.0",
+    "tsdown": "^0.20.3",
+    "vitest": "^4.0.18"
+  },
+  "pnpm": {
+    "overrides": {
+      "postcss@<8.5.10": "^8.5.10",
+      "qs@>=6.11.1 <=6.15.1": "^6.15.2"
+    }
+  }
 }