aislop 0.9.3 → 0.9.5

package/dist/index.js

@@ -1,7 +1,8 @@
-import { n as ENGINE_INFO, r as getEngineLabel, t as APP_VERSION } from "./version-BNO_Lw7E.js";
+import { n as getEngineLabel, t as ENGINE_INFO } from "./engine-info-DCvIfZ0f.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-CQUJDGgn.js";
-import { r as runGenericLinter, t as fixRubyLint } from "./generic-BrcWMW7E.js";
-import { n as runExpoDoctor } from "./expo-doctor-Bz0LZhQ6.js";
+import { t as APP_VERSION } from "./version-ls3wZmOU.js";
+import { r as runGenericLinter, t as fixRubyLint } from "./generic-D_T4cUaC.js";
+import { n as runExpoDoctor } from "./expo-doctor-BcIkOte5.js";
 import { createRequire, isBuiltin } from "node:module";
 import fs from "node:fs";
 import path from "node:path";
@@ -13,8 +14,8 @@ import { spawnSync } from "node:child_process";
 import micromatch from "micromatch";
 import { fileURLToPath } from "node:url";
 import { performance } from "node:perf_hooks";
-import os from "node:os";
 import ts from "typescript";
+import os from "node:os";
 import { randomUUID } from "node:crypto";
 import { isCancel, multiselect, select, text } from "@clack/prompts";
 
@@ -67,7 +68,8 @@ const DEFAULT_CONFIG = {
 		failBelow: 70,
 		format: "json"
 	},
-	telemetry: { enabled: true }
+	telemetry: { enabled: true },
+	rules: {}
 };
 const GITHUB_WORKFLOW_DIR = ".github/workflows";
 const GITHUB_WORKFLOW_FILE = "aislop.yml";
@@ -194,6 +196,12 @@ const CiSchema = z.object({
 	format: z.enum(["json"]).default("json")
 });
 const TelemetrySchema = z.object({ enabled: z.boolean().default(true) });
+const RuleSeverityOverride = z.enum([
+	"error",
+	"warning",
+	"off"
+]);
+const RulesSchema = z.record(z.string(), RuleSeverityOverride).default(() => ({}));
 const AislopConfigSchema = z.object({
 	version: z.number().default(1),
 	engines: EnginesSchema.default(() => ({
@@ -228,6 +236,7 @@ const AislopConfigSchema = z.object({
 		format: "json"
 	})),
 	telemetry: TelemetrySchema.default(() => ({ enabled: true })),
+	rules: RulesSchema,
 	exclude: z.array(z.string()).default(() => [
 		"node_modules",
 		".git",
@@ -544,7 +553,7 @@ const padStart = (s, target, fill = " ") => {
 //#endregion
 //#region src/utils/source-files.ts
 const MAX_BUFFER$1 = 50 * 1024 * 1024;
-const SOURCE_EXTENSIONS = new Set([
+const SOURCE_EXTENSIONS$1 = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -652,7 +661,7 @@ const toProjectPath = (rootDirectory, filePath) => {
 const isWithinProject = (relativePath) => relativePath.length > 0 && !relativePath.startsWith("..");
 const hasAllowedExtension = (filePath, extraExtensions) => {
 	const extension = path.extname(filePath);
-	return SOURCE_EXTENSIONS.has(extension) || extraExtensions.has(extension);
+	return SOURCE_EXTENSIONS$1.has(extension) || extraExtensions.has(extension);
 };
 const isExcludedPath = (filePath) => EXCLUDED_DIRS.some((dir) => filePath === dir || filePath.startsWith(`${dir}/`) || filePath.includes(`/${dir}/`));
 const isExcludedFromScan = (relativePath) => isExcludedPath(relativePath) || isBuildCacheFile(relativePath);
@@ -1246,7 +1255,7 @@ const doctorCommand = async (directory, options = {}) => {
 
 //#endregion
 //#region src/engines/ai-slop/abstractions.ts
-const JS_EXTS$1 = new Set([
+const JS_EXTS$2 = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -1257,11 +1266,11 @@ const JS_EXTS$1 = new Set([
 const THIN_WRAPPER_PATTERNS = [
 	{
 		pattern: /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
-		extensions: JS_EXTS$1
+		extensions: JS_EXTS$2
 	},
 	{
 		pattern: /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
-		extensions: JS_EXTS$1
+		extensions: JS_EXTS$2
 	},
 	{
 		pattern: /def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm,
@@ -1494,6 +1503,12 @@ const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
 const MAX_TRIVIAL_COMMENT_LENGTH = 60;
 const isJsComment = (trimmed) => trimmed.startsWith("//") && !trimmed.startsWith("///") && !trimmed.startsWith("//!");
 const isPythonComment = (trimmed) => trimmed.startsWith("#") && !trimmed.startsWith("#!");
+const isLineComment = (trimmed) => isJsComment(trimmed) || isPythonComment(trimmed);
+const isInMultiLineCommentRun = (lines, index) => {
+	const prev = index > 0 ? lines[index - 1].trim() : "";
+	const next = index + 1 < lines.length ? lines[index + 1].trim() : "";
+	return isLineComment(prev) || isLineComment(next);
+};
 /**
 * Extract just the comment text after the comment marker.
 */
@@ -1546,6 +1561,7 @@ const scanFileForTrivialComments = (content, relativePath, ext) => {
 	const lines = content.split("\n");
 	for (let i = 0; i < lines.length; i++) {
 		if (!isTrivialComment(lines[i].trim(), i + 1 < lines.length ? lines[i + 1] : void 0)) continue;
+		if (isInMultiLineCommentRun(lines, i)) continue;
 		if (isDocCommentForDeclaration(lines, i, ext)) continue;
 		diagnostics.push({
 			filePath: relativePath,
@@ -1707,6 +1723,177 @@ const detectDeadPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/defensive-patterns.ts
+const JS_TS_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const TS_EXTENSIONS = new Set([".ts", ".tsx"]);
+const COERCION_CTORS = {
+	string: "String",
+	number: "Number",
+	boolean: "Boolean"
+};
+const scriptKindFor = (ext) => {
+	switch (ext) {
+		case ".tsx": return ts.ScriptKind.TSX;
+		case ".jsx": return ts.ScriptKind.JSX;
+		case ".js":
+		case ".mjs":
+		case ".cjs": return ts.ScriptKind.JS;
+		default: return ts.ScriptKind.TS;
+	}
+};
+const lineFor = (sourceFile, node) => sourceFile.getLineAndCharacterOfPosition(node.getStart(sourceFile)).line + 1;
+const makeDiagnostic = (filePath, line, rule, message, help) => ({
+	filePath,
+	engine: "ai-slop",
+	rule,
+	severity: "warning",
+	message,
+	help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isFunctionNode = (node) => ts.isFunctionDeclaration(node) || ts.isFunctionExpression(node) || ts.isArrowFunction(node) || ts.isMethodDeclaration(node) || ts.isConstructorDeclaration(node) || ts.isGetAccessorDeclaration(node) || ts.isSetAccessorDeclaration(node);
+const primitiveKindOf = (node) => {
+	if (!node) return null;
+	switch (node.kind) {
+		case ts.SyntaxKind.StringKeyword: return "string";
+		case ts.SyntaxKind.NumberKeyword: return "number";
+		case ts.SyntaxKind.BooleanKeyword: return "boolean";
+		default: return null;
+	}
+};
+const hasExportModifier = (node) => node.modifiers?.some((modifier) => modifier.kind === ts.SyntaxKind.ExportKeyword) ?? false;
+const primitiveParamsOf = (node) => {
+	const params = /* @__PURE__ */ new Map();
+	for (const param of node.parameters) {
+		if (!ts.isIdentifier(param.name)) continue;
+		const kind = primitiveKindOf(param.type);
+		if (!kind) continue;
+		params.set(param.name.text, kind);
+	}
+	return params;
+};
+const isRethrowStatement = (statement, errorName) => ts.isThrowStatement(statement) && statement.expression !== void 0 && ts.isIdentifier(statement.expression) && statement.expression.text === errorName;
+const isPromiseRejectRethrow = (statement, errorName) => {
+	if (!ts.isReturnStatement(statement) || !statement.expression) return false;
+	const expression = statement.expression;
+	if (!ts.isCallExpression(expression) || expression.arguments.length !== 1) return false;
+	const [arg] = expression.arguments;
+	if (!ts.isIdentifier(arg) || arg.text !== errorName) return false;
+	if (!ts.isPropertyAccessExpression(expression.expression)) return false;
+	const target = expression.expression;
+	return ts.isIdentifier(target.expression) && target.expression.text === "Promise" && target.name.text === "reject";
+};
+const detectRedundantTryCatch = (sourceFile, relativePath) => {
+	const diagnostics = [];
+	const visit = (node) => {
+		if (ts.isTryStatement(node) && node.catchClause && !node.finallyBlock) {
+			const catchNameNode = node.catchClause.variableDeclaration?.name;
+			const [onlyStatement] = node.catchClause.block.statements;
+			if (catchNameNode && ts.isIdentifier(catchNameNode) && node.catchClause.block.statements.length === 1 && onlyStatement && (isRethrowStatement(onlyStatement, catchNameNode.text) || isPromiseRejectRethrow(onlyStatement, catchNameNode.text))) diagnostics.push(makeDiagnostic(relativePath, lineFor(sourceFile, node.catchClause), "ai-slop/redundant-try-catch", "Catch block only rethrows the same error", "Remove the try/catch or add useful context, cleanup, or recovery. Rethrowing unchanged errors is usually defensive agent noise."));
+		}
+		ts.forEachChild(node, visit);
+	};
+	visit(sourceFile);
+	return diagnostics;
+};
+const detectPrimitiveCoercions = (sourceFile, relativePath) => {
+	const diagnostics = [];
+	const scanFunctionBody = (node, params) => {
+		const body = node.body;
+		if (!body || params.size === 0) return;
+		const visitBody = (child) => {
+			if (child !== body && isFunctionNode(child)) return;
+			if (ts.isCallExpression(child) && ts.isIdentifier(child.expression)) {
+				const [arg] = child.arguments;
+				if (arg && ts.isIdentifier(arg)) {
+					const primitive = params.get(arg.text);
+					if (primitive && child.expression.text === COERCION_CTORS[primitive]) diagnostics.push(makeDiagnostic(relativePath, lineFor(sourceFile, child), "ai-slop/redundant-type-coercion", `Parameter '${arg.text}' is already typed as ${primitive} but is coerced again`, "Trust the typed boundary or validate unknown input before this function. Re-coercing already typed parameters is usually defensive agent noise."));
+				}
+			}
+			ts.forEachChild(child, visitBody);
+		};
+		visitBody(body);
+	};
+	const visit = (node) => {
+		if (isFunctionNode(node)) scanFunctionBody(node, primitiveParamsOf(node));
+		ts.forEachChild(node, visit);
+	};
+	visit(sourceFile);
+	return diagnostics;
+};
+const normalizedTypeDeclaration = (sourceFile, node) => sourceFile.text.slice(node.getStart(sourceFile), node.getEnd()).replace(/\bexport\b/g, "").replace(/\bdeclare\b/g, "").replace(/\s+/g, " ").trim();
+const exportedTypesOf = (parsed) => {
+	const declarations = [];
+	const visit = (node) => {
+		if ((ts.isInterfaceDeclaration(node) || ts.isTypeAliasDeclaration(node)) && hasExportModifier(node)) declarations.push({
+			name: node.name.text,
+			signature: normalizedTypeDeclaration(parsed.sourceFile, node),
+			filePath: parsed.relativePath,
+			line: lineFor(parsed.sourceFile, node)
+		});
+		ts.forEachChild(node, visit);
+	};
+	visit(parsed.sourceFile);
+	return declarations;
+};
+const duplicateTypeKeyOf = (declaration) => `${declaration.name}\0${declaration.signature}`;
+const detectDuplicateExportedTypes = (parsedSources) => {
+	const diagnostics = [];
+	const seen = /* @__PURE__ */ new Map();
+	for (const parsed of parsedSources) {
+		if (!TS_EXTENSIONS.has(parsed.ext)) continue;
+		for (const declaration of exportedTypesOf(parsed)) {
+			const key = duplicateTypeKeyOf(declaration);
+			const previous = seen.get(key);
+			if (!previous) {
+				seen.set(key, declaration);
+				continue;
+			}
+			if (previous.filePath === declaration.filePath) continue;
+			diagnostics.push(makeDiagnostic(declaration.filePath, declaration.line, "ai-slop/duplicate-type-declaration", `Exported type '${declaration.name}' duplicates an existing declaration`, `Reuse or import the existing type from ${previous.filePath} instead of re-declaring the same shape in another file.`));
+		}
+	}
+	return diagnostics;
+};
+const detectDefensivePatterns = async (context) => {
+	const diagnostics = [];
+	const parsedSources = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relativePath)) continue;
+		const ext = path.extname(filePath);
+		if (!JS_TS_EXTENSIONS.has(ext)) continue;
+		const sourceFile = ts.createSourceFile(filePath, content, ts.ScriptTarget.Latest, true, scriptKindFor(ext));
+		parsedSources.push({
+			sourceFile,
+			relativePath,
+			ext
+		});
+		diagnostics.push(...detectRedundantTryCatch(sourceFile, relativePath));
+		if (TS_EXTENSIONS.has(ext)) diagnostics.push(...detectPrimitiveCoercions(sourceFile, relativePath));
+	}
+	diagnostics.push(...detectDuplicateExportedTypes(parsedSources));
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/duplicate-imports.ts
 const JS_EXTENSIONS$3 = new Set([
@@ -1717,7 +1904,16 @@ const JS_EXTENSIONS$3 = new Set([
 	".mjs",
 	".cjs"
 ]);
-const IMPORT_FROM_RE$1 = /^\s*import\s+[^;]*?from\s+["']([^"']+)["']/;
+const IMPORT_FROM_RE$1 = /^\s*import\s+([^;]*?)\s+from\s+["']([^"']+)["']/;
+const TYPE_ONLY_RE = /^\s*type\b/;
+const VALUE_BINDING_RE = /\{([^}]*)\}/;
+const isTypeOnly = (clause) => {
+	if (TYPE_ONLY_RE.test(clause)) return true;
+	const braces = VALUE_BINDING_RE.exec(clause);
+	if (!braces) return false;
+	const members = braces[1].split(",").map((member) => member.trim()).filter((member) => member.length > 0);
+	return members.length > 0 && members.every((member) => /^type\b/.test(member));
+};
 const extractImportLines = (content) => {
 	const lines = content.split("\n");
 	const results = [];
@@ -1726,8 +1922,9 @@ const extractImportLines = (content) => {
 		const match = IMPORT_FROM_RE$1.exec(line);
 		if (!match) continue;
 		results.push({
-			spec: match[1],
-			line: i + 1
+			spec: match[2],
+			line: i + 1,
+			typeOnly: isTypeOnly(match[1])
 		});
 	}
 	return results;
@@ -1746,14 +1943,16 @@ const detectDuplicateImports = async (context) => {
 		}
 		const imports = extractImportLines(content);
 		if (imports.length < 2) continue;
-		const bySpec = /* @__PURE__ */ new Map();
+		const byBucket = /* @__PURE__ */ new Map();
 		for (const imp of imports) {
-			const list = bySpec.get(imp.spec) ?? [];
+			const key = `${imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
+			const list = byBucket.get(key) ?? [];
 			list.push(imp);
-			bySpec.set(imp.spec, list);
+			byBucket.set(key, list);
 		}
 		const relPath = path.relative(context.rootDirectory, filePath);
-		for (const [spec, occurrences] of bySpec) {
+		for (const occurrences of byBucket.values()) {
+			const { spec } = occurrences[0];
 			if (occurrences.length < 2) continue;
 			for (const dup of occurrences.slice(1)) {
 				const firstLine = occurrences[0].line;
@@ -1958,6 +2157,130 @@ const detectGoPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/hardcoded-config.ts
+const SOURCE_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
+const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
+const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
+const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
+const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
+const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
+const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const PLACEHOLDER_HOSTS = new Set([
+	"example.com",
+	"example.org",
+	"example.net"
+]);
+const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
+const HARDCODED_URL_FINDING = {
+	rule: "ai-slop/hardcoded-url",
+	message: "Hardcoded environment URL in production code",
+	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
+};
+const HARDCODED_ID_FINDING = {
+	rule: "ai-slop/hardcoded-id",
+	message: "Hardcoded provider/project ID in production code",
+	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
+};
+const makeFinding = (filePath, line, spec) => ({
+	filePath,
+	engine: "ai-slop",
+	rule: spec.rule,
+	severity: "warning",
+	message: spec.message,
+	help: spec.help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
+const commentStartsBefore = (line, index, ext) => {
+	const prefix = line.slice(0, index);
+	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
+	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
+	return prefix.includes("//") || prefix.includes("/*");
+};
+const safeUrlHost = (urlText) => {
+	try {
+		return new URL(urlText).hostname.toLowerCase();
+	} catch {
+		return null;
+	}
+};
+const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
+const shouldFlagUrlLiteral = (line, urlText) => {
+	if (isEnvBackedLine(line)) return false;
+	const host = safeUrlHost(urlText);
+	if (!host) return false;
+	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
+	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
+};
+const hasUsefulIdShape = (value) => {
+	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (/^https?:\/\//i.test(value)) return false;
+	if (/^[A-Za-z]+$/.test(value)) return false;
+	return /[0-9_-]/.test(value);
+};
+const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
+	const diagnostics = [];
+	if (isCommentOnlyLine(line.trim())) return diagnostics;
+	URL_LITERAL_RE.lastIndex = 0;
+	let urlMatch;
+	while ((urlMatch = URL_LITERAL_RE.exec(line)) !== null) {
+		const urlText = urlMatch[2];
+		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
+		if (!shouldFlagUrlLiteral(line, urlText)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
+	}
+	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
+	ID_LITERAL_RE.lastIndex = 0;
+	let idMatch;
+	while ((idMatch = ID_LITERAL_RE.exec(line)) !== null) {
+		const value = idMatch[2];
+		if (commentStartsBefore(line, idMatch.index, ext)) continue;
+		if (!hasUsefulIdShape(value)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
+	}
+	return diagnostics;
+};
+const scanFileForConfigLiterals = (content, relativePath, ext) => {
+	if (!SOURCE_EXTENSIONS.has(ext)) return [];
+	if (isNonProductionPath(relativePath)) return [];
+	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
+};
+const detectHardcodedConfigLiterals = async (context) => {
+	const diagnostics = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const ext = path.extname(filePath);
+		diagnostics.push(...scanFileForConfigLiterals(content, relativePath, ext));
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/js-import-aliases.ts
 const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
@@ -2225,23 +2548,87 @@ const PYTHON_STDLIB = new Set([
 	"zoneinfo"
 ]);
 const PYTHON_IMPORT_TO_PIP = {
-	yaml: "pyyaml",
-	PIL: "pillow",
-	dateutil: "python-dateutil",
-	cv2: "opencv-python",
-	sklearn: "scikit-learn",
-	bs4: "beautifulsoup4",
-	typing_extensions: "typing-extensions",
-	google: "google-api-python-client",
-	jose: "python-jose",
-	jwt: "pyjwt",
-	OpenSSL: "pyopenssl",
-	magic: "python-magic",
-	docx: "python-docx",
-	pptx: "python-pptx",
-	git: "gitpython",
-	socks: "pysocks",
-	redis: "redis"
+	yaml: ["pyyaml"],
+	PIL: ["pillow"],
+	dateutil: ["python-dateutil"],
+	cv2: [
+		"opencv-python",
+		"opencv-python-headless",
+		"opencv-contrib-python"
+	],
+	sklearn: ["scikit-learn"],
+	bs4: ["beautifulsoup4"],
+	typing_extensions: ["typing-extensions"],
+	dotenv: ["python-dotenv"],
+	genai: ["google-genai"],
+	google: [
+		"google-genai",
+		"google-generativeai",
+		"google-api-python-client",
+		"google-cloud-storage",
+		"google-cloud-aiplatform",
+		"google-auth",
+		"protobuf"
+	],
+	jose: ["python-jose"],
+	jwt: ["pyjwt"],
+	OpenSSL: ["pyopenssl"],
+	Crypto: ["pycryptodome", "pycryptodomex"],
+	Cryptodome: ["pycryptodomex", "pycryptodome"],
+	magic: ["python-magic"],
+	docx: ["python-docx"],
+	pptx: ["python-pptx"],
+	git: ["gitpython"],
+	socks: ["pysocks"],
+	redis: ["redis"],
+	cairo: ["pycairo"],
+	serial: ["pyserial"],
+	usb: ["pyusb"],
+	gi: ["pygobject"],
+	Xlib: ["python-xlib"],
+	ldap: ["python-ldap"],
+	slugify: ["python-slugify"],
+	memcache: ["python-memcached"],
+	dns: ["dnspython"],
+	attr: ["attrs"],
+	attrs: ["attrs"],
+	zoneinfo_data: ["tzdata"],
+	pkg_resources: ["setuptools"],
+	setuptools: ["setuptools"],
+	wx: ["wxpython"],
+	skimage: ["scikit-image"],
+	OpenGL: ["pyopengl"],
+	win32api: ["pywin32"],
+	win32con: ["pywin32"],
+	win32com: ["pywin32"],
+	pythoncom: ["pywin32"],
+	pywintypes: ["pywin32"],
+	rest_framework: ["djangorestframework"],
+	allauth: ["django-allauth"],
+	corsheaders: ["django-cors-headers"],
+	debug_toolbar: ["django-debug-toolbar"],
+	environ: ["django-environ"],
+	flask_cors: ["flask-cors"],
+	flask_sqlalchemy: ["flask-sqlalchemy"],
+	flask_migrate: ["flask-migrate"],
+	flask_login: ["flask-login"],
+	jwt_extended: ["flask-jwt-extended"],
+	dateparser: ["dateparser"],
+	yaml_include: ["pyyaml-include"],
+	lxml_html_clean: ["lxml-html-clean"],
+	grpc: ["grpcio"],
+	grpc_status: ["grpcio-status"],
+	google_crc32c: ["google-crc32c"],
+	pkg_about: ["pkg-about"],
+	mpl_toolkits: ["matplotlib"],
+	dotmap: ["dotmap"],
+	pydantic_settings: ["pydantic-settings"],
+	telegram: ["python-telegram-bot"],
+	discord: ["discord-py"],
+	nacl: ["pynacl"],
+	jwcrypto: ["jwcrypto"],
+	humanfriendly: ["humanfriendly"],
+	multipart: ["python-multipart"]
 };
 
 //#endregion
@@ -2280,6 +2667,8 @@ const collectFromPyproject = (rootDir, pyDeps) => {
 			const m = line.match(/["']\s*([a-zA-Z0-9_\-.]+)/);
 			if (m) addPyDep(pyDeps, m[1]);
 		}
+		const extras = content.match(/\[project\.optional-dependencies\]([\s\S]*?)(?=\n\[|$)/);
+		if (extras) for (const m of extras[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
 		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
 		let match = poetryRe.exec(content);
 		while (match !== null) {
@@ -2478,6 +2867,11 @@ const packageNameFromImport = (spec) => {
 	}
 	return spec.split("/")[0];
 };
+const typesPackageName = (pkg) => {
+	if (pkg.startsWith("@types/")) return pkg;
+	if (pkg.startsWith("@")) return `@types/${pkg.slice(1).replace("/", "__")}`;
+	return `@types/${pkg}`;
+};
 const STATIC_IMPORT_RE = /^\s*import\s+(?:[\w*{},\s]+\s+from\s+)?["']([^"']+)["']/;
 const DYNAMIC_IMPORT_RE = /(?:import|require)\s*\(\s*["']([^"']+)["']/g;
 const extractJsImports = (content) => {
@@ -2542,15 +2936,16 @@ const checkJsImport = (rawSpec, manifest, tsAliasMatchers) => {
 		const realPkg = pkg.slice(7);
 		if (manifest.jsDeps.has(realPkg)) return null;
 	}
+	if (manifest.jsDeps.has(typesPackageName(pkg))) return null;
 	return pkg;
 };
+const normalizePyName = (name) => name.toLowerCase().replace(/_/g, "-");
 const checkPyImport = (spec, manifest) => {
 	const root = spec.split(".")[0];
 	if (PYTHON_STDLIB.has(root)) return null;
-	const normalized = root.toLowerCase().replace(/_/g, "-");
+	const normalized = normalizePyName(root);
 	if (manifest.pyDeps.has(normalized)) return null;
-	const pipName = PYTHON_IMPORT_TO_PIP[root];
-	if (pipName && manifest.pyDeps.has(pipName)) return null;
+	if ((PYTHON_IMPORT_TO_PIP[root] ?? PYTHON_IMPORT_TO_PIP[normalized])?.some((dist) => manifest.pyDeps.has(normalizePyName(dist)))) return null;
 	return root;
 };
 const detectHallucinatedImports = async (context) => {
@@ -2700,6 +3095,85 @@ const collectBlocks = (sourceLines, syntax) => {
 	return blocks;
 };
 
+//#endregion
+//#region src/engines/ai-slop/meta-comment.ts
+const PLAN_REFERENCE_RES = [
+	/\b(?:stage|step|phase)\s+\d+\b(?!\s*[:.]?\s*(?:bytes|ms|seconds|of\s+\d))/i,
+	/\bstep\s+\d+\s+of\s+the\s+plan\b/i,
+	/\bas\s+(?:per|requested)\s+(?:the\s+)?(?:requirements?|spec|task|ticket|prompt|instructions?)\b/i,
+	/\bper\s+the\s+(?:spec|requirements?|task|ticket|plan|prompt|instructions?)\b/i,
+	/\bfrom\s+the\s+(?:task|todo|plan|spec|ticket|prompt|requirements?)\b/i,
+	/\bimplement(?:ing|s|ed)?\s+use\s*case\s+\d*/i,
+	/\b(?:requirements?\s+doc|requirement\s+\d+)\b/i,
+	/\bas\s+(?:instructed|specified|outlined)\s+(?:above|below|in\s+the)\b/i
+];
+const BEFORE_AFTER_RES = [
+	/\bpreviously[,:]?\s+(?:this|we|it|the)\b/i,
+	/\bused\s+to\s+(?:be|use|call|return|do|have|rely)\b/i,
+	/\bchanged\s+(?:\w+\s+){0,3}from\s+.+\bto\b/i,
+	/\bno\s+longer\s+(?:needed|used|required|necessary|calls?|returns?|does)\b/i,
+	/\bthis\s+was\s+.+\bbut\s+now\b/i,
+	/\bwe\s+(?:now|used\s+to)\s+(?:no\s+longer\s+)?(?:use|call|return|do|have)\b/i,
+	/\breplaced\s+the\s+(?:old|previous|former)\b/i,
+	/\b(?:was|were)\s+(?:renamed|moved|removed|refactored|extracted)\s+(?:from|to|out\s+of)\b/i
+];
+const WHY_OR_TODO_RE = /\b(?:because|since|otherwise|todo|fixme|hack|note:|reason:|workaround|see\s+(?:issue|#))\b/i;
+const looksLikeLicenseHeader$1 = (block) => {
+	if (block.startLine !== 1) return false;
+	const text = block.rawLines.join(" ").toLowerCase();
+	return text.includes("copyright") || text.includes("license") || text.includes("spdx-license-identifier");
+};
+const looksLikeSuppressDirective$1 = (block) => block.rawLines.some((line) => /\b(?:biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(line));
+const matchMetaSignal = (block) => {
+	if (looksLikeLicenseHeader$1(block)) return null;
+	if (looksLikeSuppressDirective$1(block)) return null;
+	if (block.kind === "jsdoc" && block.hasMeaningfulJsdocTag) return null;
+	if (block.isRustDoc) return null;
+	const joined = block.prose.join(" ");
+	if (joined.trim().length === 0) return null;
+	if (WHY_OR_TODO_RE.test(joined)) return null;
+	if (PLAN_REFERENCE_RES.some((re) => re.test(joined))) return "plan/process reference";
+	if (BEFORE_AFTER_RES.some((re) => re.test(joined))) return "before/after state narration";
+	return null;
+};
+const detectMetaComments = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		const ext = path.extname(filePath);
+		if (!SUPPORTED_EXTS.has(ext)) continue;
+		if (isAutoGenerated(filePath)) continue;
+		const syntax = getCommentSyntax(ext);
+		if (!syntax) continue;
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relativePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const blocks = collectBlocks(content.split("\n"), syntax);
+		for (const block of blocks) {
+			const reason = matchMetaSignal(block);
+			if (!reason) continue;
+			diagnostics.push({
+				filePath: relativePath,
+				engine: "ai-slop",
+				rule: "ai-slop/meta-comment",
+				severity: "warning",
+				message: `Meta/plan comment (${reason})`,
+				help: "Remove — references to the build plan or before/after code state belong in PR descriptions and commit messages, not source.",
+				line: block.startLine,
+				column: 0,
+				category: "Comments",
+				fixable: false
+			});
+		}
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/narrative-comments.ts
 const looksLikeDeclarationPreamble = (nextLine, ext) => {
@@ -2931,6 +3405,11 @@ const BROAD_EXCEPT_RE = /^\s*except\s+(Exception|BaseException)\s*(?:as\s+\w+)?\
 const PRINT_RE = /^\s*print\s*\(/;
 const DEF_RE = /^\s*(?:async\s+)?def\s+\w+\s*\(/;
 const MUTABLE_DEFAULT_RE = /(\w+)\s*(?::\s*[^,)=]+)?\s*=\s*(\[\s*\]|\{\s*\}|set\(\s*\))/;
+const RANGE_LEN_LOOP_RE = /^\s*for\s+([A-Za-z_]\w*)\s+in\s+range\s*\(\s*len\s*\(\s*([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*\)\s*\)\s*:\s*(?:#.*)?$/;
+const CHAINED_DICT_GET_RE = /\.get\s*\([^)]*,\s*\{\s*\}\s*\)\s*\.get\s*\(/;
+const SAME_VALUE_BRANCH_RE = /^(\s*)(?:if|elif)\s+([A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)\s*==\s*["'][^"']+["']\s*:/;
+const INSTANCE_BRANCH_RE = /^(\s*)(?:if|elif)\s+isinstance\s*\(\s*([A-Za-z_]\w*)\s*,\s*[^)]+\)\s*:/;
+const BRANCH_LADDER_THRESHOLD = 4;
 const isTestFile$1 = (relPath, basename) => basename.startsWith("test_") || basename.endsWith("_test.py") || basename === "conftest.py" || relPath.split(path.sep).some((seg) => seg === "tests" || seg === "test");
 const isScriptOrEntrypoint = (basename) => basename === "__main__.py" || basename === "manage.py" || basename === "setup.py";
 const SCRIPT_DIR_NAMES = new Set([
@@ -2983,6 +3462,13 @@ const pushFinding = (out, a) => {
 		fixable: false
 	});
 };
+const pushLineFinding = (out, relPath, line, finding) => {
+	pushFinding(out, {
+		relPath,
+		line,
+		...finding
+	});
+};
 const flagBareExcept = (lines, relPath, out) => {
 	for (let i = 0; i < lines.length; i++) {
 		if (!BARE_EXCEPT_RE.test(lines[i])) continue;
@@ -3064,6 +3550,76 @@ const flagPrintInProduction = (lines, relPath, basename, out) => {
 		});
 	}
 };
+const flagRangeLenLoops = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		const match = RANGE_LEN_LOOP_RE.exec(lines[i]);
+		if (!match) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-range-len-loop",
+			severity: "info",
+			message: `\`range(len(${match[2]}))\` loop — usually a hand-rolled iteration pattern.`,
+			help: "Prefer direct iteration (`for item in items`) or `enumerate(items)` when the index is needed. Keeping index plumbing out of the loop reduces checkpoint-to-checkpoint bloat."
+		});
+	}
+};
+const flagChainedDictGets = (lines, relPath, out) => {
+	for (let i = 0; i < lines.length; i++) {
+		if (!CHAINED_DICT_GET_RE.test(lines[i])) continue;
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-chained-dict-get",
+			severity: "warning",
+			message: "Chained `.get(..., {})` defaults hide missing-data cases.",
+			help: "Normalize the input at the boundary, use a typed object, or split the lookup into explicit steps. Empty-dict fallback chains are a common agent shortcut that becomes brittle as schemas evolve."
+		});
+	}
+};
+const countBranchLadder = (lines, start, pattern, selector, indent) => {
+	let count = 1;
+	for (let i = start + 1; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (trimmed === "" || trimmed.startsWith("#")) continue;
+		const match = pattern.exec(line);
+		if (match?.[1] === indent && match[2] === selector) {
+			count++;
+			continue;
+		}
+		if (line.startsWith(`${indent}elif `)) break;
+		if (line.length - line.trimStart().length <= indent.length && !line.startsWith(`${indent}else`)) break;
+	}
+	return count;
+};
+const flagBranchLadders = (lines, relPath, out) => {
+	const reported = /* @__PURE__ */ new Set();
+	for (let i = 0; i < lines.length; i++) {
+		if (reported.has(i)) continue;
+		const valueMatch = SAME_VALUE_BRANCH_RE.exec(lines[i]);
+		if (valueMatch) {
+			const count = countBranchLadder(lines, i, SAME_VALUE_BRANCH_RE, valueMatch[2], valueMatch[1]);
+			if (count >= BRANCH_LADDER_THRESHOLD) {
+				reported.add(i);
+				pushLineFinding(out, relPath, i + 1, {
+					rule: "ai-slop/python-repetitive-dispatch",
+					severity: "warning",
+					message: `${count} repeated branches dispatch on \`${valueMatch[2]}\`.`,
+					help: "Use a table, set membership, or handler map when branches share the same shape. SlopCodeBench highlights these selector ladders as code that keeps growing instead of absorbing new cases cleanly."
+				});
+			}
+			continue;
+		}
+		const instanceMatch = INSTANCE_BRANCH_RE.exec(lines[i]);
+		if (!instanceMatch) continue;
+		const count = countBranchLadder(lines, i, INSTANCE_BRANCH_RE, instanceMatch[2], instanceMatch[1]);
+		if (count < BRANCH_LADDER_THRESHOLD) continue;
+		reported.add(i);
+		pushLineFinding(out, relPath, i + 1, {
+			rule: "ai-slop/python-isinstance-ladder",
+			severity: "warning",
+			message: `${count} repeated \`isinstance(${instanceMatch[2]}, ...)\` branches.`,
+			help: "Prefer a handler map, protocol, or normalized intermediate representation when each type branch has the same role. Repeated type ladders are one of the maintainability smells SCBench-style checks look for."
+		});
+	}
+};
 const detectPythonPatterns = async (context) => {
 	const diagnostics = [];
 	const files = getSourceFiles(context);
@@ -3083,6 +3639,9 @@ const detectPythonPatterns = async (context) => {
 		flagBroadExceptWithSilentBody(lines, relPath, diagnostics);
 		flagMutableDefaults(lines, relPath, diagnostics);
 		flagPrintInProduction(lines, relPath, basename, diagnostics);
+		flagRangeLenLoops(lines, relPath, diagnostics);
+		flagChainedDictGets(lines, relPath, diagnostics);
+		flagBranchLadders(lines, relPath, diagnostics);
 	}
 	return diagnostics;
 };
@@ -3223,6 +3782,143 @@ const detectRustPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/silent-recovery.ts
+const JS_EXTS$1 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const CATCH_HEAD_RE = /\bcatch\s*(?:\([^)]*\))?\s*\{/g;
+const LOG_STATEMENT_RE = /^(?:console|[\w$]+(?:\.[\w$]+)*)\.(?:log|info|warn|warning|error|debug|trace)\s*\(/;
+const HANDLING_TOKEN_RE = /\b(?:throw|return|reject|next|process\.exit|continue|break)\b/;
+const stripBlockComments = (text) => text.replace(/\/\*[\s\S]*?\*\//g, "");
+const extractCatchBody = (content, openBraceIndex) => {
+	let depth = 0;
+	let inString = null;
+	for (let i = openBraceIndex; i < content.length; i += 1) {
+		const ch = content[i];
+		const prev = content[i - 1];
+		if (inString) {
+			if (ch === inString && prev !== "\\") inString = null;
+			continue;
+		}
+		if (ch === "\"" || ch === "'" || ch === "`") {
+			inString = ch;
+			continue;
+		}
+		if (ch === "{") depth += 1;
+		else if (ch === "}") {
+			depth -= 1;
+			if (depth === 0) return content.slice(openBraceIndex + 1, i);
+		}
+	}
+	return null;
+};
+const isLogOnlyBody = (body) => {
+	const statements = stripBlockComments(body).split("\n").map((line) => line.replace(/\/\/.*$/, "").trim()).filter((line) => line.length > 0 && line !== ";");
+	if (statements.length === 0) return false;
+	if (statements.some((line) => HANDLING_TOKEN_RE.test(line))) return false;
+	let sawLog = false;
+	for (const statement of statements) {
+		const normalized = statement.replace(/;+$/, "");
+		if (LOG_STATEMENT_RE.test(normalized)) {
+			sawLog = true;
+			continue;
+		}
+		if (/^[\w$"'`{[(),.\s+:-]+$/.test(normalized) && !/[=(]\s*(?:async\s+)?\(/.test(normalized)) continue;
+		return false;
+	}
+	return sawLog;
+};
+const detectJsSilentRecovery = (content, relPath) => {
+	const out = [];
+	CATCH_HEAD_RE.lastIndex = 0;
+	let match;
+	while ((match = CATCH_HEAD_RE.exec(content)) !== null) {
+		const body = extractCatchBody(content, match.index + match[0].length - 1);
+		if (body === null) continue;
+		if (!isLogOnlyBody(body)) continue;
+		const line = content.slice(0, match.index).split("\n").length;
+		out.push({
+			filePath: relPath,
+			engine: "ai-slop",
+			rule: "ai-slop/silent-recovery",
+			severity: "warning",
+			message: "Catch only logs then continues, leaving execution in a possibly broken state",
+			help: "Handle the error: rethrow, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			line,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return out;
+};
+const PY_EXCEPT_RE = /^(\s*)except\b[^\n]*:\s*(?:#.*)?$/;
+const PY_LOG_STATEMENT_RE = /^(?:logging|logger|log|self\.log|self\.logger|print)(?:\.(?:debug|info|warning|warn|error|exception|critical))?\s*\(/;
+const PY_HANDLING_TOKEN_RE = /^(?:raise\b|return\b|continue\b|break\b|self\.|[\w.]+\s*=)/;
+const detectPySilentRecovery = (content, relPath) => {
+	const out = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i += 1) {
+		const exceptMatch = PY_EXCEPT_RE.exec(lines[i]);
+		if (!exceptMatch) continue;
+		const indent = exceptMatch[1].length;
+		const bodyLines = [];
+		let j = i + 1;
+		for (; j < lines.length; j += 1) {
+			const raw = lines[j];
+			if (raw.trim() === "") continue;
+			if (raw.length - raw.trimStart().length <= indent) break;
+			bodyLines.push(raw.trim());
+		}
+		if (bodyLines.length === 0) continue;
+		if (bodyLines.some((line) => PY_HANDLING_TOKEN_RE.test(line))) continue;
+		if (bodyLines.some((line) => line === "pass")) continue;
+		const allLogs = bodyLines.every((line) => PY_LOG_STATEMENT_RE.test(line) || /^[\w"'(),.\s+:%{}[\]-]+$/.test(line));
+		const sawLog = bodyLines.some((line) => PY_LOG_STATEMENT_RE.test(line));
+		if (!allLogs || !sawLog) continue;
+		out.push({
+			filePath: relPath,
+			engine: "ai-slop",
+			rule: "ai-slop/silent-recovery",
+			severity: "warning",
+			message: "except only logs then continues, leaving execution in a possibly broken state",
+			help: "Handle the error: re-raise, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return out;
+};
+const detectSilentRecovery = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		const ext = path.extname(filePath);
+		const isJs = JS_EXTS$1.has(ext);
+		if (!isJs && !(ext === ".py")) continue;
+		const relPath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relPath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		if (isJs) diagnostics.push(...detectJsSilentRecovery(content, relPath));
+		else diagnostics.push(...detectPySilentRecovery(content, relPath));
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/unused-imports.ts
 const JS_EXTENSIONS$1 = new Set([
@@ -3412,15 +4108,19 @@ const aiSlopEngine = {
 		const results = await Promise.allSettled([
 			detectTrivialComments(context),
 			detectSwallowedExceptions(context),
+			detectDefensivePatterns(context),
 			detectOverAbstraction(context),
 			detectDeadPatterns(context),
 			detectUnusedImports(context),
 			detectNarrativeComments(context),
 			detectDuplicateImports(context),
+			detectHardcodedConfigLiterals(context),
 			detectPythonPatterns(context),
 			detectGoPatterns(context),
 			detectRustPatterns(context),
-			detectHallucinatedImports(context)
+			detectHallucinatedImports(context),
+			detectSilentRecovery(context),
+			detectMetaComments(context)
 		]);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
 		return {
@@ -5556,9 +6256,9 @@ const lintEngine = {
 		const promises = [];
 		if (languages.includes("typescript") || languages.includes("javascript")) {
 			promises.push(runOxlint(context));
-			if (context.config.lint.typecheck) promises.push(import("./typecheck-XJMuCczG.js").then((mod) => mod.runTypecheck(context)));
+			if (context.config.lint.typecheck) promises.push(import("./typecheck-DQSzG8fX.js").then((mod) => mod.runTypecheck(context)));
 		}
-		if (context.frameworks.includes("expo")) promises.push(import("./expo-doctor-Bz0LZhQ6.js").then((n) => n.t).then((mod) => mod.runExpoDoctor(context)));
+		if (context.frameworks.includes("expo")) promises.push(import("./expo-doctor-BcIkOte5.js").then((n) => n.t).then((mod) => mod.runExpoDoctor(context)));
 		if (languages.includes("python") && installedTools["ruff"]) promises.push(runRuffLint(context));
 		if (languages.includes("go") && installedTools["golangci-lint"]) promises.push(runGolangciLint(context));
 		if (languages.includes("rust") && installedTools["cargo"]) promises.push(runGenericLinter(context, "rust"));
@@ -6109,7 +6809,7 @@ const RISKY_PATTERNS = [
 		help: "Use JSON, MessagePack, or other safe serialization formats for untrusted data"
 	},
 	{
-		pattern: new RegExp(`\\bexec\\s*\\(`, "g"),
+		pattern: new RegExp(`(?<![\\w.>:\\\\])\\bexec\\s*\\(`, "g"),
 		extensions: [".py"],
 		name: "python-exec",
 		message: "Use of exec() can execute arbitrary code",
@@ -6677,8 +7377,8 @@ const redactProperties = (props) => {
 
 //#endregion
 //#region src/telemetry/client.ts
-const POSTHOG_HOST = "https://eu.i.posthog.com";
-const POSTHOG_KEY = "phc_eY2cOMFva9q24GrWeOuvuVIOhCIdjOALxeAR3ItrqbJ";
+const POSTHOG_HOST = process.env.AISLOP_POSTHOG_HOST ?? "https://eu.i.posthog.com";
+const POSTHOG_KEY = process.env.AISLOP_POSTHOG_KEY ?? "phc_eY2cOMFva9q24GrWeOuvuVIOhCIdjOALxeAR3ItrqbJ";
 const SCHEMA_VERSION = "v2";
 const REQUEST_TIMEOUT_MS = 3e3;
 const isTelemetryDisabled = (config) => {
@@ -7017,6 +7717,30 @@ const printEngineStatus = (result) => {
 	}
 };
 
+//#endregion
+//#region src/scoring/rule-severity.ts
+/**
+* Apply per-rule severity overrides from config: "off" drops the diagnostic,
+* "error"/"warning" rewrite its severity before scoring and rendering.
+*/
+const applyRuleSeverities = (diagnostics, overrides) => {
+	if (Object.keys(overrides).length === 0) return diagnostics;
+	const result = [];
+	for (const diagnostic of diagnostics) {
+		const override = overrides[diagnostic.rule];
+		if (!override) {
+			result.push(diagnostic);
+			continue;
+		}
+		if (override === "off") continue;
+		result.push(override === diagnostic.severity ? diagnostic : {
+			...diagnostic,
+			severity: override
+		});
+	}
+	return result;
+};
+
 //#endregion
 //#region src/ui/live-grid.ts
 const SPINNER = [
@@ -7153,6 +7877,11 @@ const RULE_LABELS = {
 	"knip/types": "Unused type",
 	"ai-slop/trivial-comment": "Trivial restating comment",
 	"ai-slop/swallowed-exception": "Empty catch (swallowed error)",
+	"ai-slop/silent-recovery": "Catch logs then continues",
+	"ai-slop/meta-comment": "Meta/plan comment",
+	"ai-slop/redundant-try-catch": "Redundant try/catch",
+	"ai-slop/redundant-type-coercion": "Redundant type coercion",
+	"ai-slop/duplicate-type-declaration": "Duplicate exported type",
 	"ai-slop/thin-wrapper": "Thin function wrapper",
 	"ai-slop/generic-naming": "Generic/vague identifier name",
 	"ai-slop/unused-import": "Unused import",
@@ -7166,10 +7895,16 @@ const RULE_LABELS = {
 	"ai-slop/ts-directive": "@ts-ignore / @ts-expect-error",
 	"ai-slop/narrative-comment": "Narrative comment block",
 	"ai-slop/duplicate-import": "Duplicate import statement",
+	"ai-slop/hardcoded-url": "Hardcoded URL",
+	"ai-slop/hardcoded-id": "Hardcoded provider ID",
 	"ai-slop/python-bare-except": "Bare except",
 	"ai-slop/python-broad-except": "Broad except",
 	"ai-slop/python-mutable-default": "Mutable default argument",
 	"ai-slop/python-print-debug": "print() left in code",
+	"ai-slop/python-range-len-loop": "range(len(...)) loop",
+	"ai-slop/python-chained-dict-get": "Chained dict get",
+	"ai-slop/python-repetitive-dispatch": "Repetitive dispatch ladder",
+	"ai-slop/python-isinstance-ladder": "isinstance ladder",
 	"ai-slop/go-library-panic": "panic() in Go library code",
 	"ai-slop/rust-non-test-unwrap": "Rust .unwrap() in production code",
 	"ai-slop/rust-todo-stub": "Rust todo!() stub",
@@ -7273,6 +8008,9 @@ const renderSummary = (input, deps = {}) => {
 	}
 	return lines.join("\n");
 };
+const renderStarCta = (deps = {}) => {
+	return `\n ${style(deps.theme ?? theme, "muted", "★ Found this useful? Star us at github.com/scanaislop/aislop")}\n`;
+};
 const renderCleanRun = (input, deps = {}) => {
 	const t = deps.theme ?? theme;
 	const s = deps.symbols ?? symbols;
@@ -7331,8 +8069,35 @@ const getStagedFiles = (cwd) => {
 	return result.stdout.split("\n").filter((f) => f.length > 0).map((f) => path.resolve(cwd, f));
 };
 
+//#endregion
+//#region src/utils/history.ts
+const HISTORY_FILE = "history.jsonl";
+const isHistoryDisabled = (env = process.env) => env.AISLOP_NO_HISTORY === "1";
+const historyPath = (directory) => path.join(path.resolve(directory), CONFIG_DIR, HISTORY_FILE);
+/**
+* Append a compact scan record to .aislop/history.jsonl. Best-effort: never
+* throws, so a read-only checkout or missing config dir can't break a scan.
+*/
+const appendHistory = (input) => {
+	if (isHistoryDisabled()) return;
+	const configDir = path.join(path.resolve(input.directory), CONFIG_DIR);
+	if (!fs.existsSync(configDir)) return;
+	const record = {
+		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+		score: input.score,
+		errors: input.errors,
+		warnings: input.warnings,
+		files: input.files,
+		cliVersion: APP_VERSION
+	};
+	try {
+		fs.appendFileSync(historyPath(input.directory), `${JSON.stringify(record)}\n`);
+	} catch {}
+};
+
 //#endregion
 //#region src/commands/scan.ts
+const isMachineOutput = (options) => Boolean(options.json) || Boolean(options.sarif);
 const shouldUseSpinner = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
 const ALL_ENGINE_NAMES = Object.keys(ENGINE_INFO);
 const BREAKDOWN_TOP_N = 10;
@@ -7388,11 +8153,12 @@ const buildScanRender = (input) => {
 	const warnings = input.diagnostics.filter((d) => d.severity === "warning").length;
 	const fixable = input.diagnostics.filter((d) => d.fixable).length;
 	const hasVulnerableDeps = input.diagnostics.some((d) => d.rule === "security/vulnerable-dependency");
+	const starCta = input.printBrand !== false ? renderStarCta(deps) : "";
 	if (input.diagnostics.length === 0 && input.score.score === 100) return `${header}${renderCleanRun({
 		score: input.score.score,
 		label: input.score.label,
 		elapsedMs: input.elapsedMs
-	}, deps)}`;
+	}, deps)}${starCta}`;
 	const diagBlock = input.diagnostics.length === 0 ? "" : renderDiagnostics(input.diagnostics, input.verbose);
 	const nextSteps = [];
 	if (fixable > 0) nextSteps.push({
@@ -7419,7 +8185,7 @@ const buildScanRender = (input) => {
 		nextSteps,
 		breakdown: computeBreakdown(input.diagnostics),
 		thresholds: input.thresholds
-	}, deps)}`;
+	}, deps)}${starCta}`;
 };
 const scanCommand = async (directory, config, options) => {
 	const resolvedDir = path.resolve(directory);
@@ -7446,17 +8212,18 @@ const scanCommand = async (directory, config, options) => {
 const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 	const startTime = performance.now();
 	const showHeader = options.showHeader !== false;
-	const useLiveProgress = !options.json && shouldUseSpinner();
+	const machineOutput = isMachineOutput(options);
+	const useLiveProgress = !machineOutput && shouldUseSpinner();
 	let files;
 	if (options.staged) {
 		files = filterProjectFiles(resolvedDir, getStagedFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} staged file(s)`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} staged file(s)`);
 	} else if (options.changes) {
 		files = filterProjectFiles(resolvedDir, getChangedFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} changed file(s)`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} changed file(s)`);
 	} else {
 		files = filterProjectFiles(resolvedDir, listProjectFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} file(s) after exclusions`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} file(s) after exclusions`);
 	}
 	const configDir = findConfigDir(resolvedDir);
 	const rulesPath = configDir ? path.join(configDir, RULES_FILE) : void 0;
@@ -7473,7 +8240,7 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 	}));
 	const progressRenderer = useLiveProgress ? new LiveGrid(gridRows) : null;
 	progressRenderer?.start();
-	const results = await runEngines({
+	const rawResults = await runEngines({
 		rootDirectory: resolvedDir,
 		languages: projectInfo.languages,
 		frameworks: projectInfo.frameworks,
@@ -7506,9 +8273,13 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 				elapsedMs: result.elapsed
 			});
 		}
-		if (!options.json && !progressRenderer) printEngineStatus(result);
+		if (!machineOutput && !progressRenderer) printEngineStatus(result);
 	});
 	progressRenderer?.stop();
+	const results = rawResults.map((result) => ({
+		...result,
+		diagnostics: applyRuleSeverities(result.diagnostics, config.rules)
+	}));
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
 	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds, projectInfo.sourceFileCount, config.scoring.smoothing);
@@ -7529,12 +8300,24 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 		engineIssues,
 		engineTimings
 	};
+	if (options.sarif) {
+		const { buildSarifLog } = await import("./sarif-Cneulb6L.js");
+		console.log(JSON.stringify(buildSarifLog(results), null, 2));
+		return completion;
+	}
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-BhO1Ufj3.js");
+		const { buildJsonOutput } = await import("./json-CZU3lEfE.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return completion;
 	}
+	if (!options.staged && !options.changes && options.command !== "ci" && !isCiEnv()) appendHistory({
+		directory: resolvedDir,
+		score: scoreResult.score,
+		errors: completion.errorCount,
+		warnings: completion.warningCount,
+		files: projectInfo.sourceFileCount
+	});
 	const projectName = projectInfo.projectName ?? "project";
 	const language = projectInfo.languages[0] ?? "unknown";
 	process.stdout.write(buildScanRender({
@@ -7614,6 +8397,16 @@ const AGENT_CONFIGS = {
 		bin: "goose",
 		args: (p) => ["run", p]
 	},
+	pi: {
+		type: "cli",
+		bin: "pi",
+		args: (p) => ["-p", p]
+	},
+	crush: {
+		type: "cli",
+		bin: "crush",
+		args: (p) => ["run", p]
+	},
 	cursor: {
 		type: "editor",
 		bin: "cursor"
@@ -8812,7 +9605,7 @@ const runLintSteps = async (deps) => {
 	if (hasJsOrTs(deps.projectInfo)) await deps.runStep("Lint fixes (js/ts)", () => runOxlint(deps.context), () => fixOxlint(deps.context, { force: deps.force }));
 	if (deps.projectInfo.languages.includes("python") && deps.projectInfo.installedTools.ruff) await deps.runStep("Lint fixes (python)", () => runRuffLint(deps.context), () => deps.force ? fixRuffLintForce(deps.resolvedDir) : fixRuffLint(deps.resolvedDir));
 	else if (deps.projectInfo.languages.includes("python")) log.warn("Python detected but ruff is not installed; skipping Python lint fixes.");
-	if (deps.projectInfo.languages.includes("ruby") && deps.projectInfo.installedTools.rubocop) await deps.runStep("Lint fixes (ruby)", () => import("./generic-BrcWMW7E.js").then((n) => n.n).then((mod) => mod.runGenericLinter(deps.context, "ruby")), () => fixRubyLint(deps.resolvedDir));
+	if (deps.projectInfo.languages.includes("ruby") && deps.projectInfo.installedTools.rubocop) await deps.runStep("Lint fixes (ruby)", () => import("./generic-D_T4cUaC.js").then((n) => n.n).then((mod) => mod.runGenericLinter(deps.context, "ruby")), () => fixRubyLint(deps.resolvedDir));
 	else if (deps.projectInfo.languages.includes("ruby")) log.warn("Ruby detected but rubocop is not installed; skipping Ruby lint fixes.");
 };
 const runDependencyStep = async (deps) => {
@@ -9338,6 +10131,11 @@ const BUILTIN_RULES = [
 		rules: [
 			"ai-slop/trivial-comment",
 			"ai-slop/swallowed-exception",
+			"ai-slop/silent-recovery",
+			"ai-slop/meta-comment",
+			"ai-slop/redundant-try-catch",
+			"ai-slop/redundant-type-coercion",
+			"ai-slop/duplicate-type-declaration",
 			"ai-slop/thin-wrapper",
 			"ai-slop/generic-naming",
 			"ai-slop/unused-import",
@@ -9351,10 +10149,16 @@ const BUILTIN_RULES = [
 			"ai-slop/ts-directive",
 			"ai-slop/narrative-comment",
 			"ai-slop/duplicate-import",
+			"ai-slop/hardcoded-url",
+			"ai-slop/hardcoded-id",
 			"ai-slop/python-bare-except",
 			"ai-slop/python-broad-except",
 			"ai-slop/python-mutable-default",
 			"ai-slop/python-print-debug",
+			"ai-slop/python-range-len-loop",
+			"ai-slop/python-chained-dict-get",
+			"ai-slop/python-repetitive-dispatch",
+			"ai-slop/python-isinstance-ladder",
 			"ai-slop/go-library-panic",
 			"ai-slop/rust-non-test-unwrap",
 			"ai-slop/rust-todo-stub",