aislop 0.9.4 → 0.9.5

package/dist/cli.js

@@ -10,8 +10,8 @@ import YAML from "yaml";
 import { z } from "zod/v4";
 import { execSync, spawn, spawnSync } from "node:child_process";
 import micromatch from "micromatch";
-import { fileURLToPath } from "node:url";
 import ts from "typescript";
+import { fileURLToPath } from "node:url";
 import { isCancel, multiselect, select, text } from "@clack/prompts";
 import pc from "picocolors";
 import wcwidth from "wcwidth";
@@ -34,7 +34,7 @@ var __exportAll = (all, no_symbols) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.4";
+const APP_VERSION = "0.9.5";
 
 //#endregion
 //#region src/telemetry/env.ts
@@ -180,8 +180,8 @@ const redactProperties = (props) => {
 
 //#endregion
 //#region src/telemetry/client.ts
-const POSTHOG_HOST = "https://eu.i.posthog.com";
-const POSTHOG_KEY = "phc_eY2cOMFva9q24GrWeOuvuVIOhCIdjOALxeAR3ItrqbJ";
+const POSTHOG_HOST = process.env.AISLOP_POSTHOG_HOST ?? "https://eu.i.posthog.com";
+const POSTHOG_KEY = process.env.AISLOP_POSTHOG_KEY ?? "phc_eY2cOMFva9q24GrWeOuvuVIOhCIdjOALxeAR3ItrqbJ";
 const SCHEMA_VERSION = "v2";
 const REQUEST_TIMEOUT_MS = 3e3;
 const isTelemetryDisabled = (config) => {
@@ -602,7 +602,8 @@ const DEFAULT_CONFIG = {
 		failBelow: 70,
 		format: "json"
 	},
-	telemetry: { enabled: true }
+	telemetry: { enabled: true },
+	rules: {}
 };
 const GITHUB_WORKFLOW_DIR = ".github/workflows";
 const GITHUB_WORKFLOW_FILE = "aislop.yml";
@@ -729,6 +730,12 @@ const CiSchema = z.object({
 	format: z.enum(["json"]).default("json")
 });
 const TelemetrySchema = z.object({ enabled: z.boolean().default(true) });
+const RuleSeverityOverride = z.enum([
+	"error",
+	"warning",
+	"off"
+]);
+const RulesSchema = z.record(z.string(), RuleSeverityOverride).default(() => ({}));
 const AislopConfigSchema = z.object({
 	version: z.number().default(1),
 	engines: EnginesSchema.default(() => ({
@@ -763,6 +770,7 @@ const AislopConfigSchema = z.object({
 		format: "json"
 	})),
 	telemetry: TelemetrySchema.default(() => ({ enabled: true })),
+	rules: RulesSchema,
 	exclude: z.array(z.string()).default(() => [
 		"node_modules",
 		".git",
@@ -831,7 +839,7 @@ const loadConfig = (directory) => {
 //#endregion
 //#region src/utils/source-files.ts
 const MAX_BUFFER$1 = 50 * 1024 * 1024;
-const SOURCE_EXTENSIONS = new Set([
+const SOURCE_EXTENSIONS$1 = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -939,7 +947,7 @@ const toProjectPath = (rootDirectory, filePath) => {
 const isWithinProject = (relativePath) => relativePath.length > 0 && !relativePath.startsWith("..");
 const hasAllowedExtension = (filePath, extraExtensions) => {
 	const extension = path.extname(filePath);
-	return SOURCE_EXTENSIONS.has(extension) || extraExtensions.has(extension);
+	return SOURCE_EXTENSIONS$1.has(extension) || extraExtensions.has(extension);
 };
 const isExcludedPath = (filePath) => EXCLUDED_DIRS.some((dir) => filePath === dir || filePath.startsWith(`${dir}/`) || filePath.includes(`/${dir}/`));
 const isExcludedFromScan = (relativePath) => isExcludedPath(relativePath) || isBuildCacheFile(relativePath);
@@ -1078,7 +1086,7 @@ const getSourceFilesWithExtras = (context, extraExtensions) => {
 
 //#endregion
 //#region src/engines/ai-slop/abstractions.ts
-const JS_EXTS$1 = new Set([
+const JS_EXTS$2 = new Set([
 	".ts",
 	".tsx",
 	".js",
@@ -1089,11 +1097,11 @@ const JS_EXTS$1 = new Set([
 const THIN_WRAPPER_PATTERNS = [
 	{
 		pattern: /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*(?::\s*\w[^{]*)?\{\s*\n?\s*return\s+\w+\([^)]*\);\s*\n?\s*\}/g,
-		extensions: JS_EXTS$1
+		extensions: JS_EXTS$2
 	},
 	{
 		pattern: /(?:export\s+)?const\s+(\w+)\s*=\s*(?:async\s+)?\([^)]*\)\s*(?::\s*\w[^=]*)?\s*=>\s*\w+\([^)]*\);/g,
-		extensions: JS_EXTS$1
+		extensions: JS_EXTS$2
 	},
 	{
 		pattern: /def\s+(\w+)\s*\([^)]*\)(?:\s*->[^:]*)?:\s*\n\s+return\s+\w+\([^)]*\)\s*$/gm,
@@ -1326,6 +1334,12 @@ const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
 const MAX_TRIVIAL_COMMENT_LENGTH = 60;
 const isJsComment = (trimmed) => trimmed.startsWith("//") && !trimmed.startsWith("///") && !trimmed.startsWith("//!");
 const isPythonComment = (trimmed) => trimmed.startsWith("#") && !trimmed.startsWith("#!");
+const isLineComment = (trimmed) => isJsComment(trimmed) || isPythonComment(trimmed);
+const isInMultiLineCommentRun = (lines, index) => {
+	const prev = index > 0 ? lines[index - 1].trim() : "";
+	const next = index + 1 < lines.length ? lines[index + 1].trim() : "";
+	return isLineComment(prev) || isLineComment(next);
+};
 /**
 * Extract just the comment text after the comment marker.
 */
@@ -1378,6 +1392,7 @@ const scanFileForTrivialComments = (content, relativePath, ext) => {
 	const lines = content.split("\n");
 	for (let i = 0; i < lines.length; i++) {
 		if (!isTrivialComment(lines[i].trim(), i + 1 < lines.length ? lines[i + 1] : void 0)) continue;
+		if (isInMultiLineCommentRun(lines, i)) continue;
 		if (isDocCommentForDeclaration(lines, i, ext)) continue;
 		diagnostics.push({
 			filePath: relativePath,
@@ -1539,6 +1554,177 @@ const detectDeadPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/defensive-patterns.ts
+const JS_TS_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const TS_EXTENSIONS = new Set([".ts", ".tsx"]);
+const COERCION_CTORS = {
+	string: "String",
+	number: "Number",
+	boolean: "Boolean"
+};
+const scriptKindFor = (ext) => {
+	switch (ext) {
+		case ".tsx": return ts.ScriptKind.TSX;
+		case ".jsx": return ts.ScriptKind.JSX;
+		case ".js":
+		case ".mjs":
+		case ".cjs": return ts.ScriptKind.JS;
+		default: return ts.ScriptKind.TS;
+	}
+};
+const lineFor = (sourceFile, node) => sourceFile.getLineAndCharacterOfPosition(node.getStart(sourceFile)).line + 1;
+const makeDiagnostic = (filePath, line, rule, message, help) => ({
+	filePath,
+	engine: "ai-slop",
+	rule,
+	severity: "warning",
+	message,
+	help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isFunctionNode = (node) => ts.isFunctionDeclaration(node) || ts.isFunctionExpression(node) || ts.isArrowFunction(node) || ts.isMethodDeclaration(node) || ts.isConstructorDeclaration(node) || ts.isGetAccessorDeclaration(node) || ts.isSetAccessorDeclaration(node);
+const primitiveKindOf = (node) => {
+	if (!node) return null;
+	switch (node.kind) {
+		case ts.SyntaxKind.StringKeyword: return "string";
+		case ts.SyntaxKind.NumberKeyword: return "number";
+		case ts.SyntaxKind.BooleanKeyword: return "boolean";
+		default: return null;
+	}
+};
+const hasExportModifier = (node) => node.modifiers?.some((modifier) => modifier.kind === ts.SyntaxKind.ExportKeyword) ?? false;
+const primitiveParamsOf = (node) => {
+	const params = /* @__PURE__ */ new Map();
+	for (const param of node.parameters) {
+		if (!ts.isIdentifier(param.name)) continue;
+		const kind = primitiveKindOf(param.type);
+		if (!kind) continue;
+		params.set(param.name.text, kind);
+	}
+	return params;
+};
+const isRethrowStatement = (statement, errorName) => ts.isThrowStatement(statement) && statement.expression !== void 0 && ts.isIdentifier(statement.expression) && statement.expression.text === errorName;
+const isPromiseRejectRethrow = (statement, errorName) => {
+	if (!ts.isReturnStatement(statement) || !statement.expression) return false;
+	const expression = statement.expression;
+	if (!ts.isCallExpression(expression) || expression.arguments.length !== 1) return false;
+	const [arg] = expression.arguments;
+	if (!ts.isIdentifier(arg) || arg.text !== errorName) return false;
+	if (!ts.isPropertyAccessExpression(expression.expression)) return false;
+	const target = expression.expression;
+	return ts.isIdentifier(target.expression) && target.expression.text === "Promise" && target.name.text === "reject";
+};
+const detectRedundantTryCatch = (sourceFile, relativePath) => {
+	const diagnostics = [];
+	const visit = (node) => {
+		if (ts.isTryStatement(node) && node.catchClause && !node.finallyBlock) {
+			const catchNameNode = node.catchClause.variableDeclaration?.name;
+			const [onlyStatement] = node.catchClause.block.statements;
+			if (catchNameNode && ts.isIdentifier(catchNameNode) && node.catchClause.block.statements.length === 1 && onlyStatement && (isRethrowStatement(onlyStatement, catchNameNode.text) || isPromiseRejectRethrow(onlyStatement, catchNameNode.text))) diagnostics.push(makeDiagnostic(relativePath, lineFor(sourceFile, node.catchClause), "ai-slop/redundant-try-catch", "Catch block only rethrows the same error", "Remove the try/catch or add useful context, cleanup, or recovery. Rethrowing unchanged errors is usually defensive agent noise."));
+		}
+		ts.forEachChild(node, visit);
+	};
+	visit(sourceFile);
+	return diagnostics;
+};
+const detectPrimitiveCoercions = (sourceFile, relativePath) => {
+	const diagnostics = [];
+	const scanFunctionBody = (node, params) => {
+		const body = node.body;
+		if (!body || params.size === 0) return;
+		const visitBody = (child) => {
+			if (child !== body && isFunctionNode(child)) return;
+			if (ts.isCallExpression(child) && ts.isIdentifier(child.expression)) {
+				const [arg] = child.arguments;
+				if (arg && ts.isIdentifier(arg)) {
+					const primitive = params.get(arg.text);
+					if (primitive && child.expression.text === COERCION_CTORS[primitive]) diagnostics.push(makeDiagnostic(relativePath, lineFor(sourceFile, child), "ai-slop/redundant-type-coercion", `Parameter '${arg.text}' is already typed as ${primitive} but is coerced again`, "Trust the typed boundary or validate unknown input before this function. Re-coercing already typed parameters is usually defensive agent noise."));
+				}
+			}
+			ts.forEachChild(child, visitBody);
+		};
+		visitBody(body);
+	};
+	const visit = (node) => {
+		if (isFunctionNode(node)) scanFunctionBody(node, primitiveParamsOf(node));
+		ts.forEachChild(node, visit);
+	};
+	visit(sourceFile);
+	return diagnostics;
+};
+const normalizedTypeDeclaration = (sourceFile, node) => sourceFile.text.slice(node.getStart(sourceFile), node.getEnd()).replace(/\bexport\b/g, "").replace(/\bdeclare\b/g, "").replace(/\s+/g, " ").trim();
+const exportedTypesOf = (parsed) => {
+	const declarations = [];
+	const visit = (node) => {
+		if ((ts.isInterfaceDeclaration(node) || ts.isTypeAliasDeclaration(node)) && hasExportModifier(node)) declarations.push({
+			name: node.name.text,
+			signature: normalizedTypeDeclaration(parsed.sourceFile, node),
+			filePath: parsed.relativePath,
+			line: lineFor(parsed.sourceFile, node)
+		});
+		ts.forEachChild(node, visit);
+	};
+	visit(parsed.sourceFile);
+	return declarations;
+};
+const duplicateTypeKeyOf = (declaration) => `${declaration.name}\0${declaration.signature}`;
+const detectDuplicateExportedTypes = (parsedSources) => {
+	const diagnostics = [];
+	const seen = /* @__PURE__ */ new Map();
+	for (const parsed of parsedSources) {
+		if (!TS_EXTENSIONS.has(parsed.ext)) continue;
+		for (const declaration of exportedTypesOf(parsed)) {
+			const key = duplicateTypeKeyOf(declaration);
+			const previous = seen.get(key);
+			if (!previous) {
+				seen.set(key, declaration);
+				continue;
+			}
+			if (previous.filePath === declaration.filePath) continue;
+			diagnostics.push(makeDiagnostic(declaration.filePath, declaration.line, "ai-slop/duplicate-type-declaration", `Exported type '${declaration.name}' duplicates an existing declaration`, `Reuse or import the existing type from ${previous.filePath} instead of re-declaring the same shape in another file.`));
+		}
+	}
+	return diagnostics;
+};
+const detectDefensivePatterns = async (context) => {
+	const diagnostics = [];
+	const parsedSources = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relativePath)) continue;
+		const ext = path.extname(filePath);
+		if (!JS_TS_EXTENSIONS.has(ext)) continue;
+		const sourceFile = ts.createSourceFile(filePath, content, ts.ScriptTarget.Latest, true, scriptKindFor(ext));
+		parsedSources.push({
+			sourceFile,
+			relativePath,
+			ext
+		});
+		diagnostics.push(...detectRedundantTryCatch(sourceFile, relativePath));
+		if (TS_EXTENSIONS.has(ext)) diagnostics.push(...detectPrimitiveCoercions(sourceFile, relativePath));
+	}
+	diagnostics.push(...detectDuplicateExportedTypes(parsedSources));
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/duplicate-imports.ts
 const JS_EXTENSIONS$3 = new Set([
@@ -1549,7 +1735,16 @@ const JS_EXTENSIONS$3 = new Set([
 	".mjs",
 	".cjs"
 ]);
-const IMPORT_FROM_RE$1 = /^\s*import\s+[^;]*?from\s+["']([^"']+)["']/;
+const IMPORT_FROM_RE$1 = /^\s*import\s+([^;]*?)\s+from\s+["']([^"']+)["']/;
+const TYPE_ONLY_RE = /^\s*type\b/;
+const VALUE_BINDING_RE = /\{([^}]*)\}/;
+const isTypeOnly = (clause) => {
+	if (TYPE_ONLY_RE.test(clause)) return true;
+	const braces = VALUE_BINDING_RE.exec(clause);
+	if (!braces) return false;
+	const members = braces[1].split(",").map((member) => member.trim()).filter((member) => member.length > 0);
+	return members.length > 0 && members.every((member) => /^type\b/.test(member));
+};
 const extractImportLines = (content) => {
 	const lines = content.split("\n");
 	const results = [];
@@ -1558,8 +1753,9 @@ const extractImportLines = (content) => {
 		const match = IMPORT_FROM_RE$1.exec(line);
 		if (!match) continue;
 		results.push({
-			spec: match[1],
-			line: i + 1
+			spec: match[2],
+			line: i + 1,
+			typeOnly: isTypeOnly(match[1])
 		});
 	}
 	return results;
@@ -1578,14 +1774,16 @@ const detectDuplicateImports = async (context) => {
 		}
 		const imports = extractImportLines(content);
 		if (imports.length < 2) continue;
-		const bySpec = /* @__PURE__ */ new Map();
+		const byBucket = /* @__PURE__ */ new Map();
 		for (const imp of imports) {
-			const list = bySpec.get(imp.spec) ?? [];
+			const key = `${imp.typeOnly ? "type" : "value"}\0${imp.spec}`;
+			const list = byBucket.get(key) ?? [];
 			list.push(imp);
-			bySpec.set(imp.spec, list);
+			byBucket.set(key, list);
 		}
 		const relPath = path.relative(context.rootDirectory, filePath);
-		for (const [spec, occurrences] of bySpec) {
+		for (const occurrences of byBucket.values()) {
+			const { spec } = occurrences[0];
 			if (occurrences.length < 2) continue;
 			for (const dup of occurrences.slice(1)) {
 				const firstLine = occurrences[0].line;
@@ -1790,6 +1988,130 @@ const detectGoPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/hardcoded-config.ts
+const SOURCE_EXTENSIONS = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs",
+	".py",
+	".go",
+	".rs",
+	".rb",
+	".java",
+	".php"
+]);
+const URL_LITERAL_RE = /(["'`])(https?:\/\/[^"'`\s<>]+)\1/g;
+const ID_LITERAL_RE = /(["'])([A-Za-z][A-Za-z0-9_-]{15,})\1/g;
+const ENV_REFERENCE_RE = /\b(?:process\.env|import\.meta\.env|Deno\.env|os\.environ|getenv|env\()\b/i;
+const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|license|readme|source|svgUrl|pageUrl|href|link|install)\b/i;
+const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
+const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
+const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const PLACEHOLDER_HOSTS = new Set([
+	"example.com",
+	"example.org",
+	"example.net"
+]);
+const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
+const HARDCODED_URL_FINDING = {
+	rule: "ai-slop/hardcoded-url",
+	message: "Hardcoded environment URL in production code",
+	help: "Move deployment-specific URLs to environment variables or a typed config module. Keep only stable documentation/public links inline."
+};
+const HARDCODED_ID_FINDING = {
+	rule: "ai-slop/hardcoded-id",
+	message: "Hardcoded provider/project ID in production code",
+	help: "Move provider IDs, tenant IDs, price IDs, and similar deployment-specific identifiers to env/config so agents do not bake one environment into source."
+};
+const makeFinding = (filePath, line, spec) => ({
+	filePath,
+	engine: "ai-slop",
+	rule: spec.rule,
+	severity: "warning",
+	message: spec.message,
+	help: spec.help,
+	line,
+	column: 0,
+	category: "AI Slop",
+	fixable: false
+});
+const isCommentOnlyLine = (trimmed) => trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*") || trimmed.startsWith("/*");
+const commentStartsBefore = (line, index, ext) => {
+	const prefix = line.slice(0, index);
+	if (ext === ".py" || ext === ".rb") return prefix.includes("#");
+	if (ext === ".php") return prefix.includes("//") || prefix.includes("#");
+	return prefix.includes("//") || prefix.includes("/*");
+};
+const safeUrlHost = (urlText) => {
+	try {
+		return new URL(urlText).hostname.toLowerCase();
+	} catch {
+		return null;
+	}
+};
+const isEnvBackedLine = (line) => ENV_REFERENCE_RE.test(line);
+const shouldFlagUrlLiteral = (line, urlText) => {
+	if (isEnvBackedLine(line)) return false;
+	const host = safeUrlHost(urlText);
+	if (!host) return false;
+	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
+	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
+};
+const hasUsefulIdShape = (value) => {
+	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (/^https?:\/\//i.test(value)) return false;
+	if (/^[A-Za-z]+$/.test(value)) return false;
+	return /[0-9_-]/.test(value);
+};
+const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
+	const diagnostics = [];
+	if (isCommentOnlyLine(line.trim())) return diagnostics;
+	URL_LITERAL_RE.lastIndex = 0;
+	let urlMatch;
+	while ((urlMatch = URL_LITERAL_RE.exec(line)) !== null) {
+		const urlText = urlMatch[2];
+		if (commentStartsBefore(line, urlMatch.index, ext)) continue;
+		if (!shouldFlagUrlLiteral(line, urlText)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_URL_FINDING));
+	}
+	if (!ID_CONTEXT_RE.test(line) || isEnvBackedLine(line) || DOC_URL_CONTEXT_RE.test(line)) return diagnostics;
+	ID_LITERAL_RE.lastIndex = 0;
+	let idMatch;
+	while ((idMatch = ID_LITERAL_RE.exec(line)) !== null) {
+		const value = idMatch[2];
+		if (commentStartsBefore(line, idMatch.index, ext)) continue;
+		if (!hasUsefulIdShape(value)) continue;
+		diagnostics.push(makeFinding(relativePath, lineNumber, HARDCODED_ID_FINDING));
+	}
+	return diagnostics;
+};
+const scanFileForConfigLiterals = (content, relativePath, ext) => {
+	if (!SOURCE_EXTENSIONS.has(ext)) return [];
+	if (isNonProductionPath(relativePath)) return [];
+	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
+};
+const detectHardcodedConfigLiterals = async (context) => {
+	const diagnostics = [];
+	for (const filePath of getSourceFiles(context)) {
+		if (isAutoGenerated(filePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		const ext = path.extname(filePath);
+		diagnostics.push(...scanFileForConfigLiterals(content, relativePath, ext));
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/js-import-aliases.ts
 const TS_CONFIG_FILES = ["tsconfig.json", "jsconfig.json"];
@@ -2057,23 +2379,87 @@ const PYTHON_STDLIB = new Set([
 	"zoneinfo"
 ]);
 const PYTHON_IMPORT_TO_PIP = {
-	yaml: "pyyaml",
-	PIL: "pillow",
-	dateutil: "python-dateutil",
-	cv2: "opencv-python",
-	sklearn: "scikit-learn",
-	bs4: "beautifulsoup4",
-	typing_extensions: "typing-extensions",
-	google: "google-api-python-client",
-	jose: "python-jose",
-	jwt: "pyjwt",
-	OpenSSL: "pyopenssl",
-	magic: "python-magic",
-	docx: "python-docx",
-	pptx: "python-pptx",
-	git: "gitpython",
-	socks: "pysocks",
-	redis: "redis"
+	yaml: ["pyyaml"],
+	PIL: ["pillow"],
+	dateutil: ["python-dateutil"],
+	cv2: [
+		"opencv-python",
+		"opencv-python-headless",
+		"opencv-contrib-python"
+	],
+	sklearn: ["scikit-learn"],
+	bs4: ["beautifulsoup4"],
+	typing_extensions: ["typing-extensions"],
+	dotenv: ["python-dotenv"],
+	genai: ["google-genai"],
+	google: [
+		"google-genai",
+		"google-generativeai",
+		"google-api-python-client",
+		"google-cloud-storage",
+		"google-cloud-aiplatform",
+		"google-auth",
+		"protobuf"
+	],
+	jose: ["python-jose"],
+	jwt: ["pyjwt"],
+	OpenSSL: ["pyopenssl"],
+	Crypto: ["pycryptodome", "pycryptodomex"],
+	Cryptodome: ["pycryptodomex", "pycryptodome"],
+	magic: ["python-magic"],
+	docx: ["python-docx"],
+	pptx: ["python-pptx"],
+	git: ["gitpython"],
+	socks: ["pysocks"],
+	redis: ["redis"],
+	cairo: ["pycairo"],
+	serial: ["pyserial"],
+	usb: ["pyusb"],
+	gi: ["pygobject"],
+	Xlib: ["python-xlib"],
+	ldap: ["python-ldap"],
+	slugify: ["python-slugify"],
+	memcache: ["python-memcached"],
+	dns: ["dnspython"],
+	attr: ["attrs"],
+	attrs: ["attrs"],
+	zoneinfo_data: ["tzdata"],
+	pkg_resources: ["setuptools"],
+	setuptools: ["setuptools"],
+	wx: ["wxpython"],
+	skimage: ["scikit-image"],
+	OpenGL: ["pyopengl"],
+	win32api: ["pywin32"],
+	win32con: ["pywin32"],
+	win32com: ["pywin32"],
+	pythoncom: ["pywin32"],
+	pywintypes: ["pywin32"],
+	rest_framework: ["djangorestframework"],
+	allauth: ["django-allauth"],
+	corsheaders: ["django-cors-headers"],
+	debug_toolbar: ["django-debug-toolbar"],
+	environ: ["django-environ"],
+	flask_cors: ["flask-cors"],
+	flask_sqlalchemy: ["flask-sqlalchemy"],
+	flask_migrate: ["flask-migrate"],
+	flask_login: ["flask-login"],
+	jwt_extended: ["flask-jwt-extended"],
+	dateparser: ["dateparser"],
+	yaml_include: ["pyyaml-include"],
+	lxml_html_clean: ["lxml-html-clean"],
+	grpc: ["grpcio"],
+	grpc_status: ["grpcio-status"],
+	google_crc32c: ["google-crc32c"],
+	pkg_about: ["pkg-about"],
+	mpl_toolkits: ["matplotlib"],
+	dotmap: ["dotmap"],
+	pydantic_settings: ["pydantic-settings"],
+	telegram: ["python-telegram-bot"],
+	discord: ["discord-py"],
+	nacl: ["pynacl"],
+	jwcrypto: ["jwcrypto"],
+	humanfriendly: ["humanfriendly"],
+	multipart: ["python-multipart"]
 };
 
 //#endregion
@@ -2112,6 +2498,8 @@ const collectFromPyproject = (rootDir, pyDeps) => {
 			const m = line.match(/["']\s*([a-zA-Z0-9_\-.]+)/);
 			if (m) addPyDep(pyDeps, m[1]);
 		}
+		const extras = content.match(/\[project\.optional-dependencies\]([\s\S]*?)(?=\n\[|$)/);
+		if (extras) for (const m of extras[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
 		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
 		let match = poetryRe.exec(content);
 		while (match !== null) {
@@ -2310,6 +2698,11 @@ const packageNameFromImport = (spec) => {
 	}
 	return spec.split("/")[0];
 };
+const typesPackageName = (pkg) => {
+	if (pkg.startsWith("@types/")) return pkg;
+	if (pkg.startsWith("@")) return `@types/${pkg.slice(1).replace("/", "__")}`;
+	return `@types/${pkg}`;
+};
 const STATIC_IMPORT_RE = /^\s*import\s+(?:[\w*{},\s]+\s+from\s+)?["']([^"']+)["']/;
 const DYNAMIC_IMPORT_RE = /(?:import|require)\s*\(\s*["']([^"']+)["']/g;
 const extractJsImports = (content) => {
@@ -2374,15 +2767,16 @@ const checkJsImport = (rawSpec, manifest, tsAliasMatchers) => {
 		const realPkg = pkg.slice(7);
 		if (manifest.jsDeps.has(realPkg)) return null;
 	}
+	if (manifest.jsDeps.has(typesPackageName(pkg))) return null;
 	return pkg;
 };
+const normalizePyName = (name) => name.toLowerCase().replace(/_/g, "-");
 const checkPyImport = (spec, manifest) => {
 	const root = spec.split(".")[0];
 	if (PYTHON_STDLIB.has(root)) return null;
-	const normalized = root.toLowerCase().replace(/_/g, "-");
+	const normalized = normalizePyName(root);
 	if (manifest.pyDeps.has(normalized)) return null;
-	const pipName = PYTHON_IMPORT_TO_PIP[root];
-	if (pipName && manifest.pyDeps.has(pipName)) return null;
+	if ((PYTHON_IMPORT_TO_PIP[root] ?? PYTHON_IMPORT_TO_PIP[normalized])?.some((dist) => manifest.pyDeps.has(normalizePyName(dist)))) return null;
 	return root;
 };
 const detectHallucinatedImports = async (context) => {
@@ -2532,6 +2926,85 @@ const collectBlocks = (sourceLines, syntax) => {
 	return blocks;
 };
 
+//#endregion
+//#region src/engines/ai-slop/meta-comment.ts
+const PLAN_REFERENCE_RES = [
+	/\b(?:stage|step|phase)\s+\d+\b(?!\s*[:.]?\s*(?:bytes|ms|seconds|of\s+\d))/i,
+	/\bstep\s+\d+\s+of\s+the\s+plan\b/i,
+	/\bas\s+(?:per|requested)\s+(?:the\s+)?(?:requirements?|spec|task|ticket|prompt|instructions?)\b/i,
+	/\bper\s+the\s+(?:spec|requirements?|task|ticket|plan|prompt|instructions?)\b/i,
+	/\bfrom\s+the\s+(?:task|todo|plan|spec|ticket|prompt|requirements?)\b/i,
+	/\bimplement(?:ing|s|ed)?\s+use\s*case\s+\d*/i,
+	/\b(?:requirements?\s+doc|requirement\s+\d+)\b/i,
+	/\bas\s+(?:instructed|specified|outlined)\s+(?:above|below|in\s+the)\b/i
+];
+const BEFORE_AFTER_RES = [
+	/\bpreviously[,:]?\s+(?:this|we|it|the)\b/i,
+	/\bused\s+to\s+(?:be|use|call|return|do|have|rely)\b/i,
+	/\bchanged\s+(?:\w+\s+){0,3}from\s+.+\bto\b/i,
+	/\bno\s+longer\s+(?:needed|used|required|necessary|calls?|returns?|does)\b/i,
+	/\bthis\s+was\s+.+\bbut\s+now\b/i,
+	/\bwe\s+(?:now|used\s+to)\s+(?:no\s+longer\s+)?(?:use|call|return|do|have)\b/i,
+	/\breplaced\s+the\s+(?:old|previous|former)\b/i,
+	/\b(?:was|were)\s+(?:renamed|moved|removed|refactored|extracted)\s+(?:from|to|out\s+of)\b/i
+];
+const WHY_OR_TODO_RE = /\b(?:because|since|otherwise|todo|fixme|hack|note:|reason:|workaround|see\s+(?:issue|#))\b/i;
+const looksLikeLicenseHeader$1 = (block) => {
+	if (block.startLine !== 1) return false;
+	const text = block.rawLines.join(" ").toLowerCase();
+	return text.includes("copyright") || text.includes("license") || text.includes("spdx-license-identifier");
+};
+const looksLikeSuppressDirective$1 = (block) => block.rawLines.some((line) => /\b(?:biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(line));
+const matchMetaSignal = (block) => {
+	if (looksLikeLicenseHeader$1(block)) return null;
+	if (looksLikeSuppressDirective$1(block)) return null;
+	if (block.kind === "jsdoc" && block.hasMeaningfulJsdocTag) return null;
+	if (block.isRustDoc) return null;
+	const joined = block.prose.join(" ");
+	if (joined.trim().length === 0) return null;
+	if (WHY_OR_TODO_RE.test(joined)) return null;
+	if (PLAN_REFERENCE_RES.some((re) => re.test(joined))) return "plan/process reference";
+	if (BEFORE_AFTER_RES.some((re) => re.test(joined))) return "before/after state narration";
+	return null;
+};
+const detectMetaComments = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		const ext = path.extname(filePath);
+		if (!SUPPORTED_EXTS.has(ext)) continue;
+		if (isAutoGenerated(filePath)) continue;
+		const syntax = getCommentSyntax(ext);
+		if (!syntax) continue;
+		const relativePath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relativePath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		const blocks = collectBlocks(content.split("\n"), syntax);
+		for (const block of blocks) {
+			const reason = matchMetaSignal(block);
+			if (!reason) continue;
+			diagnostics.push({
+				filePath: relativePath,
+				engine: "ai-slop",
+				rule: "ai-slop/meta-comment",
+				severity: "warning",
+				message: `Meta/plan comment (${reason})`,
+				help: "Remove — references to the build plan or before/after code state belong in PR descriptions and commit messages, not source.",
+				line: block.startLine,
+				column: 0,
+				category: "Comments",
+				fixable: false
+			});
+		}
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/narrative-comments.ts
 const looksLikeDeclarationPreamble = (nextLine, ext) => {
@@ -3140,6 +3613,143 @@ const detectRustPatterns = async (context) => {
 	return diagnostics;
 };
 
+//#endregion
+//#region src/engines/ai-slop/silent-recovery.ts
+const JS_EXTS$1 = new Set([
+	".ts",
+	".tsx",
+	".js",
+	".jsx",
+	".mjs",
+	".cjs"
+]);
+const CATCH_HEAD_RE = /\bcatch\s*(?:\([^)]*\))?\s*\{/g;
+const LOG_STATEMENT_RE = /^(?:console|[\w$]+(?:\.[\w$]+)*)\.(?:log|info|warn|warning|error|debug|trace)\s*\(/;
+const HANDLING_TOKEN_RE = /\b(?:throw|return|reject|next|process\.exit|continue|break)\b/;
+const stripBlockComments = (text) => text.replace(/\/\*[\s\S]*?\*\//g, "");
+const extractCatchBody = (content, openBraceIndex) => {
+	let depth = 0;
+	let inString = null;
+	for (let i = openBraceIndex; i < content.length; i += 1) {
+		const ch = content[i];
+		const prev = content[i - 1];
+		if (inString) {
+			if (ch === inString && prev !== "\\") inString = null;
+			continue;
+		}
+		if (ch === "\"" || ch === "'" || ch === "`") {
+			inString = ch;
+			continue;
+		}
+		if (ch === "{") depth += 1;
+		else if (ch === "}") {
+			depth -= 1;
+			if (depth === 0) return content.slice(openBraceIndex + 1, i);
+		}
+	}
+	return null;
+};
+const isLogOnlyBody = (body) => {
+	const statements = stripBlockComments(body).split("\n").map((line) => line.replace(/\/\/.*$/, "").trim()).filter((line) => line.length > 0 && line !== ";");
+	if (statements.length === 0) return false;
+	if (statements.some((line) => HANDLING_TOKEN_RE.test(line))) return false;
+	let sawLog = false;
+	for (const statement of statements) {
+		const normalized = statement.replace(/;+$/, "");
+		if (LOG_STATEMENT_RE.test(normalized)) {
+			sawLog = true;
+			continue;
+		}
+		if (/^[\w$"'`{[(),.\s+:-]+$/.test(normalized) && !/[=(]\s*(?:async\s+)?\(/.test(normalized)) continue;
+		return false;
+	}
+	return sawLog;
+};
+const detectJsSilentRecovery = (content, relPath) => {
+	const out = [];
+	CATCH_HEAD_RE.lastIndex = 0;
+	let match;
+	while ((match = CATCH_HEAD_RE.exec(content)) !== null) {
+		const body = extractCatchBody(content, match.index + match[0].length - 1);
+		if (body === null) continue;
+		if (!isLogOnlyBody(body)) continue;
+		const line = content.slice(0, match.index).split("\n").length;
+		out.push({
+			filePath: relPath,
+			engine: "ai-slop",
+			rule: "ai-slop/silent-recovery",
+			severity: "warning",
+			message: "Catch only logs then continues, leaving execution in a possibly broken state",
+			help: "Handle the error: rethrow, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			line,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return out;
+};
+const PY_EXCEPT_RE = /^(\s*)except\b[^\n]*:\s*(?:#.*)?$/;
+const PY_LOG_STATEMENT_RE = /^(?:logging|logger|log|self\.log|self\.logger|print)(?:\.(?:debug|info|warning|warn|error|exception|critical))?\s*\(/;
+const PY_HANDLING_TOKEN_RE = /^(?:raise\b|return\b|continue\b|break\b|self\.|[\w.]+\s*=)/;
+const detectPySilentRecovery = (content, relPath) => {
+	const out = [];
+	const lines = content.split("\n");
+	for (let i = 0; i < lines.length; i += 1) {
+		const exceptMatch = PY_EXCEPT_RE.exec(lines[i]);
+		if (!exceptMatch) continue;
+		const indent = exceptMatch[1].length;
+		const bodyLines = [];
+		let j = i + 1;
+		for (; j < lines.length; j += 1) {
+			const raw = lines[j];
+			if (raw.trim() === "") continue;
+			if (raw.length - raw.trimStart().length <= indent) break;
+			bodyLines.push(raw.trim());
+		}
+		if (bodyLines.length === 0) continue;
+		if (bodyLines.some((line) => PY_HANDLING_TOKEN_RE.test(line))) continue;
+		if (bodyLines.some((line) => line === "pass")) continue;
+		const allLogs = bodyLines.every((line) => PY_LOG_STATEMENT_RE.test(line) || /^[\w"'(),.\s+:%{}[\]-]+$/.test(line));
+		const sawLog = bodyLines.some((line) => PY_LOG_STATEMENT_RE.test(line));
+		if (!allLogs || !sawLog) continue;
+		out.push({
+			filePath: relPath,
+			engine: "ai-slop",
+			rule: "ai-slop/silent-recovery",
+			severity: "warning",
+			message: "except only logs then continues, leaving execution in a possibly broken state",
+			help: "Handle the error: re-raise, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			line: i + 1,
+			column: 0,
+			category: "AI Slop",
+			fixable: false
+		});
+	}
+	return out;
+};
+const detectSilentRecovery = async (context) => {
+	const files = getSourceFiles(context);
+	const diagnostics = [];
+	for (const filePath of files) {
+		if (isAutoGenerated(filePath)) continue;
+		const ext = path.extname(filePath);
+		const isJs = JS_EXTS$1.has(ext);
+		if (!isJs && !(ext === ".py")) continue;
+		const relPath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relPath)) continue;
+		let content;
+		try {
+			content = fs.readFileSync(filePath, "utf-8");
+		} catch {
+			continue;
+		}
+		if (isJs) diagnostics.push(...detectJsSilentRecovery(content, relPath));
+		else diagnostics.push(...detectPySilentRecovery(content, relPath));
+	}
+	return diagnostics;
+};
+
 //#endregion
 //#region src/engines/ai-slop/unused-imports.ts
 const JS_EXTENSIONS$1 = new Set([
@@ -3329,15 +3939,19 @@ const aiSlopEngine = {
 		const results = await Promise.allSettled([
 			detectTrivialComments(context),
 			detectSwallowedExceptions(context),
+			detectDefensivePatterns(context),
 			detectOverAbstraction(context),
 			detectDeadPatterns(context),
 			detectUnusedImports(context),
 			detectNarrativeComments(context),
 			detectDuplicateImports(context),
+			detectHardcodedConfigLiterals(context),
 			detectPythonPatterns(context),
 			detectGoPatterns(context),
 			detectRustPatterns(context),
-			detectHallucinatedImports(context)
+			detectHallucinatedImports(context),
+			detectSilentRecovery(context),
+			detectMetaComments(context)
 		]);
 		for (const result of results) if (result.status === "fulfilled") diagnostics.push(...result.value);
 		return {
@@ -6236,7 +6850,7 @@ const RISKY_PATTERNS = [
 		help: "Use JSON, MessagePack, or other safe serialization formats for untrusted data"
 	},
 	{
-		pattern: new RegExp(`\\bexec\\s*\\(`, "g"),
+		pattern: new RegExp(`(?<![\\w.>:\\\\])\\bexec\\s*\\(`, "g"),
 		extensions: [".py"],
 		name: "python-exec",
 		message: "Use of exec() can execute arbitrary code",
@@ -6940,7 +7554,7 @@ const parseClaudeStdin = (raw) => {
 		return {};
 	}
 };
-const readStdin$2 = async () => {
+const readStdin$3 = async () => {
 	if (process.stdin.isTTY) return "";
 	const chunks = [];
 	for await (const chunk of process.stdin) chunks.push(chunk);
@@ -6958,7 +7572,7 @@ const renderClaudeOutput = (additional, block) => {
 	return out;
 };
 const runClaudeHook = async (deps = {}) => {
-	const getStdin = deps.stdin ?? readStdin$2;
+	const getStdin = deps.stdin ?? readStdin$3;
 	const write = deps.write ?? ((s) => process.stdout.write(s));
 	const input = parseClaudeStdin(await getStdin());
 	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
@@ -7005,7 +7619,7 @@ const parseClaudeFileChangedStdin = (raw) => {
 	}
 };
 const runClaudeFileChangedHook = async (deps = {}) => {
-	const getStdin = deps.stdin ?? readStdin$2;
+	const getStdin = deps.stdin ?? readStdin$3;
 	const write = deps.write ?? ((s) => process.stdout.write(s));
 	const input = parseClaudeFileChangedStdin(await getStdin());
 	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
@@ -7041,7 +7655,7 @@ const parseClaudeStopStdin = (raw) => {
 	}
 };
 const runClaudeStopHook = async (deps = {}) => {
-	const getStdin = deps.stdin ?? readStdin$2;
+	const getStdin = deps.stdin ?? readStdin$3;
 	const write = deps.write ?? ((s) => process.stdout.write(s));
 	const input = parseClaudeStopStdin(await getStdin());
 	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
@@ -7102,14 +7716,14 @@ const renderCursorOutput = (additional, event = "afterFileEdit") => ({ hookSpeci
 	hookEventName: event,
 	additionalContext: additional
 } });
-const readStdin$1 = async () => {
+const readStdin$2 = async () => {
 	if (process.stdin.isTTY) return "";
 	const chunks = [];
 	for await (const chunk of process.stdin) chunks.push(chunk);
 	return Buffer.concat(chunks).toString("utf-8");
 };
 const runCursorHook = async (deps = {}) => {
-	const getStdin = deps.stdin ?? readStdin$1;
+	const getStdin = deps.stdin ?? readStdin$2;
 	const write = deps.write ?? ((s) => process.stdout.write(s));
 	const writeErr = deps.writeErr ?? ((s) => process.stderr.write(s));
 	const input = parseCursorStdin(await getStdin());
@@ -7165,14 +7779,14 @@ const renderGeminiOutput = (additional) => ({ hookSpecificOutput: {
 	hookEventName: "AfterTool",
 	additionalContext: additional
 } });
-const readStdin = async () => {
+const readStdin$1 = async () => {
 	if (process.stdin.isTTY) return "";
 	const chunks = [];
 	for await (const chunk of process.stdin) chunks.push(chunk);
 	return Buffer.concat(chunks).toString("utf-8");
 };
 const runGeminiHook = async (deps = {}) => {
-	const getStdin = deps.stdin ?? readStdin;
+	const getStdin = deps.stdin ?? readStdin$1;
 	const write = deps.write ?? ((s) => process.stdout.write(s));
 	const input = parseGeminiStdin(await getStdin());
 	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
@@ -7204,6 +7818,76 @@ const runGeminiHook = async (deps = {}) => {
 	}
 };
 
+//#endregion
+//#region src/hooks/adapters/pi.ts
+const parsePiStdin = (raw) => {
+	if (!raw.trim()) return {};
+	try {
+		return JSON.parse(raw);
+	} catch {
+		return {};
+	}
+};
+const readStdin = async () => {
+	if (process.stdin.isTTY) return "";
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(chunk);
+	return Buffer.concat(chunks).toString("utf-8");
+};
+const formatPiMessage = (feedback) => {
+	if (feedback.counts.total === 0 && !feedback.regressed) return "";
+	const { error, warning } = feedback.counts;
+	const header = `aislop: score ${feedback.score}/100${feedback.baseline != null ? ` (baseline ${feedback.baseline})` : ""}, ${error} error${error === 1 ? "" : "s"}, ${warning} warning${warning === 1 ? "" : "s"}.`;
+	const lines = feedback.findings.map((f) => `  - ${f.file}:${f.line} [${f.severity}] ${f.ruleId}: ${f.message}`);
+	if (feedback.elided && feedback.elided > 0) lines.push(`  ...and ${feedback.elided} more.`);
+	const tail = feedback.nextSteps.length > 0 ? `\n${feedback.nextSteps.join("\n")}` : "";
+	return `${header}\n${lines.join("\n")}${tail}`;
+};
+const runPiHook = async (deps = {}) => {
+	const getStdin = deps.stdin ?? readStdin;
+	const write = deps.write ?? ((s) => process.stdout.write(s));
+	const input = parsePiStdin(await getStdin());
+	const cwd = input.cwd && path.isAbsolute(input.cwd) ? input.cwd : process.cwd();
+	const files = resolveHookFiles(cwd, input.file_path ? [input.file_path] : []);
+	if (files.length === 0) return 0;
+	const release = acquireHookLock(cwd);
+	if (!release) return 0;
+	try {
+		const { diagnostics, score, rootDirectory } = await runScopedScan(cwd, files);
+		const baseline = readBaseline(cwd);
+		appendSessionFiles(cwd, files);
+		const feedback = buildFeedback(diagnostics, score, rootDirectory, baseline ? {
+			score: baseline.score,
+			findingFingerprints: baseline.findingFingerprints
+		} : void 0, {
+			agent: "pi",
+			touchedFiles: files
+		});
+		track({
+			event: "hook_scan_completed",
+			properties: buildHookScanCompletedProps({
+				agent: "pi",
+				score,
+				scoreDelta: baseline ? score - baseline.score : null,
+				findingCount: diagnostics.length,
+				fileCount: files.length
+			})
+		});
+		const output = {
+			schema: "aislop.hook.v2",
+			block: feedback.counts.error > 0 || feedback.regressed,
+			message: formatPiMessage(feedback),
+			feedback
+		};
+		write(JSON.stringify(output));
+		return 0;
+	} catch {
+		return 0;
+	} finally {
+		release();
+	}
+};
+
 //#endregion
 //#region src/hooks/assets.ts
 const AISLOP_MD_BODY = `# aislop — agent instructions
@@ -7774,6 +8458,67 @@ const uninstallKilocode = (opts) => {
 	return uninstallRulesOnly(opts, resolveKilocodePaths(opts));
 };
 
+//#endregion
+//#region src/hooks/install/pi.ts
+const resolvePiPaths = (opts) => {
+	return { extension: opts.scope === "project" ? path.join(opts.cwd, ".pi", "extensions", "aislop.js") : path.join(opts.home, ".pi", "agent", "extensions", "aislop.js") };
+};
+const PI_EXTENSION_SOURCE = `// aislop — auto-generated pi extension. Do not edit by hand.
+// Reinstall with: aislop hook install --pi
+import { spawnSync } from "node:child_process";
+
+export default function (pi) {
+	pi.on("tool_result", async (event, ctx) => {
+		if (event.toolName !== "edit" && event.toolName !== "write") return;
+		if (event.isError) return;
+		const filePath = event.input && event.input.path;
+		if (typeof filePath !== "string" || filePath.length === 0) return;
+
+		const bin = process.env.AISLOP_BIN || "aislop";
+		const payload = JSON.stringify({
+			cwd: ctx.cwd,
+			file_path: filePath,
+			tool_name: event.toolName,
+		});
+
+		let out;
+		try {
+			const res = spawnSync(bin, ["hook", "pi"], {
+				input: payload,
+				encoding: "utf-8",
+				timeout: 15000,
+			});
+			if (res.status !== 0 || !res.stdout) return;
+			out = JSON.parse(res.stdout);
+		} catch {
+			return;
+		}
+		if (!out || !out.message) return;
+
+		return {
+			content: [...event.content, { type: "text", text: out.message }],
+			isError: event.isError,
+		};
+	});
+}
+`;
+const installPi = (opts) => {
+	const paths = resolvePiPaths(opts);
+	const result = emptyResult();
+	applyContent(result, opts, paths.extension, PI_EXTENSION_SOURCE, "write pi aislop extension");
+	return result;
+};
+const uninstallPi = (opts) => {
+	const paths = resolvePiPaths(opts);
+	const result = {
+		removed: [],
+		skipped: []
+	};
+	if (readIfExists(paths.extension) != null) applyRemoval(result, opts, paths.extension, null);
+	else result.skipped.push(paths.extension);
+	return result;
+};
+
 //#endregion
 //#region src/hooks/install/windsurf.ts
 const resolveWindsurfPaths = (opts) => ({ rules: path.join(opts.cwd, ".windsurfrules") });
@@ -7802,6 +8547,7 @@ const ALL_AGENTS = [
 	"claude",
 	"cursor",
 	"gemini",
+	"pi",
 	"codex",
 	"windsurf",
 	"cline",
@@ -7820,6 +8566,7 @@ const AGENTS_SUPPORTING_BOTH_SCOPES = [
 	"claude",
 	"cursor",
 	"gemini",
+	"pi",
 	"codex"
 ];
 const paths = {
@@ -7843,6 +8590,7 @@ const paths = {
 			p.geminiMd
 		];
 	},
+	pi: (opts) => [resolvePiPaths(opts).extension],
 	codex: (opts) => [resolveCodexPaths(opts).rules],
 	windsurf: (opts) => [resolveWindsurfPaths(opts).rules],
 	cline: (opts) => [resolveClinePaths(opts).rules, resolveRooPaths(opts).rules],
@@ -7866,6 +8614,11 @@ const REGISTRY = {
 		uninstall: uninstallGemini,
 		paths: paths.gemini
 	},
+	pi: {
+		install: installPi,
+		uninstall: uninstallPi,
+		paths: paths.pi
+	},
 	codex: {
 		install: installCodex,
 		uninstall: uninstallCodex,
@@ -7986,6 +8739,10 @@ const AGENT_LABELS = {
 		label: "Gemini CLI",
 		hint: "AfterTool, runtime"
 	},
+	pi: {
+		label: "pi",
+		hint: "extension, runtime"
+	},
 	codex: {
 		label: "Codex CLI",
 		hint: "rules-only"
@@ -8092,6 +8849,7 @@ const hookRun = async (agent, flags) => {
 	else exitCode = await runClaudeHook();
 	else if (agent === "cursor") exitCode = await runCursorHook();
 	else if (agent === "gemini") exitCode = await runGeminiHook();
+	else if (agent === "pi") exitCode = await runPiHook();
 	else {
 		process.stderr.write(`hook: agent "${agent}" has no runtime adapter (rules-file-only)\n`);
 		process.exit(0);
@@ -8154,6 +8912,7 @@ const AGENT_NAMES = [
 	"claude",
 	"cursor",
 	"gemini",
+	"pi",
 	"codex",
 	"windsurf",
 	"cline",
@@ -8276,6 +9035,9 @@ const registerCallbacks = (hook) => {
 	hook.command("gemini").description("Internal: Gemini CLI AfterTool callback (reads stdin)").action(async () => {
 		await hookRun("gemini");
 	});
+	hook.command("pi").description("Internal: pi extension tool_result callback (reads stdin)").action(async () => {
+		await hookRun("pi");
+	});
 };
 const registerHookCommand = (program) => {
 	const hook = program.command("hook").description("Install or invoke AI-agent integration hooks");
@@ -8608,6 +9370,30 @@ const printEngineStatus = (result) => {
 	}
 };
 
+//#endregion
+//#region src/scoring/rule-severity.ts
+/**
+* Apply per-rule severity overrides from config: "off" drops the diagnostic,
+* "error"/"warning" rewrite its severity before scoring and rendering.
+*/
+const applyRuleSeverities = (diagnostics, overrides) => {
+	if (Object.keys(overrides).length === 0) return diagnostics;
+	const result = [];
+	for (const diagnostic of diagnostics) {
+		const override = overrides[diagnostic.rule];
+		if (!override) {
+			result.push(diagnostic);
+			continue;
+		}
+		if (override === "off") continue;
+		result.push(override === diagnostic.severity ? diagnostic : {
+			...diagnostic,
+			severity: override
+		});
+	}
+	return result;
+};
+
 //#endregion
 //#region src/ui/header.ts
 const TAGLINE = "the quality gate for agentic coding";
@@ -8785,6 +9571,11 @@ const RULE_LABELS = {
 	"knip/types": "Unused type",
 	"ai-slop/trivial-comment": "Trivial restating comment",
 	"ai-slop/swallowed-exception": "Empty catch (swallowed error)",
+	"ai-slop/silent-recovery": "Catch logs then continues",
+	"ai-slop/meta-comment": "Meta/plan comment",
+	"ai-slop/redundant-try-catch": "Redundant try/catch",
+	"ai-slop/redundant-type-coercion": "Redundant type coercion",
+	"ai-slop/duplicate-type-declaration": "Duplicate exported type",
 	"ai-slop/thin-wrapper": "Thin function wrapper",
 	"ai-slop/generic-naming": "Generic/vague identifier name",
 	"ai-slop/unused-import": "Unused import",
@@ -8798,6 +9589,8 @@ const RULE_LABELS = {
 	"ai-slop/ts-directive": "@ts-ignore / @ts-expect-error",
 	"ai-slop/narrative-comment": "Narrative comment block",
 	"ai-slop/duplicate-import": "Duplicate import statement",
+	"ai-slop/hardcoded-url": "Hardcoded URL",
+	"ai-slop/hardcoded-id": "Hardcoded provider ID",
 	"ai-slop/python-bare-except": "Bare except",
 	"ai-slop/python-broad-except": "Broad except",
 	"ai-slop/python-mutable-default": "Mutable default argument",
@@ -8924,8 +9717,54 @@ const renderCleanRun = (input, deps = {}) => {
 	return `\n ${parts.join(`  ${sep}  `)}\n`;
 };
 
+//#endregion
+//#region src/utils/history.ts
+const HISTORY_FILE = "history.jsonl";
+const isHistoryDisabled = (env = process.env) => env.AISLOP_NO_HISTORY === "1";
+const historyPath = (directory) => path.join(path.resolve(directory), CONFIG_DIR, HISTORY_FILE);
+/**
+* Append a compact scan record to .aislop/history.jsonl. Best-effort: never
+* throws, so a read-only checkout or missing config dir can't break a scan.
+*/
+const appendHistory = (input) => {
+	if (isHistoryDisabled()) return;
+	const configDir = path.join(path.resolve(input.directory), CONFIG_DIR);
+	if (!fs.existsSync(configDir)) return;
+	const record = {
+		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+		score: input.score,
+		errors: input.errors,
+		warnings: input.warnings,
+		files: input.files,
+		cliVersion: APP_VERSION
+	};
+	try {
+		fs.appendFileSync(historyPath(input.directory), `${JSON.stringify(record)}\n`);
+	} catch {}
+};
+const isHistoryRecord = (value) => {
+	if (!value || typeof value !== "object") return false;
+	const record = value;
+	return typeof record.timestamp === "string" && typeof record.score === "number" && typeof record.errors === "number" && typeof record.warnings === "number" && typeof record.files === "number" && typeof record.cliVersion === "string";
+};
+const readHistory = (directory) => {
+	const file = historyPath(directory);
+	if (!fs.existsSync(file)) return [];
+	const records = [];
+	for (const line of fs.readFileSync(file, "utf8").split("\n")) {
+		const trimmed = line.trim();
+		if (!trimmed) continue;
+		try {
+			const parsed = JSON.parse(trimmed);
+			if (isHistoryRecord(parsed)) records.push(parsed);
+		} catch {}
+	}
+	return records;
+};
+
 //#endregion
 //#region src/commands/scan.ts
+const isMachineOutput = (options) => Boolean(options.json) || Boolean(options.sarif);
 const shouldUseSpinner = () => Boolean(process.stderr.isTTY) && process.env.CI !== "true" && process.env.CI !== "1";
 const ALL_ENGINE_NAMES = Object.keys(ENGINE_INFO);
 const BREAKDOWN_TOP_N = 10;
@@ -9040,17 +9879,18 @@ const scanCommand = async (directory, config, options) => {
 const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 	const startTime = performance.now();
 	const showHeader = options.showHeader !== false;
-	const useLiveProgress = !options.json && shouldUseSpinner();
+	const machineOutput = isMachineOutput(options);
+	const useLiveProgress = !machineOutput && shouldUseSpinner();
 	let files;
 	if (options.staged) {
 		files = filterProjectFiles(resolvedDir, getStagedFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} staged file(s)`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} staged file(s)`);
 	} else if (options.changes) {
 		files = filterProjectFiles(resolvedDir, getChangedFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} changed file(s)`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} changed file(s)`);
 	} else {
 		files = filterProjectFiles(resolvedDir, listProjectFiles(resolvedDir), [], config.exclude);
-		if (!options.json) log.muted(`Scope: ${files.length} file(s) after exclusions`);
+		if (!machineOutput) log.muted(`Scope: ${files.length} file(s) after exclusions`);
 	}
 	const configDir = findConfigDir(resolvedDir);
 	const rulesPath = configDir ? path.join(configDir, RULES_FILE) : void 0;
@@ -9067,7 +9907,7 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 	}));
 	const progressRenderer = useLiveProgress ? new LiveGrid(gridRows) : null;
 	progressRenderer?.start();
-	const results = await runEngines({
+	const rawResults = await runEngines({
 		rootDirectory: resolvedDir,
 		languages: projectInfo.languages,
 		frameworks: projectInfo.frameworks,
@@ -9100,9 +9940,13 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 				elapsedMs: result.elapsed
 			});
 		}
-		if (!options.json && !progressRenderer) printEngineStatus(result);
+		if (!machineOutput && !progressRenderer) printEngineStatus(result);
 	});
 	progressRenderer?.stop();
+	const results = rawResults.map((result) => ({
+		...result,
+		diagnostics: applyRuleSeverities(result.diagnostics, config.rules)
+	}));
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
 	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds, projectInfo.sourceFileCount, config.scoring.smoothing);
@@ -9123,12 +9967,24 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 		engineIssues,
 		engineTimings
 	};
+	if (options.sarif) {
+		const { buildSarifLog } = await import("./sarif-CZVuavf_.js");
+		console.log(JSON.stringify(buildSarifLog(results), null, 2));
+		return completion;
+	}
 	if (options.json) {
 		const { buildJsonOutput } = await import("./json-OIzja7OM.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return completion;
 	}
+	if (!options.staged && !options.changes && options.command !== "ci" && !isCiEnv()) appendHistory({
+		directory: resolvedDir,
+		score: scoreResult.score,
+		errors: completion.errorCount,
+		warnings: completion.warningCount,
+		files: projectInfo.sourceFileCount
+	});
 	const projectName = projectInfo.projectName ?? "project";
 	const language = projectInfo.languages[0] ?? "unknown";
 	process.stdout.write(buildScanRender({
@@ -9155,7 +10011,8 @@ const ciCommand = async (directory, config, options = {}) => {
 			changes: false,
 			staged: false,
 			verbose: false,
-			json: !options.human,
+			json: !options.human && !options.sarif,
+			sarif: options.sarif,
 			command: "ci"
 		});
 	} catch (error) {
@@ -9681,6 +10538,16 @@ const AGENT_CONFIGS = {
 		bin: "goose",
 		args: (p) => ["run", p]
 	},
+	pi: {
+		type: "cli",
+		bin: "pi",
+		args: (p) => ["-p", p]
+	},
+	crush: {
+		type: "cli",
+		bin: "crush",
+		args: (p) => ["run", p]
+	},
 	cursor: {
 		type: "editor",
 		bin: "cursor"
@@ -11535,6 +12402,11 @@ const BUILTIN_RULES = [
 		rules: [
 			"ai-slop/trivial-comment",
 			"ai-slop/swallowed-exception",
+			"ai-slop/silent-recovery",
+			"ai-slop/meta-comment",
+			"ai-slop/redundant-try-catch",
+			"ai-slop/redundant-type-coercion",
+			"ai-slop/duplicate-type-declaration",
 			"ai-slop/thin-wrapper",
 			"ai-slop/generic-naming",
 			"ai-slop/unused-import",
@@ -11548,6 +12420,8 @@ const BUILTIN_RULES = [
 			"ai-slop/ts-directive",
 			"ai-slop/narrative-comment",
 			"ai-slop/duplicate-import",
+			"ai-slop/hardcoded-url",
+			"ai-slop/hardcoded-id",
 			"ai-slop/python-bare-except",
 			"ai-slop/python-broad-except",
 			"ai-slop/python-mutable-default",
@@ -11714,6 +12588,73 @@ const interactiveCommand = async (directory, config) => {
 	}
 };
 
+//#endregion
+//#region src/commands/trend.ts
+const SPARK_TICKS = [
+	"▁",
+	"▂",
+	"▃",
+	"▄",
+	"▅",
+	"▆",
+	"▇",
+	"█"
+];
+const DEFAULT_LIMIT = 20;
+const renderSparkline = (scores) => {
+	if (scores.length === 0) return "";
+	const min = Math.min(...scores);
+	const span = Math.max(...scores) - min;
+	return scores.map((score) => {
+		if (span === 0) return SPARK_TICKS[SPARK_TICKS.length - 1];
+		const ratio = (score - min) / span;
+		return SPARK_TICKS[Math.round(ratio * (SPARK_TICKS.length - 1))];
+	}).join("");
+};
+const formatDate = (timestamp) => {
+	const date = new Date(timestamp);
+	if (Number.isNaN(date.getTime())) return timestamp;
+	return date.toISOString().slice(0, 16).replace("T", " ");
+};
+const delta = (current, previous) => {
+	if (previous === void 0) return "";
+	const diff = current - previous;
+	if (diff > 0) return style(theme, "success", `+${diff}`);
+	if (diff < 0) return style(theme, "danger", `${diff}`);
+	return style(theme, "muted", "0");
+};
+const buildTrendRender = (input) => {
+	const header = renderHeader({
+		version: APP_VERSION,
+		command: "trend",
+		context: [],
+		brand: input.printBrand !== false
+	});
+	if (input.records.length === 0) return `${header}\n  ${style(theme, "muted", "No score history yet. Run a scan to start tracking trends.")}\n`;
+	const limit = input.limit ?? DEFAULT_LIMIT;
+	const recent = input.records.slice(-limit);
+	const scores = recent.map((r) => r.score);
+	const lines = [header];
+	lines.push(`  ${style(theme, "dim", padEnd("Date", 18))}${style(theme, "dim", padEnd("Score", 8))}${style(theme, "dim", padEnd("Δ", 6))}${style(theme, "dim", padEnd("Err", 6))}${style(theme, "dim", "Warn")}`);
+	recent.forEach((record, index) => {
+		const previous = index > 0 ? recent[index - 1]?.score : void 0;
+		lines.push(`  ${padEnd(formatDate(record.timestamp), 18)}${padEnd(String(record.score), 8)}${padEnd(delta(record.score, previous), 6)}${padEnd(String(record.errors), 6)}${record.warnings}`);
+	});
+	const latest = recent[recent.length - 1];
+	lines.push("");
+	lines.push(`  ${style(theme, "accent", renderSparkline(scores))}`);
+	lines.push(`  ${style(theme, "muted", `${recent.length} run(s), latest score ${latest?.score}`)}`);
+	lines.push(renderHintLine("Run aislop scan to add a new data point").trimEnd());
+	return `${lines.join("\n")}\n`;
+};
+const trendCommand = (directory, limit) => {
+	const records = readHistory(directory);
+	process.stdout.write(buildTrendRender({
+		records,
+		limit
+	}));
+};
+
 //#endregion
 //#region src/cli.ts
 process.on("SIGINT", () => process.exit(0));
@@ -11729,17 +12670,22 @@ const commaSeparatedParser = (value, previous = []) => {
 	const parts = value.split(",").map((v) => v.trim()).filter(Boolean);
 	return [...previous, ...parts];
 };
+const wantsSarif = (flags) => Boolean(flags.sarif) || flags.format === "sarif";
+const wantsJson = (flags) => Boolean(flags.json) || flags.format === "json";
 const runScan = async (directory, flags) => {
 	const config = loadConfig(directory);
-	const { exitCode } = await scanCommand(directory, {
+	const finalConfig = {
 		...config,
 		exclude: [...config.exclude ?? [], ...flags.exclude ?? []],
 		include: [...config.include ?? [], ...flags.include ?? []]
-	}, {
+	};
+	const sarif = wantsSarif(flags);
+	const { exitCode } = await scanCommand(directory, finalConfig, {
 		changes: Boolean(flags.changes),
 		staged: Boolean(flags.staged),
 		verbose: Boolean(flags.verbose),
-		json: Boolean(flags.json),
+		json: !sarif && wantsJson(flags),
+		sarif,
 		exclude: flags.exclude,
 		include: flags.include
 	});
@@ -11748,8 +12694,8 @@ const runScan = async (directory, flags) => {
 		process.exitCode = exitCode;
 	}
 };
-const noFlagsPassed = (flags) => !flags.changes && !flags.staged && !flags.verbose && !flags.json && !(flags.exclude && flags.exclude.length > 0) && !(flags.include && flags.include.length > 0);
-const program = new Command().name("aislop").description("The unified code quality CLI").version(APP_VERSION, "-v, --version").argument("[directory]", "project directory to scan", ".").option("--changes", "only scan changed files (git diff)").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON instead of terminal UI").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory, flags) => {
+const noFlagsPassed = (flags) => !flags.changes && !flags.staged && !flags.verbose && !flags.json && !flags.sarif && !flags.format && !(flags.exclude && flags.exclude.length > 0) && !(flags.include && flags.include.length > 0);
+const program = new Command().name("aislop").description("The unified code quality CLI").version(APP_VERSION, "-v, --version").argument("[directory]", "project directory to scan", ".").option("--changes", "only scan changed files (git diff)").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON instead of terminal UI").option("--sarif", "output SARIF 2.1.0 (for GitHub code scanning)").option("--format <format>", "output format: json or sarif").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory, flags) => {
 	if (noFlagsPassed(flags) && process.stdin.isTTY) try {
 		await interactiveCommand(directory, loadConfig(directory));
 		return;
@@ -11767,6 +12713,7 @@ ${style(theme, "dim", "Commands:")}
   npx aislop doctor [dir]    Check installed tools
   npx aislop ci [dir]        CI-friendly JSON output
   npx aislop rules [dir]     List all rules
+  npx aislop trend [dir]     Show score history trend
 
 ${style(theme, "dim", "Examples:")}
   npx aislop                 Interactive menu
@@ -11780,12 +12727,14 @@ ${style(theme, "dim", "Examples:")}
   npx aislop fix --cursor    Open Cursor + copy prompt to clipboard
   npx aislop fix -p          Print a prompt to paste into any coding agent
   npx aislop ci              JSON output for CI pipelines
+  npx aislop scan --sarif    SARIF 2.1.0 for GitHub code scanning
+  npx aislop trend           Show score history over time
   npx aislop scan --exclude node_modules
   npx aislop scan --exclude node_modules,dist,file.txt
   npx aislop scan --exclude node_modules --exclude dist --exclude **/*.ts
 ${renderHintLine("Run npx aislop scan to scan your project").trimEnd()}
 `);
-program.command("scan [directory]").description("Run full code quality scan").option("--changes", "only scan changed files").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory = ".", _flags, command) => {
+program.command("scan [directory]").description("Run full code quality scan").option("--changes", "only scan changed files").option("--staged", "only scan staged files").option("-d, --verbose", "show file details per rule").option("--json", "output JSON").option("--sarif", "output SARIF 2.1.0 (for GitHub code scanning)").option("--format <format>", "output format: json or sarif").option("--exclude <patterns>", "comma-separated or repeatable list of paths and files to exclude", commaSeparatedParser, []).option("--include <patterns>", "comma-separated or repeatable list of paths and files to include", commaSeparatedParser, []).action(async (directory = ".", _flags, command) => {
 	await runScan(directory, command.optsWithGlobals());
 });
 const FIX_AGENT_FLAGS = [
@@ -11858,6 +12807,16 @@ const FIX_AGENT_FLAGS = [
 		flag: "goose",
 		name: "goose",
 		help: "open Goose to fix remaining issues"
+	},
+	{
+		flag: "pi",
+		name: "pi",
+		help: "open pi to fix remaining issues"
+	},
+	{
+		flag: "crush",
+		name: "crush",
+		help: "open Crush to fix remaining issues"
 	}
 ];
 const matchFixAgent = (flags) => {
@@ -11893,9 +12852,12 @@ program.command("doctor [directory]").description("Check installed tools and env
 		return { exitCode: 0 };
 	});
 });
-program.command("ci [directory]").description("CI-friendly JSON output with exit codes").option("--human", "render the human-friendly scan design instead of JSON").action(async (directory = ".", _flags, command) => {
+program.command("ci [directory]").description("CI-friendly JSON output with exit codes").option("--human", "render the human-friendly scan design instead of JSON").option("--sarif", "output SARIF 2.1.0 (for GitHub code scanning)").option("--format <format>", "output format: json or sarif").action(async (directory = ".", _flags, command) => {
 	const flags = command.optsWithGlobals();
-	const { exitCode } = await ciCommand(directory, loadConfig(directory), { human: Boolean(flags.human) });
+	const { exitCode } = await ciCommand(directory, loadConfig(directory), {
+		human: Boolean(flags.human),
+		sarif: Boolean(flags.sarif) || flags.format === "sarif"
+	});
 	if (exitCode !== 0) {
 		await flushTelemetry();
 		process.exitCode = exitCode;
@@ -11931,6 +12893,16 @@ program.command("badge [directory]").description("Print the public score badge U
 		process.exit(1);
 	}
 });
+program.command("trend [directory]").description("Show score history trend from .aislop/history.jsonl").option("--limit <n>", "number of recent runs to show", (v) => Number.parseInt(v, 10)).action(async (directory = ".", _flags, command) => {
+	const flags = command.optsWithGlobals();
+	await withCommandLifecycle({
+		command: "trend",
+		config: loadConfig(directory).telemetry
+	}, async () => {
+		trendCommand(directory, flags.limit);
+		return { exitCode: 0 };
+	});
+});
 registerHookCommand(program);
 const main = async () => {
 	fireInstalledOnce();