aislop 0.9.5 → 0.10.0

package/dist/cli.js

@@ -34,7 +34,7 @@ var __exportAll = (all, no_symbols) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.5";
+const APP_VERSION = "0.10.0";
 
 //#endregion
 //#region src/telemetry/env.ts
@@ -1111,14 +1111,16 @@ const THIN_WRAPPER_PATTERNS = [
 const AI_NAMING_PATTERNS = [/(?:helper|util|handler|process|do|handle|execute|perform)_?\d+/i, /(?:data|temp|result|value|item|obj|arr|str|num|val)\d+/];
 const FRAMEWORK_METHOD_NAMES = /^(?:setUp|tearDown|setUpClass|tearDownClass|setUpModule|tearDownModule)$/;
 const DUNDER_PATTERN = /^__\w+__$/;
-const hasHardcodedArgs = (matchText) => {
-	const innerCallMatch = matchText.match(/=>\s*\w+\(([^)]*)\)\s*;?\s*$/);
-	if (!innerCallMatch) {
-		const returnCallMatch = matchText.match(/return\s+\w+\(([^)]*)\)\s*;?\s*\}/);
-		if (!returnCallMatch) return false;
-		return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(returnCallMatch[1]);
-	}
-	return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(innerCallMatch[1]);
+const stripParam = (p) => p.trim().split(/[:=]/)[0].trim().replace(/^[*&]+/, "");
+const paramNames = (paramsText) => new Set(paramsText.split(",").map(stripParam).filter((p) => p && p !== "self" && p !== "cls"));
+const isIdentityForward = (matchText) => {
+	const paramsMatch = matchText.match(/\(([^)]*)\)/);
+	const innerMatch = matchText.match(/(?:return\s+\w+|=>\s*\w+)\s*\(([^)]*)\)/);
+	if (!paramsMatch || !innerMatch) return false;
+	const params = paramNames(paramsMatch[1]);
+	const args = innerMatch[1].split(",").map((a) => a.trim()).filter((a) => a.length > 0);
+	if (args.length === 0) return false;
+	return args.every((a) => /^[A-Za-z_$][\w$]*$/.test(a) && params.has(a));
 };
 const isUseContextWrapper = (matchText) => /\buse\w+/.test(matchText) && /useContext\s*\(/.test(matchText);
 const detectThinWrappers = (content, relativePath, ext) => {
@@ -1138,7 +1140,7 @@ const detectThinWrappers = (content, relativePath, ext) => {
 				const prevLine = lines[lineNumber - 2]?.trim();
 				if (prevLine && prevLine.startsWith("@")) continue;
 			}
-			if (hasHardcodedArgs(matchText)) continue;
+			if (!isIdentityForward(matchText)) continue;
 			if (isUseContextWrapper(matchText)) continue;
 			diagnostics.push({
 				filePath: relativePath,
@@ -1223,8 +1225,7 @@ const JUSTIFICATION_OPENERS = [
 	/^(?:First|Then|Finally|Next|Lastly|Subsequently),?\s+(?:it|we|the\s+(?:function|method|class))\b/i
 ];
 const EXPLANATORY_OPENERS = /^(Matches|Detects|Represents|Holds|Stores|Tracks|Handles|Manages|Controls|Contains|Captures|Encapsulates|Wraps|Describes)\s+[A-Za-z`'"]/;
-const STEP_COMMENT_VERB_RE = /^(?:Render|Enable|Disable|Initialize|Init|Setup|Set|Get|Fetch|Load|Save|Build|Create|Delete|Remove|Add|Update|Process|Execute|Run|Start|Stop|Clean|Cleanup|Configure|Validate|Check|Verify|Parse|Extract|Apply|Wait|Sleep|Skip|Allow|Deny|Lock|Unlock|Refresh|Reload|Reset|Clear|Send|Receive|Read|Write|Print|Log|Emit|Dispatch|Fire|Open|Close|Bind|Connect|Disconnect|Register|Unregister|Push|Pop|Insert|Append|Prepend|Sort|Filter|Find|Search|Replace|Encode|Decode|Convert|Transform|Map|Reduce|Iterate|Loop|Walk|Visit|Mark|Unmark|Toggle|Switch|Restart|Resume|Pause|Abort|Cancel|Compute|Calculate|Resolve|Reject|Ignore|Handle|Track|Trace|Increment|Decrement|Round|Truncate|Resize|Move|Copy|Clone|Merge|Split|Join|Wrap|Unwrap|Bump|Drain|Flush|Sync|Persist|Commit|Rollback|Yield|Return|Discard|Defer|Pin|Unpin|Mount|Unmount|Spawn|Kill|Restore)(?:\s|$)/;
-const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design)\b/i;
+const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design|ideally|however|although|even\s+though|despite|whereas|unfortunately|trade-?off|first\s+need)\b/i;
 const MEANINGFUL_JSDOC_TAGS = new Set([
 	"deprecated",
 	"see",
@@ -1320,7 +1321,7 @@ const PHP_DECL_START = /^\s*(?:(?:public|private|protected|static|final|abstract
 
 //#endregion
 //#region src/engines/ai-slop/non-production-paths.ts
-const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
+const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|docs?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
 const BASENAME_PATTERN = /(?:^|\/)(?:benchmark|bench|demo|example|script|seed|migrate|profile|smoke|stress|load|debug|repro)[-_.][^/]*\.[mc]?[jt]sx?$|(?:^|\/)[^/]+[-_](?:benchmark|bench|demo|example)\.[mc]?[jt]sx?$/i;
 const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) || BASENAME_PATTERN.test(relativePath);
 
@@ -1329,7 +1330,7 @@ const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) ||
 const TRIVIAL_VERB_STEMS = "Import|Defin|Initializ|Setting|Set\\s+up|Setup|Return|Check|Loop|Iterat|Creat|Updat|Delet|Remov|Handl|Get|Fetch|Increment|Decrement|Writ|Runn|Run|Pars|Execut|Extract|Sav|Load|Build|Start|Stopp|Stop|Clean(?:up|\\s+up)?|Configur|Validat|Process|Queue|Fire|Emit|Dispatch|Log|Print|Render";
 const TRIVIAL_JS_COMMENT_PATTERNS = [/\/\/\s*This (?:function|method|class|variable|constant) (?:will |is used to |is responsible for )?/i, new RegExp(`\\/\\/\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
 const TRIVIAL_PYTHON_COMMENT_PATTERNS = [/^#\s*This (?:function|method|class) (?:will |is used to )?/i, new RegExp(`^#\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
-const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?)\b/i;
+const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?|if|when|unless|until|only|except|otherwise|needs?|must|should|ensure|avoid|prevent|requires?)\b/i;
 const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
 const MAX_TRIVIAL_COMMENT_LENGTH = 60;
 const isJsComment = (trimmed) => trimmed.startsWith("//") && !trimmed.startsWith("///") && !trimmed.startsWith("//!");
@@ -1478,6 +1479,7 @@ const TODO_PATTERN = new RegExp(`\\b(?:${[
 	"PLACEHOLDER",
 	"STUB"
 ].join("|")})[:\\s]`);
+const TODO_TRACKING_RE = /https?:\/\/|#\d+|\bgh-\d+\b|\b[A-Z][A-Z0-9]+-\d+\b|\b(?:issue|ticket|jira)\b/i;
 const isBlockCloserAfterReturn = (line) => line.startsWith("}") || line.startsWith("};") || line.startsWith("),") || line.startsWith(");") || line.startsWith("],") || line.startsWith("]);");
 const isGuardedSingleLineExit = (lines, lineIndex) => {
 	const contextLines = [];
@@ -1497,7 +1499,10 @@ const detectTodoStubs = (content, relativePath) => {
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
 		if (!trimmed.startsWith("//") && !trimmed.startsWith("#") && !trimmed.startsWith("*") && !trimmed.startsWith("/*")) continue;
-		if (TODO_PATTERN.test(trimmed)) diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		if (TODO_PATTERN.test(trimmed)) {
+			if (TODO_TRACKING_RE.test(trimmed)) continue;
+			diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		}
 	}
 	return diagnostics;
 };
@@ -2011,11 +2016,42 @@ const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|li
 const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
 const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
 const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
 const PLACEHOLDER_HOSTS = new Set([
 	"example.com",
 	"example.org",
 	"example.net"
 ]);
+const LOOPBACK_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1"
+]);
+const VENDOR_API_DOMAINS = [
+	"github.com",
+	"githubusercontent.com",
+	"googleapis.com",
+	"accounts.google.com",
+	"stripe.com",
+	"openai.com",
+	"anthropic.com",
+	"slack.com",
+	"twilio.com",
+	"sendgrid.com",
+	"mailgun.net",
+	"cloudflare.com",
+	"discord.com",
+	"telegram.org",
+	"login.microsoftonline.com",
+	"graph.microsoft.com",
+	"twitter.com",
+	"x.com",
+	"twimg.com",
+	"t.co",
+	"api.telegram.org"
+];
+const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
 const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
 const HARDCODED_URL_FINDING = {
 	rule: "ai-slop/hardcoded-url",
@@ -2059,14 +2095,18 @@ const shouldFlagUrlLiteral = (line, urlText) => {
 	const host = safeUrlHost(urlText);
 	if (!host) return false;
 	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (LOOPBACK_HOSTS.has(host)) return false;
+	if (isVendorApiHost(host)) return false;
 	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
 	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
 };
+const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
 const hasUsefulIdShape = (value) => {
 	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (ENV_VAR_NAME_RE.test(value)) return false;
 	if (/^https?:\/\//i.test(value)) return false;
 	if (/^[A-Za-z]+$/.test(value)) return false;
-	return /[0-9_-]/.test(value);
+	return /[0-9]/.test(value);
 };
 const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 	const diagnostics = [];
@@ -2093,6 +2133,7 @@ const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 const scanFileForConfigLiterals = (content, relativePath, ext) => {
 	if (!SOURCE_EXTENSIONS.has(ext)) return [];
 	if (isNonProductionPath(relativePath)) return [];
+	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
 	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
 };
 const detectHardcodedConfigLiterals = async (context) => {
@@ -2240,7 +2281,9 @@ const PYTHON_STDLIB = new Set([
 	"builtins",
 	"bz2",
 	"calendar",
+	"code",
 	"codecs",
+	"codeop",
 	"collections",
 	"concurrent",
 	"configparser",
@@ -2313,6 +2356,7 @@ const PYTHON_STDLIB = new Set([
 	"readline",
 	"reprlib",
 	"resource",
+	"rlcompleter",
 	"secrets",
 	"select",
 	"selectors",
@@ -2411,6 +2455,7 @@ const PYTHON_IMPORT_TO_PIP = {
 	pptx: ["python-pptx"],
 	git: ["gitpython"],
 	socks: ["pysocks"],
+	psycopg2: ["psycopg2-binary", "psycopg2"],
 	redis: ["redis"],
 	cairo: ["pycairo"],
 	serial: ["pyserial"],
@@ -2500,6 +2545,8 @@ const collectFromPyproject = (rootDir, pyDeps) => {
 		}
 		const extras = content.match(/\[project\.optional-dependencies\]([\s\S]*?)(?=\n\[|$)/);
 		if (extras) for (const m of extras[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
+		const groups = content.match(/\[dependency-groups\]([\s\S]*?)(?=\n\[[^[]|$)/);
+		if (groups) for (const m of groups[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
 		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
 		let match = poetryRe.exec(content);
 		while (match !== null) {
@@ -2732,9 +2779,28 @@ const extractJsImports = (content) => {
 const extractPyImports = (content) => {
 	const lines = content.split("\n");
 	const results = [];
+	let inDoc = null;
+	let typeCheckIndent = -1;
 	for (let i = 0; i < lines.length; i++) {
-		const line = lines[i].trim();
-		if (line.startsWith("#")) continue;
+		const raw = lines[i];
+		const line = raw.trim();
+		if (inDoc) {
+			if (line.includes(inDoc)) inDoc = null;
+			continue;
+		}
+		if (line === "" || line.startsWith("#")) continue;
+		const triples = line.match(/"""|'''/g);
+		if (triples) {
+			if (triples.length % 2 === 1) inDoc = triples[triples.length - 1];
+			continue;
+		}
+		const indent = raw.length - raw.trimStart().length;
+		if (typeCheckIndent >= 0 && indent <= typeCheckIndent) typeCheckIndent = -1;
+		if (/^if\s+(?:[\w.]+\.)?TYPE_CHECKING\b/.test(line)) {
+			typeCheckIndent = indent;
+			continue;
+		}
+		if (typeCheckIndent >= 0) continue;
 		const fromMatch = line.match(/^from\s+([\w.]+)\s+import\b/);
 		if (fromMatch && !fromMatch[1].startsWith(".")) {
 			results.push({
@@ -2744,8 +2810,8 @@ const extractPyImports = (content) => {
 			continue;
 		}
 		const importMatch = line.match(/^import\s+([\w.,\s]+?)(?:\s+as\s+\w+)?\s*$/);
-		if (importMatch) for (const raw of importMatch[1].split(",")) {
-			const cleaned = raw.trim().split(/\s+as\s+/)[0];
+		if (importMatch) for (const part of importMatch[1].split(",")) {
+			const cleaned = part.trim().split(/\s+as\s+/)[0];
 			if (cleaned && !cleaned.startsWith(".")) results.push({
 				spec: cleaned,
 				line: i + 1
@@ -2802,6 +2868,7 @@ const detectHallucinatedImports = async (context) => {
 			continue;
 		}
 		const relPath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relPath)) continue;
 		const imports = isJs ? extractJsImports(content) : extractPyImports(content);
 		for (const { spec, line } of imports) {
 			const hallucinated = isJs ? checkJsImport(spec, manifest, tsAliasMatchers) : checkPyImport(spec, manifest);
@@ -2929,7 +2996,7 @@ const collectBlocks = (sourceLines, syntax) => {
 //#endregion
 //#region src/engines/ai-slop/meta-comment.ts
 const PLAN_REFERENCE_RES = [
-	/\b(?:stage|step|phase)\s+\d+\b(?!\s*[:.]?\s*(?:bytes|ms|seconds|of\s+\d))/i,
+	/^(?:stage|step|phase)\s+\d+\s*[:.\-–—]/i,
 	/\bstep\s+\d+\s+of\s+the\s+plan\b/i,
 	/\bas\s+(?:per|requested)\s+(?:the\s+)?(?:requirements?|spec|task|ticket|prompt|instructions?)\b/i,
 	/\bper\s+the\s+(?:spec|requirements?|task|ticket|plan|prompt|instructions?)\b/i,
@@ -3031,24 +3098,6 @@ const looksLikeLicenseHeader = (block) => {
 	const text = block.rawLines.join(" ").toLowerCase();
 	return text.includes("copyright") || text.includes("license") || text.includes("spdx-license-identifier");
 };
-const BARE_LABEL_RE = /^[A-Z][A-Za-z0-9 ]{1,28}$/;
-const isBareSectionLabel = (prose) => {
-	if (!BARE_LABEL_RE.test(prose)) return false;
-	if (prose.endsWith(".")) return false;
-	if (prose.split(/\s+/).length > 3) return false;
-	if (STEP_COMMENT_VERB_RE.test(prose)) return false;
-	return true;
-};
-const DATA_ENTRY_START = /^\s*(?:\{|\[|["'`]|\d|\w+:\s|case\s)/;
-const nextLineLooksLikeDataEntry = (nextLine) => {
-	if (nextLine === null) return false;
-	if (!DATA_ENTRY_START.test(nextLine)) return false;
-	const trimmed = nextLine.trim();
-	if (trimmed.startsWith("case ")) return true;
-	if (trimmed.startsWith("{") || trimmed.startsWith("[") || trimmed.startsWith("\"") || trimmed.startsWith("'") || trimmed.startsWith("`")) return true;
-	if (/^\w+\s*:/.test(trimmed)) return true;
-	return false;
-};
 const looksLikeSuppressDirective = (block) => block.rawLines.some((l) => /\b(biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(l));
 const GO_DECL_NAME_RE = /^(?:func|type|var|const)\s+(?:\([^)]*\)\s*)?(\w+)/;
 const GO_FIELD_LEAD_RE = /^(\w+)\s+/;
@@ -3137,10 +3186,6 @@ const detectNarrativeInBlock = (block, ext) => {
 		matched: true,
 		reason: "phase/section header"
 	};
-	if (block.kind === "line" && block.prose.length === 1 && isBareSectionLabel(block.prose[0]) && !nextLineLooksLikeDataEntry(block.nextNonBlankLine) && !looksLikeDeclarationPreamble(block.nextNonBlankLine, ext)) return {
-		matched: true,
-		reason: "bare section label"
-	};
 	const joined = block.prose.join(" ");
 	const hasWhyMarker = EXPLANATORY_WHY_MARKERS.test(joined);
 	if (hasWhyMarker || hasDocIndicator(block)) return {
@@ -3171,17 +3216,11 @@ const detectNarrativeInBlock = (block, ext) => {
 	};
 	const nonEmptyProseCount = block.prose.filter((l) => l.length > 0).length;
 	const isAboveDeclaration = looksLikeDeclarationPreamble(block.nextNonBlankLine, ext);
-	if (nonEmptyProseCount >= 5) {
-		if (isAboveDeclaration) return {
-			matched: false,
-			reason: ""
-		};
-		return {
-			matched: true,
-			reason: "long narrative block"
-		};
-	}
-	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration) return {
+	if (nonEmptyProseCount >= 5 && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
+		matched: true,
+		reason: "long narrative block"
+	};
+	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
 		matched: true,
 		reason: "multi-line narrative prose"
 	};
@@ -3623,7 +3662,14 @@ const JS_EXTS$1 = new Set([
 	".mjs",
 	".cjs"
 ]);
-const CATCH_HEAD_RE = /\bcatch\s*(?:\([^)]*\))?\s*\{/g;
+const CATCH_HEAD_RE = /\bcatch\s*(?:\(\s*([^)]*?)\s*\))?\s*\{/g;
+const isIdentifier = (s) => /^[A-Za-z_$][\w$]*$/.test(s);
+const recoveryDropsError = (binding, body) => {
+	const name = binding?.trim() ?? "";
+	if (name === "") return true;
+	if (!isIdentifier(name)) return false;
+	return !new RegExp(`\\b${name}\\b`).test(body);
+};
 const LOG_STATEMENT_RE = /^(?:console|[\w$]+(?:\.[\w$]+)*)\.(?:log|info|warn|warning|error|debug|trace)\s*\(/;
 const HANDLING_TOKEN_RE = /\b(?:throw|return|reject|next|process\.exit|continue|break)\b/;
 const stripBlockComments = (text) => text.replace(/\/\*[\s\S]*?\*\//g, "");
@@ -3673,14 +3719,15 @@ const detectJsSilentRecovery = (content, relPath) => {
 		const body = extractCatchBody(content, match.index + match[0].length - 1);
 		if (body === null) continue;
 		if (!isLogOnlyBody(body)) continue;
+		if (!recoveryDropsError(match[1], body)) continue;
 		const line = content.slice(0, match.index).split("\n").length;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "Catch only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: rethrow, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "Catch logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or rethrow / recover explicitly, so the failure stays diagnosable.",
 			line,
 			column: 0,
 			category: "AI Slop",
@@ -3690,6 +3737,7 @@ const detectJsSilentRecovery = (content, relPath) => {
 	return out;
 };
 const PY_EXCEPT_RE = /^(\s*)except\b[^\n]*:\s*(?:#.*)?$/;
+const PY_EXCEPT_BINDING_RE = /\bas\s+(\w+)\s*:/;
 const PY_LOG_STATEMENT_RE = /^(?:logging|logger|log|self\.log|self\.logger|print)(?:\.(?:debug|info|warning|warn|error|exception|critical))?\s*\(/;
 const PY_HANDLING_TOKEN_RE = /^(?:raise\b|return\b|continue\b|break\b|self\.|[\w.]+\s*=)/;
 const detectPySilentRecovery = (content, relPath) => {
@@ -3713,13 +3761,14 @@ const detectPySilentRecovery = (content, relPath) => {
 		const allLogs = bodyLines.every((line) => PY_LOG_STATEMENT_RE.test(line) || /^[\w"'(),.\s+:%{}[\]-]+$/.test(line));
 		const sawLog = bodyLines.some((line) => PY_LOG_STATEMENT_RE.test(line));
 		if (!allLogs || !sawLog) continue;
+		if (!recoveryDropsError(PY_EXCEPT_BINDING_RE.exec(lines[i])?.[1], bodyLines.join(" "))) continue;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "except only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: re-raise, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "except logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or re-raise / recover explicitly, so the failure stays diagnosable.",
 			line: i + 1,
 			column: 0,
 			category: "AI Slop",
@@ -3822,10 +3871,11 @@ const extractPyImportedSymbols = (lines) => {
 	const importLines = /* @__PURE__ */ new Set();
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
-		const fromMatch = trimmed.match(/^from\s+[\w.]+\s+import\s+(.+)/);
+		const fromMatch = trimmed.match(/^from\s+([\w.]+)\s+import\s+(.+)/);
 		if (fromMatch) {
 			importLines.add(i);
-			const importPart = fromMatch[1].replace(/#.*$/, "").trim();
+			if (fromMatch[1] === "__future__") continue;
+			const importPart = fromMatch[2].replace(/#.*$/, "").trim();
 			if (importPart === "*") continue;
 			const cleaned = importPart.replace(/[()]/g, "");
 			for (const item of cleaned.split(",")) {
@@ -7147,6 +7197,13 @@ const runEngines = async (context, enabledEngines, onStart, onComplete) => {
 //#endregion
 //#region src/scoring/index.ts
 const PERFECT_SCORE = 100;
+const STYLE_RULES = new Set([
+	"ai-slop/trivial-comment",
+	"ai-slop/narrative-comment",
+	"complexity/file-too-large",
+	"complexity/function-too-long"
+]);
+const STYLE_WEIGHT = .5;
 const getEffectiveFileCount = (diagnostics, sourceFileCount) => {
 	if (typeof sourceFileCount === "number" && sourceFileCount > 0) return sourceFileCount;
 	const filesWithDiagnostics = new Set(diagnostics.map((d) => d.filePath)).size;
@@ -7161,7 +7218,8 @@ const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoot
 	for (const d of diagnostics) {
 		const engineWeight = weights[d.engine] ?? 1;
 		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
-		deductions += severityPenalty * engineWeight;
+		const styleFactor = STYLE_RULES.has(d.rule) ? STYLE_WEIGHT : 1;
+		deductions += severityPenalty * engineWeight * styleFactor;
 	}
 	const effectiveFileCount = getEffectiveFileCount(diagnostics, sourceFileCount);
 	const smoothingConstant = typeof smoothing === "number" ? smoothing : 10;

package/dist/index.js

@@ -1,6 +1,6 @@
 import { n as getEngineLabel, t as ENGINE_INFO } from "./engine-info-DCvIfZ0f.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-CQUJDGgn.js";
-import { t as APP_VERSION } from "./version-ls3wZmOU.js";
+import { t as APP_VERSION } from "./version-DYg_ShBx.js";
 import { r as runGenericLinter, t as fixRubyLint } from "./generic-D_T4cUaC.js";
 import { n as runExpoDoctor } from "./expo-doctor-BcIkOte5.js";
 import { createRequire, isBuiltin } from "node:module";
@@ -1280,14 +1280,16 @@ const THIN_WRAPPER_PATTERNS = [
 const AI_NAMING_PATTERNS = [/(?:helper|util|handler|process|do|handle|execute|perform)_?\d+/i, /(?:data|temp|result|value|item|obj|arr|str|num|val)\d+/];
 const FRAMEWORK_METHOD_NAMES = /^(?:setUp|tearDown|setUpClass|tearDownClass|setUpModule|tearDownModule)$/;
 const DUNDER_PATTERN = /^__\w+__$/;
-const hasHardcodedArgs = (matchText) => {
-	const innerCallMatch = matchText.match(/=>\s*\w+\(([^)]*)\)\s*;?\s*$/);
-	if (!innerCallMatch) {
-		const returnCallMatch = matchText.match(/return\s+\w+\(([^)]*)\)\s*;?\s*\}/);
-		if (!returnCallMatch) return false;
-		return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(returnCallMatch[1]);
-	}
-	return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(innerCallMatch[1]);
+const stripParam = (p) => p.trim().split(/[:=]/)[0].trim().replace(/^[*&]+/, "");
+const paramNames = (paramsText) => new Set(paramsText.split(",").map(stripParam).filter((p) => p && p !== "self" && p !== "cls"));
+const isIdentityForward = (matchText) => {
+	const paramsMatch = matchText.match(/\(([^)]*)\)/);
+	const innerMatch = matchText.match(/(?:return\s+\w+|=>\s*\w+)\s*\(([^)]*)\)/);
+	if (!paramsMatch || !innerMatch) return false;
+	const params = paramNames(paramsMatch[1]);
+	const args = innerMatch[1].split(",").map((a) => a.trim()).filter((a) => a.length > 0);
+	if (args.length === 0) return false;
+	return args.every((a) => /^[A-Za-z_$][\w$]*$/.test(a) && params.has(a));
 };
 const isUseContextWrapper = (matchText) => /\buse\w+/.test(matchText) && /useContext\s*\(/.test(matchText);
 const detectThinWrappers = (content, relativePath, ext) => {
@@ -1307,7 +1309,7 @@ const detectThinWrappers = (content, relativePath, ext) => {
 				const prevLine = lines[lineNumber - 2]?.trim();
 				if (prevLine && prevLine.startsWith("@")) continue;
 			}
-			if (hasHardcodedArgs(matchText)) continue;
+			if (!isIdentityForward(matchText)) continue;
 			if (isUseContextWrapper(matchText)) continue;
 			diagnostics.push({
 				filePath: relativePath,
@@ -1392,8 +1394,7 @@ const JUSTIFICATION_OPENERS = [
 	/^(?:First|Then|Finally|Next|Lastly|Subsequently),?\s+(?:it|we|the\s+(?:function|method|class))\b/i
 ];
 const EXPLANATORY_OPENERS = /^(Matches|Detects|Represents|Holds|Stores|Tracks|Handles|Manages|Controls|Contains|Captures|Encapsulates|Wraps|Describes)\s+[A-Za-z`'"]/;
-const STEP_COMMENT_VERB_RE = /^(?:Render|Enable|Disable|Initialize|Init|Setup|Set|Get|Fetch|Load|Save|Build|Create|Delete|Remove|Add|Update|Process|Execute|Run|Start|Stop|Clean|Cleanup|Configure|Validate|Check|Verify|Parse|Extract|Apply|Wait|Sleep|Skip|Allow|Deny|Lock|Unlock|Refresh|Reload|Reset|Clear|Send|Receive|Read|Write|Print|Log|Emit|Dispatch|Fire|Open|Close|Bind|Connect|Disconnect|Register|Unregister|Push|Pop|Insert|Append|Prepend|Sort|Filter|Find|Search|Replace|Encode|Decode|Convert|Transform|Map|Reduce|Iterate|Loop|Walk|Visit|Mark|Unmark|Toggle|Switch|Restart|Resume|Pause|Abort|Cancel|Compute|Calculate|Resolve|Reject|Ignore|Handle|Track|Trace|Increment|Decrement|Round|Truncate|Resize|Move|Copy|Clone|Merge|Split|Join|Wrap|Unwrap|Bump|Drain|Flush|Sync|Persist|Commit|Rollback|Yield|Return|Discard|Defer|Pin|Unpin|Mount|Unmount|Spawn|Kill|Restore)(?:\s|$)/;
-const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design)\b/i;
+const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design|ideally|however|although|even\s+though|despite|whereas|unfortunately|trade-?off|first\s+need)\b/i;
 const MEANINGFUL_JSDOC_TAGS = new Set([
 	"deprecated",
 	"see",
@@ -1489,7 +1490,7 @@ const PHP_DECL_START = /^\s*(?:(?:public|private|protected|static|final|abstract
 
 //#endregion
 //#region src/engines/ai-slop/non-production-paths.ts
-const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
+const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|docs?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
 const BASENAME_PATTERN = /(?:^|\/)(?:benchmark|bench|demo|example|script|seed|migrate|profile|smoke|stress|load|debug|repro)[-_.][^/]*\.[mc]?[jt]sx?$|(?:^|\/)[^/]+[-_](?:benchmark|bench|demo|example)\.[mc]?[jt]sx?$/i;
 const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) || BASENAME_PATTERN.test(relativePath);
 
@@ -1498,7 +1499,7 @@ const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) ||
 const TRIVIAL_VERB_STEMS = "Import|Defin|Initializ|Setting|Set\\s+up|Setup|Return|Check|Loop|Iterat|Creat|Updat|Delet|Remov|Handl|Get|Fetch|Increment|Decrement|Writ|Runn|Run|Pars|Execut|Extract|Sav|Load|Build|Start|Stopp|Stop|Clean(?:up|\\s+up)?|Configur|Validat|Process|Queue|Fire|Emit|Dispatch|Log|Print|Render";
 const TRIVIAL_JS_COMMENT_PATTERNS = [/\/\/\s*This (?:function|method|class|variable|constant) (?:will |is used to |is responsible for )?/i, new RegExp(`\\/\\/\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
 const TRIVIAL_PYTHON_COMMENT_PATTERNS = [/^#\s*This (?:function|method|class) (?:will |is used to )?/i, new RegExp(`^#\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
-const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?)\b/i;
+const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?|if|when|unless|until|only|except|otherwise|needs?|must|should|ensure|avoid|prevent|requires?)\b/i;
 const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
 const MAX_TRIVIAL_COMMENT_LENGTH = 60;
 const isJsComment = (trimmed) => trimmed.startsWith("//") && !trimmed.startsWith("///") && !trimmed.startsWith("//!");
@@ -1647,6 +1648,7 @@ const TODO_PATTERN = new RegExp(`\\b(?:${[
 	"PLACEHOLDER",
 	"STUB"
 ].join("|")})[:\\s]`);
+const TODO_TRACKING_RE = /https?:\/\/|#\d+|\bgh-\d+\b|\b[A-Z][A-Z0-9]+-\d+\b|\b(?:issue|ticket|jira)\b/i;
 const isBlockCloserAfterReturn = (line) => line.startsWith("}") || line.startsWith("};") || line.startsWith("),") || line.startsWith(");") || line.startsWith("],") || line.startsWith("]);");
 const isGuardedSingleLineExit = (lines, lineIndex) => {
 	const contextLines = [];
@@ -1666,7 +1668,10 @@ const detectTodoStubs = (content, relativePath) => {
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
 		if (!trimmed.startsWith("//") && !trimmed.startsWith("#") && !trimmed.startsWith("*") && !trimmed.startsWith("/*")) continue;
-		if (TODO_PATTERN.test(trimmed)) diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		if (TODO_PATTERN.test(trimmed)) {
+			if (TODO_TRACKING_RE.test(trimmed)) continue;
+			diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		}
 	}
 	return diagnostics;
 };
@@ -2180,11 +2185,42 @@ const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|li
 const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
 const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
 const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
 const PLACEHOLDER_HOSTS = new Set([
 	"example.com",
 	"example.org",
 	"example.net"
 ]);
+const LOOPBACK_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1"
+]);
+const VENDOR_API_DOMAINS = [
+	"github.com",
+	"githubusercontent.com",
+	"googleapis.com",
+	"accounts.google.com",
+	"stripe.com",
+	"openai.com",
+	"anthropic.com",
+	"slack.com",
+	"twilio.com",
+	"sendgrid.com",
+	"mailgun.net",
+	"cloudflare.com",
+	"discord.com",
+	"telegram.org",
+	"login.microsoftonline.com",
+	"graph.microsoft.com",
+	"twitter.com",
+	"x.com",
+	"twimg.com",
+	"t.co",
+	"api.telegram.org"
+];
+const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
 const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
 const HARDCODED_URL_FINDING = {
 	rule: "ai-slop/hardcoded-url",
@@ -2228,14 +2264,18 @@ const shouldFlagUrlLiteral = (line, urlText) => {
 	const host = safeUrlHost(urlText);
 	if (!host) return false;
 	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (LOOPBACK_HOSTS.has(host)) return false;
+	if (isVendorApiHost(host)) return false;
 	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
 	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
 };
+const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
 const hasUsefulIdShape = (value) => {
 	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (ENV_VAR_NAME_RE.test(value)) return false;
 	if (/^https?:\/\//i.test(value)) return false;
 	if (/^[A-Za-z]+$/.test(value)) return false;
-	return /[0-9_-]/.test(value);
+	return /[0-9]/.test(value);
 };
 const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 	const diagnostics = [];
@@ -2262,6 +2302,7 @@ const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 const scanFileForConfigLiterals = (content, relativePath, ext) => {
 	if (!SOURCE_EXTENSIONS.has(ext)) return [];
 	if (isNonProductionPath(relativePath)) return [];
+	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
 	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
 };
 const detectHardcodedConfigLiterals = async (context) => {
@@ -2409,7 +2450,9 @@ const PYTHON_STDLIB = new Set([
 	"builtins",
 	"bz2",
 	"calendar",
+	"code",
 	"codecs",
+	"codeop",
 	"collections",
 	"concurrent",
 	"configparser",
@@ -2482,6 +2525,7 @@ const PYTHON_STDLIB = new Set([
 	"readline",
 	"reprlib",
 	"resource",
+	"rlcompleter",
 	"secrets",
 	"select",
 	"selectors",
@@ -2580,6 +2624,7 @@ const PYTHON_IMPORT_TO_PIP = {
 	pptx: ["python-pptx"],
 	git: ["gitpython"],
 	socks: ["pysocks"],
+	psycopg2: ["psycopg2-binary", "psycopg2"],
 	redis: ["redis"],
 	cairo: ["pycairo"],
 	serial: ["pyserial"],
@@ -2669,6 +2714,8 @@ const collectFromPyproject = (rootDir, pyDeps) => {
 		}
 		const extras = content.match(/\[project\.optional-dependencies\]([\s\S]*?)(?=\n\[|$)/);
 		if (extras) for (const m of extras[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
+		const groups = content.match(/\[dependency-groups\]([\s\S]*?)(?=\n\[[^[]|$)/);
+		if (groups) for (const m of groups[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
 		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
 		let match = poetryRe.exec(content);
 		while (match !== null) {
@@ -2901,9 +2948,28 @@ const extractJsImports = (content) => {
 const extractPyImports = (content) => {
 	const lines = content.split("\n");
 	const results = [];
+	let inDoc = null;
+	let typeCheckIndent = -1;
 	for (let i = 0; i < lines.length; i++) {
-		const line = lines[i].trim();
-		if (line.startsWith("#")) continue;
+		const raw = lines[i];
+		const line = raw.trim();
+		if (inDoc) {
+			if (line.includes(inDoc)) inDoc = null;
+			continue;
+		}
+		if (line === "" || line.startsWith("#")) continue;
+		const triples = line.match(/"""|'''/g);
+		if (triples) {
+			if (triples.length % 2 === 1) inDoc = triples[triples.length - 1];
+			continue;
+		}
+		const indent = raw.length - raw.trimStart().length;
+		if (typeCheckIndent >= 0 && indent <= typeCheckIndent) typeCheckIndent = -1;
+		if (/^if\s+(?:[\w.]+\.)?TYPE_CHECKING\b/.test(line)) {
+			typeCheckIndent = indent;
+			continue;
+		}
+		if (typeCheckIndent >= 0) continue;
 		const fromMatch = line.match(/^from\s+([\w.]+)\s+import\b/);
 		if (fromMatch && !fromMatch[1].startsWith(".")) {
 			results.push({
@@ -2913,8 +2979,8 @@ const extractPyImports = (content) => {
 			continue;
 		}
 		const importMatch = line.match(/^import\s+([\w.,\s]+?)(?:\s+as\s+\w+)?\s*$/);
-		if (importMatch) for (const raw of importMatch[1].split(",")) {
-			const cleaned = raw.trim().split(/\s+as\s+/)[0];
+		if (importMatch) for (const part of importMatch[1].split(",")) {
+			const cleaned = part.trim().split(/\s+as\s+/)[0];
 			if (cleaned && !cleaned.startsWith(".")) results.push({
 				spec: cleaned,
 				line: i + 1
@@ -2971,6 +3037,7 @@ const detectHallucinatedImports = async (context) => {
 			continue;
 		}
 		const relPath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relPath)) continue;
 		const imports = isJs ? extractJsImports(content) : extractPyImports(content);
 		for (const { spec, line } of imports) {
 			const hallucinated = isJs ? checkJsImport(spec, manifest, tsAliasMatchers) : checkPyImport(spec, manifest);
@@ -3098,7 +3165,7 @@ const collectBlocks = (sourceLines, syntax) => {
 //#endregion
 //#region src/engines/ai-slop/meta-comment.ts
 const PLAN_REFERENCE_RES = [
-	/\b(?:stage|step|phase)\s+\d+\b(?!\s*[:.]?\s*(?:bytes|ms|seconds|of\s+\d))/i,
+	/^(?:stage|step|phase)\s+\d+\s*[:.\-–—]/i,
 	/\bstep\s+\d+\s+of\s+the\s+plan\b/i,
 	/\bas\s+(?:per|requested)\s+(?:the\s+)?(?:requirements?|spec|task|ticket|prompt|instructions?)\b/i,
 	/\bper\s+the\s+(?:spec|requirements?|task|ticket|plan|prompt|instructions?)\b/i,
@@ -3200,24 +3267,6 @@ const looksLikeLicenseHeader = (block) => {
 	const text = block.rawLines.join(" ").toLowerCase();
 	return text.includes("copyright") || text.includes("license") || text.includes("spdx-license-identifier");
 };
-const BARE_LABEL_RE = /^[A-Z][A-Za-z0-9 ]{1,28}$/;
-const isBareSectionLabel = (prose) => {
-	if (!BARE_LABEL_RE.test(prose)) return false;
-	if (prose.endsWith(".")) return false;
-	if (prose.split(/\s+/).length > 3) return false;
-	if (STEP_COMMENT_VERB_RE.test(prose)) return false;
-	return true;
-};
-const DATA_ENTRY_START = /^\s*(?:\{|\[|["'`]|\d|\w+:\s|case\s)/;
-const nextLineLooksLikeDataEntry = (nextLine) => {
-	if (nextLine === null) return false;
-	if (!DATA_ENTRY_START.test(nextLine)) return false;
-	const trimmed = nextLine.trim();
-	if (trimmed.startsWith("case ")) return true;
-	if (trimmed.startsWith("{") || trimmed.startsWith("[") || trimmed.startsWith("\"") || trimmed.startsWith("'") || trimmed.startsWith("`")) return true;
-	if (/^\w+\s*:/.test(trimmed)) return true;
-	return false;
-};
 const looksLikeSuppressDirective = (block) => block.rawLines.some((l) => /\b(biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(l));
 const GO_DECL_NAME_RE = /^(?:func|type|var|const)\s+(?:\([^)]*\)\s*)?(\w+)/;
 const GO_FIELD_LEAD_RE = /^(\w+)\s+/;
@@ -3306,10 +3355,6 @@ const detectNarrativeInBlock = (block, ext) => {
 		matched: true,
 		reason: "phase/section header"
 	};
-	if (block.kind === "line" && block.prose.length === 1 && isBareSectionLabel(block.prose[0]) && !nextLineLooksLikeDataEntry(block.nextNonBlankLine) && !looksLikeDeclarationPreamble(block.nextNonBlankLine, ext)) return {
-		matched: true,
-		reason: "bare section label"
-	};
 	const joined = block.prose.join(" ");
 	const hasWhyMarker = EXPLANATORY_WHY_MARKERS.test(joined);
 	if (hasWhyMarker || hasDocIndicator(block)) return {
@@ -3340,17 +3385,11 @@ const detectNarrativeInBlock = (block, ext) => {
 	};
 	const nonEmptyProseCount = block.prose.filter((l) => l.length > 0).length;
 	const isAboveDeclaration = looksLikeDeclarationPreamble(block.nextNonBlankLine, ext);
-	if (nonEmptyProseCount >= 5) {
-		if (isAboveDeclaration) return {
-			matched: false,
-			reason: ""
-		};
-		return {
-			matched: true,
-			reason: "long narrative block"
-		};
-	}
-	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration) return {
+	if (nonEmptyProseCount >= 5 && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
+		matched: true,
+		reason: "long narrative block"
+	};
+	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
 		matched: true,
 		reason: "multi-line narrative prose"
 	};
@@ -3792,7 +3831,14 @@ const JS_EXTS$1 = new Set([
 	".mjs",
 	".cjs"
 ]);
-const CATCH_HEAD_RE = /\bcatch\s*(?:\([^)]*\))?\s*\{/g;
+const CATCH_HEAD_RE = /\bcatch\s*(?:\(\s*([^)]*?)\s*\))?\s*\{/g;
+const isIdentifier = (s) => /^[A-Za-z_$][\w$]*$/.test(s);
+const recoveryDropsError = (binding, body) => {
+	const name = binding?.trim() ?? "";
+	if (name === "") return true;
+	if (!isIdentifier(name)) return false;
+	return !new RegExp(`\\b${name}\\b`).test(body);
+};
 const LOG_STATEMENT_RE = /^(?:console|[\w$]+(?:\.[\w$]+)*)\.(?:log|info|warn|warning|error|debug|trace)\s*\(/;
 const HANDLING_TOKEN_RE = /\b(?:throw|return|reject|next|process\.exit|continue|break)\b/;
 const stripBlockComments = (text) => text.replace(/\/\*[\s\S]*?\*\//g, "");
@@ -3842,14 +3888,15 @@ const detectJsSilentRecovery = (content, relPath) => {
 		const body = extractCatchBody(content, match.index + match[0].length - 1);
 		if (body === null) continue;
 		if (!isLogOnlyBody(body)) continue;
+		if (!recoveryDropsError(match[1], body)) continue;
 		const line = content.slice(0, match.index).split("\n").length;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "Catch only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: rethrow, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "Catch logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or rethrow / recover explicitly, so the failure stays diagnosable.",
 			line,
 			column: 0,
 			category: "AI Slop",
@@ -3859,6 +3906,7 @@ const detectJsSilentRecovery = (content, relPath) => {
 	return out;
 };
 const PY_EXCEPT_RE = /^(\s*)except\b[^\n]*:\s*(?:#.*)?$/;
+const PY_EXCEPT_BINDING_RE = /\bas\s+(\w+)\s*:/;
 const PY_LOG_STATEMENT_RE = /^(?:logging|logger|log|self\.log|self\.logger|print)(?:\.(?:debug|info|warning|warn|error|exception|critical))?\s*\(/;
 const PY_HANDLING_TOKEN_RE = /^(?:raise\b|return\b|continue\b|break\b|self\.|[\w.]+\s*=)/;
 const detectPySilentRecovery = (content, relPath) => {
@@ -3882,13 +3930,14 @@ const detectPySilentRecovery = (content, relPath) => {
 		const allLogs = bodyLines.every((line) => PY_LOG_STATEMENT_RE.test(line) || /^[\w"'(),.\s+:%{}[\]-]+$/.test(line));
 		const sawLog = bodyLines.some((line) => PY_LOG_STATEMENT_RE.test(line));
 		if (!allLogs || !sawLog) continue;
+		if (!recoveryDropsError(PY_EXCEPT_BINDING_RE.exec(lines[i])?.[1], bodyLines.join(" "))) continue;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "except only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: re-raise, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "except logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or re-raise / recover explicitly, so the failure stays diagnosable.",
 			line: i + 1,
 			column: 0,
 			category: "AI Slop",
@@ -3991,10 +4040,11 @@ const extractPyImportedSymbols = (lines) => {
 	const importLines = /* @__PURE__ */ new Set();
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
-		const fromMatch = trimmed.match(/^from\s+[\w.]+\s+import\s+(.+)/);
+		const fromMatch = trimmed.match(/^from\s+([\w.]+)\s+import\s+(.+)/);
 		if (fromMatch) {
 			importLines.add(i);
-			const importPart = fromMatch[1].replace(/#.*$/, "").trim();
+			if (fromMatch[1] === "__future__") continue;
+			const importPart = fromMatch[2].replace(/#.*$/, "").trim();
 			if (importPart === "*") continue;
 			const cleaned = importPart.replace(/[()]/g, "");
 			for (const item of cleaned.split(",")) {
@@ -7106,6 +7156,13 @@ const runEngines = async (context, enabledEngines, onStart, onComplete) => {
 //#endregion
 //#region src/scoring/index.ts
 const PERFECT_SCORE = 100;
+const STYLE_RULES = new Set([
+	"ai-slop/trivial-comment",
+	"ai-slop/narrative-comment",
+	"complexity/file-too-large",
+	"complexity/function-too-long"
+]);
+const STYLE_WEIGHT = .5;
 const getEffectiveFileCount = (diagnostics, sourceFileCount) => {
 	if (typeof sourceFileCount === "number" && sourceFileCount > 0) return sourceFileCount;
 	const filesWithDiagnostics = new Set(diagnostics.map((d) => d.filePath)).size;
@@ -7120,7 +7177,8 @@ const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoot
 	for (const d of diagnostics) {
 		const engineWeight = weights[d.engine] ?? 1;
 		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
-		deductions += severityPenalty * engineWeight;
+		const styleFactor = STYLE_RULES.has(d.rule) ? STYLE_WEIGHT : 1;
+		deductions += severityPenalty * engineWeight * styleFactor;
 	}
 	const effectiveFileCount = getEffectiveFileCount(diagnostics, sourceFileCount);
 	const smoothingConstant = typeof smoothing === "number" ? smoothing : 10;
@@ -8301,12 +8359,12 @@ const runScanBody = async (resolvedDir, config, options, projectInfo) => {
 		engineTimings
 	};
 	if (options.sarif) {
-		const { buildSarifLog } = await import("./sarif-Cneulb6L.js");
+		const { buildSarifLog } = await import("./sarif-BtSQ92c6.js");
 		console.log(JSON.stringify(buildSarifLog(results), null, 2));
 		return completion;
 	}
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-CZU3lEfE.js");
+		const { buildJsonOutput } = await import("./json-DaFOYHcf.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return completion;

package/dist/{json-CZU3lEfE.js → json-DaFOYHcf.js}

@@ -1,5 +1,5 @@
 import { t as ENGINE_INFO } from "./engine-info-DCvIfZ0f.js";
-import { t as APP_VERSION } from "./version-ls3wZmOU.js";
+import { t as APP_VERSION } from "./version-DYg_ShBx.js";
 
 //#region src/output/json.ts
 const buildJsonOutput = (results, scoreResult, fileCount, elapsedMs) => {

package/dist/mcp.js

@@ -538,14 +538,16 @@ const THIN_WRAPPER_PATTERNS = [
 const AI_NAMING_PATTERNS = [/(?:helper|util|handler|process|do|handle|execute|perform)_?\d+/i, /(?:data|temp|result|value|item|obj|arr|str|num|val)\d+/];
 const FRAMEWORK_METHOD_NAMES = /^(?:setUp|tearDown|setUpClass|tearDownClass|setUpModule|tearDownModule)$/;
 const DUNDER_PATTERN = /^__\w+__$/;
-const hasHardcodedArgs = (matchText) => {
-	const innerCallMatch = matchText.match(/=>\s*\w+\(([^)]*)\)\s*;?\s*$/);
-	if (!innerCallMatch) {
-		const returnCallMatch = matchText.match(/return\s+\w+\(([^)]*)\)\s*;?\s*\}/);
-		if (!returnCallMatch) return false;
-		return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(returnCallMatch[1]);
-	}
-	return /['"`]\w+['"`]|(?<!\w)\d+(?!\w)/.test(innerCallMatch[1]);
+const stripParam = (p) => p.trim().split(/[:=]/)[0].trim().replace(/^[*&]+/, "");
+const paramNames = (paramsText) => new Set(paramsText.split(",").map(stripParam).filter((p) => p && p !== "self" && p !== "cls"));
+const isIdentityForward = (matchText) => {
+	const paramsMatch = matchText.match(/\(([^)]*)\)/);
+	const innerMatch = matchText.match(/(?:return\s+\w+|=>\s*\w+)\s*\(([^)]*)\)/);
+	if (!paramsMatch || !innerMatch) return false;
+	const params = paramNames(paramsMatch[1]);
+	const args = innerMatch[1].split(",").map((a) => a.trim()).filter((a) => a.length > 0);
+	if (args.length === 0) return false;
+	return args.every((a) => /^[A-Za-z_$][\w$]*$/.test(a) && params.has(a));
 };
 const isUseContextWrapper = (matchText) => /\buse\w+/.test(matchText) && /useContext\s*\(/.test(matchText);
 const detectThinWrappers = (content, relativePath, ext) => {
@@ -565,7 +567,7 @@ const detectThinWrappers = (content, relativePath, ext) => {
 				const prevLine = lines[lineNumber - 2]?.trim();
 				if (prevLine && prevLine.startsWith("@")) continue;
 			}
-			if (hasHardcodedArgs(matchText)) continue;
+			if (!isIdentityForward(matchText)) continue;
 			if (isUseContextWrapper(matchText)) continue;
 			diagnostics.push({
 				filePath: relativePath,
@@ -650,8 +652,7 @@ const JUSTIFICATION_OPENERS = [
 	/^(?:First|Then|Finally|Next|Lastly|Subsequently),?\s+(?:it|we|the\s+(?:function|method|class))\b/i
 ];
 const EXPLANATORY_OPENERS = /^(Matches|Detects|Represents|Holds|Stores|Tracks|Handles|Manages|Controls|Contains|Captures|Encapsulates|Wraps|Describes)\s+[A-Za-z`'"]/;
-const STEP_COMMENT_VERB_RE = /^(?:Render|Enable|Disable|Initialize|Init|Setup|Set|Get|Fetch|Load|Save|Build|Create|Delete|Remove|Add|Update|Process|Execute|Run|Start|Stop|Clean|Cleanup|Configure|Validate|Check|Verify|Parse|Extract|Apply|Wait|Sleep|Skip|Allow|Deny|Lock|Unlock|Refresh|Reload|Reset|Clear|Send|Receive|Read|Write|Print|Log|Emit|Dispatch|Fire|Open|Close|Bind|Connect|Disconnect|Register|Unregister|Push|Pop|Insert|Append|Prepend|Sort|Filter|Find|Search|Replace|Encode|Decode|Convert|Transform|Map|Reduce|Iterate|Loop|Walk|Visit|Mark|Unmark|Toggle|Switch|Restart|Resume|Pause|Abort|Cancel|Compute|Calculate|Resolve|Reject|Ignore|Handle|Track|Trace|Increment|Decrement|Round|Truncate|Resize|Move|Copy|Clone|Merge|Split|Join|Wrap|Unwrap|Bump|Drain|Flush|Sync|Persist|Commit|Rollback|Yield|Return|Discard|Defer|Pin|Unpin|Mount|Unmount|Spawn|Kill|Restore)(?:\s|$)/;
-const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design)\b/i;
+const EXPLANATORY_WHY_MARKERS = /\b(?:because|since|otherwise|workaround|caveat|warning|important|assumes?|note:|bug|issue|see\s+(?:issue|above|below)|in\s+prod|in\s+production|breaks?\s+when|fails?\s+when|must\s+run|must\s+be|has\s+to\s+be|hack\s+for|fix\s+for|reason:|to\s+avoid|to\s+ensure|to\s+prevent|in\s+order\s+to|necessary|guarantee[sd]?|prevents?|regardless\s+of|required\s+(?:for|to|by)|for\s+example|e\.g\.|i\.e\.|useful\s+(?:for|when)|intended\s+to|on\s+purpose|by\s+design|ideally|however|although|even\s+though|despite|whereas|unfortunately|trade-?off|first\s+need)\b/i;
 const MEANINGFUL_JSDOC_TAGS = new Set([
 	"deprecated",
 	"see",
@@ -747,7 +748,7 @@ const PHP_DECL_START = /^\s*(?:(?:public|private|protected|static|final|abstract
 
 //#endregion
 //#region src/engines/ai-slop/non-production-paths.ts
-const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
+const DIR_PATTERN = /(?:^|\/)(?:scripts|bin|examples?|demos?|docs?|bench|benches|benchmarks?|fixtures?|__fixtures__|__mocks__|__tests__|vendor|_vendor|vendored|third_party|blib2to3|lib2to3|cli|cli-[\w-]+|[\w-]+-cli)\//i;
 const BASENAME_PATTERN = /(?:^|\/)(?:benchmark|bench|demo|example|script|seed|migrate|profile|smoke|stress|load|debug|repro)[-_.][^/]*\.[mc]?[jt]sx?$|(?:^|\/)[^/]+[-_](?:benchmark|bench|demo|example)\.[mc]?[jt]sx?$/i;
 const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) || BASENAME_PATTERN.test(relativePath);
 
@@ -756,7 +757,7 @@ const isNonProductionPath = (relativePath) => DIR_PATTERN.test(relativePath) ||
 const TRIVIAL_VERB_STEMS = "Import|Defin|Initializ|Setting|Set\\s+up|Setup|Return|Check|Loop|Iterat|Creat|Updat|Delet|Remov|Handl|Get|Fetch|Increment|Decrement|Writ|Runn|Run|Pars|Execut|Extract|Sav|Load|Build|Start|Stopp|Stop|Clean(?:up|\\s+up)?|Configur|Validat|Process|Queue|Fire|Emit|Dispatch|Log|Print|Render";
 const TRIVIAL_JS_COMMENT_PATTERNS = [/\/\/\s*This (?:function|method|class|variable|constant) (?:will |is used to |is responsible for )?/i, new RegExp(`\\/\\/\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
 const TRIVIAL_PYTHON_COMMENT_PATTERNS = [/^#\s*This (?:function|method|class) (?:will |is used to )?/i, new RegExp(`^#\\s*(?:${TRIVIAL_VERB_STEMS})(?:e|es|ing|s)?\\b`, "i")];
-const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?)\b/i;
+const EXPLANATORY_KEYWORDS = /\b(?:because|since|note|todo|fixme|hack|warn|warning|workaround|caveat|important|assumes?|if|when|unless|until|only|except|otherwise|needs?|must|should|ensure|avoid|prevent|requires?)\b/i;
 const COMMENTED_CODE_CHARS = /[({=;}\]>]/;
 const MAX_TRIVIAL_COMMENT_LENGTH = 60;
 const isJsComment = (trimmed) => trimmed.startsWith("//") && !trimmed.startsWith("///") && !trimmed.startsWith("//!");
@@ -905,6 +906,7 @@ const TODO_PATTERN = new RegExp(`\\b(?:${[
 	"PLACEHOLDER",
 	"STUB"
 ].join("|")})[:\\s]`);
+const TODO_TRACKING_RE = /https?:\/\/|#\d+|\bgh-\d+\b|\b[A-Z][A-Z0-9]+-\d+\b|\b(?:issue|ticket|jira)\b/i;
 const isBlockCloserAfterReturn = (line) => line.startsWith("}") || line.startsWith("};") || line.startsWith("),") || line.startsWith(");") || line.startsWith("],") || line.startsWith("]);");
 const isGuardedSingleLineExit = (lines, lineIndex) => {
 	const contextLines = [];
@@ -924,7 +926,10 @@ const detectTodoStubs = (content, relativePath) => {
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
 		if (!trimmed.startsWith("//") && !trimmed.startsWith("#") && !trimmed.startsWith("*") && !trimmed.startsWith("/*")) continue;
-		if (TODO_PATTERN.test(trimmed)) diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		if (TODO_PATTERN.test(trimmed)) {
+			if (TODO_TRACKING_RE.test(trimmed)) continue;
+			diagnostics.push(slop(relativePath, i + 1, "ai-slop/todo-stub", "info", "Unresolved TODO/FIXME/HACK comment indicates incomplete code", "Resolve the TODO or create a tracked issue for it", false));
+		}
 	}
 	return diagnostics;
 };
@@ -1438,11 +1443,42 @@ const DOC_URL_CONTEXT_RE = /\b(?:docs?|documentation|homepage|repository|bugs|li
 const URL_CONFIG_CONTEXT_RE = /\b(?:api|base[_-]?url|baseUrl|endpoint|host|origin|webhook|callback|redirect|server|service|domain|url)\b/i;
 const ENVIRONMENT_HOST_RE = /(?:^|[.-])(?:api|app|admin|auth|staging|stage|prod|dev|sandbox|webhook|internal)(?:[.-]|$)|^(?:localhost|127\.0\.0\.1|0\.0\.0\.0)$/i;
 const ID_CONTEXT_RE = /(?:^|[^A-Za-z0-9])(?:api[_-]?key|client[_-]?id|project[_-]?id|org(?:anization)?[_-]?id|workspace[_-]?id|tenant[_-]?id|price[_-]?id|product[_-]?id|customer[_-]?id|subscription[_-]?id|account[_-]?id|app[_-]?id|key|token|secret)(?:$|[^A-Za-z0-9])/i;
+const MIGRATION_PATH_RE$1 = /(?:^|[\\/])(?:migrations?|db[\\/]migrate)[\\/]/i;
 const PLACEHOLDER_HOSTS = new Set([
 	"example.com",
 	"example.org",
 	"example.net"
 ]);
+const LOOPBACK_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"0.0.0.0",
+	"::1"
+]);
+const VENDOR_API_DOMAINS = [
+	"github.com",
+	"githubusercontent.com",
+	"googleapis.com",
+	"accounts.google.com",
+	"stripe.com",
+	"openai.com",
+	"anthropic.com",
+	"slack.com",
+	"twilio.com",
+	"sendgrid.com",
+	"mailgun.net",
+	"cloudflare.com",
+	"discord.com",
+	"telegram.org",
+	"login.microsoftonline.com",
+	"graph.microsoft.com",
+	"twitter.com",
+	"x.com",
+	"twimg.com",
+	"t.co",
+	"api.telegram.org"
+];
+const isVendorApiHost = (host) => VENDOR_API_DOMAINS.some((d) => host === d || host.endsWith(`.${d}`));
 const PLACEHOLDER_ID_RE = /^(?:changeme|replace[_-]?me|your[_-]|example|placeholder|todo)/i;
 const HARDCODED_URL_FINDING = {
 	rule: "ai-slop/hardcoded-url",
@@ -1486,14 +1522,18 @@ const shouldFlagUrlLiteral = (line, urlText) => {
 	const host = safeUrlHost(urlText);
 	if (!host) return false;
 	if (PLACEHOLDER_HOSTS.has(host)) return false;
+	if (LOOPBACK_HOSTS.has(host)) return false;
+	if (isVendorApiHost(host)) return false;
 	if (DOC_URL_CONTEXT_RE.test(line) && !ENVIRONMENT_HOST_RE.test(host)) return false;
 	return URL_CONFIG_CONTEXT_RE.test(line) || ENVIRONMENT_HOST_RE.test(host);
 };
+const ENV_VAR_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
 const hasUsefulIdShape = (value) => {
 	if (PLACEHOLDER_ID_RE.test(value)) return false;
+	if (ENV_VAR_NAME_RE.test(value)) return false;
 	if (/^https?:\/\//i.test(value)) return false;
 	if (/^[A-Za-z]+$/.test(value)) return false;
-	return /[0-9_-]/.test(value);
+	return /[0-9]/.test(value);
 };
 const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 	const diagnostics = [];
@@ -1520,6 +1560,7 @@ const scanLineForConfigLiterals = (line, relativePath, ext, lineNumber) => {
 const scanFileForConfigLiterals = (content, relativePath, ext) => {
 	if (!SOURCE_EXTENSIONS.has(ext)) return [];
 	if (isNonProductionPath(relativePath)) return [];
+	if (MIGRATION_PATH_RE$1.test(relativePath)) return [];
 	return content.split("\n").flatMap((line, index) => scanLineForConfigLiterals(line, relativePath, ext, index + 1));
 };
 const detectHardcodedConfigLiterals = async (context) => {
@@ -1667,7 +1708,9 @@ const PYTHON_STDLIB = new Set([
 	"builtins",
 	"bz2",
 	"calendar",
+	"code",
 	"codecs",
+	"codeop",
 	"collections",
 	"concurrent",
 	"configparser",
@@ -1740,6 +1783,7 @@ const PYTHON_STDLIB = new Set([
 	"readline",
 	"reprlib",
 	"resource",
+	"rlcompleter",
 	"secrets",
 	"select",
 	"selectors",
@@ -1838,6 +1882,7 @@ const PYTHON_IMPORT_TO_PIP = {
 	pptx: ["python-pptx"],
 	git: ["gitpython"],
 	socks: ["pysocks"],
+	psycopg2: ["psycopg2-binary", "psycopg2"],
 	redis: ["redis"],
 	cairo: ["pycairo"],
 	serial: ["pyserial"],
@@ -1927,6 +1972,8 @@ const collectFromPyproject = (rootDir, pyDeps) => {
 		}
 		const extras = content.match(/\[project\.optional-dependencies\]([\s\S]*?)(?=\n\[|$)/);
 		if (extras) for (const m of extras[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
+		const groups = content.match(/\[dependency-groups\]([\s\S]*?)(?=\n\[[^[]|$)/);
+		if (groups) for (const m of groups[1].matchAll(/["']\s*([a-zA-Z][a-zA-Z0-9_\-.]+)/g)) addPyDep(pyDeps, m[1]);
 		const poetryRe = /\[tool\.poetry(?:\.group\.[a-z]+)?\.dependencies\]([\s\S]*?)(?=\n\[|$)/g;
 		let match = poetryRe.exec(content);
 		while (match !== null) {
@@ -2159,9 +2206,28 @@ const extractJsImports = (content) => {
 const extractPyImports = (content) => {
 	const lines = content.split("\n");
 	const results = [];
+	let inDoc = null;
+	let typeCheckIndent = -1;
 	for (let i = 0; i < lines.length; i++) {
-		const line = lines[i].trim();
-		if (line.startsWith("#")) continue;
+		const raw = lines[i];
+		const line = raw.trim();
+		if (inDoc) {
+			if (line.includes(inDoc)) inDoc = null;
+			continue;
+		}
+		if (line === "" || line.startsWith("#")) continue;
+		const triples = line.match(/"""|'''/g);
+		if (triples) {
+			if (triples.length % 2 === 1) inDoc = triples[triples.length - 1];
+			continue;
+		}
+		const indent = raw.length - raw.trimStart().length;
+		if (typeCheckIndent >= 0 && indent <= typeCheckIndent) typeCheckIndent = -1;
+		if (/^if\s+(?:[\w.]+\.)?TYPE_CHECKING\b/.test(line)) {
+			typeCheckIndent = indent;
+			continue;
+		}
+		if (typeCheckIndent >= 0) continue;
 		const fromMatch = line.match(/^from\s+([\w.]+)\s+import\b/);
 		if (fromMatch && !fromMatch[1].startsWith(".")) {
 			results.push({
@@ -2171,8 +2237,8 @@ const extractPyImports = (content) => {
 			continue;
 		}
 		const importMatch = line.match(/^import\s+([\w.,\s]+?)(?:\s+as\s+\w+)?\s*$/);
-		if (importMatch) for (const raw of importMatch[1].split(",")) {
-			const cleaned = raw.trim().split(/\s+as\s+/)[0];
+		if (importMatch) for (const part of importMatch[1].split(",")) {
+			const cleaned = part.trim().split(/\s+as\s+/)[0];
 			if (cleaned && !cleaned.startsWith(".")) results.push({
 				spec: cleaned,
 				line: i + 1
@@ -2229,6 +2295,7 @@ const detectHallucinatedImports = async (context) => {
 			continue;
 		}
 		const relPath = path.relative(context.rootDirectory, filePath);
+		if (isNonProductionPath(relPath)) continue;
 		const imports = isJs ? extractJsImports(content) : extractPyImports(content);
 		for (const { spec, line } of imports) {
 			const hallucinated = isJs ? checkJsImport(spec, manifest, tsAliasMatchers) : checkPyImport(spec, manifest);
@@ -2356,7 +2423,7 @@ const collectBlocks = (sourceLines, syntax) => {
 //#endregion
 //#region src/engines/ai-slop/meta-comment.ts
 const PLAN_REFERENCE_RES = [
-	/\b(?:stage|step|phase)\s+\d+\b(?!\s*[:.]?\s*(?:bytes|ms|seconds|of\s+\d))/i,
+	/^(?:stage|step|phase)\s+\d+\s*[:.\-–—]/i,
 	/\bstep\s+\d+\s+of\s+the\s+plan\b/i,
 	/\bas\s+(?:per|requested)\s+(?:the\s+)?(?:requirements?|spec|task|ticket|prompt|instructions?)\b/i,
 	/\bper\s+the\s+(?:spec|requirements?|task|ticket|plan|prompt|instructions?)\b/i,
@@ -2458,24 +2525,6 @@ const looksLikeLicenseHeader = (block) => {
 	const text = block.rawLines.join(" ").toLowerCase();
 	return text.includes("copyright") || text.includes("license") || text.includes("spdx-license-identifier");
 };
-const BARE_LABEL_RE = /^[A-Z][A-Za-z0-9 ]{1,28}$/;
-const isBareSectionLabel = (prose) => {
-	if (!BARE_LABEL_RE.test(prose)) return false;
-	if (prose.endsWith(".")) return false;
-	if (prose.split(/\s+/).length > 3) return false;
-	if (STEP_COMMENT_VERB_RE.test(prose)) return false;
-	return true;
-};
-const DATA_ENTRY_START = /^\s*(?:\{|\[|["'`]|\d|\w+:\s|case\s)/;
-const nextLineLooksLikeDataEntry = (nextLine) => {
-	if (nextLine === null) return false;
-	if (!DATA_ENTRY_START.test(nextLine)) return false;
-	const trimmed = nextLine.trim();
-	if (trimmed.startsWith("case ")) return true;
-	if (trimmed.startsWith("{") || trimmed.startsWith("[") || trimmed.startsWith("\"") || trimmed.startsWith("'") || trimmed.startsWith("`")) return true;
-	if (/^\w+\s*:/.test(trimmed)) return true;
-	return false;
-};
 const looksLikeSuppressDirective = (block) => block.rawLines.some((l) => /\b(biome-ignore|eslint-disable|ts-ignore|ts-expect-error|@ts-\w+|noqa|pylint:\s*disable|rubocop:disable|noinspection|phpcs:disable)\b/.test(l));
 const GO_DECL_NAME_RE = /^(?:func|type|var|const)\s+(?:\([^)]*\)\s*)?(\w+)/;
 const GO_FIELD_LEAD_RE = /^(\w+)\s+/;
@@ -2564,10 +2613,6 @@ const detectNarrativeInBlock = (block, ext) => {
 		matched: true,
 		reason: "phase/section header"
 	};
-	if (block.kind === "line" && block.prose.length === 1 && isBareSectionLabel(block.prose[0]) && !nextLineLooksLikeDataEntry(block.nextNonBlankLine) && !looksLikeDeclarationPreamble(block.nextNonBlankLine, ext)) return {
-		matched: true,
-		reason: "bare section label"
-	};
 	const joined = block.prose.join(" ");
 	const hasWhyMarker = EXPLANATORY_WHY_MARKERS.test(joined);
 	if (hasWhyMarker || hasDocIndicator(block)) return {
@@ -2598,17 +2643,11 @@ const detectNarrativeInBlock = (block, ext) => {
 	};
 	const nonEmptyProseCount = block.prose.filter((l) => l.length > 0).length;
 	const isAboveDeclaration = looksLikeDeclarationPreamble(block.nextNonBlankLine, ext);
-	if (nonEmptyProseCount >= 5) {
-		if (isAboveDeclaration) return {
-			matched: false,
-			reason: ""
-		};
-		return {
-			matched: true,
-			reason: "long narrative block"
-		};
-	}
-	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration) return {
+	if (nonEmptyProseCount >= 5 && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
+		matched: true,
+		reason: "long narrative block"
+	};
+	if (nonEmptyProseCount >= 3 && !hasWhyMarker && block.kind === "line" && !isAboveDeclaration && hasPreambleSlopSignal(block)) return {
 		matched: true,
 		reason: "multi-line narrative prose"
 	};
@@ -3050,7 +3089,14 @@ const JS_EXTS$1 = new Set([
 	".mjs",
 	".cjs"
 ]);
-const CATCH_HEAD_RE = /\bcatch\s*(?:\([^)]*\))?\s*\{/g;
+const CATCH_HEAD_RE = /\bcatch\s*(?:\(\s*([^)]*?)\s*\))?\s*\{/g;
+const isIdentifier = (s) => /^[A-Za-z_$][\w$]*$/.test(s);
+const recoveryDropsError = (binding, body) => {
+	const name = binding?.trim() ?? "";
+	if (name === "") return true;
+	if (!isIdentifier(name)) return false;
+	return !new RegExp(`\\b${name}\\b`).test(body);
+};
 const LOG_STATEMENT_RE = /^(?:console|[\w$]+(?:\.[\w$]+)*)\.(?:log|info|warn|warning|error|debug|trace)\s*\(/;
 const HANDLING_TOKEN_RE = /\b(?:throw|return|reject|next|process\.exit|continue|break)\b/;
 const stripBlockComments = (text) => text.replace(/\/\*[\s\S]*?\*\//g, "");
@@ -3100,14 +3146,15 @@ const detectJsSilentRecovery = (content, relPath) => {
 		const body = extractCatchBody(content, match.index + match[0].length - 1);
 		if (body === null) continue;
 		if (!isLogOnlyBody(body)) continue;
+		if (!recoveryDropsError(match[1], body)) continue;
 		const line = content.slice(0, match.index).split("\n").length;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "Catch only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: rethrow, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "Catch logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or rethrow / recover explicitly, so the failure stays diagnosable.",
 			line,
 			column: 0,
 			category: "AI Slop",
@@ -3117,6 +3164,7 @@ const detectJsSilentRecovery = (content, relPath) => {
 	return out;
 };
 const PY_EXCEPT_RE = /^(\s*)except\b[^\n]*:\s*(?:#.*)?$/;
+const PY_EXCEPT_BINDING_RE = /\bas\s+(\w+)\s*:/;
 const PY_LOG_STATEMENT_RE = /^(?:logging|logger|log|self\.log|self\.logger|print)(?:\.(?:debug|info|warning|warn|error|exception|critical))?\s*\(/;
 const PY_HANDLING_TOKEN_RE = /^(?:raise\b|return\b|continue\b|break\b|self\.|[\w.]+\s*=)/;
 const detectPySilentRecovery = (content, relPath) => {
@@ -3140,13 +3188,14 @@ const detectPySilentRecovery = (content, relPath) => {
 		const allLogs = bodyLines.every((line) => PY_LOG_STATEMENT_RE.test(line) || /^[\w"'(),.\s+:%{}[\]-]+$/.test(line));
 		const sawLog = bodyLines.some((line) => PY_LOG_STATEMENT_RE.test(line));
 		if (!allLogs || !sawLog) continue;
+		if (!recoveryDropsError(PY_EXCEPT_BINDING_RE.exec(lines[i])?.[1], bodyLines.join(" "))) continue;
 		out.push({
 			filePath: relPath,
 			engine: "ai-slop",
 			rule: "ai-slop/silent-recovery",
 			severity: "warning",
-			message: "except only logs then continues, leaving execution in a possibly broken state",
-			help: "Handle the error: re-raise, return an error value, or recover explicitly. Logging alone lets the program proceed as if nothing failed.",
+			message: "except logs without the caught error then continues; the failure cause is lost",
+			help: "Include the caught error in the log, or re-raise / recover explicitly, so the failure stays diagnosable.",
 			line: i + 1,
 			column: 0,
 			category: "AI Slop",
@@ -3248,10 +3297,11 @@ const extractPyImportedSymbols = (lines) => {
 	const importLines = /* @__PURE__ */ new Set();
 	for (let i = 0; i < lines.length; i++) {
 		const trimmed = lines[i].trim();
-		const fromMatch = trimmed.match(/^from\s+[\w.]+\s+import\s+(.+)/);
+		const fromMatch = trimmed.match(/^from\s+([\w.]+)\s+import\s+(.+)/);
 		if (fromMatch) {
 			importLines.add(i);
-			const importPart = fromMatch[1].replace(/#.*$/, "").trim();
+			if (fromMatch[1] === "__future__") continue;
+			const importPart = fromMatch[2].replace(/#.*$/, "").trim();
 			if (importPart === "*") continue;
 			const cleaned = importPart.replace(/[()]/g, "");
 			for (const item of cleaned.split(",")) {
@@ -6075,6 +6125,13 @@ const runEngines = async (context, enabledEngines, onStart, onComplete) => {
 //#endregion
 //#region src/scoring/index.ts
 const PERFECT_SCORE = 100;
+const STYLE_RULES = new Set([
+	"ai-slop/trivial-comment",
+	"ai-slop/narrative-comment",
+	"complexity/file-too-large",
+	"complexity/function-too-long"
+]);
+const STYLE_WEIGHT = .5;
 const getEffectiveFileCount = (diagnostics, sourceFileCount) => {
 	if (typeof sourceFileCount === "number" && sourceFileCount > 0) return sourceFileCount;
 	const filesWithDiagnostics = new Set(diagnostics.map((d) => d.filePath)).size;
@@ -6089,7 +6146,8 @@ const calculateScore = (diagnostics, weights, thresholds, sourceFileCount, smoot
 	for (const d of diagnostics) {
 		const engineWeight = weights[d.engine] ?? 1;
 		const severityPenalty = d.severity === "error" ? 3 : d.severity === "warning" ? 1 : .25;
-		deductions += severityPenalty * engineWeight;
+		const styleFactor = STYLE_RULES.has(d.rule) ? STYLE_WEIGHT : 1;
+		deductions += severityPenalty * engineWeight * styleFactor;
 	}
 	const effectiveFileCount = getEffectiveFileCount(diagnostics, sourceFileCount);
 	const smoothingConstant = typeof smoothing === "number" ? smoothing : 10;
@@ -6456,7 +6514,7 @@ const handleAislopBaseline = (input) => {
 
 //#endregion
 //#region src/version.ts
-const APP_VERSION = "0.9.5";
+const APP_VERSION = "0.10.0";
 
 //#endregion
 //#region src/telemetry/env.ts

package/dist/{sarif-Cneulb6L.js → sarif-BtSQ92c6.js}

@@ -1,4 +1,4 @@
-import { t as APP_VERSION } from "./version-ls3wZmOU.js";
+import { t as APP_VERSION } from "./version-DYg_ShBx.js";
 import path from "node:path";
 
 //#region src/output/sarif.ts

package/dist/version-DYg_ShBx.js

@@ -0,0 +1,5 @@
+//#region src/version.ts
+const APP_VERSION = "0.10.0";
+
+//#endregion
+export { APP_VERSION as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aislop",
-  "version": "0.9.5",
+  "version": "0.10.0",
   "description": "Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 40+ rules across 7 languages (TS/JS, Python, Go, Rust, Ruby, PHP, Java). Sub-second, deterministic, no LLM at runtime. MIT-licensed.",
   "type": "module",
   "bin": {

package/dist/version-ls3wZmOU.js

@@ -1,5 +0,0 @@
-//#region src/version.ts
-const APP_VERSION = "0.9.5";
-
-//#endregion
-export { APP_VERSION as t };