autonomous-coding-toolkit 1.0.0

package/scripts/module-size-check.sh

@@ -0,0 +1,146 @@
+#!/usr/bin/env bash
+# module-size-check.sh — Enforce module size limits across the toolkit
+#
+# Usage:
+#   module-size-check.sh [options] [path...]
+#
+# Options:
+#   --max-lines N      Maximum allowed lines per file (default: 300)
+#   --exclude PATTERN  Glob pattern to exclude (repeatable)
+#   --json             Output as JSON (for quality-gate integration)
+#   --fix-suggestions  Include suggested split strategies in output
+#   --warn-at N        Warn (don't fail) for files between warn-at and max-lines
+#   --project-root DIR Project root (default: git root or cwd)
+#
+# If no paths given, scans scripts/**/*.sh (excluding tests/).
+#
+# Exit codes:
+#   0 — all files within limit
+#   1 — one or more files exceed limit
+#   2 — usage error
+set -euo pipefail
+
+MAX_LINES=300
+WARN_AT=250
+EXCLUDES=()
+JSON=false
+FIX_SUGGESTIONS=false
+PROJECT_ROOT=""
+PATHS=()
+
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        --max-lines) MAX_LINES="$2"; shift 2 ;;
+        --exclude) EXCLUDES+=("$2"); shift 2 ;;
+        --json) JSON=true; shift ;;
+        --fix-suggestions) FIX_SUGGESTIONS=true; shift ;;
+        --warn-at) WARN_AT="$2"; shift 2 ;;
+        --project-root) PROJECT_ROOT="$2"; shift 2 ;;
+        --help|-h)
+            head -20 "$0" | tail -18
+            exit 0
+            ;;
+        -*) echo "Unknown option: $1" >&2; exit 2 ;;
+        *) PATHS+=("$1"); shift ;;
+    esac
+done
+
+# Resolve project root
+if [[ -z "$PROJECT_ROOT" ]]; then
+    PROJECT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
+fi
+
+# Default scan paths
+if [[ ${#PATHS[@]} -eq 0 ]]; then
+    PATHS=("$PROJECT_ROOT/scripts")
+fi
+
+# Collect files
+files=()
+for path in "${PATHS[@]}"; do
+    if [[ -f "$path" ]]; then
+        files+=("$path")
+    elif [[ -d "$path" ]]; then
+        while IFS= read -r f; do
+            files+=("$f")
+        done < <(find "$path" -name '*.sh' -not -path '*/tests/*' -not -path '*/.git/*' | sort)
+    fi
+done
+
+# Apply excludes
+if [[ ${#EXCLUDES[@]} -gt 0 ]]; then
+    filtered=()
+    for f in "${files[@]}"; do
+        skip=false
+        for pattern in "${EXCLUDES[@]}"; do
+            if [[ "$f" == *"$pattern"* ]]; then
+                skip=true
+                break
+            fi
+        done
+        [[ "$skip" == false ]] && filtered+=("$f")
+    done
+    files=("${filtered[@]}")
+fi
+
+# Check each file
+violations=0
+warnings=0
+json_entries=()
+
+for file in "${files[@]}"; do
+    lines=$(wc -l < "$file")
+    rel_path="${file#"$PROJECT_ROOT/"}"
+
+    if [[ $lines -gt $MAX_LINES ]]; then
+        violations=$((violations + 1))
+        over=$((lines - MAX_LINES))
+
+        if [[ "$JSON" == true ]]; then
+            json_entries+=("{\"file\":\"$rel_path\",\"lines\":$lines,\"limit\":$MAX_LINES,\"over\":$over,\"severity\":\"error\"}")
+        else
+            echo "ERROR: $rel_path: $lines lines (limit: $MAX_LINES, over by $over)"
+            if [[ "$FIX_SUGGESTIONS" == true ]]; then
+                # Count functions as a rough split indicator
+                func_count=$(grep -cE '^[a-zA-Z_][a-zA-Z_0-9]*\(\)\s*\{' "$file" 2>/dev/null || echo "0")
+                if [[ $func_count -gt 1 ]]; then
+                    echo "  Suggestion: $func_count functions detected — extract into separate lib modules"
+                else
+                    echo "  Suggestion: look for inline blocks (loops, conditionals) that can become functions"
+                fi
+            fi
+        fi
+    elif [[ $lines -gt $WARN_AT ]]; then
+        warnings=$((warnings + 1))
+        if [[ "$JSON" == true ]]; then
+            json_entries+=("{\"file\":\"$rel_path\",\"lines\":$lines,\"limit\":$MAX_LINES,\"severity\":\"warning\"}")
+        else
+            echo "WARNING: $rel_path: $lines lines (approaching limit of $MAX_LINES)"
+        fi
+    fi
+done
+
+# Output
+if [[ "$JSON" == true ]]; then
+    echo "["
+    for ((i = 0; i < ${#json_entries[@]}; i++)); do
+        if [[ $i -lt $((${#json_entries[@]} - 1)) ]]; then
+            echo "  ${json_entries[$i]},"
+        else
+            echo "  ${json_entries[$i]}"
+        fi
+    done
+    echo "]"
+fi
+
+# Summary
+total=${#files[@]}
+if [[ "$JSON" != true ]]; then
+    echo ""
+    echo "Scanned $total files: $violations errors, $warnings warnings (limit: $MAX_LINES, warn: $WARN_AT)"
+fi
+
+if [[ $violations -gt 0 ]]; then
+    exit 1
+fi
+exit 0

package/scripts/patterns/async-no-await.yml

@@ -0,0 +1,5 @@
+id: async-no-await
+message: "async def with no await in body — remove async keyword or add await"
+severity: warning
+language: python
+note: "Requires whole-function analysis — this is a simplified pattern"

package/scripts/patterns/bare-except.yml

@@ -0,0 +1,6 @@
+id: bare-except
+message: "Bare except clause swallows all exceptions — catch a specific exception class"
+severity: error
+language: python
+rule:
+  pattern: "except: $$$BODY"

package/scripts/patterns/empty-catch.yml

@@ -0,0 +1,6 @@
+id: empty-catch
+message: "Empty catch block silently swallows errors — add logging"
+severity: warning
+language: javascript
+rule:
+  pattern: "catch ($ERR) {}"

package/scripts/patterns/hardcoded-localhost.yml

@@ -0,0 +1,9 @@
+id: hardcoded-localhost
+message: "Hardcoded localhost URL — use environment variable or configuration for host/port"
+severity: warning
+language: python
+rule:
+  any:
+    - pattern: '"http://localhost:$PORT$REST"'
+    - pattern: '"http://127.0.0.1:$PORT$REST"'
+note: "Hardcoded URLs break in containers, CI, and multi-host deployments"

package/scripts/patterns/retry-loop-no-backoff.yml

@@ -0,0 +1,12 @@
+id: retry-loop-no-backoff
+message: "Retry loop without backoff — add exponential backoff or sleep between retries"
+severity: warning
+language: python
+rule:
+  pattern: |
+    for $_ in range($RETRIES):
+      try:
+        $$$BODY
+      except $EXC:
+        $$$HANDLER
+note: "Tight retry loops without backoff can DDoS external services and hide transient failures"

package/scripts/pipeline-status.sh

@@ -0,0 +1,197 @@
+#!/usr/bin/env bash
+# pipeline-status.sh — Single-command view of Code Factory pipeline status
+#
+# Usage: pipeline-status.sh [--help] [--show-costs] [project-root]
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" && pwd)"
+source "$SCRIPT_DIR/lib/common.sh"
+
+SHOW_COSTS=false
+PROJECT_ROOT=""
+
+# Parse arguments
+for arg in "$@"; do
+    case "$arg" in
+        --help|-h)
+            echo "pipeline-status.sh — Show Code Factory pipeline status"
+            echo "Usage: pipeline-status.sh [--show-costs] [project-root]"
+            echo ""
+            echo "Options:"
+            echo "  --show-costs    Show per-batch cost breakdown from state file"
+            exit 0
+            ;;
+        --show-costs)
+            SHOW_COSTS=true
+            ;;
+        *)
+            PROJECT_ROOT="$arg"
+            ;;
+    esac
+done
+
+PROJECT_ROOT="${PROJECT_ROOT:-.}"
+
+echo "═══════════════════════════════════════════════"
+echo "  Code Factory Pipeline Status"
+echo "═══════════════════════════════════════════════"
+echo "Project: $(basename "$(realpath "$PROJECT_ROOT")")"
+echo "Type:    $(detect_project_type "$PROJECT_ROOT")"
+echo ""
+
+# Run-plan state
+STATE_FILE="$PROJECT_ROOT/.run-plan-state.json"
+if [[ -f "$STATE_FILE" ]]; then
+    echo "--- Run Plan ---"
+    plan=$(jq -r '.plan_file // "unknown"' "$STATE_FILE")
+    mode=$(jq -r '.mode // "unknown"' "$STATE_FILE")
+    current=$(jq -r '.current_batch // 0' "$STATE_FILE")
+    completed=$(jq -r '.completed_batches | length' "$STATE_FILE")
+    started=$(jq -r '.started_at // "unknown"' "$STATE_FILE")
+    echo "  Plan:      $(basename "$plan")"
+    echo "  Mode:      $mode"
+    echo "  Progress:  $completed batches completed (current: $current)"
+    echo "  Started:   $started"
+
+    # Last quality gate
+    gate_passed=$(jq -r '.last_quality_gate.passed // "n/a"' "$STATE_FILE")
+    gate_tests=$(jq -r '.last_quality_gate.test_count // "n/a"' "$STATE_FILE")
+    echo "  Last gate: passed=$gate_passed, tests=$gate_tests"
+
+    # Cost summary: total from state file costs map (if present)
+    # Fix #70: .costs values may be objects (from record_batch_cost) or plain numbers/strings (legacy).
+    # Try .estimated_cost_usd first, then tonumber for backward compat.
+    total_cost=$(jq -r '
+        if .costs then
+            (.costs | to_entries | map(
+                if .value | type == "object" then (.value.estimated_cost_usd // 0)
+                else (.value | tonumber? // 0) end
+            ) | add // 0)
+        else 0 end
+    ' "$STATE_FILE" 2>/dev/null || echo "0")
+    if [[ "$total_cost" != "0" && "$total_cost" != "null" && -n "$total_cost" ]]; then
+        echo "  Total cost: \$$total_cost"
+    fi
+    echo ""
+else
+    echo "--- Run Plan ---"
+    echo "  No active run-plan state found"
+    echo ""
+fi
+
+# PRD status
+if [[ -f "$PROJECT_ROOT/tasks/prd.json" ]]; then
+    echo "--- PRD ---"
+    total=$(jq 'length' "$PROJECT_ROOT/tasks/prd.json")
+    passing=$(jq '[.[] | select(.passes == true)] | length' "$PROJECT_ROOT/tasks/prd.json")
+    echo "  Tasks: $passing/$total passing"
+    echo ""
+else
+    echo "--- PRD ---"
+    echo "  No PRD found (tasks/prd.json)"
+    echo ""
+fi
+
+# MAB status
+PERF_FILE="$PROJECT_ROOT/logs/strategy-perf.json"
+LESSONS_FILE="$PROJECT_ROOT/logs/mab-lessons.json"
+if [[ -f "$PERF_FILE" ]]; then
+    echo "--- MAB (Multi-Armed Bandit) ---"
+    cal_count=$(jq -r '.calibration_count // 0' "$PERF_FILE" 2>/dev/null)
+    cal_complete=$(jq -r '.calibration_complete // false' "$PERF_FILE" 2>/dev/null)
+    echo "  Calibration: $cal_count/10 (complete: $cal_complete)"
+
+    # Per-type win rates
+    for bt in "new-file" "refactoring" "integration" "test-only"; do
+        sp_w=$(jq -r --arg bt "$bt" '.[$bt].superpowers.wins // 0' "$PERF_FILE" 2>/dev/null)
+        sp_l=$(jq -r --arg bt "$bt" '.[$bt].superpowers.losses // 0' "$PERF_FILE" 2>/dev/null)
+        r_w=$(jq -r --arg bt "$bt" '.[$bt].ralph.wins // 0' "$PERF_FILE" 2>/dev/null)
+        r_l=$(jq -r --arg bt "$bt" '.[$bt].ralph.losses // 0' "$PERF_FILE" 2>/dev/null)
+        sp_total=$((sp_w + sp_l))
+        r_total=$((r_w + r_l))
+        if [[ $sp_total -gt 0 || $r_total -gt 0 ]]; then
+            echo "  $bt: superpowers=${sp_w}W/${sp_l}L  ralph=${r_w}W/${r_l}L"
+        fi
+    done
+
+    # Lesson count
+    if [[ -f "$LESSONS_FILE" ]]; then
+        lesson_count=$(jq 'length' "$LESSONS_FILE" 2>/dev/null || echo "0")
+        echo "  Lessons: $lesson_count patterns recorded"
+    fi
+    echo ""
+fi
+
+# Cost breakdown (--show-costs) (#42/#43)
+# Filter to numeric-only batch keys before sort to avoid tonumber crash on "final" or other non-numeric keys.
+if [[ "$SHOW_COSTS" == "true" && -f "$STATE_FILE" ]]; then
+    echo "--- Cost Breakdown ---"
+    has_costs=$(jq -r 'if .costs then "yes" else "no" end' "$STATE_FILE" 2>/dev/null || echo "no")
+    if [[ "$has_costs" == "yes" ]]; then
+        jq -r '
+            .costs // {} |
+            to_entries |
+            [.[] | select(.key | test("^[0-9]+$"))] |
+            sort_by(.key | tonumber) |
+            .[] |
+            "  Batch \(.key): $\(if .value | type == "object" then .value.estimated_cost_usd // 0 else .value end)"
+        ' "$STATE_FILE" 2>/dev/null || echo "  (cost data unreadable)"
+    else
+        echo "  No cost data in state file"
+    fi
+    echo ""
+fi
+
+# Progress file
+if [[ -f "$PROJECT_ROOT/progress.txt" ]]; then
+    echo "--- Progress ---"
+    tail -5 "$PROJECT_ROOT/progress.txt" | sed 's/^/  /'
+    echo ""
+fi
+
+# Routing decisions
+if [[ -f "$PROJECT_ROOT/logs/routing-decisions.log" ]]; then
+    echo "--- Routing Decisions ---"
+    tail -20 "$PROJECT_ROOT/logs/routing-decisions.log" | sed 's/^/  /'
+    echo ""
+fi
+
+# Git status
+echo "--- Git ---"
+branch=$(git -C "$PROJECT_ROOT" branch --show-current 2>/dev/null || echo "unknown")
+uncommitted=$(git -C "$PROJECT_ROOT" status --porcelain 2>/dev/null | wc -l || echo 0)
+echo "  Branch:      $branch"
+echo "  Uncommitted: $uncommitted files"
+
+# Detailed cost breakdown (only with --show-costs)
+if [[ "$SHOW_COSTS" == true && -f "$STATE_FILE" ]]; then
+    echo ""
+    echo "--- Cost Details ---"
+    jq -r '
+        .costs // {} | to_entries | sort_by(.key | tonumber) |
+        .[] | "  Batch \(.key): $\(.value.estimated_cost_usd) | \(.value.input_tokens) in | \(.value.output_tokens) out | cache: \(.value.cache_read_tokens) read | \(.value.model // "unknown")"
+    ' "$STATE_FILE" 2>/dev/null || echo "  No cost data"
+    total=$(jq -r '.total_cost_usd // 0' "$STATE_FILE")
+    echo "  Total: \$${total}"
+    echo ""
+fi
+
+# Trust score (from telemetry)
+if [[ -x "$SCRIPT_DIR/telemetry.sh" ]]; then
+    trust_json=$("$SCRIPT_DIR/telemetry.sh" trust --project-root "$PROJECT_ROOT" 2>/dev/null || echo '{}')
+    trust_score=$(echo "$trust_json" | jq -r '.score // "n/a"' 2>/dev/null || echo "n/a")
+    trust_level=$(echo "$trust_json" | jq -r '.level // "unknown"' 2>/dev/null || echo "unknown")
+    trust_runs=$(echo "$trust_json" | jq -r '.runs // 0' 2>/dev/null || echo "0")
+    trust_mode=$(echo "$trust_json" | jq -r '.default_mode // "unknown"' 2>/dev/null || echo "unknown")
+
+    if [[ "$trust_score" != "n/a" && "$trust_runs" != "0" ]]; then
+        echo ""
+        echo "--- Trust Score ---"
+        echo "  Score: ${trust_score}/100 ($trust_runs runs)"
+        echo "  Level: $trust_level"
+        echo "  Default mode: $trust_mode"
+    fi
+fi
+
+echo ""
+echo "═══════════════════════════════════════════════"

package/scripts/policy-check.sh

@@ -0,0 +1,226 @@
+#!/usr/bin/env bash
+# policy-check.sh — Advisory policy checker
+#
+# Usage: policy-check.sh [--project-root <dir>] [--strict] [--scope <tags>]
+#
+# Reads policies/*.md and checks project files for violations.
+# Advisory mode by default (always exits 0).
+# --strict: exit 1 on any violation.
+#
+# Policy files are markdown with code blocks showing positive patterns.
+# This script checks for the ABSENCE of positive patterns (anti-patterns).
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" && pwd)"
+TOOLKIT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+PROJECT_ROOT="."
+STRICT=false
+SCOPE_FILTER=""
+VIOLATIONS=0
+
+usage() {
+    cat <<'EOF'
+policy-check.sh — Advisory policy checker
+
+USAGE:
+  policy-check.sh [OPTIONS]
+
+OPTIONS:
+  --project-root <dir>  Project to check (default: current directory)
+  --strict              Exit 1 on violations (default: advisory, always exit 0)
+  --scope <tags>        Comma-separated scope tags to filter policies
+  -h, --help            Show this help
+
+POLICIES:
+  Reads from policies/ directory in the toolkit root.
+  Each .md file defines positive patterns for a language or domain.
+
+EXIT CODES:
+  0  Advisory mode (default) — always exits 0, prints violations to stdout
+  0  Strict mode — no violations found
+  1  Strict mode — violations found
+EOF
+}
+
+# Parse args
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --project-root) PROJECT_ROOT="$2"; shift 2 ;;
+        --strict) STRICT=true; shift ;;
+        --scope) SCOPE_FILTER="$2"; shift 2 ;;
+        -h|--help) usage; exit 0 ;;
+        -*) echo "Unknown option: $1" >&2; exit 1 ;;
+        *) PROJECT_ROOT="$1"; shift ;;
+    esac
+done
+
+if [[ ! -d "$PROJECT_ROOT" ]]; then
+    echo "Error: project directory not found: $PROJECT_ROOT" >&2
+    exit 1
+fi
+
+POLICY_DIR="$TOOLKIT_ROOT/policies"
+if [[ ! -d "$POLICY_DIR" ]]; then
+    echo "Error: policies directory not found: $POLICY_DIR" >&2
+    exit 1
+fi
+
+# Detect project language
+detect_language() {
+    local dir="$1"
+    local langs=""
+    if [[ -f "$dir/setup.py" ]] || [[ -f "$dir/pyproject.toml" ]] || [[ -f "$dir/requirements.txt" ]]; then
+        langs+="python "
+    fi
+    if [[ -f "$dir/package.json" ]]; then
+        langs+="node "
+    fi
+    # Check for shell scripts
+    if find "$dir" -maxdepth 2 -name '*.sh' -print -quit 2>/dev/null | grep -q .; then
+        langs+="bash "
+    fi
+    if [[ -f "$dir/Makefile" ]]; then
+        langs+="make "
+    fi
+    echo "$langs"
+}
+
+# Check: bash scripts have strict mode
+check_bash_strict_mode() {
+    local dir="$1"
+    local count=0
+    while IFS= read -r script; do
+        [[ -z "$script" ]] && continue
+        # Library files (sourced, not executed directly) inherit strict mode
+        if [[ "$(basename "$(dirname "$script")")" == "lib" ]]; then
+            continue
+        fi
+        if ! head -15 "$script" | grep -q 'set -.*e'; then
+            echo "  POLICY: $script — missing strict mode (set -euo pipefail)"
+            count=$((count + 1))
+        fi
+    done < <(find "$dir" -name '*.sh' -not -path '*/.git/*' -not -path '*/node_modules/*' 2>/dev/null)
+    return $count
+}
+
+# Check: bash scripts quote variables in conditionals
+check_bash_quoting() {
+    local dir="$1"
+    local count=0
+    while IFS= read -r script; do
+        [[ -z "$script" ]] && continue
+        # Look for unquoted $VAR in [[ ]] conditionals (simplified check)
+        if grep -En '\[\[.*\$[A-Za-z_]+[^"}\]]' "$script" 2>/dev/null | grep -v '#' | head -3 | grep -q .; then
+            echo "  POLICY: $script — possible unquoted variable in conditional"
+            count=$((count + 1))
+        fi
+    done < <(find "$dir" -name '*.sh' -not -path '*/.git/*' -not -path '*/node_modules/*' 2>/dev/null)
+    return $count
+}
+
+# Check: python files use closing() for sqlite
+check_python_sqlite_closing() {
+    local dir="$1"
+    local count=0
+    while IFS= read -r pyfile; do
+        [[ -z "$pyfile" ]] && continue
+        if grep -q 'sqlite3\.connect' "$pyfile" 2>/dev/null; then
+            if ! grep -q 'closing(' "$pyfile" 2>/dev/null; then
+                echo "  POLICY: $pyfile — sqlite3.connect without closing() context manager"
+                count=$((count + 1))
+            fi
+        fi
+    done < <(find "$dir" -name '*.py' -not -path '*/.git/*' -not -path '*/node_modules/*' -not -path '*/.venv/*' 2>/dev/null)
+    return $count
+}
+
+# Check: python async defs have await
+check_python_async_await() {
+    local dir="$1"
+    local count=0
+    # This is a simplified heuristic — the lesson-scanner does deeper analysis
+    while IFS= read -r pyfile; do
+        [[ -z "$pyfile" ]] && continue
+        # Find async def functions and check if they contain await
+        if grep -q 'async def' "$pyfile" 2>/dev/null; then
+            # Very rough check: file has async def but no await at all
+            if ! grep -q 'await ' "$pyfile" 2>/dev/null; then
+                echo "  POLICY: $pyfile — async def without any await (may be unnecessary async)"
+                count=$((count + 1))
+            fi
+        fi
+    done < <(find "$dir" -name '*.py' -not -path '*/.git/*' -not -path '*/node_modules/*' -not -path '*/.venv/*' 2>/dev/null)
+    return $count
+}
+
+# Check: test files don't have hardcoded counts
+check_test_hardcoded_counts() {
+    local dir="$1"
+    local count=0
+    while IFS= read -r testfile; do
+        [[ -z "$testfile" ]] && continue
+        # Look for exact equality assertions on counts
+        if grep -En 'assert.*==[[:space:]]*[0-9]{2,}|assertEquals.*[0-9]{2,}|-eq[[:space:]]+[0-9]{2,}' "$testfile" 2>/dev/null | head -3 | grep -q .; then
+            echo "  POLICY: $testfile — possible hardcoded test count assertion"
+            count=$((count + 1))
+        fi
+    done < <(find "$dir" \( -name 'test_*.py' -o -name '*_test.py' -o -name 'test-*.sh' -o -name '*.test.js' -o -name '*.test.ts' \) -not -path '*/.git/*' -not -path '*/node_modules/*' -not -path '*/.venv/*' 2>/dev/null)
+    return $count
+}
+
+# Main
+echo "POLICY CHECK: $PROJECT_ROOT"
+echo ""
+
+languages=$(detect_language "$PROJECT_ROOT")
+echo "Detected languages: ${languages:-none}"
+echo ""
+
+# Run applicable checks
+for policy_file in "$POLICY_DIR"/*.md; do
+    policy_name=$(basename "$policy_file" .md)
+
+    case "$policy_name" in
+        universal)
+            echo "Checking: universal policies"
+            # Universal checks are mostly process-level, hard to check statically
+            echo "  (process-level policies — checked by skill, not script)"
+            echo ""
+            ;;
+        bash)
+            if echo "$languages" | grep -q 'bash'; then
+                echo "Checking: bash policies"
+                violations_before=$VIOLATIONS
+                check_bash_strict_mode "$PROJECT_ROOT" || VIOLATIONS=$((VIOLATIONS + $?))
+                echo ""
+            fi
+            ;;
+        python)
+            if echo "$languages" | grep -q 'python'; then
+                echo "Checking: python policies"
+                check_python_sqlite_closing "$PROJECT_ROOT" || VIOLATIONS=$((VIOLATIONS + $?))
+                check_python_async_await "$PROJECT_ROOT" || VIOLATIONS=$((VIOLATIONS + $?))
+                echo ""
+            fi
+            ;;
+        testing)
+            echo "Checking: testing policies"
+            check_test_hardcoded_counts "$PROJECT_ROOT" || VIOLATIONS=$((VIOLATIONS + $?))
+            echo ""
+            ;;
+    esac
+done
+
+# Summary
+echo "─────────────────────────────────────"
+if [[ $VIOLATIONS -gt 0 ]]; then
+    echo "POLICY CHECK: $VIOLATIONS violation(s) found"
+    if [[ "$STRICT" == "true" ]]; then
+        exit 1
+    fi
+else
+    echo "POLICY CHECK: clean (no violations)"
+fi
+
+exit 0