claude-crap 0.3.7 → 0.3.8

package/plugin/bundle/mcp-server.mjs

@@ -2977,7 +2977,7 @@ var require_compile = __commonJS({
       const schOrFunc = root.refs[ref];
       if (schOrFunc)
         return schOrFunc;
-      let _sch = resolve6.call(this, root, ref);
+      let _sch = resolve7.call(this, root, ref);
       if (_sch === void 0) {
         const schema = (_a = root.localRefs) === null || _a === void 0 ? void 0 : _a[ref];
         const { schemaId } = this.opts;
@@ -3004,7 +3004,7 @@ var require_compile = __commonJS({
     function sameSchemaEnv(s1, s2) {
       return s1.schema === s2.schema && s1.root === s2.root && s1.baseId === s2.baseId;
     }
-    function resolve6(root, ref) {
+    function resolve7(root, ref) {
       let sch;
       while (typeof (sch = this.refs[ref]) == "string")
         ref = sch;
@@ -3579,55 +3579,55 @@ var require_fast_uri = __commonJS({
       }
       return uri;
     }
-    function resolve6(baseURI, relativeURI, options) {
+    function resolve7(baseURI, relativeURI, options) {
       const schemelessOptions = options ? Object.assign({ scheme: "null" }, options) : { scheme: "null" };
       const resolved = resolveComponent(parse(baseURI, schemelessOptions), parse(relativeURI, schemelessOptions), schemelessOptions, true);
       schemelessOptions.skipEscape = true;
       return serialize(resolved, schemelessOptions);
     }
-    function resolveComponent(base, relative3, options, skipNormalization) {
+    function resolveComponent(base, relative4, options, skipNormalization) {
       const target = {};
       if (!skipNormalization) {
         base = parse(serialize(base, options), options);
-        relative3 = parse(serialize(relative3, options), options);
+        relative4 = parse(serialize(relative4, options), options);
       }
       options = options || {};
-      if (!options.tolerant && relative3.scheme) {
-        target.scheme = relative3.scheme;
-        target.userinfo = relative3.userinfo;
-        target.host = relative3.host;
-        target.port = relative3.port;
-        target.path = removeDotSegments(relative3.path || "");
-        target.query = relative3.query;
+      if (!options.tolerant && relative4.scheme) {
+        target.scheme = relative4.scheme;
+        target.userinfo = relative4.userinfo;
+        target.host = relative4.host;
+        target.port = relative4.port;
+        target.path = removeDotSegments(relative4.path || "");
+        target.query = relative4.query;
       } else {
-        if (relative3.userinfo !== void 0 || relative3.host !== void 0 || relative3.port !== void 0) {
-          target.userinfo = relative3.userinfo;
-          target.host = relative3.host;
-          target.port = relative3.port;
-          target.path = removeDotSegments(relative3.path || "");
-          target.query = relative3.query;
+        if (relative4.userinfo !== void 0 || relative4.host !== void 0 || relative4.port !== void 0) {
+          target.userinfo = relative4.userinfo;
+          target.host = relative4.host;
+          target.port = relative4.port;
+          target.path = removeDotSegments(relative4.path || "");
+          target.query = relative4.query;
         } else {
-          if (!relative3.path) {
+          if (!relative4.path) {
             target.path = base.path;
-            if (relative3.query !== void 0) {
-              target.query = relative3.query;
+            if (relative4.query !== void 0) {
+              target.query = relative4.query;
             } else {
               target.query = base.query;
             }
           } else {
-            if (relative3.path[0] === "/") {
-              target.path = removeDotSegments(relative3.path);
+            if (relative4.path[0] === "/") {
+              target.path = removeDotSegments(relative4.path);
             } else {
               if ((base.userinfo !== void 0 || base.host !== void 0 || base.port !== void 0) && !base.path) {
-                target.path = "/" + relative3.path;
+                target.path = "/" + relative4.path;
               } else if (!base.path) {
-                target.path = relative3.path;
+                target.path = relative4.path;
               } else {
-                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative3.path;
+                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative4.path;
               }
               target.path = removeDotSegments(target.path);
             }
-            target.query = relative3.query;
+            target.query = relative4.query;
           }
           target.userinfo = base.userinfo;
           target.host = base.host;
@@ -3635,7 +3635,7 @@ var require_fast_uri = __commonJS({
         }
         target.scheme = base.scheme;
       }
-      target.fragment = relative3.fragment;
+      target.fragment = relative4.fragment;
       return target;
     }
     function equal(uriA, uriB, options) {
@@ -3806,7 +3806,7 @@ var require_fast_uri = __commonJS({
     var fastUri = {
       SCHEMES,
       normalize,
-      resolve: resolve6,
+      resolve: resolve7,
       resolveComponent,
       equal,
       serialize,
@@ -6853,6 +6853,84 @@ function buildSarifResult3(opts) {
   };
 }
 
+// src/adapters/dart-analyzer.ts
+function mapSeverity3(dartSeverity) {
+  switch (dartSeverity.toUpperCase()) {
+    case "ERROR":
+      return "error";
+    case "WARNING":
+      return "warning";
+    case "INFO":
+      return "note";
+    default:
+      return "warning";
+  }
+}
+var EFFORT_BY_SEVERITY = {
+  error: 30,
+  warning: 15,
+  note: 5,
+  none: 0
+};
+function adaptDartAnalyzer(rawOutput) {
+  let parsed;
+  if (typeof rawOutput === "string") {
+    try {
+      parsed = JSON.parse(rawOutput);
+    } catch {
+      throw new Error("[dart-analyzer adapter] rawOutput is not valid JSON");
+    }
+  } else if (rawOutput && typeof rawOutput === "object" && "diagnostics" in rawOutput) {
+    parsed = rawOutput;
+  } else {
+    throw new Error(
+      "[dart-analyzer adapter] rawOutput must be a JSON string or an object with a 'diagnostics' array"
+    );
+  }
+  if (!Array.isArray(parsed.diagnostics)) {
+    throw new Error("[dart-analyzer adapter] 'diagnostics' must be an array");
+  }
+  const results = [];
+  let totalEffortMinutes = 0;
+  for (const diag of parsed.diagnostics) {
+    const level = mapSeverity3(diag.severity);
+    const effort = EFFORT_BY_SEVERITY[level] ?? estimateEffortMinutes(level);
+    totalEffortMinutes += effort;
+    results.push({
+      ruleId: diag.code,
+      level,
+      message: {
+        text: diag.problemMessage + (diag.correctionMessage ? ` ${diag.correctionMessage}` : "")
+      },
+      locations: [
+        {
+          physicalLocation: {
+            artifactLocation: {
+              uri: diag.location.file
+            },
+            region: {
+              startLine: diag.location.range.start.line,
+              startColumn: diag.location.range.start.column,
+              endLine: diag.location.range.end.line,
+              endColumn: diag.location.range.end.column
+            }
+          }
+        }
+      ],
+      properties: {
+        effortMinutes: effort,
+        ...diag.documentation ? { helpUri: diag.documentation } : {}
+      }
+    });
+  }
+  return {
+    document: wrapResultsInSarif("dart_analyze", "1.0.0", results),
+    sourceTool: "dart_analyze",
+    findingCount: parsed.diagnostics.length,
+    totalEffortMinutes
+  };
+}
+
 // src/adapters/index.ts
 function adaptScannerOutput(scanner, rawOutput) {
   switch (scanner) {
@@ -6864,6 +6942,8 @@ function adaptScannerOutput(scanner, rawOutput) {
       return adaptBandit(rawOutput);
     case "stryker":
       return adaptStryker(rawOutput);
+    case "dart_analyze":
+      return adaptDartAnalyzer(rawOutput);
     default: {
       const exhaustive = scanner;
       throw new Error(`[adapters] Unknown scanner: ${String(exhaustive)}`);
@@ -7250,6 +7330,100 @@ import { fileURLToPath as fileURLToPath2 } from "node:url";
 import Fastify from "fastify";
 import fastifyStatic from "@fastify/static";
 
+// src/shared/exclusions.ts
+import picomatch from "picomatch";
+var DEFAULT_SKIP_DIRS = /* @__PURE__ */ new Set([
+  // Package managers / vendored deps
+  "node_modules",
+  "vendor",
+  // Version control
+  ".git",
+  // Build outputs (general)
+  "dist",
+  "build",
+  "bundle",
+  "out",
+  "target",
+  "coverage",
+  // Framework build outputs
+  ".next",
+  // Next.js
+  ".nuxt",
+  // Nuxt 2
+  ".output",
+  // Nuxt 3
+  ".vercel",
+  // Vercel
+  ".svelte-kit",
+  // SvelteKit
+  ".astro",
+  // Astro
+  ".angular",
+  // Angular
+  ".turbo",
+  // Turborepo
+  ".parcel-cache",
+  // Parcel
+  ".expo",
+  // Expo / React Native
+  // Language-specific caches
+  ".venv",
+  "venv",
+  "__pycache__",
+  ".cache",
+  ".dart_tool",
+  // Dart / Flutter
+  ".gradle",
+  // Gradle
+  // IDE state
+  ".idea",
+  // Plugin state
+  ".claude-crap",
+  ".codesight"
+]);
+var DEFAULT_SKIP_PATTERNS = [
+  "*.min.js",
+  "*.min.css",
+  "*.min.mjs",
+  "*.min.cjs",
+  "*.bundle.js",
+  "*.chunk.js"
+];
+function createExclusionFilter(userExclusions) {
+  const extraDirs = /* @__PURE__ */ new Set();
+  const fileGlobs = [];
+  for (const pattern of userExclusions ?? []) {
+    if (pattern.endsWith("/")) {
+      extraDirs.add(pattern.slice(0, -1));
+    } else {
+      fileGlobs.push(pattern);
+    }
+  }
+  const defaultFileMatchers = DEFAULT_SKIP_PATTERNS.map(
+    (p) => picomatch(p, { dot: true })
+  );
+  const userFileMatchers = fileGlobs.map(
+    (p) => picomatch(p, { dot: true })
+  );
+  return {
+    shouldSkipDir(dirName) {
+      if (dirName.startsWith(".") && dirName !== ".claude-plugin") {
+        return DEFAULT_SKIP_DIRS.has(dirName) || true;
+      }
+      return DEFAULT_SKIP_DIRS.has(dirName) || extraDirs.has(dirName);
+    },
+    shouldSkipFile(relativePath, fileName) {
+      for (const matcher of defaultFileMatchers) {
+        if (matcher(fileName)) return true;
+      }
+      for (const matcher of userFileMatchers) {
+        if (matcher(relativePath) || matcher(fileName)) return true;
+      }
+      return false;
+    }
+  };
+}
+
 // src/metrics/tdr.ts
 var RATING_ORDER = ["A", "B", "C", "D", "E"];
 function ratingToRank(rating) {
@@ -7524,7 +7698,7 @@ async function startDashboard(options) {
     root: publicRoot,
     prefix: "/"
   });
-  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.3.7" }));
+  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.3.8" }));
   fastify.get("/api/score", async () => {
     const stats = await workspaceStatsProvider();
     const score = await buildScore(config, sarifStore, stats, urlOf(fastify, config));
@@ -7535,7 +7709,7 @@ async function startDashboard(options) {
     if (!options.astEngine) {
       return { threshold: config.cyclomaticMax, totalFunctions: 0, violationCount: 0, topFunctions: [] };
     }
-    return buildComplexityReport(config, options.astEngine, logger2);
+    return buildComplexityReport(config, options.astEngine, logger2, options.exclude);
   });
   fastify.get("/api/file-detail", async (request, reply) => {
     const { path: filePath } = request.query;
@@ -7681,24 +7855,9 @@ async function killStaleDashboard(pidFilePath, port, logger2) {
   removePidFile(pidFilePath);
   await new Promise((r) => setTimeout(r, 300));
 }
-var SKIP_DIRS = /* @__PURE__ */ new Set([
-  "node_modules",
-  ".git",
-  "dist",
-  "build",
-  "out",
-  "target",
-  ".venv",
-  "venv",
-  "__pycache__",
-  ".cache",
-  ".next",
-  ".nuxt",
-  ".claude-crap",
-  ".codesight"
-]);
-async function buildComplexityReport(config, engine, logger2) {
+async function buildComplexityReport(config, engine, logger2, exclude) {
   const threshold = config.cyclomaticMax;
+  const filter = createExclusionFilter(exclude);
   const allFunctions = [];
   let totalFunctions = 0;
   async function walk2(dir) {
@@ -7709,10 +7868,9 @@ async function buildComplexityReport(config, engine, logger2) {
       return;
     }
     for (const entry of entries) {
-      if (entry.name.startsWith(".") && entry.name !== ".claude-plugin") continue;
       const full = join2(dir, entry.name);
       if (entry.isDirectory()) {
-        if (SKIP_DIRS.has(entry.name)) continue;
+        if (filter.shouldSkipDir(entry.name)) continue;
         await walk2(full);
         continue;
       }
@@ -7791,23 +7949,7 @@ function computeCrap(input, threshold) {
 
 // src/metrics/workspace-walker.ts
 import { promises as fs4 } from "node:fs";
-import { join as join3 } from "node:path";
-var SKIP_DIRS2 = /* @__PURE__ */ new Set([
-  "node_modules",
-  ".git",
-  "dist",
-  "build",
-  "out",
-  "target",
-  ".venv",
-  "venv",
-  "__pycache__",
-  ".cache",
-  ".next",
-  ".nuxt",
-  ".claude-crap",
-  ".codesight"
-]);
+import { join as join3, relative } from "node:path";
 var CODE_EXTENSIONS = /* @__PURE__ */ new Set([
   ".ts",
   ".tsx",
@@ -7831,7 +7973,8 @@ var CODE_EXTENSIONS = /* @__PURE__ */ new Set([
   ".vue"
 ]);
 var MAX_FILES_WALKED = 2e4;
-async function estimateWorkspaceLoc(workspaceRoot) {
+async function estimateWorkspaceLoc(workspaceRoot, options) {
+  const filter = createExclusionFilter(options?.exclude);
   let physicalLoc = 0;
   let fileCount = 0;
   let truncated = false;
@@ -7845,10 +7988,9 @@ async function estimateWorkspaceLoc(workspaceRoot) {
     }
     for (const entry of entries) {
       if (truncated) return;
-      if (entry.name.startsWith(".") && entry.name !== ".claude-plugin") continue;
       const full = join3(dir, entry.name);
       if (entry.isDirectory()) {
-        if (SKIP_DIRS2.has(entry.name)) continue;
+        if (filter.shouldSkipDir(entry.name)) continue;
         await walk2(full);
         continue;
       }
@@ -7858,6 +8000,8 @@ async function estimateWorkspaceLoc(workspaceRoot) {
       if (dot < 0) continue;
       const ext = lower.substring(dot);
       if (!CODE_EXTENSIONS.has(ext)) continue;
+      const relPath = relative(workspaceRoot, full);
+      if (filter.shouldSkipFile(relPath, entry.name)) continue;
       fileCount += 1;
       if (fileCount > MAX_FILES_WALKED) {
         truncated = true;
@@ -8227,6 +8371,8 @@ var CrapConfigError = class extends Error {
   }
 };
 function loadCrapConfig(options) {
+  const fileResult = readFromFile(options.workspaceRoot);
+  const exclude = fileResult?.exclude ?? [];
   const envRaw = process.env["CLAUDE_CRAP_STRICTNESS"];
   if (typeof envRaw === "string" && envRaw.trim() !== "") {
     const normalized = envRaw.trim().toLowerCase();
@@ -8235,11 +8381,12 @@ function loadCrapConfig(options) {
         `[crap-config] CLAUDE_CRAP_STRICTNESS="${envRaw}" is not a valid strictness. Expected one of: ${STRICTNESS_VALUES.join(", ")}.`
       );
     }
-    return { strictness: normalized, strictnessSource: "env" };
+    return { strictness: normalized, strictnessSource: "env", exclude };
+  }
+  if (fileResult?.strictness) {
+    return { strictness: fileResult.strictness, strictnessSource: "file", exclude };
   }
-  const fromFile = readFromFile(options.workspaceRoot);
-  if (fromFile) return { strictness: fromFile, strictnessSource: "file" };
-  return { strictness: DEFAULT_STRICTNESS, strictnessSource: "default" };
+  return { strictness: DEFAULT_STRICTNESS, strictnessSource: "default", exclude };
 }
 function readFromFile(workspaceRoot) {
   const filePath = join5(workspaceRoot, ".claude-crap.json");
@@ -8267,20 +8414,40 @@ function readFromFile(workspaceRoot) {
     );
   }
   const doc = parsed;
-  if (!("strictness" in doc)) return null;
-  const value = doc["strictness"];
-  if (typeof value !== "string") {
-    throw new CrapConfigError(
-      `[crap-config] ${filePath}: 'strictness' must be a string, got ${typeof value}`
-    );
+  let strictness = null;
+  if ("strictness" in doc) {
+    const value = doc["strictness"];
+    if (typeof value !== "string") {
+      throw new CrapConfigError(
+        `[crap-config] ${filePath}: 'strictness' must be a string, got ${typeof value}`
+      );
+    }
+    const normalized = value.trim().toLowerCase();
+    if (!isStrictness(normalized)) {
+      throw new CrapConfigError(
+        `[crap-config] ${filePath}: 'strictness' is "${value}"; expected one of ${STRICTNESS_VALUES.join(", ")}.`
+      );
+    }
+    strictness = normalized;
   }
-  const normalized = value.trim().toLowerCase();
-  if (!isStrictness(normalized)) {
-    throw new CrapConfigError(
-      `[crap-config] ${filePath}: 'strictness' is "${value}"; expected one of ${STRICTNESS_VALUES.join(", ")}.`
-    );
+  let exclude = [];
+  if ("exclude" in doc) {
+    const raw2 = doc["exclude"];
+    if (!Array.isArray(raw2)) {
+      throw new CrapConfigError(
+        `[crap-config] ${filePath}: 'exclude' must be an array of strings`
+      );
+    }
+    for (const item of raw2) {
+      if (typeof item !== "string") {
+        throw new CrapConfigError(
+          `[crap-config] ${filePath}: every entry in 'exclude' must be a string, got ${typeof item}`
+        );
+      }
+    }
+    exclude = raw2;
   }
-  return normalized;
+  return { strictness, exclude };
 }
 function isStrictness(value) {
   return STRICTNESS_VALUES.includes(value);
@@ -8288,7 +8455,7 @@ function isStrictness(value) {
 
 // src/tools/test-harness.ts
 import { promises as fs6 } from "node:fs";
-import { basename, dirname as dirname4, extname, isAbsolute as isAbsolute3, join as join6, relative, resolve as resolve5, sep as sep2 } from "node:path";
+import { basename, dirname as dirname4, extname, isAbsolute as isAbsolute3, join as join6, relative as relative2, resolve as resolve5, sep as sep2 } from "node:path";
 var TEST_SUFFIX_PATTERN = /\.(test|spec)\./;
 function isTestFile(filePath) {
   const base = basename(filePath);
@@ -8303,7 +8470,7 @@ function candidatePaths(workspaceRoot, filePath) {
   const base = basename(absSource, ext);
   const dir = dirname4(absSource);
   const absWorkspace = resolve5(workspaceRoot);
-  const relFromRoot = relative(absWorkspace, absSource);
+  const relFromRoot = relative2(absWorkspace, absSource);
   const relDir = dirname4(relFromRoot);
   const candidates = /* @__PURE__ */ new Set();
   candidates.add(join6(dir, `${base}.test${ext}`));
@@ -8355,8 +8522,8 @@ import { existsSync as existsSync5 } from "node:fs";
 import { join as join11 } from "node:path";
 
 // src/scanner/detector.ts
-import { existsSync as existsSync2, readFileSync as readFileSync3 } from "node:fs";
-import { join as join7 } from "node:path";
+import { existsSync as existsSync2, readFileSync as readFileSync3, readdirSync } from "node:fs";
+import { join as join7, resolve as resolve6 } from "node:path";
 import { execFile } from "node:child_process";
 var SCANNER_SIGNALS = {
   eslint: {
@@ -8405,6 +8572,14 @@ var SCANNER_SIGNALS = {
     ],
     packageJsonKeys: ["@stryker-mutator/core"],
     binaryNames: ["stryker"]
+  },
+  dart_analyze: {
+    configFiles: [
+      "analysis_options.yaml",
+      "pubspec.yaml"
+    ],
+    packageJsonKeys: [],
+    binaryNames: ["dart"]
   }
 };
 function probeConfigFiles(workspaceRoot, scanner) {
@@ -8435,14 +8610,14 @@ function probePackageJson(workspaceRoot, scanner) {
   }
 }
 function probeBinary(binaryName) {
-  return new Promise((resolve6) => {
+  return new Promise((resolve7) => {
     execFile("which", [binaryName], { timeout: 5e3 }, (err) => {
-      resolve6(err === null);
+      resolve7(err === null);
     });
   });
 }
 async function detectScanners(workspaceRoot) {
-  const scanners = ["eslint", "semgrep", "bandit", "stryker"];
+  const scanners = ["eslint", "semgrep", "bandit", "stryker", "dart_analyze"];
   const results = await Promise.all(
     scanners.map(async (scanner) => {
       const configProbe = probeConfigFiles(workspaceRoot, scanner);
@@ -8455,10 +8630,13 @@ async function detectScanners(workspaceRoot) {
         };
       }
       if (probePackageJson(workspaceRoot, scanner)) {
+        const binName = SCANNER_SIGNALS[scanner].binaryNames[0];
+        const binPath = binName ? join7(workspaceRoot, "node_modules", ".bin", binName) : null;
+        const installed = binPath !== null && existsSync2(binPath);
         return {
           scanner,
-          available: true,
-          reason: `found in package.json dependencies`
+          available: installed,
+          reason: installed ? "found in package.json and installed" : `found in package.json but not installed (run \`npm install\`)`
         };
       }
       const signals = SCANNER_SIGNALS[scanner];
@@ -8480,6 +8658,58 @@ async function detectScanners(workspaceRoot) {
   );
   return results;
 }
+var MONOREPO_DIRS = ["apps", "packages", "libs", "modules", "services"];
+async function detectMonorepoScanners(workspaceRoot) {
+  const subdirs = /* @__PURE__ */ new Set();
+  try {
+    const pkgPath = join7(workspaceRoot, "package.json");
+    const raw = readFileSync3(pkgPath, "utf-8");
+    const pkg = JSON.parse(raw);
+    if (Array.isArray(pkg.workspaces)) {
+      for (const ws of pkg.workspaces) {
+        if (typeof ws === "string" && !ws.includes("*")) {
+          const full = resolve6(workspaceRoot, ws);
+          if (existsSync2(full)) subdirs.add(full);
+        }
+      }
+    }
+  } catch {
+  }
+  for (const dir of MONOREPO_DIRS) {
+    const full = join7(workspaceRoot, dir);
+    try {
+      const entries = readdirSync(full, { withFileTypes: true });
+      for (const entry of entries) {
+        if (entry.isDirectory() && !entry.name.startsWith(".")) {
+          subdirs.add(join7(full, entry.name));
+        }
+      }
+    } catch {
+    }
+  }
+  if (subdirs.size === 0) return [];
+  const detections = [];
+  const scanners = ["eslint", "semgrep", "bandit", "stryker", "dart_analyze"];
+  for (const subdir of subdirs) {
+    for (const scanner of scanners) {
+      const configProbe = probeConfigFiles(subdir, scanner);
+      if (!configProbe.found) continue;
+      if (scanner === "dart_analyze") {
+        const hasBinary = await probeBinary("dart");
+        if (!hasBinary) continue;
+      }
+      const relDir = subdir.replace(workspaceRoot + "/", "");
+      detections.push({
+        scanner,
+        available: true,
+        reason: `config file found in ${relDir}/`,
+        ...configProbe.path ? { configPath: configProbe.path } : {},
+        workingDir: subdir
+      });
+    }
+  }
+  return detections;
+}
 
 // src/scanner/runner.ts
 import { execFile as execFile2 } from "node:child_process";
@@ -8516,17 +8746,26 @@ function getScannerCommand(scanner, workspaceRoot) {
         nonZeroIsNormal: false,
         outputFile: join8(workspaceRoot, "reports", "mutation", "mutation.json")
       };
+    case "dart_analyze":
+      return {
+        command: "dart",
+        args: ["analyze", "--format=json", "."],
+        timeoutMs: 12e4,
+        nonZeroIsNormal: true
+        // exits 3 when findings exist
+      };
   }
 }
-function runScanner(scanner, workspaceRoot) {
+function runScanner(scanner, workspaceRoot, options) {
   const start = Date.now();
-  const cmd = getScannerCommand(scanner, workspaceRoot);
-  return new Promise((resolve6) => {
+  const cwd = options?.workingDir ?? workspaceRoot;
+  const cmd = getScannerCommand(scanner, cwd);
+  return new Promise((resolve7) => {
     execFile2(
       cmd.command,
       cmd.args,
       {
-        cwd: workspaceRoot,
+        cwd,
         timeout: cmd.timeoutMs,
         maxBuffer: 50 * 1024 * 1024,
         // 50 MB — large codebases produce verbose output
@@ -8540,7 +8779,7 @@ function runScanner(scanner, workspaceRoot) {
           if (cmd.outputFile && existsSync3(cmd.outputFile)) {
             try {
               const fileOutput = readFileSync4(cmd.outputFile, "utf-8");
-              resolve6({
+              resolve7({
                 scanner,
                 success: true,
                 rawOutput: fileOutput,
@@ -8550,7 +8789,7 @@ function runScanner(scanner, workspaceRoot) {
             } catch {
             }
           }
-          resolve6({
+          resolve7({
             scanner,
             success: false,
             rawOutput: "",
@@ -8563,7 +8802,7 @@ function runScanner(scanner, workspaceRoot) {
           if (existsSync3(cmd.outputFile)) {
             try {
               const fileOutput = readFileSync4(cmd.outputFile, "utf-8");
-              resolve6({
+              resolve7({
                 scanner,
                 success: true,
                 rawOutput: fileOutput,
@@ -8571,7 +8810,7 @@ function runScanner(scanner, workspaceRoot) {
               });
               return;
             } catch (readErr) {
-              resolve6({
+              resolve7({
                 scanner,
                 success: false,
                 rawOutput: "",
@@ -8581,7 +8820,7 @@ function runScanner(scanner, workspaceRoot) {
               return;
             }
           }
-          resolve6({
+          resolve7({
             scanner,
             success: false,
             rawOutput: "",
@@ -8592,7 +8831,7 @@ function runScanner(scanner, workspaceRoot) {
         }
         const output = stdout.trim();
         if (!output) {
-          resolve6({
+          resolve7({
             scanner,
             success: true,
             rawOutput: "[]",
@@ -8601,7 +8840,7 @@ function runScanner(scanner, workspaceRoot) {
           });
           return;
         }
-        resolve6({
+        resolve7({
           scanner,
           success: true,
           rawOutput: output,
@@ -8613,7 +8852,7 @@ function runScanner(scanner, workspaceRoot) {
 }
 
 // src/scanner/bootstrap.ts
-import { existsSync as existsSync4, writeFileSync as writeFileSync2, readdirSync } from "node:fs";
+import { existsSync as existsSync4, writeFileSync as writeFileSync2, readdirSync as readdirSync2 } from "node:fs";
 import { join as join9 } from "node:path";
 import { execFile as execFile3 } from "node:child_process";
 function detectProjectType(workspaceRoot) {
@@ -8630,12 +8869,13 @@ function detectProjectType(workspaceRoot) {
   }
   if (has("Directory.Build.props")) return "csharp";
   try {
-    const entries = readdirSync(workspaceRoot);
+    const entries = readdirSync2(workspaceRoot);
     if (entries.some((e) => e.endsWith(".csproj") || e.endsWith(".sln"))) {
       return "csharp";
     }
   } catch {
   }
+  if (has("pubspec.yaml")) return "dart";
   return "unknown";
 }
 function generateEslintConfig(isTypeScript) {
@@ -8677,7 +8917,7 @@ export default [
 `;
 }
 function npmInstall(workspaceRoot, packages) {
-  return new Promise((resolve6) => {
+  return new Promise((resolve7) => {
     execFile3(
       "npm",
       ["install", "--save-dev", ...packages],
@@ -8688,14 +8928,14 @@ function npmInstall(workspaceRoot, packages) {
       },
       (err, stdout, stderr) => {
         if (err) {
-          resolve6({
+          resolve7({
             action: `npm install --save-dev ${packages.join(" ")}`,
             success: false,
             detail: stderr || err.message
           });
           return;
         }
-        resolve6({
+        resolve7({
           action: `npm install --save-dev ${packages.join(" ")}`,
           success: true,
           detail: `installed ${packages.join(", ")}`
@@ -8750,6 +8990,12 @@ function getRecommendation(projectType) {
         canAutoInstall: false,
         installInstructions: "brew install semgrep  (or: pip install semgrep, pipx install semgrep)"
       };
+    case "dart":
+      return {
+        scanner: "dart_analyze",
+        canAutoInstall: false,
+        installInstructions: "Install the Dart SDK: https://dart.dev/get-dart  (or Flutter SDK which includes Dart)"
+      };
     case "unknown":
       return {
         scanner: "semgrep",
@@ -8896,23 +9142,7 @@ function buildResult(projectType, steps, autoScanResult, recommendation) {
 
 // src/scanner/complexity-scanner.ts
 import { promises as fs7 } from "node:fs";
-import { join as join10, relative as relative2 } from "node:path";
-var SKIP_DIRS3 = /* @__PURE__ */ new Set([
-  "node_modules",
-  ".git",
-  "dist",
-  "build",
-  "out",
-  "target",
-  ".venv",
-  "venv",
-  "__pycache__",
-  ".cache",
-  ".next",
-  ".nuxt",
-  ".claude-crap",
-  ".codesight"
-]);
+import { join as join10, relative as relative3 } from "node:path";
 var MAX_FILES = 2e4;
 var RULE_ID = "complexity/cyclomatic-max";
 var SOURCE_TOOL = "complexity";
@@ -8920,7 +9150,8 @@ async function scanComplexity(workspaceRoot, engine, sarifStore, config, logger2
   const start = Date.now();
   const threshold = config.cyclomaticMax;
   const errorThreshold = threshold * 2;
-  const files = await collectSourceFiles(workspaceRoot);
+  const filter = createExclusionFilter(config.exclude);
+  const files = await collectSourceFiles(workspaceRoot, filter);
   logger2.info(
     { fileCount: files.length, threshold },
     "complexity-scanner: starting analysis"
@@ -8939,7 +9170,7 @@ async function scanComplexity(workspaceRoot, engine, sarifStore, config, logger2
       for (const fn of metrics.functions) {
         if (fn.cyclomaticComplexity <= threshold) continue;
         const level = fn.cyclomaticComplexity >= errorThreshold ? "error" : "warning";
-        const relPath = relative2(workspaceRoot, filePath);
+        const relPath = relative3(workspaceRoot, filePath);
         sarifResults.push({
           ruleId: RULE_ID,
           level,
@@ -8990,7 +9221,7 @@ async function scanComplexity(workspaceRoot, engine, sarifStore, config, logger2
   );
   return { filesScanned, functionsAnalyzed, violations, durationMs };
 }
-async function collectSourceFiles(workspaceRoot) {
+async function collectSourceFiles(workspaceRoot, filter) {
   const files = [];
   let truncated = false;
   async function walk2(dir) {
@@ -9003,15 +9234,16 @@ async function collectSourceFiles(workspaceRoot) {
     }
     for (const entry of entries) {
       if (truncated) return;
-      if (entry.name.startsWith(".") && entry.name !== ".claude-plugin") continue;
       const full = join10(dir, entry.name);
       if (entry.isDirectory()) {
-        if (SKIP_DIRS3.has(entry.name)) continue;
+        if (filter.shouldSkipDir(entry.name)) continue;
         await walk2(full);
         continue;
       }
       if (!entry.isFile()) continue;
       if (!detectLanguageFromPath(entry.name)) continue;
+      const relPath = relative3(workspaceRoot, full);
+      if (filter.shouldSkipFile(relPath, entry.name)) continue;
       files.push(full);
       if (files.length >= MAX_FILES) {
         truncated = true;
@@ -9038,10 +9270,18 @@ function ingestScannerRun(scanner, rawOutput, sarifStore) {
 async function autoScan(workspaceRoot, sarifStore, logger2, options) {
   const start = Date.now();
   const detected = await detectScanners(workspaceRoot);
+  const monorepoDetected = await detectMonorepoScanners(workspaceRoot);
+  const rootScannerSet = new Set(detected.filter((d) => d.available).map((d) => d.scanner));
+  for (const md of monorepoDetected) {
+    if (!rootScannerSet.has(md.scanner)) {
+      detected.push(md);
+    }
+  }
   const available = detected.filter((d) => d.available);
   logger2.info(
     {
       detected: detected.map((d) => `${d.scanner}:${d.available}`),
+      monorepo: monorepoDetected.length,
       available: available.length
     },
     "auto-scan: detection complete"
@@ -9096,7 +9336,7 @@ async function autoScan(workspaceRoot, sarifStore, logger2, options) {
     };
   }
   const runResults = await Promise.allSettled(
-    available.map((d) => runScanner(d.scanner, workspaceRoot))
+    available.map((d) => runScanner(d.scanner, workspaceRoot, d.workingDir ? { workingDir: d.workingDir } : void 0))
   );
   const results = [];
   let totalFindings = 0;
@@ -9177,7 +9417,7 @@ async function autoScan(workspaceRoot, sarifStore, logger2, options) {
         workspaceRoot,
         options.engine,
         sarifStore,
-        { cyclomaticMax: options.cyclomaticMax ?? 15 },
+        { cyclomaticMax: options.cyclomaticMax ?? 15, ...options.exclude ? { exclude: options.exclude } : {} },
         logger2
       );
       totalFindings += complexityScan.violations;
@@ -9313,7 +9553,7 @@ var ingestScannerOutputSchema = {
   properties: {
     scanner: {
       type: "string",
-      enum: ["semgrep", "eslint", "bandit", "stryker"],
+      enum: ["semgrep", "eslint", "bandit", "stryker", "dart_analyze"],
       description: "Identifier of the producing scanner."
     },
     rawOutput: {
@@ -9373,6 +9613,15 @@ async function main() {
     { config: { ...config, pluginRoot: "<redacted>" } },
     "claude-crap MCP server starting"
   );
+  let userExclusions = [];
+  try {
+    const crapConfig = loadCrapConfig({ workspaceRoot: config.pluginRoot });
+    userExclusions = crapConfig.exclude;
+    if (userExclusions.length > 0) {
+      logger.info({ exclude: userExclusions }, "user exclusions loaded from .claude-crap.json");
+    }
+  } catch {
+  }
   const astEngine = new TreeSitterEngine();
   const sarifStore = new SarifStore({
     workspaceRoot: config.pluginRoot,
@@ -9388,9 +9637,10 @@ async function main() {
     dashboard = await startDashboard({
       config,
       sarifStore,
-      workspaceStatsProvider: () => estimateWorkspaceLoc(config.pluginRoot),
+      workspaceStatsProvider: () => estimateWorkspaceLoc(config.pluginRoot, { exclude: userExclusions }),
       logger,
-      astEngine
+      astEngine,
+      exclude: userExclusions
     });
   } catch (err) {
     logger.warn(
@@ -9560,7 +9810,7 @@ async function main() {
         const typed = args ?? {};
         const format = typed.format ?? "both";
         try {
-          const workspace = await estimateWorkspaceLoc(config.pluginRoot);
+          const workspace = await estimateWorkspaceLoc(config.pluginRoot, { exclude: userExclusions });
           const score = computeProjectScore({
             workspaceRoot: config.pluginRoot,
             minutesPerLoc: config.minutesPerLoc,
@@ -9783,7 +10033,8 @@ async function main() {
         try {
           const result = await autoScan(config.pluginRoot, sarifStore, logger, {
             engine: astEngine,
-            cyclomaticMax: config.cyclomaticMax
+            cyclomaticMax: config.cyclomaticMax,
+            exclude: userExclusions
           });
           const markdown = renderAutoScanMarkdown(result);
           return {
@@ -9862,7 +10113,8 @@ async function main() {
   logger.info("claude-crap MCP server ready (stdio)");
   autoScan(config.pluginRoot, sarifStore, logger, {
     engine: astEngine,
-    cyclomaticMax: config.cyclomaticMax
+    cyclomaticMax: config.cyclomaticMax,
+    exclude: userExclusions
   }).then((result) => {
     const scanners = result.results.filter((r) => r.success).map((r) => r.scanner);
     logger.info(