contextdiet 0.2.0

package/CHANGELOG.md

@@ -0,0 +1,25 @@
+# Changelog
+
+All notable changes to contextdiet are documented here.
+
+## 0.2.0 - 2026-05-19
+
+### Added
+
+- `init` command for creating a starter `contextdiet.config.json`.
+- `--help` and `--version` CLI support.
+- `contextdiet.config.json` support for `threshold`, `ignoredRules`, and rule `weight` overrides.
+- `scan --sarif` for SARIF 2.1.0 output.
+- Reusable GitHub Action with `root`, `threshold`, and `format` inputs.
+- JSON schema for contextdiet configuration.
+
+## 0.1.0 - 2026-05-19
+
+### Added
+
+- Initial `scan`, `score`, `badge`, and `fix --safe` CLI commands.
+- Discovery for `AGENTS.md`, `CLAUDE.md`, Cursor rules, Copilot instructions, `SKILL.md`, `.mcp.json`, and `.cursor/mcp.json`.
+- Deterministic findings for stale commands, stale paths, repeated instructions, conflicting instructions, skill metadata problems, risky MCP commands, and invalid MCP JSON.
+- Strict CI threshold support with `--strict --threshold`.
+- JSON output for `scan` and `score`.
+- Launch README, CI workflow, docs, and noisy example fixture.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Contextdiet contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,246 @@
+# contextdiet
+
+[![CI](https://github.com/Tehlikeli107/contextdiet/actions/workflows/ci.yml/badge.svg)](https://github.com/Tehlikeli107/contextdiet/actions/workflows/ci.yml)
+![Agent Context Score](https://img.shields.io/badge/agent_context-100%2F100-brightgreen)
+[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+
+Your coding agent is only as good as the context you feed it.
+
+`contextdiet` scans `AGENTS.md`, `CLAUDE.md`, Cursor rules, Copilot instructions, Agent Skills, and MCP configs for stale, noisy, contradictory, or risky context.
+
+Think Lighthouse for AI coding-agent context.
+
+```bash
+npx github:Tehlikeli107/contextdiet scan --root .
+npx github:Tehlikeli107/contextdiet score --root .
+npx github:Tehlikeli107/contextdiet badge --root .
+npx github:Tehlikeli107/contextdiet init --root .
+npx github:Tehlikeli107/contextdiet fix --safe --root .
+```
+
+After the npm package is published, the commands become:
+
+```bash
+npx contextdiet scan
+npx contextdiet score
+npx contextdiet badge
+npx contextdiet init
+npx contextdiet fix --safe
+```
+
+## Why
+
+AI coding agents are moving from demos into real repositories, but repo-level context can quietly make them worse:
+
+- stale commands send agents down dead paths
+- missing files waste tool calls
+- repeated rules burn context
+- conflicting instructions lower trust
+- risky MCP commands expand blast radius
+- bloated context increases token spend
+
+`contextdiet` starts with deterministic local checks. No API keys, no network calls, no model judgment.
+
+## Quick Start
+
+Scan the current repository:
+
+```bash
+node ./bin/contextdiet.js scan --root .
+```
+
+Fail CI when the score drops below 90:
+
+```bash
+node ./bin/contextdiet.js scan --root . --strict --threshold 90
+```
+
+Generate a README badge:
+
+```bash
+node ./bin/contextdiet.js badge --root .
+```
+
+Create a starter config:
+
+```bash
+node ./bin/contextdiet.js init --root .
+```
+
+Try the intentionally noisy demo fixture:
+
+```bash
+node ./bin/contextdiet.js scan --root examples/noisy-agent-context
+```
+
+## Commands
+
+| Command | Purpose |
+| --- | --- |
+| `scan` | Print a full human-readable report |
+| `score` | Print compact score output |
+| `badge` | Print a Shields.io markdown badge |
+| `init` | Create `contextdiet.config.json` if it does not exist |
+| `fix --safe` | Apply conservative whitespace-only cleanup |
+| `--help` | Print usage |
+| `--version` | Print package version |
+
+Common options:
+
+| Option | Purpose |
+| --- | --- |
+| `--root <path>` | Scan a specific repository root |
+| `--json` | Print machine-readable JSON for `scan` and `score` |
+| `--sarif` | Print SARIF 2.1.0 output for `scan` |
+| `--strict` | Exit 1 when score is below threshold |
+| `--threshold <0-100>` | Score threshold for strict mode, default `90` |
+
+## What It Checks
+
+| Surface | Files |
+| --- | --- |
+| Agent instructions | `AGENTS.md`, `CLAUDE.md` |
+| IDE rules | `.cursor/rules/*.md`, `.cursor/rules/*.mdc` |
+| Copilot | `.github/copilot-instructions.md` |
+| Agent Skills | `**/SKILL.md` |
+| MCP | `.mcp.json`, `.cursor/mcp.json` |
+
+## Findings
+
+The MVP detects:
+
+- `missing-entrypoint`: no primary agent instruction surface
+- `stale-command`: referenced `npm run` script does not exist
+- `stale-path`: referenced local path does not exist
+- `repeated-instruction`: exact repeated bullet instruction
+- `conflicting-instruction`: simple positive/negative instruction conflict
+- `skill-metadata`: missing `name` or `description` in `SKILL.md`
+- `risky-mcp-command`: suspicious MCP command patterns
+- `invalid-mcp-json`: invalid MCP JSON
+
+## Example
+
+```text
+Contextdiet report
+Score: 84/100
+Files scanned: 1
+Findings: 2
+
+Findings:
+- [warning] stale-command AGENTS.md: Referenced npm script "missing" is not defined in package.json.
+- [warning] stale-path AGENTS.md: Referenced path "docs/missing.md" does not exist.
+```
+
+## GitHub Actions
+
+Use contextdiet as a reusable action:
+
+```yaml
+name: Agent Context
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  contextdiet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: Tehlikeli107/contextdiet@v0.2.0
+        with:
+          root: .
+          threshold: 90
+          format: text
+```
+
+Or run the CLI directly:
+
+```yaml
+name: Agent Context
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  contextdiet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 24
+      - run: npx github:Tehlikeli107/contextdiet scan --root . --strict --threshold 90
+```
+
+## Machine Output
+
+```bash
+npx github:Tehlikeli107/contextdiet scan --root . --json
+npx github:Tehlikeli107/contextdiet score --root . --json
+npx github:Tehlikeli107/contextdiet scan --root . --sarif > contextdiet.sarif
+```
+
+## Configuration
+
+Create `contextdiet.config.json` in the repository root with `contextdiet init`, or write it manually:
+
+```json
+{
+  "$schema": "./schema/contextdiet.schema.json",
+  "threshold": 90,
+  "ignoredRules": [],
+  "rules": {
+    "stale-command": {
+      "weight": 8
+    },
+    "risky-mcp-command": {
+      "weight": 10
+    }
+  }
+}
+```
+
+CLI `--threshold` overrides the config threshold. `ignoredRules` removes matching findings before scoring.
+
+## Safe Fixes
+
+`fix --safe` only applies low-risk formatting cleanup:
+
+- trims trailing whitespace
+- collapses more than two consecutive blank lines
+
+It does not delete instructions, rewrite MCP config, change permissions, or invent new agent docs.
+
+## Local Development
+
+```bash
+npm test
+npm run scan
+npm run score
+npm run badge
+```
+
+## Roadmap
+
+- GitHub Action annotations
+- SARIF upload workflow examples
+- session-log analysis for Claude Code, Codex, Cursor, and Gemini CLI
+- before/after context benchmarks
+- safer skill and MCP lifecycle checks
+- team policies for agent context drift
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). Keep rules deterministic, local-first, and covered by tests.
+
+## Security
+
+See [SECURITY.md](SECURITY.md). Please report suspected vulnerabilities privately.
+
+## License
+
+MIT

package/action.yml

@@ -0,0 +1,29 @@
+name: contextdiet
+description: Scan AI coding-agent context quality in CI
+author: Tehlikeli107
+
+inputs:
+  root:
+    description: Repository root to scan
+    required: false
+    default: "."
+  threshold:
+    description: Minimum score required for success
+    required: false
+    default: "90"
+  format:
+    description: Output format: text, json, or sarif
+    required: false
+    default: "text"
+
+outputs:
+  exit-code:
+    description: contextdiet CLI exit code
+
+runs:
+  using: node20
+  main: src/action.js
+
+branding:
+  icon: activity
+  color: green

package/bin/contextdiet.js

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+import { runCli } from '../src/cli.js';
+
+const result = await runCli(process.argv.slice(2));
+process.exitCode = result.exitCode;

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "contextdiet",
+  "version": "0.2.0",
+  "description": "Measure, trim, and prove AI coding-agent context quality.",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Tehlikeli107/contextdiet.git"
+  },
+  "homepage": "https://github.com/Tehlikeli107/contextdiet#readme",
+  "bugs": {
+    "url": "https://github.com/Tehlikeli107/contextdiet/issues"
+  },
+  "bin": {
+    "contextdiet": "bin/contextdiet.js"
+  },
+  "files": [
+    "action.yml",
+    "bin",
+    "schema",
+    "src",
+    "README.md",
+    "LICENSE",
+    "CHANGELOG.md"
+  ],
+  "scripts": {
+    "test": "node --test",
+    "scan": "node ./bin/contextdiet.js scan --root .",
+    "score": "node ./bin/contextdiet.js score --root .",
+    "badge": "node ./bin/contextdiet.js badge --root ."
+  },
+  "keywords": [
+    "agent-context",
+    "agent-lint",
+    "agents",
+    "AGENTS.md",
+    "ai-coding",
+    "Claude",
+    "claude-code",
+    "Codex",
+    "Cursor",
+    "MCP",
+    "model-context-protocol",
+    "context-engineering",
+    "linter"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  }
+}

package/schema/contextdiet.schema.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://github.com/Tehlikeli107/contextdiet/schema/contextdiet.schema.json",
+  "title": "contextdiet configuration",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "$schema": {
+      "type": "string"
+    },
+    "threshold": {
+      "type": "integer",
+      "minimum": 0,
+      "maximum": 100,
+      "default": 90
+    },
+    "ignoredRules": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true,
+      "default": []
+    },
+    "rules": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "weight": {
+            "type": "integer",
+            "minimum": 0,
+            "maximum": 100
+          }
+        }
+      },
+      "default": {}
+    }
+  }
+}

package/src/action.js

@@ -0,0 +1,48 @@
+import { appendFile } from 'node:fs/promises';
+import { fileURLToPath, pathToFileURL } from 'node:url';
+
+import { runCli } from './cli.js';
+
+export function buildActionArgs(env = process.env) {
+  const root = env.INPUT_ROOT || '.';
+  const threshold = env.INPUT_THRESHOLD || '90';
+  const format = env.INPUT_FORMAT || 'text';
+  const args = ['scan', '--root', root, '--strict', '--threshold', threshold];
+
+  if (format === 'sarif') {
+    args.push('--sarif');
+  } else if (format === 'json') {
+    args.push('--json');
+  }
+
+  return args;
+}
+
+async function writeOutput(name, value, env = process.env) {
+  if (!env.GITHUB_OUTPUT) return;
+  await appendFile(env.GITHUB_OUTPUT, `${name}=${value}\n`, 'utf8');
+}
+
+export async function runAction(env = process.env) {
+  const output = [];
+  const errors = [];
+  const result = await runCli(buildActionArgs(env), {
+    stdout: (line) => output.push(line),
+    stderr: (line) => errors.push(line)
+  });
+
+  for (const line of output) console.log(line);
+  for (const line of errors) console.error(line);
+
+  await writeOutput('exit-code', String(result.exitCode), env);
+  process.exitCode = result.exitCode;
+  return result;
+}
+
+export function isDirectRun(metaUrl, argvPath) {
+  return fileURLToPath(metaUrl) === fileURLToPath(pathToFileURL(argvPath));
+}
+
+if (isDirectRun(import.meta.url, process.argv[1])) {
+  await runAction();
+}

package/src/analyzers.js

@@ -0,0 +1,222 @@
+import { access, readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+
+const ENTRYPOINT_KINDS = new Set(['agents', 'claude', 'copilot', 'cursor-rule']);
+const PATH_REFERENCE_PATTERN = /`([^`\n]+)`|\[[^\]]+\]\(([^)\n]+)\)/g;
+const NPM_RUN_PATTERN = /\bnpm\s+run\s+([A-Za-z0-9:_-]+)/g;
+const RISKY_COMMAND_PATTERN = /\b(curl|wget)\b.+\|\s*(sh|bash)|rm\s+-rf|Invoke-WebRequest.+iex|iwr.+iex/i;
+
+function finding(ruleId, severity, file, message, weight) {
+  return {
+    ruleId,
+    severity,
+    file: file?.relativePath ?? file?.path ?? '<repository>',
+    message,
+    weight
+  };
+}
+
+async function pathExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function readPackageScripts(root) {
+  try {
+    const content = await readFile(join(root, 'package.json'), 'utf8');
+    const parsed = JSON.parse(content);
+    return parsed.scripts && typeof parsed.scripts === 'object' ? parsed.scripts : {};
+  } catch {
+    return {};
+  }
+}
+
+function lineInstructions(content) {
+  return content
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter((line) => /^[-*]\s+/.test(line))
+    .map((line) => line.replace(/^[-*]\s+/, '').trim())
+    .filter(Boolean);
+}
+
+function normalizedInstruction(instruction) {
+  return instruction
+    .toLowerCase()
+    .replace(/\b(always|must|should|please|do not|don't|never|avoid)\b/g, '')
+    .replace(/\s+/g, ' ')
+    .trim();
+}
+
+function hasNegativeCue(instruction) {
+  return /\b(do not|don't|never|avoid)\b/i.test(instruction);
+}
+
+function hasPositiveCue(instruction) {
+  return /\b(always|must|should)\b/i.test(instruction);
+}
+
+function analyzeRepeatedAndConflictingInstructions(file) {
+  const findings = [];
+  const instructions = lineInstructions(file.content);
+  const seen = new Set();
+  const polarityByInstruction = new Map();
+
+  for (const instruction of instructions) {
+    const exact = instruction.toLowerCase();
+    if (seen.has(exact)) {
+      findings.push(finding(
+        'repeated-instruction',
+        'warning',
+        file,
+        `Repeated instruction: "${instruction}"`,
+        4
+      ));
+    }
+    seen.add(exact);
+
+    const normalized = normalizedInstruction(instruction);
+    if (!normalized) continue;
+
+    const polarity = hasNegativeCue(instruction) ? 'negative' : hasPositiveCue(instruction) ? 'positive' : 'neutral';
+    const previous = polarityByInstruction.get(normalized);
+    if (previous && previous !== polarity && polarity !== 'neutral' && previous !== 'neutral') {
+      findings.push(finding(
+        'conflicting-instruction',
+        'warning',
+        file,
+        `Conflicting instruction about "${normalized}"`,
+        7
+      ));
+    }
+    polarityByInstruction.set(normalized, polarity);
+  }
+
+  return findings;
+}
+
+async function analyzeCommandReferences(root, file) {
+  const findings = [];
+  const scripts = await readPackageScripts(root);
+  const matches = file.content.matchAll(NPM_RUN_PATTERN);
+
+  for (const match of matches) {
+    const scriptName = match[1];
+    if (!Object.prototype.hasOwnProperty.call(scripts, scriptName)) {
+      findings.push(finding(
+        'stale-command',
+        'warning',
+        file,
+        `Referenced npm script "${scriptName}" is not defined in package.json.`,
+        8
+      ));
+    }
+  }
+
+  return findings;
+}
+
+async function analyzePathReferences(root, file) {
+  const findings = [];
+  const matches = file.content.matchAll(PATH_REFERENCE_PATTERN);
+
+  for (const match of matches) {
+    const reference = match[1] ?? match[2];
+    if (!reference) continue;
+    if (/^(https?:|mailto:|#)/i.test(reference)) continue;
+    if (reference.startsWith('npm run ')) continue;
+    if (/\s/.test(reference)) continue;
+    if (!/[/.]/.test(reference)) continue;
+
+    const cleanReference = reference.replace(/^\.?\//, '');
+    const candidate = join(root, cleanReference);
+    if (!(await pathExists(candidate))) {
+      findings.push(finding(
+        'stale-path',
+        'warning',
+        file,
+        `Referenced path "${reference}" does not exist.`,
+        8
+      ));
+    }
+  }
+
+  return findings;
+}
+
+function analyzeSkillMetadata(file) {
+  if (file.kind !== 'skill') return [];
+  const match = file.content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+  const metadata = match?.[1] ?? '';
+  const hasName = /^name:\s*\S+/m.test(metadata);
+  const hasDescription = /^description:\s*\S+/m.test(metadata);
+
+  if (hasName && hasDescription) return [];
+
+  return [finding(
+    'skill-metadata',
+    'warning',
+    file,
+    'SKILL.md frontmatter should include name and description.',
+    6
+  )];
+}
+
+function analyzeMcpConfig(file) {
+  if (file.kind !== 'mcp') return [];
+
+  try {
+    const parsed = JSON.parse(file.content);
+    const servers = parsed.mcpServers && typeof parsed.mcpServers === 'object' ? parsed.mcpServers : {};
+    return Object.entries(servers).flatMap(([name, server]) => {
+      const command = String(server.command ?? '');
+      const args = Array.isArray(server.args) ? server.args.map(String).join(' ') : '';
+      const commandLine = `${command} ${args}`.trim();
+      if (!RISKY_COMMAND_PATTERN.test(commandLine)) return [];
+
+      return [finding(
+        'risky-mcp-command',
+        'error',
+        file,
+        `MCP server "${name}" uses a risky command pattern.`,
+        10
+      )];
+    });
+  } catch {
+    return [finding(
+      'invalid-mcp-json',
+      'error',
+      file,
+      'MCP config is not valid JSON.',
+      10
+    )];
+  }
+}
+
+export async function analyzeFiles(root, files) {
+  const findings = [];
+
+  if (!files.some((file) => ENTRYPOINT_KINDS.has(file.kind))) {
+    findings.push(finding(
+      'missing-entrypoint',
+      'warning',
+      null,
+      'No AGENTS.md, CLAUDE.md, Cursor rule, or Copilot instructions file found.',
+      10
+    ));
+  }
+
+  for (const file of files) {
+    findings.push(...analyzeRepeatedAndConflictingInstructions(file));
+    findings.push(...await analyzeCommandReferences(root, file));
+    findings.push(...await analyzePathReferences(root, file));
+    findings.push(...analyzeSkillMetadata(file));
+    findings.push(...analyzeMcpConfig(file));
+  }
+
+  return findings;
+}

package/src/cli.js

@@ -0,0 +1,127 @@
+import { readFile } from 'node:fs/promises';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+import { applySafeFixes } from './fixes.js';
+import { formatBadge, formatSarif, formatScore, formatTextReport, publicScanResult } from './format.js';
+import { scanRepository } from './scanner.js';
+import { writeDefaultConfig } from './config.js';
+
+const USAGE = `Usage:
+  contextdiet scan [--root <path>] [--json]
+  contextdiet score [--root <path>] [--json]
+  contextdiet badge [--root <path>]
+  contextdiet init [--root <path>]
+  contextdiet fix --safe [--root <path>]
+
+Options:
+  --strict              Exit 1 when score is below threshold
+  --threshold <0-100>   Score threshold for --strict (default: 90)
+  --sarif               Print SARIF 2.1.0 output for scan
+`;
+
+async function packageVersion() {
+  const packagePath = join(dirname(fileURLToPath(import.meta.url)), '..', 'package.json');
+  const packageJson = JSON.parse(await readFile(packagePath, 'utf8'));
+  return packageJson.version;
+}
+
+function parseArgs(argv) {
+  const command = argv[0] ?? 'scan';
+  const options = {
+    root: process.cwd(),
+    json: false,
+    safe: false,
+    strict: false,
+    thresholdPassed: false,
+    sarif: false,
+    threshold: 90
+  };
+
+  for (let index = 1; index < argv.length; index += 1) {
+    const arg = argv[index];
+    if (arg === '--root') {
+      options.root = argv[index + 1];
+      index += 1;
+    } else if (arg === '--json') {
+      options.json = true;
+    } else if (arg === '--safe') {
+      options.safe = true;
+    } else if (arg === '--strict') {
+      options.strict = true;
+    } else if (arg === '--threshold') {
+      options.threshold = Number.parseInt(argv[index + 1], 10);
+      options.thresholdPassed = true;
+      index += 1;
+    } else if (arg === '--sarif') {
+      options.sarif = true;
+    }
+  }
+
+  return { command, options };
+}
+
+export async function runCli(argv, io = {}) {
+  const stdout = io.stdout ?? console.log;
+  const stderr = io.stderr ?? console.error;
+  const { command, options } = parseArgs(argv);
+
+  if (command === 'help' || command === '--help' || command === '-h') {
+    stdout(USAGE.trimEnd());
+    return { exitCode: 0 };
+  }
+
+  if (command === 'version' || command === '--version' || command === '-v') {
+    stdout(await packageVersion());
+    return { exitCode: 0 };
+  }
+
+  if (!Number.isInteger(options.threshold) || options.threshold < 0 || options.threshold > 100) {
+    stderr('Error: threshold must be an integer from 0 to 100.');
+    stderr(USAGE.trimEnd());
+    return { exitCode: 2 };
+  }
+
+  if (command === 'scan') {
+    const scan = await scanRepository(options.root);
+    const threshold = options.thresholdPassed ? options.threshold : scan.config.threshold;
+    const output = options.sarif
+      ? JSON.stringify(formatSarif(scan), null, 2)
+      : options.json
+        ? JSON.stringify(publicScanResult(scan), null, 2)
+        : formatTextReport(scan);
+    stdout(output);
+    return { exitCode: options.strict && scan.score.score < threshold ? 1 : 0 };
+  }
+
+  if (command === 'score') {
+    const scan = await scanRepository(options.root);
+    const threshold = options.thresholdPassed ? options.threshold : scan.config.threshold;
+    stdout(options.json ? JSON.stringify(scan.score, null, 2) : formatScore(scan));
+    return { exitCode: options.strict && scan.score.score < threshold ? 1 : 0 };
+  }
+
+  if (command === 'badge') {
+    const scan = await scanRepository(options.root);
+    stdout(formatBadge(scan));
+    return { exitCode: 0 };
+  }
+
+  if (command === 'init') {
+    const result = await writeDefaultConfig(options.root);
+    stdout(result.created ? 'Created contextdiet.config.json' : 'contextdiet.config.json already exists');
+    return { exitCode: 0 };
+  }
+
+  if (command === 'fix' && options.safe) {
+    const result = await applySafeFixes(options.root);
+    stdout(`Changed files: ${result.changedFiles}`);
+    for (const file of result.files) {
+      stdout(`- ${file}`);
+    }
+    return { exitCode: 0 };
+  }
+
+  stderr(USAGE.trimEnd());
+  return { exitCode: 2 };
+}

package/src/config.js

@@ -0,0 +1,63 @@
+import { readFile, writeFile } from 'node:fs/promises';
+import { join } from 'node:path';
+
+const DEFAULT_CONFIG = {
+  threshold: 90,
+  ignoredRules: [],
+  rules: {}
+};
+
+export function defaultConfigText() {
+  return `${JSON.stringify({
+    $schema: './schema/contextdiet.schema.json',
+    threshold: 90,
+    ignoredRules: [],
+    rules: {}
+  }, null, 2)}\n`;
+}
+
+function normalizeConfig(config) {
+  return {
+    threshold: Number.isInteger(config.threshold) ? config.threshold : DEFAULT_CONFIG.threshold,
+    ignoredRules: Array.isArray(config.ignoredRules) ? config.ignoredRules.map(String) : [],
+    rules: config.rules && typeof config.rules === 'object' ? config.rules : {}
+  };
+}
+
+export async function loadConfig(root) {
+  try {
+    const content = await readFile(join(root, 'contextdiet.config.json'), 'utf8');
+    return normalizeConfig(JSON.parse(content));
+  } catch (error) {
+    if (error.code === 'ENOENT') return { ...DEFAULT_CONFIG };
+    throw new Error(`Failed to read contextdiet.config.json: ${error.message}`);
+  }
+}
+
+export async function writeDefaultConfig(root) {
+  const path = join(root, 'contextdiet.config.json');
+  try {
+    await readFile(path, 'utf8');
+    return { path, created: false };
+  } catch (error) {
+    if (error.code !== 'ENOENT') throw error;
+  }
+
+  await writeFile(path, defaultConfigText(), 'utf8');
+  return { path, created: true };
+}
+
+export function applyConfigToFindings(findings, config) {
+  const ignoredRules = new Set(config.ignoredRules);
+
+  return findings
+    .filter((finding) => !ignoredRules.has(finding.ruleId))
+    .map((finding) => {
+      const ruleConfig = config.rules[finding.ruleId];
+      if (!ruleConfig || !Number.isInteger(ruleConfig.weight)) return finding;
+      return {
+        ...finding,
+        weight: ruleConfig.weight
+      };
+    });
+}

package/src/fixes.js

@@ -0,0 +1,30 @@
+import { writeFile } from 'node:fs/promises';
+
+import { discoverContextFiles } from './scanner.js';
+
+export function safeFixContent(content) {
+  return content
+    .replace(/\r\n/g, '\n')
+    .split('\n')
+    .map((line) => line.replace(/[ \t]+$/g, ''))
+    .join('\n')
+    .replace(/\n{3,}/g, '\n\n');
+}
+
+export async function applySafeFixes(root) {
+  const files = await discoverContextFiles(root);
+  const changed = [];
+
+  for (const file of files) {
+    const fixed = safeFixContent(file.content);
+    if (fixed === file.content) continue;
+
+    await writeFile(file.path, fixed, 'utf8');
+    changed.push(file.relativePath);
+  }
+
+  return {
+    changedFiles: changed.length,
+    files: changed
+  };
+}

package/src/format.js

@@ -0,0 +1,97 @@
+export function publicScanResult(scan) {
+  return {
+    root: scan.root,
+    score: scan.score,
+    files: scan.files.map((file) => ({
+      path: file.relativePath,
+      kind: file.kind
+    })),
+    findings: scan.findings
+  };
+}
+
+export function formatTextReport(scan) {
+  const lines = [
+    'Contextdiet report',
+    `Score: ${scan.score.score}/${scan.score.maxScore}`,
+    `Files scanned: ${scan.files.length}`,
+    `Findings: ${scan.findings.length}`
+  ];
+
+  if (scan.findings.length > 0) {
+    lines.push('', 'Findings:');
+    for (const finding of scan.findings) {
+      lines.push(`- [${finding.severity}] ${finding.ruleId} ${finding.file}: ${finding.message}`);
+    }
+  }
+
+  return lines.join('\n');
+}
+
+export function formatScore(scan) {
+  return [
+    `Score: ${scan.score.score}/${scan.score.maxScore}`,
+    `Findings: ${scan.score.findings}`
+  ].join('\n');
+}
+
+export function badgeColor(score) {
+  if (score >= 90) return 'brightgreen';
+  if (score >= 75) return 'yellow';
+  if (score >= 50) return 'orange';
+  return 'red';
+}
+
+export function formatBadge(scan) {
+  const score = scan.score.score;
+  const maxScore = scan.score.maxScore;
+  const encodedValue = encodeURIComponent(`${score}/${maxScore}`);
+  return `![Agent Context Score](https://img.shields.io/badge/agent_context-${encodedValue}-${badgeColor(score)})`;
+}
+
+function levelForSeverity(severity) {
+  if (severity === 'error') return 'error';
+  if (severity === 'warning') return 'warning';
+  return 'note';
+}
+
+export function formatSarif(scan) {
+  const ruleIds = [...new Set(scan.findings.map((finding) => finding.ruleId))].sort();
+  return {
+    version: '2.1.0',
+    $schema: 'https://json.schemastore.org/sarif-2.1.0.json',
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: 'contextdiet',
+            informationUri: 'https://github.com/Tehlikeli107/contextdiet',
+            rules: ruleIds.map((ruleId) => ({
+              id: ruleId,
+              name: ruleId,
+              shortDescription: {
+                text: ruleId
+              }
+            }))
+          }
+        },
+        results: scan.findings.map((finding) => ({
+          ruleId: finding.ruleId,
+          level: levelForSeverity(finding.severity),
+          message: {
+            text: finding.message
+          },
+          locations: [
+            {
+              physicalLocation: {
+                artifactLocation: {
+                  uri: finding.file
+                }
+              }
+            }
+          ]
+        }))
+      }
+    ]
+  };
+}

package/src/scanner.js

@@ -0,0 +1,71 @@
+import { readdir, readFile } from 'node:fs/promises';
+import { basename, join, relative, sep } from 'node:path';
+
+import { analyzeFiles } from './analyzers.js';
+import { applyConfigToFindings, loadConfig } from './config.js';
+import { calculateScore } from './scoring.js';
+
+const IGNORED_DIRECTORIES = new Set(['.git', 'node_modules', 'dist', 'coverage']);
+
+function toPortablePath(path) {
+  return path.split(sep).join('/');
+}
+
+function kindForPath(path) {
+  const portable = toPortablePath(path);
+  if (portable === 'AGENTS.md') return 'agents';
+  if (portable === 'CLAUDE.md') return 'claude';
+  if (portable === '.github/copilot-instructions.md') return 'copilot';
+  if (portable === '.mcp.json' || portable === '.cursor/mcp.json') return 'mcp';
+  if (portable.startsWith('.cursor/rules/') && (portable.endsWith('.md') || portable.endsWith('.mdc'))) return 'cursor-rule';
+  if (basename(portable) === 'SKILL.md') return 'skill';
+  return null;
+}
+
+async function walk(root, directory, files) {
+  const entries = await readdir(directory, { withFileTypes: true });
+
+  for (const entry of entries) {
+    if (entry.isDirectory()) {
+      if (!IGNORED_DIRECTORIES.has(entry.name)) {
+        await walk(root, join(directory, entry.name), files);
+      }
+      continue;
+    }
+
+    if (!entry.isFile()) continue;
+
+    const path = join(directory, entry.name);
+    const relativePath = relative(root, path);
+    const kind = kindForPath(relativePath);
+    if (!kind) continue;
+
+    files.push({
+      path,
+      relativePath: toPortablePath(relativePath),
+      kind,
+      content: await readFile(path, 'utf8')
+    });
+  }
+}
+
+export async function discoverContextFiles(root) {
+  const files = [];
+  await walk(root, root, files);
+  return files.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+}
+
+export async function scanRepository(root) {
+  const config = await loadConfig(root);
+  const files = await discoverContextFiles(root);
+  const findings = applyConfigToFindings(await analyzeFiles(root, files), config);
+  const score = calculateScore(findings);
+
+  return {
+    root,
+    config,
+    files,
+    findings,
+    score
+  };
+}

package/src/scoring.js

@@ -0,0 +1,17 @@
+const DEFAULT_WEIGHT = 5;
+
+export function calculateScore(findings) {
+  const totalPenalty = findings.reduce((sum, finding) => sum + (finding.weight ?? DEFAULT_WEIGHT), 0);
+  const score = Math.max(0, 100 - totalPenalty);
+  const bySeverity = findings.reduce((counts, finding) => {
+    counts[finding.severity] = (counts[finding.severity] ?? 0) + 1;
+    return counts;
+  }, {});
+
+  return {
+    score,
+    maxScore: 100,
+    findings: findings.length,
+    bySeverity
+  };
+}