edsger 0.75.1 → 0.77.0

package/dist/phases/find-shared/rule-config.js

@@ -0,0 +1,67 @@
+/**
+ * Per-scope rule-pack configuration, shared across the find-* phases.
+ *
+ * Lets a team tune which stack-aware rule packs the scanners apply via a preset
+ * plus explicit per-pack toggles — the configurable-rules capability DCM-style
+ * tools expose. Read here from the user's supabase session; edited from the
+ * desktop app (services/db/quality-rule-configs.ts). Stored in
+ * `quality_rule_configs`.
+ */
+import { logInfo } from '../../utils/logger.js';
+import { detectProjectContext } from './detect-context.js';
+import { selectRulePacks } from './rule-packs.js';
+import { readScopedRow } from './scoped-read.js';
+/**
+ * Apply a rule config to the packs detection selected. Pure + exported for
+ * testing.
+ *
+ * - no config → unchanged (default is 'recommended' = all detected packs).
+ * - 'minimal' → no packs (generic categories only).
+ * - otherwise → detected packs minus the explicitly disabled ones.
+ */
+export function applyRuleConfig(packs, config) {
+    if (!config) {
+        return packs;
+    }
+    if (config.preset === 'minimal') {
+        return [];
+    }
+    return packs.filter((p) => !config.disabledPacks.includes(p.id));
+}
+/**
+ * Fetch the rule config for a scope, or null if none is set / no session is
+ * available. Never throws — a read failure must not abort a scan (it just
+ * degrades to the default 'recommended' behaviour).
+ */
+export async function getRuleConfig(scope) {
+    const row = await readScopedRow('quality_rule_configs', 'preset, disabled_packs', scope);
+    if (!row) {
+        return null;
+    }
+    return {
+        preset: row.preset ?? 'recommended',
+        disabledPacks: row.disabled_packs ?? [],
+    };
+}
+/**
+ * Detect the repo's stack, apply the scope's rule config, and return the rule
+ * packs to inject — logging the detected stack and chosen packs. Shared by the
+ * pack-consuming phases (find-smells, find-architecture).
+ */
+export async function resolveStackRulePacks(repoRoot, scope) {
+    const projectContext = detectProjectContext(repoRoot);
+    const ruleConfig = await getRuleConfig(scope);
+    const rulePacks = applyRuleConfig(selectRulePacks(projectContext), ruleConfig);
+    const detectedStack = [
+        ...projectContext.languages,
+        ...projectContext.frameworks,
+    ];
+    const stackLabel = detectedStack.length
+        ? detectedStack.join(', ')
+        : 'unknown';
+    const packLabel = rulePacks.length
+        ? `; applying rule packs: ${rulePacks.map((p) => p.id).join(', ')}`
+        : '; no stack-specific rule packs matched';
+    logInfo(`Detected stack: ${stackLabel}${packLabel}`);
+    return rulePacks;
+}

package/dist/phases/find-shared/rule-packs.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Stack-specific rule packs for the find-* phases.
+ *
+ * The generic smell/bug/architecture categories in the base system prompts are
+ * language-neutral and always apply. A *rule pack* adds targeted, stack-aware
+ * guidance — e.g. Flutter widget anti-patterns, TypeScript type-safety escapes
+ * — that should only fire when the relevant language/framework is actually
+ * present in the repository.
+ *
+ * The design intentionally mirrors the quality-benchmark tool catalog:
+ *   - tools gate on `applies_to: [<LanguageTag>]`, selected by
+ *     `selectToolsForContext(languages)`.
+ *   - rule packs gate on `applies_to: { languages?, frameworks?, files_present? }`,
+ *     selected by `selectRulePacks(context)`.
+ *
+ * Adding support for a new language/framework is therefore a pure data change:
+ * append one `RulePack` here (and, eventually, more of them) — no phase code
+ * branches on a specific language anywhere.
+ */
+import type { ProjectContext } from './detect-context.js';
+/**
+ * Which find-* phase a guidance block is written for. A pack only contributes
+ * to a phase it has guidance for, so the same pack can sharpen find-smells with
+ * local anti-patterns and find-architecture with structural ones without
+ * leaking smell guidance into the architecture audit (or vice versa).
+ */
+export type FindPhaseKind = 'smells' | 'architecture' | 'bugs';
+export interface RulePack {
+    /** Stable id, shown in logs and used in tests. */
+    id: string;
+    /** Human-readable label. */
+    label: string;
+    /**
+     * Gate conditions. A pack is selected when EVERY specified gate matches
+     * (AND across gates), where a gate matches if ANY of its values is present
+     * in the detected context (OR within a gate). At least one gate must be set.
+     */
+    applies_to: {
+        languages?: string[];
+        frameworks?: string[];
+        files_present?: string[];
+    };
+    /**
+     * Per-phase markdown guidance injected into the find-* system prompt when the
+     * pack is selected. Each block should enumerate concrete, file:line-citable
+     * anti-patterns that map onto that phase's existing categories (no new
+     * categories introduced). A pack may cover only some phases.
+     */
+    guidance: Partial<Record<FindPhaseKind, string>>;
+}
+export declare const RULE_PACKS: readonly RulePack[];
+/**
+ * Select the rule packs whose gates are satisfied by the detected context.
+ * Same AND-across-gates / OR-within-gate semantics as the quality-benchmark
+ * `selectToolsForContext`. Membership checks are case-insensitive.
+ */
+export declare function selectRulePacks(ctx: ProjectContext): RulePack[];
+/**
+ * Render the guidance the selected packs provide *for a given phase* into a
+ * single markdown block for appending to that phase's system prompt. Packs
+ * without guidance for `kind` are skipped, so e.g. the TypeScript pack (smells
+ * only) contributes nothing to the architecture audit. Returns '' when nothing
+ * applies, so callers can concatenate unconditionally.
+ */
+export declare function renderRulePacks(packs: RulePack[], kind: FindPhaseKind): string;

package/dist/phases/find-shared/rule-packs.js

@@ -0,0 +1,124 @@
+/**
+ * Stack-specific rule packs for the find-* phases.
+ *
+ * The generic smell/bug/architecture categories in the base system prompts are
+ * language-neutral and always apply. A *rule pack* adds targeted, stack-aware
+ * guidance — e.g. Flutter widget anti-patterns, TypeScript type-safety escapes
+ * — that should only fire when the relevant language/framework is actually
+ * present in the repository.
+ *
+ * The design intentionally mirrors the quality-benchmark tool catalog:
+ *   - tools gate on `applies_to: [<LanguageTag>]`, selected by
+ *     `selectToolsForContext(languages)`.
+ *   - rule packs gate on `applies_to: { languages?, frameworks?, files_present? }`,
+ *     selected by `selectRulePacks(context)`.
+ *
+ * Adding support for a new language/framework is therefore a pure data change:
+ * append one `RulePack` here (and, eventually, more of them) — no phase code
+ * branches on a specific language anywhere.
+ */
+// ---------------------------------------------------------------------------
+// Packs
+// ---------------------------------------------------------------------------
+const flutter = {
+    id: 'flutter',
+    label: 'Flutter / Dart',
+    applies_to: { frameworks: ['flutter'] },
+    guidance: {
+        smells: `Flutter/Dart widget and performance smells (in addition to the generic categories):
+- **Giant \`build()\` methods**: a build method spanning dozens of lines or many nested widgets — extract subtrees into named \`Widget\` classes or helper methods. (category: complexity)
+- **Missing \`const\`**: widgets with compile-time-constant configuration that are not \`const\`, forcing needless rebuilds. (category: performance)
+- **Deep widget nesting**: trees nested well beyond ~5 levels that should be decomposed into smaller widgets. (category: complexity)
+- **Unbounded list rendering**: \`Column\`/\`ListView(children: [...])\` over a growing or large collection instead of \`ListView.builder\`/\`SliverList\`. (category: performance)
+- **Work inside \`build()\`**: constructing controllers, futures, or expensive objects in \`build()\` instead of \`initState\`/memoization — they get recreated every rebuild. (category: performance)
+- **Over-broad \`setState\`**: calling \`setState\` on a large widget where a smaller \`StatefulWidget\`, \`ValueListenableBuilder\`, or \`Selector\` would localise the rebuild. (category: performance)
+- **Unkeyed dynamic lists**: reorderable/dynamic children without \`Key\`s, risking state mismatches. (category: readability)`,
+        architecture: `Flutter/Dart structural concerns (in addition to the generic categories):
+- **Business logic in widgets**: data fetching, persistence, or domain rules embedded directly in \`Widget\`/\`State\` classes instead of a dedicated layer (controller/bloc/cubit/service). (concern: layering)
+- **God widgets**: a single screen widget that builds UI, holds state, talks to the network, and formats data — split by responsibility. (concern: cohesion)
+- **Cross-feature \`BuildContext\` reach-through**: features reaching into each other's widget state instead of going through a shared layer. (concern: coupling)`,
+    },
+};
+const typescript = {
+    id: 'typescript',
+    label: 'TypeScript',
+    applies_to: { languages: ['ts'] },
+    guidance: {
+        smells: `TypeScript type-safety smells (in addition to the generic categories):
+- **Type escapes**: \`any\`/\`unknown\` casts that erase checking; prefer precise types or generics. (category: type_safety)
+- **Suppressed errors**: \`@ts-ignore\`/\`@ts-expect-error\` hiding real type errors rather than fixing them. (category: type_safety)
+- **Unsafe assertions**: \`as\` casts and non-null assertions (\`!\`) at trust boundaries instead of real narrowing/null checks. (category: type_safety)
+- **Loose contracts**: \`object\`, open index signatures, or wide unions where a tighter interface/literal type is intended. (category: type_safety)
+- **Derivable duplication**: enums/unions hand-maintained in parallel instead of derived (\`as const\` + \`keyof\`/\`typeof\`). (category: refactor)`,
+    },
+};
+const csharp = {
+    id: 'csharp',
+    label: 'C# / .NET',
+    applies_to: { languages: ['cs'] },
+    guidance: {
+        smells: `C#/.NET smells (in addition to the generic categories):
+- **Async anti-patterns**: \`.Result\`/\`.Wait()\`/\`.GetAwaiter().GetResult()\` on tasks (sync-over-async deadlock risk); \`async void\` outside event handlers. (category: performance)
+- **Multiple enumeration**: enumerating the same \`IEnumerable\` more than once (re-runs the query/LINQ); materialize with \`ToList()\`/\`ToArray()\` once. (category: performance)
+- **Disposal**: \`IDisposable\` created without \`using\`/\`await using\` or an explicit \`Dispose\`. (category: type_safety)
+- **Swallowed exceptions**: empty \`catch {}\` or \`catch (Exception)\` that hides failures. (category: refactor)
+- **Nullable ignored**: suppressing nullable warnings with \`!\` (null-forgiving) at trust boundaries instead of real checks. (category: type_safety)
+- **String building in loops**: \`+=\` string concatenation inside loops instead of \`StringBuilder\`. (category: performance)
+- **Public mutable fields**: public fields where a property is intended. (category: readability)`,
+        architecture: `C#/.NET structural concerns (in addition to the generic categories):
+- **Fat controllers**: business/data logic in ASP.NET controllers instead of a service/handler layer. (concern: layering)
+- **Leaky persistence**: \`DbContext\`/EF queries used directly across layers instead of behind a repository/service boundary. (concern: layering)
+- **Mutable static/singleton state**: static fields or singletons holding mutable shared state, complicating testing and concurrency. (concern: coupling)
+- **Project reference cycles**: circular references between projects/assemblies. (concern: cyclic dependencies)`,
+    },
+};
+// ---------------------------------------------------------------------------
+// Registry + selection
+// ---------------------------------------------------------------------------
+export const RULE_PACKS = [
+    flutter,
+    typescript,
+    csharp,
+];
+/**
+ * Select the rule packs whose gates are satisfied by the detected context.
+ * Same AND-across-gates / OR-within-gate semantics as the quality-benchmark
+ * `selectToolsForContext`. Membership checks are case-insensitive.
+ */
+export function selectRulePacks(ctx) {
+    const langSet = new Set(ctx.languages.map((l) => l.toLowerCase()));
+    const fwSet = new Set(ctx.frameworks.map((f) => f.toLowerCase()));
+    const fileSet = new Set(ctx.files_present);
+    return RULE_PACKS.filter((pack) => {
+        const { languages, frameworks, files_present } = pack.applies_to;
+        const gates = [];
+        if (languages?.length) {
+            gates.push(languages.some((l) => langSet.has(l.toLowerCase())));
+        }
+        if (frameworks?.length) {
+            gates.push(frameworks.some((f) => fwSet.has(f.toLowerCase())));
+        }
+        if (files_present?.length) {
+            gates.push(files_present.some((f) => fileSet.has(f)));
+        }
+        // A pack with no gates is a misconfiguration — never auto-select it.
+        return gates.length > 0 && gates.every(Boolean);
+    });
+}
+/**
+ * Render the guidance the selected packs provide *for a given phase* into a
+ * single markdown block for appending to that phase's system prompt. Packs
+ * without guidance for `kind` are skipped, so e.g. the TypeScript pack (smells
+ * only) contributes nothing to the architecture audit. Returns '' when nothing
+ * applies, so callers can concatenate unconditionally.
+ */
+export function renderRulePacks(packs, kind) {
+    const sections = packs
+        .map((p) => ({ label: p.label, text: p.guidance[kind] }))
+        .filter((s) => Boolean(s.text))
+        .map((s) => `### ${s.label}\n${s.text}`);
+    if (sections.length === 0) {
+        return '';
+    }
+    return `\n\n**Stack-specific checks** — the repository's detected stack triggers the following targeted checks. Apply them *in addition to* the generic categories above, using the same severity rubric and output format:\n\n${sections.join('\n\n')}`;
+}

package/dist/phases/find-shared/scoped-read.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Shared helper for reading a single scope-keyed row (product XOR repo) via the
+ * user's supabase session. Used by the find-* scan-config readers
+ * (getScanBaseline, getRuleConfig) so they don't each re-implement the
+ * session-guard + scoped query + never-throw error handling.
+ */
+import type { ScanScope } from './baseline.js';
+/**
+ * Fetch one scope-keyed row, or null when there's no session / no row / a read
+ * error. Never throws — a read failure must not abort a scan.
+ */
+export declare function readScopedRow<T>(table: string, columns: string, scope: ScanScope): Promise<T | null>;

package/dist/phases/find-shared/scoped-read.js

@@ -0,0 +1,33 @@
+/**
+ * Shared helper for reading a single scope-keyed row (product XOR repo) via the
+ * user's supabase session. Used by the find-* scan-config readers
+ * (getScanBaseline, getRuleConfig) so they don't each re-implement the
+ * session-guard + scoped query + never-throw error handling.
+ */
+import { getSupabase, hasSupabaseSession } from '../../supabase/client.js';
+import { logWarning } from '../../utils/logger.js';
+/**
+ * Fetch one scope-keyed row, or null when there's no session / no row / a read
+ * error. Never throws — a read failure must not abort a scan.
+ */
+export async function readScopedRow(table, columns, scope) {
+    if (!hasSupabaseSession()) {
+        return null;
+    }
+    try {
+        const query = getSupabase().from(table).select(columns);
+        const scoped = scope.productId
+            ? query.eq('product_id', scope.productId)
+            : query.eq('repository_id', scope.repoId);
+        const { data, error } = await scoped.maybeSingle();
+        if (error) {
+            logWarning(`Could not read ${table}: ${error.message}`);
+            return null;
+        }
+        return data ?? null;
+    }
+    catch (err) {
+        logWarning(`Could not read ${table}: ${err instanceof Error ? err.message : String(err)}`);
+        return null;
+    }
+}

package/dist/phases/find-smells/index.d.ts

@@ -9,7 +9,10 @@
  */
 import { type SmellCategory } from './types.js';
 export interface FindSmellsOptions {
-    productId: string;
+    /** Product scope. Provide this OR repoId (repo-scoped scan). */
+    productId?: string;
+    /** Repository scope: scan a bare `repositories` row with no product. */
+    repoId?: string;
     githubToken: string;
     owner: string;
     repo: string;

package/dist/phases/find-smells/index.js

@@ -11,8 +11,11 @@ import { query } from '@anthropic-ai/claude-agent-sdk';
 import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
 import { cleanupIssueRepo, cloneIssueRepo, ensureWorkspaceDir, syncRepoToRef, } from '../../workspace/workspace-manager.js';
+import { resolveScanBase } from '../find-shared/baseline.js';
+import { resolveCustomRules } from '../find-shared/custom-rules.js';
 import { detectDefaultBranch, gitRevParse, isAncestor, listChangedPaths, } from '../find-shared/git.js';
-import { createIssue, fetchOpenIssues, fetchProductBasics, } from '../find-shared/mcp.js';
+import { createIssue, fetchOpenIssues, fetchOpenIssuesByRepo, fetchProductBasics, fetchRepositoryBasics, } from '../find-shared/mcp.js';
+import { resolveStackRulePacks } from '../find-shared/rule-config.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { createFindSmellsSystemPrompt, createFindSmellsUserPrompt, } from './prompts.js';
 import { acquireFindSmellsLock, loadFindSmellsState, updateFindSmellsState, } from './state.js';
@@ -31,31 +34,35 @@ const MAX_TURNS = 200;
  */
 // eslint-disable-next-line complexity
 export async function scanForSmells(options) {
-    const { productId, githubToken, owner, repo, full, maxFiles, categories, verbose, } = options;
-    logInfo(`Starting smell scan for product ${productId} (${owner}/${repo})`);
-    const lock = acquireFindSmellsLock(productId);
+    const { productId, repoId, githubToken, owner, repo, full, maxFiles, categories, verbose, } = options;
+    // State/lock/workspace are keyed by an opaque scope id so product and repo
+    // scans never collide; repo keys are prefixed to namespace them clearly.
+    const scopeId = productId ?? `repo-${repoId}`;
+    const scopeLabel = productId ? `product ${productId}` : `repository ${repoId}`;
+    logInfo(`Starting smell scan for ${scopeLabel} (${owner}/${repo})`);
+    const lock = acquireFindSmellsLock(scopeId);
     if (!lock) {
-        logWarning(`Another smell scan is already in progress for product ${productId}; skipping.`);
+        logWarning(`Another smell scan is already in progress for ${scopeLabel}; skipping.`);
         return {
             status: 'error',
-            message: 'Another smell scan is already in progress for this product',
+            message: 'Another smell scan is already in progress for this scope',
         };
     }
     let repoPath;
     let scanSucceeded = false;
     try {
-        updateFindSmellsState(productId, {
+        updateFindSmellsState(scopeId, {
             lastAttemptedAt: new Date().toISOString(),
         });
         const workspaceRoot = ensureWorkspaceDir();
-        const repoKey = `${WORKSPACE_KEY}-${productId}`;
+        const repoKey = `${WORKSPACE_KEY}-${scopeId}`;
         ({ repoPath } = cloneIssueRepo(workspaceRoot, repoKey, owner, repo, githubToken));
         const branch = options.branch ?? detectDefaultBranch(repoPath);
         logInfo(`Syncing ${owner}/${repo} to branch ${branch}`);
         syncRepoToRef(repoPath, { branch }, githubToken);
         const headSha = gitRevParse(repoPath, 'HEAD');
-        const state = loadFindSmellsState(productId);
-        const baseSha = full ? undefined : state.lastScannedCommitSha;
+        const state = loadFindSmellsState(scopeId);
+        const baseSha = await resolveScanBase({ productId, repoId }, { full, lastScannedSha: state.lastScannedCommitSha });
         let scope = 'full';
         let changedPaths;
         if (baseSha && baseSha !== headSha) {
@@ -66,7 +73,7 @@ export async function scanForSmells(options) {
                 logInfo(`Incremental scan: ${changedPaths.length} files changed since ${baseSha.slice(0, 8)}`);
                 if (changedPaths.length === 0) {
                     logSuccess('No code changes since last scan; nothing to do.');
-                    updateFindSmellsState(productId, {
+                    updateFindSmellsState(scopeId, {
                         lastScannedCommitSha: headSha,
                         lastScannedAt: new Date().toISOString(),
                         lastError: undefined,
@@ -90,7 +97,7 @@ export async function scanForSmells(options) {
             // the sha didn't move, advance lastScannedAt + clear lastError so the
             // state file accurately reflects when we last verified the repo.
             logSuccess('HEAD unchanged since last scan; nothing to do.');
-            updateFindSmellsState(productId, {
+            updateFindSmellsState(scopeId, {
                 lastScannedAt: new Date().toISOString(),
                 lastError: undefined,
             });
@@ -103,10 +110,19 @@ export async function scanForSmells(options) {
                 issuesCreated: 0,
             };
         }
-        const product = await fetchProductBasics(productId);
-        const existingIssues = await fetchOpenIssues(productId);
+        const product = productId
+            ? await fetchProductBasics(productId)
+            : await fetchRepositoryBasics(repoId);
+        const existingIssues = productId
+            ? await fetchOpenIssues(productId)
+            : await fetchOpenIssuesByRepo(repoId);
         logInfo(`Loaded ${existingIssues.length} existing issues for dedup context`);
-        const systemPrompt = createFindSmellsSystemPrompt();
+        const rulePacks = await resolveStackRulePacks(repoPath, {
+            productId,
+            repoId,
+        });
+        const customRules = await resolveCustomRules({ productId, repoId }, 'smells');
+        const systemPrompt = createFindSmellsSystemPrompt(rulePacks, customRules);
         const userPrompt = createFindSmellsUserPrompt({
             productName: product.name,
             productDescription: product.description,
@@ -159,7 +175,7 @@ export async function scanForSmells(options) {
         }
         if (!scanResult) {
             const msg = 'Audit failed: could not parse a scan_result from the agent';
-            updateFindSmellsState(productId, { lastError: msg });
+            updateFindSmellsState(scopeId, { lastError: msg });
             return {
                 status: 'error',
                 message: msg,
@@ -169,15 +185,17 @@ export async function scanForSmells(options) {
         logInfo(`Audit produced ${smells.length} candidate smells. ${summary}`);
         const deferredBugs = scanResult.deferred_to_bugs ?? [];
         const deferredFeatures = scanResult.deferred_to_features ?? [];
+        // CLI suggestion argument: a productId positional, or the --repo-id flag.
+        const scopeArg = productId ?? `--repo-id ${repoId}`;
         if (deferredBugs.length > 0) {
-            logInfo(`${deferredBugs.length} finding(s) deferred to find-bugs — run \`edsger find-bugs ${productId}\` to pick them up:`);
+            logInfo(`${deferredBugs.length} finding(s) deferred to find-bugs — run \`edsger find-bugs ${scopeArg}\` to pick them up:`);
             for (const d of deferredBugs) {
                 const loc = d.file ? ` (${d.file}${d.line ? `:${d.line}` : ''})` : '';
                 logInfo(`  • ${d.title}${loc} — ${d.reason}`);
             }
         }
         if (deferredFeatures.length > 0) {
-            logInfo(`${deferredFeatures.length} finding(s) deferred to find-features — run \`edsger find-features ${productId}\` to pick them up:`);
+            logInfo(`${deferredFeatures.length} finding(s) deferred to find-features — run \`edsger find-features ${scopeArg}\` to pick them up:`);
             for (const d of deferredFeatures) {
                 const loc = d.file ? ` (${d.file}${d.line ? `:${d.line}` : ''})` : '';
                 logInfo(`  • ${d.title}${loc} — ${d.reason}`);
@@ -192,13 +210,13 @@ export async function scanForSmells(options) {
         }
         let created = 0;
         for (const smell of filteredSmells) {
-            const issueId = await createIssueForSmell(productId, smell);
+            const issueId = await createIssueForSmell({ productId, repoId }, smell);
             if (issueId) {
                 created++;
                 logSuccess(`Filed issue ${issueId}: ${smell.title}`);
             }
         }
-        updateFindSmellsState(productId, {
+        updateFindSmellsState(scopeId, {
             lastScannedCommitSha: headSha,
             lastScannedAt: new Date().toISOString(),
             lastError: undefined,
@@ -219,7 +237,7 @@ export async function scanForSmells(options) {
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
         logError(`Smell scan failed: ${errorMessage}`);
-        updateFindSmellsState(productId, { lastError: errorMessage });
+        updateFindSmellsState(scopeId, { lastError: errorMessage });
         return {
             status: 'error',
             message: `Smell scan failed: ${errorMessage}`,
@@ -232,11 +250,13 @@ export async function scanForSmells(options) {
         lock.release();
     }
 }
-async function createIssueForSmell(productId, smell) {
+async function createIssueForSmell(scope, smell) {
     return createIssue({
-        productId,
+        productId: scope.productId,
+        repoId: scope.repoId,
         title: smell.title,
         description: formatIssueDescription(smell),
+        source: 'quality',
     });
 }
 /**

package/dist/phases/find-smells/prompts.d.ts

@@ -9,7 +9,8 @@
  *   - find-smells (this phase) handles "the code would be better if changed":
  *     refactor candidates, dead code, perf cliffs, type-safety gaps, etc.
  */
-export declare function createFindSmellsSystemPrompt(): string;
+import { type RulePack } from '../find-shared/rule-packs.js';
+export declare function createFindSmellsSystemPrompt(packs?: RulePack[], customRules?: string): string;
 export interface FindSmellsUserPromptParams {
     productName: string;
     productDescription?: string;

package/dist/phases/find-smells/prompts.js

@@ -9,7 +9,8 @@
  *   - find-smells (this phase) handles "the code would be better if changed":
  *     refactor candidates, dead code, perf cliffs, type-safety gaps, etc.
  */
-export function createFindSmellsSystemPrompt() {
+import { renderRulePacks } from '../find-shared/rule-packs.js';
+export function createFindSmellsSystemPrompt(packs = [], customRules = '') {
     return `You are a senior engineer auditing a codebase for **code smells** — concrete improvements the codebase would benefit from. You have read-only access via Read/Grep/Glob and may run shallow Bash queries (e.g. \`git log\`, \`wc -l\`) to navigate.
 
 **What counts as a smell worth filing**:
@@ -18,9 +19,9 @@ export function createFindSmellsSystemPrompt() {
 3. **Duplication**: copy-pasted blocks that should be a single helper
 4. **Complexity**: functions / files that are too long or too deeply nested to reason about, cyclomatic-complexity hotspots
 5. **Dead code**: unreferenced exports, unreachable branches, abandoned feature flags, commented-out blocks
-6. **Type safety**: \`any\` / \`unknown\` casts, \`@ts-ignore\` / \`@ts-expect-error\`, missing null checks at trust boundaries, loose interfaces that should be tightened
+6. **Type safety**: defeated or bypassed type checks — unsafe casts, suppressed type errors, missing null/undefined checks at trust boundaries, loose types that should be tightened (language-specific instances are listed under "Stack-specific checks" when applicable)
 7. **Readability**: misleading names, missing or wrong comments, magic numbers that should be named constants
-8. **Architecture**: cyclic deps, layering violations, modules that have grown into multiple responsibilities
+8. **Architecture**: cyclic deps, layering violations, modules that have grown into multiple responsibilities${renderRulePacks(packs, 'smells')}${customRules}
 
 **What does NOT count** (skip these — wrong tool):
 - Real bugs (security holes, logic errors, races, data corruption) — those belong in \`edsger find-bugs\`. **Don't drop them silently — list them in \`deferred_to_bugs\` so the user knows to run that command.**

package/dist/phases/quality-benchmark/gate.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Quality gate evaluation for the CLI.
+ *
+ * Lets `edsger quality-benchmark --gate` enforce a per-scope pass/fail
+ * threshold against the report it just produced — the "fail the build" gate
+ * NDepend/DCM-style tools expose, usable directly in a user's own CI without
+ * any webhook. The gate (overall-score floor, critical-finding cap, per-
+ * dimension minimums) is stored in `quality_gates`, mirroring the desktop
+ * evaluator in desktop-app/.../services/db/quality-gate.ts.
+ *
+ * The evaluator is pure + exported for testing; the read is RLS-scoped via the
+ * user's supabase session and never throws (a missing gate = nothing to
+ * enforce).
+ */
+import type { ScanScope } from '../find-shared/baseline.js';
+import type { Dimension, QualityReportPayload } from './types.js';
+export interface QualityGate {
+    enabled: boolean;
+    /** Minimum overall score (0–100); null = unconstrained. */
+    min_overall_score: number | null;
+    /** Maximum critical-severity findings allowed; null = unconstrained. */
+    max_critical_findings: number | null;
+    /** Per-dimension minimum scores; absent dimensions are unconstrained. */
+    min_dimension_scores: Partial<Record<Dimension, number>>;
+}
+export interface GateViolation {
+    /** Axis that failed, e.g. "Overall score" or "security". */
+    label: string;
+    /** The threshold that was required. */
+    required: string;
+    /** The actual value from the report. */
+    actual: string;
+}
+export interface GateResult {
+    passed: boolean;
+    violations: GateViolation[];
+}
+/** Count critical-severity findings across every dimension's evidence. */
+export declare function countCriticalFindings(report: QualityReportPayload): number;
+/**
+ * Evaluate a report against a gate, returning every violated axis. A disabled
+ * gate passes vacuously. A report with no overall score is not failed on the
+ * overall-score axis (there is nothing to compare). Pure + exported for tests.
+ */
+export declare function evaluateGate(report: QualityReportPayload, gate: QualityGate): GateResult;
+/**
+ * Fetch the gate configured for a scope, or null if none is set / no session.
+ * Never throws — a read failure degrades to "no gate" (nothing enforced).
+ */
+export declare function getQualityGate(scope: ScanScope): Promise<QualityGate | null>;