instrlint 0.1.5 → 0.1.6

package/README.md

@@ -169,7 +169,7 @@ Then **restart Claude Code** to activate the command. Then in your editor:
 | D | 60–69 | Poor |
 | F | < 60 | Critical |
 
-Deductions: critical finding −10 (cap −40), warning −5 (cap −30), info −1 (cap −10). Budget penalty: −5 if baseline > 25% of context, −15 if > 50%.
+Deductions: critical finding −10 (cap −40), warning −5 (cap −30), info −1 (cap −10). Root file length penalty: proportional above 200 lines (201–300: −5, 301–400: −8, 401–500: −10, 501–600: −15, 601+: −20, cap −30). Budget penalty: continuous above 25% of context window (cap −30).
 
 ## Contributing
 

package/README.zh-TW.md

@@ -175,7 +175,7 @@ npx instrlint install --codex
 | D | 60–69 | 較差 |
 | F | < 60 | 嚴重 |
 
-扣分規則：嚴重問題 −10（上限 −40）、警告 −5（上限 −30）、建議 −1（上限 −10）。預算懲罰：baseline 超過 context 的 25% 扣 −5，超過 50% 扣 −15。
+扣分規則：嚴重問題 −10（上限 −40）、警告 −5（上限 −30）、建議 −1（上限 −10）。根指令檔行數懲罰：超過 200 行後按比例扣分（201–300 行 −5、301–400 −8、401–500 −10、501–600 −15、601+ −20，上限 −30）。預算懲罰：超過 context 視窗 25% 後連續計算（上限 −30）。
 
 ## 貢獻
 

package/dist/cli.cjs

@@ -32,8 +32,9 @@ var import_commander = require("commander");
 
 // src/commands/run-command.ts
 var import_child_process = require("child_process");
+var import_fs13 = require("fs");
 var import_readline = require("readline");
-var import_path10 = require("path");
+var import_path11 = require("path");
 var import_chalk4 = __toESM(require("chalk"), 1);
 
 // src/core/scanner.ts
@@ -1269,13 +1270,13 @@ function isNegated(text, word) {
     const lower = sentence.toLowerCase();
     for (const neg of NEGATION_WORDS) {
       const pattern = new RegExp(
-        `\\b${neg}\\b(?:\\s+\\w+){0,1}\\s+\\b${escapedWord}\\b`,
+        `\\b${neg}\\b(?:\\s+\\w+){0,1}\\s+\\b${escapedWord}\\b(?!['\\u2019]s\\b)`,
         "i"
       );
       if (pattern.test(lower)) return true;
     }
     const notPattern = new RegExp(
-      `\\b(?:do\\s+)?not\\b(?:\\s+\\w+){0,1}\\s+\\b${escapedWord}\\b`,
+      `\\b(?:do\\s+)?not\\b(?:\\s+\\w+){0,1}\\s+\\b${escapedWord}\\b(?!['\\u2019]s\\b)`,
       "i"
     );
     if (notPattern.test(lower)) return true;
@@ -1305,7 +1306,15 @@ var POLARITY_STOP_WORDS = /* @__PURE__ */ new Set([
   "all",
   "every",
   "each",
-  "any"
+  "any",
+  // Pronouns and copulas — appear in any sentence regardless of topic;
+  // their negation carries no semantic domain information
+  "it",
+  "its",
+  "be",
+  "by",
+  "own",
+  "on"
 ]);
 function collectRuleLines3(instructions) {
   const sources = [
@@ -1632,6 +1641,9 @@ var en_default = {
   "install.outdatedVersions": "installed: {{installed}} \u2192 current: {{current}}",
   "install.updateCmd": "npx instrlint install {{flag}} --force",
   "install.updatePrompt": "Update skill now?",
+  "verification.confirmed": "LLM confirmed",
+  "verification.uncertain": "LLM uncertain",
+  "verification.filteredCount": "\u2298 {{count}} false positive{{s}} filtered by LLM",
   "fix.manualActions": "MANUAL ACTIONS NEEDED",
   "fix.hookCreate": "Add to .claude/settings.json:",
   "fix.hookWarning": "\u26A0 Hook executes shell commands \u2014 review carefully before adding",
@@ -1739,6 +1751,9 @@ var zh_TW_default = {
   "install.outdatedVersions": "\u5DF2\u5B89\u88DD\uFF1A{{installed}} \u2192 \u6700\u65B0\uFF1A{{current}}",
   "install.updateCmd": "npx instrlint install {{flag}} --force",
   "install.updatePrompt": "\u662F\u5426\u7ACB\u5373\u66F4\u65B0\uFF1F",
+  "verification.confirmed": "LLM \u5DF2\u78BA\u8A8D",
+  "verification.uncertain": "LLM \u4E0D\u78BA\u5B9A",
+  "verification.filteredCount": "\u2298 \u5DF2\u904E\u6FFE {{count}} \u500B{{s}} false positive\uFF08\u7531 LLM \u5224\u65B7\uFF09",
   "fix.manualActions": "\u9700\u8981\u624B\u52D5\u64CD\u4F5C",
   "fix.hookCreate": "\u52A0\u5165 .claude/settings.json\uFF1A",
   "fix.hookWarning": "\u26A0 Hook \u6703\u57F7\u884C shell command\uFF0C\u8ACB\u4ED4\u7D30\u78BA\u8A8D\u5F8C\u518D\u52A0\u5165",
@@ -1988,7 +2003,10 @@ function printTopIssues(findings, output) {
     const icon = f.severity === "critical" ? import_chalk2.default.red("\u2716") : f.severity === "warning" ? import_chalk2.default.yellow("\u26A0") : import_chalk2.default.blue("\u2139");
     const msg = t(f.messageKey, f.messageParams);
     const truncated = msg.length > 68 ? `${msg.slice(0, 68)}\u2026` : msg;
-    output.log(`  ${import_chalk2.default.white(`${i + 1}.`)} ${icon}  ${truncated}`);
+    const verifyBadge = f.verification?.verdict === "confirmed" ? import_chalk2.default.green(` \u2713 ${t("verification.confirmed")}`) : f.verification?.verdict === "uncertain" ? import_chalk2.default.yellow(` \u2753 ${t("verification.uncertain")}`) : "";
+    output.log(
+      `  ${import_chalk2.default.white(`${i + 1}.`)} ${icon}  ${truncated}${verifyBadge}`
+    );
   }
   if (sorted.length > 5) {
     output.log(
@@ -2058,6 +2076,13 @@ function printCombinedTerminal(report, output = console) {
       import_chalk2.default.gray(`  \u2500\u2500`) + ` ${summary} ` + import_chalk2.default.gray("\u2500".repeat(pad))
     );
   }
+  if (report.rejectedByVerification) {
+    output.log(
+      import_chalk2.default.gray(
+        `  ${t("verification.filteredCount", { count: String(report.rejectedByVerification), s: plural(report.rejectedByVerification) })}`
+      )
+    );
+  }
   output.log("");
 }
 function reportJson(report) {
@@ -2095,6 +2120,9 @@ function reportMarkdown(report, extraSections = []) {
     `| ${t("markdown.critical")} | ${criticals} |`,
     `| ${t("markdown.warning")} | ${warnings} |`,
     `| ${t("markdown.info")} | ${infos} |`,
+    ...report.rejectedByVerification ? [
+      `| ${t("verification.filteredCount", { count: String(report.rejectedByVerification), s: plural(report.rejectedByVerification) })} | |`
+    ] : [],
     ""
   ];
   const window = budget.totalBaseline + budget.availableTokens;
@@ -2181,8 +2209,9 @@ function reportMarkdown(report, extraSections = []) {
     lines.push(`## ${t(labelKey)}`, "");
     for (const f of group) {
       const loc = f.line != null ? ` ${t("markdown.lineRef", { line: String(f.line) })}` : "";
+      const verifyBadge = f.verification?.verdict === "confirmed" ? ` \u2713 *${t("verification.confirmed")}*: ${f.verification.reason}` : f.verification?.verdict === "uncertain" ? ` \u2753 *${t("verification.uncertain")}*: ${f.verification.reason}` : "";
       lines.push(
-        `- ${mdSeverityIcon(f)} ${t(f.messageKey, f.messageParams)}${loc}`
+        `- ${mdSeverityIcon(f)} ${t(f.messageKey, f.messageParams)}${loc}${verifyBadge}`
       );
     }
     lines.push("");
@@ -2469,9 +2498,202 @@ $2`
   return updated;
 }
 
-// src/commands/install-command.ts
-var import_fs11 = require("fs");
+// src/verifiers/candidates.ts
+var import_crypto = require("crypto");
 var import_path9 = require("path");
+
+// src/verifiers/policy.ts
+function shouldVerify(finding) {
+  if (finding.category === "stale-ref") return false;
+  if (finding.category === "budget") return false;
+  if (finding.category === "structure") return false;
+  if (finding.category === "dead-rule") return !finding.autoFixable;
+  if (finding.category === "contradiction") return true;
+  if (finding.category === "duplicate") {
+    return finding.severity === "warning" && !finding.autoFixable;
+  }
+  return false;
+}
+
+// src/verifiers/candidates.ts
+function findLineText(parsed, filePath, lineNumber) {
+  const sources = [
+    parsed.rootFile,
+    ...parsed.subFiles,
+    ...parsed.rules
+  ];
+  const file = sources.find((f) => f.path === filePath);
+  if (!file) return "";
+  const line = file.lines.find((l) => l.lineNumber === lineNumber);
+  return line?.text.trim() ?? "";
+}
+function ruleRef(parsed, filePath, lineNumber, projectRoot) {
+  return {
+    file: toRelative(filePath, projectRoot),
+    line: lineNumber,
+    text: findLineText(parsed, filePath, lineNumber)
+  };
+}
+function buildContext(finding, parsed, projectRoot) {
+  if (finding.category === "contradiction") {
+    const { fileA, lineA } = finding.messageParams ?? {};
+    if (!fileA || !lineA) return null;
+    return {
+      type: "contradiction",
+      ruleA: ruleRef(parsed, fileA, Number(lineA), projectRoot),
+      ruleB: ruleRef(parsed, finding.file, finding.line ?? 0, projectRoot)
+    };
+  }
+  if (finding.category === "duplicate") {
+    const { otherFile, otherLine } = finding.messageParams ?? {};
+    if (!otherFile || !otherLine) return null;
+    return {
+      type: "duplicate",
+      ruleA: ruleRef(parsed, otherFile, Number(otherLine), projectRoot),
+      ruleB: ruleRef(parsed, finding.file, finding.line ?? 0, projectRoot)
+    };
+  }
+  return null;
+}
+function hashFinding(finding) {
+  const key = `${finding.category}:${finding.file}:${finding.line ?? 0}:${finding.messageKey}`;
+  return (0, import_crypto.createHash)("sha256").update(key).digest("hex").slice(0, 12);
+}
+var QUESTIONS = {
+  contradiction: {
+    en: 'Do rules A and B actually contradict each other in practice? A real contradiction means a developer following both rules would be forced to violate one of them. Respond with JSON only: {"verdict":"confirmed"|"rejected"|"uncertain","reason":"<\u226420 words>"}',
+    "zh-TW": '\u898F\u5247 A \u548C\u898F\u5247 B \u5728\u5BE6\u969B\u958B\u767C\u4E2D\u771F\u7684\u76F8\u4E92\u77DB\u76FE\u55CE\uFF1F\u771F\u6B63\u7684\u77DB\u76FE\u662F\u6307\uFF1A\u540C\u6642\u9075\u5B88\u5169\u689D\u898F\u5247\u5728\u67D0\u4E9B\u60C5\u5883\u4E0B\u662F\u4E0D\u53EF\u80FD\u7684\u3002\u50C5\u7528 JSON \u56DE\u7B54\uFF1A{"verdict":"confirmed"|"rejected"|"uncertain","reason":"<20 \u5B57\u4EE5\u5167>"}'
+  },
+  duplicate: {
+    en: 'Are rules A and B true semantic duplicates \u2014 do they say the same thing in different words, such that keeping both adds no value? Respond with JSON only: {"verdict":"confirmed"|"rejected"|"uncertain","reason":"<\u226420 words>"}',
+    "zh-TW": '\u898F\u5247 A \u548C\u898F\u5247 B \u5728\u8A9E\u610F\u4E0A\u771F\u7684\u662F\u91CD\u8907\u7684\u55CE\u2014\u2014\u7528\u4E0D\u540C\u7684\u63AA\u8FAD\u8AAA\u540C\u4E00\u4EF6\u4E8B\uFF0C\u4FDD\u7559\u5169\u689D\u6BEB\u7121\u984D\u5916\u50F9\u503C\uFF1F\u50C5\u7528 JSON \u56DE\u7B54\uFF1A{"verdict":"confirmed"|"rejected"|"uncertain","reason":"<20 \u5B57\u4EE5\u5167>"}'
+  }
+};
+function questionFor(category, locale) {
+  const lang = locale === "zh-TW" ? "zh-TW" : "en";
+  const question = QUESTIONS[category]?.[lang] ?? QUESTIONS[category]?.["en"];
+  if (!question) {
+    process.stderr.write(
+      `[instrlint] Warning: no verification question for category "${category}", skipping
+`
+    );
+    return "";
+  }
+  return question;
+}
+function toRelative(filePath, projectRoot) {
+  const rel = (0, import_path9.relative)(projectRoot, filePath);
+  return rel.startsWith("..") ? filePath : rel;
+}
+function normalizeFilePaths(finding, projectRoot) {
+  const normalized = {
+    ...finding,
+    file: toRelative(finding.file, projectRoot)
+  };
+  if (normalized.messageParams) {
+    const params = { ...normalized.messageParams };
+    if (params["fileA"])
+      params["fileA"] = toRelative(params["fileA"], projectRoot);
+    if (params["otherFile"])
+      params["otherFile"] = toRelative(params["otherFile"], projectRoot);
+    normalized.messageParams = params;
+  }
+  return normalized;
+}
+function buildCandidates(findings, parsed, projectRoot, locale) {
+  const candidates = [];
+  for (const finding of findings) {
+    if (!shouldVerify(finding)) continue;
+    const context = buildContext(finding, parsed, projectRoot);
+    if (!context) continue;
+    candidates.push({
+      id: hashFinding(finding),
+      category: finding.category,
+      question: questionFor(finding.category, locale),
+      context,
+      originalFinding: normalizeFilePaths(finding, projectRoot)
+    });
+  }
+  return {
+    version: 1,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    projectRoot,
+    candidates
+  };
+}
+
+// src/verifiers/verdicts.ts
+var import_fs11 = require("fs");
+function applyVerdicts(findings, verdictsFile) {
+  const verdictMap = new Map(verdictsFile.verdicts.map((v) => [v.id, v]));
+  const withVerdicts = findings.map((f) => {
+    const verdict = verdictMap.get(hashFinding(f));
+    if (!verdict) return f;
+    return {
+      ...f,
+      verification: { verdict: verdict.verdict, reason: verdict.reason }
+    };
+  });
+  const kept = withVerdicts.filter(
+    (f) => f.verification?.verdict !== "rejected"
+  );
+  const rejectedCount = withVerdicts.length - kept.length;
+  return { findings: kept, rejectedCount };
+}
+function loadVerdictsFile(filePath) {
+  let raw;
+  try {
+    raw = (0, import_fs11.readFileSync)(filePath, "utf8");
+  } catch {
+    throw new Error(
+      `Cannot read verdicts file: ${filePath}
+Run instrlint --emit-candidates first, then ask the host LLM to write verdicts.`
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(`verdicts.json is not valid JSON: ${filePath}`);
+  }
+  const obj = parsed;
+  if (typeof parsed !== "object" || parsed === null || obj["version"] !== 1 || !Array.isArray(obj["verdicts"])) {
+    throw new Error(
+      `verdicts.json has unexpected format (expected {version:1, verdicts:[...]}): ${filePath}`
+    );
+  }
+  const VALID_VERDICTS = /* @__PURE__ */ new Set(["confirmed", "rejected", "uncertain"]);
+  const MAX_REASON_LENGTH = 500;
+  for (const v of obj["verdicts"]) {
+    if (typeof v !== "object" || v === null) {
+      throw new Error(`verdicts.json: each verdict must be an object`);
+    }
+    const item = v;
+    if (typeof item["id"] !== "string" || item["id"].length === 0) {
+      throw new Error(`verdicts.json: verdict missing string "id"`);
+    }
+    if (!VALID_VERDICTS.has(item["verdict"])) {
+      throw new Error(
+        `verdicts.json: invalid verdict "${item["verdict"]}" for id "${item["id"]}" (must be confirmed|rejected|uncertain)`
+      );
+    }
+    if (typeof item["reason"] !== "string") {
+      throw new Error(
+        `verdicts.json: verdict "${item["id"]}" missing string "reason"`
+      );
+    }
+    if (item["reason"].length > MAX_REASON_LENGTH) {
+      throw new Error(
+        `verdicts.json: verdict "${item["id"]}" reason exceeds ${MAX_REASON_LENGTH} characters`
+      );
+    }
+  }
+  return parsed;
+}
+
+// src/commands/install-command.ts
+var import_fs12 = require("fs");
+var import_path10 = require("path");
 var import_os2 = require("os");
 var import_url2 = require("url");
 function resolveSkillFile(target) {
@@ -2479,15 +2701,15 @@ function resolveSkillFile(target) {
   const subDir = target === "claude-code" ? "claude-code" : "codex";
   for (const levels of [2, 3]) {
     const parts = Array(levels).fill("..");
-    const candidate = (0, import_path9.join)(thisFile, ...parts, "skills", subDir, "SKILL.md");
-    if ((0, import_fs11.existsSync)(candidate)) return candidate;
+    const candidate = (0, import_path10.join)(thisFile, ...parts, "skills", subDir, "SKILL.md");
+    if ((0, import_fs12.existsSync)(candidate)) return candidate;
   }
-  return (0, import_path9.join)(thisFile, "..", "..", "skills", subDir, "SKILL.md");
+  return (0, import_path10.join)(thisFile, "..", "..", "skills", subDir, "SKILL.md");
 }
 function readSkillContent(target) {
   const skillPath = resolveSkillFile(target);
   try {
-    const raw = (0, import_fs11.readFileSync)(skillPath, "utf8");
+    const raw = (0, import_fs12.readFileSync)(skillPath, "utf8");
     return injectVersion(raw, CURRENT_VERSION);
   } catch {
     throw new Error(
@@ -2496,26 +2718,26 @@ function readSkillContent(target) {
   }
 }
 function installClaudeCode(content, projectRoot, isProject, force, output) {
-  const targetDir = isProject ? (0, import_path9.join)(projectRoot, ".claude", "commands") : (0, import_path9.join)((0, import_os2.homedir)(), ".claude", "commands");
-  const targetPath = (0, import_path9.join)(targetDir, "instrlint.md");
-  if ((0, import_fs11.existsSync)(targetPath) && !force) {
+  const targetDir = isProject ? (0, import_path10.join)(projectRoot, ".claude", "commands") : (0, import_path10.join)((0, import_os2.homedir)(), ".claude", "commands");
+  const targetPath = (0, import_path10.join)(targetDir, "instrlint.md");
+  if ((0, import_fs12.existsSync)(targetPath) && !force) {
     output.error(t("install.alreadyExists", { path: targetPath }));
     return { exitCode: 1, errorMessage: "file already exists" };
   }
-  (0, import_fs11.mkdirSync)(targetDir, { recursive: true });
-  (0, import_fs11.writeFileSync)(targetPath, content, "utf8");
+  (0, import_fs12.mkdirSync)(targetDir, { recursive: true });
+  (0, import_fs12.writeFileSync)(targetPath, content, "utf8");
   output.log(t("install.installed", { path: targetPath }));
   return { exitCode: 0 };
 }
 function installCodex(content, projectRoot, force, output) {
-  const targetDir = (0, import_path9.join)(projectRoot, ".agents", "skills", "instrlint");
-  const targetPath = (0, import_path9.join)(targetDir, "SKILL.md");
-  if ((0, import_fs11.existsSync)(targetPath) && !force) {
+  const targetDir = (0, import_path10.join)(projectRoot, ".agents", "skills", "instrlint");
+  const targetPath = (0, import_path10.join)(targetDir, "SKILL.md");
+  if ((0, import_fs12.existsSync)(targetPath) && !force) {
     output.error(t("install.alreadyExists", { path: targetPath }));
     return { exitCode: 1, errorMessage: "file already exists" };
   }
-  (0, import_fs11.mkdirSync)(targetDir, { recursive: true });
-  (0, import_fs11.writeFileSync)(targetPath, content, "utf8");
+  (0, import_fs12.mkdirSync)(targetDir, { recursive: true });
+  (0, import_fs12.writeFileSync)(targetPath, content, "utf8");
   output.log(t("install.installed", { path: targetPath }));
   return { exitCode: 0 };
 }
@@ -2574,10 +2796,30 @@ async function runAll(opts, output = console) {
     output.error(t("error.missingRootFile", { tool: scan.tool }));
     return { exitCode: 1, errorMessage: "missing root file" };
   }
+  if (opts.fix && opts.emitCandidates) {
+    output.error("--fix and --emit-candidates cannot be used together");
+    return {
+      exitCode: 1,
+      errorMessage: "--fix and --emit-candidates conflict"
+    };
+  }
   if (opts.fix && !opts.force && !isGitClean(projectRoot)) {
     output.error(t("error.dirtyWorkingTree"));
     return { exitCode: 1, errorMessage: "dirty working tree" };
   }
+  if (opts.emitCandidates) {
+    const resolved = (0, import_path11.resolve)(opts.emitCandidates);
+    const rel = (0, import_path11.relative)(projectRoot, resolved);
+    if (rel.startsWith("..")) {
+      output.error(
+        `--emit-candidates path must be within the project directory: ${opts.emitCandidates}`
+      );
+      return {
+        exitCode: 1,
+        errorMessage: "emit-candidates path outside project"
+      };
+    }
+  }
   const instructions = loadProject(projectRoot, scan.tool);
   const { findings: budgetFindings, summary } = analyzeBudget(instructions);
   const { findings: deadRuleFindings } = analyzeDeadRules(
@@ -2588,15 +2830,40 @@ async function runAll(opts, output = console) {
     instructions,
     projectRoot
   );
-  const allFindings = [
+  let allFindings = [
     ...budgetFindings,
     ...deadRuleFindings,
     ...structureFindings
   ];
+  if (opts.emitCandidates) {
+    const candidatesFile = buildCandidates(
+      allFindings,
+      instructions,
+      projectRoot,
+      getLocale()
+    );
+    (0, import_fs13.writeFileSync)(opts.emitCandidates, JSON.stringify(candidatesFile, null, 2));
+    if (opts.skipReport) return { exitCode: 0 };
+  }
+  let rejectedByVerification;
+  if (opts.applyVerdicts) {
+    try {
+      const verdictsFile = loadVerdictsFile(opts.applyVerdicts);
+      const result = applyVerdicts(
+        allFindings,
+        verdictsFile
+      );
+      allFindings = result.findings;
+      rejectedByVerification = result.rejectedCount > 0 ? result.rejectedCount : void 0;
+    } catch (err) {
+      output.error(err instanceof Error ? err.message : String(err));
+      return { exitCode: 1, errorMessage: "failed to apply verdicts" };
+    }
+  }
   const { score, grade } = calculateScore(allFindings, summary);
   const actionPlan = buildActionPlan(allFindings);
   const report = {
-    project: (0, import_path10.basename)(projectRoot),
+    project: (0, import_path11.basename)(projectRoot),
     tool: instructions.tool,
     score,
     grade,
@@ -2604,7 +2871,8 @@ async function runAll(opts, output = console) {
     tokenMethod: summary.tokenMethod,
     findings: allFindings,
     budget: summary,
-    actionPlan
+    actionPlan,
+    ...rejectedByVerification !== void 0 ? { rejectedByVerification } : {}
   };
   if (opts.fix) {
     const suggestions = buildStructureSuggestions(allFindings);
@@ -2685,7 +2953,7 @@ async function runAll(opts, output = console) {
   return { exitCode: 0 };
 }
 function promptYesNo(question) {
-  return new Promise((resolve) => {
+  return new Promise((resolve2) => {
     const rl = (0, import_readline.createInterface)({
       input: process.stdin,
       output: process.stdout
@@ -2693,7 +2961,7 @@ function promptYesNo(question) {
     rl.question(`${question} ${import_chalk4.default.gray("[Y/n]")} `, (answer) => {
       rl.close();
       const trimmed = answer.trim().toLowerCase();
-      resolve(trimmed === "" || trimmed === "y");
+      resolve2(trimmed === "" || trimmed === "y");
     });
   });
 }
@@ -2857,8 +3125,8 @@ async function runStructure(opts, output = console) {
 }
 
 // src/commands/ci-command.ts
-var import_fs12 = require("fs");
-var import_path11 = require("path");
+var import_fs14 = require("fs");
+var import_path12 = require("path");
 
 // src/reporters/sarif.ts
 function severityToLevel(severity) {
@@ -2964,7 +3232,7 @@ async function runCi(opts, output = console) {
   const { score, grade } = calculateScore(allFindings, summary);
   const actionPlan = buildActionPlan(allFindings);
   const report = {
-    project: (0, import_path11.basename)(projectRoot),
+    project: (0, import_path12.basename)(projectRoot),
     tool: instructions.tool,
     score,
     grade,
@@ -2985,7 +3253,7 @@ async function runCi(opts, output = console) {
     formatted = reportJson(report);
   }
   if (opts.output != null) {
-    (0, import_fs12.writeFileSync)(opts.output, formatted, "utf8");
+    (0, import_fs14.writeFileSync)(opts.output, formatted, "utf8");
     const pass = !shouldFail(allFindings, failOn);
     const statusKey = pass ? "ci.passed" : "ci.failed";
     output.error(
@@ -2999,8 +3267,8 @@ async function runCi(opts, output = console) {
 }
 
 // src/commands/init-ci-command.ts
-var import_fs13 = require("fs");
-var import_path12 = require("path");
+var import_fs15 = require("fs");
+var import_path13 = require("path");
 function githubWorkflow() {
   return `name: instrlint
 
@@ -3069,14 +3337,14 @@ instrlint:
 function runInitCi(opts, output = console) {
   const projectRoot = opts.projectRoot ?? process.cwd();
   if (opts.github) {
-    const workflowDir = (0, import_path12.join)(projectRoot, ".github", "workflows");
-    const workflowPath = (0, import_path12.join)(workflowDir, "instrlint.yml");
-    if ((0, import_fs13.existsSync)(workflowPath) && !opts.force) {
+    const workflowDir = (0, import_path13.join)(projectRoot, ".github", "workflows");
+    const workflowPath = (0, import_path13.join)(workflowDir, "instrlint.yml");
+    if ((0, import_fs15.existsSync)(workflowPath) && !opts.force) {
       output.error(t("initCi.alreadyExists", { path: workflowPath }));
       return { exitCode: 1, errorMessage: "file already exists" };
     }
-    (0, import_fs13.mkdirSync)(workflowDir, { recursive: true });
-    (0, import_fs13.writeFileSync)(workflowPath, githubWorkflow(), "utf8");
+    (0, import_fs15.mkdirSync)(workflowDir, { recursive: true });
+    (0, import_fs15.writeFileSync)(workflowPath, githubWorkflow(), "utf8");
     output.log(t("initCi.created", { path: workflowPath }));
     return { exitCode: 0 };
   }
@@ -3096,7 +3364,16 @@ program.enablePositionalOptions().name("instrlint").description(
   "--format <type>",
   "output format (terminal|json|markdown)",
   "terminal"
-).option("--lang <locale>", "output language (en|zh-TW)", "en").option("--tool <name>", "force tool detection (claude-code|codex|cursor)").option("--fix", "auto-fix safe issues (dead rules, stale refs, dupes)").option("--force", "skip git clean check when using --fix").action(async function() {
+).option("--lang <locale>", "output language (en|zh-TW)", "en").option("--tool <name>", "force tool detection (claude-code|codex|cursor)").option("--fix", "auto-fix safe issues (dead rules, stale refs, dupes)").option("--force", "skip git clean check when using --fix").option(
+  "--emit-candidates <path>",
+  "write low-confidence findings as candidates JSON for host LLM verification"
+).option(
+  "--apply-verdicts <path>",
+  "apply host LLM verdicts from JSON file to the report"
+).option(
+  "--skip-report",
+  "suppress terminal output (use with --emit-candidates)"
+).action(async function() {
   const opts = this.opts();
   const result = await runAll(opts);
   if (result.exitCode !== 0) process.exit(result.exitCode);