pi-lens 3.8.51 → 3.8.53

package/CHANGELOG.md

@@ -2,6 +2,68 @@
 
 All notable changes to pi-lens will be documented in this file.
 
+## [Unreleased]
+
+## [3.8.53] - 2026-06-16
+
+### Added
+
+- **ktfmt wired as a config-gated Kotlin formatter + safe autofix (closes #129)** — projects that use [ktfmt](https://github.com/facebook/ktfmt) (Facebook's opinionated, gofmt-style Kotlin formatter) now get real formatting support. ktfmt is a *pure formatter* (no lint rules), so it's wired only where that fits: as a **formatter** (`getFormattersForFile` → `ktfmtFormatter`, in-place) and a **safe pipeline autofix** (`runAutofix` → `tryKtfmtFix`), **not** as a lint runner — a "not formatted" nag would be redundant with the autofix pass (unlike shfmt, which has no autofix). Both are **config-first**: ktfmt activates only when the project opts in (a `.ktfmt`/`.ktfmt.kts` marker or the ktfmt gradle plugin in `build.gradle{.kts}`, via `hasKtfmtConfig`). When opted in, ktfmt **replaces ktlint** for formatting (the lint policy drops ktlint from `preferredRunners` so its style suggestions don't conflict with ktfmt's output); detekt's *semantic* lint is unaffected. Installs via the new maven-JAR strategy. Validated end-to-end on the dev box through the harness `--format` and `--autofix` layers (ktfmt reformats + applies a fix). Guards: `formatters.test.ts` (ktfmt wins over the ktlint default when opted in), `tool-policy.test.ts` (lint suppresses ktlint / autofix selects ktfmt + `hasKtfmtConfig` detection), and the `autofix-policy-consistency` gate-match. _(Follow-up filed: re-evaluate ktlint's default lint runner now that ktlint is itself a safe autofix — the same redundancy question applies to pure-formatter-linters generally.)_
+
+- **Maven-JAR auto-install strategy (refs #129)** — the installer gained a `maven` strategy alongside npm/pip/gem/github: it downloads a runnable fat JAR from Maven Central into the managed bin and writes a `java -jar` launcher next to it, so the tool resolves like any managed binary (gated on a JRE). First consumer registered: **ktfmt** (`com.facebook:ktfmt:0.63:with-dependencies`) — verified end-to-end on the dev box (`ensureTool("ktfmt")` → launcher → `ktfmt --version`). Unblocks JVM-ecosystem tools that ship only as Maven JARs (ktfmt, google-java-format, SpotBugs). Guard: a `maven`-strategy install-contract case in `tool-registry-consistency.test.ts`.
+
+- **Upgrade `vscode-jsonrpc` 8 → 9 (the LSP JSON-RPC transport)** — v9 introduced an `exports` map exposing the Node entry as the `./node` subpath, so the old `vscode-jsonrpc/node.js` file-path import no longer resolves (TS2307). Migrated the one import in `clients/lsp/client.ts` to `vscode-jsonrpc/node`; the API (`createMessageConnection`/`StreamMessageReader`/`StreamMessageWriter`/`MessageConnection`) and the internal `lib/node/ril.js` the error-classifier heuristic checks are unchanged. Verified with a live LSP initialize handshake. Supersedes the lockfile-only dependabot bump, which couldn't carry the required code change (closes #183).
+
+- **Pipeline safe-autofix expanded to golangci-lint, detekt, markdownlint, oxlint (refs #209)** — four more fixable linters now apply their safe `--fix`/`--auto-correct` in the pipeline's autofix phase, each gated to **match its lint-policy strategy**: golangci-lint (Go, config-first — closes the gap where Go had no pipeline autofix), detekt (Kotlin, config-first — an alternative to the Windows-broken ktlint #218), markdownlint (smart-default), and oxlint (JS/TS, config-gated, mirroring the eslint→oxlint→biome lint precedence). Added to `AUTOFIX_CAPABILITIES` + `getAutofixPolicyForFile`. A new guard, `autofix-policy-consistency.test.ts`, locks the three hand-coded policy maps together — every autofix-selectable tool must be capability-declared and reachable, and each language's autofix gate must match its lint gate (catching config-first↔smart-default drift; it already caught an oxlint mismatch).
+
+- **Tool-smoke harness gained an `--autofix` layer covering the pipeline's safe-autofix phase (refs #209)** — the safe-autofix phase (`runAutofix`, what `runPipeline` invokes) applies fixable linters in fix mode gated by the autofix policy. It **mutates files**, yet was exercised by neither the lint layer (lint-only) nor `--format` (formatters) — the highest-stakes path with no live coverage. `node scripts/smoke-tools.mjs --autofix` drives that exact phase per fixture (a safely-autofixable violation) and asserts the expected tool was policy-selected and applied a fix (`fixedCount > 0`, file changed). Validated end-to-end on the dev box for 11 tools: ruff (F401), biome (useConst), rubocop (spacing), sqlfluff (LT01), rust-clippy (needless_return), dart-analyze (prefer_const_declarations), stylelint (color-hex-length), eslint (semi), golangci-lint (gofmt), markdownlint (MD009), oxlint (no-var). ktlint is blocked by the Windows install bug (#218); detekt is wired + consistency-tested but live-validation needs the detekt CLI + formatting plugin (CI-deferred). `runAutofix` is now exported; the harness git-inits each autofix workspace so VCS-gated fixers (cargo fix) run as they would in a real repo.
+
+- **Tool-smoke harness gained a `--format` layer covering the formatter pipeline (refs #209)** — formatters are a wholly separate subsystem (`getFormattersForFile` → `formatFile`, what `runFormatPhase` drives) that the lint-dispatch path the harness exercised never touched, so the formatters had zero live coverage despite mutating files in place (a silently-broken formatter is higher-stakes than a missed lint). `node scripts/smoke-tools.mjs --format` drives that exact entry per fixture: it asserts the expected formatter is **selected** for the file (config-gated formatters ship the config their `detect()` needs — `.prettierrc` / `gleam.toml` / `Gemfile` / `pyproject.toml [tool.black]` / `.cmake-format.yaml`) and that running it actually **reformats** a deliberately mis-formatted-but-valid fixture (`changed === true`). Now covers **28 of the 31 supported formatters** across 32 fixtures, all validated end-to-end on the dev box: biome, prettier, ruff, black, taplo, shfmt, gofmt, rustfmt, dart, zig, mix, gleam, rubocop, standardrb, sqlfluff, csharpier, terraform, fantomas, psscriptanalyzer-format, cmake-format, oxfmt, stylua, ormolu, cljfmt, php-cs-fixer, google-java-format, clang-format (+ ktlint, which the layer caught broken on Windows → #218). Config-gated formatters ship the config their `detect()` requires (stylua.toml / .cljfmt.edn / .php-cs-fixer.php / .editorconfig / Gemfile / pyproject.toml). The remaining 3 — nixfmt, ocamlformat, swiftformat — have no usable Windows toolchain (Nix/opam/Swift) and are left for nightly-CI. Wired into the nightly workflow alongside the tool and `--lsp` layers. (Note: the nightly run exercises whichever formatter tools it can install on the runner; standalone-binary formatters not auto-installed by pi-lens report ⚠ until a setup step is added.)
+
+- **Tool-smoke harness now covers eight more toolchain-gated languages (refs #209)** — added live fixtures + harness entries for `zig` (zig-check), `java` (javac), `dart` (dart-analyze), `php` (php-lint), `ruby` (rubocop), `kotlin` (ktlint), `gleam` (gleam-check), and `elixir` (elixir-check), all **validated end-to-end on the Windows dev box** after installing the toolchains (JDK 21, Dart, Ruby 3.4 + MSYS2 devkit, Gleam, Zig, PHP 8.4, Erlang/OTP 29 + Elixir 1.20.1). Each produced a parseable diagnostic on its fixture's known defect. The gleam fixture is a minimal package (`gleam.toml` + `src/`) since `gleam check` compiles the whole project. This batch surfaced two genuinely-broken runners (see Fixed: #215, #216) — exactly the regression class the harness exists to catch.
+
+- **Tool-smoke harness language expansion + LSP-install gap fix (refs #209)** — the dispatch tool-smoke fixtures now also install each kind's LSP server (not just the linter), so the lsp runner no longer spuriously `server_error`s for want of an uninstalled server. Added fixtures: `terraform` (tflint tool + terraform-ls LSP, both standalone); toolchain-gated `go` (go-vet), `powershell` (PSScriptAnalyzer), `rust` (rust-clippy tool + rust-analyzer LSP), and `csharp` (dotnet-build) — all four verified end-to-end on this box (Go/Rust/.NET/PowerShell toolchains present; rust-clippy → clippy::len_zero, dotnet-build → CS0029); plus LSP-handshake fixtures for `prisma` (@prisma/language-server — 2 diagnostics) and `php` (intelephense). Confirms the fallback→all fix end-to-end: terraform runs `lsp + tflint` together. The go fixture surfaced #214 (go-vet returns 0 diagnostics in dispatch though `go vet` reports them manually). Harness `--verbose` now prints each failed runner's `failureKind`/message so found-errors aren't misread as crashes.
+
+- **LSP handshake layer in the tool-smoke harness (refs #209)** — `scripts/smoke-tools.mjs --lsp` drives the **same production entry the lsp runner uses** (`LSPService.touchFile`, with a generous cold-spawn budget) for each LSP fixture, so a pass means the real server installed, spawned, completed the JSON-RPC initialize handshake, and replied — not a hand-rolled handshake (the trap that false-failed typescript in the dropped smoke-lsp). Verified end-to-end for typescript-language-server, pyright, yaml-language-server, vscode-json-language-server, and bash-language-server (all handshook; yaml/json returned diagnostics). Shares the harness's startup temp-sweep and tears down spawned servers via `LSPService.shutdown()`.
+
+### Fixed
+
+- **CI: `tool-discovery.test.ts` is now hermetic — no real GitHub-API fetch** — the `ensureTool force-reinstall` tests asserted on a post-download spawn, which required `installTool`'s real `node:https` GitHub-release fetch; in restricted CI (notably **dependabot PRs**) that fetch fails → 0 spawns → flaky red. `node:https` is now mocked (records the fetch, fails deterministically) and the test asserts the fetch was *attempted* (proves installTool was reached) rather than a network-dependent spawn.
+
+- **LSP launch no longer logs scary "candidate failed / npm shim failed / Run npm install" lines when a later candidate succeeds** — `resolveAndLaunch` tries candidates in order (local `node_modules/.bin` → global PATH → managed install); each failure was logged immediately, so the common "no local install, fall back to global" path flooded the logs with failure lines that read as an LSP-availability smell even though the server launched fine. Failures are now **deferred** and surfaced only when *all* candidates fail (the all-failed case stays fully diagnosable). Guard: `resolve-and-launch-fallback.test.ts`.
+
+- **ktlint now works on Windows — installer fetches the jar alongside ktlint.bat (closes #218)** — ktlint's Windows asset is `ktlint.bat`, a wrapper that runs `java -jar %~dp0ktlint`; the installer fetched only the `.bat`, so every invocation failed `Unable to access jarfile` (and the lint runner masked it — the error text became a fallback diagnostic that looked like a finding). The github install strategy gained an optional `extraAssets` hook; ktlint declares `["ktlint"]` (the jar) on win32, so both files now land in the managed bin. Verified end-to-end on Windows: ktlint lint emits real diagnostics and ktlint format (`-F`) reformats. Guards in `tool-registry-consistency.test.ts`: any win32 `.bat`/`.cmd` wrapper asset must declare `extraAssets`, plus a ktlint-specific check.
+
+- **shfmt no longer nags on every unformatted shell write (closes #211)** — the shfmt runner reported a "not formatted" warning against shfmt's built-in defaults on every `.sh` write, even when the project never opted into shfmt formatting. The format-diff *warning* is now gated on a `.editorconfig` (shfmt's only config source) — out of the box shfmt reports only genuine **parse errors** (always-on, blocking); the formatting warning appears once a project opts in via `.editorconfig`. Guard: `shfmt.test.ts`.
+
+- **shellcheck now surfaces `info`-level findings like SC2086 (closes #213)** — with no `.shellcheckrc`, the runner forced `--severity warning`, which dropped `info` findings entirely — including SC2086 (double-quote-to-prevent-globbing), a high-value, commonly-relevant check. Default is now `--severity info` (surfaces SC2086-class findings, mapped non-blocking) while still excluding pure `style` rules to limit noise; projects opt into `style` via `.shellcheckrc`. Guard updated in `shellcheck.test.ts`.
+
+- **markdownlint produced 0 diagnostics — parser didn't match modern markdownlint-cli2 output (closes #212)** — `parseMarkdownlintOutput`'s regex expected the rule code immediately after `line[:col]`, but markdownlint-cli2 now emits a **severity token** (`error`/`warning`) in between (`file:1:1 error MD018/… msg`), and some rules carry **multiple** slash-separated names (`MD041/first-line-heading/first-line-h1`). Both made the regex miss every line → silent "succeeded, 0 diagnostics". The severity token is now optional (older/relative output still parses) and multi-segment rule codes are handled. (The issue's original "Windows abs-path glob" diagnosis was wrong — the file lints fine; the parser was the culprit, on every platform with current cli2.) Guard: a markdownlint-cli2-format case in `markdownlint-fixable.test.ts`.
+
+- **ESLint autofix never applied fixes — keyed on `fixableErrorCount` from `--fix-dry-run` (closes #220)** — the pipeline's safe-autofix phase (`tryEslintFix`) ran `eslint --fix-dry-run --format json` and decided whether to apply fixes by summing `fixableErrorCount` + `fixableWarningCount`. But `--fix-dry-run` reports the **post-fix** state: when every problem is auto-fixable (the common case), ESLint clears `messages`, sets `fixableErrorCount: 0`, and puts the fixed source in the **`output`** field — so the count was 0 and eslint fixes were **never applied**. Now also treats a dry-run `output` field as a fix signal (apply `--fix` when `fixableCount > 0` *or* any result carries `output`). Guard: `pipeline-eslint-autofix.test.ts`. Found by the #209 `--autofix` layer (eslint v10.5.0).
+
+- **`zig-check` never ran: availability probe used `zig --version`, which zig rejects (closes #215)** — the shared `createAvailabilityChecker` hard-coded a `--version` probe, but zig's version subcommand is `zig version` (`zig --version` → `error: unknown command: --version`, exit 1). So the probe always failed and zig-check silently skipped on **every** machine with zig installed. `createAvailabilityChecker` now takes an optional `versionArgs` (default `["--version"]`); zig-check passes `["version"]`. Guard: `runner-helpers.test.ts` asserts the override reaches the spawn. Found by the #209 harness (zig 0.16.0 reported `skipped` despite being on PATH).
+
+- **`elixir-check` silently dropped all diagnostics on modern Elixir (closes #216)** — `parseElixirOutput` only understood the legacy diagnostic format, so on Elixir 1.16+ the runner was a no-op. Two bugs: (1) Elixir 1.16+ emits a multi-line "code snippet" format with the location on a trailing `└─ path:line:col` line, several lines after the `error:`/`warning:` header — the parser now forward-scans to that footer while keeping legacy support; (2) `elixirc` reports paths **relative to its cwd**, but the parser resolved them against `process.cwd()` instead of the runner cwd (and compared case-sensitively, breaking on Windows' lowercased drive letter) — `parseElixirOutput` now takes `cwd`, resolves against it, and matches case-insensitively on win32. Guard: `elixir-parser.test.ts` (modern error/warning, cwd-relative paths, legacy format, win32 drive-case). Found by the #209 harness (Elixir 1.20.1/OTP 29 ran clean but produced 0 diagnostics on a known compile error).
+
+- **Windows: tools whose path contains a space now run (closes #214)** — `safeSpawnAsync`'s Windows `shell:true` path built the cmd.exe string by escaping only the **args**, not the command, so a tool resolved under a spaced path — e.g. Go at `C:\Program Files\Go\bin\go.exe` — made cmd.exe parse `C:\Program` as the command and fail with `'C:\Program' is not recognized`. This silently broke **any** such tool on Windows (npm/.pi-lens tool paths have no spaces, so it stayed hidden; the #209 harness exposed it via go-vet returning 0 diagnostics). The command is now escaped like the args (`buildWindowsShellCommand`, extracted + unit-tested); `cmdEscapeArg` is a no-op for space-free commands so the previously-working paths are unchanged. Found by the #209 tool-smoke harness; go-vet now reports diagnostics through dispatch.
+
+- **`smart-default` linters no longer suppressed by the LSP in fallback dispatch groups (refs #209)** — the primary dispatch group for css/yaml/html/docker/toml/ruby/kotlin paired the `lsp` runner with the language's dedicated linter under `mode:"fallback"`, where the first success wins. Once the language server installed and handshook (now reliable), the LSP succeeded and the linter was **silently suppressed** — dropping rules the generic LSP never emits (yamllint style, stylelint, hadolint best-practices, htmlhint, ktlint, rubocop, taplo). Those linters are classified `smart-default` in tool-policy (designed to run with built-in defaults), and `shell`/`fish`/`powershell`/`prisma` already pair LSP+linter via `mode:"all"` — so this was an inconsistency, not intent. All seven groups are now `mode:"all"`; LSP↔linter duplicate diagnostics remain handled by `suppressLintOverlapsWithLsp` + dedup. A new guard (`tests/clients/dispatch/lsp-linter-coverage.test.ts`) fails if any `smart-default` linter ever sits behind the `lsp` in a fallback group again. Type-checker/compiler fallbacks (jsts lsp+ts-lsp, python lsp+pyright, csharp lsp+dotnet-build, …) are intentionally left as fallback. Tool-smoke harness gained css/html/toml/sql/dockerfile fixtures (+ css/html/docker/toml LSP fixtures) confirming each linter now executes alongside its LSP.
+
+- **Wire `markdownlint` and `shfmt` into their dispatch plans — they were registered but never ran (refs #209)** — a new deterministic per-PR guard (`tests/clients/dispatch/dispatch-coverage.test.ts`) cross-checks every registered runner against the static plans (`TOOL_PLANS` ∪ `FULL_LINT_PLANS`) and fails if any runner is wired into no plan (the "markdownlint class": registered + installs + tested, but silently never dispatched) or if a plan references a phantom runner id. It immediately caught `markdownlint` (markdown's write group was only `["spellcheck","vale"]`, though its linter policy already preferred it) and `shfmt` (shell's group omitted it). Both are now in their plans, so `.md` writes get markdownlint structural lint and `.sh` writes get shfmt format-diff + parse-error checks (shfmt is check-only — never auto-applies). The live tool-smoke harness gained a `shell` fixture and confirms all three (markdownlint/shellcheck/shfmt) now execute through the real dispatch path.
+
+## [3.8.52] - 2026-06-14
+
+### Fixed
+
+- **read-guard: canonicalize path map keys — stops false `zero_read` blocks (closes #210)** — `ReadGuard` keyed its `reads`/`edits`/`exemptions` maps on the **raw** file-path string, relying on the read-path and edit-path strings being byte-for-byte identical. `resolveToolCallFilePath` returns absolute paths verbatim, so the key was whatever separator/casing the model emitted — and models freely mix `/` and `\` on Windows. The regression trigger: read-guard started recording reads from new sources that produce a *different* path form than the Edit tool — `ast_grep_search` matches (#169, slash-normalized from ast-grep output) and LSP-expanded synthetic reads (URI → forward slash). On Windows a file read via search/LSP got a `C:/…` key while the follow-up edit arrived `C:\…` → key miss → false `zero_read` ("Edit without read") despite the file having been read, repeatedly, in a real session (`pi-free`: reads logged `C:/…`, the blocking edit `C:\…`). Every map access now keys through `normalizeFilePath` (folds separators + Windows casing), so record and lookup always agree. **Why it slipped:** every read-guard test used the *same* POSIX path on both `recordRead` and `checkEdit`, so the raw keys always matched — no test exercised cross-separator/cross-source agreement. Closed by `tests/clients/read-guard-path-normalization.test.ts` (forward↔back-slash both directions, Windows case-folding, exemption parity, and a negative: a genuinely-unread file still blocks).
+
+### Added
+
+- **Live tool-smoke harness driving the real dispatch path (refs #209, layer 2)** — `scripts/smoke-tools.mjs` installs (via the real `ensureTool` auto-install) and runs each supported tool against a minimal real project per language (`tests/fixtures/tool-smoke/<lang>/`), driving pi-lens's **real** dispatch path so a smoke pass means the actual runner→spawn code worked (not a hand-rolled stand-in). Step 1 (default) asserts each target tool spawns and exits cleanly (no `timeout`/`exception`/`server_error`); Step 2 (`--step2`) additionally asserts a parseable diagnostic on the fixture's known defect. Per-runner truth comes from a new optional `onRunnerResult` sink threaded through `dispatchForFile`→`runGroup` (fires per executed runner with its exact `RunnerResult` incl. `failureKind`) exposed via `dispatchLintDetailed` — no duplication of dispatch's selection/gating. Opt-in/nightly (installs + spawns real tools), never a per-PR gate; not shipped in the npm tarball. Already surfaced a real wiring gap: `markdownlint` is registered (priority 30) and installs, but the markdown write-dispatch group is `["spellcheck","vale"]`, so it never runs on markdown writes.
+
+- **Deterministic auto-install registry-consistency guard (refs #209, layer 1)** — the live install→run net for every supported tool is expensive and environment-dependent (deferred to layer 2); this catches the cheap-to-catch class per-PR. A new `tests/clients/installer/tool-registry-consistency.test.ts` exports the previously-private `TOOLS` array and locks the **install contract** that `installTool` silently depends on: each `npm` entry declares `packageName`+`binaryName`, each `pip`/`gem` entry declares `packageName`, each `github` entry declares an `owner/repo` + `assetMatch` + `binaryName` and no `packageName` — a half-wired entry compiles fine today but just `return false`s at install time, so it "looks registered" while never installing. It also asserts ids are globally unique, `checkCommand`/`binaryName` are clean executable tokens, and every `github` tool's `assetMatch` is total/safe (never throws across the platform×arch matrix incl. unsupported platforms, resolves at least one combo, rejects freebsd/sunos/aix). **Fixed a coverage drift it surfaced:** `GITHUB_TOOLS` (the curated list the asset-matrix value-test iterates) had drifted to 9 of the 14 actual `github`-strategy tools, leaving `hadolint`, `gitleaks`, `taplo`, and `vale` asset selection **completely untested** — they're now in `GITHUB_TOOLS` (so the full matrix test covers them), and a bidirectional sync assertion keeps the list ≡ "github tools with full cross-platform coverage" going forward (`swiftlint` is intentionally excluded — no Windows asset).
+
 ## [3.8.51] - 2026-06-14
 
 ### Added

package/dist/clients/dispatch/dispatcher.js

@@ -389,7 +389,7 @@ export function formatLatencyReport(report) {
  * Groups themselves are run in parallel by dispatchForFile, so this
  * function must NOT mutate shared state.
  */
-async function runGroup(ctx, group, registry) {
+async function runGroup(ctx, group, registry, onRunnerResult) {
     const diagnostics = [];
     const latencies = [];
     let hadBlocker = false;
@@ -458,6 +458,7 @@ async function runGroup(ctx, group, registry) {
             continue;
         }
         const result = await runRunner(ctx, runner, semantic);
+        onRunnerResult?.(runnerId, result);
         const runnerEnd = Date.now();
         const duration = runnerEnd - runnerStart;
         latencies.push({
@@ -508,7 +509,7 @@ async function runGroup(ctx, group, registry) {
     return { diagnostics, latencies, hadBlocker };
 }
 // --- Main Dispatch Function ---
-export async function dispatchForFile(ctx, groups, registry) {
+export async function dispatchForFile(ctx, groups, registry, onRunnerResult) {
     const _overallStart = Date.now();
     if (ctx.fileRole === "generated") {
         return {
@@ -543,7 +544,7 @@ export async function dispatchForFile(ctx, groups, registry) {
     // each other's results. Within each group, mode:"fallback" semantics are
     // preserved (sequential first-success). Results are merged in original
     // group order so output is deterministic.
-    const groupResults = await Promise.all(groups.map((group) => runGroup(ctx, group, registry)));
+    const groupResults = await Promise.all(groups.map((group) => runGroup(ctx, group, registry, onRunnerResult)));
     // Count baseline warnings before filtering (for delta count display)
     const relativeKey = path.relative(ctx.cwd, ctx.filePath).replace(/\\/g, "/");
     const baselineAbsKey = `session.baseline.${normalizeMapKey(ctx.filePath)}`;

package/dist/clients/dispatch/integration.js

@@ -1030,6 +1030,44 @@ export async function dispatchLintWithResult(filePath, cwd, pi, modifiedRanges,
     }
     return result;
 }
+/**
+ * Same real dispatch path as {@link dispatchLintWithResult} (real context, real
+ * file-kind→runner selection, real `run()` → spawn → tool), but also returns
+ * each runner's exact `RunnerResult` (status + `failureKind` + diagnostics) via
+ * the `onRunnerResult` sink. The live tool-smoke harness (#209) uses this to
+ * assert each supported tool spawned and exited cleanly without re-implementing
+ * dispatch's selection/gating. Defaults to `blockingOnly: false` so every
+ * applicable runner (not just blocking ones) executes.
+ */
+export async function dispatchLintDetailed(filePath, cwd, pi, options) {
+    const empty = {
+        diagnostics: [],
+        blockers: [],
+        warnings: [],
+        baselineWarningCount: 0,
+        fixed: [],
+        resolvedCount: 0,
+        output: "",
+        blockerOutput: "",
+        hasBlockers: false,
+    };
+    const ctx = createDispatchContext(filePath, cwd, pi, sessionFacts, options?.blockingOnly ?? false, options?.modifiedRanges);
+    sessionFacts.clearFileFactsFor(ctx.filePath);
+    const kind = ctx.kind;
+    if (!kind)
+        return { result: empty, runners: [] };
+    const groups = withSemgrepGroup(kind, getDispatchGroupsForKind(kind, pi), ctx);
+    if (groups.length === 0)
+        return { result: empty, runners: [] };
+    const runners = [];
+    const sink = (runnerId, result) => {
+        runners.push({ runnerId, result });
+    };
+    await runProviders(ctx);
+    const result = await dispatchForFile(ctx, groups, sessionRunnerRegistry, sink);
+    trackSessionSlopStats(ctx, result.diagnostics);
+    return { result, runners };
+}
 /**
  * Check if a file should be processed by the dispatcher
  * based on the file kind

package/dist/clients/dispatch/plan.js

@@ -95,9 +95,10 @@ export const LANGUAGE_CAPABILITY_MATRIX = {
     },
     shell: {
         name: "Shell Script Linting",
-        capabilities: ["lint", "security"],
+        capabilities: ["lint", "security", "format"],
         writeGroups: [
             primary("shell"),
+            { mode: "all", runnerIds: ["shfmt"], filterKinds: ["shell"] },
             { mode: "all", runnerIds: ["fact-rules"], filterKinds: ["shell"] },
         ],
     },
@@ -109,7 +110,10 @@ export const LANGUAGE_CAPABILITY_MATRIX = {
     markdown: {
         name: "Markdown Processing",
         capabilities: ["docs", "format", "lint"],
-        writeGroups: [primary("markdown")],
+        writeGroups: [
+            primary("markdown"),
+            { mode: "all", runnerIds: ["markdownlint"], filterKinds: ["markdown"] },
+        ],
     },
     css: {
         name: "CSS Processing",

package/dist/clients/dispatch/runners/detekt.js

@@ -80,7 +80,7 @@ const DETEKT_FIXABLE_RULES = new Set([
     "UnusedPrivateClass",
     "RedundantVisibilityModifierRule",
 ]);
-function findDetektConfig(cwd) {
+export function findDetektConfig(cwd) {
     for (const candidate of DETEKT_CONFIG_CANDIDATES) {
         const full = path.join(cwd, candidate);
         if (fs.existsSync(full))

package/dist/clients/dispatch/runners/elixir-check.js

@@ -12,17 +12,48 @@ const elixirc = createAvailabilityChecker("elixirc", ".bat");
 function hasMixExs(cwd) {
     return fs.existsSync(path.join(cwd, "mix.exs"));
 }
-function parseElixirOutput(raw, filePath) {
+// Elixir 1.16+ emits diagnostics in a multi-line "code snippet" format where
+// the file:line:col lives on a trailing `└─ path:line:col` line, several lines
+// after the `error:`/`warning:` header:
+//
+//     warning: variable "x" is unused
+//     │
+//   3 │     x = 1
+//     │     ~
+//     │
+//     └─ lib/foo.ex:3:5: Foo.bar/0
+//
+// Older Elixir put the location on the line immediately after `warning:` and
+// reported compile errors as a single `** (Kind) path:line:col: message` line.
+// We support both so the runner works across toolchain versions.
+const ELIXIR_SNIPPET_LOCATION = /└─\s+(.+?):(\d+)(?::(\d+))?(?::|$)/;
+function parseElixirOutput(raw, filePath, cwd = process.cwd()) {
     const diagnostics = [];
+    const resolvedTarget = path.resolve(cwd, filePath);
     const lines = raw.split(/\r?\n/);
+    // elixirc reports paths RELATIVE to its cwd (e.g. `bad.ex`, not the absolute
+    // path we passed), so resolve the reported path against the runner cwd — not
+    // process.cwd(). Elixir 1.16+ also normalizes to a lowercase drive letter and
+    // forward slashes (`c:/...`), which never string-equals `C:\...` on Windows,
+    // so compare case-insensitively there.
+    const matchesTarget = (sourcePath) => {
+        const resolved = path.resolve(cwd, sourcePath.trim());
+        return process.platform === "win32"
+            ? resolved.toLowerCase() === resolvedTarget.toLowerCase()
+            : resolved === resolvedTarget;
+    };
     for (let index = 0; index < lines.length; index++) {
         const line = lines[index];
+        // Defense-in-depth: cap line length before regex matching. The input is
+        // trusted, bounded compiler output and the patterns have no exponential
+        // backtracking, but this bounds worst-case work regardless (ReDoS guard).
+        if (line.length > 2000)
+            continue;
+        // Legacy one-line compile error: ** (CompileError) path:line:col: message
         const syntax = line.match(/^\*\* \(([^)]+)\)\s+(.+?):(\d+):(?:(\d+):)?\s*(.+)$/);
         if (syntax) {
             const [, kind, sourcePath, lineStr, colStr, message] = syntax;
-            const resolvedSource = path.resolve(sourcePath.trim());
-            const resolvedTarget = path.resolve(filePath);
-            if (resolvedSource !== resolvedTarget)
+            if (!matchesTarget(sourcePath))
                 continue;
             diagnostics.push({
                 id: `elixir-check-${kind}-${lineStr}-${colStr || "1"}`,
@@ -38,27 +69,59 @@ function parseElixirOutput(raw, filePath) {
             });
             continue;
         }
-        const warning = line.match(/^warning:\s+(.+)$/);
-        if (!warning)
+        // error:/warning: header — may be bare (legacy) or indented (1.16+).
+        const header = line.match(/^\s*(error|warning):\s+(.+)$/);
+        if (!header)
+            continue;
+        const [, severityLabel, message] = header;
+        const severity = severityLabel === "error" ? "error" : "warning";
+        // New format: scan forward for the `└─ path:line:col` snippet footer.
+        let located = false;
+        for (let lookahead = index + 1; lookahead < lines.length && lookahead <= index + 12; lookahead++) {
+            const next = lines[lookahead];
+            // A blank gap or another header ends this diagnostic block.
+            if (/^\s*(error|warning):\s+/.test(next))
+                break;
+            const snippet = next.match(ELIXIR_SNIPPET_LOCATION);
+            if (snippet) {
+                const [, sourcePath, lineStr, colStr] = snippet;
+                if (matchesTarget(sourcePath)) {
+                    diagnostics.push({
+                        id: `elixir-check-${severity}-${lineStr}-${colStr || "1"}`,
+                        message: severity === "error" ? `[error] ${message.trim()}` : message.trim(),
+                        filePath,
+                        line: Number.parseInt(lineStr, 10) || 1,
+                        column: Number.parseInt(colStr || "1", 10) || 1,
+                        severity,
+                        semantic: severity === "error" ? "blocking" : "warning",
+                        tool: "elixir-check",
+                        rule: severity === "error" ? "error" : "warning",
+                        fixable: false,
+                    });
+                }
+                located = true;
+                break;
+            }
+        }
+        if (located)
             continue;
+        // Legacy format: location on the immediately following line.
         const location = lines[index + 1]?.match(/^\s+(.+?):(\d+):(?:(\d+):)?$/);
         if (!location)
             continue;
         const [, sourcePath, lineStr, colStr] = location;
-        const resolvedSource = path.resolve(sourcePath.trim());
-        const resolvedTarget = path.resolve(filePath);
-        if (resolvedSource !== resolvedTarget)
+        if (!matchesTarget(sourcePath))
             continue;
         diagnostics.push({
-            id: `elixir-check-warning-${lineStr}-${colStr || "1"}`,
-            message: warning[1].trim(),
+            id: `elixir-check-${severity}-${lineStr}-${colStr || "1"}`,
+            message: severity === "error" ? `[error] ${message.trim()}` : message.trim(),
             filePath,
             line: Number.parseInt(lineStr, 10) || 1,
             column: Number.parseInt(colStr || "1", 10) || 1,
-            severity: "warning",
-            semantic: "warning",
+            severity,
+            semantic: severity === "error" ? "blocking" : "warning",
             tool: "elixir-check",
-            rule: "warning",
+            rule: severity === "error" ? "error" : "warning",
             fixable: false,
         });
     }
@@ -102,7 +165,7 @@ const elixirCheckRunner = {
             return { status: "skipped", diagnostics: [], semantic: "none" };
         }
         const raw = `${result.stderr || ""}\n${result.stdout || ""}`;
-        const diagnostics = parseElixirOutput(raw, ctx.filePath);
+        const diagnostics = parseElixirOutput(raw, ctx.filePath, cwd);
         if (diagnostics.length === 0) {
             if (result.status && result.status !== 0) {
                 return {
@@ -134,3 +197,4 @@ const elixirCheckRunner = {
     },
 };
 export default elixirCheckRunner;
+export { parseElixirOutput };

package/dist/clients/dispatch/runners/markdownlint.js

@@ -41,14 +41,22 @@ const MARKDOWNLINT_FIXABLE_RULES = new Set([
     "MD053",
     "MD058",
 ]);
-// markdownlint-cli output: path/to/file.md:10:3 MD013/line-length Line length
+// markdownlint-cli2 output: `path:line[:col] [error|warning] MD###/name[/name…] message`
+// Two things the original parser missed (→ silent 0 diagnostics, #212):
+//   1. cli2 emits a severity token (`error`/`warning`) between the col and the
+//      rule code — older markdownlint-cli did not.
+//   2. some rules carry MULTIPLE slash-separated names (e.g.
+//      `MD041/first-line-heading/first-line-h1`).
+// The severity token is optional so older/relative-path output still parses.
 function parseMarkdownlintOutput(raw, filePath) {
     const diagnostics = [];
     for (const line of raw.split(/\r?\n/)) {
         if (!line.trim())
             continue;
-        // Format: filePath:line[:col] ruleCode/ruleName message
-        const match = line.match(/^.*?:(\d+)(?::(\d+))?\s+(MD\d+\/[\w-]+)\s+(.+)$/);
+        // Rule code is MD### followed by one or more slash-joined names. Use a
+        // single char class (`[\w/-]+`) rather than a nested quantifier
+        // (`(?:/[\w-]+)+`) so there's no super-linear backtracking (S5852).
+        const match = line.match(/^.*?:(\d+)(?::(\d+))?\s+(?:error|warning)?\s*(MD\d+\/[\w/-]+)\s+(.+)$/);
         if (!match)
             continue;
         const [, lineNum, col, ruleCode, message] = match;

package/dist/clients/dispatch/runners/shellcheck.js

@@ -133,9 +133,11 @@ const shellcheckRunner = {
         // Check for config file
         const configPath = findShellcheckConfig(ctx.cwd);
         if (!configPath) {
-            // No config file, use default settings
-            // Exclude "style" and "info" by default to reduce noise
-            args.push("--severity", "warning");
+            // No config file: surface `info`-level findings (e.g. SC2086
+            // double-quote-to-prevent-globbing — a high-value, commonly-relevant
+            // check that was previously dropped, #213) while still excluding pure
+            // `style` rules to limit noise. Projects opt into style via .shellcheckrc.
+            args.push("--severity", "info");
         }
         args.push(ctx.filePath);
         const result = await safeSpawnAsync(cmd, args, { timeout: 15000 });

package/dist/clients/dispatch/runners/shfmt.js

@@ -1,8 +1,26 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
 import { ensureTool } from "../../installer/index.js";
 import { safeSpawnAsync } from "../../safe-spawn.js";
 import { PRIORITY } from "../priorities.js";
 import { createAvailabilityChecker } from "./utils/runner-helpers.js";
 const shfmt = createAvailabilityChecker("shfmt", ".exe");
+// shfmt's only config source is .editorconfig. We treat its presence as the
+// opt-in for the (non-error) format-diff warning, so out of the box shfmt only
+// reports genuine parse errors instead of nagging every unformatted shell file
+// against shfmt's built-in defaults (#211).
+function hasEditorConfig(cwd) {
+    let current = path.resolve(cwd);
+    while (true) {
+        if (fs.existsSync(path.join(current, ".editorconfig")))
+            return true;
+        const parent = path.dirname(current);
+        if (parent === current)
+            break;
+        current = parent;
+    }
+    return false;
+}
 /**
  * shfmt runner — checks shell script formatting.
  * Reports files that differ from shfmt's canonical output as a single warning.
@@ -58,7 +76,13 @@ const shfmtRunner = {
             ];
             return { status: "failed", diagnostics, semantic: "blocking" };
         }
-        // Needs formatting — extract first changed line from diff if possible
+        // Needs formatting (exit 1). Only warn if the project opted into shfmt via
+        // .editorconfig — otherwise this nags on every shell write against shfmt's
+        // defaults (#211). Parse errors (above) are always reported.
+        if (!hasEditorConfig(cwd)) {
+            return { status: "succeeded", diagnostics: [], semantic: "none" };
+        }
+        // Extract first changed line from diff if possible
         const diffOutput = result.stdout ?? result.stderr ?? "";
         let line = 1;
         const lineMatch = diffOutput.match(/^@@\s+-(\d+)/m);

package/dist/clients/dispatch/runners/utils/runner-helpers.js

@@ -64,8 +64,14 @@ export function createVenvFinder(command, windowsExt = "", quoteWindows = false)
 /**
  * Create a cached availability checker for a command.
  * The checker will look for the command in venv first, then global.
+ *
+ * `versionArgs` defaults to `["--version"]` but some tools reject that flag and
+ * expose version under a subcommand instead (e.g. `zig version`, not
+ * `zig --version`). Passing the wrong probe makes the runner silently skip on
+ * every machine, so toolchains with a non-standard version command must override
+ * this.
  */
-export function createAvailabilityChecker(command, windowsExt = "") {
+export function createAvailabilityChecker(command, windowsExt = "", versionArgs = ["--version"]) {
     const cacheByCwd = new Map();
     const inFlightByCwd = new Map();
     const findCommand = createVenvFinder(command, windowsExt, true);
@@ -89,7 +95,7 @@ export function createAvailabilityChecker(command, windowsExt = "") {
             return existing;
         const promise = (async () => {
             const cmd = findCommand(resolvedCwd);
-            const result = await safeSpawnAsync(cmd, ["--version"], {
+            const result = await safeSpawnAsync(cmd, versionArgs, {
                 timeout: 5000,
             });
             cache.available = !result.error && result.status === 0;

package/dist/clients/dispatch/runners/zig-check.js

@@ -2,7 +2,9 @@ import * as path from "node:path";
 import { safeSpawnAsync } from "../../safe-spawn.js";
 import { createAvailabilityChecker } from "./utils/runner-helpers.js";
 import { PRIORITY } from "../priorities.js";
-const zig = createAvailabilityChecker("zig", ".exe");
+// zig rejects `--version`; the version subcommand is `zig version`. Using the
+// default probe would make this runner skip on every machine.
+const zig = createAvailabilityChecker("zig", ".exe", ["version"]);
 function parseZigOutput(raw, filePath) {
     const diagnostics = [];
     for (const line of raw.split(/\r?\n/)) {

package/dist/clients/formatters.js

@@ -12,7 +12,7 @@ import * as fs from "node:fs/promises";
 import * as path from "node:path";
 import { logLatency } from "./latency-logger.js";
 import { safeSpawnAsync } from "./safe-spawn.js";
-import { getAutoInstallToolIdForFormatter, getFormatterPolicyForFile, getSmartDefaultFormatterName, hasBiomeConfig, hasBlackConfig, hasClangFormatConfig, hasCljfmtConfig, hasCmakeFormatConfig, hasGoogleJavaFormatConfig, hasNearestPackageJsonDependency, hasNearestPackageJsonField, hasOcamlformatConfig, hasOxfmtConfig, hasPhpCsFixerConfig, hasPrettierConfig, hasRubocopConfig, hasRuffConfig, hasSqlfluffConfig, hasStandardrbConfig, hasStyluaConfig, hasVitePlusConfig, } from "./tool-policy.js";
+import { getAutoInstallToolIdForFormatter, getFormatterPolicyForFile, getSmartDefaultFormatterName, hasBiomeConfig, hasBlackConfig, hasClangFormatConfig, hasCljfmtConfig, hasCmakeFormatConfig, hasGoogleJavaFormatConfig, hasKtfmtConfig, hasNearestPackageJsonDependency, hasNearestPackageJsonField, hasOcamlformatConfig, hasOxfmtConfig, hasPhpCsFixerConfig, hasPrettierConfig, hasRubocopConfig, hasRuffConfig, hasSqlfluffConfig, hasStandardrbConfig, hasStyluaConfig, hasVitePlusConfig, } from "./tool-policy.js";
 const _lazyInstallAttempts = new Set();
 export async function tryLazyInstallFormatterTool(tool, cwd) {
     const attemptKey = `${tool}:${cwd}`;
@@ -197,6 +197,9 @@ function hasExplicitFormatterConfig(formatterName, cwd) {
         case "oxfmt":
             return (hasOxfmtConfig(cwd) ||
                 hasVitePlusConfig(cwd) ||
+                // The published package is `oxfmt`; `@oxc-project/oxfmt` does not
+                // exist on npm. Accept both (scoped kept for forward-compat).
+                hasNearestPackageJsonDependency(cwd, "oxfmt") ||
                 hasNearestPackageJsonDependency(cwd, "@oxc-project/oxfmt"));
         case "ruff":
             return hasRuffConfig(cwd);
@@ -218,6 +221,8 @@ function hasExplicitFormatterConfig(formatterName, cwd) {
             return hasOcamlformatConfig(cwd);
         case "google-java-format":
             return hasGoogleJavaFormatConfig(cwd);
+        case "ktfmt":
+            return hasKtfmtConfig(cwd);
         case "cljfmt":
             return hasCljfmtConfig(cwd);
         case "cmake-format":
@@ -355,6 +360,8 @@ export const oxfmtFormatter = {
     async detect(cwd) {
         return (hasOxfmtConfig(cwd) ||
             hasVitePlusConfig(cwd) ||
+            // Published package is `oxfmt` (the scoped name does not exist on npm).
+            hasNearestPackageJsonDependency(cwd, "oxfmt") ||
             hasNearestPackageJsonDependency(cwd, "@oxc-project/oxfmt"));
     },
 };
@@ -536,6 +543,25 @@ export const ktlintFormatter = {
         return Boolean(await getToolPath("ktlint"));
     },
 };
+export const ktfmtFormatter = {
+    name: "ktfmt",
+    // ktfmt formats in place when given a file path (no flag needed).
+    command: ["ktfmt", "$FILE"],
+    extensions: [".kt", ".kts"],
+    async resolveCommand(filePath, _cwd) {
+        const inPath = await which("ktfmt");
+        if (inPath)
+            return [inPath, filePath];
+        const { ensureTool } = await import("./installer/index.js");
+        const installed = await ensureTool("ktfmt");
+        return installed ? [installed, filePath] : null;
+    },
+    async detect(cwd) {
+        // Opt-in only: ktfmt becomes the formatter when the project elects it,
+        // otherwise ktlint stays the Kotlin smart-default (#129).
+        return hasKtfmtConfig(cwd);
+    },
+};
 export const rubocopFormatter = {
     name: "rubocop",
     command: ["rubocop", "-a", "--no-color", "$FILE"],
@@ -612,10 +638,32 @@ export const phpCsFixerFormatter = {
 };
 export const csharpierFormatter = {
     name: "csharpier",
-    command: ["dotnet", "csharpier", "$FILE"],
+    // CSharpier ≥1.0 is a standalone `csharpier format <file>`; the `dotnet
+    // csharpier <file>` form was removed (a bare `dotnet csharpier` now errors
+    // "a dotnet-prefixed executable with this name could not be found"). Keep the
+    // legacy form as a fallback for CSharpier 0.x via resolveCommand.
+    command: ["csharpier", "format", "$FILE"],
     extensions: [".cs"],
+    async resolveCommand(filePath, _cwd) {
+        if ((await which("csharpier")) !== null) {
+            return ["csharpier", "format", filePath];
+        }
+        // CSharpier 0.x: invoked through the dotnet driver.
+        if ((await which("dotnet")) !== null) {
+            const legacy = await safeSpawnAsync("dotnet", ["csharpier", "--version"], {
+                timeout: 5000,
+            });
+            if (!legacy.error && legacy.status === 0) {
+                return ["dotnet", "csharpier", filePath];
+            }
+        }
+        return null;
+    },
     async detect(_cwd) {
-        // Check dotnet is available AND csharpier tool is installed
+        // CSharpier ≥1.0 standalone binary …
+        if ((await which("csharpier")) !== null)
+            return true;
+        // … or the legacy dotnet-driver form (CSharpier 0.x).
         if ((await which("dotnet")) === null)
             return false;
         const result = await safeSpawnAsync("dotnet", ["csharpier", "--version"], {
@@ -758,6 +806,7 @@ const ALL_FORMATTERS = [
     ocamlformatFormatter,
     clangFormatFormatter,
     ktlintFormatter,
+    ktfmtFormatter,
     terraformFormatter,
     phpCsFixerFormatter,
     csharpierFormatter,