pumuki-ast-hooks 5.3.18 → 5.3.20

package/scripts/hooks-system/application/services/token/CursorTokenService.js

@@ -1,5 +1,9 @@
 const CursorTokenRepository = require('../../../infrastructure/repositories/CursorTokenRepository');
 
+const {
+    createMetricScope: createMetricScope
+} = require('../../../infrastructure/telemetry/metric-scope');
+
 class CursorTokenService {
     constructor({
         cursorTokenRepository = null,
@@ -10,6 +14,12 @@ class CursorTokenService {
         fetchImpl,
         logger = console
     } = {}) {
+        const m_constructor = createMetricScope({
+            hook: 'cursor_token_service',
+            operation: 'constructor'
+        });
+
+        m_constructor.started();
         this.logger = logger;
         this.repository = cursorTokenRepository || new CursorTokenRepository({
             repoRoot,
@@ -19,24 +29,34 @@ class CursorTokenService {
             fetchImpl,
             logger
         });
+        m_constructor.success();
     }
 
     async getCurrentUsage() {
+        const m_get_current_usage = createMetricScope({
+            hook: 'cursor_token_service',
+            operation: 'get_current_usage'
+        });
+
+        m_get_current_usage.started();
         // Strategy: First try API (most accurate), then File (fallback/offline)
 
         const apiUsage = await this.repository.getUsageFromApi();
         if (apiUsage) {
             this.logger.debug?.('CURSOR_SERVICE_USING_API', { usage: apiUsage });
+            m_get_current_usage.success();
             return apiUsage;
         }
 
         const fileUsage = await this.repository.getUsageFromFile();
         if (fileUsage) {
             this.logger.debug?.('CURSOR_SERVICE_USING_FILE', { usage: fileUsage });
+            m_get_current_usage.success();
             return fileUsage;
         }
 
         this.logger.warn?.('CURSOR_SERVICE_NO_DATA_AVAILABLE');
+        m_get_current_usage.success();
         return null;
     }
 }

package/scripts/hooks-system/application/services/token/TokenMetricsService.js

@@ -1,14 +1,22 @@
 const { execSync } = require('child_process');
 
-// Import recordMetric for prometheus metrics
-const { recordMetric } = require('../../../infrastructure/telemetry/metrics-logger');
+const {
+    createMetricScope: createMetricScope
+} = require('../../../infrastructure/telemetry/metric-scope');
 
 class TokenMetricsService {
     constructor(cursorTokenService, thresholds, logger) {
+        const m_constructor = createMetricScope({
+            hook: 'token_metrics_service',
+            operation: 'constructor'
+        });
+
+        m_constructor.started();
         this.cursorTokenService = cursorTokenService;
         this.thresholds = thresholds;
         this.logger = logger;
         this.repoRoot = process.cwd();
+        m_constructor.success();
     }
 
     async collectMetrics(fallbackEstimator) {
@@ -57,8 +65,7 @@ class TokenMetricsService {
         if (untrusted) {
             level = 'ok';
         }
-        const env = require('../../config/env');
-        const forceLevel = (env.get('TOKEN_MONITOR_FORCE_LEVEL', '') || '').toLowerCase();
+        const forceLevel = (process.env.TOKEN_MONITOR_FORCE_LEVEL || '').toLowerCase();
         if (forceLevel === 'warning' || forceLevel === 'critical' || forceLevel === 'ok') {
             level = forceLevel;
         }
@@ -79,15 +86,6 @@ class TokenMetricsService {
             this.logger.debug('TOKEN_MONITOR_METRICS', metrics);
         }
 
-        // Record prometheus metrics
-        recordMetric({
-            hook: 'token_monitor',
-            status: 'collect',
-            tokensUsed,
-            percentUsed: Number(percentUsed.toFixed(0)),
-            level
-        });
-
         return metrics;
     }
 

package/scripts/hooks-system/application/services/token/TokenMonitorService.js

@@ -2,6 +2,10 @@ const fs = require('fs');
 const path = require('path');
 const { execSync } = require('child_process');
 
+const {
+    createMetricScope: createMetricScope
+} = require('../../../infrastructure/telemetry/metric-scope');
+
 const fsPromises = fs.promises;
 const CursorTokenService = require('./CursorTokenService');
 const NotificationCenterService = require('../notification/NotificationCenterService');
@@ -21,6 +25,12 @@ class TokenMonitorService {
         fallbackEstimator = null,
         cursorTokenService = null
     } = {}) {
+        const m_constructor = createMetricScope({
+            hook: 'token_monitor_service',
+            operation: 'constructor'
+        });
+
+        m_constructor.started();
         this.repoRoot = repoRoot;
         this.dataFile = dataFile || path.join(this.repoRoot, '.audit_tmp', 'token-usage.jsonl');
         this.stateFile = stateFile || path.join(this.repoRoot, '.AI_TOKEN_STATUS.txt');
@@ -47,9 +57,16 @@ class TokenMonitorService {
 
         this.metricsService = new TokenMetricsService(this.cursorTokenService, this.thresholds, this.logger);
         this.statusReporter = new TokenStatusReporter(this.stateFile);
+        m_constructor.success();
     }
 
     async run() {
+        const m_run = createMetricScope({
+            hook: 'token_monitor_service',
+            operation: 'run'
+        });
+
+        m_run.started();
         // Collect metrics
         const metrics = await this.metricsService.collectMetrics(this.fallbackEstimator);
 
@@ -59,6 +76,8 @@ class TokenMonitorService {
         // Notify
         await this.emitNotification(metrics);
 
+        m_run.success();
+
         return metrics;
     }
 

package/scripts/hooks-system/application/services/token/TokenStatusReporter.js

@@ -1,9 +1,21 @@
 const fs = require('fs');
+
+const {
+    createMetricScope: createMetricScope
+} = require('../../../infrastructure/telemetry/metric-scope');
+
 const fsPromises = fs.promises;
 
 class TokenStatusReporter {
     constructor(stateFile) {
+        const m_constructor = createMetricScope({
+            hook: 'token_status_reporter',
+            operation: 'constructor'
+        });
+
+        m_constructor.started();
         this.stateFile = stateFile;
+        m_constructor.success();
     }
 
     async writeStatusFile(metrics) {

package/scripts/hooks-system/bin/__tests__/evidence-update.spec.js

@@ -0,0 +1,49 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { execSync } = require('child_process');
+
+describe('ast-hooks evidence:update', () => {
+    let repoRoot;
+    let subdir;
+
+    beforeEach(() => {
+        repoRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'ast-hooks-evidence-cli-'));
+        subdir = path.join(repoRoot, 'packages', 'app');
+        fs.mkdirSync(subdir, { recursive: true });
+
+        execSync('git init', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git config user.email "test@example.com"', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git config user.name "Test"', { cwd: repoRoot, stdio: 'ignore' });
+
+        fs.writeFileSync(path.join(repoRoot, 'README.md'), 'test', 'utf8');
+        execSync('git add README.md', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git commit -m "chore: init"', { cwd: repoRoot, stdio: 'ignore' });
+    });
+
+    afterEach(() => {
+        fs.rmSync(repoRoot, { recursive: true, force: true });
+    });
+
+    it('updates .AI_EVIDENCE.json in repo root even when executed from subdirectory', () => {
+        const cliPath = path.resolve(__dirname, '..', 'cli.js');
+        const output = execSync(`node ${cliPath} evidence:update`, {
+            cwd: subdir,
+            encoding: 'utf8',
+            env: {
+                ...process.env,
+                AUTO_EVIDENCE_TRIGGER: 'test',
+                AUTO_EVIDENCE_REASON: 'test',
+                AUTO_EVIDENCE_SUMMARY: 'test'
+            }
+        }).trim();
+
+        const evidencePath = path.join(repoRoot, '.AI_EVIDENCE.json');
+        expect(fs.realpathSync(output)).toBe(fs.realpathSync(evidencePath));
+        expect(fs.existsSync(evidencePath)).toBe(true);
+
+        const json = JSON.parse(fs.readFileSync(evidencePath, 'utf8'));
+        expect(typeof json.timestamp).toBe('string');
+        expect(json.timestamp.length).toBeGreaterThan(10);
+    });
+});

package/scripts/hooks-system/bin/cli.js

@@ -121,21 +121,7 @@ const commands = {
   },
 
   ast: () => {
-    const env = { ...process.env };
-    const filteredArgs = [];
-
-    for (const arg of args) {
-      if (arg === '--staged') {
-        env.STAGING_ONLY_MODE = '1';
-      } else {
-        filteredArgs.push(arg);
-      }
-    }
-
-    execSync(
-      `node ${path.join(HOOKS_ROOT, 'infrastructure/ast/ast-intelligence.js')} ${filteredArgs.join(' ')}`,
-      { stdio: 'inherit', env }
-    );
+    execSync(`node ${path.join(HOOKS_ROOT, 'infrastructure/ast/ast-intelligence.js')}`, { stdio: 'inherit' });
   },
 
   install: () => {

package/scripts/hooks-system/config/project.config.json

@@ -5,7 +5,7 @@
     "platforms": [
       "backend"
     ],
-    "created": "2025-12-25T22:02:53.249Z"
+    "created": "2025-12-31T07:05:44.501Z"
   },
   "architecture": {
     "pattern": "FEATURE_FIRST_CLEAN_DDD",

package/scripts/hooks-system/domain/events/index.js

@@ -1,7 +1,13 @@
-const { ValidationError } = require('../errors');
+const {
+    ValidationException,
+    BadRequestException,
+    InternalServerException
+} = require('../exceptions');
 
 class DomainEvent {
     constructor(type, payload) {
+        if (!type) throw new ValidationException('Event type is required', { field: 'type' });
+        if (!payload) throw new ValidationException('Event payload is required', { field: 'payload' });
         this.type = type;
         this.payload = payload;
         this.timestamp = new Date().toISOString();
@@ -9,8 +15,8 @@ class DomainEvent {
     }
 
     validate() {
-        if (!this.type) throw new ValidationError('Event type is required', 'type', this.type);
-        if (!this.payload) throw new ValidationError('Event payload is required', 'payload', this.payload);
+        if (!this.type) throw new ValidationException('Event type is required', { field: 'type' });
+        if (!this.payload) throw new ValidationException('Event payload is required', { field: 'payload' });
         return true;
     }
 
@@ -31,9 +37,7 @@ class EvidenceStaleEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!this.payload.evidencePath) {
-            throw new ValidationError('Evidence path is required', 'payload.evidencePath', this.payload.evidencePath);
-        }
+        if (!this.payload.evidencePath) throw new ValidationException('Evidence path is required', { field: 'evidencePath' });
     }
 }
 
@@ -45,12 +49,8 @@ class GitFlowViolationEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!this.payload.branch) {
-            throw new ValidationError('Branch name is required', 'payload.branch', this.payload.branch);
-        }
-        if (!this.payload.violation) {
-            throw new ValidationError('Violation details are required', 'payload.violation', this.payload.violation);
-        }
+        if (!this.payload.branch) throw new ValidationException('Branch name is required', { field: 'branch' });
+        if (!this.payload.violation) throw new ValidationException('Violation details are required', { field: 'violation' });
     }
 }
 
@@ -62,9 +62,7 @@ class AstCriticalFoundEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!Array.isArray(this.payload.findings)) {
-            throw new ValidationError('Findings must be an array', 'payload.findings', this.payload.findings);
-        }
+        if (!Array.isArray(this.payload.findings)) throw new ValidationException('Findings must be an array', { field: 'findings' });
     }
 }
 
@@ -73,6 +71,12 @@ class PreCommitBlockedEvent extends DomainEvent {
         super('PRE_COMMIT_BLOCKED', { reason, violations });
         this.validate();
     }
+
+    validate() {
+        super.validate();
+        if (!this.payload.reason) throw new ValidationException('Reason is required', { field: 'reason' });
+        if (!this.payload.violations) throw new ValidationException('Violations are required', { field: 'violations' });
+    }
 }
 
 class AnalysisCompletedEvent extends DomainEvent {
@@ -80,13 +84,16 @@ class AnalysisCompletedEvent extends DomainEvent {
         super('ANALYSIS_COMPLETED', summary);
         this.validate();
     }
+
+    validate() {
+        super.validate();
+        if (!this.payload) throw new ValidationException('Summary is required', { field: 'summary' });
+    }
 }
 
 class EventBus {
     constructor() {
         this.subscribers = new Map();
-        this.processedIds = new Set();
-        this.maxProcessed = 500;
     }
 
     subscribe(eventType, handler) {
@@ -106,25 +113,11 @@ class EventBus {
     }
 
     async publish(event) {
-        if (event?.id && this.processedIds.has(event.id)) {
-            return event;
-        }
         const handlers = this.subscribers.get(event.type) || [];
         const wildcardHandlers = this.subscribers.get('*') || [];
         const allHandlers = [...handlers, ...wildcardHandlers];
 
         await Promise.all(allHandlers.map(handler => handler(event)));
-
-        if (event?.id) {
-            this.processedIds.add(event.id);
-            if (this.processedIds.size > this.maxProcessed) {
-                const iter = this.processedIds.values();
-                for (let i = 0; i < 50 && this.processedIds.size > this.maxProcessed; i++) {
-                    const next = iter.next();
-                    if (!next.done) this.processedIds.delete(next.value);
-                }
-            }
-        }
         return event;
     }
 

package/scripts/hooks-system/domain/exceptions/index.js

@@ -0,0 +1,87 @@
+/**
+ * Custom Exception Classes for AST Intelligence System
+ * Provides structured error handling with specific exception types
+ */
+
+class BaseException extends Error {
+    constructor(message, code = 'INTERNAL_ERROR', statusCode = 500, context = {}) {
+        super(message);
+        this.name = this.constructor.name;
+        this.code = code;
+        this.statusCode = statusCode;
+        this.timestamp = new Date().toISOString();
+        this.context = context;
+
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        } else {
+            this.stack = (new Error()).stack;
+        }
+    }
+
+    toJSON() {
+        return {
+            name: this.name,
+            message: this.message,
+            code: this.code,
+            statusCode: this.statusCode,
+            timestamp: this.timestamp,
+            context: this.context,
+            stack: this.stack
+        };
+    }
+}
+
+class ValidationException extends BaseException {
+    constructor(message, field = null, context = {}) {
+        super(message, 'VALIDATION_ERROR', 400, context);
+        this.field = field;
+    }
+}
+
+class BadRequestException extends BaseException {
+    constructor(message, context = {}) {
+        super(message, 'BAD_REQUEST', 400, context);
+    }
+}
+
+class NotFoundException extends BaseException {
+    constructor(resource = 'Resource', context = {}) {
+        super(`${resource} not found`, 'NOT_FOUND', 404, context);
+    }
+}
+
+class UnauthorizedException extends BaseException {
+    constructor(message = 'Unauthorized access', context = {}) {
+        super(message, 'UNAUTHORIZED', 401, context);
+    }
+}
+
+class ForbiddenException extends BaseException {
+    constructor(message = 'Forbidden access', context = {}) {
+        super(message, 'FORBIDDEN', 403, context);
+    }
+}
+
+class ConflictException extends BaseException {
+    constructor(message, context = {}) {
+        super(message, 'CONFLICT', 409, context);
+    }
+}
+
+class InternalServerException extends BaseException {
+    constructor(message = 'Internal server error', context = {}) {
+        super(message, 'INTERNAL_SERVER_ERROR', 500, context);
+    }
+}
+
+module.exports = {
+    BaseException,
+    ValidationException,
+    BadRequestException,
+    NotFoundException,
+    UnauthorizedException,
+    ForbiddenException,
+    ConflictException,
+    InternalServerException
+};

package/scripts/hooks-system/infrastructure/ast/android/analyzers/AndroidAnalysisOrchestrator.js

@@ -40,9 +40,8 @@ class AndroidAnalysisOrchestrator {
             return 0.6745 * (x - med) / madValue;
         };
 
-        const env = require('../../../../config/env');
-        const pOutlier = env.getNumber('AST_GODCLASS_P_OUTLIER', 90);
-        const pExtreme = env.getNumber('AST_GODCLASS_P_EXTREME', 97);
+        const pOutlier = Number(process.env.AST_GODCLASS_P_OUTLIER || 90);
+        const pExtreme = Number(process.env.AST_GODCLASS_P_EXTREME || 97);
 
         const methods = this.godClassCandidates.map(c => c.methodsCount);
         const props = this.godClassCandidates.map(c => c.propertiesCount);

package/scripts/hooks-system/infrastructure/ast/ast-core.js

@@ -2,7 +2,6 @@
 const { Project, Node, SyntaxKind, ScriptTarget, ModuleKind } = require("ts-morph");
 const path = require("path");
 const fs = require("fs");
-const env = require("../../config/env");
 
 let SeverityEvaluator = null;
 let severityEvaluatorInstance = null;
@@ -20,7 +19,7 @@ function getSeverityEvaluator() {
   return severityEvaluatorInstance;
 }
 
-let INTELLIGENT_SEVERITY_ENABLED = env.getBool('INTELLIGENT_SEVERITY', false);
+let INTELLIGENT_SEVERITY_ENABLED = process.env.INTELLIGENT_SEVERITY === 'true';
 
 /**
  * Get repository root directory (portable - dynamic detection)
@@ -180,18 +179,18 @@ function pushFinding(ruleId, severity, sf, node, message, findings, metrics = {}
   let mappedSeverity = mapToLevel(severity);
   const isCleanLayerMarkerRule = ruleId === 'backend.clean.domain' || ruleId === 'backend.clean.application' || ruleId === 'backend.clean.infrastructure' || ruleId === 'backend.clean.presentation';
   let isStrictCriticalRule = false;
-  if (env.get('AUDIT_STRICT', '0') === '1' && !isCleanLayerMarkerRule) {
+  if (process.env.AUDIT_STRICT === '1' && !isCleanLayerMarkerRule) {
     const defaultStrictCriticalRegex = '(solid\\.|architecture\\.|clean\\.|cqrs\\.|tdd\\.|bdd\\.|security\\.|error\\.|testing\\.|performance\\.|metrics\\.|observability\\.|validation\\.|i18n\\.|accessibility\\.|naming\\.)';
     const defaultStrictCriticalRegexLibrary = '(solid\\.|architecture\\.|clean\\.|cqrs\\.|tdd\\.|bdd\\.|security\\.|error\\.|testing\\.|validation\\.|naming\\.)';
-    const strictRegexSource = env.get('AST_STRICT_CRITICAL_RULES_REGEX',
-      env.getBool('AUDIT_LIBRARY', false)
-        ? env.get('AST_STRICT_CRITICAL_RULES_REGEX_LIBRARY', defaultStrictCriticalRegexLibrary)
+    const strictRegexSource = process.env.AST_STRICT_CRITICAL_RULES_REGEX ||
+      (process.env.AUDIT_LIBRARY === 'true'
+        ? (process.env.AST_STRICT_CRITICAL_RULES_REGEX_LIBRARY || defaultStrictCriticalRegexLibrary)
         : defaultStrictCriticalRegex);
     let strictRegex;
     try {
       strictRegex = new RegExp(strictRegexSource, 'i');
     } catch {
-      strictRegex = new RegExp(env.getBool('AUDIT_LIBRARY', false) ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
+      strictRegex = new RegExp(process.env.AUDIT_LIBRARY === 'true' ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
     }
     isStrictCriticalRule = strictRegex.test(ruleId);
     if (isStrictCriticalRule) {
@@ -242,18 +241,18 @@ function pushFileFinding(ruleId, severity, filePath, line, column, message, find
   let mappedSeverity = mapToLevel(severity);
   const isCleanLayerMarkerRule = ruleId === 'backend.clean.domain' || ruleId === 'backend.clean.application' || ruleId === 'backend.clean.infrastructure' || ruleId === 'backend.clean.presentation';
   let isStrictCriticalRule = false;
-  if (env.get('AUDIT_STRICT', '0') === '1' && !isCleanLayerMarkerRule) {
+  if (process.env.AUDIT_STRICT === '1' && !isCleanLayerMarkerRule) {
     const defaultStrictCriticalRegex = '(solid\\.|architecture\\.|clean\\.|cqrs\\.|tdd\\.|bdd\\.|security\\.|error\\.|testing\\.|performance\\.|metrics\\.|observability\\.|validation\\.|i18n\\.|accessibility\\.|naming\\.)';
     const defaultStrictCriticalRegexLibrary = '(solid\\.|architecture\\.|clean\\.|cqrs\\.|tdd\\.|bdd\\.|security\\.|error\\.|testing\\.|validation\\.|naming\\.)';
-    const strictRegexSource = env.get('AST_STRICT_CRITICAL_RULES_REGEX',
-      env.getBool('AUDIT_LIBRARY', false)
-        ? env.get('AST_STRICT_CRITICAL_RULES_REGEX_LIBRARY', defaultStrictCriticalRegexLibrary)
+    const strictRegexSource = process.env.AST_STRICT_CRITICAL_RULES_REGEX ||
+      (process.env.AUDIT_LIBRARY === 'true'
+        ? (process.env.AST_STRICT_CRITICAL_RULES_REGEX_LIBRARY || defaultStrictCriticalRegexLibrary)
         : defaultStrictCriticalRegex);
     let strictRegex;
     try {
       strictRegex = new RegExp(strictRegexSource, 'i');
     } catch {
-      strictRegex = new RegExp(env.getBool('AUDIT_LIBRARY', false) ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
+      strictRegex = new RegExp(process.env.AUDIT_LIBRARY === 'true' ? defaultStrictCriticalRegexLibrary : defaultStrictCriticalRegex, 'i');
     }
     isStrictCriticalRule = strictRegex.test(ruleId);
     if (isStrictCriticalRule) {
@@ -333,6 +332,15 @@ function mapToLevel(severity) {
 function platformOf(filePath) {
   const p = filePath.replace(/\\/g, "/");
 
+  if (p.includes("/infrastructure/ast/") && process.env.AUDIT_LIBRARY !== 'true') return null;
+
+  if (process.env.AUDIT_LIBRARY === 'true') {
+    if (p.includes("/infrastructure/ast/backend/") || p.includes("/scripts/hooks-system/infrastructure/ast/backend/")) return "backend";
+    if (p.includes("/infrastructure/ast/frontend/") || p.includes("/scripts/hooks-system/infrastructure/ast/frontend/")) return "frontend";
+    if (p.includes("/infrastructure/ast/android/") || p.includes("/scripts/hooks-system/infrastructure/ast/android/")) return "android";
+    if (p.includes("/infrastructure/ast/ios/") || p.includes("/scripts/hooks-system/infrastructure/ast/ios/")) return "ios";
+  }
+
   if (p.includes("/apps/backend/") || p.includes("apps/backend/")) return "backend";
   if (p.includes("/apps/admin/") || p.includes("/admin-dashboard/")) return "frontend";
   if (p.includes("/apps/mobile-ios/") || p.includes("/apps/ios/")) return "ios";

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -1,7 +1,6 @@
 
 const path = require("path");
 const fs = require("fs");
-const env = require("../../config/env");
 
 const astModulesPath = __dirname;
 const { createProject, platformOf, mapToLevel } = require(path.join(astModulesPath, "ast-core"));
@@ -28,7 +27,13 @@ async function runASTIntelligence() {
     const { getRepoRoot } = require('./ast-core');
     const root = getRepoRoot();
 
-    const allFiles = listSourceFiles(root);
+    const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
+
+    const allFiles = listSourceFiles(root).filter(f => {
+      const p = String(f || '').replace(/\\/g, '/');
+      if (!isLibraryAudit && p.includes('/infrastructure/ast/')) return false;
+      return true;
+    });
 
     const project = createProject(allFiles);
     const findings = [];
@@ -70,9 +75,9 @@ async function runASTIntelligence() {
 }
 
 function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
-  if (env.get('AST_INSIGHTS', '0') !== '1') return;
+  if (process.env.AST_INSIGHTS !== '1') return;
 
-  const maxFindings = env.getNumber('AST_INSIGHTS_PROJECT_MAX', 200);
+  const maxFindings = Number(process.env.AST_INSIGHTS_PROJECT_MAX || 200);
   if (!Number.isFinite(maxFindings) || maxFindings <= 0) return;
 
   const isExcludedPath = (filePath) => {
@@ -155,7 +160,7 @@ function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
 }
 
 function runHardcodedThresholdAudit(root, findings) {
-  if (env.get('AST_INSIGHTS', '0') !== '1') return;
+  if (process.env.AST_INSIGHTS !== '1') return;
 
   const ruleDirs = [
     path.join(root, 'infrastructure', 'ast'),
@@ -312,7 +317,7 @@ async function runPlatformAnalysis(project, findings, context) {
       }
     } catch (error) {
       console.error(`[ERROR] Error processing platform ${platform}:`, error.message);
-      if (env.getBool('DEBUG_AST', false)) {
+      if (process.env.DEBUG_AST) {
         console.error(error.stack);
       }
     }
@@ -371,7 +376,7 @@ function generateOutput(findings, context, project, root) {
  * Save detailed JSON report
  */
 function saveDetailedReport(findings, levelTotals, platformTotals, project, root) {
-  const outDir = env.get('AUDIT_TMP', path.join(root, ".audit_tmp"));
+  const outDir = process.env.AUDIT_TMP || path.join(root, ".audit_tmp");
   try {
     fs.mkdirSync(outDir, { recursive: true });
 
@@ -527,7 +532,7 @@ function checkForMigrations(root) {
  * List source files recursively
  */
 function listSourceFiles(root) {
-  if (env.get('STAGING_ONLY_MODE', '0') === "1") {
+  if (process.env.STAGING_ONLY_MODE === "1") {
     const { execSync } = require("child_process");
     try {
       const allStaged = execSync("git diff --cached --name-only --diff-filter=ACM", {
@@ -595,6 +600,11 @@ function listSourceFiles(root) {
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
   if (p.includes("node_modules/")) return true;
+
+  const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
+
+  if (!isLibraryAudit && p.includes("scripts/hooks-system/")) return true;
+  if (!isLibraryAudit && p.includes("/infrastructure/ast/")) return true;
   if (p.includes("/.cursor/")) return true;
   if (/\.bak/i.test(p)) return true;
   if (p.includes("/.next/")) return true;

package/scripts/hooks-system/infrastructure/ast/backend/analyzers/BackendPatternDetector.js

@@ -1,6 +1,5 @@
 const fs = require('fs');
 const path = require('path');
-const env = require('../../../../config/env');
 
 class BackendPatternDetector {
   constructor(projectRoot) {
@@ -12,7 +11,7 @@ class BackendPatternDetector {
       const fullPath = path.join(this.projectRoot, relativePath);
       return fs.readFileSync(fullPath, 'utf-8');
     } catch (error) {
-      if (env.getBool('DEBUG', false)) {
+      if (process.env.DEBUG) {
         console.debug(`[BackendPatternDetector] Failed to read file ${relativePath}: ${error.message}`);
       }
       return '';