slopguard-cli 0.1.0__tar.gz

slopguard_cli-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,52 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+      - name: Install
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+      - name: Lint
+        run: |
+          ruff check slopguard/ tests/
+          ruff format --check slopguard/ tests/
+      - name: Type check
+        run: mypy --strict slopguard/
+      - name: Test
+        run: pytest -q --cov=slopguard --cov-report=term --cov-fail-under=85
+      - name: Build wheel
+        if: matrix.python-version == '3.11'
+        run: |
+          pip install build
+          python -m build
+      - name: Smoke-test wheel install
+        if: matrix.python-version == '3.11'
+        run: |
+          python -m venv /tmp/wheel-venv
+          /tmp/wheel-venv/bin/pip install dist/*.whl
+          /tmp/wheel-venv/bin/slopguard version
+          # Fixtures contain known hallucinations on purpose, so scan exits 1.
+          # Assert that, then validate the JSON payload.
+          set +e
+          /tmp/wheel-venv/bin/slopguard scan tests/fixtures --no-network --format json --output /tmp/report.json
+          rc=$?
+          set -e
+          test "$rc" = "1"
+          test "$(jq -r .slopguard_version /tmp/report.json)" = "0.1.0"
+          test "$(jq -r .summary.hallucinated /tmp/report.json)" -ge 1

slopguard_cli-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,68 @@
+name: Release to PyPI
+
+# Triggered when a GitHub release is published, or manually via the Actions UI.
+# The first run will register the project on PyPI under whoever owns the
+# trusted publisher configuration on the PyPI side.
+#
+# Setup once on PyPI: https://pypi.org/manage/account/publishing/ → "Add a new
+# pending publisher" with:
+#   PyPI Project Name: slopguard
+#   Owner:             hariomunknownslab
+#   Repository name:   slopguard
+#   Workflow name:     release.yml
+#   Environment name:  (leave blank)
+# After the first successful run, PyPI promotes the pending publisher to a real
+# project-scoped trusted publisher; no token is ever stored.
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "Git ref to publish (tag, branch, or SHA). Defaults to the workflow's ref."
+        required: false
+        default: ""
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build sdist + wheel
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install build
+        run: python -m pip install --upgrade build
+      - name: Build
+        run: python -m build
+      - name: Verify metadata
+        run: |
+          python -m pip install twine
+          python -m twine check dist/*
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pypi-dists
+          path: dist/
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write   # required for OIDC trusted publishing
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: pypi-dists
+          path: dist/
+      - name: Publish
+        uses: pypa/gh-action-pypi-publish@release/v1

slopguard_cli-0.1.0/.github/workflows/slopguard.yml.example

@@ -0,0 +1,35 @@
+# Copy this file into your own repository as `.github/workflows/slopguard.yml`.
+#
+# It installs SlopGuard, scans the repository on every pull request and push to
+# main, and uploads the JSON report as a build artifact. The job fails the
+# build whenever SlopGuard exits non-zero.
+
+name: SlopGuard
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  slopguard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install SlopGuard
+        run: pip install slopguard-cli
+
+      - name: Scan
+        run: slopguard scan . --format json --output slopguard-report.json
+
+      - name: Upload report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: slopguard-report
+          path: slopguard-report.json

slopguard_cli-0.1.0/.gitignore

@@ -0,0 +1,43 @@
+# Byte-compiled / cache
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+
+# Distribution / packaging
+build/
+dist/
+*.egg-info/
+*.egg
+.eggs/
+
+# Virtual envs
+.venv/
+venv/
+env/
+ENV/
+
+# Test / coverage
+.pytest_cache/
+.coverage
+.coverage.*
+htmlcov/
+coverage.xml
+.tox/
+
+# Type checking
+.mypy_cache/
+.ruff_cache/
+
+# Editors
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Local scan artifacts
+slopguard-report.json

slopguard_cli-0.1.0/.ruff.toml

@@ -0,0 +1,25 @@
+target-version = "py311"
+line-length = 100
+
+[lint]
+select = [
+    "E",    # pycodestyle errors
+    "W",    # pycodestyle warnings
+    "F",    # pyflakes
+    "I",    # isort
+    "B",    # bugbear
+    "UP",   # pyupgrade
+    "C4",   # comprehensions
+    "SIM",  # simplify
+    "RUF",  # ruff-specific
+]
+ignore = [
+    "E501",  # line length handled by formatter
+]
+
+[lint.per-file-ignores]
+"tests/**" = ["B011", "SIM117"]
+
+[format]
+quote-style = "double"
+indent-style = "space"

slopguard_cli-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,30 @@
+# Contributing to SlopGuard
+
+Thanks for the interest. SlopGuard is MIT-licensed and welcomes contributions.
+
+## Quick start
+
+```bash
+git clone https://github.com/hariomunknownslab/slopguard
+cd slopguard
+python -m venv .venv && source .venv/bin/activate
+make install
+make all   # lint, typecheck, test
+```
+
+## Ground rules
+
+- `ruff check` and `ruff format` must pass cleanly.
+- `mypy --strict slopguard/` must pass with zero errors.
+- Test coverage on `slopguard/` must stay ≥ 85%.
+- No `Any`, no unjustified `# type: ignore`.
+- Do not add features outside the v0.1 scope without filing an issue first.
+
+## Reporting hallucinated package names
+
+Open an issue with:
+- the package name (and ecosystem),
+- the LLM / tool that suggested it,
+- the prompt that produced the suggestion (if shareable).
+
+Curated reports feed the next iteration of the hallucination database.

slopguard_cli-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 SlopGuard
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

slopguard_cli-0.1.0/Makefile

@@ -0,0 +1,26 @@
+.PHONY: install test lint typecheck fmt clean build all
+
+install:
+	pip install -e ".[dev]"
+
+test:
+	pytest -q --cov=slopguard --cov-report=term-missing
+
+lint:
+	ruff check slopguard/ tests/
+	ruff format --check slopguard/ tests/
+
+typecheck:
+	mypy --strict slopguard/
+
+fmt:
+	ruff format slopguard/ tests/
+	ruff check --fix slopguard/ tests/
+
+clean:
+	rm -rf build/ dist/ *.egg-info .pytest_cache .mypy_cache .ruff_cache .coverage htmlcov coverage.xml
+
+build:
+	python -m build
+
+all: lint typecheck test

slopguard_cli-0.1.0/PKG-INFO

@@ -0,0 +1,197 @@
+Metadata-Version: 2.4
+Name: slopguard-cli
+Version: 0.1.0
+Summary: Defend developers and AI coding agents against slopsquatting (hallucinated package names).
+Project-URL: Homepage, https://github.com/hariomunknownslab/slopguard
+Project-URL: Repository, https://github.com/hariomunknownslab/slopguard
+Project-URL: Issues, https://github.com/hariomunknownslab/slopguard/issues
+Author-email: SlopGuard <contact@unknownslab.com>
+License: MIT
+License-File: LICENSE
+Keywords: ai,llm,package-hallucination,security,slopsquatting,supply-chain
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.11
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: pydantic>=2.6.0
+Requires-Dist: pyyaml>=6.0.1
+Requires-Dist: rich>=13.7.0
+Requires-Dist: tomli>=2.0.1; python_version < '3.11'
+Requires-Dist: typer>=0.12.0
+Provides-Extra: dev
+Requires-Dist: build>=1.2.0; extra == 'dev'
+Requires-Dist: jsonschema>=4.21.0; extra == 'dev'
+Requires-Dist: mypy>=1.10.0; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
+Requires-Dist: pytest-cov>=4.1.0; extra == 'dev'
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Requires-Dist: respx>=0.21.0; extra == 'dev'
+Requires-Dist: ruff>=0.4.0; extra == 'dev'
+Requires-Dist: types-pyyaml>=6.0.12; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# SlopGuard
+
+[![CI](https://github.com/hariomunknownslab/slopguard/actions/workflows/ci.yml/badge.svg)](https://github.com/hariomunknownslab/slopguard/actions/workflows/ci.yml)
+[![PyPI](https://img.shields.io/pypi/v/slopguard.svg)](https://pypi.org/project/slopguard/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**Slopsquatting** is what happens when an LLM hallucinates a plausible-sounding
+package name that does not exist on the public registry — and then an attacker
+registers that exact name with malware so the *next* developer (or AI agent)
+who follows the suggestion installs it. SlopGuard scans your project's
+dependencies, flags entries that are either known LLM hallucinations or that
+show the behavioural fingerprint of a slopsquat, and exits non-zero so CI
+fails the build before the malware reaches `node_modules` or `site-packages`.
+
+> SlopGuard stops AI coding agents from installing packages that LLMs hallucinated.
+
+## Install
+
+```bash
+pip install slopguard-cli
+# Homebrew formula ships in a later release:
+# brew install slopguard
+```
+
+> The PyPI **distribution** name is `slopguard-cli` (the name `slopguard`
+> overlapped with an unrelated existing package on PyPI). The installed
+> command, the Python import, and everything else stays `slopguard`.
+
+Python 3.11+ is required.
+
+## Usage
+
+### 1. Scan the current directory
+
+```bash
+slopguard scan
+```
+
+SlopGuard auto-discovers `package.json`, `package-lock.json`,
+`requirements.txt`, `pyproject.toml`, and `Pipfile` (up to two levels deep),
+probes each name against the public registry, and prints a Rich table:
+
+```text
+SlopGuard v0.1.0 — scanning /home/dev/myproj
+
+Detected manifests:
+  • package.json (npm, 32 deps)
+  • requirements.txt (pypi, 15 deps)
+
+Scanned 47 dependencies in 3.1s.
+
+┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ Package            ┃ Risk       ┃ Reason                                       ┃
+┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ react-codeshift    │ HALLUCIN.  │ Matched seed DB entry; recurrence 0.71.      │
+│ langchain-helpers  │ SUSPICIOUS │ Created 14 days ago, 48 downloads, new auth. │
+│ openai-utils       │ SUSPICIOUS │ Levenshtein 2 from popular package 'openai'. │
+│ requests           │ CLEAN      │ Established package.                         │
+└────────────────────┴────────────┴──────────────────────────────────────────────┘
+
+Summary: 1 hallucinated, 2 suspicious, 44 clean, 0 error(s).
+Exit code: 1
+```
+
+### 2. Scan a specific path
+
+```bash
+slopguard scan ./mono/services/api
+```
+
+### 3. CI mode — JSON output, strict failure threshold
+
+```bash
+slopguard scan --format json --output report.json --fail-on hallucinated
+```
+
+See [`.github/workflows/slopguard.yml.example`](.github/workflows/slopguard.yml.example)
+for a drop-in GitHub Actions workflow and [`docs/ci-integration.md`](docs/ci-integration.md)
+for details on other CI providers.
+
+## How it works
+
+For every dependency, SlopGuard computes a small set of independent signals
+and combines them into a single risk score in `[0.0, 1.0]`:
+
+- **Hallucination-DB hit** (weight 0.90) — exact match in an embedded seed
+  database of names known to be hallucinated by major LLMs.
+- **Registry not found** (0.85) — the registry returns 404 for the name. The
+  most common slopsquat shape: a name that doesn't exist *yet*.
+- **Very recently / recently published** (0.35 / 0.20) — first release < 7
+  days / < 30 days old.
+- **Low downloads** (0.15) — < 100 downloads in the last month (npm) or last
+  week (PyPI).
+- **New publisher** (0.20) and **single-release new account** (0.30) — a
+  brand-new account whose only release is the package you're about to install.
+- **Levenshtein typo** (0.25) — name is 1–2 edits away from a top-1000
+  popular package (likely a typosquat).
+- **Suspicious name pattern** (0.10) — matches a classic LLM-hallucination
+  shape like `<stem>-helpers`, `<stem>-utils`, `<stem>-async`, `<stem>-pro`.
+
+The default cutoffs map scores `≥ 0.85` → **hallucinated**, `≥ 0.40` →
+**suspicious**, else **clean**. Both thresholds are tunable in
+`.slopguard.yaml`. See [`docs/detection.md`](docs/detection.md) for the full
+table, the order of operations, and edge cases.
+
+## Configuration
+
+`.slopguard.yaml`, picked up automatically from the scan target or any
+ancestor (up to 3 levels):
+
+```yaml
+ignore:
+  packages: ["internal-tool"]
+  patterns: ["^@mycompany/"]
+
+fail_on: suspicious        # any | hallucinated | suspicious | none
+
+network:
+  enabled: true
+  timeout_seconds: 5
+  concurrency: 16
+
+scoring:
+  suspicious_min_score: 0.4
+  hallucinated_min_score: 0.85
+```
+
+CLI flags override the file. See [`docs/usage.md`](docs/usage.md) for the full
+reference.
+
+## What it does NOT do (v0.1)
+
+- No live LLM probing — the hallucination database is a static seed for v0.1.
+- No SaaS dashboard, no auth, no billing, no telemetry to any remote server.
+- No tarpit registry, no defensive package registration.
+- No Cursor / Claude Code / Copilot IDE plugins.
+- No support for crates.io, pkg.go.dev, Maven Central, RubyGems, NuGet —
+  Python and JavaScript only.
+- No license scanning, no CVE matching, no SBOM generation.
+- No remote configuration, no SaaS API client.
+
+The full v0.2+ roadmap is tracked in the build spec, section 14.
+
+## Privacy & trust
+
+SlopGuard makes **only** the network calls you opt into (the public registry
+probes against `registry.npmjs.org` and `pypi.org`). No analytics, no
+ping-home, no telemetry. The trust model is the moat: run `--no-network` if
+you want to be sure.
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). PRs welcome — especially curated
+additions to the hallucination database.
+
+## License
+
+MIT. Copyright © 2026 SlopGuard. See [LICENSE](LICENSE).

slopguard_cli-0.1.0/README.md

@@ -0,0 +1,158 @@
+# SlopGuard
+
+[![CI](https://github.com/hariomunknownslab/slopguard/actions/workflows/ci.yml/badge.svg)](https://github.com/hariomunknownslab/slopguard/actions/workflows/ci.yml)
+[![PyPI](https://img.shields.io/pypi/v/slopguard.svg)](https://pypi.org/project/slopguard/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+**Slopsquatting** is what happens when an LLM hallucinates a plausible-sounding
+package name that does not exist on the public registry — and then an attacker
+registers that exact name with malware so the *next* developer (or AI agent)
+who follows the suggestion installs it. SlopGuard scans your project's
+dependencies, flags entries that are either known LLM hallucinations or that
+show the behavioural fingerprint of a slopsquat, and exits non-zero so CI
+fails the build before the malware reaches `node_modules` or `site-packages`.
+
+> SlopGuard stops AI coding agents from installing packages that LLMs hallucinated.
+
+## Install
+
+```bash
+pip install slopguard-cli
+# Homebrew formula ships in a later release:
+# brew install slopguard
+```
+
+> The PyPI **distribution** name is `slopguard-cli` (the name `slopguard`
+> overlapped with an unrelated existing package on PyPI). The installed
+> command, the Python import, and everything else stays `slopguard`.
+
+Python 3.11+ is required.
+
+## Usage
+
+### 1. Scan the current directory
+
+```bash
+slopguard scan
+```
+
+SlopGuard auto-discovers `package.json`, `package-lock.json`,
+`requirements.txt`, `pyproject.toml`, and `Pipfile` (up to two levels deep),
+probes each name against the public registry, and prints a Rich table:
+
+```text
+SlopGuard v0.1.0 — scanning /home/dev/myproj
+
+Detected manifests:
+  • package.json (npm, 32 deps)
+  • requirements.txt (pypi, 15 deps)
+
+Scanned 47 dependencies in 3.1s.
+
+┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
+┃ Package            ┃ Risk       ┃ Reason                                       ┃
+┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
+│ react-codeshift    │ HALLUCIN.  │ Matched seed DB entry; recurrence 0.71.      │
+│ langchain-helpers  │ SUSPICIOUS │ Created 14 days ago, 48 downloads, new auth. │
+│ openai-utils       │ SUSPICIOUS │ Levenshtein 2 from popular package 'openai'. │
+│ requests           │ CLEAN      │ Established package.                         │
+└────────────────────┴────────────┴──────────────────────────────────────────────┘
+
+Summary: 1 hallucinated, 2 suspicious, 44 clean, 0 error(s).
+Exit code: 1
+```
+
+### 2. Scan a specific path
+
+```bash
+slopguard scan ./mono/services/api
+```
+
+### 3. CI mode — JSON output, strict failure threshold
+
+```bash
+slopguard scan --format json --output report.json --fail-on hallucinated
+```
+
+See [`.github/workflows/slopguard.yml.example`](.github/workflows/slopguard.yml.example)
+for a drop-in GitHub Actions workflow and [`docs/ci-integration.md`](docs/ci-integration.md)
+for details on other CI providers.
+
+## How it works
+
+For every dependency, SlopGuard computes a small set of independent signals
+and combines them into a single risk score in `[0.0, 1.0]`:
+
+- **Hallucination-DB hit** (weight 0.90) — exact match in an embedded seed
+  database of names known to be hallucinated by major LLMs.
+- **Registry not found** (0.85) — the registry returns 404 for the name. The
+  most common slopsquat shape: a name that doesn't exist *yet*.
+- **Very recently / recently published** (0.35 / 0.20) — first release < 7
+  days / < 30 days old.
+- **Low downloads** (0.15) — < 100 downloads in the last month (npm) or last
+  week (PyPI).
+- **New publisher** (0.20) and **single-release new account** (0.30) — a
+  brand-new account whose only release is the package you're about to install.
+- **Levenshtein typo** (0.25) — name is 1–2 edits away from a top-1000
+  popular package (likely a typosquat).
+- **Suspicious name pattern** (0.10) — matches a classic LLM-hallucination
+  shape like `<stem>-helpers`, `<stem>-utils`, `<stem>-async`, `<stem>-pro`.
+
+The default cutoffs map scores `≥ 0.85` → **hallucinated**, `≥ 0.40` →
+**suspicious**, else **clean**. Both thresholds are tunable in
+`.slopguard.yaml`. See [`docs/detection.md`](docs/detection.md) for the full
+table, the order of operations, and edge cases.
+
+## Configuration
+
+`.slopguard.yaml`, picked up automatically from the scan target or any
+ancestor (up to 3 levels):
+
+```yaml
+ignore:
+  packages: ["internal-tool"]
+  patterns: ["^@mycompany/"]
+
+fail_on: suspicious        # any | hallucinated | suspicious | none
+
+network:
+  enabled: true
+  timeout_seconds: 5
+  concurrency: 16
+
+scoring:
+  suspicious_min_score: 0.4
+  hallucinated_min_score: 0.85
+```
+
+CLI flags override the file. See [`docs/usage.md`](docs/usage.md) for the full
+reference.
+
+## What it does NOT do (v0.1)
+
+- No live LLM probing — the hallucination database is a static seed for v0.1.
+- No SaaS dashboard, no auth, no billing, no telemetry to any remote server.
+- No tarpit registry, no defensive package registration.
+- No Cursor / Claude Code / Copilot IDE plugins.
+- No support for crates.io, pkg.go.dev, Maven Central, RubyGems, NuGet —
+  Python and JavaScript only.
+- No license scanning, no CVE matching, no SBOM generation.
+- No remote configuration, no SaaS API client.
+
+The full v0.2+ roadmap is tracked in the build spec, section 14.
+
+## Privacy & trust
+
+SlopGuard makes **only** the network calls you opt into (the public registry
+probes against `registry.npmjs.org` and `pypi.org`). No analytics, no
+ping-home, no telemetry. The trust model is the moat: run `--no-network` if
+you want to be sure.
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). PRs welcome — especially curated
+additions to the hallucination database.
+
+## License
+
+MIT. Copyright © 2026 SlopGuard. See [LICENSE](LICENSE).