chore(skill/mutation-analyzer): add --diff mode to avoid sed loops

When inspecting several escaped mutants from a module, the previous
pattern was: for L in 3780 3792 ...; do sed -n "\${L},\$((L+10))p" log; done
which trips the permission allow-list (sed is not whitelisted) and is
fragile against log layout shifts.

infection-stats.php now accepts --diff=L1[,L2,...] [--lines=N]: a
single forward pass over infection.log emits each requested block
prefixed by === L<n> ===. Already covered by the existing
Bash(php8.4:*) allow rule — no settings change required.

SKILL.md documents the new mode in both example sections and replaces
the prior Read log offset=L<n> hint for bulk inspection.

Author: Test

.claude/skills/mutation-analyzer/SKILL.md

@@ -51,20 +51,32 @@ php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --by-mutator
 # 3. Ficheros con más escapes (orienta orden de análisis)
 php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --by-file --top=15
 
-# 4. Lista detallada de mutants de un fichero (con la línea del log para abrirla con Read)
+# 4. Lista detallada de mutants de un fichero (con la línea del log para volcar el diff)
 php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --filter=src/Execution/FlowExecutor.php
 
 # 5. Lo mismo pero para timeouts
 php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --filter=src/Execution/FlowExecutor.php --section=timeout
+
+# 6. Diff completo de N mutants (acepta lista de L<n> o números pelados)
+php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --diff=552,673,686 --lines=12
 ```
 
-`--filter` imprime una línea por mutant con `L<n>` (línea del log), índice, path, mutator, ID. Usa el `L<n>` como `offset` para leer el diff con `Read`:
+`--filter` imprime una línea por mutant con `L<n>` (línea del log), índice, path, mutator, ID. Para inspeccionar el diff:
 
 ```
 L552  43) /var/www/html1/src/Execution/FlowExecutor.php:286  Continue_  f4ef6cc1...
-   → Read reports/infection/infection.log offset=552 limit=15
+   → php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --diff=552 --lines=15
 ```
 
+**Usa `--diff` en bulk para varios mutants a la vez** (ej. al procesar un módulo entero):
+
+```bash
+php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php \
+    --diff=3780,3792,3805,3818,3831,3844 --lines=10
+```
+
+Una sola invocación devuelve los N bloques separados por `=== L<n> ===`. Mucho más eficiente que `Read` individual por mutant y **evita** los `for L in …; do sed -n …; done` que disparan prompts de permiso y son frágiles ante cambios de layout del log.
+
 **Nunca usar** `Read` sobre `mutation-report.html` — romperá el límite de mensaje y no añade información sobre los `.log`/`.md`. Si el usuario lo adjunta, recordárselo y pedir que aporte el `infection.log` o que re-ejecute Infection acotado (ver abajo).
 
 ### 3. Diseñar el análisis: calidad primero
@@ -190,9 +202,12 @@ Cuando se quiera bajar al detalle de un módulo concreto:
 php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --filter=src/Execution/FlowExecutor.php
 # Para timeouts:
 php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --filter=src/Execution/FlowExecutor.php --section=timeout
+
+# Volcar los diffs de N mutants en una sola invocación (acepta lista de L<n> o números pelados):
+php8.4 .claude/skills/mutation-analyzer/scripts/infection-stats.php --diff=552,673,686 --lines=12
 ```
 
-Y luego `Read reports/infection/infection.log offset=L<n> limit=15` para inspeccionar el diff exacto. **No** componer `grep | sed`/`awk` ad-hoc — rompe permisos y es frágil.
+**Nunca** componer `for L in …; do sed -n "${L},$((L+10))p" …; done` ni `grep | awk` ad-hoc: dispara prompts de permiso para `sed` / `awk` y es frágil ante cambios de layout. Usa `--diff` (incluso para un solo mutant) o `Read reports/infection/infection.log offset=L<n> limit=15` para casos puntuales.
 
 **Nunca abrir `mutation-report.html`**: es HTML de 5-10 MB con CSS/JS embebidos; rompe el límite de mensaje y no aporta sobre los `.log`/`.md`.
 

.claude/skills/mutation-analyzer/scripts/infection-stats.php

@@ -28,6 +28,12 @@
  *   php8.4 infection-stats.php --section=timeout
  *       List timed-out mutants (default --section=escaped).
  *
+ *   php8.4 infection-stats.php --diff=L1[,L2,...] [--lines=N]
+ *       Dump the diff block of each mutant whose log line is given as L<n>
+ *       (use the L<n> values from --filter). Default block size is 12 lines.
+ *       Avoids `sed -n "${L},$((L+10))p"` loops that trip the permission
+ *       allow-list and that are fragile across log layout changes.
+ *
  * Flags can combine: `--by-file --top=10`.
  *
  * The reports directory defaults to reports/infection/ relative to the cwd
@@ -280,6 +286,72 @@ function commandFilter(array $opts): void
     printf("--- %d mutants ---%s", $count, PHP_EOL);
 }
 
+function commandDiff(array $opts): void
+{
+    $dir = reportsDir($opts);
+    $path = "$dir/infection.log";
+    if (!is_file($path)) {
+        fail("infection.log not found at '$path'.");
+    }
+
+    $raw = $opts['diff'];
+    if ($raw === '' || $raw === '1') {
+        fail('--diff requires one or more line offsets, e.g. --diff=3780,3792 (use the L<n> from --filter).');
+    }
+    $lines = isset($opts['lines']) ? max(1, (int) $opts['lines']) : 12;
+
+    // Parse offsets: tolerate "3780", "L3780", whitespace, and stray commas.
+    $offsets = [];
+    foreach (preg_split('/[,\s]+/', $raw) ?: [] as $token) {
+        $token = ltrim($token, 'L');
+        if ($token === '' || !ctype_digit($token)) {
+            continue;
+        }
+        $offsets[] = (int) $token;
+    }
+    if ($offsets === []) {
+        fail("--diff has no valid numeric offsets after parsing '$raw'.");
+    }
+
+    // Sort once so multiple offsets read the file in a single forward pass.
+    sort($offsets);
+    $needed = [];
+    foreach ($offsets as $start) {
+        for ($i = $start; $i < $start + $lines; $i++) {
+            $needed[$i] = true;
+        }
+    }
+
+    $buffer = [];
+    $handle = fopen($path, 'rb');
+    if ($handle === false) {
+        fail("Cannot read '$path'.");
+    }
+    $lineNo = 0;
+    while (($line = fgets($handle)) !== false) {
+        $lineNo++;
+        if (isset($needed[$lineNo])) {
+            $buffer[$lineNo] = rtrim($line, "\r\n");
+        }
+        if ($lineNo > max($offsets) + $lines) {
+            break;
+        }
+    }
+    fclose($handle);
+
+    // Emit each requested block in original offset order with a marker so the
+    // caller can demarcate them when several are queried at once.
+    foreach ($offsets as $start) {
+        printf("=== L%d ===%s", $start, PHP_EOL);
+        for ($i = $start; $i < $start + $lines; $i++) {
+            if (isset($buffer[$i])) {
+                echo $buffer[$i] . PHP_EOL;
+            }
+        }
+        echo PHP_EOL;
+    }
+}
+
 function help(): void
 {
     echo <<<HELP
@@ -290,6 +362,7 @@ function help(): void
   --by-file [--top=N] [--section=]   escaped|timeout per file
   --by-mutator [--escaped-only]      per-mutator.md compact list
   --filter=<needle> [--section=]     mutants whose path contains the needle
+  --diff=L1[,L2,...] [--lines=N]     dump diff blocks at log offsets (default 12 lines)
 
 Common options:
   --reports=<path>   override reports dir (default: reports/infection/)
@@ -322,6 +395,10 @@ function help(): void
     commandFilter($opts);
     exit(0);
 }
+if (isset($opts['diff'])) {
+    commandDiff($opts);
+    exit(0);
+}
 
 help();
 exit(1);