lizy-coding
diff --git a/‎.github/workflows/flutterguard.yml‎
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/flutterguard.yml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 35 additions & 11 deletions b/‎AGENTS.md‎
Lines changed: 35 additions & 11 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 28 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 28 additions & 0 deletions
@@ -0,0 +1,35 @@
+name: FlutterGuard
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  scan:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dart-lang/setup-dart@v1
+        with:
+          sdk: "3.3.0"
+
+      - name: Install FlutterGuard
+        run: dart pub global activate flutterguard_cli
+
+      - name: Scan
+        run: flutterguard scan . --format json --fail-on high --min-score 80
+        continue-on-error: true
+
+      - name: Upload report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: flutterguard-report-${{ matrix.os }}
+          path: .flutterguard/report.json
@@ -19,38 +19,62 @@ IoT/smart home Flutter project static analysis CLI plugin. NOT an observability
 |---------|---------|
 | `dart run melos bootstrap` | Install workspace dependencies |
 | `dart run melos run analyze` | dart analyze on all packages |
-| `dart run melos run test:cli` | CLI tests only |
-| `dart run flutterguard scan -p <path>` | Run scan on a project |
+| `dart run melos run test:cli` | CLI tests only (26 tests) |
+| `flutterguard scan [<path>]` | Run scan on a project (path defaults to current dir) |
+| `flutterguard scan <path> --format json --fail-on high` | JSON output with CI gate |
+| `dart compile exe ... -o flutterguard` | Compile native binary |
+
+## CI & Automation
+- `.github/workflows/flutterguard.yml` — CI with ubuntu/macos/windows matrix
+- `scripts/compile.sh` / `scripts/compile.ps1` — cross-platform native binary compilation
+- `scripts/scan_ci.sh` / `scripts/scan_ci.ps1` — local CI gate scripts
 
 ## CLI Entry Point
 `packages/flutterguard_cli/bin/flutterguard.dart`
 
-Wired rules (5): LargeUnitsRule, LifecycleResourceRule, LayerViolationRule, ModuleViolationRule, CircularDependencyRule
+Supports positional path: `flutterguard scan ./my_project` (no `-p` required). Project auto-discovery walks up from CWD to find `flutterguard.yaml`, `pubspec.yaml`, or `lib/`.
+
+Wired rules (11 rule classes, 13 rule IDs):
+- Standards: LargeUnitsRule (3 IDs), MissingConstConstructorRule, PubspecSecurityRule
+- Performance: LifecycleResourceRule
+- Architecture: LayerViolationRule, ModuleViolationRule, CircularDependencyRule
+- IoT: DeviceLifecycleRule, MqttConnectionRule, BleScanningRule, IotSecurityRule
 
 ## Source Layout
 ```
 packages/flutterguard_cli/lib/src/
-  config_loader.dart         # YAML → ScanConfig (incl architecture.layers/modules)
+  config_loader.dart         # YAML → ScanConfig typedefs (11 rule configs + architecture)
   file_collector.dart        # Glob file discovery
+  project_resolver.dart      # Project auto-discovery (walk-up flutterguard.yaml / pubspec.yaml / lib/)
   static_issue.dart          # StaticIssue + RiskLevel + IssueDomain + Priority
-  report_generator.dart      # Table + JSON output + score
+  report_generator.dart      # Table + JSON output + score, --no-color support
   domain.dart                # IssueDomain enum (architecture/performance/standards)
   priority.dart              # Priority enum (p0/p1/p2)
+  path_utils.dart            # Cross-platform path/glob helpers (p.Context abstraction)
+  import_utils.dart          # Dart import resolution against collected files
+  source_utils.dart          # Analyzer offset → line number conversion
   rules/
-    large_units.dart         # large_file, large_class, large_build_method
-    lifecycle_resource.dart  # lifecycle_resource_not_disposed
-    layer_violation.dart     # layer_violation (architecture layer breaches)
-    module_violation.dart    # module_violation (cross-module breaches)
-    circular_dependency.dart # circular_dependency (file-level cycles)
+    large_units.dart              # large_file, large_class, large_build_method
+    lifecycle_resource.dart       # lifecycle_resource_not_disposed
+    layer_violation.dart          # layer_violation (architecture layer breaches)
+    module_violation.dart         # module_violation (cross-module breaches)
+    circular_dependency.dart      # circular_dependency (file-level cycles)
+    missing_const_constructor.dart # missing_const_constructor
+    iot_security.dart             # iot_security (hardcoded secrets, cleartext MQTT/HTTP, insecure BLE)
+    device_lifecycle.dart         # device_lifecycle (init/teardown pair checks)
+    mqtt_connection.dart          # mqtt_connection (MQTT connect/disconnect, broker URLs)
+    ble_scanning.dart             # ble_scanning (BLE startScan/stopScan, timeout)
+    pubspec_security.dart         # pubspec_security (unbounded deps, deprecated packages)
 ```
 
 ## Spec
 Single source of truth: `docs/FLUTTERGUARD_SPEC.md` — read before implementing any feature.
 
 ## Maintenance Rules
-1. New rule: spec entry → config typedef → rule class → fixture → test → wire into bin/flutterguard.dart
+1. New rule: spec entry → config typedef → rule class → fixture → test → wire into scanner.dart
 2. Always run `melos run analyze` + `melos run test:cli` before committing
 3. Do NOT modify archived packages (core/dio/flutter) — they are frozen references
 4. Do NOT add Flutter widgets, web/cloud infra, or SaaS SDKs
 5. Output format defaults to `table`. JSON available via `--format=json`
 6. Architecture rules require explicit `architecture.layers` / `architecture.modules` in flutterguard.yaml
+7. CLI supports positional path (`flutterguard scan ./project`) and `--no-color` flag
@@ -1,5 +1,33 @@
 # Changelog
 
+## 0.2.0 (2026-06-15)
+
+### IoT Domain Rules (5 new rules)
+
+- **cli:** `iot_security` rule — detects hardcoded credentials, cleartext MQTT (port 1883), cleartext HTTP, and insecure BLE configurations (p0, architecture)
+- **cli:** `device_lifecycle` rule — checks balanced init/teardown pairs (initState↔dispose, connect↔disconnect, startScan↔stopScan, listen↔cancel, subscribe↔unsubscribe) (p0, architecture)
+- **cli:** `mqtt_connection` rule — validates MQTT connect/disconnect and subscribe/unsubscribe pairing, detects hardcoded broker URLs (p0, architecture)
+- **cli:** `ble_scanning` rule — checks BLE startScan/stopScan pairing, connect/disconnect, and scan timeout configuration (p1, architecture)
+- **cli:** `pubspec_security` rule — analyzes pubspec.yaml for unbounded dependencies, deprecated packages (flutter_blue→flutter_blue_plus), and outdated IoT dependencies (p2, standards)
+
+### UX Improvements
+
+- **cli:** Positional path argument — `flutterguard scan ./my_project` now works without `-p` flag
+- **cli:** Project auto-discovery — walks up from CWD to find `flutterguard.yaml`, `pubspec.yaml`, or `lib/`
+- **cli:** Config path resolution with 3-tier priority (absolute → CWD-relative → project-relative)
+- **cli:** `--no-color` flag to disable ANSI terminal output
+- **cli:** Cross-platform compile scripts (`scripts/compile.sh`, `scripts/compile.ps1`)
+
+### CI & Automation
+
+- **ci:** GitHub Actions workflow with ubuntu/macos/windows matrix
+- **ci:** Local CI scripts (`scripts/scan_ci.sh`, `scripts/scan_ci.ps1`) with configurable gates
+- **docs:** README restructured — user install (pub.dev) / native binary / developer install tiers
+- **docs:** README CI integration examples (GitHub Actions, GitLab CI, pre-commit hook, local scripts)
+- **docs:** Windows commands use correct backslash paths in install and compile steps
+
+### Total Rules: 11 rule classes, 13 rule IDs
+
 ## 0.1.0 (2026-05-17)
 
 ### Initial Release — CLI Static Analysis