MergeGuide Check Results
========================

Repository: my-app
Branch: feature/user-auth
Commit: a1b2c3d (staged changes)
Files analyzed: 12

Policies Evaluated: 8
├── Passed: 6
├── Warnings: 1
└── Failed: 1

[PASS] no-hardcoded-secrets
       No secrets detected in code changes

[PASS] no-sql-injection
       No SQL injection vulnerabilities found

[WARN] require-error-handling
       src/api/users.ts:45 - Consider adding error handling
       Recommendation: Wrap async operations in try-catch

[FAIL] no-eval-usage
       src/utils/dynamic.ts:23 - eval() usage detected
       This is blocked by your organization's security policy

Overall: FAIL

mergeguide check --verbose

[FAIL] no-hardcoded-secrets
       src/config.ts:12 - Potential API key detected
       Pattern matched: api_key = "sk-..."

// Before
const apiKey = "sk-abc123...";

// After
const apiKey = process.env.API_KEY;

[FAIL] no-sql-injection
       src/db/queries.ts:34 - String interpolation in SQL query

// Before
const query = `SELECT * FROM users WHERE id = ${userId}`;

// After
const query = `SELECT * FROM users WHERE id = $1`;
await db.query(query, [userId]);

[WARN] no-console-in-production
       src/api/handler.ts:56 - console.log detected

// Before
console.log("User logged in:", userId);

// After
logger.info("User logged in", { userId });

// mergeguide-ignore-next-line no-eval-usage
const result = eval(trustedCode); // Required for legacy plugin system

ignore:
  - "**/*.test.ts"
  - "scripts/migrations/**"

# Check again
mergeguide check

# Check specific files only
mergeguide check src/api/users.ts src/utils/dynamic.ts

# List all policies
mergeguide policies list

# Show policy details
mergeguide policies show no-eval-usage