[tracking] Full polyglot linter integration from pyqa_lint catalog

[paudley]

Summary

Track full coding-ethos integration for additional language and ecosystem linters from the pyqa_lint catalog.

Source catalog: ~/Active/pyqa_lint/tooling/catalog/languages/

This is intentionally split into one focused issue per tool so each integration can ship with complete acquisition, execution, parsing, AST, CEL, SARIF, MCP, docs, and test coverage instead of a thin binary wrapper.

Full Integration Contract

Each child issue must handle:

• Tool acquisition: deterministic managed install/build/download, pinned version/checksum where applicable, manifest provenance, startup validation, fail-fast diagnostics, and no arbitrary host PATH dependency.
• Command orchestration: Go-owned command construction through hook runner or managed capture, explicit config paths, staged/changed target selection where safe, sandboxing, timeouts, and network policy.
• Diagnostics parsing: native output normalized into tool/file/line/column/severity/rule/message diagnostics, plus structured failure diagnostics for unparseable output.
• Language AST facts: confirm or extend Tree-sitter/AST support before adding policy-specific scanners.
• CEL integration: expose findings and language facts through CEL inputs so policies can reason by tool, rule/code, file, severity, and path metadata.
• SARIF integration: stable rule IDs, source tool metadata, locations, related locations/fixes where available, and shape tests.
• Policy alignment: map actionable findings to coding-ethos principles and remediation skills where the project has a clear safety, trust, maintainability, or style position.
• MCP/agent surface: ensure lint_check, lint_advice, SARIF remediation, risk summaries, trend analysis, and hook traces identify the tool correctly.
• Documentation and tests: document acquisition/config/operator workflow and add unit plus functional workflow coverage.

Child Issues

• [feature] Full ESLint integration #78 ESLint (javascript/eslint.json)
• [feature] Full TypeScript compiler diagnostics integration #79 TypeScript compiler diagnostics (javascript/tsc.json)
• [feature] Full GTS integration #80 GTS (javascript/gts.json)
• [feature] Full Stylelint integration #81 Stylelint (css/stylelint.json)
• [feature] Full dockerfilelint integration #82 dockerfilelint (docker/dockerfilelint.json)
• [feature] Full kube-linter integration #83 kube-linter (kubernetes/kube-linter.json)
• [feature] Full Luacheck integration #84 Luacheck (lua/luacheck.json)
• [feature] Full lualint integration #85 lualint (lua/lualint.json)
• [feature] Full Selene integration #86 Selene (lua/selene.json)
• [feature] Full checkmake integration #87 checkmake (make/checkmake.json)
• [feature] Full remark-lint integration #88 remark-lint (markdown/remark-lint.json)
• [feature] Full Speccy OpenAPI integration #89 Speccy OpenAPI (openapi/speccy.json)
• [feature] Full Perl::Critic integration #90 Perl::Critic (perl/perlcritic.json)
• [feature] Full PHPLint integration #91 PHPLint (php/phplint.json)
• [feature] Full cpplint integration #92 cpplint (cpp/cpplint.json)
• [feature] Full cargo clippy integration #93 cargo clippy (rust/cargo-clippy.json)

Out of Scope For This Tracker

• Adding format-only tools unless they also need diagnostic parsing and policy integration.
• Treating a tool as integrated just because the binary can be executed.
• Adding ad hoc text scanners where shared AST/CEL/SARIF architecture can carry the behavior.