@boshu2/vibe-check 2.2.1 → 2.4.0

package/.beads/config.yaml

@@ -0,0 +1,62 @@
+# Beads Configuration File
+# This file configures default behavior for all bd commands in this repository
+# All settings can also be set via environment variables (BD_* prefix)
+# or overridden with command-line flags
+
+# Issue prefix for this repository (used by bd init)
+# If not set, bd init will auto-detect from directory name
+# Example: issue-prefix: "myproject" creates issues like "myproject-1", "myproject-2", etc.
+# issue-prefix: ""
+
+# Use no-db mode: load from JSONL, no SQLite, write back after each command
+# When true, bd will use .beads/issues.jsonl as the source of truth
+# instead of SQLite database
+# no-db: false
+
+# Disable daemon for RPC communication (forces direct database access)
+# no-daemon: false
+
+# Disable auto-flush of database to JSONL after mutations
+# no-auto-flush: false
+
+# Disable auto-import from JSONL when it's newer than database
+# no-auto-import: false
+
+# Enable JSON output by default
+# json: false
+
+# Default actor for audit trails (overridden by BD_ACTOR or --actor)
+# actor: ""
+
+# Path to database (overridden by BEADS_DB or --db)
+# db: ""
+
+# Auto-start daemon if not running (can also use BEADS_AUTO_START_DAEMON)
+# auto-start-daemon: true
+
+# Debounce interval for auto-flush (can also use BEADS_FLUSH_DEBOUNCE)
+# flush-debounce: "5s"
+
+# Git branch for beads commits (bd sync will commit to this branch)
+# IMPORTANT: Set this for team projects so all clones use the same sync branch.
+# This setting persists across clones (unlike database config which is gitignored).
+# Can also use BEADS_SYNC_BRANCH env var for local override.
+# If not set, bd sync will require you to run 'bd config set sync.branch <branch>'.
+# sync-branch: "beads-sync"
+
+# Multi-repo configuration (experimental - bd-307)
+# Allows hydrating from multiple repositories and routing writes to the correct JSONL
+# repos:
+#   primary: "."  # Primary repo (where this database lives)
+#   additional:   # Additional repos to hydrate from (read-only)
+#     - ~/beads-planning  # Personal planning repo
+#     - ~/work-planning   # Work planning repo
+
+# Integration settings (access with 'bd config get/set')
+# These are stored in the database, not in this file:
+# - jira.url
+# - jira.project
+# - linear.url
+# - linear.api-key
+# - github.org
+# - github.repo

package/.beads/issues.jsonl

@@ -0,0 +1,21 @@
+{"id":"vibe-check-1qb","title":"Create JavaScript/TypeScript driver","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-29T15:44:12.584697-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:30:56.020994-05:00","closed_at":"2025-12-29T16:30:56.020994-05:00","close_reason":"Completed JavaScript/TypeScript driver using cyclomatic-complexity tool. Supports both JS and TS, integrated with CLI, all tests passing.","comments":[{"id":13,"issue_id":"vibe-check-1qb","author":"fullerbt","text":"Will use complexity-report tool (wraps escomplex). Output structure:\n- reports[0].functions[] contains function-level metrics\n- reports[0].path contains file path\n- Need to transform to match ComplexityReport schema","created_at":"2025-12-29T21:24:58Z"},{"id":14,"issue_id":"vibe-check-1qb","author":"fullerbt","text":"BLOCKER: complexity-report doesn't handle TypeScript files - hangs during analysis. Need alternative approach:\n1. Use typescript-complexity or ts-complexity\n2. Or transpile TS-\u003eJS first\n3. Or skip .ts files and only analyze .js/.jsx","created_at":"2025-12-29T21:26:20Z"},{"id":15,"issue_id":"vibe-check-1qb","author":"fullerbt","text":"✓ Switched to cyclomatic-complexity tool (supports both JS and TS)\n✓ Driver successfully analyzes vibe-check codebase: 81 files, 1409 functions, avg 3.8 complexity\n✓ Output matches ComplexityReport schema\nReady for integration testing","created_at":"2025-12-29T21:28:14Z"},{"id":16,"issue_id":"vibe-check-1qb","author":"fullerbt","text":"✓ COMPLETED\n- Created drivers/javascript.sh using cyclomatic-complexity tool\n- Supports both JavaScript and TypeScript files\n- Updated CLI commands (driver.ts, modularity.ts) with ESM __dirname compatibility\n- Updated documentation (drivers/README.md, README.md)\n- All tests passing (163 passed)\n- Tested: driver subcommand, modularity --with-complexity javascript","created_at":"2025-12-29T21:30:50Z"}]}
+{"id":"vibe-check-1yr","title":"Create Java complexity driver","description":"Wrap PMD to produce ComplexityReport JSON. JSON output via '-f json' flag. Requires JRE. Install: download PMD JAR from pmd.github.io","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-29T16:48:19.421973-05:00","created_by":"fullerbt","updated_at":"2025-12-29T17:11:49.527974-05:00","closed_at":"2025-12-29T17:11:49.527974-05:00","close_reason":"Completed Java driver using PMD. Parses violations JSON, extracts complexity via regex, transforms to ComplexityReport schema. CLI and docs updated.","comments":[{"id":19,"issue_id":"vibe-check-1yr","author":"fullerbt","text":"Files: drivers/java.sh, drivers/README.md, README.md, src/commands/*.ts\nTool: pmd check -d /path -R category/java/design.xml -f json\nInstall: Download PMD JAR (requires JRE)","created_at":"2025-12-29T21:48:56Z"},{"id":22,"issue_id":"vibe-check-1yr","author":"fullerbt","text":"✓ COMPLETED\n- Created drivers/java.sh wrapping PMD\n- Filters PMD JSON violations for CyclomaticComplexity rule\n- Uses jq regex capture to extract method name and complexity from description\n- Updated CLI integration (driver.ts, modularity.ts)\n- Updated documentation (drivers/README.md, README.md)\n- All tests passing (163 passed)\n\nNote: PMD only reports violations above threshold (default 10). Low-complexity methods won't appear. Requires JRE and PMD installed.","created_at":"2025-12-29T22:11:41Z"}]}
+{"id":"vibe-check-263","title":"Session end AI safety integration","description":"Integrate AI safety analysis into session end command. Add ai_safety section to JSON output. Show warnings in terminal output with recommendations.","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-28T12:07:22.458246-05:00","created_by":"fullerbt","updated_at":"2025-12-28T12:32:10.15324-05:00","closed_at":"2025-12-28T12:32:10.15324-05:00","close_reason":"Completed: AI safety integrated into session end. JSON output includes ai_safety section. Terminal shows warnings and recommendations. Follows inner-loop pattern.","dependencies":[{"issue_id":"vibe-check-263","depends_on_id":"vibe-check-swh","type":"blocks","created_at":"2025-12-28T12:07:42.272223-05:00","created_by":"daemon"}],"comments":[{"id":6,"issue_id":"vibe-check-263","author":"fullerbt","text":"✅ Implementation complete:\n\nUpdated src/commands/session.ts:\n- Imported analyzeAISafety and formatAISafetyAnalysis from ai-safety module\n- Added ai_safety field to SessionMetricsOutput interface\n- Integrated AI safety analysis in runSessionEnd() (parallel with inner-loop)\n- Added ai_safety section to JSON output with:\n  - health: 'healthy' | 'warning' | 'critical'\n  - issues_detected, secrets_leaked, scope_violations counts\n  - contract_drift_detected, token_spiral_detected booleans\n  - recommendations array\n- Added terminal output showing:\n  - Health status with emoji (🚨/⚠️/✅)\n  - Individual detector messages (🔐/🎯/📉/💥)\n  - Top 3 recommendations\n- Follows exact same pattern as inner-loop integration\n\nTesting:\n- Build passes ✅\n- Session start/end commands work ✅\n- JSON output structure confirmed (no commits = expected behavior)","created_at":"2025-12-28T17:32:04Z"}]}
+{"id":"vibe-check-56v","title":"Contract drift detector","description":"Track commit message format compliance over time. Detect degradation from conventional commits. Report drift percentage and trend. Warning at \u003e30% drift.","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-28T12:07:24.054553-05:00","created_by":"fullerbt","updated_at":"2025-12-28T13:21:58.451526-05:00","closed_at":"2025-12-28T13:21:58.451526-05:00","close_reason":"Contract drift detector with compliance scoring and trend detection","dependencies":[{"issue_id":"vibe-check-56v","depends_on_id":"vibe-check-ash","type":"blocks","created_at":"2025-12-28T12:07:42.336535-05:00","created_by":"daemon"}]}
+{"id":"vibe-check-58i","title":"Create Go complexity driver","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-29T16:32:18.00354-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:35:57.60124-05:00","closed_at":"2025-12-29T16:35:57.60124-05:00","close_reason":"Completed Go complexity driver using gocyclo. Supports all Go files, transforms text output to JSON, integrated with CLI."}
+{"id":"vibe-check-5s1","title":"Scope violation detector","description":"Detect commits touching files outside declared scope. Support scope config via .vibe-check/scope.yaml. Use glob patterns. Warning severity.","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-28T12:07:23.888845-05:00","created_by":"fullerbt","updated_at":"2025-12-28T13:15:03.887086-05:00","closed_at":"2025-12-28T13:15:03.887086-05:00","close_reason":"Scope violation detector with YAML config and glob matching","dependencies":[{"issue_id":"vibe-check-5s1","depends_on_id":"vibe-check-ash","type":"blocks","created_at":"2025-12-28T12:07:42.3013-05:00","created_by":"daemon"}]}
+{"id":"vibe-check-5vc","title":"Integrate complexity data into modularity scoring","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-29T15:44:12.438929-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:03:31.509851-05:00","closed_at":"2025-12-29T16:03:31.509851-05:00","close_reason":"Completed: Complexity data integrated into modularity scoring with full test coverage","dependencies":[{"issue_id":"vibe-check-5vc","depends_on_id":"vibe-check-nk3","type":"blocks","created_at":"2025-12-29T15:44:22.517099-05:00","created_by":"daemon"}],"comments":[{"id":9,"issue_id":"vibe-check-5vc","author":"fullerbt","text":"COMPLETED: Integrated complexity data into modularity scoring\n\nModified Files:\n- src/analyzers/modularity.ts:\n  - Added ComplexityReport import\n  - Added 3 new ModularityFlag types: moderate-complexity, high-complexity, extreme-complexity\n  - Updated ModularityOptions to accept optional complexityData parameter\n  - Updated analyzeFile() to accept and pass complexityData\n  - Updated calculateScore() to apply complexity-based scoring:\n    - Grade A/B: +2 bonus\n    - Grade C: -1 penalty, moderate-complexity flag\n    - Grade D/E: -2 penalty, high-complexity flag\n    - Grade F: -4 penalty, extreme-complexity flag\n  - Updated analyzeModularity() to pass complexity data through call chain\n\nCreated Files:\n- tests/modularity-complexity.test.ts (6 tests, all passing)\n\nTest Results:\n- All 163 tests pass\n- Backwards compatible: works without complexity data\n- Correctly applies bonuses/penalties based on grades\n- Handles missing files in complexity report gracefully","created_at":"2025-12-29T21:03:23Z"}]}
+{"id":"vibe-check-88z","title":"Create PHP complexity driver","description":"Wrap PHPMD to produce ComplexityReport JSON. Native JSON output via 'phpmd /path json codesize'. Install: composer global require phpmd/phpmd","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-29T16:48:12.741187-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:59:31.035948-05:00","closed_at":"2025-12-29T16:59:31.035948-05:00","close_reason":"Completed PHP driver using PHPMD. Parses violations JSON, extracts complexity via regex, transforms to ComplexityReport schema. CLI and docs updated.","comments":[{"id":18,"issue_id":"vibe-check-88z","author":"fullerbt","text":"Files: drivers/php.sh, drivers/README.md, README.md, src/commands/*.ts\nTool: phpmd /path/to/src json codesize\nInstall: composer global require phpmd/phpmd","created_at":"2025-12-29T21:48:46Z"},{"id":21,"issue_id":"vibe-check-88z","author":"fullerbt","text":"✓ COMPLETED\n- Created drivers/php.sh wrapping PHPMD\n- Extracts cyclomatic complexity violations from PHPMD JSON output\n- Uses jq regex capture to parse complexity from description text\n- Updated CLI integration (driver.ts, modularity.ts)\n- Updated documentation (drivers/README.md, README.md)\n- All tests passing (163 passed)\n\nNote: PHPMD only reports violations (methods above threshold), so low-complexity methods won't appear in output. This is expected behavior.","created_at":"2025-12-29T21:59:22Z"}]}
+{"id":"vibe-check-8no","title":"Create Rust complexity driver","description":"Wrap rust-code-analysis-cli to produce ComplexityReport JSON. Native JSON output makes this simplest to implement. Follow pattern from python.sh/javascript.sh/go.sh","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-29T16:48:05.624738-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:53:15.011168-05:00","closed_at":"2025-12-29T16:53:15.011168-05:00","close_reason":"Completed Rust driver using rust-code-analysis-cli. Wraps tool output, merges multi-file JSONs, transforms to ComplexityReport schema. CLI and docs updated.","comments":[{"id":17,"issue_id":"vibe-check-8no","author":"fullerbt","text":"Files to modify:\n- drivers/rust.sh (new)\n- drivers/README.md (add Rust section)\n- README.md (add Rust to Available Drivers)\n- src/commands/driver.ts (update available list)\n- src/commands/modularity.ts (update available list)\n\nTool: rust-code-analysis-cli -m -O json -p /path/to/src\nInstall: cargo install rust-code-analysis-cli\nPattern: Follow python.sh/javascript.sh/go.sh","created_at":"2025-12-29T21:48:40Z"},{"id":20,"issue_id":"vibe-check-8no","author":"fullerbt","text":"✓ COMPLETED\n- Created drivers/rust.sh wrapping rust-code-analysis-cli\n- Handles temp dir for multi-file JSON outputs, merges with jq\n- Updated CLI integration (driver.ts, modularity.ts)\n- Updated documentation (drivers/README.md, README.md)\n- All tests passing (163 passed)\n- Build successful\n\nNote: Driver tested with design but not against actual Rust code (cargo not available in environment). User will need to test with actual Rust codebase.","created_at":"2025-12-29T21:53:04Z"}]}
+{"id":"vibe-check-8zt","title":"Add CLI complexity flags (--with-complexity, driver subcommand)","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-29T15:44:12.537306-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:15:25.573766-05:00","closed_at":"2025-12-29T16:15:25.573766-05:00","close_reason":"Completed: CLI complexity flags with driver subcommand and integration options","dependencies":[{"issue_id":"vibe-check-8zt","depends_on_id":"vibe-check-5vc","type":"blocks","created_at":"2025-12-29T15:44:22.571068-05:00","created_by":"daemon"},{"issue_id":"vibe-check-8zt","depends_on_id":"vibe-check-9th","type":"blocks","created_at":"2025-12-29T15:44:22.599196-05:00","created_by":"daemon"}],"comments":[{"id":11,"issue_id":"vibe-check-8zt","author":"fullerbt","text":"COMPLETED: Added CLI complexity flags for driver integration\n\nModified Files:\n- src/commands/modularity.ts:\n  - Added --with-complexity \u003clang\u003e option (runs driver, saves to .vibe-check/complexity.json)\n  - Added --complexity-file \u003cpath\u003e option (loads existing complexity data)\n  - Added runComplexityDriver() function (uses execFile for security)\n  - Added loadComplexityFromFile() function\n  - Updated printTerminalOutput() to show complexity integration status\n  - Added flag labels for moderate/high/extreme complexity\n- src/cli.ts:\n  - Added createDriverCommand import and registration\n\nCreated Files:\n- src/commands/driver.ts:\n  - New 'driver' subcommand for running drivers directly\n  - Usage: vibe-check driver python ./src \u003e complexity.json\n  - Uses execFile (secure, no shell injection)\n  - Outputs JSON to stdout for piping\n\n- src/commands/index.ts:\n  - Exported createDriverCommand and runDriver\n\nTest Results:\n- All 163 tests pass\n- Build succeeds without errors\n- Help text verified for both commands\n\nAcceptance Criteria Met:\n✅ --with-complexity runs driver, saves to .vibe-check/complexity.json\n✅ --complexity-file uses existing file\n✅ driver subcommand outputs to stdout\n✅ Help text updated\n✅ Uses execFile (secure) instead of exec","created_at":"2025-12-29T21:15:19Z"}]}
+{"id":"vibe-check-9th","title":"Create Python driver (radon wrapper)","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-29T15:44:12.487081-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:09:48.351483-05:00","closed_at":"2025-12-29T16:09:48.351483-05:00","close_reason":"Completed: Python driver (radon wrapper) with full error handling and documentation","comments":[{"id":10,"issue_id":"vibe-check-9th","author":"fullerbt","text":"COMPLETED: Created Python driver (radon wrapper)\n\nCreated Files:\n- drivers/python.sh (executable shell script)\n  - Checks radon is installed, exits 1 with JSON error if not\n  - Runs 'radon cc' with JSON output\n  - Transforms with jq to standard ComplexityReport schema\n  - Handles empty directories (outputs empty files object)\n  - Handles missing directories (exits 1 with error JSON)\n- drivers/README.md\n  - Documents driver architecture and contract\n  - Shows standard schema and grade thresholds\n  - Provides usage examples and template for new drivers\n\nManual Testing Results:\n- Tested with sample Python file (3 functions, complexity 1-7)\n- Output validates against ComplexityReport schema\n- Error handling works (missing radon, missing directory)\n- Empty directory handling works\n- Grade calculation correct (avg 4 = grade A)\n\nAcceptance Criteria Met:\n✅ Exits 0 on success\n✅ Exits 1 with error JSON if radon not installed\n✅ Output validates against schema\n✅ Handles empty directories gracefully","created_at":"2025-12-29T21:09:42Z"}]}
+{"id":"vibe-check-9yp","title":"Document driver architecture in README","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-29T15:44:12.631846-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:18:55.698064-05:00","closed_at":"2025-12-29T16:18:55.698064-05:00","close_reason":"Completed: Driver architecture documented in main README with examples and architecture diagram","dependencies":[{"issue_id":"vibe-check-9yp","depends_on_id":"vibe-check-8zt","type":"blocks","created_at":"2025-12-29T15:44:22.654954-05:00","created_by":"daemon"}],"comments":[{"id":12,"issue_id":"vibe-check-9yp","author":"fullerbt","text":"COMPLETED: Documented driver architecture in main README\n\nModified Files:\n- README.md:\n  - Added 'Complexity Analysis (v2.3.0)' subsection under 'Code Quality'\n  - Quick start examples for all three usage patterns:\n    - --with-complexity python (run driver + analysis)\n    - --complexity-file \u003cpath\u003e (use existing data)\n    - driver subcommand (generate data only)\n  - Driver architecture diagram (kernel ← drivers ← tools)\n  - Complexity grading table with score impacts\n  - Available drivers list (Python + coming soon)\n  - Example output showing complexity integration\n  - Links to drivers/README.md for authoring guide\n\nDocumentation Structure:\n1. Quick Start (3 usage patterns)\n2. How It Works (architecture diagram)\n3. Complexity Grading (A-F with score impacts)\n4. Available Drivers (Python + roadmap)\n5. Example Output (terminal output with complexity flags)\n\nAcceptance Criteria Met:\n✅ README shows basic usage\n✅ Documents all three CLI patterns\n✅ Explains driver architecture\n✅ Shows complexity grading system\n✅ Links to drivers/README.md for details\n✅ Positioned in Code Quality section (logical location)","created_at":"2025-12-29T21:18:48Z"}]}
+{"id":"vibe-check-ash","title":"AI Safety types and orchestrator","description":"Create src/ai-safety/types.ts and src/ai-safety/index.ts. Define AISafetyAnalysis interface matching inner-loop pattern. Foundation for all other detectors.","status":"closed","priority":0,"issue_type":"feature","created_at":"2025-12-28T12:07:20.710124-05:00","created_by":"fullerbt","updated_at":"2025-12-28T12:12:30.564652-05:00","closed_at":"2025-12-28T12:12:30.564652-05:00","close_reason":"Completed: AI Safety types and orchestrator foundation. Created types.ts with all interfaces and index.ts with orchestrator following inner-loop pattern. Build passes.","dependencies":[{"issue_id":"vibe-check-ash","depends_on_id":"vibe-check-lqb","type":"blocks","created_at":"2025-12-28T12:07:42.213339-05:00","created_by":"daemon"}],"comments":[{"id":2,"issue_id":"vibe-check-ash","author":"fullerbt","text":"Files to create:\n- src/ai-safety/types.ts\n- src/ai-safety/index.ts\n\nPattern: Follow src/inner-loop/ structure exactly","created_at":"2025-12-28T17:07:57Z"},{"id":4,"issue_id":"vibe-check-ash","author":"fullerbt","text":"✅ Implementation complete:\n\nCreated src/ai-safety/types.ts:\n- AISafetyAnalysis interface (matches inner-loop pattern)\n- 4 detector result types: SecretLeakageResult, ScopeViolationResult, ContractDriftResult, TokenSpiralResult\n- Config types with DEFAULT_AI_SAFETY_CONFIG\n- SECRET_PATTERNS constants for 8 secret types\n\nCreated src/ai-safety/index.ts:\n- analyzeAISafety() orchestrator function\n- generateRecommendations() helper\n- quickAISafetyCheck() fast check function\n- formatAISafetyAnalysis() terminal output formatter\n- Stub implementations for all detectors (to be filled by dependent issues)\n\nBuild verified: npm run build passes ✅","created_at":"2025-12-28T17:12:18Z"}]}
+{"id":"vibe-check-blw","title":"Add complexity driver architecture for language-specific tools","status":"closed","priority":1,"issue_type":"epic","created_at":"2025-12-29T15:43:52.020758-05:00","created_by":"fullerbt","updated_at":"2025-12-29T16:20:04.291733-05:00","closed_at":"2025-12-29T16:20:04.291733-05:00","close_reason":"Epic completed: Complexity driver architecture fully implemented with Python driver, CLI integration, and documentation. JavaScript driver remains as future enhancement (P2).","comments":[{"id":7,"issue_id":"vibe-check-blw","author":"fullerbt","text":"## Overview\nEnable vibe-check to consume complexity metrics from language-specific tools (radon, gocyclo, complexity-report) via a driver/plugin architecture.\n\n## Research\nSee: .agents/research/2025-12-29-complexity-driver-architecture.md\n\n## Plan\nSee: .agents/plans/2025-12-29-complexity-driver-plan.md\n\n## Why\nLine count is a poor proxy for code quality. Real cyclomatic complexity tells us if code is actually hard to test/maintain.\n\n## Architecture\n- vibe-check stays language-agnostic (kernel)\n- Drivers wrap language tools and output standard JSON schema\n- Modularity analyzer reads .vibe-check/complexity.json if present","created_at":"2025-12-29T20:44:02Z"}]}
+{"id":"vibe-check-gon","title":"Token spiral estimator","description":"Estimate token usage from commit size (~4 chars/token). Track cumulative session tokens. Detect explosion patterns (\u003e2x baseline). Advisory info severity.","status":"closed","priority":3,"issue_type":"feature","created_at":"2025-12-28T12:07:25.111778-05:00","created_by":"fullerbt","updated_at":"2025-12-28T13:27:24.916118-05:00","closed_at":"2025-12-28T13:27:24.916118-05:00","close_reason":"Token spiral estimator with 3 estimation methods and explosion detection","dependencies":[{"issue_id":"vibe-check-gon","depends_on_id":"vibe-check-ash","type":"blocks","created_at":"2025-12-28T12:07:42.370654-05:00","created_by":"daemon"}]}
+{"id":"vibe-check-gy2","title":"Watch command AI safety integration","description":"Add real-time secret detection alerts to watch mode. Red/bold for critical. Show file and pattern matched. Rate-limited alerts.","status":"closed","priority":2,"issue_type":"feature","created_at":"2025-12-28T12:07:26.399789-05:00","created_by":"fullerbt","updated_at":"2025-12-28T13:08:55.854894-05:00","closed_at":"2025-12-28T13:08:55.854894-05:00","close_reason":"Watch mode now detects secrets in real-time with rate-limited alerts","dependencies":[{"issue_id":"vibe-check-gy2","depends_on_id":"vibe-check-swh","type":"blocks","created_at":"2025-12-28T12:07:42.399267-05:00","created_by":"daemon"}]}
+{"id":"vibe-check-lqb","title":"Epic: AI Safety Detection Module","status":"closed","priority":1,"issue_type":"epic","created_at":"2025-12-28T12:07:01.674933-05:00","created_by":"fullerbt","updated_at":"2025-12-28T12:08:14.746447-05:00","closed_at":"2025-12-28T12:08:14.746447-05:00","close_reason":"Epic container - work tracked in child issues","comments":[{"id":1,"issue_id":"vibe-check-lqb","author":"fullerbt","text":"Research: .agents/research/2025-12-28-ai-platform-security-integration.md\nPlan: .agents/plans/2025-12-28-ai-safety-integration-plan.md\nSource patterns: ai-platform/tests/agents/test_agent_security.py","created_at":"2025-12-28T17:07:56Z"}]}
+{"id":"vibe-check-nk3","title":"Add complexity schema types and loader function","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-29T15:44:12.39308-05:00","created_by":"fullerbt","updated_at":"2025-12-29T15:51:24.559741-05:00","closed_at":"2025-12-29T15:51:24.559741-05:00","close_reason":"Completed: Complexity schema types and loader function implemented with full test coverage","comments":[{"id":8,"issue_id":"vibe-check-nk3","author":"fullerbt","text":"COMPLETED: Created src/analyzers/complexity.ts with:\n- ComplexityReport schema (tool, language, files, summary)\n- FunctionComplexity and FileComplexity types\n- ComplexityGrade type (A-F)\n- loadComplexityData() function (graceful null on missing/invalid)\n- getFileComplexity() helper\n- complexityToGrade() converter\n- Full test coverage in tests/complexity.test.ts (12 tests, all passing)\n- TypeScript compilation verified","created_at":"2025-12-29T20:51:17Z"}]}
+{"id":"vibe-check-no1","title":"Epic: Additional Complexity Drivers","status":"closed","priority":1,"issue_type":"epic","created_at":"2025-12-29T16:47:52.844188-05:00","created_by":"fullerbt","updated_at":"2025-12-29T17:12:20.339182-05:00","closed_at":"2025-12-29T17:12:20.339182-05:00","close_reason":"Epic completed: All 3 complexity drivers implemented (Rust, PHP, Java). vibe-check now supports 6 languages total."}
+{"id":"vibe-check-swh","title":"Secret leakage detector","description":"Detect exposed secrets in commit diffs: OpenAI keys, GitHub PATs, GitLab PATs, AWS keys, Slack tokens. Port patterns from ai-platform test_agent_security.py. Critical severity.","status":"closed","priority":1,"issue_type":"feature","created_at":"2025-12-28T12:07:21.42346-05:00","created_by":"fullerbt","updated_at":"2025-12-28T12:18:57.212488-05:00","closed_at":"2025-12-28T12:18:57.212488-05:00","close_reason":"Completed: Secret leakage detector with 8 pattern types. Detects OpenAI, GitHub, GitLab, AWS, Slack tokens. Masks secrets, extracts file context. Tested and working.","dependencies":[{"issue_id":"vibe-check-swh","depends_on_id":"vibe-check-ash","type":"blocks","created_at":"2025-12-28T12:07:42.242965-05:00","created_by":"daemon"}],"comments":[{"id":3,"issue_id":"vibe-check-swh","author":"fullerbt","text":"Secret patterns to detect:\n- sk-[a-zA-Z0-9]{48} (OpenAI)\n- ghp_[a-zA-Z0-9]{36} (GitHub PAT)\n- glpat-[a-zA-Z0-9]{20} (GitLab PAT)\n- AKIA[0-9A-Z]{16} (AWS)\n- xox[baprs]-* (Slack)\n\nSource: ai-platform/tests/agents/test_agent_security.py:297-306","created_at":"2025-12-28T17:07:58Z"},{"id":5,"issue_id":"vibe-check-swh","author":"fullerbt","text":"✅ Implementation complete:\n\nCreated src/ai-safety/secret-leakage.ts:\n- detectSecretLeakage() - Async version that scans full commit diffs using simple-git\n- detectSecretLeakageFromMessages() - Sync version that scans commit messages only\n- Detects 8 secret patterns: OpenAI, GitHub PAT, GitLab PAT, AWS, Slack, Generic API keys, Secrets, Passwords\n- Masks secrets (shows first 8 chars + ***)\n- Extracts file context from diffs\n- Determines severity (critical vs warning)\n\nUpdated src/ai-safety/index.ts:\n- Imported and wired detectSecretLeakageFromMessages into orchestrator\n- Re-exported detector functions for external use\n- Replaced stub with real implementation\n\nTesting:\n- Build passes ✅\n- Verified with sample commit containing OpenAI key\n- Correctly detected, masked (sk-12345***), and marked as critical\n- Message-based detection working (1 secret found)","created_at":"2025-12-28T17:18:42Z"}]}
+{"id":"vibe-check-vn7","title":"AI Safety tests and documentation","description":"Unit tests for each detector, integration test for orchestrator. Update CLAUDE.md and README.md with AI safety features. Target \u003e80% coverage.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-28T12:07:26.586099-05:00","created_by":"fullerbt","updated_at":"2025-12-28T13:35:48.191735-05:00","closed_at":"2025-12-28T13:35:48.191735-05:00","close_reason":"31 tests + documentation for AI Safety module","dependencies":[{"issue_id":"vibe-check-vn7","depends_on_id":"vibe-check-gon","type":"blocks","created_at":"2025-12-28T12:07:42.428834-05:00","created_by":"daemon"}]}

package/.beads/metadata.json

@@ -0,0 +1,4 @@
+{
+  "database": "beads.db",
+  "jsonl_export": "issues.jsonl"
+}

package/.gitattributes

@@ -0,0 +1,3 @@
+
+# Use bd merge for beads JSONL files
+.beads/issues.jsonl merge=beads

package/AGENTS.md

@@ -0,0 +1,40 @@
+# Agent Instructions
+
+This project uses **bd** (beads) for issue tracking. Run `bd onboard` to get started.
+
+## Quick Reference
+
+```bash
+bd ready              # Find available work
+bd show <id>          # View issue details
+bd update <id> --status in_progress  # Claim work
+bd close <id>         # Complete work
+bd sync               # Sync with git
+```
+
+## Landing the Plane (Session Completion)
+
+**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds.
+
+**MANDATORY WORKFLOW:**
+
+1. **File issues for remaining work** - Create issues for anything that needs follow-up
+2. **Run quality gates** (if code changed) - Tests, linters, builds
+3. **Update issue status** - Close finished work, update in-progress items
+4. **PUSH TO REMOTE** - This is MANDATORY:
+   ```bash
+   git pull --rebase
+   bd sync
+   git push
+   git status  # MUST show "up to date with origin"
+   ```
+5. **Clean up** - Clear stashes, prune remote branches
+6. **Verify** - All changes committed AND pushed
+7. **Hand off** - Provide context for next session
+
+**CRITICAL RULES:**
+- Work is NOT complete until `git push` succeeds
+- NEVER stop before pushing - that leaves work stranded locally
+- NEVER say "ready to push when you are" - YOU must push
+- If push fails, resolve and retry until it succeeds
+

package/CHANGELOG.md

@@ -7,6 +7,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.4.0] - 2025-12-29
+
+### Added
+
+- **Complexity Driver Architecture** - Shell-based drivers for language-specific complexity analysis
+  - **Python Driver** (`drivers/python.sh`) - Wraps [radon](https://radon.readthedocs.io/) for cyclomatic complexity
+  - **JavaScript/TypeScript Driver** (`drivers/javascript.sh`) - Wraps [cyclomatic-complexity](https://github.com/pilotpirxie/cyclomatic-complexity)
+  - **Go Driver** (`drivers/go.sh`) - Wraps [gocyclo](https://github.com/fzipp/gocyclo)
+  - **Rust Driver** (`drivers/rust.sh`) - Wraps [rust-code-analysis](https://mozilla.github.io/rust-code-analysis/)
+  - **PHP Driver** (`drivers/php.sh`) - Wraps [PHPMD](https://phpmd.org/)
+  - **Java Driver** (`drivers/java.sh`) - Wraps [PMD](https://pmd.github.io/)
+  - All drivers output unified `ComplexityReport` JSON schema
+  - Grade thresholds: A (1-5), B (6-10), C (11-20), D (21-30), E (31-40), F (41+)
+
+- **CLI Integration** - `vibe-check driver <language> [directory]` command
+  - Runs any driver and outputs JSON
+  - Helpful error messages when tools not installed
+
+- **Modularity Integration** - `--with-complexity <driver>` flag for modularity command
+  - Combines complexity data with module analysis
+  - Weighted scoring includes complexity grades
+
+### Developer
+
+- 6 shell drivers in `drivers/` directory
+- `drivers/README.md` with installation and usage docs
+
+## [2.3.0] - 2025-12-28
+
+### Added
+
+- **AI Safety Detection Module** - Detects LLM-specific security antipatterns in commit history
+  - **Secret Leakage Detector** - Scans commits for exposed credentials
+    - 8 patterns: OpenAI API keys, GitHub PATs, GitLab PATs, AWS keys, Slack tokens, generic secrets
+    - Two modes: full diff scanning (async) and message-only scanning (sync)
+    - Masks secrets in output (first 8 chars + `***`)
+    - Critical severity for high-value secrets (API keys, tokens)
+  - **Scope Violation Detector** - Detects files modified outside declared scope
+    - Configure via `.vibe-check/scope.yaml` with glob patterns
+    - Supports allowed patterns, directories, and exceptions
+    - Uses minimatch for flexible pattern matching
+  - **Contract Drift Detector** - Tracks commit message format compliance
+    - Scores commits against conventional commit format (0-100)
+    - Detects issues: missing_type, invalid_type, vague_message, too_short, etc.
+    - Calculates baseline vs current compliance with trend detection
+    - Configurable drift threshold (default: 30%)
+  - **Token Spiral Estimator** - Estimates token usage and detects explosions
+    - Three estimation methods: char_count, lines, diff_size
+    - Baseline from first 5 commits, explosion at >2x baseline
+    - Indicators: large_diff, many_files, massive_additions, bulk_additions
+
+- **Watch Mode Integration** - Real-time secret detection with severity-based alerts
+  - Rate-limited alerts via commit:pattern:file tracking
+  - Red/bold for critical secrets, yellow for warnings
+
+- **Session Integration** - AI Safety included in session end metrics
+  - New `ai_safety` section in JSON output
+  - Terminal output with health status and recommendations
+
+### Changed
+
+- `analyzeAISafety()` orchestrator runs all 4 detectors and aggregates results
+- Added `minimatch` and `js-yaml` dependencies for scope configuration
+
+### Developer
+
+- 31 new unit and integration tests for AI Safety module
+- Updated CLAUDE.md with AI Safety documentation and architecture
+
 ## [2.2.1] - 2025-12-27
 
 ### Added

package/CLAUDE.md

@@ -169,6 +169,13 @@ src/
 │   ├── context-amnesia.ts      # Context Amnesia detector
 │   ├── instruction-drift.ts    # Instruction Drift detector
 │   └── logging-only.ts         # Debug Loop Spiral detector
+├── ai-safety/
+│   ├── index.ts           # AI Safety orchestrator
+│   ├── types.ts           # AI Safety types and config
+│   ├── secret-leakage.ts  # Secret/credential detection
+│   ├── scope-violation.ts # Scope boundary detection
+│   ├── contract-drift.ts  # Commit format compliance
+│   └── token-spiral.ts    # Token usage estimation
 ├── analyzers/
 │   ├── audit.ts           # Codebase audit (monoliths, test gaps, TODOs)
 │   ├── eldritch.ts        # Eldritch horror detector (oversized functions)
@@ -337,6 +344,74 @@ EMERGENCY PROTOCOL: Multiple inner loop failures detected.
 STOP → git status → backup → start simple
 ```
 
+## AI Safety Detection
+
+vibe-check detects LLM-specific security antipatterns in commit history:
+
+| Detector | Detects | Severity |
+|----------|---------|----------|
+| **Secret Leakage** | API keys, tokens, credentials in commits | Critical |
+| **Scope Violation** | Files modified outside declared scope | Warning |
+| **Contract Drift** | Commit message format degrading | Warning |
+| **Token Spiral** | Token usage explosion (>2x baseline) | Advisory |
+
+### Secret Patterns Detected
+
+- OpenAI API Keys (`sk-...`)
+- GitHub Personal Access Tokens (`ghp_...`)
+- GitLab Personal Access Tokens (`glpat-...`)
+- AWS Access Keys (`AKIA...`)
+- Slack Tokens (`xox...`)
+- Generic API keys and passwords
+
+### Scope Configuration
+
+Define allowed scope in `.vibe-check/scope.yaml`:
+
+```yaml
+scope:
+  allowed_patterns:
+    - "src/feature/**"
+    - "tests/feature/**"
+  allowed_dirs:
+    - "src/feature"
+  description: "Only modify feature module"
+exceptions:
+  - "package.json"
+  - "*.md"
+```
+
+### Integration Points
+
+**Session End Output:**
+```json
+{
+  "ai_safety": {
+    "health": "healthy",
+    "issues_detected": 0,
+    "secrets_leaked": 0,
+    "scope_violations": 0,
+    "contract_drift_detected": false,
+    "token_spiral_detected": false,
+    "recommendations": []
+  }
+}
+```
+
+**Watch Mode:** Real-time secret detection with severity-based alerts.
+
+### Architecture
+
+```
+src/ai-safety/
+├── index.ts           # Orchestrator and exports
+├── types.ts           # Types, patterns, config
+├── secret-leakage.ts  # Secret/credential detection
+├── scope-violation.ts # Scope boundary enforcement
+├── contract-drift.ts  # Commit format compliance
+└── token-spiral.ts    # Token usage estimation
+```
+
 ---
 
 # Vibe-Coding Methodology

package/README.md

@@ -222,6 +222,77 @@ vibe-check modularity --verbose # Detailed breakdown with metrics
 vibe-check modularity -f json   # JSON output for CI integration
 ```
 
+#### Complexity Analysis (v2.3.0)
+
+Modularity analysis can now integrate **cyclomatic complexity** data from language-specific tools to identify truly problematic code—not just large files, but complex ones.
+
+**Quick Start:**
+
+```bash
+# Python projects (requires: pip install radon)
+vibe-check modularity --with-complexity python
+
+# Use existing complexity data
+vibe-check modularity --complexity-file .vibe-check/complexity.json
+
+# Generate complexity data only
+vibe-check driver python ./src > complexity.json
+```
+
+**How It Works:**
+
+vibe-check uses a **driver architecture** to stay language-agnostic while leveraging language-specific complexity tools:
+
+```
+vibe-check (kernel)      ← reads .vibe-check/complexity.json
+    ↑
+    │ Standard JSON schema
+    │
+Drivers (python, javascript, etc.)
+    ↑
+    │ Tool-specific format
+    │
+Tools (radon, complexity-report, etc.)
+```
+
+**Complexity Grading:**
+
+All drivers normalize to standard grades:
+
+| Grade | Complexity | Score Impact | Meaning |
+|-------|------------|--------------|---------|
+| A | 1-5 | **+2 bonus** | Simple, low risk |
+| B | 6-10 | **+2 bonus** | Slightly complex, acceptable |
+| C | 11-20 | **-1 penalty** | Complex, consider refactoring |
+| D | 21-30 | **-2 penalty** | Very complex, refactor |
+| E | 31-40 | **-2 penalty** | Extremely complex, high risk |
+| F | 41+ | **-4 penalty** | Unmaintainable, must refactor |
+
+**Available Drivers:**
+
+- **Python** (`drivers/python.sh`) — wraps [radon](https://radon.readthedocs.io/)
+- **JavaScript/TypeScript** (`drivers/javascript.sh`) — wraps [cyclomatic-complexity](https://github.com/pilotpirxie/cyclomatic-complexity)
+- **Go** (`drivers/go.sh`) — wraps [gocyclo](https://github.com/fzipp/gocyclo)
+- **Rust** (`drivers/rust.sh`) — wraps [rust-code-analysis](https://mozilla.github.io/rust-code-analysis/)
+- **PHP** (`drivers/php.sh`) — wraps [PHPMD](https://phpmd.org/)
+- **Java** (`drivers/java.sh`) — wraps [PMD](https://pmd.github.io/)
+
+See `drivers/README.md` for driver authoring guide.
+
+**Example Output:**
+
+```
+📐 Modularity Analysis
+────────────────────────────────────────────────────────────
+Analyzed 47 files (12,453 lines)
+Average modularity score: 7.2/10
+✓ Complexity data integrated
+
+⚠️  Files Needing Attention (3):
+  5/10 src/sync.py 1,117 lines [store]
+       ⚠ extreme complexity (F), ⚠ no sections/organization
+```
+
 #### Audit Command (v2.2.0)
 
 The `audit` command now includes **Eldritch Horror Detection**—identifying oversized functions that are symptomatic of AI-generated code gone wrong:

package/dist/ai-safety/contract-drift.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Contract Drift Detector
+ *
+ * Tracks commit message format compliance over time.
+ * Detects degradation from conventional commits format.
+ * Reports drift percentage and trend.
+ */
+import { Commit } from '../types.js';
+import { ContractDriftResult, AISafetyConfig } from './types.js';
+/**
+ * Detect contract drift in commit messages.
+ */
+export declare function detectContractDrift(commits: Commit[], config?: Partial<AISafetyConfig>): ContractDriftResult;
+//# sourceMappingURL=contract-drift.d.ts.map

package/dist/ai-safety/contract-drift.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract-drift.d.ts","sourceRoot":"","sources":["../../src/ai-safety/contract-drift.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,mBAAmB,EAGnB,cAAc,EACf,MAAM,YAAY,CAAC;AA8IpB;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,mBAAmB,CAsHrB"}