@codacy/verity-cli 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,153 @@
1
+ # Verity — Standard Template
2
+ # YAML skeleton used by /verity-setup to generate .verity/standard.yaml
3
+ # All fields with empty values are populated during synthesis.
4
+ # See STANDARDS-SPEC.md section 2 for the full schema.
5
+
6
+ version: "1.0.0"
7
+ created_by: ""
8
+
9
+ # Project metadata — populated from codebase analysis
10
+ knowledge_spec:
11
+ project_name: ""
12
+ languages: []
13
+ frameworks: []
14
+ architecture: "" # monorepo | monolith | microservices
15
+ build_system: "" # npm | yarn | pnpm | pip | go | maven | gradle
16
+ test_framework: "" # vitest | jest | pytest | go test | junit
17
+
18
+ # Quality assessment dimensions (always 4)
19
+ # Thresholds from patterns-reference.yaml, adjusted per codebase
20
+ quality_dimensions:
21
+ - id: comprehensibility
22
+ description: "Code readable in one context load"
23
+ signals:
24
+ - metric: file_length
25
+ threshold: 300
26
+ unit: lines
27
+ rationale: "AI context windows degrade on large files"
28
+ - metric: cyclomatic_complexity
29
+ threshold: 15
30
+ unit: per_function
31
+ rationale: "Complexity-aware feedback improves AI performance by 35.71%"
32
+ - metric: function_length
33
+ threshold: 50
34
+ unit: lines
35
+ rationale: "Short functions are easier for agents to modify safely"
36
+ - metric: naming_quality
37
+ tool: ai
38
+ rationale: "Descriptive names improve AI comprehension by 2x"
39
+
40
+ - id: modularity
41
+ description: "Modify one concern without touching 3+ files"
42
+ signals:
43
+ - metric: single_responsibility
44
+ tool: ai
45
+ rationale: "AI performance drops sharply at 3+ files per change"
46
+ - metric: shallow_abstractions
47
+ tool: ai
48
+ rationale: "LLMs struggle with deep inheritance hierarchies"
49
+
50
+ - id: type_safety
51
+ description: "Type system catches errors before runtime"
52
+ signals: [] # Populated per-language during synthesis
53
+
54
+ - id: test_adequacy
55
+ description: "Tests define expected behavior for agents"
56
+ signals:
57
+ - metric: test_coverage
58
+ threshold: 80
59
+ unit: percent
60
+ ai_threshold: 90
61
+ rationale: "90% recommended for AI-generated code"
62
+ - metric: test_quality
63
+ tool: ai
64
+ rationale: "Tests are the primary safety net for AI agents"
65
+
66
+ # Security patterns (CWE-mapped, always all 7)
67
+ security_patterns:
68
+ - id: no-hardcoded-secrets
69
+ description: "No secrets, API keys, passwords, or tokens in source code"
70
+ severity: critical
71
+ cwe: [CWE-798]
72
+ enforced_by: [] # Populated with Trivy/Semgrep during synthesis
73
+
74
+ - id: input-sanitization
75
+ description: "All user input validated and sanitized before use"
76
+ severity: critical
77
+ cwe: [CWE-20, CWE-80, CWE-89, CWE-117]
78
+ enforced_by: []
79
+
80
+ - id: parameterized-queries
81
+ description: "Database queries use parameters, never string concatenation"
82
+ severity: critical
83
+ cwe: [CWE-89]
84
+ enforced_by: []
85
+
86
+ - id: dependency-verification
87
+ description: "No known-vulnerable dependencies"
88
+ severity: high
89
+ cwe: [CWE-1395]
90
+ enforced_by: []
91
+
92
+ - id: no-unsafe-deserialization
93
+ description: "No unsafe deserialization of untrusted data"
94
+ severity: high
95
+ cwe: [CWE-502]
96
+ enforced_by: []
97
+
98
+ - id: access-control-checks
99
+ description: "Authorization verified on all sensitive operations"
100
+ severity: high
101
+ cwe: [CWE-639]
102
+ enforced_by: [] # AI-only — requires business context
103
+
104
+ - id: config-file-integrity
105
+ description: "Configuration files not manipulable by untrusted input"
106
+ severity: high
107
+ cwe: [CWE-15]
108
+ enforced_by: [] # AI-only
109
+
110
+ # Project-specific patterns (2-5, synthesized during setup)
111
+ custom_patterns: []
112
+ # Example:
113
+ # - id: auth-middleware-required
114
+ # description: "All API routes must use authentication middleware"
115
+ # severity: high
116
+ # enforced_by: []
117
+ # rationale: "Project uses express with JWT auth"
118
+
119
+ # Process constraints
120
+ process_constraints:
121
+ self_healing_limit: 2 # Max fix-recheck iterations (research: degradation after 2)
122
+ analysis_mode: balanced # lightweight | balanced | thorough
123
+
124
+ # Knowledge system (KNOWLEDGE-SYSTEM-PRD §4, §8, §9)
125
+ compound_enabled: true # master switch: graph + extractor + feedback suppressions
126
+ memory_graph_enabled: true # 8-domain graph; false falls back to flat lesson-selector
127
+ memory_graph_budget_tokens: 2000 # tokens reserved for graph-walk injection into the reviewer prompt
128
+ knowledge_injection_budget_tokens: 2000 # tokens reserved for UserPromptSubmit (Path A) injection
129
+ finding_autosuppress_threshold: 2 # user "false positive" votes before auto-suppressing a pattern
130
+
131
+ # Intent alignment (INTENT-ANALYSIS-PRD)
132
+ intent_fail_threshold: 4 # intent score at or below → FAIL
133
+ intent_warn_threshold: 7 # intent score at or below → WARN
134
+
135
+ exclude_paths:
136
+ - node_modules
137
+ - dist
138
+ - build
139
+ - .git
140
+ - vendor
141
+ - __pycache__
142
+ - .next
143
+ - coverage
144
+
145
+ # Tool configuration (populated during synthesis based on detected languages)
146
+ tool_configuration: {}
147
+ # Example:
148
+ # eslint:
149
+ # enabled: true
150
+ # config_file: ".verity/tools/eslint.config.mjs"
151
+ # semgrep:
152
+ # enabled: true
153
+ # rulesets: ["p/security-audit", "p/typescript"]
@@ -0,0 +1,47 @@
1
+ # /verity-status — Show Verity quality status
2
+
3
+ You are showing the current Verity quality status for this project. This gives a quick overview of project health without running a new analysis.
4
+
5
+ ---
6
+
7
+ ## Step 1: Check configuration
8
+
9
+ Verify `verity` CLI is available: `which verity`. If not: "Re-run the Verity installer."
10
+
11
+ ---
12
+
13
+ ## Step 2: Fetch and display status
14
+
15
+ Run:
16
+ ```bash
17
+ verity status --history
18
+ ```
19
+
20
+ This fetches the project memory context (standard info, last run, trends, pending items) and recent run history, then displays a formatted summary.
21
+
22
+ **If the service is unreachable**: the CLI falls back to showing local data with an offline note.
23
+
24
+ **If not configured**: the CLI prints "Verity is not configured for this project. Run /verity-setup."
25
+
26
+ ---
27
+
28
+ ## Step 3: Interpret for the user
29
+
30
+ After showing the raw status output, provide a brief interpretation:
31
+
32
+ - If **declining trend**: "Quality is trending down. Consider running `/verity-analyze` to identify issues."
33
+ - If **pending items exist**: "There are N pending items to address."
34
+ - If **no runs**: "No analyses recorded yet. The hook will run automatically on your next stop, or use `/verity-analyze`."
35
+ - If **PASS with improving trend**: "Project quality is good and improving."
36
+
37
+ ---
38
+
39
+ ## For JSON output (programmatic use)
40
+
41
+ ```bash
42
+ verity status --history --json
43
+ ```
44
+
45
+ Returns structured JSON with `memory` and `runs` fields.
46
+
47
+ To see *why* a specific run passed or failed, run `verity run <run-id>` (add `--json` for machine-readable findings). Run IDs come from `verity status --history`.
package/package.json ADDED
@@ -0,0 +1,49 @@
1
+ {
2
+ "name": "@codacy/verity-cli",
3
+ "version": "0.20.0",
4
+ "description": "CLI for Verity quality gate service",
5
+ "homepage": "https://verity.md",
6
+ "repository": {
7
+ "type": "git",
8
+ "url": "git+https://github.com/codacy/verity.git"
9
+ },
10
+ "bugs": {
11
+ "url": "https://github.com/codacy/verity/issues"
12
+ },
13
+ "bin": {
14
+ "verity": "./bin/verity.js"
15
+ },
16
+ "files": [
17
+ "bin/verity.js",
18
+ "data/skills/",
19
+ "package.json",
20
+ "README.md"
21
+ ],
22
+ "engines": {
23
+ "node": ">=20"
24
+ },
25
+ "scripts": {
26
+ "build": "node scripts/build.js",
27
+ "test": "node --import tsx --test $(find tests -name '*.test.ts' | sort)",
28
+ "typecheck": "tsc --noEmit",
29
+ "prepublishOnly": "npm run typecheck && npm run build"
30
+ },
31
+ "devDependencies": {
32
+ "@types/node": "^20",
33
+ "esbuild": "^0.21",
34
+ "tsx": "^4.21.0",
35
+ "typescript": "^5.4"
36
+ },
37
+ "dependencies": {
38
+ "commander": "^12",
39
+ "yaml": "^2"
40
+ },
41
+ "peerDependencies": {
42
+ "@codacy/analysis-cli": ">=1.0.0"
43
+ },
44
+ "peerDependenciesMeta": {
45
+ "@codacy/analysis-cli": {
46
+ "optional": true
47
+ }
48
+ }
49
+ }