@curiousnerd/keel 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aditya
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,250 @@
+# keel
+
+**A small tool that keeps your AI coding assistant honest.**
+
+When you build with an AI agent (Claude Code, Cursor, Copilot…), it forgets things
+between sessions. It picks a different library than the one you agreed on. It writes
+the same helper function twice under two names. It does the opposite of what your
+`CLAUDE.md` says. You often can't see it, because you didn't write the code.
+
+keel reads your code and points out exactly where this has happened:
+
+> Your `CLAUDE.md` says you use **Zod**. Your code imports **Yup**. You have
+> `formatDate` written twice. You're fetching HTTP with both **axios** and **ky**.
+> **keel finds this in milliseconds, for $0** — no AI, no cloud, no API key.
+
+It gives you one number — a **Coherence Score** out of 100 — plus a short list of
+exactly what's wrong and where.
+
+---
+
+## What it catches
+
+| | What it means | Example |
+|---|---|---|
+| **Drift** | Your notes say one thing, the code does another | "Says Zod, but 7 files import Yup" |
+| **Library conflicts** | Two libraries doing the same job | "axios in 4 files, ky in 1 — pick one" |
+| **Exact duplicates** | The same function written more than once | "`formatDate` and `dateToString` are identical" |
+| **Near duplicates** | Almost-the-same function copy-pasted and tweaked | "`buildSettingsA` is ~91% similar to `buildSettingsB`" |
+| **Doc drift** | Your docs reference files that no longer exist | "`docs/api.md` links to `src/old-parser.ts` — it's gone" |
+
+Everything is computed by reading the code directly — no AI model is involved, so the
+results are exact, repeatable, and free.
+
+---
+
+## What you'll see
+
+```
+$ keel check
+
+  Coherence Score: 84 / 100
+
+  Drift               -7
+  Library conflicts   -5
+  Duplication         -4
+
+  Findings
+    ✗ DRIFT     CLAUDE.md: "validation: Zod" — but code imports yup (1 file)
+    ✗ CONFLICT  http: axios (1 file), ky (1 file)
+    ✗ DUP       formatDate / dateToString are identical implementations
+    ~ DUP~      buildSettingsA() ~91% similar to buildSettingsB()
+
+  scanned 5 files · 3.9ms · $0.00
+```
+
+Loud findings (`✗`) are high-confidence. Gentle findings (`~`) are advisory — they
+might be intentional. keel **never blocks your work** unless you explicitly ask it to.
+
+The terminal shows a capped summary. For the **complete** picture — every finding with its
+exact location and cause, plus a prioritized "how to improve" — write a Markdown report:
+
+```bash
+keel check --output-md            # writes keel-report.md
+keel check --llm --output-md      # + plain-English explanations and an AI improvement plan
+```
+
+The report is written to where you run keel, never into the scanned repo.
+
+---
+
+## Getting started
+
+You'll need [Node.js](https://nodejs.org) version 20 or newer.
+
+```bash
+npm install -g @curiousnerd/keel
+keel check /path/to/your/project        # any JavaScript, TypeScript, or Python project
+```
+
+That's it. Run it again any time — it remembers what it already scanned, so repeat
+runs are nearly instant.
+
+**From source** (for contributing):
+
+```bash
+git clone <this-repo> keel && cd keel
+npm install
+npm run build
+node dist/cli.js check /path/to/your/project
+```
+
+### Commands and options
+
+```bash
+keel check [path]          # scan a project (defaults to the current folder)
+```
+
+| Option | What it does |
+|---|---|
+| `-v`, `--verbose` | Show extra detail under each finding (file + line). |
+| `--json` | Print the result as JSON, for scripts or CI. |
+| `--output-md [file]` | Write a **full** Markdown report (every finding + locations + causes + how-to-improve) to a file (default `keel-report.md`). |
+| `--limit <n>` | Max findings to print in text mode (default 25). |
+| `--no-cache` | Don't read or write the `.keel` cache — a fully read-only run. |
+| `--no-gitignore` | Scan files even if they're listed in `.gitignore`. |
+| `--no-python` | Skip Python files (don't load the Python parser). |
+| `--llm` | Add plain-language explanations to findings (off by default — see below). |
+| `--fail-under <n>` | Exit with an error if the score is below `<n>`. Off by default. |
+| `--facts` | Print the raw data keel extracted (for debugging). |
+
+The score is **graduated**: each category (drift, conflicts, duplication) adds up but
+eases off as problems pile up, so a repo with 30 duplicates scores low without instantly
+hitting zero.
+
+keel scans only the code you actually maintain. It **respects your `.gitignore`** (root
+and nested), and on top of that skips generated/minified files (bundles, Prisma runtimes,
+etc.) and `node_modules`, `dist`, `build`, and similar. Duplicate detection only considers
+*named* functions, so inline callbacks don't create noise.
+
+---
+
+## Telling keel about your decisions
+
+To catch **drift**, keel needs to know what you decided. Add a short block to your
+`CLAUDE.md` or `AGENTS.md` (keel reads both):
+
+```markdown
+## Stack
+- Validation: Zod
+- Database: PostgreSQL
+- Package manager: pnpm
+- Naming: camelCase
+
+## Constraints
+- never use `any`
+```
+
+keel checks each line it understands against the real code. Lines it can't check, it
+simply ignores — it never guesses.
+
+---
+
+## Silencing a finding you don't care about
+
+False alarms are the fastest way to make a tool annoying, so keel makes them easy to
+silence — three ways, from most specific to broadest:
+
+**1. A comment in the code** (best for an intentional duplicate):
+
+```ts
+// keel-ignore: this copy is intentional
+export function dateToString(value: Date): string { /* ... */ }
+```
+
+**2. A `.keelignore` file** in your project root:
+
+```
+# We're mid-migration from axios to ky — don't flag it yet.
+bucket:http
+
+# Don't look at old code.
+src/legacy/**
+```
+
+**3. The config file** `keel.config.json`:
+
+```json
+{
+  "duplication": {
+    "minTokens": 20,
+    "near": { "enabled": true, "threshold": 0.85 }
+  },
+  "libConflicts": { "ignoreBuckets": ["test"] }
+}
+```
+
+- `minTokens` — ignore functions smaller than this (avoids flagging tiny one-liners).
+- `near.threshold` — how similar (0–1) two functions must be to count as near-duplicates.
+  Higher = stricter. `0.85` is the conservative default.
+- `ignoreBuckets` — capability groups (like `http`, `date`) to never flag.
+
+---
+
+## Why no AI?
+
+It would seem natural for a tool like this to *use* an AI model. It deliberately
+doesn't. A study from ETH Zurich found that AI-**generated** context files actually
+made coding agents *worse* — lower success rate, higher cost. So keel does the
+opposite: it reads the real code with plain static analysis. The answers are exact and
+cost nothing.
+
+The *detection* is always deterministic. `keel check --llm` adds two **opt-in** extras:
+
+1. A one-line plain-English **explanation** under each finding.
+2. **Doc-claim drift** — it reads your README/CLAUDE.md *prose* (not just a structured
+   block), extracts the stack you say you use ("validation: Zod", "database: Postgres"),
+   and checks it against the code. Here the LLM only turns English into a claim — the same
+   **deterministic** drift engine does the verifying, so **the score never depends on the
+   LLM's judgement** and stays reproducible whether the LLM is on or off. By default it shells out to the `claude` or `codex` CLI you already
+have (no API key, no separate bill); set `ANTHROPIC_API_KEY` / `OPENAI_API_KEY` to use an
+API instead. Responses are cached, and if nothing's available keel just skips them.
+
+---
+
+## Use it as an MCP server (catch problems *before* they're written)
+
+`keel check` is a verifier you run *after* the fact. The MCP server flips that around:
+it lets your AI agent ask keel **before** it writes code, so duplication and
+inconsistency are prevented at generation time instead of caught later. It exposes three
+tools, all answered from live, deterministic facts about your code — **no AI, no cost**:
+
+| Tool | What the agent gets |
+|---|---|
+| `check_before_write(intent)` | Existing functions it might be about to reinvent, and the libraries already in use for that job ("you already have `formatDate`; you already use axios — don't add ky"). |
+| `get_conventions(path)` | The real conventions for that area — naming style, language, libraries in use — derived from the code, not a stale doc. |
+| `report_drift()` | The project's current drift + library conflicts, so the agent doesn't add to them. |
+
+**Register it with Claude Code** (after `npm install -g @curiousnerd/keel`):
+
+```bash
+claude mcp add keel -- keel mcp
+```
+
+Or drop a `.mcp.json` in your project (works in Cursor and other MCP hosts too):
+
+```json
+{ "mcpServers": { "keel": { "command": "keel", "args": ["mcp"] } } }
+```
+
+The server serves the current directory by default; pass a path (`mcp /some/repo`) to
+serve another. It re-reads the code on every call (the file-hash cache keeps that
+near-instant), so answers always reflect the current state.
+
+---
+
+## Status
+
+**Working today.** Drift + doc drift, library conflicts, exact + near duplicates,
+Coherence Score, suppressions, caching, an opt-in LLM layer, and an **MCP server** —
+across **JavaScript, TypeScript, and Python**. Python is parsed with tree-sitter
+(WebAssembly), so there's nothing to compile at install time.
+
+**Coming next:** a pre-commit hook and GitHub Action · semantic duplication · more
+languages.
+
+Want to help or understand the internals? See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## License
+
+[MIT](LICENSE)

package/data/capability-buckets.json

@@ -0,0 +1,15 @@
+{
+  "http":        ["axios", "got", "node-fetch", "ky", "superagent", "request", "undici", "requests", "httpx", "aiohttp", "urllib3", "httplib2"],
+  "date":        ["moment", "dayjs", "date-fns", "luxon", "arrow", "pendulum", "dateutil"],
+  "validation":  ["zod", "yup", "joi", "ajv", "superstruct", "valibot", "pydantic", "marshmallow", "cerberus", "voluptuous", "schema"],
+  "state":       ["redux", "zustand", "jotai", "recoil", "mobx", "@reduxjs/toolkit"],
+  "orm":         ["prisma", "drizzle-orm", "typeorm", "sequelize", "knex", "mongoose", "sqlalchemy", "peewee", "tortoise", "pony"],
+  "test":        ["jest", "vitest", "mocha", "ava", "jasmine", "tape", "pytest", "nose", "nose2"],
+  "logging":     ["winston", "pino", "bunyan", "loglevel", "signale", "loguru", "structlog"],
+  "env":         ["dotenv", "dotenv-flow", "env-var", "envalid", "environs", "decouple"],
+  "uuid":        ["uuid", "nanoid", "cuid", "ulid"],
+  "styling":     ["styled-components", "@emotion/react", "tailwindcss"],
+  "forms":       ["react-hook-form", "formik", "react-final-form"],
+  "data-fetch":  ["@tanstack/react-query", "swr", "apollo-client", "@apollo/client", "urql"],
+  "web-framework": ["express", "fastify", "koa", "hapi", "flask", "django", "fastapi", "tornado", "bottle", "sanic", "falcon"]
+}

package/dist/analyze/docDrift.d.ts

@@ -0,0 +1,9 @@
+import type { KeelConfig } from "../config.js";
+import type { Facts, Finding } from "../types.js";
+/**
+ * Deterministic doc/knowledge drift: flag file-path references in Markdown docs
+ * that no longer exist in the repo. High precision — only concrete, local,
+ * checkable paths are verified; URLs, placeholders, and build/runtime paths are
+ * skipped, and a line carrying `keel-ignore` suppresses its references.
+ */
+export declare function detectDocDrift(facts: Facts, config: KeelConfig): Finding[];

package/dist/analyze/docDrift.js

@@ -0,0 +1,116 @@
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { DEFAULT_IGNORE_DIRS, walkMarkdownFiles } from "../extract/walk.js";
+const DOC_REF_PENALTY = 4;
+/** File extensions worth verifying — avoids flagging prose like `example.com` or `v1.2`. */
+const CHECKABLE_EXT = new Set([
+    "ts", "tsx", "js", "jsx", "mjs", "cjs", "py", "go", "rs", "rb", "java", "kt", "php", "cs",
+    "c", "cpp", "h", "hpp", "swift", "scala", "md", "mdx", "json", "yaml", "yml", "toml",
+    "ini", "env", "sh", "bash", "css", "scss", "less", "html", "xml", "sql", "prisma",
+    "graphql", "gql", "vue", "svelte", "proto", "lock", "cfg", "conf",
+]);
+function hasCheckableExtension(p) {
+    const m = /\.([A-Za-z0-9]+)$/.exec(p);
+    return m !== null && CHECKABLE_EXT.has(m[1].toLowerCase());
+}
+/** URL, mail/tel, protocol-relative, or pure in-page anchor — not a repo path. */
+function isUrlOrAnchor(s) {
+    return /^(?:[a-z][a-z0-9+.-]*:|#|\/\/)/i.test(s);
+}
+/** Placeholder/glob/template markers mean it isn't a concrete path. */
+function hasPlaceholder(s) {
+    return /[<>{}*]|\.\.\./.test(s);
+}
+/** Names like `yourCheck.ts`, `myModule.ts`, `foo.ts` are doc templates, not real files. */
+function looksTemplated(ref) {
+    const base = (ref.split("/").pop() ?? "").replace(/\.[A-Za-z0-9]+$/, "");
+    if (/^(?:your|my)[A-Z]/.test(base))
+        return true; // yourCheck, myModule
+    return ["foo", "bar", "baz", "qux", "example", "sample", "placeholder"].includes(base.toLowerCase());
+}
+/** First path segment, for skipping references into build/runtime/ignored dirs. */
+function firstSegment(ref) {
+    return ref.replace(/^\.?\//, "").split("/")[0] ?? "";
+}
+/** Extract candidate repo-path references (markdown links + inline code spans) from one line. */
+function refsInLine(line, lineNo) {
+    const refs = [];
+    // Markdown links: [text](target)
+    for (const m of line.matchAll(/\[[^\]]*\]\(([^)]+)\)/g)) {
+        const target = m[1].trim().split(/[#?\s]/)[0] ?? "";
+        if (target &&
+            !isUrlOrAnchor(target) &&
+            !hasPlaceholder(target) &&
+            !looksTemplated(target) &&
+            hasCheckableExtension(target)) {
+            refs.push({ ref: target, line: lineNo });
+        }
+    }
+    // Inline code spans: `path/to/file.ext` — require a slash to stay high-precision.
+    for (const m of line.matchAll(/`([^`]+)`/g)) {
+        const span = m[1].trim();
+        if (span.includes("/") &&
+            !/\s/.test(span) &&
+            !isUrlOrAnchor(span) &&
+            !hasPlaceholder(span) &&
+            !looksTemplated(span) &&
+            hasCheckableExtension(span)) {
+            refs.push({ ref: span, line: lineNo });
+        }
+    }
+    return refs;
+}
+/** Does `ref` resolve to a file, relative to either the repo root or the doc's directory? */
+function refResolves(root, docDir, ref) {
+    const clean = ref.replace(/^\.\//, "");
+    return existsSync(join(root, clean)) || existsSync(join(root, docDir, clean));
+}
+/**
+ * Deterministic doc/knowledge drift: flag file-path references in Markdown docs
+ * that no longer exist in the repo. High precision — only concrete, local,
+ * checkable paths are verified; URLs, placeholders, and build/runtime paths are
+ * skipped, and a line carrying `keel-ignore` suppresses its references.
+ */
+export function detectDocDrift(facts, config) {
+    if (!config.docs.enabled)
+        return [];
+    const root = facts.root;
+    const docs = walkMarkdownFiles(root, { respectGitignore: config.scan.respectGitignore });
+    const findings = [];
+    for (const docPath of docs) {
+        let content;
+        try {
+            content = readFileSync(join(root, docPath), "utf8");
+        }
+        catch {
+            continue;
+        }
+        const docDir = dirname(docPath);
+        const lines = content.split(/\r?\n/);
+        const seen = new Set();
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/keel-ignore/i.test(line))
+                continue; // inline suppression
+            for (const { ref, line: lineNo } of refsInLine(line, i + 1)) {
+                if (DEFAULT_IGNORE_DIRS.has(firstSegment(ref)))
+                    continue; // build/runtime artifact
+                if (seen.has(ref))
+                    continue;
+                if (refResolves(root, docDir, ref))
+                    continue;
+                seen.add(ref);
+                findings.push({
+                    kind: "drift",
+                    confidence: "high",
+                    title: `${docPath}: references missing path \`${ref}\``,
+                    detail: `The docs point at \`${ref}\`, but no such file exists in the repo — it was likely moved, renamed, or deleted.`,
+                    location: `${docPath}:${lineNo}`,
+                    penalty: DOC_REF_PENALTY,
+                });
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=docDrift.js.map

package/dist/analyze/docDrift.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docDrift.js","sourceRoot":"","sources":["../../src/analyze/docDrift.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAG1C,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE5E,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B,4FAA4F;AAC5F,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;IACzF,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IACpF,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ;IACjF,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;CAClE,CAAC,CAAC;AAOH,SAAS,qBAAqB,CAAC,CAAS;IACtC,MAAM,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtC,OAAO,CAAC,KAAK,IAAI,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,kFAAkF;AAClF,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,uEAAuE;AACvE,SAAS,cAAc,CAAC,CAAS;IAC/B,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,4FAA4F;AAC5F,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,sBAAsB;IACvE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AACvG,CAAC;AAED,mFAAmF;AACnF,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACvD,CAAC;AAED,iGAAiG;AACjG,SAAS,UAAU,CAAC,IAAY,EAAE,MAAc;IAC9C,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,iCAAiC;IACjC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrD,IACE,MAAM;YACN,CAAC,aAAa,CAAC,MAAM,CAAC;YACtB,CAAC,cAAc,CAAC,MAAM,CAAC;YACvB,CAAC,cAAc,CAAC,MAAM,CAAC;YACvB,qBAAqB,CAAC,MAAM,CAAC,EAC7B,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,kFAAkF;IAClF,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC;QAC1B,IACE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAClB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAChB,CAAC,aAAa,CAAC,IAAI,CAAC;YACpB,CAAC,cAAc,CAAC,IAAI,CAAC;YACrB,CAAC,cAAc,CAAC,IAAI,CAAC;YACrB,qBAAqB,CAAC,IAAI,CAAC,EAC3B,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6FAA6F;AAC7F,SAAS,WAAW,CAAC,IAAY,EAAE,MAAc,EAAE,GAAW;IAC5D,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvC,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAChF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAAY,EAAE,MAAkB;IAC7D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IACxB,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACzF,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,IAAI,EAAE,CAAC;QAC3B,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;YACvB,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS,CAAC,qBAAqB;YAC9D,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC5D,IAAI,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;oBAAE,SAAS,CAAC,yBAAyB;gBACnF,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC;oBAAE,SAAS;gBAC7C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACd,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO;oBACb,UAAU,EAAE,MAAM;oBAClB,KAAK,EAAE,GAAG,OAAO,+BAA+B,GAAG,IAAI;oBACvD,MAAM,EAAE,uBAAuB,GAAG,qFAAqF;oBACvH,QAAQ,EAAE,GAAG,OAAO,IAAI,MAAM,EAAE;oBAChC,OAAO,EAAE,eAAe;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/analyze/drift.d.ts

@@ -0,0 +1,4 @@
+import type { Claims, Facts, Finding } from "../types.js";
+import { type CapabilityBuckets } from "./shared.js";
+/** Compare parsed Claims against extracted Facts and emit drift findings. */
+export declare function detectDrift(claims: Claims, facts: Facts, buckets?: CapabilityBuckets): Finding[];

package/dist/analyze/drift.js

@@ -0,0 +1,134 @@
+import { filesByPackage, loadCapabilityBuckets } from "./shared.js";
+const LIB_PENALTY = 8;
+const NAMING_PENALTY = 5;
+/** Known database drivers grouped by family, for the "declared DB" check. */
+const DB_FAMILIES = {
+    postgres: ["pg", "postgres", "pg-promise", "postgresql"],
+    sqlite: ["sqlite3", "better-sqlite3"],
+    mysql: ["mysql", "mysql2"],
+    mongodb: ["mongodb", "mongoose"],
+    mssql: ["mssql", "tedious"],
+};
+function dbFamilyOf(value) {
+    const v = value.toLowerCase();
+    if (v.includes("postgres"))
+        return "postgres";
+    if (v.includes("sqlite"))
+        return "sqlite";
+    if (v.includes("mysql") || v.includes("maria"))
+        return "mysql";
+    if (v.includes("mongo"))
+        return "mongodb";
+    if (v.includes("mssql") || v.includes("sql server"))
+        return "mssql";
+    return null;
+}
+const countFor = (byPkg, pkg) => byPkg.get(pkg)?.length ?? 0;
+const summarize = (entries) => entries.map((e) => `${e.pkg} (${e.n} file${e.n === 1 ? "" : "s"})`).join(", ");
+function checkLibrary(claim, byPkg, buckets) {
+    const value = claim.value.toLowerCase().trim();
+    for (const [, members] of Object.entries(buckets)) {
+        if (!members.includes(value))
+            continue;
+        if (countFor(byPkg, value) > 0)
+            return null; // claimed lib is actually used
+        const competitors = members
+            .filter((m) => m !== value && countFor(byPkg, m) > 0)
+            .map((m) => ({ pkg: m, n: countFor(byPkg, m) }));
+        if (competitors.length === 0)
+            return null; // nothing contradicts it
+        return {
+            kind: "drift",
+            confidence: "high",
+            title: `${claim.source}: "${claim.key}: ${claim.value}" — but code imports ${summarize(competitors)}`,
+            detail: `Declared ${claim.key} is "${claim.value}" but it is not imported anywhere; ${competitors[0].pkg} is used instead.`,
+            location: `${claim.source}:${claim.line}`,
+            penalty: LIB_PENALTY,
+        };
+    }
+    return null;
+}
+function checkDatabase(claim, byPkg) {
+    const claimedFamily = dbFamilyOf(claim.value);
+    if (!claimedFamily)
+        return null;
+    const isImported = (family) => DB_FAMILIES[family].some((d) => countFor(byPkg, d) > 0);
+    if (isImported(claimedFamily))
+        return null;
+    const others = Object.keys(DB_FAMILIES).filter((f) => f !== claimedFamily && isImported(f));
+    if (others.length === 0)
+        return null; // can't verify — no DB driver imported
+    const drivers = others.flatMap((f) => DB_FAMILIES[f].filter((d) => countFor(byPkg, d) > 0));
+    return {
+        kind: "drift",
+        confidence: "high",
+        title: `${claim.source}: "${claim.key}: ${claim.value}" — but code imports ${drivers.join(", ")}`,
+        location: `${claim.source}:${claim.line}`,
+        penalty: LIB_PENALTY,
+    };
+}
+function checkPackageManager(claim, facts) {
+    if (!facts.pkg || facts.pkg.packageManager === "unknown")
+        return null; // unverifiable
+    const claimed = claim.value.toLowerCase().trim().split(/\s|@/)[0];
+    const detected = facts.pkg.packageManager;
+    if (claimed === detected)
+        return null;
+    return {
+        kind: "drift",
+        confidence: "high",
+        title: `${claim.source}: "${claim.key}: ${claim.value}" — but lockfile indicates ${detected}`,
+        location: `${claim.source}:${claim.line}`,
+        penalty: LIB_PENALTY,
+    };
+}
+function checkNaming(claim, facts) {
+    const v = claim.value.toLowerCase();
+    // The casing that VIOLATES the claimed convention. Single lowercase words
+    // (`lower`) are valid under both camelCase and snake_case, so they're neutral.
+    const violatingStyle = v.includes("camel")
+        ? "snake_case"
+        : v.includes("snake")
+            ? "camelCase"
+            : null;
+    if (!violatingStyle)
+        return null;
+    let compatible = 0; // names consistent with the claim (claimed style + neutral)
+    let violating = 0;
+    for (const f of facts.files) {
+        violating += f.naming[violatingStyle] ?? 0;
+        compatible += (f.naming.lower ?? 0) + (violatingStyle === "snake_case" ? f.naming.camelCase ?? 0 : f.naming.snake_case ?? 0);
+    }
+    if (compatible + violating < 10)
+        return null; // too little signal
+    if (!(violating > compatible))
+        return null; // claimed style prevails (also guards NaN)
+    return {
+        kind: "drift",
+        confidence: "medium",
+        title: `${claim.source}: "${claim.key}: ${claim.value}" — but ${violatingStyle} prevails (${violating} vs ${compatible})`,
+        location: `${claim.source}:${claim.line}`,
+        penalty: NAMING_PENALTY,
+    };
+}
+/** Compare parsed Claims against extracted Facts and emit drift findings. */
+export function detectDrift(claims, facts, buckets = loadCapabilityBuckets()) {
+    const byPkg = filesByPackage(facts);
+    const findings = [];
+    for (const claim of claims.stack) {
+        const key = claim.key;
+        let finding = null;
+        if (key.includes("package manager"))
+            finding = checkPackageManager(claim, facts);
+        else if (key === "database" || key === "db")
+            finding = checkDatabase(claim, byPkg);
+        else if (key.includes("naming"))
+            finding = checkNaming(claim, facts);
+        else
+            finding = checkLibrary(claim, byPkg, buckets);
+        if (finding)
+            findings.push(finding);
+    }
+    return findings;
+}
+//# sourceMappingURL=drift.js.map

package/dist/analyze/drift.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"drift.js","sourceRoot":"","sources":["../../src/analyze/drift.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAA0B,MAAM,aAAa,CAAC;AAE5F,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,cAAc,GAAG,CAAC,CAAC;AAEzB,6EAA6E;AAC7E,MAAM,WAAW,GAA6B;IAC5C,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,CAAC;IACxD,MAAM,EAAE,CAAC,SAAS,EAAE,gBAAgB,CAAC;IACrC,KAAK,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;IAC1B,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;IAChC,KAAK,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;CAC5B,CAAC;AAEF,SAAS,UAAU,CAAC,KAAa;IAC/B,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAC9B,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IAC9C,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC1C,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC/D,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,OAAO,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,QAAQ,GAAG,CAAC,KAA4B,EAAE,GAAW,EAAU,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC;AACpG,MAAM,SAAS,GAAG,CAAC,OAAqC,EAAU,EAAE,CAClE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEjF,SAAS,YAAY,CAAC,KAAY,EAAE,KAA4B,EAAE,OAA0B;IAC1F,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QACvC,IAAI,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,+BAA+B;QAE5E,MAAM,WAAW,GAAG,OAAO;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,yBAAyB;QAEpE,OAAO;YACL,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,MAAM,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,wBAAwB,SAAS,CAAC,WAAW,CAAC,EAAE;YACrG,MAAM,EAAE,YAAY,KAAK,CAAC,GAAG,QAAQ,KAAK,CAAC,KAAK,sCAAsC,WAAW,CAAC,CAAC,CAAE,CAAC,GAAG,mBAAmB;YAC5H,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;YACzC,OAAO,EAAE,WAAW;SACrB,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,KAAY,EAAE,KAA4B;IAC/D,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,UAAU,GAAG,CAAC,MAAc,EAAW,EAAE,CAAC,WAAW,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACzG,IAAI,UAAU,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,aAAa,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5F,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,uCAAuC;IAE7E,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7F,OAAO;QACL,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,MAAM,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,wBAAwB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACjG,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;QACzC,OAAO,EAAE,WAAW;KACrB,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAY,EAAE,KAAY;IACrD,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,cAAc,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,CAAC,eAAe;IACtF,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO;QACL,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,MAAM,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,8BAA8B,QAAQ,EAAE;QAC7F,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;QACzC,OAAO,EAAE,WAAW;KACrB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAY,EAAE,KAAY;IAC7C,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IACpC,0EAA0E;IAC1E,+EAA+E;IAC/E,MAAM,cAAc,GAA6B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;QAClE,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;YACnB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,IAAI,CAAC;IACX,IAAI,CAAC,cAAc;QAAE,OAAO,IAAI,CAAC;IAEjC,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,4DAA4D;IAChF,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC5B,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC3C,UAAU,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;IAC/H,CAAC;IACD,IAAI,UAAU,GAAG,SAAS,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,oBAAoB;IAClE,IAAI,CAAC,CAAC,SAAS,GAAG,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,2CAA2C;IAEvF,OAAO;QACL,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,GAAG,KAAK,CAAC,MAAM,MAAM,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,WAAW,cAAc,cAAc,SAAS,OAAO,UAAU,GAAG;QACzH,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE;QACzC,OAAO,EAAE,cAAc;KACxB,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,KAAY,EACZ,UAA6B,qBAAqB,EAAE;IAEpD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;QACtB,IAAI,OAAO,GAAmB,IAAI,CAAC;QACnC,IAAI,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAAE,OAAO,GAAG,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;aAC5E,IAAI,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,GAAG,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;aAC9E,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;;YAChE,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/analyze/duplication.d.ts

@@ -0,0 +1,7 @@
+import type { Facts, Finding } from "../types.js";
+/**
+ * Group functions by normalized-body hash; any group of 2+ is an exact-clone
+ * finding. Trivial bodies were already excluded at extraction (null hash).
+ * Near-duplicate detection is deferred to v0.5.
+ */
+export declare function detectDuplication(facts: Facts): Finding[];

package/dist/analyze/duplication.js

@@ -0,0 +1,46 @@
+import { buildFunctionIgnoreCheck } from "./shared.js";
+const DUP_PENALTY = 4;
+/**
+ * Group functions by normalized-body hash; any group of 2+ is an exact-clone
+ * finding. Trivial bodies were already excluded at extraction (null hash).
+ * Near-duplicate detection is deferred to v0.5.
+ */
+export function detectDuplication(facts) {
+    // A function is suppressed when its declaration line (or the line above it)
+    // carries an inline `// keel-ignore` marker.
+    const isSuppressed = buildFunctionIgnoreCheck(facts);
+    const groups = new Map();
+    for (const file of facts.files) {
+        for (const fn of file.functions) {
+            // Only named functions/methods — anonymous inline callbacks aren't
+            // "utilities you reinvented", and produce unactionable noise.
+            if (fn.bodyHash === null || fn.name === null || isSuppressed(fn))
+                continue;
+            let group = groups.get(fn.bodyHash);
+            if (!group)
+                groups.set(fn.bodyHash, (group = []));
+            group.push(fn);
+        }
+    }
+    const findings = [];
+    for (const group of groups.values()) {
+        if (group.length < 2)
+            continue;
+        const locations = group.map((fn) => `${fn.name ?? "(anonymous)"} @ ${fn.filePath}:${fn.startLine}`);
+        const names = [...new Set(group.map((fn) => fn.name ?? "(anonymous)"))];
+        const title = names.length === 1
+            ? `${names[0]}() duplicated across ${group.length} locations`
+            : `${names.join(" / ")} are identical implementations`;
+        findings.push({
+            kind: "dup",
+            confidence: "high",
+            title,
+            detail: locations.join("\n           "),
+            location: `${group[0].filePath}:${group[0].startLine}`,
+            penalty: DUP_PENALTY,
+        });
+    }
+    // Stable order: most-duplicated first, then by title.
+    return findings.sort((a, b) => (b.penalty - a.penalty) || a.title.localeCompare(b.title));
+}
+//# sourceMappingURL=duplication.js.map

package/dist/analyze/duplication.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"duplication.js","sourceRoot":"","sources":["../../src/analyze/duplication.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAEvD,MAAM,WAAW,GAAG,CAAC,CAAC;AAEtB;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAY;IAC5C,4EAA4E;IAC5E,6CAA6C;IAC7C,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC/B,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,mEAAmE;YACnE,8DAA8D;YAC9D,IAAI,EAAE,CAAC,QAAQ,KAAK,IAAI,IAAI,EAAE,CAAC,IAAI,KAAK,IAAI,IAAI,YAAY,CAAC,EAAE,CAAC;gBAAE,SAAS;YAC3E,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK;gBAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAE/B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,aAAa,MAAM,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;QACpG,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,KAAK,GACT,KAAK,CAAC,MAAM,KAAK,CAAC;YAChB,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,wBAAwB,KAAK,CAAC,MAAM,YAAY;YAC7D,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,gCAAgC,CAAC;QAE3D,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,MAAM;YAClB,KAAK;YACL,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC;YACvC,QAAQ,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,SAAS,EAAE;YACxD,OAAO,EAAE,WAAW;SACrB,CAAC,CAAC;IACL,CAAC;IAED,sDAAsD;IACtD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5F,CAAC"}

package/dist/analyze/index.d.ts

@@ -0,0 +1,10 @@
+import type { KeelConfig } from "../config.js";
+import type { Claims, Facts, Finding, ScoreBreakdown } from "../types.js";
+import { type Suppressions } from "../suppress.js";
+export interface Analysis {
+    findings: Finding[];
+    score: number;
+    breakdown: ScoreBreakdown;
+}
+/** Run every v0 engine against the Facts + Claims, applying suppressions. */
+export declare function analyze(facts: Facts, claims: Claims, config: KeelConfig, suppressions?: Suppressions): Analysis;