npm - @eduardbar/drift - Versions diffs - 0.7.0 → 0.8.0 - Mend

@eduardbar/drift 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -18,6 +18,18 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 ---
+## [0.8.0] - 2026-02-24
+### Added
+- `semantic-duplication` rule — Type-2 AST clone detection via SHA-256 fingerprinting
+- Normalizes parameter names, local variable names, and literals before hashing — detects identical logic with different variable names
+- Runs cross-file across the entire project; reports each duplicate pointing to all other locations
+- Minimum threshold: functions with ≥ 8 body lines (reduces noise from trivial helpers)
+- Skips test framework helpers (describe, it, test, beforeEach, afterEach)
+- RULE_WEIGHTS entry: severity `warning`, weight `12`
+---
 ## [0.7.0] - 2026-02-24
 ### Added

package/dist/analyzer.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as fs from 'node:fs';
+import * as crypto from 'node:crypto';
 import * as path from 'node:path';
 import { Project, SyntaxKind, } from 'ts-morph';
 // Rules and their drift score weight
@@ -34,6 +35,8 @@ export const RULE_WEIGHTS = {
     'inconsistent-error-handling': { severity: 'warning', weight: 8 },
     'unnecessary-abstraction': { severity: 'warning', weight: 7 },
     'naming-inconsistency': { severity: 'warning', weight: 6 },
+    // Phase 8: semantic duplication
+    'semantic-duplication': { severity: 'warning', weight: 12 },
 };
 function hasIgnoreComment(file, line) {
     const lines = file.getFullText().split('\n');
@@ -786,6 +789,105 @@ function calculateScore(issues) {
     }
     return Math.min(100, raw);
 }
+/** Normalize a function body to a canonical string (Type-2 clone detection).
+ *  Variable names, parameter names, and numeric/string literals are replaced
+ *  with canonical tokens so that two functions with identical logic but
+ *  different identifiers produce the same fingerprint.
+ */
+function normalizeFunctionBody(fn) {
+    // Build a substitution map: localName → canonical token
+    const subst = new Map();
+    // Map parameters first
+    for (const [i, param] of fn.getParameters().entries()) {
+        const name = param.getName();
+        if (name && name !== '_')
+            subst.set(name, `P${i}`);
+    }
+    // Map locally declared variables (VariableDeclaration)
+    let varIdx = 0;
+    fn.forEachDescendant(node => {
+        if (node.getKind() === SyntaxKind.VariableDeclaration) {
+            const nameNode = node.getNameNode();
+            // Support destructuring — getNameNode() may be a BindingPattern
+            if (nameNode.getKind() === SyntaxKind.Identifier) {
+                const name = nameNode.getText();
+                if (!subst.has(name))
+                    subst.set(name, `V${varIdx++}`);
+            }
+        }
+    });
+    function serializeNode(node) {
+        const kind = node.getKindName();
+        switch (node.getKind()) {
+            case SyntaxKind.Identifier: {
+                const text = node.getText();
+                return subst.get(text) ?? text; // external refs (Math, console) kept as-is
+            }
+            case SyntaxKind.NumericLiteral:
+                return 'NL';
+            case SyntaxKind.StringLiteral:
+            case SyntaxKind.NoSubstitutionTemplateLiteral:
+                return 'SL';
+            case SyntaxKind.TrueKeyword:
+                return 'TRUE';
+            case SyntaxKind.FalseKeyword:
+                return 'FALSE';
+            case SyntaxKind.NullKeyword:
+                return 'NULL';
+        }
+        const children = node.getChildren();
+        if (children.length === 0)
+            return kind;
+        const childStr = children.map(serializeNode).join('|');
+        return `${kind}(${childStr})`;
+    }
+    const body = fn.getBody();
+    if (!body)
+        return '';
+    return serializeNode(body);
+}
+/** Return a SHA-256 fingerprint for a function body (normalized). */
+function fingerprintFunction(fn) {
+    const normalized = normalizeFunctionBody(fn);
+    return crypto.createHash('sha256').update(normalized).digest('hex');
+}
+/** Return all function-like nodes from a SourceFile that are worth comparing:
+ *  - At least MIN_LINES lines in their body
+ *  - Not test helpers (describe/it/test/beforeEach/afterEach)
+ */
+const MIN_LINES = 8;
+function collectFunctions(sf) {
+    const results = [];
+    const kinds = [
+        SyntaxKind.FunctionDeclaration,
+        SyntaxKind.FunctionExpression,
+        SyntaxKind.ArrowFunction,
+        SyntaxKind.MethodDeclaration,
+    ];
+    for (const kind of kinds) {
+        for (const node of sf.getDescendantsOfKind(kind)) {
+            const body = node.getBody();
+            if (!body)
+                continue;
+            const start = body.getStartLineNumber();
+            const end = body.getEndLineNumber();
+            if (end - start + 1 < MIN_LINES)
+                continue;
+            // Skip test-framework helpers
+            const name = node.getKind() === SyntaxKind.FunctionDeclaration
+                ? node.getName() ?? '<anonymous>'
+                : node.getKind() === SyntaxKind.MethodDeclaration
+                    ? node.getName()
+                    : '<anonymous>';
+            if (['describe', 'it', 'test', 'beforeEach', 'afterEach', 'beforeAll', 'afterAll'].includes(name))
+                continue;
+            const pos = node.getStart();
+            const lineInfo = sf.getLineAndColumnAtPos(pos);
+            results.push({ fn: node, name, line: lineInfo.line, col: lineInfo.column });
+        }
+    }
+    return results;
+}
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------
@@ -1162,6 +1264,46 @@ export function analyzeProject(targetPath, config) {
             }
         }
     }
+    // ── Phase 8: semantic-duplication ────────────────────────────────────────
+    // Build a fingerprint → [{filePath, fnName, line, col}] map across all files
+    const fingerprintMap = new Map();
+    for (const sf of sourceFiles) {
+        const sfPath = sf.getFilePath();
+        for (const { fn, name, line, col } of collectFunctions(sf)) {
+            const fp = fingerprintFunction(fn);
+            if (!fingerprintMap.has(fp))
+                fingerprintMap.set(fp, []);
+            fingerprintMap.get(fp).push({ filePath: sfPath, name, line, col });
+        }
+    }
+    // For each fingerprint with 2+ functions: report each as a duplicate of the others
+    for (const [, entries] of fingerprintMap) {
+        if (entries.length < 2)
+            continue;
+        for (const entry of entries) {
+            const report = reportByPath.get(entry.filePath);
+            if (!report)
+                continue;
+            // Build the "duplicated in" list (all other locations)
+            const others = entries
+                .filter(e => e !== entry)
+                .map(e => {
+                const rel = path.relative(targetPath, e.filePath).replace(/\\/g, '/');
+                return `${rel}:${e.line} (${e.name})`;
+            })
+                .join(', ');
+            const weight = RULE_WEIGHTS['semantic-duplication']?.weight ?? 12;
+            report.issues.push({
+                rule: 'semantic-duplication',
+                severity: 'warning',
+                message: `Function '${entry.name}' is semantically identical to: ${others}`,
+                line: entry.line,
+                column: entry.col,
+                snippet: `function ${entry.name} — duplicated in ${entries.length - 1} other location${entries.length > 2 ? 's' : ''}`,
+            });
+            report.score = Math.min(100, report.score + weight);
+        }
+    }
     return reports;
 }
 //# sourceMappingURL=analyzer.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@eduardbar/drift",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Detect silent technical debt left by AI-generated code",
   "type": "module",
   "main": "dist/index.js",

package/src/analyzer.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import * as fs from 'node:fs'
+import * as crypto from 'node:crypto'
 import * as path from 'node:path'
 import {
   Project,
@@ -45,6 +46,8 @@ export const RULE_WEIGHTS: Record<string, { severity: DriftIssue['severity']; we
   'inconsistent-error-handling':   { severity: 'warning', weight: 8  },
   'unnecessary-abstraction':       { severity: 'warning', weight: 7  },
   'naming-inconsistency':          { severity: 'warning', weight: 6  },
+  // Phase 8: semantic duplication
+  'semantic-duplication':          { severity: 'warning', weight: 12 },
 }
 type FunctionLike = FunctionDeclaration | ArrowFunction | FunctionExpression | MethodDeclaration
@@ -873,6 +876,123 @@ function calculateScore(issues: DriftIssue[]): number {
   return Math.min(100, raw)
 }
+// ---------------------------------------------------------------------------
+// Phase 8: Semantic duplication — AST fingerprinting helpers
+// ---------------------------------------------------------------------------
+type FunctionLikeNode = FunctionDeclaration | ArrowFunction | FunctionExpression | MethodDeclaration
+/** Normalize a function body to a canonical string (Type-2 clone detection).
+ *  Variable names, parameter names, and numeric/string literals are replaced
+ *  with canonical tokens so that two functions with identical logic but
+ *  different identifiers produce the same fingerprint.
+ */
+function normalizeFunctionBody(fn: FunctionLikeNode): string {
+  // Build a substitution map: localName → canonical token
+  const subst = new Map<string, string>()
+  // Map parameters first
+  for (const [i, param] of fn.getParameters().entries()) {
+    const name = param.getName()
+    if (name && name !== '_') subst.set(name, `P${i}`)
+  }
+  // Map locally declared variables (VariableDeclaration)
+  let varIdx = 0
+  fn.forEachDescendant(node => {
+    if (node.getKind() === SyntaxKind.VariableDeclaration) {
+      const nameNode = (node as import('ts-morph').VariableDeclaration).getNameNode()
+      // Support destructuring — getNameNode() may be a BindingPattern
+      if (nameNode.getKind() === SyntaxKind.Identifier) {
+        const name = nameNode.getText()
+        if (!subst.has(name)) subst.set(name, `V${varIdx++}`)
+      }
+    }
+  })
+  function serializeNode(node: Node): string {
+    const kind = node.getKindName()
+    switch (node.getKind()) {
+      case SyntaxKind.Identifier: {
+        const text = node.getText()
+        return subst.get(text) ?? text  // external refs (Math, console) kept as-is
+      }
+      case SyntaxKind.NumericLiteral:
+        return 'NL'
+      case SyntaxKind.StringLiteral:
+      case SyntaxKind.NoSubstitutionTemplateLiteral:
+        return 'SL'
+      case SyntaxKind.TrueKeyword:
+        return 'TRUE'
+      case SyntaxKind.FalseKeyword:
+        return 'FALSE'
+      case SyntaxKind.NullKeyword:
+        return 'NULL'
+    }
+    const children = node.getChildren()
+    if (children.length === 0) return kind
+    const childStr = children.map(serializeNode).join('|')
+    return `${kind}(${childStr})`
+  }
+  const body = fn.getBody()
+  if (!body) return ''
+  return serializeNode(body)
+}
+/** Return a SHA-256 fingerprint for a function body (normalized). */
+function fingerprintFunction(fn: FunctionLikeNode): string {
+  const normalized = normalizeFunctionBody(fn)
+  return crypto.createHash('sha256').update(normalized).digest('hex')
+}
+/** Return all function-like nodes from a SourceFile that are worth comparing:
+ *  - At least MIN_LINES lines in their body
+ *  - Not test helpers (describe/it/test/beforeEach/afterEach)
+ */
+const MIN_LINES = 8
+function collectFunctions(sf: SourceFile): Array<{ fn: FunctionLikeNode; name: string; line: number; col: number }> {
+  const results: Array<{ fn: FunctionLikeNode; name: string; line: number; col: number }> = []
+  const kinds = [
+    SyntaxKind.FunctionDeclaration,
+    SyntaxKind.FunctionExpression,
+    SyntaxKind.ArrowFunction,
+    SyntaxKind.MethodDeclaration,
+  ] as const
+  for (const kind of kinds) {
+    for (const node of sf.getDescendantsOfKind(kind)) {
+      const body = (node as FunctionLikeNode).getBody()
+      if (!body) continue
+      const start = body.getStartLineNumber()
+      const end = body.getEndLineNumber()
+      if (end - start + 1 < MIN_LINES) continue
+      // Skip test-framework helpers
+      const name = node.getKind() === SyntaxKind.FunctionDeclaration
+        ? (node as FunctionDeclaration).getName() ?? '<anonymous>'
+        : node.getKind() === SyntaxKind.MethodDeclaration
+          ? (node as MethodDeclaration).getName()
+          : '<anonymous>'
+      if (['describe', 'it', 'test', 'beforeEach', 'afterEach', 'beforeAll', 'afterAll'].includes(name)) continue
+      const pos = node.getStart()
+      const lineInfo = sf.getLineAndColumnAtPos(pos)
+      results.push({ fn: node as FunctionLikeNode, name, line: lineInfo.line, col: lineInfo.column })
+    }
+  }
+  return results
+}
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------
@@ -1284,5 +1404,48 @@ export function analyzeProject(targetPath: string, config?: DriftConfig): FileRe
     }
   }
+  // ── Phase 8: semantic-duplication ────────────────────────────────────────
+  // Build a fingerprint → [{filePath, fnName, line, col}] map across all files
+  const fingerprintMap = new Map<string, Array<{ filePath: string; name: string; line: number; col: number }>>()
+  for (const sf of sourceFiles) {
+    const sfPath = sf.getFilePath()
+    for (const { fn, name, line, col } of collectFunctions(sf)) {
+      const fp = fingerprintFunction(fn)
+      if (!fingerprintMap.has(fp)) fingerprintMap.set(fp, [])
+      fingerprintMap.get(fp)!.push({ filePath: sfPath, name, line, col })
+    }
+  }
+  // For each fingerprint with 2+ functions: report each as a duplicate of the others
+  for (const [, entries] of fingerprintMap) {
+    if (entries.length < 2) continue
+    for (const entry of entries) {
+      const report = reportByPath.get(entry.filePath)
+      if (!report) continue
+      // Build the "duplicated in" list (all other locations)
+      const others = entries
+        .filter(e => e !== entry)
+        .map(e => {
+          const rel = path.relative(targetPath, e.filePath).replace(/\\/g, '/')
+          return `${rel}:${e.line} (${e.name})`
+        })
+        .join(', ')
+      const weight = RULE_WEIGHTS['semantic-duplication']?.weight ?? 12
+      report.issues.push({
+        rule: 'semantic-duplication',
+        severity: 'warning',
+        message: `Function '${entry.name}' is semantically identical to: ${others}`,
+        line: entry.line,
+        column: entry.col,
+        snippet: `function ${entry.name} — duplicated in ${entries.length - 1} other location${entries.length > 2 ? 's' : ''}`,
+      })
+      report.score = Math.min(100, report.score + weight)
+    }
+  }
   return reports
 }