@eduardbar/drift 0.9.1 → 1.0.0

package/.github/workflows/publish-vscode.yml

@@ -0,0 +1,76 @@
+name: Publish VS Code Extension
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish (e.g. 0.1.1)'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: packages/vscode-drift
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'release' && github.ref || github.event.repository.default_branch }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: packages/vscode-drift/package-lock.json
+
+      - name: Verify version matches tag
+        if: github.event_name == 'release'
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            TAG_VERSION="${{ inputs.version }}"
+          else
+            TAG_VERSION="${GITHUB_REF#refs/tags/v}"
+          fi
+          PKG_VERSION=$(node -p "require('./package.json').version")
+          if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
+            echo "Error: Tag version ($TAG_VERSION) does not match package.json version ($PKG_VERSION)"
+            exit 1
+          fi
+          echo "Version check passed: $PKG_VERSION"
+
+      - name: Check if version already published
+        run: |
+          PKG_VERSION=$(node -p "require('./package.json').version")
+          PUBLISHED=$(npx @vscode/vsce show eduardbar.vscode-drift 2>&1 | grep "Version:" | awk '{print $2}' || echo "none")
+          if [ "$PUBLISHED" = "$PKG_VERSION" ]; then
+            echo "Version $PKG_VERSION already published on Marketplace. Skipping."
+            echo "skip_publish=true" >> $GITHUB_ENV
+          fi
+
+      - name: Install dependencies
+        if: env.skip_publish != 'true'
+        run: npm ci
+
+      - name: Build extension
+        if: env.skip_publish != 'true'
+        run: npm run build
+
+      - name: Package extension
+        if: env.skip_publish != 'true'
+        run: npx @vscode/vsce package --no-dependencies
+
+      - name: Publish to VS Code Marketplace
+        if: env.skip_publish != 'true'
+        run: npx @vscode/vsce publish --no-dependencies
+        env:
+          VSCE_PAT: ${{ secrets.VSCE_PAT }}

package/AGENTS.md

@@ -88,18 +88,35 @@ npx @eduardbar/drift scan ./src -o report.md    # exportar Markdown
 
 ## Reglas del analyzer
 
-| Regla | Severidad | Peso | Qué detecta |
-|-------|-----------|------|-------------|
-| `large-file` | error | 20 | Archivos > 300 líneas |
-| `large-function` | error | 15 | Funciones > 50 líneas |
-| `duplicate-function-name` | error | 18 | Nombres de función duplicados (case-insensitive) |
-| `debug-leftover` | warning | 10 | `console.log/warn/error` + `TODO/FIXME/HACK/XXX/TEMP` |
-| `catch-swallow` | warning | 10 | Bloques `catch {}` vacíos |
-| `dead-code` | warning | 8 | Imports nombrados sin usar |
-| `any-abuse` | warning | 8 | Uso explícito de `any` como tipo |
-| `comment-contradiction` | warning | 12 | (reservado — definido en RULE_WEIGHTS) |
-| `no-return-type` | info | 5 | Funciones sin tipo de retorno explícito |
-| `magic-number` | info | 3 | (reservado — definido en RULE_WEIGHTS) |
+| Regla | Severidad | Peso |
+|-------|-----------|------|
+| `large-file` | error | 20 |
+| `large-function` | error | 15 |
+| `duplicate-function-name` | error | 18 |
+| `high-complexity` | error | 15 |
+| `circular-dependency` | error | 14 |
+| `layer-violation` | error | 16 |
+| `comment-contradiction` | warning | 12 |
+| `deep-nesting` | warning | 12 |
+| `semantic-duplication` | warning | 12 |
+| `debug-leftover` | warning | 10 |
+| `catch-swallow` | warning | 10 |
+| `high-coupling` | warning | 10 |
+| `dead-file` | warning | 10 |
+| `hardcoded-config` | warning | 10 |
+| `cross-boundary-import` | warning | 10 |
+| `dead-code` | warning | 8 |
+| `any-abuse` | warning | 8 |
+| `too-many-params` | warning | 8 |
+| `unused-export` | warning | 8 |
+| `inconsistent-error-handling` | warning | 8 |
+| `promise-style-mix` | warning | 7 |
+| `unnecessary-abstraction` | warning | 7 |
+| `naming-inconsistency` | warning | 6 |
+| `unused-dependency` | warning | 6 |
+| `no-return-type` | info | 5 |
+| `over-commented` | info | 4 |
+| `magic-number` | info | 3 |
 
 **Score = suma de pesos capped a 100. Score del proyecto = promedio de archivos.**
 
@@ -199,6 +216,7 @@ Sin esto, Windows no ejecuta el shebang correctamente con ES modules.
 
 | Versión | Cambios principales |
 |---------|---------------------|
+| **1.0.0** | 26 reglas, 131 tests, modular rules, JS/JSX, drift fix/report/diff/ci/badge/trend/blame, VS Code extension |
 | **0.3.0** | `--ai` (LLM-optimized JSON output) + `--fix` (inline suggestions) |
 | **0.2.3** | Fix: bin wrapper para compatibilidad Windows npx |
 | **0.2.2** | Refactor: `formatMarkdown` dividido en helpers + fix CI doble publish |

package/README.md

@@ -418,7 +418,7 @@ See [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md) before participating.
 | [`commander`](https://github.com/tj/commander.js) | CLI commands and flags |
 | [`kleur`](https://github.com/lukeed/kleur) | Terminal colors (zero dependencies) |
 
-**Runtime:** Node.js 18+ · TypeScript 5.x · ES Modules
+**Runtime:** Node.js 18+ · TypeScript 5.x · ES Modules · Supports TypeScript (`.ts`, `.tsx`) and JavaScript (`.js`, `.jsx`) files
 
 ---
 

package/ROADMAP.md

@@ -42,165 +42,197 @@ drift's goal is to be the tool that sits between ESLint and SonarQube — lightw
 
 ---
 
-## What's already done
+## Completed phases ✅
 
-- AST analysis with ts-morph — 10 detection rules
-- Score 0–100 per file and project
-- `--json`, `--ai` (LLM-optimized output), `--fix` (inline suggestions)
-- `--min-score` for CI (exit 1 if score exceeds threshold)
-- `drift-ignore` per line and per file
-- Windows / Linux / macOS compatible via `npx`
+### Phase 0 — Basic rules `v0.1.0` ✅
 
----
+Foundation: AST analysis with ts-morph, score 0–100, `--json`, `--ai`, `--fix`, `--min-score`, `drift-ignore` per line and per file, Windows / Linux / macOS compatible via `npx`.
 
-## What's next
+**Rules shipped:**
 
-Ordered by real developer pain — most common complaint first.
+| Rule | Severity | Weight |
+|------|----------|--------|
+| `large-file` | error | 20 |
+| `large-function` | error | 15 |
+| `duplicate-function-name` | error | 18 |
+| `debug-leftover` | warning | 10 |
+| `dead-code` | warning | 8 |
+| `any-abuse` | warning | 8 |
+| `catch-swallow` | warning | 10 |
+| `no-return-type` | info | 5 |
 
 ---
 
-### 1. Complexity detection
+### Phase 1 — Complexity detection `v0.2.0` ✅
 
-> *"AI generates a nuclear option for a problem that needed a screwdriver."*  
-> — Hacker News
+ESLint measures cyclomatic complexity per branch. drift measures cognitive load — how hard code is to *understand*. AI generates correct code, not simple code.
 
-> *"One of my devs implemented a batching process. He presented extremely robust, high-quality code. The problem was that it was MASSIVE overkill."*  
-> — Hacker News, r/ExperiencedDevs
+**Rules shipped:**
 
-ESLint has a `complexity` rule. It measures cyclomatic complexity — the number of branches. That's not the same as cognitive complexity — how hard it is to *understand*. Biome has `noExcessiveCognitiveComplexity`. Neither gives you a score.
+| Rule | Severity | Weight |
+|------|----------|--------|
+| `high-complexity` | error | 15 |
+| `deep-nesting` | warning | 12 |
+| `too-many-params` | warning | 8 |
+| `high-coupling` | warning | 10 |
+| `promise-style-mix` | warning | 7 |
+| `magic-number` | info | 3 |
+| `comment-contradiction` | warning | 12 |
 
-**Planned rules:**
-- `high-complexity` — cyclomatic complexity > 10 per function
-- `deep-nesting` — nesting depth > 3 levels (if inside if inside for inside try = unreadable)
-- `too-many-params` — functions with more than 4 parameters (AI doesn't refactor into objects)
-- `high-coupling` — files importing more than 10 distinct modules
-- `promise-style-mix` — `async/await` and `.then()` mixed in the same file
+---
 
-**Why this matters:** Complexity is the #1 reason codebases become write-only. AI generates correct code. Not simple code.
+### Phase 2 — Cross-file dead code `v0.3.0` ✅
 
----
+ESLint detects unused variables inside a file. It cannot detect unused exports, dead files, or dead modules across a project — this is a fundamental architectural limitation (typescript-eslint issue #371, marked `wontfix`). drift builds a full import graph.
 
-### 2. Cross-file dead code detection
+**Rules shipped:**
 
-> *"After integrating Knip I removed around 3,500 lines of dead code at once."*  
-> — dev.to
+| Rule | Severity | What it detects |
+|------|----------|-----------------|
+| `unused-export` | warning | Exported symbol never imported anywhere in the project |
+| `dead-file` | warning | File never imported by anything |
+| `unused-dependency` | warning | Package in `package.json` with zero imports in the codebase |
 
-> *"ESLint's architecture works on a file-by-file basis and was never intended to provide linting based on project-wide usage stats."*  
-> — typescript-eslint issue #371, marked **wontfix**
+---
+
+### Phase 3 — Architectural boundaries `v0.4.0` ✅
 
-ESLint detects unused variables *inside a file*. It cannot detect unused exports, unused files, or dead modules across the project. This is a fundamental architectural limitation — not a missing rule.
+Architecture violations are invisible until they're catastrophic. ESLint can validate import paths with `no-restricted-imports`. It cannot tell you if your UI layer is importing directly from your database layer, or if your domain logic has dependencies on your HTTP framework. AI generates code that works today and breaks your architecture silently.
 
-**Planned features:**
-- `unused-export` — exported symbol never imported anywhere in the project
-- `dead-file` — file never imported by anything
-- `unused-dependency` — package in `package.json` with zero imports in the codebase
+**Rules shipped:**
 
-**Why this matters:** Dead code is cognitive overhead. Every unused export is a trap for the next developer. ESLint will never fix this — the `wontfix` label is permanent.
+| Rule | Severity | What it detects |
+|------|----------|-----------------|
+| `circular-dependency` | error | Module A depends on B which depends on A |
+| `layer-violation` | error | Import from a prohibited architectural layer |
+| `cross-boundary-import` | warning | Module outside its domain importing from another domain |
 
 ---
 
-### 3. Architectural boundary detection
+### Phase 5 — AI authorship heuristics `v0.6.0` ✅
 
-> *"AI coding tools keep breaking architecture — so I built a guard layer."*  
-> — Reddit, r/javascript
+Patterns that are statistically more common in AI-generated code than human-written code. These don't fail tests. ESLint doesn't catch them. They accumulate until the codebase is unmaintainable.
 
-This is the largest unaddressed gap in the ecosystem. ESLint can validate import paths with `no-restricted-imports`. It cannot tell you if your UI layer is importing directly from your database layer, or if your domain logic has dependencies on your HTTP framework.
+**Rules shipped:**
 
-**Planned rules:**
-- `circular-dependency` — module A depends on B which depends on A
-- `layer-violation` — import from a prohibited architectural layer
-- `cross-boundary-import` — module outside its domain importing from another domain
+| Rule | Severity | What it detects |
+|------|----------|-----------------|
+| `hardcoded-config` | warning | URLs, tokens, or env-specific paths hardcoded in logic |
+| `inconsistent-error-handling` | warning | Different error handling patterns in equivalent functions |
+| `unnecessary-abstraction` | warning | Class or interface used in exactly one place |
+| `naming-inconsistency` | warning | Mixed naming conventions in the same module |
+| `over-commented` | info | Comments that describe exactly what the code already says |
 
-Zero config by default — drift infers what it can from the import graph. For teams that want explicit enforcement:
+---
 
-```ts
-// drift.config.ts — optional
-export default {
-  boundaries: {
-    layers: ['ui', 'domain', 'infrastructure'],
-    rules: [{ from: 'ui', allow: ['domain'] }]
-  }
-}
-```
+### Phase 8 — Semantic duplication `v0.7.0` ✅
 
-**Why this matters:** Architecture violations are invisible until they're catastrophic. AI generates code that works today and breaks your architecture silently.
+AI doesn't reuse — it regenerates. The same logic appears in 4 different forms across the same file. Text-comparison is what grep does. drift uses AST fingerprinting for Type-2 clone detection: structurally equivalent code regardless of variable names.
 
----
+**Rules shipped:**
 
-### 4. Historical drift (`drift diff` / `drift trend`)
+| Rule | Severity | What it detects |
+|------|----------|-----------------|
+| `semantic-duplication` | warning | Code blocks with equivalent logic via AST fingerprinting |
 
-> *"Zero visibility on whether we're actually improving."*  
-> — Reddit, r/devsecops
+---
 
-The current score matters. The trend matters more. Is your codebase getting better or worse sprint over sprint? Nobody knows — because no tool measures it in a way that's easy to track.
+### Phase 4 — Historical analysis `v0.9.0` ✅
 
-**Planned commands:**
-- `drift diff HEAD~N` — what got worse between two commits
-- `drift trend --commits 30` — ASCII chart of score evolution over time  
-- `drift blame` — which commits introduced the most debt
+A score of 45 means nothing without context. A score that went from 80 to 45 over 4 sprints means your team is actually improving. No database. No server. Git is the source of truth.
 
-No database. No server. Git is the source of truth.
+**Commands shipped:**
+- `drift trend` — linear regression over project history with uniform sampling of 10 points
+- `drift blame` — debt attribution by author via git blame
 
-**Why this matters:** A score of 45 means nothing without context. A score that went from 80 to 45 over 4 sprints means your team is actually improving.
+**v0.9.1 fix:** Full project snapshot per commit, uniform 10-point sampling for consistent trend lines.
 
 ---
 
-### 5. AI authorship heuristics
+## Current state — February 2026
 
-> *"Companies will try to overcome AI-generated technical debt by throwing more AI at the problem."*  
-> — Hacker News
+- **26 rules active** across 9 detection categories
+- **Self-scan score: 14/100 (LOW)**
+- Published on npm as `@eduardbar/drift` — MIT, always free
+- Cross-platform: Windows / Linux / macOS via `npx`
 
-> *"When 95% of code is projected to be AI-generated by 2030 but 45% of it fails basic security tests, we're building a house of cards."*  
-> — Reddit, r/vibecoding
+---
 
-The hardest and most differentiated item on this list. Patterns that are statistically more common in AI-generated code than human-written code.
+## Path to v1.0.0 ✅
 
-**Planned rules:**
-- `over-commented` — comments that describe exactly what the code already says (AI documents the obvious)
-- `unnecessary-abstraction` — class or interface used in exactly one place (AI loves creating things it doesn't use)
-- `hardcoded-config` — strings that look like URLs, tokens, or environment-specific paths hardcoded in logic
-- `inconsistent-error-handling` — different error handling patterns in equivalent functions across the same file
+### Unit test suite ✅
 
-**Why this matters:** These patterns don't fail tests. ESLint doesn't catch them. They accumulate until the codebase is unmaintainable.
+**Status:** complete  
+**Target:** vitest suite covering all 26 rules
+
+Every rule needs at minimum: one test with a fixture that triggers the rule, one test with a fixture that doesn't. No rule ships without a test from v1.0.0 onward.
 
 ---
 
-### 6. Static HTML report + README badge
+### Modular refactor ✅
+
+**Status:** complete  
+**Target:** split `analyzer.ts` into `src/rules/*` and `src/git/*`
+
+```
+src/
+├── rules/
+│   ├── phase0*.ts
+│   ├── phase1*.ts
+│   ├── phase2*.ts
+│   ├── phase3*.ts
+│   ├── phase5*.ts
+│   └── phase8*.ts
+├── git/
+│   ├── trend.ts
+│   └── blame.ts
+├── analyzer.ts   ← orchestrator only, no rule logic
+└── ...
+```
 
-> *"It's all disconnected — different dashboards, zero visibility."*  
-> — Reddit, r/devsecops
+---
 
-No server. No account. No cloud.
+### JavaScript / JSX support ✅
 
-**Planned features:**
-- `drift report` — single self-contained `drift-report.html`, open in any browser
-- `drift badge` — `badge.svg` with the current score for your README  
-- `drift ci` — GitHub Actions annotations on the exact lines with issues (inline in the PR diff)
+**Status:** complete  
+**Target:** ts-morph can parse JS — extend scan to `.js` and `.jsx` files
 
 ---
 
-### 7. ESLint plugin
+### VS Code extension ✅
+
+**Status:** complete  
+**Target:** extension that shows inline warnings directly in the editor
 
-Meet developers where they already are.
+Published as `eduardbar.vscode-drift` v0.1.1.
 
-- `eslint-plugin-drift` — exposes drift's rules as standard ESLint rules
-- Compatible with ESLint 9 flat config
-- The CLI remains canonical — the plugin is an integration path for teams already deep in ESLint
+---
 
-**Why this matters:** Not everyone will install a new CLI. An ESLint plugin removes all friction and puts drift's rules into a toolchain devs already trust.
+### `drift fix` — automated corrections ✅
+
+**Status:** complete  
+**Target:** automatic application of simple fixes for low-effort rules
 
 ---
 
-### 8. Pattern inconsistency detection
+### Interactive HTML report ✅
 
-> *"8x increase in duplicated code blocks with AI tools."*  
-> — GitClear
+**Status:** complete  
+**Target:** `drift report` command generates a self-contained `drift-report.html`
 
-AI doesn't reuse — it regenerates. The same logic appears in 4 different forms across the same file.
+---
 
-**Planned rules:**
-- `semantic-duplication` — code blocks with equivalent logic detected via AST fingerprinting (not text comparison — that's what grep does)
-- `naming-inconsistency` — mixed naming conventions in the same module (camelCase + snake_case + PascalCase for the same concept)
+## v1.0.0 — Stable Release ✅
+
+- [x] 26 detection rules across 6 phases
+- [x] Full test coverage: 131 tests, all passing
+- [x] Modular rule architecture: `src/rules/phase{0,1,2,3,5,8}*.ts`
+- [x] JS/JSX support
+- [x] `drift fix` auto-fix command
+- [x] `drift report` HTML interactive report
+- [x] `drift diff`, `drift ci`, `drift badge`, `drift trend`, `drift blame`
+- [x] VS Code extension published (eduardbar.vscode-drift v0.1.1)
+- [x] Self-scan score: 18/100 (LOW)
 
 ---
 

package/dist/analyzer.d.ts

@@ -1,44 +1,10 @@
-import { SourceFile } from 'ts-morph';
-import type { DriftIssue, FileReport, DriftConfig, TrendDataPoint, BlameAttribution, DriftTrendReport, DriftBlameReport } from './types.js';
+import type { DriftIssue, FileReport, DriftConfig } from './types.js';
+export { TrendAnalyzer } from './git/trend.js';
+export { BlameAnalyzer } from './git/blame.js';
 export declare const RULE_WEIGHTS: Record<string, {
     severity: DriftIssue['severity'];
     weight: number;
 }>;
-export declare function analyzeFile(file: SourceFile): FileReport;
+export declare function analyzeFile(file: import('ts-morph').SourceFile): FileReport;
 export declare function analyzeProject(targetPath: string, config?: DriftConfig): FileReport[];
-export declare class TrendAnalyzer {
-    private readonly projectPath;
-    private readonly config;
-    constructor(projectPath: string, config?: DriftConfig);
-    static calculateMovingAverage(data: TrendDataPoint[], windowSize: number): number[];
-    static linearRegression(data: TrendDataPoint[]): {
-        slope: number;
-        intercept: number;
-        r2: number;
-    };
-    /** Generate a simple horizontal ASCII bar chart (one bar per data point). */
-    static generateTrendChart(data: TrendDataPoint[]): string;
-    analyzeTrend(options: {
-        period?: 'week' | 'month' | 'quarter' | 'year';
-        since?: string;
-        until?: string;
-    }): Promise<DriftTrendReport>;
-}
-export declare class BlameAnalyzer {
-    private readonly projectPath;
-    private readonly config;
-    constructor(projectPath: string, config?: DriftConfig);
-    /** Blame a single file: returns per-author attribution. */
-    static analyzeFileBlame(filePath: string): Promise<BlameAttribution[]>;
-    /** Blame for a specific rule across all files in targetPath. */
-    static analyzeRuleBlame(rule: string, targetPath: string): Promise<BlameAttribution[]>;
-    /** Overall blame across all files and rules. */
-    static analyzeOverallBlame(targetPath: string): Promise<BlameAttribution[]>;
-    analyzeBlame(options: {
-        target?: 'file' | 'rule' | 'overall';
-        top?: number;
-        filePath?: string;
-        rule?: string;
-    }): Promise<DriftBlameReport>;
-}
 //# sourceMappingURL=analyzer.d.ts.map