@eduardbar/drift 1.1.0 → 1.3.0

package/docs/trust-core-release-checklist.md

@@ -0,0 +1,55 @@
+# Trust Core Tonight - Release Checklist
+
+Use this checklist before releasing the trust-core milestone.
+
+## 1) Local validation
+
+- [x] `npm ci`
+- [x] `npm test`
+- [x] `npx --no-install tsx ./src/cli.ts trust . --base origin/master --markdown`
+- [x] `npx --no-install tsx ./src/cli.ts trust . --base origin/master --json-output drift-trust.json`
+- [x] `npx --no-install tsx ./src/cli.ts trust-gate drift-trust.json --min-trust 40 --max-risk HIGH`
+- [x] `npx --no-install tsx ./src/cli.ts review --base origin/master --comment`
+
+## 2) CI workflow validation
+
+- [x] Open or update a non-fork PR and confirm `.github/workflows/review-pr.yml` runs successfully.
+- [x] Confirm sticky PR comment is updated once (marker: `<!-- drift-review -->`).
+- [x] Confirm PR comment includes both sections in this order: `drift trust` then `drift review`.
+- [x] E2E: `trust-gate` runs from generated `drift-trust.json` in `review-pr` workflow.
+- [x] E2E: `kpi` aggregates over generated trust JSON artifact (`drift-trust-kpi.json`).
+- [x] E2E: `drift-trust-json-pr-<PR_NUMBER>-run-<RUN_ATTEMPT>` artifact now bundles:
+  - `drift-trust.json`
+  - `drift-trust-gate.txt`
+  - `drift-trust-kpi.json`
+- [x] Confirm step summary shows trust KPI values: trust score, merge risk, new issues, resolved issues.
+- [x] E2E: step summary includes aggregate KPI block (matched/parsed/malformed, PR samples, avg trust, high-risk ratio).
+
+Smoke PR runbook:
+
+- [x] Create a short-lived branch (for example `chore/trust-ci-smoke`) with a docs-only change.
+- [x] Open a PR against `master` and wait for `review-pr` workflow to complete.
+- [x] Verify gate behavior and comment rendering, then close or merge the PR.
+- [x] Delete the short-lived branch after validation.
+
+## 3) Gate behavior acceptance
+
+Default trust gate for this milestone:
+
+- `--min-trust 40`
+- `--max-risk HIGH`
+
+Checks:
+
+- [x] PR fails when trust score is below 40.
+- [x] PR fails when merge risk is `CRITICAL`.
+- [x] PR passes when trust score is 40+ and merge risk is `LOW`, `MEDIUM`, or `HIGH`.
+
+Calibration evidence from docs-only smoke runs: trust score 49 (PR #11), 46 (PR #12), 41 (PR #13). Gate floor set to 40 to avoid false negatives while still blocking `CRITICAL` risk.
+
+## 4) Narrative and docs acceptance
+
+- [x] `README.md` positions drift as an AI Code Audit CLI for merge trust in AI-assisted PRs.
+- [x] `package.json` description matches the same positioning.
+- [x] `src/cli.ts` program description matches the same positioning.
+- [x] `ROADMAP.md` no longer contradicts PRD on core vs premium direction.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@eduardbar/drift",
-  "version": "1.1.0",
-  "description": "Detect silent technical debt left by AI-generated code",
+  "version": "1.3.0",
+  "description": "AI Code Audit CLI for merge trust in AI-assisted PRs",
   "type": "module",
   "main": "dist/index.js",
   "bin": {
@@ -14,7 +14,8 @@
     "prepublishOnly": "npm run build",
     "test": "vitest run",
     "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage"
+    "test:coverage": "vitest run --coverage",
+    "benchmark": "node --import tsx src/benchmark.ts"
   },
   "keywords": [
     "vibe-coding",
@@ -42,6 +43,7 @@
   "devDependencies": {
     "@types/node": "^25.3.0",
     "@vitest/coverage-v8": "^4.0.18",
+    "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.18"
   }

package/packages/vscode-drift/src/code-actions.ts

@@ -0,0 +1,53 @@
+import * as vscode from 'vscode'
+
+function buildRemoveLineEdit(document: vscode.TextDocument, line: number): vscode.WorkspaceEdit {
+  const edit = new vscode.WorkspaceEdit()
+  const targetLine = document.lineAt(line)
+  const start = targetLine.range.start
+  const end = line < document.lineCount - 1
+    ? document.lineAt(line + 1).range.start
+    : targetLine.range.end
+  edit.delete(document.uri, new vscode.Range(start, end))
+  return edit
+}
+
+function buildCatchTodoEdit(document: vscode.TextDocument, line: number): vscode.WorkspaceEdit {
+  const edit = new vscode.WorkspaceEdit()
+  const targetLine = document.lineAt(line)
+  const baseIndent = targetLine.text.match(/^\s*/)?.[0] ?? ''
+  const indent = `${baseIndent}  `
+  edit.insert(document.uri, new vscode.Position(line + 1, 0), `${indent}// TODO: handle error\n`)
+  return edit
+}
+
+export class DriftCodeActionProvider implements vscode.CodeActionProvider {
+  provideCodeActions(
+    document: vscode.TextDocument,
+    _range: vscode.Range,
+    context: vscode.CodeActionContext,
+  ): vscode.CodeAction[] {
+    const actions: vscode.CodeAction[] = []
+
+    for (const diagnostic of context.diagnostics) {
+      if (diagnostic.source !== 'drift') continue
+      const rule = String(diagnostic.code ?? '')
+      const line = diagnostic.range.start.line
+
+      if (rule === 'debug-leftover') {
+        const quickFix = new vscode.CodeAction('drift: remove debug leftover line', vscode.CodeActionKind.QuickFix)
+        quickFix.diagnostics = [diagnostic]
+        quickFix.edit = buildRemoveLineEdit(document, line)
+        actions.push(quickFix)
+      }
+
+      if (rule === 'catch-swallow') {
+        const quickFix = new vscode.CodeAction('drift: add TODO in empty catch', vscode.CodeActionKind.QuickFix)
+        quickFix.diagnostics = [diagnostic]
+        quickFix.edit = buildCatchTodoEdit(document, line)
+        actions.push(quickFix)
+      }
+    }
+
+    return actions
+  }
+}

package/packages/vscode-drift/src/extension.ts

@@ -5,6 +5,7 @@ import { analyzeFilePath } from './analyzer'
 import { DriftDiagnosticsProvider } from './diagnostics'
 import { DriftTreeProvider } from './treeview'
 import { DriftStatusBarItem } from './statusbar'
+import { DriftCodeActionProvider } from './code-actions'
 import type { FileReport } from '@eduardbar/drift'
 
 const SUPPORTED_LANGUAGES = ['typescript', 'typescriptreact', 'javascript', 'javascriptreact']
@@ -87,6 +88,7 @@ export function activate(context: vscode.ExtensionContext): void {
   const diagnostics = new DriftDiagnosticsProvider()
   const treeProvider = new DriftTreeProvider()
   const statusBar = new DriftStatusBarItem()
+  const codeActions = new DriftCodeActionProvider()
 
   const treeView = vscode.window.createTreeView('driftIssues', {
     treeDataProvider: treeProvider,
@@ -121,6 +123,14 @@ export function activate(context: vscode.ExtensionContext): void {
     }
   )
 
+  const codeActionRegistration = vscode.languages.registerCodeActionsProvider(
+    SUPPORTED_LANGUAGES.map((language) => ({ language })),
+    codeActions,
+    {
+      providedCodeActionKinds: [vscode.CodeActionKind.QuickFix],
+    },
+  )
+
   context.subscriptions.push(
     { dispose: () => diagnostics.dispose() },
     { dispose: () => statusBar.dispose() },
@@ -129,6 +139,7 @@ export function activate(context: vscode.ExtensionContext): void {
     scanCmd,
     clearCmd,
     goToCmd,
+    codeActionRegistration,
   )
 }