@eduardbar/drift 1.2.0 → 1.3.0

package/src/types.ts

@@ -97,6 +97,137 @@ export interface AIIssue {
   effort: 'low' | 'medium' | 'high'
 }
 
+export type MergeRiskLevel = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL'
+
+export interface TrustGatePolicyPreset {
+  branch: string
+  enabled?: boolean
+  minTrust?: number
+  maxRisk?: MergeRiskLevel
+}
+
+export interface TrustGatePolicyPack {
+  enabled?: boolean
+  minTrust?: number
+  maxRisk?: MergeRiskLevel
+}
+
+export interface TrustGatePolicyConfig {
+  enabled?: boolean
+  minTrust?: number
+  maxRisk?: MergeRiskLevel
+  presets?: TrustGatePolicyPreset[]
+  policyPacks?: Record<string, TrustGatePolicyPack>
+}
+
+export interface TrustReason {
+  label: string
+  detail: string
+  impact: number
+}
+
+export interface TrustFixPriority {
+  rank: number
+  rule: string
+  severity: DriftIssue['severity']
+  occurrences: number
+  estimated_trust_gain: number
+  effort: 'low' | 'medium' | 'high'
+  suggestion: string
+  confidence?: 'low' | 'medium' | 'high'
+  explanation?: string
+  systemic?: boolean
+}
+
+export interface TrustAdvancedComparison {
+  source: 'previous-trust-json' | 'snapshot-history'
+  trend: 'improving' | 'regressing' | 'stable'
+  summary: string
+  trust_delta?: number
+  previous_trust_score?: number
+  previous_merge_risk?: MergeRiskLevel
+  snapshot_score_delta?: number
+  snapshot_label?: string
+  snapshot_timestamp?: string
+}
+
+export interface TrustAdvancedContext {
+  comparison?: TrustAdvancedComparison
+  team_guidance: string[]
+}
+
+export interface TrustDiffContext {
+  baseRef: string
+  status: 'improved' | 'regressed' | 'neutral'
+  scoreDelta: number
+  newIssues: number
+  resolvedIssues: number
+  filesChanged: number
+  penalty: number
+  bonus: number
+  netImpact: number
+}
+
+export interface DriftTrustReport {
+  scannedAt: string
+  targetPath: string
+  trust_score: number
+  merge_risk: MergeRiskLevel
+  top_reasons: TrustReason[]
+  fix_priorities: TrustFixPriority[]
+  diff_context?: TrustDiffContext
+  advanced_context?: TrustAdvancedContext
+}
+
+export interface TrustKpiDiagnostic {
+  level: 'warning' | 'error'
+  code: 'path-not-found' | 'path-not-supported' | 'read-failed' | 'parse-failed' | 'invalid-shape' | 'invalid-diff-context'
+  message: string
+  file?: string
+}
+
+export interface TrustScoreStats {
+  average: number | null
+  median: number | null
+  min: number | null
+  max: number | null
+}
+
+export interface TrustDiffTrendSummary {
+  available: boolean
+  samples: number
+  statusDistribution: {
+    improved: number
+    regressed: number
+    neutral: number
+  }
+  scoreDelta: {
+    average: number | null
+    median: number | null
+  }
+  issues: {
+    newTotal: number
+    resolvedTotal: number
+    netNew: number
+  }
+}
+
+export interface TrustKpiReport {
+  generatedAt: string
+  input: string
+  files: {
+    matched: number
+    parsed: number
+    malformed: number
+  }
+  prsEvaluated: number
+  mergeRiskDistribution: Record<MergeRiskLevel, number>
+  trustScore: TrustScoreStats
+  highRiskRatio: number | null
+  diffTrend: TrustDiffTrendSummary
+  diagnostics: TrustKpiDiagnostic[]
+}
+
 // ---------------------------------------------------------------------------
 // Configuration
 // ---------------------------------------------------------------------------
@@ -127,6 +258,7 @@ export interface DriftConfig {
   layers?: LayerDefinition[]
   modules?: ModuleBoundary[]
   plugins?: string[]
+  performance?: DriftPerformanceConfig
   architectureRules?: {
     controllerNoDb?: boolean
     serviceNoHttp?: boolean
@@ -137,7 +269,31 @@ export interface DriftConfig {
     maxRunsPerWorkspacePerMonth?: number
     maxReposPerWorkspace?: number
     retentionDays?: number
+    strictActorEnforcement?: boolean
+    maxWorkspacesPerOrganizationByPlan?: {
+      free?: number
+      sponsor?: number
+      team?: number
+      business?: number
+    }
   }
+  trustGate?: TrustGatePolicyConfig
+}
+
+export interface DriftPerformanceConfig {
+  lowMemory?: boolean
+  chunkSize?: number
+  maxFiles?: number
+  maxFileSizeKb?: number
+  includeSemanticDuplication?: boolean
+}
+
+export interface DriftAnalysisOptions {
+  lowMemory?: boolean
+  chunkSize?: number
+  maxFiles?: number
+  maxFileSizeKb?: number
+  includeSemanticDuplication?: boolean
 }
 
 export interface PluginRuleContext {
@@ -147,14 +303,18 @@ export interface PluginRuleContext {
 }
 
 export interface DriftPluginRule {
+  id?: string
   name: string
   severity?: DriftIssue['severity']
   weight?: number
   detect: (file: SourceFile, context: PluginRuleContext) => DriftIssue[]
+  fix?: (issue: DriftIssue, file: SourceFile, context: PluginRuleContext) => DriftIssue | void
 }
 
 export interface DriftPlugin {
   name: string
+  apiVersion?: number
+  capabilities?: Record<string, string | number | boolean>
   rules: DriftPluginRule[]
 }
 
@@ -165,6 +325,17 @@ export interface LoadedPlugin {
 
 export interface PluginLoadError {
   pluginId: string
+  pluginName?: string
+  ruleId?: string
+  code?: string
+  message: string
+}
+
+export interface PluginLoadWarning {
+  pluginId: string
+  pluginName?: string
+  ruleId?: string
+  code?: string
   message: string
 }
 

package/tests/diff.test.ts

@@ -0,0 +1,124 @@
+import { describe, expect, it } from 'vitest'
+import { computeDiff } from '../src/diff.js'
+import type { DriftIssue, DriftReport } from '../src/types.js'
+
+function createReport(pathPrefix: string): DriftReport {
+  return {
+    scannedAt: new Date().toISOString(),
+    targetPath: pathPrefix,
+    files: [
+      {
+        path: `${pathPrefix}/src/a.ts`,
+        score: 10,
+        issues: [
+          {
+            rule: 'magic-number',
+            severity: 'info',
+            message: 'Magic number 42 used directly in logic. Extract to a named constant.',
+            line: 4,
+            column: 10,
+            snippet: 'const answer = 42',
+          },
+        ],
+      },
+    ],
+    totalIssues: 1,
+    totalScore: 10,
+    totalFiles: 1,
+    summary: {
+      errors: 0,
+      warnings: 0,
+      infos: 1,
+      byRule: {
+        'magic-number': 1,
+      },
+    },
+    quality: {
+      overall: 90,
+      dimensions: {
+        architecture: 100,
+        complexity: 90,
+        'ai-patterns': 90,
+        testing: 100,
+      },
+    },
+    maintenanceRisk: {
+      score: 10,
+      level: 'low',
+      hotspots: [],
+      signals: {
+        highComplexityFiles: 0,
+        filesWithoutNearbyTests: 0,
+        frequentChangeFiles: 0,
+      },
+    },
+  }
+}
+
+function withIssues(report: DriftReport, issues: DriftIssue[]): DriftReport {
+  return {
+    ...report,
+    files: report.files.map((file, index) => {
+      if (index !== 0) return file
+      return {
+        ...file,
+        issues,
+      }
+    }),
+    totalIssues: issues.length,
+  }
+}
+
+describe('computeDiff', () => {
+  it('treats slash and backslash file paths as the same file', () => {
+    const base = createReport('C:/repo')
+    const current = createReport('C:\\repo')
+
+    const diff = computeDiff(base, current, 'origin/main')
+
+    expect(diff.files).toHaveLength(0)
+    expect(diff.newIssuesCount).toBe(0)
+    expect(diff.resolvedIssuesCount).toBe(0)
+    expect(diff.totalDelta).toBe(0)
+  })
+
+  it('does not create churn for LF vs CRLF snippets and column noise', () => {
+    const base = createReport('C:/repo')
+    const current = withIssues(createReport('C:/repo'), [
+      {
+        ...base.files[0].issues[0],
+        column: 12,
+        snippet: 'const answer = 42\r\n',
+      },
+    ])
+
+    const diff = computeDiff(base, current, 'origin/main')
+
+    expect(diff.files).toHaveLength(0)
+    expect(diff.newIssuesCount).toBe(0)
+    expect(diff.resolvedIssuesCount).toBe(0)
+    expect(diff.totalDelta).toBe(0)
+  })
+
+  it('still detects genuinely new issues', () => {
+    const base = createReport('C:/repo')
+    const current = withIssues(createReport('C:/repo'), [
+      ...base.files[0].issues,
+      {
+        rule: 'any-abuse',
+        severity: 'warning',
+        message: 'Avoid using any type. Use a specific type or unknown and narrow it safely.',
+        line: 6,
+        column: 9,
+        snippet: 'const value: any = source',
+      },
+    ])
+
+    const diff = computeDiff(base, current, 'origin/main')
+
+    expect(diff.files).toHaveLength(1)
+    expect(diff.newIssuesCount).toBe(1)
+    expect(diff.resolvedIssuesCount).toBe(0)
+    expect(diff.files[0]?.newIssues[0]?.rule).toBe('any-abuse')
+  })
+})

package/tests/new-features.test.ts

@@ -177,4 +177,75 @@ describe('new feature MVP', () => {
     expect(write.length).toBeGreaterThan(0)
     expect(readFileSync(file, 'utf8')).not.toContain('console.log')
   })
+
+  it('supports low-memory chunked analysis with cross-file rules', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-low-memory-'))
+    writeFileSync(join(tmpDir, 'a.ts'), "import { b } from './b.js'\nexport const a = b\n")
+    writeFileSync(join(tmpDir, 'b.ts'), "import { a } from './a.js'\nexport const b = a\n")
+
+    const fullRules = new Set(analyzeProject(tmpDir).flatMap((report) => report.issues.map((issue) => issue.rule)))
+    const lowMemoryRules = new Set(
+      analyzeProject(tmpDir, undefined, { lowMemory: true, chunkSize: 1, includeSemanticDuplication: true })
+        .flatMap((report) => report.issues.map((issue) => issue.rule)),
+    )
+
+    expect(fullRules.has('circular-dependency')).toBe(true)
+    expect(lowMemoryRules.has('circular-dependency')).toBe(true)
+  })
+
+  it('adds diagnostics when max file size guardrail skips files', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-max-file-size-'))
+    writeFileSync(join(tmpDir, 'small.ts'), 'export const ok = 1\n')
+    writeFileSync(join(tmpDir, 'big.ts'), `export const payload = '${'x'.repeat(5000)}'\n`)
+
+    const reports = analyzeProject(tmpDir, undefined, { maxFileSizeKb: 1 })
+    const skipIssues = reports.flatMap((report) => report.issues.filter((issue) => issue.rule === 'analysis-skip-file-size'))
+
+    expect(skipIssues.length).toBeGreaterThan(0)
+    expect(skipIssues[0].message).toContain('maxFileSizeKb')
+  })
+
+  it('adds diagnostics when max files guardrail skips files', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-max-files-'))
+    writeFileSync(join(tmpDir, 'a.ts'), 'export const a = 1\n')
+    writeFileSync(join(tmpDir, 'b.ts'), 'export const b = 2\n')
+    writeFileSync(join(tmpDir, 'c.ts'), 'export const c = 3\n')
+
+    const reports = analyzeProject(tmpDir, undefined, { maxFiles: 1 })
+    const skipped = reports.flatMap((report) => report.issues.filter((issue) => issue.rule === 'analysis-skip-max-files'))
+
+    expect(skipped).toHaveLength(2)
+  })
+
+  it('disables semantic duplication by default in low-memory mode but keeps opt-in', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-low-memory-semantic-'))
+    const functionA = [
+      'export function same(x: number): number {',
+      '  const a = x + 1',
+      '  const b = a * 2',
+      '  const c = b - 3',
+      '  const d = c + 4',
+      '  const e = d * 5',
+      '  const f = e - 6',
+      '  const g = f + 7',
+      '  return g',
+      '}',
+    ].join('\n')
+    const functionB = functionA
+      .replace('same', 'same2')
+      .replace(/\bx\b/g, 'n')
+
+    writeFileSync(join(tmpDir, 'a.ts'), `${functionA}\n`)
+    writeFileSync(join(tmpDir, 'b.ts'), `${functionB}\n`)
+
+    const lowMemoryDefault = analyzeProject(tmpDir, undefined, { lowMemory: true })
+      .flatMap((report) => report.issues.map((issue) => issue.rule))
+    const lowMemoryWithSemantic = analyzeProject(tmpDir, undefined, {
+      lowMemory: true,
+      includeSemanticDuplication: true,
+    }).flatMap((report) => report.issues.map((issue) => issue.rule))
+
+    expect(lowMemoryDefault).not.toContain('semantic-duplication')
+    expect(lowMemoryWithSemantic).toContain('semantic-duplication')
+  })
 })

package/tests/plugins.test.ts

@@ -0,0 +1,219 @@
+import { describe, it, expect, afterEach } from 'vitest'
+import { mkdtempSync, rmSync, writeFileSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { analyzeProject } from '../src/analyzer.js'
+
+describe('plugin contract hardening', () => {
+  let tmpDir = ''
+
+  afterEach(() => {
+    if (tmpDir) rmSync(tmpDir, { recursive: true, force: true })
+    tmpDir = ''
+  })
+
+  it('keeps legacy plugins compatible when apiVersion is missing', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-legacy-compatible-'))
+    writeFileSync(join(tmpDir, 'index.ts'), 'export const foo = 1\n')
+    writeFileSync(join(tmpDir, 'legacy-plugin.js'), [
+      'module.exports = {',
+      "  name: 'legacy-plugin',",
+      '  rules: [',
+      '    {',
+      "      id: 'no-foo-export',",
+      "      severity: 'error',",
+      '      weight: 12,',
+      '      detect(file) {',
+      "        if (!file.getFullText().includes('foo')) return []",
+      '        return [{',
+      "          message: 'Avoid exporting foo',",
+      '          line: 1,',
+      '          column: 1,',
+      "          snippet: 'export const foo = 1',",
+      '        }]',
+      '      }',
+      '    },',
+      '    {',
+      "      id: 'Legacy Rule Name',",
+      '      detect() { return [] }',
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./legacy-plugin.js'],
+    })
+
+    const allIssues = reports.flatMap((report) => report.issues)
+    expect(allIssues.some((issue) => issue.rule === 'legacy-plugin/no-foo-export')).toBe(true)
+    expect(allIssues.some((issue) => issue.rule === 'plugin-error')).toBe(false)
+    expect(allIssues.some((issue) => issue.rule === 'plugin-warning' && issue.message.includes('[plugin-api-version-implicit]'))).toBe(true)
+    expect(allIssues.some((issue) => issue.rule === 'plugin-warning' && issue.message.includes('[plugin-rule-id-format-legacy]'))).toBe(true)
+  })
+
+  it('reports actionable diagnostics for invalid plugin contract', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-invalid-contract-'))
+    writeFileSync(join(tmpDir, 'index.ts'), 'export const ok = true\n')
+    writeFileSync(join(tmpDir, 'broken-plugin.js'), [
+      'module.exports = {',
+      "  name: 'broken-plugin',",
+      "  apiVersion: 1,",
+      '  rules: [',
+      '    {',
+      "      name: 'broken rule id',",
+      "      severity: 'fatal',",
+      '      weight: 999,',
+      "      detect: 'not-a-function',",
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./broken-plugin.js'],
+    })
+
+    const pluginIssues = reports
+      .flatMap((report) => report.issues)
+      .filter((issue) => issue.rule === 'plugin-error')
+
+    expect(pluginIssues.length).toBeGreaterThan(0)
+    expect(pluginIssues.some((issue) => issue.message.includes('broken-plugin.js'))).toBe(true)
+    expect(pluginIssues.some((issue) => issue.message.includes('[plugin-rule-detect-invalid]'))).toBe(true)
+  })
+
+  it('rejects plugins with unsupported apiVersion', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-version-mismatch-'))
+    writeFileSync(join(tmpDir, 'index.ts'), 'export const ok = true\n')
+    writeFileSync(join(tmpDir, 'version-mismatch-plugin.js'), [
+      'module.exports = {',
+      "  name: 'version-mismatch-plugin',",
+      '  apiVersion: 99,',
+      '  rules: [',
+      '    {',
+      "      id: 'valid-rule-id',",
+      '      detect() { return [] }',
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./version-mismatch-plugin.js'],
+    })
+
+    const issues = reports.flatMap((report) => report.issues)
+    expect(issues.some((issue) => issue.rule === 'plugin-error' && issue.message.includes('[plugin-api-version-unsupported]'))).toBe(true)
+    expect(issues.some((issue) => issue.rule === 'version-mismatch-plugin/valid-rule-id')).toBe(false)
+  })
+
+  it('rejects plugins with invalid apiVersion format', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-version-invalid-'))
+    writeFileSync(join(tmpDir, 'index.ts'), 'export const ok = true\n')
+    writeFileSync(join(tmpDir, 'version-invalid-plugin.js'), [
+      'module.exports = {',
+      "  name: 'version-invalid-plugin',",
+      "  apiVersion: '1',",
+      '  rules: [',
+      '    {',
+      "      id: 'valid-rule-id',",
+      '      detect() { return [] }',
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./version-invalid-plugin.js'],
+    })
+
+    const issues = reports.flatMap((report) => report.issues)
+    expect(issues.some((issue) => issue.rule === 'plugin-error' && issue.message.includes('[plugin-api-version-invalid]'))).toBe(true)
+    expect(issues.some((issue) => issue.rule === 'version-invalid-plugin/valid-rule-id')).toBe(false)
+  })
+
+  it('rejects duplicate rule IDs within the same plugin', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-duplicate-rules-'))
+    writeFileSync(join(tmpDir, 'index.ts'), 'export const ok = true\n')
+    writeFileSync(join(tmpDir, 'duplicate-rules-plugin.js'), [
+      'module.exports = {',
+      "  name: 'duplicate-rules-plugin',",
+      '  apiVersion: 1,',
+      '  rules: [',
+      '    {',
+      "      id: 'duplicate-rule',",
+      '      detect() {',
+      '        return [{',
+      "          message: 'first duplicate still runs',",
+      '          line: 1,',
+      '          column: 1,',
+      "          snippet: 'export const ok = true',",
+      '        }]',
+      '      }',
+      '    },',
+      '    {',
+      "      id: 'duplicate-rule',",
+      '      detect() { return [] }',
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./duplicate-rules-plugin.js'],
+    })
+
+    const issues = reports.flatMap((report) => report.issues)
+    expect(issues.some((issue) => issue.rule === 'plugin-error' && issue.message.includes('[plugin-rule-id-duplicate]'))).toBe(true)
+    expect(issues.some((issue) => issue.rule === 'duplicate-rules-plugin/duplicate-rule')).toBe(true)
+  })
+
+  it('isolates plugin runtime failures and continues analysis', () => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'drift-plugin-runtime-isolation-'))
+    writeFileSync(join(tmpDir, 'index.ts'), [
+      'export function run(input: any) {',
+      '  return input',
+      '}',
+    ].join('\n'))
+    writeFileSync(join(tmpDir, 'mixed-plugin.js'), [
+      'module.exports = {',
+      "  name: 'mixed-plugin',",
+      '  apiVersion: 1,',
+      '  capabilities: {',
+      '    fixes: true,',
+      '    runtimeSafe: true',
+      '  },',
+      '  rules: [',
+      '    {',
+      "      name: 'throwing-rule',",
+      '      detect() {',
+      "        throw new Error('boom')",
+      '      }',
+      '    },',
+      '    {',
+      "      name: 'safe-rule',",
+      '      detect() {',
+      '        return [{',
+      "          message: 'Safe rule still runs',",
+      '          line: 1,',
+      '          column: 1,',
+      "          snippet: 'export function run(input: any)',",
+      '        }]',
+      '      }',
+      '    }',
+      '  ]',
+      '}',
+    ].join('\n'))
+
+    const reports = analyzeProject(tmpDir, {
+      plugins: ['./mixed-plugin.js'],
+    })
+
+    const rules = reports.flatMap((report) => report.issues.map((issue) => issue.rule))
+    expect(rules).toContain('mixed-plugin/safe-rule')
+    expect(rules).toContain('plugin-error')
+    expect(rules).toContain('any-abuse')
+    expect(rules).not.toContain('plugin-warning')
+  })
+})

package/tests/rules.test.ts

@@ -124,6 +124,17 @@ describe('dead-code', () => {
     const code = `import fs from 'fs'\nconst x = 1`
     expect(getRules(code)).not.toContain('dead-code')
   })
+
+  it('keeps used named imports clean even with many identifiers', () => {
+    const code = [
+      `import { join } from 'path'`,
+      `const a = 'x'`,
+      `const b = 'y'`,
+      `const c = 'z'`,
+      `const p = join(a, b + c)`,
+    ].join('\n')
+    expect(getRules(code)).not.toContain('dead-code')
+  })
 })
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -262,6 +273,12 @@ describe('high-complexity', () => {
 }`
     expect(getRules(code)).toContain('high-complexity')
   })
+
+  it('detects high complexity in class methods', () => {
+    const ifs = Array.from({ length: 11 }, (_, i) => `      if (x === ${i}) return ${i}`).join('\n')
+    const code = `class C {\n  run(x: number): number {\n${ifs}\n    return -1\n  }\n}`
+    expect(getRules(code)).toContain('high-complexity')
+  })
 })
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -344,6 +361,11 @@ describe('too-many-params', () => {
     const code = `const fn = (a: string, b: number, c: boolean, d: string, e: number): void => {}`
     expect(getRules(code)).toContain('too-many-params')
   })
+
+  it('detects class method with too many params', () => {
+    const code = `class C {\n  run(a: string, b: number, c: boolean, d: string, e: number): void {}\n}`
+    expect(getRules(code)).toContain('too-many-params')
+  })
 })
 
 // ─────────────────────────────────────────────────────────────────────────────
@@ -685,7 +707,7 @@ abstract class Processor {
   abstract process(x: number): void
 }
 `
-    expect(getRules(code2, 'src/processor.ts')).toContain('unnecessary-abstraction')
+    expect(getRules(code2, undefined, 'src/processor.ts')).toContain('unnecessary-abstraction')
   })
 })