@eduardbar/drift 1.3.0 → 1.4.0

package/docs/trust-core-release-checklist.md

@@ -8,7 +8,7 @@ Use this checklist before releasing the trust-core milestone.
 - [x] `npm test`
 - [x] `npx --no-install tsx ./src/cli.ts trust . --base origin/master --markdown`
 - [x] `npx --no-install tsx ./src/cli.ts trust . --base origin/master --json-output drift-trust.json`
-- [x] `npx --no-install tsx ./src/cli.ts trust-gate drift-trust.json --min-trust 40 --max-risk HIGH`
+- [x] `npx --no-install tsx ./src/cli.ts trust-gate drift-trust.json --min-trust 45 --max-risk HIGH`
 - [x] `npx --no-install tsx ./src/cli.ts review --base origin/master --comment`
 
 ## 2) CI workflow validation
@@ -36,16 +36,16 @@ Smoke PR runbook:
 
 Default trust gate for this milestone:
 
-- `--min-trust 40`
+- `--min-trust 45`
 - `--max-risk HIGH`
 
 Checks:
 
-- [x] PR fails when trust score is below 40.
+- [x] PR fails when trust score is below 45.
 - [x] PR fails when merge risk is `CRITICAL`.
-- [x] PR passes when trust score is 40+ and merge risk is `LOW`, `MEDIUM`, or `HIGH`.
+- [x] PR passes when trust score is 45+ and merge risk is `LOW`, `MEDIUM`, or `HIGH`.
 
-Calibration evidence from docs-only smoke runs: trust score 49 (PR #11), 46 (PR #12), 41 (PR #13). Gate floor set to 40 to avoid false negatives while still blocking `CRITICAL` risk.
+Calibration evidence from docs-only smoke runs: trust score 49 (PR #11), 46 (PR #12), 41 (PR #13). Gate floor set to 45 to reduce false positives while still blocking weak trust outcomes and `CRITICAL` risk.
 
 ## 4) Narrative and docs acceptance
 
@@ -53,3 +53,35 @@ Calibration evidence from docs-only smoke runs: trust score 49 (PR #11), 46 (PR
 - [x] `package.json` description matches the same positioning.
 - [x] `src/cli.ts` program description matches the same positioning.
 - [x] `ROADMAP.md` no longer contradicts PRD on core vs premium direction.
+
+## 5) SARIF and action v2 readiness
+
+- [x] `scan --format sarif` emits valid SARIF payload with drift rule mapping.
+- [x] `ci --format sarif` emits SARIF without requiring GitHub annotation mode.
+- [x] `diff --format sarif` emits SARIF from `DriftDiff` output.
+- [x] `review --format sarif` emits SARIF from review diff context.
+- [x] `trust --format sarif` emits SARIF based on current trust scan report.
+- [x] CI workflow uploads SARIF artifact in PR runs.
+- [x] Action v2 contracts are aligned with SARIF-capable commands and outputs.
+
+## 6) Trust artifacts and KPI readiness
+
+- [x] Trust command supports split outputs (`--json-output` + selected stdout format).
+- [x] Artifact bundle includes trust JSON, gate result, and trust KPI aggregate.
+- [x] `drift kpi` parses trust artifacts and prints JSON plus optional summary.
+- [x] Trust gate policy behavior documented and calibrated for current milestone.
+
+## 7) Quick smoke runbook (no build)
+
+Run from repository root:
+
+- [x] `node --import tsx ./src/cli.ts scan . --format sarif > .tmp/smoke-scan.sarif`
+- [x] `node --import tsx ./src/cli.ts ci . --format sarif > .tmp/smoke-ci.sarif`
+- [x] `node --import tsx ./src/cli.ts trust . --format sarif > .tmp/smoke-trust.sarif`
+- [x] `node --import tsx ./src/cli.ts review --base HEAD~1 --format sarif > .tmp/smoke-review.sarif`
+
+Validation hints:
+
+- Check each command exits with code `0`.
+- Check each `.sarif` file starts with `{"$schema"` and contains `"runs"`.
+- Keep smoke artifacts out of release commit unless explicitly needed.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eduardbar/drift",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "AI Code Audit CLI for merge trust in AI-assisted PRs",
   "type": "module",
   "main": "dist/index.js",
@@ -15,7 +15,8 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
-    "benchmark": "node --import tsx src/benchmark.ts"
+    "benchmark": "node --import tsx src/benchmark.ts",
+    "smoke:repo": "node ./scripts/smoke-repo.mjs"
   },
   "keywords": [
     "vibe-coding",

package/packages/vscode-drift/src/code-actions.ts

@@ -16,7 +16,7 @@ function buildCatchTodoEdit(document: vscode.TextDocument, line: number): vscode
   const targetLine = document.lineAt(line)
   const baseIndent = targetLine.text.match(/^\s*/)?.[0] ?? ''
   const indent = `${baseIndent}  `
-  edit.insert(document.uri, new vscode.Position(line + 1, 0), `${indent}// TODO: handle error\n`)
+  edit.insert(document.uri, new vscode.Position(line + 1, 0), `${indent}// handle error\n`)
   return edit
 }
 

package/schemas/drift-ai-output.v1.json

@@ -0,0 +1,162 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "schemas/drift-ai-output.v1.json",
+  "title": "drift ai output v1",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "$schema",
+    "toolVersion",
+    "summary",
+    "files_suspected",
+    "priority_order",
+    "maintenance_risk",
+    "quality",
+    "context_for_ai"
+  ],
+  "properties": {
+    "$schema": {
+      "const": "schemas/drift-ai-output.v1.json"
+    },
+    "toolVersion": {
+      "type": "string"
+    },
+    "summary": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "score",
+        "grade",
+        "total_issues",
+        "files_affected",
+        "files_clean",
+        "ai_likelihood",
+        "ai_code_smell_score"
+      ],
+      "properties": {
+        "score": { "type": "number" },
+        "grade": { "type": "string" },
+        "total_issues": { "type": "number" },
+        "files_affected": { "type": "number" },
+        "files_clean": { "type": "number" },
+        "ai_likelihood": { "type": "number" },
+        "ai_code_smell_score": { "type": "number" }
+      }
+    },
+    "files_suspected": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["path", "ai_likelihood", "triggers"],
+        "properties": {
+          "path": { "type": "string" },
+          "ai_likelihood": { "type": "number" },
+          "triggers": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
+        }
+      }
+    },
+    "priority_order": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["rank", "file", "line", "rule", "severity", "message", "snippet", "fix_suggestion", "effort"],
+        "properties": {
+          "rank": { "type": "number" },
+          "file": { "type": "string" },
+          "line": { "type": "number" },
+          "rule": { "type": "string" },
+          "severity": { "type": "string" },
+          "message": { "type": "string" },
+          "snippet": { "type": "string" },
+          "fix_suggestion": { "type": "string" },
+          "effort": { "enum": ["low", "medium", "high"] }
+        }
+      }
+    },
+    "maintenance_risk": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["score", "level", "hotspots", "signals"],
+      "properties": {
+        "score": { "type": "number" },
+        "level": { "enum": ["low", "medium", "high", "critical"] },
+        "hotspots": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": [
+              "file",
+              "driftScore",
+              "complexityIssues",
+              "hasNearbyTests",
+              "changeFrequency",
+              "risk",
+              "reasons"
+            ],
+            "properties": {
+              "file": { "type": "string" },
+              "driftScore": { "type": "number" },
+              "complexityIssues": { "type": "number" },
+              "hasNearbyTests": { "type": "boolean" },
+              "changeFrequency": { "type": "number" },
+              "risk": { "type": "number" },
+              "reasons": {
+                "type": "array",
+                "items": { "type": "string" }
+              }
+            }
+          }
+        },
+        "signals": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["highComplexityFiles", "filesWithoutNearbyTests", "frequentChangeFiles"],
+          "properties": {
+            "highComplexityFiles": { "type": "number" },
+            "filesWithoutNearbyTests": { "type": "number" },
+            "frequentChangeFiles": { "type": "number" }
+          }
+        }
+      }
+    },
+    "quality": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["overall", "dimensions"],
+      "properties": {
+        "overall": { "type": "number" },
+        "dimensions": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["architecture", "complexity", "ai-patterns", "testing"],
+          "properties": {
+            "architecture": { "type": "number" },
+            "complexity": { "type": "number" },
+            "ai-patterns": { "type": "number" },
+            "testing": { "type": "number" }
+          }
+        }
+      }
+    },
+    "context_for_ai": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["project_type", "scan_path", "rules_detected", "recommended_action"],
+      "properties": {
+        "project_type": { "type": "string" },
+        "scan_path": { "type": "string" },
+        "rules_detected": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "recommended_action": { "type": "string" }
+      }
+    }
+  }
+}

package/schemas/drift-report.v1.json

@@ -0,0 +1,151 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "schemas/drift-report.v1.json",
+  "title": "drift report v1",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "$schema",
+    "toolVersion",
+    "scannedAt",
+    "targetPath",
+    "files",
+    "totalIssues",
+    "totalScore",
+    "totalFiles",
+    "summary",
+    "quality",
+    "maintenanceRisk"
+  ],
+  "properties": {
+    "$schema": {
+      "const": "schemas/drift-report.v1.json"
+    },
+    "toolVersion": {
+      "type": "string"
+    },
+    "scannedAt": {
+      "type": "string"
+    },
+    "targetPath": {
+      "type": "string"
+    },
+    "files": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["path", "issues", "score"],
+        "properties": {
+          "path": { "type": "string" },
+          "score": { "type": "number" },
+          "issues": {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "additionalProperties": false,
+              "required": ["rule", "severity", "message", "line", "column", "snippet"],
+              "properties": {
+                "rule": { "type": "string" },
+                "severity": { "enum": ["error", "warning", "info"] },
+                "message": { "type": "string" },
+                "line": { "type": "number" },
+                "column": { "type": "number" },
+                "snippet": { "type": "string" }
+              }
+            }
+          }
+        }
+      }
+    },
+    "totalIssues": {
+      "type": "number"
+    },
+    "totalScore": {
+      "type": "number"
+    },
+    "totalFiles": {
+      "type": "number"
+    },
+    "summary": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["errors", "warnings", "infos", "byRule"],
+      "properties": {
+        "errors": { "type": "number" },
+        "warnings": { "type": "number" },
+        "infos": { "type": "number" },
+        "byRule": {
+          "type": "object",
+          "additionalProperties": { "type": "number" }
+        }
+      }
+    },
+    "quality": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["overall", "dimensions"],
+      "properties": {
+        "overall": { "type": "number" },
+        "dimensions": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["architecture", "complexity", "ai-patterns", "testing"],
+          "properties": {
+            "architecture": { "type": "number" },
+            "complexity": { "type": "number" },
+            "ai-patterns": { "type": "number" },
+            "testing": { "type": "number" }
+          }
+        }
+      }
+    },
+    "maintenanceRisk": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["score", "level", "hotspots", "signals"],
+      "properties": {
+        "score": { "type": "number" },
+        "level": { "enum": ["low", "medium", "high", "critical"] },
+        "hotspots": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": [
+              "file",
+              "driftScore",
+              "complexityIssues",
+              "hasNearbyTests",
+              "changeFrequency",
+              "risk",
+              "reasons"
+            ],
+            "properties": {
+              "file": { "type": "string" },
+              "driftScore": { "type": "number" },
+              "complexityIssues": { "type": "number" },
+              "hasNearbyTests": { "type": "boolean" },
+              "changeFrequency": { "type": "number" },
+              "risk": { "type": "number" },
+              "reasons": {
+                "type": "array",
+                "items": { "type": "string" }
+              }
+            }
+          }
+        },
+        "signals": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["highComplexityFiles", "filesWithoutNearbyTests", "frequentChangeFiles"],
+          "properties": {
+            "highComplexityFiles": { "type": "number" },
+            "filesWithoutNearbyTests": { "type": "number" },
+            "frequentChangeFiles": { "type": "number" }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/drift-trust.v1.json

@@ -0,0 +1,131 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "schemas/drift-trust.v1.json",
+  "title": "drift trust v1",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "$schema",
+    "toolVersion",
+    "scannedAt",
+    "targetPath",
+    "trust_score",
+    "merge_risk",
+    "top_reasons",
+    "fix_priorities"
+  ],
+  "properties": {
+    "$schema": {
+      "const": "schemas/drift-trust.v1.json"
+    },
+    "toolVersion": {
+      "type": "string"
+    },
+    "scannedAt": {
+      "type": "string"
+    },
+    "targetPath": {
+      "type": "string"
+    },
+    "trust_score": {
+      "type": "number"
+    },
+    "merge_risk": {
+      "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
+    },
+    "top_reasons": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["label", "detail", "impact"],
+        "properties": {
+          "label": { "type": "string" },
+          "detail": { "type": "string" },
+          "impact": { "type": "number" }
+        }
+      }
+    },
+    "fix_priorities": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": [
+          "rank",
+          "rule",
+          "severity",
+          "occurrences",
+          "estimated_trust_gain",
+          "effort",
+          "suggestion"
+        ],
+        "properties": {
+          "rank": { "type": "number" },
+          "rule": { "type": "string" },
+          "severity": { "enum": ["error", "warning", "info"] },
+          "occurrences": { "type": "number" },
+          "estimated_trust_gain": { "type": "number" },
+          "effort": { "enum": ["low", "medium", "high"] },
+          "suggestion": { "type": "string" },
+          "confidence": { "enum": ["low", "medium", "high"] },
+          "explanation": { "type": "string" },
+          "systemic": { "type": "boolean" }
+        }
+      }
+    },
+    "diff_context": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "baseRef",
+        "status",
+        "scoreDelta",
+        "newIssues",
+        "resolvedIssues",
+        "filesChanged",
+        "penalty",
+        "bonus",
+        "netImpact"
+      ],
+      "properties": {
+        "baseRef": { "type": "string" },
+        "status": { "enum": ["improved", "regressed", "neutral"] },
+        "scoreDelta": { "type": "number" },
+        "newIssues": { "type": "number" },
+        "resolvedIssues": { "type": "number" },
+        "filesChanged": { "type": "number" },
+        "penalty": { "type": "number" },
+        "bonus": { "type": "number" },
+        "netImpact": { "type": "number" }
+      }
+    },
+    "advanced_context": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["team_guidance"],
+      "properties": {
+        "comparison": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["source", "trend", "summary"],
+          "properties": {
+            "source": { "enum": ["previous-trust-json", "snapshot-history"] },
+            "trend": { "enum": ["improving", "regressing", "stable"] },
+            "summary": { "type": "string" },
+            "trust_delta": { "type": "number" },
+            "previous_trust_score": { "type": "number" },
+            "previous_merge_risk": { "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] },
+            "snapshot_score_delta": { "type": "number" },
+            "snapshot_label": { "type": "string" },
+            "snapshot_timestamp": { "type": "string" }
+          }
+        },
+        "team_guidance": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      }
+    }
+  }
+}