npm - @eduardbar/drift - Versions diffs - 1.3.0 → 1.4.0 - Mend

@eduardbar/drift 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (168) hide show

package/.gga +50 -0
package/.github/actions/drift-review/README.md +60 -0
package/.github/actions/drift-review/action.yml +131 -0
package/.github/actions/drift-scan/README.md +28 -32
package/.github/actions/drift-scan/action.yml +78 -14
package/.github/workflows/review-pr.yml +34 -41
package/AGENTS.md +75 -251
package/CHANGELOG.md +28 -0
package/README.md +148 -41
package/dist/benchmark.d.ts +1 -1
package/dist/benchmark.js +71 -52
package/dist/cli.js +243 -8
package/dist/config.js +16 -2
package/dist/diff.js +42 -50
package/dist/doctor.d.ts +5 -0
package/dist/doctor.js +133 -0
package/dist/format.d.ts +17 -0
package/dist/format.js +45 -0
package/dist/guard-types.d.ts +57 -0
package/dist/guard-types.js +2 -0
package/dist/guard.d.ts +14 -0
package/dist/guard.js +239 -0
package/dist/index.d.ts +10 -3
package/dist/index.js +4 -1
package/dist/init.d.ts +15 -0
package/dist/init.js +273 -0
package/dist/map-cycles.d.ts +2 -0
package/dist/map-cycles.js +34 -0
package/dist/map-svg.d.ts +19 -0
package/dist/map-svg.js +97 -0
package/dist/map.js +78 -138
package/dist/metrics.js +70 -55
package/dist/output-metadata.d.ts +13 -0
package/dist/output-metadata.js +17 -0
package/dist/plugins-capabilities.d.ts +4 -0
package/dist/plugins-capabilities.js +21 -0
package/dist/plugins-messages.d.ts +10 -0
package/dist/plugins-messages.js +16 -0
package/dist/plugins-rules.d.ts +9 -0
package/dist/plugins-rules.js +137 -0
package/dist/plugins.d.ts +1 -1
package/dist/plugins.js +45 -142
package/dist/reporter-constants.d.ts +16 -0
package/dist/reporter-constants.js +39 -0
package/dist/reporter.d.ts +3 -3
package/dist/reporter.js +35 -55
package/dist/review.d.ts +2 -1
package/dist/review.js +2 -1
package/dist/rules/phase3-configurable.js +23 -15
package/dist/saas/constants.d.ts +15 -0
package/dist/saas/constants.js +48 -0
package/dist/saas/dashboard.d.ts +8 -0
package/dist/saas/dashboard.js +132 -0
package/dist/saas/errors.d.ts +19 -0
package/dist/saas/errors.js +37 -0
package/dist/saas/helpers.d.ts +21 -0
package/dist/saas/helpers.js +110 -0
package/dist/saas/ingest.d.ts +3 -0
package/dist/saas/ingest.js +249 -0
package/dist/saas/organization.d.ts +5 -0
package/dist/saas/organization.js +82 -0
package/dist/saas/plan-change.d.ts +10 -0
package/dist/saas/plan-change.js +15 -0
package/dist/saas/store.d.ts +21 -0
package/dist/saas/store.js +159 -0
package/dist/saas/types.d.ts +191 -0
package/dist/saas/types.js +2 -0
package/dist/saas.d.ts +8 -218
package/dist/saas.js +7 -761
package/dist/sarif.d.ts +74 -0
package/dist/sarif.js +122 -0
package/dist/trust-advanced.d.ts +14 -0
package/dist/trust-advanced.js +65 -0
package/dist/trust-kpi-fs.d.ts +3 -0
package/dist/trust-kpi-fs.js +141 -0
package/dist/trust-kpi-parse.d.ts +7 -0
package/dist/trust-kpi-parse.js +186 -0
package/dist/trust-kpi-types.d.ts +16 -0
package/dist/trust-kpi-types.js +2 -0
package/dist/trust-kpi.d.ts +1 -3
package/dist/trust-kpi.js +6 -266
package/dist/trust-policy.d.ts +32 -0
package/dist/trust-policy.js +160 -0
package/dist/trust-render.d.ts +9 -0
package/dist/trust-render.js +54 -0
package/dist/trust-scoring.d.ts +9 -0
package/dist/trust-scoring.js +208 -0
package/dist/trust.d.ts +4 -32
package/dist/trust.js +29 -432
package/dist/types/app.d.ts +30 -0
package/dist/types/app.js +2 -0
package/dist/types/config.d.ts +25 -0
package/dist/types/config.js +2 -0
package/dist/types/core.d.ts +100 -0
package/dist/types/core.js +2 -0
package/dist/types/diff.d.ts +55 -0
package/dist/types/diff.js +2 -0
package/dist/types/plugin.d.ts +41 -0
package/dist/types/plugin.js +2 -0
package/dist/types/trust.d.ts +120 -0
package/dist/types/trust.js +2 -0
package/dist/types.d.ts +8 -365
package/docs/release-notes-draft.md +40 -0
package/docs/rules-catalog.md +49 -0
package/docs/trust-core-release-checklist.md +37 -5
package/package.json +3 -2
package/packages/vscode-drift/src/code-actions.ts +1 -1
package/schemas/drift-ai-output.v1.json +162 -0
package/schemas/drift-report.v1.json +151 -0
package/schemas/drift-trust.v1.json +131 -0
package/scripts/smoke-repo.mjs +394 -0
package/src/benchmark.ts +75 -53
package/src/cli.ts +285 -13
package/src/config.ts +19 -2
package/src/diff.ts +57 -48
package/src/doctor.ts +173 -0
package/src/format.ts +81 -0
package/src/guard-types.ts +64 -0
package/src/guard.ts +324 -0
package/src/index.ts +35 -0
package/src/init.ts +298 -0
package/src/map-cycles.ts +38 -0
package/src/map-svg.ts +124 -0
package/src/map.ts +111 -142
package/src/metrics.ts +78 -59
package/src/output-metadata.ts +30 -0
package/src/plugins-capabilities.ts +36 -0
package/src/plugins-messages.ts +35 -0
package/src/plugins-rules.ts +296 -0
package/src/plugins.ts +76 -283
package/src/reporter-constants.ts +46 -0
package/src/reporter.ts +64 -65
package/src/review.ts +4 -2
package/src/rules/phase3-configurable.ts +39 -26
package/src/saas/constants.ts +56 -0
package/src/saas/dashboard.ts +172 -0
package/src/saas/errors.ts +45 -0
package/src/saas/helpers.ts +140 -0
package/src/saas/ingest.ts +278 -0
package/src/saas/organization.ts +99 -0
package/src/saas/plan-change.ts +19 -0
package/src/saas/store.ts +172 -0
package/src/saas/types.ts +216 -0
package/src/saas.ts +49 -1031
package/src/sarif.ts +232 -0
package/src/trust-advanced.ts +99 -0
package/src/trust-kpi-fs.ts +169 -0
package/src/trust-kpi-parse.ts +219 -0
package/src/trust-kpi-types.ts +19 -0
package/src/trust-kpi.ts +8 -316
package/src/trust-policy.ts +246 -0
package/src/trust-render.ts +61 -0
package/src/trust-scoring.ts +231 -0
package/src/trust.ts +62 -576
package/src/types/app.ts +30 -0
package/src/types/config.ts +27 -0
package/src/types/core.ts +105 -0
package/src/types/diff.ts +61 -0
package/src/types/plugin.ts +46 -0
package/src/types/trust.ts +134 -0
package/src/types.ts +78 -409
package/tests/cli-sarif.test.ts +92 -0
package/tests/format.test.ts +157 -0
package/tests/new-features.test.ts +10 -2
package/tests/phase1-init-doctor-guard.test.ts +199 -0
package/tests/sarif.test.ts +160 -0
package/tests/trust-kpi.test.ts +31 -4
package/tests/trust.test.ts +18 -0

package/src/trust-scoring.ts ADDED Viewed

@@ -0,0 +1,231 @@
+import { RULE_WEIGHTS } from './analyzer.js'
+import type { DriftDiff, DriftReport, MergeRiskLevel, TrustDiffContext, TrustFixPriority, TrustReason } from './types.js'
+const ARCHITECTURE_RULES = new Set([
+  'circular-dependency',
+  'layer-violation',
+  'cross-boundary-import',
+  'controller-no-db',
+  'service-no-http',
+])
+const RULE_SUGGESTIONS: Record<string, string> = {
+  'circular-dependency': 'Break cycles first to reduce hidden merge blast radius.',
+  'layer-violation': 'Fix layer violations to keep architecture boundaries enforceable.',
+  'high-complexity': 'Split branch-heavy functions before adding more logic.',
+  'deep-nesting': 'Flatten control flow with early returns.',
+  'large-file': 'Split monolithic files by responsibility before merge.',
+  'large-function': 'Extract smaller functions to reduce review complexity.',
+  'catch-swallow': 'Handle or rethrow swallowed errors to avoid silent failures.',
+  'debug-leftover': 'Remove debug leftovers from production paths.',
+  'semantic-duplication': 'Consolidate duplicated logic to prevent divergent fixes.',
+  'dead-file': 'Delete or wire dead files to avoid stale merge artifacts.',
+}
+const SYSTEMIC_RULES = new Set([
+  'circular-dependency',
+  'layer-violation',
+  'cross-boundary-import',
+  'unused-export',
+  'unused-dependency',
+  'dead-file',
+  'semantic-duplication',
+  'controller-no-db',
+  'service-no-http',
+])
+const TRUST_LOW_MIN = 80
+const TRUST_MEDIUM_MIN = 60
+const TRUST_HIGH_MIN = 40
+const DRIFT_PRESSURE_FACTOR = 0.55
+const ERROR_IMPACT_CAP = 22
+const ERROR_IMPACT_FACTOR = 4
+const ARCHITECTURE_IMPACT_CAP = 24
+const ARCHITECTURE_IMPACT_FACTOR = 6
+const HOTSPOT_IMPACT_CAP = 25
+const HOTSPOT_IMPACT_FACTOR = 0.25
+const WORST_FILE_IMPACT_CAP = 15
+const WORST_FILE_IMPACT_FACTOR = 0.15
+const TOP_REASONS_LIMIT = 4
+const EFFORT_LOW_MAX_WEIGHT = 6
+const EFFORT_MEDIUM_MAX_WEIGHT = 12
+const SCORE_REGRESSION_PENALTY_FACTOR = 2
+const NEW_ISSUE_PENALTY_FACTOR = 3
+const CHURN_FILE_THRESHOLD = 15
+const CHURN_PENALTY = 4
+const PENALTY_CAP = 30
+const RESOLVED_ISSUE_BONUS_FACTOR = 2
+const BONUS_CAP = 20
+const SEVERITY_ERROR_SCORE = 4
+const SEVERITY_WARNING_SCORE = 2
+const SEVERITY_INFO_SCORE = 1
+const PRIORITY_OCCURRENCE_FACTOR = 2
+const SYSTEMIC_CONFIDENCE_BOOST = 2
+const CONFIDENCE_HIGH_MIN = 12
+const CONFIDENCE_MEDIUM_MIN = 7
+const DEFAULT_WEIGHT_CONFIG = { severity: 'warning' as const, weight: EFFORT_LOW_MAX_WEIGHT }
+const SEVERITY_BOOST_ERROR = 25
+const SEVERITY_BOOST_WARNING = 12
+const SEVERITY_BOOST_INFO = 4
+const SYSTEMIC_PRIORITY_BOOST = 25
+const TRUST_GAIN_MAX = 30
+const TRUST_GAIN_MIN = 3
+const TRUST_GAIN_DIVISOR = 4
+const FIX_PRIORITIES_LIMIT = 5
+export const TOP_REASONS_SLICE = TOP_REASONS_LIMIT
+export function clamp(value: number, min: number, max: number): number {
+  return Math.max(min, Math.min(max, value))
+}
+export function toMergeRisk(trustScore: number): MergeRiskLevel {
+  if (trustScore >= TRUST_LOW_MIN) return 'LOW'
+  if (trustScore >= TRUST_MEDIUM_MIN) return 'MEDIUM'
+  if (trustScore >= TRUST_HIGH_MIN) return 'HIGH'
+  return 'CRITICAL'
+}
+export function computeReasons(report: DriftReport): TrustReason[] {
+  const architectureIssues = Object.entries(report.summary.byRule)
+    .filter(([rule]) => ARCHITECTURE_RULES.has(rule))
+    .reduce((sum, [, count]) => sum + count, 0)
+  const worstHotspot = report.maintenanceRisk.hotspots[0]
+  const reasons: TrustReason[] = [
+    {
+      label: 'Drift score pressure',
+      detail: `Repository drift score is ${report.totalScore}/100.`,
+      impact: Math.round(report.totalScore * DRIFT_PRESSURE_FACTOR),
+    },
+    {
+      label: 'Error-level issues',
+      detail: `${report.summary.errors} error issue(s) increase merge volatility.`,
+      impact: Math.min(ERROR_IMPACT_CAP, report.summary.errors * ERROR_IMPACT_FACTOR),
+    },
+    {
+      label: 'Architecture signals',
+      detail: `${architectureIssues} architecture-related issue(s) detected.`,
+      impact: Math.min(ARCHITECTURE_IMPACT_CAP, architectureIssues * ARCHITECTURE_IMPACT_FACTOR),
+    },
+    {
+      label: 'Maintenance hotspots',
+      detail: `Maintenance risk is ${report.maintenanceRisk.level.toUpperCase()} (${report.maintenanceRisk.score}/100).`,
+      impact: Math.min(HOTSPOT_IMPACT_CAP, Math.round(report.maintenanceRisk.score * HOTSPOT_IMPACT_FACTOR)),
+    },
+    {
+      label: 'Highest-risk file',
+      detail: worstHotspot
+        ? `${worstHotspot.file} has hotspot risk ${worstHotspot.risk}/100.`
+        : 'No hotspot concentration detected.',
+      impact: worstHotspot ? Math.min(WORST_FILE_IMPACT_CAP, Math.round(worstHotspot.risk * WORST_FILE_IMPACT_FACTOR)) : 0,
+    },
+  ]
+  return reasons
+    .filter((reason) => reason.impact > 0)
+    .sort((a, b) => b.impact - a.impact)
+    .slice(0, TOP_REASONS_LIMIT)
+}
+function effortFromWeight(weight: number): 'low' | 'medium' | 'high' {
+  if (weight <= EFFORT_LOW_MAX_WEIGHT) return 'low'
+  if (weight <= EFFORT_MEDIUM_MAX_WEIGHT) return 'medium'
+  return 'high'
+}
+export function computeDiffContext(diff: DriftDiff): TrustDiffContext {
+  const scoreRegressionPenalty = Math.max(0, diff.totalDelta) * SCORE_REGRESSION_PENALTY_FACTOR
+  const newIssuePenalty = diff.newIssuesCount * NEW_ISSUE_PENALTY_FACTOR
+  const churnPenalty = diff.files.length >= CHURN_FILE_THRESHOLD ? CHURN_PENALTY : 0
+  const penalty = clamp(scoreRegressionPenalty + newIssuePenalty + churnPenalty, 0, PENALTY_CAP)
+  const scoreImprovementBonus = Math.max(0, -diff.totalDelta) * SCORE_REGRESSION_PENALTY_FACTOR
+  const resolvedIssueBonus = diff.resolvedIssuesCount * RESOLVED_ISSUE_BONUS_FACTOR
+  const bonus = clamp(scoreImprovementBonus + resolvedIssueBonus, 0, BONUS_CAP)
+  const netImpact = penalty - bonus
+  const status = netImpact > 0 ? 'regressed' : netImpact < 0 ? 'improved' : 'neutral'
+  return {
+    baseRef: diff.baseRef,
+    status,
+    scoreDelta: diff.totalDelta,
+    newIssues: diff.newIssuesCount,
+    resolvedIssues: diff.resolvedIssuesCount,
+    filesChanged: diff.files.length,
+    penalty,
+    bonus,
+    netImpact,
+  }
+}
+function confidenceFromPrioritySignals(
+  occurrences: number,
+  severity: 'error' | 'warning' | 'info',
+  systemic: boolean,
+): 'low' | 'medium' | 'high' {
+  const severityScore = severity === 'error' ? SEVERITY_ERROR_SCORE : severity === 'warning' ? SEVERITY_WARNING_SCORE : SEVERITY_INFO_SCORE
+  const systemicScore = systemic ? SYSTEMIC_CONFIDENCE_BOOST : 0
+  const score = occurrences * PRIORITY_OCCURRENCE_FACTOR + severityScore + systemicScore
+  if (score >= CONFIDENCE_HIGH_MIN) return 'high'
+  if (score >= CONFIDENCE_MEDIUM_MIN) return 'medium'
+  return 'low'
+}
+export function computeFixPriorities(report: DriftReport, advancedMode = false): TrustFixPriority[] {
+  const ordered = Object.entries(report.summary.byRule)
+    .map(([rule, occurrences]) => {
+      const weightConfig = RULE_WEIGHTS[rule] ?? DEFAULT_WEIGHT_CONFIG
+      const severityBoost = weightConfig.severity === 'error' ? SEVERITY_BOOST_ERROR : weightConfig.severity === 'warning' ? SEVERITY_BOOST_WARNING : SEVERITY_BOOST_INFO
+      const systemic = SYSTEMIC_RULES.has(rule)
+      const systemicBoost = advancedMode && systemic ? SYSTEMIC_PRIORITY_BOOST : 0
+      const priorityScore = occurrences * weightConfig.weight + severityBoost + systemicBoost
+      const confidence = confidenceFromPrioritySignals(occurrences, weightConfig.severity, systemic)
+      const explanation = advancedMode
+        ? systemic
+          ? 'System-level rule that propagates risk across multiple teams and modules.'
+          : 'Local rule with contained impact; treat as team-level cleanup after systemic fixes.'
+        : undefined
+      return {
+        rule,
+        severity: weightConfig.severity,
+        occurrences,
+        systemic,
+        priorityScore,
+        estimatedTrustGain: Math.min(TRUST_GAIN_MAX, Math.max(TRUST_GAIN_MIN, Math.round(priorityScore / TRUST_GAIN_DIVISOR))),
+        effort: effortFromWeight(weightConfig.weight),
+        suggestion: RULE_SUGGESTIONS[rule] ?? 'Address this rule in the highest-scored files first.',
+        confidence,
+        explanation,
+      }
+    })
+    .sort((a, b) => b.priorityScore - a.priorityScore)
+    .slice(0, FIX_PRIORITIES_LIMIT)
+  return ordered.map((item, index) => ({
+    rank: index + 1,
+    rule: item.rule,
+    severity: item.severity,
+    occurrences: item.occurrences,
+    estimated_trust_gain: item.estimatedTrustGain,
+    effort: item.effort,
+    suggestion: item.suggestion,
+    ...(advancedMode ? { confidence: item.confidence, explanation: item.explanation, systemic: item.systemic } : {}),
+  }))
+}
+export function buildDiffRegressionReason(diffContext: TrustDiffContext): TrustReason {
+  return {
+    label: 'Diff regression signals',
+    detail: `Against ${diffContext.baseRef}: score delta ${diffContext.scoreDelta >= 0 ? '+' : ''}${diffContext.scoreDelta}, +${diffContext.newIssues} new issue(s), -${diffContext.resolvedIssues} resolved.`,
+    impact: diffContext.netImpact,
+  }
+}