@getcodesentinel/codesentinel 1.14.0 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +56 -8
  2. package/dist/index.js +1402 -158
  3. package/dist/index.js.map +1 -1
  4. package/package.json +5 -2
package/README.md CHANGED
@@ -76,7 +76,7 @@ CI example:
76
76
  BASE_REF="${GITHUB_BASE_REF:-main}"
77
77
  git fetch origin "+refs/heads/${BASE_REF}:refs/remotes/origin/${BASE_REF}"
78
78
  - name: Run CodeSentinel
79
- run: npx codesentinel ci --baseline-ref auto --max-repo-score 55 --max-repo-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
79
+ run: npx codesentinel ci --baseline-ref auto --max-risk-score 55 --max-risk-delta 0.03 --min-quality-score 65 --max-quality-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
80
80
  ```
81
81
 
82
82
  `--baseline-ref auto` requires enough git history to resolve a baseline deterministically. In GitHub Actions, use `fetch-depth: 0` and ensure the CI base branch ref is fetched.
@@ -100,6 +100,8 @@ The CLI output now includes a deterministic `risk` block composed from those dim
100
100
  - `dependencyAmplificationZones`
101
101
  - file/module/dependency score tables
102
102
 
103
+ It also includes a deterministic `quality` block (`qualityScore`, dimension scores, and actionable top issues) computed independently from risk.
104
+
103
105
  The goal is a practical, engineering-grade model that supports both strategic architecture decisions and daily code review workflows.
104
106
 
105
107
  ## Monorepo Layout
@@ -109,6 +111,8 @@ The goal is a practical, engineering-grade model that supports both strategic ar
109
111
  - `packages/git-analyzer`: Git history and evolutionary signals.
110
112
  - `packages/dependency-firewall`: external dependency and supply chain signals.
111
113
  - `packages/risk-engine`: risk aggregation and scoring model.
114
+ - `packages/quality-signals`: local quality signal collection (lint, diagnostics, complexity, duplication, coverage).
115
+ - `packages/quality-engine`: quality posture aggregation and scoring model.
112
116
  - `packages/reporter`: structured report output (console, JSON, CI).
113
117
  - `packages/governance`: CI gate evaluation and enforcement policy checks.
114
118
  - `packages/cli`: user-facing CLI entrypoint.
@@ -164,9 +168,9 @@ codesentinel report
164
168
  codesentinel report --format md --output report.md
165
169
  codesentinel report --snapshot snapshot.json
166
170
  codesentinel report --compare baseline.json --format text
167
- codesentinel check --compare baseline.json --max-repo-delta 0.03 --no-new-cycles
171
+ codesentinel check --compare baseline.json --max-risk-delta 0.03 --no-new-cycles
168
172
  codesentinel ci --baseline baseline.json --snapshot current.json --report report.md --fail-on error
169
- codesentinel ci --baseline-ref origin/main --max-repo-delta 0.03 --no-new-cycles
173
+ codesentinel ci --baseline-ref origin/main --max-risk-delta 0.03 --no-new-cycles
170
174
  codesentinel ci --baseline-ref auto --fail-on error
171
175
  codesentinel dependency-risk react
172
176
  codesentinel dependency-risk react@19.0.0
@@ -253,7 +257,7 @@ pnpm dev -- explain . --file src/app/page.tsx
253
257
  pnpm dev -- report
254
258
  pnpm dev -- report . --format md --output report.md
255
259
  pnpm dev -- report . --compare baseline.json --format text
256
- pnpm dev -- check . --compare baseline.json --max-repo-delta 0.03 --no-new-cycles
260
+ pnpm dev -- check . --compare baseline.json --max-risk-delta 0.03 --no-new-cycles
257
261
  pnpm dev -- ci . --baseline baseline.json --snapshot current.json --report report.md --fail-on warn
258
262
  ```
259
263
 
@@ -279,7 +283,7 @@ Diff mode compares snapshots and reports:
279
283
 
280
284
  `codesentinel run` is a convenience command that emits `analyze + explain + report` in one execution.
281
285
 
282
- - formats: `text`, `md`, `json` (`text` default)
286
+ - formats: `text`, `md`, `json` (`md` default)
283
287
  - detail levels: `--detail compact|standard|full` (`compact` default, `full` = full verbose sections)
284
288
  - explain target selectors: `--file <path>`, `--module <name>`, `--top <n>`
285
289
  - report diff/snapshot flags: `--compare <baseline.json>`, `--snapshot <path>`, `--no-trace`
@@ -290,11 +294,13 @@ Diff mode compares snapshots and reports:
290
294
 
291
295
  Supported gates:
292
296
 
293
- - `--max-repo-delta <value>`
297
+ - `--max-risk-delta <value>`
298
+ - `--max-quality-delta <value>`
294
299
  - `--no-new-cycles`
295
300
  - `--no-new-high-risk-deps`
296
301
  - `--max-new-hotspots <count>`
297
- - `--max-repo-score <score>`
302
+ - `--max-risk-score <score>`
303
+ - `--min-quality-score <score>`
298
304
  - `--new-hotspot-score-threshold <score>`
299
305
  - `--fail-on error|warn`
300
306
 
@@ -360,12 +366,13 @@ Filters:
360
366
 
361
367
  ## Understanding Analyze Output
362
368
 
363
- `codesentinel analyze` returns one JSON document with four top-level blocks:
369
+ `codesentinel analyze` returns one JSON document with five top-level blocks:
364
370
 
365
371
  - `structural`: file dependency graph shape and graph metrics.
366
372
  - `evolution`: git-derived change behavior per file and coupling pairs.
367
373
  - `external`: dependency exposure for direct packages plus propagated transitive signals.
368
374
  - `risk`: deterministic composition of `structural + evolution + external`.
375
+ - `quality`: deterministic code health posture from local structural/evolution/test signals.
369
376
 
370
377
  Minimal shape:
371
378
 
@@ -380,6 +387,23 @@ Minimal shape:
380
387
  "hotspots": [],
381
388
  "fragileClusters": [],
382
389
  "dependencyAmplificationZones": []
390
+ },
391
+ "quality": {
392
+ "qualityScore": 0,
393
+ "normalizedScore": 0,
394
+ "dimensions": {
395
+ "modularity": 0,
396
+ "changeHygiene": 0,
397
+ "staticAnalysis": 0,
398
+ "complexity": 0,
399
+ "duplication": 0,
400
+ "testHealth": 0
401
+ },
402
+ "topIssues": [],
403
+ "trace": {
404
+ "schemaVersion": "1",
405
+ "dimensions": []
406
+ }
383
407
  }
384
408
  }
385
409
  ```
@@ -391,6 +415,30 @@ How to read `risk` first:
391
415
  - `fragileClusters`: groups of files with structural-cycle or co-change fragility.
392
416
  - `dependencyAmplificationZones`: files where external dependency pressure intersects with local fragility.
393
417
 
418
+ Score direction:
419
+
420
+ - `risk.riskScore`: higher means higher risk (worse).
421
+ - `quality.qualityScore`: higher means better quality posture.
422
+ - `quality.trace`: per-dimension factor traces with normalized metrics and evidence.
423
+
424
+ Quality v2 dimensions and weights:
425
+
426
+ - `modularity` (`0.20`): cycles + fan-in/fan-out concentration.
427
+ - `changeHygiene` (`0.20`): churn/volatility/coupling concentration + TODO/FIXME comment load.
428
+ - `staticAnalysis` (`0.20`): ESLint issue rates + TypeScript diagnostics.
429
+ - `complexity` (`0.15`): cyclomatic complexity pressure.
430
+ - `duplication` (`0.10`): duplicated block/line ratio.
431
+ - `testHealth` (`0.15`): test file presence + optional coverage summary input.
432
+
433
+ Signal ingestion (deterministic, local):
434
+
435
+ - ESLint issues are collected via ESLint API when configuration is available.
436
+ - TypeScript diagnostics are collected from local `tsconfig.json` program diagnostics.
437
+ - Complexity and duplication are derived from local source files.
438
+ - Coverage input is optional:
439
+ - default path: `<target>/coverage/coverage-summary.json`
440
+ - override path: `CODESENTINEL_QUALITY_COVERAGE_SUMMARY`
441
+
394
442
  Interpretation notes:
395
443
 
396
444
  - Scores are deterministic for the same inputs and config.