npm - @getcodesentinel/codesentinel - Versions diffs - 1.15.0 → 1.17.0 - Mend

@getcodesentinel/codesentinel 1.15.0 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -76,7 +76,7 @@ CI example:
     BASE_REF="${GITHUB_BASE_REF:-main}"
     git fetch origin "+refs/heads/${BASE_REF}:refs/remotes/origin/${BASE_REF}"
 - name: Run CodeSentinel
-  run: npx codesentinel ci --baseline-ref auto --max-repo-score 55 --max-repo-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
+  run: npx codesentinel ci --baseline-ref auto --max-risk-score 55 --max-risk-delta 0.03 --min-health-score 65 --max-health-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
 ```
 `--baseline-ref auto` requires enough git history to resolve a baseline deterministically. In GitHub Actions, use `fetch-depth: 0` and ensure the CI base branch ref is fetched.
@@ -100,7 +100,7 @@ The CLI output now includes a deterministic `risk` block composed from those dim
 - `dependencyAmplificationZones`
 - file/module/dependency score tables
-It also includes a deterministic `quality` block (`qualityScore`, dimension scores, and actionable top issues) computed independently from risk.
+It also includes a deterministic `health` block (`healthScore`, dimension scores, and actionable top issues) computed independently from risk.
 The goal is a practical, engineering-grade model that supports both strategic architecture decisions and daily code review workflows.
@@ -111,7 +111,7 @@ The goal is a practical, engineering-grade model that supports both strategic ar
 - `packages/git-analyzer`: Git history and evolutionary signals.
 - `packages/dependency-firewall`: external dependency and supply chain signals.
 - `packages/risk-engine`: risk aggregation and scoring model.
-- `packages/quality-engine`: quality posture aggregation and scoring model.
+- `packages/health-engine`: health posture aggregation and scoring model.
 - `packages/reporter`: structured report output (console, JSON, CI).
 - `packages/governance`: CI gate evaluation and enforcement policy checks.
 - `packages/cli`: user-facing CLI entrypoint.
@@ -167,9 +167,9 @@ codesentinel report
 codesentinel report --format md --output report.md
 codesentinel report --snapshot snapshot.json
 codesentinel report --compare baseline.json --format text
-codesentinel check --compare baseline.json --max-repo-delta 0.03 --no-new-cycles
+codesentinel check --compare baseline.json --max-risk-delta 0.03 --no-new-cycles
 codesentinel ci --baseline baseline.json --snapshot current.json --report report.md --fail-on error
-codesentinel ci --baseline-ref origin/main --max-repo-delta 0.03 --no-new-cycles
+codesentinel ci --baseline-ref origin/main --max-risk-delta 0.03 --no-new-cycles
 codesentinel ci --baseline-ref auto --fail-on error
 codesentinel dependency-risk react
 codesentinel dependency-risk react@19.0.0
@@ -185,7 +185,7 @@ codesentinel analyze . --author-identity likely_merge
 codesentinel analyze . --author-identity strict_email
 # Personal-project profile (down-weights single-maintainer ownership penalties)
-codesentinel analyze . --risk-profile personal
+codesentinel analyze . --scoring-profile personal
 # Tune recency window (days) used for evolution volatility
 codesentinel analyze . --recent-window-days 60
@@ -237,9 +237,9 @@ Notes:
 - `--output summary` (default) prints a compact result for terminal use.
 - `--output json` (or `--json`) prints the full analysis object.
 - `--recent-window-days <days>` customizes the git recency window used to compute `recentVolatility` (default: `30`).
-- `--risk-profile default|personal` selects scoring profile.
+- `--scoring-profile default|personal` selects scoring profile.
   - `default`: balanced team-oriented defaults.
-  - `personal`: lowers ownership concentration and bus-factor penalties for solo-maintainer repos.
+  - `personal`: lowers single-maintainer ownership penalties for both risk and health ownership scoring.
   - `personal` does not remove structural, churn, volatility, external, or interaction risk; scores can still be elevated when those signals are high.
 When running through pnpm, pass CLI arguments after `--`:
@@ -256,7 +256,7 @@ pnpm dev -- explain . --file src/app/page.tsx
 pnpm dev -- report
 pnpm dev -- report . --format md --output report.md
 pnpm dev -- report . --compare baseline.json --format text
-pnpm dev -- check . --compare baseline.json --max-repo-delta 0.03 --no-new-cycles
+pnpm dev -- check . --compare baseline.json --max-risk-delta 0.03 --no-new-cycles
 pnpm dev -- ci . --baseline baseline.json --snapshot current.json --report report.md --fail-on warn
 ```
@@ -282,7 +282,7 @@ Diff mode compares snapshots and reports:
 `codesentinel run` is a convenience command that emits `analyze + explain + report` in one execution.
-- formats: `text`, `md`, `json` (`text` default)
+- formats: `text`, `md`, `json` (`md` default)
 - detail levels: `--detail compact|standard|full` (`compact` default, `full` = full verbose sections)
 - explain target selectors: `--file <path>`, `--module <name>`, `--top <n>`
 - report diff/snapshot flags: `--compare <baseline.json>`, `--snapshot <path>`, `--no-trace`
@@ -293,11 +293,13 @@ Diff mode compares snapshots and reports:
 Supported gates:
-- `--max-repo-delta <value>`
+- `--max-risk-delta <value>`
+- `--max-health-delta <value>`
 - `--no-new-cycles`
 - `--no-new-high-risk-deps`
 - `--max-new-hotspots <count>`
-- `--max-repo-score <score>`
+- `--max-risk-score <score>`
+- `--min-health-score <score>`
 - `--new-hotspot-score-threshold <score>`
 - `--fail-on error|warn`
@@ -369,7 +371,7 @@ Filters:
 - `evolution`: git-derived change behavior per file and coupling pairs.
 - `external`: dependency exposure for direct packages plus propagated transitive signals.
 - `risk`: deterministic composition of `structural + evolution + external`.
-- `quality`: deterministic code health posture from local structural/evolution/test signals.
+- `health`: deterministic code health posture from local structural/evolution/test signals.
 Minimal shape:
@@ -385,15 +387,20 @@ Minimal shape:
     "fragileClusters": [],
     "dependencyAmplificationZones": []
   },
-  "quality": {
-    "qualityScore": 0,
+  "health": {
+    "healthScore": 0,
     "normalizedScore": 0,
     "dimensions": {
       "modularity": 0,
       "changeHygiene": 0,
-      "testHealth": 0
+      "testHealth": 0,
+      "ownershipDistribution": 0
     },
-    "topIssues": []
+    "topIssues": [],
+    "trace": {
+      "schemaVersion": "1",
+      "dimensions": []
+    }
   }
 }
 ```
@@ -408,7 +415,21 @@ How to read `risk` first:
 Score direction:
 - `risk.riskScore`: higher means higher risk (worse).
-- `quality.qualityScore`: higher means better quality posture.
+- `health.healthScore`: higher means better health posture.
+- `health.trace`: per-dimension factor traces with normalized metrics and evidence.
+Health v2 dimensions and weights:
+- `modularity` (`0.35`): cycle density + fan/centrality concentration + structural-hotspot overlap.
+- `changeHygiene` (`0.30`): churn/volatility concentration + dense co-change clusters.
+- `testHealth` (`0.20`): test presence + test-to-source ratio + testing directory presence.
+- `ownershipDistribution` (`0.15`): top-author share + author entropy + single-author dominance signals.
+Signal ingestion (deterministic, local):
+- Structural and evolution metrics come from local graph + git analysis.
+- Test posture uses file/path heuristics only (no mandatory coverage integration).
+- Ownership posture is derived from local git author distribution metrics.
 Interpretation notes: