@getcodesentinel/codesentinel 1.16.0 → 1.17.0

package/README.md

@@ -76,7 +76,7 @@ CI example:
     BASE_REF="${GITHUB_BASE_REF:-main}"
     git fetch origin "+refs/heads/${BASE_REF}:refs/remotes/origin/${BASE_REF}"
 - name: Run CodeSentinel
-  run: npx codesentinel ci --baseline-ref auto --max-risk-score 55 --max-risk-delta 0.03 --min-quality-score 65 --max-quality-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
+  run: npx codesentinel ci --baseline-ref auto --max-risk-score 55 --max-risk-delta 0.03 --min-health-score 65 --max-health-delta 0.03 --no-new-cycles --no-new-high-risk-deps --max-new-hotspots 2 --fail-on error
 ```
 
 `--baseline-ref auto` requires enough git history to resolve a baseline deterministically. In GitHub Actions, use `fetch-depth: 0` and ensure the CI base branch ref is fetched.
@@ -100,7 +100,7 @@ The CLI output now includes a deterministic `risk` block composed from those dim
 - `dependencyAmplificationZones`
 - file/module/dependency score tables
 
-It also includes a deterministic `quality` block (`qualityScore`, dimension scores, and actionable top issues) computed independently from risk.
+It also includes a deterministic `health` block (`healthScore`, dimension scores, and actionable top issues) computed independently from risk.
 
 The goal is a practical, engineering-grade model that supports both strategic architecture decisions and daily code review workflows.
 
@@ -111,8 +111,7 @@ The goal is a practical, engineering-grade model that supports both strategic ar
 - `packages/git-analyzer`: Git history and evolutionary signals.
 - `packages/dependency-firewall`: external dependency and supply chain signals.
 - `packages/risk-engine`: risk aggregation and scoring model.
-- `packages/quality-signals`: local quality signal collection (lint, diagnostics, complexity, duplication, coverage).
-- `packages/quality-engine`: quality posture aggregation and scoring model.
+- `packages/health-engine`: health posture aggregation and scoring model.
 - `packages/reporter`: structured report output (console, JSON, CI).
 - `packages/governance`: CI gate evaluation and enforcement policy checks.
 - `packages/cli`: user-facing CLI entrypoint.
@@ -186,7 +185,7 @@ codesentinel analyze . --author-identity likely_merge
 codesentinel analyze . --author-identity strict_email
 
 # Personal-project profile (down-weights single-maintainer ownership penalties)
-codesentinel analyze . --risk-profile personal
+codesentinel analyze . --scoring-profile personal
 
 # Tune recency window (days) used for evolution volatility
 codesentinel analyze . --recent-window-days 60
@@ -238,9 +237,9 @@ Notes:
 - `--output summary` (default) prints a compact result for terminal use.
 - `--output json` (or `--json`) prints the full analysis object.
 - `--recent-window-days <days>` customizes the git recency window used to compute `recentVolatility` (default: `30`).
-- `--risk-profile default|personal` selects scoring profile.
+- `--scoring-profile default|personal` selects scoring profile.
   - `default`: balanced team-oriented defaults.
-  - `personal`: lowers ownership concentration and bus-factor penalties for solo-maintainer repos.
+  - `personal`: lowers single-maintainer ownership penalties for both risk and health ownership scoring.
   - `personal` does not remove structural, churn, volatility, external, or interaction risk; scores can still be elevated when those signals are high.
 
 When running through pnpm, pass CLI arguments after `--`:
@@ -295,12 +294,12 @@ Diff mode compares snapshots and reports:
 Supported gates:
 
 - `--max-risk-delta <value>`
-- `--max-quality-delta <value>`
+- `--max-health-delta <value>`
 - `--no-new-cycles`
 - `--no-new-high-risk-deps`
 - `--max-new-hotspots <count>`
 - `--max-risk-score <score>`
-- `--min-quality-score <score>`
+- `--min-health-score <score>`
 - `--new-hotspot-score-threshold <score>`
 - `--fail-on error|warn`
 
@@ -372,7 +371,7 @@ Filters:
 - `evolution`: git-derived change behavior per file and coupling pairs.
 - `external`: dependency exposure for direct packages plus propagated transitive signals.
 - `risk`: deterministic composition of `structural + evolution + external`.
-- `quality`: deterministic code health posture from local structural/evolution/test signals.
+- `health`: deterministic code health posture from local structural/evolution/test signals.
 
 Minimal shape:
 
@@ -388,16 +387,14 @@ Minimal shape:
     "fragileClusters": [],
     "dependencyAmplificationZones": []
   },
-  "quality": {
-    "qualityScore": 0,
+  "health": {
+    "healthScore": 0,
     "normalizedScore": 0,
     "dimensions": {
       "modularity": 0,
       "changeHygiene": 0,
-      "staticAnalysis": 0,
-      "complexity": 0,
-      "duplication": 0,
-      "testHealth": 0
+      "testHealth": 0,
+      "ownershipDistribution": 0
     },
     "topIssues": [],
     "trace": {
@@ -418,26 +415,21 @@ How to read `risk` first:
 Score direction:
 
 - `risk.riskScore`: higher means higher risk (worse).
-- `quality.qualityScore`: higher means better quality posture.
-- `quality.trace`: per-dimension factor traces with normalized metrics and evidence.
+- `health.healthScore`: higher means better health posture.
+- `health.trace`: per-dimension factor traces with normalized metrics and evidence.
 
-Quality v2 dimensions and weights:
+Health v2 dimensions and weights:
 
-- `modularity` (`0.20`): cycles + fan-in/fan-out concentration.
-- `changeHygiene` (`0.20`): churn/volatility/coupling concentration + TODO/FIXME comment load.
-- `staticAnalysis` (`0.20`): ESLint issue rates + TypeScript diagnostics.
-- `complexity` (`0.15`): cyclomatic complexity pressure.
-- `duplication` (`0.10`): duplicated block/line ratio.
-- `testHealth` (`0.15`): test file presence + optional coverage summary input.
+- `modularity` (`0.35`): cycle density + fan/centrality concentration + structural-hotspot overlap.
+- `changeHygiene` (`0.30`): churn/volatility concentration + dense co-change clusters.
+- `testHealth` (`0.20`): test presence + test-to-source ratio + testing directory presence.
+- `ownershipDistribution` (`0.15`): top-author share + author entropy + single-author dominance signals.
 
 Signal ingestion (deterministic, local):
 
-- ESLint issues are collected via ESLint API when configuration is available.
-- TypeScript diagnostics are collected from local `tsconfig.json` program diagnostics.
-- Complexity and duplication are derived from local source files.
-- Coverage input is optional:
-  - default path: `<target>/coverage/coverage-summary.json`
-  - override path: `CODESENTINEL_QUALITY_COVERAGE_SUMMARY`
+- Structural and evolution metrics come from local graph + git analysis.
+- Test posture uses file/path heuristics only (no mandatory coverage integration).
+- Ownership posture is derived from local git author distribution metrics.
 
 Interpretation notes: