@grafema/cli 0.2.4-beta → 0.2.6-beta

package/skills/grafema-codebase-analysis/references/query-patterns.md

@@ -0,0 +1,205 @@
+# Grafema Datalog Query Patterns
+
+All queries use `query_graph` tool. Every query must define a `violation/1` predicate —
+matching nodes are returned as results.
+
+## Syntax Quick Reference
+
+```
+violation(X) :- <body>.         # Rule: X is a result if body is true
+node(X, "TYPE")                 # Match node by type
+edge(X, Y, "TYPE")             # Match edge: X -> Y of given type
+attr(X, "name", "value")       # Match node attribute
+\+ <condition>                  # Negation: condition is NOT true
+```
+
+## Basic Patterns
+
+### Find nodes by type
+
+```datalog
+violation(X) :- node(X, "FUNCTION").
+```
+
+### Find nodes by type and name
+
+```datalog
+violation(X) :- node(X, "FUNCTION"), attr(X, "name", "processPayment").
+```
+
+### Find nodes by type and file
+
+```datalog
+violation(X) :- node(X, "FUNCTION"), attr(X, "file", "src/api.ts").
+```
+
+### Find nodes matching multiple criteria
+
+```datalog
+violation(X) :- node(X, "CALL"), attr(X, "name", "eval"), attr(X, "file", "src/handler.ts").
+```
+
+## Edge Traversal
+
+### One-hop: Find all calls from a function
+
+```datalog
+violation(Call) :-
+  node(F, "FUNCTION"), attr(F, "name", "main"),
+  edge(F, S, "HAS_SCOPE"), edge(S, Call, "CONTAINS"),
+  node(Call, "CALL").
+```
+
+### One-hop: Find all callers of a function
+
+```datalog
+violation(Caller) :-
+  node(Target, "FUNCTION"), attr(Target, "name", "validate"),
+  edge(Call, Target, "CALLS"),
+  edge(Scope, Call, "CONTAINS"),
+  edge(Caller, Scope, "HAS_SCOPE"),
+  node(Caller, "FUNCTION").
+```
+
+### Find module dependencies
+
+```datalog
+violation(Dep) :-
+  node(M, "MODULE"), attr(M, "name", "api"),
+  edge(M, Dep, "DEPENDS_ON"), node(Dep, "MODULE").
+```
+
+### Find what a variable is assigned from
+
+```datalog
+violation(Source) :-
+  node(V, "VARIABLE"), attr(V, "name", "config"),
+  edge(V, Source, "ASSIGNED_FROM").
+```
+
+## Negation Patterns
+
+### Functions with no callers (potential dead code)
+
+```datalog
+violation(X) :-
+  node(X, "FUNCTION"),
+  \+ edge(_, X, "CALLS").
+```
+
+### Modules with no dependents (unused modules)
+
+```datalog
+violation(X) :-
+  node(X, "MODULE"),
+  \+ edge(_, X, "DEPENDS_ON").
+```
+
+### Unresolved calls (external/dynamic targets)
+
+```datalog
+violation(X) :-
+  node(X, "CALL"),
+  attr(X, "resolved", "false").
+```
+
+## Invariant Patterns
+
+### No eval() usage
+
+```datalog
+violation(X) :- node(X, "CALL"), attr(X, "name", "eval").
+```
+
+### No direct database queries outside service layer
+
+```datalog
+violation(X) :-
+  node(X, "db:query"),
+  attr(X, "file", File),
+  \+ attr(X, "file", "src/services/").
+```
+
+Note: File matching is exact. For pattern matching, use the `find_nodes` tool instead.
+
+### All HTTP endpoints must have handlers
+
+```datalog
+violation(X) :-
+  node(X, "http:request"),
+  \+ edge(_, X, "CALLS").
+```
+
+## Join Patterns
+
+### Find functions that call both X and Y
+
+```datalog
+violation(F) :-
+  node(F, "FUNCTION"),
+  edge(F, S, "HAS_SCOPE"),
+  edge(S, C1, "CONTAINS"), node(C1, "CALL"), attr(C1, "name", "readFile"),
+  edge(S, C2, "CONTAINS"), node(C2, "CALL"), attr(C2, "name", "writeFile").
+```
+
+### Find classes that extend a specific base class
+
+```datalog
+violation(Child) :-
+  node(Base, "CLASS"), attr(Base, "name", "BaseService"),
+  edge(Child, Base, "EXTENDS"),
+  node(Child, "CLASS").
+```
+
+## Performance Tips
+
+1. **Put most selective filters first.** `attr(X, "name", "specific")` before `node(X, "FUNCTION")`.
+
+2. **Avoid unconstrained joins.** Every variable should be bounded by at least one specific condition.
+
+3. **Use high-level tools when possible.** `find_calls` is faster than writing a Datalog query for the same pattern — it uses optimized indexes.
+
+4. **Use `explain: true` to debug.** If a query returns nothing, add `explain: true` to see step-by-step execution.
+
+5. **Use `limit` and `offset` for large result sets.** Default limit applies, but you can paginate through results.
+
+## Common Mistakes
+
+### Wrong: Unbound variable
+
+```datalog
+# BAD: Y is never constrained
+violation(X) :- node(X, "FUNCTION"), edge(X, Y, "CALLS").
+```
+
+```datalog
+# GOOD: Constrain Y
+violation(X) :- node(X, "FUNCTION"), edge(X, Y, "CALLS"), node(Y, "FUNCTION").
+```
+
+### Wrong: Using wrong edge direction
+
+```datalog
+# BAD: CALLS edge goes Caller -> Callee, not reverse
+violation(X) :- node(X, "FUNCTION"), edge(X, Target, "CALLS").
+```
+
+The CALLS edge typically goes from CALL/CALL_SITE node to target FUNCTION,
+not directly from FUNCTION to FUNCTION. Check [node-edge-types.md](node-edge-types.md)
+for correct edge directions.
+
+### Wrong: Missing scope traversal
+
+Functions don't directly CONTAIN calls — they have scopes that contain calls:
+
+```datalog
+# BAD: No direct CONTAINS edge from FUNCTION to CALL
+violation(C) :- node(F, "FUNCTION"), edge(F, C, "CONTAINS"), node(C, "CALL").
+```
+
+```datalog
+# GOOD: Go through HAS_SCOPE
+violation(C) :-
+  node(F, "FUNCTION"), edge(F, S, "HAS_SCOPE"),
+  edge(S, C, "CONTAINS"), node(C, "CALL").
+```

package/src/cli.ts

@@ -16,7 +16,8 @@ import { lsCommand } from './commands/ls.js';
 import { getCommand } from './commands/get.js';
 import { traceCommand } from './commands/trace.js';
 import { impactCommand } from './commands/impact.js';
-import { exploreCommand } from './commands/explore.js';
+import { contextCommand } from './commands/context.js';
+
 import { statsCommand } from './commands/stats.js';
 import { checkCommand } from './commands/check.js';
 import { serverCommand } from './commands/server.js';
@@ -24,6 +25,8 @@ import { coverageCommand } from './commands/coverage.js';
 import { doctorCommand } from './commands/doctor.js';
 import { schemaCommand } from './commands/schema.js';
 import { explainCommand } from './commands/explain.js';
+import { fileCommand } from './commands/file.js';
+import { setupSkillCommand } from './commands/setup-skill.js';
 
 // Read version from package.json
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -41,12 +44,13 @@ program.addCommand(initCommand);
 program.addCommand(analyzeCommand);
 program.addCommand(overviewCommand);
 program.addCommand(queryCommand);
+program.addCommand(contextCommand);
 program.addCommand(typesCommand);
 program.addCommand(lsCommand);
 program.addCommand(getCommand);
 program.addCommand(traceCommand);
 program.addCommand(impactCommand);
-program.addCommand(exploreCommand);
+
 program.addCommand(statsCommand);  // Keep for backwards compat
 program.addCommand(coverageCommand);
 program.addCommand(checkCommand);
@@ -54,5 +58,7 @@ program.addCommand(serverCommand);
 program.addCommand(doctorCommand);
 program.addCommand(schemaCommand);
 program.addCommand(explainCommand);
+program.addCommand(fileCommand);
+program.addCommand(setupSkillCommand);
 
 program.parse();

package/src/commands/analyze.ts

@@ -1,182 +1,12 @@
 /**
- * Analyze command - Run project analysis via Orchestrator
+ * Analyze command — Run project analysis via Orchestrator.
+ *
+ * Command definition only. Execution logic is in analyzeAction.ts.
  */
 
 import { Command } from 'commander';
-import { resolve, join } from 'path';
-import { existsSync, mkdirSync, readdirSync } from 'fs';
-import { pathToFileURL } from 'url';
-import {
-  Orchestrator,
-  RFDBServerBackend,
-  Plugin,
-  DiagnosticReporter,
-  DiagnosticWriter,
-  createLogger,
-  loadConfig,
-  type GrafemaConfig,
-  // Discovery
-  SimpleProjectDiscovery,
-  MonorepoServiceDiscovery,
-  WorkspaceDiscovery,
-  // Indexing
-  JSModuleIndexer,
-  RustModuleIndexer,
-  // Analysis
-  JSASTAnalyzer,
-  ExpressRouteAnalyzer,
-  ExpressResponseAnalyzer,
-  SocketIOAnalyzer,
-  DatabaseAnalyzer,
-  FetchAnalyzer,
-  ServiceLayerAnalyzer,
-  ReactAnalyzer,
-  RustAnalyzer,
-  // Enrichment
-  MethodCallResolver,
-  ArgumentParameterLinker,
-  AliasTracker,
-  ValueDomainAnalyzer,
-  MountPointResolver,
-  PrefixEvaluator,
-  InstanceOfResolver,
-  ImportExportLinker,
-  FunctionCallResolver,
-  HTTPConnectionEnricher,
-  RustFFIEnricher,
-  // Validation
-  CallResolverValidator,
-  EvalBanValidator,
-  SQLInjectionValidator,
-  ShadowingDetector,
-  GraphConnectivityValidator,
-  DataFlowValidator,
-  TypeScriptDeadCodeValidator,
-  BrokenImportValidator,
-} from '@grafema/core';
-import type { LogLevel } from '@grafema/types';
+import { analyzeAction } from './analyzeAction.js';
 
-const BUILTIN_PLUGINS: Record<string, () => Plugin> = {
-  // Discovery
-  SimpleProjectDiscovery: () => new SimpleProjectDiscovery() as Plugin,
-  MonorepoServiceDiscovery: () => new MonorepoServiceDiscovery() as Plugin,
-  WorkspaceDiscovery: () => new WorkspaceDiscovery() as Plugin,
-  // Indexing
-  JSModuleIndexer: () => new JSModuleIndexer() as Plugin,
-  RustModuleIndexer: () => new RustModuleIndexer() as Plugin,
-  // Analysis
-  JSASTAnalyzer: () => new JSASTAnalyzer() as Plugin,
-  ExpressRouteAnalyzer: () => new ExpressRouteAnalyzer() as Plugin,
-  ExpressResponseAnalyzer: () => new ExpressResponseAnalyzer() as Plugin,
-  SocketIOAnalyzer: () => new SocketIOAnalyzer() as Plugin,
-  DatabaseAnalyzer: () => new DatabaseAnalyzer() as Plugin,
-  FetchAnalyzer: () => new FetchAnalyzer() as Plugin,
-  ServiceLayerAnalyzer: () => new ServiceLayerAnalyzer() as Plugin,
-  ReactAnalyzer: () => new ReactAnalyzer() as Plugin,
-  RustAnalyzer: () => new RustAnalyzer() as Plugin,
-  // Enrichment
-  MethodCallResolver: () => new MethodCallResolver() as Plugin,
-  ArgumentParameterLinker: () => new ArgumentParameterLinker() as Plugin,
-  AliasTracker: () => new AliasTracker() as Plugin,
-  ValueDomainAnalyzer: () => new ValueDomainAnalyzer() as Plugin,
-  MountPointResolver: () => new MountPointResolver() as Plugin,
-  PrefixEvaluator: () => new PrefixEvaluator() as Plugin,
-  InstanceOfResolver: () => new InstanceOfResolver() as Plugin,
-  ImportExportLinker: () => new ImportExportLinker() as Plugin,
-  FunctionCallResolver: () => new FunctionCallResolver() as Plugin,
-  HTTPConnectionEnricher: () => new HTTPConnectionEnricher() as Plugin,
-  RustFFIEnricher: () => new RustFFIEnricher() as Plugin,
-  // Validation
-  CallResolverValidator: () => new CallResolverValidator() as Plugin,
-  EvalBanValidator: () => new EvalBanValidator() as Plugin,
-  SQLInjectionValidator: () => new SQLInjectionValidator() as Plugin,
-  ShadowingDetector: () => new ShadowingDetector() as Plugin,
-  GraphConnectivityValidator: () => new GraphConnectivityValidator() as Plugin,
-  DataFlowValidator: () => new DataFlowValidator() as Plugin,
-  TypeScriptDeadCodeValidator: () => new TypeScriptDeadCodeValidator() as Plugin,
-  BrokenImportValidator: () => new BrokenImportValidator() as Plugin,
-};
-
-/**
- * Load custom plugins from .grafema/plugins/ directory
- */
-async function loadCustomPlugins(
-  projectPath: string,
-  log: (msg: string) => void
-): Promise<Record<string, () => Plugin>> {
-  const pluginsDir = join(projectPath, '.grafema', 'plugins');
-  if (!existsSync(pluginsDir)) {
-    return {};
-  }
-
-  const customPlugins: Record<string, () => Plugin> = {};
-
-  try {
-    const files = readdirSync(pluginsDir).filter(
-      (f) => f.endsWith('.js') || f.endsWith('.mjs')
-    );
-
-    for (const file of files) {
-      try {
-        const pluginPath = join(pluginsDir, file);
-        const pluginUrl = pathToFileURL(pluginPath).href;
-        const module = await import(pluginUrl);
-
-        const PluginClass = module.default || module[file.replace(/\.(m?js)$/, '')];
-        if (PluginClass && typeof PluginClass === 'function') {
-          const pluginName = PluginClass.name || file.replace(/\.(m?js)$/, '');
-          customPlugins[pluginName] = () => new PluginClass() as Plugin;
-          log(`Loaded custom plugin: ${pluginName}`);
-        }
-      } catch (err) {
-        console.warn(`Failed to load plugin ${file}: ${(err as Error).message}`);
-      }
-    }
-  } catch (err) {
-    console.warn(`Error loading custom plugins: ${(err as Error).message}`);
-  }
-
-  return customPlugins;
-}
-
-function createPlugins(
-  config: GrafemaConfig['plugins'],
-  customPlugins: Record<string, () => Plugin> = {}
-): Plugin[] {
-  const plugins: Plugin[] = [];
-  const phases: (keyof GrafemaConfig['plugins'])[] = ['discovery', 'indexing', 'analysis', 'enrichment', 'validation'];
-
-  for (const phase of phases) {
-    const names = config[phase] || [];
-    for (const name of names) {
-      // Check built-in first, then custom
-      const factory = BUILTIN_PLUGINS[name] || customPlugins[name];
-      if (factory) {
-        plugins.push(factory());
-      } else {
-        console.warn(`Unknown plugin: ${name}`);
-      }
-    }
-  }
-
-  return plugins;
-}
-
-/**
- * Determine log level from CLI options.
- * Priority: --log-level > --quiet > --verbose > default ('info')
- */
-function getLogLevel(options: { quiet?: boolean; verbose?: boolean; logLevel?: string }): LogLevel {
-  if (options.logLevel) {
-    const validLevels: LogLevel[] = ['silent', 'errors', 'warnings', 'info', 'debug'];
-    if (validLevels.includes(options.logLevel as LogLevel)) {
-      return options.logLevel as LogLevel;
-    }
-  }
-  if (options.quiet) return 'silent';
-  if (options.verbose) return 'debug';
-  return 'info';
-}
 
 export const analyzeCommand = new Command('analyze')
   .description('Run project analysis')
@@ -188,6 +18,7 @@ export const analyzeCommand = new Command('analyze')
   .option('-v, --verbose', 'Show verbose logging')
   .option('--debug', 'Enable debug mode (writes diagnostics.log)')
   .option('--log-level <level>', 'Set log level (silent, errors, warnings, info, debug)')
+  .option('--log-file <path>', 'Write all log output to a file')
   .option('--strict', 'Enable strict mode (fail on unresolved references)')
   .option('--auto-start', 'Auto-start RFDB server if not running')
   .addHelpText('after', `
@@ -198,176 +29,10 @@ Examples:
   grafema analyze -s api         Analyze only "api" service (monorepo)
   grafema analyze -v             Verbose output with progress details
   grafema analyze --debug        Write diagnostics.log for debugging
+  grafema analyze --log-file out.log  Write all logs to a file
   grafema analyze --strict       Fail on unresolved references (debugging)
   grafema analyze --auto-start   Auto-start server (useful for CI)
 
 Note: Start the server first with: grafema server start
 `)
-  .action(async (path: string, options: { service?: string; entrypoint?: string; clear?: boolean; quiet?: boolean; verbose?: boolean; debug?: boolean; logLevel?: string; strict?: boolean; autoStart?: boolean }) => {
-    const projectPath = resolve(path);
-    const grafemaDir = join(projectPath, '.grafema');
-    const dbPath = join(grafemaDir, 'graph.rfdb');
-
-    if (!existsSync(grafemaDir)) {
-      mkdirSync(grafemaDir, { recursive: true });
-    }
-
-    const log = options.quiet ? () => {} : console.log;
-
-    // Create logger based on CLI flags
-    const logLevel = getLogLevel(options);
-    const logger = createLogger(logLevel);
-
-    log(`Analyzing project: ${projectPath}`);
-
-    // Connect to RFDB server
-    // Default: require explicit `grafema server start`
-    // Use --auto-start for CI or backwards compatibility
-    const backend = new RFDBServerBackend({
-      dbPath,
-      autoStart: options.autoStart ?? false
-    });
-
-    try {
-      await backend.connect();
-    } catch (err) {
-      if (!options.autoStart && err instanceof Error && err.message.includes('not running')) {
-        console.error('');
-        console.error('RFDB server is not running.');
-        console.error('');
-        console.error('Start the server first:');
-        console.error('  grafema server start');
-        console.error('');
-        console.error('Or use --auto-start flag:');
-        console.error('  grafema analyze --auto-start');
-        console.error('');
-        process.exit(1);
-      }
-      throw err;
-    }
-
-    if (options.clear) {
-      log('Clearing existing database...');
-      await backend.clear();
-    }
-
-    const config = loadConfig(projectPath, logger);
-
-    // Extract services from config (REG-174)
-    if (config.services.length > 0) {
-      log(`Loaded ${config.services.length} service(s) from config`);
-      for (const svc of config.services) {
-        const entry = svc.entryPoint ? ` (entry: ${svc.entryPoint})` : '';
-        log(`  - ${svc.name}: ${svc.path}${entry}`);
-      }
-    }
-
-    // Load custom plugins from .grafema/plugins/
-    const customPlugins = await loadCustomPlugins(projectPath, log);
-    const plugins = createPlugins(config.plugins, customPlugins);
-
-    log(`Loaded ${plugins.length} plugins`);
-
-    // Resolve strict mode: CLI flag overrides config
-    const strictMode = options.strict ?? config.strict ?? false;
-    if (strictMode) {
-      log('Strict mode enabled - analysis will fail on unresolved references');
-    }
-
-    const startTime = Date.now();
-
-    const orchestrator = new Orchestrator({
-      graph: backend as unknown as import('@grafema/types').GraphBackend,
-      plugins,
-      serviceFilter: options.service || null,
-      entrypoint: options.entrypoint,
-      forceAnalysis: options.clear || false,
-      logger,
-      services: config.services.length > 0 ? config.services : undefined,  // Pass config services (REG-174)
-      strictMode, // REG-330: Pass strict mode flag
-      onProgress: (progress) => {
-        if (options.verbose) {
-          log(`[${progress.phase}] ${progress.message}`);
-        }
-      },
-    });
-
-    let exitCode = 0;
-
-    try {
-      await orchestrator.run(projectPath);
-      await backend.flush();
-
-      const elapsed = ((Date.now() - startTime) / 1000).toFixed(2);
-      const stats = await backend.getStats();
-
-      log('');
-      log(`Analysis complete in ${elapsed}s`);
-      log(`  Nodes: ${stats.nodeCount}`);
-      log(`  Edges: ${stats.edgeCount}`);
-
-      // Get diagnostics and report summary
-      const diagnostics = orchestrator.getDiagnostics();
-      const reporter = new DiagnosticReporter(diagnostics);
-
-      // Print summary if there are any issues
-      if (diagnostics.count() > 0) {
-        log('');
-        log(reporter.categorizedSummary());
-
-        // In verbose mode, print full report
-        if (options.verbose) {
-          log('');
-          log(reporter.report({ format: 'text', includeSummary: false }));
-        }
-      }
-
-      // Always write diagnostics.log (required for `grafema check` command)
-      const writer = new DiagnosticWriter();
-      await writer.write(diagnostics, grafemaDir);
-      if (options.debug) {
-        log(`Diagnostics written to ${writer.getLogPath(grafemaDir)}`);
-      }
-
-      // Determine exit code based on severity
-      if (diagnostics.hasFatal()) {
-        exitCode = 1;
-      } else if (diagnostics.hasErrors()) {
-        exitCode = 2; // Completed with errors
-      } else {
-        exitCode = 0; // Success (maybe warnings)
-      }
-    } catch (e) {
-      // Orchestrator threw (fatal error stopped analysis)
-      const error = e instanceof Error ? e : new Error(String(e));
-      const diagnostics = orchestrator.getDiagnostics();
-      const reporter = new DiagnosticReporter(diagnostics);
-
-      console.error('');
-      console.error(`✗ Analysis failed: ${error.message}`);
-      console.error('');
-      console.error('→ Run with --debug for detailed diagnostics');
-
-      if (diagnostics.count() > 0) {
-        console.error('');
-        console.error(reporter.report({ format: 'text', includeSummary: true }));
-      }
-
-      // Write diagnostics.log in debug mode even on failure
-      if (options.debug) {
-        const writer = new DiagnosticWriter();
-        await writer.write(diagnostics, grafemaDir);
-        console.error(`Diagnostics written to ${writer.getLogPath(grafemaDir)}`);
-      }
-
-      exitCode = 1;
-    }
-
-    await backend.close();
-
-    // Exit with appropriate code
-    // 0 = success, 1 = fatal, 2 = errors
-    if (exitCode !== 0) {
-      process.exit(exitCode);
-    }
-  });
+  .action(analyzeAction);