@nerviq/cli 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/README.md +80 -29
  2. package/bin/cli.js +229 -110
  3. package/package.json +1 -1
  4. package/src/activity.js +185 -59
  5. package/src/aider/freshness.js +28 -25
  6. package/src/analyze.js +3 -1
  7. package/src/anti-patterns.js +4 -2
  8. package/src/audit.js +100 -74
  9. package/src/benchmark.js +15 -10
  10. package/src/governance.js +13 -7
  11. package/src/index.js +2 -1
  12. package/src/integrations.js +102 -55
  13. package/src/permission-rules.js +218 -0
  14. package/src/secret-patterns.js +9 -0
  15. package/src/server.js +398 -3
  16. package/src/setup.js +2 -2
  17. package/src/techniques.js +41 -45
  18. package/src/terminology.js +73 -0
  19. package/src/token-estimate.js +35 -0
  20. package/src/workspace.js +105 -8
package/README.md CHANGED
@@ -70,7 +70,10 @@ Nerviq scores your AI coding agent setup from 0 to 100, finds what's missing, an
70
70
  npx @nerviq/cli --beginner # Show only the 5 starter commands
71
71
  npx @nerviq/cli audit # Quick scan: score + top 3 actions
72
72
  npx @nerviq/cli audit --full # Full audit with all checks + badge
73
- npx @nerviq/cli audit --workspace packages/* # Monorepo: root governance + workspace average/package scores
73
+ npx @nerviq/cli audit --snapshot --tag "pre-refactor" # Save a named snapshot for history/compare/trend
74
+ npx @nerviq/cli compare # Detailed per-check diff between latest 2 audit snapshots
75
+ npx @nerviq/cli audit --webhook https://hooks.slack.com/services/... # Push audit results to Slack/Discord/generic HTTP
76
+ npx @nerviq/cli audit --workspace packages/* # Monorepo: root governance + stack-specific workspace profiles
74
77
  npx @nerviq/cli setup # Generate starter-safe baseline
75
78
  npx @nerviq/cli augment # Improvement plan, no writes
76
79
  npx @nerviq/cli governance # Permission profiles + policy packs
@@ -79,6 +82,8 @@ npx @nerviq/cli benchmark # Baseline vs projected score in isolated cop
79
82
 
80
83
  No install required. Zero dependencies.
81
84
 
85
+ Text-mode CLI output explains terms like `MCP`, `hooks`, `deny rules`, and `governance` inline when they appear, so a first audit is easier to read.
86
+
82
87
  If you want the shortest possible command list inside the terminal, start with:
83
88
 
84
89
  ```bash
@@ -136,22 +141,36 @@ npx @nerviq/cli synergy-report # Multi-agent synergy analysis
136
141
 
137
142
  Synergy evaluates compound audit results, discovers compensation patterns (where one platform covers another's gaps), and ranks recommendations by cross-platform impact.
138
143
 
139
- ## SDK — `@nerviq/sdk` `BETA`
140
-
141
- Programmatic access to all Nerviq capabilities:
142
-
143
- ```js
144
- const { audit, harmonyAudit, synergyReport, detectPlatforms } = require('@nerviq/sdk');
145
-
146
- const result = await audit('.', 'claude');
147
- console.log(`Score: ${result.score}/100`);
148
-
149
- const platforms = detectPlatforms('.');
150
- console.log(`Active platforms: ${platforms.join(', ')}`);
151
-
152
- const harmony = await harmonyAudit('.');
153
- console.log(`Harmony score: ${harmony.harmonyScore}/100`);
154
- ```
144
+ ## SDK — `@nerviq/sdk` `BETA`
145
+
146
+ Programmatic access to all Nerviq capabilities:
147
+
148
+ ```js
149
+ const { audit, harmonyAudit, detectPlatforms } = require('@nerviq/sdk');
150
+
151
+ async function main() {
152
+ try {
153
+ const result = await audit('.', 'claude');
154
+ console.log(`Score: ${result.score}/100`);
155
+
156
+ const platforms = detectPlatforms('.');
157
+ console.log(`Active platforms: ${platforms.join(', ') || 'none detected'}`);
158
+
159
+ const harmony = await harmonyAudit('.');
160
+ console.log(`Harmony score: ${harmony.harmonyScore}/100`);
161
+ } catch (error) {
162
+ console.error(error instanceof Error ? error.message : 'Unknown SDK error');
163
+ process.exitCode = 1;
164
+ }
165
+ }
166
+
167
+ main();
168
+ ```
169
+
170
+ Stable SDK surfaces: `audit`, `harmonyAudit`, `detectPlatforms`, `getCatalog`
171
+ Experimental SDK surfaces: `synergyReport`, `routeTask`
172
+
173
+ See [sdk/README.md](sdk/README.md) for full JavaScript examples, error handling guidance, and TypeScript usage.
155
174
 
156
175
  ## MCP Server — `nerviq serve`
157
176
 
@@ -161,11 +180,30 @@ Nerviq ships with a built-in MCP-compatible HTTP server for integration with AI
161
180
  npx @nerviq/cli serve --port 3000
162
181
  ```
163
182
 
164
- Endpoints:
165
- - `GET /api/health` — Server health check
166
- - `GET /api/catalog` — Full check catalog
167
- - `POST /api/audit` — Run audit on a directory
168
- - `GET /api/harmony` — Cross-platform harmony data
183
+ Endpoints:
184
+ - `GET /api/openapi.json` — Live OpenAPI 3.1 contract for this `serve` instance
185
+ - `GET /api/health` — Server health check
186
+ - `GET /api/catalog` — Full check catalog
187
+ - `GET /api/audit` — Run audit on a directory and platform via query params
188
+ - `GET /api/harmony` — Cross-platform harmony data
189
+
190
+ All successful operational responses are wrapped in a JSON envelope:
191
+
192
+ ```json
193
+ {
194
+ "data": {},
195
+ "meta": {
196
+ "version": "1.11.0",
197
+ "timestamp": "2026-04-09T12:00:00.000Z"
198
+ }
199
+ }
200
+ ```
201
+
202
+ Pull the contract directly into Swagger UI, Postman, or internal tooling:
203
+
204
+ ```bash
205
+ curl http://127.0.0.1:3000/api/openapi.json > nerviq-openapi.json
206
+ ```
169
207
 
170
208
  ## Plugin System — `nerviq.config.js`
171
209
 
@@ -281,16 +319,29 @@ Levels:
281
319
  | `--verbose` | Full audit + medium-priority recommendations |
282
320
  | `--threshold N` | Exit 1 if score < N (for CI) |
283
321
  | `--json` | Machine-readable JSON output |
284
- | `--out FILE` | Write output to file |
285
- | `--snapshot` | Save audit snapshot for trending |
286
- | `--dry-run` | Preview changes without writing files |
287
- | `--config-only` | Only write config files, never source code |
288
- | `--auto` | Apply without prompts |
322
+ | `--out FILE` | Write output to file |
323
+ | `--webhook URL` | POST audit results to Slack, Discord, or a generic JSON endpoint |
324
+ | `--webhook-header NAME:VALUE` | Add a custom webhook header; repeat the flag for multiple headers |
325
+ | `--webhook-retries N` | Retry transient webhook failures (`429`, `5xx`, timeouts) up to `N` extra times |
326
+ | `--snapshot` | Save audit snapshot for trending |
327
+ | `--dry-run` | Preview changes without writing files |
328
+ | `--config-only` | Only write config files, never source code |
329
+ | `--auto` | Apply without prompts |
289
330
  | `--only A,B` | Limit apply to selected proposal IDs |
290
331
  | `--format sarif` | SARIF output for code scanning |
291
332
  | `--platform NAME` | Target platform (claude, codex, gemini, copilot, cursor, windsurf, aider, opencode) |
292
- | `--workspace GLOB` | Audit workspaces separately as package-level live audits (e.g. packages/*) |
293
- | `--external PATH` | Benchmark an external repo |
333
+ | `--workspace GLOB` | Audit workspaces separately as package-level live audits with summary-only JSON rows (e.g. packages/*) |
334
+ | `--external PATH` | Benchmark an external repo |
335
+
336
+ Webhook delivery automatically retries transient failures twice by default. For authenticated internal endpoints, you can add custom headers such as:
337
+
338
+ ```bash
339
+ npx @nerviq/cli audit \
340
+ --webhook https://ops.example.com/nerviq/audit \
341
+ --webhook-header "Authorization: Bearer $NERVIQ_WEBHOOK_TOKEN" \
342
+ --webhook-header "X-Nerviq-Environment: production" \
343
+ --webhook-retries 4
344
+ ```
294
345
 
295
346
  ## Backed by Research
296
347