@nerviq/cli 1.10.0 → 1.12.0

package/src/terminology.js

@@ -0,0 +1,73 @@
+'use strict';
+
+const TERMINOLOGY = {
+  governance: {
+    label: 'governance',
+    description: 'the rollout safety layer: permissions, hooks, profiles, and policy packs',
+  },
+  hooks: {
+    label: 'hooks',
+    description: 'auto-run checks or scripts triggered before or after agent tool actions',
+  },
+  denyRules: {
+    label: 'deny rules',
+    description: 'explicit blocks for risky reads or commands like .env access or rm -rf',
+  },
+  mcp: {
+    label: 'MCP',
+    description: 'live external tool connectors for docs, APIs, databases, and other systems',
+  },
+};
+
+const TERM_ORDER = ['governance', 'hooks', 'denyRules', 'mcp'];
+
+function normalizeTermKeys(keys = []) {
+  const seen = new Set();
+  for (const key of keys) {
+    if (!TERMINOLOGY[key]) continue;
+    seen.add(key);
+  }
+  return TERM_ORDER.filter((key) => seen.has(key));
+}
+
+function collectAuditTerminology(result = {}) {
+  const terms = new Set();
+  const texts = [];
+
+  for (const item of result.topNextActions || []) {
+    texts.push(item.name || '', item.fix || '', item.why || '', item.module || '', ...(item.signals || []));
+  }
+
+  for (const item of result.results || []) {
+    if (item.passed === false) {
+      texts.push(item.key || '', item.name || '', item.fix || '', item.category || '');
+    }
+  }
+
+  const blob = texts.join('\n');
+  if (/\bhook/i.test(blob)) terms.add('hooks');
+  if (/\bdeny rules?\b|permissions?\.deny|bypasspermissions|\.env access|rm -rf/i.test(blob)) terms.add('denyRules');
+  if (/\bmcp\b|context7|external tool/i.test(blob)) terms.add('mcp');
+  if (/\bgovernance\b|policy pack|permission profile/i.test(blob) || terms.size > 0) terms.add('governance');
+
+  return normalizeTermKeys([...terms]);
+}
+
+function formatTerminologyLines(keys, options = {}) {
+  const normalized = normalizeTermKeys(keys);
+  if (normalized.length === 0) return [];
+  const title = options.title || '  Terms used here:';
+  const indent = options.indent || '  ';
+  const bullet = options.bullet || '-';
+
+  return [
+    title,
+    ...normalized.map((key) => `${indent}${bullet} ${TERMINOLOGY[key].label}: ${TERMINOLOGY[key].description}`),
+  ];
+}
+
+module.exports = {
+  TERMINOLOGY,
+  collectAuditTerminology,
+  formatTerminologyLines,
+};

package/src/token-estimate.js

@@ -0,0 +1,35 @@
+function splitIdentifierSegments(value) {
+  return String(value || '')
+    .replace(/([a-z0-9])([A-Z])/g, '$1 $2')
+    .replace(/[_./:-]+/g, ' ')
+    .split(/\s+/)
+    .filter(Boolean);
+}
+
+function estimateSegmentTokens(segment) {
+  const charCount = [...String(segment || '')].length;
+  return Math.max(1, Math.ceil(charCount / 4));
+}
+
+function estimateTokenCount(text) {
+  if (typeof text !== 'string' || !text) return 0;
+
+  const parts = text.match(/[\p{L}\p{N}_]+|[^\s]/gu) || [];
+  let total = 0;
+
+  for (const part of parts) {
+    if (/^[\p{L}\p{N}_]+$/u.test(part)) {
+      const segments = splitIdentifierSegments(part);
+      total += segments.reduce((sum, segment) => sum + estimateSegmentTokens(segment), 0);
+      continue;
+    }
+
+    total += 1;
+  }
+
+  return total;
+}
+
+module.exports = {
+  estimateTokenCount,
+};

package/src/watch.js

@@ -7,6 +7,8 @@
 const fs = require('fs');
 const path = require('path');
 const { audit } = require('./audit');
+const { detectPlatforms } = require('./public-api');
+const { buildContinuousStatus, formatContinuousStatus } = require('./continuous-ops');
 
 const COLORS = {
   reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
@@ -131,12 +133,14 @@ function closeWatchers(watchers) {
 
 async function watch(options) {
   const recursiveSupported = supportsNativeRecursiveWatch();
+  const watchMode = options.driftMode || 'watch';
 
   console.log('');
   console.log(c('  nerviq watch mode', 'bold'));
   console.log(c('  ═══════════════════════════════════════', 'dim'));
   console.log(c(`  Watching: ${options.dir}`, 'dim'));
   console.log(c(`  Mode: ${recursiveSupported ? 'native recursive directories' : 'expanded directory fallback (cross-platform safe)'}`, 'dim'));
+  console.log(c(`  Continuous mode: ${watchMode}`, 'dim'));
   console.log(c('  Press Ctrl+C to stop', 'dim'));
   console.log('');
 
@@ -147,6 +151,13 @@ async function watch(options) {
     lastScore = result.score;
     console.log(`  ${c('Initial score:', 'bold')} ${scoreColor(result.score)}`);
     console.log(`  ${result.passed} / ${result.passed + result.failed} checks passing`);
+    const continuousStatus = buildContinuousStatus({
+      dir: options.dir,
+      auditResult: result,
+      mode: watchMode,
+      currentPlatforms: detectPlatforms(options.dir),
+    });
+    console.log(formatContinuousStatus(continuousStatus, { compact: true }));
     console.log('');
   } catch (e) {
     console.log(c(`  Initial audit failed: ${e.message}`, 'dim'));
@@ -184,8 +195,15 @@ async function watch(options) {
         const result = await audit({ ...options, silent: true });
         const delta = lastScore !== null ? result.score - lastScore : 0;
         const arrow = delta > 0 ? c(`+${delta}`, 'green') : delta < 0 ? c(String(delta), 'yellow') : '';
+        const continuousStatus = buildContinuousStatus({
+          dir: options.dir,
+          auditResult: result,
+          mode: watchMode,
+          currentPlatforms: detectPlatforms(options.dir),
+        });
 
         console.log(`  Score: ${scoreColor(result.score)} ${arrow}  (${result.passed}/${result.passed + result.failed} passing)`);
+        console.log(formatContinuousStatus(continuousStatus, { compact: true }));
 
         if (lastScore !== null && result.score > lastScore) {
           console.log(c('  Nice improvement!', 'green'));

package/src/windsurf/techniques.js

@@ -26,11 +26,12 @@
 const fs = require('fs');
 const os = require('os');
 const path = require('path');
-const { WindsurfProjectContext } = require('./context');
-const { EMBEDDED_SECRET_PATTERNS, containsEmbeddedSecret } = require('../secret-patterns');
-const { attachSourceUrls } = require('../source-urls');
-const { buildStackChecks } = require('../stack-checks');
-const { isApiProject, isDatabaseProject, isAuthProject, isMonitoringRelevant } = require('../supplemental-checks');
+const { WindsurfProjectContext } = require('./context');
+const { EMBEDDED_SECRET_PATTERNS, containsEmbeddedSecret } = require('../secret-patterns');
+const { attachSourceUrls } = require('../source-urls');
+const { buildStackChecks } = require('../stack-checks');
+const { isApiProject, isDatabaseProject, isAuthProject, isMonitoringRelevant } = require('../supplemental-checks');
+const { hasCostBudgetOrUsageTracking } = require('../cost-tracking');
 const { tryParseJson, validateMcpEnvVars } = require('./config-parser');
 
 // ─── Shared helpers ─────────────────────────────────────────────────────────
@@ -2161,13 +2162,17 @@ const WINDSURF_TECHNIQUES = {
     fix: 'Document prompt caching strategy to reduce Windsurf API costs.',
     template: null, file: () => 'AGENTS.md', line: () => null,
   },
-  wsCostBudgetDefined: {
-    id: 'WS-T48', name: 'AI cost budget or usage limits documented',
-    check: (ctx) => { const docs = (ctx.fileContent('AGENTS.md') || '') + (ctx.fileContent('README.md') || ''); if (!docs.trim()) return null; return /cost.{0,15}budget|spending.{0,15}limit|usage.{0,15}limit/i.test(docs); },
-    impact: 'low', rating: 2, category: 'cost-optimization',
-    fix: 'Document AI cost budget in README.md.',
-    template: null, file: () => 'README.md', line: () => null,
-  },
+  wsCostBudgetDefined: {
+    id: 'WS-T48', name: 'AI cost budget or per-run usage tracking documented',
+    check: (ctx) => {
+      const docs = (ctx.fileContent('AGENTS.md') || '') + (ctx.fileContent('README.md') || '');
+      if (!docs.trim() && !hasCostBudgetOrUsageTracking('', ctx)) return null;
+      return hasCostBudgetOrUsageTracking(docs, ctx);
+    },
+    impact: 'low', rating: 2, category: 'cost-optimization',
+    fix: 'Document AI cost guardrails or per-run usage tracking so Windsurf usage is measurable over time.',
+    template: null, file: () => 'README.md', line: () => null,
+  },
 
   // ============================================================
   // === PYTHON STACK CHECKS (category: 'python') ===============

package/src/workspace.js

@@ -177,6 +177,104 @@ function summarizeAuditResult(result, scoreType, scope) {
   };
 }
 
+function summarizeWorkspaceEntry(result, workspacePath, absPath, platform) {
+  const stackKeys = (result.stacks || []).map((item) => item.key);
+  const stackLabels = (result.stacks || []).map((item) => item.label);
+  return {
+    name: path.basename(workspacePath),
+    workspace: workspacePath,
+    dir: absPath,
+    platform,
+    stackKeys,
+    stackLabels,
+    workspaceProfile: classifyWorkspaceProfile(stackKeys),
+    ...summarizeAuditResult(result, 'workspace-live-audit', 'workspace-package'),
+  };
+}
+
+function classifyWorkspaceProfile(stackKeys) {
+  const keys = new Set(Array.isArray(stackKeys) ? stackKeys : []);
+  const matchAny = (candidates) => candidates.some((candidate) => keys.has(candidate));
+
+  if (matchAny(['go'])) {
+    return { key: 'go-workspace', label: 'Go workspace' };
+  }
+  if (matchAny(['python', 'django', 'fastapi'])) {
+    return { key: 'python-workspace', label: 'Python workspace' };
+  }
+  if (matchAny(['dotnet'])) {
+    return { key: 'dotnet-workspace', label: '.NET workspace' };
+  }
+  if (matchAny(['java', 'spring'])) {
+    return { key: 'java-workspace', label: 'Java workspace' };
+  }
+  if (matchAny(['flutter', 'dart'])) {
+    return { key: 'flutter-workspace', label: 'Flutter workspace' };
+  }
+  if (matchAny(['swift'])) {
+    return { key: 'swift-workspace', label: 'Swift workspace' };
+  }
+  if (matchAny(['kotlin'])) {
+    return { key: 'kotlin-workspace', label: 'Kotlin workspace' };
+  }
+  if (matchAny(['react', 'nextjs', 'node', 'typescript', 'javascript', 'nestjs', 'vue', 'angular', 'svelte'])) {
+    return { key: 'node-workspace', label: 'Node / JS workspace' };
+  }
+
+  return { key: 'general-workspace', label: 'General workspace' };
+}
+
+function buildProfileBreakdown(results) {
+  const grouped = new Map();
+
+  for (const item of results) {
+    const profileKey = item.workspaceProfile?.key || 'general-workspace';
+    const profileLabel = item.workspaceProfile?.label || 'General workspace';
+    if (!grouped.has(profileKey)) {
+      grouped.set(profileKey, {
+        profileKey,
+        profileLabel,
+        scoreType: 'workspace-live-audit',
+        workspaceCount: 0,
+        workspaces: [],
+        stackLabels: new Set(),
+        scores: [],
+        totals: [],
+      });
+    }
+
+    const entry = grouped.get(profileKey);
+    entry.workspaceCount += 1;
+    entry.workspaces.push(item.workspace);
+    for (const label of item.stackLabels || []) {
+      entry.stackLabels.add(label);
+    }
+    if (typeof item.score === 'number') {
+      entry.scores.push(item.score);
+    }
+    if (typeof item.total === 'number') {
+      entry.totals.push(item.total);
+    }
+  }
+
+  return [...grouped.values()]
+    .map((entry) => ({
+      profileKey: entry.profileKey,
+      profileLabel: entry.profileLabel,
+      scoreType: 'workspace-live-audit',
+      workspaceCount: entry.workspaceCount,
+      averageScore: entry.scores.length > 0
+        ? Math.round(entry.scores.reduce((sum, value) => sum + value, 0) / entry.scores.length)
+        : 0,
+      averageTotal: entry.totals.length > 0
+        ? Math.round(entry.totals.reduce((sum, value) => sum + value, 0) / entry.totals.length)
+        : 0,
+      stackLabels: [...entry.stackLabels].sort(),
+      workspaces: entry.workspaces.sort(),
+    }))
+    .sort((left, right) => left.profileLabel.localeCompare(right.profileLabel));
+}
+
 async function auditWorkspaces(dir, workspaceGlobs, platform = 'claude') {
   const { audit } = require('./audit');
   const rootDir = path.resolve(dir);
@@ -207,14 +305,7 @@ async function auditWorkspaces(dir, workspaceGlobs, platform = 'claude') {
     const absPath = path.join(rootDir, workspacePath);
     try {
       const result = await audit({ dir: absPath, platform, silent: true });
-      results.push({
-        name: path.basename(workspacePath),
-        workspace: workspacePath,
-        dir: absPath,
-        platform,
-        ...summarizeAuditResult(result, 'workspace-live-audit', 'workspace-package'),
-        result,
-      });
+      results.push(summarizeWorkspaceEntry(result, workspacePath, absPath, platform));
     } catch (error) {
       results.push({
         name: path.basename(workspacePath),
@@ -227,6 +318,9 @@ async function auditWorkspaces(dir, workspaceGlobs, platform = 'claude') {
         passed: 0,
         total: 0,
         topAction: null,
+        stackKeys: [],
+        stackLabels: [],
+        workspaceProfile: { key: 'general-workspace', label: 'General workspace' },
         error: error.message,
       });
     }
@@ -238,6 +332,7 @@ async function auditWorkspaces(dir, workspaceGlobs, platform = 'claude') {
     : 0;
   const maxScore = validScores.length > 0 ? Math.max(...validScores) : 0;
   const minScore = validScores.length > 0 ? Math.min(...validScores) : 0;
+  const profileBreakdown = buildProfileBreakdown(results);
 
   return {
     summaryType: 'monorepo-workspace-audit',
@@ -254,10 +349,12 @@ async function auditWorkspaces(dir, workspaceGlobs, platform = 'claude') {
       maxScore,
       minScore,
     },
+    profileBreakdown,
     scoreSemantics: {
       rootGovernance: 'Root repo live audit for shared instructions, hooks, permissions, and top-level governance files.',
       workspaceAggregate: 'Average of the selected workspace live audit scores. This is a package coverage rollup, not the root repo score.',
       workspaceEntries: 'Each workspace row is a package-level live audit. Package scores can differ from the root governance score for legitimate reasons.',
+      workspaceProfiles: 'Workspace totals can differ because each package uses a stack-specific check profile based on detected languages and frameworks.',
     },
     workspaces: results,
     detectedWorkspaces: workspacePaths,