@qodfy/core 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yassine Ifguisse
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts

@@ -0,0 +1,22 @@
+type IssueSeverity = "critical" | "warning" | "info";
+type Issue = {
+    severity: IssueSeverity;
+    title: string;
+    message: string;
+    file?: string;
+};
+type ScanReport = {
+    projectPath: string;
+    isNextProject: boolean;
+    score: number;
+    issues: Issue[];
+    stats: {
+        totalFiles: number;
+        apiRoutes: number;
+        aiFiles: number;
+        largeFiles: number;
+    };
+};
+declare function scanProject(projectPath: string): Promise<ScanReport>;
+
+export { type Issue, type IssueSeverity, type ScanReport, scanProject };

package/dist/index.js

@@ -0,0 +1,139 @@
+// src/index.ts
+import path from "path";
+import fs from "fs/promises";
+import fg from "fast-glob";
+async function fileExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function readJson(filePath) {
+  const content = await fs.readFile(filePath, "utf-8");
+  return JSON.parse(content);
+}
+async function scanProject(projectPath) {
+  const issues = [];
+  const packageJsonPath = path.join(projectPath, "package.json");
+  const hasPackageJson = await fileExists(packageJsonPath);
+  if (!hasPackageJson) {
+    issues.push({
+      severity: "critical",
+      title: "Missing package.json",
+      message: "Qodfy could not find a package.json file in this project."
+    });
+  }
+  let isNextProject = false;
+  if (hasPackageJson) {
+    const packageJson = await readJson(packageJsonPath);
+    const deps = {
+      ...packageJson.dependencies,
+      ...packageJson.devDependencies
+    };
+    isNextProject = Boolean(deps.next);
+    if (!isNextProject) {
+      issues.push({
+        severity: "warning",
+        title: "Next.js not detected",
+        message: "This first version of Qodfy is optimized for Next.js projects."
+      });
+    }
+  }
+  const envExamplePath = path.join(projectPath, ".env.example");
+  const hasEnvExample = await fileExists(envExamplePath);
+  if (!hasEnvExample) {
+    issues.push({
+      severity: "warning",
+      title: "Missing .env.example",
+      message: "Add a .env.example file so future developers know which environment variables are required."
+    });
+  }
+  const hasReadme = await fileExists(path.join(projectPath, "README.md"));
+  if (!hasReadme) {
+    issues.push({
+      severity: "info",
+      title: "Missing README.md",
+      message: "A README helps other developers understand how to run and maintain the project."
+    });
+  }
+  const files = await fg(["**/*.{ts,tsx,js,jsx}"], {
+    cwd: projectPath,
+    ignore: ["node_modules/**", ".next/**", "dist/**", "build/**"],
+    absolute: true
+  });
+  const apiRoutes = files.filter((file) => {
+    return file.includes(`${path.sep}app${path.sep}api${path.sep}`) || file.includes(`${path.sep}pages${path.sep}api${path.sep}`);
+  });
+  const aiKeywords = [
+    "openai",
+    "@ai-sdk",
+    "ai/react",
+    "anthropic",
+    "gemini",
+    "generateText",
+    "streamText"
+  ];
+  let aiFiles = 0;
+  let largeFiles = 0;
+  for (const file of files) {
+    const content = await fs.readFile(file, "utf-8");
+    const relativeFile = path.relative(projectPath, file);
+    if (content.length > 15e3) {
+      largeFiles++;
+      issues.push({
+        severity: "info",
+        title: "Large file detected",
+        message: "Large files are harder to maintain and often appear in AI-generated codebases.",
+        file: relativeFile
+      });
+    }
+    const usesAI = aiKeywords.some(
+      (keyword) => content.toLowerCase().includes(keyword.toLowerCase())
+    );
+    if (usesAI) {
+      aiFiles++;
+      const hasRateLimit = content.includes("rateLimit") || content.includes("ratelimit") || content.includes("upstash") || content.includes("limiter");
+      if (!hasRateLimit) {
+        issues.push({
+          severity: "critical",
+          title: "AI route may be missing rate limiting",
+          message: "AI routes can create real API costs. Add rate limiting or usage limits before launch.",
+          file: relativeFile
+        });
+      }
+    }
+  }
+  for (const route of apiRoutes) {
+    const content = await fs.readFile(route, "utf-8");
+    const relativeFile = path.relative(projectPath, route);
+    const hasAuth = content.includes("auth(") || content.includes("getServerSession") || content.includes("currentUser") || content.includes("clerkClient") || content.includes("session");
+    if (!hasAuth) {
+      issues.push({
+        severity: "warning",
+        title: "API route may be missing authentication",
+        message: "This API route does not appear to contain an auth/session check.",
+        file: relativeFile
+      });
+    }
+  }
+  const criticalCount = issues.filter((issue) => issue.severity === "critical").length;
+  const warningCount = issues.filter((issue) => issue.severity === "warning").length;
+  const score = Math.max(0, 100 - criticalCount * 20 - warningCount * 8);
+  return {
+    projectPath,
+    isNextProject,
+    score,
+    issues,
+    stats: {
+      totalFiles: files.length,
+      apiRoutes: apiRoutes.length,
+      aiFiles,
+      largeFiles
+    }
+  };
+}
+export {
+  scanProject
+};

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@qodfy/core",
+  "version": "0.1.0",
+  "description": "Scanner engine for Qodfy, an open-source launch readiness scanner for AI-built apps.",
+  "keywords": [
+    "qodfy",
+    "nextjs",
+    "ai",
+    "launch-readiness",
+    "scanner",
+    "code-quality",
+    "developer-tools",
+    "typescript",
+    "static-analysis"
+  ],
+  "homepage": "https://github.com/yassinifguisse1/qodfy#readme",
+  "bugs": {
+    "url": "https://github.com/yassinifguisse1/qodfy/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/yassinifguisse1/qodfy.git",
+    "directory": "packages/core"
+  },
+  "author": "Yassine Ifguisse",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "fast-glob": "^3.3.3"
+  },
+  "devDependencies": {
+    "@types/node": "^25.7.0",
+    "tsup": "^8.5.1",
+    "tsx": "^4.21.0",
+    "typescript": "^6.0.3"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean --tsconfig tsconfig.json",
+    "dev": "tsx src/index.ts"
+  }
+}