@safetnsr/vet 0.1.0

package/README.md

@@ -0,0 +1,101 @@
+# vet
+
+vet your AI-generated code. one command, six checks, zero config.
+
+```bash
+npx @safetnsr/vet
+```
+
+works with Claude Code, Cursor, Copilot, Codex, Aider, Windsurf, Cline — anything that writes code in a git repo.
+
+## what it checks
+
+| check | what | how |
+|-------|------|-----|
+| **ready** | is your codebase AI-friendly? | scans structure, docs, types, tests |
+| **diff** | did the AI leave anti-patterns? | checks staged/unstaged changes for secrets, stubs, empty catches |
+| **models** | using deprecated AI models? | scans code for sunset model strings |
+| **links** | broken markdown links? | validates relative links and wikilinks |
+| **config** | agent configs in place? | checks for CLAUDE.md, .cursorrules, copilot-instructions, etc. |
+| **history** | git patterns healthy? | analyzes commit churn, AI attribution, large changes |
+
+## usage
+
+```bash
+# run all checks (default)
+npx @safetnsr/vet
+
+# check a specific directory
+npx @safetnsr/vet ./my-project
+
+# CI mode — exit code 1 if score below threshold
+npx @safetnsr/vet --ci
+
+# auto-fix what we can
+npx @safetnsr/vet --fix
+
+# JSON output
+npx @safetnsr/vet --json
+
+# set up config + agent files + pre-commit hook
+npx @safetnsr/vet init
+```
+
+## output
+
+```
+  my-project  8.2/10
+
+  ready       ████████░░   8    structure + docs look good
+  diff        ██████████  10    clean diff, no issues
+  models      ██████████  10    all models current
+  links       ██████░░░░   6    3 broken links in docs/
+  config      ████████░░   8    CLAUDE.md missing react patterns
+  history     ████████░░   8    2 high-churn files
+
+  run --fix to auto-repair 4 issues
+```
+
+## config
+
+create `.vetrc` in your project root (optional):
+
+```json
+{
+  "checks": ["ready", "diff", "models", "links", "config", "history"],
+  "ignore": ["vendor/", "generated/"],
+  "thresholds": { "min": 6 }
+}
+```
+
+## init
+
+`npx @safetnsr/vet init` creates:
+- `.vetrc` with sensible defaults
+- `CLAUDE.md` generated from your codebase
+- `.cursorrules` matching your project
+- `.git/hooks/pre-commit` that runs vet before every commit
+
+## ci
+
+```yaml
+# .github/workflows/vet.yml
+name: vet
+on: [pull_request]
+jobs:
+  vet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 50
+      - run: npx @safetnsr/vet --ci
+```
+
+## zero dependencies
+
+vet uses only Node.js built-ins. no runtime dependencies. works with Node 18+.
+
+## license
+
+MIT

package/dist/checks/config.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkConfig(cwd: string, ignore: string[]): CheckResult;

package/dist/checks/config.js

@@ -0,0 +1,102 @@
+import { join } from 'node:path';
+import { readFile, fileExists, walkFiles } from '../util.js';
+// Known agent config files per platform
+const AGENT_CONFIGS = {
+    claude: { files: ['CLAUDE.md', '.claude/settings.json', 'AGENTS.md'], name: 'Claude Code' },
+    cursor: { files: ['.cursorrules', '.cursor/rules'], name: 'Cursor' },
+    copilot: { files: ['.github/copilot-instructions.md'], name: 'GitHub Copilot' },
+    aider: { files: ['.aider.conf.yml', '.aiderignore'], name: 'Aider' },
+    continue: { files: ['.continue/config.json', '.continuerules'], name: 'Continue' },
+    codex: { files: ['AGENTS.md', 'codex.md'], name: 'OpenAI Codex' },
+    windsurf: { files: ['.windsurfrules'], name: 'Windsurf' },
+    cline: { files: ['.clinerules', '.cline/settings.json'], name: 'Cline' },
+};
+export function checkConfig(cwd, ignore) {
+    const issues = [];
+    const files = walkFiles(cwd, ignore);
+    // Detect which agents have config
+    const detected = [];
+    const missing = [];
+    for (const [agent, info] of Object.entries(AGENT_CONFIGS)) {
+        const found = info.files.some(f => fileExists(join(cwd, f)));
+        if (found)
+            detected.push(info.name);
+    }
+    if (detected.length === 0) {
+        issues.push({
+            severity: 'warning',
+            message: 'no AI agent config found — add CLAUDE.md, .cursorrules, or similar to guide AI behavior',
+            fixable: true,
+            fixHint: 'run vet init to generate agent config',
+        });
+    }
+    // Check quality of found configs
+    for (const [agent, info] of Object.entries(AGENT_CONFIGS)) {
+        for (const configFile of info.files) {
+            const content = readFile(join(cwd, configFile));
+            if (!content)
+                continue;
+            // Too short to be useful
+            if (content.length < 50) {
+                issues.push({
+                    severity: 'warning',
+                    message: `${configFile} is only ${content.length} chars — probably too sparse to guide AI effectively`,
+                    file: configFile,
+                    fixable: false,
+                });
+            }
+            // Check if config mentions key project patterns
+            const pkgJson = readFile(join(cwd, 'package.json'));
+            if (pkgJson) {
+                try {
+                    const pkg = JSON.parse(pkgJson);
+                    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+                    // Major frameworks that should be mentioned
+                    const frameworks = {
+                        react: ['react', 'jsx', 'tsx', 'component'],
+                        next: ['next', 'nextjs', 'app router', 'pages router'],
+                        vue: ['vue', 'composition api', 'options api'],
+                        svelte: ['svelte', 'sveltekit'],
+                        express: ['express', 'middleware', 'router'],
+                        hono: ['hono'],
+                        fastify: ['fastify'],
+                        django: ['django'],
+                        flask: ['flask'],
+                    };
+                    const contentLower = content.toLowerCase();
+                    for (const [framework, keywords] of Object.entries(frameworks)) {
+                        if (deps[framework] && !keywords.some(k => contentLower.includes(k))) {
+                            issues.push({
+                                severity: 'info',
+                                message: `${configFile} doesn't mention ${framework} — but it's in your dependencies`,
+                                file: configFile,
+                                fixable: false,
+                            });
+                        }
+                    }
+                }
+                catch { /* invalid package.json, skip */ }
+            }
+        }
+    }
+    // Check for .gitignore (agents need to know what to ignore)
+    if (!fileExists(join(cwd, '.gitignore'))) {
+        issues.push({
+            severity: 'info',
+            message: 'no .gitignore — agents may create files in wrong directories',
+            fixable: false,
+        });
+    }
+    const errors = issues.filter(i => i.severity === 'error').length;
+    const warnings = issues.filter(i => i.severity === 'warning').length;
+    const infos = issues.filter(i => i.severity === 'info').length;
+    const score = Math.max(0, Math.min(10, 10 - errors * 2 - warnings * 1.5 - infos * 0.3));
+    const configSummary = detected.length > 0 ? `configs: ${detected.join(', ')}` : 'no agent configs';
+    return {
+        name: 'config',
+        score: Math.round(score * 10) / 10,
+        maxScore: 10,
+        issues,
+        summary: issues.length === 0 ? `${configSummary} — well configured` : `${configSummary} — ${issues.length} suggestions`,
+    };
+}

package/dist/checks/diff.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkDiff(cwd: string): CheckResult;

package/dist/checks/diff.js

@@ -0,0 +1,98 @@
+import { git } from '../util.js';
+const PATTERNS = [
+    // Secrets
+    { regex: /(?:api[_-]?key|secret|token|password|credential)\s*[:=]\s*['"][^'"]{8,}['"]/i, message: 'possible hardcoded secret', severity: 'error' },
+    { regex: /sk-[a-zA-Z0-9]{20,}/, message: 'possible OpenAI API key', severity: 'error' },
+    { regex: /AKIA[0-9A-Z]{16}/, message: 'possible AWS access key', severity: 'error' },
+    { regex: /AIza[0-9A-Za-z_-]{35}/, message: 'possible Google API key', severity: 'error' },
+    // AI anti-patterns
+    { regex: /\/\/\s*TODO[:\s]/i, message: 'TODO comment left in code', severity: 'warning' },
+    { regex: /\/\/\s*FIXME[:\s]/i, message: 'FIXME comment left in code', severity: 'warning' },
+    { regex: /\/\/\s*HACK[:\s]/i, message: 'HACK comment left in code', severity: 'warning' },
+    { regex: /console\.log\(/, message: 'console.log left in code', severity: 'warning' },
+    { regex: /catch\s*\([^)]*\)\s*\{\s*\}/, message: 'empty catch block — error silently swallowed', severity: 'error' },
+    { regex: /catch\s*\([^)]*\)\s*\{\s*\/\//, message: 'catch block with only a comment — errors need handling', severity: 'warning' },
+    { regex: /it\(\s*['"].*['"]\s*,\s*(?:async\s*)?\(\)\s*=>\s*\{\s*\}\s*\)/, message: 'empty test body — stubbed test', severity: 'error' },
+    { regex: /test\(\s*['"].*['"]\s*,\s*(?:async\s*)?\(\)\s*=>\s*\{\s*\}\s*\)/, message: 'empty test body — stubbed test', severity: 'error' },
+    { regex: /expect\(true\)\.toBe\(true\)/, message: 'trivial assertion — test proves nothing', severity: 'error' },
+    { regex: /assert\s+True\s*$/, message: 'trivial assertion — test proves nothing', severity: 'error' },
+    { regex: /\.only\(/, message: '.only() left in test — other tests will be skipped', severity: 'error' },
+    { regex: /debugger;/, message: 'debugger statement left in code', severity: 'error' },
+];
+export function checkDiff(cwd) {
+    const issues = [];
+    // Get staged + unstaged diff
+    let diff = git('diff HEAD', cwd);
+    if (!diff)
+        diff = git('diff --cached', cwd);
+    if (!diff)
+        diff = git('diff', cwd);
+    if (!diff) {
+        return {
+            name: 'diff',
+            score: 10,
+            maxScore: 10,
+            issues: [],
+            summary: 'no uncommitted changes to check',
+        };
+    }
+    // Parse diff: only check added lines
+    let currentFile = '';
+    let lineNum = 0;
+    for (const line of diff.split('\n')) {
+        if (line.startsWith('diff --git')) {
+            const match = line.match(/b\/(.+)$/);
+            if (match)
+                currentFile = match[1];
+            lineNum = 0;
+            continue;
+        }
+        if (line.startsWith('@@')) {
+            const match = line.match(/@@ -\d+(?:,\d+)? \+(\d+)/);
+            if (match)
+                lineNum = parseInt(match[1]) - 1;
+            continue;
+        }
+        if (line.startsWith('+') && !line.startsWith('+++')) {
+            lineNum++;
+            const added = line.slice(1);
+            for (const pattern of PATTERNS) {
+                if (pattern.regex.test(added)) {
+                    issues.push({
+                        severity: pattern.severity,
+                        message: pattern.message,
+                        file: currentFile,
+                        line: lineNum,
+                        fixable: false,
+                    });
+                    break; // one issue per line
+                }
+            }
+        }
+        else if (!line.startsWith('-')) {
+            lineNum++;
+        }
+    }
+    // Check for deleted error handling
+    let deletedErrorHandling = 0;
+    for (const line of diff.split('\n')) {
+        if (line.startsWith('-') && !line.startsWith('---')) {
+            if (/catch|throw|Error|reject|finally/.test(line)) {
+                deletedErrorHandling++;
+            }
+        }
+    }
+    if (deletedErrorHandling > 3) {
+        issues.push({ severity: 'warning', message: `${deletedErrorHandling} lines of error handling removed — verify this was intentional`, fixable: false });
+    }
+    const errors = issues.filter(i => i.severity === 'error').length;
+    const warnings = issues.filter(i => i.severity === 'warning').length;
+    const score = Math.max(0, Math.min(10, 10 - errors * 1.5 - warnings * 0.5));
+    return {
+        name: 'diff',
+        score: Math.round(score * 10) / 10,
+        maxScore: 10,
+        issues,
+        summary: issues.length === 0 ? 'clean diff, no issues' : `${issues.length} issues in uncommitted changes`,
+    };
+}

package/dist/checks/history.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkHistory(cwd: string): CheckResult;

package/dist/checks/history.js

@@ -0,0 +1,77 @@
+import { gitExec } from '../util.js';
+// Git history analysis: AI commit patterns, churn hotspots
+export function checkHistory(cwd) {
+    const issues = [];
+    // Get recent commits (last 50) — use execFileSync to avoid shell pipe interpretation
+    const log = gitExec(['log', '--oneline', '-50', '--format=%H|%an|%s'], cwd);
+    if (!log) {
+        return { name: 'history', score: 10, maxScore: 10, issues: [], summary: 'no git history to analyze' };
+    }
+    const commits = log.split('\n').filter(Boolean).map(line => {
+        const parts = line.split('|');
+        return { hash: parts[0] || '', author: parts[1] || '', message: parts.slice(2).join('|') };
+    });
+    // Detect AI-attributed commits
+    const aiIndicators = [
+        /co-authored-by:\s*(claude|cursor|copilot|codex|aider|cline|windsurf)/i,
+        /generated by/i,
+    ];
+    const aiAuthors = /claude|cursor|copilot|codex|aider|bot/i;
+    let aiCommits = 0;
+    for (const c of commits) {
+        if (aiIndicators.some(p => p.test(c.message)))
+            aiCommits++;
+        else if (aiAuthors.test(c.author))
+            aiCommits++;
+    }
+    // File churn: which files change most in recent history
+    const churnOutput = gitExec(['log', '-50', '--name-only', '--format='], cwd);
+    if (churnOutput) {
+        const fileChanges = new Map();
+        for (const line of churnOutput.split('\n')) {
+            if (!line.trim())
+                continue;
+            fileChanges.set(line, (fileChanges.get(line) || 0) + 1);
+        }
+        // High churn files (changed >5 times in last 50 commits)
+        const hotFiles = [...fileChanges.entries()]
+            .filter(([, count]) => count >= 5)
+            .sort((a, b) => b[1] - a[1]);
+        if (hotFiles.length > 0) {
+            const top = hotFiles.slice(0, 3);
+            for (const [file, count] of top) {
+                issues.push({
+                    severity: 'info',
+                    message: `${file} changed ${count} times in last 50 commits — high churn, consider stabilizing`,
+                    file,
+                    fixable: false,
+                });
+            }
+        }
+    }
+    // Large commits (many files changed at once — common AI pattern)
+    const diffStatLog = gitExec(['log', '-20', '--format=%H', '--shortstat'], cwd);
+    if (diffStatLog) {
+        const bigCommits = (diffStatLog.match(/(\d+) files? changed/g) || [])
+            .map(m => parseInt(m))
+            .filter(n => n > 20);
+        if (bigCommits.length > 2) {
+            issues.push({
+                severity: 'warning',
+                message: `${bigCommits.length} commits touched 20+ files — large AI-generated changes are harder to review`,
+                fixable: false,
+            });
+        }
+    }
+    const aiPct = commits.length > 0 ? Math.round((aiCommits / commits.length) * 100) : 0;
+    const infos = issues.filter(i => i.severity === 'info').length;
+    const warnings = issues.filter(i => i.severity === 'warning').length;
+    const score = Math.max(0, Math.min(10, 10 - warnings * 1 - infos * 0.2));
+    return {
+        name: 'history',
+        score: Math.round(score * 10) / 10,
+        maxScore: 10,
+        issues,
+        summary: `${commits.length} recent commits${aiPct > 0 ? ` (~${aiPct}% AI-attributed)` : ''}, ${issues.length} observation${issues.length !== 1 ? 's' : ''}`,
+    };
+}

package/dist/checks/links.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkLinks(cwd: string, ignore: string[]): CheckResult;

package/dist/checks/links.js

@@ -0,0 +1,76 @@
+import { join, dirname } from 'node:path';
+import { readFile, fileExists, walkFiles } from '../util.js';
+// Markdown link checker — broken relative links and wikilinks
+export function checkLinks(cwd, ignore) {
+    const issues = [];
+    const files = walkFiles(cwd, ignore);
+    const mdFiles = files.filter(f => f.endsWith('.md'));
+    if (mdFiles.length === 0) {
+        return { name: 'links', score: 10, maxScore: 10, issues: [], summary: 'no markdown files to check' };
+    }
+    const allFilesSet = new Set(files);
+    // Also index without extension for wikilinks
+    const filesByName = new Map();
+    for (const f of files) {
+        const base = f.replace(/\.[^.]+$/, '');
+        filesByName.set(base.toLowerCase(), f);
+        // Also just the filename
+        const name = f.split('/').pop()?.replace(/\.[^.]+$/, '') || '';
+        if (name)
+            filesByName.set(name.toLowerCase(), f);
+    }
+    for (const mdFile of mdFiles) {
+        const content = readFile(join(cwd, mdFile));
+        if (!content)
+            continue;
+        const dir = dirname(mdFile);
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Standard markdown links: [text](path)
+            const mdLinkRegex = /\[([^\]]*)\]\(([^)]+)\)/g;
+            let match;
+            while ((match = mdLinkRegex.exec(line)) !== null) {
+                const target = match[2].split('#')[0].split('?')[0]; // strip anchors/queries
+                if (!target)
+                    continue; // anchor-only link
+                if (target.startsWith('http://') || target.startsWith('https://') || target.startsWith('mailto:'))
+                    continue;
+                if (target.startsWith('/images/') || target.startsWith('/assets/'))
+                    continue; // common static paths
+                const resolved = join(dir, target);
+                if (!allFilesSet.has(resolved) && !fileExists(join(cwd, resolved))) {
+                    issues.push({
+                        severity: 'warning',
+                        message: `broken link to "${target}"`,
+                        file: mdFile,
+                        line: i + 1,
+                        fixable: false,
+                    });
+                }
+            }
+            // Wikilinks: [[target]]
+            const wikiRegex = /\[\[([^\]|]+)(?:\|[^\]]+)?\]\]/g;
+            while ((match = wikiRegex.exec(line)) !== null) {
+                const target = match[1].trim().toLowerCase();
+                if (!filesByName.has(target) && !allFilesSet.has(target + '.md')) {
+                    issues.push({
+                        severity: 'warning',
+                        message: `broken wikilink [[${match[1].trim()}]]`,
+                        file: mdFile,
+                        line: i + 1,
+                        fixable: false,
+                    });
+                }
+            }
+        }
+    }
+    const score = Math.max(0, 10 - issues.length * 0.5);
+    return {
+        name: 'links',
+        score: Math.round(Math.min(10, score) * 10) / 10,
+        maxScore: 10,
+        issues,
+        summary: issues.length === 0 ? `${mdFiles.length} markdown files, all links valid` : `${issues.length} broken link${issues.length > 1 ? 's' : ''} across ${mdFiles.length} files`,
+    };
+}

package/dist/checks/models.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkModels(cwd: string, ignore: string[]): CheckResult;

package/dist/checks/models.js

@@ -0,0 +1,95 @@
+import { join } from 'node:path';
+import { readFile, walkFiles } from '../util.js';
+// Model sunset/deprecation registry — kept inline for zero deps
+const SUNSET_MODELS = {
+    // OpenAI
+    'gpt-3.5-turbo': { replacement: 'gpt-4o-mini', sunset: '2025-06' },
+    'gpt-4-turbo': { replacement: 'gpt-4o', sunset: '2025-04' },
+    'gpt-4-turbo-preview': { replacement: 'gpt-4o', sunset: '2025-04' },
+    'gpt-4-0314': { replacement: 'gpt-4o', sunset: '2024-06' },
+    'gpt-4-0613': { replacement: 'gpt-4o', sunset: '2025-06' },
+    'gpt-4-32k': { replacement: 'gpt-4o', sunset: '2025-06' },
+    'text-davinci-003': { replacement: 'gpt-4o-mini', sunset: '2024-01' },
+    'code-davinci-002': { replacement: 'gpt-4o', sunset: '2024-01' },
+    'text-embedding-ada-002': { replacement: 'text-embedding-3-small', sunset: '2025-04' },
+    // Anthropic
+    'claude-instant-1': { replacement: 'claude-sonnet-4-5', sunset: '2024-08' },
+    'claude-2': { replacement: 'claude-sonnet-4-5', sunset: '2024-08' },
+    'claude-2.0': { replacement: 'claude-sonnet-4-5', sunset: '2024-08' },
+    'claude-2.1': { replacement: 'claude-sonnet-4-5', sunset: '2024-08' },
+    'claude-3-haiku-20240307': { replacement: 'claude-haiku-3-5', sunset: '2025-06' },
+    'claude-3-sonnet-20240229': { replacement: 'claude-sonnet-4-5', sunset: '2025-03' },
+    'claude-3-opus-20240229': { replacement: 'claude-opus-4-0', sunset: '2025-09' },
+    // Google
+    'gemini-pro': { replacement: 'gemini-2.0-flash', sunset: '2025-02' },
+    'gemini-1.0-pro': { replacement: 'gemini-2.0-flash', sunset: '2025-02' },
+    'gemini-1.5-pro': { replacement: 'gemini-2.5-pro', sunset: '2025-09' },
+    'gemini-1.5-flash': { replacement: 'gemini-2.0-flash', sunset: '2025-09' },
+    'text-bison': { replacement: 'gemini-2.0-flash', sunset: '2024-04' },
+    'chat-bison': { replacement: 'gemini-2.0-flash', sunset: '2024-04' },
+    // Cohere
+    'command': { replacement: 'command-r-plus', sunset: '2025-03' },
+    'command-light': { replacement: 'command-r', sunset: '2025-03' },
+    'command-nightly': { replacement: 'command-r-plus', sunset: '2025-03' },
+};
+const SCAN_EXTS = ['.ts', '.js', '.tsx', '.jsx', '.py', '.rs', '.go', '.java', '.rb', '.php',
+    '.yaml', '.yml', '.json', '.toml', '.env', '.env.example', '.env.local', '.cfg', '.ini', '.conf'];
+// Files that contain model registries should not trigger false positives
+const SELF_IGNORE = ['models.ts', 'models.js', 'model-graveyard', 'model-registry', 'sunset'];
+// Short model names that need context to avoid false positives (e.g. npm "command" field)
+const CONTEXT_REQUIRED = new Set(['command', 'command-light', 'command-nightly']);
+function hasModelContext(content, model) {
+    // Require the model name to appear in a string-like context: quotes, assignment, or near "model"/"engine"
+    const escaped = model.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const contextPatterns = [
+        new RegExp(`['"\`]${escaped}['"\`]`), // quoted
+        new RegExp(`model[_\\s]*[:=].*${escaped}`, 'i'), // model assignment
+        new RegExp(`engine[_\\s]*[:=].*${escaped}`, 'i'), // engine assignment
+        new RegExp(`${escaped}.*(?:api|llm|chat|completion)`, 'i'), // near API terms
+    ];
+    return contextPatterns.some(p => p.test(content));
+}
+export function checkModels(cwd, ignore) {
+    const issues = [];
+    const files = walkFiles(cwd, ignore);
+    const found = new Map();
+    for (const f of files) {
+        if (!SCAN_EXTS.some(ext => f.endsWith(ext)))
+            continue;
+        // Skip files that are model registries themselves
+        if (SELF_IGNORE.some(s => f.toLowerCase().includes(s)))
+            continue;
+        const content = readFile(join(cwd, f));
+        if (!content)
+            continue;
+        for (const [model, info] of Object.entries(SUNSET_MODELS)) {
+            if (!content.includes(model))
+                continue;
+            // For short/ambiguous names, require contextual evidence
+            if (CONTEXT_REQUIRED.has(model) && !hasModelContext(content, model))
+                continue;
+            const existing = found.get(model) || [];
+            existing.push(f);
+            found.set(model, existing);
+        }
+    }
+    for (const [model, files] of found) {
+        const info = SUNSET_MODELS[model];
+        const fileList = files.length <= 2 ? files.join(', ') : `${files[0]} +${files.length - 1} more`;
+        issues.push({
+            severity: 'error',
+            message: `deprecated model "${model}" in ${fileList} — use "${info.replacement}"${info.sunset ? ` (sunset ${info.sunset})` : ''}`,
+            file: files[0],
+            fixable: true,
+            fixHint: `replace "${model}" with "${info.replacement}"`,
+        });
+    }
+    const score = Math.max(0, 10 - issues.length * 2);
+    return {
+        name: 'models',
+        score: Math.min(10, score),
+        maxScore: 10,
+        issues,
+        summary: issues.length === 0 ? 'all model references current' : `${issues.length} deprecated model${issues.length > 1 ? 's' : ''} found`,
+    };
+}

package/dist/checks/ready.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from '../types.js';
+export declare function checkReady(cwd: string, ignore: string[]): CheckResult;

package/dist/checks/ready.js

@@ -0,0 +1,68 @@
+import { join } from 'node:path';
+import { readFile, walkFiles } from '../util.js';
+// Codebase AI-readiness: structure, complexity, documentation
+export function checkReady(cwd, ignore) {
+    const issues = [];
+    const files = walkFiles(cwd, ignore);
+    // 1. README exists
+    const hasReadme = files.some(f => /^readme\.(md|txt|rst)$/i.test(f));
+    if (!hasReadme) {
+        issues.push({ severity: 'warning', message: 'no README found — AI agents work better with project context', fixable: true, fixHint: 'create a README.md' });
+    }
+    // 2. Project manifest
+    const manifests = ['package.json', 'pyproject.toml', 'Cargo.toml', 'go.mod', 'pom.xml', 'build.gradle', 'Gemfile', 'composer.json'];
+    const hasManifest = manifests.some(m => files.includes(m));
+    if (!hasManifest) {
+        issues.push({ severity: 'warning', message: 'no package manifest found — agents need dependency context', fixable: false });
+    }
+    // 3. Check for overly large files (>500 lines is harder for AI to reason about)
+    let largeFileCount = 0;
+    const codeExts = ['.ts', '.js', '.tsx', '.jsx', '.py', '.rs', '.go', '.java', '.rb', '.php', '.cs', '.swift', '.kt'];
+    for (const f of files) {
+        if (!codeExts.some(ext => f.endsWith(ext)))
+            continue;
+        const content = readFile(join(cwd, f));
+        if (content) {
+            const lines = content.split('\n').length;
+            if (lines > 500) {
+                largeFileCount++;
+                if (largeFileCount <= 3) {
+                    issues.push({ severity: 'info', message: `${f} is ${lines} lines — consider splitting for better AI comprehension`, fixable: false });
+                }
+            }
+        }
+    }
+    if (largeFileCount > 3) {
+        issues.push({ severity: 'info', message: `...and ${largeFileCount - 3} more large files`, fixable: false });
+    }
+    // 4. Check for .env.example (helps AI understand required env vars)
+    const hasEnv = files.some(f => f === '.env' || f === '.env.local');
+    const hasEnvExample = files.some(f => f === '.env.example' || f === '.env.template');
+    if (hasEnv && !hasEnvExample) {
+        issues.push({ severity: 'warning', message: '.env exists but no .env.example — AI agents can\'t see your env structure', fixable: false });
+    }
+    // 5. TypeScript/Python type coverage
+    const tsFiles = files.filter(f => f.endsWith('.ts') || f.endsWith('.tsx'));
+    const jsFiles = files.filter(f => f.endsWith('.js') || f.endsWith('.jsx'));
+    if (jsFiles.length > 10 && tsFiles.length === 0 && files.includes('package.json')) {
+        issues.push({ severity: 'info', message: `${jsFiles.length} JS files with no TypeScript — typed code gives AI agents better context`, fixable: false });
+    }
+    // 6. Test coverage indicator
+    const testFiles = files.filter(f => /\.(test|spec)\.(ts|js|tsx|jsx|py)$/.test(f) || f.includes('__tests__/') || f.startsWith('tests/') || f.startsWith('test/'));
+    const codeFiles = files.filter(f => codeExts.some(ext => f.endsWith(ext)));
+    if (codeFiles.length > 5 && testFiles.length === 0) {
+        issues.push({ severity: 'warning', message: 'no test files found — AI agents produce better code when tests exist to validate against', fixable: false });
+    }
+    // Score: start at 10, deduct
+    const errors = issues.filter(i => i.severity === 'error').length;
+    const warnings = issues.filter(i => i.severity === 'warning').length;
+    const infos = issues.filter(i => i.severity === 'info').length;
+    const score = Math.max(0, Math.min(10, 10 - errors * 2 - warnings * 1 - infos * 0.3));
+    return {
+        name: 'ready',
+        score: Math.round(score * 10) / 10,
+        maxScore: 10,
+        issues,
+        summary: issues.length === 0 ? 'codebase is well-structured for AI' : `${issues.length} suggestions for better AI readiness`,
+    };
+}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,99 @@
+#!/usr/bin/env node
+import { resolve } from 'node:path';
+import { readFileSync } from 'node:fs';
+import { isGitRepo, readFile } from './util.js';
+import { checkReady } from './checks/ready.js';
+import { checkDiff } from './checks/diff.js';
+import { checkModels } from './checks/models.js';
+import { checkLinks } from './checks/links.js';
+import { checkConfig } from './checks/config.js';
+import { checkHistory } from './checks/history.js';
+import { score } from './scorer.js';
+import { reportPretty, reportJSON } from './reporter.js';
+const args = process.argv.slice(2);
+const flags = new Set(args.filter(a => a.startsWith('-')));
+const positional = args.filter(a => !a.startsWith('-'));
+if (flags.has('--help') || flags.has('-h')) {
+    console.log(`
+  vet — vet your AI-generated code
+
+  usage:
+    npx @safetnsr/vet [dir]       run all checks (default: cwd)
+    npx @safetnsr/vet --ci        exit code 1 if score < threshold
+    npx @safetnsr/vet --fix       auto-repair fixable issues
+    npx @safetnsr/vet --json      output JSON
+    npx @safetnsr/vet init        generate .vetrc + agent config
+
+  options:
+    --ci          CI mode (exit 1 if below threshold)
+    --fix         auto-fix what we can
+    --json        JSON output
+    --no-color    disable colors
+    -h, --help    show this help
+    -v, --version show version
+`);
+    process.exit(0);
+}
+if (flags.has('--version') || flags.has('-v')) {
+    try {
+        const pkg = JSON.parse(readFileSync(new URL('../package.json', import.meta.url), 'utf-8'));
+        console.log(pkg.version);
+    }
+    catch {
+        console.log('0.1.0');
+    }
+    process.exit(0);
+}
+const COMMANDS = ['init'];
+const command = COMMANDS.includes(positional[0]) ? positional[0] : undefined;
+const cwd = resolve(positional.find(p => !COMMANDS.includes(p)) || '.');
+const isCI = flags.has('--ci');
+const isFix = flags.has('--fix');
+const isJSON = flags.has('--json') || (!process.stdout.isTTY && !flags.has('--pretty'));
+// Load config
+let config = {};
+const configContent = readFile(resolve(cwd, '.vetrc'));
+if (configContent) {
+    try {
+        config = JSON.parse(configContent);
+    }
+    catch { /* ignore bad config */ }
+}
+const ignore = config.ignore || [];
+if (command === 'init') {
+    const { init } = await import('./init.js');
+    await init(cwd);
+    process.exit(0);
+}
+// Run checks
+if (!isGitRepo(cwd)) {
+    console.error('not a git repository. vet operates on git repos.');
+    process.exit(1);
+}
+const allChecks = ['ready', 'diff', 'models', 'links', 'config', 'history'];
+const enabledChecks = config.checks || allChecks;
+const results = [];
+if (enabledChecks.includes('ready'))
+    results.push(checkReady(cwd, ignore));
+if (enabledChecks.includes('diff'))
+    results.push(checkDiff(cwd));
+if (enabledChecks.includes('models'))
+    results.push(checkModels(cwd, ignore));
+if (enabledChecks.includes('links'))
+    results.push(checkLinks(cwd, ignore));
+if (enabledChecks.includes('config'))
+    results.push(checkConfig(cwd, ignore));
+if (enabledChecks.includes('history'))
+    results.push(checkHistory(cwd));
+const result = score(cwd, results);
+if (isJSON) {
+    console.log(reportJSON(result));
+}
+else {
+    console.log(reportPretty(result));
+}
+// CI exit code
+if (isCI) {
+    const threshold = config.thresholds?.min ?? 6;
+    process.exit(result.score >= threshold ? 0 : 1);
+}

package/dist/init.d.ts

@@ -0,0 +1 @@
+export declare function init(cwd: string): Promise<void>;

package/dist/init.js

@@ -0,0 +1,127 @@
+import { writeFileSync, existsSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { c, readFile } from './util.js';
+export async function init(cwd) {
+    let created = 0;
+    // 1. Create .vetrc
+    const vetrcPath = join(cwd, '.vetrc');
+    if (!existsSync(vetrcPath)) {
+        writeFileSync(vetrcPath, JSON.stringify({
+            checks: ['ready', 'diff', 'models', 'links', 'config', 'history'],
+            ignore: [],
+            thresholds: { min: 6 },
+        }, null, 2) + '\n');
+        console.log(`  ${c.green}+${c.reset} .vetrc`);
+        created++;
+    }
+    // 2. Detect project type and create CLAUDE.md if missing
+    const claudeMd = join(cwd, 'CLAUDE.md');
+    if (!existsSync(claudeMd)) {
+        const projectContext = detectProject(cwd);
+        writeFileSync(claudeMd, generateClaudeMd(projectContext));
+        console.log(`  ${c.green}+${c.reset} CLAUDE.md`);
+        created++;
+    }
+    // 3. Create .cursorrules if missing
+    const cursorRules = join(cwd, '.cursorrules');
+    if (!existsSync(cursorRules)) {
+        const projectContext = detectProject(cwd);
+        writeFileSync(cursorRules, generateCursorRules(projectContext));
+        console.log(`  ${c.green}+${c.reset} .cursorrules`);
+        created++;
+    }
+    // 4. Add pre-commit hook if .git exists
+    const hooksDir = join(cwd, '.git', 'hooks');
+    const preCommit = join(hooksDir, 'pre-commit');
+    if (existsSync(join(cwd, '.git')) && !existsSync(preCommit)) {
+        mkdirSync(hooksDir, { recursive: true });
+        writeFileSync(preCommit, `#!/bin/sh
+# vet pre-commit hook — checks AI-generated code before committing
+npx @safetnsr/vet --ci --json > /dev/null 2>&1
+if [ $? -ne 0 ]; then
+  echo "vet: score below threshold. run 'npx @safetnsr/vet' to see details."
+  exit 1
+fi
+`);
+        const { chmodSync } = await import('node:fs');
+        chmodSync(preCommit, 0o755);
+        console.log(`  ${c.green}+${c.reset} .git/hooks/pre-commit`);
+        created++;
+    }
+    if (created === 0) {
+        console.log(`  ${c.dim}everything already set up${c.reset}`);
+    }
+    else {
+        console.log(`\n  ${c.green}initialized ${created} file${created > 1 ? 's' : ''}${c.reset}`);
+    }
+}
+function detectProject(cwd) {
+    const ctx = { name: 'project', language: 'unknown', hasTests: false };
+    const pkgJson = readFile(join(cwd, 'package.json'));
+    if (pkgJson) {
+        try {
+            const pkg = JSON.parse(pkgJson);
+            ctx.name = pkg.name || 'project';
+            const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+            ctx.language = deps.typescript ? 'typescript' : 'javascript';
+            if (deps.react)
+                ctx.framework = 'react';
+            if (deps.next)
+                ctx.framework = 'next.js';
+            if (deps.vue)
+                ctx.framework = 'vue';
+            if (deps.svelte)
+                ctx.framework = 'svelte';
+            if (deps.express)
+                ctx.framework = 'express';
+            if (deps.hono)
+                ctx.framework = 'hono';
+            if (deps.fastify)
+                ctx.framework = 'fastify';
+            if (pkg.scripts?.test)
+                ctx.hasTests = true;
+        }
+        catch { /* */ }
+    }
+    if (existsSync(join(cwd, 'pyproject.toml')) || existsSync(join(cwd, 'setup.py')))
+        ctx.language = 'python';
+    if (existsSync(join(cwd, 'Cargo.toml')))
+        ctx.language = 'rust';
+    if (existsSync(join(cwd, 'go.mod')))
+        ctx.language = 'go';
+    return ctx;
+}
+function generateClaudeMd(ctx) {
+    const lines = [`# ${ctx.name}\n`];
+    lines.push(`## Project`);
+    lines.push(`- Language: ${ctx.language}`);
+    if (ctx.framework)
+        lines.push(`- Framework: ${ctx.framework}`);
+    lines.push('');
+    lines.push(`## Rules`);
+    lines.push(`- Keep functions small and focused`);
+    lines.push(`- Handle errors explicitly — no empty catch blocks`);
+    lines.push(`- No hardcoded secrets or API keys`);
+    if (ctx.hasTests)
+        lines.push(`- Write tests for new functionality`);
+    if (ctx.language === 'typescript')
+        lines.push(`- Use strict TypeScript — no \`any\` types`);
+    lines.push('');
+    return lines.join('\n');
+}
+function generateCursorRules(ctx) {
+    const lines = [`# ${ctx.name}\n`];
+    if (ctx.framework)
+        lines.push(`This is a ${ctx.framework} project using ${ctx.language}.`);
+    else
+        lines.push(`This is a ${ctx.language} project.`);
+    lines.push('');
+    lines.push('## Guidelines');
+    lines.push('- Keep functions small and focused');
+    lines.push('- Handle errors explicitly');
+    lines.push('- No hardcoded secrets');
+    if (ctx.hasTests)
+        lines.push('- Maintain test coverage');
+    lines.push('');
+    return lines.join('\n');
+}

package/dist/reporter.d.ts

@@ -0,0 +1,3 @@
+import type { VetResult } from './types.js';
+export declare function reportPretty(result: VetResult): string;
+export declare function reportJSON(result: VetResult): string;

package/dist/reporter.js

@@ -0,0 +1,51 @@
+import { c } from './util.js';
+const BAR_WIDTH = 10;
+function bar(score, max) {
+    const filled = Math.round((score / max) * BAR_WIDTH);
+    const empty = BAR_WIDTH - filled;
+    const color = score >= 8 ? c.green : score >= 5 ? c.yellow : c.red;
+    return `${color}${'█'.repeat(filled)}${c.dim}${'░'.repeat(empty)}${c.reset}`;
+}
+function severityIcon(s) {
+    switch (s) {
+        case 'error': return `${c.red}✗${c.reset}`;
+        case 'warning': return `${c.yellow}!${c.reset}`;
+        case 'info': return `${c.blue}·${c.reset}`;
+    }
+}
+export function reportPretty(result) {
+    const lines = [];
+    const scoreColor = result.score >= 8 ? c.green : result.score >= 5 ? c.yellow : c.red;
+    lines.push('');
+    lines.push(`  ${c.bold}${result.project}${c.reset}  ${scoreColor}${result.score.toFixed(1)}/10${c.reset}`);
+    lines.push('');
+    for (const check of result.checks) {
+        const pad = ' '.repeat(Math.max(0, 10 - check.name.length));
+        lines.push(`  ${check.name}${pad}${bar(check.score, check.maxScore)}  ${check.score.toFixed(0).padStart(2)}    ${c.dim}${check.summary}${c.reset}`);
+    }
+    // Issues
+    const allIssues = result.checks.flatMap(ch => ch.issues);
+    const errors = allIssues.filter(i => i.severity === 'error');
+    const warnings = allIssues.filter(i => i.severity === 'warning');
+    if (errors.length > 0 || warnings.length > 0) {
+        lines.push('');
+        const issueList = [...errors, ...warnings].slice(0, 10); // top 10
+        for (const issue of issueList) {
+            const loc = issue.file ? `${c.dim}${issue.file}${issue.line ? ':' + issue.line : ''}${c.reset} ` : '';
+            lines.push(`  ${severityIcon(issue.severity)} ${loc}${issue.message}`);
+        }
+        const remaining = errors.length + warnings.length - issueList.length;
+        if (remaining > 0) {
+            lines.push(`  ${c.dim}...and ${remaining} more${c.reset}`);
+        }
+    }
+    if (result.fixableIssues > 0) {
+        lines.push('');
+        lines.push(`  ${c.cyan}run with --fix to auto-repair ${result.fixableIssues} issue${result.fixableIssues > 1 ? 's' : ''}${c.reset}`);
+    }
+    lines.push('');
+    return lines.join('\n');
+}
+export function reportJSON(result) {
+    return JSON.stringify(result, null, 2);
+}

package/dist/scorer.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult, VetResult } from './types.js';
+export declare function score(project: string, checks: CheckResult[]): VetResult;

package/dist/scorer.js

@@ -0,0 +1,15 @@
+import { basename } from 'node:path';
+export function score(project, checks) {
+    const totalScore = checks.reduce((sum, ch) => sum + ch.score, 0);
+    const maxTotal = checks.reduce((sum, ch) => sum + ch.maxScore, 0);
+    const normalized = maxTotal > 0 ? (totalScore / maxTotal) * 10 : 10;
+    const allIssues = checks.flatMap(ch => ch.issues);
+    return {
+        project: basename(project),
+        score: Math.round(normalized * 10) / 10,
+        checks,
+        totalIssues: allIssues.length,
+        fixableIssues: allIssues.filter(i => i.fixable).length,
+        timestamp: new Date().toISOString(),
+    };
+}

package/dist/types.d.ts

@@ -0,0 +1,31 @@
+export interface CheckResult {
+    name: string;
+    score: number;
+    maxScore: number;
+    issues: Issue[];
+    summary: string;
+}
+export interface Issue {
+    severity: 'error' | 'warning' | 'info';
+    message: string;
+    file?: string;
+    line?: number;
+    fixable: boolean;
+    fixHint?: string;
+}
+export interface VetResult {
+    project: string;
+    score: number;
+    checks: CheckResult[];
+    totalIssues: number;
+    fixableIssues: number;
+    timestamp: string;
+}
+export interface VetConfig {
+    checks?: string[];
+    ignore?: string[];
+    thresholds?: {
+        min?: number;
+    };
+    agents?: string[];
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/util.d.ts

@@ -0,0 +1,18 @@
+export declare const c: {
+    reset: string;
+    bold: string;
+    dim: string;
+    red: string;
+    green: string;
+    yellow: string;
+    blue: string;
+    cyan: string;
+    gray: string;
+};
+export declare function git(cmd: string, cwd: string): string;
+export declare function gitExec(args: string[], cwd: string): string;
+export declare function isGitRepo(cwd: string): boolean;
+export declare function readFile(path: string): string | null;
+export declare function fileExists(path: string): boolean;
+export declare function walkFiles(dir: string, ignore?: string[]): string[];
+export declare function matchesAny(file: string, patterns: string[]): boolean;

package/dist/util.js

@@ -0,0 +1,83 @@
+import { execSync, execFileSync } from 'node:child_process';
+import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
+import { join, relative } from 'node:path';
+// ANSI colors — zero deps
+export const c = {
+    reset: '\x1b[0m',
+    bold: '\x1b[1m',
+    dim: '\x1b[2m',
+    red: '\x1b[31m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    blue: '\x1b[34m',
+    cyan: '\x1b[36m',
+    gray: '\x1b[90m',
+};
+export function git(cmd, cwd) {
+    try {
+        return execSync(`git ${cmd}`, { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+    }
+    catch {
+        return '';
+    }
+}
+export function gitExec(args, cwd) {
+    try {
+        return execFileSync('git', args, { cwd, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+    }
+    catch {
+        return '';
+    }
+}
+export function isGitRepo(cwd) {
+    return git('rev-parse --is-inside-work-tree', cwd) === 'true';
+}
+export function readFile(path) {
+    try {
+        return readFileSync(path, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+export function fileExists(path) {
+    return existsSync(path);
+}
+export function walkFiles(dir, ignore = []) {
+    const results = [];
+    const defaultIgnore = ['node_modules', '.git', 'dist', 'build', '.next', 'coverage', 'vendor', '__pycache__', '.venv', 'venv'];
+    const allIgnore = [...defaultIgnore, ...ignore];
+    function walk(d) {
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (allIgnore.includes(entry))
+                continue;
+            const full = join(d, entry);
+            try {
+                const stat = statSync(full);
+                if (stat.isDirectory())
+                    walk(full);
+                else
+                    results.push(relative(dir, full));
+            }
+            catch { /* skip */ }
+        }
+    }
+    walk(dir);
+    return results;
+}
+export function matchesAny(file, patterns) {
+    return patterns.some(p => {
+        if (p.endsWith('/'))
+            return file.startsWith(p) || file.includes('/' + p);
+        if (p.startsWith('*.'))
+            return file.endsWith(p.slice(1));
+        return file === p || file.includes('/' + p);
+    });
+}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@safetnsr/vet",
+  "version": "0.1.0",
+  "description": "vet your AI-generated code — one command, six checks, zero config",
+  "type": "module",
+  "bin": {
+    "vet": "dist/cli.js"
+  },
+  "files": [
+    "dist/",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/cli.ts"
+  },
+  "keywords": [
+    "ai",
+    "code-quality",
+    "vibe-coding",
+    "claude-code",
+    "cursor",
+    "copilot",
+    "lint",
+    "agent",
+    "git"
+  ],
+  "author": "safetnsr",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/safetnsr/vet"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}