@stupify/cli 0.0.1 → 0.0.3

package/dist/model.js

@@ -0,0 +1,281 @@
+import { execFile, spawn } from "node:child_process";
+import { createReadStream, createWriteStream } from "node:fs";
+import { mkdir, open, readFile, rename, rm, stat, writeFile, } from "node:fs/promises";
+import { homedir, platform } from "node:os";
+import { stdin as input, stderr as statusOutput, stdout as output, } from "node:process";
+import { createInterface } from "node:readline/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+import { MODEL_REGISTRY } from "./constants.js";
+const execFileAsync = promisify(execFile);
+const LLAMA_SERVER_HOST = "127.0.0.1";
+export async function loadLocalModels(modelId) {
+    const modelPath = await firstRunModelBootstrap(modelId);
+    const scoutModel = await loadLocalModel(modelPath, modelId, "scout");
+    const auditModel = await loadLocalModel(modelPath, modelId, "audit");
+    return { scoutModel, auditModel };
+}
+export async function firstRunModelBootstrap(modelId) {
+    const selectedModel = MODEL_REGISTRY[modelId];
+    const modelDir = path.join(cacheDir(), "models");
+    const modelPath = path.join(modelDir, selectedModel.file);
+    if (await exists(modelPath))
+        return modelPath;
+    console.error(`No local Stupify model found.
+Stupify runs locally.
+Download this model now?
+Model: ${selectedModel.name}
+Size: ${selectedModel.size}`);
+    if (!(await confirm("Continue? y/N ")))
+        throw new Error("Setup cancelled.");
+    await mkdir(modelDir, { recursive: true });
+    await downloadModel(modelPath, selectedModel.url);
+    if (!(await exists(modelPath)))
+        throw new Error("Model download failed: file was not created.");
+    return modelPath;
+}
+export async function loadLocalModel(modelPath, modelId, profile = "scout") {
+    const selectedModel = MODEL_REGISTRY[modelId];
+    const runtime = modelRuntime(profile);
+    const runningModel = await runningServerModel(runtime.baseUrl);
+    if (runningModel) {
+        if (runningModel !== modelId)
+            await stopManagedServer(runtime);
+        if (runningModel === modelId) {
+            console.error(`Using already-loaded local ${profile} model: ${selectedModel.name}`);
+            return {
+                id: modelId,
+                name: selectedModel.name,
+                baseUrl: runtime.baseUrl,
+                profile,
+            };
+        }
+    }
+    await ensureLlamaServerBinary();
+    await startLlamaServer(modelPath, modelId, selectedModel.name, runtime);
+    await waitForServer(runtime.baseUrl, modelId);
+    return {
+        id: modelId,
+        name: selectedModel.name,
+        baseUrl: runtime.baseUrl,
+        profile,
+    };
+}
+function modelRuntime(profile) {
+    if (profile === "audit") {
+        const baseUrl = process.env.STUPIFY_AUDIT_LLAMA_SERVER_URL ?? "http://127.0.0.1:8092";
+        return {
+            profile,
+            baseUrl,
+            port: new URL(baseUrl).port || "8092",
+            reasoning: "on",
+            reasoningBudget: 4_096,
+        };
+    }
+    const baseUrl = process.env.STUPIFY_SCOUT_LLAMA_SERVER_URL ??
+        process.env.STUPIFY_LLAMA_SERVER_URL ??
+        "http://127.0.0.1:8091";
+    return {
+        profile,
+        baseUrl,
+        port: new URL(baseUrl).port || "8091",
+        reasoning: "off",
+    };
+}
+async function runningServerModel(baseUrl) {
+    try {
+        const response = await fetch(`${baseUrl}/v1/models`, {
+            signal: AbortSignal.timeout(500),
+        });
+        if (!response.ok)
+            return null;
+        const body = (await response.json());
+        const id = body.data?.[0]?.id;
+        return typeof id === "string" ? id : null;
+    }
+    catch {
+        return null;
+    }
+}
+async function ensureLlamaServerBinary() {
+    try {
+        await execFileAsync("llama-server", ["--version"], {
+            maxBuffer: 1024 * 1024,
+        });
+    }
+    catch {
+        throw new Error(`Stupify needs llama-server for local inference.
+Install llama.cpp first:
+  brew install llama.cpp`);
+    }
+}
+async function startLlamaServer(modelPath, modelId, modelName, runtime) {
+    const logDir = path.join(cacheDir(), "logs");
+    await mkdir(logDir, { recursive: true });
+    const logPath = path.join(logDir, "llama-server.log");
+    const out = await open(logPath, "a");
+    const err = await open(logPath, "a");
+    console.error(`Starting local ${runtime.profile} model server: ${modelName}`);
+    console.error(`llama-server log: ${logPath}`);
+    const args = [
+        "-m",
+        modelPath,
+        "-a",
+        modelId,
+        "--host",
+        LLAMA_SERVER_HOST,
+        "--port",
+        runtime.port,
+        "-c",
+        "65536",
+        "--reasoning",
+        runtime.reasoning,
+        "--no-warmup",
+    ];
+    if (runtime.reasoningBudget !== undefined) {
+        args.push("--reasoning-budget", String(runtime.reasoningBudget));
+    }
+    const child = spawn("llama-server", args, {
+        detached: true,
+        stdio: ["ignore", out.fd, err.fd],
+    });
+    child.unref();
+    if (child.pid)
+        await writeFile(pidPath(runtime), String(child.pid));
+    await out.close();
+    await err.close();
+}
+async function stopManagedServer(runtime) {
+    const pid = await managedServerPid(runtime);
+    if (!pid) {
+        const runningModel = await runningServerModel(runtime.baseUrl);
+        throw new Error(`A llama-server is already running with ${runningModel ?? "another model"}.
+Stop it before switching models, or use STUPIFY_LLAMA_SERVER_URL for that server.`);
+    }
+    console.error(`Restarting local ${runtime.profile} model server for selected model.`);
+    try {
+        process.kill(pid, "SIGTERM");
+    }
+    catch {
+        await rm(pidPath(runtime), { force: true });
+        return;
+    }
+    const deadline = Date.now() + 15_000;
+    while (Date.now() < deadline) {
+        if (!(await runningServerModel(runtime.baseUrl))) {
+            await rm(pidPath(runtime), { force: true });
+            return;
+        }
+        await sleep(250);
+    }
+    throw new Error("Timed out while stopping existing llama-server.");
+}
+async function managedServerPid(runtime) {
+    try {
+        const value = Number((await readFile(pidPath(runtime), "utf8")).trim());
+        return Number.isInteger(value) && value > 0 ? value : null;
+    }
+    catch {
+        return null;
+    }
+}
+function pidPath(runtime) {
+    const filename = runtime.profile === "scout"
+        ? "llama-server.pid"
+        : `llama-server-${runtime.profile}.pid`;
+    return path.join(cacheDir(), filename);
+}
+async function waitForServer(baseUrl, modelId) {
+    const deadline = Date.now() + 120_000;
+    while (Date.now() < deadline) {
+        const runningModel = await runningServerModel(baseUrl);
+        if (runningModel === modelId)
+            return;
+        await sleep(500);
+    }
+    throw new Error(`llama-server did not become ready for ${modelId}.`);
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function downloadModel(modelPath, modelUrl) {
+    const tempPath = `${modelPath}.download`;
+    await rm(tempPath, { force: true });
+    console.error("Downloading model...");
+    try {
+        const response = await fetch(modelUrl);
+        if (!response.ok || !response.body)
+            throw new Error(`Model download failed: HTTP ${response.status}`);
+        const total = Number(response.headers.get("content-length") ?? 0);
+        let received = 0;
+        let lastPrint = 0;
+        const reader = response.body.getReader();
+        const file = await open(tempPath, "wx");
+        try {
+            while (true) {
+                const { done, value } = await reader.read();
+                if (done)
+                    break;
+                received += value.byteLength;
+                await file.write(value);
+                const now = Date.now();
+                if (total > 0 && now - lastPrint > 500) {
+                    lastPrint = now;
+                    statusOutput.write(`\r${formatBytes(received)} / ${formatBytes(total)}`);
+                }
+            }
+        }
+        finally {
+            await file.close();
+        }
+        if (total > 0)
+            statusOutput.write(`\r${formatBytes(received)} / ${formatBytes(total)}\n`);
+        await rename(tempPath, modelPath);
+    }
+    catch (error) {
+        await rm(tempPath, { force: true });
+        throw error;
+    }
+}
+async function confirm(question) {
+    const rl = createInterface(terminalIo());
+    try {
+        const answer = (await rl.question(question)).trim().toLowerCase();
+        return answer === "y" || answer === "yes";
+    }
+    finally {
+        rl.close();
+    }
+}
+function terminalIo() {
+    if (input.isTTY)
+        return { input, output };
+    if (platform() !== "win32")
+        return {
+            input: createReadStream("/dev/tty"),
+            output: createWriteStream("/dev/tty"),
+        };
+    throw new Error("No local Stupify model found. Run `stupify` once in an interactive terminal to set up the model.");
+}
+function cacheDir() {
+    if (process.env.STUPIFY_CACHE_DIR)
+        return process.env.STUPIFY_CACHE_DIR;
+    if (process.env.XDG_CACHE_HOME)
+        return path.join(process.env.XDG_CACHE_HOME, "stupify");
+    if (platform() === "darwin")
+        return path.join(homedir(), "Library", "Caches", "stupify");
+    if (platform() === "win32" && process.env.LOCALAPPDATA)
+        return path.join(process.env.LOCALAPPDATA, "stupify", "Cache");
+    return path.join(homedir(), ".cache", "stupify");
+}
+async function exists(filePath) {
+    try {
+        return (await stat(filePath)).isFile();
+    }
+    catch {
+        return false;
+    }
+}
+function formatBytes(bytes) {
+    return `${(bytes / 1024 / 1024).toFixed(1)} MB`;
+}

package/dist/prompts.d.ts

@@ -0,0 +1,5 @@
+import type { AuditPromptName, CandidateContext, DiffBatch, SemChangeSet, SemContext, SemContextPack, StupifyCheck } from "./types.ts";
+export declare function scoutPrompt(batch: DiffBatch, checks: readonly StupifyCheck[], sourceLabel: string): string;
+export declare function auditPrompt(contexts: readonly CandidateContext[], checks: readonly StupifyCheck[], sourceLabel: string): string;
+export declare function semScoutPrompt(changeSet: SemChangeSet, checks: readonly StupifyCheck[], maxCandidates: number): string;
+export declare function findingsAuditPrompt(contexts: readonly SemContext[], pack: SemContextPack, checks: readonly StupifyCheck[], sourceLabel: string, promptName: AuditPromptName): string;

package/dist/prompts.js

@@ -0,0 +1,197 @@
+export function scoutPrompt(batch, checks, sourceLabel) {
+    return `Pick diff hunks that match enabled checks.
+Return JSON only:
+{ "candidates": ["exact POINTER"] }
+
+Rules:
+- Use POINTER values exactly as shown.
+- Return at most 3 candidates.
+- Return { "candidates": [] } if clean.
+- Pick definitions over usage sites.
+
+${formatCompactChecks(checks)}
+
+SOURCE:
+${sourceLabel}
+
+DIFF BATCH ${batch.id}:
+${batch.text}`;
+}
+export function auditPrompt(contexts, checks, sourceLabel) {
+    return `Audit candidate diff regions against enabled checks.
+Return JSON only:
+{
+  "findings": [{ "checkId": "check_id", "why": "one sentence", "proof": "exact POINTER" }],
+  "summary": "one short sentence"
+}
+
+Rules:
+- Use only checks listed below.
+- checkId must be a check ID, never a POINTER.
+- proof must be one exact POINTER from candidate regions.
+- why describes the suspicious structure, not an identifier.
+- Do not describe an issue in summary unless it is also in findings.
+- If no findings, return { "findings": [], "summary": "No clear judgment-offload signal found." }.
+
+Allowed proof pointers:
+${contexts.map((context) => `- ${context.pointer}`).join("\n")}
+
+${formatFullChecks(checks)}
+
+SOURCE:
+${sourceLabel}
+
+CANDIDATE REGIONS:
+${contexts.map(formatContext).join("\n\n")}`;
+}
+export function semScoutPrompt(changeSet, checks, maxCandidates) {
+    return `Pick changed entity/check targets worth auditing.
+Return JSON only:
+{ "targets": [{ "entityId": "exact entityId", "checkId": "check_id", "reason": "short scout reason" }] }
+
+Rules:
+- Use entityId values exactly as shown.
+- Each target has exactly one checkId.
+- Return at most ${maxCandidates} targets.
+- Return { "targets": [] } if clean.
+- Pick definitions over usage sites.
+- Prefer high recall, but do not attach unrelated checks.
+
+${formatCompactChecks(checks)}
+
+SOURCE:
+${changeSet.label}
+
+SEM CHANGE SUMMARY:
+${JSON.stringify(changeSet.summary, null, 2)}
+
+SEM ENTITY CHANGES:
+${changeSet.changes.map(formatSemChange).join("\n\n")}`;
+}
+export function findingsAuditPrompt(contexts, pack, checks, sourceLabel, promptName) {
+    const task = promptName === "high_bar"
+        ? `You are Stupify's audit model.
+You are reviewing candidate/check targets for signs that AI-assisted coding may have replaced engineering judgment.
+Only emit a finding if it is clearly useful to a developer.
+A useful finding must:
+- match the target's check exactly
+- point to a concrete change pattern
+- explain why the change may reflect judgment-offload
+- avoid generic code-review commentary
+If the target is normal engineering work, omit it.
+If the target is merely plausible but not strong, omit it.
+If the target does not exactly match its assigned check, omit it.`
+        : `You are Stupify's auditor.
+Audit only the listed target/check pairs.
+Emit only exceptions.`;
+    const highBarRules = promptName === "high_bar"
+        ? `- Prefer clean over weak.
+- Prefer no finding over generic finding.
+- Do not emit style feedback unless the assigned check is truly about style.
+- Do not turn functional refactors into style mismatch findings.`
+        : "";
+    return `${task}
+Return JSON only:
+{
+  "findings": [
+    {
+      "targetId": "t001",
+      "why": "one sentence",
+      "proof": "short pointer"
+    }
+  ],
+  "uncertain": [
+    {
+      "targetId": "t002",
+      "why": "one sentence"
+    }
+  ]
+}
+
+Rules:
+- Inspect every target.
+- Each target has exactly one check.
+- Emit a finding only when the target clearly matches its check.
+- Emit uncertain only when the target may match, but evidence is insufficient.
+- If a target is clean, emit nothing for it.
+- Omitted target means clean.
+- Do not output clean reviews.
+- Do not explain clean targets.
+- Do not write "no evidence" as a finding.
+- Do not put negative statements in findings.
+- Prefer omission over weak findings.
+- Use only provided targetIds.
+- Do not search for other checks.
+- Do not quote source code.
+- Use packed file context only as supporting evidence for these candidate entities.
+${highBarRules}
+
+Targets:
+${contexts.map((context) => formatAuditTarget(context, checks)).join("\n\n")}
+
+SOURCE:
+${sourceLabel}
+
+CANDIDATE ENTITY DELTAS:
+${contexts.map(formatSemContext).join("\n\n")}
+
+PACKED FILE CONTEXT (${pack.provider}, ${pack.filePaths.length} files, ${pack.totalTokens} tokens):
+${pack.text || "(none)"}`;
+}
+function formatCompactChecks(checks) {
+    return `Checks:
+${checks.map((check) => `- ${check.id}: ${check.lookFor.join("; ")}`).join("\n")}`;
+}
+function formatFullChecks(checks) {
+    return checks.map(formatCheck).join("\n\n");
+}
+function formatCheck(check) {
+    return `# ${check.name}
+ID: ${check.id}
+Q: ${check.question}
+Look for:
+${check.lookFor.map((signal) => `- ${signal}`).join("\n")}
+Ignore when:
+${check.ignoreWhen.map((signal) => `- ${signal}`).join("\n")}
+Match examples:
+${(check.examples?.match ?? []).map((example) => `- ${example}`).join("\n")}
+No-match examples:
+${(check.examples?.noMatch ?? []).map((example) => `- ${example}`).join("\n")}`;
+}
+function formatContext(context) {
+    return `POINTER ${context.pointer}
+${context.text}`;
+}
+function formatSemChange(change) {
+    return `ENTITY ${change.entityId}
+TYPE ${change.entityType}
+CHANGE ${change.changeType}
+PATH ${change.filePath}`;
+}
+function formatSemContext(context) {
+    return `TARGET ${context.targetId}
+ENTITY ${context.entityId}
+NAME ${context.entityName}
+KIND ${context.entityKind}
+CHANGE ${context.changeKind}
+CHECK ${context.checkId}
+SCOUT_REASON ${context.reason}
+CONTEXT:
+${context.text}`;
+}
+function formatAuditTarget(context, checks) {
+    const check = checks.find((item) => item.id === context.checkId);
+    return `- targetId=${context.targetId} checkId=${context.checkId} entityId=${context.entityId}
+scoutReason=${context.reason}
+${check ? formatCheck(check) : ""}`;
+}
+function shortenCode(value) {
+    if (!value)
+        return "(none)";
+    const lines = value.split(/\r?\n/);
+    const limit = 80;
+    if (lines.length <= limit)
+        return value;
+    return `${lines.slice(0, limit).join("\n")}
+[stupify: sem entity content shortened after ${limit} lines]`;
+}

package/dist/render.d.ts

@@ -0,0 +1,3 @@
+import type { AnalysisReport, AnalyzeCommand } from "./types.ts";
+export declare function renderReport(report: AnalysisReport, command: AnalyzeCommand): string;
+export declare function helpText(): string;

package/dist/render.js

@@ -0,0 +1,101 @@
+import { VERSION } from "./constants.js";
+export function renderReport(report, command) {
+    if (command.json) {
+        return JSON.stringify({
+            schemaVersion: "0.4",
+            model: { id: report.run.modelId },
+            checks: report.run.checkIds,
+            run: report.run,
+            findings: report.result.findings,
+            summary: report.result.summary,
+        }, null, 2);
+    }
+    if (report.run.engine === "sem") {
+        return `Search:
+  ${report.run.entitiesScanned} entities scanned
+  ${report.run.candidateCount} candidate entities found
+Audit:
+  ${report.run.auditedCandidateCount} candidates inspected
+  ${report.result.findings.length} findings
+${renderAuditStats(report)}
+${renderWarnings(report)}
+Findings:
+${renderFindings(report)}
+Timing:
+  total_ms=${report.run.timingsMs.total} entity_diff_ms=${report.run.timingsMs.diff} model_ms=${report.run.timingsMs.modelLoad} scout_ms=${report.run.timingsMs.search} context_audit_ms=${report.run.timingsMs.audit}`;
+    }
+    return `Search:
+  ${report.run.batchesScanned} batches scanned
+  ${report.run.candidateCount} candidate regions found
+Audit:
+  ${report.run.auditedCandidateCount} candidates inspected
+  ${report.result.findings.length} findings
+${renderWarnings(report)}
+Findings:
+${renderFindings(report)}
+Timing:
+  total_ms=${report.run.timingsMs.total} diff_ms=${report.run.timingsMs.diff} model_ms=${report.run.timingsMs.modelLoad} search_ms=${report.run.timingsMs.search} audit_ms=${report.run.timingsMs.audit}`;
+}
+export function helpText() {
+    return `Stupify ${VERSION}
+
+Usage:
+  stupify
+  stupify --since "2 weeks ago"
+  stupify --commit <commit>
+  stupify --commits <count>
+  stupify experiment <config.json>
+  git diff HEAD~1..HEAD | stupify --stdin
+
+Options:
+  --since <date>        Analyze the net diff from the first commit before this git date to HEAD.
+  --commit <commit>     Analyze one commit as a net diff.
+  --commits <count>     Analyze the net diff across the last N non-merge commits.
+  --stdin               Read a git diff from stdin.
+  --engine <engine>     raw-diff or sem. Default: raw-diff.
+  --scout <mode>        llm or counter for --engine sem. Default: counter.
+  --audit-context <mode>
+                         none or repomix for --engine sem. Default: repomix.
+  --audit-prompt <name> strict or high_bar for --engine sem. Default: high_bar.
+  --debug-sem           Print sem commands and stderr.
+  --debug-targets       Include audited sem target details in JSON output.
+  --max-candidates <n>  Max semantic candidates for --engine sem. Default: 10.
+  --audit-batch-size <n>
+                         Semantic candidates per audit model call. Default: 25.
+  --max-audit-input-tokens <n>
+                         Max findings-audit input tokens before splitting. Default: 20000.
+  --audit-concurrency <n>
+                         Parallel findings-audit model calls. Default: 2.
+  --checks <ids>        Comma-separated check ids.
+  --model <id>          gemma-4-e2b, gemma-4-e4b, gemma-4-26b-a4b, qwen3-4b-magicquant, qwen2.5-coder-1.5b, qwen2.5-coder-7b, or qwen2.5-coder-32b.
+  --json                Print JSON only.
+
+Default:
+  stupify is equivalent to stupify --since "2 weeks ago".
+
+Not included:
+  Baselines, sharing, hosted server calls, Ollama, GitHub, dashboards, or repo-wide scanning.
+`;
+}
+function renderFindings(report) {
+    if (report.result.findings.length === 0)
+        return "  None.";
+    return report.result.findings
+        .map((finding) => `- ${finding.checkId}
+  ${finding.why}
+  Proof: ${finding.proof}`)
+        .join("\n");
+}
+function renderWarnings(report) {
+    if (report.run.warnings.length === 0)
+        return "";
+    return `Warnings:
+${report.run.warnings.map((warning) => `  ${warning}`).join("\n")}
+`;
+}
+function renderAuditStats(report) {
+    const stats = report.run.auditStats;
+    if (!stats)
+        return "";
+    return `  ${stats.totalTargets} targets reviewed: ${stats.finding} finding, ${stats.uncertain} uncertain, ${stats.clean} clean, ${stats.invalid} invalid`;
+}

package/dist/repomix-provider.d.ts

@@ -0,0 +1,4 @@
+import type { SemCandidate, SemChange, SemContext, SemContextPack } from "./types.ts";
+export declare function emptyContextPack(): SemContextPack;
+export declare function repomixContextPack(cwd: string, contexts: readonly SemContext[], changes: readonly SemChange[]): Promise<SemContextPack>;
+export declare function entityContextsFromChanges(candidates: readonly SemCandidate[], changes: readonly SemChange[]): readonly SemContext[];