@vibecodeqa/cli 0.17.0 → 0.18.0

package/dist/runners/code-coherence.js

@@ -0,0 +1,39 @@
+/** Code Coherence — detects internal contradictions and inconsistencies in the codebase.
+ *
+ * Premium feature (powered by LLM). Analyzes the codebase for patterns where
+ * different parts of the code contradict each other:
+ *   - Function A validates input X, but function B that calls A re-validates X differently
+ *   - Type says field is required, but all usages treat it as optional
+ *   - Error handling is strict in module A but permissive in module B for the same operations
+ *   - Naming conventions differ across modules (camelCase vs snake_case for same concepts)
+ *   - Two implementations of the same algorithm with different behavior
+ *   - Config declares a feature flag but no code reads it
+ *   - Dead branches: conditions that can never be true given the types
+ *   - Contradictory defaults (module A defaults timeout to 5s, module B to 30s)
+ *
+ * Currently returns a "coming soon" placeholder.
+ */
+import { getProductionFiles } from "../fs-utils.js";
+export function runCodeCoherence(cwd) {
+    const start = Date.now();
+    // Gather basic stats even in placeholder mode
+    const files = getProductionFiles(cwd);
+    const totalExports = files.reduce((s, f) => s + (f.content.match(/\bexport\s+/g) || []).length, 0);
+    const totalFunctions = files.reduce((s, f) => s + (f.content.match(/\bfunction\s+\w+/g) || []).length, 0);
+    return {
+        name: "code-coherence",
+        score: 0,
+        grade: "F",
+        details: {
+            premium: true,
+            comingSoon: true,
+            reason: "LLM-powered analysis — coming soon",
+            filesAnalyzed: files.length,
+            totalExports,
+            totalFunctions,
+            description: "Detects internal contradictions: inconsistent validation, conflicting defaults, naming drift, dead config flags, and behavioral mismatches across modules.",
+        },
+        issues: [],
+        duration: Date.now() - start,
+    };
+}

package/dist/runners/complexity.js

@@ -1,6 +1,5 @@
 /** Complexity analysis — counts lines, functions, and cognitive complexity via AST-free heuristics. */
-import { readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const MAX_FUNCTION_LINES = 60;
 const MAX_COMPLEXITY = 15;
@@ -8,27 +7,15 @@ export function runComplexity(cwd) {
     const start = Date.now();
     const issues = [];
     const functions = [];
-    // Find all TS/JS source files (not tests, not node_modules)
-    const srcDirs = ["src", "web/src"];
-    const files = [];
-    for (const dir of srcDirs) {
-        try {
-            collectFiles(join(cwd, dir), files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
+    const sourceFiles = getProductionFiles(cwd);
     let totalLines = 0;
-    const totalFiles = files.length;
+    const totalFiles = sourceFiles.length;
     let longFunctions = 0;
     let complexFunctions = 0;
-    for (const file of files) {
-        const content = readFileSync(file, "utf-8");
-        const lines = content.split("\n");
-        totalLines += lines.length;
+    for (const sf of sourceFiles) {
+        totalLines += sf.lines;
         // Simple heuristic: find function boundaries and measure complexity
-        const funcs = extractFunctions(content, file.replace(`${cwd}/`, ""));
+        const funcs = extractFunctions(sf.content, sf.path);
         for (const f of funcs) {
             functions.push(f);
             if (f.lines > MAX_FUNCTION_LINES) {
@@ -68,23 +55,6 @@ export function runComplexity(cwd) {
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist" || entry === ".git")
-            continue;
-        const full = join(dir, entry);
-        const stat = statSync(full);
-        if (stat.isDirectory()) {
-            collectFiles(full, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ((ext === ".ts" || ext === ".tsx" || ext === ".js" || ext === ".jsx") && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push(full);
-            }
-        }
-    }
-}
 /** Simple heuristic function extraction — not a full AST parser but good enough for metrics. */
 function extractFunctions(content, filePath) {
     const funcs = [];
@@ -138,7 +108,7 @@ function measureComplexity(code) {
     for (const line of lines) {
         const trimmed = line.trim();
         // +1 for each branch/loop keyword
-        if (/\b(if|else if|else|switch|for|while|do|catch|&&|\|\||[?]:)\b/.test(trimmed)) {
+        if (/\b(if|else if|else|switch|for|while|do|catch)\b/.test(trimmed) || /&&|\|\|/.test(trimmed)) {
             complexity++;
         }
         // +1 for ternary

package/dist/runners/confusion.js

@@ -12,8 +12,7 @@
  *   3. Export name collisions (same name exported from multiple files)
  *   4. Ambiguous abbreviations (auth, config, ctx, etc. outside conventional scope)
  */
-import { readdirSync, readFileSync, statSync } from "node:fs";
-import { basename, extname, join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 // ── Pattern dictionaries ──
 const SYNONYM_PAIRS = [
@@ -97,16 +96,8 @@ const AMBIGUOUS_ABBREVS = {
 export function runConfusion(cwd) {
     const start = Date.now();
     const issues = [];
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), cwd, files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
+    const sourceFiles = getProductionFiles(cwd);
+    const files = sourceFiles.map((sf) => ({ path: sf.path, base: sf.base, content: sf.content, exports: extractExports(sf.content) }));
     if (files.length === 0) {
         return {
             name: "confusion",
@@ -263,22 +254,3 @@ function extractExports(content) {
     }
     return exports;
 }
-function collectFiles(dir, cwd, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist" || entry === ".git")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, cwd, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                const content = readFileSync(full, "utf-8");
-                const relPath = full.replace(`${cwd}/`, "");
-                const base = basename(entry, ext);
-                out.push({ path: relPath, base, content, exports: extractExports(content) });
-            }
-        }
-    }
-}

package/dist/runners/context.js

@@ -11,8 +11,7 @@
  *   3. File self-containment — ratio of local symbols to imported symbols
  *   4. Circular dependencies — import cycles that confuse navigation
  */
-import { readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const MAX_FILE_TOKENS = 4000; // ~400 lines; beyond this LLMs lose mid-context info
 const MAX_IMPORTS = 15; // files importing >15 modules are hard to reason about
@@ -21,16 +20,13 @@ export function runContext(cwd) {
     const start = Date.now();
     const issues = [];
     // Collect source files with imports
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), cwd, files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
+    const sourceFiles = getProductionFiles(cwd);
+    const files = sourceFiles.map((sf) => ({
+        path: sf.path,
+        content: sf.content,
+        imports: parseImports(sf.content),
+        tokens: Math.round(sf.content.length / CHARS_PER_TOKEN),
+    }));
     if (files.length === 0) {
         return {
             name: "context",
@@ -157,14 +153,8 @@ function resolveImport(fromPath, importPath) {
         parts.pop();
         resolved = [...parts, importPath.slice(3)].join("/");
     }
-    // Strip extension and try common ones
+    // Strip known extension if present, then default to .ts
     resolved = resolved.replace(/\.(js|ts|tsx|jsx)$/, "");
-    const extensions = [".ts", ".tsx", ".js", ".jsx"];
-    for (const ext of extensions) {
-        if (resolved.endsWith(ext.replace(".", "")))
-            return resolved;
-    }
-    // Return with .ts as default assumption
     return `${resolved}.ts`;
 }
 // ── Cycle detection (DFS) ──
@@ -201,24 +191,3 @@ function findCycles(graph) {
     }
     return cycles;
 }
-// ── File collection ──
-function collectFiles(dir, cwd, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist" || entry === ".git")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, cwd, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                const content = readFileSync(full, "utf-8");
-                const relPath = full.replace(`${cwd}/`, "");
-                const imports = parseImports(content);
-                const tokens = Math.round(content.length / CHARS_PER_TOKEN);
-                out.push({ path: relPath, content, imports, tokens });
-            }
-        }
-    }
-}

package/dist/runners/dependencies.js

@@ -5,6 +5,34 @@ export function runDependencies(cwd, stack) {
     const start = Date.now();
     const issues = [];
     const pm = stack.packageManager;
+    // Dart/Flutter: skip npm audit, just check pubspec for outdated
+    if (pm === "pub") {
+        const outdatedResult = run("dart pub outdated --json 2>/dev/null || true", cwd);
+        let outdatedCount = 0;
+        let majorOutdated = 0;
+        try {
+            const data = JSON.parse(outdatedResult.stdout);
+            for (const pkg of data.packages || []) {
+                if (pkg.current?.version && pkg.latest?.version && pkg.current.version !== pkg.latest.version) {
+                    outdatedCount++;
+                    if (pkg.current.version.split(".")[0] !== pkg.latest.version.split(".")[0])
+                        majorOutdated++;
+                }
+            }
+        }
+        catch { /* parse failed */ }
+        if (majorOutdated > 0)
+            issues.push({ severity: "warning", message: `${majorOutdated} packages behind by a major version` });
+        const score = Math.max(0, Math.min(100, 100 - majorOutdated));
+        return {
+            name: "dependencies",
+            score,
+            grade: gradeFromScore(score),
+            details: { vulnerabilities: { critical: 0, high: 0, moderate: 0, low: 0 }, outdated: outdatedCount, majorOutdated },
+            issues,
+            duration: Date.now() - start,
+        };
+    }
     // Vulnerability audit
     const auditCmd = pm === "pnpm" ? "pnpm audit --json" : pm === "yarn" ? "yarn audit --json" : "npm audit --json";
     const auditResult = run(`${auditCmd} 2>/dev/null || true`, cwd);

package/dist/runners/doc-coherence.d.ts

@@ -0,0 +1,14 @@
+/** Doc Coherence — detects contradictions between documentation and code.
+ *
+ * Premium feature (powered by LLM). Scans README, CLAUDE.md, JSDoc, and inline
+ * comments for claims that contradict the actual code:
+ *   - README says "supports X" but feature X was removed
+ *   - JSDoc says "@param required" but param has a default
+ *   - Comment says "never throws" but function has throw statements
+ *   - CHANGELOG references files that no longer exist
+ *   - API docs describe endpoints/functions that were renamed or deleted
+ *
+ * Currently returns a "coming soon" placeholder.
+ */
+import type { CheckResult } from "../types.js";
+export declare function runDocCoherence(cwd: string): CheckResult;

package/dist/runners/doc-coherence.js

@@ -0,0 +1,48 @@
+/** Doc Coherence — detects contradictions between documentation and code.
+ *
+ * Premium feature (powered by LLM). Scans README, CLAUDE.md, JSDoc, and inline
+ * comments for claims that contradict the actual code:
+ *   - README says "supports X" but feature X was removed
+ *   - JSDoc says "@param required" but param has a default
+ *   - Comment says "never throws" but function has throw statements
+ *   - CHANGELOG references files that no longer exist
+ *   - API docs describe endpoints/functions that were renamed or deleted
+ *
+ * Currently returns a "coming soon" placeholder.
+ */
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
+export function runDocCoherence(cwd) {
+    const start = Date.now();
+    // Detect if docs exist (useful info even in placeholder mode)
+    const docFiles = [];
+    const candidates = ["README.md", "CLAUDE.md", "ARCHITECTURE.md", "CONTRIBUTING.md", "CHANGELOG.md", "API.md", "docs/README.md"];
+    for (const f of candidates) {
+        if (existsSync(join(cwd, f)))
+            docFiles.push(f);
+    }
+    let hasJSDoc = false;
+    try {
+        const files = getProductionFiles(cwd);
+        hasJSDoc = files.some((f) => /\/\*\*/.test(f.content));
+    }
+    catch {
+        // no source files
+    }
+    return {
+        name: "doc-coherence",
+        score: 0,
+        grade: "F",
+        details: {
+            premium: true,
+            comingSoon: true,
+            reason: "LLM-powered analysis — coming soon",
+            docFiles,
+            hasJSDoc,
+            description: "Detects contradictions between documentation and code. Finds stale README claims, incorrect JSDoc, outdated API docs, and misleading comments.",
+        },
+        issues: [],
+        duration: Date.now() - start,
+    };
+}

package/dist/runners/docs.js

@@ -1,6 +1,7 @@
 /** Documentation check — README, JSDoc, code comments. */
-import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 export function runDocs(cwd) {
     const start = Date.now();
@@ -34,21 +35,11 @@ export function runDocs(cwd) {
             issues.push({ severity: "warning", message: "README has very little content", rule: "readme-sparse" });
     }
     // Check exported function documentation
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
+    const sourceFiles = getProductionFiles(cwd);
     let totalExports = 0;
     let documentedExports = 0;
-    for (const file of files) {
-        const content = readFileSync(file, "utf-8");
-        const lines = content.split("\n");
+    for (const sf of sourceFiles) {
+        const lines = sf.content.split("\n");
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i].trim();
             if (line.startsWith("export function ") ||
@@ -84,7 +75,7 @@ export function runDocs(cwd) {
         score,
         grade: gradeFromScore(score),
         details: {
-            readmeLines: existsSync(readmePath) ? readFileSync(readmePath, "utf-8").split("\n").length : 0,
+            readmeLines: existsSync(join(cwd, "README.md")) ? readFileSync(join(cwd, "README.md"), "utf-8").split("\n").length : 0,
             totalExports,
             documentedExports,
             documentedPct: totalExports > 0 ? `${Math.round((documentedExports / totalExports) * 100)}%` : "n/a",
@@ -93,19 +84,3 @@ export function runDocs(cwd) {
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ((ext === ".ts" || ext === ".tsx") && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push(full);
-            }
-        }
-    }
-}

package/dist/runners/duplication.js

@@ -1,28 +1,18 @@
 /** Code duplication detection — finds copy-pasted blocks. */
-import { readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const MIN_LINES = 6; // minimum duplicate block size
 const MIN_TOKENS = 50; // minimum token count for a duplicate
 export function runDuplication(cwd) {
     const start = Date.now();
     const issues = [];
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
-    if (files.length < 2) {
+    const sourceFiles = getProductionFiles(cwd);
+    if (sourceFiles.length < 2) {
         return {
             name: "duplication",
             score: 100,
             grade: "A",
-            details: { filesScanned: files.length, duplicates: 0 },
+            details: { filesScanned: sourceFiles.length, duplicates: 0 },
             issues: [],
             duration: Date.now() - start,
         };
@@ -31,23 +21,21 @@ export function runDuplication(cwd) {
     // Build a map of normalized line hashes → locations
     const lineMap = new Map();
     let totalSourceLines = 0;
-    for (const file of files) {
-        const content = readFileSync(file, "utf-8");
-        const relPath = file.replace(`${cwd}/`, "");
-        const lines = content.split("\n");
+    for (const sf of sourceFiles) {
+        const lines = sf.content.split("\n");
         totalSourceLines += lines.length;
         for (let i = 0; i <= lines.length - MIN_LINES; i++) {
             const block = lines
                 .slice(i, i + MIN_LINES)
                 .map((l) => l.trim())
-                .filter((l) => l.length > 0 && !l.startsWith("//") && !l.startsWith("*") && l !== "{" && l !== "}" && l !== "");
+                .filter((l) => l.length > 0 && !l.startsWith("//") && !l.startsWith("*") && !l.startsWith("import ") && !l.startsWith("export {") && l !== "{" && l !== "}" && l !== "");
             if (block.length < MIN_LINES - 2)
                 continue; // too many empty/trivial lines
             const key = block.join("\n");
             if (key.length < MIN_TOKENS)
                 continue;
             const locs = lineMap.get(key) || [];
-            locs.push({ file: relPath, line: i + 1 });
+            locs.push({ file: sf.path, line: i + 1 });
             lineMap.set(key, locs);
         }
     }
@@ -86,24 +74,8 @@ export function runDuplication(cwd) {
         name: "duplication",
         score,
         grade: gradeFromScore(score),
-        details: { filesScanned: files.length, totalSourceLines, duplicateBlocks: duplicates.length, duplicationPct: `${dupPct}%` },
+        details: { filesScanned: sourceFiles.length, totalSourceLines, duplicateBlocks: duplicates.length, duplicationPct: `${dupPct}%` },
         issues,
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist" || entry === ".git")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push(full);
-            }
-        }
-    }
-}

package/dist/runners/lint.js

@@ -49,6 +49,23 @@ export function runLint(cwd, stack) {
             /* eslint output parse failed */
         }
     }
+    else if (stack.linter === "dart_analyze") {
+        const { stdout } = run("dart analyze --format=machine 2>/dev/null || true", cwd);
+        // machine format: SEVERITY|TYPE|CODE|PATH|LINE|COL|LEN|MESSAGE
+        for (const line of stdout.split("\n")) {
+            const parts = line.split("|");
+            if (parts.length < 8)
+                continue;
+            const severity = parts[0] === "ERROR" ? "error" : parts[0] === "WARNING" ? "warning" : "info";
+            issues.push({
+                severity,
+                message: parts[7],
+                file: parts[3],
+                line: parseInt(parts[4], 10) || undefined,
+                rule: parts[2],
+            });
+        }
+    }
     else {
         return {
             name: "lint",

package/dist/runners/performance.d.ts

@@ -0,0 +1,10 @@
+/** Performance check — barrel imports, dynamic import opportunities, large bundles.
+ *
+ * Sub-checks:
+ *   1. Barrel import smell — index.ts re-exports that defeat tree-shaking
+ *   2. Heavy dependencies — bundled packages known to bloat output
+ *   3. Dynamic import opportunities — large imports that could be lazy-loaded
+ *   4. CSS-in-JS overhead — detects runtime CSS solutions vs zero-runtime alternatives
+ */
+import type { CheckResult } from "../types.js";
+export declare function runPerformance(cwd: string): CheckResult;