@vibedrift/cli 0.3.1 → 0.4.0

package/LICENSE

@@ -110,4 +110,4 @@ AGREE, DO NOT INSTALL OR USE THE SOFTWARE.
 10. CONTACT
 
     For commercial licensing, partnerships, or other inquiries:
-    sami@vibedrift.ai
+    sami.ahmadkhan12@gmail.com

package/README.md

@@ -149,11 +149,11 @@ In short:
 - No use to build competing products
 - All rights reserved
 
-For commercial licensing, partnerships, or enterprise terms: **sami@vibedrift.ai**
+For commercial licensing, partnerships, or enterprise terms: **sami.ahmadkhan12@gmail.com**
 
 ---
 
 ## Links
 
 - **Website:** https://vibedrift.ai
-- **Issues / Support:** sami@vibedrift.ai
+- **Issues / Support:** sami.ahmadkhan12@gmail.com

package/dist/index.js

@@ -195,6 +195,7 @@ var init_version = __esm({
 });
 
 // src/codedna/semantic-fingerprint.ts
+import { createHash as createHash2 } from "crypto";
 function normalizeBody(body, language) {
   let normalized = body;
   normalized = normalized.replace(/\/\/.*$/gm, "");
@@ -262,7 +263,11 @@ function computeSemanticFingerprints(functions) {
     normalizedHash: fnv1aHash(normalizeBody(fn.rawBody, fn.language))
   }));
 }
-function findDuplicateGroups(fingerprints) {
+function findDuplicateGroups(fingerprints, functions) {
+  const fnLookup = /* @__PURE__ */ new Map();
+  for (const fn of functions) {
+    fnLookup.set(`${fn.name}:${fn.file}`, fn);
+  }
   const byHash = /* @__PURE__ */ new Map();
   for (const fp of fingerprints) {
     if (!byHash.has(fp.normalizedHash)) byHash.set(fp.normalizedHash, []);
@@ -272,13 +277,25 @@ function findDuplicateGroups(fingerprints) {
   let groupCounter = 0;
   for (const [hash, fps] of byHash) {
     if (fps.length < 2) continue;
-    const uniqueFiles = new Set(fps.map((fp) => fp.functionRef.file));
-    if (uniqueFiles.size < 2) continue;
-    groups.push({
-      groupId: `fingerprint-${groupCounter++}`,
-      hash,
-      functions: fps.map((fp) => fp.functionRef)
-    });
+    const bySha = /* @__PURE__ */ new Map();
+    for (const fp of fps) {
+      const key = `${fp.functionRef.name}:${fp.functionRef.file}`;
+      const fn = fnLookup.get(key);
+      if (!fn) continue;
+      const sha = createHash2("sha256").update(normalizeBody(fn.rawBody, fn.language)).digest("hex");
+      if (!bySha.has(sha)) bySha.set(sha, []);
+      bySha.get(sha).push(fp);
+    }
+    for (const [, shaGroup] of bySha) {
+      if (shaGroup.length < 2) continue;
+      const uniqueFiles = new Set(shaGroup.map((fp) => fp.functionRef.file));
+      if (uniqueFiles.size < 2) continue;
+      groups.push({
+        groupId: `fingerprint-${groupCounter++}`,
+        hash,
+        functions: shaGroup.map((fp) => fp.functionRef)
+      });
+    }
   }
   return groups;
 }
@@ -923,7 +940,7 @@ function runCodeDnaAnalysis(ctx) {
   timings.extractionMs = Date.now() - t;
   t = Date.now();
   const fingerprints = computeSemanticFingerprints(functions);
-  const duplicateGroups = findDuplicateGroups(fingerprints);
+  const duplicateGroups = findDuplicateGroups(fingerprints, functions);
   timings.fingerprintMs = Date.now() - t;
   t = Date.now();
   const sequences = extractOperationSequences(functions);
@@ -1206,9 +1223,9 @@ __export(project_name_exports, {
 });
 import { basename, join as join6 } from "path";
 import { readFile as readFile5 } from "fs/promises";
-import { createHash as createHash2 } from "crypto";
+import { createHash as createHash3 } from "crypto";
 async function detectProjectIdentity(rootDir, override) {
-  const hash = createHash2("sha256").update(rootDir).digest("hex");
+  const hash = createHash3("sha256").update(rootDir).digest("hex");
   if (override && override.trim()) {
     return { name: override.trim(), hash };
   }
@@ -2682,7 +2699,7 @@ var namingAnalyzer = {
 init_esm_shims();
 var ESM_PATTERN = /\b(?:import\s+|export\s+(?:default\s+)?(?:function|class|const|let|var|{))/;
 var CJS_PATTERN = /\b(?:require\s*\(|module\.exports|exports\.)/;
-var CONFIG_FILE_PATTERN = /(?:\.config\.|\.setup\.|\.rc\.|jest\.|babel\.|webpack\.|rollup\.|vite\.)/;
+var CONFIG_FILE_PATTERN = /(?:\.config\.|\.setup\.|\.rc\.|jest\.|babel\.|webpack\.|rollup\.|vite\.|next\.config|tailwind\.config|postcss\.config|tsconfig|eslint\.config|prettier\.config|svelte\.config|nuxt\.config|astro\.config|vitest\.config|tsup\.config|esbuild\.config|turbo\.json|\.cjs$|\.mjs$)/;
 var importsAnalyzer = {
   id: "imports",
   name: "Import Patterns",
@@ -2743,8 +2760,6 @@ function densityPer1K(count, totalLines) {
 
 // src/analyzers/error-handling.ts
 var EMPTY_CATCH_PATTERN = /catch\s*\([^)]*\)\s*\{\s*\}/g;
-var TRY_CATCH_PATTERN = /\btry\s*\{/g;
-var ASYNC_PATTERN = /\basync\s+(?:function|\(|[a-zA-Z])/g;
 var errorHandlingAnalyzer = {
   id: "error-handling",
   name: "Error Handling",
@@ -2781,22 +2796,43 @@ var errorHandlingAnalyzer = {
         tags: ["error-handling", "empty-catch"]
       });
     }
-    const dirStats = /* @__PURE__ */ new Map();
+    const ASYNC_FN_PATTERN = /async\s+(?:function\s+\w+|\(\w*\)|\w+)\s*\([^)]*\)\s*(?::\s*[^{]*)?\s*\{/g;
+    const ERROR_HANDLING_PATTERNS = [
+      /\btry\s*\{/,
+      /\.catch\s*\(/,
+      /\bcatch\s*\(/,
+      /\b(?:Result|Either)\s*[<(]/
+    ];
+    const dirUnhandled = /* @__PURE__ */ new Map();
     for (const file of jsFiles) {
       const dir = file.relativePath.includes("/") ? file.relativePath.slice(0, file.relativePath.lastIndexOf("/")) : ".";
-      if (!dirStats.has(dir)) dirStats.set(dir, { tryCatch: 0, asyncFns: 0 });
-      const stats = dirStats.get(dir);
-      stats.tryCatch += (file.content.match(TRY_CATCH_PATTERN) ?? []).length;
-      stats.asyncFns += (file.content.match(ASYNC_PATTERN) ?? []).length;
-    }
-    for (const [dir, stats] of dirStats) {
-      const unhandled = stats.asyncFns - stats.tryCatch;
-      if (unhandled > 3) {
+      const asyncRegex = new RegExp(ASYNC_FN_PATTERN.source, "g");
+      let fnMatch;
+      while ((fnMatch = asyncRegex.exec(file.content)) !== null) {
+        const openBrace = file.content.indexOf("{", fnMatch.index + fnMatch[0].length - 1);
+        if (openBrace === -1) continue;
+        let depth = 1;
+        let pos = openBrace + 1;
+        while (pos < file.content.length && depth > 0) {
+          if (file.content[pos] === "{") depth++;
+          else if (file.content[pos] === "}") depth--;
+          pos++;
+        }
+        const body = file.content.slice(openBrace + 1, pos - 1);
+        if (!/\bawait\b/.test(body)) continue;
+        const hasHandling = ERROR_HANDLING_PATTERNS.some((p) => p.test(body));
+        if (!hasHandling) {
+          dirUnhandled.set(dir, (dirUnhandled.get(dir) ?? 0) + 1);
+        }
+      }
+    }
+    for (const [dir, count] of dirUnhandled) {
+      if (count > 3) {
         findings.push({
           analyzerId: "error-handling",
           severity: "info",
           confidence: 0.6,
-          message: `${unhandled} async functions without try/catch in ${dir}/`,
+          message: `${count} async functions without error handling in ${dir}/`,
           locations: [{ file: dir }],
           tags: ["error-handling", "unhandled-async"]
         });
@@ -3418,6 +3454,16 @@ var duplicatesAnalyzer = {
         }
       }
     }
+    if (allSequences.length > 200) {
+      findings.push({
+        analyzerId: "duplicates",
+        severity: "info",
+        confidence: 0.3,
+        message: `Cross-function duplicate detection limited to hash-based matching (${allSequences.length} functions exceeds the 200-function threshold for full comparison). Use --include to narrow scope for deeper analysis.`,
+        locations: [],
+        tags: ["duplicates", "scalability"]
+      });
+    }
     if (allSequences.length <= 200) {
       for (let i = 0; i < allSequences.length; i++) {
         for (let j = i + 1; j < allSequences.length; j++) {
@@ -3768,7 +3814,9 @@ var SECURITY_PATTERNS = [
     message: "Math.random() is not cryptographically secure \u2014 use crypto.randomUUID()",
     languages: ["javascript", "typescript"],
     tags: ["security", "crypto"],
-    negativeFilter: /(?:test|mock|seed|shuffle|animation|color|position|offset|delay|jitter)/i
+    negativeFilter: /(?:test|mock|seed|shuffle|animation|color|position|offset|delay|jitter)/i,
+    // Only flag near security-relevant code — UI shuffles/animations are not a risk
+    contextRequired: /(?:token|secret|password|key|nonce|salt|hash|crypto|auth|session|jwt|api.?key|credential)/i
   },
   // === Path Traversal ===
   {
@@ -3860,6 +3908,14 @@ var securityAnalyzer = {
             const line = file.content.slice(lineStart2, lineEnd2 === -1 ? void 0 : lineEnd2);
             if (pattern.negativeFilter.test(line)) continue;
           }
+          if (pattern.contextRequired) {
+            const lines = file.content.split("\n");
+            const matchLine = file.content.slice(0, match.index).split("\n").length - 1;
+            const start = Math.max(0, matchLine - 5);
+            const end = Math.min(lines.length, matchLine + 6);
+            const context = lines.slice(start, end).join("\n");
+            if (!pattern.contextRequired.test(context)) continue;
+          }
           const lineNum = getLineNumber(file.content, match.index);
           const lineStart = file.content.lastIndexOf("\n", match.index) + 1;
           const lineEnd = file.content.indexOf("\n", match.index);
@@ -3974,7 +4030,11 @@ function computeComplexityAST(node, language) {
   walk(node);
   return complexity;
 }
+function stripComments(code) {
+  return code.replace(/\/\*[\s\S]*?\*\//g, "").replace(/\/\/.*$/gm, "").replace(/#.*$/gm, "");
+}
 function computeComplexityRegex(content) {
+  const stripped = stripComments(content);
   let complexity = 1;
   const patterns = [
     /\bif\s*\(/g,
@@ -3997,7 +4057,7 @@ function computeComplexityRegex(content) {
   ];
   for (const p of patterns) {
     const regex = new RegExp(p.source, p.flags);
-    const matches = content.match(regex);
+    const matches = stripped.match(regex);
     if (matches) complexity += matches.length;
   }
   return complexity;
@@ -5397,7 +5457,7 @@ function analyzeSecurityProperty(routes, propertyName, getter, excludePaths) {
   const withProperty = applicableRoutes.filter(getter);
   const withoutProperty = applicableRoutes.filter((r) => !getter(r));
   const ratio = withProperty.length / applicableRoutes.length;
-  if (ratio <= 0.6 || withoutProperty.length === 0) return null;
+  if (ratio <= 0.75 || withoutProperty.length === 0) return null;
   return {
     detector: "security_posture",
     subCategory: propertyName,
@@ -6118,10 +6178,10 @@ function computeCategoryScore(findings, maxScore, totalLines, applicable, correl
     }
     rawWeight += base * confidence * fileWeight * corrWeight;
   }
-  const sizeFactor = totalLines > 100 ? Math.sqrt(totalLines / 1e3) : 1;
+  const sizeFactor = totalLines > 500 ? Math.sqrt(totalLines / 1e3) : 1;
   const clampedSizeFactor = Math.max(0.5, Math.min(3, sizeFactor));
   const adjustedWeight = rawWeight / clampedSizeFactor;
-  const k = Math.LN2 / 10;
+  const k = Math.LN2 / 15;
   const factor = Math.exp(-k * adjustedWeight);
   const score = Math.round(maxScore * factor * 10) / 10;
   return {
@@ -6172,7 +6232,7 @@ function computeScores(findings, totalLines, ctx, previousScores) {
   }
   const DRAG_CATEGORIES = ["architecturalConsistency", "redundancy"];
   const DRAG_THRESHOLD = 0.5;
-  const DRAG_MAX_PENALTY = 0.15;
+  const DRAG_MAX_PENALTY = 0.1;
   for (const cat of DRAG_CATEGORIES) {
     const s = scores[cat];
     if (!s.applicable || s.maxScore === 0) continue;
@@ -7972,6 +8032,21 @@ async function fetchUsage(token, opts) {
     headers: { Authorization: `Bearer ${token}` }
   });
 }
+async function sendFeedback(args) {
+  const base = await resolveApiUrl(args.apiUrl);
+  const headers = {};
+  if (args.token) headers.Authorization = `Bearer ${args.token}`;
+  return jsonFetch(`${base}/v1/feedback/general`, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({
+      source: args.source,
+      message: args.message,
+      email: args.email,
+      metadata: args.metadata
+    })
+  });
+}
 async function fetchCredits(token, opts) {
   const base = await resolveApiUrl(opts?.apiUrl);
   return jsonFetch(`${base}/account/credits`, {
@@ -8960,6 +9035,145 @@ function describeSource2(source) {
   }
 }
 
+// src/cli/commands/feedback.ts
+init_esm_shims();
+import os from "os";
+import readline from "readline";
+import chalk11 from "chalk";
+init_version();
+var MAX_MESSAGE_BYTES = 4096;
+async function runFeedback(opts = {}) {
+  console.log("");
+  console.log(chalk11.bold("  VibeDrift feedback"));
+  console.log(
+    chalk11.dim("  Tell us what's broken, what's confusing, or what you wish existed.")
+  );
+  console.log(
+    chalk11.dim("  Goes straight to the maintainer \u2014 anonymous unless you're logged in.")
+  );
+  console.log("");
+  let message = (opts.message ?? "").trim();
+  if (!message) {
+    message = await promptForMultilineMessage();
+  }
+  if (!message) {
+    console.error(chalk11.red("  \u2717 No feedback provided. Aborting."));
+    process.exit(1);
+  }
+  if (Buffer.byteLength(message, "utf8") > MAX_MESSAGE_BYTES) {
+    console.error(
+      chalk11.red(
+        `  \u2717 Message too long (max ${MAX_MESSAGE_BYTES} bytes). Please trim it or open an issue on GitHub for longer reports.`
+      )
+    );
+    process.exit(1);
+  }
+  let token = null;
+  try {
+    const resolved = await resolveToken();
+    if (resolved) token = resolved.token;
+  } catch {
+  }
+  const metadata = {
+    cli_version: getVersion(),
+    node_version: process.version,
+    platform: process.platform,
+    arch: process.arch,
+    os_release: os.release(),
+    locale: process.env.LANG ?? null,
+    tty: process.stdin.isTTY === true
+  };
+  process.stdout.write(chalk11.dim("  Sending... "));
+  try {
+    const result = await sendFeedback({
+      source: "cli",
+      message,
+      token: token ?? void 0,
+      metadata,
+      apiUrl: await resolveApiUrl(opts.apiUrl)
+    });
+    console.log(chalk11.green("ok"));
+    console.log("");
+    console.log(`  ${chalk11.dim("Reference:")} ${chalk11.dim(result.id)}`);
+    if (token) {
+      console.log(
+        chalk11.dim(
+          "  Submitted under your account \u2014 we'll reply to your email if needed."
+        )
+      );
+    } else {
+      console.log(
+        chalk11.dim(
+          "  Submitted anonymously. If you'd like a reply, run `vibedrift login` first."
+        )
+      );
+    }
+    console.log("");
+    console.log(chalk11.green("  \u2713 Thanks for helping us improve VibeDrift."));
+    console.log("");
+  } catch (err) {
+    console.log(chalk11.red("failed"));
+    console.log("");
+    if (err instanceof VibeDriftApiError) {
+      console.error(chalk11.red(`  \u2717 ${err.message}`));
+    } else {
+      console.error(
+        chalk11.red(`  \u2717 ${err instanceof Error ? err.message : String(err)}`)
+      );
+    }
+    console.error(
+      chalk11.dim(
+        "    You can also email sami.ahmadkhan12@gmail.com directly."
+      )
+    );
+    console.log("");
+    process.exit(1);
+  }
+}
+function promptForMultilineMessage() {
+  return new Promise((resolve2) => {
+    if (!process.stdin.isTTY) {
+      let buf = "";
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (chunk) => {
+        buf += chunk;
+      });
+      process.stdin.on("end", () => resolve2(buf.trim()));
+      return;
+    }
+    console.log(
+      chalk11.dim(
+        "  Type your feedback below. Submit with a single line containing 'EOF',"
+      )
+    );
+    console.log(chalk11.dim("  or press Ctrl-D when done. Press Ctrl-C to abort."));
+    console.log("");
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+      prompt: chalk11.yellow("  > ")
+    });
+    const lines = [];
+    rl.prompt();
+    rl.on("line", (line) => {
+      if (line.trim() === "EOF") {
+        rl.close();
+        return;
+      }
+      lines.push(line);
+      rl.prompt();
+    });
+    rl.on("close", () => {
+      console.log("");
+      resolve2(lines.join("\n").trim());
+    });
+    rl.on("SIGINT", () => {
+      console.log(chalk11.red("\n  \u2717 Aborted."));
+      process.exit(1);
+    });
+  });
+}
+
 // src/cli/index.ts
 init_version();
 var VERSION = getVersion();
@@ -9007,6 +9221,9 @@ program.command("scan", { isDefault: true }).description("Scan a project for vib
 ).option(
   "--update",
   "update the VibeDrift CLI to the latest version (alias for `vibedrift update`)"
+).option(
+  "--feedback [message...]",
+  "send feedback to the maintainer (alias for `vibedrift feedback`)"
 ).option("--verbose", "show timing breakdown and analyzer details").addOption(
   new Option("--api-url <url>", "override the VibeDrift API base URL").hideHelp()
 ).action(async (path2, options) => {
@@ -9014,6 +9231,14 @@ program.command("scan", { isDefault: true }).description("Scan a project for vib
     await runUpdate(VERSION);
     return;
   }
+  if (options.feedback) {
+    const inline = Array.isArray(options.feedback) ? options.feedback.join(" ").trim() : "";
+    await runFeedback({
+      message: inline || void 0,
+      apiUrl: options.apiUrl
+    });
+    return;
+  }
   await runScan(path2, {
     json: options.json,
     format: options.json ? "json" : options.format,
@@ -9057,6 +9282,15 @@ program.command("doctor").description("Diagnose CLI installation, auth, and API
 program.command("update").description("Update the VibeDrift CLI to the latest version").action(async () => {
   await runUpdate(VERSION);
 });
+program.command("feedback").description("Send feedback, bug reports, or feature requests directly to the maintainer").argument(
+  "[message...]",
+  "feedback text (omit to be prompted interactively)"
+).addOption(
+  new Option("--api-url <url>", "override the API base URL").hideHelp()
+).action(async (messageWords, options) => {
+  const message = (messageWords ?? []).join(" ").trim() || void 0;
+  await runFeedback({ message, apiUrl: options.apiUrl });
+});
 program.addHelpText(
   "after",
   `
@@ -9075,6 +9309,10 @@ Examples:
   $ vibedrift upgrade                  open the pricing page
   $ vibedrift billing                  manage your Stripe subscription
   $ vibedrift update                   update to the latest CLI version
+  $ vibedrift feedback                 open an interactive feedback prompt
+  $ vibedrift feedback "the install is broken on Windows"
+                                       send inline feedback in one shot
+  $ vibedrift --feedback "..."         same as above, top-level shortcut
 
 Environment:
   VIBEDRIFT_TOKEN     bearer token (overrides ~/.vibedrift/config.json)