@vibedrift/cli 0.4.1 → 0.4.3

package/README.md

@@ -21,27 +21,66 @@ vibedrift ./my-project
 
 That's it. No signup, no API key, no config file. The default run produces an interactive HTML report and serves it on a local port.
 
-To unlock AI-powered deep analysis (semantic duplicates, intent mismatches, anomaly detection):
+### Free deep scan
+
+Every account gets **1 free deep scan** on signup — no card required. Deep scans add Claude-powered AI analysis on top of the local scan (semantic duplicates, intent mismatches, anomaly detection):
 
 ```bash
-vibedrift login          # one-time browser sign-in, no password
-vibedrift . --deep       # run with cloud AI on top of the local scan
+vibedrift login          # one-time browser sign-in
+vibedrift . --deep       # uses your free credit (or Pro subscription)
 ```
 
 ---
 
 ## What It Catches
 
+### Layer 1 — Static Analysis (13 analyzers, runs locally)
 - **Architectural contradictions** — when half your handlers use a repository pattern and the other half hit raw SQL
-- **Hidden duplicates** — functions that do the same thing under different names in different files
-- **Security gaps** — routes missing auth, validation, or rate limiting
 - **Naming inconsistency** — `getUserData()`, `get_order_items()`, `FetchProductList()` in the same project
+- **Security patterns** — hardcoded secrets, SQL injection, command injection, weak crypto, unsafe functions
+- **Dependency health** — phantom deps, missing deps, undocumented env vars
+- **Code quality** — cyclomatic complexity, dead code, TODO density, long functions, unclear naming
+
+### Layer 1.5 — Cross-File Drift Detection (5 detectors)
+- **Architectural consistency** — data access patterns, error handling, DI, config approaches
+- **Convention oscillation** — naming conventions, file naming across the whole project
+- **Security consistency** — auth middleware, input validation, rate limiting across routes
+- **Semantic duplication** — functions that do the same thing under different names in different files
 - **Phantom scaffolding** — CRUD endpoints the AI generated but never wired up
 
+### Layer 1.7 — Code DNA Engine (5 modules, runs locally)
+- **Semantic fingerprinting** — normalizes function bodies and hashes them. Identical hashes = exact semantic duplicates at confidence 1.0
+- **Operation sequence analysis** — reduces functions to abstract operations (INPUT, QUERY, MUTATE, RETURN) and compares via LCS
+- **Pattern classification** — structural pattern detection with probability distributions per file
+- **Taint analysis** — tracks user input from sources (req.params) to dangerous sinks (db.query) within functions
+- **Deviation heuristics** — scores whether architectural deviations are justified or accidental
+
+### Layer 2 — AI Deep Analysis (requires `--deep`)
+- **ML duplicate detection** — UniXcoder embeddings + cosine similarity for near-duplicates
+- **Intent mismatch** — detects functions whose name doesn't match their behavior
+- **Anomaly detection** — DBSCAN outlier detection on handler embeddings
+- **Surgical LLM validation** — Claude validates medium-confidence ML findings
+
 VibeDrift learns the dominant patterns your codebase follows and flags files that deviate from them. A codebase isn't wrong because it uses raw SQL — it's *drifting* because 8 of its 10 handlers use a repository and 2 don't.
 
 ---
 
+## Scoring
+
+VibeDrift scores across 5 categories, each 0–20 points:
+
+| Category | What it measures |
+|----------|-----------------|
+| **Architectural Consistency** | Naming, imports, error handling, patterns, drift detection |
+| **Redundancy** | Duplicates, dead code, TODO density, Code DNA fingerprints |
+| **Dependency Health** | Phantom/missing deps, env var documentation |
+| **Security Posture** | Hardcoded secrets, injection risks, taint flows, security drift |
+| **Intent Clarity** | Complexity, unclear naming, commented-out code, documentation |
+
+**Composite score** = sum of applicable categories (0–100). Grade thresholds: A ≥ 90, B ≥ 75, C ≥ 50, D ≥ 25, F < 25.
+
+---
+
 ## Usage
 
 ```
@@ -57,6 +96,7 @@ Commands:
   billing              Open the Stripe Customer Portal
   doctor               Diagnose CLI installation, auth, and API
   update               Update the CLI to the latest version
+  feedback [message]   Send feedback, bug reports, or feature requests
 
 Scan options:
   --format <type>       Output format: html, terminal, json, csv, docx (default: html)
@@ -64,9 +104,11 @@ Scan options:
   --json                Shorthand for --format json
   --fail-on-score <n>   Exit with code 1 if composite score is below threshold
   --no-codedna          Skip Code DNA semantic analysis
-  --deep                Enable AI-powered deep analysis (requires `vibedrift login`)
+  --deep                Enable AI-powered deep analysis (requires login)
+  --project-name <name> Override the auto-detected project name
   --include <pattern>   Only scan files matching this glob (repeatable)
   --exclude <pattern>   Exclude files matching this glob (repeatable)
+  --feedback [message]  Send feedback (alias for `vibedrift feedback`)
   --update              Update the VibeDrift CLI to the latest version
   --verbose             Show timing breakdown and analyzer details
   -V, --version         Show installed version
@@ -76,6 +118,7 @@ Scan options:
 ### Examples
 
 ```bash
+# Scanning
 vibedrift                           # scan the current directory
 vibedrift ./my-project              # scan a specific project
 vibedrift --format terminal         # print results to the terminal
@@ -83,12 +126,20 @@ vibedrift --json > report.json      # pipe JSON output to a file
 vibedrift --fail-on-score 70        # fail CI if score drops below 70
 vibedrift --include "src/**"        # only scan files under src/
 vibedrift --exclude "**/*.spec.*"   # skip test files
-vibedrift --deep                    # run premium AI-powered deep analysis
-vibedrift login                     # sign in to enable --deep
-vibedrift status                    # check current auth state
+vibedrift --deep                    # run AI-powered deep analysis
+
+# Account
+vibedrift login                     # sign in (opens browser)
+vibedrift status                    # check auth + credit balance
 vibedrift usage                     # view this month's scan usage
-vibedrift billing                   # manage your Stripe subscription
+vibedrift billing                   # manage your subscription
 vibedrift update                    # update to the latest version
+
+# Feedback
+vibedrift feedback                  # interactive prompt
+vibedrift feedback "the report is great but needs dark mode"
+vibedrift --feedback "inline shortcut works too"
+echo "piped input" | vibedrift feedback
 ```
 
 ### Environment
@@ -103,27 +154,56 @@ vibedrift update                    # update to the latest version
 
 | Format | Description |
 |--------|-------------|
-| `html` (default) | Interactive report with charts, file rankings, and exports |
+| `html` (default) | Interactive report with charts, category breakdowns, drift findings, Code DNA results, and export options |
 | `terminal` | Color-coded terminal output with tables |
-| `json` | Full result serialization for CI pipelines |
-| `csv` | Tabular export of all findings |
-| `docx` | Word document with formatted sections |
+| `json` | Full ScanResult serialization for CI pipelines |
+| `csv` | Multi-section tabular export (metadata, scores, findings, drift, Code DNA, per-file) |
+| `docx` | Word document with formatted title page, AI summary, scores, and all findings |
 
 ### CI Integration
 
-```bash
-# Fail the build if score drops below 70
-npx @vibedrift/cli . --format json --fail-on-score 70
-
-# Same, with deep AI analysis (token from VIBEDRIFT_TOKEN secret)
-VIBEDRIFT_TOKEN=$VIBEDRIFT_TOKEN \
-  npx @vibedrift/cli . --deep --format json --fail-on-score 70
+```yaml
+# GitHub Actions
+name: VibeDrift
+on: [pull_request]
+jobs:
+  drift-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: npx @vibedrift/cli . --deep --json --fail-on-score 70
+        env:
+          VIBEDRIFT_TOKEN: ${{ secrets.VIBEDRIFT_TOKEN }}
 ```
 
 Exit code 1 when the score drops below the threshold. JSON output includes every finding for downstream tooling.
 
 ---
 
+## Dashboard
+
+All scans (free and deep) are logged to your dashboard at [vibedrift.ai/dashboard](https://vibedrift.ai/dashboard) when you're logged in:
+
+- **Project overview** — score trends, sparklines, grade history
+- **Scan detail** — embedded HTML report, export (JSON/CSV/DOCX), share via public link
+- **Billing** — manage subscription, cancel/switch plans, view credits
+- **Settings** — API tokens, preferences, account management
+
+---
+
+## Pricing
+
+| Tier | Price | What you get |
+|------|-------|-------------|
+| **Free** | $0 | Unlimited local scans + 1 free deep scan on signup |
+| **Per scan** | $5/scan | One-time deep scan credit (Claude AI + ML embeddings) |
+| **Pro** | $29/month | Unlimited deep scans + GitHub Action + dashboard |
+| **Team** | $99/month | Everything in Pro + team features + API access |
+
+See [vibedrift.ai/#pricing](https://vibedrift.ai/#pricing) for details.
+
+---
+
 ## Supported Languages
 
 JavaScript · TypeScript · Python · Go · Rust
@@ -139,6 +219,18 @@ JavaScript · TypeScript · Python · Go · Rust
 
 ---
 
+## Feedback
+
+Found a bug? Have a feature request? Send it directly from the CLI:
+
+```bash
+vibedrift feedback "the naming analyzer flags Go acronyms incorrectly"
+```
+
+Feedback goes straight to the maintainer. If you're logged in, your account email is attached so we can follow up. Anonymous feedback works too.
+
+---
+
 ## License
 
 VibeDrift is proprietary software. Free to install and run for personal and internal commercial use; see [LICENSE](./LICENSE) for full terms.
@@ -155,5 +247,6 @@ For commercial licensing, partnerships, or enterprise terms: **sami.ahmadkhan12@
 
 ## Links
 
-- **Website:** https://vibedrift.ai
+- **Website:** [vibedrift.ai](https://vibedrift.ai)
+- **Dashboard:** [vibedrift.ai/dashboard](https://vibedrift.ai/dashboard)
 - **Issues / Support:** sami.ahmadkhan12@gmail.com

package/dist/index.js

@@ -6802,7 +6802,7 @@ function buildAiSummaryWidget(result) {
   return `<section class="section" style="margin-bottom:32px">
   <div style="background:rgba(255,208,0,0.03);border:1px solid var(--border);border-radius:0;padding:24px 28px;position:relative;overflow:hidden">
     <div style="position:absolute;top:0;left:0;width:3px;height:100%;background:var(--border)"></div>
-    <div style="display:flex;align-items:flex-start;gap:20px;flex-wrap:wrap">
+    <div class="score-layout" style="display:flex;align-items:flex-start;gap:20px;flex-wrap:wrap">
       <div style="flex:1;min-width:280px">
         <div style="display:flex;align-items:center;gap:8px;margin-bottom:10px">
           <span style="font-size:16px">&#129302;</span>
@@ -6844,7 +6844,7 @@ function buildScoreSection(result) {
   }).join("");
   return `<section class="section">
   <div class="label">SCORE OVERVIEW</div>
-  <div style="display:flex;gap:40px;align-items:flex-start;flex-wrap:wrap">
+  <div class="score-layout" style="display:flex;gap:40px;align-items:flex-start;flex-wrap:wrap">
     <div style="text-align:center;min-width:120px">
       <div class="mono" style="font-size:72px;font-weight:800;color:${color};line-height:1">${compositeScore}</div>
       <div class="mono" style="font-size:16px;color:var(--text-tertiary)">/ ${maxCompositeScore}</div>
@@ -6858,7 +6858,7 @@ function buildRadarSection(result) {
   const cats = getDriftCats(result);
   const n = cats.length;
   if (n === 0) return "";
-  const cx = 180, cy = 180, r = 140, step = 2 * Math.PI / n;
+  const cx = 260, cy = 200, r = 130, step = 2 * Math.PI / n;
   let grid = "", dots = "", labels = "";
   const pts = [];
   for (const ring of [0.25, 0.5, 0.75, 1]) {
@@ -6875,14 +6875,14 @@ function buildRadarSection(result) {
     const px = cx + r * ratio * Math.cos(a), py = cy + r * ratio * Math.sin(a);
     pts.push(`${px},${py}`);
     dots += `<circle cx="${px}" cy="${py}" r="5" fill="var(--text-secondary)" stroke="var(--bg-page)" stroke-width="2"/>`;
-    const labelDist = r + 30;
+    const labelDist = r + 35;
     const lx = cx + labelDist * Math.cos(a), ly = cy + labelDist * Math.sin(a);
     const anchor = Math.abs(Math.cos(a)) < 0.3 ? "middle" : Math.cos(a) > 0 ? "start" : "end";
     const { color: catColor } = gradeFor(cats[i].score, cats[i].max);
     labels += `<text x="${lx}" y="${ly - 7}" fill="${catColor}" font-size="12" font-weight="600" font-family="-apple-system,sans-serif" text-anchor="${anchor}" dominant-baseline="middle">${esc(cats[i].shortName)}</text>`;
     labels += `<text x="${lx}" y="${ly + 8}" fill="#5A6A7E" font-size="11" font-weight="500" font-family="'SF Mono',Consolas,monospace" text-anchor="${anchor}" dominant-baseline="middle">${cats[i].score}/${cats[i].max} ${cats[i].findings > 0 ? "(" + cats[i].findings + " issues)" : ""}</text>`;
   }
-  const radar = `<svg viewBox="0 0 360 360" style="width:100%;max-width:420px;height:auto;margin:0 auto;display:block">${grid}<polygon points="${pts.join(" ")}" fill="rgba(255,208,0,0.04)" stroke="rgba(255,208,0,0.3)" stroke-width="1.5"/>${dots}${labels}</svg>`;
+  const radar = `<svg viewBox="0 0 520 440" style="width:100%;max-width:560px;height:auto;margin:0 auto;display:block">${grid}<polygon points="${pts.join(" ")}" fill="rgba(255,208,0,0.04)" stroke="rgba(255,208,0,0.3)" stroke-width="1.5"/>${dots}${labels}</svg>`;
   const weakest = [...cats].sort((a, b) => {
     const pctA = a.max > 0 ? a.score / a.max : 1;
     const pctB = b.max > 0 ? b.score / b.max : 1;
@@ -7475,9 +7475,73 @@ th[data-sort]:hover { color: var(--text-primary); }
 ::-webkit-scrollbar-thumb { background: #3A3A3D; }
 ::-webkit-scrollbar-thumb:hover { background: #555; }
 @media (max-width: 768px) {
-  .page { padding: 20px 14px; }
-  .score-layout { flex-direction: column !important; }
+  .page { padding: 16px 10px; }
+  .section { margin-bottom: 28px; }
+  .label { font-size: 10px; letter-spacing: 1.5px; margin-bottom: 10px; }
+
+  /* Score hero: stack vertically */
+  .score-layout { flex-direction: column !important; gap: 16px !important; }
+  .score-layout > div { min-width: 0 !important; width: 100% !important; }
+
+  /* Category bars: stack, remove min-widths */
+  .score-layout [style*="min-width:300px"],
+  .score-layout [style*="min-width:280px"],
+  .score-layout [style*="min-width:200px"],
+  .score-layout [style*="min-width:120px"] {
+    min-width: 0 !important; width: 100% !important;
+  }
+
+  /* Radar chart: constrain to viewport */
+  svg[viewBox] { max-width: 100% !important; }
+
+  /* Strongest/Weakest cards: 2-col, tighter */
+  .section > div[style*="display:flex"][style*="gap:12px"] {
+    gap: 8px !important;
+  }
+  .section > div[style*="display:flex"] > div[style*="min-width:160px"] {
+    min-width: 0 !important; flex: 1 !important;
+  }
+
+  /* Findings list: tighter padding */
+  details > div { padding: 8px 10px !important; }
+  details summary { padding: 10px 12px !important; font-size: 13px !important; }
+
+  /* File ranking table: horizontal scroll */
+  table { display: block; overflow-x: auto; -webkit-overflow-scrolling: touch; white-space: nowrap; }
+  table th, table td { padding: 5px 8px !important; font-size: 11px !important; }
+
+  /* Code snippets: wrap text */
+  pre, code { white-space: pre-wrap !important; word-break: break-word !important; font-size: 12px !important; }
+
+  /* Drift coherence bars: full width */
+  .section div[style*="display:flex"][style*="gap:40px"] {
+    flex-direction: column !important; gap: 16px !important;
+  }
+
+  /* Summary + AI section: stack */
+  .section div[style*="display:flex"][style*="gap:20px"] {
+    flex-direction: column !important; gap: 12px !important;
+  }
+
+  /* Sticky header: tighter padding */
+  .sticky-header { padding: 0 12px; font-size: 12px; }
   .sticky-project { display: none !important; }
+
+  /* Export buttons: smaller */
+  .export-btn { padding: 5px 10px; font-size: 11px; }
+
+  /* Code DNA / ML sections: reduce gap */
+  .section div[style*="gap:10px"] { gap: 6px !important; }
+
+  /* Hide long file paths, truncate */
+  td[data-scroll-to] { max-width: 140px !important; }
+}
+@media (max-width: 480px) {
+  .page { padding: 12px 8px; }
+  body { font-size: 13px; }
+  .label { font-size: 9px; }
+  .sticky-header { height: 38px; }
+  table th, table td { padding: 4px 6px !important; font-size: 10px !important; }
 }
 @media print {
   body { background: #fff; color: #111; font-size: 11px; line-height: 1.4; }