@vibedrift/cli 0.5.3 → 0.5.5

package/README.md

@@ -21,13 +21,13 @@ vibedrift ./my-project
 
 That's it. No signup, no API key, no config file. The default run produces an interactive HTML report and serves it on a local port.
 
-### Free deep scan
+### Free deep scans
 
-Every account gets **1 free deep scan** on signup — no card required. Deep scans add Claude-powered AI analysis on top of the local scan (semantic duplicates, intent mismatches, anomaly detection):
+Every account gets **3 free deep scans per month** — no card required. Deep scans add Claude-powered AI analysis on top of the local scan (semantic duplicates, intent mismatches, anomaly detection):
 
 ```bash
 vibedrift login          # one-time browser sign-in
-vibedrift . --deep       # uses your free credit (or Pro subscription)
+vibedrift . --deep       # uses one of your 3 monthly deep scans
 ```
 
 ---
@@ -41,12 +41,15 @@ vibedrift . --deep       # uses your free credit (or Pro subscription)
 - **Dependency health** — phantom deps, missing deps, undocumented env vars
 - **Code quality** — cyclomatic complexity, dead code, TODO density, long functions, unclear naming
 
-### Layer 1.5 — Cross-File Drift Detection (5 detectors)
-- **Architectural consistency** — data access patterns, error handling, DI, config approaches
+### Layer 1.5 — Cross-File Drift Detection (8 detectors)
+- **Architectural consistency** — error handling, data access, DI, and config patterns across all source files
 - **Convention oscillation** — naming conventions, file naming across the whole project
 - **Security consistency** — auth middleware, input validation, rate limiting across routes
 - **Semantic duplication** — functions that do the same thing under different names in different files
-- **Phantom scaffolding** — CRUD endpoints the AI generated but never wired up
+- **Phantom scaffolding** — exported types and CRUD endpoints that are never used
+- **Import style** — relative paths vs path aliases, default vs named imports
+- **Export style** — default exports vs named-only exports per file
+- **Async patterns** — async/await vs .then() chains consistency
 
 ### Layer 1.7 — Code DNA Engine (5 modules, runs locally)
 - **Semantic fingerprinting** — normalizes function bodies and hashes them. Identical hashes = exact semantic duplicates at confidence 1.0
@@ -195,10 +198,10 @@ All scans (free and deep) are logged to your dashboard at [vibedrift.ai/dashboar
 
 | Tier | Price | What you get |
 |------|-------|-------------|
-| **Free** | $0 | Unlimited local scans + 1 free deep scan on signup |
-| **Per scan** | $5/scan | One-time deep scan credit (Claude AI + ML embeddings) |
-| **Pro** | $29/month | Unlimited deep scans + GitHub Action + dashboard |
-| **Team** | $99/month | Everything in Pro + team features + API access |
+| **Free** | $0 | Unlimited local scans + 3 deep scans per month + dashboard |
+| **Pro** | $15/month | Unlimited deep scans + private repo CI/CD + API access |
+| **Team** | $30/seat/month | GitHub App (auto PR) + team dashboard + quality gates + SSO |
+| **Enterprise** | Custom | Custom rules + compliance + self-hosted + SLA |
 
 See [vibedrift.ai/#pricing](https://vibedrift.ai/#pricing) for details.
 

package/dist/index.js

@@ -5178,11 +5178,14 @@ init_esm_shims();
 // src/drift/types.ts
 init_esm_shims();
 var DRIFT_WEIGHTS = {
-  architectural_consistency: 25,
-  security_posture: 25,
-  semantic_duplication: 20,
-  naming_conventions: 15,
-  phantom_scaffolding: 15
+  architectural_consistency: 16,
+  security_posture: 14,
+  semantic_duplication: 14,
+  naming_conventions: 12,
+  phantom_scaffolding: 12,
+  import_style: 12,
+  export_style: 10,
+  async_patterns: 10
 };
 
 // src/drift/architectural-contradiction.ts
@@ -5200,9 +5203,6 @@ function extractEvidence(content, pattern, maxResults = 3) {
   }
   return evidence;
 }
-function isHandlerOrController(path2) {
-  return /(?:handler|controller|route|endpoint|view|api|resource|page|action)/i.test(path2) && !/(?:repository|repo|store|dal|model|query|migration|test|spec|mock)/i.test(path2);
-}
 function detectDataAccess(file) {
   const results = [];
   const c = file.content;
@@ -5220,7 +5220,7 @@ function detectDataAccess(file) {
     results.push({ pattern: "direct_db", evidence: dbEvidence });
   }
   const httpEvidence = extractEvidence(c, /\b(?:fetch|axios|http\.(?:Get|Post|Put)|requests\.(?:get|post))\s*\(/g);
-  if (httpEvidence.length > 0 && isHandlerOrController(file.path)) {
+  if (httpEvidence.length > 0) {
     results.push({ pattern: "http_client", evidence: httpEvidence });
   }
   return results;
@@ -5280,13 +5280,19 @@ function detectDIPattern(file) {
   }
   return results;
 }
+function isAnalyzableSource(path2) {
+  if (/(?:test|spec|mock|fixture|__test__|__mocks__|\.test\.|\.spec\.)/i.test(path2)) return false;
+  if (/(?:\.config\.|\.d\.ts$|node_modules|dist\/|build\/)/i.test(path2)) return false;
+  return true;
+}
 function buildProfile(file) {
-  if (!file.language || !isHandlerOrController(file.path)) return null;
+  if (!file.language) return null;
+  if (!isAnalyzableSource(file.path)) return null;
   const dataAccess = detectDataAccess(file);
   const errorHandling = detectErrorHandling(file);
   const config = detectConfigPattern(file);
   const di = detectDIPattern(file);
-  if (dataAccess.length === 0 && errorHandling.length === 0) return null;
+  if (dataAccess.length === 0 && errorHandling.length === 0 && config.length === 0) return null;
   return { file: file.path, language: file.language, dataAccess, errorHandling, config, di };
 }
 function detectFilePattern(patterns) {
@@ -6285,6 +6291,341 @@ var phantomScaffolding = {
   }
 };
 
+// src/drift/import-consistency.ts
+init_esm_shims();
+function isSourceFile(path2) {
+  if (/(?:test|spec|mock|fixture|__test__|__mocks__|\.test\.|\.spec\.)/i.test(path2)) return false;
+  if (/(?:\.config\.|\.d\.ts$|node_modules|dist\/|build\/)/i.test(path2)) return false;
+  return true;
+}
+function analyzeImports(file) {
+  if (!file.language || !["javascript", "typescript"].includes(file.language)) return null;
+  if (!isSourceFile(file.path)) return null;
+  const lines = file.content.split("\n");
+  let relativeCount = 0;
+  let aliasCount = 0;
+  let defaultCount = 0;
+  let namedCount = 0;
+  const evidence = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    const importMatch = line.match(/^import\s+(?!type\s)/);
+    if (!importMatch) continue;
+    const fromMatch = line.match(/from\s+["']([^"']+)["']/);
+    if (!fromMatch) continue;
+    const importPath = fromMatch[1];
+    if (!importPath.startsWith(".") && !importPath.startsWith("@/") && !importPath.startsWith("~/")) continue;
+    if (importPath.startsWith("./") || importPath.startsWith("../")) {
+      relativeCount++;
+    } else if (importPath.startsWith("@/") || importPath.startsWith("~/")) {
+      aliasCount++;
+    }
+    if (/^import\s+\{/.test(line)) {
+      namedCount++;
+    } else if (/^import\s+\w+\s+from/.test(line) || /^import\s+\w+,\s*\{/.test(line)) {
+      defaultCount++;
+    }
+    if (evidence.length < 3) {
+      evidence.push({ line: i + 1, code: line });
+    }
+  }
+  const totalLocalImports = relativeCount + aliasCount;
+  if (totalLocalImports < 3) return null;
+  const pathStyle = aliasCount === 0 ? "relative" : relativeCount === 0 ? "alias" : relativeCount >= aliasCount ? "relative" : "alias";
+  const totalBindings = defaultCount + namedCount;
+  let bindingStyle = null;
+  if (totalBindings >= 3) {
+    const defaultRatio = defaultCount / totalBindings;
+    bindingStyle = defaultRatio > 0.6 ? "default_heavy" : defaultRatio < 0.4 ? "named_heavy" : "mixed";
+  }
+  return {
+    file: file.path,
+    pathStyle,
+    bindingStyle,
+    relativeCount,
+    aliasCount,
+    defaultCount,
+    namedCount,
+    evidence
+  };
+}
+var PATH_STYLE_NAMES = {
+  relative: "relative paths (./)",
+  alias: "path aliases (@/)"
+};
+function buildFinding(profiles, getStyle, styleNames, subCategory, label) {
+  const withStyle = profiles.filter((p) => getStyle(p) !== null);
+  if (withStyle.length < 5) return null;
+  const counts = /* @__PURE__ */ new Map();
+  for (const p of withStyle) {
+    const style = getStyle(p);
+    if (!counts.has(style)) counts.set(style, { count: 0, files: [] });
+    const entry = counts.get(style);
+    entry.count++;
+    entry.files.push(p.file);
+  }
+  if (counts.size < 2) return null;
+  let dominant = null;
+  let dominantCount = 0;
+  for (const [style, data] of counts) {
+    if (data.count > dominantCount) {
+      dominantCount = data.count;
+      dominant = style;
+    }
+  }
+  if (!dominant) return null;
+  const totalFiles = withStyle.length;
+  const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+  if (consistencyScore === 100) return null;
+  const deviating = [];
+  for (const [style, data] of counts) {
+    if (style === dominant) continue;
+    for (const filePath of data.files) {
+      const profile = withStyle.find((p) => p.file === filePath);
+      deviating.push({
+        path: filePath,
+        detectedPattern: styleNames[style] ?? style,
+        evidence: profile?.evidence.slice(0, 2) ?? []
+      });
+    }
+  }
+  return {
+    detector: "import_style",
+    subCategory,
+    driftCategory: "import_style",
+    severity: deviating.length >= 5 ? "warning" : "info",
+    confidence: 0.8,
+    finding: `${label}: ${dominantCount} files use ${styleNames[dominant] ?? dominant}, ${deviating.length} deviate`,
+    dominantPattern: styleNames[dominant] ?? dominant,
+    dominantCount,
+    totalRelevantFiles: totalFiles,
+    consistencyScore,
+    deviatingFiles: deviating,
+    recommendation: `Standardize on ${styleNames[dominant] ?? dominant} across all files for consistency.`
+  };
+}
+var importConsistency = {
+  id: "import-consistency",
+  name: "Import Style Consistency",
+  category: "import_style",
+  detect(ctx) {
+    const findings = [];
+    const profiles = [];
+    for (const file of ctx.files) {
+      const p = analyzeImports(file);
+      if (p) profiles.push(p);
+    }
+    if (profiles.length < 5) return findings;
+    const pathFinding = buildFinding(
+      profiles,
+      (p) => p.pathStyle,
+      PATH_STYLE_NAMES,
+      "path_style",
+      "Import path style"
+    );
+    if (pathFinding) findings.push(pathFinding);
+    return findings;
+  }
+};
+
+// src/drift/export-consistency.ts
+init_esm_shims();
+function isSourceFile2(path2) {
+  if (/(?:test|spec|mock|fixture|__test__|__mocks__|\.test\.|\.spec\.)/i.test(path2)) return false;
+  if (/(?:\.config\.|\.d\.ts$|node_modules|dist\/|build\/|index\.)/i.test(path2)) return false;
+  return true;
+}
+function analyzeExports(file) {
+  if (!file.language || !["javascript", "typescript"].includes(file.language)) return null;
+  if (!isSourceFile2(file.path)) return null;
+  const lines = file.content.split("\n");
+  let hasDefaultExport = false;
+  let hasNamedExport = false;
+  const evidence = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i].trim();
+    if (/^export\s+default\b/.test(line) || /\bmodule\.exports\s*=/.test(line)) {
+      hasDefaultExport = true;
+      if (evidence.length < 2) evidence.push({ line: i + 1, code: line.slice(0, 100) });
+    } else if (/^export\s+(?:function|class|const|let|var|interface|type|enum|abstract)\b/.test(line)) {
+      hasNamedExport = true;
+      if (evidence.length < 2) evidence.push({ line: i + 1, code: line.slice(0, 100) });
+    } else if (/^export\s*\{/.test(line)) {
+      hasNamedExport = true;
+      if (evidence.length < 2) evidence.push({ line: i + 1, code: line.slice(0, 100) });
+    }
+  }
+  if (!hasDefaultExport && !hasNamedExport) return null;
+  const style = hasDefaultExport ? "default_export" : "named_only";
+  return { file: file.path, style, evidence };
+}
+var STYLE_NAMES = {
+  default_export: "default exports",
+  named_only: "named exports only"
+};
+var exportConsistency = {
+  id: "export-consistency",
+  name: "Export Style Consistency",
+  category: "export_style",
+  detect(ctx) {
+    const profiles = [];
+    for (const file of ctx.files) {
+      const p = analyzeExports(file);
+      if (p) profiles.push(p);
+    }
+    if (profiles.length < 5) return [];
+    const counts = /* @__PURE__ */ new Map();
+    for (const p of profiles) {
+      if (!counts.has(p.style)) counts.set(p.style, { count: 0, files: [] });
+      const entry = counts.get(p.style);
+      entry.count++;
+      entry.files.push(p.file);
+    }
+    if (counts.size < 2) return [];
+    let dominant = null;
+    let dominantCount = 0;
+    for (const [style, data] of counts) {
+      if (data.count > dominantCount) {
+        dominantCount = data.count;
+        dominant = style;
+      }
+    }
+    if (!dominant) return [];
+    const totalFiles = profiles.length;
+    const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+    if (consistencyScore === 100) return [];
+    const deviating = [];
+    for (const [style, data] of counts) {
+      if (style === dominant) continue;
+      for (const filePath of data.files) {
+        const profile = profiles.find((p) => p.file === filePath);
+        deviating.push({
+          path: filePath,
+          detectedPattern: STYLE_NAMES[style],
+          evidence: profile?.evidence.slice(0, 2) ?? []
+        });
+      }
+    }
+    return [{
+      detector: "export_style",
+      subCategory: "export_style",
+      driftCategory: "export_style",
+      severity: deviating.length >= 5 ? "warning" : "info",
+      confidence: 0.75,
+      finding: `Export style: ${dominantCount} files use ${STYLE_NAMES[dominant]}, ${deviating.length} use ${STYLE_NAMES[dominant === "default_export" ? "named_only" : "default_export"]}`,
+      dominantPattern: STYLE_NAMES[dominant],
+      dominantCount,
+      totalRelevantFiles: totalFiles,
+      consistencyScore,
+      deviatingFiles: deviating,
+      recommendation: `Standardize on ${STYLE_NAMES[dominant]}. ${dominant === "named_only" ? "Named exports enable tree-shaking and explicit imports." : "Default exports simplify imports but disable tree-shaking."}`
+    }];
+  }
+};
+
+// src/drift/async-consistency.ts
+init_esm_shims();
+function isSourceFile3(path2) {
+  if (/(?:test|spec|mock|fixture|__test__|__mocks__|\.test\.|\.spec\.)/i.test(path2)) return false;
+  if (/(?:\.config\.|\.d\.ts$|node_modules|dist\/|build\/)/i.test(path2)) return false;
+  return true;
+}
+function analyzeAsync(file) {
+  if (!file.language || !["javascript", "typescript"].includes(file.language)) return null;
+  if (!isSourceFile3(file.path)) return null;
+  const lines = file.content.split("\n");
+  let awaitCount = 0;
+  let thenCount = 0;
+  const evidence = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (/\bawait\s+/.test(line) && !line.trim().startsWith("//") && !line.trim().startsWith("*")) {
+      awaitCount++;
+      if (evidence.length < 3) {
+        evidence.push({ line: i + 1, code: line.trim().slice(0, 100) });
+      }
+    }
+    if (/\.\s*then\s*\(/.test(line) && !line.trim().startsWith("//") && !line.trim().startsWith("*") && !/type\s|interface\s/.test(line)) {
+      thenCount++;
+      if (evidence.length < 3) {
+        evidence.push({ line: i + 1, code: line.trim().slice(0, 100) });
+      }
+    }
+  }
+  const total = awaitCount + thenCount;
+  if (total < 2) return null;
+  let style;
+  const awaitRatio = awaitCount / total;
+  if (awaitRatio > 0.7) style = "async_await";
+  else if (awaitRatio < 0.3) style = "then_chains";
+  else style = "mixed";
+  return { file: file.path, style, awaitCount, thenCount, evidence };
+}
+var STYLE_NAMES2 = {
+  async_await: "async/await",
+  then_chains: ".then() chains",
+  mixed: "mixed async patterns"
+};
+var asyncConsistency = {
+  id: "async-consistency",
+  name: "Async Pattern Consistency",
+  category: "async_patterns",
+  detect(ctx) {
+    const profiles = [];
+    for (const file of ctx.files) {
+      const p = analyzeAsync(file);
+      if (p) profiles.push(p);
+    }
+    if (profiles.length < 5) return [];
+    const counts = /* @__PURE__ */ new Map();
+    for (const p of profiles) {
+      if (!counts.has(p.style)) counts.set(p.style, { count: 0, files: [] });
+      const entry = counts.get(p.style);
+      entry.count++;
+      entry.files.push(p.file);
+    }
+    if (counts.size < 2) return [];
+    let dominant = null;
+    let dominantCount = 0;
+    for (const [style, data] of counts) {
+      if (data.count > dominantCount) {
+        dominantCount = data.count;
+        dominant = style;
+      }
+    }
+    if (!dominant) return [];
+    const totalFiles = profiles.length;
+    const consistencyScore = Math.round(dominantCount / totalFiles * 100);
+    if (consistencyScore === 100) return [];
+    const deviating = [];
+    for (const [style, data] of counts) {
+      if (style === dominant) continue;
+      for (const filePath of data.files) {
+        const profile = profiles.find((p) => p.file === filePath);
+        deviating.push({
+          path: filePath,
+          detectedPattern: STYLE_NAMES2[style],
+          evidence: profile?.evidence.slice(0, 2) ?? []
+        });
+      }
+    }
+    return [{
+      detector: "async_patterns",
+      subCategory: "async_style",
+      driftCategory: "async_patterns",
+      severity: deviating.length >= 5 ? "warning" : "info",
+      confidence: 0.8,
+      finding: `Async style: ${dominantCount} files use ${STYLE_NAMES2[dominant]}, ${deviating.length} use different patterns`,
+      dominantPattern: STYLE_NAMES2[dominant],
+      dominantCount,
+      totalRelevantFiles: totalFiles,
+      consistencyScore,
+      deviatingFiles: deviating,
+      recommendation: `Standardize on ${STYLE_NAMES2[dominant]}. ${dominant === "async_await" ? "async/await is more readable and has clearer error handling with try/catch." : "Consider migrating to async/await for consistency and readability."}`
+    }];
+  }
+};
+
 // src/drift/index.ts
 function createDriftDetectors() {
   return [
@@ -6292,7 +6633,10 @@ function createDriftDetectors() {
     conventionOscillation,
     securityConsistency,
     semanticDuplication,
-    phantomScaffolding
+    phantomScaffolding,
+    importConsistency,
+    exportConsistency,
+    asyncConsistency
   ];
 }
 function buildDriftContext(ctx) {
@@ -6325,7 +6669,10 @@ function computeDriftScores(findings) {
     "security_posture",
     "semantic_duplication",
     "naming_conventions",
-    "phantom_scaffolding"
+    "phantom_scaffolding",
+    "import_style",
+    "export_style",
+    "async_patterns"
   ];
   const scores = {};
   for (const cat of categories) {
@@ -7246,7 +7593,7 @@ function buildRadarSection(result) {
   return `<section class="section">
   <div class="label">DRIFT FINGERPRINT</div>
   <p style="font-size:13px;color:var(--text-secondary);margin-bottom:20px;line-height:1.6">
-    This radar shows how well your codebase maintains consistency across 5 drift categories.
+    This radar shows how well your codebase maintains consistency across 8 drift categories.
     The outer edge represents a perfect score in each category. Points closer to the center indicate more drift.
     A balanced shape means consistent quality; an uneven shape reveals where drift concentrates.
   </p>