@vyuhlabs/dxkit 2.6.0 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +54 -13
- package/README.md +208 -459
- package/dist/analyzers/bom/discovery.d.ts +3 -4
- package/dist/analyzers/bom/discovery.d.ts.map +1 -1
- package/dist/analyzers/bom/discovery.js +3 -4
- package/dist/analyzers/bom/discovery.js.map +1 -1
- package/dist/analyzers/bom/types.d.ts +1 -1
- package/dist/analyzers/dashboard/index.d.ts.map +1 -1
- package/dist/analyzers/dashboard/index.js +42 -5
- package/dist/analyzers/dashboard/index.js.map +1 -1
- package/dist/analyzers/quality/detailed.d.ts +8 -1
- package/dist/analyzers/quality/detailed.d.ts.map +1 -1
- package/dist/analyzers/quality/detailed.js +43 -10
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/security/detailed.d.ts +8 -1
- package/dist/analyzers/security/detailed.d.ts.map +1 -1
- package/dist/analyzers/security/detailed.js +14 -1
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts +8 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +26 -7
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tools/cloc.js +3 -3
- package/dist/analyzers/tools/cloc.js.map +1 -1
- package/dist/analyzers/tools/exclusions.d.ts +12 -12
- package/dist/analyzers/tools/exclusions.d.ts.map +1 -1
- package/dist/analyzers/tools/exclusions.js +27 -13
- package/dist/analyzers/tools/exclusions.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts +39 -5
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +609 -45
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/nuget-package-reference.d.ts +4 -4
- package/dist/analyzers/tools/nuget-package-reference.js +4 -4
- package/dist/analyzers/tools/osv-scanner-fix.d.ts +4 -5
- package/dist/analyzers/tools/osv-scanner-fix.d.ts.map +1 -1
- package/dist/analyzers/tools/osv-scanner-fix.js +4 -5
- package/dist/analyzers/tools/osv-scanner-fix.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +7 -0
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.d.ts.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.js +3 -4
- package/dist/analyzers/tools/vendored-advisor.js.map +1 -1
- package/dist/analyzers/xlsx/licenses.d.ts +7 -7
- package/dist/analyzers/xlsx/licenses.js +7 -7
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +80 -3
- package/dist/cli.js.map +1 -1
- package/dist/dashboard/graph-adapter.d.ts +151 -0
- package/dist/dashboard/graph-adapter.d.ts.map +1 -0
- package/dist/dashboard/graph-adapter.js +415 -0
- package/dist/dashboard/graph-adapter.js.map +1 -0
- package/dist/dashboard/graph-tab.d.ts +109 -0
- package/dist/dashboard/graph-tab.d.ts.map +1 -0
- package/dist/dashboard/graph-tab.js +297 -0
- package/dist/dashboard/graph-tab.js.map +1 -0
- package/dist/dashboard/vendor/vis-network.min.js +34 -0
- package/dist/explore/cli/api-surface.d.ts +12 -0
- package/dist/explore/cli/api-surface.d.ts.map +1 -0
- package/dist/explore/cli/api-surface.js +57 -0
- package/dist/explore/cli/api-surface.js.map +1 -0
- package/dist/explore/cli/communities.d.ts +10 -0
- package/dist/explore/cli/communities.d.ts.map +1 -0
- package/dist/explore/cli/communities.js +47 -0
- package/dist/explore/cli/communities.js.map +1 -0
- package/dist/explore/cli/context.d.ts +16 -0
- package/dist/explore/cli/context.d.ts.map +1 -0
- package/dist/explore/cli/context.js +118 -0
- package/dist/explore/cli/context.js.map +1 -0
- package/dist/explore/cli/entry-points.d.ts +12 -0
- package/dist/explore/cli/entry-points.d.ts.map +1 -0
- package/dist/explore/cli/entry-points.js +85 -0
- package/dist/explore/cli/entry-points.js.map +1 -0
- package/dist/explore/cli/feature.d.ts +16 -0
- package/dist/explore/cli/feature.d.ts.map +1 -0
- package/dist/explore/cli/feature.js +89 -0
- package/dist/explore/cli/feature.js.map +1 -0
- package/dist/explore/cli/file.d.ts +12 -0
- package/dist/explore/cli/file.d.ts.map +1 -0
- package/dist/explore/cli/file.js +139 -0
- package/dist/explore/cli/file.js.map +1 -0
- package/dist/explore/cli/hot-files.d.ts +11 -0
- package/dist/explore/cli/hot-files.d.ts.map +1 -0
- package/dist/explore/cli/hot-files.js +63 -0
- package/dist/explore/cli/hot-files.js.map +1 -0
- package/dist/explore/context-hook.d.ts +42 -0
- package/dist/explore/context-hook.d.ts.map +1 -0
- package/dist/explore/context-hook.js +131 -0
- package/dist/explore/context-hook.js.map +1 -0
- package/dist/explore/finding-context.d.ts +69 -0
- package/dist/explore/finding-context.d.ts.map +1 -0
- package/dist/explore/finding-context.js +102 -0
- package/dist/explore/finding-context.js.map +1 -0
- package/dist/explore/format.d.ts +64 -0
- package/dist/explore/format.d.ts.map +1 -0
- package/dist/explore/format.js +99 -0
- package/dist/explore/format.js.map +1 -0
- package/dist/explore/load.d.ts +50 -0
- package/dist/explore/load.d.ts.map +1 -0
- package/dist/explore/load.js +197 -0
- package/dist/explore/load.js.map +1 -0
- package/dist/explore/queries.d.ts +413 -0
- package/dist/explore/queries.d.ts.map +1 -0
- package/dist/explore/queries.js +855 -0
- package/dist/explore/queries.js.map +1 -0
- package/dist/explore/types.d.ts +130 -0
- package/dist/explore/types.d.ts.map +1 -0
- package/dist/explore/types.js +28 -0
- package/dist/explore/types.js.map +1 -0
- package/dist/explore-cli.d.ts +45 -0
- package/dist/explore-cli.d.ts.map +1 -0
- package/dist/explore-cli.js +213 -0
- package/dist/explore-cli.js.map +1 -0
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +19 -0
- package/dist/generator.js.map +1 -1
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +31 -11
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +4 -0
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +27 -0
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +35 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +4 -0
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +4 -0
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +4 -0
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +4 -0
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +4 -0
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +54 -0
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +5 -1
- package/dist/languages/typescript.js.map +1 -1
- package/package.json +2 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +21 -1
- package/templates/.claude/skills/dxkit-reports/SKILL.md +3 -1
- package/templates/AGENTS.md.template +8 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.7.0] - 2026-05-29
|
|
11
|
+
|
|
12
|
+
The "Repo Explore" release. dxkit now builds a deterministic code graph
|
|
13
|
+
of your repo and exposes it three ways: a CLI to query structure, an
|
|
14
|
+
interactive graph in the dashboard, and per-finding blast radius in
|
|
15
|
+
detailed reports. The throughline is helping a coding agent fix findings
|
|
16
|
+
by navigating structure instead of re-reading whole files.
|
|
17
|
+
|
|
18
|
+
### Added
|
|
19
|
+
|
|
20
|
+
- **`vyuh-dxkit explore`** with six subcommands (`entry-points`,
|
|
21
|
+
`hot-files`, `communities`, `file`, `feature`, `api-surface`) for
|
|
22
|
+
asking the code graph what the repo does, where a feature lives, which
|
|
23
|
+
files are load-bearing, and what the public API surface is.
|
|
24
|
+
- **`vyuh-dxkit context <query>`** returns a token-budgeted structural
|
|
25
|
+
slice for a query (an anchor symbol, its relevant neighbors, and the
|
|
26
|
+
blast radius), plus a fail-open Claude Code PreToolUse hook that feeds
|
|
27
|
+
it on Grep/Glob so agents need fewer follow-up whole-file reads.
|
|
28
|
+
Auto-installed with `--with-dxkit-agents`.
|
|
29
|
+
- **Interactive Graph tab** in `vyuh-dxkit dashboard`, embedding
|
|
30
|
+
graphify's code-graph viewer with the renderer bundled to work
|
|
31
|
+
offline. Large repos render a community-aggregated view.
|
|
32
|
+
- **`--graph-context`** on `vulnerabilities`, `test-gaps`, and `quality`
|
|
33
|
+
attaches each finding's module and blast radius (which files call into
|
|
34
|
+
it) to the detailed report, so a fixing agent gets the structural map
|
|
35
|
+
per finding without a separate lookup.
|
|
36
|
+
- **Per-language call-graph reliability.** Where the call graph cannot be
|
|
37
|
+
resolved (C#, which cannot follow `using` across assemblies), blast
|
|
38
|
+
radius reads "n/a" rather than a misleading "0 callers", so it is never
|
|
39
|
+
mistaken for "safe to change".
|
|
40
|
+
- **`dxkit-action`** now folds blast radius into prioritization as an
|
|
41
|
+
additive signal, and the generated `AGENTS.md` documents the new
|
|
42
|
+
commands.
|
|
43
|
+
|
|
44
|
+
### Changed
|
|
45
|
+
|
|
46
|
+
- `vyuh-dxkit health` writes the code graph to
|
|
47
|
+
`.dxkit/reports/graph.json` as a side effect, so a single run
|
|
48
|
+
populates the artifact the explore, context, dashboard, and
|
|
49
|
+
graph-context surfaces read.
|
|
50
|
+
|
|
10
51
|
## [2.6.0] - 2026-05-23
|
|
11
52
|
|
|
12
53
|
The "per-finding suppression + public-repo-safe baselines" release.
|
|
@@ -185,7 +226,7 @@ Tag: `create-dxkit@v0.2.0`. Run `npm init @vyuhlabs/dxkit` to get
|
|
|
185
226
|
the new combined experience.
|
|
186
227
|
|
|
187
228
|
Validated end-to-end with two cross-stack walkthroughs on 2026-05-22:
|
|
188
|
-
|
|
229
|
+
a polyglot Python+TypeScript reference repo and a .NET reference repo.
|
|
189
230
|
Both stacks: defect closures verified, per-pack devcontainer adapts
|
|
190
231
|
correctly, doctor's new tier-3 surfaces operational gaps with
|
|
191
232
|
actionable fix commands.
|
|
@@ -1621,9 +1662,9 @@ Four pieces shipped together:
|
|
|
1621
1662
|
The post-shipment audit's master bug + its direct cascade:
|
|
1622
1663
|
|
|
1623
1664
|
- **D055** — `.dxkit-ignore` multi-segment paths flatten to basenames
|
|
1624
|
-
in cloc / graphify / grep. `
|
|
1625
|
-
became `{
|
|
1626
|
-
directory named `
|
|
1665
|
+
in cloc / graphify / grep. `app/vendor/generated/` silently
|
|
1666
|
+
became `{app, vendor, generated}`, so cloc then excluded every
|
|
1667
|
+
directory named `app` in the tree, killing 90% of source visibility.
|
|
1627
1668
|
Fix: `getClocExcludeFlags` emits `--exclude-dir` (basenames) PLUS
|
|
1628
1669
|
`--fullpath --not-match-d` (Perl regex on full path).
|
|
1629
1670
|
`getPythonExcludeFilter` emits both a basename set AND a multi-
|
|
@@ -1825,7 +1866,7 @@ discipline.
|
|
|
1825
1866
|
(osv-scanner reads Gemfile.lock directly, no `bundle env`/`bundle
|
|
1826
1867
|
show` introspection ladder). Stays accepted-deferred.
|
|
1827
1868
|
- **D017** (NEW) — `dxkit bom <large-project> > file.json` produces
|
|
1828
|
-
0-byte output intermittently on
|
|
1869
|
+
0-byte output intermittently on a large reference repo (1700+ deps).
|
|
1829
1870
|
EXIT=0, no error. Workaround: pipe through `cat`. Hypothesis:
|
|
1830
1871
|
Node stdout buffer doesn't drain before process exit when output
|
|
1831
1872
|
is large + stdout is a regular file. NOT a 2.4.6 ship blocker —
|
|
@@ -1835,7 +1876,7 @@ discipline.
|
|
|
1835
1876
|
### Pre-ship regression — clean
|
|
1836
1877
|
|
|
1837
1878
|
Sequential dxkit reports captured against dxkit-on-dxkit and
|
|
1838
|
-
|
|
1879
|
+
a large reference repo; 12 reports each diffed against the 2.4.5-fixed
|
|
1839
1880
|
baseline. Zero code regressions detected. All deltas explained:
|
|
1840
1881
|
|
|
1841
1882
|
- dxkit/test-gaps 16 → 32 — better data (Istanbul vs import-graph
|
|
@@ -1887,7 +1928,7 @@ at every commit in the 10-commit branch.
|
|
|
1887
1928
|
`typescript`, etc.). `unfilteredTotalPackages` 22 → 353. The
|
|
1888
1929
|
analyzed project's own deps were missing from BoM whenever the
|
|
1889
1930
|
bug hit. Most repos that resolve peer-deps cleanly under
|
|
1890
|
-
`--legacy-peer-deps` weren't affected (
|
|
1931
|
+
`--legacy-peer-deps` weren't affected (the reference repo's BoM
|
|
1891
1932
|
stayed correct at 145 packages); repos with subtle peer-dep
|
|
1892
1933
|
issues silently lost root-dep enumeration.
|
|
1893
1934
|
|
|
@@ -2756,7 +2797,7 @@ unchanged — consumers can re-derive trivially if needed.
|
|
|
2756
2797
|
- 715 tests passing (+18 pm-signals cases: license class mapping,
|
|
2757
2798
|
compound expressions, staleness thresholds, effort semver deltas).
|
|
2758
2799
|
- Typecheck + lint + format + architecture + pre-push CI-mirror gate clean.
|
|
2759
|
-
-
|
|
2800
|
+
- reference-repo smoke: all 4 sheets render correctly, exec summary
|
|
2760
2801
|
surfaces 3 ship-blockers + 9 sprint-risk findings + pm2 flagged
|
|
2761
2802
|
copyleft-strong, `@loopback/rest` surfaces as highest-leverage upgrade
|
|
2762
2803
|
(27 transitive advisories, worst CRITICAL).
|
|
@@ -2764,7 +2805,7 @@ unchanged — consumers can re-derive trivially if needed.
|
|
|
2764
2805
|
## [2.3.1] - 2026-04-24
|
|
2765
2806
|
|
|
2766
2807
|
Patch release fixing three install-robustness issues reported on a
|
|
2767
|
-
real
|
|
2808
|
+
real reference-repo install:
|
|
2768
2809
|
|
|
2769
2810
|
### Fixed
|
|
2770
2811
|
|
|
@@ -2810,7 +2851,7 @@ real vyuhlabs-platform install:
|
|
|
2810
2851
|
Warnings only, no functional impact; would require either switching
|
|
2811
2852
|
xlsx libraries (breaking) or upstream archiver modernization.
|
|
2812
2853
|
|
|
2813
|
-
### Validation on
|
|
2854
|
+
### Validation on the polyglot reference repo
|
|
2814
2855
|
|
|
2815
2856
|
- `vyuh-dxkit tools` reports 12/13 tools found (vitest-coverage
|
|
2816
2857
|
correctly listed as missing since lb-mocha is in use)
|
|
@@ -2883,7 +2924,7 @@ merge → tag → CI-publishes without deviation.
|
|
|
2883
2924
|
unions the roots each package was found in; `isTopLevel`
|
|
2884
2925
|
OR-merges; vulns dedup on `(id, package, installedVersion)`.
|
|
2885
2926
|
Closes **D001a** — `bom platform/` previously missed
|
|
2886
|
-
|
|
2927
|
+
the product subdirectory entirely. Side-benefit: naturally
|
|
2887
2928
|
addresses **D003** (C# multi-project) since each `.csproj`
|
|
2888
2929
|
becomes its own root. (10h.5.0b)
|
|
2889
2930
|
|
|
@@ -3000,7 +3041,7 @@ bump required.
|
|
|
3000
3041
|
- **TypeScript pack** — BFS over `package-lock.json` (v2/v3) from
|
|
3001
3042
|
each root `dependencies` / `devDependencies` entry. Pure parser
|
|
3002
3043
|
`buildTsTopLevelDepIndex` unit-tested; benchmark on
|
|
3003
|
-
|
|
3044
|
+
reference repo: 71/71 findings attributed across 31 vulnerable
|
|
3004
3045
|
packages, `@loopback/cli` rollup = 29 advisories (matches Snyk UI).
|
|
3005
3046
|
|
|
3006
3047
|
- **Python pack** — BFS over `pip show` graph from packages with empty
|
|
@@ -3066,7 +3107,7 @@ bump required.
|
|
|
3066
3107
|
`obj/project.assets.json`. Findings still emit; `topLevelDep` stays
|
|
3067
3108
|
unset.
|
|
3068
3109
|
|
|
3069
|
-
- Release validated against
|
|
3110
|
+
- Release validated against the TypeScript reference benchmark.
|
|
3070
3111
|
Python/Go/Rust/C# packs exercised via fixture-based unit tests
|
|
3071
3112
|
(+53 new tests across the 4 non-TS language test files); real-world
|
|
3072
3113
|
validation lands with 2.3.0's cross-ecosystem benchmark fixtures.
|