brakit 0.8.4 → 0.8.6

package/README.md

@@ -41,7 +41,7 @@
 <p align="center">
   <img width="700" src="docs/images/vscode.png" alt="Claude reading Brakit findings in VS Code" />
   <br />
-  <sub>Claude reads findings via MCP and fixes your code</sub>
+  <sub>Claude reads issues via MCP and fixes your code</sub>
 </p>
 
 ## Quick Start
@@ -56,7 +56,7 @@ That's it. Brakit detects your framework, adds itself as a devDependency, and cr
 npm run dev
 ```
 
-Dashboard at `http://localhost:<port>/__brakit`. Insights in the terminal.
+Dashboard at `http://localhost:<port>/__brakit`. Issues in the terminal.
 
 > **Requirements:** Node.js >= 18 and a project with `package.json`.
 
@@ -74,7 +74,7 @@ Dashboard at `http://localhost:<port>/__brakit`. Insights in the terminal.
 - **Full server tracing** — fetch calls, DB queries, console logs, errors — zero code changes
 - **Response overfetch** — large JSON responses with many fields your client doesn't use
 - **Performance tracking** — health grades and p95 trends across dev sessions
-- **AI-native via MCP** — Claude Code and Cursor can query findings, inspect endpoints, and verify fixes directly
+- **AI-native via MCP** — Claude Code and Cursor can query issues, inspect endpoints, and verify fixes directly
 
 ---
 

package/dist/api.d.ts

@@ -1,6 +1,6 @@
 import { IncomingHttpHeaders } from 'node:http';
 
-type HttpMethod = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "HEAD" | "OPTIONS" | (string & {});
+type HttpMethod = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "HEAD" | "OPTIONS";
 type FlatHeaders = Record<string, string>;
 interface TracedRequest {
     id: string;
@@ -19,7 +19,7 @@ interface TracedRequest {
 }
 type RequestListener = (req: TracedRequest) => void;
 
-type Framework = "nextjs" | "remix" | "nuxt" | "vite" | "astro" | "custom" | "unknown";
+type Framework = "nextjs" | "remix" | "nuxt" | "vite" | "astro" | "flask" | "fastapi" | "django" | "custom" | "unknown";
 interface DetectedProject {
     framework: Framework;
     devCommand: string;
@@ -79,7 +79,7 @@ interface TracedError extends TelemetryEntry {
 }
 type NormalizedOp = "SELECT" | "INSERT" | "UPDATE" | "DELETE" | "OTHER";
 interface TracedQuery extends TelemetryEntry {
-    driver: "pg" | "mysql2" | "prisma" | string;
+    driver: "pg" | "mysql2" | "prisma" | "sdk";
     sql?: string;
     model?: string;
     operation?: string;
@@ -160,105 +160,81 @@ interface SecurityFinding {
     count: number;
 }
 
-type FindingState = "open" | "fixing" | "resolved";
-type FindingSource = "passive";
-interface StatefulFinding {
-    /** Stable ID derived from rule + endpoint + description hash */
-    findingId: string;
-    state: FindingState;
-    source: FindingSource;
-    finding: SecurityFinding;
-    firstSeenAt: number;
-    lastSeenAt: number;
-    resolvedAt: number | null;
-    occurrences: number;
-}
-interface FindingsData {
-    version: 1;
-    findings: StatefulFinding[];
-}
-
-type InsightSeverity = Severity;
-type InsightType = "n1" | "cross-endpoint" | "redundant-query" | "error" | "error-hotspot" | "duplicate" | "slow" | "query-heavy" | "select-star" | "high-rows" | "large-response" | "response-overfetch" | "security" | "regression";
-interface Insight {
-    severity: InsightSeverity;
-    type: InsightType;
+type IssueState = "open" | "fixing" | "resolved" | "stale" | "regressed";
+type IssueSource = "passive";
+type IssueCategory = "security" | "performance" | "reliability";
+type AiFixStatus = "fixed" | "wont_fix";
+interface Issue {
+    category: IssueCategory;
+    /** Rule identifier: "slow", "n1", "exposed-secret", etc. */
+    rule: string;
+    severity: Severity;
     title: string;
     desc: string;
     hint: string;
     detail?: string;
+    /** Explicit endpoint key (e.g., "GET /api/users"). */
+    endpoint?: string;
+    /** Dashboard tab to link to (e.g., "requests", "queries", "security"). */
     nav?: string;
 }
-interface InsightContext {
-    requests: readonly TracedRequest[];
-    queries: readonly TracedQuery[];
-    errors: readonly TracedError[];
-    flows: readonly RequestFlow[];
-    fetches: readonly TracedFetch[];
-    previousMetrics?: readonly EndpointMetrics[];
-    securityFindings?: readonly SecurityFinding[];
-}
-interface EndpointGroup {
-    total: number;
-    errors: number;
-    totalDuration: number;
-    queryCount: number;
-    totalSize: number;
-    totalQueryTimeMs: number;
-    totalFetchTimeMs: number;
-    queryShapeDurations: Map<string, {
-        totalMs: number;
-        count: number;
-        label: string;
-    }>;
-}
-interface PreparedInsightContext extends InsightContext {
-    nonStatic: readonly TracedRequest[];
-    queriesByReq: ReadonlyMap<string, TracedQuery[]>;
-    fetchesByReq: ReadonlyMap<string, TracedFetch[]>;
-    reqById: ReadonlyMap<string, TracedRequest>;
-    endpointGroups: ReadonlyMap<string, EndpointGroup>;
-}
-
-type InsightState = "open" | "resolved";
-interface StatefulInsight {
-    key: string;
-    state: InsightState;
-    insight: Insight;
+interface StatefulIssue {
+    /** Stable ID derived from rule + endpoint + description hash. */
+    issueId: string;
+    state: IssueState;
+    source: IssueSource;
+    category: IssueCategory;
+    issue: Issue;
     firstSeenAt: number;
     lastSeenAt: number;
     resolvedAt: number | null;
-    /** Consecutive recompute cycles where the insight was not detected. */
-    consecutiveAbsences: number;
+    occurrences: number;
+    /**
+     * Number of requests to this endpoint that did NOT reproduce the issue
+     * since it was last seen. Used for evidence-based resolution.
+     */
+    cleanHitsSinceLastSeen: number;
+    /** What AI reported after attempting a fix. */
+    aiStatus: AiFixStatus | null;
+    /** AI's summary of what was done or why it can't be fixed. */
+    aiNotes: string | null;
+}
+interface IssuesData {
+    version: 2;
+    issues: StatefulIssue[];
 }
 
-declare class FindingStore {
-    private rootDir;
-    private findings;
+declare class IssueStore {
+    private dataDir;
+    private issues;
     private flushTimer;
     private dirty;
     private readonly writer;
-    private readonly findingsPath;
-    constructor(rootDir: string);
+    private readonly issuesPath;
+    constructor(dataDir: string);
     start(): void;
     stop(): void;
-    upsert(finding: SecurityFinding, source: FindingSource): StatefulFinding;
-    transition(findingId: string, state: FindingState): boolean;
+    upsert(issue: Issue, source: IssueSource): StatefulIssue;
     /**
-     * Reconcile passive findings against the current analysis results.
+     * Reconcile issues against the current analysis results using evidence-based resolution.
      *
-     * Passive findings are detected by continuous scanning (not user-triggered).
-     * When a previously-seen finding is absent from the current results, it means
-     * the issue has been fixed — transition it to "resolved" automatically.
-     * Active findings (from MCP verify-fix) are not auto-resolved because they
-     * require explicit verification.
+     * @param currentIssueIds - IDs of issues detected in the current analysis cycle
+     * @param activeEndpoints - Endpoints that had requests in the current cycle
      */
-    reconcilePassive(currentFindings: readonly SecurityFinding[]): void;
-    getAll(): readonly StatefulFinding[];
-    getByState(state: FindingState): readonly StatefulFinding[];
-    get(findingId: string): StatefulFinding | undefined;
+    reconcile(currentIssueIds: Set<string>, activeEndpoints: Set<string>): void;
+    transition(issueId: string, state: IssueState): boolean;
+    reportFix(issueId: string, status: AiFixStatus, notes: string): boolean;
+    getAll(): readonly StatefulIssue[];
+    getByState(state: IssueState): readonly StatefulIssue[];
+    getByCategory(category: IssueCategory): readonly StatefulIssue[];
+    get(issueId: string): StatefulIssue | undefined;
     clear(): void;
-    private load;
+    isDirty(): boolean;
+    private loadAsync;
+    /** Sync load for tests only — not used in production paths. */
+    loadSync(): void;
+    /** Parse and populate issues from a raw JSON string. */
+    private hydrate;
     private flush;
     private flushSync;
     private serialize;
@@ -271,9 +247,15 @@ interface BrakitAdapter {
     unpatch?(): void;
 }
 
+/** Pre-parsed JSON bodies keyed by request ID, built once per scan cycle. */
+interface ParsedBodyCache {
+    response: Map<string, unknown>;
+    request: Map<string, unknown>;
+}
 interface SecurityContext {
     requests: readonly TracedRequest[];
     logs: readonly TracedLog[];
+    parsedBodies: ParsedBodyCache;
 }
 interface SecurityRule {
     id: string;
@@ -286,11 +268,56 @@ interface SecurityRule {
 declare class SecurityScanner {
     private rules;
     register(rule: SecurityRule): void;
-    scan(ctx: SecurityContext): SecurityFinding[];
+    scan(input: {
+        requests: readonly TracedRequest[];
+        logs: readonly TracedLog[];
+    }): SecurityFinding[];
     getRules(): readonly SecurityRule[];
 }
 declare function createDefaultScanner(): SecurityScanner;
 
+type InsightSeverity = Severity;
+type InsightType = "n1" | "cross-endpoint" | "redundant-query" | "error" | "error-hotspot" | "duplicate" | "slow" | "query-heavy" | "select-star" | "high-rows" | "large-response" | "response-overfetch" | "security" | "regression";
+interface Insight {
+    severity: InsightSeverity;
+    type: InsightType;
+    title: string;
+    desc: string;
+    hint: string;
+    detail?: string;
+    nav?: string;
+}
+interface InsightContext {
+    requests: readonly TracedRequest[];
+    queries: readonly TracedQuery[];
+    errors: readonly TracedError[];
+    flows: readonly RequestFlow[];
+    fetches: readonly TracedFetch[];
+    previousMetrics?: readonly EndpointMetrics[];
+    securityFindings?: readonly SecurityFinding[];
+}
+interface EndpointGroup {
+    total: number;
+    errors: number;
+    totalDuration: number;
+    queryCount: number;
+    totalSize: number;
+    totalQueryTimeMs: number;
+    totalFetchTimeMs: number;
+    queryShapeDurations: Map<string, {
+        totalMs: number;
+        count: number;
+        label: string;
+    }>;
+}
+interface PreparedInsightContext extends InsightContext {
+    nonStatic: readonly TracedRequest[];
+    queriesByReq: ReadonlyMap<string, TracedQuery[]>;
+    fetchesByReq: ReadonlyMap<string, TracedFetch[]>;
+    reqById: ReadonlyMap<string, TracedRequest>;
+    endpointGroups: ReadonlyMap<string, EndpointGroup>;
+}
+
 interface InsightRule {
     id: InsightType;
     check(ctx: PreparedInsightContext): Insight[];
@@ -317,10 +344,9 @@ declare class AdapterRegistry {
 }
 
 interface AnalysisUpdate {
-    insights: Insight[];
-    findings: SecurityFinding[];
-    statefulFindings: readonly StatefulFinding[];
-    statefulInsights: readonly StatefulInsight[];
+    insights: readonly Insight[];
+    findings: readonly SecurityFinding[];
+    issues: readonly StatefulIssue[];
 }
 interface ChannelMap {
     "telemetry:fetch": Omit<TracedFetch, "id">;
@@ -329,7 +355,8 @@ interface ChannelMap {
     "telemetry:error": Omit<TracedError, "id">;
     "request:completed": TracedRequest;
     "analysis:updated": AnalysisUpdate;
-    "store:cleared": void;
+    "issues:changed": readonly StatefulIssue[];
+    "store:cleared": undefined;
 }
 type Listener<T> = (data: T) => void;
 declare class EventBus {
@@ -354,6 +381,10 @@ interface CaptureInput {
     config: Pick<BrakitConfig, "maxBodyCapture">;
 }
 
+interface Lifecycle {
+    start(): void;
+    stop(): void;
+}
 interface TelemetryStoreInterface<T extends TelemetryEntry> {
     add(data: Omit<T, "id">): T;
     getAll(): readonly T[];
@@ -362,37 +393,32 @@ interface TelemetryStoreInterface<T extends TelemetryEntry> {
 }
 interface RequestStoreInterface {
     capture(input: CaptureInput): TracedRequest;
+    add(entry: TracedRequest): void;
     getAll(): readonly TracedRequest[];
     clear(): void;
 }
-interface MetricsStoreInterface {
+interface MetricsStoreInterface extends Lifecycle {
     recordRequest(req: TracedRequest, metrics: RequestMetrics): void;
     getAll(): readonly EndpointMetrics[];
     getEndpoint(endpoint: string): EndpointMetrics | undefined;
     getLiveEndpoints(): LiveEndpointData[];
     reset(): void;
-    start(): void;
-    stop(): void;
 }
-interface FindingStoreInterface {
-    upsert(finding: SecurityFinding, source: FindingSource): StatefulFinding;
-    transition(findingId: string, state: FindingState): boolean;
-    reconcilePassive(findings: readonly SecurityFinding[]): void;
-    getAll(): readonly StatefulFinding[];
-    getByState(state: FindingState): readonly StatefulFinding[];
-    get(findingId: string): StatefulFinding | undefined;
+interface IssueStoreInterface extends Lifecycle {
+    upsert(issue: Issue, source: IssueSource): StatefulIssue;
+    transition(issueId: string, state: IssueState): boolean;
+    reportFix(issueId: string, status: AiFixStatus, notes: string): boolean;
+    reconcile(currentIssueIds: Set<string>, activeEndpoints: Set<string>): void;
+    getAll(): readonly StatefulIssue[];
+    getByState(state: IssueState): readonly StatefulIssue[];
+    getByCategory(category: IssueCategory): readonly StatefulIssue[];
+    get(issueId: string): StatefulIssue | undefined;
     clear(): void;
-    start(): void;
-    stop(): void;
 }
-interface AnalysisEngineInterface {
-    start(): void;
-    stop(): void;
+interface AnalysisEngineInterface extends Lifecycle {
     recompute(): void;
     getInsights(): readonly Insight[];
     getFindings(): readonly SecurityFinding[];
-    getStatefulInsights(): readonly StatefulInsight[];
-    getStatefulFindings(): readonly StatefulFinding[];
 }
 
 interface ServiceMap {
@@ -403,7 +429,7 @@ interface ServiceMap {
     "log-store": TelemetryStoreInterface<TracedLog>;
     "error-store": TelemetryStoreInterface<TracedError>;
     "metrics-store": MetricsStoreInterface;
-    "finding-store": FindingStoreInterface;
+    "issue-store": IssueStoreInterface;
     "analysis-engine": AnalysisEngineInterface;
 }
 declare class ServiceRegistry {
@@ -417,10 +443,8 @@ declare class AnalysisEngine {
     private registry;
     private debounceMs;
     private scanner;
-    private insightTracker;
     private cachedInsights;
     private cachedFindings;
-    private cachedStatefulInsights;
     private debounceTimer;
     private subs;
     constructor(registry: ServiceRegistry, debounceMs?: number);
@@ -428,12 +452,10 @@ declare class AnalysisEngine {
     stop(): void;
     getInsights(): readonly Insight[];
     getFindings(): readonly SecurityFinding[];
-    getStatefulFindings(): readonly StatefulFinding[];
-    getStatefulInsights(): readonly StatefulInsight[];
     private scheduleRecompute;
     recompute(): void;
 }
 
 declare const VERSION: string;
 
-export { AdapterRegistry, AnalysisEngine, type BrakitAdapter, type BrakitConfig, type DetectedProject, type FindingSource, type FindingState, FindingStore, type FindingsData, type FlatHeaders, type Framework, type HttpMethod, type Insight, type InsightContext, type InsightRule, InsightRunner, type NormalizedOp, type RequestCategory, type RequestListener, type SecurityContext, type SecurityFinding, type SecurityRule, SecurityScanner, type SecuritySeverity, type StatefulFinding, type TracedRequest, VERSION, computeInsights, createDefaultInsightRunner, createDefaultScanner, detectProject };
+export { AdapterRegistry, AnalysisEngine, type BrakitAdapter, type BrakitConfig, type DetectedProject, type FlatHeaders, type Framework, type HttpMethod, type Insight, type InsightContext, type InsightRule, InsightRunner, type IssueCategory, type IssueSource, type IssueState, IssueStore, type IssuesData, type NormalizedOp, type RequestCategory, type RequestListener, type SecurityContext, type SecurityFinding, type SecurityRule, SecurityScanner, type SecuritySeverity, type StatefulIssue, type TracedRequest, VERSION, computeInsights, createDefaultInsightRunner, createDefaultScanner, detectProject };