claude-crap 0.3.7 → 0.4.0

package/src/scanner/detector.ts

@@ -17,8 +17,8 @@
  * @module scanner/detector
  */
 
-import { existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
+import { existsSync, readFileSync, readdirSync } from "node:fs";
+import { join, resolve } from "node:path";
 import { execFile } from "node:child_process";
 import type { KnownScanner } from "../adapters/common.js";
 
@@ -36,6 +36,8 @@ export interface ScannerDetection {
   reason: string;
   /** Path to the config file that triggered detection, if any. */
   configPath?: string;
+  /** Working directory to run the scanner from (defaults to workspace root). */
+  workingDir?: string;
 }
 
 // ── Detection signals ──────────────────────────────────────────────
@@ -98,6 +100,19 @@ const SCANNER_SIGNALS: Record<KnownScanner, ScannerSignals> = {
     packageJsonKeys: ["@stryker-mutator/core"],
     binaryNames: ["stryker"],
   },
+  dart_analyze: {
+    configFiles: [
+      "analysis_options.yaml",
+      "pubspec.yaml",
+    ],
+    packageJsonKeys: [],
+    binaryNames: ["dart"],
+  },
+  dotnet_format: {
+    configFiles: [],
+    packageJsonKeys: [],
+    binaryNames: ["dotnet"],
+  },
 };
 
 // ── Probes ──────────────────────────────────────────────────────────
@@ -163,9 +178,9 @@ function probeBinary(binaryName: string): Promise<boolean> {
 // ── Public API ──────────────────────────────────────────────────────
 
 /**
- * Detect which of the four supported scanners are available in the
- * given workspace. Probes config files, package.json, and binary
- * availability in order, short-circuiting on first match.
+ * Detect which supported scanners are available in the given workspace.
+ * Probes config files, package.json, and binary availability in order,
+ * short-circuiting on first match.
  *
  * @param workspaceRoot Absolute path to the project root.
  * @returns One {@link ScannerDetection} per known scanner.
@@ -173,7 +188,7 @@ function probeBinary(binaryName: string): Promise<boolean> {
 export async function detectScanners(
   workspaceRoot: string,
 ): Promise<ScannerDetection[]> {
-  const scanners: KnownScanner[] = ["eslint", "semgrep", "bandit", "stryker"];
+  const scanners: KnownScanner[] = ["eslint", "semgrep", "bandit", "stryker", "dart_analyze", "dotnet_format"];
 
   const results = await Promise.all(
     scanners.map(async (scanner): Promise<ScannerDetection> => {
@@ -188,12 +203,18 @@ export async function detectScanners(
         };
       }
 
-      // 2. Package.json probe
+      // 2. Package.json probe — declared in deps/devDeps, but is it
+      //    actually installed? Check node_modules/.bin/ for the binary.
       if (probePackageJson(workspaceRoot, scanner)) {
+        const binName = SCANNER_SIGNALS[scanner].binaryNames[0];
+        const binPath = binName ? join(workspaceRoot, "node_modules", ".bin", binName) : null;
+        const installed = binPath !== null && existsSync(binPath);
         return {
           scanner,
-          available: true,
-          reason: `found in package.json dependencies`,
+          available: installed,
+          reason: installed
+            ? "found in package.json and installed"
+            : `found in package.json but not installed (run \`npm install\`)`,
         };
       }
 
@@ -220,5 +241,93 @@ export async function detectScanners(
   return results;
 }
 
+// ── Monorepo subdirectory probing ────────────────────────────────
+
+/**
+ * Common monorepo directory names that may contain workspace
+ * subdirectories. Checked one level deep only.
+ */
+const MONOREPO_DIRS = ["apps", "packages", "libs", "modules", "services"];
+
+/**
+ * Detect scanners in monorepo subdirectories. Probes first-level
+ * children of common monorepo directories (apps/, packages/, etc.)
+ * and npm workspaces for scanner config files. Returns detections
+ * with a `workingDir` pointing to the subdirectory.
+ *
+ * This catches e.g. `apps/mobile/pubspec.yaml` in a polyglot monorepo
+ * where the root-level detector only finds ESLint.
+ *
+ * @param workspaceRoot Absolute path to the project root.
+ * @returns Additional detections from subdirectories (may be empty).
+ */
+export async function detectMonorepoScanners(
+  workspaceRoot: string,
+): Promise<ScannerDetection[]> {
+  const subdirs = new Set<string>();
+
+  // 1. Read npm workspaces from package.json
+  try {
+    const pkgPath = join(workspaceRoot, "package.json");
+    const raw = readFileSync(pkgPath, "utf-8");
+    const pkg = JSON.parse(raw) as Record<string, unknown>;
+    if (Array.isArray(pkg.workspaces)) {
+      for (const ws of pkg.workspaces) {
+        if (typeof ws === "string" && !ws.includes("*")) {
+          const full = resolve(workspaceRoot, ws);
+          if (existsSync(full)) subdirs.add(full);
+        }
+      }
+    }
+  } catch {
+    // No package.json or not parseable — continue
+  }
+
+  // 2. Scan common monorepo directories one level deep
+  for (const dir of MONOREPO_DIRS) {
+    const full = join(workspaceRoot, dir);
+    try {
+      const entries = readdirSync(full, { withFileTypes: true });
+      for (const entry of entries) {
+        if (entry.isDirectory() && !entry.name.startsWith(".")) {
+          subdirs.add(join(full, entry.name));
+        }
+      }
+    } catch {
+      // Directory doesn't exist — skip
+    }
+  }
+
+  if (subdirs.size === 0) return [];
+
+  // 3. Probe each subdirectory for scanner config files
+  const detections: ScannerDetection[] = [];
+  const scanners: KnownScanner[] = ["eslint", "semgrep", "bandit", "stryker", "dart_analyze", "dotnet_format"];
+
+  for (const subdir of subdirs) {
+    for (const scanner of scanners) {
+      const configProbe = probeConfigFiles(subdir, scanner);
+      if (!configProbe.found) continue;
+
+      // For dart_analyze, also verify the binary is on PATH
+      if (scanner === "dart_analyze") {
+        const hasBinary = await probeBinary("dart");
+        if (!hasBinary) continue;
+      }
+
+      const relDir = subdir.replace(workspaceRoot + "/", "");
+      detections.push({
+        scanner,
+        available: true,
+        reason: `config file found in ${relDir}/`,
+        ...(configProbe.path ? { configPath: configProbe.path } : {}),
+        workingDir: subdir,
+      });
+    }
+  }
+
+  return detections;
+}
+
 // Exported for testing
-export { SCANNER_SIGNALS };
+export { SCANNER_SIGNALS, MONOREPO_DIRS };

package/src/scanner/runner.ts

@@ -91,6 +91,26 @@ function getScannerCommand(
         nonZeroIsNormal: false,
         outputFile: join(workspaceRoot, "reports", "mutation", "mutation.json"),
       };
+    case "dart_analyze":
+      return {
+        command: "dart",
+        args: ["analyze", "--format=json", "."],
+        timeoutMs: 120_000,
+        nonZeroIsNormal: true, // exits 3 when findings exist
+      };
+    case "dotnet_format":
+      return {
+        command: "dotnet",
+        args: [
+          "format",
+          "--verify-no-changes",
+          "--report",
+          join(workspaceRoot, ".claude-crap", "dotnet-report.json"),
+        ],
+        timeoutMs: 120_000,
+        nonZeroIsNormal: true,
+        outputFile: join(workspaceRoot, ".claude-crap", "dotnet-report.json"),
+      };
   }
 }
 
@@ -101,21 +121,24 @@ function getScannerCommand(
  *
  * @param scanner       Which scanner to run.
  * @param workspaceRoot Absolute path to the project root (used as cwd).
+ * @param options       Optional overrides.
  * @returns             A {@link ScannerRunResult} with stdout or file output.
  */
 export function runScanner(
   scanner: KnownScanner,
   workspaceRoot: string,
+  options?: { workingDir?: string },
 ): Promise<ScannerRunResult> {
   const start = Date.now();
-  const cmd = getScannerCommand(scanner, workspaceRoot);
+  const cwd = options?.workingDir ?? workspaceRoot;
+  const cmd = getScannerCommand(scanner, cwd);
 
   return new Promise((resolve) => {
     execFile(
       cmd.command,
       cmd.args,
       {
-        cwd: workspaceRoot,
+        cwd,
         timeout: cmd.timeoutMs,
         maxBuffer: 50 * 1024 * 1024, // 50 MB — large codebases produce verbose output
         env: { ...process.env, FORCE_COLOR: "0" }, // suppress ANSI in output

package/src/schemas/tool-schemas.ts

@@ -134,11 +134,27 @@ export const scoreProjectSchema = {
       description:
         "Output format. `markdown` returns only the chat summary, `json` returns only the structured snapshot, `both` (default) returns both as separate content blocks.",
     },
+    scope: {
+      type: "string",
+      description: "Optional project name from the project map. When provided, the score is computed only for files within that project's subtree. Omit to score the entire workspace.",
+    },
   },
   required: [],
   additionalProperties: false,
 } as const;
 
+/**
+ * Schema for the `list_projects` tool. Returns the discovered sub-projects
+ * in the workspace, or an empty list for single-project workspaces.
+ */
+export const listProjectsSchema = {
+  type: "object",
+  description: "List all discovered sub-projects in the workspace. In a monorepo, returns each sub-project with its type, path, and recommended scanner. In a single-project workspace, returns an empty list.",
+  properties: {},
+  required: [],
+  additionalProperties: false,
+} as const;
+
 /**
  * Schema for the `require_test_harness` tool. Checks whether a production
  * source file has an accompanying test file in any of the conventional
@@ -181,7 +197,7 @@ export const ingestScannerOutputSchema = {
   properties: {
     scanner: {
       type: "string",
-      enum: ["semgrep", "eslint", "bandit", "stryker"],
+      enum: ["semgrep", "eslint", "bandit", "stryker", "dart_analyze", "dotnet_format"],
       description: "Identifier of the producing scanner.",
     },
     rawOutput: {

package/src/shared/exclusions.ts

@@ -0,0 +1,156 @@
+/**
+ * Centralized file and directory exclusion system.
+ *
+ * Every filesystem walker in the codebase (workspace-walker,
+ * complexity-scanner, dashboard file-detail) imports from this module
+ * instead of maintaining its own `SKIP_DIRS` constant. This
+ * guarantees all subsystems agree on what to exclude.
+ *
+ * User-configurable exclusions from `.claude-crap.json` are layered
+ * on top of the defaults via {@link createExclusionFilter}.
+ *
+ * @module shared/exclusions
+ */
+
+import picomatch from "picomatch";
+
+// ── Default exclusions ──────────────────────────────────────────
+
+/**
+ * Directories excluded by name at any depth. A walker that encounters
+ * a directory entry whose name is in this set should skip the entire
+ * subtree. The set covers package managers, VCS, build outputs for
+ * all major frameworks, language-specific caches, and plugin state.
+ */
+export const DEFAULT_SKIP_DIRS: ReadonlySet<string> = new Set([
+  // Package managers / vendored deps
+  "node_modules",
+  "vendor",
+
+  // Version control
+  ".git",
+
+  // Build outputs (general)
+  "dist",
+  "build",
+  "bundle",
+  "out",
+  "target",
+  "coverage",
+
+  // Framework build outputs
+  ".next",        // Next.js
+  ".nuxt",        // Nuxt 2
+  ".output",      // Nuxt 3
+  ".vercel",      // Vercel
+  ".svelte-kit",  // SvelteKit
+  ".astro",       // Astro
+  ".angular",     // Angular
+  ".turbo",       // Turborepo
+  ".parcel-cache",// Parcel
+  ".expo",        // Expo / React Native
+
+  // Language-specific caches
+  ".venv",
+  "venv",
+  "__pycache__",
+  ".cache",
+  ".dart_tool",   // Dart / Flutter
+  ".gradle",      // Gradle
+
+  // IDE state
+  ".idea",
+
+  // Plugin state
+  ".claude-crap",
+  ".codesight",
+]);
+
+/**
+ * Filename-level glob patterns that match generated or minified files
+ * regardless of which directory they live in. Matched against the
+ * bare filename (not the full path).
+ */
+export const DEFAULT_SKIP_PATTERNS: ReadonlyArray<string> = [
+  "*.min.js",
+  "*.min.css",
+  "*.min.mjs",
+  "*.min.cjs",
+  "*.bundle.js",
+  "*.chunk.js",
+];
+
+// ── Exclusion filter ────────────────────────────────────────────
+
+/**
+ * Stateless, pre-compiled filter that every filesystem walker uses
+ * to decide whether to skip a directory or file.
+ */
+export interface ExclusionFilter {
+  /** Returns `true` when the directory should be skipped entirely. */
+  shouldSkipDir(dirName: string): boolean;
+  /** Returns `true` when the file should be excluded from analysis. */
+  shouldSkipFile(relativePath: string, fileName: string): boolean;
+}
+
+/**
+ * Create an {@link ExclusionFilter} that combines the built-in
+ * defaults with optional user-defined patterns from `.claude-crap.json`.
+ *
+ * User patterns follow `.gitignore`-style conventions:
+ *   - `apps/legacy/`   → trailing `/` means directory exclusion
+ *   - `*.proto.ts`     → glob matched against workspace-relative path
+ *   - `src/generated/**` → path-prefix glob
+ *
+ * Picomatch matchers are compiled once at construction, so per-file
+ * checks are O(1) set lookups plus O(n) matcher calls where n is
+ * the small number of user patterns (typically < 20).
+ *
+ * @param userExclusions Optional patterns from `.claude-crap.json`.
+ */
+export function createExclusionFilter(
+  userExclusions?: ReadonlyArray<string>,
+): ExclusionFilter {
+  // Split user patterns into directory exclusions and file globs
+  const extraDirs = new Set<string>();
+  const fileGlobs: string[] = [];
+
+  for (const pattern of userExclusions ?? []) {
+    if (pattern.endsWith("/")) {
+      // Directory exclusion — strip trailing slash
+      extraDirs.add(pattern.slice(0, -1));
+    } else {
+      fileGlobs.push(pattern);
+    }
+  }
+
+  // Compile filename-level matchers once
+  const defaultFileMatchers = DEFAULT_SKIP_PATTERNS.map((p) =>
+    picomatch(p, { dot: true }),
+  );
+  const userFileMatchers = fileGlobs.map((p) =>
+    picomatch(p, { dot: true }),
+  );
+
+  return {
+    shouldSkipDir(dirName: string): boolean {
+      // Hidden directories are always skipped except .claude-plugin
+      if (dirName.startsWith(".") && dirName !== ".claude-plugin") {
+        return DEFAULT_SKIP_DIRS.has(dirName) || true;
+      }
+      return DEFAULT_SKIP_DIRS.has(dirName) || extraDirs.has(dirName);
+    },
+
+    shouldSkipFile(relativePath: string, fileName: string): boolean {
+      // Check filename against default minified/bundled patterns
+      for (const matcher of defaultFileMatchers) {
+        if (matcher(fileName)) return true;
+      }
+      // Check against user-defined globs (matched on relative path)
+      for (const matcher of userFileMatchers) {
+        if (matcher(relativePath) || matcher(fileName)) return true;
+      }
+      return false;
+    },
+  };
+}

package/src/tests/adapters/dispatch.test.ts

@@ -94,7 +94,7 @@ describe("adaptScannerOutput", () => {
     assert.throws(() => adaptScannerOutput(scanner, {}));
   });
 
-  it("KNOWN_SCANNERS is frozen and contains exactly the four supported names", () => {
-    assert.deepEqual([...KNOWN_SCANNERS].sort(), ["bandit", "eslint", "semgrep", "stryker"]);
+  it("KNOWN_SCANNERS is frozen and contains all supported names", () => {
+    assert.deepEqual([...KNOWN_SCANNERS].sort(), ["bandit", "dart_analyze", "dotnet_format", "eslint", "semgrep", "stryker"]);
   });
 });

package/src/tests/auto-scan.test.ts

@@ -34,7 +34,7 @@ describe("autoScan", () => {
         outputDir: join(dir, ".claude-crap/reports"),
       });
       const result = await autoScan(dir, store, logger);
-      assert.equal(result.detected.length, 4);
+      assert.equal(result.detected.length, 6);
       assert.ok(result.totalDurationMs >= 0);
       // No scanners available means no results
       // (unless the host has scanner binaries installed)
@@ -129,7 +129,7 @@ describe("autoScan", () => {
       const result = await autoScan(dir, store, logger);
 
       const scannerNames = result.detected.map((d) => d.scanner).sort();
-      assert.deepEqual(scannerNames, ["bandit", "eslint", "semgrep", "stryker"]);
+      assert.deepEqual(scannerNames, ["bandit", "dart_analyze", "dotnet_format", "eslint", "semgrep", "stryker"]);
     } finally {
       rmSync(dir, { recursive: true, force: true });
     }