depwire-cli 0.9.24 → 0.9.26

package/dist/sdk.d.ts

@@ -222,6 +222,54 @@ declare class SimulationEngine {
     private computeHealthScore;
 }
 
+type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+type VulnerabilityClass = 'dependency-cve' | 'shell-injection' | 'code-injection' | 'secrets' | 'path-traversal' | 'auth' | 'input-validation' | 'information-disclosure' | 'architecture' | 'cryptography' | 'supply-chain' | 'frontend-xss';
+interface SecurityFinding {
+    id: string;
+    severity: Severity;
+    vulnerabilityClass: VulnerabilityClass;
+    file: string;
+    line?: number;
+    symbol?: string;
+    title: string;
+    description: string;
+    attackScenario: string;
+    suggestedFix: string;
+    graphReachability?: {
+        entryPoints: string[];
+        reachableFrom: number;
+        elevatedBy: string;
+    };
+}
+interface SecurityScanResult {
+    scannedAt: string;
+    projectRoot: string;
+    filesScanned: number;
+    findings: SecurityFinding[];
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        info: number;
+        total: number;
+    };
+    dependencyAudit: {
+        ran: boolean;
+        packageManager: string | null;
+        rawOutput: string;
+    };
+}
+interface SecurityScanOptions {
+    target?: string;
+    classes?: VulnerabilityClass[];
+    format?: 'table' | 'json' | 'sarif';
+    failOn?: Severity;
+    graphAware?: boolean;
+}
+
+declare function scanSecurity(projectRoot: string, graph: DirectedGraph, options?: SecurityScanOptions): Promise<SecurityScanResult>;
+
 /**
  * depwire-cli SDK — Public API Surface
  *
@@ -234,4 +282,4 @@ declare class SimulationEngine {
 /** Current SDK version — matches depwire-cli npm version */
 declare const DepwireSDKVersion: string;
 
-export { type BrokenImport, DepwireSDKVersion, type GraphDiff, type HealthDelta, type SimulationAction, SimulationEngine, type SimulationResult, analyzeDeadCode, buildGraph, calculateHealthScore, generateDocs, getArchitectureSummary, getImpact, parseProject, searchSymbols };
+export { type BrokenImport, DepwireSDKVersion, type GraphDiff, type HealthDelta, type SecurityFinding, type SecurityScanOptions, type SecurityScanResult, type Severity, type SimulationAction, SimulationEngine, type SimulationResult, type VulnerabilityClass, analyzeDeadCode, buildGraph, calculateHealthScore, generateDocs, getArchitectureSummary, getImpact, parseProject, scanSecurity, searchSymbols };

package/dist/sdk.js

@@ -7,8 +7,9 @@ import {
   getArchitectureSummary,
   getImpact,
   parseProject,
+  scanSecurity,
   searchSymbols
-} from "./chunk-QHVWDUSX.js";
+} from "./chunk-YYY5TNG7.js";
 
 // src/sdk.ts
 import { readFileSync } from "fs";
@@ -28,5 +29,6 @@ export {
   getArchitectureSummary,
   getImpact,
   parseProject,
+  scanSecurity,
   searchSymbols
 };

package/dist/viz/public/arc.js

@@ -1,4 +1,176 @@
 // Arc Diagram Renderer using D3.js
+
+// ── Factory function for creating isolated arc diagram instances ──
+window.createArcDiagram = function(containerId, svgId, tooltipId, data) {
+  let _data = data;
+  let _svg = null;
+  let _g = null;
+  let _filePositions = new Map();
+  let _selectedFile = null;
+  let _selectedArc = null;
+
+  function _showTooltip(event, content) {
+    const el = document.getElementById(tooltipId);
+    if (!el) return;
+    el.innerHTML = content;
+    el.style.left = (event.pageX + 10) + 'px';
+    el.style.top = (event.pageY + 10) + 'px';
+    el.classList.add('show');
+  }
+
+  function _hideTooltip() {
+    const el = document.getElementById(tooltipId);
+    if (!el) return;
+    el.classList.remove('show');
+  }
+
+  function _clearSelection() {
+    _selectedFile = null;
+    _selectedArc = null;
+    const ctr = d3.select('#' + containerId);
+    ctr.selectAll('.arc').classed('highlighted', false).classed('dimmed', false);
+    ctr.selectAll('.file-bar').classed('highlighted', false).classed('dimmed', false);
+  }
+
+  function render() {
+    const container = document.getElementById(containerId);
+    if (!container || !_data) return;
+
+    const width = container.clientWidth;
+    const height = container.clientHeight;
+    _filePositions.clear();
+    _selectedFile = null;
+    _selectedArc = null;
+
+    const svgEl = d3.select('#' + svgId);
+    svgEl.selectAll('*').remove();
+    _svg = svgEl.attr('width', width).attr('height', height);
+    _g = _svg.append('g');
+
+    const zoom = d3.zoom().scaleExtent([0.5, 4]).on('zoom', (event) => {
+      _g.attr('transform', event.transform);
+    });
+    _svg.call(zoom);
+
+    const margin = { top: 60, right: 40, bottom: 120, left: 40 };
+    const plotWidth = width - margin.left - margin.right;
+    const plotHeight = height - margin.top - margin.bottom;
+    const baseline = margin.top + plotHeight;
+
+    const totalSymbols = d3.sum(_data.files, d => d.symbolCount);
+    const minBarWidth = 4;
+    const gap = 2;
+    let x = margin.left;
+
+    _data.files.forEach(file => {
+      const barWidth = Math.max(minBarWidth, (file.symbolCount / totalSymbols) * plotWidth * 0.8);
+      _filePositions.set(file.path, { x: x + barWidth / 2, width: barWidth, file: file });
+      x += barWidth + gap;
+    });
+
+    const directories = [...new Set(_data.files.map(f => f.directory))];
+    const colorScale = d3.scaleOrdinal().domain(directories)
+      .range(['#4a9eff', '#7c3aed', '#ec4899', '#f59e0b', '#10b981', '#06b6d4']);
+
+    const maxDistance = d3.max(_data.arcs, arc => {
+      const s = _filePositions.get(arc.sourceFile);
+      const t = _filePositions.get(arc.targetFile);
+      return (s && t) ? Math.abs(t.x - s.x) : 0;
+    }) || 1;
+
+    const ctr = d3.select('#' + containerId);
+
+    _g.selectAll('.arc').data(_data.arcs).enter().append('path')
+      .attr('class', 'arc')
+      .attr('d', d => {
+        const s = _filePositions.get(d.sourceFile);
+        const t = _filePositions.get(d.targetFile);
+        if (!s || !t) return null;
+        const x1 = s.x, x2 = t.x, dist = Math.abs(x2 - x1), midX = (x1 + x2) / 2;
+        return `M ${x1} ${baseline} Q ${midX} ${baseline - dist * 0.4} ${x2} ${baseline}`;
+      })
+      .attr('stroke', d => {
+        const s = _filePositions.get(d.sourceFile);
+        const t = _filePositions.get(d.targetFile);
+        if (!s || !t) return '#4a9eff';
+        return d3.interpolateRainbow(Math.abs(t.x - s.x) / maxDistance);
+      })
+      .attr('stroke-width', d => Math.min(4, 1 + Math.log(d.edgeCount)))
+      .on('mouseover', function(event, d) {
+        if (_selectedArc) return;
+        d3.select(this).classed('highlighted', true);
+        ctr.selectAll('.arc').filter(a => a !== d).classed('dimmed', true);
+        ctr.selectAll('.file-bar').each(function(f) {
+          const match = f.path === d.sourceFile || f.path === d.targetFile;
+          d3.select(this).classed('highlighted', match).classed('dimmed', !match);
+        });
+        _showTooltip(event, `<div class="tooltip-line"><strong>${d.sourceFile}</strong> → <strong>${d.targetFile}</strong></div><div class="tooltip-line"><span class="tooltip-label">Edges:</span> ${d.edgeCount}</div>`);
+      })
+      .on('mouseout', function() {
+        if (_selectedArc) return;
+        d3.select(this).classed('highlighted', false);
+        ctr.selectAll('.arc').classed('dimmed', false);
+        ctr.selectAll('.file-bar').classed('highlighted', false).classed('dimmed', false);
+        _hideTooltip();
+      })
+      .on('click', function(event, d) {
+        event.stopPropagation();
+        if (_selectedArc === d) { _selectedArc = null; ctr.selectAll('.arc,.file-bar').classed('highlighted', false).classed('dimmed', false); _hideTooltip(); return; }
+        _selectedArc = d; _selectedFile = null;
+        ctr.selectAll('.arc').classed('highlighted', false).classed('dimmed', true);
+        d3.select(this).classed('highlighted', true).classed('dimmed', false);
+        ctr.selectAll('.file-bar').each(function(f) {
+          const match = f.path === d.sourceFile || f.path === d.targetFile;
+          d3.select(this).classed('highlighted', match).classed('dimmed', !match);
+        });
+      });
+
+    _g.selectAll('.file-bar').data(_data.files).enter().append('rect')
+      .attr('class', 'file-bar')
+      .attr('x', d => { const p = _filePositions.get(d.path); return p.x - p.width / 2; })
+      .attr('y', baseline).attr('width', d => _filePositions.get(d.path).width).attr('height', 8)
+      .attr('fill', d => colorScale(d.directory))
+      .on('mouseover', function(event, d) {
+        if (_selectedFile) return;
+        d3.select(this).classed('highlighted', true);
+        const connected = _data.arcs.filter(a => a.sourceFile === d.path || a.targetFile === d.path);
+        ctr.selectAll('.arc').classed('highlighted', a => connected.includes(a)).classed('dimmed', a => !connected.includes(a));
+        ctr.selectAll('.file-bar').filter(f => f !== d).classed('dimmed', true);
+        _showTooltip(event, `<div class="tooltip-line"><strong>${d.path}</strong></div><div class="tooltip-line"><span class="tooltip-label">Symbols:</span> ${d.symbolCount} | In: ${d.incomingCount} | Out: ${d.outgoingCount}</div>`);
+      })
+      .on('mouseout', function() {
+        if (_selectedFile) return;
+        d3.select(this).classed('highlighted', false);
+        ctr.selectAll('.arc').classed('highlighted', false).classed('dimmed', false);
+        ctr.selectAll('.file-bar').classed('dimmed', false);
+        _hideTooltip();
+      })
+      .on('click', function(event, d) {
+        event.stopPropagation();
+        if (_selectedFile === d) { _selectedFile = null; ctr.selectAll('.arc,.file-bar').classed('highlighted', false).classed('dimmed', false); return; }
+        _selectedFile = d; _selectedArc = null;
+        const connected = _data.arcs.filter(a => a.sourceFile === d.path || a.targetFile === d.path);
+        ctr.selectAll('.arc').classed('highlighted', a => connected.includes(a)).classed('dimmed', a => !connected.includes(a));
+        ctr.selectAll('.file-bar').classed('highlighted', f => f === d).classed('dimmed', f => f !== d);
+      });
+
+    _g.selectAll('.file-label').data(_data.files).enter().append('text')
+      .attr('class', 'file-label')
+      .attr('x', d => _filePositions.get(d.path).x)
+      .attr('y', baseline + 20)
+      .attr('transform', d => `rotate(-45, ${_filePositions.get(d.path).x}, ${baseline + 20})`)
+      .attr('text-anchor', 'end')
+      .text(d => d.path.split('/').pop());
+
+    _svg.append('text').attr('x', 10).attr('y', 20).attr('fill', '#4a9eff')
+      .attr('font-size', '12px').attr('cursor', 'pointer').text('↺ Reset View')
+      .on('click', () => { _svg.transition().duration(750).call(zoom.transform, d3.zoomIdentity); _clearSelection(); });
+  }
+
+  return { render };
+};
+
+// ── Legacy global state and functions (used by depwire viz) ──
 let graphData = null;
 let svg = null;
 let g = null;
@@ -23,12 +195,16 @@ async function init() {
     // Render diagram
     renderArcDiagram();
     
-    // Setup interactions
-    setupSearch();
-    setupExport();
+    // Setup interactions (not in whatif mode)
+    if (!window.__depwireWhatIf) {
+      setupSearch();
+      setupExport();
+    }
     
-    // Setup WebSocket for live updates
-    setupWebSocket();
+    // Setup WebSocket for live updates (not in whatif mode)
+    if (!window.__depwireWhatIf) {
+      setupWebSocket();
+    }
     
     // Handle window resize
     window.addEventListener('resize', () => {
@@ -575,5 +751,7 @@ d3.select('body').on('click', () => {
   }
 });
 
-// Initialize on page load
-init();
+// Initialize on page load — only if NOT in What If context
+if (!window.__depwireWhatIf) {
+  init();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "depwire-cli",
-  "version": "0.9.24",
+  "version": "0.9.26",
   "description": "Dependency graph + 16 MCP tools for AI coding assistants. Impact analysis, health scoring, visualization.",
   "type": "module",
   "bin": {