depwire-cli 1.0.7 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +19 -4
  2. package/dist/{chunk-IOJJTKI4.js → chunk-W3ZVSDFL.js} +6 -6
  3. package/dist/{chunk-SLGC72RW.js → chunk-WLKW7X7G.js} +1082 -188
  4. package/dist/index.js +120 -50
  5. package/dist/mcpb-entry.js +2 -2
  6. package/dist/parser/grammars/tree-sitter-php.wasm +0 -0
  7. package/dist/sdk.js +1 -1
  8. package/package.json +4 -2
package/README.md CHANGED
@@ -23,11 +23,24 @@
23
23
  ![Java](https://img.shields.io/badge/Java-ED8B00?style=flat-square&logo=openjdk&logoColor=white)
24
24
  ![C++](https://img.shields.io/badge/C++-00599C?style=flat-square&logo=cplusplus&logoColor=white)
25
25
  ![Kotlin](https://img.shields.io/badge/Kotlin-7F52FF?style=flat-square&logo=kotlin&logoColor=white)
26
+ ![PHP](https://img.shields.io/badge/PHP-777BB4?style=flat-square&logo=php&logoColor=white)
26
27
 
27
28
  </div>
28
29
 
29
30
  **Your AI doesn't know your architecture. Depwire does.**
30
31
 
32
+ ## What makes Depwire different
33
+
34
+ <p align="center">
35
+ <img src="./assets/deterministic_vs_rag_diagram.svg" alt="Depwire deterministic graph vs RAG probabilistic approach" width="680" />
36
+ </p>
37
+
38
+ Depwire builds a **DETERMINISTIC, NOT PROBABILISTIC** dependency graph of your codebase. This is not RAG. There are no embeddings, no similarity scores, no vector databases, no guesses. Depwire uses tree-sitter — the same parser powering GitHub's code intelligence — to extract exact symbol-level facts from every file: every function, every class, every interface, every import and export relationship, across 11 programming languages. When you ask "what breaks if I delete `encodeToken` in `auth/token.ts`?", Depwire does not search for similar-looking code and estimate an answer. It traverses the exact dependency graph and returns the precise list of 14 files that import that symbol, which import chains break, and what your health score drops by. This is compiler-level precision applied to AI-assisted development — not a language model's best guess about your code.
39
+
40
+ **Not a build graph either.** Tools like Nx, Turborepo, and Grapher track package-level dependencies for build caching. Depwire tracks symbol-level dependencies — every function, class, and import relationship — which is what makes What If simulation, graph-aware security scanning, and exact blast radius analysis possible.
41
+
42
+ ---
43
+
31
44
  Depwire is the infrastructure layer between your AI coding assistant and your codebase. Before your AI touches a single file, Depwire has already mapped every connection, scored every risk, and simulated every change.
32
45
 
33
46
  ![Depwire CLI demo on honojs/hono](./assets/depwire-demo-cli.gif)
@@ -309,15 +322,17 @@ The SDK is the stable public API surface. All integrations should import from `d
309
322
 
310
323
  ## Language support
311
324
 
312
- TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin — with cross-language edge detection between all supported languages.
325
+ TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP — with cross-language edge detection between all supported languages.
313
326
 
314
327
  **Java / JVM** — classes, interfaces, enums, records, annotations, inner classes, anonymous classes, lambda expressions, Maven pom.xml and Gradle build file dependency edges, Spring Boot cross-language edges (@GetMapping, @PostMapping, @RequestMapping), JAX-RS / Jakarta EE route detection, Spring WebFlux RouterFunction support.
315
328
 
316
329
  **C# / .NET** — classes, interfaces, records, structs, enums, delegates, file-scoped namespaces, primary constructors, global usings, .csproj ProjectReference and PackageReference edges, ASP.NET Core cross-language edges (attribute routing + Minimal API).
317
330
 
318
- **C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: buffer overflow, format string vulnerability, use-after-free, command injection.
331
+ **C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: memory safety patterns, format string issues, memory management patterns, OS command execution patterns.
332
+
333
+ **Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: database query injection patterns, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
319
334
 
320
- **Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: SQL injection via string templates, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
335
+ **PHP / Web** — functions, classes, methods, interfaces, traits, enums, namespaces, use statements, require/include dependency edges. Both procedural and OOP styles. Laravel (Route::get/post/put/delete/patch, middleware), Symfony (#[Route(...)]), Slim Framework, and WordPress REST API (register_rest_route) cross-language route detection. Guzzle and file_get_contents HTTP client edge detection. Dead code detection with WordPress hooks, Laravel service providers, Symfony controllers, and magic method exclusions (__construct, __get, __set, __call). Security scanner: database query injection patterns, dynamic code execution patterns, OS command execution patterns, regex modifier vulnerabilities, unsafe deserialization patterns, unsafe variable extraction patterns, weak hashing for passwords, deprecated crypto libraries, weak PRNG in security contexts, hardcoded credentials.
321
336
 
322
337
  ---
323
338
 
@@ -381,7 +396,7 @@ Block PRs that hurt your architecture:
381
396
  **Shipped**
382
397
  - Arc diagram visualization
383
398
  - 17 MCP tools
384
- - Multi-language support (TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin)
399
+ - Multi-language support (TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP)
385
400
  - Architecture health score
386
401
  - Dead code detection
387
402
  - Temporal graph
package/dist/{chunk-IOJJTKI4.js → chunk-W3ZVSDFL.js} RENAMED
@@ -16,7 +16,7 @@ import {
16
16
  parseTypeScriptFile,
17
17
  scanSecurity,
18
18
  searchSymbols
19
- } from "./chunk-SLGC72RW.js";
19
+ } from "./chunk-WLKW7X7G.js";
20
20
 
21
21
  // src/viz/data.ts
22
22
  import { basename } from "path";
@@ -122,7 +122,7 @@ function watchProject(projectRoot, callbacks) {
122
122
  const watcher = chokidar.watch(projectRoot, watcherOptions);
123
123
  console.error("[Watcher] Attaching event listeners...");
124
124
  watcher.on("change", (absolutePath) => {
125
- const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp"];
125
+ const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
126
126
  if (!validExtensions.some((ext) => absolutePath.endsWith(ext))) return;
127
127
  const fileName = absolutePath.split("/").pop() || "";
128
128
  if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json"].includes(fileName)) return;
@@ -132,7 +132,7 @@ function watchProject(projectRoot, callbacks) {
132
132
  callbacks.onFileChanged(relativePath);
133
133
  });
134
134
  watcher.on("add", (absolutePath) => {
135
- const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp"];
135
+ const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
136
136
  const addFileName = absolutePath.split("/").pop() || "";
137
137
  if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json"].includes(addFileName)) return;
138
138
  if (absolutePath.endsWith("_test.go")) return;
@@ -141,7 +141,7 @@ function watchProject(projectRoot, callbacks) {
141
141
  callbacks.onFileAdded(relativePath);
142
142
  });
143
143
  watcher.on("unlink", (absolutePath) => {
144
- const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp"];
144
+ const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
145
145
  if (!validExtensions.some((ext) => absolutePath.endsWith(ext))) return;
146
146
  if (absolutePath.endsWith("_test.go")) return;
147
147
  const relativePath = absolutePath.replace(projectRoot + "/", "");
@@ -159,10 +159,10 @@ function watchProject(projectRoot, callbacks) {
159
159
  for (const dir of dirs) {
160
160
  const files = watched[dir];
161
161
  fileCount += files.filter(
162
- (f) => f.endsWith(".ts") || f.endsWith(".tsx") || f.endsWith(".js") || f.endsWith(".jsx") || f.endsWith(".mjs") || f.endsWith(".cjs") || f.endsWith(".py") || f.endsWith(".go") && !f.endsWith("_test.go") || f.endsWith(".rs") || f.endsWith(".c") || f.endsWith(".h") || f.endsWith(".cs") || f.endsWith(".csx") || f.endsWith(".csproj") || f.endsWith(".java") || f === "pom.xml" || f === "build.gradle" || f === "build.gradle.kts" || f.endsWith(".kt") || f.endsWith(".kts") || f === "settings.gradle.kts" || f === "settings.gradle" || f.endsWith(".cpp") || f.endsWith(".cc") || f.endsWith(".cxx") || f.endsWith(".c++") || f.endsWith(".hpp") || f.endsWith(".hh") || f.endsWith(".hxx") || f.endsWith(".h++") || f.endsWith(".inl") || f.endsWith(".ipp") || f === "CMakeLists.txt" || f === "conanfile.txt" || f === "vcpkg.json"
162
+ (f) => f.endsWith(".ts") || f.endsWith(".tsx") || f.endsWith(".js") || f.endsWith(".jsx") || f.endsWith(".mjs") || f.endsWith(".cjs") || f.endsWith(".py") || f.endsWith(".go") && !f.endsWith("_test.go") || f.endsWith(".rs") || f.endsWith(".c") || f.endsWith(".h") || f.endsWith(".cs") || f.endsWith(".csx") || f.endsWith(".csproj") || f.endsWith(".java") || f === "pom.xml" || f === "build.gradle" || f === "build.gradle.kts" || f.endsWith(".kt") || f.endsWith(".kts") || f === "settings.gradle.kts" || f === "settings.gradle" || f.endsWith(".php") || f.endsWith(".cpp") || f.endsWith(".cc") || f.endsWith(".cxx") || f.endsWith(".c++") || f.endsWith(".hpp") || f.endsWith(".hh") || f.endsWith(".hxx") || f.endsWith(".h++") || f.endsWith(".inl") || f.endsWith(".ipp") || f === "CMakeLists.txt" || f === "conanfile.txt" || f === "vcpkg.json"
163
163
  ).length;
164
164
  }
165
- console.error(`[Watcher] Watching ${fileCount} TypeScript/JavaScript/Python/Go/Rust/C/C++/C#/Java/Kotlin files in ${dirs.length} directories`);
165
+ console.error(`[Watcher] Watching ${fileCount} TypeScript/JavaScript/Python/Go/Rust/C/C++/C#/Java/Kotlin/PHP files in ${dirs.length} directories`);
166
166
  });
167
167
  return watcher;
168
168
  }