depwire-cli 1.0.8 → 1.1.0

package/README.md

@@ -29,6 +29,18 @@
 
 **Your AI doesn't know your architecture. Depwire does.**
 
+## What makes Depwire different
+
+<p align="center">
+  <img src="./assets/deterministic_vs_rag_diagram.svg" alt="Depwire deterministic graph vs RAG probabilistic approach" width="680" />
+</p>
+
+Depwire builds a **DETERMINISTIC, NOT PROBABILISTIC** dependency graph of your codebase. This is not RAG. There are no embeddings, no similarity scores, no vector databases, no guesses. Depwire uses tree-sitter — the same parser powering GitHub's code intelligence — to extract exact symbol-level facts from every file: every function, every class, every interface, every import and export relationship, across 11 programming languages. When you ask "what breaks if I delete `encodeToken` in `auth/token.ts`?", Depwire does not search for similar-looking code and estimate an answer. It traverses the exact dependency graph and returns the precise list of 14 files that import that symbol, which import chains break, and what your health score drops by. This is compiler-level precision applied to AI-assisted development — not a language model's best guess about your code.
+
+**Not a build graph either.** Tools like Nx, Turborepo, and Grapher track package-level dependencies for build caching. Depwire tracks symbol-level dependencies — every function, class, and import relationship — which is what makes What If simulation, graph-aware security scanning, and exact blast radius analysis possible.
+
+---
+
 Depwire is the infrastructure layer between your AI coding assistant and your codebase. Before your AI touches a single file, Depwire has already mapped every connection, scored every risk, and simulated every change.
 
 ![Depwire CLI demo on honojs/hono](./assets/depwire-demo-cli.gif)
@@ -316,11 +328,11 @@ TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP — with
 
 **C# / .NET** — classes, interfaces, records, structs, enums, delegates, file-scoped namespaces, primary constructors, global usings, .csproj ProjectReference and PackageReference edges, ASP.NET Core cross-language edges (attribute routing + Minimal API).
 
-**C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: buffer overflow, format string vulnerability, use-after-free, command injection.
+**C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: memory safety patterns, format string issues, memory management patterns, OS command execution patterns.
 
-**Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: SQL injection via string templates, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
+**Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: database query injection patterns, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
 
-**PHP / Web** — functions, classes, methods, interfaces, traits, enums, namespaces, use statements, require/include dependency edges. Both procedural and OOP styles. Laravel (Route::get/post/put/delete/patch, middleware), Symfony (#[Route(...)]), Slim Framework, and WordPress REST API (register_rest_route) cross-language route detection. Guzzle and file_get_contents HTTP client edge detection. Dead code detection with WordPress hooks, Laravel service providers, Symfony controllers, and magic method exclusions (__construct, __get, __set, __call). Security scanner: $wpdb->query SQL injection, eval(), system/exec/shell_exec/passthru command injection, preg_replace /e modifier, unserialize on user input, extract on superglobals, md5/sha1 for passwords, deprecated mcrypt_*, rand/mt_rand in security contexts, hardcoded credentials.
+**PHP / Web** — functions, classes, methods, interfaces, traits, enums, namespaces, use statements, require/include dependency edges. Both procedural and OOP styles. Laravel (Route::get/post/put/delete/patch, middleware), Symfony (#[Route(...)]), Slim Framework, and WordPress REST API (register_rest_route) cross-language route detection. Guzzle and file_get_contents HTTP client edge detection. Dead code detection with WordPress hooks, Laravel service providers, Symfony controllers, and magic method exclusions (__construct, __get, __set, __call). Security scanner: database query injection patterns, dynamic code execution patterns, OS command execution patterns, regex modifier vulnerabilities, unsafe deserialization patterns, unsafe variable extraction patterns, weak hashing for passwords, deprecated crypto libraries, weak PRNG in security contexts, hardcoded credentials.
 
 ---
 

package/dist/index.js

@@ -533,6 +533,27 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
     target: e.target.split("::")[0]
   }));
   const removedFilePairsJson = JSON.stringify(removedFilePairs);
+  const affectedFilesJson = JSON.stringify(diff.affectedNodes);
+  const brokenImportFilesJson = JSON.stringify(diff.brokenImports.map((bi) => bi.file));
+  const brokenCount = diff.brokenImports.length;
+  const affectedCount = diff.affectedNodes.length;
+  const healthDeltaVal = healthDelta.delta;
+  let riskLevel;
+  let riskColor;
+  if (brokenCount > 10 || affectedCount > 20) {
+    riskLevel = "High";
+    riskColor = "#ef4444";
+  } else if (brokenCount > 3 || affectedCount > 5) {
+    riskLevel = "Medium";
+    riskColor = "#fbbf24";
+  } else {
+    riskLevel = "Low";
+    riskColor = "#4ade80";
+  }
+  const brokenColor = brokenCount > 0 ? "#ef4444" : "#4ade80";
+  const affectedColor = affectedCount > 0 ? "#ef4444" : "#4ade80";
+  const healthDeltaColor = healthDeltaVal < 0 ? "#ef4444" : healthDeltaVal > 0 ? "#4ade80" : "#6b7280";
+  const healthDeltaStr = healthDeltaVal > 0 ? `+${healthDeltaVal}` : healthDeltaVal === 0 ? "0" : `${healthDeltaVal}`;
   return `<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -559,35 +580,42 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
       -webkit-text-fill-color: transparent;
       background-clip: text;
     }
-    .health-banner {
+    .stats-bar {
       background: #0f1729;
       border: 1px solid #2a2a4a;
       border-radius: 8px;
-      padding: 16px 24px;
+      padding: 12px 24px;
       margin: 16px 24px;
       display: flex;
       align-items: center;
-      gap: 32px;
+      gap: 28px;
       flex-wrap: wrap;
     }
-    .health-score {
-      font-size: 22px;
-      font-weight: 700;
-    }
-    .health-stat {
+    .stats-bar .stat {
+      display: flex;
+      align-items: center;
+      gap: 8px;
       font-size: 14px;
       color: #a0a0a0;
     }
-    .health-stat strong {
-      color: #e0e0e0;
+    .stats-bar .stat-val {
+      font-weight: 700;
       font-size: 18px;
     }
+    .stats-bar .risk-badge {
+      padding: 4px 14px;
+      border-radius: 4px;
+      font-weight: 700;
+      font-size: 13px;
+      text-transform: uppercase;
+      color: #000;
+    }
     .panels {
       display: flex;
       flex-direction: row;
       gap: 0;
       width: 100%;
-      height: calc(100vh - 180px);
+      height: calc(100vh - 220px);
       min-height: 400px;
     }
     .panel {
@@ -621,12 +649,6 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
       width: 100%;
       height: 100%;
     }
-    .broken-arc {
-      stroke: #ef4444 !important;
-      stroke-opacity: 1.0 !important;
-      stroke-width: 2px !important;
-      filter: drop-shadow(0 0 4px rgba(239, 68, 68, 0.6));
-    }
     .broken-section {
       padding: 0 24px 24px;
     }
@@ -638,20 +660,17 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
     ${opBadge}
   </div>
 
-  <div class="health-banner">
-    <div class="health-score" style="color:${deltaColor}">
-      Health Score: ${healthDelta.before} \u2192 ${healthDelta.after}
-      <span style="font-size:16px;margin-left:8px;">(${deltaLabel})</span>
-    </div>
-    <div class="health-stat"><strong>${diff.affectedNodes.length}</strong> Affected Nodes</div>
-    <div class="health-stat"><strong>${diff.brokenImports.length}</strong> Broken Imports</div>
-    <div class="health-stat"><strong>${diff.removedEdges.length}</strong> Removed Edges</div>
+  <div class="stats-bar">
+    <div class="stat">Broken Imports: <span class="stat-val" style="color:${brokenColor}">${brokenCount}</span></div>
+    <div class="stat">Affected Files: <span class="stat-val" style="color:${affectedColor}">${affectedCount}</span></div>
+    <div class="stat">Health Score Delta: <span class="stat-val" style="color:${healthDeltaColor}">${healthDeltaStr}</span></div>
+    <div class="stat"><span class="risk-badge" style="background:${riskColor}">${riskLevel} Risk</span></div>
   </div>
 
   <div class="panels">
     <div class="panel">
       <div class="panel-label">
-        <span>Current</span>
+        <span>Current State</span>
         <span>${currentVizData.stats.totalFiles} files</span>
       </div>
       <div class="panel-diagram" id="arc-diagram-current">
@@ -661,7 +680,7 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
     </div>
     <div class="panel">
       <div class="panel-label">
-        <span>After ${operation !== "none" ? operation.toUpperCase() : "\u2014"}</span>
+        <span>After Simulation</span>
         <span>${simulatedVizData.stats.totalFiles} files</span>
       </div>
       <div class="panel-diagram" id="arc-diagram-simulated">
@@ -682,6 +701,8 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
     const currentData = ${currentDataJson};
     const simulatedData = ${simulatedDataJson};
     const removedFilePairs = ${removedFilePairsJson};
+    const affectedFiles = new Set(${affectedFilesJson});
+    const brokenImportFiles = new Set(${brokenImportFilesJson});
 
     // Inject broken arcs and ghost files into the simulated data
     // so they render on the right diagram and can be colored red
@@ -733,39 +754,88 @@ function generateWhatIfHtml(currentVizData, simulatedVizData, simulationResult,
       }
     }
 
+    // Mark affected arcs in simulated data
+    simulatedData.arcs.forEach(arc => {
+      if (affectedFiles.has(arc.sourceFile) || affectedFiles.has(arc.targetFile)) {
+        arc.affected = true;
+      }
+    });
+
+    // Mark affected file bars in simulated data
+    simulatedData.files.forEach(file => {
+      if (affectedFiles.has(file.path)) {
+        file.affected = true;
+      }
+    });
+
     const left = window.createArcDiagram('arc-diagram-current', 'svg-current', 'tooltip-current', currentData);
     const right = window.createArcDiagram('arc-diagram-simulated', 'svg-simulated', 'tooltip-simulated', simulatedData);
 
     left.render();
     right.render();
 
-    // After render: color broken arcs red and ghost file bars red on the right diagram
-    if (removedFilePairs.length > 0) {
-      d3.select('#arc-diagram-simulated').selectAll('.arc')
-        .filter(d => d.broken === true)
-        .classed('broken-arc', true);
+    function applyGhostRedStyling() {
+      const simContainer = d3.select('#arc-diagram-simulated');
+      const hasAffected = affectedFiles.size > 0;
+
+      if (!hasAffected) return;
 
-      d3.select('#arc-diagram-simulated').selectAll('.file-bar')
-        .filter(d => d.ghost === true)
-        .attr('fill', '#ef4444')
-        .attr('opacity', 0.8);
+      // --- SVG filter for red glow on affected nodes ---
+      let defs = d3.select('#svg-simulated').select('defs');
+      if (defs.empty()) {
+        defs = d3.select('#svg-simulated').insert('defs', ':first-child');
+      }
+      if (defs.select('#red-glow').empty()) {
+        const filter = defs.append('filter').attr('id', 'red-glow').attr('x', '-50%').attr('y', '-50%').attr('width', '200%').attr('height', '200%');
+        filter.append('feDropShadow').attr('dx', 0).attr('dy', 0).attr('stdDeviation', 4).attr('flood-color', '#ef4444').attr('flood-opacity', 0.8);
+      }
+
+      // --- Edges ---
+      simContainer.selectAll('.arc').each(function(d) {
+        const el = d3.select(this);
+        if (d.broken) {
+          // Broken import edges: dashed red, thicker
+          el.attr('stroke', '#ef4444')
+            .attr('stroke-opacity', 1.0)
+            .attr('stroke-width', 3.0)
+            .attr('stroke-dasharray', '6,3')
+            .style('filter', null);
+        } else if (d.affected) {
+          // Affected edges: solid red
+          el.attr('stroke', '#ef4444')
+            .attr('stroke-opacity', 1.0)
+            .attr('stroke-width', 2.5)
+            .attr('stroke-dasharray', null)
+            .style('filter', null);
+        } else {
+          // Non-affected edges: ghost
+          el.attr('stroke-opacity', 0.08);
+        }
+      });
+
+      // --- Node bars ---
+      simContainer.selectAll('.file-bar').each(function(d) {
+        const el = d3.select(this);
+        if (d.affected || d.ghost) {
+          // Affected / ghost nodes: glowing red
+          el.attr('fill', '#ef4444')
+            .attr('opacity', 1.0)
+            .attr('stroke', '#ef4444')
+            .attr('stroke-width', 2)
+            .style('filter', 'url(#red-glow)');
+        } else {
+          // Non-affected nodes: ghost
+          el.attr('opacity', 0.15);
+        }
+      });
     }
 
+    applyGhostRedStyling();
+
     window.addEventListener('resize', () => {
       left.render();
       right.render();
-
-      // Re-apply broken styling after resize re-render
-      if (removedFilePairs.length > 0) {
-        d3.select('#arc-diagram-simulated').selectAll('.arc')
-          .filter(d => d.broken === true)
-          .classed('broken-arc', true);
-
-        d3.select('#arc-diagram-simulated').selectAll('.file-bar')
-          .filter(d => d.ghost === true)
-          .attr('fill', '#ef4444')
-          .attr('opacity', 0.8);
-      }
+      applyGhostRedStyling();
     });
   </script>
 </body>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "depwire-cli",
-  "version": "1.0.8",
+  "version": "1.1.0",
   "description": "Dependency graph + 17 MCP tools for AI coding assistants. Impact analysis, health scoring, security scanner.",
   "type": "module",
   "bin": {