depwire-cli 1.0.8 → 1.1.1

package/README.md

@@ -2,32 +2,40 @@
 
 <div align="center">
 
-[![npm version](https://img.shields.io/npm/v/depwire-cli.svg?style=flat-square)](https://www.npmjs.com/package/depwire-cli)
-[![npm downloads](https://img.shields.io/npm/dm/depwire-cli.svg?style=flat-square)](https://www.npmjs.com/package/depwire-cli)
-[![MCP Registry](https://img.shields.io/badge/MCP-registry-blue?style=flat-square)](https://registry.modelcontextprotocol.io/servers/io.github.atef-ataya/depwire)
-[![Glama](https://glama.ai/mcp/servers/depwire/depwire/badges/score.svg)](https://glama.ai/mcp/servers/depwire/depwire)
-[![License](https://img.shields.io/badge/license-BUSL--1.1-orange.svg?style=flat-square)](LICENSE)
-[![GitHub stars](https://img.shields.io/github/stars/depwire/depwire.svg?style=flat-square)](https://github.com/depwire/depwire/stargazers)
+[![npm version](https://img.shields.io/npm/v/depwire-cli?color=00d4aa&label=npm)](https://www.npmjs.com/package/depwire-cli)
+[![npm downloads](https://img.shields.io/npm/dm/depwire-cli?color=00d4aa&label=downloads%2Fmonth)](https://www.npmjs.com/package/depwire-cli)
+[![GitHub stars](https://img.shields.io/badge/stars-26-00d4aa)](https://github.com/depwire/depwire/stargazers)
+[![License](https://img.shields.io/badge/license-BUSL--1.1-00d4aa)](https://github.com/depwire/depwire/blob/main/LICENSE)
+[![MCP Compatible](https://img.shields.io/badge/MCP-17%20tools-00d4aa)](https://github.com/depwire/depwire)
+
+[![Languages](https://img.shields.io/badge/languages-12-0a1a14?style=flat)](https://github.com/depwire/depwire)
+[![TypeScript](https://img.shields.io/badge/TypeScript-✓-3178c6?style=flat)](https://github.com/depwire/depwire)
+[![Python](https://img.shields.io/badge/Python-✓-3776ab?style=flat)](https://github.com/depwire/depwire)
+[![Go](https://img.shields.io/badge/Go-✓-00add8?style=flat)](https://github.com/depwire/depwire)
+[![Rust](https://img.shields.io/badge/Rust-✓-ce422b?style=flat)](https://github.com/depwire/depwire)
+[![Java](https://img.shields.io/badge/Java-✓-f89820?style=flat)](https://github.com/depwire/depwire)
+[![PHP](https://img.shields.io/badge/PHP-✓-777bb4?style=flat)](https://github.com/depwire/depwire)
+[![+6 more](https://img.shields.io/badge/+6_more-C%2B%2B%20%7C%20C%23%20%7C%20Kotlin%20%7C%20Swift%20%7C%20C%20%7C%20JS-555?style=flat)](https://github.com/depwire/depwire)
+
+[![YouTube CLI Tutorial](https://img.shields.io/badge/YouTube-CLI%20Tutorial-ff0000?logo=youtube)](https://www.youtube.com/watch?v=ujBg0H3eqpE)
+[![YouTube Cloud Tutorial](https://img.shields.io/badge/YouTube-Cloud%20Tutorial-ff0000?logo=youtube)](https://www.youtube.com/watch?v=wdTJfSRTQu8)
+[![Cloud](https://img.shields.io/badge/cloud-app.depwire.dev-00d4aa)](https://app.depwire.dev)
 
 </div>
 
-<div align="center">
+**Your AI doesn't know your architecture. Depwire does.**
 
-![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?style=flat-square&logo=typescript&logoColor=white)
-![JavaScript](https://img.shields.io/badge/JavaScript-F7DF1E?style=flat-square&logo=javascript&logoColor=black)
-![Python](https://img.shields.io/badge/Python-3776AB?style=flat-square&logo=python&logoColor=white)
-![Go](https://img.shields.io/badge/Go-00ADD8?style=flat-square&logo=go&logoColor=white)
-![Rust](https://img.shields.io/badge/Rust-000000?style=flat-square&logo=rust&logoColor=white)
-![C](https://img.shields.io/badge/C-A8B9CC?style=flat-square&logo=c&logoColor=black)
-![C#](https://img.shields.io/badge/C%23-239120?style=flat-square&logo=csharp&logoColor=white)
-![Java](https://img.shields.io/badge/Java-ED8B00?style=flat-square&logo=openjdk&logoColor=white)
-![C++](https://img.shields.io/badge/C++-00599C?style=flat-square&logo=cplusplus&logoColor=white)
-![Kotlin](https://img.shields.io/badge/Kotlin-7F52FF?style=flat-square&logo=kotlin&logoColor=white)
-![PHP](https://img.shields.io/badge/PHP-777BB4?style=flat-square&logo=php&logoColor=white)
+## What makes Depwire different
 
-</div>
+<p align="center">
+  <img src="./assets/deterministic_vs_rag_diagram.svg" alt="Depwire deterministic graph vs RAG probabilistic approach" width="680" />
+</p>
 
-**Your AI doesn't know your architecture. Depwire does.**
+Depwire builds a **DETERMINISTIC, NOT PROBABILISTIC** dependency graph of your codebase. This is not RAG. There are no embeddings, no similarity scores, no vector databases, no guesses. Depwire uses tree-sitter — the same parser powering GitHub's code intelligence — to extract exact symbol-level facts from every file: every function, every class, every interface, every import and export relationship, across 12 programming languages. When you ask "what breaks if I delete `encodeToken` in `auth/token.ts`?", Depwire does not search for similar-looking code and estimate an answer. It traverses the exact dependency graph and returns the precise list of 14 files that import that symbol, which import chains break, and what your health score drops by. This is compiler-level precision applied to AI-assisted development — not a language model's best guess about your code.
+
+**Not a build graph either.** Tools like Nx, Turborepo, and Grapher track package-level dependencies for build caching. Depwire tracks symbol-level dependencies — every function, class, and import relationship — which is what makes What If simulation, graph-aware security scanning, and exact blast radius analysis possible.
+
+---
 
 Depwire is the infrastructure layer between your AI coding assistant and your codebase. Before your AI touches a single file, Depwire has already mapped every connection, scored every risk, and simulated every change.
 
@@ -84,6 +92,15 @@ depwire viz        # see your entire architecture instantly
 
 ---
 
+## Tested on real-world projects
+
+| Project | Language | Files | Symbols | Edges | Health Score |
+|---------|----------|-------|---------|-------|--------------|
+| [honojs/hono](https://github.com/honojs/hono) | TypeScript | 352 | 6,245 | 3,100+ | 41/100 |
+| [CodeGraphContext/CodeGraphContext](https://github.com/CodeGraphContext/CodeGraphContext) | Python/TS | 398 | 12,001 | 5,406 | 66/100 |
+
+---
+
 ## What If simulation
 
 Know the blast radius before you touch anything.
@@ -310,17 +327,19 @@ The SDK is the stable public API surface. All integrations should import from `d
 
 ## Language support
 
-TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP — with cross-language edge detection between all supported languages.
+TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP, Swift — with cross-language edge detection between all supported languages.
 
 **Java / JVM** — classes, interfaces, enums, records, annotations, inner classes, anonymous classes, lambda expressions, Maven pom.xml and Gradle build file dependency edges, Spring Boot cross-language edges (@GetMapping, @PostMapping, @RequestMapping), JAX-RS / Jakarta EE route detection, Spring WebFlux RouterFunction support.
 
 **C# / .NET** — classes, interfaces, records, structs, enums, delegates, file-scoped namespaces, primary constructors, global usings, .csproj ProjectReference and PackageReference edges, ASP.NET Core cross-language edges (attribute routing + Minimal API).
 
-**C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: buffer overflow, format string vulnerability, use-after-free, command injection.
+**C++ / Systems** — classes, structs, unions, enums, namespaces, concepts, coroutines, C++20 modules, template support with parameter stripping. CMakeLists.txt, Conan, and vcpkg dependency edge parsing. Crow, Drogon, Pistache, and cpp-httplib cross-language route detection. Dead code detection with vtable and template exclusions. Health score checks: circular includes, missing header guards, god classes, raw pointer fields, missing virtual destructors. Security scanner: memory safety patterns, format string issues, memory management patterns, OS command execution patterns.
+
+**Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: database query injection patterns, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
 
-**Kotlin / JVM** — classes, data classes, sealed classes, objects, companion objects, value classes, type aliases, extension functions, enum classes, annotation classes. Coroutine awareness: suspend functions, GlobalScope detection, structured concurrency checks. build.gradle.kts, build.gradle, and settings.gradle.kts dependency parsing. Spring Boot, Ktor, Http4k, and Ktor Resources cross-language route detection. Android Retrofit outgoing edge detection. Dead code detection with Android lifecycle and Spring annotation exclusions. Security scanner: SQL injection via string templates, hardcoded credentials, insecure random, not-null assertion abuse, Ktor missing auth blocks.
+**PHP / Web** — functions, classes, methods, interfaces, traits, enums, namespaces, use statements, require/include dependency edges. Both procedural and OOP styles. Laravel (Route::get/post/put/delete/patch, middleware), Symfony (#[Route(...)]), Slim Framework, and WordPress REST API (register_rest_route) cross-language route detection. Guzzle and file_get_contents HTTP client edge detection. Dead code detection with WordPress hooks, Laravel service providers, Symfony controllers, and magic method exclusions (__construct, __get, __set, __call). Security scanner: database query injection patterns, dynamic code execution patterns, OS command execution patterns, regex modifier vulnerabilities, unsafe deserialization patterns, unsafe variable extraction patterns, weak hashing for passwords, deprecated crypto libraries, weak PRNG in security contexts, hardcoded credentials.
 
-**PHP / Web** — functions, classes, methods, interfaces, traits, enums, namespaces, use statements, require/include dependency edges. Both procedural and OOP styles. Laravel (Route::get/post/put/delete/patch, middleware), Symfony (#[Route(...)]), Slim Framework, and WordPress REST API (register_rest_route) cross-language route detection. Guzzle and file_get_contents HTTP client edge detection. Dead code detection with WordPress hooks, Laravel service providers, Symfony controllers, and magic method exclusions (__construct, __get, __set, __call). Security scanner: $wpdb->query SQL injection, eval(), system/exec/shell_exec/passthru command injection, preg_replace /e modifier, unserialize on user input, extract on superglobals, md5/sha1 for passwords, deprecated mcrypt_*, rand/mt_rand in security contexts, hardcoded credentials.
+**Swift / Apple** — functions, methods, initializers (init), deinitializers (deinit), classes, structs, enums, protocols, extensions, actors (Swift concurrency), properties (var, let), computed properties, type aliases, associated types. Package.swift (SPM) dependency parsing. Vapor, Hummingbird, and Perfect cross-language route detection. URLSession and Alamofire HTTP client edge detection. Dead code detection with AppDelegate/SceneDelegate lifecycle, SwiftUI View body, @IBAction/@IBOutlet, @objc, protocol conformance, Codable synthesis, XCTestCase, and @main entry point exclusions. Security scanner: SQL injection via string interpolation, Process() command injection, unsafe pointer usage, UserDefaults storing sensitive data, CC_MD5/CC_SHA1 weak hashing, Insecure.MD5/SHA1 from CryptoKit, arc4random in crypto contexts, App Transport Security bypass, hardcoded credentials, hardcoded HTTP URLs.
 
 ---
 
@@ -384,7 +403,7 @@ Block PRs that hurt your architecture:
 **Shipped**
 - Arc diagram visualization
 - 17 MCP tools
-- Multi-language support (TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP)
+- Multi-language support (TypeScript, JavaScript, Python, Go, Rust, C, C#, Java, C++, Kotlin, PHP, Swift)
 - Architecture health score
 - Dead code detection
 - Temporal graph

package/dist/{chunk-W3ZVSDFL.js → chunk-R263B2GF.js}

@@ -16,7 +16,7 @@ import {
   parseTypeScriptFile,
   scanSecurity,
   searchSymbols
-} from "./chunk-WLKW7X7G.js";
+} from "./chunk-Y2CGCAMZ.js";
 
 // src/viz/data.ts
 import { basename } from "path";
@@ -122,26 +122,26 @@ function watchProject(projectRoot, callbacks) {
   const watcher = chokidar.watch(projectRoot, watcherOptions);
   console.error("[Watcher] Attaching event listeners...");
   watcher.on("change", (absolutePath) => {
-    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
+    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php", ".swift"];
     if (!validExtensions.some((ext) => absolutePath.endsWith(ext))) return;
     const fileName = absolutePath.split("/").pop() || "";
-    if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json"].includes(fileName)) return;
+    if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json", "Package.swift"].includes(fileName)) return;
     if (absolutePath.endsWith("_test.go")) return;
     const relativePath = absolutePath.replace(projectRoot + "/", "");
     console.error(`[Watcher] Change event: ${relativePath}`);
     callbacks.onFileChanged(relativePath);
   });
   watcher.on("add", (absolutePath) => {
-    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
+    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php", ".swift"];
     const addFileName = absolutePath.split("/").pop() || "";
-    if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json"].includes(addFileName)) return;
+    if (!validExtensions.some((ext) => absolutePath.endsWith(ext)) && !["pom.xml", "build.gradle", "build.gradle.kts", "settings.gradle.kts", "settings.gradle", "CMakeLists.txt", "conanfile.txt", "vcpkg.json", "Package.swift"].includes(addFileName)) return;
     if (absolutePath.endsWith("_test.go")) return;
     const relativePath = absolutePath.replace(projectRoot + "/", "");
     console.error(`[Watcher] Add event: ${relativePath}`);
     callbacks.onFileAdded(relativePath);
   });
   watcher.on("unlink", (absolutePath) => {
-    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php"];
+    const validExtensions = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py", ".go", ".rs", ".c", ".h", ".cs", ".csx", ".csproj", ".java", ".kt", ".kts", ".cpp", ".cc", ".cxx", ".c++", ".hpp", ".hh", ".hxx", ".h++", ".inl", ".ipp", ".php", ".swift"];
     if (!validExtensions.some((ext) => absolutePath.endsWith(ext))) return;
     if (absolutePath.endsWith("_test.go")) return;
     const relativePath = absolutePath.replace(projectRoot + "/", "");
@@ -159,10 +159,10 @@ function watchProject(projectRoot, callbacks) {
     for (const dir of dirs) {
       const files = watched[dir];
       fileCount += files.filter(
-        (f) => f.endsWith(".ts") || f.endsWith(".tsx") || f.endsWith(".js") || f.endsWith(".jsx") || f.endsWith(".mjs") || f.endsWith(".cjs") || f.endsWith(".py") || f.endsWith(".go") && !f.endsWith("_test.go") || f.endsWith(".rs") || f.endsWith(".c") || f.endsWith(".h") || f.endsWith(".cs") || f.endsWith(".csx") || f.endsWith(".csproj") || f.endsWith(".java") || f === "pom.xml" || f === "build.gradle" || f === "build.gradle.kts" || f.endsWith(".kt") || f.endsWith(".kts") || f === "settings.gradle.kts" || f === "settings.gradle" || f.endsWith(".php") || f.endsWith(".cpp") || f.endsWith(".cc") || f.endsWith(".cxx") || f.endsWith(".c++") || f.endsWith(".hpp") || f.endsWith(".hh") || f.endsWith(".hxx") || f.endsWith(".h++") || f.endsWith(".inl") || f.endsWith(".ipp") || f === "CMakeLists.txt" || f === "conanfile.txt" || f === "vcpkg.json"
+        (f) => f.endsWith(".ts") || f.endsWith(".tsx") || f.endsWith(".js") || f.endsWith(".jsx") || f.endsWith(".mjs") || f.endsWith(".cjs") || f.endsWith(".py") || f.endsWith(".go") && !f.endsWith("_test.go") || f.endsWith(".rs") || f.endsWith(".c") || f.endsWith(".h") || f.endsWith(".cs") || f.endsWith(".csx") || f.endsWith(".csproj") || f.endsWith(".java") || f === "pom.xml" || f === "build.gradle" || f === "build.gradle.kts" || f.endsWith(".kt") || f.endsWith(".kts") || f === "settings.gradle.kts" || f === "settings.gradle" || f.endsWith(".php") || f.endsWith(".swift") || f.endsWith(".cpp") || f.endsWith(".cc") || f.endsWith(".cxx") || f.endsWith(".c++") || f.endsWith(".hpp") || f.endsWith(".hh") || f.endsWith(".hxx") || f.endsWith(".h++") || f.endsWith(".inl") || f.endsWith(".ipp") || f === "CMakeLists.txt" || f === "conanfile.txt" || f === "vcpkg.json"
       ).length;
     }
-    console.error(`[Watcher] Watching ${fileCount} TypeScript/JavaScript/Python/Go/Rust/C/C++/C#/Java/Kotlin/PHP files in ${dirs.length} directories`);
+    console.error(`[Watcher] Watching ${fileCount} TypeScript/JavaScript/Python/Go/Rust/C/C++/C#/Java/Kotlin/PHP/Swift files in ${dirs.length} directories`);
   });
   return watcher;
 }