flagshark 1.0.1 → 1.1.1

package/package.json

@@ -1,56 +1,33 @@
 {
   "name": "flagshark",
-  "version": "1.0.1",
-  "description": "Find stale feature flags in your codebase",
+  "version": "1.1.1",
   "type": "module",
+  "description": "Find stale feature flags in your codebase",
   "license": "MIT",
+  "homepage": "https://flagshark.com",
   "repository": {
     "type": "git",
-    "url": "https://github.com/FlagShark/flagshark.git"
-  },
-  "homepage": "https://flagshark.com",
-  "keywords": [
-    "feature-flags",
-    "launchdarkly",
-    "unleash",
-    "flipt",
-    "split",
-    "posthog",
-    "cleanup",
-    "stale-flags",
-    "technical-debt",
-    "github-action"
-  ],
-  "bin": {
-    "flagshark": "./bin/flagshark.mjs"
+    "url": "https://github.com/FlagShark/flagshark.git",
+    "directory": "packages/cli"
   },
+  "keywords": ["feature-flags", "stale-flags", "cleanup", "technical-debt"],
+  "bin": { "flagshark": "./bin/flagshark.mjs" },
   "main": "./dist/cli.js",
-  "files": [
-    "dist/",
-    "bin/",
-    "action/"
-  ],
+  "files": ["dist/", "bin/"],
   "scripts": {
-    "build": "npm run build:cli && npm run build:action",
-    "build:cli": "esbuild src/cli.ts --bundle --platform=node --target=node18 --format=esm --outfile=dist/cli.js --external:zod",
-    "build:action": "esbuild action/index.ts --bundle --platform=node --target=node18 --format=cjs --outfile=dist/action.cjs",
+    "build": "esbuild src/cli.ts --bundle --platform=node --target=node18 --format=esm --outfile=dist/cli.js --external:zod --external:@flagshark/core",
     "test": "vitest run",
-    "test:watch": "vitest",
-    "prepublishOnly": "npm run build && npm test"
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "p-limit": "^6.0.0",
+    "@flagshark/core": "^1.0.0",
     "zod": "^3.23.0"
   },
   "devDependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/github": "^6.0.0",
     "@types/node": "^22.0.0",
     "esbuild": "^0.24.0",
     "typescript": "^5.7.0",
     "vitest": "^3.0.0"
   },
-  "engines": {
-    "node": ">=18.0.0"
-  }
+  "engines": { "node": ">=18.0.0" }
 }

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 FlagShark
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

package/README.md

@@ -1,175 +0,0 @@
-# FlagShark
-
-Find stale feature flags in your codebase. CLI tool + GitHub Action.
-
-```bash
-npx flagshark scan
-```
-
-```
-🦈 FlagShark v1.0.0
-
-Scanned 156 files across 4 languages
-Detected providers: LaunchDarkly (JS SDK), Unleash (Go SDK)
-Found 23 feature flags, 7 stale
-
-Stale flags:
-┌──────────────────┬────────────────────────┬───────────────┬──────────────────────────────┐
-│ Flag             │ File                   │ Added         │ Signal                       │
-├──────────────────┼────────────────────────┼───────────────┼──────────────────────────────┤
-│ CHECKOUT_V2      │ src/checkout.ts:47     │ 14 months ago │ Age > 6 months               │
-│ NEW_NAV          │ src/layout.tsx:12      │ 8 months ago  │ Age > 6 months, Single file  │
-│ BETA_SEARCH      │ src/search.ts:91      │ 11 months ago │ Single file reference        │
-└──────────────────┴────────────────────────┴───────────────┴──────────────────────────────┘
-
-Flag Health Score: 70/100 (7/23 flags are stale)
-```
-
-## Install
-
-```bash
-# Run without installing
-npx flagshark scan
-
-# Or install globally
-npm install -g flagshark
-```
-
-## CLI Usage
-
-```bash
-# Scan current directory
-flagshark scan
-
-# JSON output (for piping to other tools)
-flagshark scan --json
-
-# Only scan files changed since a git ref
-flagshark scan --diff HEAD~1
-flagshark scan --diff main
-
-# Custom staleness threshold (default: 6 months)
-flagshark scan --threshold 3
-
-# Show all stale flags (default shows top 10)
-flagshark scan --verbose
-```
-
-### Exit codes
-
-| Code | Meaning |
-|------|---------|
-| 0 | No stale flags found |
-| 1 | Stale flags detected |
-| 2 | Runtime error |
-
-## GitHub Action
-
-Add to your workflow:
-
-```yaml
-name: FlagShark
-on: [pull_request]
-
-permissions:
-  contents: read
-  pull-requests: write
-
-jobs:
-  flagshark:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0  # Required for git blame age detection
-      - uses: FlagShark/flagshark@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-```
-
-### Action Inputs
-
-| Input | Default | Description |
-|-------|---------|-------------|
-| `scan` | `changed` | `changed` (PR files only) or `full` (entire repo) |
-| `threshold` | `6` | Staleness threshold in months |
-| `fail-threshold` | `0` | Health score below which the check fails (0 = never fail) |
-
-### Scan Modes
-
-**`scan: changed`** (default) scans only files modified in the PR. Fast, focused on what you're changing.
-
-**`scan: full`** scans the entire repository. Shows your full flag health score and finds stale flags everywhere, not just in changed files. Great for seeing the big picture:
-
-```yaml
-      - uses: FlagShark/flagshark@v1
-        with:
-          scan: full
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-```
-
-### What the Action does
-
-On every PR, FlagShark comments with a table of stale flags:
-
-> ### 🦈 FlagShark found 3 stale flags
->
-> | Flag | File | Added | Signal |
-> |------|------|-------|--------|
-> | `CHECKOUT_V2` | src/checkout.ts:47 | 14 months ago | Age > 6 months |
-> | `NEW_NAV` | src/layout.tsx:12 | 8 months ago | Single file |
->
-> **Flag Health:** 70/100
-
-It also sets a GitHub status check that can optionally block merge if health drops below a threshold.
-
-## Supported Languages
-
-FlagShark detects feature flags across 13 languages:
-
-| Language | Extensions |
-|----------|-----------|
-| TypeScript/JavaScript | .ts, .tsx, .js, .jsx, .mjs, .cjs |
-| Go | .go |
-| Python | .py |
-| Java | .java |
-| Kotlin | .kt |
-| Swift | .swift |
-| Ruby | .rb |
-| C# | .cs |
-| PHP | .php |
-| Rust | .rs |
-| C/C++ | .c, .cpp, .h, .hpp |
-| Objective-C | .m |
-
-## Supported Providers
-
-Auto-detected from imports (no configuration needed):
-
-- LaunchDarkly
-- Unleash
-- Flipt
-- Split.io
-- PostHog
-- Flagsmith
-- ConfigCat
-- Statsig
-- GrowthBook
-- DevCycle
-- Eppo
-- Optimizely
-- Custom flag implementations
-
-## How Staleness Works
-
-A flag is marked stale if **any** of these signals fires:
-
-1. **Age:** `git blame` shows the flag reference was added more than 6 months ago (configurable with `--threshold`)
-2. **Single file:** The flag name appears in only one file across the entire repo, suggesting a completed rollout
-
-FlagShark only checks files that actually import a flag SDK. A function called `isEnabled()` in a file that doesn't import LaunchDarkly/Unleash/etc. won't be flagged. This prevents false positives.
-
-## License
-
-MIT

package/action/index.ts

@@ -1,316 +0,0 @@
-/**
- * GitHub Action entry point for FlagShark.
- *
- * Scans a repo for stale feature flags, posts a rich PR comment,
- * writes a GitHub Actions job summary, and sets a status check.
- */
-
-import { readFileSync, readdirSync, statSync } from 'node:fs'
-import { join, extname } from 'node:path'
-
-import * as core from '@actions/core'
-import * as github from '@actions/github'
-
-import { createDefaultRegistry } from '../src/detection/index.js'
-import { PolyglotAnalyzer } from '../src/detection/polyglot-analyzer.js'
-import { analyzeStaleness } from '../src/staleness.js'
-
-import type { FeatureFlag } from '../src/detection/feature-flag.js'
-import type { StaleFlag } from '../src/staleness.js'
-
-const COMMENT_MARKER = '<!-- flagshark-action -->'
-const SKIP_DIRS = new Set([
-  'node_modules', 'vendor', '.git', 'dist', 'build',
-  'coverage', '__pycache__', '.next', '.turbo',
-])
-
-// Logger that serializes objects properly instead of [object Object]
-const logger = {
-  debug: (...args: unknown[]) => core.debug(formatLogArgs(args)),
-  info: (...args: unknown[]) => core.info(formatLogArgs(args)),
-  warn: (...args: unknown[]) => core.warning(formatLogArgs(args)),
-  error: (...args: unknown[]) => core.error(formatLogArgs(args)),
-}
-
-function formatLogArgs(args: unknown[]): string {
-  return args.map(a =>
-    typeof a === 'object' && a !== null ? JSON.stringify(a, null, 2) : String(a)
-  ).join(' ')
-}
-
-async function run(): Promise<void> {
-  const startTime = Date.now()
-
-  try {
-    const scanMode = core.getInput('scan') || 'changed'
-    const threshold = parseInt(core.getInput('threshold') || '6', 10)
-    const failThreshold = parseInt(core.getInput('fail-threshold') || '0', 10)
-
-    const registry = createDefaultRegistry()
-    const supportedExts = new Set(registry.getSupportedExtensions())
-    const analyzer = new PolyglotAnalyzer(registry, logger)
-
-    // Determine files to scan
-    let filePaths: string[]
-
-    if (scanMode === 'changed' && github.context.payload.pull_request) {
-      const token = process.env.GITHUB_TOKEN || core.getInput('token')
-      if (!token) {
-        core.setFailed('GITHUB_TOKEN is required for changed-file scanning')
-        return
-      }
-      const octokit = github.getOctokit(token)
-      const { data: prFiles } = await octokit.rest.pulls.listFiles({
-        ...github.context.repo,
-        pull_number: github.context.payload.pull_request.number,
-        per_page: 100,
-      })
-      filePaths = prFiles
-        .filter((f) => f.status !== 'removed')
-        .map((f) => f.filename)
-        .filter((f) => supportedExts.has(extname(f)))
-    } else {
-      filePaths = walkDir('.', supportedExts)
-    }
-
-    // Read file contents
-    const files = new Map<string, string>()
-    for (const fp of filePaths) {
-      try {
-        const stat = statSync(fp)
-        if (stat.size > 5 * 1024 * 1024) continue
-        files.set(fp, readFileSync(fp, 'utf-8'))
-      } catch {
-        // Skip unreadable files
-      }
-    }
-
-    core.info(`Scanning ${files.size} files...`)
-
-    // Run detection
-    const result = await analyzer.analyzeFiles(files)
-    const totalFlags = result.totalFlags.size
-
-    // Collect language stats
-    const langStats: Record<string, number> = {}
-    for (const [lang, count] of result.languages) {
-      langStats[lang] = count
-    }
-
-    // Collect detected providers
-    const allFlags: FeatureFlag[] = []
-    for (const flags of result.totalFlags.values()) {
-      allFlags.push(...(flags as FeatureFlag[]))
-    }
-    const providers = [...new Set(
-      allFlags.map(f => f.provider).filter((p): p is string => p !== null && p !== undefined && p !== '')
-    )]
-
-    core.info(`Detection complete: ${totalFlags} unique flags across ${Object.keys(langStats).length} languages`)
-
-    // Run staleness analysis
-    const staleFlags = await analyzeStaleness(result.totalFlags as Map<string, FeatureFlag[]>, {
-      thresholdMonths: threshold,
-      repoRoot: process.cwd(),
-    })
-
-    const uniqueStaleNames = new Set(staleFlags.map((f) => f.name)).size
-    const healthScore =
-      totalFlags > 0 ? Math.round(((totalFlags - uniqueStaleNames) / totalFlags) * 100) : 100
-    const scanDuration = Date.now() - startTime
-
-    // Pretty log output
-    core.info('')
-    core.info('┌─────────────────────────────────────────┐')
-    core.info('│  🦈 FlagShark Scan Results               │')
-    core.info('├─────────────────────────────────────────┤')
-    core.info(`│  Files scanned:    ${String(files.size).padStart(6)}               │`)
-    core.info(`│  Languages:        ${String(Object.keys(langStats).length).padStart(6)}               │`)
-    core.info(`│  Flags detected:   ${String(totalFlags).padStart(6)}               │`)
-    core.info(`│  Stale flags:      ${String(uniqueStaleNames).padStart(6)}               │`)
-    core.info(`│  Health score:   ${String(healthScore).padStart(3)}/100               │`)
-    core.info(`│  Scan time:      ${String(scanDuration).padStart(5)}ms               │`)
-    core.info('└─────────────────────────────────────────┘')
-    core.info('')
-
-    if (providers.length > 0) {
-      core.info(`Detected providers: ${providers.slice(0, 8).join(', ')}${providers.length > 8 ? ` (+${providers.length - 8} more)` : ''}`)
-    }
-
-    // Set outputs
-    core.setOutput('health-score', healthScore.toString())
-    core.setOutput('stale-count', uniqueStaleNames.toString())
-    core.setOutput('total-count', totalFlags.toString())
-
-    // Post PR comment
-    if (github.context.payload.pull_request && totalFlags > 0) {
-      const token = process.env.GITHUB_TOKEN || core.getInput('token')
-      if (token) {
-        await postComment(token, staleFlags, totalFlags, healthScore, scanMode, langStats, providers, scanDuration)
-      }
-    }
-
-    // Set status check
-    if (failThreshold > 0 && healthScore < failThreshold) {
-      core.setFailed(
-        `Flag health score ${healthScore}/100 is below threshold ${failThreshold}/100. ` +
-        `${uniqueStaleNames} stale flags found.`,
-      )
-    }
-
-    // Job summary (visible in Actions UI under "Summary" tab)
-    const healthEmoji = healthScore >= 90 ? '🟢' : healthScore >= 70 ? '🟡' : healthScore >= 40 ? '🟠' : '🔴'
-
-    core.summary.addHeading('🦈 FlagShark Scan Results', 2)
-    core.summary.addRaw(`\n${healthEmoji} **Health Score: ${healthScore}/100**\n\n`)
-    core.summary.addTable([
-      [{ data: 'Metric', header: true }, { data: 'Value', header: true }],
-      ['Files scanned', files.size.toString()],
-      ['Languages', Object.keys(langStats).join(', ') || 'none'],
-      ['Total flags', totalFlags.toString()],
-      ['Stale flags', uniqueStaleNames.toString()],
-      ['Scan mode', scanMode],
-      ['Scan time', `${scanDuration}ms`],
-    ])
-
-    if (providers.length > 0) {
-      core.summary.addRaw(`\n**Detected providers:** ${providers.join(', ')}\n`)
-    }
-
-    if (uniqueStaleNames > 0) {
-      core.summary.addRaw('\n### Top stale flags\n\n')
-      core.summary.addTable([
-        [{ data: 'Flag', header: true }, { data: 'File', header: true }, { data: 'Age', header: true }, { data: 'Signal', header: true }],
-        ...staleFlags.slice(0, 15).map(f => [
-          `\`${f.name}\``,
-          `${f.filePath}:${f.lineNumber}`,
-          f.age || 'unknown',
-          f.signals.map(s => s.description).join(', '),
-        ]),
-      ])
-      if (staleFlags.length > 15) {
-        core.summary.addRaw(`\n*... and ${staleFlags.length - 15} more stale flags*\n`)
-      }
-    }
-
-    core.summary.addRaw('\n---\n')
-    core.summary.addRaw('*Powered by [FlagShark](https://github.com/FlagShark/flagshark) — find stale feature flags before they cause incidents*\n')
-    core.summary.addRaw('\n[Automate flag cleanup](https://flagshark.com) · [Open source CLI](https://github.com/FlagShark/flagshark) · [Report an issue](https://github.com/FlagShark/flagshark/issues)\n')
-
-    await core.summary.write()
-
-  } catch (error) {
-    if (error instanceof Error) {
-      core.setFailed(error.message)
-    } else {
-      core.setFailed('An unexpected error occurred')
-    }
-  }
-}
-
-async function postComment(
-  token: string,
-  staleFlags: StaleFlag[],
-  totalFlags: number,
-  healthScore: number,
-  scanMode: string,
-  langStats: Record<string, number>,
-  providers: string[],
-  scanDuration: number,
-): Promise<void> {
-  const octokit = github.getOctokit(token)
-  const { owner, repo } = github.context.repo
-  const prNumber = github.context.payload.pull_request!.number
-
-  const uniqueStaleCount = new Set(staleFlags.map((f) => f.name)).size
-  const modeLabel = scanMode === 'full' ? 'Full repo scan' : 'Changed files only'
-  const healthEmoji = healthScore >= 90 ? '🟢' : healthScore >= 70 ? '🟡' : healthScore >= 40 ? '🟠' : '🔴'
-  const langList = Object.entries(langStats).map(([l, c]) => `${l} (${c})`).join(', ')
-  const providerList = providers.length > 0
-    ? providers.slice(0, 5).join(', ') + (providers.length > 5 ? ` +${providers.length - 5} more` : '')
-    : 'none detected'
-
-  let body = `${COMMENT_MARKER}\n`
-
-  // Header
-  if (uniqueStaleCount === 0) {
-    body += `## 🦈 FlagShark — All flags healthy\n\n`
-  } else {
-    body += `## 🦈 FlagShark — ${uniqueStaleCount} stale flag${uniqueStaleCount !== 1 ? 's' : ''} found\n\n`
-  }
-
-  // Health score badge
-  body += `${healthEmoji} **Health Score: ${healthScore}/100**\n\n`
-
-  // Stats row
-  body += `| Metric | Value |\n`
-  body += `|--------|-------|\n`
-  body += `| Flags detected | ${totalFlags} |\n`
-  body += `| Stale flags | ${uniqueStaleCount} |\n`
-  body += `| Languages | ${langList} |\n`
-  body += `| Providers | ${providerList} |\n`
-  body += `| Scan mode | ${modeLabel} |\n`
-  body += `| Scan time | ${scanDuration}ms |\n\n`
-
-  // Stale flags table
-  if (uniqueStaleCount > 0) {
-    body += `<details${uniqueStaleCount <= 5 ? ' open' : ''}>\n`
-    body += `<summary><strong>Stale flags (${uniqueStaleCount})</strong></summary>\n\n`
-    body += '| Flag | File | Age | Why it looks stale |\n'
-    body += '|------|------|-----|--------------------|\n'
-
-    const displayFlags = staleFlags.slice(0, 20)
-    for (const flag of displayFlags) {
-      const signals = flag.signals.map(s => s.description).join(', ')
-      const shortPath = flag.filePath.replace(/^\.\//, '')
-      body += `| \`${flag.name}\` | \`${shortPath}:${flag.lineNumber}\` | ${flag.age || 'unknown'} | ${signals} |\n`
-    }
-
-    if (staleFlags.length > 20) {
-      body += `\n*... and ${staleFlags.length - 20} more. Run \`npx flagshark scan --verbose\` locally for the full list.*\n`
-    }
-
-    body += '\n</details>\n\n'
-  }
-
-  // Footer with links
-  body += '---\n'
-  body += `*[FlagShark](https://github.com/FlagShark/flagshark) finds stale feature flags before they cause incidents*\n\n`
-  body += `[Automate flag cleanup](https://flagshark.com) · `
-  body += `[Install CLI](https://www.npmjs.com/package/flagshark) · `
-  body += `[Open source](https://github.com/FlagShark/flagshark)\n`
-
-  // Find existing comment to update
-  const { data: comments } = await octokit.rest.issues.listComments({
-    owner, repo, issue_number: prNumber, per_page: 100,
-  })
-
-  const existing = comments.find((c) => c.body?.includes(COMMENT_MARKER))
-
-  if (existing) {
-    await octokit.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body })
-    core.info('Updated existing FlagShark comment')
-  } else {
-    await octokit.rest.issues.createComment({ owner, repo, issue_number: prNumber, body })
-    core.info('Posted new FlagShark comment')
-  }
-}
-
-function walkDir(dir: string, supportedExts: Set<string>): string[] {
-  const results: string[] = []
-  try {
-    const entries = readdirSync(dir, { withFileTypes: true })
-    for (const entry of entries) {
-      if (SKIP_DIRS.has(entry.name) || entry.name.startsWith('.')) continue
-      const fullPath = join(dir, entry.name)
-      if (entry.isDirectory()) {
-        results.push(...walkDir(fullPath, supportedExts))
-      } else if (entry.isFile() && supportedExts.has(extname(entry.name))) {
-        results.push(fullPath)
-      }
-    }
-  } catch { /* skip unreadable dirs */ }
-  return results
-}
-
-run()