forgelens 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +25 -0
  2. package/LICENSE +21 -0
  3. package/README.md +172 -0
  4. package/dist/cli.cjs +1246 -0
  5. package/dist/cli.d.cts +1 -0
  6. package/dist/cli.d.ts +1 -0
  7. package/dist/cli.js +1223 -0
  8. package/package.json +52 -0
package/CHANGELOG.md ADDED
@@ -0,0 +1,25 @@
1
+ # Changelog
2
+
3
+ ## 0.1.0 - 2026-05-18
4
+
5
+ Initial CLI MVP release-readiness baseline.
6
+
7
+ ### Added
8
+
9
+ - `forgelens scan` command to generate 7 context Markdown files.
10
+ - `forgelens doctor` command for read-only safety/readiness checks.
11
+ - `forgelens clean` command with deletion safety guards and confirmation.
12
+ - `forgelens prompt codex` command for copy-ready Codex context prompt.
13
+
14
+ ### Detection model
15
+
16
+ - Provider-agnostic signal detection for auth and database layers.
17
+ - Evidence + confidence model (`high`, `medium`, `low`).
18
+ - Unknown/custom fallbacks when signal strength is weak.
19
+
20
+ ### Safety notes
21
+
22
+ - Source files are not modified by scan/doctor.
23
+ - Output is scoped to selected output folder.
24
+ - Env file names only; secrets are not printed.
25
+ - Static analysis only; not a security audit.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 ForgeLens contributors
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,172 @@
1
+ # ForgeLens
2
+
3
+ ForgeLens is a local-first CLI that scans a codebase and generates clean repository context files for AI coding agents.
4
+
5
+ ## Status
6
+
7
+ - ForgeLens is currently `v0.1.0`.
8
+ - It is a local-first CLI for deterministic static analysis.
9
+ - It is useful for generating AI repo context before edits.
10
+ - It is not a full semantic analyzer.
11
+ - It is not a security audit.
12
+
13
+ ## Why this tool exists
14
+
15
+ AI coding agents work better when repo structure, auth boundaries, routes, and risk areas are explicit.
16
+ Without clean context, agents guess more, make riskier edits, and miss architecture rules.
17
+
18
+ ForgeLens solves this by producing deterministic Markdown context from static analysis.
19
+
20
+ ## Who this is for
21
+
22
+ - Developers using Codex, Claude Code, Cursor, OpenCode, and similar tools
23
+ - Teams that want shared repo understanding before AI-assisted edits
24
+
25
+ ## What ForgeLens does
26
+
27
+ - Scans repository in read-only mode
28
+ - Detects project signals (framework, routes, server actions, database, auth, middleware, env files)
29
+ - Classifies database/auth detections with confidence (`high`, `medium`, `low`)
30
+ - Shows evidence files for each detected signal
31
+ - Writes context files to output folder only (default `.forgelens/`)
32
+
33
+ ## Supported signals/providers
34
+
35
+ Database/provider signals:
36
+ - Supabase
37
+ - Prisma
38
+ - Drizzle
39
+ - TypeORM
40
+ - Mongoose/MongoDB
41
+ - Firebase/Firestore
42
+ - PostgreSQL clients
43
+ - MySQL clients
44
+ - SQLite
45
+ - SQL migrations
46
+ - custom database layer
47
+ - unknown
48
+
49
+ Auth/provider signals:
50
+ - Clerk
51
+ - NextAuth/Auth.js
52
+ - Supabase Auth
53
+ - Firebase Auth
54
+ - Lucia
55
+ - Better Auth
56
+ - JWT custom auth
57
+ - cookie/session custom auth
58
+ - middleware-based auth
59
+ - custom auth
60
+ - unknown
61
+
62
+ ## Requirements
63
+
64
+ - Node.js 18+
65
+ - Works with npm, pnpm, yarn, and bun projects where package metadata is available
66
+
67
+ ## Install
68
+
69
+ ForgeLens is not published to npm yet. After npm release, install with:
70
+
71
+ ```bash
72
+ npm install -g forgelens
73
+ ```
74
+
75
+ After npm release, use without global install:
76
+
77
+ ```bash
78
+ npx forgelens scan
79
+ ```
80
+
81
+ Local development usage:
82
+
83
+ ```bash
84
+ pnpm install
85
+ pnpm build
86
+ pnpm link --global
87
+ forgelens scan
88
+ ```
89
+
90
+ ## CLI commands
91
+
92
+ ```bash
93
+ forgelens scan
94
+ forgelens doctor
95
+ forgelens clean --yes
96
+ forgelens prompt codex
97
+ ```
98
+
99
+ ## Common usage
100
+
101
+ ```bash
102
+ forgelens scan --root . --out .forgelens --format markdown --verbose
103
+ forgelens doctor --root . --out .forgelens
104
+ forgelens clean --root . --out .forgelens --yes
105
+ forgelens prompt codex
106
+ ```
107
+
108
+ ## Generated files
109
+
110
+ Inside `.forgelens/`:
111
+
112
+ - `FORGE_CONTEXT.md`
113
+ - `ARCHITECTURE_MAP.md`
114
+ - `ROUTES_MAP.md`
115
+ - `DATABASE_MAP.md`
116
+ - `SERVER_ACTIONS_MAP.md`
117
+ - `SECURITY_RULES.md`
118
+ - `RISK_REPORT.md`
119
+
120
+ ## Sample output (short)
121
+
122
+ Example from `DATABASE_MAP.md`:
123
+
124
+ ```md
125
+ ## Detected Providers
126
+ - prisma (confidence: high)
127
+ evidence: `prisma/schema.prisma`
128
+ notes: Prisma dependency and schema files
129
+ ```
130
+
131
+ Example from `SECURITY_RULES.md`:
132
+
133
+ ```md
134
+ ## Auth providers/signals detected
135
+ - nextauth-authjs (confidence: high)
136
+ evidence: `lib/auth.ts`
137
+
138
+ ## Environment files (names only)
139
+ - `.env.example`
140
+ - `.env.local`
141
+ ```
142
+
143
+ Example from `RISK_REPORT.md`:
144
+
145
+ ```md
146
+ - Server actions detected (2): `app/admin/actions.ts`, `app/orders/actions.ts`. Verify auth and input validation.
147
+ - API routes detected (1): `app/api/health/route.ts`. Verify auth and input validation.
148
+ ```
149
+
150
+ ## Example workflow with AI agents
151
+
152
+ 1. Run `forgelens scan` in your repo.
153
+ 2. Open generated `.forgelens/*.md` files.
154
+ 3. Paste `forgelens prompt codex` output into Codex (or equivalent prompt in Claude Code/Cursor/OpenCode).
155
+ 4. Ask agent to plan and edit with those context files first.
156
+
157
+ ## Safety promise
158
+
159
+ - Source code is never modified by scan/doctor.
160
+ - ForgeLens writes only in the selected output folder.
161
+ - Env file names can be reported, but secret values are never printed.
162
+ - No network/API calls are required for detection.
163
+
164
+ ## Limitations
165
+
166
+ - Static analysis only; dynamic/runtime behavior is not executed.
167
+ - Confidence is evidence-based, not guaranteed truth.
168
+ - Custom frameworks and unusual repo layouts may require manual review.
169
+
170
+ ## Important warning
171
+
172
+ ForgeLens is not a security audit and not a replacement for code review, AppSec review, or penetration testing.