pi-lens 2.1.0 → 2.2.0

package/commands/refactor.ts

@@ -9,7 +9,6 @@ import type { AstGrepClient } from "../clients/ast-grep-client.js";
 import { createAutoLoop } from "../clients/auto-loop.js";
 import type { ComplexityClient } from "../clients/complexity-client.js";
 import {
-	extractCodeSnippet,
 	scanArchitectViolations,
 	scanComplexityMetrics,
 	scanSkipViolations,
@@ -103,18 +102,33 @@ export async function handleRefactor(
 		return;
 	}
 
+	// --- Write ranked list to TSV for agent reference ---
+	const reportDir = path.join(process.cwd(), ".pi-lens", "reports");
+	nodeFs.mkdirSync(reportDir, { recursive: true });
+	const reportPath = path.join(reportDir, "refactor-ranked.tsv");
+
+	const tsvRows: string[] = [
+		"rank\tfile\tscore\tmi\tcognitive\tnesting\tviolations",
+	];
+	scored.slice(0, 50).forEach((f, i) => {
+		const m = metricsByFile.get(f.file);
+		const skipCount = skipByFile.get(f.file)?.length ?? 0;
+		const archCount = architectViolations?.get(f.file)?.length ?? 0;
+		const totalViolations = skipCount + archCount;
+		const relPath = path.relative(targetPath, f.file).replace(/\\/g, "/");
+		tsvRows.push(
+			`${i + 1}\t${relPath}\t${f.score}\t${m?.mi.toFixed(1) ?? "-"}\t${m?.cognitive ?? "-"}\t${m?.nesting ?? "-"}\t${totalViolations}`,
+		);
+	});
+	nodeFs.writeFileSync(reportPath, tsvRows.join("\n"), "utf-8");
+
+	// --- Current worst offender ---
 	const { file: worstFile, score } = scored[0];
 	const relFile = path.relative(targetPath, worstFile).replace(/\\/g, "/");
 	const issues = skipByFile.get(worstFile) ?? [];
 	const metrics = metricsByFile.get(worstFile);
 	const archIssues = architectViolations.get(worstFile) ?? [];
 
-	const snippetResult =
-		issues.length > 0 ? extractCodeSnippet(worstFile, issues[0].line) : null;
-	const snippet = snippetResult?.snippet ?? "";
-	const snippetStart = snippetResult?.start ?? 1;
-	const snippetEnd = snippetResult?.end ?? 1;
-
 	const ruleGroups = new Map<string, number>();
 	for (const i of issues)
 		ruleGroups.set(i.rule, (ruleGroups.get(i.rule) ?? 0) + 1);
@@ -131,6 +145,27 @@ export async function handleRefactor(
 		? `MI: ${metrics.mi.toFixed(1)}, Cognitive: ${metrics.cognitive}, Nesting: ${metrics.nesting}`
 		: "";
 
+	// First violation line for quick reference
+	const firstViolationLine = issues.length > 0 ? issues[0].line : null;
+
+	// --- Compact terminal summary ---
+	const topFiles = scored
+		.slice(0, 5)
+		.map((f, i) => {
+			const name = path.relative(targetPath, f.file).replace(/\\/g, "/");
+			return `  ${i + 1}. ${name} (score: ${f.score})`;
+		})
+		.join("\n");
+
+	ctx.ui.notify(
+		`🏗️ Worst: ${relFile} (score: ${score}) — ${scored.length} files with debt`,
+		"info",
+	);
+	console.log(
+		`\n📊 Top ${Math.min(scored.length, 5)} worst offenders:\n${topFiles}\n📄 Full ranked list: .pi-lens/reports/refactor-ranked.tsv\n`,
+	);
+
+	// --- Steer message for agent ---
 	const steer = [
 		`🏗️ BOOBOO REFACTOR — worst offender identified`,
 		"",
@@ -142,11 +177,9 @@ export async function handleRefactor(
 		archIssues.length > 0
 			? `**Architectural rules violated**:\n${archSummary}`
 			: "",
+		firstViolationLine ? `First violation at line ${firstViolationLine}` : "",
 		"",
-		`**Code** (\`${relFile}\` lines ${snippetStart}–${snippetEnd}):`,
-		"```typescript",
-		snippet,
-		"```",
+		`📄 Full details: .pi-lens/reports/refactor-ranked.tsv — read \`${relFile}\` when ready`,
 		"",
 		"**Your job**:",
 		"1. Analyze this code — what's the most impactful refactoring for this file?",

package/default-architect.yaml

@@ -67,6 +67,13 @@ rules:
       - pattern: '\.then\('
         message: "Prefer async/await over .then() chains for better readability and error handling."
 
+  # --- Grep-ability & Agent Search ---
+  # Note: 'export default' is acceptable for entry points (index.ts)
+  - pattern: "**/*.{ts,tsx}"
+    must_not:
+      - pattern: "from\s+['\"]\.\./\.\./\.\./"
+        message: "Avoid deep relative imports (3+ levels) — use absolute imports (@app/...) for agent reasoning."
+
 # =============================================================================
 # PYTHON-SPECIFIC RULES
 # =============================================================================

package/index.ts

@@ -31,12 +31,14 @@ import {
 } from "./clients/rules-scanner.js";
 import { RustClient } from "./clients/rust-client.js";
 import { getSourceFiles } from "./clients/scan-utils.js";
+import { formatSecrets, scanForSecrets } from "./clients/secrets-scanner.js";
 import { TestRunnerClient } from "./clients/test-runner-client.js";
 import { TodoScanner } from "./clients/todo-scanner.js";
 import { TypeCoverageClient } from "./clients/type-coverage-client.js";
 import { TypeScriptClient } from "./clients/typescript-client.js";
 import { handleBooboo } from "./commands/booboo.js";
 import { handleFix } from "./commands/fix.js";
+import { handleRate } from "./commands/rate.js";
 import { handleRefactor, initRefactorLoop } from "./commands/refactor.js";
 
 /** Parse a diff to extract modified line ranges in the new file.
@@ -618,6 +620,20 @@ export default function (pi: ExtensionAPI) {
 		},
 	});
 
+	pi.registerCommand("lens-rate", {
+		description:
+			"Show code quality score with visual breakdown. Usage: /lens-rate [path]",
+		handler: async (args, ctx) => {
+			const result = await handleRate(args, ctx, {
+				complexity: complexityClient,
+				knip: knipClient,
+				typeCoverage: typeCoverageClient,
+				architect: architectClient,
+			});
+			ctx.ui.notify(result, "info");
+		},
+	});
+
 	pi.registerCommand("lens-format", {
 		description:
 			"Apply Biome formatting to files. Usage: /lens-format [file-path] or /lens-format --all",
@@ -707,7 +723,7 @@ export default function (pi: ExtensionAPI) {
 		name: "ast_grep_search",
 		label: "AST Search",
 		description:
-			"Search code using AST-aware pattern matching. IMPORTANT: Use specific AST patterns, NOT text search. Examples:\n- Find function: 'function $NAME() { $$$BODY }'\n- Find call: 'fetchMetrics($ARGS)'\n- Find import: 'import { $NAMES } from \"$PATH\"'\n- Generic identifier (broad): 'fetchMetrics'\n\nAlways prefer specific patterns with context over bare identifiers. Use 'paths' to scope to specific files/folders.",
+			"Search code using AST-aware pattern matching. IMPORTANT: Use specific AST patterns, NOT text search. Examples:\n- Find function: 'function $NAME() { $$$BODY }'\n- Find call: 'fetchMetrics($ARGS)'\n- Find import: 'import { $NAMES } from \"$PATH\"'\n- Generic identifier (broad): 'fetchMetrics'\n\nAlways prefer specific patterns with context over bare identifiers. Use 'paths' to scope to specific files/folders. Use 'selector' to extract specific nodes (e.g., just the function name). Use 'context' to show surrounding lines.",
 		promptSnippet: "Use ast_grep_search for AST-aware code search",
 		parameters: Type.Object({
 			pattern: Type.String({
@@ -722,6 +738,17 @@ export default function (pi: ExtensionAPI) {
 					description: "Specific files/folders to search",
 				}),
 			),
+			selector: Type.Optional(
+				Type.String({
+					description:
+						"Extract specific AST node kind (e.g., 'name', 'body', 'parameter'). Use with patterns like '$NAME($$$)' to extract just the name.",
+				}),
+			),
+			context: Type.Optional(
+				Type.Number({
+					description: "Show N lines before/after each match for context",
+				}),
+			),
 		}),
 		async execute(_toolCallId, params, _signal, _onUpdate, ctx) {
 			if (!astGrepClient.isAvailable()) {
@@ -737,13 +764,18 @@ export default function (pi: ExtensionAPI) {
 				};
 			}
 
-			const { pattern, lang, paths } = params as {
+			const { pattern, lang, paths, selector, context } = params as {
 				pattern: string;
 				lang: string;
 				paths?: string[];
+				selector?: string;
+				context?: number;
 			};
 			const searchPaths = paths?.length ? paths : [ctx.cwd || "."];
-			const result = await astGrepClient.search(pattern, lang, searchPaths);
+			const result = await astGrepClient.search(pattern, lang, searchPaths, {
+				selector,
+				context,
+			});
 
 			if (result.error) {
 				return {
@@ -824,11 +856,11 @@ export default function (pi: ExtensionAPI) {
 			}
 
 			const isDryRun = !apply;
-			let output = astGrepClient.formatMatches(result.matches, isDryRun);
-			if (isDryRun && result.matches.length > 0)
-				output += "\n\n(Dry run - use apply=true to apply)";
-			if (apply && result.matches.length > 0)
-				output = `Applied ${result.matches.length} replacements:\n${output}`;
+			const output = astGrepClient.formatMatches(
+				result.matches,
+				isDryRun,
+				true, // showModeIndicator
+			);
 
 			return {
 				content: [{ type: "text", text: output }],
@@ -1227,13 +1259,29 @@ export default function (pi: ExtensionAPI) {
 
 		// Record write for metrics (silent tracking)
 
+		let fileContent: string | undefined;
 		try {
-			const content = nodeFs.readFileSync(filePath, "utf-8");
-			metricsClient.recordWrite(filePath, content);
+			fileContent = nodeFs.readFileSync(filePath, "utf-8");
+			metricsClient.recordWrite(filePath, fileContent);
 		} catch (err) {
 			void err;
 		}
 
+		// --- Secrets scan (blocking - must check before other linting) ---
+		if (fileContent) {
+			const secretFindings = scanForSecrets(fileContent);
+			if (secretFindings.length > 0) {
+				const secretsOutput = formatSecrets(secretFindings, filePath);
+				return {
+					content: [
+						...event.content,
+						{ type: "text" as const, text: `\n\n${secretsOutput}` },
+					],
+					isError: true,
+				};
+			}
+		}
+
 		let lspOutput = preHint ? `\n\n${preHint}` : "";
 
 		// --- Declarative dispatch: run all applicable lint tools ---

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "pi-lens",
-	"version": "2.1.0",
+	"version": "2.2.0",
 	"type": "module",
 	"description": "Real-time code quality feedback for pi — TypeScript LSP, Biome, ast-grep, Ruff, complexity metrics, duplicate detection. Includes automated fix loop (/lens-booboo-fix) and interactive architectural refactoring (/lens-booboo-refactor) with browser-based interviews.",
 	"repository": {

package/rules/ast-grep-rules/rules/no-default-export.yml

@@ -0,0 +1,19 @@
+id: no-default-export
+message: >-
+  Use named exports instead of default exports.
+  Named exports improve grep-ability: agents can precisely locate
+  `export const Foo` and all `import { Foo } from` usages.
+severity: info
+language: typescript
+rule:
+  pattern: export default $X
+note: |
+  Named exports make code searchable for agents and humans.
+
+  Before:
+    export default function helper() { }
+
+  After:
+    export function helper() { }
+
+  Exception: Entry points (index.ts) typically require default exports.

package/rules/ast-grep-rules/rules/no-hardcoded-secrets.yml

@@ -1,14 +1,17 @@
 id: no-hardcoded-secrets
 language: TypeScript
-message: "Potential hardcoded secret or API key detected"
+message: "Hardcoded secret detected — use process.env instead"
 severity: error
 note: |
   Hardcoded secrets in source code can be exposed through version control.
   Use environment variables or a secrets manager instead.
-  Grade 3.1 — high risk, improved security.
+  
+  BAD:  const apiKey = "sk-live-1234567890"
+  GOOD: const apiKey = process.env.API_KEY
 rule:
   any:
-    - all:
-        - pattern: $VAR = $SECRET
-        - has:
-            regex: "(?i)(password|passwd|pwd|secret|token|api_?key|apikey|access_?key|auth|private_?key|client_?secret)"
+    - pattern: const $VAR = "$_"
+    - pattern: const $VAR = '$_'
+constraints:
+  VAR:
+    regex: "(password|passwd|pwd|secret|token|apiKey|api_key|apikey|apiSecret|accessKey|access_key|auth|privateKey|private_key|clientSecret|client_secret|credentials|bearer)"

package/rules/ast-grep-rules/rules/no-process-env.yml

@@ -1,18 +1,18 @@
 id: no-process-env
 language: TypeScript
-message: "Do not access process.env directly — use dependency injection or a config module"
-severity: error
+message: "Avoid direct process.env access for secrets — use config service"
+severity: warning
 note: |
-  Direct process.env access makes code untestable and tightly coupled to the
-  runtime environment. Use a configuration service or DI container instead.
+  Direct process.env access for sensitive values should go through
+  a config service for testability and centralization.
   
-  BAD: const dbUrl = process.env.DATABASE_URL;
-  GOOD: constructor(private config: ConfigService) {}
-        const dbUrl = this.config.get('DATABASE_URL');
+  BAD:  const key = process.env.API_KEY
+        const { password } = process.env
   
-  Grade 2.0 — critical architectural violation for testability.
+  GOOD: const key = config.apiKey
+        constructor(private config: ConfigService) {}
 rule:
-  any:
-    - pattern: process.env.$KEY
-    - pattern: process.env[$KEY]
-    - pattern: Deno.env.get($KEY)
+  pattern: process.env.$KEY
+constraints:
+  KEY:
+    regex: "(PASSWORD|PASSWD|SECRET|TOKEN|API_KEY|APIKEY|ACCESS_KEY|PRIVATE_KEY|CLIENT_SECRET|CREDENTIALS|BEARER)"

package/rules/ast-grep-rules/rules/no-relative-imports.yml

@@ -0,0 +1,21 @@
+id: no-relative-cross-package-import
+message: >-
+  Avoid relative imports across package boundaries (../../).
+  Use absolute imports (@app/..., @components/...) for better agent reasoning
+  about code provenance and safer refactors.
+severity: info
+language: typescript
+rule:
+  any:
+    - pattern: import { $$$ } from '../../../$$$'
+    - pattern: import '$$$/../../../$$$'
+    - pattern: import * as $N from '../../../$$$'
+    - pattern: import $N from '../../../$$$'
+note: |
+  Relative imports with 3+ levels (../../../) indicate cross-package imports.
+
+  Before:
+    import { helper } from '../../../utils/helper';
+
+  After:
+    import { helper } from '@/utils/helper';