qodfy 0.1.6 → 0.2.1

package/dist/index.js

@@ -3,12 +3,18 @@
 // src/index.ts
 import fs from "fs/promises";
 import path from "path";
+import { checkbox, select } from "@inquirer/prompts";
 import { Command } from "commander";
 import pc from "picocolors";
-import { scanProject } from "@qodfy/core";
+import {
+  recommendedScanChecks,
+  scanProject,
+  validScanChecks
+} from "@qodfy/core";
+var DEFAULT_MAX_ISSUES = 20;
 var program = new Command();
-program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.1.6");
-program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", "50").action(async (options) => {
+program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.2.1");
+program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", String(DEFAULT_MAX_ISSUES)).option("--prompts", "Show safe copy-paste fix prompts for displayed issues").option("--checks <checks>", "Comma-separated checks to run").option("--all", "Run all checks without prompting").option("--no-interactive", "Skip interactive prompts and run the recommended scan").action(async (options) => {
   const pathResult = await resolveProjectPath(options.path);
   if (!pathResult.ok) {
     printScanError(pathResult.reason);
@@ -16,15 +22,260 @@ program.command("scan").description("Scan a project for launch readiness issues.
     return;
   }
   try {
+    const scanModeResult = await resolveScanMode(options);
+    if (!scanModeResult.ok) {
+      printScanError(scanModeResult.reason);
+      process.exitCode = 1;
+      return;
+    }
+    if (scanModeResult.notice) {
+      console.log(pc.dim(scanModeResult.notice));
+      console.log("");
+    }
     console.log(pc.cyan("Qodfy is scanning your project...\n"));
-    const report = await scanProject(pathResult.projectPath);
-    printReport(report, parseMaxIssues(options.maxIssues));
+    const report = await scanProject({
+      projectPath: pathResult.projectPath,
+      checks: scanModeResult.checks
+    });
+    printReport(
+      report,
+      parseMaxIssues(options.maxIssues),
+      Boolean(options.prompts),
+      scanModeResult.label
+    );
   } catch (error) {
-    printScanError(getErrorMessage(error));
+    if (isPromptCancelError(error)) {
+      console.log("Scan cancelled.");
+    } else {
+      printScanError(getErrorMessage(error));
+    }
     process.exitCode = 1;
   }
 });
+var categoryOrder = [
+  "security",
+  "webhook",
+  "ai",
+  "api",
+  "environment",
+  "maintainability",
+  "project"
+];
+var categoryLabels = {
+  security: "Security",
+  api: "API",
+  webhook: "Webhooks",
+  ai: "AI",
+  environment: "Environment",
+  maintainability: "Maintainability",
+  project: "Project"
+};
 await program.parseAsync();
+async function resolveScanMode(options) {
+  if (options.checks) {
+    const parsedChecks = parseChecks(options.checks);
+    if (!parsedChecks.ok) {
+      return parsedChecks;
+    }
+    return {
+      ok: true,
+      checks: parsedChecks.checks,
+      label: getScanModeLabel(parsedChecks.checks)
+    };
+  }
+  if (options.all) {
+    return {
+      ok: true,
+      checks: [...validScanChecks],
+      label: "All checks"
+    };
+  }
+  if (options.interactive === false) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan"
+    };
+  }
+  if (isNonInteractiveTerminal()) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan",
+      notice: "Running recommended scan in non-interactive mode."
+    };
+  }
+  return promptForScanMode();
+}
+async function promptForScanMode() {
+  console.log(pc.bold("Qodfy Scan"));
+  console.log("");
+  const mode = await select({
+    message: "Choose scan mode:",
+    choices: [
+      {
+        name: "Recommended launch scan",
+        value: "recommended",
+        description: "Project setup, API routes, environment, AI, webhooks, and maintainability"
+      },
+      {
+        name: "Security & API routes",
+        value: "security-api",
+        description: "API authentication, client-side secrets, hardcoded secrets, and webhooks"
+      },
+      {
+        name: "Environment variables",
+        value: "environment",
+        description: ".env.example and process.env documentation"
+      },
+      {
+        name: "AI route cost risks",
+        value: "ai",
+        description: "AI-related routes that may need rate limits or usage limits"
+      },
+      {
+        name: "Webhooks",
+        value: "webhook",
+        description: "Webhook signature verification"
+      },
+      {
+        name: "Maintainability",
+        value: "maintainability",
+        description: "Large files and maintainability signals"
+      },
+      {
+        name: "Custom selection",
+        value: "custom",
+        description: "Choose exactly which checks to run"
+      }
+    ]
+  });
+  if (mode === "custom") {
+    const checks = await checkbox({
+      message: "Select checks to run:",
+      required: true,
+      choices: [
+        { name: "Project setup", value: "project" },
+        { name: "API route authentication", value: "api", checked: true },
+        { name: "Environment variables", value: "environment", checked: true },
+        { name: "AI route cost risks", value: "ai" },
+        { name: "Webhooks", value: "webhook" },
+        { name: "Maintainability / large files", value: "maintainability" }
+      ]
+    });
+    return {
+      ok: true,
+      checks,
+      label: `Custom selection: ${checks.join(", ")}`
+    };
+  }
+  return {
+    ok: true,
+    checks: getChecksForMode(mode),
+    label: getScanModeName(mode)
+  };
+}
+function getChecksForMode(mode) {
+  if (mode === "recommended") {
+    return [...recommendedScanChecks];
+  }
+  if (mode === "security-api") {
+    return ["api", "security", "webhook"];
+  }
+  if (mode === "environment") {
+    return ["environment"];
+  }
+  if (mode === "ai") {
+    return ["ai"];
+  }
+  if (mode === "webhook") {
+    return ["webhook"];
+  }
+  return ["maintainability"];
+}
+function getScanModeName(mode) {
+  if (mode === "recommended") {
+    return "Recommended launch scan";
+  }
+  if (mode === "security-api") {
+    return "Security & API routes";
+  }
+  if (mode === "environment") {
+    return "Environment variables";
+  }
+  if (mode === "ai") {
+    return "AI route cost risks";
+  }
+  if (mode === "webhook") {
+    return "Webhooks";
+  }
+  return "Maintainability";
+}
+function parseChecks(checks) {
+  const selectedChecks = [...new Set(
+    checks.split(",").map((check) => check.trim().toLowerCase()).filter(Boolean)
+  )];
+  if (selectedChecks.length === 0) {
+    return {
+      ok: false,
+      reason: `No checks were provided. Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  const invalidChecks = selectedChecks.filter((check) => !isScanCheck(check));
+  if (invalidChecks.length > 0) {
+    return {
+      ok: false,
+      reason: `Invalid check${invalidChecks.length === 1 ? "" : "s"}: ${invalidChecks.join(", ")}.
+Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  return {
+    ok: true,
+    checks: selectedChecks.filter(isScanCheck)
+  };
+}
+function isScanCheck(check) {
+  return validScanChecks.includes(check);
+}
+function getScanModeLabel(checks) {
+  if (hasSameChecks(checks, recommendedScanChecks)) {
+    return "Recommended launch scan";
+  }
+  if (hasSameChecks(checks, validScanChecks)) {
+    return "All checks";
+  }
+  if (checks.length === 1) {
+    const check = checks[0];
+    if (check === "environment") {
+      return "Environment variables";
+    }
+    if (check === "api") {
+      return "API route authentication";
+    }
+    if (check === "ai") {
+      return "AI route cost risks";
+    }
+    if (check === "webhook") {
+      return "Webhooks";
+    }
+    if (check === "maintainability") {
+      return "Maintainability";
+    }
+    if (check === "project") {
+      return "Project setup";
+    }
+    return "Security";
+  }
+  return `Custom selection: ${checks.join(", ")}`;
+}
+function hasSameChecks(leftChecks, rightChecks) {
+  const leftSet = new Set(leftChecks);
+  const rightSet = new Set(rightChecks);
+  return leftSet.size === rightSet.size && [...leftSet].every((check) => rightSet.has(check));
+}
+function isNonInteractiveTerminal() {
+  return Boolean(process.env.CI) || !process.stdin.isTTY || !process.stdout.isTTY;
+}
 async function resolveProjectPath(projectPath) {
   const inputPath = projectPath.trim() || process.cwd();
   const resolvedPath = path.resolve(inputPath);
@@ -60,11 +311,12 @@ async function resolveProjectPath(projectPath) {
     };
   }
 }
-function printReport(report, maxIssues) {
+function printReport(report, maxIssues, showPrompts, scanModeLabel) {
   console.log(pc.bold("Qodfy Report"));
   console.log("");
   const scoreColor = report.score >= 80 ? pc.green : report.score >= 60 ? pc.yellow : pc.red;
   console.log(`Launch Readiness: ${scoreColor(`${report.score}/100`)}`);
+  console.log(`Scan mode: ${scanModeLabel}`);
   console.log("");
   console.log(pc.bold("Stats"));
   console.log(`Files scanned: ${report.stats.totalFiles}`);
@@ -73,31 +325,163 @@ function printReport(report, maxIssues) {
   console.log(`Large files: ${report.stats.largeFiles}`);
   console.log(`Scan duration: ${formatDuration(report.stats.durationMs)}`);
   console.log("");
+  printSummary(report.issues);
   if (report.issues.length === 0) {
     console.log(pc.green("No issues found. Your project looks clean."));
     return;
   }
   console.log(pc.bold("Issues"));
-  const issuesToShow = report.issues.slice(0, maxIssues);
+  const displayIssues = getSortedDisplayIssues(report.issues);
+  const issuesToShow = displayIssues.slice(0, maxIssues);
   if (report.issues.length > maxIssues) {
     console.log(`Showing ${maxIssues} of ${report.issues.length} issues.`);
     console.log(`Use --max-issues <number> to show more.`);
   }
-  for (const issue of issuesToShow) {
-    const label = issue.severity === "critical" ? pc.red("CRITICAL") : issue.severity === "warning" ? pc.yellow("WARNING") : pc.blue("INFO");
-    console.log(`
-${label} ${pc.bold(issue.title)}`);
-    console.log(issue.message);
-    if (issue.file) {
-      console.log(pc.dim(`File: ${issue.file}`));
+  printGroupedIssues(issuesToShow, showPrompts);
+  console.log("");
+  console.log(pc.bold("Recommended next step:"));
+  console.log("Fix critical issues first, then warnings, then cleanup items.");
+  console.log("");
+  console.log(pc.bold("Next commands:"));
+  console.log("qodfy scan --checks api,environment");
+  console.log("qodfy scan --prompts --max-issues 5");
+}
+function printSummary(issues) {
+  const criticalCount = countIssuesBySeverity(issues, "critical");
+  const warningCount = countIssuesBySeverity(issues, "warning");
+  const infoCount = countIssuesBySeverity(issues, "info");
+  console.log(pc.bold("Summary"));
+  console.log(`Critical: ${criticalCount}`);
+  console.log(`Warnings: ${warningCount}`);
+  console.log(`Info: ${infoCount}`);
+  console.log("");
+  if (issues.length === 0) {
+    return;
+  }
+  console.log(pc.bold("Categories"));
+  for (const category of categoryOrder) {
+    const count = issues.filter((issue) => issue.category === category).length;
+    if (count > 0) {
+      console.log(`${categoryLabels[category]}: ${count}`);
+    }
+  }
+  const priorities = getTopPriorities(issues);
+  if (priorities.length > 0) {
+    console.log("");
+    console.log(pc.bold("Top priorities"));
+    for (const [index, priority] of priorities.entries()) {
+      console.log(`${index + 1}. ${priority}`);
+    }
+  }
+  console.log("");
+}
+function printGroupedIssues(issues, showPrompts) {
+  for (const category of categoryOrder) {
+    const categoryIssues = issues.filter((issue) => issue.category === category);
+    if (categoryIssues.length === 0) {
+      continue;
     }
-    if (issue.suggestion) {
-      console.log(pc.dim(`Suggestion: ${issue.suggestion}`));
+    console.log("");
+    console.log(pc.bold(categoryLabels[category]));
+    for (const issue of categoryIssues) {
+      printIssue(issue, showPrompts);
     }
   }
+}
+function printIssue(issue, showPrompts) {
   console.log("");
-  console.log(pc.bold("Recommended next step:"));
-  console.log("Fix critical issues first, then warnings, then cleanup items.");
+  console.log(`${pc.dim(`[${issue.id}]`)} ${getSeverityLabel(issue.severity)} ${pc.bold(issue.title)}`);
+  console.log(issue.message);
+  if (issue.file) {
+    console.log(pc.dim(`File: ${issue.file}`));
+  }
+  if (issue.suggestion) {
+    console.log(pc.dim(`Suggestion: ${issue.suggestion}`));
+  }
+  if (showPrompts && issue.fixPrompt) {
+    console.log("");
+    console.log(pc.bold("Fix Prompt:"));
+    console.log(issue.fixPrompt);
+  }
+}
+function getSeverityLabel(severity) {
+  if (severity === "critical") {
+    return pc.red("CRITICAL");
+  }
+  if (severity === "warning") {
+    return pc.yellow("WARNING");
+  }
+  return pc.blue("INFO");
+}
+function countIssuesBySeverity(issues, severity) {
+  return issues.filter((issue) => issue.severity === severity).length;
+}
+function getSortedDisplayIssues(issues) {
+  return [...issues].sort((leftIssue, rightIssue) => {
+    return getSeverityRank(leftIssue.severity) - getSeverityRank(rightIssue.severity) || categoryOrder.indexOf(leftIssue.category) - categoryOrder.indexOf(rightIssue.category) || leftIssue.ruleId.localeCompare(rightIssue.ruleId) || getIssueNumber(leftIssue.id) - getIssueNumber(rightIssue.id) || (leftIssue.file ?? "").localeCompare(rightIssue.file ?? "") || leftIssue.id.localeCompare(rightIssue.id);
+  });
+}
+function getIssueNumber(issueId) {
+  const match = issueId.match(/-(\d+)$/);
+  return match ? Number.parseInt(match[1], 10) : 0;
+}
+function getSeverityRank(severity) {
+  if (severity === "critical") {
+    return 0;
+  }
+  if (severity === "warning") {
+    return 1;
+  }
+  return 2;
+}
+function getTopPriorities(issues) {
+  const priorities = [
+    {
+      ruleIds: ["security-hardcoded-secret"],
+      message: "Remove possible hardcoded secrets and rotate any real exposed values."
+    },
+    {
+      ruleIds: ["webhook-missing-signature-verification"],
+      message: "Verify webhook signatures before handling external events."
+    },
+    {
+      ruleIds: ["ai-route-missing-rate-limit"],
+      message: "Add cost and abuse protection to AI-related API routes."
+    },
+    {
+      ruleIds: ["security-client-side-secret"],
+      message: "Move possible server-only secrets out of client-side code."
+    },
+    {
+      ruleIds: ["api-route-missing-auth"],
+      message: "Review API routes that may be missing authentication."
+    },
+    {
+      ruleIds: [
+        "environment-missing-env-example",
+        "environment-variable-missing-from-example"
+      ],
+      message: "Add missing environment variables to .env.example."
+    },
+    {
+      ruleIds: [
+        "maintainability-large-file",
+        "maintainability-large-file-skipped"
+      ],
+      message: "Review large files for maintainability before launch."
+    },
+    {
+      ruleIds: [
+        "project-missing-package-json",
+        "project-invalid-package-json",
+        "project-next-not-detected"
+      ],
+      message: "Confirm Qodfy is scanning the correct project root."
+    }
+  ];
+  return priorities.filter(
+    (priority) => issues.some((issue) => priority.ruleIds.includes(issue.ruleId))
+  ).slice(0, 3).map((priority) => priority.message);
 }
 function printScanError(reason) {
   console.error(pc.red("Qodfy could not scan this project."));
@@ -114,10 +498,13 @@ function getErrorMessage(error) {
   }
   return "An unexpected error occurred while scanning the project.";
 }
+function isPromptCancelError(error) {
+  return error instanceof Error && (error.name === "ExitPromptError" || error.message.includes("User force closed the prompt"));
+}
 function parseMaxIssues(maxIssues) {
   const parsedMaxIssues = Number.parseInt(maxIssues, 10);
   if (!Number.isFinite(parsedMaxIssues) || parsedMaxIssues <= 0) {
-    return 50;
+    return DEFAULT_MAX_ISSUES;
   }
   return parsedMaxIssues;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qodfy",
-  "version": "0.1.6",
+  "version": "0.2.1",
   "description": "Open-source launch readiness scanner for AI-built apps.",
   "keywords": [
     "qodfy",
@@ -49,9 +49,10 @@
     "access": "public"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.4.3",
     "commander": "^14.0.3",
     "picocolors": "^1.1.1",
-    "@qodfy/core": "^0.1.6"
+    "@qodfy/core": "^0.2.1"
   },
   "devDependencies": {
     "@types/node": "^25.7.0",