qodfy 0.2.0 → 0.2.1

package/dist/index.js

@@ -3,14 +3,18 @@
 // src/index.ts
 import fs from "fs/promises";
 import path from "path";
+import { checkbox, select } from "@inquirer/prompts";
 import { Command } from "commander";
 import pc from "picocolors";
 import {
-  scanProject
+  recommendedScanChecks,
+  scanProject,
+  validScanChecks
 } from "@qodfy/core";
+var DEFAULT_MAX_ISSUES = 20;
 var program = new Command();
-program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.2.0");
-program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", "50").option("--prompts", "Show safe copy-paste fix prompts for displayed issues").action(async (options) => {
+program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.2.1");
+program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", String(DEFAULT_MAX_ISSUES)).option("--prompts", "Show safe copy-paste fix prompts for displayed issues").option("--checks <checks>", "Comma-separated checks to run").option("--all", "Run all checks without prompting").option("--no-interactive", "Skip interactive prompts and run the recommended scan").action(async (options) => {
   const pathResult = await resolveProjectPath(options.path);
   if (!pathResult.ok) {
     printScanError(pathResult.reason);
@@ -18,19 +22,41 @@ program.command("scan").description("Scan a project for launch readiness issues.
     return;
   }
   try {
+    const scanModeResult = await resolveScanMode(options);
+    if (!scanModeResult.ok) {
+      printScanError(scanModeResult.reason);
+      process.exitCode = 1;
+      return;
+    }
+    if (scanModeResult.notice) {
+      console.log(pc.dim(scanModeResult.notice));
+      console.log("");
+    }
     console.log(pc.cyan("Qodfy is scanning your project...\n"));
-    const report = await scanProject(pathResult.projectPath);
-    printReport(report, parseMaxIssues(options.maxIssues), Boolean(options.prompts));
+    const report = await scanProject({
+      projectPath: pathResult.projectPath,
+      checks: scanModeResult.checks
+    });
+    printReport(
+      report,
+      parseMaxIssues(options.maxIssues),
+      Boolean(options.prompts),
+      scanModeResult.label
+    );
   } catch (error) {
-    printScanError(getErrorMessage(error));
+    if (isPromptCancelError(error)) {
+      console.log("Scan cancelled.");
+    } else {
+      printScanError(getErrorMessage(error));
+    }
     process.exitCode = 1;
   }
 });
 var categoryOrder = [
   "security",
-  "api",
   "webhook",
   "ai",
+  "api",
   "environment",
   "maintainability",
   "project"
@@ -45,6 +71,211 @@ var categoryLabels = {
   project: "Project"
 };
 await program.parseAsync();
+async function resolveScanMode(options) {
+  if (options.checks) {
+    const parsedChecks = parseChecks(options.checks);
+    if (!parsedChecks.ok) {
+      return parsedChecks;
+    }
+    return {
+      ok: true,
+      checks: parsedChecks.checks,
+      label: getScanModeLabel(parsedChecks.checks)
+    };
+  }
+  if (options.all) {
+    return {
+      ok: true,
+      checks: [...validScanChecks],
+      label: "All checks"
+    };
+  }
+  if (options.interactive === false) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan"
+    };
+  }
+  if (isNonInteractiveTerminal()) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan",
+      notice: "Running recommended scan in non-interactive mode."
+    };
+  }
+  return promptForScanMode();
+}
+async function promptForScanMode() {
+  console.log(pc.bold("Qodfy Scan"));
+  console.log("");
+  const mode = await select({
+    message: "Choose scan mode:",
+    choices: [
+      {
+        name: "Recommended launch scan",
+        value: "recommended",
+        description: "Project setup, API routes, environment, AI, webhooks, and maintainability"
+      },
+      {
+        name: "Security & API routes",
+        value: "security-api",
+        description: "API authentication, client-side secrets, hardcoded secrets, and webhooks"
+      },
+      {
+        name: "Environment variables",
+        value: "environment",
+        description: ".env.example and process.env documentation"
+      },
+      {
+        name: "AI route cost risks",
+        value: "ai",
+        description: "AI-related routes that may need rate limits or usage limits"
+      },
+      {
+        name: "Webhooks",
+        value: "webhook",
+        description: "Webhook signature verification"
+      },
+      {
+        name: "Maintainability",
+        value: "maintainability",
+        description: "Large files and maintainability signals"
+      },
+      {
+        name: "Custom selection",
+        value: "custom",
+        description: "Choose exactly which checks to run"
+      }
+    ]
+  });
+  if (mode === "custom") {
+    const checks = await checkbox({
+      message: "Select checks to run:",
+      required: true,
+      choices: [
+        { name: "Project setup", value: "project" },
+        { name: "API route authentication", value: "api", checked: true },
+        { name: "Environment variables", value: "environment", checked: true },
+        { name: "AI route cost risks", value: "ai" },
+        { name: "Webhooks", value: "webhook" },
+        { name: "Maintainability / large files", value: "maintainability" }
+      ]
+    });
+    return {
+      ok: true,
+      checks,
+      label: `Custom selection: ${checks.join(", ")}`
+    };
+  }
+  return {
+    ok: true,
+    checks: getChecksForMode(mode),
+    label: getScanModeName(mode)
+  };
+}
+function getChecksForMode(mode) {
+  if (mode === "recommended") {
+    return [...recommendedScanChecks];
+  }
+  if (mode === "security-api") {
+    return ["api", "security", "webhook"];
+  }
+  if (mode === "environment") {
+    return ["environment"];
+  }
+  if (mode === "ai") {
+    return ["ai"];
+  }
+  if (mode === "webhook") {
+    return ["webhook"];
+  }
+  return ["maintainability"];
+}
+function getScanModeName(mode) {
+  if (mode === "recommended") {
+    return "Recommended launch scan";
+  }
+  if (mode === "security-api") {
+    return "Security & API routes";
+  }
+  if (mode === "environment") {
+    return "Environment variables";
+  }
+  if (mode === "ai") {
+    return "AI route cost risks";
+  }
+  if (mode === "webhook") {
+    return "Webhooks";
+  }
+  return "Maintainability";
+}
+function parseChecks(checks) {
+  const selectedChecks = [...new Set(
+    checks.split(",").map((check) => check.trim().toLowerCase()).filter(Boolean)
+  )];
+  if (selectedChecks.length === 0) {
+    return {
+      ok: false,
+      reason: `No checks were provided. Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  const invalidChecks = selectedChecks.filter((check) => !isScanCheck(check));
+  if (invalidChecks.length > 0) {
+    return {
+      ok: false,
+      reason: `Invalid check${invalidChecks.length === 1 ? "" : "s"}: ${invalidChecks.join(", ")}.
+Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  return {
+    ok: true,
+    checks: selectedChecks.filter(isScanCheck)
+  };
+}
+function isScanCheck(check) {
+  return validScanChecks.includes(check);
+}
+function getScanModeLabel(checks) {
+  if (hasSameChecks(checks, recommendedScanChecks)) {
+    return "Recommended launch scan";
+  }
+  if (hasSameChecks(checks, validScanChecks)) {
+    return "All checks";
+  }
+  if (checks.length === 1) {
+    const check = checks[0];
+    if (check === "environment") {
+      return "Environment variables";
+    }
+    if (check === "api") {
+      return "API route authentication";
+    }
+    if (check === "ai") {
+      return "AI route cost risks";
+    }
+    if (check === "webhook") {
+      return "Webhooks";
+    }
+    if (check === "maintainability") {
+      return "Maintainability";
+    }
+    if (check === "project") {
+      return "Project setup";
+    }
+    return "Security";
+  }
+  return `Custom selection: ${checks.join(", ")}`;
+}
+function hasSameChecks(leftChecks, rightChecks) {
+  const leftSet = new Set(leftChecks);
+  const rightSet = new Set(rightChecks);
+  return leftSet.size === rightSet.size && [...leftSet].every((check) => rightSet.has(check));
+}
+function isNonInteractiveTerminal() {
+  return Boolean(process.env.CI) || !process.stdin.isTTY || !process.stdout.isTTY;
+}
 async function resolveProjectPath(projectPath) {
   const inputPath = projectPath.trim() || process.cwd();
   const resolvedPath = path.resolve(inputPath);
@@ -80,11 +311,12 @@ async function resolveProjectPath(projectPath) {
     };
   }
 }
-function printReport(report, maxIssues, showPrompts) {
+function printReport(report, maxIssues, showPrompts, scanModeLabel) {
   console.log(pc.bold("Qodfy Report"));
   console.log("");
   const scoreColor = report.score >= 80 ? pc.green : report.score >= 60 ? pc.yellow : pc.red;
   console.log(`Launch Readiness: ${scoreColor(`${report.score}/100`)}`);
+  console.log(`Scan mode: ${scanModeLabel}`);
   console.log("");
   console.log(pc.bold("Stats"));
   console.log(`Files scanned: ${report.stats.totalFiles}`);
@@ -99,7 +331,8 @@ function printReport(report, maxIssues, showPrompts) {
     return;
   }
   console.log(pc.bold("Issues"));
-  const issuesToShow = report.issues.slice(0, maxIssues);
+  const displayIssues = getSortedDisplayIssues(report.issues);
+  const issuesToShow = displayIssues.slice(0, maxIssues);
   if (report.issues.length > maxIssues) {
     console.log(`Showing ${maxIssues} of ${report.issues.length} issues.`);
     console.log(`Use --max-issues <number> to show more.`);
@@ -108,6 +341,10 @@ function printReport(report, maxIssues, showPrompts) {
   console.log("");
   console.log(pc.bold("Recommended next step:"));
   console.log("Fix critical issues first, then warnings, then cleanup items.");
+  console.log("");
+  console.log(pc.bold("Next commands:"));
+  console.log("qodfy scan --checks api,environment");
+  console.log("qodfy scan --prompts --max-issues 5");
 }
 function printSummary(issues) {
   const criticalCount = countIssuesBySeverity(issues, "critical");
@@ -179,6 +416,24 @@ function getSeverityLabel(severity) {
 function countIssuesBySeverity(issues, severity) {
   return issues.filter((issue) => issue.severity === severity).length;
 }
+function getSortedDisplayIssues(issues) {
+  return [...issues].sort((leftIssue, rightIssue) => {
+    return getSeverityRank(leftIssue.severity) - getSeverityRank(rightIssue.severity) || categoryOrder.indexOf(leftIssue.category) - categoryOrder.indexOf(rightIssue.category) || leftIssue.ruleId.localeCompare(rightIssue.ruleId) || getIssueNumber(leftIssue.id) - getIssueNumber(rightIssue.id) || (leftIssue.file ?? "").localeCompare(rightIssue.file ?? "") || leftIssue.id.localeCompare(rightIssue.id);
+  });
+}
+function getIssueNumber(issueId) {
+  const match = issueId.match(/-(\d+)$/);
+  return match ? Number.parseInt(match[1], 10) : 0;
+}
+function getSeverityRank(severity) {
+  if (severity === "critical") {
+    return 0;
+  }
+  if (severity === "warning") {
+    return 1;
+  }
+  return 2;
+}
 function getTopPriorities(issues) {
   const priorities = [
     {
@@ -243,10 +498,13 @@ function getErrorMessage(error) {
   }
   return "An unexpected error occurred while scanning the project.";
 }
+function isPromptCancelError(error) {
+  return error instanceof Error && (error.name === "ExitPromptError" || error.message.includes("User force closed the prompt"));
+}
 function parseMaxIssues(maxIssues) {
   const parsedMaxIssues = Number.parseInt(maxIssues, 10);
   if (!Number.isFinite(parsedMaxIssues) || parsedMaxIssues <= 0) {
-    return 50;
+    return DEFAULT_MAX_ISSUES;
   }
   return parsedMaxIssues;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qodfy",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Open-source launch readiness scanner for AI-built apps.",
   "keywords": [
     "qodfy",
@@ -49,9 +49,10 @@
     "access": "public"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.4.3",
     "commander": "^14.0.3",
     "picocolors": "^1.1.1",
-    "@qodfy/core": "^0.2.0"
+    "@qodfy/core": "^0.2.1"
   },
   "devDependencies": {
     "@types/node": "^25.7.0",