qodfy 0.2.0 → 0.2.2

package/dist/index.js

@@ -3,14 +3,18 @@
 // src/index.ts
 import fs from "fs/promises";
 import path from "path";
+import { checkbox, select } from "@inquirer/prompts";
 import { Command } from "commander";
 import pc from "picocolors";
 import {
-  scanProject
+  recommendedScanChecks,
+  scanProject,
+  validScanChecks
 } from "@qodfy/core";
+var DEFAULT_MAX_ISSUES = 20;
 var program = new Command();
-program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.2.0");
-program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", "50").option("--prompts", "Show safe copy-paste fix prompts for displayed issues").action(async (options) => {
+program.name("qodfy").description("Launch readiness scanner for AI-built apps.").version("0.2.2");
+program.command("scan").description("Scan a project for launch readiness issues.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--max-issues <number>", "Maximum number of issues to display", String(DEFAULT_MAX_ISSUES)).option("--prompts", "Show safe copy-paste fix prompts for displayed issues").option("--checks <checks>", "Comma-separated checks to run").option("--all", "Run all checks without prompting").option("--no-interactive", "Skip interactive prompts and run the recommended scan").action(async (options) => {
   const pathResult = await resolveProjectPath(options.path);
   if (!pathResult.ok) {
     printScanError(pathResult.reason);
@@ -18,19 +22,74 @@ program.command("scan").description("Scan a project for launch readiness issues.
     return;
   }
   try {
+    const scanModeResult = await resolveScanMode(options);
+    if (!scanModeResult.ok) {
+      printScanError(scanModeResult.reason);
+      process.exitCode = 1;
+      return;
+    }
+    if (scanModeResult.notice) {
+      console.log(pc.dim(scanModeResult.notice));
+      console.log("");
+    }
     console.log(pc.cyan("Qodfy is scanning your project...\n"));
-    const report = await scanProject(pathResult.projectPath);
-    printReport(report, parseMaxIssues(options.maxIssues), Boolean(options.prompts));
+    const report = await scanProject({
+      projectPath: pathResult.projectPath,
+      checks: scanModeResult.checks
+    });
+    printReport(
+      report,
+      parseMaxIssues(options.maxIssues),
+      Boolean(options.prompts),
+      scanModeResult.label
+    );
   } catch (error) {
-    printScanError(getErrorMessage(error));
+    if (isPromptCancelError(error)) {
+      console.log("Scan cancelled.");
+    } else {
+      printScanError(getErrorMessage(error));
+    }
     process.exitCode = 1;
   }
 });
+program.command("prompt <issue-id>").description("Print the safe AI fix prompt for a specific issue.").option("-p, --path <path>", "Project path to scan", process.cwd()).option("--checks <checks>", "Comma-separated checks to search").option("--all", "Search all checks", true).action(async (issueId, options) => {
+  const pathResult = await resolveProjectPath(options.path);
+  if (!pathResult.ok) {
+    printScanError(pathResult.reason);
+    process.exitCode = 1;
+    return;
+  }
+  const checksResult = resolvePromptChecks(options);
+  if (!checksResult.ok) {
+    printPromptError(checksResult.reason);
+    process.exitCode = 1;
+    return;
+  }
+  const report = await scanProject({
+    projectPath: pathResult.projectPath,
+    checks: checksResult.checks
+  });
+  const issue = report.issues.find((scanIssue) => scanIssue.id === issueId);
+  if (!issue) {
+    printPromptError(
+      `Issue "${issueId}" was not found in this project scan.
+Run qodfy scan --all to see the current issue IDs.`
+    );
+    process.exitCode = 1;
+    return;
+  }
+  if (!issue.fixPrompt) {
+    printPromptError(`Issue "${issueId}" does not have an AI fix prompt yet.`);
+    process.exitCode = 1;
+    return;
+  }
+  printFixPrompt(issue);
+});
 var categoryOrder = [
   "security",
-  "api",
   "webhook",
   "ai",
+  "api",
   "environment",
   "maintainability",
   "project"
@@ -45,6 +104,229 @@ var categoryLabels = {
   project: "Project"
 };
 await program.parseAsync();
+async function resolveScanMode(options) {
+  if (options.checks) {
+    const parsedChecks = parseChecks(options.checks);
+    if (!parsedChecks.ok) {
+      return parsedChecks;
+    }
+    return {
+      ok: true,
+      checks: parsedChecks.checks,
+      label: getScanModeLabel(parsedChecks.checks)
+    };
+  }
+  if (options.all) {
+    return {
+      ok: true,
+      checks: [...validScanChecks],
+      label: "All checks"
+    };
+  }
+  if (options.interactive === false) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan"
+    };
+  }
+  if (isNonInteractiveTerminal()) {
+    return {
+      ok: true,
+      checks: [...recommendedScanChecks],
+      label: "Recommended launch scan",
+      notice: "Running recommended scan in non-interactive mode."
+    };
+  }
+  return promptForScanMode();
+}
+async function promptForScanMode() {
+  console.log(pc.bold("Qodfy Scan"));
+  console.log("");
+  const mode = await select({
+    message: "Choose scan mode:",
+    choices: [
+      {
+        name: "Recommended launch scan",
+        value: "recommended",
+        description: "Project setup, API routes, environment, AI, webhooks, and maintainability"
+      },
+      {
+        name: "Security & API routes",
+        value: "security-api",
+        description: "API authentication, client-side secrets, hardcoded secrets, and webhooks"
+      },
+      {
+        name: "Environment variables",
+        value: "environment",
+        description: ".env.example and process.env documentation"
+      },
+      {
+        name: "AI route cost risks",
+        value: "ai",
+        description: "AI-related routes that may need rate limits or usage limits"
+      },
+      {
+        name: "Webhooks",
+        value: "webhook",
+        description: "Webhook signature verification"
+      },
+      {
+        name: "Maintainability",
+        value: "maintainability",
+        description: "Large files and maintainability signals"
+      },
+      {
+        name: "Custom selection",
+        value: "custom",
+        description: "Choose exactly which checks to run"
+      }
+    ]
+  });
+  if (mode === "custom") {
+    const checks = await checkbox({
+      message: "Select checks to run:",
+      required: true,
+      choices: [
+        { name: "Project setup", value: "project" },
+        { name: "API route authentication", value: "api", checked: true },
+        { name: "Environment variables", value: "environment", checked: true },
+        { name: "AI route cost risks", value: "ai" },
+        { name: "Webhooks", value: "webhook" },
+        { name: "Maintainability / large files", value: "maintainability" }
+      ]
+    });
+    return {
+      ok: true,
+      checks,
+      label: `Custom selection: ${checks.join(", ")}`
+    };
+  }
+  return {
+    ok: true,
+    checks: getChecksForMode(mode),
+    label: getScanModeName(mode)
+  };
+}
+function getChecksForMode(mode) {
+  if (mode === "recommended") {
+    return [...recommendedScanChecks];
+  }
+  if (mode === "security-api") {
+    return ["api", "security", "webhook"];
+  }
+  if (mode === "environment") {
+    return ["environment"];
+  }
+  if (mode === "ai") {
+    return ["ai"];
+  }
+  if (mode === "webhook") {
+    return ["webhook"];
+  }
+  return ["maintainability"];
+}
+function getScanModeName(mode) {
+  if (mode === "recommended") {
+    return "Recommended launch scan";
+  }
+  if (mode === "security-api") {
+    return "Security & API routes";
+  }
+  if (mode === "environment") {
+    return "Environment variables";
+  }
+  if (mode === "ai") {
+    return "AI route cost risks";
+  }
+  if (mode === "webhook") {
+    return "Webhooks";
+  }
+  return "Maintainability";
+}
+function parseChecks(checks) {
+  const selectedChecks = [...new Set(
+    checks.split(",").map((check) => check.trim().toLowerCase()).filter(Boolean)
+  )];
+  if (selectedChecks.length === 0) {
+    return {
+      ok: false,
+      reason: `No checks were provided. Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  const invalidChecks = selectedChecks.filter((check) => !isScanCheck(check));
+  if (invalidChecks.length > 0) {
+    return {
+      ok: false,
+      reason: `Invalid check${invalidChecks.length === 1 ? "" : "s"}: ${invalidChecks.join(", ")}.
+Valid checks: ${validScanChecks.join(", ")}.`
+    };
+  }
+  return {
+    ok: true,
+    checks: selectedChecks.filter(isScanCheck)
+  };
+}
+function isScanCheck(check) {
+  return validScanChecks.includes(check);
+}
+function getScanModeLabel(checks) {
+  if (hasSameChecks(checks, recommendedScanChecks)) {
+    return "Recommended launch scan";
+  }
+  if (hasSameChecks(checks, validScanChecks)) {
+    return "All checks";
+  }
+  if (checks.length === 1) {
+    const check = checks[0];
+    if (check === "environment") {
+      return "Environment variables";
+    }
+    if (check === "api") {
+      return "API route authentication";
+    }
+    if (check === "ai") {
+      return "AI route cost risks";
+    }
+    if (check === "webhook") {
+      return "Webhooks";
+    }
+    if (check === "maintainability") {
+      return "Maintainability";
+    }
+    if (check === "project") {
+      return "Project setup";
+    }
+    return "Security";
+  }
+  return `Custom selection: ${checks.join(", ")}`;
+}
+function hasSameChecks(leftChecks, rightChecks) {
+  const leftSet = new Set(leftChecks);
+  const rightSet = new Set(rightChecks);
+  return leftSet.size === rightSet.size && [...leftSet].every((check) => rightSet.has(check));
+}
+function isNonInteractiveTerminal() {
+  return Boolean(process.env.CI) || !process.stdin.isTTY || !process.stdout.isTTY;
+}
+function resolvePromptChecks(options) {
+  if (options.checks) {
+    const parsedChecks = parseChecks(options.checks);
+    if (!parsedChecks.ok) {
+      return parsedChecks;
+    }
+    return {
+      ok: true,
+      checks: parsedChecks.checks,
+      label: getScanModeLabel(parsedChecks.checks)
+    };
+  }
+  return {
+    ok: true,
+    checks: [...validScanChecks],
+    label: "All checks"
+  };
+}
 async function resolveProjectPath(projectPath) {
   const inputPath = projectPath.trim() || process.cwd();
   const resolvedPath = path.resolve(inputPath);
@@ -80,11 +362,12 @@ async function resolveProjectPath(projectPath) {
     };
   }
 }
-function printReport(report, maxIssues, showPrompts) {
+function printReport(report, maxIssues, showPrompts, scanModeLabel) {
   console.log(pc.bold("Qodfy Report"));
   console.log("");
   const scoreColor = report.score >= 80 ? pc.green : report.score >= 60 ? pc.yellow : pc.red;
   console.log(`Launch Readiness: ${scoreColor(`${report.score}/100`)}`);
+  console.log(`Scan mode: ${scanModeLabel}`);
   console.log("");
   console.log(pc.bold("Stats"));
   console.log(`Files scanned: ${report.stats.totalFiles}`);
@@ -99,15 +382,24 @@ function printReport(report, maxIssues, showPrompts) {
     return;
   }
   console.log(pc.bold("Issues"));
-  const issuesToShow = report.issues.slice(0, maxIssues);
+  const displayIssues = getSortedDisplayIssues(report.issues);
+  const issuesToShow = displayIssues.slice(0, maxIssues);
   if (report.issues.length > maxIssues) {
     console.log(`Showing ${maxIssues} of ${report.issues.length} issues.`);
     console.log(`Use --max-issues <number> to show more.`);
   }
-  printGroupedIssues(issuesToShow, showPrompts);
+  printGroupedIssues(issuesToShow, showPrompts, report.projectPath);
   console.log("");
   console.log(pc.bold("Recommended next step:"));
   console.log("Fix critical issues first, then warnings, then cleanup items.");
+  console.log("");
+  console.log(pc.bold("Next commands:"));
+  const firstPromptIssue = issuesToShow.find((issue) => issue.fixPrompt);
+  if (firstPromptIssue) {
+    console.log(getPromptCommand(firstPromptIssue.id, report.projectPath));
+  }
+  console.log("qodfy scan --checks api,environment");
+  console.log("qodfy scan --max-issues 50");
 }
 function printSummary(issues) {
   const criticalCount = countIssuesBySeverity(issues, "critical");
@@ -138,7 +430,7 @@ function printSummary(issues) {
   }
   console.log("");
 }
-function printGroupedIssues(issues, showPrompts) {
+function printGroupedIssues(issues, showPrompts, projectPath) {
   for (const category of categoryOrder) {
     const categoryIssues = issues.filter((issue) => issue.category === category);
     if (categoryIssues.length === 0) {
@@ -147,11 +439,11 @@ function printGroupedIssues(issues, showPrompts) {
     console.log("");
     console.log(pc.bold(categoryLabels[category]));
     for (const issue of categoryIssues) {
-      printIssue(issue, showPrompts);
+      printIssue(issue, showPrompts, projectPath);
     }
   }
 }
-function printIssue(issue, showPrompts) {
+function printIssue(issue, showPrompts, projectPath) {
   console.log("");
   console.log(`${pc.dim(`[${issue.id}]`)} ${getSeverityLabel(issue.severity)} ${pc.bold(issue.title)}`);
   console.log(issue.message);
@@ -165,7 +457,19 @@ function printIssue(issue, showPrompts) {
     console.log("");
     console.log(pc.bold("Fix Prompt:"));
     console.log(issue.fixPrompt);
+  } else if (issue.fixPrompt) {
+    console.log(pc.dim(`AI fix prompt: ${getPromptCommand(issue.id, projectPath)}`));
+  }
+}
+function printFixPrompt(issue) {
+  console.log(pc.bold("Qodfy Fix Prompt"));
+  console.log("");
+  console.log(`${pc.dim(`[${issue.id}]`)} ${getSeverityLabel(issue.severity)} ${pc.bold(issue.title)}`);
+  if (issue.file) {
+    console.log(pc.dim(`File: ${issue.file}`));
   }
+  console.log("");
+  console.log(issue.fixPrompt);
 }
 function getSeverityLabel(severity) {
   if (severity === "critical") {
@@ -179,6 +483,24 @@ function getSeverityLabel(severity) {
 function countIssuesBySeverity(issues, severity) {
   return issues.filter((issue) => issue.severity === severity).length;
 }
+function getSortedDisplayIssues(issues) {
+  return [...issues].sort((leftIssue, rightIssue) => {
+    return getSeverityRank(leftIssue.severity) - getSeverityRank(rightIssue.severity) || categoryOrder.indexOf(leftIssue.category) - categoryOrder.indexOf(rightIssue.category) || leftIssue.ruleId.localeCompare(rightIssue.ruleId) || getIssueNumber(leftIssue.id) - getIssueNumber(rightIssue.id) || (leftIssue.file ?? "").localeCompare(rightIssue.file ?? "") || leftIssue.id.localeCompare(rightIssue.id);
+  });
+}
+function getIssueNumber(issueId) {
+  const match = issueId.match(/-(\d+)$/);
+  return match ? Number.parseInt(match[1], 10) : 0;
+}
+function getSeverityRank(severity) {
+  if (severity === "critical") {
+    return 0;
+  }
+  if (severity === "warning") {
+    return 1;
+  }
+  return 2;
+}
 function getTopPriorities(issues) {
   const priorities = [
     {
@@ -228,6 +550,27 @@ function getTopPriorities(issues) {
     (priority) => issues.some((issue) => priority.ruleIds.includes(issue.ruleId))
   ).slice(0, 3).map((priority) => priority.message);
 }
+function getPromptCommand(issueId, projectPath) {
+  const relativeProjectPath = path.relative(process.cwd(), projectPath);
+  const promptPath = getPromptPath(projectPath, relativeProjectPath);
+  const pathOption = promptPath ? ` --path ${shellQuote(promptPath)}` : "";
+  return `qodfy prompt ${issueId}${pathOption}`;
+}
+function getPromptPath(projectPath, relativeProjectPath) {
+  if (!relativeProjectPath) {
+    return "";
+  }
+  if (!relativeProjectPath.startsWith("..") && !path.isAbsolute(relativeProjectPath)) {
+    return relativeProjectPath;
+  }
+  return projectPath;
+}
+function shellQuote(value) {
+  if (/^[A-Za-z0-9_./:-]+$/.test(value)) {
+    return value;
+  }
+  return `'${value.replaceAll("'", "'\\''")}'`;
+}
 function printScanError(reason) {
   console.error(pc.red("Qodfy could not scan this project."));
   console.error("");
@@ -237,16 +580,28 @@ function printScanError(reason) {
   console.error(pc.bold("Try:"));
   console.error("qodfy scan --path ./my-next-app");
 }
+function printPromptError(reason) {
+  console.error(pc.red("Qodfy could not create this fix prompt."));
+  console.error("");
+  console.error(pc.bold("Reason:"));
+  console.error(reason);
+  console.error("");
+  console.error(pc.bold("Try:"));
+  console.error("qodfy scan --all");
+}
 function getErrorMessage(error) {
   if (error instanceof Error && error.message) {
     return error.message;
   }
   return "An unexpected error occurred while scanning the project.";
 }
+function isPromptCancelError(error) {
+  return error instanceof Error && (error.name === "ExitPromptError" || error.message.includes("User force closed the prompt"));
+}
 function parseMaxIssues(maxIssues) {
   const parsedMaxIssues = Number.parseInt(maxIssues, 10);
   if (!Number.isFinite(parsedMaxIssues) || parsedMaxIssues <= 0) {
-    return 50;
+    return DEFAULT_MAX_ISSUES;
   }
   return parsedMaxIssues;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qodfy",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Open-source launch readiness scanner for AI-built apps.",
   "keywords": [
     "qodfy",
@@ -49,9 +49,10 @@
     "access": "public"
   },
   "dependencies": {
+    "@inquirer/prompts": "^8.4.3",
     "commander": "^14.0.3",
     "picocolors": "^1.1.1",
-    "@qodfy/core": "^0.2.0"
+    "@qodfy/core": "^0.2.2"
   },
   "devDependencies": {
     "@types/node": "^25.7.0",