replen 0.4.1 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,54 +1,76 @@
1
1
  # replen
2
2
 
3
- **Smarter AI Development workflows.** One-command setup for [replen](https://replen.dev) - the AI that asks *"can we do this better?"* on your codebase. Calm cadence: 1-3 actionable matches a month, not a daily feed.
3
+ **Make your AI coding tools aware of the wider OSS ecosystem.** One command, no API keys.
4
4
 
5
5
  ```bash
6
6
  npx replen
7
7
  ```
8
8
 
9
- While your AI coding tool waits for prompts, replen reads your code against the ecosystem and surfaces drop-in libraries, ideas to port, and patterns to learn from. A proactive layer for your AI coding workflow.
9
+ Claude Code, Codex, Cursor already know your code. Replen tells them what else is out there drop-in libraries, ideas worth porting, dead deps to swap. The match decision happens *inside your AI tool's session* on your subscription tokens. Your code stays on your laptop. Replen never sees it.
10
10
 
11
- The single command above:
12
- 1. Opens your browser to sign in / sign up at `app.replen.dev`
11
+ ## What `npx replen` does
12
+
13
+ In 60 seconds, the one-liner:
14
+
15
+ 1. Opens your browser to sign in (Google or GitHub via Firebase)
13
16
  2. Captures the auth back into the terminal (browser-callback flow, like `gh auth login`)
14
- 3. Wires the [@replen/mcp](https://www.npmjs.com/package/@replen/mcp) server into your Claude Code / Codex config
17
+ 3. Scans your local repos under `~/github/`, `~/code/`, `~/projects/` for git repos
18
+ 4. Auto-extracts tags from each (`package.json` deps, `pyproject.toml`, etc.)
19
+ 5. Registers them with Replen as your projects (no GitHub PAT needed)
20
+ 6. Wires the [@replen/mcp](https://www.npmjs.com/package/@replen/mcp) server into your Claude Code / Codex config
21
+ 7. Installs the `/replen-match` skill into `~/.claude/skills/`
22
+ 8. Injects a small "Replen integration" section into each project's `CLAUDE.md` + `AGENTS.md`
23
+
24
+ **What you do not provide:**
25
+ - ❌ OpenAI / Anthropic API key — your AI tool's subscription handles all reasoning
26
+ - ❌ GitHub PAT — optional, only if you want server-side handoff PRs later
27
+ - ❌ Per-project setup — auto-discovered from your local filesystem
15
28
 
16
- Same flow that `claude` itself uses for auth.
29
+ Open Claude Code (or Codex) in any of your tracked repos and start working normally. When Replen has matches, your AI tool mentions them after answering your first message. Silent on quiet days.
17
30
 
18
31
  ## Subcommands
19
32
 
20
33
  ```bash
21
- npx replen # sign in + setup
22
- npx replen status # show current config
23
- npx replen mcp setup # re-wire MCP using saved auth
24
- npx replen logout # forget saved auth (token stays valid; rotate on /settings to revoke)
34
+ npx replen # sign in + setup (the one-liner above)
35
+ npx replen status # show current config
36
+ npx replen sync-projects # re-scan local repos for new GitHub remotes;
37
+ # run after cloning a new repo
38
+ npx replen inject [-y] # re-inject the "Replen integration" section
39
+ # into every CLAUDE.md + AGENTS.md
40
+ npx replen mcp setup # re-wire MCP using saved auth
41
+ npx replen logout # forget saved auth (rotate on /settings to revoke)
25
42
  ```
26
43
 
27
44
  ## Plain-shell usage (no Claude Code / Codex needed)
28
45
 
29
46
  ```bash
30
- npx replen run # trigger a pipeline run
31
- npx replen progress # tail the run live; exits when done
32
- npx replen check-new # one-shot: any new actionable matches since
33
- # you last engaged? (also runs automatically
34
- # at every Claude Code session start)
47
+ npx replen check-new # one-shot: any new matches since you last
48
+ # engaged? (used by the SessionStart hook)
35
49
  npx replen feed # show recent matches (default 2 days)
36
50
  npx replen watch # keep a terminal open — rings the bell when
37
51
  # a new match lands. Default poll 5min.
38
52
  npx replen search <query> # full-text search past matches
39
53
  npx replen starred # starred matches + handoff PR status
40
54
  npx replen handoff <matchId> # open the handoff PR for a starred match
55
+ npx replen run # trigger a fresh pipeline run (hosted-tier only)
56
+ npx replen progress # tail the run live; exits when done
41
57
  ```
42
58
 
43
- `watch` is the calm-utility companion: leave it running in a `tmux` pane and forget about it. The first poll establishes a baseline; existing matches don't ring.
59
+ Every data command accepts `--json` for scripting.
44
60
 
45
- `check-new` is wired into Claude Code automatically by `npx replen` setup — it installs a SessionStart hook that runs `npx replen check-new --hook` whenever you open Claude Code. The hook is silent unless there's something new since you last engaged (across dashboard, email, or a prior session); when there is, the new matches show up in the agent's opening context without you having to ask. Calm-cadence by design.
61
+ ## How matches surface in Claude Code / Codex
46
62
 
47
- Every data command accepts `--json` for scripting.
63
+ Three layers, defence-in-depth at least one will fire:
64
+
65
+ 1. **SessionStart hook** runs `npx replen check-new --hook` at the start of every Claude Code session. If there's anything new, the JSON output appears in the agent's opening context.
66
+ 2. **MCP tool** `replen_check_new` is exposed to the agent at all times. The instructions in `CLAUDE.md` tell it to call this tool early in each session.
67
+ 3. **CLAUDE.md / AGENTS.md instruction** (idempotent, marker-versioned) is injected into every tracked repo on setup. This is the most reliable layer — survives Claude Code version churn.
68
+
69
+ Calm-cadence by design: most days are silent. 1-3 actionable matches a month per project.
48
70
 
49
71
  ## Self-host
50
72
 
51
- Pointing at your own replen instance:
73
+ Pointing at your own Replen instance:
52
74
 
53
75
  ```bash
54
76
  REPLEN_BASE=https://replen.mydomain.dev npx replen
@@ -64,7 +86,7 @@ REPLEN_BASE=https://replen.mydomain.dev npx replen
64
86
  6. CLI validates state, saves the token to `~/.replen/config.json` (mode 0600)
65
87
  7. CLI continues and writes the MCP config into `~/.claude.json`
66
88
 
67
- The token never transits anything other than your browser ↔ localhost ↔ disk. The replen backend only sees it on subsequent MCP / API requests.
89
+ The token never transits anything other than your browser ↔ localhost ↔ disk. The Replen backend only sees it on subsequent MCP / API requests.
68
90
 
69
91
  ## Revoke
70
92
 
package/dist/commands.js CHANGED
@@ -254,6 +254,31 @@ export async function runCheckNew(argv) {
254
254
  // correct response (calm-cadence principle).
255
255
  const scope = r.scopedTo ? ` for ${r.scopedTo}` : "";
256
256
  console.log(`No new actionable matches${scope} since you last engaged.`);
257
+ return;
258
+ }
259
+ // Hook mode + hasNew=false: fall back to inventory state. check-new
260
+ // is cursor-based and goes silent the moment ANY prior call (including
261
+ // our own validation probes or a previous session) bumped the cursor
262
+ // past existing matches. That's right behaviour for "did anything
263
+ // change?", wrong for "should I tell the agent there's a queue worth
264
+ // surfacing?" — the user might never have seen these candidates.
265
+ //
266
+ // Resolve the cwd's GitHub remote, query the inventory scoped to it,
267
+ // and print a one-line status if anything's there. Output goes
268
+ // verbatim into the agent's opening context via Claude Code's
269
+ // SessionStart-hook stdout injection.
270
+ const cwdRepo = await detectCwdRepo();
271
+ if (!cwdRepo)
272
+ return; // not in a git repo, or no GitHub remote — silent
273
+ try {
274
+ const inv = await fetchInventoryStatus(cfg, cwdRepo);
275
+ if (inv && inv.count > 0) {
276
+ const top = inv.topRepo ? ` Top: ${inv.topRepo}${inv.topSimilarity ? ` (~${inv.topSimilarity}% match)` : ""}.` : "";
277
+ console.log(`Replen has ${inv.count} candidate${inv.count === 1 ? "" : "s"} queued for ${cwdRepo}.${top} Run /replen-match for full triage.`);
278
+ }
279
+ }
280
+ catch {
281
+ // Inventory query failed — silent, never disrupt a session.
257
282
  }
258
283
  return;
259
284
  }
@@ -408,3 +433,61 @@ function handleApiError(e) {
408
433
  function sleep(ms) {
409
434
  return new Promise((r) => setTimeout(r, ms));
410
435
  }
436
+ // Resolve the cwd's git origin remote into a GitHub owner/name, if the
437
+ // remote is a GitHub URL (HTTPS, standard SSH, or a multi-account SSH
438
+ // alias like github-personal). Returns null if not in a git repo or the
439
+ // remote isn't GitHub. Used by the SessionStart hook to scope inventory
440
+ // queries to the project the user just opened Claude Code in.
441
+ async function detectCwdRepo() {
442
+ try {
443
+ const { execSync } = await import("node:child_process");
444
+ const url = execSync("git remote get-url origin", {
445
+ stdio: ["ignore", "pipe", "ignore"],
446
+ encoding: "utf8",
447
+ timeout: 1500,
448
+ }).trim();
449
+ const m = url.match(/(?:github\.com|github-[a-z0-9_-]+)[:/]([^/]+)\/([^/?#]+?)(?:\.git)?$/i);
450
+ if (!m)
451
+ return null;
452
+ return `${m[1]}/${m[2]}`;
453
+ }
454
+ catch {
455
+ return null;
456
+ }
457
+ }
458
+ async function fetchInventoryStatus(cfg, repo) {
459
+ // Hook mode is on the session-open critical path; cap latency hard.
460
+ const ctrl = new AbortController();
461
+ const timer = setTimeout(() => ctrl.abort(), 3000);
462
+ try {
463
+ const url = new URL(cfg.base + "/api/inventory/today");
464
+ url.searchParams.set("repo", repo);
465
+ url.searchParams.set("limit", "5");
466
+ url.searchParams.set("days", "14");
467
+ const res = await fetch(url, {
468
+ headers: { "x-digest-token": cfg.token, accept: "application/json" },
469
+ signal: ctrl.signal,
470
+ });
471
+ if (!res.ok)
472
+ return null;
473
+ const data = (await res.json());
474
+ const cands = data.candidates ?? [];
475
+ if (cands.length === 0)
476
+ return null;
477
+ const top = cands[0];
478
+ // Pull the cosine % out of whyShortlisted if present
479
+ // (format: "...; semantic similarity: 58%").
480
+ const simMatch = top.whyShortlisted?.match(/semantic similarity:\s*(\d+)%/);
481
+ return {
482
+ count: cands.length,
483
+ topRepo: top.repo ?? null,
484
+ topSimilarity: simMatch ? Number(simMatch[1]) : null,
485
+ };
486
+ }
487
+ catch {
488
+ return null;
489
+ }
490
+ finally {
491
+ clearTimeout(timer);
492
+ }
493
+ }
@@ -0,0 +1,391 @@
1
+ // Local-filesystem project discovery for day-1 onboarding.
2
+ //
3
+ // Recursively walks a list of root dirs (provided by discover-roots.ts),
4
+ // finds every git repo, and for each one extracts:
5
+ // - The repo's `owner/name` from `git remote get-url origin`
6
+ // - A slug derived from the GITHUB repo name (so a local folder named
7
+ // "drone" whose remote is acme/aegis registers with slug "aegis",
8
+ // matching what shows on GitHub). Falls back to dirname for repos
9
+ // without a GitHub remote.
10
+ // - A name (from package.json's `name` field if present, else slug)
11
+ // - Auto-suggested tags from the project's manifests
12
+ // - The primary language (best-effort, from manifest type)
13
+ //
14
+ // Output is shaped for POST /api/projects/bulk on the server. No
15
+ // network or LLM calls — pure local filesystem.
16
+ //
17
+ // Why local-FS instead of asking GitHub via PAT: the whole pitch is
18
+ // "no API keys to share with us." Auto-detect via GitHub API requires
19
+ // a PAT; auto-detect via local git remotes requires nothing the user
20
+ // doesn't already have. PAT becomes optional, only needed if/when the
21
+ // user wants server-side handoff PRs.
22
+ import { readFileSync, readdirSync, existsSync, statSync } from "node:fs";
23
+ import { execSync } from "node:child_process";
24
+ import { join, basename } from "node:path";
25
+ // Hard maximum directory depth to walk from each root. depth=0 is the
26
+ // root itself, depth=1 its immediate children, etc. 4 covers the
27
+ // "workspace dir with sibling repos" pattern (e.g. ~/projects/drone/
28
+ // containing ~/projects/drone/flight-controller/.git, where the
29
+ // flight-controller dir is at depth 2 from ~/projects).
30
+ const MAX_DEPTH = 4;
31
+ // Directory names to skip outright during the walk. Mix of: build
32
+ // artifacts that pollute repo-counting, package caches that can be
33
+ // huge, and macOS / Linux home subdirs that never contain user code.
34
+ const EXCLUDE_NAMES = new Set([
35
+ "node_modules",
36
+ ".next",
37
+ "dist",
38
+ "build",
39
+ "target",
40
+ "vendor",
41
+ ".cache",
42
+ ".npm",
43
+ ".yarn",
44
+ ".pnpm-store",
45
+ ".turbo",
46
+ ".terraform",
47
+ ".venv",
48
+ "venv",
49
+ "__pycache__",
50
+ // macOS system / media dirs
51
+ "Library",
52
+ "Applications",
53
+ "System",
54
+ "Pictures",
55
+ "Movies",
56
+ "Music",
57
+ "Downloads",
58
+ "Public",
59
+ "Desktop",
60
+ // Linux equivalents
61
+ ".local",
62
+ ".config",
63
+ "snap",
64
+ ]);
65
+ // Manifest-derived tag mappings. Each pattern matches a dep name (or
66
+ // a substring) and yields one or more tags. Ordered by specificity:
67
+ // more-specific patterns first so e.g. "next" doesn't accidentally
68
+ // tag a "next-auth-only" project as "next.js".
69
+ const DEP_TO_TAGS = [
70
+ // Frontend frameworks (Node)
71
+ { match: /^next$/, tags: ["next.js"] },
72
+ { match: /^react$/, tags: ["react"] },
73
+ { match: /^vue$/, tags: ["vue"] },
74
+ { match: /^svelte$/, tags: ["svelte"] },
75
+ { match: /^solid-js$/, tags: ["solid"] },
76
+ { match: /^astro$/, tags: ["astro"] },
77
+ { match: /^remix-run\//, tags: ["remix"] },
78
+ // Backend / runtime
79
+ { match: /^express$/, tags: ["express"] },
80
+ { match: /^fastify$/, tags: ["fastify"] },
81
+ { match: /^hono$/, tags: ["hono"] },
82
+ { match: /^nestjs\//, tags: ["nestjs"] },
83
+ // Database / ORM
84
+ { match: /^prisma$/, tags: ["prisma"] },
85
+ { match: /^@prisma\/client$/, tags: ["prisma"] },
86
+ { match: /^drizzle-orm/, tags: ["drizzle"] },
87
+ { match: /^kysely$/, tags: ["kysely"] },
88
+ { match: /^typeorm$/, tags: ["typeorm"] },
89
+ { match: /^mongoose$/, tags: ["mongoose"] },
90
+ { match: /postgres|pg$/, tags: ["postgres"] },
91
+ { match: /^mysql/, tags: ["mysql"] },
92
+ { match: /^redis|^ioredis$/, tags: ["redis"] },
93
+ // Queue / async
94
+ { match: /^bullmq$/, tags: ["bullmq", "queue"] },
95
+ { match: /^bee-queue$/, tags: ["bee-queue", "queue"] },
96
+ { match: /^node-cron$/, tags: ["cron"] },
97
+ // LLM / AI
98
+ { match: /^openai$/, tags: ["openai"] },
99
+ { match: /^@anthropic-ai\//, tags: ["anthropic"] },
100
+ { match: /^langchain/, tags: ["langchain"] },
101
+ // Auth
102
+ { match: /^next-auth$/, tags: ["next-auth"] },
103
+ { match: /^@auth\//, tags: ["next-auth"] },
104
+ { match: /firebase/, tags: ["firebase"] },
105
+ // Cloud / hosting
106
+ { match: /^@aws-sdk\//, tags: ["aws"] },
107
+ { match: /^@vercel\//, tags: ["vercel"] },
108
+ { match: /^@cloudflare\//, tags: ["cloudflare"] },
109
+ // Web3
110
+ { match: /^viem$/, tags: ["viem", "web3"] },
111
+ { match: /^ethers$/, tags: ["ethers", "web3"] },
112
+ { match: /^wagmi$/, tags: ["wagmi", "web3"] },
113
+ { match: /^@matterlabs\//, tags: ["zksync"] },
114
+ // Image / media
115
+ { match: /^sharp$/, tags: ["images"] },
116
+ { match: /^@napi-rs\/canvas$/, tags: ["canvas", "images"] },
117
+ { match: /ffmpeg/, tags: ["ffmpeg"] },
118
+ // Python (matches go through the same loop on requirements.txt)
119
+ { match: /^torch$/, tags: ["pytorch"] },
120
+ { match: /^tensorflow$/, tags: ["tensorflow"] },
121
+ { match: /^fastapi$/, tags: ["fastapi"] },
122
+ { match: /^flask$/, tags: ["flask"] },
123
+ { match: /^django$/, tags: ["django"] },
124
+ { match: /^segmentation-models-pytorch$/, tags: ["pytorch", "segmentation"] },
125
+ { match: /^albumentations$/, tags: ["augmentation"] },
126
+ { match: /^scikit-learn$/, tags: ["ml"] },
127
+ ];
128
+ /**
129
+ * Walk the given roots recursively (depth-capped, excluded dirs skipped)
130
+ * and return every git repo found, partitioned by whether it has a
131
+ * GitHub origin remote. Repos without a GitHub remote are counted but
132
+ * not registered — they're surfaced to the user as transparency rather
133
+ * than silently dropped.
134
+ *
135
+ * Deduplicates by absolute `localPath` (so overlapping roots like
136
+ * `~/projects` and `~/projects/drone` don't double-register the inner
137
+ * repos) and by `githubFullName` (so cloning the same repo to two
138
+ * paths doesn't create two project rows).
139
+ *
140
+ * Slug = the local directory basename (normalised). When two repos in
141
+ * the discovery result would share a slug (e.g. `flight-controller`
142
+ * under both `~/projects/drone/` and `~/work/sandbox/`), the second+
143
+ * gets `-<owner>` appended to disambiguate. Keeps slugs short for the
144
+ * common case while preventing server-side `uniq_profile_user_slug`
145
+ * collisions.
146
+ *
147
+ * Identity is `githubFullName` on the server side; slug is just the
148
+ * URL-safe display label. So a local `~/projects/drone/` whose remote
149
+ * is `acme/aegis` keeps slug `drone` (matching how you think of it
150
+ * locally) while still registering correctly against `acme/aegis` on
151
+ * the dashboard.
152
+ */
153
+ export function discoverProjects(roots) {
154
+ const seenPaths = new Set();
155
+ const seenGithub = new Set();
156
+ const projects = [];
157
+ let nonGithubSkipped = 0;
158
+ const scannedRoots = Array.from(new Set(roots.filter(existsAndIsDir)));
159
+ for (const root of scannedRoots) {
160
+ for (const repoPath of walkForGitRepos(root, 0)) {
161
+ if (seenPaths.has(repoPath))
162
+ continue;
163
+ seenPaths.add(repoPath);
164
+ const githubFullName = readGitRemote(repoPath);
165
+ const dirName = basename(repoPath);
166
+ if (!githubFullName) {
167
+ nonGithubSkipped++;
168
+ continue;
169
+ }
170
+ if (seenGithub.has(githubFullName))
171
+ continue;
172
+ seenGithub.add(githubFullName);
173
+ const { name, tags, primaryLanguage } = extractMetadata(repoPath, dirName);
174
+ projects.push({
175
+ localPath: repoPath,
176
+ slug: normaliseSlug(dirName),
177
+ name,
178
+ githubFullName,
179
+ tags,
180
+ primaryLanguage,
181
+ });
182
+ }
183
+ }
184
+ // In-discovery slug disambiguation. Same-name dirs under different
185
+ // parents (e.g. `~/projects/drone/flight-controller` +
186
+ // `~/work/flight-controller`) would otherwise collide on the server's
187
+ // `uniq_profile_user_slug` index. Suffix the second+ occurrence with
188
+ // the GitHub owner so it remains unique per user.
189
+ disambiguateSlugs(projects);
190
+ return { projects, nonGithubSkipped, scannedRoots };
191
+ }
192
+ function disambiguateSlugs(projects) {
193
+ const counts = new Map();
194
+ for (const p of projects)
195
+ counts.set(p.slug, (counts.get(p.slug) ?? 0) + 1);
196
+ const used = new Set();
197
+ for (const p of projects) {
198
+ if ((counts.get(p.slug) ?? 0) <= 1 && !used.has(p.slug)) {
199
+ used.add(p.slug);
200
+ continue;
201
+ }
202
+ const owner = (p.githubFullName ?? "").split("/")[0] ?? "";
203
+ let candidate = normaliseSlug(`${p.slug}-${owner}`);
204
+ let n = 2;
205
+ while (used.has(candidate)) {
206
+ candidate = normaliseSlug(`${p.slug}-${owner}-${n++}`);
207
+ }
208
+ p.slug = candidate;
209
+ used.add(candidate);
210
+ }
211
+ }
212
+ /**
213
+ * Generator: yields the absolute path of every git repo found under
214
+ * `dir`, up to `MAX_DEPTH`. Stops recursing into a directory once a
215
+ * `.git/` is found there (treats it as a repo boundary — submodules
216
+ * and nested-clone edge cases aren't worth complicating the walker).
217
+ */
218
+ function* walkForGitRepos(dir, depth) {
219
+ if (depth > MAX_DEPTH)
220
+ return;
221
+ let entries;
222
+ try {
223
+ entries = readdirSync(dir, { withFileTypes: true });
224
+ }
225
+ catch {
226
+ return;
227
+ }
228
+ // Is this dir itself a repo? Yield + stop recursing.
229
+ if (entries.some((e) => e.name === ".git" && (e.isDirectory() || e.isSymbolicLink()))) {
230
+ yield dir;
231
+ return;
232
+ }
233
+ for (const entry of entries) {
234
+ if (!entry.isDirectory() && !entry.isSymbolicLink())
235
+ continue;
236
+ if (entry.name.startsWith("."))
237
+ continue;
238
+ if (EXCLUDE_NAMES.has(entry.name))
239
+ continue;
240
+ yield* walkForGitRepos(join(dir, entry.name), depth + 1);
241
+ }
242
+ }
243
+ function existsAndIsDir(p) {
244
+ try {
245
+ return statSync(p).isDirectory();
246
+ }
247
+ catch {
248
+ return false;
249
+ }
250
+ }
251
+ function normaliseSlug(name) {
252
+ return name
253
+ .toLowerCase()
254
+ .replace(/[^a-z0-9_-]/g, "-")
255
+ .replace(/^-+|-+$/g, "")
256
+ .slice(0, 80) || "project";
257
+ }
258
+ // Run `git remote get-url origin` in the repo. Returns owner/name on
259
+ // success, null otherwise. Tolerates non-GitHub remotes (returns null
260
+ // so the repo is skipped).
261
+ function readGitRemote(repoPath) {
262
+ let url;
263
+ try {
264
+ url = execSync("git remote get-url origin", {
265
+ cwd: repoPath,
266
+ stdio: ["ignore", "pipe", "ignore"],
267
+ encoding: "utf8",
268
+ timeout: 3000,
269
+ }).trim();
270
+ }
271
+ catch {
272
+ return null;
273
+ }
274
+ // Match three URL shapes that all resolve to GitHub:
275
+ // 1. HTTPS: https://github.com/owner/name[.git]
276
+ // 2. Standard SSH: git@github.com:owner/name[.git]
277
+ // 3. SSH config alias for github: git@github-<alias>:owner/name[.git]
278
+ // Case (3) is a common multi-account-GitHub pattern (one ssh alias
279
+ // per identity, e.g. `github-personal`, `github-work`); the host
280
+ // portion is opaque to git, the ssh layer resolves it to github.com.
281
+ // Without this branch, those repos register as "non-GitHub" and get
282
+ // silently skipped — a confusing failure mode for users with that
283
+ // convention. Owner/name parsing is identical across all three shapes.
284
+ const m = url.match(/(?:github\.com|github-[a-z0-9_-]+)[:/]([^/]+)\/([^/?#]+?)(?:\.git)?$/i);
285
+ if (!m)
286
+ return null;
287
+ return `${m[1]}/${m[2]}`;
288
+ }
289
+ function extractMetadata(repoPath, fallbackName) {
290
+ const tags = new Set();
291
+ let name = fallbackName;
292
+ let primaryLanguage = null;
293
+ // Node: package.json
294
+ const pkgPath = join(repoPath, "package.json");
295
+ if (existsSync(pkgPath)) {
296
+ primaryLanguage = "TypeScript"; // updated below if no TS detected
297
+ try {
298
+ const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
299
+ if (typeof pkg.name === "string" && pkg.name.length > 0)
300
+ name = pkg.name;
301
+ if (Array.isArray(pkg.keywords)) {
302
+ for (const k of pkg.keywords) {
303
+ if (typeof k === "string" && k.length > 0 && k.length <= 40) {
304
+ tags.add(k.toLowerCase());
305
+ }
306
+ }
307
+ }
308
+ const deps = { ...(pkg.dependencies ?? {}), ...(pkg.devDependencies ?? {}) };
309
+ // Detect TS vs JS from presence of typescript in deps.
310
+ if (deps["typescript"] !== undefined) {
311
+ tags.add("typescript");
312
+ primaryLanguage = "TypeScript";
313
+ }
314
+ else {
315
+ // Look for *.ts files at top level to decide TS vs JS.
316
+ try {
317
+ const top = readdirSync(repoPath);
318
+ if (top.some((f) => f.endsWith(".ts") || f.endsWith(".tsx"))) {
319
+ tags.add("typescript");
320
+ primaryLanguage = "TypeScript";
321
+ }
322
+ else {
323
+ tags.add("javascript");
324
+ primaryLanguage = "JavaScript";
325
+ }
326
+ }
327
+ catch { /* ignore */ }
328
+ }
329
+ // Match deps against the tag mapping.
330
+ for (const depName of Object.keys(deps)) {
331
+ for (const { match, tags: ts } of DEP_TO_TAGS) {
332
+ if (match.test(depName)) {
333
+ for (const t of ts)
334
+ tags.add(t);
335
+ }
336
+ }
337
+ }
338
+ }
339
+ catch { /* malformed package.json — skip */ }
340
+ }
341
+ // Python: pyproject.toml / requirements.txt
342
+ const pyprojectPath = join(repoPath, "pyproject.toml");
343
+ const requirementsPath = join(repoPath, "requirements.txt");
344
+ if (existsSync(pyprojectPath) || existsSync(requirementsPath)) {
345
+ primaryLanguage = "Python";
346
+ tags.add("python");
347
+ const text = [pyprojectPath, requirementsPath]
348
+ .filter((p) => existsSync(p))
349
+ .map((p) => { try {
350
+ return readFileSync(p, "utf8");
351
+ }
352
+ catch {
353
+ return "";
354
+ } })
355
+ .join("\n");
356
+ // Pull dep names from "<name>>=<ver>" / "<name>==<ver>" / quoted strings.
357
+ const depMatches = text.matchAll(/^\s*["']?([a-zA-Z0-9][\w.-]*)["']?\s*[><=!~]/gm);
358
+ for (const dm of depMatches) {
359
+ const depName = dm[1].toLowerCase();
360
+ for (const { match, tags: ts } of DEP_TO_TAGS) {
361
+ if (match.test(depName)) {
362
+ for (const t of ts)
363
+ tags.add(t);
364
+ }
365
+ }
366
+ }
367
+ }
368
+ // Rust: Cargo.toml
369
+ if (existsSync(join(repoPath, "Cargo.toml"))) {
370
+ primaryLanguage = primaryLanguage ?? "Rust";
371
+ tags.add("rust");
372
+ }
373
+ // Go: go.mod
374
+ if (existsSync(join(repoPath, "go.mod"))) {
375
+ primaryLanguage = primaryLanguage ?? "Go";
376
+ tags.add("go");
377
+ }
378
+ // Solidity (web3 contracts under hardhat/foundry)
379
+ if (existsSync(join(repoPath, "hardhat.config.js")) ||
380
+ existsSync(join(repoPath, "hardhat.config.ts")) ||
381
+ existsSync(join(repoPath, "foundry.toml"))) {
382
+ tags.add("solidity");
383
+ tags.add("web3");
384
+ }
385
+ // Cap total tags so a kitchen-sink monorepo doesn't blow up the row.
386
+ return {
387
+ name,
388
+ tags: Array.from(tags).slice(0, 25),
389
+ primaryLanguage,
390
+ };
391
+ }