vibe-splain 3.3.0 → 3.4.0

package/dist/export/renderers/ValidationRenderer.d.ts

@@ -2,5 +2,5 @@ import type { DossierViewModel, AnalysisStore } from '@vibe-splain/brain';
 import type { Renderer } from './Renderer.js';
 import type { Artifact } from '../ArtifactBundleWriter.js';
 export declare class ValidationRenderer implements Renderer {
-    render(viewModel: DossierViewModel, _store: AnalysisStore): Artifact[];
+    render(viewModel: DossierViewModel, store: AnalysisStore): Artifact[];
 }

package/dist/export/renderers/ValidationRenderer.js

@@ -1,12 +1,13 @@
 export class ValidationRenderer {
-    render(viewModel, _store) {
-        if (!viewModel.map.validation)
+    render(viewModel, store) {
+        const report = store.validationReport || viewModel.map.validation;
+        if (!report)
             return [];
         return [
             {
                 type: 'validation',
                 path: 'validation_report.json',
-                content: JSON.stringify(viewModel.map.validation, null, 2),
+                content: JSON.stringify(report, null, 2),
             }
         ];
     }

package/dist/index.js

@@ -1043,7 +1043,17 @@ function analyzeAst(source, lang, tree) {
   for (const fn of fnNodes) {
     const bodyLOC = nodeLOC(fn);
     const decisions = countDecisions(fn);
-    scored.push({ node: fn, decisions, bodyLOC, score: decisions + bodyLOC });
+    let score = decisions + bodyLOC;
+    const text = fn.text;
+    if (lang === "typescript" || lang === "tsx" || lang === "javascript") {
+      if (/stripe|webhook|payload|signature|event/i.test(text) && /switch|case|if/i.test(text)) {
+        score += 25;
+      }
+      if (text.includes("prisma") && (text.includes("create") || text.includes("update"))) {
+        score += 10;
+      }
+    }
+    scored.push({ node: fn, decisions, bodyLOC, score });
     if (bodyLOC > LONG_FN_LOC) {
       longFunctions++;
       smells.push({
@@ -1073,7 +1083,7 @@ function analyzeAst(source, lang, tree) {
     });
   }
   scored.sort((a, b) => b.score - a.score);
-  const hotSpans = scored.slice(0, 3).filter((s) => s.bodyLOC >= 4).map((s) => {
+  const hotSpans = scored.slice(0, 3).filter((s) => s.bodyLOC >= 2).map((s) => {
     const rawExcerpt = source.split("\n").slice(s.node.startPosition.row, s.node.endPosition.row + 1).join("\n");
     const snippet = stripLeadingComments(rawExcerpt).slice(0, 2e3);
     return {
@@ -1517,9 +1527,9 @@ function inferSideEffectProfile(source, importSpecs, productDomain, frameworkRol
   }
   if (/createBooking|handleNewBooking|cancelBooking|rescheduleBooking|handleBooking|createRecurring/.test(source) || productDomain === "booking_creation" && /useMutation\b|\.mutate\b|\.mutateAsync\b/.test(source))
     effects.add("booking_mutation");
-  if (/stripe\.webhooks\.(constructEvent|constructEventAsync)|webhookSecret|validateWebhook|verifyWebhook|verifySignature/.test(source) || productDomain === "payments_webhooks" && frameworkRole === "pages_api_route")
+  if (/stripe\.webhooks\.(constructEvent|constructEventAsync)|webhookSecret|validateWebhook|verifyWebhook|verifySignature|svix|signature|req\.body|req\.rawBody/.test(source) || productDomain === "payments_webhooks" && frameworkRole === "pages_api_route")
     effects.add("webhook_ingress");
-  if (importSpecs.some((s) => /stripe|paypal|btcpay|alby/.test(s.toLowerCase())) || /stripe\.|paymentIntent|createPaymentIntent|confirmPayment|createCharge/.test(source) || productDomain === "payments_webhooks" && effects.has("webhook_ingress"))
+  if (importSpecs.some((s) => /stripe|paypal|btcpay|alby/.test(s.toLowerCase())) || /stripe\.|paymentIntent|createPaymentIntent|confirmPayment|createCharge/.test(source) || productDomain === "payments_webhooks" && (effects.has("webhook_ingress") || source.includes("webhook")))
     effects.add("payment_mutation");
   if (/signIn\b|signOut\b|createSession|destroySession|issueToken|refreshToken|getToken/.test(source)) {
     effects.add("auth_token_mutation");
@@ -1634,19 +1644,17 @@ function findRuntimeEntrypoints(relPath, importedByMap, persisted, maxDepth = 8)
     if (seen.has(current.path))
       continue;
     seen.add(current.path);
-    if (current.path !== relPath) {
-      const meta = persisted.get(current.path);
-      if (meta && ENTRYPOINT_ROLES.has(meta.frameworkRole)) {
-        results.push({
-          path: current.path,
-          frameworkRole: meta.frameworkRole,
-          productDomain: meta.productDomain,
-          distance: current.depth
-        });
-        if (results.length >= 8)
-          break;
-        continue;
-      }
+    const meta = persisted.get(current.path);
+    if (meta && ENTRYPOINT_ROLES.has(meta.frameworkRole)) {
+      results.push({
+        path: current.path,
+        frameworkRole: meta.frameworkRole,
+        productDomain: meta.productDomain,
+        distance: current.depth
+      });
+      if (results.length >= 8)
+        break;
+      continue;
     }
     if (current.depth >= maxDepth)
       continue;
@@ -2824,17 +2832,19 @@ async function runScoring(projectRoot, cr, binding) {
       hotSpans: f.hotSpans,
       riskTypes: f.riskTypes,
       writeIntents: f.writeIntents,
+      runtimeEntrypoints: f.runtimeEntrypoints,
+      entrypointTraceStatus: f.entrypointTraceStatus,
       canonicalSeverity: severity,
       canonicalLoadBearing: f.isLoadBearing,
       // STRICT: fanIn >= 10
       isOperationallyCritical: f.isOperationallyCritical,
-      confidence
+      confidence,
+      source: f.source
     };
     applyCorrections(pf);
     persisted[f.rel] = pf;
     severityBreakdowns[f.rel] = `severity=${pf.canonicalSeverity} loadBearing=${pf.canonicalLoadBearing} effects=${pf.sideEffectProfile.join(",")} domain=${pf.productDomain}`;
   }
-  const store = { files: persisted };
   const deltaTargets = Object.values(persisted).filter((pf) => pf.isRealSource).sort((a, b) => b.gravity - a.gravity).map((pf) => ({
     path: pf.relativePath,
     gravity: Math.round(pf.gravity),
@@ -2843,7 +2853,9 @@ async function runScoring(projectRoot, cr, binding) {
     blastRadius: pf.importedBy,
     pillarHint: pf.pillarHint
   }));
+  const store = { files: persisted };
   const validationReport = await buildValidationReport(store, deltaTargets, projectRoot, cr);
+  store.validationReport = validationReport;
   for (const e of validationReport.errors) {
     console.error(`[vibe-splain] VALIDATION ERROR [${e.rule}] ${e.file}: ${e.detail}`);
   }
@@ -2884,7 +2896,7 @@ async function buildValidationReport(store, deltaTargets, projectRoot, cr) {
       });
       continue;
     }
-    if (pf.productDomain === "booking_creation" && classified?.entrypointTraceStatus === "no_runtime_entrypoint_found" && pf.importsUnresolved.length === 0) {
+    if (pf.productDomain === "booking_creation" && classified?.entrypointTraceStatus === "no_runtime_entrypoint_found" && pf.importsUnresolved.length === 0 && !["app_route_layout", "app_loading_boundary", "app_error_boundary"].includes(pf.frameworkRole) && (pf.sideEffectProfile.includes("booking_mutation") || pf.source.includes("createBooking") || pf.source.includes("handleNewBooking"))) {
       errors.push({
         file: pf.relativePath,
         rule: "booking_creation_no_entrypoint_no_blockers",
@@ -2892,7 +2904,7 @@ async function buildValidationReport(store, deltaTargets, projectRoot, cr) {
       });
       continue;
     }
-    if (pf.canonicalSeverity >= 4 && pf.hotSpans.length === 0) {
+    if (pf.canonicalSeverity >= 4 && pf.hotSpans.length === 0 && !pf.source.includes("export {") && pf.gravitySignals.loc > 5) {
       errors.push({
         file: pf.relativePath,
         rule: "high_severity_no_evidence",
@@ -2922,9 +2934,9 @@ async function buildValidationReport(store, deltaTargets, projectRoot, cr) {
     if (!pf.isRealSource)
       continue;
     const hasIntent = pf.writeIntents.includes("handle_payment_webhook");
-    const hasEffects = pf.sideEffectProfile.includes("webhook_ingress") || pf.sideEffectProfile.includes("payment_mutation");
+    const hasWebhookIngress = pf.sideEffectProfile.includes("webhook_ingress");
     const pathMentionsPayment = PAYMENT_PROVIDER_PATH_TERMS.some((t) => rel.toLowerCase().includes(t));
-    if (!hasIntent && !(hasEffects && pathMentionsPayment))
+    if (!hasIntent && !(hasWebhookIngress && pathMentionsPayment && pf.frameworkRole !== "component"))
       continue;
     const webhookChecks = [
       [
@@ -3023,7 +3035,8 @@ async function runPipeline(projectRoot) {
       errors: scoring.validationReport.summary.errorCount,
       warnings: scoring.validationReport.summary.warningCount,
       reportPath: ".vibe-splainer/validation_report.json"
-    }
+    },
+    fullValidationReport: scoring.validationReport
   };
 }
 
@@ -3605,14 +3618,15 @@ ${viewModel.map.brief}
 
 // dist/export/renderers/ValidationRenderer.js
 var ValidationRenderer = class {
-  render(viewModel, _store) {
-    if (!viewModel.map.validation)
+  render(viewModel, store) {
+    const report = store.validationReport || viewModel.map.validation;
+    if (!report)
       return [];
     return [
       {
         type: "validation",
         path: "validation_report.json",
-        content: JSON.stringify(viewModel.map.validation, null, 2)
+        content: JSON.stringify(report, null, 2)
       }
     ];
   }
@@ -4394,7 +4408,7 @@ async function handleScanProject(args, options = {}) {
     message: statusMsg,
     scanId,
     manifestPointer,
-    validation: {
+    validation: result.fullValidationReport || {
       passed: validation.passed,
       errors: validation.errors,
       warnings: validation.warnings,
@@ -7960,7 +7974,7 @@ async function importBundleCommand(tarballPath, opts = {}) {
 
 // dist/index.js
 var program = new Command();
-program.name("vibe-splain").description("Architectural dossier engine for vibe-coded projects").version("3.2.0");
+program.name("vibe-splain").description("Architectural dossier engine for vibe-coded projects").version("3.4.0");
 program.command("install").description("Patch coding agent MCP config files to register vibe-splain").action(installCommand);
 program.command("serve").description("Start the MCP server (called by the coding agent, not by you)").option("--format <format>", "Export format (html, markdown, etc.)").option("--budget <budget>", "Token budget for markdown").option("--scope <scope>", "Scope for export").action((options) => serveCommand(options));
 program.command("export [projectRoot]").description("Manually trigger bundle generation").option("--format <format>", "Export format (html, markdown, etc.)").option("--budget <budget>", "Token budget for markdown").option("--scope <scope>", "Scope for export").action(exportCommand);

package/dist/mcp/tools/scan_project.js

@@ -67,7 +67,7 @@ export async function handleScanProject(args, options = {}) {
         message: statusMsg,
         scanId,
         manifestPointer,
-        validation: {
+        validation: result.fullValidationReport || {
             passed: validation.passed,
             errors: validation.errors,
             warnings: validation.warnings,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibe-splain",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "description": "Architectural mapping and behavioral call-chain engine. Built on a language-agnostic foundation with specialized optimization for TypeScript/JavaScript projects.",
   "type": "module",
   "license": "MIT",