vibescore 0.1.0__tar.gz

vibescore-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - run: pip install -e ".[all]" pytest
+      - run: python -m pytest tests/ -v --tb=short

vibescore-0.1.0/.gitignore

@@ -0,0 +1,16 @@
+__pycache__/
+*.pyc
+*.pyo
+dist/
+build/
+*.egg-info/
+.eggs/
+*.egg
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.venv/
+venv/
+.env
+*.pem
+*.key

vibescore-0.1.0/CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## [0.1.0] - 2025-04-10
+
+### Added
+- Initial release
+- Code quality analysis (VC201–VC209): function length, complexity, parameters, type annotations, nesting, star imports, docstrings, mutable defaults
+- Security analysis (VC301–VC309): hardcoded secrets, AWS keys, SQL injection, shell injection, unsafe deserialization, eval/exec, debug mode, private keys
+- Dependency analysis (VC401–VC405): version pinning, lock files, deprecated setup.py
+- Testing analysis (VC501–VC506): test presence, count, CI, conftest, test ratio
+- ASCII terminal report with letter grades (A+ through F)
+- JSON output format for CI pipelines
+- `--min-score` flag for threshold-based CI gating
+- Python library API: `from vibe_check import scan`
+- Zero external dependencies

vibescore-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+   (full text at http://www.apache.org/licenses/LICENSE-2.0)
+
+   Copyright 2025 Zacharie B
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

vibescore-0.1.0/PKG-INFO

@@ -0,0 +1,205 @@
+Metadata-Version: 2.4
+Name: vibescore
+Version: 0.1.0
+Summary: Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing.
+Project-URL: Homepage, https://github.com/stef41/vibe-check
+Project-URL: Repository, https://github.com/stef41/vibe-check
+Project-URL: Issues, https://github.com/stef41/vibe-check/issues
+Project-URL: Changelog, https://github.com/stef41/vibe-check/blob/main/CHANGELOG.md
+Author: Zacharie B
+License: Apache-2.0
+License-File: LICENSE
+Keywords: ai-generated-code,code-analysis,code-grade,code-quality,code-review,developer-tools,linter,security,static-analysis,vibe-coding
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Provides-Extra: all
+Requires-Dist: click>=8.0; extra == 'all'
+Requires-Dist: rich>=13.0; extra == 'all'
+Provides-Extra: cli
+Requires-Dist: click>=8.0; extra == 'cli'
+Requires-Dist: rich>=13.0; extra == 'cli'
+Provides-Extra: rich
+Requires-Dist: rich>=13.0; extra == 'rich'
+Description-Content-Type: text/markdown
+
+# 🎵 vibe-check
+
+**Grade your vibe-coded project. One command. Instant letter grade.**
+
+[![PyPI](https://img.shields.io/pypi/v/vibe-check?color=blue)](https://pypi.org/project/vibe-check/)
+[![License](https://img.shields.io/badge/license-Apache--2.0-green)](LICENSE)
+[![Python](https://img.shields.io/pypi/pyversions/vibe-check)](https://pypi.org/project/vibe-check/)
+[![Tests](https://img.shields.io/badge/tests-134%20passed-brightgreen)]()
+
+> "Vibe coding" is the new reality — you prompt, AI writes, you ship.  
+> But **is your vibe-coded project actually good?**  
+> Find out in 10 seconds.
+
+```
+$ vibescore .
+
+🎵 Vibe Check  v0.1.0
+══════════════════════════════════════════════
+
+  Project:   tokonomics
+  Files:     40 (32 Python, 8 other)
+  Lines:     4,658
+  Scanned in 0.12s
+
+┌──────────────────┬────────┬───────┐
+│ Category         │ Score  │ Grade │
+├──────────────────┼────────┼───────┤
+│ Code Quality     │   52.0 │ F     │
+│ Security         │  100.0 │ A+    │
+│ Dependencies     │   98.0 │ A+    │
+│ Testing          │  100.0 │ A+    │
+├──────────────────┼────────┼───────┤
+│ Overall          │   87.6 │ B+    │
+└──────────────────┴────────┴───────┘
+
+🟡 Warnings (11)
+  VC201  Function 'export_svg_chart' too long (102 lines)
+  VC202  Function '_build_cli' high complexity (30)
+  VC203  Function 'export_svg_chart' has 6 parameters (>5)
+  ...
+
+💡 Tips
+  • Reduce function complexity and add type annotations
+```
+
+## Install
+
+```bash
+pip install vibescore
+```
+
+That's it. Zero dependencies. Works with Python 3.9+.
+
+## Usage
+
+```bash
+# Grade the current directory
+vibescore .
+
+# Grade a specific project
+vibescore /path/to/project
+
+# JSON output (for CI pipelines)
+vibescore . --format json
+
+# Fail CI if score is below threshold
+vibescore . --min-score 70
+```
+
+### As a Python library
+
+```python
+from vibescore import scan
+
+report = scan(".")
+print(f"Grade: {report.overall_grade} ({report.overall_score:.0f}/100)")
+
+for category in report.categories:
+    print(f"  {category.name}: {category.grade}")
+```
+
+## What It Checks
+
+| Category | Checks | Codes |
+|----------|--------|-------|
+| **Code Quality** | Function length, cyclomatic complexity, parameter count, type annotations, nesting depth, star imports, docstrings, mutable defaults | VC201–VC209 |
+| **Security** | Hardcoded secrets, AWS keys, SQL injection, shell injection, unsafe deserialization, eval/exec, debug mode, private keys | VC301–VC309 |
+| **Dependencies** | Version pinning, lock files, deprecated setup.py, wildcard pins | VC401–VC405 |
+| **Testing** | Test file presence, test count, CI configuration, conftest.py, test-to-code ratio | VC501–VC506 |
+
+## Grading Scale
+
+| Grade | Score | Grade | Score |
+|-------|-------|-------|-------|
+| A+    | 97–100 | C+   | 77–79 |
+| A     | 93–96  | C    | 73–76 |
+| A-    | 90–92  | C-   | 70–72 |
+| B+    | 87–89  | D+   | 67–69 |
+| B     | 83–86  | D    | 63–66 |
+| B-    | 80–82  | D-   | 60–62 |
+|       |        | F    | 0–59  |
+
+## CI Integration
+
+### GitHub Actions
+
+```yaml
+- name: Vibe Check
+  run: |
+    pip install vibescore
+    vibescore . --min-score 70
+```
+
+### Pre-commit (manual)
+
+```bash
+# In your Makefile or CI script
+vibescore . --min-score 70 --format json > vibe-report.json
+```
+
+## How Scoring Works
+
+Each category is scored 0–100 independently. The overall score is a weighted average:
+
+| Category | Weight |
+|----------|--------|
+| Security | 30% |
+| Code Quality | 25% |
+| Testing | 25% |
+| Dependencies | 20% |
+
+Security is weighted highest because a security bug in vibe-coded projects can be catastrophic.
+
+## Why vibe-check?
+
+Vibe coding means AI writes most of your code. That's fast, but it introduces risks:
+
+- **AI hallucinates long functions** that are hard to debug
+- **AI skips security basics** like input validation and secret management
+- **AI often omits tests** or writes superficial ones
+- **AI uses loose dependency pins** that break on updates
+
+`vibescore` catches these patterns in seconds, so you can ship fast *and* ship safe.
+
+## FAQ
+
+**Q: Does this only work with Python?**  
+A: Currently Python-focused for code quality and testing analysis. Security and dependency checks work with any project type. More languages coming soon.
+
+**Q: Does it phone home or require an API key?**  
+A: No. Zero network requests. Zero dependencies. Runs entirely offline.
+
+**Q: How is this different from pylint/ruff/flake8?**  
+A: Those are line-level linters. `vibescore` gives you a project-level grade across security, quality, testing, and dependencies — a holistic view of your vibe-coded project's health. Use both.
+
+## See Also
+
+Tools in the same ecosystem:
+
+- [tokonomics](https://github.com/stef41/tokonomics) — LLM token cost management
+- [injectionguard](https://github.com/stef41/injectionguard) — Prompt injection detection
+- [vibesafe](https://github.com/stef41/vibesafe) — AI code safety scanner
+- [castwright](https://github.com/stef41/castwright) — Synthetic training data generator
+- [infermark](https://github.com/stef41/infermark) — LLM inference benchmarking
+
+## License
+
+Apache-2.0

vibescore-0.1.0/README.md

@@ -0,0 +1,168 @@
+# 🎵 vibe-check
+
+**Grade your vibe-coded project. One command. Instant letter grade.**
+
+[![PyPI](https://img.shields.io/pypi/v/vibe-check?color=blue)](https://pypi.org/project/vibe-check/)
+[![License](https://img.shields.io/badge/license-Apache--2.0-green)](LICENSE)
+[![Python](https://img.shields.io/pypi/pyversions/vibe-check)](https://pypi.org/project/vibe-check/)
+[![Tests](https://img.shields.io/badge/tests-134%20passed-brightgreen)]()
+
+> "Vibe coding" is the new reality — you prompt, AI writes, you ship.  
+> But **is your vibe-coded project actually good?**  
+> Find out in 10 seconds.
+
+```
+$ vibescore .
+
+🎵 Vibe Check  v0.1.0
+══════════════════════════════════════════════
+
+  Project:   tokonomics
+  Files:     40 (32 Python, 8 other)
+  Lines:     4,658
+  Scanned in 0.12s
+
+┌──────────────────┬────────┬───────┐
+│ Category         │ Score  │ Grade │
+├──────────────────┼────────┼───────┤
+│ Code Quality     │   52.0 │ F     │
+│ Security         │  100.0 │ A+    │
+│ Dependencies     │   98.0 │ A+    │
+│ Testing          │  100.0 │ A+    │
+├──────────────────┼────────┼───────┤
+│ Overall          │   87.6 │ B+    │
+└──────────────────┴────────┴───────┘
+
+🟡 Warnings (11)
+  VC201  Function 'export_svg_chart' too long (102 lines)
+  VC202  Function '_build_cli' high complexity (30)
+  VC203  Function 'export_svg_chart' has 6 parameters (>5)
+  ...
+
+💡 Tips
+  • Reduce function complexity and add type annotations
+```
+
+## Install
+
+```bash
+pip install vibescore
+```
+
+That's it. Zero dependencies. Works with Python 3.9+.
+
+## Usage
+
+```bash
+# Grade the current directory
+vibescore .
+
+# Grade a specific project
+vibescore /path/to/project
+
+# JSON output (for CI pipelines)
+vibescore . --format json
+
+# Fail CI if score is below threshold
+vibescore . --min-score 70
+```
+
+### As a Python library
+
+```python
+from vibescore import scan
+
+report = scan(".")
+print(f"Grade: {report.overall_grade} ({report.overall_score:.0f}/100)")
+
+for category in report.categories:
+    print(f"  {category.name}: {category.grade}")
+```
+
+## What It Checks
+
+| Category | Checks | Codes |
+|----------|--------|-------|
+| **Code Quality** | Function length, cyclomatic complexity, parameter count, type annotations, nesting depth, star imports, docstrings, mutable defaults | VC201–VC209 |
+| **Security** | Hardcoded secrets, AWS keys, SQL injection, shell injection, unsafe deserialization, eval/exec, debug mode, private keys | VC301–VC309 |
+| **Dependencies** | Version pinning, lock files, deprecated setup.py, wildcard pins | VC401–VC405 |
+| **Testing** | Test file presence, test count, CI configuration, conftest.py, test-to-code ratio | VC501–VC506 |
+
+## Grading Scale
+
+| Grade | Score | Grade | Score |
+|-------|-------|-------|-------|
+| A+    | 97–100 | C+   | 77–79 |
+| A     | 93–96  | C    | 73–76 |
+| A-    | 90–92  | C-   | 70–72 |
+| B+    | 87–89  | D+   | 67–69 |
+| B     | 83–86  | D    | 63–66 |
+| B-    | 80–82  | D-   | 60–62 |
+|       |        | F    | 0–59  |
+
+## CI Integration
+
+### GitHub Actions
+
+```yaml
+- name: Vibe Check
+  run: |
+    pip install vibescore
+    vibescore . --min-score 70
+```
+
+### Pre-commit (manual)
+
+```bash
+# In your Makefile or CI script
+vibescore . --min-score 70 --format json > vibe-report.json
+```
+
+## How Scoring Works
+
+Each category is scored 0–100 independently. The overall score is a weighted average:
+
+| Category | Weight |
+|----------|--------|
+| Security | 30% |
+| Code Quality | 25% |
+| Testing | 25% |
+| Dependencies | 20% |
+
+Security is weighted highest because a security bug in vibe-coded projects can be catastrophic.
+
+## Why vibe-check?
+
+Vibe coding means AI writes most of your code. That's fast, but it introduces risks:
+
+- **AI hallucinates long functions** that are hard to debug
+- **AI skips security basics** like input validation and secret management
+- **AI often omits tests** or writes superficial ones
+- **AI uses loose dependency pins** that break on updates
+
+`vibescore` catches these patterns in seconds, so you can ship fast *and* ship safe.
+
+## FAQ
+
+**Q: Does this only work with Python?**  
+A: Currently Python-focused for code quality and testing analysis. Security and dependency checks work with any project type. More languages coming soon.
+
+**Q: Does it phone home or require an API key?**  
+A: No. Zero network requests. Zero dependencies. Runs entirely offline.
+
+**Q: How is this different from pylint/ruff/flake8?**  
+A: Those are line-level linters. `vibescore` gives you a project-level grade across security, quality, testing, and dependencies — a holistic view of your vibe-coded project's health. Use both.
+
+## See Also
+
+Tools in the same ecosystem:
+
+- [tokonomics](https://github.com/stef41/tokonomics) — LLM token cost management
+- [injectionguard](https://github.com/stef41/injectionguard) — Prompt injection detection
+- [vibesafe](https://github.com/stef41/vibesafe) — AI code safety scanner
+- [castwright](https://github.com/stef41/castwright) — Synthetic training data generator
+- [infermark](https://github.com/stef41/infermark) — LLM inference benchmarking
+
+## License
+
+Apache-2.0

vibescore-0.1.0/pyproject.toml

@@ -0,0 +1,75 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "vibescore"
+version = "0.1.0"
+description = "Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing."
+readme = "README.md"
+license = {text = "Apache-2.0"}
+requires-python = ">=3.9"
+authors = [{ name = "Zacharie B" }]
+keywords = [
+    "vibe-coding",
+    "code-quality",
+    "security",
+    "linter",
+    "code-analysis",
+    "ai-generated-code",
+    "static-analysis",
+    "code-review",
+    "code-grade",
+    "developer-tools",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: Apache Software License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Software Development :: Quality Assurance",
+    "Topic :: Software Development :: Testing",
+    "Topic :: Security",
+    "Typing :: Typed",
+]
+dependencies = []
+
+[project.optional-dependencies]
+rich = ["rich>=13.0"]
+cli = ["click>=8.0", "rich>=13.0"]
+all = ["vibescore[cli]"]
+
+[project.scripts]
+vibe-check = "vibe_check.cli:_entry"
+
+[project.urls]
+Homepage = "https://github.com/stef41/vibe-check"
+Repository = "https://github.com/stef41/vibe-check"
+Issues = "https://github.com/stef41/vibe-check/issues"
+Changelog = "https://github.com/stef41/vibe-check/blob/main/CHANGELOG.md"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/vibescore"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+addopts = "-v --tb=short"
+
+[tool.ruff]
+target-version = "py39"
+line-length = 99
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "I", "N", "UP", "B", "SIM", "TCH"]
+
+[tool.mypy]
+python_version = "3.9"
+strict = true
+warn_return_any = true
+warn_unused_configs = true

vibescore-0.1.0/src/vibescore/__init__.py

@@ -0,0 +1,18 @@
+from __future__ import annotations
+
+__version__ = "0.1.0"
+
+from .scanner import scan
+from ._types import VibeReport, CategoryScore, Issue, FileInfo
+from .scoring import score_to_grade, compute_overall
+
+__all__ = [
+    "scan",
+    "VibeReport",
+    "CategoryScore",
+    "Issue",
+    "FileInfo",
+    "score_to_grade",
+    "compute_overall",
+    "__version__",
+]

vibescore-0.1.0/src/vibescore/_types.py

@@ -0,0 +1,42 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+
+
+@dataclass
+class FileInfo:
+    path: str
+    language: str  # "python", "javascript", "typescript", "unknown"
+    lines: int
+    size_bytes: int
+
+
+@dataclass
+class Issue:
+    code: str  # e.g. "VC101"
+    severity: str  # "critical", "warning", "info"
+    message: str
+    file: str | None = None
+    line: int | None = None
+
+
+@dataclass
+class CategoryScore:
+    name: str
+    score: float  # 0-100
+    grade: str  # A+ through F
+    issues: list[Issue] = field(default_factory=list)
+    details: dict = field(default_factory=dict)
+
+
+@dataclass
+class VibeReport:
+    project_path: str
+    project_name: str
+    total_files: int
+    total_lines: int
+    languages: dict[str, int]  # language -> file count
+    categories: list[CategoryScore] = field(default_factory=list)
+    overall_score: float = 0.0
+    overall_grade: str = "?"
+    scan_time_s: float = 0.0

vibescore-0.1.0/src/vibescore/cli.py

@@ -0,0 +1,62 @@
+from __future__ import annotations
+
+import argparse
+import os
+import sys
+
+
+def main(argv: list[str] | None = None) -> int:
+    from . import __version__
+
+    parser = argparse.ArgumentParser(
+        prog="vibe-check",
+        description="\U0001f3b5 Grade your vibe-coded project",
+    )
+    parser.add_argument(
+        "path", nargs="?", default=".", help="Project directory to scan (default: .)"
+    )
+    parser.add_argument(
+        "--format",
+        choices=["text", "json"],
+        default="text",
+        help="Output format",
+    )
+    parser.add_argument(
+        "--min-score",
+        type=float,
+        default=0,
+        help="Exit with code 1 if overall score is below this threshold",
+    )
+    parser.add_argument(
+        "--version", action="version", version=f"%(prog)s {__version__}"
+    )
+
+    args = parser.parse_args(argv)
+
+    path = args.path
+    if not os.path.isdir(path):
+        print(f"Error: '{path}' is not a directory", file=sys.stderr)
+        return 1
+
+    from .scanner import scan
+    from .report import format_report, format_json
+
+    report = scan(path)
+
+    if args.format == "json":
+        print(format_json(report))
+    else:
+        print(format_report(report))
+
+    if report.overall_score < args.min_score:
+        return 1
+    return 0
+
+
+def _entry() -> None:
+    """Wrapper for console_scripts entry-point."""
+    sys.exit(main())
+
+
+if __name__ == "__main__":
+    sys.exit(main())