v1.5.0

Drift v1.5.0

This release finalizes the hardening cycle for merge/release confidence:

• mandatory quality matrix on Node 20/22 with reusable quality gates
• runtime/docs/performance policy checks (check:runtime-policy, check:docs-drift, check:perf-budget)
• smoke E2E gate and CI artifacts for smoke/perf diagnostics
• schema contracts for doctor --json and guard --json with $schema + toolVersion
• CI/action version alignment guards and release metadata alignment
• test stability improvements (default timeout budgets)

See CHANGELOG.md for complete details.

v1.4.0

Release Notes Draft (S5)

Scope

This draft covers the latest trust-core and SARIF-related changes prepared for release packaging.

What changed

• Added/solidified release-facing CLI capabilities:
  • init for project scaffolding and baseline bootstrap.
  • doctor for environment diagnostics.
  • guard for non-regression enforcement by diff or baseline.
• Consolidated output format behavior around --format and preserved legacy aliases for compatibility.
• Added SARIF output coverage across critical commands (scan, ci, diff, review, trust).
• Aligned CI and action v2 contract expectations with SARIF-enabled workflows.
• Expanded tests and docs to reduce release risk in CLI output contracts.

User impact

• Teams can ingest drift findings in SARIF-native tooling without custom adapters.
• Trust/review automation in PRs is more consistent thanks to normalized output contracts.
• Onboarding and guardrail setup are faster with init, doctor, and guard.

Risks and watch points

• SARIF consumers may still differ in strictness; validate in at least one real CI environment.
• Legacy alias paths (--json, --comment, --markdown) depend on compatibility behavior and should remain covered by tests.
• Trust/reporting flows rely on artifact path conventions in CI; keep workflow and docs synchronized.

Minimal validation before tag

• Smoke no-build commands:
  • scan --format sarif
  • ci --format sarif
  • trust --format sarif
  • review --format sarif (or diff --format sarif fallback)
• Targeted tests:
  • tests/cli-sarif.test.ts
  • tests/format.test.ts
  • tests/sarif.test.ts

v1.3.0 - Trust gates, cloud governance, and low-memory guardrails

Highlights

• Added trust-first merge governance with diff-aware scoring, reusable trust-gate, policy packs, and advanced trust guidance in CLI.
• Added CLI-first KPI evidence loop with drift kpi <path> for aggregate trust metrics from artifacts.
• Expanded cloud-like local governance primitives: tenant boundaries, actor-based authz, plan lifecycle commands, and strict actor enforcement mode.
• Hardened plugin ecosystem contract with versioned validation, compatibility diagnostics, and duplicate rule checks.
• Improved scalability with low-memory analysis mode, guardrails, and benchmark tooling.
• Fixed diff integrity noise by normalizing issue matching across line endings, preventing false new/resolved churn in review --base and trust --base flows.

Notable Commands

• drift trust ... --policy-pack <name> --explain-policy
• drift trust-gate <trust-json-file> --policy-pack <name> --branch <name>
• drift kpi <path>
• drift cloud plan-set|plan-changes|usage
• drift scan --low-memory --chunk-size <n> --max-files <n> --max-file-size-kb <n>

v1.2.0

Release v1.2.0\n\nHighlights:\n- Added SaaS foundations with cloud ingest, summary, and dashboard commands\n- Introduced local cloud store model and usage metrics\n- Enforced free-phase guardrails with free-until-7500 policy\n- Added SaaS foundation test coverage\n- Updated PRD roadmap alignment for cloud foundations completion

v1.1.0

Release v1.1.0\n\nHighlights:\n- New drift review command for PR diff analysis\n- New drift map command generating architecture.svg\n- AI likelihood and AI code smell signals in AI output\n- Configurable architecture rules\n- Repository quality and maintenance risk metrics\n- Plugin system MVP\n- Extended fix preview/write modes\n- Product and contributor documentation updates

v1.0.0 — Stable Release

What's new in v1.0.0

26 detection rules across 6 phases

All rules are now fully tested and documented.

Full test coverage

131 tests passing — every rule has dedicated test cases including cross-file analysis (unused-export, dead-file, unused-dependency, circular-dependency, layer-violation, cross-boundary-import, semantic-duplication).

Modular rule architecture

Rule logic is now organized in src/rules/ modules:

• phase0-basic.ts — large-file, large-function, debug-leftover, dead-code, duplicate-function-name, any-abuse, catch-swallow, no-return-type
• phase1-complexity.ts — high-complexity, deep-nesting, too-many-params, high-coupling, promise-style-mix, magic-number, comment-contradiction
• phase2-crossfile.ts — unused-export, dead-file, unused-dependency
• phase3-arch.ts — circular-dependency, layer-violation, cross-boundary-import
• phase5-ai.ts — hardcoded-config, inconsistent-error-handling, unnecessary-abstraction, naming-inconsistency, over-commented
• phase8-semantic.ts — semantic-duplication

Bug fix: drift-ignore-file now works for cross-file rules

// drift-ignore-file now correctly suppresses issues from dead-file, unused-export, circular-dependency, and semantic-duplication phases.

Self-scan: 18/100 (LOW)

drift scans itself and scores 18/100.

VS Code Extension

eduardbar.vscode-drift v0.1.1 available in the Marketplace.

Install

npx @eduardbar/drift scan .

v0.9.1

Fixed

• drift trend: analyzeSingleCommit now analyses the full project snapshot at each historical commit (via git ls-tree + git show) instead of only the files in the diff. Score in each TrendDataPoint now reflects total project health.
• drift trend: added uniform sampling (max 10 points per period) to prevent timeouts on large repos.
• drift trend / drift blame: DriftConfig now propagates through the full historical analysis call chain.

v0.9.0 — Historical drift analysis + HTML report + Badge + CI annotations

What's new

Phase 4 — Historical drift analysis

• trend [period] command: analyzes debt evolution over week, month, quarter, year
• blame [target] command: shows which files/rules contribute most to drift
• TrendAnalyzer class with linear regression, moving average, ASCII chart
• BlameAnalyzer class with per-file and per-rule attribution via git blame

Phase 6 — HTML report, badge, CI annotations

• report [path] command: generates self-contained HTML report (dark mode, no external deps)
• badge [path] command: generates badge.svg in shields.io format
• ci [path] command: emits GitHub Actions workflow annotations + step summary

Fixes

• VERSION is now read dynamically from package.json — never out of sync again
• Added missing program.parse() — commands were silently not executing

Install

npx @eduardbar/drift@0.9.0 scan .

Usage

npx @eduardbar/drift scan .           # scan for drift
npx @eduardbar/drift report .         # generate HTML report
npx @eduardbar/drift badge .          # generate badge.svg
npx @eduardbar/drift ci . --min-score 60  # CI gate
npx @eduardbar/drift trend month      # trend last 30 days
npx @eduardbar/drift blame overall    # who introduced most debt

v0.8.0 — semantic-duplication

What's new

Phase 8 — Semantic Duplication Detection

New rule: semantic-duplication

Detects functions that are semantically identical across the project using Type-2 AST clone detection — same logic, different variable names.

How it works

1. For each function (≥ 8 body lines), normalize the AST:
   • Parameter names → P0, P1, ...
   • Local variable names → V0, V1, ...
   • Numeric literals → NL, string literals → SL
2. Serialize the normalized AST via DFS preorder
3. SHA-256 hash the result
4. Group functions by identical hash — each group of 2+ is a clone cluster
5. Report each function pointing to all other locations

Example output

▲ L36  semantic-duplication  Function 'escapeHtml' is semantically identical to: ci.ts:5 (encodeMessage)
        function escapeHtml — duplicated in 1 other location

Characteristics

• Zero false positives — only reports exact structural clones after normalization
• Cross-file — compares functions across the entire project
• Severity: warning, weight 12
• Minimum size: 8 body lines (suppresses trivial 1-liner duplicates)
• Skips test framework helpers (describe, it, test, etc.)

npm

@eduardbar/drift@0.8.0

v0.7.0 — eslint-plugin-drift

What's new

Phase 7 — ESLint Plugin

eslint-plugin-drift is now published as a separate npm package.

It exposes all 26 drift rules as standard ESLint rules, compatible with ESLint 9 flat config.

Installation

npm install --save-dev eslint-plugin-drift @eduardbar/drift

Usage

// eslint.config.js
import drift from 'eslint-plugin-drift'

export default [
  ...drift.configs.recommended,
]

Technical details

• Each rule wraps drift's analyzeFile() engine via a shared ts-morph Project singleton
• Per-file result cache (max 100 entries) — each file analyzed once regardless of rules enabled
• recommended config enables all 26 rules at their canonical drift severity (errors/warnings)
• Cross-file rules (unused-export, dead-file, unused-dependency) work best combined with drift scan for full project analysis

npm packages

• @eduardbar/drift@0.7.0
• eslint-plugin-drift@0.1.0