codereport 0.1.0

Track code follow-ups (TODOs, refactors, bugs, critical) with tags, expiration, and CI checks.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

# codereport

Repo-scoped CLI for code reports: track TODOs, refactors, 
bugs, and critical items with tags, expiration, and CI 
checks.

**Track code follow-ups where they live—with tags, ownership, expiration, and CI.**

codereport is a repo-scoped CLI that turns scattered TODOs, refactors, bugs, and critical items into a single, auditable list. Add reports by file and line range, attach severity and optional expiration, and gate merges with a CI check. A generated HTML dashboard gives your team at-a-glance heatmaps and stats so nothing slips.

---

## Why codereport?

- **Scattered follow-ups** — TODOs and “fix later” comments live in code or in tickets, with no single place to see what’s open, who owns it, or when it’s due.
- **No visibility** — There’s no quick way to see which files or areas carry the most tech debt, bugs, or critical items.
- **No gates** — Critical or long-overdue items can ship because nothing fails the build when they’re still open.

codereport keeps all of this in one place: a repo-owned list of reports, keyed by file and line range, with tags, messages, ownership, and optional expiration. You run it from the repo, generate a dashboard when you need it, and use `codereport check` in CI to block on blocking or expired items.

---

## Value proposition (landing / pitch)

- **One source of truth** — All code follow-ups (TODOs, refactors, bugs, critical) in a single YAML store under `.codereports/`, versioned with the repo.
- **Precise location** — Every report is tied to a path and line range (`path:start-end`), so you know exactly where to look.
- **Severity and expiration** — Tag types map to severity (low → blocking). You can set expiration per tag (e.g. critical: 14 days, buggy: 90 days). The dashboard and CI both respect “expired” and “expiring soon.”
- **Ownership** — On add, ownership is resolved from CODEOWNERS or git blame (with a local cache), so each report can be attributed without extra work.
- **CI gate**`codereport check` exits non-zero if any open report is blocking severity or past its expiration date. Use it in CI to prevent merging with open critical or stale items.
- **Dashboard, not a long table**`codereport html` generates a minimal dashboard: KPIs (total, open, resolved, critical, expired, expiring soon), tag distribution, and a file × tag heatmap. No need to scroll a giant list to see where the work is.
- **Fits your workflow** — Add and resolve from the CLI; list and filter by tag or status. Config is in the repo (tags, severity, expiration), so policy is explicit and reviewable.

---

## Features (for feature lists / comparison)

| Feature | Description |
|--------|-------------|
| **Tagged reports** | todo, refactor, buggy, critical — configurable severity and optional expiration per tag |
| **Line-range scoped** | Reports are tied to `path:start-end` (e.g. `src/foo.rs:42-88`) |
| **Configurable policy** | `.codereports/config.yaml` defines severity (low / medium / high / blocking) and expiration days per tag; default: critical 14d, buggy 90d, refactor 180d, todo no expiry |
| **Ownership** | CODEOWNERS first, then git blame for the line range; result (git + codeowner) stored on each report; blame cached locally |
| **CI check** | `codereport check` fails if any open report is blocking or expired — use in PR/merge checks |
| **HTML dashboard** | Stats, tag bars, file × tag heatmap (top 30 files); dark, minimal UI; generated under `.codereports/html/` (gitignored) |
| **Git-friendly** | Only `reports.yaml` and `config.yaml` are meant to be committed; generated HTML and blame cache are ignored |

---

## Use cases (for landing / docs)

- **Code review follow-ups** — Add a report instead of a vague “address this later” comment; assign severity and optional expiry; track in one place.
- **Tech debt and refactors** — Use the refactor tag with an expiration so refactors don’t sit forever; see which files have the most in the heatmap.
- **Known bugs** — Tag buggy or critical with expiration; CI can block until they’re resolved or extended.
- **Critical / blocking items** — Mark as critical with a short expiry; `codereport check` in CI ensures they can’t be merged while open.
- **Team visibility** — Generate the HTML dashboard for standups or planning; heatmap and stats show hotspots and trends without opening every file.

---

## Quick start

From the repo root:

```bash
codereport init
```

This creates `.codereports/` with `config.yaml` and updates the repo root `.gitignore` so `.codereports/html/` and `.codereports/.blame-cache` are ignored.

---

## Commands

| Command | Description |
|--------|-------------|
| `codereport add <path>:<start>-<end> --tag <tag> --message <text>` | Add a report (tag: todo, refactor, buggy, critical) |
| `codereport list [--tag <tag>] [--status open\|resolved]` | List reports with optional filters |
| `codereport delete <id>` | Delete by ID (e.g. CR-000001) |
| `codereport resolve <id>` | Mark as resolved |
| `codereport check` | CI: exit 1 if any open report is blocking or expired |
| `codereport html [--no-open]` | Generate `.codereports/html/index.html` and open in browser (use `--no-open` to skip open) |

---

## Usage in CI

`codereport check` exits with code 1 if any **open** report is either:

- **Blocking** — its tag has severity `blocking` in `config.yaml` (e.g. default `critical`), or  
- **Expired** — it has an `expires_at` date and that date is before today (CI uses the runner’s local date).

Resolved reports are ignored. When the check fails, it prints each violating report to stderr as: `ID  path  tag  message`. Fix by resolving or deleting those reports, or by updating expiration where appropriate.

### Installing in CI

Install the binary before running `check`:

- **From crates.io:** `cargo install codereport` (ensure `cargo` is available in the job).
- **From source:** clone the repo and run `cargo build --release`; use the binary from `target/release/codereport`.

Then run from the **repository root** (where `.codereports/` and `reports.yaml` live):

```bash
codereport check
```

### Example: GitHub Actions

```yaml
name: codereport
on:
  pull_request:
    branches: [main]
jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - run: cargo install codereport
      - run: codereport check
```

Add this job to your workflow so PRs cannot merge while blocking or expired reports are open.

### Example: GitLab CI

```yaml
codereport:
  stage: test
  image: rust:latest
  script:
    - cargo install codereport
    - codereport check
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
```

Run in the same branch as the MR; the job fails if the check fails.

### When to run

- **On every PR / MR** — Ensures no new merge introduces open blocking or expired items; existing reports are already in the repo.
- **On main / default branch** — Optional; useful to catch reports that were opened after merge or to enforce policy on a schedule.

If your CI doesn’t have Rust, build `codereport` in a separate “build” job and cache the binary, or use a pre-built release binary and install that in the job instead of `cargo install`.

---

## What to track in Git

**Commit:**

- `.codereports/reports.yaml` — report data
- `.codereports/config.yaml` — tag and policy config

**Do not commit (ignored via repo root `.gitignore`):**

- `.codereports/html/` — generated dashboard
- `.codereports/.blame-cache` — local blame cache (per-machine, not shared)