devpulse 1.0.0

Developer diagnostics: HTTP timing, build artifact cleanup, environment health checks, port scanning, PATH analysis, and config format conversion
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

# DevPulse — Build & Improvement Plan

## Current Status: v1.0.0 Release

### Completed Features (v1.0.0)
- [x] Interactive TUI dashboard (ratatui + crossterm)
- [x] Dynamic-width branded banner
- [x] Doctor: 7 health checks (Git, Node, Rust, Python, Docker, Disk, SSH)
- [x] Ports: Cross-platform port scanner with 36+ service hints
- [x] Ports: Parallel TCP network scan (rayon) with latency measurement
- [x] Ports: Banner grabbing with protocol-specific probes (HTTP, Redis, generic)
- [x] Ports: Custom port range scanning (`--scan-range` CLI flag)
- [x] Env: PATH analysis, dev vars, proxy, CI detection
- [x] Env: `.env` file scanning with sensitive key detection
- [x] Env: Gitignore status checking for .env files
- [x] Env: Git configuration audit (7 global keys with security warnings)
- [x] Env: SSH key security audit (type, strength, age, weak key detection)
- [x] Sweep: 12 artifact types, interactive deletion
- [x] HTTP: Manual socket timing (DNS/TCP/TLS/TTFB/Transfer)
- [x] HTTP: Security header audit (8 headers, weighted A-F grading)
- [x] HTTP: TLS certificate inspection (x509-parser: subject, issuer, SANs, expiry, key info)
- [x] HTTP: Redirect chain tracing (301/302/303/307/308, up to 10 hops with per-hop timing)
- [x] Convert: Config format converter (JSON ↔ YAML ↔ TOML ↔ .env)
- [x] Convert: Auto-detect input format from file extension
- [x] Convert: Dot-flattening for .env nested key mapping
- [x] Convert: serde_json::Value universal intermediate representation
- [x] Convert: TUI integration with path + format input form
- [x] JSON output on all subcommands
- [x] Shell completions (bash, zsh, fish, powershell)
- [x] TUI: F1/? help screen with full keyboard reference
- [x] TUI: Tab/Shift+Tab tool cycling
- [x] TUI: 'r' re-run and number keys from any screen
- [x] TUI: Scroll position indicator in status bar
- [x] TUI: Convert tool with two-field input form (path + format)
- [x] TTY detection (auto-fallback to CLI help in non-interactive environments)
- [x] Integration test suite (79 total tests: 64 unit + 15 integration)
- [x] Release profile (LTO + strip, ~2.5 MB binary)
- [x] GitHub Actions CI with release builds
- [x] CHANGELOG.md

---

## v0.2.0 Roadmap — Future Enhancements

### Ports Module
- [x] Expanded service detection (36+ ports)
- [x] TCP connect network scanner (localhost probe with latency)
- [x] Parallel scanning with rayon
- [x] Banner grabbing with protocol-specific probes
- [x] Custom port range scanning (`--scan-range`)
- [ ] Port range grouping (e.g., "3000-3005 → dev cluster")
- [ ] Network interface binding info
- [ ] Connection state tracking (ESTABLISHED, TIME_WAIT, etc.)
- [ ] Port conflict detection for common dev stacks
- [ ] Custom target host for network scan (beyond localhost)

### HTTP Module
- [x] Security header audit (8 headers, A-F grading)
- [x] TLS certificate inspection (x509-parser)
- [x] Redirect chain tracing (up to 10 hops)
- [ ] Benchmark mode (multiple requests, stats: min/max/avg/p99)
- [ ] HTTP/2 support
- [ ] Cookie jar tracking across redirects

### Env Module
- [x] `.env` file discovery and validation
- [x] `.env` key leak detection (warn on secrets in non-gitignored .env)
- [x] Git configuration audit (7 global keys)
- [x] SSH key security audit (type, strength, age)
- [ ] Shell profile detection (~/.bashrc, ~/.zshrc, $PROFILE)
- [ ] Runtime version manager detection (nvm, pyenv, rustup channels)

### TUI Improvements
- [x] F1 help screen with full keyboard reference
- [x] Tab/Shift+Tab navigation between tools
- [x] Number keys work from any screen (not just menu)
- [x] 'r' key to re-run/refresh current tool
- [x] Scroll position indicator (line/total/%)
- [ ] Animated loading spinners
- [ ] Mouse support (click menu items)
- [ ] Result diff on re-run (highlight changes)

### General
- [ ] `--verbose` flag for detailed output
- [ ] Config file support (~/.devpulse.toml)
- [ ] Plugin system for custom checks
- [ ] Benchmark mode for HTTP (multiple requests, stats)

---

## Architecture Notes

### Why Manual Sockets for HTTP?
`reqwest` does NOT expose per-phase timing (DNS vs TCP vs TLS separately). The entire visual value of the HTTP tool depends on measuring each phase independently. We MUST use:
- `std::net::ToSocketAddrs` for DNS (timed)
- `std::net::TcpStream::connect_timeout` for TCP (timed)
- `native_tls::TlsConnector::connect` for TLS (timed)
- Manual HTTP/1.1 request writing + response reading (timed for TTFB + transfer)

### Why No Async?
DevPulse is a diagnostic tool, not a server. Every operation is inherently sequential (run one check, show result). Adding tokio/async-std would:
- Triple the binary size
- Add compile-time complexity
- Provide zero benefit for sequential diagnostics

### Why ratatui Over egui/iced?
- Terminal-native: works in SSH sessions, CI, Docker containers
- Zero system dependencies: no GPU, no display server
- Consistent across platforms
- Matches LazyFrog/Brutus1066 project style (portr uses similar TUI patterns)

---

## CI/CD

### ci.yml — push to main + PRs
- Matrix: [ubuntu-latest, windows-latest, macos-latest]
- Uses `dtolnay/rust-toolchain@stable`
- Jobs: build+test, clippy, format check

### release.yml — tag push v*
- 4 targets: x86_64-unknown-linux-gnu, x86_64-pc-windows-msvc, x86_64-apple-darwin, aarch64-apple-darwin
- Archive: .tar.gz (Linux/macOS), .zip (Windows)
- Uses `softprops/action-gh-release@v2`
- Include shell completion files as release artifacts