Metadata-Version: 2.4
Name: decivy
Version: 0.1.0
Summary: A CLI tool to find outdated and abandoned dependencies in your projects.
Author: Zed
License-Expression: MIT
Project-URL: Homepage, https://github.com/Zerik2me/decivy
Keywords: dependencies,cli,outdated,abandoned,audit,developer-tools
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3.11
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1
Requires-Dist: httpx>=0.27
Requires-Dist: rich>=13
Requires-Dist: openai>=1.30
Requires-Dist: anthropic>=0.28
Requires-Dist: tomli>=2.0; python_version < "3.11"
Requires-Dist: platformdirs>=4
Requires-Dist: keyring>=25
Requires-Dist: python-dotenv>=1.2.2
Requires-Dist: tomli-w>=1.2.0
Requires-Dist: tomlkit>=0.15.0
Dynamic: license-file

# decivy

A CLI tool to find outdated, stale, and abandoned dependencies across your projects. Supports Python, Node, Go, and Rust. Powered by your own AI API key.

## Installation

```bash
pip install decivy
```

Requires Python 3.11+.

## Quick start

```bash
dev scan /path/to/your/project
```

## Commands

### `scan`

Scan a directory for dependency issues.

```bash
dev scan [PATH] [OPTIONS]
```

| Option | Default | Description |
|--------|---------|-------------|
| `--depth INT` | 3 | How deep to recurse into subdirectories |
| `--ecosystem TEXT` | all | Filter by ecosystem: `python`, `node`, `go`, `rust` |
| `--format TEXT` | table | Output format: `table`, `json`, `md` |
| `--output FILE` | stdout | Write report to a file |
| `--no-ai` | off | Skip AI analysis |

Examples:

```bash
# Scan current directory
dev scan

# Scan a specific project, Python only
dev scan ~/projects/myapp --ecosystem python

# Export a JSON report
dev scan ~/projects/myapp --format json --output report.json

# Scan without AI summary
dev scan ~/projects/myapp --no-ai
```

### `update`

Scan and update outdated or stale dependencies.

```bash
dev update [PATH] [OPTIONS]
```

| Option | Default | Description |
|--------|---------|-------------|
| `--ecosystem TEXT` | all | Filter by ecosystem |
| `--dry-run` | off | Show what would be updated without doing it |
| `--yes` | off | Skip confirmation prompt |
| `--req FILE` | none | Update a requirements file after upgrading (Python only) |

Examples:

```bash
# Update current directory
dev update

# Preview what would be updated
dev update ~/projects/myapp --dry-run

# Update without confirmation prompt
dev update ~/projects/myapp --yes

# Update and rewrite requirements.txt
dev update ~/projects/myapp --ecosystem python --req requirements.txt
```

### `config`

View or update decivy settings.

```bash
dev config [OPTIONS]
```

| Option | Description |
|--------|-------------|
| `--show` | Print current configuration |
| `--config-dir` | Show the config file location |
| `--provider TEXT` | AI provider: `gemini`, `openai`, `groq`, `ollama` |
| `--api-key TEXT` | API key for the chosen provider |
| `--model TEXT` | Model override (leave blank for provider default) |
| `--depth INT` | Default scan depth |
| `--stale-after INT` | Days before a package is considered stale |

Examples:

```bash
# View current config
dev config --show

# Show where config is stored
dev config --config-dir

# Set up Gemini
dev config --provider gemini --api-key YOUR_KEY

# Set up OpenAI with a specific model
dev config --provider openai --api-key YOUR_KEY --model gpt-4o-mini

# Use a local Ollama model (no API key needed)
dev config --provider ollama

# Change stale threshold to 1 year
dev config --stale-after 365
```

## Status levels

| Status | Meaning |
|--------|---------|
| `ok` | Up to date |
| `outdated` | Behind by one or more major versions |
| `stale` | No release in over 2 years |
| `abandoned` | No release in over 5 years |
| `deprecated` | Marked inactive by maintainer |
| `unknown` | Could not retrieve package info |

## AI analysis

decivy can summarise flagged dependencies using your own API key — it never uses a shared key or charges you through the tool.

Supported providers:

| Provider | Notes |
|----------|-------|
| Gemini | Free tier available. Recommended for first-time setup. |
| OpenAI | `gpt-4o-mini` is cheap and fast for this use case. |
| Groq | Free tier, very fast. Uses Llama models. |
| Ollama | Fully local, no API key needed. |

Set your key via config or environment variable:

```bash
# Via config (persisted)
dev config --provider gemini --api-key YOUR_KEY

# Via environment variable (takes priority over config)
export DEPSCOUT_API_KEY=YOUR_KEY
```

For Ollama (local), no key is needed — just make sure Ollama is running and set the provider:

```bash
dev config --provider ollama
```

## Supported ecosystems

| Ecosystem | Manifest files | Registry |
|-----------|---------------|----------|
| Python | `pyproject.toml`, `requirements.txt`, `setup.cfg` | PyPI |
| Node | `package.json` | npm |
| Go | `go.mod` | Go proxy |
| Rust | `Cargo.toml` | crates.io |

## CI usage

decivy works well in CI pipelines. Use `--format json` and `--output` to capture results, and `--no-ai` to skip the API call:

```yaml
# GitHub Actions example
- name: Audit dependencies
  run: dev scan . --format json --output dep-report.json --no-ai

- name: Upload report
  uses: actions/upload-artifact@v3
  with:
    name: dependency-report
    path: dep-report.json
```

## License

MIT
