ovecc violations
Every architecture and security finding recorded at index time, with severity filters, CI gating, a baseline ratchet, and change scoping.
ovecc security
The security slice — hardcoded secrets, insecure patterns, weak crypto, permissive CORS, and tainted source-to-sink flows.
ovecc audit
Offline OSV dependency audit. --fetch downloads advisories for your packages — the only networked operation, opt-in.
ovecc health
Functions over the cyclomatic/cognitive complexity thresholds, plus oversized units.
ovecc deadcode
Unused exports, unreachable files, unused and phantom dependencies — from real module resolution plus entry-point reachability.
ovecc dupes
Duplicated code as clone families over a normalized token stream, with exact file:line ranges.
ovecc fix
Apply the mechanical fixes for auto-fixable findings. Dry-run by default; every edit re-verified against the index.