ovecc report
The one-shot architecture report: summary + circular dependencies + findings +
security + hotspots stitched into a single document. Best consumed as
--format markdown (for humans and wikis) or --format json (for dashboards and
agents).
Usage: ovecc report [OPTIONS]
Example
$ ovecc report --format markdown
# Architecture report: ~/projects/acme-shop
## Health
- Files: 9 · Modules: 6 · Dependencies: 17 (5 external)
- Circular dependencies: 0 · Coupling density: 23.33% · Risk: **Medium**
## Circular dependencies (0)
_None._
## Findings (19)
- [High] Potential tainted flow: POST /billing/charge -> invoices (writes) (src/services/billing.ts:10 (sink: writes))
- [Medium] Banned import: lodash* (src/utils/helpers.ts:1 (lodash/groupBy))
- [Medium] Weak hash algorithm: MD5 (src/utils/auth.ts:4 (MD5))
- [Low] Unused file: src/legacy/old-report.ts (src/legacy/old-report.ts:1)
...
## Security
- Secrets 0, insecure 0, weak-crypto 1, CORS 1, tainted-flows 5 (total 7)
## Hotspots
1. services (score 82, fan-in 1, fan-out 2)
2. core (score 77, fan-in 3, fan-out 0)
3. routes (score 60, fan-in 1, fan-out 2)
Typical uses
# a committable architecture report
ovecc report --format markdown > docs/architecture-report.md
# the dashboard payload
ovecc report --format json | your-dashboard-ingest
Because output is deterministic, committing the report gives you meaningful diffs: the report only changes when the architecture does.
Related
summary— just the health screenviolations— the findings, filterable and gateable- Audit a codebase — the workflow around it