Skip to main content

ovecc report

The one-shot architecture report: summary + circular dependencies + findings + security + hotspots stitched into a single document. Best consumed as --format markdown (for humans and wikis) or --format json (for dashboards and agents).

Usage: ovecc report [OPTIONS]

Example

$ ovecc report --format markdown
# Architecture report: ~/projects/acme-shop

## Health

- Files: 9 · Modules: 6 · Dependencies: 17 (5 external)
- Circular dependencies: 0 · Coupling density: 23.33% · Risk: **Medium**

## Circular dependencies (0)

_None._

## Findings (19)

- [High] Potential tainted flow: POST /billing/charge -> invoices (writes) (src/services/billing.ts:10 (sink: writes))
- [Medium] Banned import: lodash* (src/utils/helpers.ts:1 (lodash/groupBy))
- [Medium] Weak hash algorithm: MD5 (src/utils/auth.ts:4 (MD5))
- [Low] Unused file: src/legacy/old-report.ts (src/legacy/old-report.ts:1)
...

## Security

- Secrets 0, insecure 0, weak-crypto 1, CORS 1, tainted-flows 5 (total 7)

## Hotspots

1. services (score 82, fan-in 1, fan-out 2)
2. core (score 77, fan-in 3, fan-out 0)
3. routes (score 60, fan-in 1, fan-out 2)

Typical uses

# a committable architecture report
ovecc report --format markdown > docs/architecture-report.md

# the dashboard payload
ovecc report --format json | your-dashboard-ingest

Because output is deterministic, committing the report gives you meaningful diffs: the report only changes when the architecture does.