Reference

Changelog

Version history and release notes for Technical Debt Radar.

Changelog

V6.0 --- Platform Release

The full SaaS platform with authentication, billing, organizations, and a comprehensive dashboard.

Auth System

  • Email/password registration and login with JWT (15-minute access tokens, 7-day refresh tokens)
  • GitHub OAuth integration (login with GitHub account)
  • Google OAuth integration (login with Google account)
  • Password reset flow with email verification
  • Rate-limited auth endpoints (signup 3/min, login 5/min, forgot-password 3/min)

Billing

  • Stripe integration: checkout, customer portal, subscription management, invoices
  • PayPal integration: subscription checkout, webhook processing
  • 5-tier pricing: Free ($0), Solo ($15/mo), Pro ($49/mo), Team ($99/mo), Enterprise ($299/mo)
  • Annual billing with 20% discount
  • Plan change with proration
  • Webhook processing for 9 payment events (5 Stripe, 4 PayPal)

Organizations & Teams

  • Organization CRUD with slug-based routing
  • Role-based access control: owner, admin, member
  • Member invitation system with email and expiring tokens
  • Ownership transfer between members
  • Plan limits enforcement (max repos, max members, max orgs per plan)

Dashboard (24 pages)

  • Repository overview with health score and production risk assessment
  • Violation browser with filtering by category, severity, and module
  • Trend charts for violations, debt scores, and category breakdowns
  • PR analysis history with gate results
  • Hotspot analysis (complexity x churn x violations)
  • Runtime risk detail view
  • Visual policy editor (Pro+)
  • Architecture graph visualization with D3 (Pro+)
  • Rule pack browser and application (Pro+)
  • Credit usage tracking and transaction history
  • Billing management and invoice downloads
  • Team management and invitation flows

Badge Generator

  • SVG badges for README files: health score, violation count, debt score, gate status
  • Customizable styles (flat, flat-square, plastic)
  • Public endpoint (no auth required, Solo+ plan)

AI Enhancements

  • AI fix suggestions: Claude-powered code fixes for each violation
  • AI scan summary: natural language summary of scan results
  • Credit-based AI usage with per-operation costs
  • Fix suggestion confidence levels (high, medium, low)

GitHub Action

  • radar-dev/radar-action@v1 for CI/CD integration
  • Automatic PR analysis on push
  • Configurable failure thresholds
  • Debug mode with ACTIONS_STEP_DEBUG

GitLab Integration

  • GitLab webhook receiver for merge request events
  • MR comment posting with violation reports
  • Commit status updates

V1.5 --- Intelligence Update

Advanced analysis capabilities and visual tools.

Architecture Graph

  • Interactive D3.js graph visualization of module dependencies
  • Nodes colored by layer, sized by complexity
  • Violation edges highlighted in red
  • Circular dependency cycles visually traced
  • Module clustering with zoom and pan

Rule Pack Browser

  • Pre-built rule packs for common stacks (NestJS + Prisma, Express + TypeORM, etc.)
  • Search and filter packs by framework, ORM, and architecture pattern
  • One-click application to repositories
  • Pack preview showing what rules would be applied

Coverage Delta Analyzer

  • Track test coverage changes per PR
  • Flag files with coverage drops
  • Configurable thresholds for coverage warnings
  • Integration with existing coverage reports (Istanbul/NYC, c8)

AI Cross-File Analysis

  • Trace dangerous patterns across file boundaries
  • Detect readFileSync in utility functions called from request handlers
  • Call graph traversal up to 2 levels deep
  • 6 cross-file rules: indirect-sync-fs, indirect-sync-crypto, indirect-sync-compression, indirect-busy-wait, indirect-unbounded-json-parse, indirect-dynamic-buffer-alloc

V1.1 --- Configuration Update

Enhanced configuration and customization capabilities.

Visual Policy Editor

  • Drag-and-drop layer configuration
  • Rule toggling with severity selection
  • Real-time YAML preview
  • Policy preview showing what violations would be detected
  • Pro plan feature

Rules.yml Separation

  • Architecture rules, runtime rules, reliability rules, and gates extracted into rules.yml
  • radar.yml focused on stack and infrastructure declaration
  • Both files merged at compile time by the policy engine

Architecture Presets (7 total)

  • DDD (Domain-Driven Design): Domain, application, infrastructure, presentation layers
  • Hexagonal (Ports & Adapters): Core, ports, adapters separation
  • Clean Architecture: Entities, use cases, interface adapters, frameworks
  • Layered: Controllers, services, repositories
  • MVC: Models, views, controllers
  • Event-Driven: Commands, events, handlers, sagas
  • Feature-Module: Self-contained feature modules with internal layering

Rule Packs

  • Community-contributed rule configurations
  • Stack-specific packs (NestJS, Express, Fastify, etc.)
  • Composable with existing configuration

V1.0 --- Initial Release

The foundation: deterministic analysis, CLI tooling, and PR integration.

Core Analyzers (7)

  1. Import Graph Builder: Maps all import relationships using ts-morph AST
  2. Boundary Checker: Detects layer violations based on configured rules
  3. Circular Dependency Detector: Uses Tarjan's algorithm for strongly connected components
  4. Complexity Calculator: Cyclomatic complexity per function with delta tracking
  5. Runtime Risk Detector: 11 event-loop-blocking patterns with scope awareness
  6. Performance Pattern Detector: 8 ORM anti-patterns with volume-based severity
  7. Reliability Detector: 8 error handling and resilience patterns

CLI Commands

  • radar init --- Auto-detect framework, ORM, layers, modules, and architecture pattern. Generate radar.yml.
  • radar scan --- Full codebase analysis with terminal report.
  • radar gate --- CI/CD gate command. Exit code 1 if violations exceed threshold.

PR Integration

  • GitHub webhook receiver for pull request events
  • Automated PR comment with violation report
  • GitHub commit status check (pass/fail)
  • BullMQ job queue for async analysis processing

Debt Categories (4 initial + 1 added)

  1. Architecture (layer violations, circular dependencies)
  2. Runtime Risk (sync I/O, ReDoS, busy-wait)
  3. Performance (N+1, unbounded queries, missing pagination)
  4. Reliability (unhandled promises, missing timeouts, empty catch)
  5. Maintainability (complexity, duplication) --- added late in V1.0

Architecture Presets (3 initial)

  • DDD, Hexagonal, Layered

Scoring System

  • Point-based debt scoring with configurable weights
  • Fix credits for reducing existing debt
  • Gate thresholds: block at 15, warn at 8
  • Volume-aware severity scaling for performance rules

ORM Support (7)

  • Prisma, TypeORM, Sequelize, Mongoose, Drizzle, Knex, MikroORM

Framework Support (5)

  • NestJS, Express, Fastify, Koa, Hapi
PreviousTroubleshooting
Technical Debt Radar Documentation