npm - @chappibunny/repolens - Versions diffs - 0.4.2 → 0.6.0 - Mend

@chappibunny/repolens 0.4.2 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CHANGELOG.md +140 -0
package/README.md +387 -25
package/package.json +16 -4
package/src/ai/provider.js +48 -45
package/src/cli.js +117 -9
package/src/core/config-schema.js +69 -1
package/src/core/config.js +20 -3
package/src/core/scan.js +184 -3
package/src/init.js +46 -4
package/src/integrations/discord.js +265 -0
package/src/migrate.js +17 -5
package/src/publishers/confluence.js +426 -0
package/src/publishers/index.js +141 -4
package/src/publishers/notion.js +251 -15
package/src/publishers/publish.js +1 -1
package/src/renderers/render.js +32 -2
package/src/renderers/renderDashboard.js +844 -0
package/src/utils/branch.js +32 -0
package/src/utils/logger.js +21 -4
package/src/utils/metrics.js +361 -0
package/src/utils/rate-limit.js +289 -0
package/src/utils/secrets.js +240 -0
package/src/utils/telemetry.js +375 -0
package/src/utils/validate.js +382 -0

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,146 @@
 All notable changes to RepoLens will be documented in this file.
+## 0.6.0 (Phase 4: Team Features & Observability Dashboard)
+### ✨ New Features
+**Discord Integration** (`src/integrations/discord.js` - 268 lines):
+- Rich embed notifications with coverage, health score, and change metrics
+- Threshold-based notifications (default: >10% change)
+- Branch filtering with glob pattern support
+- Secure webhook configuration via `DISCORD_WEBHOOK_URL` environment variable
+- Functions: `sendDiscordNotification()`, `buildDocUpdateNotification()`, `buildErrorNotification()`, `shouldNotify()`
+- Color-coded embeds: success (green), warning (yellow), error (red), info (blue)
+**Metrics Collection System** (`src/utils/metrics.js` - 412 lines):
+- **Coverage Calculation**: Weighted average (modules 50%, APIs 30%, pages 20%)
+- **Health Score Algorithm**: 0-100 rating (40% coverage + 30% freshness + 30% quality)
+- **Staleness Detection**: Flags documentation >90 days old
+- **Quality Analysis**: Identifies undocumented modules/APIs/pages with severity levels
+- **Historical Tracking**: Persists metrics to `.repolens/metrics-history.json`
+- **Trend Indicators**: Up/down/stable trend detection (>1% threshold)
+- Functions: `calculateCoverage()`, `calculateHealthScore()`, `detectStaleness()`, `analyzeQuality()`, `trackMetrics()`, `calculateTrends()`, `collectMetrics()`
+**Interactive Dashboard** (`src/renderers/renderDashboard.js` - 1,020 lines):
+- Beautiful HTML dashboard with inline CSS (zero dependencies)
+- **Health Score Card**: Color-coded 0-100 score (excellent/good/fair/poor)
+- **Coverage Breakdown**: Module/API/page coverage with progress bars
+- **Freshness Tracking**: Stale file detection with last updated timestamps
+- **Quality Issues List**: Severity badges (high/medium/low) with actionable items
+- **Trend Charts**: SVG visualization of coverage and health score over time
+- **Quick Links**: Direct links to Notion, GitHub, and Markdown documentation
+- Responsive design with animations and smooth transitions
+- Generated at `.repolens/dashboard/index.html`
+**GitHub Pages Deployment** (`.github/workflows/deploy-dashboard.yml` - 73 lines):
+- Automated deployment to `https://OWNER.github.io/REPO/`
+- Deploys on every push to main branch
+- Uses local code during development (`npm link`)
+- Graceful fallback for missing dashboard files
+- Security-conscious environment variable handling
+**Configuration Extensions** (`src/core/config-schema.js`):
+- **Discord Configuration**:
+  * `discord.notifyOn`: "always", "significant", or "never"
+  * `discord.significantThreshold`: 0-100 (default: 10%)
+  * `discord.branches`: Array with glob pattern support
+  * `discord.enabled`: Boolean
+- **Dashboard Configuration**:
+  * `dashboard.enabled`: Boolean (default: true)
+  * `dashboard.githubPages`: Boolean
+  * `dashboard.staleThreshold`: Number (default: 90 days)
+**Publishing Integration** (`src/publishers/index.js`):
+- Automatic metrics collection after publishing
+- Dashboard generation integrated into publish flow
+- Discord notifications sent after successful publish (if configured)
+- Branch-aware notification filtering
+- Graceful error handling (doesn't fail publish if dashboard/notifications fail)
+### 🔧 Configuration
+**Environment Variables** (`.env.example`):
+- Added `DISCORD_WEBHOOK_URL` for team notifications
+- Security warnings and setup instructions
+- GitHub Actions secret configuration guidance
+**GitHub Actions** (`.github/workflows/publish-docs.yml`):
+- Added `DISCORD_WEBHOOK_URL` to workflow environment
+### 📊 Testing
+- All 90 tests passing (47 main + 43 security)
+- No regressions from Phase 4 integration
+- Metrics algorithms validated
+- Dashboard generation tested
+### 🐛 Bug Fixes
+- **GitHub Pages Workflow**: Fixed deployment to use local code during development
+  * Changed from `npx @chappibunny/repolens@latest` to `npm link && npx repolens`
+  * Added file existence checks before copying dashboard
+  * Created graceful fallback with "Coming Soon" placeholder for missing files
+## 0.5.0 (Phase 3: Security Audit)
+### 🔒 Security Hardening
+**Security Utilities** (1,296 lines of new code):
+- **Secrets Detection** (`src/utils/secrets.js`):
+  * Detects 15+ secret patterns (OpenAI, GitHub, AWS, Notion, etc.)
+  * Entropy-based heuristic detection for unknown patterns
+  * Automatic sanitization in all logger and telemetry output
+  * Functions: `detectSecrets()`, `sanitizeSecrets()`, `isLikelySecret()`
+- **Config Validation** (`src/utils/validate.js`):
+  * Validates configuration against injection attacks
+  * Detects: directory traversal, shell injection, command substitution
+  * Scans config tree for accidentally included secrets
+  * Circular reference handling with depth limit
+  * Path validation preventing `..` and absolute paths
+- **Rate Limiting** (`src/utils/rate-limit.js`):
+  * Token bucket algorithm (3 req/sec for Notion and AI APIs)
+  * Exponential backoff with jitter (3 retries)
+  * Wrapper functions: `executeNotionRequest()`, `executeAIRequest()`
+  * Batch request processing
+**Runtime Integration**:
+- Config loader validates all inputs before loading
+- Logger sanitizes all console output automatically
+- Telemetry sanitizes error messages before sending to Sentry
+- All Notion API calls rate-limited to 3 req/sec
+- All AI API calls rate-limited to 3 req/sec
+**GitHub Actions Hardening**:
+- Actions pinned to commit SHAs (supply chain protection)
+- Minimal permissions (`contents: read` or `contents: write` only)
+- Security job with npm audit and secrets scanning
+- Fail-early strategy on security issues
+**Comprehensive Testing**:
+- 43 new security tests (fuzzing, injection, boundary conditions)
+- Total: 90 tests passing (47 main + 43 security)
+- Attack vectors tested: SQL injection, command injection, path traversal, YAML bomb, NoSQL, LDAP, XML injection
+**Documentation**:
+- New `SECURITY.md` with threat model and security features
+- Updated `README.md` with security section
+- Updated `PRODUCTION_CHECKLIST.md` with security validation
+- Security badge in README
+### 📊 Testing
+- All 90 tests passing
+- 0 vulnerabilities in dependencies (519 packages audited)
+## 0.4.3
+### 🐛 Bug Fixes
+- **Migration Tool**: Fixed over-aggressive npm install removal
+  - Now only removes `npm install/ci` from legacy `cd tools/repolens` multi-line blocks
+  - Preserves legitimate dependency installation steps in release workflows
+  - Fixes YAML corruption that broke workflows with standalone npm ci/install steps
+  - Added test case to verify legitimate npm install steps are preserved
 ## 0.4.2
 ### 🐛 Bug Fixes