@cleartrip/frontguard 0.1.9 → 0.2.0

package/dist/cli.js

@@ -6,10 +6,10 @@ import * as tty from 'tty';
 import { WriteStream } from 'tty';
 import path4, { sep, normalize, delimiter, resolve, dirname } from 'path';
 import fs from 'fs/promises';
+import { fileURLToPath, pathToFileURL } from 'url';
+import { execFileSync, spawn } from 'child_process';
 import { createRequire } from 'module';
-import fs4 from 'fs';
-import { pathToFileURL } from 'url';
-import { spawn } from 'child_process';
+import fs2 from 'fs';
 import { pipeline } from 'stream/promises';
 import { PassThrough } from 'stream';
 import fg from 'fast-glob';
@@ -2398,50 +2398,9 @@ async function runMain(cmd, opts = {}) {
     process.exit(1);
   }
 }
-var WORKFLOW = `name: FrontGuard
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened]
-
-permissions:
-  contents: read
-  pull-requests: write
-
-concurrency:
-  group: frontguard-\${{ github.workflow }}-\${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  review-brief:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
-      - name: Install dependencies
-        run: |
-          if [ -f pnpm-lock.yaml ]; then
-            corepack enable
-            pnpm install --frozen-lockfile || pnpm install
-          elif [ -f yarn.lock ]; then
-            yarn install --frozen-lockfile || yarn install
-          elif [ -f package-lock.json ]; then
-            npm ci || npm install
-          else
-            npm install
-          fi
-
-      - name: FrontGuard (Phase 1 \u2014 warn-only)
-        run: npx @cleartrip/frontguard run --ci
-        env:
-          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
-`;
+function packageRoot() {
+  return path4.resolve(path4.dirname(fileURLToPath(import.meta.url)), "..");
+}
 var CONFIG = `import { defineConfig } from '@cleartrip/frontguard'
 
 export default defineConfig({
@@ -2496,27 +2455,35 @@ If **Yes**, list tools and what they touched (helps reviewers run a stricter fir
 ## AI assistance (optional detail)
 - [ ] I have reviewed every AI-suggested line for security, auth, and product correctness
 `;
-async function ensureDir(dir) {
-  await fs.mkdir(dir, { recursive: true });
-}
 async function initFrontGuard(cwd) {
-  const gh = path4.join(cwd, ".github", "workflows");
-  await ensureDir(gh);
-  const wfPath = path4.join(gh, "frontguard.yml");
-  await fs.writeFile(wfPath, WORKFLOW, "utf8");
+  const root = packageRoot();
+  const tplPath = path4.join(root, "templates", "bitbucket-pipelines.yml");
+  const outPipeline = path4.join(cwd, "bitbucket-pipelines.frontguard.example.yml");
+  try {
+    await fs.access(outPipeline);
+  } catch {
+    try {
+      const yml = await fs.readFile(tplPath, "utf8");
+      await fs.writeFile(outPipeline, yml, "utf8");
+    } catch {
+      await fs.writeFile(
+        outPipeline,
+        "# Copy bitbucket-pipelines.yml from @cleartrip/frontguard/templates in node_modules\n",
+        "utf8"
+      );
+    }
+  }
   const cfgPath = path4.join(cwd, "frontguard.config.js");
   try {
     await fs.access(cfgPath);
   } catch {
     await fs.writeFile(cfgPath, CONFIG, "utf8");
   }
-  const tplRoot = path4.join(cwd, ".github");
-  await ensureDir(tplRoot);
-  const tplPath = path4.join(tplRoot, "pull_request_template.md");
+  const tplPr = path4.join(cwd, "pull_request_template.md");
   try {
-    await fs.access(tplPath);
+    await fs.access(tplPr);
   } catch {
-    await fs.writeFile(tplPath, PR_TEMPLATE, "utf8");
+    await fs.writeFile(tplPr, PR_TEMPLATE, "utf8");
   }
 }
 
@@ -2654,110 +2621,86 @@ function parseAiDisclosure(body) {
   return { assisted, explicitNo, ambiguous };
 }
 
-// src/ci/github.ts
-async function readGithubEvent() {
-  const p2 = process.env.GITHUB_EVENT_PATH;
-  if (!p2) return null;
-  try {
-    const raw = await fs.readFile(p2, "utf8");
-    const payload = JSON.parse(raw);
-    const pr = payload.pull_request;
-    if (!pr) return null;
-    const files = (pr.files ?? []).map((f4) => f4.filename ?? "").filter(Boolean);
-    const body = pr.body ?? "";
-    const ai = parseAiDisclosure(body);
-    return {
-      number: pr.number ?? 0,
-      title: pr.title ?? "",
-      body,
-      baseRef: pr.base?.ref ?? "main",
-      headRef: pr.head?.ref ?? "",
-      additions: pr.additions ?? 0,
-      deletions: pr.deletions ?? 0,
-      changedFiles: pr.changed_files ?? files.length,
-      files,
-      aiAssisted: ai.assisted,
-      aiExplicitNo: ai.explicitNo,
-      aiDisclosureAmbiguous: ai.ambiguous
-    };
-  } catch {
-    return null;
-  }
-}
-
-// src/lib/http-fetch.ts
-function getFetch() {
-  const f4 = globalThis.fetch;
-  if (typeof f4 !== "function") {
-    throw new Error(
-      "FrontGuard needs Node.js 18+ (global fetch). Use NODE_VERSION / image >= 18 in CI."
-    );
-  }
-  return f4;
-}
-
-// src/ci/pr-comment.ts
-var MARKER = "<!-- frontguard:brief -->";
-async function resolvePrNumber() {
-  const raw = process.env.FRONTGUARD_PR_NUMBER ?? process.env.PR_NUMBER;
-  const n3 = Number(raw);
-  if (Number.isFinite(n3) && n3 > 0) return n3;
-  const path17 = process.env.GITHUB_EVENT_PATH;
-  if (!path17) return null;
-  try {
-    const payload = JSON.parse(await fs.readFile(path17, "utf8"));
-    const num = payload.pull_request?.number;
-    return typeof num === "number" && num > 0 ? num : null;
-  } catch {
-    return null;
+// src/ci/pr-context.ts
+function gitTrimmed(cwd, args) {
+  return execFileSync("git", ["-C", cwd, ...args], {
+    encoding: "utf8",
+    maxBuffer: 20 * 1024 * 1024
+  }).trimEnd();
+}
+function resolveCompareRef(cwd, destBranch) {
+  const safe = destBranch.trim();
+  if (!safe || safe.startsWith("-") || safe.includes("..")) return null;
+  const candidates = [safe, `origin/${safe}`];
+  for (const c4 of candidates) {
+    try {
+      gitTrimmed(cwd, ["rev-parse", "--verify", `${c4}^{commit}`]);
+      return c4;
+    } catch {
+    }
   }
+  return null;
 }
-async function upsertBriefComment(body) {
-  const token = process.env.GITHUB_TOKEN;
-  const repo = process.env.GITHUB_REPOSITORY;
-  if (!token || !repo) {
-    return;
-  }
-  const [owner, name] = repo.split("/");
-  if (!owner || !name) return;
-  const prNumber = await resolvePrNumber();
-  if (!prNumber) {
-    return;
+function parseNumstat(output) {
+  let additions = 0;
+  let deletions = 0;
+  const files = [];
+  for (const line of output.split("\n")) {
+    const t3 = line.trim();
+    if (!t3) continue;
+    const tab = t3.indexOf("	");
+    if (tab < 0) continue;
+    const tab2 = t3.indexOf("	", tab + 1);
+    if (tab2 < 0) continue;
+    const aStr = t3.slice(0, tab);
+    const dStr = t3.slice(tab + 1, tab2);
+    const path17 = t3.slice(tab2 + 1);
+    const a3 = aStr === "-" ? 0 : Number(aStr);
+    const d3 = dStr === "-" ? 0 : Number(dStr);
+    if (!Number.isFinite(a3) || !Number.isFinite(d3)) continue;
+    additions += a3;
+    deletions += d3;
+    if (path17) files.push(path17);
+  }
+  return { additions, deletions, files };
+}
+function buildBitbucketPrContext(cwd) {
+  const prId = process.env.BITBUCKET_PR_ID?.trim();
+  if (!prId) return null;
+  const dest = process.env.BITBUCKET_PR_DESTINATION_BRANCH?.trim() || "main";
+  const body = process.env.FRONTGUARD_PR_BODY?.trim() ?? "";
+  const headRef = process.env.BITBUCKET_PR_SOURCE_BRANCH?.trim() ?? "";
+  const title = process.env.BITBUCKET_PR_TITLE?.trim() ?? "";
+  let additions = 0;
+  let deletions = 0;
+  let files = [];
+  const destRef = resolveCompareRef(cwd, dest);
+  if (destRef) {
+    try {
+      const raw = gitTrimmed(cwd, ["diff", `${destRef}...HEAD`, "--numstat"]);
+      const stat = parseNumstat(raw);
+      additions = stat.additions;
+      deletions = stat.deletions;
+      files = stat.files;
+    } catch {
+    }
   }
-  const apiBase = process.env.GITHUB_API_URL ?? "https://api.github.com";
-  const headers = {
-    authorization: `Bearer ${token}`,
-    accept: "application/vnd.github+json",
-    "x-github-api-version": "2022-11-28",
-    "content-type": "application/json"
+  const ai = parseAiDisclosure(body);
+  return {
+    number: Number.parseInt(prId, 10) || 0,
+    title,
+    body,
+    baseRef: dest,
+    headRef,
+    additions,
+    deletions,
+    changedFiles: files.length,
+    files,
+    ...ai
   };
-  const prefixed = `${MARKER}
-${body}`;
-  const listUrl = `${apiBase}/repos/${owner}/${name}/issues/${prNumber}/comments?per_page=100`;
-  const fetch = getFetch();
-  const listRes = await fetch(listUrl, { headers });
-  if (!listRes.ok) {
-    return;
-  }
-  const comments = await listRes.json();
-  const existing = comments.find(
-    (c4) => typeof c4.body === "string" && c4.body.includes(MARKER)
-  );
-  if (existing) {
-    const patchUrl = `${apiBase}/repos/${owner}/${name}/issues/comments/${existing.id}`;
-    await fetch(patchUrl, {
-      method: "PATCH",
-      headers,
-      body: JSON.stringify({ body: prefixed })
-    });
-    return;
-  }
-  const postUrl = `${apiBase}/repos/${owner}/${name}/issues/${prNumber}/comments`;
-  await fetch(postUrl, {
-    method: "POST",
-    headers,
-    body: JSON.stringify({ body: prefixed })
-  });
+}
+function readPrContext(cwd) {
+  return buildBitbucketPrContext(cwd);
 }
 
 // node_modules/defu/dist/defu.mjs
@@ -2937,7 +2880,7 @@ async function loadConfig(cwd) {
   let userFile = null;
   for (const name of CONFIG_NAMES) {
     const full = path4.join(cwd, name);
-    if (!fs4.existsSync(full)) continue;
+    if (!fs2.existsSync(full)) continue;
     try {
       const mod = await importConfig(full);
       userFile = normalizeExport(mod);
@@ -4084,7 +4027,7 @@ function runPrHygiene(config, pr) {
       checkId: "pr-hygiene",
       findings: [],
       durationMs: Math.round(performance.now() - t0),
-      skipped: "not running in GitHub pull_request context"
+      skipped: "no PR context (run in a Bitbucket PR pipeline with BITBUCKET_PR_ID, or set FRONTGUARD_PR_BODY for description checks)"
     };
   }
   const findings = [];
@@ -4178,7 +4121,7 @@ function runPrSize(config, pr) {
       checkId: "pr-size",
       findings: [],
       durationMs: Math.round(performance.now() - t0),
-      skipped: "not running in GitHub pull_request context"
+      skipped: "no PR context (run in a Bitbucket pull-request pipeline so BITBUCKET_PR_* and git diff are available)"
     };
   }
   const findings = [];
@@ -4248,13 +4191,18 @@ async function gitDiffForReview(cwd, baseRef, maxChars) {
   }
 }
 async function resolveDiffBaseRef(cwd, fallback) {
-  const gh = process.env.GITHUB_BASE_REF;
-  if (gh) {
-    const origin = `origin/${gh}`;
+  const bb = process.env.BITBUCKET_PR_DESTINATION_BRANCH?.trim();
+  if (bb) {
+    const origin = `origin/${bb}`;
     try {
       await W2("git", ["rev-parse", "--verify", origin], { nodeOptions: { cwd } });
       return origin;
     } catch {
+      try {
+        await W2("git", ["rev-parse", "--verify", bb], { nodeOptions: { cwd } });
+        return bb;
+      } catch {
+      }
     }
   }
   try {
@@ -4533,6 +4481,39 @@ async function gitOkQuick(cwd) {
 function tokenizeCommand(cmd) {
   return cmd.trim().split(/\s+/).map((t3) => t3.trim()).filter(Boolean);
 }
+function npmScriptFromBuildCommand(cmd) {
+  const t3 = cmd.trim();
+  if (/^yarn\s+build\b/i.test(t3)) return "build";
+  const np = /^(?:npm|pnpm)\s+run\s+(\S+)/i.exec(t3);
+  if (np?.[1]) return np[1];
+  const yr = /^yarn\s+run\s+(\S+)/i.exec(t3);
+  if (yr?.[1]) return yr[1];
+  return null;
+}
+async function bundleBuildPrecheck(cwd, buildCommand) {
+  const script = npmScriptFromBuildCommand(buildCommand);
+  if (!script) return { run: true };
+  let scripts;
+  try {
+    const raw = await fs.readFile(path4.join(cwd, "package.json"), "utf8");
+    const pkg = JSON.parse(raw);
+    scripts = pkg.scripts;
+  } catch {
+    return {
+      run: false,
+      message: "Skipped bundle build \u2014 no readable package.json",
+      detail: "Set checks.bundle.buildCommand to your real build (e.g. `vite build`), set checks.bundle.runBuild to false, or add a package.json with the matching script."
+    };
+  }
+  if (!scripts?.[script]) {
+    return {
+      run: false,
+      message: `Skipped bundle build \u2014 no scripts.${script} in package.json`,
+      detail: "The bundle check runs a production build, then sums file sizes under checks.bundle.measureGlobs (dist/, build/static/, .next/static/, etc.). Libraries and non-web repos often have no `build` script \u2014 set checks.bundle.runBuild to false and optionally tune measureGlobs, or set checks.bundle.buildCommand to whatever produces your artifacts (e.g. `pnpm run compile`, `npx vite build`)."
+    };
+  }
+  return { run: true };
+}
 async function runBundle(cwd, config, stack) {
   const t0 = performance.now();
   const cfg = config.checks.bundle;
@@ -4552,6 +4533,7 @@ async function runBundle(cwd, config, stack) {
       skipped: "skipped for React Native (configure web artifacts if needed)"
     };
   }
+  const preFindings = [];
   if (cfg.runBuild) {
     const parts = tokenizeCommand(cfg.buildCommand);
     if (parts.length === 0) {
@@ -4567,21 +4549,31 @@ async function runBundle(cwd, config, stack) {
         durationMs: Math.round(performance.now() - t0)
       };
     }
-    const [bin, ...args] = parts;
-    const res = await W2(bin, args, { nodeOptions: { cwd } });
-    if ((res.exitCode ?? 0) !== 0) {
-      return {
-        checkId: "bundle",
-        findings: [
-          {
-            id: "bundle-build",
-            severity: gateSeverity4(cfg.gate),
-            message: "Build command failed \u2014 cannot measure bundle",
-            detail: [res.stdout, res.stderr].filter(Boolean).join("\n").slice(0, 8e3)
-          }
-        ],
-        durationMs: Math.round(performance.now() - t0)
-      };
+    const pre = await bundleBuildPrecheck(cwd, cfg.buildCommand);
+    if (!pre.run) {
+      preFindings.push({
+        id: "bundle-build-skipped",
+        severity: "info",
+        message: pre.message,
+        detail: pre.detail
+      });
+    } else {
+      const [bin, ...args] = parts;
+      const res = await W2(bin, args, { nodeOptions: { cwd } });
+      if ((res.exitCode ?? 0) !== 0) {
+        return {
+          checkId: "bundle",
+          findings: [
+            {
+              id: "bundle-build",
+              severity: gateSeverity4(cfg.gate),
+              message: "Build command failed \u2014 cannot measure bundle",
+              detail: [res.stdout, res.stderr].filter(Boolean).join("\n").slice(0, 8e3)
+            }
+          ],
+          durationMs: Math.round(performance.now() - t0)
+        };
+      }
     }
   }
   const total = await sumGlobBytes(cwd, cfg.measureGlobs);
@@ -4589,6 +4581,7 @@ async function runBundle(cwd, config, stack) {
     return {
       checkId: "bundle",
       findings: [
+        ...preFindings,
         {
           id: "bundle-empty",
           severity: "info",
@@ -4600,7 +4593,7 @@ async function runBundle(cwd, config, stack) {
   }
   const baseRef = await gitOkQuick(cwd) ? await resolveDiffBaseRef(cwd, cfg.baselineRef) : null;
   const baseline = await readBaseline(cwd, cfg.baselinePath, baseRef);
-  const findings = [];
+  const findings = [...preFindings];
   const infoLines = [
     `Measured ${total} bytes (${(total / 1024 / 1024).toFixed(2)} MiB)`,
     baseline ? `Baseline from \`${cfg.baselinePath}\`: ${baseline.totalBytes} bytes` : `No baseline at \`${cfg.baselinePath}\` (commit a baseline JSON to compare)`
@@ -5079,8 +5072,8 @@ function buildHtmlReport(p2) {
   } else {
     for (const cid of checkOrder) {
       const group = sortFindings(cwd, byCheck.get(cid));
-      warningsHtml += `<h3 class="grp">${escapeHtml(cid)} <span class="count">(${group.length})</span></h3>`;
-      warningsHtml += group.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
+      const cards = group.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
+      warningsHtml += `<details class="warn-check"><summary>${escapeHtml(cid)} <span class="count">(${group.length})</span></summary><div class="details-body warn-check-body">${cards}</div></details>`;
     }
   }
   const infoHtml = infoItems.length === 0 ? '<p class="muted">No info notes.</p>' : infoItems.map(({ r: r4, f: f4 }) => renderFindingCard(cwd, r4, f4)).join("\n");
@@ -5114,8 +5107,11 @@ function buildHtmlReport(p2) {
     }
     h1 { font-size: 1.5rem; margin: 0 0 1rem; letter-spacing: -0.02em; }
     h2 { font-size: 1.15rem; margin: 2rem 0 0.75rem; color: var(--accent); border-bottom: 1px solid var(--border); padding-bottom: 0.35rem; }
-    h3.grp { margin: 1.5rem 0 0.5rem; font-size: 1rem; color: var(--warn); }
-    h3.grp .count { color: var(--muted); font-weight: normal; }
+    details.warn-check { margin-bottom: 0.45rem; }
+    details.warn-check:last-child { margin-bottom: 0; }
+    details.warn-check > summary { color: var(--warn); font-size: 0.95rem; }
+    details.warn-check .count { color: var(--muted); font-weight: normal; }
+    .warn-check-body { padding-top: 0.35rem; }
     h4 { font-size: 0.95rem; margin: 0 0 0.5rem; font-weight: 600; }
     h5 { font-size: 0.8rem; margin: 0 0 0.35rem; text-transform: uppercase; letter-spacing: 0.04em; color: var(--accent); }
     .badges { margin-bottom: 1.25rem; display: flex; flex-wrap: wrap; gap: 0.35rem; align-items: center; }
@@ -5605,6 +5601,17 @@ function formatConsole(p2) {
   return lines.join("\n");
 }
 
+// src/lib/http-fetch.ts
+function getFetch() {
+  const f4 = globalThis.fetch;
+  if (typeof f4 !== "function") {
+    throw new Error(
+      "FrontGuard needs Node.js 18+ (global fetch). Use NODE_VERSION / image >= 18 in CI."
+    );
+  }
+  return f4;
+}
+
 // src/llm/ollama.ts
 async function callOllamaChat(opts) {
   const fetch = getFetch();
@@ -5942,7 +5949,7 @@ async function runFrontGuard(opts) {
   const config = await loadConfig(opts.cwd);
   const mode = opts.enforce ? "enforce" : config.mode;
   const stack = await detectStack(opts.cwd);
-  const pr = await readGithubEvent();
+  const pr = readPrContext(opts.cwd);
   const restrictFiles = pr?.files?.length ? pr.files : null;
   const [
     eslint,
@@ -6031,9 +6038,6 @@ FrontGuard: wrote Bitbucket PR comment text to ${abs} (${snippet.length} bytes).
     g.stdout.write(report.consoleText + "\n\n");
     g.stdout.write(report.markdown + "\n");
   }
-  if (opts.ci && g.env.GITHUB_TOKEN) {
-    await upsertBriefComment(report.markdown);
-  }
   const hasBlock = results.some((r4) => r4.findings.some((f4) => f4.severity === "block"));
   g.exitCode = mode === "enforce" && hasBlock ? 1 : 0;
 }
@@ -6042,13 +6046,13 @@ FrontGuard: wrote Bitbucket PR comment text to ${abs} (${snippet.length} bytes).
 var init2 = defineCommand({
   meta: {
     name: "init",
-    description: "Add workflow, PR template, and frontguard.config.js"
+    description: "Add Bitbucket pipeline example, pull_request_template.md, and frontguard.config.js"
   },
   run: async () => {
     const cwd = g.cwd();
     await initFrontGuard(cwd);
     g.stdout.write(
-      "FrontGuard initialized.\n\nNext: add the package as a devDependency so CI matches local runs:\n  npm install -D @cleartrip/frontguard\n  yarn add -D @cleartrip/frontguard\n"
+      "FrontGuard initialized for Bitbucket.\n\n  \u2022 bitbucket-pipelines.frontguard.example.yml \u2014 merge into your pipeline\n  \u2022 pull_request_template.md \u2014 PR description template (Bitbucket Cloud)\n  \u2022 frontguard.config.js (if missing)\n\nAdd the package as a devDependency so CI matches local runs:\n  npm install -D @cleartrip/frontguard\n  yarn add -D @cleartrip/frontguard\n"
     );
   }
 });
@@ -6058,11 +6062,6 @@ var run = defineCommand({
     description: "Run checks and print the review brief"
   },
   args: {
-    ci: {
-      type: "boolean",
-      description: "Upsert PR comment when GITHUB_TOKEN is available",
-      default: false
-    },
     markdown: {
       type: "boolean",
       description: "Print markdown only",
@@ -6089,7 +6088,6 @@ var run = defineCommand({
   run: async ({ args }) => {
     await runFrontGuard({
       cwd: g.cwd(),
-      ci: Boolean(args.ci),
       markdown: Boolean(args.markdown),
       enforce: Boolean(args.enforce),
       append: typeof args.append === "string" ? args.append : null,