@distributionos/cli 0.1.0

package/src/validation.js

@@ -0,0 +1,259 @@
+import { exec } from 'node:child_process';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { promisify } from 'node:util';
+
+const execAsync = promisify(exec);
+
+export async function runValidationPlan(plan, options = {}) {
+  const commands = [
+    ['build', plan.validation.build],
+    ['test', plan.validation.test],
+    ['lint', plan.validation.lint],
+  ].filter(([, command]) => Boolean(command));
+
+  const results = [];
+  for (const [name, command] of commands) {
+    results.push(await runCommand({
+      name,
+      command,
+      cwd: plan.cwd,
+      timeoutMs: options.timeoutMs ?? 120_000,
+    }));
+  }
+
+  return results;
+}
+
+export function compareValidationResults(before, after) {
+  const beforeByName = new Map(before.map(result => [result.name, result]));
+  return after.map(result => {
+    const baseline = beforeByName.get(result.name);
+    const introduced = result.exitCode !== 0 && (!baseline || baseline.exitCode === 0);
+    const preExisting = result.exitCode !== 0 && Boolean(baseline) && baseline.exitCode !== 0;
+    return {
+      ...result,
+      introducedFailure: introduced,
+      preExistingFailure: preExisting,
+    };
+  });
+}
+
+export async function inspectInstallArtifacts(plan) {
+  const results = [];
+  if (plan.analytics?.status !== 'enabled') {
+    return results;
+  }
+
+  const scriptUrl = plan.analytics.scriptUrl ?? scriptSrcFromTag(plan.analytics.scriptTag);
+  if (!scriptUrl) {
+    results.push({
+      name: 'analytics script',
+      status: 'failed',
+      message: 'Analytics was enabled, but no script URL was available for inspection.',
+    });
+    return results;
+  }
+
+  const layoutTarget = plan.analytics.layoutTarget;
+  if (!layoutTarget) {
+    results.push({
+      name: 'analytics source',
+      status: 'failed',
+      message: 'No supported shared layout was detected.',
+    });
+    return results;
+  }
+
+  const layoutPath = safeResolve(plan.cwd, layoutTarget);
+  const layout = await fs.readFile(layoutPath, 'utf8').catch(() => '');
+  const scriptCount = countOccurrences(layout, scriptUrl);
+  const hasConfig = layout.includes('window.distributionOSAnalyticsConfig');
+  const managedBlockCount = countOccurrences(layout, 'DISTRIBUTIONOS:START analytics');
+
+  results.push({
+    name: 'analytics source',
+    status: scriptCount === 1 && hasConfig && managedBlockCount === 1 ? 'passed' : 'failed',
+    message: scriptCount === 1 && hasConfig && managedBlockCount === 1
+      ? `${layoutTarget} contains one managed analytics install with route privacy config.`
+      : `${layoutTarget} should contain exactly one managed analytics script and config block.`,
+  });
+
+  const htmlFiles = await findBuiltHtmlFiles(plan.cwd);
+  if (htmlFiles.length === 0) {
+    results.push({
+      name: 'built HTML',
+      status: 'warning',
+      message: 'No built HTML files were found to inspect; source layout inspection is the local proof.',
+    });
+  } else {
+    const matches = [];
+    for (const file of htmlFiles) {
+      const html = await fs.readFile(path.join(plan.cwd, file), 'utf8').catch(() => '');
+      if (html.includes(scriptUrl) || html.includes(`/api/analytics/script/${plan.remote.analyticsContract?.siteId ?? ''}`)) {
+        matches.push(file);
+      }
+    }
+    results.push({
+      name: 'built HTML',
+      status: matches.length > 0 ? 'passed' : 'warning',
+      message: matches.length > 0
+        ? `Found analytics script in built HTML: ${matches.slice(0, 3).join(', ')}${matches.length > 3 ? ', ...' : ''}.`
+        : 'Built HTML files were present, but none included the analytics script. Framework output may be server-rendered; verify after deploy.',
+    });
+  }
+
+  const markerInspection = await inspectMarkers(plan.cwd, plan.repo.contentFiles);
+  results.push(markerInspection.content);
+  results.push(markerInspection.cta);
+  return results;
+}
+
+async function runCommand({ name, command, cwd, timeoutMs }) {
+  try {
+    const { stdout, stderr } = await execAsync(command, {
+      cwd,
+      timeout: timeoutMs,
+      windowsHide: true,
+      maxBuffer: 1024 * 1024,
+    });
+    return {
+      name,
+      command,
+      exitCode: 0,
+      stdout: tail(stdout),
+      stderr: tail(stderr),
+    };
+  } catch (error) {
+    return {
+      name,
+      command,
+      exitCode: typeof error.code === 'number' ? error.code : 1,
+      stdout: tail(error.stdout ?? ''),
+      stderr: tail(error.stderr ?? error.message ?? ''),
+    };
+  }
+}
+
+function tail(value, max = 4000) {
+  const text = redactSensitiveOutput(String(value ?? ''));
+  return text.length > max ? text.slice(-max) : text;
+}
+
+export function redactSensitiveOutput(value) {
+  const text = String(value ?? '');
+  let redactNextLine = false;
+
+  return text.split(/\r?\n/).map((line) => {
+    if (redactNextLine) {
+      redactNextLine = false;
+      return '[redacted sensitive validation output]';
+    }
+
+    if (PRIVATE_KEY_RE.test(line)) {
+      if (!/-----END [A-Z ]*PRIVATE KEY-----/i.test(line)) redactNextLine = true;
+      return '[redacted sensitive validation output]';
+    }
+
+    if (SENSITIVE_LINE_RE.test(line)) {
+      return redactSensitiveLine(line);
+    }
+
+    return line;
+  }).join('\n');
+}
+
+const PRIVATE_KEY_RE = /-----BEGIN [A-Z ]*PRIVATE KEY-----|-----END [A-Z ]*PRIVATE KEY-----|private key starts with/i;
+const SENSITIVE_LINE_RE =
+  /\b(private key|api key|apikey|access token|refresh token|auth token|authorization|client email|project id|password|secret|credential)\b/i;
+
+function redactSensitiveLine(line) {
+  const delimiter = line.match(/^([^:=]{1,80}[:=]\s*)(.*)$/);
+  if (delimiter) return `${delimiter[1]}[redacted]`;
+  return '[redacted sensitive validation output]';
+}
+
+async function findBuiltHtmlFiles(cwd) {
+  const roots = ['out', 'dist', 'build', '.next/server/app', '.next/server/pages'];
+  const files = [];
+  for (const root of roots) {
+    await collectHtmlFiles(path.join(cwd, root), root, files);
+    if (files.length >= 100) break;
+  }
+  return files.slice(0, 100);
+}
+
+async function collectHtmlFiles(absoluteDir, relativeDir, files) {
+  if (files.length >= 100) return;
+  let entries = [];
+  try {
+    entries = await fs.readdir(absoluteDir, { withFileTypes: true });
+  } catch {
+    return;
+  }
+
+  for (const entry of entries) {
+    if (files.length >= 100) return;
+    const relativePath = toPosix(path.join(relativeDir, entry.name));
+    const absolutePath = path.join(absoluteDir, entry.name);
+    if (entry.isDirectory()) {
+      await collectHtmlFiles(absolutePath, relativePath, files);
+    } else if (entry.isFile() && /\.html$/i.test(entry.name)) {
+      files.push(relativePath);
+    }
+  }
+}
+
+async function inspectMarkers(cwd, contentFiles) {
+  let contentMarkerCount = 0;
+  let ctaMarkerCount = 0;
+  for (const file of contentFiles ?? []) {
+    const text = await fs.readFile(safeResolve(cwd, file), 'utf8').catch(() => '');
+    contentMarkerCount += countOccurrences(text, 'distributionos:content-id');
+    contentMarkerCount += countOccurrences(text, 'data-dos-content-id');
+    ctaMarkerCount += countOccurrences(text, 'data-dos-event');
+    ctaMarkerCount += countOccurrences(text, 'data-dos-link-id');
+  }
+
+  return {
+    content: {
+      name: 'content markers',
+      status: contentMarkerCount > 0 ? 'passed' : 'warning',
+      message: contentMarkerCount > 0
+        ? `Found ${contentMarkerCount} existing content marker${contentMarkerCount === 1 ? '' : 's'}.`
+        : 'No existing dosContentId markers were found in detected content files; backfill public content after artifact IDs exist.',
+    },
+    cta: {
+      name: 'CTA markers',
+      status: ctaMarkerCount > 0 ? 'passed' : 'warning',
+      message: ctaMarkerCount > 0
+        ? `Found ${ctaMarkerCount} existing CTA marker${ctaMarkerCount === 1 ? '' : 's'}.`
+        : 'No existing data-dos CTA markers were found; add them only to primary CTAs or tracked campaign links.',
+    },
+  };
+}
+
+function countOccurrences(value, needle) {
+  if (!value || !needle) return 0;
+  return String(value).split(needle).length - 1;
+}
+
+function scriptSrcFromTag(scriptTag) {
+  if (!scriptTag) return null;
+  const match = String(scriptTag).match(/\ssrc=["']([^"']+)["']/i);
+  return match?.[1] ?? null;
+}
+
+function safeResolve(cwd, relativePath) {
+  const root = path.resolve(cwd);
+  const target = path.resolve(root, relativePath);
+  const relative = path.relative(root, target);
+  if (relative.startsWith('..') || path.isAbsolute(relative)) {
+    throw new Error(`Refusing to inspect outside repo root: ${relativePath}`);
+  }
+  return target;
+}
+
+function toPosix(value) {
+  return value.split(path.sep).filter(Boolean).join('/');
+}