@emilia-protocol/fire-drill 0.1.0 → 0.2.0

package/cli.mjs

@@ -12,7 +12,7 @@
  * @license Apache-2.0
  */
 import fs from 'node:fs';
-import { scan, TAGLINE } from './index.js';
+import { scan, TAGLINE, generatePullRequest } from './index.js';
 
 const argv = process.argv.slice(2);
 const flags = new Set(argv.filter((a) => a.startsWith('--')));
@@ -43,6 +43,12 @@ if (flags.has('--json')) {
   process.exit(report.eg1 === 'pass' ? 0 : 1);
 }
 
+if (flags.has('--pr')) {
+  const pr = generatePullRequest(report);
+  console.log(`# ${pr.title}\n\n${pr.body}`);
+  process.exit(report.eg1 === 'pass' ? 0 : 1);
+}
+
 const G = (s) => `\x1b[32m${s}\x1b[0m`;
 const R = (s) => `\x1b[31m${s}\x1b[0m`;
 const Y = (s) => `\x1b[33m${s}\x1b[0m`;

package/index.js

@@ -188,8 +188,74 @@ export function buildReport(operations, targetType = 'unknown') {
 
 export const TAGLINE = 'If your agent can take an irreversible action without a receipt, you do not have control. You have hope.';
 
+// ── Shareable badge ──────────────────────────────────────────────────────────
+
+/** Approximate pixel width of a label segment (flat-badge sizing, no font metrics). */
+function segWidth(text) {
+  return Math.max(40, Math.round(String(text).length * 6.6) + 20);
+}
+
+/**
+ * A shields-style flat SVG badge: "agent action firewall | EG-1 Enforced".
+ * Green when EG-1 passes / score 100, amber for partial, red for fail.
+ * @param {object} o
+ * @param {'pass'|'fail'} [o.eg1]
+ * @param {number} [o.score]   0..100 — overrides the message with "N/100" when given
+ * @param {string} [o.label='agent action firewall']
+ */
+export function badgeSvg({ eg1, score, label = 'agent action firewall' } = {}) {
+  const hasScore = typeof score === 'number' && Number.isFinite(score);
+  const pass = eg1 === 'pass' || score === 100;
+  const message = hasScore ? `${score}/100` : (pass ? 'EG-1 Enforced' : 'EG-1 not earned');
+  const color = pass ? '#16A34A' : (hasScore && score >= 50 ? '#D97706' : '#DC2626');
+  const lw = segWidth(label);
+  const mw = segWidth(message);
+  const w = lw + mw;
+  const esc = (s) => String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${w}" height="20" role="img" aria-label="${esc(label)}: ${esc(message)}">`
+    + `<linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient>`
+    + `<rect rx="3" width="${w}" height="20" fill="#555"/>`
+    + `<rect rx="3" x="${lw}" width="${mw}" height="20" fill="${color}"/>`
+    + `<rect rx="3" width="${w}" height="20" fill="url(#s)"/>`
+    + `<g fill="#fff" text-anchor="middle" font-family="Verdana,DejaVu Sans,sans-serif" font-size="11">`
+    + `<text x="${lw / 2}" y="14">${esc(label)}</text>`
+    + `<text x="${lw + mw / 2}" y="14">${esc(message)}</text>`
+    + `</g></svg>`;
+}
+
+// ── Generate-PR ──────────────────────────────────────────────────────────────
+
+/**
+ * Turn a report into a ready-to-open pull request (title + Markdown body) that
+ * tells a maintainer exactly which dangerous tools to gate and how to earn EG-1.
+ * @param {object} report  a buildReport() result
+ * @param {object} [o]
+ * @param {string} [o.project] project/repo name for the title
+ */
+export function generatePullRequest(report, { project } = {}) {
+  const name = project ? ` for ${project}` : '';
+  const failing = report.findings || [];
+  const title = failing.length
+    ? `Require an EMILIA receipt for ${failing.length} high-risk action${failing.length > 1 ? 's' : ''}${name} (earn EG-1)`
+    : `Confirm EG-1 Enforced${name}`;
+  const lines = [];
+  lines.push(`## Agent Action Firewall: ${report.score}/100 (EG-1 ${report.eg1.toUpperCase()})`, '');
+  if (!failing.length) {
+    lines.push('No dangerous action can run without a receipt. This integration is **EG-1 Enforced**.', '');
+  } else {
+    lines.push('These tool calls can mutate money, data, permissions, or production **without an accountable human receipt**:', '');
+    for (const f of failing) lines.push(`- \`${f.operation}\` — ${f.family} — ${f.fix}`);
+    lines.push('', '### Fix', '', '```js', `import { createGate } from '@emilia-protocol/gate';`, `import { gateMcpTool } from '@emilia-protocol/gate/mcp';`, '', `const gate = createGate({ manifest, trustedKeys: [process.env.EMILIA_ISSUER] });`);
+    for (const f of failing) lines.push(`server.tool('${f.operation}', gateMcpTool(gate, { tool: '${f.operation}' }, handler));`);
+    lines.push('```', '', `Then \`npx @emilia-protocol/fire-drill <manifest>\` should report **EG-1 Enforced**.`);
+  }
+  lines.push('', '---', `_Generated by [@emilia-protocol/fire-drill](https://www.npmjs.com/package/@emilia-protocol/fire-drill) — the Agent Action Firewall Test._`);
+  return { title, body: lines.join('\n') };
+}
+
 export default {
   FIRE_DRILL_VERSION, TAGLINE,
   classifyOperation, detectReceiptGate, buildReport,
   scan, scanMcpManifest, scanOpenApi, scanToolList,
+  badgeSvg, generatePullRequest,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@emilia-protocol/fire-drill",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "The Agent Action Firewall Test. Scan any MCP server manifest, OpenAPI spec, or tool list for dangerous actions an AI agent can take without an accountable human receipt — money movement, data destruction, production deploy, permission change, bulk export, regulated override. Reports an Agent Action Firewall score, the failing operations, the fix (EMILIA Gate), and EG-1 pass/fail. Static, zero-dependency, CI-friendly.",
   "license": "Apache-2.0",
   "type": "module",