@fourteensystems/prodcheck 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +252 -0
- package/bin/prodcheck.mjs +2 -0
- package/dist/cli/commands/baseline.d.ts +7 -0
- package/dist/cli/commands/baseline.d.ts.map +1 -0
- package/dist/cli/commands/baseline.js +22 -0
- package/dist/cli/commands/baseline.js.map +1 -0
- package/dist/cli/commands/ci.d.ts +14 -0
- package/dist/cli/commands/ci.d.ts.map +1 -0
- package/dist/cli/commands/ci.js +104 -0
- package/dist/cli/commands/ci.js.map +1 -0
- package/dist/cli/commands/explain.d.ts +2 -0
- package/dist/cli/commands/explain.d.ts.map +1 -0
- package/dist/cli/commands/explain.js +20 -0
- package/dist/cli/commands/explain.js.map +1 -0
- package/dist/cli/commands/init.d.ts +7 -0
- package/dist/cli/commands/init.d.ts.map +1 -0
- package/dist/cli/commands/init.js +127 -0
- package/dist/cli/commands/init.js.map +1 -0
- package/dist/cli/commands/rules.d.ts +2 -0
- package/dist/cli/commands/rules.d.ts.map +1 -0
- package/dist/cli/commands/rules.js +13 -0
- package/dist/cli/commands/rules.js.map +1 -0
- package/dist/cli/commands/scan.d.ts +10 -0
- package/dist/cli/commands/scan.d.ts.map +1 -0
- package/dist/cli/commands/scan.js +65 -0
- package/dist/cli/commands/scan.js.map +1 -0
- package/dist/cli/commands/waive.d.ts +8 -0
- package/dist/cli/commands/waive.d.ts.map +1 -0
- package/dist/cli/commands/waive.js +34 -0
- package/dist/cli/commands/waive.js.map +1 -0
- package/dist/cli/index.d.ts +2 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +64 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/engine/baseline.d.ts +11 -0
- package/dist/engine/baseline.d.ts.map +1 -0
- package/dist/engine/baseline.js +39 -0
- package/dist/engine/baseline.js.map +1 -0
- package/dist/engine/baseline.test.d.ts +2 -0
- package/dist/engine/baseline.test.d.ts.map +1 -0
- package/dist/engine/baseline.test.js +135 -0
- package/dist/engine/baseline.test.js.map +1 -0
- package/dist/engine/config.d.ts +8 -0
- package/dist/engine/config.d.ts.map +1 -0
- package/dist/engine/config.js +134 -0
- package/dist/engine/config.js.map +1 -0
- package/dist/engine/config.test.d.ts +2 -0
- package/dist/engine/config.test.d.ts.map +1 -0
- package/dist/engine/config.test.js +107 -0
- package/dist/engine/config.test.js.map +1 -0
- package/dist/engine/extensions/load.d.ts +11 -0
- package/dist/engine/extensions/load.d.ts.map +1 -0
- package/dist/engine/extensions/load.js +26 -0
- package/dist/engine/extensions/load.js.map +1 -0
- package/dist/engine/extensions/registry.d.ts +5 -0
- package/dist/engine/extensions/registry.d.ts.map +1 -0
- package/dist/engine/extensions/registry.js +11 -0
- package/dist/engine/extensions/registry.js.map +1 -0
- package/dist/engine/extensions/types.d.ts +51 -0
- package/dist/engine/extensions/types.d.ts.map +1 -0
- package/dist/engine/extensions/types.js +2 -0
- package/dist/engine/extensions/types.js.map +1 -0
- package/dist/engine/license.d.ts +40 -0
- package/dist/engine/license.d.ts.map +1 -0
- package/dist/engine/license.js +104 -0
- package/dist/engine/license.js.map +1 -0
- package/dist/engine/report.d.ts +5 -0
- package/dist/engine/report.d.ts.map +1 -0
- package/dist/engine/report.js +115 -0
- package/dist/engine/report.js.map +1 -0
- package/dist/engine/run.d.ts +11 -0
- package/dist/engine/run.d.ts.map +1 -0
- package/dist/engine/run.js +105 -0
- package/dist/engine/run.js.map +1 -0
- package/dist/engine/sarif.d.ts +3 -0
- package/dist/engine/sarif.d.ts.map +1 -0
- package/dist/engine/sarif.js +58 -0
- package/dist/engine/sarif.js.map +1 -0
- package/dist/engine/sarif.test.d.ts +2 -0
- package/dist/engine/sarif.test.d.ts.map +1 -0
- package/dist/engine/sarif.test.js +152 -0
- package/dist/engine/sarif.test.js.map +1 -0
- package/dist/engine/score.d.ts +13 -0
- package/dist/engine/score.d.ts.map +1 -0
- package/dist/engine/score.js +116 -0
- package/dist/engine/score.js.map +1 -0
- package/dist/engine/score.test.d.ts +2 -0
- package/dist/engine/score.test.d.ts.map +1 -0
- package/dist/engine/score.test.js +227 -0
- package/dist/engine/score.test.js.map +1 -0
- package/dist/engine/types.d.ts +123 -0
- package/dist/engine/types.d.ts.map +1 -0
- package/dist/engine/types.js +2 -0
- package/dist/engine/types.js.map +1 -0
- package/dist/engine/version.d.ts +5 -0
- package/dist/engine/version.d.ts.map +1 -0
- package/dist/engine/version.js +15 -0
- package/dist/engine/version.js.map +1 -0
- package/dist/engine/waivers.d.ts +9 -0
- package/dist/engine/waivers.d.ts.map +1 -0
- package/dist/engine/waivers.js +55 -0
- package/dist/engine/waivers.js.map +1 -0
- package/dist/engine/waivers.test.d.ts +2 -0
- package/dist/engine/waivers.test.d.ts.map +1 -0
- package/dist/engine/waivers.test.js +147 -0
- package/dist/engine/waivers.test.js.map +1 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +12 -0
- package/dist/index.js.map +1 -0
- package/dist/next/deps.d.ts +4 -0
- package/dist/next/deps.d.ts.map +1 -0
- package/dist/next/deps.js +118 -0
- package/dist/next/deps.js.map +1 -0
- package/dist/next/deps.test.d.ts +2 -0
- package/dist/next/deps.test.d.ts.map +1 -0
- package/dist/next/deps.test.js +249 -0
- package/dist/next/deps.test.js.map +1 -0
- package/dist/next/detect.d.ts +10 -0
- package/dist/next/detect.d.ts.map +1 -0
- package/dist/next/detect.js +57 -0
- package/dist/next/detect.js.map +1 -0
- package/dist/next/detect.test.d.ts +2 -0
- package/dist/next/detect.test.d.ts.map +1 -0
- package/dist/next/detect.test.js +74 -0
- package/dist/next/detect.test.js.map +1 -0
- package/dist/next/index.d.ts +5 -0
- package/dist/next/index.d.ts.map +1 -0
- package/dist/next/index.js +59 -0
- package/dist/next/index.js.map +1 -0
- package/dist/next/middleware.d.ts +3 -0
- package/dist/next/middleware.d.ts.map +1 -0
- package/dist/next/middleware.js +48 -0
- package/dist/next/middleware.js.map +1 -0
- package/dist/next/middleware.test.d.ts +2 -0
- package/dist/next/middleware.test.d.ts.map +1 -0
- package/dist/next/middleware.test.js +203 -0
- package/dist/next/middleware.test.js.map +1 -0
- package/dist/next/routes.d.ts +10 -0
- package/dist/next/routes.d.ts.map +1 -0
- package/dist/next/routes.js +172 -0
- package/dist/next/routes.js.map +1 -0
- package/dist/next/routes.test.d.ts +2 -0
- package/dist/next/routes.test.d.ts.map +1 -0
- package/dist/next/routes.test.js +175 -0
- package/dist/next/routes.test.js.map +1 -0
- package/dist/next/server-actions.d.ts +4 -0
- package/dist/next/server-actions.d.ts.map +1 -0
- package/dist/next/server-actions.js +107 -0
- package/dist/next/server-actions.js.map +1 -0
- package/dist/next/server-actions.test.d.ts +2 -0
- package/dist/next/server-actions.test.d.ts.map +1 -0
- package/dist/next/server-actions.test.js +138 -0
- package/dist/next/server-actions.test.js.map +1 -0
- package/dist/next/trpc.d.ts +3 -0
- package/dist/next/trpc.d.ts.map +1 -0
- package/dist/next/trpc.js +312 -0
- package/dist/next/trpc.js.map +1 -0
- package/dist/next/types.d.ts +144 -0
- package/dist/next/types.d.ts.map +1 -0
- package/dist/next/types.js +2 -0
- package/dist/next/types.js.map +1 -0
- package/dist/next/wrappers.d.ts +10 -0
- package/dist/next/wrappers.d.ts.map +1 -0
- package/dist/next/wrappers.js +536 -0
- package/dist/next/wrappers.js.map +1 -0
- package/dist/next/wrappers.test.d.ts +2 -0
- package/dist/next/wrappers.test.d.ts.map +1 -0
- package/dist/next/wrappers.test.js +361 -0
- package/dist/next/wrappers.test.js.map +1 -0
- package/dist/rules/auth-boundary-missing.d.ts +5 -0
- package/dist/rules/auth-boundary-missing.d.ts.map +1 -0
- package/dist/rules/auth-boundary-missing.js +463 -0
- package/dist/rules/auth-boundary-missing.js.map +1 -0
- package/dist/rules/auth-boundary-missing.test.d.ts +2 -0
- package/dist/rules/auth-boundary-missing.test.d.ts.map +1 -0
- package/dist/rules/auth-boundary-missing.test.js +492 -0
- package/dist/rules/auth-boundary-missing.test.js.map +1 -0
- package/dist/rules/index.d.ts +12 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +95 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/input-validation-missing.d.ts +5 -0
- package/dist/rules/input-validation-missing.d.ts.map +1 -0
- package/dist/rules/input-validation-missing.js +272 -0
- package/dist/rules/input-validation-missing.js.map +1 -0
- package/dist/rules/input-validation-missing.test.d.ts +2 -0
- package/dist/rules/input-validation-missing.test.d.ts.map +1 -0
- package/dist/rules/input-validation-missing.test.js +449 -0
- package/dist/rules/input-validation-missing.test.js.map +1 -0
- package/dist/rules/rate-limit-missing.d.ts +5 -0
- package/dist/rules/rate-limit-missing.d.ts.map +1 -0
- package/dist/rules/rate-limit-missing.js +316 -0
- package/dist/rules/rate-limit-missing.js.map +1 -0
- package/dist/rules/rate-limit-missing.test.d.ts +2 -0
- package/dist/rules/rate-limit-missing.test.d.ts.map +1 -0
- package/dist/rules/rate-limit-missing.test.js +381 -0
- package/dist/rules/rate-limit-missing.test.js.map +1 -0
- package/dist/rules/tenancy-scope-missing.d.ts +5 -0
- package/dist/rules/tenancy-scope-missing.d.ts.map +1 -0
- package/dist/rules/tenancy-scope-missing.js +149 -0
- package/dist/rules/tenancy-scope-missing.js.map +1 -0
- package/dist/rules/wrapper-unrecognized.d.ts +5 -0
- package/dist/rules/wrapper-unrecognized.d.ts.map +1 -0
- package/dist/rules/wrapper-unrecognized.js +81 -0
- package/dist/rules/wrapper-unrecognized.js.map +1 -0
- package/dist/util/hof.d.ts +22 -0
- package/dist/util/hof.d.ts.map +1 -0
- package/dist/util/hof.js +99 -0
- package/dist/util/hof.js.map +1 -0
- package/dist/util/hof.test.d.ts +2 -0
- package/dist/util/hof.test.d.ts.map +1 -0
- package/dist/util/hof.test.js +79 -0
- package/dist/util/hof.test.js.map +1 -0
- package/dist/util/monorepo.d.ts +6 -0
- package/dist/util/monorepo.d.ts.map +1 -0
- package/dist/util/monorepo.js +29 -0
- package/dist/util/monorepo.js.map +1 -0
- package/dist/util/outbound-fetch.d.ts +14 -0
- package/dist/util/outbound-fetch.d.ts.map +1 -0
- package/dist/util/outbound-fetch.js +59 -0
- package/dist/util/outbound-fetch.js.map +1 -0
- package/dist/util/outbound-fetch.test.d.ts +2 -0
- package/dist/util/outbound-fetch.test.d.ts.map +1 -0
- package/dist/util/outbound-fetch.test.js +83 -0
- package/dist/util/outbound-fetch.test.js.map +1 -0
- package/dist/util/paths.d.ts +6 -0
- package/dist/util/paths.d.ts.map +1 -0
- package/dist/util/paths.js +18 -0
- package/dist/util/paths.js.map +1 -0
- package/dist/util/resolve.d.ts +30 -0
- package/dist/util/resolve.d.ts.map +1 -0
- package/dist/util/resolve.js +306 -0
- package/dist/util/resolve.js.map +1 -0
- package/dist/util/resolve.test.d.ts +2 -0
- package/dist/util/resolve.test.d.ts.map +1 -0
- package/dist/util/resolve.test.js +186 -0
- package/dist/util/resolve.test.js.map +1 -0
- package/package.json +56 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":"AASA,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,wBAAsB,OAAO,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAiE9D"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { writeFileSync } from "node:fs";
|
|
2
|
+
import pc from "picocolors";
|
|
3
|
+
import { runScan } from "../../engine/run.js";
|
|
4
|
+
import { formatPretty, formatJson } from "../../engine/report.js";
|
|
5
|
+
import { formatSarif } from "../../engine/sarif.js";
|
|
6
|
+
import { computeScore, summarizeFindings, confidenceLevel, parseConfidence } from "../../engine/score.js";
|
|
7
|
+
export async function cmdScan(opts) {
|
|
8
|
+
try {
|
|
9
|
+
const rootDir = process.cwd();
|
|
10
|
+
// Build config overrides from CLI flags
|
|
11
|
+
const configOverrides = {};
|
|
12
|
+
if (opts.only) {
|
|
13
|
+
const onlyRules = opts.only.split(",").map((r) => r.trim().toUpperCase());
|
|
14
|
+
const rules = {};
|
|
15
|
+
for (const ruleId of onlyRules) {
|
|
16
|
+
rules[ruleId] = { severity: "critical" };
|
|
17
|
+
}
|
|
18
|
+
configOverrides.rules = rules;
|
|
19
|
+
}
|
|
20
|
+
const additionalExclude = opts.exclude
|
|
21
|
+
? opts.exclude.split(",").map((g) => g.trim())
|
|
22
|
+
: undefined;
|
|
23
|
+
// Progress indicator for interactive terminals
|
|
24
|
+
const isTTY = process.stderr.isTTY;
|
|
25
|
+
const onProgress = isTTY
|
|
26
|
+
? (step) => {
|
|
27
|
+
process.stderr.write(`\r ${pc.dim("⏳")} ${pc.dim(step)}${"".padEnd(20)}\r`);
|
|
28
|
+
}
|
|
29
|
+
: undefined;
|
|
30
|
+
const result = await runScan({ rootDir, configOverrides, additionalExclude, onProgress });
|
|
31
|
+
// Clear progress line
|
|
32
|
+
if (isTTY)
|
|
33
|
+
process.stderr.write("\r".padEnd(60) + "\r");
|
|
34
|
+
// Filter by confidence if specified, recalculate score and summary
|
|
35
|
+
if (opts.minConfidence) {
|
|
36
|
+
const minConf = parseConfidence(opts.minConfidence);
|
|
37
|
+
result.findings = result.findings.filter((f) => confidenceLevel(f.confidence) >= confidenceLevel(minConf));
|
|
38
|
+
result.score = computeScore(result.findings);
|
|
39
|
+
const counts = summarizeFindings(result.findings);
|
|
40
|
+
result.summary = { total: result.findings.length, ...counts, waived: result.summary.waived };
|
|
41
|
+
}
|
|
42
|
+
let output;
|
|
43
|
+
switch (opts.format) {
|
|
44
|
+
case "json":
|
|
45
|
+
output = formatJson(result);
|
|
46
|
+
break;
|
|
47
|
+
case "sarif":
|
|
48
|
+
output = formatSarif(result);
|
|
49
|
+
break;
|
|
50
|
+
default:
|
|
51
|
+
output = formatPretty(result);
|
|
52
|
+
}
|
|
53
|
+
if (opts.output) {
|
|
54
|
+
writeFileSync(opts.output, output);
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
console.log(output);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
catch (err) {
|
|
61
|
+
console.error(pc.red(` Error: ${err instanceof Error ? err.message : String(err)}`));
|
|
62
|
+
process.exit(1);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=scan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAY1G,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAiB;IAC7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAE9B,wCAAwC;QACxC,MAAM,eAAe,GAA6B,EAAE,CAAC;QAErD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1E,MAAM,KAAK,GAA2C,EAAE,CAAC;YACzD,KAAK,MAAM,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC/B,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YAC3C,CAAC;YACD,eAAe,CAAC,KAAK,GAAG,KAAK,CAAC;QAChC,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO;YACpC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9C,CAAC,CAAC,SAAS,CAAC;QAEd,+CAA+C;QAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;QACnC,MAAM,UAAU,GAAG,KAAK;YACtB,CAAC,CAAC,CAAC,IAAY,EAAE,EAAE;gBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC/E,CAAC;YACH,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,UAAU,EAAE,CAAC,CAAC;QAE1F,sBAAsB;QACtB,IAAI,KAAK;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAExD,mEAAmE;QACnE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC,CACjE,CAAC;YACF,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC/F,CAAC;QAED,IAAI,MAAc,CAAC;QACnB,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,MAAM;gBACT,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBAC5B,MAAM;YACR,KAAK,OAAO;gBACV,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM;YACR;gBACE,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACtF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"waive.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/waive.ts"],"names":[],"mappings":"AAIA,UAAU,YAAY;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA+BhF"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import pc from "picocolors";
|
|
2
|
+
import { addWaiver } from "../../engine/waivers.js";
|
|
3
|
+
import { loadConfigIfExists, DEFAULT_CONFIG } from "../../engine/config.js";
|
|
4
|
+
export async function cmdWaive(ruleId, opts) {
|
|
5
|
+
try {
|
|
6
|
+
// Validate expiry date if provided
|
|
7
|
+
if (opts.expiry) {
|
|
8
|
+
const d = new Date(opts.expiry);
|
|
9
|
+
if (isNaN(d.getTime())) {
|
|
10
|
+
console.error(pc.red(` Invalid expiry date: "${opts.expiry}". Use ISO format (e.g., 2025-12-31)`));
|
|
11
|
+
process.exit(1);
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
const rootDir = process.cwd();
|
|
15
|
+
const config = loadConfigIfExists(rootDir) ?? DEFAULT_CONFIG;
|
|
16
|
+
const waiver = addWaiver(rootDir, config.waiversFile, {
|
|
17
|
+
ruleId,
|
|
18
|
+
file: opts.file,
|
|
19
|
+
reason: opts.reason,
|
|
20
|
+
expiry: opts.expiry,
|
|
21
|
+
});
|
|
22
|
+
console.log(pc.green(` Waiver added for ${ruleId}`));
|
|
23
|
+
console.log(pc.dim(` File: ${waiver.file}`));
|
|
24
|
+
console.log(pc.dim(` Reason: ${waiver.reason}`));
|
|
25
|
+
if (waiver.expiry) {
|
|
26
|
+
console.log(pc.dim(` Expires: ${waiver.expiry}`));
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
catch (err) {
|
|
30
|
+
console.error(pc.red(` Error: ${err instanceof Error ? err.message : String(err)}`));
|
|
31
|
+
process.exit(1);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=waive.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"waive.js","sourceRoot":"","sources":["../../../src/cli/commands/waive.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAQ5E,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,IAAkB;IAC/D,IAAI,CAAC;QACH,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,2BAA2B,IAAI,CAAC,MAAM,sCAAsC,CAAC,CAAC,CAAC;gBACpG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,cAAc,CAAC;QAE7D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,EAAE;YACpD,MAAM;YACN,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAClD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,YAAY,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACtF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { Command } from "commander";
|
|
2
|
+
import { cmdScan } from "./commands/scan.js";
|
|
3
|
+
import { cmdCi } from "./commands/ci.js";
|
|
4
|
+
import { cmdInit } from "./commands/init.js";
|
|
5
|
+
import { cmdBaseline } from "./commands/baseline.js";
|
|
6
|
+
import { cmdWaive } from "./commands/waive.js";
|
|
7
|
+
import { cmdRules } from "./commands/rules.js";
|
|
8
|
+
import { cmdExplain } from "./commands/explain.js";
|
|
9
|
+
const program = new Command();
|
|
10
|
+
program
|
|
11
|
+
.name("prodcheck")
|
|
12
|
+
.description("Code-level operational maturity analysis for Next.js projects")
|
|
13
|
+
.version("0.1.0");
|
|
14
|
+
program
|
|
15
|
+
.command("init")
|
|
16
|
+
.description("Detect framework, generate config, and run first scan")
|
|
17
|
+
.option("--force", "Overwrite existing config")
|
|
18
|
+
.option("--dry-run", "Print what would happen without writing files")
|
|
19
|
+
.action(cmdInit);
|
|
20
|
+
program
|
|
21
|
+
.command("scan", { isDefault: true })
|
|
22
|
+
.description("Scan the project and print readiness report")
|
|
23
|
+
.option("--format <format>", "Output format: pretty, json, sarif", "pretty")
|
|
24
|
+
.option("--output <path>", "Write report to file")
|
|
25
|
+
.option("--only <rules>", "Run only specified rules (comma-separated)")
|
|
26
|
+
.option("--exclude <globs>", "Additional exclude patterns (comma-separated)")
|
|
27
|
+
.option("--min-confidence <level>", "Minimum confidence to report: low, med, high")
|
|
28
|
+
.action(cmdScan);
|
|
29
|
+
program
|
|
30
|
+
.command("ci")
|
|
31
|
+
.description("CI mode: enforce thresholds and fail on regressions")
|
|
32
|
+
.option("--preview", "Free preview mode: run scan without enforcement (no Pro key required)")
|
|
33
|
+
.option("--fail-on <severity>", "Minimum severity to fail: low, med, high, critical", "critical")
|
|
34
|
+
.option("--min-confidence <level>", "Minimum confidence to fail: low, med, high", "high")
|
|
35
|
+
.option("--min-score <score>", "Minimum passing score", "70")
|
|
36
|
+
.option("--baseline <path>", "Baseline file for regression detection")
|
|
37
|
+
.option("--max-new-critical <n>", "Max new critical findings allowed", "0")
|
|
38
|
+
.option("--max-new-high <n>", "Max new high findings allowed")
|
|
39
|
+
.option("--format <format>", "Output format: pretty, json, sarif", "pretty")
|
|
40
|
+
.option("--output <path>", "Write report to file")
|
|
41
|
+
.action(cmdCi);
|
|
42
|
+
program
|
|
43
|
+
.command("baseline")
|
|
44
|
+
.description("Write or update baseline snapshot")
|
|
45
|
+
.option("--write", "Write baseline file")
|
|
46
|
+
.option("--output <path>", "Baseline output path")
|
|
47
|
+
.action(cmdBaseline);
|
|
48
|
+
program
|
|
49
|
+
.command("waive <rule>")
|
|
50
|
+
.description("Add a waiver for a specific finding")
|
|
51
|
+
.requiredOption("--file <path>", "File to waive")
|
|
52
|
+
.requiredOption("--reason <reason>", "Reason for waiver")
|
|
53
|
+
.option("--expiry <date>", "Waiver expiry date (ISO format)")
|
|
54
|
+
.action(cmdWaive);
|
|
55
|
+
program
|
|
56
|
+
.command("rules")
|
|
57
|
+
.description("List all available rules")
|
|
58
|
+
.action(cmdRules);
|
|
59
|
+
program
|
|
60
|
+
.command("explain <rule>")
|
|
61
|
+
.description("Show detailed explanation for a rule")
|
|
62
|
+
.action(cmdExplain);
|
|
63
|
+
program.parse();
|
|
64
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,uDAAuD,CAAC;KACpE,MAAM,CAAC,SAAS,EAAE,2BAA2B,CAAC;KAC9C,MAAM,CAAC,WAAW,EAAE,+CAA+C,CAAC;KACpE,MAAM,CAAC,OAAO,CAAC,CAAC;AAEnB,OAAO;KACJ,OAAO,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;KACpC,WAAW,CAAC,6CAA6C,CAAC;KAC1D,MAAM,CAAC,mBAAmB,EAAE,oCAAoC,EAAE,QAAQ,CAAC;KAC3E,MAAM,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;KACjD,MAAM,CAAC,gBAAgB,EAAE,4CAA4C,CAAC;KACtE,MAAM,CAAC,mBAAmB,EAAE,+CAA+C,CAAC;KAC5E,MAAM,CAAC,0BAA0B,EAAE,8CAA8C,CAAC;KAClF,MAAM,CAAC,OAAO,CAAC,CAAC;AAEnB,OAAO;KACJ,OAAO,CAAC,IAAI,CAAC;KACb,WAAW,CAAC,qDAAqD,CAAC;KAClE,MAAM,CAAC,WAAW,EAAE,uEAAuE,CAAC;KAC5F,MAAM,CAAC,sBAAsB,EAAE,oDAAoD,EAAE,UAAU,CAAC;KAChG,MAAM,CAAC,0BAA0B,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACxF,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,EAAE,IAAI,CAAC;KAC5D,MAAM,CAAC,mBAAmB,EAAE,wCAAwC,CAAC;KACrE,MAAM,CAAC,wBAAwB,EAAE,mCAAmC,EAAE,GAAG,CAAC;KAC1E,MAAM,CAAC,oBAAoB,EAAE,+BAA+B,CAAC;KAC7D,MAAM,CAAC,mBAAmB,EAAE,oCAAoC,EAAE,QAAQ,CAAC;KAC3E,MAAM,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;KACjD,MAAM,CAAC,KAAK,CAAC,CAAC;AAEjB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,SAAS,EAAE,qBAAqB,CAAC;KACxC,MAAM,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;KACjD,MAAM,CAAC,WAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,cAAc,CAAC;KACvB,WAAW,CAAC,qCAAqC,CAAC;KAClD,cAAc,CAAC,eAAe,EAAE,eAAe,CAAC;KAChD,cAAc,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;KACxD,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC;KAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,0BAA0B,CAAC;KACvC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,gBAAgB,CAAC;KACzB,WAAW,CAAC,sCAAsC,CAAC;KACnD,MAAM,CAAC,UAAU,CAAC,CAAC;AAEtB,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { Baseline, Finding, ScanResult } from "./types.js";
|
|
2
|
+
export declare function findingKey(f: Finding): string;
|
|
3
|
+
export declare function writeBaseline(rootDir: string, result: ScanResult, filePath?: string): string;
|
|
4
|
+
export declare function loadBaseline(filePath: string): Baseline | undefined;
|
|
5
|
+
export interface BaselineDiff {
|
|
6
|
+
newFindings: Finding[];
|
|
7
|
+
resolvedKeys: string[];
|
|
8
|
+
scoreDelta: number;
|
|
9
|
+
}
|
|
10
|
+
export declare function diffBaseline(baseline: Baseline, current: ScanResult): BaselineDiff;
|
|
11
|
+
//# sourceMappingURL=baseline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../src/engine/baseline.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAGhE,wBAAgB,UAAU,CAAC,CAAC,EAAE,OAAO,GAAG,MAAM,CAE7C;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAa5F;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAOnE;AAED,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,OAAO,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,UAAU,GAClB,YAAY,CASd"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import path from "node:path";
|
|
2
|
+
import { existsSync, readFileSync, writeFileSync } from "node:fs";
|
|
3
|
+
import { PRODCHECK_VERSION, INDEX_VERSION } from "./version.js";
|
|
4
|
+
export function findingKey(f) {
|
|
5
|
+
return `${f.ruleId}::${f.file}::${f.line ?? 0}`;
|
|
6
|
+
}
|
|
7
|
+
export function writeBaseline(rootDir, result, filePath) {
|
|
8
|
+
const dest = filePath ?? path.join(rootDir, "prodcheck.baseline.json");
|
|
9
|
+
const baseline = {
|
|
10
|
+
version: 1,
|
|
11
|
+
prodcheckVersion: PRODCHECK_VERSION,
|
|
12
|
+
configHash: result.configHash,
|
|
13
|
+
indexVersion: INDEX_VERSION,
|
|
14
|
+
createdAt: new Date().toISOString(),
|
|
15
|
+
score: result.score,
|
|
16
|
+
findingKeys: result.findings.map(findingKey),
|
|
17
|
+
};
|
|
18
|
+
writeFileSync(dest, JSON.stringify(baseline, null, 2) + "\n");
|
|
19
|
+
return dest;
|
|
20
|
+
}
|
|
21
|
+
export function loadBaseline(filePath) {
|
|
22
|
+
if (!existsSync(filePath))
|
|
23
|
+
return undefined;
|
|
24
|
+
try {
|
|
25
|
+
return JSON.parse(readFileSync(filePath, "utf8"));
|
|
26
|
+
}
|
|
27
|
+
catch (err) {
|
|
28
|
+
throw new Error(`Failed to parse baseline ${filePath}: ${err instanceof Error ? err.message : String(err)}`);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
export function diffBaseline(baseline, current) {
|
|
32
|
+
const currentKeys = new Set(current.findings.map(findingKey));
|
|
33
|
+
const baselineKeys = new Set(baseline.findingKeys);
|
|
34
|
+
const newFindings = current.findings.filter((f) => !baselineKeys.has(findingKey(f)));
|
|
35
|
+
const resolvedKeys = baseline.findingKeys.filter((k) => !currentKeys.has(k));
|
|
36
|
+
const scoreDelta = current.score - baseline.score;
|
|
37
|
+
return { newFindings, resolvedKeys, scoreDelta };
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=baseline.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../src/engine/baseline.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAElE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAEhE,MAAM,UAAU,UAAU,CAAC,CAAU;IACnC,OAAO,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,MAAkB,EAAE,QAAiB;IAClF,MAAM,IAAI,GAAG,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAa;QACzB,OAAO,EAAE,CAAC;QACV,gBAAgB,EAAE,iBAAiB;QACnC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,YAAY,EAAE,aAAa;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;KAC7C,CAAC;IACF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC9D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAa,CAAC;IAChE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/G,CAAC;AACH,CAAC;AAQD,MAAM,UAAU,YAAY,CAC1B,QAAkB,EAClB,OAAmB;IAEnB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9D,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEnD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;IAElD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACnD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.test.d.ts","sourceRoot":"","sources":["../../src/engine/baseline.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
+
import { mkdtempSync, rmSync } from "node:fs";
|
|
3
|
+
import path from "node:path";
|
|
4
|
+
import os from "node:os";
|
|
5
|
+
import { findingKey, writeBaseline, loadBaseline, diffBaseline } from "./baseline.js";
|
|
6
|
+
function makeFinding(overrides = {}) {
|
|
7
|
+
return {
|
|
8
|
+
ruleId: "TEST-RULE",
|
|
9
|
+
severity: "high",
|
|
10
|
+
confidence: "high",
|
|
11
|
+
message: "test",
|
|
12
|
+
file: "test.ts",
|
|
13
|
+
evidence: [],
|
|
14
|
+
confidenceRationale: "",
|
|
15
|
+
remediation: [],
|
|
16
|
+
tags: [],
|
|
17
|
+
...overrides,
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
function makeScanResult(findings, score = 100) {
|
|
21
|
+
return {
|
|
22
|
+
version: 1,
|
|
23
|
+
prodcheckVersion: "0.1.0",
|
|
24
|
+
configHash: "abc",
|
|
25
|
+
indexVersion: 1,
|
|
26
|
+
timestamp: new Date().toISOString(),
|
|
27
|
+
framework: "next-app-router",
|
|
28
|
+
detected: {
|
|
29
|
+
deps: {},
|
|
30
|
+
trpc: false,
|
|
31
|
+
middleware: false,
|
|
32
|
+
},
|
|
33
|
+
score,
|
|
34
|
+
findings,
|
|
35
|
+
waivedFindings: [],
|
|
36
|
+
summary: { total: findings.length, critical: 0, high: 0, med: 0, low: 0, waived: 0 },
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
describe("findingKey", () => {
|
|
40
|
+
it("generates key from ruleId, file, and line", () => {
|
|
41
|
+
const f = makeFinding({ ruleId: "AUTH-BOUNDARY-MISSING", file: "app/api/route.ts", line: 13 });
|
|
42
|
+
expect(findingKey(f)).toBe("AUTH-BOUNDARY-MISSING::app/api/route.ts::13");
|
|
43
|
+
});
|
|
44
|
+
it("uses 0 when line is undefined", () => {
|
|
45
|
+
const f = makeFinding({ ruleId: "RATE-LIMIT-MISSING", file: "app/api/route.ts" });
|
|
46
|
+
expect(findingKey(f)).toBe("RATE-LIMIT-MISSING::app/api/route.ts::0");
|
|
47
|
+
});
|
|
48
|
+
});
|
|
49
|
+
describe("writeBaseline / loadBaseline", () => {
|
|
50
|
+
let tmpDir;
|
|
51
|
+
beforeEach(() => {
|
|
52
|
+
tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-test-"));
|
|
53
|
+
});
|
|
54
|
+
afterEach(() => {
|
|
55
|
+
rmSync(tmpDir, { recursive: true, force: true });
|
|
56
|
+
});
|
|
57
|
+
it("writes and loads baseline roundtrip", () => {
|
|
58
|
+
const findings = [makeFinding({ ruleId: "R1", file: "a.ts", line: 1 })];
|
|
59
|
+
const result = makeScanResult(findings, 90);
|
|
60
|
+
const dest = writeBaseline(tmpDir, result);
|
|
61
|
+
const loaded = loadBaseline(dest);
|
|
62
|
+
expect(loaded).toBeDefined();
|
|
63
|
+
expect(loaded.score).toBe(90);
|
|
64
|
+
expect(loaded.findingKeys).toEqual(["R1::a.ts::1"]);
|
|
65
|
+
expect(loaded.version).toBe(1);
|
|
66
|
+
});
|
|
67
|
+
it("writes to custom path", () => {
|
|
68
|
+
const customPath = path.join(tmpDir, "custom-baseline.json");
|
|
69
|
+
const result = makeScanResult([]);
|
|
70
|
+
writeBaseline(tmpDir, result, customPath);
|
|
71
|
+
expect(loadBaseline(customPath)).toBeDefined();
|
|
72
|
+
});
|
|
73
|
+
it("returns undefined for missing file", () => {
|
|
74
|
+
expect(loadBaseline("/nonexistent/path.json")).toBeUndefined();
|
|
75
|
+
});
|
|
76
|
+
it("throws on malformed JSON", () => {
|
|
77
|
+
const badFile = path.join(tmpDir, "bad.json");
|
|
78
|
+
require("node:fs").writeFileSync(badFile, "not json");
|
|
79
|
+
expect(() => loadBaseline(badFile)).toThrow("Failed to parse baseline");
|
|
80
|
+
});
|
|
81
|
+
});
|
|
82
|
+
describe("diffBaseline", () => {
|
|
83
|
+
it("identifies new findings", () => {
|
|
84
|
+
const baseline = {
|
|
85
|
+
version: 1,
|
|
86
|
+
prodcheckVersion: "0.1.0",
|
|
87
|
+
configHash: "abc",
|
|
88
|
+
indexVersion: 1,
|
|
89
|
+
createdAt: new Date().toISOString(),
|
|
90
|
+
score: 90,
|
|
91
|
+
findingKeys: ["R1::a.ts::1"],
|
|
92
|
+
};
|
|
93
|
+
const newFinding = makeFinding({ ruleId: "R2", file: "b.ts", line: 5 });
|
|
94
|
+
const existing = makeFinding({ ruleId: "R1", file: "a.ts", line: 1 });
|
|
95
|
+
const current = makeScanResult([existing, newFinding], 80);
|
|
96
|
+
const diff = diffBaseline(baseline, current);
|
|
97
|
+
expect(diff.newFindings).toHaveLength(1);
|
|
98
|
+
expect(diff.newFindings[0].ruleId).toBe("R2");
|
|
99
|
+
expect(diff.resolvedKeys).toHaveLength(0);
|
|
100
|
+
expect(diff.scoreDelta).toBe(-10);
|
|
101
|
+
});
|
|
102
|
+
it("identifies resolved findings", () => {
|
|
103
|
+
const baseline = {
|
|
104
|
+
version: 1,
|
|
105
|
+
prodcheckVersion: "0.1.0",
|
|
106
|
+
configHash: "abc",
|
|
107
|
+
indexVersion: 1,
|
|
108
|
+
createdAt: new Date().toISOString(),
|
|
109
|
+
score: 80,
|
|
110
|
+
findingKeys: ["R1::a.ts::1", "R2::b.ts::5"],
|
|
111
|
+
};
|
|
112
|
+
const current = makeScanResult([makeFinding({ ruleId: "R1", file: "a.ts", line: 1 })], 90);
|
|
113
|
+
const diff = diffBaseline(baseline, current);
|
|
114
|
+
expect(diff.newFindings).toHaveLength(0);
|
|
115
|
+
expect(diff.resolvedKeys).toEqual(["R2::b.ts::5"]);
|
|
116
|
+
expect(diff.scoreDelta).toBe(10);
|
|
117
|
+
});
|
|
118
|
+
it("handles empty baseline and empty current", () => {
|
|
119
|
+
const baseline = {
|
|
120
|
+
version: 1,
|
|
121
|
+
prodcheckVersion: "0.1.0",
|
|
122
|
+
configHash: "abc",
|
|
123
|
+
indexVersion: 1,
|
|
124
|
+
createdAt: new Date().toISOString(),
|
|
125
|
+
score: 100,
|
|
126
|
+
findingKeys: [],
|
|
127
|
+
};
|
|
128
|
+
const current = makeScanResult([], 100);
|
|
129
|
+
const diff = diffBaseline(baseline, current);
|
|
130
|
+
expect(diff.newFindings).toHaveLength(0);
|
|
131
|
+
expect(diff.resolvedKeys).toHaveLength(0);
|
|
132
|
+
expect(diff.scoreDelta).toBe(0);
|
|
133
|
+
});
|
|
134
|
+
});
|
|
135
|
+
//# sourceMappingURL=baseline.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline.test.js","sourceRoot":"","sources":["../../src/engine/baseline.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAgB,MAAM,SAAS,CAAC;AAC5D,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAGtF,SAAS,WAAW,CAAC,YAA8B,EAAE;IACnD,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,MAAM;QACf,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,EAAE;QACf,IAAI,EAAE,EAAE;QACR,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAmB,EAAE,KAAK,GAAG,GAAG;IACtD,OAAO;QACL,OAAO,EAAE,CAAC;QACV,gBAAgB,EAAE,OAAO;QACzB,UAAU,EAAE,KAAK;QACjB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,iBAAiB;QAC5B,QAAQ,EAAE;YACR,IAAI,EAAE,EAAS;YACf,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,KAAK;SAClB;QACD,KAAK;QACL,QAAQ;QACR,cAAc,EAAE,EAAE;QAClB,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;KACrF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/F,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,QAAQ,GAAG,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,MAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/B,MAAM,CAAC,MAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACrD,MAAM,CAAC,MAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;QAClC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QAE1C,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC9C,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,QAAQ,GAAa;YACzB,OAAO,EAAE,CAAC;YACV,gBAAgB,EAAE,OAAO;YACzB,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,EAAE;YACT,WAAW,EAAE,CAAC,aAAa,CAAC;SAC7B,CAAC;QAEF,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACtE,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC;QAE3D,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,QAAQ,GAAa;YACzB,OAAO,EAAE,CAAC;YACV,gBAAgB,EAAE,OAAO;YACzB,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,EAAE;YACT,WAAW,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC;SAC5C,CAAC;QAEF,MAAM,OAAO,GAAG,cAAc,CAAC,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAE3F,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,QAAQ,GAAa;YACzB,OAAO,EAAE,CAAC;YACV,gBAAgB,EAAE,OAAO;YACzB,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,GAAG;YACV,WAAW,EAAE,EAAE;SAChB,CAAC;QAEF,MAAM,OAAO,GAAG,cAAc,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { ProdcheckConfig } from "./types.js";
|
|
2
|
+
export declare function findConfigFile(rootDir: string): string | undefined;
|
|
3
|
+
export declare function loadConfigIfExists(rootDir: string): ProdcheckConfig | undefined;
|
|
4
|
+
export declare const DEFAULT_CONFIG: ProdcheckConfig;
|
|
5
|
+
export declare function writeDefaultConfig(rootDir: string, opts: {
|
|
6
|
+
force?: boolean;
|
|
7
|
+
}): void;
|
|
8
|
+
//# sourceMappingURL=config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/engine/config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAQlD,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMlE;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAc/E;AAED,eAAO,MAAM,cAAc,EAAE,eAiD5B,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAsDnF"}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import path from "node:path";
|
|
2
|
+
import { existsSync, readFileSync, writeFileSync } from "node:fs";
|
|
3
|
+
const CONFIG_FILES = [
|
|
4
|
+
"prodcheck.config.ts",
|
|
5
|
+
"prodcheck.config.js",
|
|
6
|
+
"prodcheck.config.json",
|
|
7
|
+
];
|
|
8
|
+
export function findConfigFile(rootDir) {
|
|
9
|
+
for (const name of CONFIG_FILES) {
|
|
10
|
+
const abs = path.join(rootDir, name);
|
|
11
|
+
if (existsSync(abs))
|
|
12
|
+
return abs;
|
|
13
|
+
}
|
|
14
|
+
return undefined;
|
|
15
|
+
}
|
|
16
|
+
export function loadConfigIfExists(rootDir) {
|
|
17
|
+
const file = findConfigFile(rootDir);
|
|
18
|
+
if (!file)
|
|
19
|
+
return undefined;
|
|
20
|
+
if (file.endsWith(".json")) {
|
|
21
|
+
try {
|
|
22
|
+
return JSON.parse(readFileSync(file, "utf8"));
|
|
23
|
+
}
|
|
24
|
+
catch (err) {
|
|
25
|
+
throw new Error(`Failed to parse ${file}: ${err instanceof Error ? err.message : String(err)}`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
// TS/JS config requires a loader (tsx, jiti) — not yet supported.
|
|
29
|
+
return undefined;
|
|
30
|
+
}
|
|
31
|
+
export const DEFAULT_CONFIG = {
|
|
32
|
+
framework: "next-app-router",
|
|
33
|
+
include: ["app/**", "src/**"],
|
|
34
|
+
exclude: ["**/*.test.*", "**/*.spec.*", "**/node_modules/**"],
|
|
35
|
+
ci: {
|
|
36
|
+
failOn: "critical",
|
|
37
|
+
minConfidence: "high",
|
|
38
|
+
minScore: 70,
|
|
39
|
+
maxNewCritical: 0,
|
|
40
|
+
},
|
|
41
|
+
scoring: {
|
|
42
|
+
start: 100,
|
|
43
|
+
penalties: { critical: 15, high: 6, med: 3, low: 1 },
|
|
44
|
+
},
|
|
45
|
+
hints: {
|
|
46
|
+
auth: {
|
|
47
|
+
functions: [
|
|
48
|
+
"auth", "getServerSession", "getSession", "currentUser",
|
|
49
|
+
"requireUser", "requireAuth",
|
|
50
|
+
"withAuth", // NextAuth v4 / WorkOS
|
|
51
|
+
"getKindeServerSession", // Kinde
|
|
52
|
+
"validateRequest", // Lucia
|
|
53
|
+
"getIronSession", // iron-session
|
|
54
|
+
"withApiAuthRequired", // Auth0
|
|
55
|
+
"verifyIdToken", // Firebase Admin
|
|
56
|
+
"getTokens", // next-firebase-auth-edge
|
|
57
|
+
],
|
|
58
|
+
middlewareFiles: ["middleware.ts"],
|
|
59
|
+
allowlistPaths: [],
|
|
60
|
+
},
|
|
61
|
+
rateLimit: {
|
|
62
|
+
wrappers: [
|
|
63
|
+
"rateLimit", "withRateLimit", "ratelimit", "limit",
|
|
64
|
+
"checkRateLimitAndThrowError", "ratelimitOrThrow", "rateLimitOrThrow",
|
|
65
|
+
],
|
|
66
|
+
allowlistPaths: [],
|
|
67
|
+
},
|
|
68
|
+
tenancy: {
|
|
69
|
+
orgFieldNames: ["orgId", "tenantId", "workspaceId", "organizationId", "teamId", "accountId"],
|
|
70
|
+
},
|
|
71
|
+
},
|
|
72
|
+
rules: {
|
|
73
|
+
"AUTH-BOUNDARY-MISSING": { severity: "critical" },
|
|
74
|
+
"RATE-LIMIT-MISSING": { severity: "critical" },
|
|
75
|
+
"TENANCY-SCOPE-MISSING": { severity: "critical" },
|
|
76
|
+
"INPUT-VALIDATION-MISSING": { severity: "high" },
|
|
77
|
+
"WRAPPER-UNRECOGNIZED": { severity: "high" },
|
|
78
|
+
},
|
|
79
|
+
waiversFile: "prodcheck.waivers.json",
|
|
80
|
+
};
|
|
81
|
+
export function writeDefaultConfig(rootDir, opts) {
|
|
82
|
+
const dest = path.join(rootDir, "prodcheck.config.json");
|
|
83
|
+
if (existsSync(dest) && !opts.force) {
|
|
84
|
+
return;
|
|
85
|
+
}
|
|
86
|
+
const config = {
|
|
87
|
+
$schema: "https://prodcheck.dev/schema.json",
|
|
88
|
+
framework: "next-app-router",
|
|
89
|
+
include: ["app/**", "src/**"],
|
|
90
|
+
exclude: ["**/*.test.*", "**/*.spec.*"],
|
|
91
|
+
ci: {
|
|
92
|
+
failOn: "critical",
|
|
93
|
+
minConfidence: "high",
|
|
94
|
+
minScore: 70,
|
|
95
|
+
maxNewCritical: 0,
|
|
96
|
+
},
|
|
97
|
+
hints: {
|
|
98
|
+
auth: {
|
|
99
|
+
functions: [
|
|
100
|
+
"auth", "getServerSession", "getSession", "currentUser",
|
|
101
|
+
"requireUser", "requireAuth",
|
|
102
|
+
"withAuth", "getKindeServerSession", "validateRequest",
|
|
103
|
+
"getIronSession", "withApiAuthRequired", "verifyIdToken", "getTokens"
|
|
104
|
+
],
|
|
105
|
+
middlewareFiles: ["middleware.ts"],
|
|
106
|
+
allowlistPaths: []
|
|
107
|
+
},
|
|
108
|
+
rateLimit: {
|
|
109
|
+
wrappers: [
|
|
110
|
+
"rateLimit", "withRateLimit", "limit",
|
|
111
|
+
"checkRateLimitAndThrowError", "ratelimitOrThrow", "rateLimitOrThrow"
|
|
112
|
+
],
|
|
113
|
+
allowlistPaths: []
|
|
114
|
+
},
|
|
115
|
+
tenancy: {
|
|
116
|
+
orgFieldNames: ["orgId", "tenantId", "workspaceId", "organizationId", "teamId", "accountId"]
|
|
117
|
+
},
|
|
118
|
+
},
|
|
119
|
+
rules: {
|
|
120
|
+
"AUTH-BOUNDARY-MISSING": { severity: "critical" },
|
|
121
|
+
"RATE-LIMIT-MISSING": { severity: "critical" },
|
|
122
|
+
"TENANCY-SCOPE-MISSING": { severity: "critical" },
|
|
123
|
+
"INPUT-VALIDATION-MISSING": { severity: "high" },
|
|
124
|
+
"WRAPPER-UNRECOGNIZED": { severity: "high" },
|
|
125
|
+
},
|
|
126
|
+
scoring: {
|
|
127
|
+
start: 100,
|
|
128
|
+
penalties: { critical: 15, high: 6, med: 3, low: 1 },
|
|
129
|
+
},
|
|
130
|
+
waiversFile: "prodcheck.waivers.json",
|
|
131
|
+
};
|
|
132
|
+
writeFileSync(dest, JSON.stringify(config, null, 2) + "\n");
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/engine/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAGlE,MAAM,YAAY,GAAG;IACnB,qBAAqB;IACrB,qBAAqB;IACrB,uBAAuB;CACxB,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACrC,IAAI,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;IAClC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAE5B,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAoB,CAAC;QACnE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C,SAAS,EAAE,iBAAiB;IAC5B,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,aAAa,EAAE,oBAAoB,CAAC;IAC7D,EAAE,EAAE;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,MAAM;QACrB,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,CAAC;KAClB;IACD,OAAO,EAAE;QACP,KAAK,EAAE,GAAG;QACV,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;KACrD;IACD,KAAK,EAAE;QACL,IAAI,EAAE;YACJ,SAAS,EAAE;gBACT,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,aAAa;gBACvD,aAAa,EAAE,aAAa;gBAC5B,UAAU,EAAkB,uBAAuB;gBACnD,uBAAuB,EAAK,QAAQ;gBACpC,iBAAiB,EAAW,QAAQ;gBACpC,gBAAgB,EAAY,eAAe;gBAC3C,qBAAqB,EAAO,QAAQ;gBACpC,eAAe,EAAa,iBAAiB;gBAC7C,WAAW,EAAgB,0BAA0B;aACtD;YACD,eAAe,EAAE,CAAC,eAAe,CAAC;YAClC,cAAc,EAAE,EAAE;SACnB;QACD,SAAS,EAAE;YACT,QAAQ,EAAE;gBACR,WAAW,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO;gBAClD,6BAA6B,EAAE,kBAAkB,EAAE,kBAAkB;aACtE;YACD,cAAc,EAAE,EAAE;SACnB;QACD,OAAO,EAAE;YACP,aAAa,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,gBAAgB,EAAE,QAAQ,EAAE,WAAW,CAAC;SAC7F;KACF;IACD,KAAK,EAAE;QACL,uBAAuB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;QACjD,oBAAoB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;QAC9C,uBAAuB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;QACjD,0BAA0B,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;QAChD,sBAAsB,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;KAC7C;IACD,WAAW,EAAE,wBAAwB;CACtC,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,OAAe,EAAE,IAAyB;IAC3E,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;IACzD,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,mCAAmC;QAC5C,SAAS,EAAE,iBAAiB;QAC5B,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC;QACvC,EAAE,EAAE;YACF,MAAM,EAAE,UAAU;YAClB,aAAa,EAAE,MAAM;YACrB,QAAQ,EAAE,EAAE;YACZ,cAAc,EAAE,CAAC;SAClB;QACD,KAAK,EAAE;YACL,IAAI,EAAE;gBACJ,SAAS,EAAE;oBACT,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,aAAa;oBACvD,aAAa,EAAE,aAAa;oBAC5B,UAAU,EAAE,uBAAuB,EAAE,iBAAiB;oBACtD,gBAAgB,EAAE,qBAAqB,EAAE,eAAe,EAAE,WAAW;iBACtE;gBACD,eAAe,EAAE,CAAC,eAAe,CAAC;gBAClC,cAAc,EAAE,EAAE;aACnB;YACD,SAAS,EAAE;gBACT,QAAQ,EAAE;oBACR,WAAW,EAAE,eAAe,EAAE,OAAO;oBACrC,6BAA6B,EAAE,kBAAkB,EAAE,kBAAkB;iBACtE;gBACD,cAAc,EAAE,EAAE;aACnB;YACD,OAAO,EAAE;gBACP,aAAa,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,gBAAgB,EAAE,QAAQ,EAAE,WAAW,CAAC;aAC7F;SACF;QACD,KAAK,EAAE;YACL,uBAAuB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;YACjD,oBAAoB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;YAC9C,uBAAuB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE;YACjD,0BAA0B,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;YAChD,sBAAsB,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE;SAC7C;QACD,OAAO,EAAE;YACP,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;SACrD;QACD,WAAW,EAAE,wBAAwB;KACtC,CAAC;IAEF,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC9D,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.test.d.ts","sourceRoot":"","sources":["../../src/engine/config.test.ts"],"names":[],"mappings":""}
|