@fragments-sdk/cli 0.15.10 → 0.16.0

package/src/commands/govern-scan.ts

@@ -3,7 +3,6 @@
  *
  * Parses real JSX/TSX files via the existing codebase scanner, converts
  * component usages to UISpec, and runs governance checks per file.
- * Optionally submits results to Fragments Cloud.
  */
 
 import pc from 'picocolors';
@@ -11,6 +10,13 @@ import { resolve, relative } from 'node:path';
 import { existsSync } from 'node:fs';
 import { BRAND } from '../core/index.js';
 import type { ComponentUsage } from '../service/enhance/types.js';
+import {
+  aggregateVerdicts,
+  flattenComponentUsage,
+  buildComplianceSummary,
+  writeGovernScanReport,
+  type GovernScanReport,
+} from './govern-scan-report.js';
 
 // ---------------------------------------------------------------------------
 // Options
@@ -23,6 +29,8 @@ export interface GovernScanOptions {
   config?: string;
   /** Output format */
   format?: 'summary' | 'json' | 'sarif';
+  /** Write an aggregated machine-readable JSON report */
+  report?: string;
   /** Suppress non-error output */
   quiet?: boolean;
 }
@@ -78,6 +86,7 @@ function groupByFile(usages: ComponentUsage[]): Map<string, ComponentUsage[]> {
   return grouped;
 }
 
+
 // ---------------------------------------------------------------------------
 // governScan
 // ---------------------------------------------------------------------------
@@ -89,9 +98,9 @@ export async function governScan(
     loadPolicy,
     createEngine,
     buildAdaptersFromConfig,
-    createCloudAdapter,
     formatVerdict,
     computeComponentHealth,
+    computeScore,
   } = await import('@fragments-sdk/govern');
 
   const { scanCodebase } = await import(
@@ -125,15 +134,9 @@ export async function governScan(
     }
   }
 
-  // 3. Extract code tokens for cloud ingest
-  let codeTokens: string | undefined;
-  if (process.env.FRAGMENTS_API_KEY) {
-    codeTokens = await extractCodeTokens(rootDir, options.config, quiet);
-  }
-
-  // 3b. Load contract registry for governance + cloud ingest (if fragments.json exists)
-  let contractRegistry: string | undefined;
+  // 3. Load contract registry for contract-aware scoring (if fragments.json exists)
   let registryMap: Record<string, unknown> | undefined;
+  let hasRegistry = false;
   {
     const { readFileSync, existsSync } = await import('node:fs');
     const fragmentsJsonPath = resolve(rootDir, 'fragments.json');
@@ -142,37 +145,28 @@ export async function governScan(
         const raw = readFileSync(fragmentsJsonPath, 'utf-8');
         const parsed = JSON.parse(raw);
         if (parsed.fragments && Array.isArray(parsed.fragments)) {
-          // Build name-keyed map for engine registry injection
           const map: Record<string, unknown> = {};
-          for (const f of parsed.fragments) {
-            if (f.meta?.name) {
-              map[f.meta.name] = f;
+          for (const fragment of parsed.fragments) {
+            if (fragment.meta?.name) {
+              map[fragment.meta.name] = fragment;
             }
           }
           registryMap = map;
-
-          if (process.env.FRAGMENTS_API_KEY) {
-            contractRegistry = JSON.stringify({ fragments: parsed.fragments });
-          }
+          hasRegistry = true;
           if (!quiet) {
-            console.log(pc.dim(`  Contract registry loaded (${parsed.fragments.length} components)\n`));
+            console.log(
+              pc.dim(`  Contract registry loaded (${parsed.fragments.length} components)\n`),
+            );
           }
         }
       } catch {
-        // Invalid fragments.json — skip
+        // Invalid fragments.json — skip registry-aware summary
       }
     }
   }
 
-  // 4. Build adapters. Auto-add cloud if FRAGMENTS_API_KEY is set
+  // 4. Build adapters from policy config
   const adapters = buildAdaptersFromConfig(policy.audit);
-  const hasCloudAdapter = adapters.length > 0 && policy.audit?.cloud;
-  if (!hasCloudAdapter && process.env.FRAGMENTS_API_KEY) {
-    adapters.push(createCloudAdapter({ codeTokens, contractRegistry }));
-    if (!quiet) {
-      console.log(pc.dim('  Cloud audit enabled (FRAGMENTS_API_KEY detected)\n'));
-    }
-  }
 
   // 5. Create engine (with registry for contract-aware validators)
   const engine = createEngine(
@@ -220,6 +214,16 @@ export async function governScan(
     if (!quiet) {
       console.log(pc.yellow('  No component usages found.\n'));
     }
+    if (options.report) {
+      const report: GovernScanReport = {
+        verdict: aggregateVerdicts([], computeScore, 'ci'),
+        componentUsage: [],
+      };
+      await writeGovernScanReport(options.report, report);
+      if (!quiet) {
+        console.log(pc.dim(`  Wrote governance report: ${resolve(options.report)}\n`));
+      }
+    }
     return { exitCode: 0 };
   }
 
@@ -231,16 +235,6 @@ export async function governScan(
   const violationCounts = new Map<string, number>();
   const allVerdicts: Awaited<ReturnType<typeof engine.check>>[] = [];
 
-  // Build per-file usage snapshot for cloud
-  const usageSnapshot: Array<{
-    file: string;
-    components: Array<{
-      name: string;
-      line: number;
-      props: { static: Record<string, unknown>; dynamic: string[] };
-    }>;
-  }> = [];
-
   for (const [filePath, usages] of grouped) {
     const spec = usagesToSpec(usages, filePath, rootDir);
     const relPath = relative(rootDir, filePath);
@@ -251,19 +245,6 @@ export async function governScan(
     });
     allVerdicts.push(verdict);
 
-    // Collect per-file usage snapshot
-    usageSnapshot.push({
-      file: relPath,
-      components: usages.map((u) => ({
-        name: u.componentName,
-        line: u.line,
-        props: {
-          static: u.props.static,
-          dynamic: u.props.dynamic,
-        },
-      })),
-    });
-
     totalFiles++;
 
     if (verdict.passed) {
@@ -340,103 +321,21 @@ export async function governScan(
     }
   }
 
-  // 10. Push component usage snapshot + health to Cloud (if API key set)
-  if (process.env.FRAGMENTS_API_KEY && usageSnapshot.length > 0) {
-    try {
-      const apiKey = process.env.FRAGMENTS_API_KEY;
-      const url = process.env.FRAGMENTS_URL ?? 'https://app.usefragments.com';
-      await fetch(`${url}/api/ingest`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          Authorization: `Bearer ${apiKey}`,
-        },
-        body: JSON.stringify({
-          componentUsage: JSON.stringify(usageSnapshot),
-          componentHealth: JSON.stringify(health),
-        }),
-      });
-    } catch {
-      // Non-critical — don't fail the scan
+  if (options.report) {
+    const report: GovernScanReport = {
+      verdict: aggregateVerdicts(allVerdicts, computeScore, 'ci'),
+      componentUsage: flattenComponentUsage(allUsages, rootDir),
+    };
+    if (hasRegistry) {
+      report.complianceSummary = buildComplianceSummary(health);
     }
-  }
-
-  return { exitCode: passedFiles === totalFiles ? 0 : 1 };
-}
-
-// ---------------------------------------------------------------------------
-// Token extraction for cloud ingest
-// ---------------------------------------------------------------------------
-
-/**
- * Auto-detect and extract code tokens to send alongside governance verdicts.
- * Tries: 1) tokens config from fragments.config.ts, 2) Tailwind config.
- * Returns a flat JSON string of token name → value, or undefined if nothing found.
- */
-async function extractCodeTokens(
-  rootDir: string,
-  configPath?: string,
-  quiet?: boolean,
-): Promise<string | undefined> {
-  try {
-    // 1. Try fragments.config.ts tokens config
-    try {
-      const { loadConfig } = await import('../core/node.js');
-      const { parseTokenFiles } = await import('../service/index.js');
-
-      const { config, configDir } = await loadConfig(configPath);
-      if (config.tokens?.include?.length) {
-        const result = await parseTokenFiles(config.tokens, configDir);
-        if (result.tokens.length > 0) {
-          const flat: Record<string, string> = {};
-          for (const token of result.tokens) {
-            flat[token.name] = token.resolvedValue;
-          }
-          if (!quiet) {
-            console.log(
-              pc.dim(`  Extracted ${result.tokens.length} code tokens from config\n`),
-            );
-          }
-          return JSON.stringify(flat);
-        }
-      }
-    } catch {
-      // No config or no tokens section — fall through
-    }
-
-    // 2. Try Tailwind config
-    const {
-      findTailwindConfig,
-      loadTailwindConfig,
-    } = await import('../service/token-normalizer.js');
-
-    const tailwindPath = findTailwindConfig(rootDir);
-    if (tailwindPath) {
-      const tokens = await loadTailwindConfig(tailwindPath);
-      if (tokens.length > 0) {
-        const flat: Record<string, string> = {};
-        for (const token of tokens) {
-          flat[token.name] = token.value;
-        }
-        if (!quiet) {
-          console.log(
-            pc.dim(`  Extracted ${tokens.length} tokens from Tailwind config\n`),
-          );
-        }
-        return JSON.stringify(flat);
-      }
-    }
-  } catch (error) {
+    await writeGovernScanReport(options.report, report);
     if (!quiet) {
-      console.log(
-        pc.dim(
-          `  Token extraction skipped: ${error instanceof Error ? error.message : 'unknown error'}\n`,
-        ),
-      );
+      console.log(pc.dim(`  Wrote governance report: ${resolve(options.report)}\n`));
     }
   }
 
-  return undefined;
+  return { exitCode: passedFiles === totalFiles ? 0 : 1 };
 }
 
 // ---------------------------------------------------------------------------
@@ -450,7 +349,6 @@ export async function governWatch(
     loadPolicy,
     createEngine,
     buildAdaptersFromConfig,
-    createCloudAdapter,
     formatVerdict,
   } = await import('@fragments-sdk/govern');
 
@@ -480,9 +378,6 @@ export async function governWatch(
     policy = { ...policy, rules: SCAN_DEFAULT_RULES };
   }
   const adapters = buildAdaptersFromConfig(policy.audit);
-  if (!adapters.some(() => policy.audit?.cloud) && process.env.FRAGMENTS_API_KEY) {
-    adapters.push(createCloudAdapter());
-  }
   const engine = createEngine(policy, adapters);
 
   // 3. Watch for changes

package/src/commands/govern.ts

@@ -135,163 +135,6 @@ export async function governInit(options: GovernInitOptions = {}): Promise<void>
   );
 }
 
-// ---------------------------------------------------------------------------
-// connect
-// ---------------------------------------------------------------------------
-
-export async function governConnect(): Promise<void> {
-  const { readFile, writeFile, appendFile } = await import('node:fs/promises');
-  const { existsSync } = await import('node:fs');
-  const { resolve } = await import('node:path');
-  const { platform } = await import('node:os');
-  const { exec } = await import('node:child_process');
-  const { password, confirm } = await import('@inquirer/prompts');
-
-  const cloudUrl = process.env.FRAGMENTS_URL ?? 'https://app.usefragments.com';
-
-  console.log(pc.cyan(`\n  ${BRAND.name} — Connect to Cloud\n`));
-  console.log(
-    pc.dim('  This will connect your project to the Fragments dashboard\n') +
-    pc.dim('  for centralized audit tracking and team visibility.\n'),
-  );
-
-  // ── Step 1: Get API key ──────────────────────────────────────────────────
-  console.log(pc.bold('  Step 1 of 3: Get your API key\n'));
-
-  const dashboardUrl = `${cloudUrl}/api-keys`;
-  console.log(pc.dim(`  → Opening the dashboard in your browser...`));
-  console.log(pc.dim(`    Copy your API key from Settings → API Keys\n`));
-
-  // Open browser (best-effort)
-  const os = platform();
-  const openCmd = os === 'darwin'
-    ? `open "${dashboardUrl}"`
-    : os === 'win32'
-      ? `start "" "${dashboardUrl}"`
-      : `xdg-open "${dashboardUrl}"`;
-  exec(openCmd);
-
-  let apiKey: string;
-  let orgName: string;
-
-  // eslint-disable-next-line no-constant-condition
-  while (true) {
-    apiKey = await password({
-      message: 'Paste your API key:',
-      mask: '*',
-    });
-
-    if (!apiKey.trim()) {
-      console.log(pc.yellow('\n  API key cannot be empty. Please try again.\n'));
-      continue;
-    }
-
-    // Verify key against cloud
-    console.log(pc.dim('\n  Verifying...'));
-    try {
-      const response = await fetch(`${cloudUrl}/api/verify`, {
-        headers: { Authorization: `Bearer ${apiKey.trim()}` },
-      });
-
-      if (!response.ok) {
-        console.log(pc.red(`\n  ✗ Invalid API key (HTTP ${response.status}). Please try again.\n`));
-        continue;
-      }
-
-      const data = (await response.json()) as { valid: boolean; orgName?: string };
-      if (!data.valid) {
-        console.log(pc.red('\n  ✗ API key not recognized. Please try again.\n'));
-        continue;
-      }
-
-      orgName = data.orgName ?? 'your organization';
-      console.log(pc.green(`\n  ✓ Connected to "${orgName}" (verified)\n`));
-      break;
-    } catch (error) {
-      console.log(
-        pc.red('\n  ✗ Could not reach the dashboard.'),
-      );
-      console.log(
-        pc.dim(`    ${error instanceof Error ? error.message : 'Network error'}\n`),
-      );
-      continue;
-    }
-  }
-
-  // ── Step 2: Save configuration ──────────────────────────────────────────
-  console.log(pc.bold('  Step 2 of 3: Save configuration\n'));
-
-  const saveToEnv = await confirm({
-    message: 'Save API key to .env file?',
-    default: true,
-  });
-
-  if (saveToEnv) {
-    const envPath = resolve('.env');
-    const envEntry = `FRAGMENTS_API_KEY=${apiKey.trim()}`;
-
-    if (existsSync(envPath)) {
-      const envContent = await readFile(envPath, 'utf-8');
-      if (envContent.includes('FRAGMENTS_API_KEY=')) {
-        // Replace existing entry
-        const updated = envContent.replace(
-          /^FRAGMENTS_API_KEY=.*$/m,
-          envEntry,
-        );
-        await writeFile(envPath, updated, 'utf-8');
-        console.log(pc.green('  ✓ Updated FRAGMENTS_API_KEY in .env'));
-      } else {
-        await appendFile(envPath, `\n${envEntry}\n`, 'utf-8');
-        console.log(pc.green('  ✓ Added FRAGMENTS_API_KEY to .env'));
-      }
-    } else {
-      await writeFile(envPath, `${envEntry}\n`, 'utf-8');
-      console.log(pc.green('  ✓ Created .env with FRAGMENTS_API_KEY'));
-    }
-
-    // Write FRAGMENTS_URL only if non-default
-    if (cloudUrl !== 'https://app.usefragments.com') {
-      const envContent = await readFile(envPath, 'utf-8');
-      if (!envContent.includes('FRAGMENTS_URL=')) {
-        await appendFile(envPath, `FRAGMENTS_URL=${cloudUrl}\n`, 'utf-8');
-        console.log(pc.green(`  ✓ Added FRAGMENTS_URL to .env`));
-      }
-    }
-
-    // Ensure .env is in .gitignore
-    const gitignorePath = resolve('.gitignore');
-    if (existsSync(gitignorePath)) {
-      const gitignore = await readFile(gitignorePath, 'utf-8');
-      if (!gitignore.split('\n').some((line) => line.trim() === '.env')) {
-        await appendFile(gitignorePath, '\n.env\n', 'utf-8');
-        console.log(pc.green('  ✓ Added .env to .gitignore'));
-      }
-    } else {
-      await writeFile(gitignorePath, '.env\n', 'utf-8');
-      console.log(pc.green('  ✓ Created .gitignore with .env entry'));
-    }
-  }
-
-  // ── Step 3: Config check ────────────────────────────────────────────────
-  console.log(pc.bold('\n  Step 3 of 3: Config check\n'));
-
-  const { findGovernConfig } = await import('@fragments-sdk/govern');
-  const configPath = findGovernConfig();
-
-  if (configPath) {
-    console.log(pc.green(`  ✓ Found govern config: ${configPath}`));
-  } else {
-    console.log(
-      pc.yellow('  No govern config found — run `fragments govern init` to create one'),
-    );
-  }
-
-  // ── Done ────────────────────────────────────────────────────────────────
-  console.log(pc.dim('\n  ─────────────────────────────────────\n'));
-  console.log(pc.green('  ✓ All set!') + ' Run `fragments govern check` to send your first audit.\n');
-  console.log(pc.dim(`  Dashboard: ${cloudUrl}/overview\n`));
-}
-
 // ---------------------------------------------------------------------------
 // report
 // ---------------------------------------------------------------------------