@mcptoolshop/mcpt-publishing 1.0.0

package/scripts/lib/providers/pypi.mjs

@@ -0,0 +1,102 @@
+/**
+ * PyPI provider — audits Python packages on pypi.org.
+ *
+ * Uses the PyPI JSON API: https://pypi.org/pypi/<pkg>/json
+ */
+
+import { execSync } from "node:child_process";
+import { Provider } from "../provider.mjs";
+
+export default class PyPIProvider extends Provider {
+  get name() { return "pypi"; }
+
+  detect(entry) {
+    return entry.ecosystem === "pypi";
+  }
+
+  async audit(entry, ctx) {
+    const meta = this.#fetchMeta(entry.name);
+    const tags = ctx.tags.get(entry.repo) ?? [];
+    const releases = ctx.releases.get(entry.repo) ?? [];
+
+    if (!meta) {
+      return {
+        version: "?",
+        findings: [{ severity: "RED", code: "pypi-unreachable", msg: `Cannot reach ${entry.name} on PyPI` }],
+      };
+    }
+
+    const version = meta.info?.version ?? "?";
+    const findings = this.#classify(entry, meta, version, tags, releases);
+    return { version, findings };
+  }
+
+  // ─── Private ───────────────────────────────────────────────────────────────
+
+  #fetchMeta(pkg) {
+    try {
+      const url = `https://pypi.org/pypi/${pkg}/json`;
+      const raw = execSync(`curl -sf "${url}"`, { encoding: "utf8", timeout: 15_000 });
+      return JSON.parse(raw);
+    } catch { return null; }
+  }
+
+  #classify(entry, meta, version, tags, releases) {
+    const findings = [];
+    const tagName = `v${version}`;
+
+    // Published-but-not-tagged (RED)
+    if (!tags.includes(tagName)) {
+      findings.push({
+        severity: "RED",
+        code: "published-not-tagged",
+        msg: `${entry.name}@${version} — no git tag ${tagName}`,
+      });
+    }
+
+    // Tagged-but-not-released (YELLOW for front-door)
+    if (tags.includes(tagName) && !releases.includes(tagName) && entry.audience === "front-door") {
+      findings.push({
+        severity: "YELLOW",
+        code: "tagged-not-released",
+        msg: `${entry.name} tag ${tagName} has no GitHub Release`,
+      });
+    }
+
+    // Description / summary
+    const summary = meta.info?.summary ?? "";
+    if (!summary) {
+      findings.push({
+        severity: entry.audience === "front-door" ? "YELLOW" : "GRAY",
+        code: "missing-description",
+        msg: `${entry.name} has no summary on PyPI`,
+      });
+    }
+
+    // Homepage / project URL
+    const projectUrl = meta.info?.home_page || meta.info?.project_urls?.Homepage || "";
+    if (!projectUrl) {
+      findings.push({
+        severity: "GRAY",
+        code: "missing-homepage",
+        msg: `${entry.name} has no homepage on PyPI`,
+      });
+    }
+
+    return findings;
+  }
+
+  receipt(result) {
+    const [owner, name] = result.repo.split("/");
+    return {
+      schemaVersion: "1.0.0",
+      repo: { owner, name },
+      target: "pypi",
+      version: result.version,
+      packageName: result.name,
+      commitSha: result.commitSha,
+      timestamp: new Date().toISOString(),
+      artifacts: result.artifacts ?? [],
+    };
+  }
+}

package/scripts/lib/receipt-writer.mjs

@@ -0,0 +1,123 @@
+/**
+ * Receipt writer — validates and persists publish receipts.
+ *
+ * Receipts are immutable once written (append-only directory).
+ * Path: receipts/publish/<owner>--<name>/<target>/<version>.json
+ */
+
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const ROOT = join(__dirname, "..", "..");
+
+const VALID_TARGETS = ["npm", "nuget", "pypi", "ghcr"];
+
+/**
+ * Validate receipt data against the receipt schema (lightweight, no Ajv).
+ * @param {object} receipt
+ * @throws {Error} on validation failure
+ */
+export function validate(receipt) {
+  if (!receipt || typeof receipt !== "object") throw new Error("Receipt must be an object");
+
+  // Required top-level fields
+  const required = ["schemaVersion", "repo", "target", "version", "packageName", "commitSha", "timestamp", "artifacts"];
+  for (const field of required) {
+    if (!(field in receipt)) throw new Error(`Receipt missing required field: ${field}`);
+  }
+
+  // schemaVersion
+  if (receipt.schemaVersion !== "1.0.0") {
+    throw new Error(`Unknown schemaVersion: ${receipt.schemaVersion}`);
+  }
+
+  // repo
+  if (typeof receipt.repo !== "object" || !receipt.repo.owner || !receipt.repo.name) {
+    throw new Error("repo must have owner and name");
+  }
+
+  // target
+  if (!VALID_TARGETS.includes(receipt.target)) {
+    throw new Error(`Invalid target: ${receipt.target} (expected one of ${VALID_TARGETS.join(", ")})`);
+  }
+
+  // version
+  if (typeof receipt.version !== "string" || !receipt.version) {
+    throw new Error("version must be a non-empty string");
+  }
+
+  // packageName
+  if (typeof receipt.packageName !== "string" || !receipt.packageName) {
+    throw new Error("packageName must be a non-empty string");
+  }
+
+  // commitSha — 40 hex chars
+  if (typeof receipt.commitSha !== "string" || !/^[0-9a-f]{40}$/.test(receipt.commitSha)) {
+    throw new Error("commitSha must be a 40-character lowercase hex string");
+  }
+
+  // timestamp — ISO 8601
+  if (typeof receipt.timestamp !== "string" || !receipt.timestamp) {
+    throw new Error("timestamp must be a non-empty string");
+  }
+
+  // artifacts
+  if (!Array.isArray(receipt.artifacts)) {
+    throw new Error("artifacts must be an array");
+  }
+  for (const art of receipt.artifacts) {
+    if (!art.name || typeof art.name !== "string") throw new Error("artifact.name required");
+    if (typeof art.sha256 !== "string" || !/^[0-9a-f]{64}$/.test(art.sha256)) {
+      throw new Error(`Invalid artifact sha256: ${art.sha256}`);
+    }
+    if (typeof art.size !== "number" || art.size < 0 || !Number.isInteger(art.size)) {
+      throw new Error(`Invalid artifact size: ${art.size}`);
+    }
+    if (!art.url || typeof art.url !== "string") throw new Error("artifact.url required");
+  }
+}
+
+/**
+ * Build the filesystem path for a receipt.
+ * @param {object} receipt
+ * @returns {string} Absolute path
+ */
+function receiptPath(receipt) {
+  const slug = `${receipt.repo.owner}--${receipt.repo.name}`;
+  return join(ROOT, "receipts", "publish", slug, receipt.target, `${receipt.version}.json`);
+}
+
+/**
+ * Write a receipt to the immutable store.
+ * @param {object} receipt - Validated receipt data
+ * @returns {string} Absolute path of written receipt
+ * @throws {Error} if receipt already exists (immutability) or validation fails
+ */
+export function write(receipt) {
+  validate(receipt);
+
+  const filePath = receiptPath(receipt);
+
+  if (existsSync(filePath)) {
+    throw new Error(`Receipt already exists (immutable): ${filePath}`);
+  }
+
+  mkdirSync(dirname(filePath), { recursive: true });
+  writeFileSync(filePath, JSON.stringify(receipt, null, 2) + "\n");
+  return filePath;
+}
+
+/**
+ * Read an existing receipt.
+ * @param {string} repoSlug - "owner--name"
+ * @param {string} target   - "npm" | "nuget" | "pypi" | "ghcr"
+ * @param {string} version
+ * @returns {object|null}
+ */
+export function read(repoSlug, target, version) {
+  const filePath = join(ROOT, "receipts", "publish", repoSlug, target, `${version}.json`);
+  if (!existsSync(filePath)) return null;
+  return JSON.parse(readFileSync(filePath, "utf8"));
+}

package/scripts/lib/registry.mjs

@@ -0,0 +1,65 @@
+/**
+ * Provider registry — auto-discovers and validates providers.
+ *
+ * Scans scripts/lib/providers/*.mjs, imports each default export,
+ * and validates it extends Provider with required method overrides.
+ */
+
+import { readdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath, pathToFileURL } from "node:url";
+import { Provider } from "./provider.mjs";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const PROVIDERS_DIR = join(__dirname, "providers");
+
+const REQUIRED_METHODS = ["detect", "audit"];
+
+/**
+ * Dynamically import all .mjs files from providers/ directory.
+ * Each must export default a class extending Provider.
+ * @returns {Promise<Provider[]>}
+ */
+export async function loadProviders() {
+  const files = readdirSync(PROVIDERS_DIR).filter(f => f.endsWith(".mjs"));
+  const providers = [];
+
+  for (const file of files) {
+    const filePath = join(PROVIDERS_DIR, file);
+    const fileUrl = pathToFileURL(filePath).href;
+    const mod = await import(fileUrl);
+    const Ctor = mod.default;
+
+    if (!Ctor || typeof Ctor !== "function") {
+      throw new Error(`${file}: default export must be a class`);
+    }
+
+    // Verify it extends Provider
+    if (!(Ctor.prototype instanceof Provider)) {
+      throw new Error(`${file}: default export must extend Provider`);
+    }
+
+    const instance = new Ctor();
+
+    // Validate required methods are overridden (not the base class stubs)
+    for (const method of REQUIRED_METHODS) {
+      if (instance[method] === Provider.prototype[method]) {
+        throw new Error(`${file}: must override ${method}()`);
+      }
+    }
+
+    providers.push(instance);
+  }
+
+  return providers;
+}
+
+/**
+ * Given an entry, return the providers that claim it via detect().
+ * @param {Provider[]} providers
+ * @param {object} entry
+ * @returns {Provider[]}
+ */
+export function matchProviders(providers, entry) {
+  return providers.filter(p => p.detect(entry));
+}

package/src/cli/exit-codes.mjs

@@ -0,0 +1,15 @@
+/**
+ * Named exit codes for CI-friendly CLI behavior.
+ *
+ *   0 — success
+ *   1 — reserved for uncaught exceptions (Node default)
+ *   2 — drift found (audit found RED-severity issues)
+ *   3 — config or schema error
+ *   4 — missing credentials for a requested operation
+ */
+export const EXIT = {
+  SUCCESS: 0,
+  DRIFT_FOUND: 2,
+  CONFIG_ERROR: 3,
+  MISSING_CREDENTIALS: 4,
+};

package/src/cli/help.mjs

@@ -0,0 +1,34 @@
+/**
+ * Help text for the mcpt-publishing CLI.
+ */
+
+export const GLOBAL_HELP = `
+mcpt-publishing — Publishing health auditor and receipt factory plugin.
+
+Usage:
+  mcpt-publishing <command> [flags]
+
+Commands:
+  audit       Run publishing health audit across all registries
+  init        Scaffold publishing.config.json and starter manifest
+  plan        Dry-run publish plan (shows what would happen)
+  publish     Execute publish and generate receipts
+  providers   List registered providers and their status
+
+Global flags:
+  --help      Show help for a command
+  --version   Show version
+  --json      Machine-readable output (supported by all commands)
+
+Examples:
+  mcpt-publishing audit              # audit all packages, write reports
+  mcpt-publishing audit --json       # JSON output to stdout
+  mcpt-publishing init               # scaffold config in current directory
+  mcpt-publishing providers          # list available providers
+
+Environment:
+  PUBLISHING_CONFIG   Path to publishing.config.json (overrides walk-up discovery)
+  GH_TOKEN            GitHub token for API access (tags, releases, issues)
+
+Docs: https://github.com/mcp-tool-shop/mcpt-publishing
+`.trim();

package/src/cli/router.mjs

@@ -0,0 +1,120 @@
+/**
+ * CLI router — zero-dependency subcommand parser and dispatcher.
+ */
+
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import { GLOBAL_HELP } from "./help.mjs";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+/** Lazy-loaded command map. Keys are subcommand names. */
+const COMMANDS = {
+  audit:     () => import("../commands/audit.mjs"),
+  init:      () => import("../commands/init.mjs"),
+  plan:      () => import("../commands/plan.mjs"),
+  publish:   () => import("../commands/publish.mjs"),
+  providers: () => import("../commands/providers.mjs"),
+};
+
+/**
+ * Parse CLI flags from an argv slice (after the subcommand).
+ *
+ *   --flag        → { flag: true }
+ *   --key value   → { key: "value" }
+ *   bare          → pushed to _positionals
+ *
+ * @param {string[]} args
+ * @returns {object}
+ */
+export function parseFlags(args) {
+  const flags = { _positionals: [] };
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "--") {
+      flags._positionals.push(...args.slice(i + 1));
+      break;
+    }
+    if (arg.startsWith("--")) {
+      const key = arg.slice(2);
+      const next = args[i + 1];
+      if (!next || next.startsWith("--")) {
+        flags[key] = true;
+      } else {
+        flags[key] = next;
+        i++;
+      }
+    } else if (arg.startsWith("-") && arg.length === 2) {
+      // Short flag aliases
+      const SHORT = { h: "help", v: "version", j: "json" };
+      const expanded = SHORT[arg[1]];
+      if (expanded) flags[expanded] = true;
+      else flags._positionals.push(arg);
+    } else {
+      flags._positionals.push(arg);
+    }
+  }
+  return flags;
+}
+
+/**
+ * Main entry point — parse argv and dispatch to the matching command.
+ * @param {string[]} argv - process.argv
+ */
+export async function run(argv) {
+  const args = argv.slice(2);
+  const subcommand = args[0];
+
+  // --help / -h at global level (before subcommand lookup)
+  if (args.includes("--help") || args.includes("-h")) {
+    // If a valid subcommand precedes --help, show per-command help
+    if (subcommand && COMMANDS[subcommand]) {
+      // handled below after flag parsing
+    } else {
+      process.stdout.write(GLOBAL_HELP + "\n");
+      process.exit(0);
+    }
+  }
+
+  // --version at global level
+  if (args.includes("--version") || args.includes("-v")) {
+    const pkgPath = join(__dirname, "..", "..", "package.json");
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+    process.stdout.write(pkg.version + "\n");
+    process.exit(0);
+  }
+
+  // No subcommand or unknown → global help
+  if (!subcommand || !COMMANDS[subcommand]) {
+    if (subcommand && !subcommand.startsWith("-") && !COMMANDS[subcommand]) {
+      process.stderr.write(`Unknown command: ${subcommand}\n\n`);
+    }
+    process.stdout.write(GLOBAL_HELP + "\n");
+    process.exit(!subcommand || subcommand.startsWith("-") ? 0 : 3);
+  }
+
+  // Parse flags after the subcommand
+  const flags = parseFlags(args.slice(1));
+
+  // Per-command help
+  if (flags.help) {
+    const mod = await COMMANDS[subcommand]();
+    if (mod.helpText) {
+      process.stdout.write(mod.helpText + "\n");
+    } else {
+      process.stdout.write(GLOBAL_HELP + "\n");
+    }
+    process.exit(0);
+  }
+
+  // Dispatch
+  try {
+    const mod = await COMMANDS[subcommand]();
+    const exitCode = await mod.execute(flags);
+    process.exit(exitCode ?? 0);
+  } catch (e) {
+    process.stderr.write(`Error: ${e.message}\n`);
+    process.exit(3);
+  }
+}

package/src/commands/audit.mjs

@@ -0,0 +1,238 @@
+/**
+ * `mcpt-publishing audit` — run publishing health audit across all registries.
+ *
+ * Loads config → reads manifest → imports providers from scripts/lib/registry.mjs
+ * → runs orchestration loop → writes reports → emits audit receipt.
+ *
+ * Exit codes:
+ *   0 — all clean
+ *   2 — RED-severity drift found
+ *   3 — config or file error
+ */
+
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath, pathToFileURL } from "node:url";
+import { loadConfig } from "../config/loader.mjs";
+import { emitAuditReceipt } from "../receipts/audit-receipt.mjs";
+import { EXIT } from "../cli/exit-codes.mjs";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+// Ecosystem labels for markdown headings
+const ECOSYSTEM_LABELS = {
+  npm: "npm",
+  nuget: "NuGet",
+  pypi: "PyPI",
+  ghcr: "GHCR",
+};
+
+export const helpText = `
+mcpt-publishing audit — Run publishing health audit.
+
+Usage:
+  mcpt-publishing audit [flags]
+
+Flags:
+  --json        Output JSON to stdout (skip markdown reports)
+  --config      Explicit path to publishing.config.json
+  --help        Show this help
+
+Exit codes:
+  0   All packages clean
+  2   RED-severity drift detected (CI-friendly non-zero)
+
+Examples:
+  mcpt-publishing audit              # writes reports/latest.md + .json
+  mcpt-publishing audit --json       # JSON to stdout only
+`.trim();
+
+/**
+ * Execute the audit command.
+ * @param {object} flags - Parsed CLI flags
+ * @returns {number} Exit code
+ */
+export async function execute(flags) {
+  // Load config
+  const config = flags.config
+    ? loadConfig(dirname(flags.config))
+    : loadConfig();
+
+  // Read manifest
+  const manifestPath = join(config.profilesDir, "manifest.json");
+  if (!existsSync(manifestPath)) {
+    process.stderr.write(`Error: Manifest not found at ${manifestPath}\n`);
+    process.stderr.write(`Run 'mcpt-publishing init' to scaffold the project.\n`);
+    return EXIT.CONFIG_ERROR;
+  }
+  const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
+
+  // Import provider registry from scripts/lib (reuse existing working code)
+  const registryPath = join(__dirname, "..", "..", "scripts", "lib", "registry.mjs");
+  const registryUrl = pathToFileURL(registryPath).href;
+  const { loadProviders, matchProviders } = await import(registryUrl);
+
+  const providers = await loadProviders();
+
+  // Optional: filter by enabledProviders config
+  const enabled = config.enabledProviders ?? [];
+  const activeProviders = enabled.length > 0
+    ? providers.filter(p => enabled.includes(p.name))
+    : providers;
+
+  // Shared context for tag/release caching
+  const ctx = {
+    tags: new Map(),
+    releases: new Map(),
+  };
+
+  // Find the GitHub provider (context loader) — must run before ecosystem providers
+  const ghProvider = activeProviders.find(p => p.name === "github");
+
+  // Build results object with an array per ecosystem key present in the manifest
+  const results = {};
+  for (const key of Object.keys(manifest)) {
+    if (Array.isArray(manifest[key])) results[key] = [];
+  }
+  results.generated = new Date().toISOString();
+
+  const allFindings = [];
+
+  // Process each ecosystem section from the manifest
+  for (const [ecosystem, packages] of Object.entries(manifest)) {
+    if (!Array.isArray(packages)) continue;
+    process.stderr.write(`Auditing ${packages.length} ${ECOSYSTEM_LABELS[ecosystem] ?? ecosystem} packages...\n`);
+
+    for (const pkg of packages) {
+      const entry = { ...pkg, ecosystem };
+
+      // Ensure GitHub context (tags + releases) is loaded for this repo
+      if (ghProvider && ghProvider.detect(entry)) {
+        await ghProvider.audit(entry, ctx);
+      }
+
+      // Find the ecosystem-specific provider(s)
+      const ecosystemProviders = matchProviders(activeProviders, entry).filter(p => p.name !== "github");
+
+      let version = "?";
+      const findings = [];
+
+      for (const provider of ecosystemProviders) {
+        const result = await provider.audit(entry, ctx);
+        if (result.version && result.version !== "?") version = result.version;
+        findings.push(...result.findings);
+      }
+
+      const resultEntry = {
+        name: pkg.name,
+        version,
+        repo: pkg.repo,
+        audience: pkg.audience,
+        findings,
+      };
+
+      if (results[ecosystem]) {
+        results[ecosystem].push(resultEntry);
+      }
+      allFindings.push(...findings.map(f => ({ ...f, pkg: pkg.name, ecosystem })));
+    }
+  }
+
+  // Counts
+  const red = allFindings.filter(f => f.severity === "RED");
+  const yellow = allFindings.filter(f => f.severity === "YELLOW");
+  const gray = allFindings.filter(f => f.severity === "GRAY");
+  const info = allFindings.filter(f => f.severity === "INFO");
+  results.counts = { RED: red.length, YELLOW: yellow.length, GRAY: gray.length, INFO: info.length };
+
+  // Count total packages
+  let totalPackages = 0;
+  for (const [, val] of Object.entries(results)) {
+    if (Array.isArray(val)) totalPackages += val.length;
+  }
+  results.totalPackages = totalPackages;
+
+  // JSON-only mode
+  if (flags.json) {
+    process.stdout.write(JSON.stringify(results, null, 2) + "\n");
+    emitAuditReceipt(config, results);
+    return red.length > 0 ? EXIT.DRIFT_FOUND : EXIT.SUCCESS;
+  }
+
+  // Generate markdown report
+  const md = buildMarkdownReport(results, manifest, allFindings, red, yellow, gray, info);
+
+  // Write reports
+  mkdirSync(config.reportsDir, { recursive: true });
+  writeFileSync(join(config.reportsDir, "latest.md"), md);
+  writeFileSync(join(config.reportsDir, "latest.json"), JSON.stringify(results, null, 2));
+
+  const infoSuffix = info.length > 0 ? ` INFO=${info.length} (indexing — retry later)` : "";
+  process.stderr.write(`\nDone. RED=${red.length} YELLOW=${yellow.length} GRAY=${gray.length}${infoSuffix}\n`);
+  process.stderr.write(`Reports written to ${config.reportsDir}/latest.md and latest.json\n`);
+
+  // Emit audit receipt
+  emitAuditReceipt(config, results);
+
+  return red.length > 0 ? EXIT.DRIFT_FOUND : EXIT.SUCCESS;
+}
+
+// ─── Internal ────────────────────────────────────────────────────────────────
+
+function buildMarkdownReport(results, manifest, allFindings, red, yellow, gray, info) {
+  const lines = [];
+  lines.push("# Publishing Health Report");
+  lines.push("");
+  lines.push(`> Generated: ${results.generated}`);
+  lines.push("");
+  const infoLabel = info.length > 0 ? ` | **INFO: ${info.length}** (indexing)` : "";
+  lines.push(`**RED: ${red.length}** | **YELLOW: ${yellow.length}** | **GRAY: ${gray.length}**${infoLabel}`);
+  lines.push("");
+
+  if (red.length + yellow.length + info.length > 0) {
+    lines.push("## Top Actions");
+    lines.push("");
+    for (const f of [...red, ...yellow, ...info].slice(0, 10)) {
+      lines.push(`- **${f.severity}** ${f.msg}`);
+    }
+    lines.push("");
+  }
+
+  // Group by package
+  const byRepo = {};
+  for (const f of allFindings) {
+    const key = f.pkg;
+    if (!byRepo[key]) byRepo[key] = [];
+    byRepo[key].push(f);
+  }
+
+  if (Object.keys(byRepo).length > 0) {
+    lines.push("## Findings by Package");
+    lines.push("");
+    for (const [pkg, findings] of Object.entries(byRepo)) {
+      lines.push(`### ${pkg}`);
+      for (const f of findings) {
+        lines.push(`- **${f.severity}** [${f.code}] ${f.msg}`);
+      }
+      lines.push("");
+    }
+  }
+
+  // Summary tables per ecosystem
+  for (const [ecosystem, packages] of Object.entries(manifest)) {
+    if (!Array.isArray(packages) || packages.length === 0) continue;
+    const label = ECOSYSTEM_LABELS[ecosystem] ?? ecosystem;
+
+    lines.push(`## ${label} Packages`);
+    lines.push("");
+    lines.push("| Package | Version | Audience | Issues |");
+    lines.push("|---------|---------|----------|--------|");
+    for (const e of results[ecosystem] ?? []) {
+      const issues = e.findings.length === 0 ? "clean" : e.findings.map(f => f.severity).join(", ");
+      lines.push(`| ${e.name} | ${e.version} | ${e.audience} | ${issues} |`);
+    }
+    lines.push("");
+  }
+
+  return lines.join("\n");
+}