@meltstudio/meltctl 4.27.0 → 4.28.1

package/dist/commands/audit.js

@@ -4,7 +4,12 @@ import path from 'path';
 import { getToken, tokenFetch } from '../utils/api.js';
 import { getGitBranch, getGitCommit, getGitRepository, getProjectName, findMdFiles, } from '../utils/git.js';
 function detectAuditType(filename) {
-    return filename.toLowerCase().includes('ux-audit') ? 'ux-audit' : 'audit';
+    const lower = filename.toLowerCase();
+    if (lower.includes('security-audit'))
+        return 'security-audit';
+    if (lower.includes('ux-audit'))
+        return 'ux-audit';
+    return 'audit';
 }
 async function autoDetectAuditFile() {
     const cwd = process.cwd();
@@ -13,7 +18,7 @@ async function autoDetectAuditFile() {
     if (auditFiles.length > 0) {
         return auditFiles[0] ?? null;
     }
-    const candidates = ['AUDIT.md', 'UX-AUDIT.md'];
+    const candidates = ['AUDIT.md', 'UX-AUDIT.md', 'SECURITY-AUDIT.md'];
     for (const name of candidates) {
         const filePath = path.join(cwd, name);
         if (await fs.pathExists(filePath)) {
@@ -111,6 +116,7 @@ export async function auditListCommand(options) {
         const typeLabels = {
             audit: 'Tech Audit',
             'ux-audit': 'UX Audit',
+            'security-audit': 'Security',
         };
         if (options.latest) {
             console.log(chalk.bold(`\n  Latest Audits (${body.count}):\n`));
@@ -126,9 +132,24 @@ export async function auditListCommand(options) {
                 });
                 const repo = r.repository ?? r.project;
                 const label = typeLabels[r.type] ?? r.type;
-                const typeColor = r.type === 'ux-audit' ? chalk.yellow : chalk.magenta;
+                const typeColor = r.type === 'ux-audit'
+                    ? chalk.yellow
+                    : r.type === 'security-audit'
+                        ? chalk.red
+                        : chalk.magenta;
                 const ageText = daysAgo === 0 ? 'today' : `${daysAgo}d ago`;
-                const ageColor = daysAgo <= 7 ? chalk.green : daysAgo <= 30 ? chalk.yellow : chalk.red;
+                const isSecurityAudit = r.type === 'security-audit';
+                const ageColor = isSecurityAudit
+                    ? daysAgo <= 30
+                        ? chalk.green
+                        : daysAgo <= 90
+                            ? chalk.yellow
+                            : chalk.red
+                    : daysAgo <= 7
+                        ? chalk.green
+                        : daysAgo <= 30
+                            ? chalk.yellow
+                            : chalk.red;
                 console.log(`  ${typeColor(label.padEnd(12))} ${chalk.white(repo.padEnd(40))} ${ageColor(ageText.padEnd(10))} ${chalk.dim(r.author.padEnd(30))} ${chalk.dim(date)}`);
             }
         }
@@ -147,7 +168,11 @@ export async function auditListCommand(options) {
                 });
                 const repo = r.repository ?? r.project;
                 const label = typeLabels[r.type] ?? r.type;
-                const typeColor = r.type === 'ux-audit' ? chalk.yellow : chalk.magenta;
+                const typeColor = r.type === 'ux-audit'
+                    ? chalk.yellow
+                    : r.type === 'security-audit'
+                        ? chalk.red
+                        : chalk.magenta;
                 console.log(`  ${typeColor(label.padEnd(12))} ${chalk.white(repo.padEnd(40))} ${chalk.dim(r.author.padEnd(30))} ${chalk.dim(date)}`);
                 if (r.branch && r.branch !== 'main') {
                     console.log(`  ${' '.padEnd(12)} ${chalk.dim(`branch: ${r.branch}  commit: ${r.commit ?? 'N/A'}`)}`);

package/dist/commands/audit.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/audit.test.js

@@ -0,0 +1,250 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+vi.mock('fs-extra', () => ({
+    default: {
+        pathExists: vi.fn(),
+        readFile: vi.fn(),
+    },
+}));
+vi.mock('../utils/api.js', () => ({
+    getToken: vi.fn(),
+    tokenFetch: vi.fn(),
+}));
+vi.mock('../utils/git.js', () => ({
+    getGitBranch: vi.fn(),
+    getGitCommit: vi.fn(),
+    getGitRepository: vi.fn(),
+    getProjectName: vi.fn(),
+    findMdFiles: vi.fn(),
+}));
+import fs from 'fs-extra';
+import { getToken, tokenFetch } from '../utils/api.js';
+import { getGitBranch, getGitCommit, getGitRepository, getProjectName, findMdFiles, } from '../utils/git.js';
+import { auditSubmitCommand, auditListCommand } from './audit.js';
+beforeEach(() => {
+    vi.clearAllMocks();
+    vi.spyOn(console, 'log').mockImplementation(() => { });
+    vi.spyOn(console, 'error').mockImplementation(() => { });
+    vi.spyOn(process, 'exit').mockImplementation((code) => {
+        throw new Error(`process.exit(${code})`);
+    });
+});
+describe('auditSubmitCommand', () => {
+    function setupGitMocks() {
+        ;
+        getToken.mockResolvedValue('test-token');
+        getGitBranch.mockReturnValue('main');
+        getGitCommit.mockReturnValue('abc1234');
+        getGitRepository.mockReturnValue({
+            slug: 'Org/Repo',
+            url: 'https://github.com/Org/Repo.git',
+        });
+        getProjectName.mockReturnValue('test-project');
+    }
+    it('submits audit with type "security-audit" when filename contains security-audit', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('# Security Audit\nFindings here.');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-123' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand('2026-03-26-security-audit.md');
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', '/audits', expect.objectContaining({
+            method: 'POST',
+            body: expect.stringContaining('"type":"security-audit"'),
+        }));
+    });
+    it('submits audit with type "ux-audit" when filename contains ux-audit', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('# UX Audit');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-456' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand('UX-AUDIT.md');
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', '/audits', expect.objectContaining({
+            method: 'POST',
+            body: expect.stringContaining('"type":"ux-audit"'),
+        }));
+    });
+    it('submits audit with type "audit" for generic audit filenames', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('# Audit');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-789' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand('AUDIT.md');
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', '/audits', expect.objectContaining({
+            method: 'POST',
+            body: expect.stringContaining('"type":"audit"'),
+        }));
+    });
+    it('submits audit with type "audit" for random filenames', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('# Random');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-000' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand('random-file.md');
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', '/audits', expect.objectContaining({
+            method: 'POST',
+            body: expect.stringContaining('"type":"audit"'),
+        }));
+    });
+    it('exits with error when file not found', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(false);
+        await expect(auditSubmitCommand('nonexistent.md')).rejects.toThrow('process.exit(1)');
+        expect(console.error).toHaveBeenCalled();
+    });
+    it('sends correct payload fields', async () => {
+        setupGitMocks();
+        vi.mocked(fs.pathExists).mockResolvedValue(true);
+        vi.mocked(fs.readFile).mockResolvedValue('audit content here');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-100' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand('AUDIT.md');
+        const call = tokenFetch.mock.calls[0];
+        const body = JSON.parse(call[2].body);
+        expect(body).toEqual({
+            type: 'audit',
+            project: 'test-project',
+            repository: 'Org/Repo',
+            repositoryUrl: 'https://github.com/Org/Repo.git',
+            branch: 'main',
+            commit: 'abc1234',
+            content: 'audit content here',
+            metadata: { filename: 'AUDIT.md' },
+        });
+    });
+    it('exits with error when API returns failure', async () => {
+        setupGitMocks();
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('content');
+        const mockResponse = {
+            ok: false,
+            statusText: 'Bad Request',
+            json: vi.fn().mockResolvedValue({ error: 'Invalid content' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await expect(auditSubmitCommand('AUDIT.md')).rejects.toThrow('process.exit(1)');
+    });
+    it('auto-detects audit file from .audits/ directory when no file provided', async () => {
+        setupGitMocks();
+        findMdFiles.mockResolvedValue(['/project/.audits/2026-03-26-security-audit.md']);
+        fs.pathExists.mockResolvedValue(true);
+        fs.readFile.mockResolvedValue('auto-detected content');
+        const mockResponse = {
+            ok: true,
+            json: vi.fn().mockResolvedValue({ id: 'audit-auto' }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditSubmitCommand();
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', '/audits', expect.objectContaining({
+            method: 'POST',
+            body: expect.stringContaining('"type":"security-audit"'),
+        }));
+    });
+    it('exits with error when no file provided and none auto-detected', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        findMdFiles.mockResolvedValue([]);
+        fs.pathExists.mockResolvedValue(false);
+        await expect(auditSubmitCommand()).rejects.toThrow('process.exit(1)');
+        expect(console.error).toHaveBeenCalled();
+    });
+});
+describe('auditListCommand', () => {
+    it('calls API with correct query params', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            json: vi.fn().mockResolvedValue({ audits: [], count: 0 }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditListCommand({ type: 'ux-audit', repository: 'Org/Repo', limit: '5' });
+        expect(tokenFetch).toHaveBeenCalledWith('test-token', expect.stringContaining('/audits?'));
+        const url = tokenFetch.mock.calls[0][1];
+        expect(url).toContain('type=ux-audit');
+        expect(url).toContain('repository=Org%2FRepo');
+        expect(url).toContain('limit=5');
+    });
+    it('passes latest=true query param when option set', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            json: vi.fn().mockResolvedValue({ audits: [], count: 0 }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditListCommand({ latest: true });
+        const url = tokenFetch.mock.calls[0][1];
+        expect(url).toContain('latest=true');
+    });
+    it('exits with error on 403 response', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        const mockResponse = {
+            ok: false,
+            status: 403,
+            statusText: 'Forbidden',
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await expect(auditListCommand({})).rejects.toThrow('process.exit(1)');
+        expect(console.error).toHaveBeenCalled();
+    });
+    it('displays audit list when audits exist', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            json: vi.fn().mockResolvedValue({
+                audits: [
+                    {
+                        id: '1',
+                        type: 'audit',
+                        project: 'my-project',
+                        repository: 'Org/Repo',
+                        author: 'dev@meltstudio.co',
+                        branch: 'main',
+                        commit: 'abc1234',
+                        createdAt: '2026-03-25T10:00:00Z',
+                    },
+                ],
+                count: 1,
+            }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditListCommand({});
+        expect(console.log).toHaveBeenCalled();
+    });
+    it('shows "No audits found" when list is empty', async () => {
+        ;
+        getToken.mockResolvedValue('test-token');
+        const mockResponse = {
+            ok: true,
+            status: 200,
+            json: vi.fn().mockResolvedValue({ audits: [], count: 0 }),
+        };
+        tokenFetch.mockResolvedValue(mockResponse);
+        await auditListCommand({});
+        const errorCalls = console.log.mock.calls.map((c) => c[0]);
+        expect(errorCalls.some((msg) => typeof msg === 'string' && msg.includes('No audits found'))).toBe(true);
+    });
+});

package/dist/commands/coins.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/coins.test.js

@@ -0,0 +1,133 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+vi.mock('../utils/auth.js', () => ({
+    isAuthenticated: vi.fn(),
+    authenticatedFetch: vi.fn(),
+}));
+import { isAuthenticated, authenticatedFetch } from '../utils/auth.js';
+import { coinsCommand } from './coins.js';
+beforeEach(() => {
+    vi.clearAllMocks();
+    vi.spyOn(console, 'log').mockImplementation(() => { });
+    vi.spyOn(console, 'error').mockImplementation(() => { });
+    vi.spyOn(process, 'exit').mockImplementation((code) => {
+        throw new Error(`process.exit(${code})`);
+    });
+});
+describe('coinsCommand', () => {
+    describe('balance (default)', () => {
+        it('exits with error when not authenticated', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(false);
+            await expect(coinsCommand({})).rejects.toThrow('process.exit(1)');
+            expect(console.error).toHaveBeenCalled();
+        });
+        it('displays coin balance on success', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            const mockResponse = {
+                ok: true,
+                json: vi.fn().mockResolvedValue({ coins: 5, period: '28d' }),
+            };
+            authenticatedFetch.mockResolvedValue(mockResponse);
+            await coinsCommand({});
+            expect(authenticatedFetch).toHaveBeenCalledWith('/coins');
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('5'))).toBe(true);
+        });
+        it('displays singular coin text for 1 coin', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            authenticatedFetch.mockResolvedValue({
+                ok: true,
+                json: vi.fn().mockResolvedValue({ coins: 1, period: '28d' }),
+            });
+            await coinsCommand({});
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('coin') && !msg.includes('coins'))).toBe(true);
+        });
+        it('displays plural coin text for multiple coins', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            authenticatedFetch.mockResolvedValue({
+                ok: true,
+                json: vi.fn().mockResolvedValue({ coins: 3, period: '28d' }),
+            });
+            await coinsCommand({});
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('coins'))).toBe(true);
+        });
+        it('exits with error when API returns failure', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            const mockResponse = {
+                ok: false,
+                statusText: 'Internal Server Error',
+                json: vi.fn().mockResolvedValue({ error: 'Something went wrong' }),
+            };
+            authenticatedFetch.mockResolvedValue(mockResponse);
+            await expect(coinsCommand({})).rejects.toThrow('process.exit(1)');
+            const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+            expect(errorCalls.some((msg) => msg.includes('Something went wrong'))).toBe(true);
+        });
+    });
+    describe('leaderboard', () => {
+        it('exits with error when not authenticated', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(false);
+            await expect(coinsCommand({ leaderboard: true })).rejects.toThrow('process.exit(1)');
+        });
+        it('displays leaderboard entries on success', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            const entries = [
+                { name: 'Alice', coins: 10 },
+                { name: 'Bob', coins: 7 },
+                { name: 'Charlie', coins: 3 },
+            ];
+            authenticatedFetch.mockResolvedValue({
+                ok: true,
+                json: vi.fn().mockResolvedValue(entries),
+            });
+            await coinsCommand({ leaderboard: true });
+            expect(authenticatedFetch).toHaveBeenCalledWith('/coins/leaderboard');
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('Leaderboard'))).toBe(true);
+            expect(logCalls.some((msg) => msg.includes('Alice'))).toBe(true);
+            expect(logCalls.some((msg) => msg.includes('Bob'))).toBe(true);
+        });
+        it('shows message when no coins have been sent', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            authenticatedFetch.mockResolvedValue({
+                ok: true,
+                json: vi.fn().mockResolvedValue([]),
+            });
+            await coinsCommand({ leaderboard: true });
+            const logCalls = console.log.mock.calls.map((c) => String(c[0]));
+            expect(logCalls.some((msg) => msg.includes('No coins'))).toBe(true);
+        });
+        it('exits with error when leaderboard API fails', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            authenticatedFetch.mockResolvedValue({
+                ok: false,
+                statusText: 'Forbidden',
+                json: vi.fn().mockResolvedValue({ error: 'Access denied' }),
+            });
+            await expect(coinsCommand({ leaderboard: true })).rejects.toThrow('process.exit(1)');
+            const errorCalls = console.error.mock.calls.map((c) => String(c[0]));
+            expect(errorCalls.some((msg) => msg.includes('Access denied'))).toBe(true);
+        });
+        it('calls /coins/leaderboard endpoint not /coins', async () => {
+            ;
+            isAuthenticated.mockResolvedValue(true);
+            authenticatedFetch.mockResolvedValue({
+                ok: true,
+                json: vi.fn().mockResolvedValue([{ name: 'Test', coins: 1 }]),
+            });
+            await coinsCommand({ leaderboard: true });
+            expect(authenticatedFetch).toHaveBeenCalledWith('/coins/leaderboard');
+            expect(authenticatedFetch).not.toHaveBeenCalledWith('/coins');
+        });
+    });
+});

package/dist/commands/feedback.test.d.ts

@@ -0,0 +1 @@
+export {};