@metasession.co/devaudit-cli 0.1.12 → 0.1.14

package/dist/index.js

@@ -54,7 +54,7 @@ function emitJsonResult(payload) {
 
 // package.json
 var package_default = {
-  version: "0.1.12"};
+  version: "0.1.14"};
 
 // src/lib/version.ts
 var CLI_VERSION = package_default.version;
@@ -235,6 +235,57 @@ async function checkNodeVersion() {
   const ok2 = major >= 22;
   return { name: "node", ok: ok2, detail: `v${version} (require >=22)` };
 }
+async function checkReleaseCloseoutDrift() {
+  const name = "releases";
+  let cfg;
+  try {
+    cfg = JSON.parse(await promises.readFile("sdlc-config.json", "utf-8"));
+  } catch {
+    return { name, ok: true, detail: "skipped (not a consumer project)" };
+  }
+  let entries;
+  try {
+    entries = await promises.readdir("compliance/pending-releases");
+  } catch {
+    return { name, ok: true, detail: "no pending-releases/" };
+  }
+  const reqs = entries.filter((f) => /^RELEASE-TICKET-REQ-\d+\.md$/.test(f)).map((f) => f.replace(/^RELEASE-TICKET-/, "").replace(/\.md$/, ""));
+  if (reqs.length === 0) return { name, ok: true, detail: "no pending release tickets" };
+  const slug = cfg.devaudit?.project_slug ?? cfg.project_slug;
+  const base = (cfg.devaudit?.base_url ?? "").replace(/\/$/, "");
+  const apiKey = process.env["DEVAUDIT_API_KEY"];
+  if (!slug || !base || !apiKey) {
+    return {
+      name,
+      ok: true,
+      detail: `${reqs.length} pending ticket(s); portal drift check skipped (set DEVAUDIT_API_KEY + devaudit.base_url)`
+    };
+  }
+  const drifted = [];
+  for (const req of reqs) {
+    try {
+      const ctrl = new AbortController();
+      const timer = setTimeout(() => ctrl.abort(), 1e4);
+      const res = await fetch(
+        `${base}/api/ci/releases/resolve?projectSlug=${encodeURIComponent(slug)}&versionPrefix=${encodeURIComponent(req)}`,
+        { headers: { Authorization: `Bearer ${apiKey}` }, signal: ctrl.signal }
+      );
+      clearTimeout(timer);
+      if (!res.ok) continue;
+      const body = await res.json();
+      if (body.latest?.status === "released") drifted.push(req);
+    } catch {
+    }
+  }
+  if (drifted.length > 0) {
+    return {
+      name,
+      ok: false,
+      detail: `released on the portal but still in pending-releases/: ${drifted.join(", ")} \u2014 run ./scripts/close-out-release.sh <REQ>`
+    };
+  }
+  return { name, ok: true, detail: `${reqs.length} pending ticket(s); none released on the portal` };
+}
 async function runDoctor(options = {}) {
   const log = logger();
   log.info("Running devaudit doctor \u2014 checking required tools...\n");
@@ -251,7 +302,13 @@ async function runDoctor(options = {}) {
     if (!check.ok) allOk = false;
     log.log(`  ${marker} ${check.name.padEnd(8)} ${check.detail}`);
   }
+  const closeout = await checkReleaseCloseoutDrift();
+  const closeoutMarker = closeout.ok ? "\u2713" : "\u26A0";
+  log.log(`  ${closeoutMarker} ${closeout.name.padEnd(8)} ${closeout.detail}`);
   log.log("");
+  if (!closeout.ok) {
+    log.warn("Release close-out drift detected \u2014 see above. (Does not affect the tool check.)");
+  }
   const plugins = options.plugins ?? (await discoverPlugins()).loaded;
   if (plugins.length > 0) {
     const ctx = await buildPluginContext({ projectPath: resolve(process.cwd()) });
@@ -1741,7 +1798,8 @@ var CI_TEMPLATES = [
   "compliance-validation.yml.template",
   "check-release-approval.yml.template",
   "post-deploy-prod.yml.template",
-  "compliance-evidence.yml.template"
+  "compliance-evidence.yml.template",
+  "close-out-release.yml.template"
 ];
 var OLD_WORKFLOWS_TO_REMOVE = ["test-on-pr.yml", "check-uat-approval.yml"];
 function indentEnvBlock(env, indent) {
@@ -2383,8 +2441,18 @@ async function main(argv) {
       ...globals.yes !== void 0 ? { yes: Boolean(globals.yes) } : {}
     });
   });
-  program.command("update <version> <paths...>").description("Sync framework templates into existing consumer(s) (native TS implementation)").action(async (version, paths2) => {
-    await runUpdate({ version, paths: paths2 });
+  program.command("update [version] [paths...]").description(
+    "Sync framework templates into existing consumer(s). Both args are optional: paths default to the current directory, and version is a cosmetic label (defaults to the running CLI version). So a bare `devaudit update` syncs the current project."
+  ).action(async (version, paths2) => {
+    let resolvedVersion = version;
+    let resolvedPaths = paths2 ?? [];
+    const looksLikeVersion = (s) => /^v?\d+(\.\d+)/.test(s);
+    if (resolvedVersion && resolvedPaths.length === 0 && !looksLikeVersion(resolvedVersion)) {
+      resolvedPaths = [resolvedVersion];
+      resolvedVersion = void 0;
+    }
+    if (resolvedPaths.length === 0) resolvedPaths = ["."];
+    await runUpdate({ version: resolvedVersion ?? CLI_VERSION, paths: resolvedPaths });
   });
   program.command("push <project-slug> <requirement-id> <evidence-type> <file>").description("Upload evidence file(s) to DevAudit (port of scripts/upload-evidence.sh)").option("--release <version>", "release version (e.g. v1.0.0)").option("--create-release-if-missing", "auto-create the release as 'draft' if absent").option("--environment <env>", "uat | production").option("--category <cat>", "ci_pipeline | local_dev | planning | test_report | security_scan | release_artifact").option("--git-sha <sha>", "attached to metadata.gitSha").option("--ci-run-id <id>", "attached to metadata.ciRunId").option("--branch <name>", "attached to metadata.branch").option("--base-url <url>", "override portal URL (defaults to DEVAUDIT_BASE_URL env or production)").option("--api-key <key>", "override DEVAUDIT_API_KEY env var").action(
     async (projectSlug, requirementId, evidenceType, file, opts, cmd) => {