@nerviq/cli 1.21.0 → 1.22.0

package/README.md

@@ -223,8 +223,8 @@ All successful operational responses are wrapped in a JSON envelope:
 {
   "data": {},
   "meta": {
-    "version": "1.21.0",
-    "timestamp": "2026-04-14T18:00:00.000Z"
+    "version": "1.22.0",
+    "timestamp": "2026-04-14T22:00:00.000Z"
   }
 }
 ```
@@ -385,10 +385,28 @@ Levels:
 | `--auto` | Apply without prompts |
 | `--only A,B` | Limit apply to selected proposal IDs |
 | `--format sarif` | SARIF output for code scanning |
+| `--format markdown` | GitHub-flavoured PR-comment report |
+| `--format junit` | JUnit XML for CI test reporters (GitHub Actions, Jenkins, GitLab) |
+| `--format csv` | RFC 4180 CSV, one row per check |
 | `--platform NAME` | Target platform (claude, codex, gemini, copilot, cursor, windsurf, aider, opencode) |
 | `--workspace GLOB` | Audit workspaces separately as package-level live audits with summary-only JSON rows (e.g. packages/*) |
 | `--external PATH` | Benchmark an external repo |
 
+### CI output formats
+
+Pipe audit output straight into the standard CI surfaces:
+
+```bash
+# PR comment (GitHub-flavoured markdown)
+npx @nerviq/cli audit --format=markdown --out audit.md
+
+# CI test report (JUnit XML — Jenkins, GitLab, GitHub Actions reporter)
+npx @nerviq/cli audit --format=junit --out junit.xml
+
+# Spreadsheet / dashboard ingestion (RFC 4180 CSV)
+npx @nerviq/cli audit --format=csv --out audit.csv
+```
+
 Webhook delivery automatically retries transient failures twice by default. For authenticated internal endpoints, you can add custom headers such as:
 
 ```bash

package/bin/cli.js

@@ -694,7 +694,7 @@ const HELP = `
     --team-profile N  Load a saved team profile for audit (overrides threshold/platform)
     --mcp-pack A,B    Merge MCP packs into setup (live tool connectors; e.g. context7-docs,next-devtools)
     --check-version V Pin catalog to a specific version (warn on mismatch)
-    --format NAME     Output format: json | sarif | otel
+    --format NAME     Output format: json | sarif | otel | markdown | junit | csv
     --webhook URL     Send audit results to a webhook (Slack/Discord/generic JSON)
     --webhook-header H Add a custom webhook header (repeat; format: Name: Value)
     --webhook-retries N Retry transient webhook failures N times (default: 2)
@@ -956,8 +956,8 @@ async function main() {
     process.exit(1);
   }
 
-  if (options.format !== null && !['json', 'sarif', 'otel'].includes(options.format)) {
-    console.error(`\n  Error: Unsupported format '${options.format}'. Use 'json', 'sarif', or 'otel'.\n`);
+  if (options.format !== null && !['json', 'sarif', 'otel', 'markdown', 'junit', 'csv'].includes(options.format)) {
+    console.error(`\n  Error: Unsupported format '${options.format}'. Use 'json', 'sarif', 'otel', 'markdown', 'junit', or 'csv'.\n`);
     process.exit(1);
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nerviq/cli",
-  "version": "1.21.0",
+  "version": "1.22.0",
   "description": "The intelligent nervous system for AI coding agents — 2,441 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
   "main": "src/index.js",
   "bin": {

package/src/audit.js

@@ -28,6 +28,9 @@ const { getRecommendationOutcomeSummary } = require('./activity');
 const { getFeedbackSummary } = require('./feedback');
 const { formatSarif } = require('./formatters/sarif');
 const { formatOtelMetrics } = require('./formatters/otel');
+const { formatMarkdown } = require('./formatters/markdown');
+const { formatJUnit } = require('./formatters/junit');
+const { formatCsv } = require('./formatters/csv');
 const { collectAuditTerminology, formatTerminologyLines } = require('./terminology');
 const { loadPlugins, mergePluginChecks } = require('./plugins');
 const { detectDeprecationWarnings } = require('./deprecation');
@@ -645,6 +648,23 @@ async function audit(options) {
     return result;
   }
 
+  if (options.format === 'markdown') {
+    const enriched = { version: packageVersion, timestamp: new Date().toISOString(), ...result };
+    console.log(formatMarkdown(enriched, { dir: options.dir }));
+    return result;
+  }
+
+  if (options.format === 'junit') {
+    const enriched = { version: packageVersion, timestamp: new Date().toISOString(), ...result };
+    console.log(formatJUnit(enriched));
+    return result;
+  }
+
+  if (options.format === 'csv') {
+    console.log(formatCsv(result));
+    return result;
+  }
+
   if (options.lite) {
     printLiteAudit(result, options.dir);
     sendInsights(result);

package/src/formatters/csv.js

@@ -0,0 +1,69 @@
+/**
+ * CSV Formatter (RFC 4180)
+ *
+ * One row per check in a nerviq audit result.
+ * Columns: key,id,name,category,rating,severity,passed,file,line,sourceUrl,fix
+ *
+ * Quoting rules (RFC 4180):
+ *   - Fields containing comma, double-quote, CR, or LF are wrapped in
+ *     double-quotes.
+ *   - Internal double-quotes are escaped by doubling them.
+ *   - Header row is emitted first.
+ *   - No UTF-8 BOM (some consumers mishandle it).
+ *   - Line separator: LF (consumers accept LF; JUnit/XLSX/csv parsers
+ *     normalize both).
+ */
+
+'use strict';
+
+const COLUMNS = [
+  'key',
+  'id',
+  'name',
+  'category',
+  'rating',
+  'severity',
+  'passed',
+  'file',
+  'line',
+  'sourceUrl',
+  'fix',
+];
+
+function csvEscape(value) {
+  if (value === null || value === undefined) return '';
+  const s = String(value);
+  if (/[",\r\n]/.test(s)) {
+    return `"${s.replace(/"/g, '""')}"`;
+  }
+  return s;
+}
+
+function rowFor(r) {
+  const severity = r.severity || r.impact || '';
+  const cells = [
+    r.key ?? '',
+    r.id ?? '',
+    r.name ?? '',
+    r.category ?? '',
+    r.rating ?? '',
+    severity,
+    r.passed === null || r.passed === undefined ? '' : String(r.passed),
+    r.file ?? '',
+    r.line ?? '',
+    r.sourceUrl ?? '',
+    r.fix ?? '',
+  ];
+  return cells.map(csvEscape).join(',');
+}
+
+function formatCsv(auditResult) {
+  const results = Array.isArray(auditResult.results) ? auditResult.results : [];
+  const lines = [COLUMNS.join(',')];
+  for (const r of results) {
+    lines.push(rowFor(r));
+  }
+  return lines.join('\n');
+}
+
+module.exports = { formatCsv, CSV_COLUMNS: COLUMNS };

package/src/formatters/junit.js

@@ -0,0 +1,99 @@
+/**
+ * JUnit XML Formatter
+ *
+ * Converts a nerviq audit result into Jenkins-compatible JUnit XML.
+ * Schema: <testsuites><testsuite><testcase><failure/></testcase></testsuite></testsuites>
+ *
+ *   - One <testsuite> per check category.
+ *   - Each check becomes a <testcase> (classname = category, name = key).
+ *   - Failed checks emit a <failure message="..." type="..."/> where:
+ *       - message = check.fix || check.name
+ *       - type    = severity (check.severity || check.impact)
+ *   - Skipped checks emit <skipped/>.
+ *
+ * Parses with any standard JUnit XML consumer (GitHub Actions test
+ * reporter, Jenkins, GitLab CI, CircleCI).
+ */
+
+'use strict';
+
+const { version: nerviqVersion } = require('../../package.json');
+
+function escapeXml(value) {
+  if (value === null || value === undefined) return '';
+  return String(value)
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&apos;');
+}
+
+function severityFor(r) {
+  return r.severity || r.impact || 'medium';
+}
+
+function groupByCategory(results) {
+  const map = new Map();
+  for (const r of results) {
+    const cat = r.category || 'uncategorized';
+    if (!map.has(cat)) map.set(cat, []);
+    map.get(cat).push(r);
+  }
+  return map;
+}
+
+function formatJUnit(auditResult) {
+  const allResults = Array.isArray(auditResult.results) ? auditResult.results : [];
+  const timestamp = auditResult.timestamp || new Date().toISOString();
+  const platform = auditResult.platform || 'claude';
+
+  const totalTests = allResults.length;
+  const totalFailures = allResults.filter((r) => r.passed === false).length;
+  const totalSkipped = allResults.filter((r) => r.passed === null || r.skipped === true).length;
+
+  const byCategory = groupByCategory(allResults);
+
+  const lines = [];
+  lines.push('<?xml version="1.0" encoding="UTF-8"?>');
+  lines.push(
+    `<testsuites name="nerviq" tests="${totalTests}" failures="${totalFailures}" skipped="${totalSkipped}" time="0">`,
+  );
+
+  for (const [category, checks] of byCategory) {
+    const suiteFailures = checks.filter((r) => r.passed === false).length;
+    const suiteSkipped = checks.filter((r) => r.passed === null || r.skipped === true).length;
+    lines.push(
+      `  <testsuite name="${escapeXml(category)}" tests="${checks.length}" failures="${suiteFailures}" skipped="${suiteSkipped}" time="0" timestamp="${escapeXml(timestamp)}" package="nerviq.${escapeXml(platform)}">`,
+    );
+
+    for (const r of checks) {
+      const classname = escapeXml(r.category || 'uncategorized');
+      const name = escapeXml(r.key || r.id || r.name || 'unknown');
+      if (r.passed === false) {
+        const msg = escapeXml(r.fix || r.name || r.key || 'check failed');
+        const type = escapeXml(severityFor(r));
+        let body = `${r.name || ''}`;
+        if (r.file) body += ` at ${r.file}${r.line ? ':' + r.line : ''}`;
+        if (r.sourceUrl) body += ` (${r.sourceUrl})`;
+        lines.push(`    <testcase classname="${classname}" name="${name}" time="0">`);
+        lines.push(`      <failure message="${msg}" type="${type}">${escapeXml(body)}</failure>`);
+        lines.push(`    </testcase>`);
+      } else if (r.passed === null || r.skipped === true) {
+        lines.push(`    <testcase classname="${classname}" name="${name}" time="0">`);
+        lines.push(`      <skipped/>`);
+        lines.push(`    </testcase>`);
+      } else {
+        lines.push(`    <testcase classname="${classname}" name="${name}" time="0"/>`);
+      }
+    }
+
+    lines.push('  </testsuite>');
+  }
+
+  lines.push('</testsuites>');
+  lines.push(`<!-- nerviq v${escapeXml(auditResult.version || nerviqVersion)} -->`);
+  return lines.join('\n');
+}
+
+module.exports = { formatJUnit };

package/src/formatters/markdown.js

@@ -0,0 +1,118 @@
+/**
+ * Markdown Formatter
+ *
+ * Converts a nerviq audit result into GitHub-flavoured markdown suitable
+ * for posting as a PR comment. Structure:
+ *
+ *   - Header with score badge and pass/fail/skip counts
+ *   - Top 5 topNextActions as a GitHub task-list checklist
+ *   - Collapsible <details> block with the full failed-checks table
+ *   - Footer with Nerviq link, version, timestamp
+ *
+ * Output is plain GitHub-flavoured markdown. The only HTML used is
+ * <details>/<summary>, which GitHub renders natively.
+ */
+
+'use strict';
+
+const { version: nerviqVersion } = require('../../package.json');
+
+function escapeCell(value) {
+  if (value === null || value === undefined) return '';
+  return String(value)
+    .replace(/\r?\n/g, ' ')
+    .replace(/\|/g, '\\|');
+}
+
+function escapeInline(value) {
+  if (value === null || value === undefined) return '';
+  return String(value).replace(/\r?\n/g, ' ');
+}
+
+function scoreBadge(score) {
+  const s = Number.isFinite(score) ? Math.round(score) : 0;
+  let color;
+  if (s >= 80) color = 'brightgreen';
+  else if (s >= 60) color = 'yellow';
+  else color = 'red';
+  return `![score](https://img.shields.io/badge/nerviq_score-${s}%2F100-${color})`;
+}
+
+function severityFor(item) {
+  return item.severity || item.impact || 'medium';
+}
+
+function formatMarkdown(auditResult, options = {}) {
+  const platformLabel = auditResult.platformLabel || auditResult.platform || 'claude';
+  const score = auditResult.score ?? 0;
+  const passed = auditResult.passed ?? 0;
+  const failed = auditResult.failed ?? 0;
+  const skipped = auditResult.skipped ?? 0;
+  const version = auditResult.version || nerviqVersion;
+  const timestamp = auditResult.timestamp || new Date().toISOString();
+
+  const lines = [];
+
+  lines.push(`## Score: ${score}/100 ${scoreBadge(score)}`);
+  lines.push('');
+  lines.push(`**Platform:** ${platformLabel}  `);
+  lines.push(`**Checks:** ${passed} passed, ${failed} failed, ${skipped} skipped`);
+  lines.push('');
+
+  const top = Array.isArray(auditResult.topNextActions)
+    ? auditResult.topNextActions.slice(0, 5)
+    : [];
+
+  if (top.length > 0) {
+    lines.push('### Top next actions');
+    lines.push('');
+    for (const item of top) {
+      const sev = severityFor(item).toString().toUpperCase();
+      const title = escapeInline(item.name || item.title || item.key);
+      const key = escapeInline(item.key || item.id || '');
+      let loc = '';
+      if (item.file) {
+        loc = ` — \`${escapeInline(item.file)}${item.line ? ':' + item.line : ''}\``;
+      }
+      lines.push(`- [ ] **[${sev}] ${title}** (\`${key}\`)${loc}`);
+      const hint = item.fix || item.hint || '';
+      if (hint) {
+        lines.push(`  - ${escapeInline(hint)}`);
+      }
+    }
+    lines.push('');
+  }
+
+  const failedResults = Array.isArray(auditResult.results)
+    ? auditResult.results.filter((r) => r.passed === false)
+    : [];
+
+  if (failedResults.length > 0) {
+    lines.push('<details>');
+    lines.push(`<summary>All failed checks (${failedResults.length})</summary>`);
+    lines.push('');
+    lines.push('| key | name | category | rating | file | line |');
+    lines.push('| --- | --- | --- | --- | --- | --- |');
+    for (const r of failedResults) {
+      const row = [
+        escapeCell(r.key),
+        escapeCell(r.name),
+        escapeCell(r.category),
+        escapeCell(r.rating ?? ''),
+        escapeCell(r.file || ''),
+        escapeCell(r.line || ''),
+      ];
+      lines.push(`| ${row.join(' | ')} |`);
+    }
+    lines.push('');
+    lines.push('</details>');
+    lines.push('');
+  }
+
+  lines.push(`---`);
+  lines.push(`Generated by [Nerviq](https://nerviq.net) v${version} · ${timestamp}`);
+
+  return lines.join('\n');
+}
+
+module.exports = { formatMarkdown };