@sansavision/aurora 0.1.0-alpha.20260212.4

package/src/build.ts

@@ -0,0 +1,431 @@
+import { existsSync, readFileSync } from "node:fs";
+import { resolve } from "node:path";
+
+import { type CommandContext, type CommandResult } from "./registry";
+
+type BuildTarget = "node" | "edge" | "static";
+type AuditSeverity = "low" | "moderate" | "high" | "critical";
+
+interface BuildOptions {
+  target: BuildTarget;
+  analyze: boolean;
+  auditEnabled: boolean;
+  auditSeverity: AuditSeverity;
+  auditReportPath?: string;
+}
+
+interface DependencyAuditVulnerability {
+  package: string;
+  severity: AuditSeverity;
+  advisory?: string;
+}
+
+type DependencyAuditStatus =
+  | "passed"
+  | "failed"
+  | "skipped-disabled"
+  | "skipped-no-lockfile"
+  | "skipped-no-report";
+
+interface DependencyAuditResult {
+  status: DependencyAuditStatus;
+  threshold: AuditSeverity;
+  lockfilePath?: string;
+  reportPath?: string;
+  vulnerabilities: readonly DependencyAuditVulnerability[];
+  violations: readonly DependencyAuditVulnerability[];
+  error?: string;
+}
+
+interface BuildBootstrapReport {
+  mode: "build";
+  cwd: string;
+  target: BuildTarget;
+  analyze: boolean;
+  compilerManifestPath: string;
+  outputPath: string;
+  securityDefaults: {
+    headersAndCspAutomation: "enabled";
+    rawSqlTaggedTemplate: "enforced";
+    dependencyAuditGate: "enabled" | "disabled";
+  };
+  dependencyAudit: DependencyAuditResult;
+}
+
+const AUDIT_SEVERITY_ORDER: Record<AuditSeverity, number> = {
+  low: 0,
+  moderate: 1,
+  high: 2,
+  critical: 3,
+};
+
+const LOCKFILE_CANDIDATES = [
+  "package-lock.json",
+  "pnpm-lock.yaml",
+  "yarn.lock",
+  "bun.lock",
+  "bun.lockb",
+] as const;
+
+function parseBuildTarget(rawValue: string | undefined): BuildTarget | CommandResult {
+  if (!rawValue) {
+    return {
+      exitCode: 2,
+      stderr: "aurora build: --target requires one of 'node', 'edge', or 'static'",
+    };
+  }
+
+  if (rawValue === "node" || rawValue === "edge" || rawValue === "static") {
+    return rawValue;
+  }
+
+  return {
+    exitCode: 2,
+    stderr: `aurora build: invalid target '${rawValue}'. Expected 'node', 'edge', or 'static'`,
+  };
+}
+
+function parseAuditSeverity(rawValue: string | undefined): AuditSeverity | CommandResult {
+  if (!rawValue) {
+    return {
+      exitCode: 2,
+      stderr:
+        "aurora build: --audit-severity requires one of 'low', 'moderate', 'high', or 'critical'",
+    };
+  }
+
+  if (
+    rawValue === "low" ||
+    rawValue === "moderate" ||
+    rawValue === "high" ||
+    rawValue === "critical"
+  ) {
+    return rawValue;
+  }
+
+  return {
+    exitCode: 2,
+    stderr:
+      `aurora build: invalid audit severity '${rawValue}'. Expected ` +
+      "'low', 'moderate', 'high', or 'critical'",
+  };
+}
+
+function parseBuildOptions(args: ReadonlyArray<string>): BuildOptions | CommandResult {
+  const options: BuildOptions = {
+    target: "node",
+    analyze: false,
+    auditEnabled: true,
+    auditSeverity: "high",
+  };
+
+  for (let i = 0; i < args.length; i += 1) {
+    const arg = args[i];
+
+    if (arg === "--target") {
+      const parsedTarget = parseBuildTarget(args[i + 1]);
+      if (typeof parsedTarget !== "string") {
+        return parsedTarget;
+      }
+
+      options.target = parsedTarget;
+      i += 1;
+      continue;
+    }
+
+    if (arg === "--analyze") {
+      options.analyze = true;
+      continue;
+    }
+
+    if (arg === "--skip-audit") {
+      options.auditEnabled = false;
+      continue;
+    }
+
+    if (arg === "--audit-severity") {
+      const parsedSeverity = parseAuditSeverity(args[i + 1]);
+      if (typeof parsedSeverity !== "string") {
+        return parsedSeverity;
+      }
+
+      options.auditSeverity = parsedSeverity;
+      i += 1;
+      continue;
+    }
+
+    if (arg === "--audit-report") {
+      const reportPath = args[i + 1];
+      if (!reportPath) {
+        return {
+          exitCode: 2,
+          stderr: "aurora build: --audit-report requires a path",
+        };
+      }
+
+      options.auditReportPath = reportPath;
+      i += 1;
+      continue;
+    }
+
+    return {
+      exitCode: 2,
+      stderr: `aurora build: unknown option '${arg}'`,
+    };
+  }
+
+  return options;
+}
+
+function resolveOutputPath(cwd: string, target: BuildTarget): string {
+  if (target === "node") {
+    return resolve(cwd, ".aurora/build/node/server.mjs");
+  }
+
+  if (target === "edge") {
+    return resolve(cwd, ".aurora/build/edge/worker.mjs");
+  }
+
+  return resolve(cwd, ".aurora/build/static");
+}
+
+function buildBootstrapReport(
+  options: BuildOptions,
+  context: CommandContext,
+  dependencyAudit: DependencyAuditResult,
+): BuildBootstrapReport {
+  return {
+    mode: "build",
+    cwd: context.cwd,
+    target: options.target,
+    analyze: options.analyze,
+    compilerManifestPath: resolve(context.cwd, ".aurora/compiler/manifest.json"),
+    outputPath: resolveOutputPath(context.cwd, options.target),
+    securityDefaults: {
+      headersAndCspAutomation: "enabled",
+      rawSqlTaggedTemplate: "enforced",
+      dependencyAuditGate: options.auditEnabled ? "enabled" : "disabled",
+    },
+    dependencyAudit,
+  };
+}
+
+function renderBuildBootstrapReport(report: BuildBootstrapReport): string {
+  const lines = [
+    "aurora build bootstrap",
+    `cwd: ${report.cwd}`,
+    `target: ${report.target}`,
+    `compiler_manifest: ${report.compilerManifestPath}`,
+    `output_path: ${report.outputPath}`,
+    `analyze: ${report.analyze ? "enabled" : "disabled"}`,
+    `security_headers: ${report.securityDefaults.headersAndCspAutomation}`,
+    `raw_sql_tagged_template: ${report.securityDefaults.rawSqlTaggedTemplate}`,
+    `dependency_audit_gate: ${report.securityDefaults.dependencyAuditGate}`,
+    `dependency_audit_status: ${report.dependencyAudit.status}`,
+    `dependency_audit_threshold: ${report.dependencyAudit.threshold}`,
+  ];
+
+  if (report.dependencyAudit.lockfilePath) {
+    lines.push(`dependency_lockfile: ${report.dependencyAudit.lockfilePath}`);
+  }
+
+  if (report.dependencyAudit.reportPath) {
+    lines.push(`dependency_audit_report: ${report.dependencyAudit.reportPath}`);
+  }
+
+  if (report.dependencyAudit.violations.length > 0) {
+    lines.push(`dependency_audit_violations: ${report.dependencyAudit.violations.length}`);
+  }
+
+  return lines.join("\n");
+}
+
+function runDependencyAuditGate(
+  options: BuildOptions,
+  context: CommandContext,
+): DependencyAuditResult {
+  if (!options.auditEnabled) {
+    return {
+      status: "skipped-disabled",
+      threshold: options.auditSeverity,
+      vulnerabilities: [],
+      violations: [],
+    };
+  }
+
+  const lockfilePath = findDependencyLockfile(context.cwd);
+  if (!lockfilePath) {
+    return {
+      status: "skipped-no-lockfile",
+      threshold: options.auditSeverity,
+      vulnerabilities: [],
+      violations: [],
+    };
+  }
+
+  const reportPath = resolve(
+    context.cwd,
+    options.auditReportPath ?? ".aurora/security/dependency-audit.json",
+  );
+
+  if (!existsSync(reportPath)) {
+    return {
+      status: "skipped-no-report",
+      threshold: options.auditSeverity,
+      lockfilePath,
+      reportPath,
+      vulnerabilities: [],
+      violations: [],
+    };
+  }
+
+  try {
+    const parsed = JSON.parse(readFileSync(reportPath, "utf8")) as {
+      vulnerabilities?: unknown;
+    };
+
+    const vulnerabilities = normalizeAuditVulnerabilities(
+      parsed.vulnerabilities,
+    );
+    const violations = vulnerabilities.filter((entry) =>
+      isSeverityAtOrAbove(entry.severity, options.auditSeverity),
+    );
+
+    return {
+      status: violations.length > 0 ? "failed" : "passed",
+      threshold: options.auditSeverity,
+      lockfilePath,
+      reportPath,
+      vulnerabilities,
+      violations,
+    };
+  } catch (error) {
+    return {
+      status: "failed",
+      threshold: options.auditSeverity,
+      lockfilePath,
+      reportPath,
+      vulnerabilities: [],
+      violations: [],
+      error:
+        error instanceof Error
+          ? error.message
+          : "unable to parse dependency audit report",
+    };
+  }
+}
+
+function normalizeAuditVulnerabilities(
+  input: unknown,
+): readonly DependencyAuditVulnerability[] {
+  if (!Array.isArray(input)) {
+    return [];
+  }
+
+  const vulnerabilities: DependencyAuditVulnerability[] = [];
+
+  for (const entry of input) {
+    if (!entry || typeof entry !== "object") {
+      continue;
+    }
+
+    const packageName = sanitizeNonEmpty(
+      (entry as Record<string, unknown>)["package"],
+    );
+    const severity = sanitizeNonEmpty(
+      (entry as Record<string, unknown>)["severity"],
+    );
+
+    if (!packageName || severity === undefined || !isAuditSeverity(severity)) {
+      continue;
+    }
+
+    const advisory = sanitizeNonEmpty(
+      (entry as Record<string, unknown>)["advisory"],
+    );
+
+    vulnerabilities.push({
+      package: packageName,
+      severity,
+      advisory,
+    });
+  }
+
+  return vulnerabilities;
+}
+
+function sanitizeNonEmpty(value: unknown): string | undefined {
+  if (typeof value !== "string") {
+    return undefined;
+  }
+
+  const normalized = value.trim();
+  return normalized.length > 0 ? normalized : undefined;
+}
+
+function isAuditSeverity(value: string): value is AuditSeverity {
+  return (
+    value === "low" ||
+    value === "moderate" ||
+    value === "high" ||
+    value === "critical"
+  );
+}
+
+function isSeverityAtOrAbove(
+  value: AuditSeverity,
+  threshold: AuditSeverity,
+): boolean {
+  return AUDIT_SEVERITY_ORDER[value] >= AUDIT_SEVERITY_ORDER[threshold];
+}
+
+function findDependencyLockfile(cwd: string): string | undefined {
+  for (const lockfile of LOCKFILE_CANDIDATES) {
+    const resolved = resolve(cwd, lockfile);
+    if (existsSync(resolved)) {
+      return resolved;
+    }
+  }
+
+  return undefined;
+}
+
+function renderAuditFailure(result: DependencyAuditResult): string {
+  if (result.error) {
+    return `aurora build: dependency audit failed (${result.error})`;
+  }
+
+  const violations = result.violations
+    .map((entry) => `${entry.package}:${entry.severity}`)
+    .join(", ");
+
+  return (
+    "aurora build: dependency audit failed for severity >= " +
+    `'${result.threshold}'` +
+    (violations.length > 0 ? ` (${violations})` : "")
+  );
+}
+
+export function runBuildCommand(
+  args: ReadonlyArray<string>,
+  context: CommandContext,
+): CommandResult {
+  const options = parseBuildOptions(args);
+  if ("exitCode" in options) {
+    return options;
+  }
+
+  const dependencyAudit = runDependencyAuditGate(options, context);
+  if (dependencyAudit.status === "failed") {
+    return {
+      exitCode: 1,
+      stderr: renderAuditFailure(dependencyAudit),
+    };
+  }
+
+  const report = buildBootstrapReport(options, context, dependencyAudit);
+  return {
+    exitCode: 0,
+    stdout: renderBuildBootstrapReport(report),
+  };
+}

package/src/bun-test-shims.d.ts

@@ -0,0 +1,17 @@
+declare module "bun:test" {
+  export function describe(name: string, fn: () => void): void;
+  export function it(name: string, fn: () => void): void;
+
+  interface Matchers {
+    toBe(value: unknown): void;
+    toContain(value: string): void;
+    toEqual(value: unknown): void;
+    toBeDefined(): void;
+  }
+
+  export function expect(value: unknown): Matchers;
+}
+
+interface ImportMeta {
+  dir: string;
+}