@soulbatical/tetra-dev-toolkit 1.3.3 → 1.5.0

package/bin/tetra-setup.js

@@ -9,10 +9,18 @@
  * - Configuration file
  *
  * Usage:
- *   tetra-setup              # Interactive setup
+ *   tetra-setup              # Interactive setup (hooks + ci + config)
  *   tetra-setup hooks        # Setup Husky hooks only
  *   tetra-setup ci           # Setup GitHub Actions only
  *   tetra-setup config       # Create .tetra-quality.json
+ *   tetra-setup prettier     # Setup Prettier + lint-staged
+ *   tetra-setup eslint-security  # Setup ESLint security plugins
+ *   tetra-setup coverage     # Setup test coverage thresholds
+ *   tetra-setup lighthouse   # Setup Lighthouse CI budgets
+ *   tetra-setup commitlint   # Setup commitlint + commit-msg hook
+ *   tetra-setup depcruiser   # Setup dependency-cruiser
+ *   tetra-setup knip         # Setup Knip (dead code detection)
+ *   tetra-setup license-audit # Setup license compliance checking
  */
 
 import { program } from 'commander'
@@ -26,7 +34,7 @@ program
   .name('tetra-setup')
   .description('Setup Tetra Dev Toolkit in your project')
   .version('1.2.0')
-  .argument('[component]', 'Component to setup: hooks, ci, config, or all (default)')
+  .argument('[component]', 'Component to setup: hooks, ci, config, prettier, eslint-security, coverage, lighthouse, commitlint, depcruiser, knip, license-audit, or all')
   .option('-f, --force', 'Overwrite existing files')
   .action(async (component, options) => {
     console.log('')
@@ -49,8 +57,33 @@ program
         case 'config':
           await setupConfig(options)
           break
+        case 'prettier':
+          await setupPrettier(options)
+          break
+        case 'eslint-security':
+          await setupEslintSecurity(options)
+          break
+        case 'coverage':
+          await setupCoverage(options)
+          break
+        case 'lighthouse':
+          await setupLighthouse(options)
+          break
+        case 'commitlint':
+          await setupCommitlint(options)
+          break
+        case 'depcruiser':
+          await setupDepCruiser(options)
+          break
+        case 'knip':
+          await setupKnip(options)
+          break
+        case 'license-audit':
+          await setupLicenseAudit(options)
+          break
         default:
           console.log(`Unknown component: ${comp}`)
+          console.log('Available: hooks, ci, config, prettier, eslint-security, coverage, lighthouse, commitlint, depcruiser, knip, license-audit')
       }
     }
 
@@ -258,4 +291,524 @@ async function setupConfig(options) {
   }
 }
 
+// ─── Prettier ───────────────────────────────────────────────────
+
+async function setupPrettier(options) {
+  console.log('🎨 Setting up Prettier + lint-staged...')
+
+  const prettierPath = join(projectRoot, '.prettierrc.json')
+  if (!existsSync(prettierPath) || options.force) {
+    const prettierConfig = {
+      semi: true,
+      trailingComma: 'es5',
+      singleQuote: true,
+      printWidth: 100,
+      tabWidth: 2,
+      useTabs: false,
+      arrowParens: 'always',
+      endOfLine: 'lf'
+    }
+    writeFileSync(prettierPath, JSON.stringify(prettierConfig, null, 2) + '\n')
+    console.log('   ✅ Created .prettierrc.json')
+  } else {
+    console.log('   ⏭️  .prettierrc.json already exists')
+  }
+
+  const ignorePath = join(projectRoot, '.prettierignore')
+  if (!existsSync(ignorePath) || options.force) {
+    const ignoreContent = `node_modules
+dist
+build
+.next
+coverage
+*.min.js
+*.min.css
+package-lock.json
+`
+    writeFileSync(ignorePath, ignoreContent)
+    console.log('   ✅ Created .prettierignore')
+  }
+
+  // Add lint-staged config
+  const lintStagedPath = join(projectRoot, '.lintstagedrc.json')
+  if (!existsSync(lintStagedPath) || options.force) {
+    const lintStagedConfig = {
+      '*.{js,jsx,ts,tsx}': ['eslint --fix', 'prettier --write'],
+      '*.{json,css,scss,md,yml,yaml}': ['prettier --write']
+    }
+    writeFileSync(lintStagedPath, JSON.stringify(lintStagedConfig, null, 2) + '\n')
+    console.log('   ✅ Created .lintstagedrc.json')
+  }
+
+  // Add scripts to package.json
+  const packagePath = join(projectRoot, 'package.json')
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    pkg.scripts = pkg.scripts || {}
+    let changed = false
+
+    if (!pkg.scripts.format) {
+      pkg.scripts.format = 'prettier --write .'
+      changed = true
+    }
+    if (!pkg.scripts['format:check']) {
+      pkg.scripts['format:check'] = 'prettier --check .'
+      changed = true
+    }
+
+    if (changed) {
+      writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n')
+      console.log('   ✅ Added format scripts to package.json')
+    }
+  }
+
+  console.log('   📦 Run: npm install --save-dev prettier lint-staged')
+}
+
+// ─── ESLint Security ────────────────────────────────────────────
+
+async function setupEslintSecurity(options) {
+  console.log('🔒 Setting up ESLint security plugins...')
+
+  // Check for existing ESLint config
+  const eslintConfigs = [
+    '.eslintrc.js', '.eslintrc.cjs', '.eslintrc.json',
+    'eslint.config.js', 'eslint.config.mjs',
+    'backend/.eslintrc.js', 'backend/eslint.config.js'
+  ]
+
+  let hasEslint = false
+  for (const config of eslintConfigs) {
+    if (existsSync(join(projectRoot, config))) {
+      hasEslint = true
+      console.log(`   Found existing config: ${config}`)
+      break
+    }
+  }
+
+  if (!hasEslint) {
+    // Create a new ESLint flat config with security plugins
+    const eslintPath = join(projectRoot, 'eslint.config.js')
+    if (!existsSync(eslintPath) || options.force) {
+      const eslintContent = `import js from '@eslint/js'
+import security from 'eslint-plugin-security'
+import sonarjs from 'eslint-plugin-sonarjs'
+
+export default [
+  js.configs.recommended,
+  {
+    plugins: {
+      security,
+      sonarjs
+    },
+    rules: {
+      // Security rules
+      'security/detect-unsafe-regex': 'error',
+      'security/detect-eval-with-expression': 'error',
+      'security/detect-no-csrf-before-method-override': 'error',
+      'security/detect-non-literal-regexp': 'warn',
+      'security/detect-object-injection': 'off', // too many false positives
+      'security/detect-possible-timing-attacks': 'warn',
+
+      // SonarJS rules
+      'sonarjs/cognitive-complexity': ['warn', 25],
+      'sonarjs/no-duplicate-string': ['warn', { threshold: 5 }],
+      'sonarjs/slow-regex': 'warn',
+
+      // General safety
+      'no-eval': 'error',
+      'no-implied-eval': 'error',
+      'no-new-func': 'error'
+    }
+  }
+]
+`
+      writeFileSync(eslintPath, eslintContent)
+      console.log('   ✅ Created eslint.config.js with security plugins')
+    }
+  } else {
+    console.log('   ⚠️  ESLint config exists — manually add these plugins:')
+    console.log('      - eslint-plugin-security')
+    console.log('      - eslint-plugin-sonarjs')
+  }
+
+  console.log('   📦 Run: npm install --save-dev eslint eslint-plugin-security eslint-plugin-sonarjs')
+}
+
+// ─── Coverage Thresholds ────────────────────────────────────────
+
+async function setupCoverage(options) {
+  console.log('📊 Setting up test coverage thresholds...')
+
+  // Detect test framework
+  const packagePath = join(projectRoot, 'package.json')
+  let framework = null
+
+  const packageLocations = ['package.json', 'backend/package.json']
+  for (const loc of packageLocations) {
+    const pkgPath = join(projectRoot, loc)
+    if (!existsSync(pkgPath)) continue
+
+    const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'))
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies }
+    if (allDeps.vitest) { framework = 'vitest'; break }
+    if (allDeps.jest) { framework = 'jest'; break }
+  }
+
+  if (!framework) {
+    console.log('   ⚠️  No test framework detected. Install vitest or jest first.')
+    console.log('   📦 Recommended: npm install --save-dev vitest @vitest/coverage-v8')
+    return
+  }
+
+  if (framework === 'vitest') {
+    const vitestPath = join(projectRoot, 'vitest.config.ts')
+    if (!existsSync(vitestPath) || options.force) {
+      const vitestContent = `import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'lcov', 'html'],
+      reportsDirectory: './coverage',
+      thresholds: {
+        statements: 70,
+        branches: 60,
+        functions: 70,
+        lines: 70
+      }
+    }
+  }
+})
+`
+      writeFileSync(vitestPath, vitestContent)
+      console.log('   ✅ Created vitest.config.ts with coverage thresholds (70/60/70/70)')
+    }
+    console.log('   📦 Run: npm install --save-dev @vitest/coverage-v8')
+  }
+
+  if (framework === 'jest') {
+    console.log('   ℹ️  Add to your jest.config.js:')
+    console.log(`
+    coverageThreshold: {
+      global: {
+        statements: 70,
+        branches: 60,
+        functions: 70,
+        lines: 70
+      }
+    }
+`)
+  }
+
+  // Add coverage script
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    pkg.scripts = pkg.scripts || {}
+    if (!pkg.scripts['test:coverage']) {
+      pkg.scripts['test:coverage'] = framework === 'vitest'
+        ? 'vitest run --coverage'
+        : 'jest --coverage'
+      writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n')
+      console.log('   ✅ Added test:coverage script to package.json')
+    }
+  }
+}
+
+// ─── Lighthouse ─────────────────────────────────────────────────
+
+async function setupLighthouse(options) {
+  console.log('🏎️  Setting up Lighthouse CI...')
+
+  const lighthousercPath = join(projectRoot, 'lighthouserc.json')
+  if (!existsSync(lighthousercPath) || options.force) {
+    const config = {
+      ci: {
+        collect: {
+          numberOfRuns: 3,
+          settings: {
+            preset: 'desktop'
+          }
+        },
+        assert: {
+          assertions: {
+            'categories:performance': ['warn', { minScore: 0.7 }],
+            'categories:seo': ['error', { minScore: 0.9 }],
+            'categories:accessibility': ['warn', { minScore: 0.85 }],
+            'categories:best-practices': ['warn', { minScore: 0.8 }],
+            'first-contentful-paint': ['warn', { maxNumericValue: 2500 }],
+            'largest-contentful-paint': ['warn', { maxNumericValue: 3500 }],
+            'cumulative-layout-shift': ['warn', { maxNumericValue: 0.1 }],
+            'total-blocking-time': ['warn', { maxNumericValue: 500 }]
+          }
+        }
+      }
+    }
+    writeFileSync(lighthousercPath, JSON.stringify(config, null, 2) + '\n')
+    console.log('   ✅ Created lighthouserc.json')
+  }
+
+  const budgetPath = join(projectRoot, 'lighthouse-budget.json')
+  if (!existsSync(budgetPath) || options.force) {
+    const budget = [{
+      path: '/*',
+      resourceSizes: [
+        { resourceType: 'script', budget: 500 },
+        { resourceType: 'image', budget: 300 },
+        { resourceType: 'stylesheet', budget: 100 },
+        { resourceType: 'font', budget: 100 },
+        { resourceType: 'total', budget: 1500 }
+      ],
+      resourceCounts: [
+        { resourceType: 'third-party', budget: 15 }
+      ]
+    }]
+    writeFileSync(budgetPath, JSON.stringify(budget, null, 2) + '\n')
+    console.log('   ✅ Created lighthouse-budget.json')
+  }
+
+  // Create GitHub Actions workflow
+  const workflowDir = join(projectRoot, '.github/workflows')
+  if (!existsSync(workflowDir)) mkdirSync(workflowDir, { recursive: true })
+
+  const workflowPath = join(workflowDir, 'lighthouse.yml')
+  if (!existsSync(workflowPath) || options.force) {
+    const workflow = `name: Lighthouse CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  lighthouse:
+    name: Lighthouse Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Audit URLs
+        uses: treosh/lighthouse-ci-action@v12
+        with:
+          configPath: ./lighthouserc.json
+          budgetPath: ./lighthouse-budget.json
+          uploadArtifacts: true
+          temporaryPublicStorage: true
+`
+    writeFileSync(workflowPath, workflow)
+    console.log('   ✅ Created .github/workflows/lighthouse.yml')
+  }
+
+  console.log('   ℹ️  Update lighthouserc.json with your production URLs')
+}
+
+// ─── Commitlint ─────────────────────────────────────────────────
+
+async function setupCommitlint(options) {
+  console.log('📝 Setting up commitlint...')
+
+  const commitlintPath = join(projectRoot, 'commitlint.config.js')
+  if (!existsSync(commitlintPath) || options.force) {
+    const content = `export default {
+  extends: ['@commitlint/config-conventional'],
+  rules: {
+    'type-enum': [2, 'always', [
+      'feat', 'fix', 'docs', 'style', 'refactor',
+      'perf', 'test', 'build', 'ci', 'chore', 'security'
+    ]],
+    'subject-case': [2, 'never', ['start-case', 'pascal-case', 'upper-case']],
+    'header-max-length': [2, 'always', 100]
+  }
+}
+`
+    writeFileSync(commitlintPath, content)
+    console.log('   ✅ Created commitlint.config.js')
+  }
+
+  // Add commit-msg hook
+  const huskyDir = join(projectRoot, '.husky')
+  if (existsSync(huskyDir)) {
+    const commitMsgPath = join(huskyDir, 'commit-msg')
+    if (!existsSync(commitMsgPath) || options.force) {
+      const hookContent = `#!/bin/sh
+npx --no -- commitlint --edit \${1}
+`
+      writeFileSync(commitMsgPath, hookContent)
+      execSync(`chmod +x ${commitMsgPath}`)
+      console.log('   ✅ Created .husky/commit-msg hook')
+    }
+  } else {
+    console.log('   ⚠️  No .husky directory — run "tetra-setup hooks" first')
+  }
+
+  console.log('   📦 Run: npm install --save-dev @commitlint/cli @commitlint/config-conventional')
+}
+
+// ─── Dependency Cruiser ─────────────────────────────────────────
+
+async function setupDepCruiser(options) {
+  console.log('🔍 Setting up dependency-cruiser...')
+
+  const configPath = join(projectRoot, '.dependency-cruiser.cjs')
+  if (!existsSync(configPath) || options.force) {
+    const content = `/** @type {import('dependency-cruiser').IConfiguration} */
+module.exports = {
+  forbidden: [
+    {
+      name: 'no-circular',
+      severity: 'error',
+      comment: 'Circular dependencies cause maintenance problems and unexpected behavior',
+      from: {},
+      to: { circular: true }
+    },
+    {
+      name: 'no-orphans',
+      severity: 'info',
+      comment: 'Modules without incoming or outgoing connections',
+      from: { orphan: true, pathNot: ['\\\\.(test|spec)\\\\.(ts|js)$', 'types\\\\.ts$'] },
+      to: {}
+    },
+    {
+      name: 'no-dev-deps-in-src',
+      severity: 'error',
+      comment: 'devDependencies should not be imported in production code',
+      from: { path: '^src', pathNot: '\\\\.(test|spec)\\\\.' },
+      to: { dependencyTypes: ['npm-dev'] }
+    },
+    {
+      name: 'no-deprecated-core',
+      severity: 'warn',
+      comment: 'Deprecated Node.js core modules',
+      from: {},
+      to: { dependencyTypes: ['core'], path: '^(punycode|domain|constants|sys|_linklist|_stream_wrap)$' }
+    }
+  ],
+  options: {
+    doNotFollow: { path: 'node_modules' },
+    tsPreCompilationDeps: true,
+    tsConfig: { fileName: 'tsconfig.json' },
+    enhancedResolveOptions: {
+      exportsFields: ['exports'],
+      conditionNames: ['import', 'require', 'node', 'default']
+    },
+    reporterOptions: {
+      dot: { collapsePattern: 'node_modules/[^/]+' }
+    }
+  }
+}
+`
+    writeFileSync(configPath, content)
+    console.log('   ✅ Created .dependency-cruiser.cjs')
+  }
+
+  // Add scripts
+  const packagePath = join(projectRoot, 'package.json')
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    pkg.scripts = pkg.scripts || {}
+    let changed = false
+
+    if (!pkg.scripts['check:deps']) {
+      pkg.scripts['check:deps'] = 'depcruise src --config .dependency-cruiser.cjs'
+      changed = true
+    }
+    if (!pkg.scripts['check:circular']) {
+      pkg.scripts['check:circular'] = 'depcruise src --config .dependency-cruiser.cjs --output-type err-only'
+      changed = true
+    }
+
+    if (changed) {
+      writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n')
+      console.log('   ✅ Added check:deps and check:circular scripts')
+    }
+  }
+
+  console.log('   📦 Run: npm install --save-dev dependency-cruiser')
+}
+
+// ─── Knip (Dead Code Detection) ─────────────────────────────
+
+async function setupKnip(options) {
+  console.log('🔍 Setting up Knip (dead code detection)...')
+
+  const knipPath = join(projectRoot, 'knip.config.ts')
+  if (!existsSync(knipPath) || options.force) {
+    const content = `import type { KnipConfig } from 'knip'
+
+const config: KnipConfig = {
+  entry: ['src/index.{ts,js}', 'src/main.{ts,tsx}'],
+  project: ['src/**/*.{ts,tsx,js,jsx}'],
+  ignore: [
+    '**/*.test.{ts,tsx}',
+    '**/*.spec.{ts,tsx}',
+    '**/test/**',
+    '**/tests/**'
+  ],
+  ignoreDependencies: [
+    // Add dependencies that are used but not detected by Knip
+  ]
+}
+
+export default config
+`
+    writeFileSync(knipPath, content)
+    console.log('   ✅ Created knip.config.ts')
+  } else {
+    console.log('   ⏭️  knip.config.ts already exists')
+  }
+
+  // Add scripts
+  const packagePath = join(projectRoot, 'package.json')
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    pkg.scripts = pkg.scripts || {}
+    let changed = false
+
+    if (!pkg.scripts.knip && !pkg.scripts['check:unused']) {
+      pkg.scripts.knip = 'knip'
+      pkg.scripts['knip:fix'] = 'knip --fix'
+      changed = true
+    }
+
+    if (changed) {
+      writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n')
+      console.log('   ✅ Added knip scripts to package.json')
+    }
+  }
+
+  console.log('   📦 Run: npm install --save-dev knip')
+}
+
+// ─── License Audit ──────────────────────────────────────────
+
+async function setupLicenseAudit(options) {
+  console.log('📜 Setting up license compliance checking...')
+
+  // Add license check script
+  const packagePath = join(projectRoot, 'package.json')
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    pkg.scripts = pkg.scripts || {}
+    let changed = false
+
+    if (!pkg.scripts['check:licenses']) {
+      pkg.scripts['check:licenses'] = 'license-checker --production --failOn "GPL-2.0;GPL-3.0;AGPL-1.0;AGPL-3.0" --excludePrivatePackages'
+      changed = true
+    }
+    if (!pkg.scripts['licenses:summary']) {
+      pkg.scripts['licenses:summary'] = 'license-checker --production --summary'
+      changed = true
+    }
+
+    if (changed) {
+      writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n')
+      console.log('   ✅ Added license check scripts to package.json')
+      console.log('   ℹ️  Blocked licenses: GPL-2.0, GPL-3.0, AGPL-1.0, AGPL-3.0')
+    }
+  }
+
+  console.log('   📦 Run: npm install --save-dev license-checker')
+}
+
 program.parse()