@vertaaux/cli 0.2.0

package/dist/quality-gate/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/quality-gate/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gFAAgF;IAChF,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,CAAC;IAE9C,wEAAwE;IACxE,UAAU,EAAE,eAAe,CAAC;IAE5B,6CAA6C;IAC7C,MAAM,EAAE;QACN,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF,uEAAuE;IACvE,cAAc,EAAE,OAAO,CAAC;IAExB,kDAAkD;IAClD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iCAAiC;IACjC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC5B,wBAAwB;IACxB,IAAI,EAAE,WAAW,GAAG,WAAW,GAAG,cAAc,CAAC;IACjD,sCAAsC;IACtC,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,yDAAyD;IACzD,MAAM,EAAE,OAAO,CAAC;IAEhB,0CAA0C;IAC1C,QAAQ,EAAE,YAAY,CAAC;IAEvB,2CAA2C;IAC3C,UAAU,EAAE,aAAa,EAAE,CAAC;IAE5B,mCAAmC;IACnC,OAAO,EAAE;QACP,SAAS,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QAC5D,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,CAAC;IAEF,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,qCAAqC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,EAAE,iBAMzC,CAAC"}

package/dist/quality-gate/types.js

@@ -0,0 +1,23 @@
+/**
+ * Quality gate type definitions.
+ *
+ * Quality gates control when CI builds should fail based on audit results.
+ * Key principle: Fail only on NEW issues (not existing technical debt).
+ *
+ * Implements CICD-06: Fail on new issues only, not existing technical debt.
+ */
+/**
+ * Default quality gate configuration.
+ *
+ * Defaults are designed to be adoption-friendly:
+ * - Only fail on errors (not warnings/info)
+ * - Only fail on NEW errors (existing debt allowed)
+ * - No score thresholds by default (opt-in)
+ */
+export const DEFAULT_QUALITY_GATE_CONFIG = {
+    failOn: "error",
+    thresholds: {},
+    maxNew: { error: 0, warning: Infinity, info: Infinity },
+    failOnExisting: false,
+    bypassLabels: [],
+};

package/dist/templates/azure-devops.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Azure DevOps pipeline template generator for VertaaUX.
+ *
+ * Generates azure-pipelines.yml configuration with native Azure integrations:
+ * - SARIF output published to CodeAnalysisLogs for Advanced Security
+ * - JUnit output for test results integration
+ *
+ * @see https://learn.microsoft.com/en-us/azure/devops/repos/security/github-advanced-security-code-scanning-third-party
+ */
+export interface AzureDevOpsOptions {
+    /** URL to audit (optional, can be set in config) */
+    auditUrl?: string;
+    /** Severity threshold for CI failure */
+    failOn?: "error" | "warning" | "info" | "none";
+    /** Minimum score threshold (0 = disabled) */
+    threshold?: number;
+}
+/**
+ * Generate Azure DevOps pipeline template for VertaaUX integration.
+ *
+ * @param options - Configuration options
+ * @returns YAML template content
+ */
+export declare function generateAzureDevOpsTemplate(options?: AzureDevOpsOptions): string;
+//# sourceMappingURL=azure-devops.d.ts.map

package/dist/templates/azure-devops.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-devops.d.ts","sourceRoot":"","sources":["../../src/templates/azure-devops.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,kBAAkB;IACjC,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,CAAC;IAC/C,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,GAAE,kBAAuB,GAAG,MAAM,CAgGpF"}

package/dist/templates/azure-devops.js

@@ -0,0 +1,109 @@
+/**
+ * Azure DevOps pipeline template generator for VertaaUX.
+ *
+ * Generates azure-pipelines.yml configuration with native Azure integrations:
+ * - SARIF output published to CodeAnalysisLogs for Advanced Security
+ * - JUnit output for test results integration
+ *
+ * @see https://learn.microsoft.com/en-us/azure/devops/repos/security/github-advanced-security-code-scanning-third-party
+ */
+/**
+ * Generate Azure DevOps pipeline template for VertaaUX integration.
+ *
+ * @param options - Configuration options
+ * @returns YAML template content
+ */
+export function generateAzureDevOpsTemplate(options = {}) {
+    const { auditUrl, failOn = "error", threshold } = options;
+    // Build audit command with options
+    const auditArgs = [];
+    if (auditUrl) {
+        auditArgs.push(`--url "${auditUrl}"`);
+    }
+    if (failOn !== "none") {
+        auditArgs.push(`--fail-on ${failOn}`);
+    }
+    if (threshold && threshold > 0) {
+        auditArgs.push(`--threshold ${threshold}`);
+    }
+    const auditSuffix = auditArgs.length > 0 ? ` ${auditArgs.join(" ")}` : "";
+    return `# VertaaUX Accessibility & UX Audit
+# https://vertaaux.ai
+#
+# Azure DevOps Pipeline template with Advanced Security integration.
+# Requires VERTAAUX_API_KEY variable in pipeline settings or variable group.
+
+trigger:
+  - main
+  - master
+
+pr:
+  - main
+  - master
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: NodeTool@0
+    displayName: 'Install Node.js 20'
+    inputs:
+      versionSpec: '20.x'
+
+  - script: npm install -g @vertaaux/cli
+    displayName: 'Install VertaaUX CLI'
+
+  - script: |
+      vertaa audit \\
+        --format sarif \\
+        --output $(Build.ArtifactStagingDirectory)/results.sarif${auditSuffix}
+    displayName: 'Run VertaaUX Audit (SARIF)'
+    env:
+      VERTAAUX_API_KEY: $(VERTAAUX_API_KEY)
+    continueOnError: true
+
+  - script: |
+      vertaa audit \\
+        --format junit \\
+        --output $(Build.ArtifactStagingDirectory)/vertaaux-junit.xml${auditSuffix}
+    displayName: 'Run VertaaUX Audit (JUnit)'
+    env:
+      VERTAAUX_API_KEY: $(VERTAAUX_API_KEY)
+    continueOnError: true
+
+  # Publish SARIF for Azure DevOps Advanced Security
+  # The artifact name 'CodeAnalysisLogs' is required for Advanced Security integration
+  - task: PublishBuildArtifacts@1
+    displayName: 'Publish SARIF for Advanced Security'
+    inputs:
+      pathToPublish: $(Build.ArtifactStagingDirectory)/results.sarif
+      artifactName: CodeAnalysisLogs
+    condition: always()
+
+  # Publish JUnit test results
+  - task: PublishTestResults@2
+    displayName: 'Publish Test Results'
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: '$(Build.ArtifactStagingDirectory)/vertaaux-junit.xml'
+      testRunTitle: 'VertaaUX Audit Results'
+    condition: always()
+
+  # Generate and publish HTML report
+  - script: |
+      vertaa audit \\
+        --format html \\
+        --output $(Build.ArtifactStagingDirectory)/vertaaux-report.html${auditSuffix}
+    displayName: 'Generate HTML Report'
+    env:
+      VERTAAUX_API_KEY: $(VERTAAUX_API_KEY)
+    condition: always()
+
+  - task: PublishBuildArtifacts@1
+    displayName: 'Publish HTML Report'
+    inputs:
+      pathToPublish: $(Build.ArtifactStagingDirectory)/vertaaux-report.html
+      artifactName: VertaaUX-Report
+    condition: always()
+`;
+}

package/dist/templates/circleci.d.ts

@@ -0,0 +1,28 @@
+/**
+ * CircleCI template generator for VertaaUX.
+ *
+ * Generates .circleci/config.yml job configuration with native CircleCI integrations:
+ * - store_test_results for JUnit integration
+ * - store_artifacts for HTML report
+ *
+ * Note: CircleCI doesn't have native PR comment support.
+ * Use GitHub API or `gh pr comment` for PR comments.
+ *
+ * @see https://circleci.com/docs/collect-test-data/
+ */
+export interface CircleCIOptions {
+    /** URL to audit (optional, can be set in config) */
+    auditUrl?: string;
+    /** Severity threshold for CI failure */
+    failOn?: "error" | "warning" | "info" | "none";
+    /** Minimum score threshold (0 = disabled) */
+    threshold?: number;
+}
+/**
+ * Generate CircleCI template for VertaaUX integration.
+ *
+ * @param options - Configuration options
+ * @returns YAML template content
+ */
+export declare function generateCircleCITemplate(options?: CircleCIOptions): string;
+//# sourceMappingURL=circleci.d.ts.map

package/dist/templates/circleci.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"circleci.d.ts","sourceRoot":"","sources":["../../src/templates/circleci.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,eAAe;IAC9B,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,CAAC;IAC/C,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,GAAE,eAAoB,GAAG,MAAM,CAsE9E"}

package/dist/templates/circleci.js

@@ -0,0 +1,86 @@
+/**
+ * CircleCI template generator for VertaaUX.
+ *
+ * Generates .circleci/config.yml job configuration with native CircleCI integrations:
+ * - store_test_results for JUnit integration
+ * - store_artifacts for HTML report
+ *
+ * Note: CircleCI doesn't have native PR comment support.
+ * Use GitHub API or `gh pr comment` for PR comments.
+ *
+ * @see https://circleci.com/docs/collect-test-data/
+ */
+/**
+ * Generate CircleCI template for VertaaUX integration.
+ *
+ * @param options - Configuration options
+ * @returns YAML template content
+ */
+export function generateCircleCITemplate(options = {}) {
+    const { auditUrl, failOn = "error", threshold } = options;
+    // Build audit command with options
+    const auditArgs = [];
+    if (auditUrl) {
+        auditArgs.push(`--url "${auditUrl}"`);
+    }
+    if (failOn !== "none") {
+        auditArgs.push(`--fail-on ${failOn}`);
+    }
+    if (threshold && threshold > 0) {
+        auditArgs.push(`--threshold ${threshold}`);
+    }
+    const auditSuffix = auditArgs.length > 0 ? ` \\\n              ${auditArgs.join(" \\\n              ")}` : "";
+    return `# VertaaUX Accessibility & UX Audit
+# https://vertaaux.ai
+#
+# Add this job to your .circleci/config.yml
+# Requires VERTAAUX_API_KEY environment variable in project settings.
+#
+# Note: CircleCI doesn't have native PR comment support.
+# To add PR comments, use GitHub API or add a step with:
+#   gh pr comment --body "$(cat comment.md)"
+
+version: 2.1
+
+jobs:
+  vertaaux-audit:
+    docker:
+      - image: cimg/node:20.0
+    steps:
+      - checkout
+
+      - run:
+          name: Install VertaaUX CLI
+          command: npm install -g @vertaaux/cli
+
+      - run:
+          name: Run VertaaUX Audit
+          command: |
+            mkdir -p test-results artifacts
+            vertaa audit \\
+              --format junit \\
+              --output test-results/vertaaux.xml${auditSuffix}
+
+      - run:
+          name: Generate HTML Report
+          command: |
+            vertaa audit \\
+              --format html \\
+              --output artifacts/vertaaux-report.html${auditSuffix}
+          when: always
+
+      # Store test results for CircleCI Test Insights
+      - store_test_results:
+          path: test-results
+
+      # Store HTML report as artifact
+      - store_artifacts:
+          path: artifacts
+          destination: vertaaux-reports
+
+workflows:
+  pr-checks:
+    jobs:
+      - vertaaux-audit
+`;
+}

package/dist/templates/github-actions.d.ts

@@ -0,0 +1,81 @@
+/**
+ * GitHub Actions workflow template generator.
+ *
+ * Generates production-ready GitHub Actions workflows for VertaaUX integration
+ * with SARIF upload for Code Scanning, artifact storage, and PR comments.
+ *
+ * @see https://docs.github.com/en/actions
+ * @see https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
+ */
+/**
+ * Options for workflow generation.
+ */
+export interface WorkflowOptions {
+    /** Target URL to audit (optional, can be set in config) */
+    auditUrl?: string;
+    /** Severity level that causes workflow to fail */
+    failOn?: "error" | "warning" | "info" | "none";
+    /** Minimum score threshold (0-100) */
+    threshold?: number;
+    /** Upload SARIF results to GitHub Code Scanning */
+    uploadSarif?: boolean;
+    /** Upload HTML report and artifacts */
+    uploadArtifacts?: boolean;
+    /** Post PR comment with results summary */
+    postComment?: boolean;
+    /** Node.js version to use */
+    nodeVersion?: string;
+    /** Enable caching for node_modules, browsers, and route results */
+    enableCaching?: boolean;
+    /** Generate monorepo matrix workflow */
+    monorepo?: boolean;
+}
+/**
+ * Generate a production-ready GitHub Actions workflow for VertaaUX.
+ *
+ * Features:
+ * - Triggers on pull_request and push to main/master
+ * - SARIF upload for inline Code Scanning annotations
+ * - HTML report and artifact upload
+ * - PR comment with results summary using sticky comments
+ * - Proper exit code handling for CI gating
+ *
+ * @param options - Workflow generation options
+ * @returns YAML workflow content
+ *
+ * @example
+ * ```typescript
+ * const workflow = generateGitHubActionsWorkflow({
+ *   auditUrl: 'https://example.com',
+ *   failOn: 'warning',
+ *   uploadSarif: true,
+ *   postComment: true,
+ * });
+ * ```
+ */
+export declare function generateGitHubActionsWorkflow(options?: WorkflowOptions): string;
+/**
+ * Generate a minimal GitHub Actions workflow (basic SARIF upload only).
+ *
+ * @returns YAML workflow content
+ */
+export declare function generateMinimalWorkflow(): string;
+/**
+ * Generate a monorepo-aware GitHub Actions workflow.
+ *
+ * This workflow first detects all auditable apps in the monorepo,
+ * then runs audits in parallel using a matrix strategy.
+ *
+ * @param options - Workflow generation options
+ * @returns YAML workflow content
+ *
+ * @example
+ * ```typescript
+ * const workflow = generateMonorepoWorkflow({
+ *   failOn: 'warning',
+ *   uploadSarif: true,
+ * });
+ * ```
+ */
+export declare function generateMonorepoWorkflow(options?: Omit<WorkflowOptions, "monorepo">): string;
+//# sourceMappingURL=github-actions.d.ts.map

package/dist/templates/github-actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-actions.d.ts","sourceRoot":"","sources":["../../src/templates/github-actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,MAAM,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,CAAC;IAC/C,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mDAAmD;IACnD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uCAAuC;IACvC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,2CAA2C;IAC3C,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,6BAA6B;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAiBD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,GAAE,eAAoB,GAC5B,MAAM,CAiKR;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAMhD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,GAAE,IAAI,CAAC,eAAe,EAAE,UAAU,CAAM,GAC9C,MAAM,CA8KR"}