npm - @vertaaux/cli - Versions diffs - 0.2.0 - Mend

@vertaaux/cli 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

package/README.md +345 -0
package/dist/auth/ci-token.d.ts +49 -0
package/dist/auth/ci-token.d.ts.map +1 -0
package/dist/auth/ci-token.js +83 -0
package/dist/auth/device-flow.d.ts +66 -0
package/dist/auth/device-flow.d.ts.map +1 -0
package/dist/auth/device-flow.js +156 -0
package/dist/auth/token-store.d.ts +53 -0
package/dist/auth/token-store.d.ts.map +1 -0
package/dist/auth/token-store.js +78 -0
package/dist/baseline/diff.d.ts +57 -0
package/dist/baseline/diff.d.ts.map +1 -0
package/dist/baseline/diff.js +152 -0
package/dist/baseline/hash.d.ts +54 -0
package/dist/baseline/hash.d.ts.map +1 -0
package/dist/baseline/hash.js +66 -0
package/dist/baseline/manager.d.ts +89 -0
package/dist/baseline/manager.d.ts.map +1 -0
package/dist/baseline/manager.js +157 -0
package/dist/cache/index.d.ts +8 -0
package/dist/cache/index.d.ts.map +1 -0
package/dist/cache/index.js +7 -0
package/dist/cache/route-cache.d.ts +119 -0
package/dist/cache/route-cache.d.ts.map +1 -0
package/dist/cache/route-cache.js +213 -0
package/dist/ci/changed-routes.d.ts +95 -0
package/dist/ci/changed-routes.d.ts.map +1 -0
package/dist/ci/changed-routes.js +304 -0
package/dist/ci/github-api.d.ts +68 -0
package/dist/ci/github-api.d.ts.map +1 -0
package/dist/ci/github-api.js +138 -0
package/dist/ci/gitlab-api.d.ts +75 -0
package/dist/ci/gitlab-api.d.ts.map +1 -0
package/dist/ci/gitlab-api.js +180 -0
package/dist/ci/index.d.ts +6 -0
package/dist/ci/index.d.ts.map +1 -0
package/dist/ci/index.js +4 -0
package/dist/commands/audit.d.ts +58 -0
package/dist/commands/audit.d.ts.map +1 -0
package/dist/commands/audit.js +862 -0
package/dist/commands/baseline.d.ts +22 -0
package/dist/commands/baseline.d.ts.map +1 -0
package/dist/commands/baseline.js +210 -0
package/dist/commands/comment.d.ts +14 -0
package/dist/commands/comment.d.ts.map +1 -0
package/dist/commands/comment.js +363 -0
package/dist/commands/diff.d.ts +24 -0
package/dist/commands/diff.d.ts.map +1 -0
package/dist/commands/diff.js +196 -0
package/dist/commands/doctor.d.ts +58 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +338 -0
package/dist/commands/download.d.ts +12 -0
package/dist/commands/download.d.ts.map +1 -0
package/dist/commands/download.js +183 -0
package/dist/commands/explain.d.ts +62 -0
package/dist/commands/explain.d.ts.map +1 -0
package/dist/commands/explain.js +302 -0
package/dist/commands/init.d.ts +12 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +212 -0
package/dist/commands/login.d.ts +14 -0
package/dist/commands/login.d.ts.map +1 -0
package/dist/commands/login.js +222 -0
package/dist/commands/policy.d.ts +13 -0
package/dist/commands/policy.d.ts.map +1 -0
package/dist/commands/policy.js +347 -0
package/dist/commands/upload.d.ts +12 -0
package/dist/commands/upload.d.ts.map +1 -0
package/dist/commands/upload.js +158 -0
package/dist/config/defaults.d.ts +21 -0
package/dist/config/defaults.d.ts.map +1 -0
package/dist/config/defaults.js +49 -0
package/dist/config/loader.d.ts +66 -0
package/dist/config/loader.d.ts.map +1 -0
package/dist/config/loader.js +167 -0
package/dist/config/schema.d.ts +55 -0
package/dist/config/schema.d.ts.map +1 -0
package/dist/config/schema.js +6 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +1090 -0
package/dist/interactive/fix-wizard.d.ts +44 -0
package/dist/interactive/fix-wizard.d.ts.map +1 -0
package/dist/interactive/fix-wizard.js +286 -0
package/dist/interactive/init-wizard.d.ts +32 -0
package/dist/interactive/init-wizard.d.ts.map +1 -0
package/dist/interactive/init-wizard.js +193 -0
package/dist/interactive/prompts.d.ts +62 -0
package/dist/interactive/prompts.d.ts.map +1 -0
package/dist/interactive/prompts.js +78 -0
package/dist/monorepo/detector.d.ts +70 -0
package/dist/monorepo/detector.d.ts.map +1 -0
package/dist/monorepo/detector.js +278 -0
package/dist/monorepo/index.d.ts +9 -0
package/dist/monorepo/index.d.ts.map +1 -0
package/dist/monorepo/index.js +8 -0
package/dist/monorepo/workspace.d.ts +142 -0
package/dist/monorepo/workspace.d.ts.map +1 -0
package/dist/monorepo/workspace.js +171 -0
package/dist/output/envelope.d.ts +21 -0
package/dist/output/envelope.d.ts.map +1 -0
package/dist/output/envelope.js +27 -0
package/dist/output/factory.d.ts +73 -0
package/dist/output/factory.d.ts.map +1 -0
package/dist/output/factory.js +60 -0
package/dist/output/formats.d.ts +11 -0
package/dist/output/formats.d.ts.map +1 -0
package/dist/output/formats.js +41 -0
package/dist/output/html.d.ts +45 -0
package/dist/output/html.d.ts.map +1 -0
package/dist/output/html.js +607 -0
package/dist/output/human.d.ts +41 -0
package/dist/output/human.d.ts.map +1 -0
package/dist/output/human.js +274 -0
package/dist/output/json.d.ts +42 -0
package/dist/output/json.d.ts.map +1 -0
package/dist/output/json.js +37 -0
package/dist/output/junit.d.ts +56 -0
package/dist/output/junit.d.ts.map +1 -0
package/dist/output/junit.js +135 -0
package/dist/output/markdown.d.ts +77 -0
package/dist/output/markdown.d.ts.map +1 -0
package/dist/output/markdown.js +411 -0
package/dist/output/sarif.d.ts +160 -0
package/dist/output/sarif.d.ts.map +1 -0
package/dist/output/sarif.js +207 -0
package/dist/policy/evaluator.d.ts +111 -0
package/dist/policy/evaluator.d.ts.map +1 -0
package/dist/policy/evaluator.js +362 -0
package/dist/policy/index.d.ts +15 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +11 -0
package/dist/policy/loader.d.ts +97 -0
package/dist/policy/loader.d.ts.map +1 -0
package/dist/policy/loader.js +281 -0
package/dist/policy/schema.d.ts +297 -0
package/dist/policy/schema.d.ts.map +1 -0
package/dist/policy/schema.js +230 -0
package/dist/quality-gate/evaluator.d.ts +58 -0
package/dist/quality-gate/evaluator.d.ts.map +1 -0
package/dist/quality-gate/evaluator.js +274 -0
package/dist/quality-gate/index.d.ts +10 -0
package/dist/quality-gate/index.d.ts.map +1 -0
package/dist/quality-gate/index.js +7 -0
package/dist/quality-gate/types.d.ts +103 -0
package/dist/quality-gate/types.d.ts.map +1 -0
package/dist/quality-gate/types.js +23 -0
package/dist/templates/azure-devops.d.ts +25 -0
package/dist/templates/azure-devops.d.ts.map +1 -0
package/dist/templates/azure-devops.js +109 -0
package/dist/templates/circleci.d.ts +28 -0
package/dist/templates/circleci.d.ts.map +1 -0
package/dist/templates/circleci.js +86 -0
package/dist/templates/github-actions.d.ts +81 -0
package/dist/templates/github-actions.d.ts.map +1 -0
package/dist/templates/github-actions.js +393 -0
package/dist/templates/gitlab-ci.d.ts +26 -0
package/dist/templates/gitlab-ci.d.ts.map +1 -0
package/dist/templates/gitlab-ci.js +70 -0
package/dist/templates/index.d.ts +72 -0
package/dist/templates/index.d.ts.map +1 -0
package/dist/templates/index.js +112 -0
package/dist/templates/jenkins.d.ts +26 -0
package/dist/templates/jenkins.d.ts.map +1 -0
package/dist/templates/jenkins.js +110 -0
package/dist/ui/banner.d.ts +31 -0
package/dist/ui/banner.d.ts.map +1 -0
package/dist/ui/banner.js +84 -0
package/dist/ui/diagnostics.d.ts +39 -0
package/dist/ui/diagnostics.d.ts.map +1 -0
package/dist/ui/diagnostics.js +153 -0
package/dist/ui/spinner.d.ts +61 -0
package/dist/ui/spinner.d.ts.map +1 -0
package/dist/ui/spinner.js +101 -0
package/dist/ui/table.d.ts +63 -0
package/dist/ui/table.d.ts.map +1 -0
package/dist/ui/table.js +236 -0
package/dist/utils/client.d.ts +82 -0
package/dist/utils/client.d.ts.map +1 -0
package/dist/utils/client.js +128 -0
package/dist/utils/detect-env.d.ts +59 -0
package/dist/utils/detect-env.d.ts.map +1 -0
package/dist/utils/detect-env.js +115 -0
package/dist/utils/exit-codes.d.ts +47 -0
package/dist/utils/exit-codes.d.ts.map +1 -0
package/dist/utils/exit-codes.js +61 -0
package/dist/utils/logger.d.ts +87 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +185 -0
package/dist/utils/sanitize.d.ts +36 -0
package/dist/utils/sanitize.d.ts.map +1 -0
package/dist/utils/sanitize.js +64 -0
package/dist/utils/validators.d.ts +41 -0
package/dist/utils/validators.d.ts.map +1 -0
package/dist/utils/validators.js +123 -0
package/package.json +63 -0
package/schemas/vertaaux.config.schema.json +103 -0

package/dist/ci/changed-routes.js ADDED Viewed

@@ -0,0 +1,304 @@
+/**
+ * Detect routes changed in PR for incremental auditing.
+ *
+ * Uses git diff to find changed files, then maps them to routes.
+ * This enables efficient CI by only auditing what changed.
+ *
+ * Implements CICD-07: Incremental mode audits only routes touched in PR.
+ */
+import { execSync, execFileSync } from "child_process";
+import { validateBranchName } from "../utils/sanitize.js";
+/**
+ * Default route patterns for common frameworks.
+ *
+ * These patterns identify files that typically map to routes.
+ */
+const DEFAULT_ROUTE_PATTERNS = [
+    // Next.js App Router
+    "src/app/**/page.tsx",
+    "src/app/**/page.ts",
+    "src/app/**/page.jsx",
+    "src/app/**/page.js",
+    // Next.js Pages Router
+    "src/pages/**/*.tsx",
+    "src/pages/**/*.ts",
+    "src/pages/**/*.jsx",
+    "src/pages/**/*.js",
+    "pages/**/*.tsx",
+    "pages/**/*.ts",
+    "pages/**/*.jsx",
+    "pages/**/*.js",
+    // SvelteKit
+    "src/routes/**/+page.svelte",
+    "src/routes/**/+page.ts",
+    "src/routes/**/+page.js",
+    // Remix
+    "app/routes/**/*.tsx",
+    "app/routes/**/*.ts",
+    "app/routes/**/*.jsx",
+    "app/routes/**/*.js",
+    // Nuxt
+    "pages/**/*.vue",
+    // Astro
+    "src/pages/**/*.astro",
+];
+/**
+ * Convert a file path to a route URL.
+ *
+ * Supports common framework conventions:
+ * - Next.js App Router: src/app/about/page.tsx -> /about
+ * - Next.js Pages Router: src/pages/blog/index.tsx -> /blog
+ * - SvelteKit: src/routes/blog/+page.svelte -> /blog
+ *
+ * @param filePath - The changed file path
+ * @returns The route URL or null if not a route file
+ */
+export function filePathToRoute(filePath) {
+    // Next.js App Router: src/app/about/page.tsx -> /about
+    const appRouterMatch = filePath.match(/^(?:src\/)?app\/(.*)\/page\.(tsx?|jsx?|mdx?)$/);
+    if (appRouterMatch) {
+        const route = appRouterMatch[1];
+        // Handle root route
+        if (route === "")
+            return "/";
+        // Handle dynamic segments: [id] -> :id (for display, keep as-is for audit)
+        return `/${route}`;
+    }
+    // Next.js Pages Router: src/pages/blog/index.tsx -> /blog
+    const pagesRouterMatch = filePath.match(/^(?:src\/)?pages\/(.+)\.(tsx?|jsx?|mdx?)$/);
+    if (pagesRouterMatch) {
+        let route = pagesRouterMatch[1];
+        // Remove index suffix
+        route = route.replace(/\/index$/, "");
+        route = route.replace(/^index$/, "");
+        // Handle root route
+        if (route === "")
+            return "/";
+        return `/${route}`;
+    }
+    // SvelteKit: src/routes/blog/+page.svelte -> /blog
+    const sveltekitMatch = filePath.match(/^src\/routes\/(.*)\/\+page\.(svelte|ts|js)$/);
+    if (sveltekitMatch) {
+        const route = sveltekitMatch[1];
+        if (route === "")
+            return "/";
+        return `/${route}`;
+    }
+    // Remix: app/routes/blog.tsx -> /blog
+    const remixMatch = filePath.match(/^app\/routes\/(.+)\.(tsx?|jsx?)$/);
+    if (remixMatch) {
+        let route = remixMatch[1];
+        // Remix uses . for nested routes: blog.post -> blog/post
+        route = route.replace(/\./g, "/");
+        // Handle _index (root)
+        route = route.replace(/\/_index$/, "");
+        route = route.replace(/^_index$/, "");
+        if (route === "")
+            return "/";
+        return `/${route}`;
+    }
+    // Nuxt: pages/about.vue -> /about
+    const nuxtMatch = filePath.match(/^pages\/(.+)\.vue$/);
+    if (nuxtMatch) {
+        let route = nuxtMatch[1];
+        route = route.replace(/\/index$/, "");
+        route = route.replace(/^index$/, "");
+        if (route === "")
+            return "/";
+        return `/${route}`;
+    }
+    // Astro: src/pages/about.astro -> /about
+    const astroMatch = filePath.match(/^src\/pages\/(.+)\.astro$/);
+    if (astroMatch) {
+        let route = astroMatch[1];
+        route = route.replace(/\/index$/, "");
+        route = route.replace(/^index$/, "");
+        if (route === "")
+            return "/";
+        return `/${route}`;
+    }
+    return null;
+}
+/**
+ * Check if a file path matches any of the route patterns.
+ */
+function matchesRoutePattern(filePath, patterns) {
+    for (const pattern of patterns) {
+        // Convert glob pattern to regex
+        const regexPattern = pattern
+            .replace(/\*\*/g, "DOUBLESTAR")
+            .replace(/\*/g, "[^/]*")
+            .replace(/DOUBLESTAR/g, ".*")
+            .replace(/\./g, "\\.");
+        const regex = new RegExp(`^${regexPattern}$`);
+        if (regex.test(filePath)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Get the list of files changed between branches.
+ *
+ * @param baseBranch - The base branch to compare against
+ * @returns Array of changed file paths
+ */
+function getChangedFiles(baseBranch) {
+    const validBranch = validateBranchName(baseBranch);
+    try {
+        // Try with origin/ prefix first (most common in CI)
+        const result = execFileSync("git", ["diff", "--name-only", `origin/${validBranch}...HEAD`], { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+        return result
+            .split("\n")
+            .map((line) => line.trim())
+            .filter(Boolean);
+    }
+    catch {
+        try {
+            // Fall back to without origin/ prefix (local branches)
+            const result = execFileSync("git", ["diff", "--name-only", `${validBranch}...HEAD`], { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
+            return result
+                .split("\n")
+                .map((line) => line.trim())
+                .filter(Boolean);
+        }
+        catch {
+            // If git diff fails, return empty array
+            console.error(`Warning: Could not get changed files from git (base: ${validBranch})`);
+            return [];
+        }
+    }
+}
+/**
+ * Detect base branch from CI environment variables.
+ *
+ * Supports:
+ * - GitHub Actions: GITHUB_BASE_REF
+ * - GitLab CI: CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+ * - Azure DevOps: SYSTEM_PULLREQUEST_TARGETBRANCH
+ * - Jenkins: CHANGE_TARGET
+ * - CircleCI: CIRCLE_BRANCH (for base, uses main as fallback)
+ *
+ * @returns Detected base branch or "main" as default
+ */
+export function detectBaseBranch() {
+    let detected;
+    // GitHub Actions
+    if (process.env.GITHUB_BASE_REF) {
+        detected = process.env.GITHUB_BASE_REF;
+    }
+    // GitLab CI
+    if (!detected && process.env.CI_MERGE_REQUEST_TARGET_BRANCH_NAME) {
+        detected = process.env.CI_MERGE_REQUEST_TARGET_BRANCH_NAME;
+    }
+    // Azure DevOps
+    if (!detected && process.env.SYSTEM_PULLREQUEST_TARGETBRANCH) {
+        // Azure uses refs/heads/main format
+        detected = process.env.SYSTEM_PULLREQUEST_TARGETBRANCH.replace(/^refs\/heads\//, "");
+    }
+    // Jenkins
+    if (!detected && process.env.CHANGE_TARGET) {
+        detected = process.env.CHANGE_TARGET;
+    }
+    // Try to detect main vs master
+    if (!detected) {
+        try {
+            execSync("git rev-parse --verify origin/main", {
+                stdio: ["pipe", "pipe", "pipe"],
+            });
+            detected = "main";
+        }
+        catch {
+            try {
+                execSync("git rev-parse --verify origin/master", {
+                    stdio: ["pipe", "pipe", "pipe"],
+                });
+                detected = "master";
+            }
+            catch {
+                // Default to main
+                detected = "main";
+            }
+        }
+    }
+    // Defense in depth: validate the detected branch name.
+    // If a CI env var contained malicious characters, fall back to "main".
+    try {
+        return validateBranchName(detected);
+    }
+    catch {
+        return "main";
+    }
+}
+/**
+ * Get list of routes affected by changed files.
+ *
+ * Uses git diff to find changed files, then maps to routes.
+ *
+ * @param options - Detection options
+ * @returns Changed routes result
+ */
+export async function getChangedRoutes(options) {
+    const { baseBranch, routePatterns = DEFAULT_ROUTE_PATTERNS, fileToRouteMap } = options;
+    // Get changed files from git
+    const changedFiles = getChangedFiles(baseBranch);
+    if (changedFiles.length === 0) {
+        return {
+            routes: [],
+            changedFiles: [],
+            hasChanges: false,
+        };
+    }
+    // Collect routes from changed files
+    const routeSet = new Set();
+    for (const filePath of changedFiles) {
+        // First, check custom mapping
+        if (fileToRouteMap) {
+            for (const [pattern, routes] of Object.entries(fileToRouteMap)) {
+                const regexPattern = pattern
+                    .replace(/\*\*/g, "DOUBLESTAR")
+                    .replace(/\*/g, "[^/]*")
+                    .replace(/DOUBLESTAR/g, ".*")
+                    .replace(/\./g, "\\.");
+                const regex = new RegExp(`^${regexPattern}$`);
+                if (regex.test(filePath)) {
+                    for (const route of routes) {
+                        routeSet.add(route);
+                    }
+                }
+            }
+        }
+        // Check if file matches route patterns
+        if (matchesRoutePattern(filePath, routePatterns)) {
+            const route = filePathToRoute(filePath);
+            if (route) {
+                routeSet.add(route);
+            }
+        }
+    }
+    const routes = Array.from(routeSet).sort();
+    return {
+        routes,
+        changedFiles,
+        hasChanges: routes.length > 0,
+    };
+}
+/**
+ * Budget modes for controlling audit scope.
+ *
+ * CICD-13: Default mode runs under sane budget; full scan is opt-in.
+ */
+export const BUDGET_MODES = {
+    /** Quick scan: 5 pages, 30s timeout, 2 concurrent */
+    quick: { maxPages: 5, maxTime: 30000, concurrency: 2 },
+    /** Standard scan: 20 pages, 2min timeout, 4 concurrent */
+    standard: { maxPages: 20, maxTime: 120000, concurrency: 4 },
+    /** Full scan: unlimited pages, 10min timeout, 8 concurrent */
+    full: { maxPages: Infinity, maxTime: 600000, concurrency: 8 },
+};
+/**
+ * Get budget configuration for a mode.
+ */
+export function getBudgetConfig(mode) {
+    return BUDGET_MODES[mode] || BUDGET_MODES.standard;
+}

package/dist/ci/github-api.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * GitHub API wrapper for PR comment operations.
+ *
+ * Provides utilities for posting and updating PR comments
+ * with sticky comment semantics (find existing by hidden header).
+ *
+ * Uses native fetch (Node 18+).
+ */
+/**
+ * Options for GitHub comment operations.
+ */
+export interface GitHubCommentOptions {
+    /** GitHub token (from GITHUB_TOKEN env var) */
+    token: string;
+    /** Repository owner */
+    owner: string;
+    /** Repository name */
+    repo: string;
+    /** PR number */
+    prNumber: number;
+    /** Comment body (markdown) */
+    body: string;
+    /** Header identifier for finding existing comment */
+    header: string;
+}
+/**
+ * Find existing comment by hidden header identifier.
+ *
+ * Searches PR comments for `<!-- {header} -->` pattern in body.
+ * Handles pagination for repos with many comments.
+ *
+ * @param options - Comment search options (token, owner, repo, prNumber, header)
+ * @returns Comment ID if found, null otherwise
+ */
+export declare function findExistingComment(options: Omit<GitHubCommentOptions, "body">): Promise<number | null>;
+/**
+ * Post new comment or update existing one.
+ *
+ * Uses header identifier to find existing comment for update semantics.
+ * This prevents comment spam and ensures only one VertaaUX comment per PR.
+ *
+ * @param options - Comment options (token, owner, repo, prNumber, body, header)
+ * @returns Created/updated comment with ID and URL
+ */
+export declare function postOrUpdateGitHubComment(options: GitHubCommentOptions): Promise<{
+    id: number;
+    html_url: string;
+}>;
+/**
+ * Parse repository string into owner and repo.
+ *
+ * @param repository - Repository string in "owner/repo" format
+ * @returns Parsed owner and repo, or null if invalid
+ */
+export declare function parseRepository(repository: string): {
+    owner: string;
+    repo: string;
+} | null;
+/**
+ * Extract PR number from GitHub Actions environment.
+ *
+ * Checks GITHUB_REF_NAME for PR merge ref format (e.g., "123/merge")
+ * and falls back to GITHUB_EVENT_NUMBER.
+ *
+ * @returns PR number or null if not in PR context
+ */
+export declare function extractPRNumber(): number | null;
+//# sourceMappingURL=github-api.d.ts.map

package/dist/ci/github-api.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"github-api.d.ts","sourceRoot":"","sources":["../../src/ci/github-api.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,uBAAuB;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;CAChB;AA8DD;;;;;;;;GAQG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,IAAI,CAAC,oBAAoB,EAAE,MAAM,CAAC,GAC1C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA4BxB;AAED;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAqB3C;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,GACjB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAIxC;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAqB/C"}

package/dist/ci/github-api.js ADDED Viewed

@@ -0,0 +1,138 @@
+/**
+ * GitHub API wrapper for PR comment operations.
+ *
+ * Provides utilities for posting and updating PR comments
+ * with sticky comment semantics (find existing by hidden header).
+ *
+ * Uses native fetch (Node 18+).
+ */
+const GITHUB_API_BASE = "https://api.github.com";
+/**
+ * Make an authenticated GitHub API request.
+ */
+async function githubRequest(method, url, token, body) {
+    const headers = {
+        Accept: "application/vnd.github+json",
+        Authorization: `Bearer ${token}`,
+        "X-GitHub-Api-Version": "2022-11-28",
+        "User-Agent": "VertaaUX-CLI",
+    };
+    if (body) {
+        headers["Content-Type"] = "application/json";
+    }
+    const response = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    if (!response.ok) {
+        const errorData = (await response.json().catch(() => ({})));
+        throw new Error(`GitHub API error (${response.status}): ${errorData.message || response.statusText}`);
+    }
+    // Handle no content responses
+    if (response.status === 204) {
+        return {};
+    }
+    return response.json();
+}
+/**
+ * Find existing comment by hidden header identifier.
+ *
+ * Searches PR comments for `<!-- {header} -->` pattern in body.
+ * Handles pagination for repos with many comments.
+ *
+ * @param options - Comment search options (token, owner, repo, prNumber, header)
+ * @returns Comment ID if found, null otherwise
+ */
+export async function findExistingComment(options) {
+    const { token, owner, repo, prNumber, header } = options;
+    const headerPattern = `<!-- ${header} -->`;
+    let page = 1;
+    const perPage = 100;
+    // Paginate through comments until we find one or run out
+    while (true) {
+        const url = `${GITHUB_API_BASE}/repos/${owner}/${repo}/issues/${prNumber}/comments?page=${page}&per_page=${perPage}`;
+        const comments = await githubRequest("GET", url, token);
+        for (const comment of comments) {
+            if (comment.body?.includes(headerPattern)) {
+                return comment.id;
+            }
+        }
+        // No more pages
+        if (comments.length < perPage) {
+            break;
+        }
+        page++;
+    }
+    return null;
+}
+/**
+ * Post new comment or update existing one.
+ *
+ * Uses header identifier to find existing comment for update semantics.
+ * This prevents comment spam and ensures only one VertaaUX comment per PR.
+ *
+ * @param options - Comment options (token, owner, repo, prNumber, body, header)
+ * @returns Created/updated comment with ID and URL
+ */
+export async function postOrUpdateGitHubComment(options) {
+    const { token, owner, repo, prNumber, body, header } = options;
+    // Try to find existing comment
+    const existingId = await findExistingComment({
+        token,
+        owner,
+        repo,
+        prNumber,
+        header,
+    });
+    if (existingId) {
+        // Update existing comment
+        const url = `${GITHUB_API_BASE}/repos/${owner}/${repo}/issues/comments/${existingId}`;
+        return githubRequest("PATCH", url, token, { body });
+    }
+    else {
+        // Create new comment
+        const url = `${GITHUB_API_BASE}/repos/${owner}/${repo}/issues/${prNumber}/comments`;
+        return githubRequest("POST", url, token, { body });
+    }
+}
+/**
+ * Parse repository string into owner and repo.
+ *
+ * @param repository - Repository string in "owner/repo" format
+ * @returns Parsed owner and repo, or null if invalid
+ */
+export function parseRepository(repository) {
+    const match = repository.match(/^([^/]+)\/([^/]+)$/);
+    if (!match)
+        return null;
+    return { owner: match[1], repo: match[2] };
+}
+/**
+ * Extract PR number from GitHub Actions environment.
+ *
+ * Checks GITHUB_REF_NAME for PR merge ref format (e.g., "123/merge")
+ * and falls back to GITHUB_EVENT_NUMBER.
+ *
+ * @returns PR number or null if not in PR context
+ */
+export function extractPRNumber() {
+    // From PR merge ref: refs/pull/123/merge -> GITHUB_REF_NAME = "123/merge"
+    const refName = process.env.GITHUB_REF_NAME;
+    if (refName) {
+        const match = refName.match(/^(\d+)\/merge$/);
+        if (match) {
+            return parseInt(match[1], 10);
+        }
+    }
+    // From workflow context
+    const eventNumber = process.env.GITHUB_EVENT_NUMBER;
+    if (eventNumber) {
+        const num = parseInt(eventNumber, 10);
+        if (!isNaN(num))
+            return num;
+    }
+    // From pull_request event payload (parsed from GITHUB_EVENT_PATH)
+    // This requires reading the event file, skipping for simplicity
+    return null;
+}

package/dist/ci/gitlab-api.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * GitLab API wrapper for MR note operations.
+ *
+ * Provides utilities for posting and updating MR notes (comments)
+ * with sticky note semantics (find existing by hidden header).
+ *
+ * Uses native fetch (Node 18+).
+ */
+/**
+ * Options for GitLab note operations.
+ */
+export interface GitLabNoteOptions {
+    /** GitLab token (from GITLAB_TOKEN or CI_JOB_TOKEN) */
+    token: string;
+    /** GitLab API URL (from CI_API_V4_URL or https://gitlab.com/api/v4) */
+    apiUrl: string;
+    /** Project ID or URL-encoded path */
+    projectId: string;
+    /** MR IID (internal ID within project) */
+    mrIid: number;
+    /** Note body (markdown) */
+    body: string;
+    /** Header identifier for finding existing note */
+    header: string;
+}
+/**
+ * URL-encode a project path for GitLab API.
+ *
+ * Project ID can be numeric or a path like "group/project".
+ * Numeric IDs pass through unchanged, paths are URL-encoded.
+ *
+ * @param projectId - Project ID or path
+ * @returns URL-safe project identifier
+ */
+export declare function encodeProjectId(projectId: string): string;
+/**
+ * Find existing note by hidden header identifier.
+ *
+ * Searches MR notes for `<!-- {header} -->` pattern in body.
+ * Handles pagination for MRs with many notes.
+ *
+ * @param options - Note search options
+ * @returns Note ID if found, null otherwise
+ */
+export declare function findExistingNote(options: Omit<GitLabNoteOptions, "body">): Promise<number | null>;
+/**
+ * Post new note or update existing one.
+ *
+ * Uses header identifier to find existing note for update semantics.
+ * This prevents note spam and ensures only one VertaaUX note per MR.
+ *
+ * @param options - Note options
+ * @returns Created/updated note with ID and web URL
+ */
+export declare function postOrUpdateGitLabNote(options: GitLabNoteOptions): Promise<{
+    id: number;
+    web_url: string;
+}>;
+/**
+ * Extract MR IID from GitLab CI environment.
+ *
+ * @returns MR IID or null if not in MR context
+ */
+export declare function extractMRIid(): number | null;
+/**
+ * Get GitLab API configuration from environment.
+ *
+ * @returns API configuration or null if not in GitLab CI
+ */
+export declare function getGitLabConfig(): {
+    token: string;
+    apiUrl: string;
+    projectId: string;
+} | null;
+//# sourceMappingURL=gitlab-api.d.ts.map

package/dist/ci/gitlab-api.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gitlab-api.d.ts","sourceRoot":"","sources":["../../src/ci/gitlab-api.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,KAAK,EAAE,MAAM,CAAC;IACd,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,kDAAkD;IAClD,MAAM,EAAE,MAAM,CAAC;CAChB;AAwED;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAOzD;AAED;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,CAAC,GACvC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAgCxB;AAED;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CA6B1C;AAyBD;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,MAAM,GAAG,IAAI,CAO5C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,IAAI,CAeP"}