@vertaaux/cli 0.2.2 → 0.3.0

package/dist/commands/fix-plan.js

@@ -0,0 +1,182 @@
+/**
+ * Fix-plan command for VertaaUX CLI.
+ *
+ * Accepts full audit JSON (via stdin, --file, or --job) and calls the
+ * LLM fix-plan endpoint to produce a structured remediation plan with
+ * ordered steps, effort estimates, and code hints.
+ *
+ * Examples:
+ *   vertaa audit https://example.com --json | vertaa fix-plan
+ *   vertaa fix-plan --job abc123
+ *   vertaa fix-plan --file audit.json --json
+ */
+import chalk from "chalk";
+import { ExitCode } from "../utils/exit-codes.js";
+import { resolveApiBase, getApiKey, apiRequest } from "../utils/client.js";
+import { resolveConfig } from "../config/loader.js";
+import { writeJsonOutput, writeOutput } from "../output/envelope.js";
+import { resolveCommandFormat } from "../output/formats.js";
+import { createSpinner, succeedSpinner } from "../ui/spinner.js";
+import { readJsonInput } from "../utils/stdin.js";
+import { handleAiCommandError, AI_TIMEOUT_MS } from "../utils/ai-error.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function normalizeIssues(issues) {
+    let list;
+    if (Array.isArray(issues)) {
+        list = issues;
+    }
+    else if (issues && typeof issues === "object") {
+        list = Object.values(issues).flatMap((v) => Array.isArray(v) ? v : []);
+    }
+    else {
+        return [];
+    }
+    return list.map((raw) => {
+        const i = raw;
+        return {
+            id: i.id || i.ruleId || i.rule_id || null,
+            title: i.title || i.description || null,
+            description: i.description || null,
+            severity: i.severity || null,
+            category: i.category || null,
+            selector: i.selector || null,
+            wcag_reference: i.wcag_reference || null,
+            recommendation: i.recommendation || i.recommended_fix || null,
+        };
+    });
+}
+// ---------------------------------------------------------------------------
+// Formatters
+// ---------------------------------------------------------------------------
+const SEVERITY_COLORS = {
+    critical: chalk.red.bold,
+    high: chalk.red,
+    medium: chalk.yellow,
+    low: chalk.cyan,
+};
+const EFFORT_LABELS = {
+    trivial: chalk.green("trivial"),
+    small: chalk.green("small"),
+    medium: chalk.yellow("medium"),
+    large: chalk.red("large"),
+};
+const FIX_TYPE_LABELS = {
+    code: chalk.blue("code"),
+    config: chalk.magenta("config"),
+    content: chalk.cyan("content"),
+    design: chalk.yellow("design"),
+};
+function formatFixPlanHuman(data) {
+    const lines = [];
+    lines.push(chalk.bold(`Remediation Plan (${data.items.length} items)`));
+    lines.push(chalk.dim(`Estimated total effort: ${data.estimated_total_effort}`));
+    lines.push("");
+    for (let idx = 0; idx < data.items.length; idx++) {
+        const item = data.items[idx];
+        const severityFn = SEVERITY_COLORS[item.severity] || chalk.dim;
+        const effort = EFFORT_LABELS[item.effort] || chalk.dim(item.effort);
+        const fixType = FIX_TYPE_LABELS[item.fix_type] || chalk.dim(item.fix_type);
+        lines.push(`${chalk.bold(`${idx + 1}.`)} ${severityFn(`[${item.severity}]`)} ${chalk.bold(item.title)}`);
+        lines.push(`   Effort: ${effort}  Type: ${fixType}${item.id ? chalk.dim(`  (${item.id})`) : ""}`);
+        for (let s = 0; s < item.steps.length; s++) {
+            lines.push(`   ${chalk.dim(`${s + 1})`)} ${item.steps[s]}`);
+        }
+        if (item.code_hint) {
+            lines.push(`   ${chalk.dim("Hint:")} ${chalk.italic(item.code_hint)}`);
+        }
+        lines.push("");
+    }
+    return lines.join("\n");
+}
+// ---------------------------------------------------------------------------
+// Command Registration
+// ---------------------------------------------------------------------------
+export function registerFixPlanCommand(program) {
+    program
+        .command("fix-plan")
+        .description("Generate a structured remediation plan from audit findings")
+        .option("--job <job-id>", "Fetch audit data from a job ID")
+        .option("--file <path>", "Load audit JSON from file")
+        .option("-f, --format <format>", "Output format: json | human")
+        .addHelpText("after", `
+Examples:
+  vertaa audit https://example.com --json | vertaa fix-plan
+  vertaa fix-plan --job abc123
+  vertaa fix-plan --file audit.json --json
+  vertaa audit ... --json | vertaa fix-plan --json | jq .
+`)
+        .action(async (options, command) => {
+        try {
+            const globalOpts = command.optsWithGlobals();
+            const config = await resolveConfig(globalOpts.config);
+            const machineMode = globalOpts.machine || false;
+            const format = resolveCommandFormat("fix-plan", options.format, machineMode);
+            // Resolve audit data
+            let auditPayload;
+            if (options.job) {
+                const base = resolveApiBase(globalOpts.base);
+                const apiKey = getApiKey(config.apiKey);
+                const result = await apiRequest(base, `/audit/${options.job}`, { method: "GET" }, apiKey);
+                const issues = normalizeIssues(result.issues);
+                auditPayload = {
+                    job_id: result.job_id || options.job,
+                    url: result.url || null,
+                    scores: result.scores || null,
+                    issues,
+                };
+            }
+            else {
+                const input = await readJsonInput(options.file);
+                if (!input) {
+                    console.error("Error: No audit data provided.");
+                    console.error("Usage:");
+                    console.error("  vertaa audit https://example.com --json | vertaa fix-plan");
+                    console.error("  vertaa fix-plan --job <job-id>");
+                    console.error("  vertaa fix-plan --file audit.json");
+                    process.exit(ExitCode.ERROR);
+                }
+                const data = input;
+                const innerData = (data.data && typeof data.data === "object" ? data.data : data);
+                const issues = normalizeIssues(innerData.issues);
+                auditPayload = {
+                    job_id: innerData.job_id || null,
+                    url: innerData.url || null,
+                    scores: innerData.scores || null,
+                    issues,
+                };
+            }
+            if (!Array.isArray(auditPayload.issues) ||
+                auditPayload.issues.length === 0) {
+                console.error("Error: No issues found in audit data.");
+                process.exit(ExitCode.ERROR);
+            }
+            // Auth check
+            const base = resolveApiBase(globalOpts.base);
+            const apiKey = getApiKey(config.apiKey);
+            // Call LLM fix-plan API
+            const spinner = createSpinner("Generating remediation plan...");
+            try {
+                const response = await Promise.race([
+                    apiRequest(base, "/cli/ai/fix-plan", { method: "POST", body: { audit: auditPayload } }, apiKey),
+                    new Promise((_, reject) => setTimeout(() => reject(new Error("LLM request timed out")), AI_TIMEOUT_MS)),
+                ]);
+                succeedSpinner(spinner, "Plan ready");
+                if (format === "json") {
+                    writeJsonOutput(response.data, "fix-plan");
+                }
+                else {
+                    writeOutput(formatFixPlanHuman(response.data));
+                }
+            }
+            catch (error) {
+                handleAiCommandError(error, "fix-plan", spinner);
+            }
+        }
+        catch (error) {
+            console.error("Error:", error instanceof Error ? error.message : String(error));
+            process.exit(ExitCode.ERROR);
+        }
+    });
+}

package/dist/commands/patch-review.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Patch-review command for VertaaUX CLI.
+ *
+ * Reads a diff from stdin and (optionally) findings from a job,
+ * calls the LLM patch-review endpoint to produce a SAFE/UNSAFE/NEEDS_REVIEW verdict.
+ *
+ * Examples:
+ *   gh pr diff 123 | vertaa patch-review --job abc123
+ *   git diff HEAD~1 | vertaa patch-review --job abc123
+ *   cat fix.patch | vertaa patch-review --findings findings.json
+ */
+import { Command } from "commander";
+export declare function registerPatchReviewCommand(program: Command): void;
+//# sourceMappingURL=patch-review.d.ts.map

package/dist/commands/patch-review.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patch-review.d.ts","sourceRoot":"","sources":["../../src/commands/patch-review.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAmIpC,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA2HjE"}

package/dist/commands/patch-review.js

@@ -0,0 +1,200 @@
+/**
+ * Patch-review command for VertaaUX CLI.
+ *
+ * Reads a diff from stdin and (optionally) findings from a job,
+ * calls the LLM patch-review endpoint to produce a SAFE/UNSAFE/NEEDS_REVIEW verdict.
+ *
+ * Examples:
+ *   gh pr diff 123 | vertaa patch-review --job abc123
+ *   git diff HEAD~1 | vertaa patch-review --job abc123
+ *   cat fix.patch | vertaa patch-review --findings findings.json
+ */
+import chalk from "chalk";
+import { ExitCode } from "../utils/exit-codes.js";
+import { resolveApiBase, getApiKey, apiRequest } from "../utils/client.js";
+import { resolveConfig } from "../config/loader.js";
+import { writeJsonOutput, writeOutput } from "../output/envelope.js";
+import { resolveCommandFormat } from "../output/formats.js";
+import { createSpinner, succeedSpinner } from "../ui/spinner.js";
+import { readTextInput, readJsonInput } from "../utils/stdin.js";
+import { handleAiCommandError, AI_TIMEOUT_MS } from "../utils/ai-error.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function normalizeIssues(issues) {
+    let list;
+    if (Array.isArray(issues)) {
+        list = issues;
+    }
+    else if (issues && typeof issues === "object") {
+        list = Object.values(issues).flatMap((v) => Array.isArray(v) ? v : []);
+    }
+    else {
+        return [];
+    }
+    return list.map((raw) => {
+        const i = raw;
+        return {
+            id: i.id || i.ruleId || i.rule_id || null,
+            title: i.title || i.description || null,
+            description: i.description || null,
+            severity: i.severity || null,
+            category: i.category || null,
+            selector: i.selector || null,
+            wcag_reference: i.wcag_reference || null,
+            recommendation: i.recommendation || i.recommended_fix || null,
+        };
+    });
+}
+// ---------------------------------------------------------------------------
+// Formatters
+// ---------------------------------------------------------------------------
+const VERDICT_DISPLAY = {
+    SAFE: chalk.green.bold("SAFE"),
+    UNSAFE: chalk.red.bold("UNSAFE"),
+    NEEDS_REVIEW: chalk.yellow.bold("NEEDS REVIEW"),
+};
+const CONCERN_SEVERITY = {
+    critical: chalk.red("critical"),
+    warning: chalk.yellow("warning"),
+    info: chalk.cyan("info"),
+};
+function formatPatchReviewHuman(data) {
+    const lines = [];
+    const verdictDisplay = VERDICT_DISPLAY[data.verdict] || chalk.bold(data.verdict);
+    lines.push(`Verdict: ${verdictDisplay}  (confidence: ${data.confidence}%)`);
+    lines.push("");
+    lines.push(data.summary);
+    if (data.concerns.length > 0) {
+        lines.push("");
+        lines.push(chalk.bold("Concerns:"));
+        for (const concern of data.concerns) {
+            const sev = CONCERN_SEVERITY[concern.severity] || chalk.dim(concern.severity);
+            const loc = concern.location ? chalk.dim(` @ ${concern.location}`) : "";
+            lines.push(`  ${sev}${loc}: ${concern.description}`);
+        }
+    }
+    if (data.findings_addressed.length > 0) {
+        lines.push("");
+        lines.push(chalk.green(`Findings addressed (${data.findings_addressed.length}):`));
+        for (const id of data.findings_addressed) {
+            lines.push(`  ${chalk.green("+")} ${id}`);
+        }
+    }
+    if (data.findings_remaining.length > 0) {
+        lines.push("");
+        lines.push(chalk.yellow(`Findings remaining (${data.findings_remaining.length}):`));
+        for (const id of data.findings_remaining) {
+            lines.push(`  ${chalk.yellow("-")} ${id}`);
+        }
+    }
+    return lines.join("\n");
+}
+// ---------------------------------------------------------------------------
+// Command Registration
+// ---------------------------------------------------------------------------
+export function registerPatchReviewCommand(program) {
+    program
+        .command("patch-review")
+        .description("Review a patch/diff against audit findings for safety")
+        .option("--job <job-id>", "Fetch findings from a job ID")
+        .option("--findings <path>", "Load findings JSON from file")
+        .option("--diff-file <path>", "Load diff from file instead of stdin")
+        .option("-f, --format <format>", "Output format: json | human")
+        .addHelpText("after", `
+Examples:
+  gh pr diff 123 | vertaa patch-review --job abc123
+  git diff HEAD~1 | vertaa patch-review --job abc123
+  vertaa patch-review --diff-file fix.patch --findings audit.json
+`)
+        .action(async (options, command) => {
+        try {
+            const globalOpts = command.optsWithGlobals();
+            const config = await resolveConfig(globalOpts.config);
+            const machineMode = globalOpts.machine || false;
+            const dryRun = globalOpts.dryRun || false;
+            const format = resolveCommandFormat("patch-review", options.format, machineMode);
+            // Read diff content
+            let diffContent;
+            if (options.diffFile) {
+                const fs = await import("fs");
+                const path = await import("path");
+                const resolved = path.resolve(process.cwd(), options.diffFile);
+                if (!fs.existsSync(resolved)) {
+                    console.error(`Error: Diff file not found: ${options.diffFile}`);
+                    process.exit(ExitCode.ERROR);
+                }
+                diffContent = fs.readFileSync(resolved, "utf-8");
+            }
+            else {
+                const text = await readTextInput();
+                if (!text) {
+                    console.error("Error: No diff provided.");
+                    console.error("Pipe a diff via stdin or use --diff-file:");
+                    console.error("  gh pr diff 123 | vertaa patch-review --job abc123");
+                    console.error("  vertaa patch-review --diff-file fix.patch --findings audit.json");
+                    process.exit(ExitCode.ERROR);
+                }
+                diffContent = text;
+            }
+            // Resolve findings
+            let findingsList = null;
+            let jobId = null;
+            if (options.job) {
+                const base = resolveApiBase(globalOpts.base);
+                const apiKey = getApiKey(config.apiKey);
+                const result = await apiRequest(base, `/audit/${options.job}`, { method: "GET" }, apiKey);
+                findingsList = normalizeIssues(result.issues);
+                jobId = result.job_id || options.job;
+            }
+            else if (options.findings) {
+                const input = await readJsonInput(options.findings);
+                if (input) {
+                    const data = input;
+                    const innerData = (data.data && typeof data.data === "object" ? data.data : data);
+                    findingsList = normalizeIssues(innerData.issues);
+                    jobId = innerData.job_id || null;
+                }
+            }
+            if (dryRun) {
+                console.log(chalk.yellow("[dry-run]") + " Would analyze diff against findings");
+                console.log(`  Diff size: ${diffContent.length} characters`);
+                console.log(`  Findings: ${findingsList ? findingsList.length : "none"}`);
+                console.log(`  Job ID: ${jobId || "none"}`);
+                return;
+            }
+            // Auth check
+            const base = resolveApiBase(globalOpts.base);
+            const apiKey = getApiKey(config.apiKey);
+            // Call LLM patch-review API
+            const spinner = createSpinner("Reviewing patch...");
+            try {
+                const response = await Promise.race([
+                    apiRequest(base, "/cli/ai/patch-review", {
+                        method: "POST",
+                        body: {
+                            diff: diffContent,
+                            findings: findingsList,
+                            job_id: jobId,
+                        },
+                    }, apiKey),
+                    new Promise((_, reject) => setTimeout(() => reject(new Error("LLM request timed out")), AI_TIMEOUT_MS)),
+                ]);
+                succeedSpinner(spinner, "Review complete");
+                if (format === "json") {
+                    writeJsonOutput(response.data, "patch-review");
+                }
+                else {
+                    writeOutput(formatPatchReviewHuman(response.data));
+                }
+            }
+            catch (error) {
+                handleAiCommandError(error, "patch-review", spinner);
+            }
+        }
+        catch (error) {
+            console.error("Error:", error instanceof Error ? error.message : String(error));
+            process.exit(ExitCode.ERROR);
+        }
+    });
+}

package/dist/commands/protect.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Protect command for VertaaUX CLI.
+ *
+ * Implements the 3-step conversion flow from the command line:
+ *   1. Audit  - Captures scores (from latest audit or --input)
+ *   2. Protect - Generates policy YAML with score thresholds
+ *   3. Monitor - Outputs CI snippet for continuous quality gating
+ *
+ * Usage: vertaa protect [url] [options]
+ */
+import { Command } from "commander";
+/**
+ * Register the protect command with the Commander program.
+ */
+export declare function registerProtectCommand(program: Command): void;
+//# sourceMappingURL=protect.d.ts.map

package/dist/commands/protect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/commands/protect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA6DpC;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAqC7D"}