auditkit 0.1.0

package/src/report.rs

@@ -0,0 +1,250 @@
+use std::collections::BTreeMap;
+use std::fs;
+use std::path::PathBuf;
+
+use anyhow::Result;
+
+use crate::workspace::Workspace;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct Brief {
+    pub client_name: String,
+    pub website: String,
+    pub business_type: String,
+    pub goal: String,
+    pub target_customer: String,
+    pub conversion_action: String,
+}
+
+#[derive(Debug, Clone)]
+pub struct AgencyConfig {
+    pub agency_name: String,
+    pub auditor_name: String,
+    pub audit_price: String,
+    pub refresh_price: String,
+    pub growth_price: String,
+}
+
+impl Default for AgencyConfig {
+    fn default() -> Self {
+        Self {
+            agency_name: "Origin".to_string(),
+            auditor_name: "Daniel White".to_string(),
+            audit_price: "Starting at £299".to_string(),
+            refresh_price: "Starting at £1,999".to_string(),
+            growth_price: "Starting at £499/mo".to_string(),
+        }
+    }
+}
+
+pub fn parse_brief(markdown: &str) -> Brief {
+    Brief {
+        client_name: markdown
+            .lines()
+            .find_map(|line| {
+                line.strip_prefix("# ")
+                    .and_then(|line| line.strip_suffix(" Audit Brief"))
+            })
+            .unwrap_or("Client")
+            .to_string(),
+        website: field(markdown, "Website"),
+        business_type: field(markdown, "Business type"),
+        goal: field(markdown, "Goal"),
+        target_customer: field(markdown, "Target customer"),
+        conversion_action: field(markdown, "Main conversion action"),
+    }
+}
+
+fn field(markdown: &str, label: &str) -> String {
+    let prefix = format!("{label}:");
+    markdown
+        .lines()
+        .find_map(|line| line.strip_prefix(&prefix))
+        .map(str::trim)
+        .unwrap_or("")
+        .to_string()
+}
+
+fn strip_title(markdown: &str) -> String {
+    markdown
+        .lines()
+        .skip_while(|line| line.starts_with("# "))
+        .collect::<Vec<_>>()
+        .join("\n")
+        .trim()
+        .to_string()
+}
+
+fn heading_from_page_path(path: &str) -> String {
+    let name = path
+        .trim_start_matches("pages/")
+        .trim_end_matches(".md")
+        .replace("home", "homepage")
+        .replace(['-', '_'], " ");
+
+    name.split_whitespace()
+        .map(|word| {
+            let mut chars = word.chars();
+            match chars.next() {
+                Some(first) => format!("{}{}", first.to_uppercase(), chars.as_str()),
+                None => String::new(),
+            }
+        })
+        .collect::<Vec<_>>()
+        .join(" ")
+}
+
+pub fn build_final_report(
+    config: &AgencyConfig,
+    folder_name: &str,
+    files: &BTreeMap<String, String>,
+) -> String {
+    let brief = parse_brief(files.get("brief.md").map(String::as_str).unwrap_or(""));
+    let page_sections = files
+        .iter()
+        .filter(|(path, _)| path.starts_with("pages/") && path.ends_with(".md"))
+        .map(|(path, content)| {
+            format!(
+                "### {} Review\n\n{}",
+                heading_from_page_path(path),
+                strip_title(content)
+            )
+        })
+        .collect::<Vec<_>>()
+        .join("\n\n");
+
+    format!(
+        "# {} Website Audit\n\nPrepared by {}, {}\nAudit folder: {}\n\n## Context\n\nWebsite: {}\nGoal: {}\nBusiness type: {}\nTarget customer: {}\nMain conversion action: {}\n\n## Scorecard\n\n{}\n\n## Automated Check\n\n{}\n\n## Security Check\n\n{}\n\n## Lighthouse Check\n\n{}\n\n## Findings\n\n{}\n\n## Page Reviews\n\n{}\n\n## Recommended Next Step\n\nAudit: {}\nRefresh: {}\nGrowth: {}\n\nUse the audit to prioritise immediate fixes. If most findings require design, copy, and frontend changes, the Refresh package is likely the best next step.\n",
+        brief.client_name,
+        config.auditor_name,
+        config.agency_name,
+        folder_name,
+        brief.website,
+        brief.goal,
+        empty_or(&brief.business_type, "Not specified"),
+        empty_or(&brief.target_customer, "Not specified"),
+        empty_or(&brief.conversion_action, "Not specified"),
+        section_file(files, "scorecard.md", "Not completed yet."),
+        section_file(files, "automated-check.md", "Not run yet."),
+        section_file(files, "security.md", "Not run yet."),
+        section_file(files, "lighthouse.md", "Not run yet."),
+        section_file(files, "findings.md", "No findings captured yet."),
+        if page_sections.is_empty() { "No page reviews captured yet.".to_string() } else { page_sections },
+        config.audit_price,
+        config.refresh_price,
+        config.growth_price,
+    )
+}
+
+pub fn build_client_email(config: &AgencyConfig, brief: &Brief) -> String {
+    format!(
+        "Subject: Website audit for {}\n\nHi,\n\nI've completed the website audit for {}.\n\nThe report is in final-report.md. I also included a video-script.md outline so the walkthrough can focus on the highest-impact issues.\n\nMain goal reviewed: {}\n\nRecommended next step:\nReview the priority fixes in the report. If you want me to handle the design, copy, and implementation work, the Refresh package is the most likely fit.\n\nThanks,\n{}\n{}\n",
+        brief.client_name,
+        empty_or(&brief.website, "your website"),
+        empty_or(&brief.goal, "Not specified"),
+        config.auditor_name,
+        config.agency_name
+    )
+}
+
+pub fn generate_report(workspace: &Workspace, folder_name: &str) -> Result<(PathBuf, PathBuf)> {
+    let config = load_config(workspace);
+    let files = workspace.read_audit_files(folder_name)?;
+    let brief = parse_brief(files.get("brief.md").map(String::as_str).unwrap_or(""));
+    let report = build_final_report(&config, folder_name, &files);
+    let email = build_client_email(&config, &brief);
+    let report_path = workspace.write_audit_file(folder_name, "final-report.md", &report)?;
+    let email_path = workspace.write_audit_file(folder_name, "client-email.md", &email)?;
+    Ok((report_path, email_path))
+}
+
+fn section_file(files: &BTreeMap<String, String>, path: &str, fallback: &str) -> String {
+    files
+        .get(path)
+        .map(|content| strip_title(content))
+        .filter(|content| !content.is_empty())
+        .unwrap_or_else(|| fallback.to_string())
+}
+
+fn empty_or<'a>(value: &'a str, fallback: &'a str) -> &'a str {
+    if value.trim().is_empty() {
+        fallback
+    } else {
+        value
+    }
+}
+
+fn load_config(workspace: &Workspace) -> AgencyConfig {
+    let path = workspace.root.join("auditkit.config.json");
+    let Ok(content) = fs::read_to_string(path) else {
+        return AgencyConfig::default();
+    };
+    let Ok(json) = serde_json::from_str::<serde_json::Value>(&content) else {
+        return AgencyConfig::default();
+    };
+
+    let mut config = AgencyConfig::default();
+    config.agency_name = json["agencyName"]
+        .as_str()
+        .unwrap_or(&config.agency_name)
+        .to_string();
+    config.auditor_name = json["auditorName"]
+        .as_str()
+        .unwrap_or(&config.auditor_name)
+        .to_string();
+    config.audit_price = json["services"]["audit"]
+        .as_str()
+        .unwrap_or(&config.audit_price)
+        .to_string();
+    config.refresh_price = json["services"]["refresh"]
+        .as_str()
+        .unwrap_or(&config.refresh_price)
+        .to_string();
+    config.growth_price = json["services"]["growth"]
+        .as_str()
+        .unwrap_or(&config.growth_price)
+        .to_string();
+    config
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parse_brief_extracts_context() {
+        let brief = parse_brief(
+            "# Acme Dental Audit Brief\n\nWebsite: https://example.com\nGoal: More bookings",
+        );
+        assert_eq!(brief.client_name, "Acme Dental");
+        assert_eq!(brief.website, "https://example.com");
+        assert_eq!(brief.goal, "More bookings");
+    }
+
+    #[test]
+    fn final_report_includes_security_and_lighthouse() {
+        let mut files = BTreeMap::new();
+        files.insert(
+            "brief.md".to_string(),
+            "# Acme Dental Audit Brief\n\nWebsite: https://example.com\nGoal: Leads".to_string(),
+        );
+        files.insert(
+            "security.md".to_string(),
+            "# Security Check\n\nScore: 50/100".to_string(),
+        );
+        files.insert(
+            "lighthouse.md".to_string(),
+            "# Lighthouse Check\n\nPerformance: 100/100".to_string(),
+        );
+        files.insert(
+            "pages/home.md".to_string(),
+            "# Homepage Review\n\n## CTA".to_string(),
+        );
+
+        let report = build_final_report(&AgencyConfig::default(), "2026-acme", &files);
+        assert!(report.contains("## Security Check"));
+        assert!(report.contains("Score: 50/100"));
+        assert!(report.contains("## Lighthouse Check"));
+        assert!(report.contains("### Homepage Review"));
+    }
+}

package/src/security.rs

@@ -0,0 +1,193 @@
+use anyhow::Result;
+use reqwest::header::HeaderMap;
+
+use crate::ui::score_status;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SecurityCheck {
+    pub url: String,
+    pub score: i32,
+    pub https: bool,
+    pub hsts: bool,
+    pub csp: bool,
+    pub frame_options: bool,
+    pub referrer_policy: bool,
+    pub secure_cookies: bool,
+    pub feedback: Vec<String>,
+}
+
+fn header_present(headers: &HeaderMap, name: &str) -> bool {
+    headers.get(name).is_some()
+}
+
+fn cookies_have_security_flags(headers: &HeaderMap) -> bool {
+    let cookies = headers.get_all("set-cookie");
+    let mut saw_cookie = false;
+
+    for cookie in cookies.iter() {
+        saw_cookie = true;
+        let value = cookie.to_str().unwrap_or("").to_lowercase();
+        if !(value.contains("secure") && value.contains("httponly") && value.contains("samesite")) {
+            return false;
+        }
+    }
+
+    !saw_cookie || true
+}
+
+pub fn analyze_security_headers(url: &str, headers: &HeaderMap) -> SecurityCheck {
+    let https = url.starts_with("https://");
+    let hsts = header_present(headers, "strict-transport-security");
+    let csp = header_present(headers, "content-security-policy");
+    let frame_options = header_present(headers, "x-frame-options");
+    let referrer_policy = header_present(headers, "referrer-policy");
+    let secure_cookies = cookies_have_security_flags(headers);
+
+    let mut score = 100;
+    let mut feedback = Vec::new();
+
+    if !https {
+        score -= 25;
+        feedback.push(
+            "Site is not using HTTPS. Serve the site over HTTPS before client launch.".to_string(),
+        );
+    } else {
+        feedback.push("HTTPS is enabled.".to_string());
+    }
+
+    if !hsts {
+        score -= 15;
+        feedback.push(
+            "Missing HSTS header. Add Strict-Transport-Security once HTTPS is stable.".to_string(),
+        );
+    } else {
+        feedback.push("HSTS header found.".to_string());
+    }
+
+    if !csp {
+        score -= 20;
+        feedback.push(
+            "Missing Content-Security-Policy. Add a CSP to reduce script injection risk."
+                .to_string(),
+        );
+    } else {
+        feedback.push("Content-Security-Policy found.".to_string());
+    }
+
+    if !frame_options {
+        score -= 10;
+        feedback.push("Missing X-Frame-Options. Add clickjacking protection.".to_string());
+    }
+
+    if !referrer_policy {
+        score -= 5;
+        feedback.push("Missing Referrer-Policy. Add one to avoid leaking full URLs.".to_string());
+    }
+
+    if !secure_cookies {
+        score -= 10;
+        feedback.push("Cookies are missing Secure, HttpOnly, or SameSite flags.".to_string());
+    }
+
+    SecurityCheck {
+        url: url.to_string(),
+        score: score.max(0),
+        https,
+        hsts,
+        csp,
+        frame_options,
+        referrer_policy,
+        secure_cookies,
+        feedback,
+    }
+}
+
+pub fn check_url(input_url: &str) -> Result<SecurityCheck> {
+    let url = if input_url.starts_with("http://") || input_url.starts_with("https://") {
+        input_url.to_string()
+    } else {
+        format!("https://{input_url}")
+    };
+    let response = reqwest::blocking::Client::new()
+        .get(&url)
+        .header("user-agent", "AuditKit/0.1")
+        .header("accept", "text/html,application/xhtml+xml")
+        .send()?;
+    Ok(analyze_security_headers(
+        &response.url().to_string(),
+        response.headers(),
+    ))
+}
+
+pub fn format_cli(result: &SecurityCheck) -> String {
+    let mut output = format!(
+        "\n== Security Check ==\nURL: {}\nScore: {}/100 ({})\n\n== Signals ==\nHTTPS: {}\nHSTS: {}\nCSP: {}\nX-Frame-Options: {}\nReferrer-Policy: {}\nSecure cookies: {}\n\n== Feedback ==\n",
+        result.url,
+        result.score,
+        score_status(result.score),
+        yes_no(result.https),
+        yes_no(result.hsts),
+        yes_no(result.csp),
+        yes_no(result.frame_options),
+        yes_no(result.referrer_policy),
+        yes_no(result.secure_cookies)
+    );
+
+    for item in &result.feedback {
+        output.push_str(&format!("- {item}\n"));
+    }
+
+    output
+}
+
+pub fn format_markdown(result: &SecurityCheck) -> String {
+    format!("# Security Check\n\n{}\n", format_cli(result))
+}
+
+fn yes_no(value: bool) -> &'static str {
+    if value {
+        "yes"
+    } else {
+        "no"
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use reqwest::header::{HeaderMap, HeaderValue};
+
+    use super::*;
+
+    #[test]
+    fn missing_headers_are_flagged() {
+        let headers = HeaderMap::new();
+        let result = analyze_security_headers("http://example.com", &headers);
+        assert_eq!(result.score, 25);
+        assert!(result
+            .feedback
+            .join("\n")
+            .contains("Site is not using HTTPS"));
+        assert!(result
+            .feedback
+            .join("\n")
+            .contains("Missing Content-Security-Policy"));
+    }
+
+    #[test]
+    fn strong_headers_score_high() {
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            "strict-transport-security",
+            HeaderValue::from_static("max-age=31536000"),
+        );
+        headers.insert(
+            "content-security-policy",
+            HeaderValue::from_static("default-src 'self'"),
+        );
+        headers.insert("x-frame-options", HeaderValue::from_static("DENY"));
+        headers.insert("referrer-policy", HeaderValue::from_static("strict-origin"));
+
+        let result = analyze_security_headers("https://example.com", &headers);
+        assert_eq!(result.score, 100);
+    }
+}

package/src/templates.rs

@@ -0,0 +1,197 @@
+use std::collections::BTreeMap;
+
+use url::Url;
+
+use crate::audit::AuditInput;
+
+fn markdown_list(items: &[String]) -> String {
+    if items.is_empty() {
+        "- None provided".to_string()
+    } else {
+        items
+            .iter()
+            .map(|item| format!("- {item}"))
+            .collect::<Vec<_>>()
+            .join("\n")
+    }
+}
+
+fn title_case(value: &str) -> String {
+    if value == "/" {
+        return "Homepage".to_string();
+    }
+
+    value
+        .trim_matches('/')
+        .replace(['-', '_', '/'], " ")
+        .split_whitespace()
+        .map(|word| {
+            let mut chars = word.chars();
+            match chars.next() {
+                Some(first) => format!("{}{}", first.to_uppercase(), chars.as_str()),
+                None => String::new(),
+            }
+        })
+        .collect::<Vec<_>>()
+        .join(" ")
+}
+
+fn page_file_name(page: &str) -> String {
+    let raw = if page == "/" {
+        "home".to_string()
+    } else {
+        page.trim_matches('/').to_string()
+    };
+
+    let mut slug = String::new();
+    let mut previous_dash = false;
+
+    for character in raw.chars() {
+        if character.is_ascii_alphanumeric() {
+            slug.push(character.to_ascii_lowercase());
+            previous_dash = false;
+        } else if !previous_dash {
+            slug.push('-');
+            previous_dash = true;
+        }
+    }
+
+    format!("pages/{}.md", slug.trim_matches('-'))
+}
+
+pub fn create_audit_files(audit: &AuditInput) -> BTreeMap<String, String> {
+    let mut files = BTreeMap::new();
+
+    files.insert("brief.md".to_string(), brief_template(audit));
+    files.insert("status.md".to_string(), status_template());
+    files.insert("scorecard.md".to_string(), scorecard_template());
+    files.insert("checklist.md".to_string(), checklist_template());
+    files.insert("findings.md".to_string(), findings_template());
+    files.insert("report.md".to_string(), report_template(audit));
+    files.insert("video-script.md".to_string(), video_script_template(audit));
+    files.insert("links.md".to_string(), links_template(audit));
+    files.insert("raw-notes.md".to_string(), "# Raw Notes\n\n".to_string());
+
+    for page in &audit.pages {
+        files.insert(page_file_name(page), page_review_template(page));
+    }
+
+    files
+}
+
+pub fn brief_template(audit: &AuditInput) -> String {
+    format!(
+        "# {} Audit Brief\n\nWebsite: {}\nBusiness type: {}\nGoal: {}\nTarget customer: {}\nMain conversion action: {}\nCreated: {}\n\n## Known Concerns\n\n{}\n\n## Pages\n\n{}\n\n## Competitors\n\n{}\n",
+        audit.client_name,
+        audit.url,
+        audit.business_type,
+        audit.goal,
+        audit.target_customer,
+        audit.conversion_action,
+        audit.created_at,
+        markdown_list(&audit.known_concerns),
+        markdown_list(&audit.pages),
+        markdown_list(&audit.competitors)
+    )
+}
+
+pub fn checklist_template() -> String {
+    "# Audit Checklist\n\n## Performance\n\n- [ ] Run PageSpeed on key pages\n- [ ] Check mobile score\n- [ ] Identify LCP element\n- [ ] Check image weight\n- [ ] Check font loading\n- [ ] Check layout shift\n\n## UX and Conversion\n\n- [ ] Above-fold offer is clear\n- [ ] Primary CTA is obvious\n- [ ] User can contact/book within 1 click\n- [ ] Trust signals are visible\n- [ ] Forms are short enough\n- [ ] Navigation supports key journey\n\n## SEO\n\n- [ ] Title tags\n- [ ] Meta descriptions\n- [ ] H1 structure\n- [ ] Internal links\n- [ ] Image alt text\n- [ ] Schema opportunity\n- [ ] Local SEO basics\n".to_string()
+}
+
+pub fn findings_template() -> String {
+    "# Findings\n\n## Finding Template\n\nTitle:\nCategory: Performance / UX / SEO / Conversion / Trust\nSeverity: Critical / High / Medium / Low\nPage:\nEvidence:\nWhy it matters:\nRecommendation:\nEstimated effort:\nBusiness impact:\nScreenshot/video note:\n\n## Critical\n\n### 1. Finding title\n\nEvidence:\n\nWhy it matters:\n\nRecommendation:\n\nEstimated effort:\n\nBusiness impact:\n\n## High\n\n## Medium\n\n## Low\n".to_string()
+}
+
+pub fn scorecard_template() -> String {
+    "# Scorecard\n\nPerformance: /10\nUX clarity: /10\nConversion path: /10\nSEO basics: /10\nTrust signals: /10\nMobile experience: /10\n\nOverall:\n\n## Notes\n\n".to_string()
+}
+
+pub fn status_template() -> String {
+    "# Audit Status\n\n- [ ] Intake complete\n- [ ] Pages reviewed\n- [ ] Performance checked\n- [ ] SEO checked\n- [ ] Findings prioritised\n- [ ] Report drafted\n- [ ] Video recorded\n- [ ] Sent to client\n".to_string()
+}
+
+pub fn page_review_template(page: &str) -> String {
+    format!(
+        "# {} Review\n\nPath: {}\n\n## First Impression\n\n## CTA\n\n## Copy Clarity\n\n## Visual Hierarchy\n\n## Mobile Issues\n\n## SEO Notes\n\n## Performance Notes\n\n## Recommended Fixes\n",
+        title_case(page),
+        page
+    )
+}
+
+pub fn report_template(audit: &AuditInput) -> String {
+    format!(
+        "# {} Website Audit\n\nWebsite: {}\nGoal: {}\n\n## Executive Summary\n\n## Priority Fixes\n\n1.\n2.\n3.\n\n## Performance\n\n## UX and Conversion\n\n## SEO\n\n## Recommended Next Step\n",
+        audit.client_name, audit.url, audit.goal
+    )
+}
+
+pub fn video_script_template(audit: &AuditInput) -> String {
+    format!(
+        "# {} Video Script\n\n## Opening\n\nWhat I reviewed and what matters most.\n\n## Biggest Conversion Issue\n\n## Performance Issue\n\n## SEO or Structure Issue\n\n## Close\n\nSummarise top 3 fixes and recommended next step.\n",
+        audit.client_name
+    )
+}
+
+pub fn links_template(audit: &AuditInput) -> String {
+    let encoded = urlencoding(&audit.url);
+    let pages = audit
+        .pages
+        .iter()
+        .map(|page| {
+            Url::parse(&audit.url)
+                .and_then(|base| base.join(page))
+                .map(|url| format!("- {url}"))
+                .unwrap_or_else(|_| format!("- {page}"))
+        })
+        .collect::<Vec<_>>()
+        .join("\n");
+
+    format!(
+        "# Audit Links\n\n## Test Links\n\n- PageSpeed: https://pagespeed.web.dev/analysis?url={}\n- Rich Results: https://search.google.com/test/rich-results?url={}\n- Meta Preview: https://metatags.io/?url={}\n\n## Pages\n\n{}\n\n## Competitors\n\n{}\n",
+        encoded,
+        encoded,
+        encoded,
+        if pages.is_empty() { "- None provided".to_string() } else { pages },
+        markdown_list(&audit.competitors)
+    )
+}
+
+fn urlencoding(value: &str) -> String {
+    url::form_urlencoded::byte_serialize(value.as_bytes()).collect()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn audit() -> AuditInput {
+        AuditInput {
+            client_name: "Acme Dental".to_string(),
+            slug: "acme-dental".to_string(),
+            url: "https://acmedental.co.uk".to_string(),
+            business_type: "Dental clinic".to_string(),
+            goal: "More bookings".to_string(),
+            target_customer: "Local families".to_string(),
+            conversion_action: "Book consultation".to_string(),
+            pages: vec![
+                "/".to_string(),
+                "/pricing".to_string(),
+                "/contact".to_string(),
+            ],
+            known_concerns: vec!["Slow mobile".to_string()],
+            competitors: vec!["https://competitor.example".to_string()],
+            created_at: "2026-06-02".to_string(),
+        }
+    }
+
+    #[test]
+    fn create_audit_files_contains_expected_workspace() {
+        let files = create_audit_files(&audit());
+        assert!(files.contains_key("brief.md"));
+        assert!(files.contains_key("scorecard.md"));
+        assert!(files.contains_key("pages/home.md"));
+        assert!(files.contains_key("pages/pricing.md"));
+        assert!(files["brief.md"].contains("Business type: Dental clinic"));
+    }
+}