cc-env-checker 0.1.0

package/src/report.js

@@ -0,0 +1,165 @@
+import { RISK_PRIORITY, STATUS_PRIORITY } from './types.js';
+
+const ARTICLE_MODEL = [
+  {
+    id: 'persistent-identifiers',
+    title: 'Persistent identifiers',
+    titleKey: 'coverage.persistent-identifiers.title',
+    relatedCheckIds: ['artifacts.identity-summary'],
+  },
+  {
+    id: 'message-request-fingerprinting',
+    title: 'Message and request fingerprinting',
+    titleKey: 'coverage.message-request-fingerprinting.title',
+    relatedCheckIds: ['static-install.header-summary'],
+  },
+  {
+    id: 'environment-fingerprinting',
+    title: 'Environment fingerprint collection',
+    titleKey: 'coverage.environment-fingerprinting.title',
+    relatedCheckIds: ['fingerprint.environment-signals', 'fingerprint.runtime-inventory'],
+  },
+  {
+    id: 'telemetry-event-logging',
+    title: 'Telemetry and event logging',
+    titleKey: 'coverage.telemetry-event-logging.title',
+    relatedCheckIds: ['artifacts.telemetry-cache', 'static-install.endpoint-summary'],
+  },
+  {
+    id: 'third-party-analytics-channels',
+    title: 'Third-party analytics channels',
+    titleKey: 'coverage.third-party-analytics-channels.title',
+    relatedCheckIds: ['static-install.endpoint-summary'],
+  },
+  {
+    id: 'remote-policy-settings-control',
+    title: 'Remote policy and settings control',
+    titleKey: 'coverage.remote-policy-settings-control.title',
+    relatedCheckIds: ['static-install.endpoint-summary'],
+  },
+  {
+    id: 'identity-linking-risk',
+    title: 'Identity-linking risk',
+    titleKey: 'coverage.identity-linking-risk.title',
+    relatedCheckIds: ['artifacts.identity-summary', 'artifacts.credentials-file'],
+  },
+  {
+    id: 'rate-limit-abuse-signals',
+    title: 'Rate-limit abuse signals',
+    titleKey: 'coverage.rate-limit-abuse-signals.title',
+    relatedCheckIds: ['static-install.header-summary'],
+  },
+  {
+    id: 'automation-abuse-signals',
+    title: 'Automation-abuse signals',
+    titleKey: 'coverage.automation-abuse-signals.title',
+    relatedCheckIds: ['fingerprint.environment-signals'],
+  },
+  {
+    id: 'client-tampering-signals',
+    title: 'Client-tampering signals',
+    titleKey: 'coverage.client-tampering-signals.title',
+    relatedCheckIds: ['static-install.header-summary'],
+  },
+];
+
+function compareRisk(a, b) {
+  return (RISK_PRIORITY[b.riskLevel] ?? 0) - (RISK_PRIORITY[a.riskLevel] ?? 0);
+}
+
+export function aggregateOverallRiskLevel(results) {
+  if (results.some((result) => result.riskLevel === 'high')) {
+    return 'high';
+  }
+
+  if (results.some((result) => result.riskLevel === 'medium')) {
+    return 'medium';
+  }
+
+  if (results.some((result) => result.riskLevel === 'low')) {
+    return 'low';
+  }
+
+  return 'unknown';
+}
+
+export function summarizeModule(id, checks) {
+  const status = checks.reduce((current, check) => {
+    return (STATUS_PRIORITY[check.status] ?? 0) > (STATUS_PRIORITY[current] ?? 0)
+      ? check.status
+      : current;
+  }, 'pass');
+
+  return {
+    id,
+    status,
+    riskLevel: aggregateOverallRiskLevel(checks),
+    checks,
+  };
+}
+
+export function rankFindings(results) {
+  return [...results]
+    .filter((result) => result.riskLevel !== 'low' || result.status !== 'pass')
+    .sort((left, right) => {
+      const riskDiff = compareRisk(left, right);
+      if (riskDiff !== 0) {
+        return riskDiff;
+      }
+
+      return (STATUS_PRIORITY[right.status] ?? 0) - (STATUS_PRIORITY[left.status] ?? 0);
+    });
+}
+
+export function buildRecommendedActions(findings, limit = 3) {
+  return findings
+    .filter((finding) => finding.suggestion)
+    .slice(0, limit)
+    .map((finding) => ({
+      id: finding.id,
+      priority: finding.riskLevel === 'high' || finding.status === 'fail'
+        ? 'fix_now'
+        : finding.riskLevel === 'medium' || finding.status === 'warn'
+          ? 'review_soon'
+          : 'optional',
+      suggestion: finding.suggestion,
+      ...(finding.suggestionKey ? { suggestionKey: finding.suggestionKey } : {}),
+      ...(finding.messageParams ? { messageParams: finding.messageParams } : {}),
+    }));
+}
+
+export function summarizeEvidence(results) {
+  return results.reduce((summary, result) => {
+    if (result.source) {
+      summary.sources[result.source] = (summary.sources[result.source] ?? 0) + 1;
+    }
+    if (result.evidenceType) {
+      summary.confidence[result.evidenceType] = (summary.confidence[result.evidenceType] ?? 0) + 1;
+    }
+    return summary;
+  }, { sources: {}, confidence: {} });
+}
+
+export function buildCoverageMatrix(results) {
+  return ARTICLE_MODEL.map((claim) => {
+    const related = results.filter((result) => claim.relatedCheckIds.includes(result.id));
+    const state = !related.length
+      ? 'not_covered'
+      : related.some((result) => result.evidenceType === 'unverifiable')
+        ? 'unverifiable'
+        : related.every((result) => result.status === 'pass')
+          ? 'covered'
+          : 'partial';
+
+    return {
+      id: claim.id,
+      title: claim.title,
+      titleKey: claim.titleKey,
+      state,
+      stateKey: `coverage.state.${state}`,
+      rationale: related.length ? `Mapped from ${related.length} related checks` : 'No local checks implemented yet',
+      evidenceSources: [...new Set(related.map((result) => result.source).filter(Boolean))],
+      relatedCheckIds: related.map((result) => result.id),
+    };
+  });
+}

package/src/types.js

@@ -0,0 +1,18 @@
+export const RISK_LEVELS = ['low', 'medium', 'high', 'unknown'];
+export const STATUSES = ['pass', 'warn', 'fail', 'skip'];
+export const EVIDENCE_SOURCES = ['local', 'remote', 'mixed', 'local-file', 'runtime-env', 'static-install', 'inference'];
+export const EVIDENCE_CONFIDENCE = ['observed', 'derived', 'partial', 'unverifiable'];
+
+export const RISK_PRIORITY = {
+  unknown: 0,
+  low: 1,
+  medium: 2,
+  high: 3,
+};
+
+export const STATUS_PRIORITY = {
+  pass: 0,
+  skip: 1,
+  warn: 2,
+  fail: 3,
+};