claude-crap 0.3.0 → 0.3.3

package/plugin/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-crap-plugin",
-  "version": "0.3.0",
+  "version": "0.3.3",
   "private": true,
   "description": "Runtime dependencies for the claude-crap plugin bundle",
   "type": "module",

package/src/dashboard/server.ts

@@ -94,13 +94,12 @@ export async function startDashboard(options: StartDashboardOptions): Promise<Da
   await fastify.register(fastifyStatic, {
     root: publicRoot,
     prefix: "/",
-    decorateReply: false,
   });
 
   // ------------------------------------------------------------------
   // /api/health — liveness probe
   // ------------------------------------------------------------------
-  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.1.0" }));
+  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.3.2" }));
 
   // ------------------------------------------------------------------
   // /api/score — live project score
@@ -117,8 +116,14 @@ export async function startDashboard(options: StartDashboardOptions): Promise<Da
   fastify.get("/api/sarif", async () => sarifStore.toSarifDocument());
 
   // ------------------------------------------------------------------
-  // / — static SPA fallback (Fastify-static handles index.html)
+  // / — explicit SPA fallback for index.html
   // ------------------------------------------------------------------
+  // @fastify/static sometimes doesn't serve index.html on GET / when
+  // API routes are registered on the same prefix. Explicit fallback
+  // ensures the dashboard always loads.
+  fastify.get("/", async (_request, reply) => {
+    return reply.sendFile("index.html");
+  });
 
   await fastify.listen({ port: config.dashboardPort, host: "127.0.0.1" });
   const url = `http://127.0.0.1:${config.dashboardPort}`;

package/src/scanner/auto-scan.ts

@@ -19,9 +19,12 @@
  * @module scanner/auto-scan
  */
 
+import { existsSync } from "node:fs";
+import { join } from "node:path";
 import type { Logger } from "pino";
 import { detectScanners, type ScannerDetection } from "./detector.js";
 import { runScanner, type ScannerRunResult } from "./runner.js";
+import { bootstrapScanner } from "./bootstrap.js";
 import { adaptScannerOutput, type KnownScanner } from "../adapters/index.js";
 import type { SarifStore } from "../sarif/sarif-store.js";
 
@@ -105,7 +108,47 @@ export async function autoScan(
     "auto-scan: detection complete",
   );
 
+  // If ESLint is detected (e.g. in package.json) but has no config file,
+  // bootstrap will create one before we try to scan.
+  const eslintConfigFiles = [
+    "eslint.config.js", "eslint.config.mjs", "eslint.config.cjs",
+    "eslint.config.ts", "eslint.config.mts", "eslint.config.cts",
+    ".eslintrc.js", ".eslintrc.cjs", ".eslintrc.yaml",
+    ".eslintrc.yml", ".eslintrc.json",
+  ];
+  const eslintDetected = available.some((d) => d.scanner === "eslint");
+  const hasEslintConfig = eslintConfigFiles.some((f) => existsSync(join(workspaceRoot, f)));
+
+  if (eslintDetected && !hasEslintConfig) {
+    logger.info("auto-scan: ESLint detected but no config — running bootstrap");
+    try {
+      const bootstrapResult = await bootstrapScanner(workspaceRoot, sarifStore, logger);
+      if (bootstrapResult.autoScanResult) {
+        return bootstrapResult.autoScanResult;
+      }
+    } catch (err) {
+      logger.warn(
+        { err: (err as Error).message },
+        "auto-scan: bootstrap config creation failed",
+      );
+    }
+  }
+
   if (available.length === 0) {
+    // No scanners configured — try to bootstrap one automatically.
+    logger.info("auto-scan: no scanners found, attempting bootstrap");
+    try {
+      const bootstrapResult = await bootstrapScanner(workspaceRoot, sarifStore, logger);
+      if (bootstrapResult.autoScanResult) {
+        return bootstrapResult.autoScanResult;
+      }
+    } catch (err) {
+      logger.warn(
+        { err: (err as Error).message },
+        "auto-scan: bootstrap failed — continuing with empty results",
+      );
+    }
+
     return {
       detected,
       results: [],

package/src/scanner/bootstrap.ts

@@ -27,8 +27,10 @@ import { join } from "node:path";
 import { execFile } from "node:child_process";
 import type { Logger } from "pino";
 import type { KnownScanner } from "../adapters/common.js";
+import { adaptScannerOutput } from "../adapters/index.js";
 import { detectScanners } from "./detector.js";
-import { autoScan, type AutoScanResult } from "./auto-scan.js";
+import { runScanner } from "./runner.js";
+import type { AutoScanResult, ScannerResult } from "./auto-scan.js";
 import type { SarifStore } from "../sarif/sarif-store.js";
 
 // ── Types ──────────────────────────────────────────────────────────
@@ -135,7 +137,14 @@ export default tseslint.config(
   js.configs.recommended,
   ...tseslint.configs.recommended,
   {
-    ignores: ["dist/", "node_modules/", "coverage/"],
+    ignores: [
+      "dist/",
+      "node_modules/",
+      "coverage/",
+      "**/bundle/",
+      "**/vendor/",
+      "**/*.min.js",
+    ],
   },
 );
 `;
@@ -146,7 +155,14 @@ export default tseslint.config(
 export default [
   js.configs.recommended,
   {
-    ignores: ["dist/", "node_modules/", "coverage/"],
+    ignores: [
+      "dist/",
+      "node_modules/",
+      "coverage/",
+      "**/bundle/",
+      "**/vendor/",
+      "**/*.min.js",
+    ],
   },
 ];
 `;
@@ -290,7 +306,12 @@ export async function bootstrapScanner(
   const detections = await detectScanners(workspaceRoot);
   const available = detections.filter((d) => d.available);
 
-  if (available.length > 0) {
+  // A scanner is truly "configured" only if it also has a config
+  // file. ESLint in package.json without eslint.config.mjs will crash.
+  const eslintNeedsConfig = available.some((d) => d.scanner === "eslint")
+    && !detections.some((d) => d.scanner === "eslint" && d.configPath);
+
+  if (available.length > 0 && !eslintNeedsConfig) {
     const existingScanners = available.map((d) => d.scanner);
     logger.info(
       { existingScanners },
@@ -317,21 +338,32 @@ export async function bootstrapScanner(
     "bootstrap: detected project type",
   );
 
-  // 3. Install scanner
+  // 3. Install scanner (skip npm install if already in package.json)
   if (recommendation.canAutoInstall) {
-    // JS/TS: auto-install ESLint
     const isTypeScript = projectType === "typescript";
-    const packages = isTypeScript
-      ? ["eslint", "@eslint/js", "typescript-eslint"]
-      : ["eslint", "@eslint/js"];
-
-    const installStep = await npmInstall(workspaceRoot, packages);
-    steps.push(installStep);
-
-    if (installStep.success) {
-      const configStep = writeEslintConfigFile(workspaceRoot, isTypeScript);
-      steps.push(configStep);
+    const eslintAlreadyInstalled = available.some((d) => d.scanner === "eslint");
+
+    if (!eslintAlreadyInstalled) {
+      const packages = isTypeScript
+        ? ["eslint", "@eslint/js", "typescript-eslint"]
+        : ["eslint", "@eslint/js"];
+      const installStep = await npmInstall(workspaceRoot, packages);
+      steps.push(installStep);
+      if (!installStep.success) {
+        // npm install failed — skip config creation, fall through to result
+        return buildResult(projectType, steps, null);
+      }
+    } else {
+      steps.push({
+        action: "npm install eslint",
+        success: true,
+        detail: "eslint already in package.json — skipped install",
+      });
     }
+
+    // Always create config if missing
+    const configStep = writeEslintConfigFile(workspaceRoot, isTypeScript);
+    steps.push(configStep);
   } else {
     // Python / Java / C# / Unknown: return instructions
     steps.push({
@@ -341,34 +373,97 @@ export async function bootstrapScanner(
     });
   }
 
-  // 4. Run auto_scan if installation succeeded
+  // 4. Run scanner directly if installation succeeded (inline scan
+  //    to avoid circular dependency — autoScan calls bootstrapScanner)
   const installSucceeded = steps.every((s) => s.success);
   let autoScanResult: AutoScanResult | null = null;
 
   if (installSucceeded && recommendation.canAutoInstall) {
     try {
-      autoScanResult = await autoScan(workspaceRoot, sarifStore, logger);
+      const scanStart = Date.now();
+      const postDetections = await detectScanners(workspaceRoot);
+      const postAvailable = postDetections.filter((d) => d.available);
+      const scanResults: ScannerResult[] = [];
+      let scanFindings = 0;
+
+      const settled = await Promise.allSettled(
+        postAvailable.map((d) => runScanner(d.scanner, workspaceRoot)),
+      );
+
+      for (let i = 0; i < postAvailable.length; i++) {
+        const det = postAvailable[i]!;
+        const res = settled[i]!;
+
+        if (res.status === "rejected" || !res.value.success) {
+          scanResults.push({
+            scanner: det.scanner,
+            success: false,
+            findingsIngested: 0,
+            durationMs: res.status === "fulfilled" ? res.value.durationMs : 0,
+            error: res.status === "rejected"
+              ? String(res.reason)
+              : res.value.error ?? "unknown error",
+          });
+          continue;
+        }
+
+        const runResult = res.value;
+        let parsed: unknown;
+        try { parsed = JSON.parse(runResult.rawOutput); } catch { parsed = runResult.rawOutput; }
+        const adapted = adaptScannerOutput(runResult.scanner, parsed);
+        const stats = sarifStore.ingestRun(adapted.document, adapted.sourceTool);
+        scanFindings += stats.accepted;
+
+        scanResults.push({
+          scanner: runResult.scanner,
+          success: true,
+          findingsIngested: stats.accepted,
+          durationMs: runResult.durationMs,
+        });
+      }
+
+      if (scanFindings > 0) await sarifStore.persist();
+
+      autoScanResult = {
+        detected: postDetections,
+        results: scanResults,
+        totalFindings: scanFindings,
+        totalDurationMs: Date.now() - scanStart,
+      };
     } catch (err) {
       logger.warn(
         { err: (err as Error).message },
-        "bootstrap: auto_scan after install failed",
+        "bootstrap: scan after install failed",
       );
     }
   }
 
   // 5. Build result
+  return buildResult(projectType, steps, autoScanResult, recommendation);
+}
+
+/**
+ * Build a BootstrapResult from the collected steps and optional scan result.
+ */
+function buildResult(
+  projectType: ProjectType,
+  steps: BootstrapStep[],
+  autoScanResult: AutoScanResult | null,
+  recommendation?: { scanner: KnownScanner; canAutoInstall: boolean; installInstructions: string },
+): BootstrapResult {
+  const success = steps.every((s) => s.success);
   const findings = autoScanResult?.totalFindings ?? 0;
-  const scannerInstalled = recommendation.canAutoInstall && installSucceeded;
+  const scanner = recommendation?.scanner ?? "unknown";
 
   let summary: string;
-  if (scannerInstalled && autoScanResult) {
-    summary = `Installed ${recommendation.scanner} for ${projectType} project. Auto-scan found ${findings} finding(s).`;
-  } else if (scannerInstalled) {
-    summary = `Installed ${recommendation.scanner} for ${projectType} project. Auto-scan did not run.`;
-  } else if (!recommendation.canAutoInstall) {
-    summary = `Detected ${projectType} project. Install ${recommendation.scanner} manually: ${recommendation.installInstructions}`;
+  if (success && autoScanResult) {
+    summary = `Configured ${scanner} for ${projectType} project. Scan found ${findings} finding(s).`;
+  } else if (success && recommendation && !recommendation.canAutoInstall) {
+    summary = `Detected ${projectType} project. Install ${scanner} manually: ${recommendation.installInstructions}`;
+  } else if (success) {
+    summary = `Configured ${scanner} for ${projectType} project.`;
   } else {
-    summary = `Failed to install ${recommendation.scanner}. Check the error details in the steps.`;
+    summary = `Failed to configure ${scanner}. Check the error details in the steps.`;
   }
 
   return {
@@ -377,7 +472,7 @@ export async function bootstrapScanner(
     existingScanners: [],
     steps,
     autoScanResult,
-    success: installSucceeded,
+    success,
     summary,
   };
 }

package/src/scanner/runner.ts

@@ -124,8 +124,14 @@ export function runScanner(
         const durationMs = Date.now() - start;
 
         // For scanners where non-zero exit means "findings exist",
-        // we still have valid output in stdout.
-        if (err && !cmd.nonZeroIsNormal) {
+        // we still have valid output in stdout. But if the scanner
+        // crashed (e.g. ESLint with no config file), treat it as a
+        // real failure even when nonZeroIsNormal is set.
+        const isFatalError = cmd.nonZeroIsNormal
+          && err
+          && (!stdout?.trim() || stderr?.includes("Oops!") || stderr?.includes("couldn't find"));
+
+        if (err && (!cmd.nonZeroIsNormal || isFatalError)) {
           // Stryker: check if the output file was written despite the error
           if (cmd.outputFile && existsSync(cmd.outputFile)) {
             try {