cloneproof 0.1.0

package/dist/cli.js

@@ -0,0 +1,1052 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { createRequire } from "module";
+import { resolve as resolve2 } from "path";
+import { Command, InvalidArgumentError } from "commander";
+
+// src/core/runCloneproof.ts
+import { mkdir as mkdir2 } from "fs/promises";
+
+// src/detectors/detectProject.ts
+import { join as join7 } from "path";
+
+// src/utils/fs.ts
+import { constants } from "fs";
+import { access, cp, mkdir, readdir, readFile, stat, writeFile } from "fs/promises";
+import { basename, dirname, join, relative } from "path";
+var COPY_EXCLUDE_NAMES = /* @__PURE__ */ new Set([
+  ".git",
+  "node_modules",
+  "dist",
+  "coverage",
+  ".next",
+  ".nuxt",
+  ".turbo",
+  ".cache",
+  ".pytest_cache",
+  "target",
+  "__pycache__"
+]);
+async function pathExists(path) {
+  try {
+    await access(path, constants.F_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function readTextIfExists(path) {
+  if (!await pathExists(path)) {
+    return void 0;
+  }
+  return readFile(path, "utf8");
+}
+async function readJsonIfExists(path) {
+  const text = await readTextIfExists(path);
+  if (!text) {
+    return void 0;
+  }
+  return JSON.parse(text);
+}
+async function copyFreshWorkspace(source, destination) {
+  await mkdir(destination, { recursive: true });
+  await cp(source, destination, {
+    recursive: true,
+    force: true,
+    filter: (entry) => {
+      const name = basename(entry);
+      if ((name === ".env" || name.startsWith(".env.")) && name !== ".env.example") {
+        return false;
+      }
+      if (COPY_EXCLUDE_NAMES.has(name)) {
+        return false;
+      }
+      const rel = relative(source, entry).replace(/\\/g, "/");
+      if (rel === "") {
+        return true;
+      }
+      return !rel.startsWith(".git/") && !rel.includes("/node_modules/");
+    }
+  });
+}
+async function listFilesRecursive(root, options) {
+  const extensions = options?.extensions;
+  const maxFiles = options?.maxFiles ?? 2e3;
+  const excludeDirectories = /* @__PURE__ */ new Set([
+    ".git",
+    "node_modules",
+    "dist",
+    "coverage",
+    ".next",
+    ".nuxt",
+    ".turbo",
+    ".cache",
+    ".pytest_cache",
+    "target",
+    "__pycache__",
+    ...options?.excludeDirectories ?? []
+  ]);
+  const files = [];
+  async function walk(directory) {
+    if (files.length >= maxFiles) {
+      return;
+    }
+    const entries = await readdir(directory, { withFileTypes: true });
+    for (const entry of entries) {
+      if (files.length >= maxFiles) {
+        return;
+      }
+      const fullPath = join(directory, entry.name);
+      if (entry.isDirectory()) {
+        if (!excludeDirectories.has(entry.name)) {
+          await walk(fullPath);
+        }
+        continue;
+      }
+      if (!entry.isFile()) {
+        continue;
+      }
+      if (!extensions || extensions.some((extension) => entry.name.endsWith(extension))) {
+        files.push(fullPath);
+      }
+    }
+  }
+  const rootStat = await stat(root);
+  if (rootStat.isDirectory()) {
+    await walk(root);
+  }
+  return files;
+}
+
+// src/detectors/env.ts
+import { basename as basename2, join as join2 } from "path";
+var SOURCE_EXTENSIONS = [".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs"];
+var IGNORED_ENV_NAMES = /* @__PURE__ */ new Set([
+  "CI",
+  "NODE_ENV",
+  "PATH",
+  "HOME",
+  "PWD",
+  "SHELL",
+  "TEMP",
+  "TMP",
+  "USER",
+  "USERNAME"
+]);
+function isTestFile(path) {
+  const normalized = path.replace(/\\/g, "/");
+  return /(^|\/)(test|tests|__tests__)\//.test(normalized) || /\.(test|spec)\.[cm]?[jt]sx?$/.test(normalized);
+}
+function extractEnvKeysFromExample(content) {
+  if (!content) {
+    return [];
+  }
+  const keys = /* @__PURE__ */ new Set();
+  for (const line of content.split(/\r?\n/)) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#") || !trimmed.includes("=")) {
+      continue;
+    }
+    const key = trimmed.split("=")[0]?.trim();
+    if (key && /^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) {
+      keys.add(key);
+    }
+  }
+  return [...keys].sort();
+}
+function extractEnvVarsFromSource(content) {
+  const keys = /* @__PURE__ */ new Set();
+  const dotAccess = /process\.env\.([A-Za-z_][A-Za-z0-9_]*)/g;
+  const bracketAccess = /process\.env\[['"]([A-Za-z_][A-Za-z0-9_]*)['"]\]/g;
+  for (const regex of [dotAccess, bracketAccess]) {
+    for (const match of content.matchAll(regex)) {
+      const key = match[1];
+      if (key && !IGNORED_ENV_NAMES.has(key) && !key.startsWith("npm_")) {
+        keys.add(key);
+      }
+    }
+  }
+  return [...keys];
+}
+async function detectEnvWarnings(cwd) {
+  const files = await listFilesRecursive(cwd, {
+    extensions: SOURCE_EXTENSIONS,
+    maxFiles: 2e3
+  });
+  const used = /* @__PURE__ */ new Set();
+  for (const file of files) {
+    if (basename2(file).endsWith(".d.ts") || isTestFile(file)) {
+      continue;
+    }
+    const content = await readTextIfExists(file);
+    if (!content) {
+      continue;
+    }
+    for (const key of extractEnvVarsFromSource(content)) {
+      used.add(key);
+    }
+  }
+  const envExample = await readTextIfExists(join2(cwd, ".env.example"));
+  const documented = new Set(extractEnvKeysFromExample(envExample));
+  const missing = [...used].filter((key) => !documented.has(key)).sort();
+  return {
+    usedEnvVars: [...used].sort(),
+    documentedEnvVars: [...documented].sort(),
+    warnings: missing.map((key) => ({
+      code: "MISSING_ENV_EXAMPLE",
+      message: `${key} is used but missing from .env.example`
+    })),
+    suggestions: missing.map((key) => `Add ${key} to .env.example`)
+  };
+}
+
+// src/detectors/go.ts
+import { join as join3 } from "path";
+async function detectGoProject(cwd) {
+  const hasGoMod = await pathExists(join3(cwd, "go.mod"));
+  if (!hasGoMod) {
+    return void 0;
+  }
+  return {
+    type: "go",
+    runtimePinned: true
+  };
+}
+
+// src/detectors/node.ts
+import { join as join4 } from "path";
+function parsePackageManagerField(value) {
+  if (!value) {
+    return void 0;
+  }
+  const name = value.split("@")[0];
+  if (name === "npm" || name === "pnpm" || name === "yarn") {
+    return name;
+  }
+  return void 0;
+}
+function isYarnBerry(packageManagerField, hasYarnRc) {
+  if (hasYarnRc) {
+    return true;
+  }
+  const versionMatch = packageManagerField?.match(/^yarn@(\d+)/);
+  if (!versionMatch) {
+    return false;
+  }
+  return Number.parseInt(versionMatch[1] ?? "1", 10) >= 2;
+}
+function scriptCommand(packageManager, script) {
+  if (packageManager === "yarn") {
+    return {
+      command: "yarn",
+      args: [script],
+      label: `yarn ${script}`
+    };
+  }
+  return {
+    command: packageManager,
+    args: ["run", script],
+    label: `${packageManager} run ${script}`
+  };
+}
+async function detectNodeProject(cwd) {
+  const packageJsonPath = join4(cwd, "package.json");
+  const packageJson2 = await readJsonIfExists(packageJsonPath);
+  if (!packageJson2) {
+    return void 0;
+  }
+  const hasPnpmLock = await pathExists(join4(cwd, "pnpm-lock.yaml"));
+  const hasYarnLock = await pathExists(join4(cwd, "yarn.lock"));
+  const hasPackageLock = await pathExists(join4(cwd, "package-lock.json"));
+  const hasYarnRc = await pathExists(join4(cwd, ".yarnrc.yml"));
+  let packageManager = parsePackageManagerField(packageJson2.packageManager);
+  let packageManagerSource = "packageManager";
+  if (!packageManager) {
+    packageManagerSource = "lockfile";
+    if (hasPnpmLock) {
+      packageManager = "pnpm";
+    } else if (hasYarnLock) {
+      packageManager = "yarn";
+    } else if (hasPackageLock) {
+      packageManager = "npm";
+    } else {
+      packageManagerSource = "default";
+      packageManager = "npm";
+    }
+  }
+  const yarnBerry = packageManager === "yarn" && isYarnBerry(packageJson2.packageManager, hasYarnRc);
+  const installCommands = [];
+  if (packageManager === "pnpm") {
+    installCommands.push({ command: "corepack", args: ["enable"], label: "corepack enable" });
+    installCommands.push({ command: "pnpm", args: ["install", "--frozen-lockfile"], label: "pnpm install --frozen-lockfile" });
+  } else if (packageManager === "yarn") {
+    installCommands.push({ command: "corepack", args: ["enable"], label: "corepack enable" });
+    installCommands.push({
+      command: "yarn",
+      args: yarnBerry ? ["install", "--immutable"] : ["install", "--frozen-lockfile"],
+      label: yarnBerry ? "yarn install --immutable" : "yarn install --frozen-lockfile"
+    });
+  } else {
+    installCommands.push(hasPackageLock ? { command: "npm", args: ["ci"], label: "npm ci" } : { command: "npm", args: ["install"], label: "npm install" });
+  }
+  const scripts = packageJson2.scripts ?? {};
+  const usefulScripts = ["dev", "lint", "typecheck"].filter((script) => script in scripts);
+  const runtimePinned = Boolean(
+    packageJson2.engines?.node || await pathExists(join4(cwd, ".nvmrc")) || await pathExists(join4(cwd, ".node-version"))
+  );
+  return {
+    type: "node",
+    packageJson: packageJson2,
+    packageManager,
+    packageManagerSource,
+    hasPackageLock,
+    hasPnpmLock,
+    hasYarnLock,
+    yarnBerry,
+    scripts,
+    usefulScripts,
+    runtimePinned,
+    installCommands,
+    buildCommand: "build" in scripts ? scriptCommand(packageManager, "build") : void 0,
+    testCommand: "test" in scripts ? scriptCommand(packageManager, "test") : void 0
+  };
+}
+
+// src/detectors/python.ts
+import { join as join5 } from "path";
+async function pyprojectPinsPython(cwd) {
+  const pyproject = await readTextIfExists(join5(cwd, "pyproject.toml"));
+  return Boolean(pyproject && /requires-python\s*=/.test(pyproject));
+}
+async function detectPythonProject(cwd) {
+  const hasPyproject = await pathExists(join5(cwd, "pyproject.toml"));
+  const hasRequirements = await pathExists(join5(cwd, "requirements.txt"));
+  const hasPipfile = await pathExists(join5(cwd, "Pipfile"));
+  if (!hasPyproject && !hasRequirements && !hasPipfile) {
+    return void 0;
+  }
+  const hasTests = Boolean(
+    await pathExists(join5(cwd, "tests")) || await pathExists(join5(cwd, "pytest.ini")) || await pathExists(join5(cwd, "tox.ini")) || await pathExists(join5(cwd, "setup.cfg"))
+  );
+  const runtimePinned = Boolean(
+    await pathExists(join5(cwd, ".python-version")) || await pyprojectPinsPython(cwd)
+  );
+  const installCommand = hasRequirements ? { command: "python", args: ["-m", "pip", "install", "-r", "requirements.txt"], label: "python -m pip install -r requirements.txt" } : hasPyproject ? { command: "python", args: ["-m", "pip", "install", "."], label: "python -m pip install ." } : void 0;
+  return {
+    type: "python",
+    hasPyproject,
+    hasRequirements,
+    hasPipfile,
+    hasTests,
+    runtimePinned,
+    installCommand
+  };
+}
+
+// src/detectors/rust.ts
+import { join as join6 } from "path";
+async function detectRustProject(cwd) {
+  const hasCargoToml = await pathExists(join6(cwd, "Cargo.toml"));
+  if (!hasCargoToml) {
+    return void 0;
+  }
+  return {
+    type: "rust",
+    runtimePinned: Boolean(
+      await pathExists(join6(cwd, "rust-toolchain.toml")) || await pathExists(join6(cwd, "rust-toolchain"))
+    )
+  };
+}
+
+// src/detectors/detectProject.ts
+async function detectDocker(cwd) {
+  const candidates = [
+    "docker-compose.yml",
+    "docker-compose.yaml",
+    "compose.yml",
+    "compose.yaml",
+    "Dockerfile"
+  ];
+  const files = [];
+  for (const candidate of candidates) {
+    if (await pathExists(join7(cwd, candidate))) {
+      files.push(candidate);
+    }
+  }
+  return { files };
+}
+async function hasReadme(cwd) {
+  const candidates = ["README.md", "README", "README.txt", "Readme.md"];
+  for (const candidate of candidates) {
+    if (await pathExists(join7(cwd, candidate))) {
+      return true;
+    }
+  }
+  return false;
+}
+async function detectProject(cwd) {
+  const [node, python, go, rust, docker, readmeExists] = await Promise.all([
+    detectNodeProject(cwd),
+    detectPythonProject(cwd),
+    detectGoProject(cwd),
+    detectRustProject(cwd),
+    detectDocker(cwd),
+    hasReadme(cwd)
+  ]);
+  const projectTypes = [];
+  if (node) {
+    projectTypes.push("node");
+  }
+  if (python) {
+    projectTypes.push("python");
+  }
+  if (go) {
+    projectTypes.push("go");
+  }
+  if (rust) {
+    projectTypes.push("rust");
+  }
+  const env = node ? await detectEnvWarnings(cwd) : {
+    usedEnvVars: [],
+    documentedEnvVars: [],
+    warnings: [],
+    suggestions: []
+  };
+  const warnings = [];
+  const suggestions = [];
+  if (!readmeExists) {
+    warnings.push({
+      code: "MISSING_README",
+      message: "README is missing"
+    });
+    suggestions.push("Add a README with first-time setup instructions");
+  }
+  if (projectTypes.length === 0) {
+    warnings.push({
+      code: "UNSUPPORTED_PROJECT_TYPE",
+      message: "No supported project type was detected"
+    });
+    suggestions.push("Add package metadata or setup instructions for a supported ecosystem");
+  }
+  if (node && !node.runtimePinned) {
+    warnings.push({
+      code: "MISSING_RUNTIME_PIN",
+      message: "Node version is not pinned"
+    });
+    suggestions.push("Pin Node version with .nvmrc, .node-version, or package.json engines.node");
+  }
+  if (python && !python.runtimePinned) {
+    warnings.push({
+      code: "MISSING_RUNTIME_PIN",
+      message: "Python version is not pinned"
+    });
+    suggestions.push("Pin Python version with .python-version or pyproject.toml requires-python");
+  }
+  if (rust && !rust.runtimePinned) {
+    warnings.push({
+      code: "MISSING_RUNTIME_PIN",
+      message: "Rust toolchain version is not pinned"
+    });
+    suggestions.push("Pin Rust with rust-toolchain.toml");
+  }
+  if (docker.files.length > 0) {
+    warnings.push({
+      code: "DOCKER_DETECTED",
+      message: `Docker files detected: ${docker.files.join(", ")}. Services are not started in Cloneproof v0.1.0`
+    });
+    suggestions.push("Document any required Docker services in setup instructions");
+  }
+  warnings.push(...env.warnings);
+  suggestions.push(...env.suggestions);
+  return {
+    projectTypes,
+    node,
+    python,
+    go,
+    rust,
+    docker,
+    readmeExists,
+    env,
+    warnings,
+    suggestions: [...new Set(suggestions)]
+  };
+}
+
+// src/core/commandRunner.ts
+import { execa } from "execa";
+var LOG_LIMIT = 8e3;
+function redactSecrets(input) {
+  return input.replace(/\b(gh[pousr]_[A-Za-z0-9_]{20,})\b/g, "[REDACTED]").replace(/\b(sk-[A-Za-z0-9_-]{20,})\b/g, "[REDACTED]").replace(/\b((?:token|secret|password|passwd|api[_-]?key|authorization)\s*[:=]\s*)([^\s"'`]+)/gi, "$1[REDACTED]").replace(/\b(Bearer\s+)([A-Za-z0-9._~+/-]+=*)/gi, "$1[REDACTED]");
+}
+function truncateLog(input) {
+  if (input.length <= LOG_LIMIT) {
+    return input;
+  }
+  const omitted = input.length - LOG_LIMIT;
+  return `${input.slice(0, LOG_LIMIT)}
+...[truncated ${omitted} characters]`;
+}
+function formatCommand(command, args = []) {
+  const quote = (part) => {
+    if (/^[A-Za-z0-9_./:=@+-]+$/.test(part)) {
+      return part;
+    }
+    return JSON.stringify(part);
+  };
+  return redactSecrets([command, ...args].map(quote).join(" "));
+}
+function logValueToString(value) {
+  if (value === void 0 || value === null) {
+    return void 0;
+  }
+  if (typeof value === "string") {
+    return value;
+  }
+  if (value instanceof Uint8Array) {
+    return Buffer.from(value).toString("utf8");
+  }
+  if (Array.isArray(value)) {
+    return value.map((item) => String(item)).join("\n");
+  }
+  return String(value);
+}
+function sanitizeLog(value) {
+  const text = logValueToString(value);
+  if (!text) {
+    return void 0;
+  }
+  return truncateLog(redactSecrets(text));
+}
+async function runCommand(options) {
+  const args = options.args ?? [];
+  const commandText = formatCommand(options.command, args);
+  const startedAt = Date.now();
+  if (options.verbose) {
+    process.stderr.write(`$ ${commandText}
+`);
+  }
+  const execaOptions = {
+    cwd: options.cwd,
+    reject: false,
+    timeout: options.timeoutSeconds * 1e3,
+    env: {
+      CI: "true"
+    }
+  };
+  try {
+    const result = await execa(options.command, args, execaOptions);
+    const durationMs = Date.now() - startedAt;
+    const failed = result.exitCode !== 0;
+    const summary = failed ? `${commandText} failed with exit code ${result.exitCode}` : `${commandText} completed successfully`;
+    if (options.verbose && result.stdout) {
+      process.stderr.write(`${sanitizeLog(result.stdout) ?? ""}
+`);
+    }
+    if (options.verbose && result.stderr) {
+      process.stderr.write(`${sanitizeLog(result.stderr) ?? ""}
+`);
+    }
+    return {
+      exitCode: result.exitCode,
+      timedOut: false,
+      step: {
+        name: options.stepName,
+        status: failed ? "failed" : "passed",
+        durationMs,
+        command: commandText,
+        summary,
+        stdout: sanitizeLog(result.stdout),
+        stderr: sanitizeLog(result.stderr)
+      }
+    };
+  } catch (error) {
+    const durationMs = Date.now() - startedAt;
+    const maybeError = error;
+    const timedOut = Boolean(maybeError.timedOut);
+    const summary = timedOut ? `${commandText} timed out after ${options.timeoutSeconds} seconds` : `${commandText} failed: ${maybeError.message ?? "unknown error"}`;
+    return {
+      exitCode: maybeError.exitCode,
+      timedOut,
+      step: {
+        name: options.stepName,
+        status: "failed",
+        durationMs,
+        command: commandText,
+        summary,
+        stdout: sanitizeLog(maybeError.stdout),
+        stderr: sanitizeLog(maybeError.stderr ?? maybeError.message)
+      }
+    };
+  }
+}
+
+// src/utils/git.ts
+async function cloneGitRepository(options) {
+  const result = await runCommand({
+    cwd: options.destination,
+    command: "git",
+    args: ["clone", "--depth", "1", options.url, "."],
+    timeoutSeconds: options.timeoutSeconds,
+    stepName: "clone",
+    verbose: options.verbose
+  });
+  return result.step;
+}
+
+// src/utils/path.ts
+import { isAbsolute, resolve } from "path";
+var GITHUB_SHORTHAND_RE = /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/;
+function isGitHubHttpsUrl(target) {
+  return /^https:\/\/github\.com\/[^/\s]+\/[^/\s]+(?:\.git)?\/?$/.test(target);
+}
+async function resolveTarget(target) {
+  if (isGitHubHttpsUrl(target)) {
+    return {
+      kind: "remote",
+      display: target,
+      source: target
+    };
+  }
+  const localPath = isAbsolute(target) ? target : resolve(process.cwd(), target);
+  if (await pathExists(localPath)) {
+    return {
+      kind: "local",
+      display: target,
+      source: localPath
+    };
+  }
+  if (GITHUB_SHORTHAND_RE.test(target)) {
+    return {
+      kind: "remote",
+      display: target,
+      source: `https://github.com/${target}.git`
+    };
+  }
+  return {
+    kind: "local",
+    display: target,
+    source: localPath
+  };
+}
+
+// src/core/scoring.ts
+function hasFailedStep(report, name) {
+  return report.steps.some((step) => step.name === name && step.status === "failed");
+}
+function hasWarning(report, code) {
+  return report.warnings.some((warning) => warning.code === code);
+}
+function calculateScore(report) {
+  if (hasFailedStep(report, "clone")) {
+    return 0;
+  }
+  let score = 100;
+  if (hasFailedStep(report, "install")) {
+    score = Math.min(score, 40);
+  }
+  if (hasFailedStep(report, "build")) {
+    score = Math.min(score, 60);
+  }
+  if (hasFailedStep(report, "test")) {
+    score = Math.min(score, 70);
+  }
+  if (hasWarning(report, "UNSUPPORTED_PROJECT_TYPE")) {
+    score = Math.min(score, 50);
+  }
+  if (hasWarning(report, "MISSING_README")) {
+    score -= 10;
+  }
+  const missingEnvCount = report.warnings.filter((warning) => warning.code === "MISSING_ENV_EXAMPLE").length;
+  score -= Math.min(missingEnvCount * 10, 30);
+  if (hasWarning(report, "MISSING_RUNTIME_PIN")) {
+    score -= 10;
+  }
+  return Math.max(0, Math.min(100, score));
+}
+
+// src/core/tempWorkspace.ts
+import { mkdtemp, rm } from "fs/promises";
+import { tmpdir } from "os";
+import { join as join8 } from "path";
+async function createTempWorkspace() {
+  const root = await mkdtemp(join8(tmpdir(), "cloneproof-"));
+  const checkoutPath = join8(root, "repo");
+  return {
+    root,
+    checkoutPath,
+    cleanup: async () => {
+      await rm(root, { recursive: true, force: true });
+    }
+  };
+}
+
+// src/core/runCloneproof.ts
+var DEFAULT_TIMEOUT_SECONDS = 600;
+function createStep(name, status, startedAt, details) {
+  return {
+    name,
+    status,
+    durationMs: Date.now() - startedAt,
+    ...details
+  };
+}
+function dedupeWarnings(warnings) {
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const warning of warnings) {
+    const key = `${warning.code}:${warning.message}`;
+    if (!seen.has(key)) {
+      seen.add(key);
+      result.push(warning);
+    }
+  }
+  return result;
+}
+function finishReport(report) {
+  report.finishedAt = (/* @__PURE__ */ new Date()).toISOString();
+  report.durationMs = Date.parse(report.finishedAt) - Date.parse(report.startedAt);
+  report.warnings = dedupeWarnings(report.warnings);
+  report.suggestions = [...new Set(report.suggestions)];
+  const failedStep = report.steps.some((step) => step.status === "failed");
+  const unsupported = report.warnings.some((warning) => warning.code === "UNSUPPORTED_PROJECT_TYPE");
+  report.ok = !failedStep && !unsupported;
+  report.score = calculateScore(report);
+  return report;
+}
+async function runLogicalStep(options) {
+  const startedAt = Date.now();
+  const stdout = [];
+  const stderr = [];
+  const labels = options.commands.map((command) => command.label).join(" && ");
+  for (const command of options.commands) {
+    const result = await runCommand({
+      cwd: options.cwd,
+      command: command.command,
+      args: command.args,
+      timeoutSeconds: options.timeoutSeconds,
+      stepName: options.stepName,
+      verbose: options.verbose
+    });
+    if (result.step.stdout) {
+      stdout.push(result.step.stdout);
+    }
+    if (result.step.stderr) {
+      stderr.push(result.step.stderr);
+    }
+    if (result.step.status === "failed") {
+      return {
+        ...result.step,
+        durationMs: Date.now() - startedAt,
+        command: labels,
+        summary: result.step.summary,
+        stdout: stdout.join("\n\n") || void 0,
+        stderr: stderr.join("\n\n") || void 0
+      };
+    }
+  }
+  return {
+    name: options.stepName,
+    status: "passed",
+    durationMs: Date.now() - startedAt,
+    command: labels,
+    summary: `${labels} completed successfully`,
+    stdout: stdout.join("\n\n") || void 0,
+    stderr: stderr.join("\n\n") || void 0
+  };
+}
+async function pythonHasPytest(cwd, timeoutSeconds, verbose) {
+  const result = await runCommand({
+    cwd,
+    command: "python",
+    args: ["-c", "import pytest"],
+    timeoutSeconds,
+    stepName: "detect pytest",
+    verbose
+  });
+  return result.step.status === "passed";
+}
+async function runCloneproof(target = ".", options = {}) {
+  const timeoutSeconds = options.timeoutSeconds ?? DEFAULT_TIMEOUT_SECONDS;
+  const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  const report = {
+    ok: false,
+    target,
+    startedAt,
+    finishedAt: startedAt,
+    durationMs: 0,
+    score: 0,
+    projectTypes: [],
+    steps: [],
+    warnings: [],
+    suggestions: []
+  };
+  const tempWorkspace = await createTempWorkspace();
+  try {
+    const resolvedTarget = await resolveTarget(target);
+    report.target = resolvedTarget.display;
+    if (resolvedTarget.kind === "local") {
+      const cloneStartedAt = Date.now();
+      try {
+        await copyFreshWorkspace(resolvedTarget.source, tempWorkspace.checkoutPath);
+        report.steps.push(createStep("clone", "passed", cloneStartedAt, {
+          command: `copy ${resolvedTarget.source}`,
+          summary: "Local repository copied into a fresh temporary workspace"
+        }));
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        report.steps.push(createStep("clone", "failed", cloneStartedAt, {
+          command: `copy ${resolvedTarget.source}`,
+          summary: message
+        }));
+        return finishReport(report);
+      }
+    } else {
+      await mkdir2(tempWorkspace.checkoutPath, { recursive: true });
+      const cloneStep = await cloneGitRepository({
+        url: resolvedTarget.source,
+        destination: tempWorkspace.checkoutPath,
+        timeoutSeconds,
+        verbose: options.verbose
+      });
+      report.steps.push(cloneStep);
+      if (cloneStep.status === "failed") {
+        return finishReport(report);
+      }
+    }
+    const detectStartedAt = Date.now();
+    const detection = await detectProject(tempWorkspace.checkoutPath);
+    report.projectTypes = detection.projectTypes;
+    report.packageManager = detection.node?.packageManager;
+    report.docker = detection.docker.files.length > 0 ? detection.docker : void 0;
+    report.warnings.push(...detection.warnings);
+    report.suggestions.push(...detection.suggestions);
+    report.steps.push(createStep("detect project", detection.projectTypes.length > 0 ? "passed" : "warned", detectStartedAt, {
+      summary: detection.projectTypes.length > 0 ? `Detected ${detection.projectTypes.join(", ")} project` : "No supported project type was detected"
+    }));
+    const setupStatus = detection.warnings.length > 0 ? "warned" : "passed";
+    report.steps.push(createStep("setup checks", setupStatus, Date.now(), {
+      summary: setupStatus === "passed" ? "Setup metadata checks passed" : "Setup metadata warnings found"
+    }));
+    if (detection.projectTypes.length === 0) {
+      return finishReport(report);
+    }
+    if (detection.node) {
+      const installStep = await runLogicalStep({
+        cwd: tempWorkspace.checkoutPath,
+        stepName: "install",
+        commands: detection.node.installCommands,
+        timeoutSeconds,
+        verbose: options.verbose
+      });
+      report.steps.push(installStep);
+      if (installStep.status === "failed") {
+        return finishReport(report);
+      }
+      if (options.skipBuild) {
+        report.steps.push(createStep("build", "skipped", Date.now(), { summary: "Build skipped by --skip-build" }));
+      } else if (detection.node.buildCommand) {
+        const buildStep = await runLogicalStep({
+          cwd: tempWorkspace.checkoutPath,
+          stepName: "build",
+          commands: [detection.node.buildCommand],
+          timeoutSeconds,
+          verbose: options.verbose
+        });
+        report.steps.push(buildStep);
+      } else {
+        report.steps.push(createStep("build", "skipped", Date.now(), { summary: "No build script found" }));
+      }
+      if (options.skipTests) {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "Tests skipped by --skip-tests" }));
+      } else if (detection.node.testCommand) {
+        const testStep = await runLogicalStep({
+          cwd: tempWorkspace.checkoutPath,
+          stepName: "test",
+          commands: [detection.node.testCommand],
+          timeoutSeconds,
+          verbose: options.verbose
+        });
+        report.steps.push(testStep);
+      } else {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "No test script found" }));
+      }
+    }
+    if (detection.python) {
+      if (detection.python.installCommand) {
+        const installStep = await runLogicalStep({
+          cwd: tempWorkspace.checkoutPath,
+          stepName: "install",
+          commands: [detection.python.installCommand],
+          timeoutSeconds,
+          verbose: options.verbose
+        });
+        report.steps.push(installStep);
+        if (installStep.status === "failed") {
+          return finishReport(report);
+        }
+      } else {
+        report.steps.push(createStep("install", "skipped", Date.now(), {
+          summary: "Pipfile detected, but Pipenv installation is not run in Cloneproof v0.1.0"
+        }));
+        report.warnings.push({
+          code: "PYTHON_PIPFILE_STATIC_ONLY",
+          message: "Pipfile detected, but Pipenv installation is not run in Cloneproof v0.1.0"
+        });
+      }
+      if (options.skipTests) {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "Tests skipped by --skip-tests" }));
+      } else if (detection.python.hasTests) {
+        if (!await pythonHasPytest(tempWorkspace.checkoutPath, timeoutSeconds, options.verbose)) {
+          report.steps.push(createStep("test", "skipped", Date.now(), {
+            summary: "pytest is not installed"
+          }));
+          report.warnings.push({
+            code: "PYTEST_MISSING",
+            message: "Python tests were detected, but pytest is not installed"
+          });
+          report.suggestions.push("Install pytest or document the Python test command");
+        } else {
+          const testStep = await runLogicalStep({
+            cwd: tempWorkspace.checkoutPath,
+            stepName: "test",
+            commands: [{ command: "python", args: ["-m", "pytest"], label: "python -m pytest" }],
+            timeoutSeconds,
+            verbose: options.verbose
+          });
+          report.steps.push(testStep);
+        }
+      } else {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "No Python tests detected" }));
+      }
+    }
+    if (detection.go) {
+      const installStep = await runLogicalStep({
+        cwd: tempWorkspace.checkoutPath,
+        stepName: "install",
+        commands: [{ command: "go", args: ["mod", "download"], label: "go mod download" }],
+        timeoutSeconds,
+        verbose: options.verbose
+      });
+      report.steps.push(installStep);
+      if (installStep.status === "failed") {
+        return finishReport(report);
+      }
+      if (options.skipTests) {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "Tests skipped by --skip-tests" }));
+      } else {
+        const testStep = await runLogicalStep({
+          cwd: tempWorkspace.checkoutPath,
+          stepName: "test",
+          commands: [{ command: "go", args: ["test", "./..."], label: "go test ./..." }],
+          timeoutSeconds,
+          verbose: options.verbose
+        });
+        report.steps.push(testStep);
+      }
+    }
+    if (detection.rust) {
+      if (options.skipTests) {
+        report.steps.push(createStep("test", "skipped", Date.now(), { summary: "Tests skipped by --skip-tests" }));
+      } else {
+        const testStep = await runLogicalStep({
+          cwd: tempWorkspace.checkoutPath,
+          stepName: "test",
+          commands: [{ command: "cargo", args: ["test"], label: "cargo test" }],
+          timeoutSeconds,
+          verbose: options.verbose
+        });
+        report.steps.push(testStep);
+      }
+    }
+    return finishReport(report);
+  } finally {
+    await tempWorkspace.cleanup();
+  }
+}
+
+// src/output/human.ts
+import pc from "picocolors";
+function formatStep(step) {
+  if (step.summary && step.status === "failed") {
+    return `${step.name}: ${step.summary}`;
+  }
+  return step.name;
+}
+function section(title, items, formatter) {
+  if (items.length === 0) {
+    return [];
+  }
+  return ["", `${title}:`, ...items.map(formatter)];
+}
+function renderHumanReport(report, options = {}) {
+  const colors = pc.createColors(options.color !== false);
+  const passed = report.steps.filter((step) => step.status === "passed").map(formatStep);
+  const failed = report.steps.filter((step) => step.status === "failed").map(formatStep);
+  const skipped = report.steps.filter((step) => step.status === "skipped").map(formatStep);
+  const warnings = report.warnings.map((warning) => warning.message);
+  const lines = [
+    colors.bold("Cloneproof report"),
+    "",
+    `Target: ${report.target}`,
+    `Fresh clone: ${report.ok ? colors.green("passed") : colors.red("failed")}`,
+    `Score: ${report.score}/100`,
+    ...section("Passed", passed, (item) => `- ${colors.green(item)}`),
+    ...section("Failed", failed, (item) => `- ${colors.red(item)}`),
+    ...section("Skipped", skipped, (item) => `- ${colors.dim(item)}`),
+    ...section("Warnings", warnings, (item) => `- ${colors.yellow(item)}`),
+    ...section("Suggested fixes", report.suggestions, (item, index) => `${index + 1}. ${item}`)
+  ];
+  return lines.join("\n");
+}
+
+// src/output/json.ts
+import { mkdir as mkdir3, writeFile as writeFile2 } from "fs/promises";
+import { dirname as dirname2 } from "path";
+function renderJsonReport(report) {
+  return JSON.stringify(report, null, 2);
+}
+async function writeJsonReport(report, path) {
+  await mkdir3(dirname2(path), { recursive: true });
+  await writeFile2(path, `${renderJsonReport(report)}
+`, "utf8");
+}
+
+// src/cli.ts
+var require2 = createRequire(import.meta.url);
+var packageJson = require2("../package.json");
+function parseTimeout(value) {
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    throw new InvalidArgumentError("timeout must be a positive number of seconds");
+  }
+  return parsed;
+}
+var program = new Command();
+program.name("cloneproof").description("CI for first-time setup. Test your repo like a first-time contributor.").version(packageJson.version);
+program.command("run").argument("[target]", "local path, GitHub HTTPS URL, or org/repo shorthand", ".").option("--json", "print the structured JSON report").option("--write-report <path>", "write the JSON report to a file").option("--timeout <seconds>", "per-command timeout in seconds", parseTimeout, 600).option("--soft-fail", "always exit 0 while still reporting failures").option("--skip-tests", "do not run detected test commands").option("--skip-build", "do not run detected build commands").option("--verbose", "print command progress to stderr").option("--no-color", "disable colored terminal output").action(async (target, options) => {
+  const report = await runCloneproof(target, {
+    timeoutSeconds: options.timeout,
+    skipTests: Boolean(options.skipTests),
+    skipBuild: Boolean(options.skipBuild),
+    verbose: Boolean(options.verbose)
+  });
+  if (options.writeReport) {
+    await writeJsonReport(report, resolve2(process.cwd(), options.writeReport));
+  }
+  if (options.json) {
+    process.stdout.write(`${renderJsonReport(report)}
+`);
+  } else {
+    process.stdout.write(`${renderHumanReport(report, { color: options.color !== false })}
+`);
+  }
+  process.exitCode = options.softFail || report.ok ? 0 : 1;
+});
+program.parseAsync().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  process.stderr.write(`cloneproof: ${message}
+`);
+  process.exitCode = 1;
+});
+//# sourceMappingURL=cli.js.map