codex-plugin-doctor 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -2
- package/dist/core/attestation.d.ts +62 -0
- package/dist/core/attestation.js +238 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/run-cli.js +26 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -75,8 +75,9 @@ Output formats:
|
|
|
75
75
|
- Markdown reports
|
|
76
76
|
- Shields-compatible badge JSON and static badge Markdown
|
|
77
77
|
- validation history JSONL and trend summaries
|
|
78
|
+
- deterministic local attestation artifacts
|
|
78
79
|
- `--output` file writing
|
|
79
|
-
- CI summary and artifact generation
|
|
80
|
+
- CI summary and artifact generation
|
|
80
81
|
|
|
81
82
|
## Quick Start
|
|
82
83
|
|
|
@@ -178,6 +179,8 @@ codex-plugin-doctor self-test
|
|
|
178
179
|
codex-plugin-doctor doctor
|
|
179
180
|
codex-plugin-doctor doctor npm codex-plugin-doctor
|
|
180
181
|
codex-plugin-doctor doctor npm codex-plugin-doctor --json --output npm-preinstall.json
|
|
182
|
+
codex-plugin-doctor doctor attest .
|
|
183
|
+
codex-plugin-doctor doctor attest . --json --output attestation.json
|
|
181
184
|
codex-plugin-doctor doctor inspector .
|
|
182
185
|
codex-plugin-doctor doctor inspector . --server context7 --json --output inspector-command.json
|
|
183
186
|
codex-plugin-doctor doctor diff --before ./old-plugin --after ./new-plugin
|
|
@@ -256,7 +259,7 @@ codex-plugin-doctor check . --json --runtime --verbose-runtime
|
|
|
256
259
|
|
|
257
260
|
`self-test` runs the bundled runtime-complete sample through static validation, runtime MCP probes, and the compatibility scorecard. It is the fastest post-install check after `npm install -g codex-plugin-doctor`.
|
|
258
261
|
|
|
259
|
-
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
262
|
+
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor attest <path>` creates a deterministic local attestation with a package fingerprint, report digest, validation/security/compatibility/trust summary, and unsigned verification metadata. Add `--json` for automation or `--output attestation.json` to write the artifact to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
260
263
|
|
|
261
264
|
`audit --installed` runs a local ecosystem audit against every discovered Codex plugin in the installed plugin cache. Add `--security` to include security scorecards, `--compat` to include the all-client compatibility matrix, and `--json --output local-audit.json` when you want a shareable machine-readable report. Add `--cache` to reuse unchanged plugin results between runs; add `--changed` to only report plugins whose fingerprint changed since the last cached audit. Use `--cache-file path/to/audit-cache.json` when CI or scripted runs need an explicit cache location.
|
|
262
265
|
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
export interface PackageFingerprint {
|
|
2
|
+
algorithm: "sha256";
|
|
3
|
+
digest: string;
|
|
4
|
+
files: {
|
|
5
|
+
total: number;
|
|
6
|
+
bytes: number;
|
|
7
|
+
};
|
|
8
|
+
}
|
|
9
|
+
export interface Digest {
|
|
10
|
+
algorithm: "sha256";
|
|
11
|
+
digest: string;
|
|
12
|
+
}
|
|
13
|
+
export interface DoctorAttestation {
|
|
14
|
+
schemaVersion: "1.0.0";
|
|
15
|
+
kind: "doctor.attestation";
|
|
16
|
+
generatedAt: string;
|
|
17
|
+
version: string;
|
|
18
|
+
targetPath: string;
|
|
19
|
+
subject: {
|
|
20
|
+
name: string;
|
|
21
|
+
version: string | null;
|
|
22
|
+
description: string | null;
|
|
23
|
+
};
|
|
24
|
+
packageFingerprint: PackageFingerprint;
|
|
25
|
+
reportDigest: Digest;
|
|
26
|
+
summary: {
|
|
27
|
+
status: "pass" | "warn" | "fail";
|
|
28
|
+
validation: {
|
|
29
|
+
status: "pass" | "warn" | "fail";
|
|
30
|
+
findingCount: number;
|
|
31
|
+
};
|
|
32
|
+
security: {
|
|
33
|
+
status: "pass" | "warn" | "fail";
|
|
34
|
+
score: number;
|
|
35
|
+
findingCount: number;
|
|
36
|
+
};
|
|
37
|
+
compatibility: {
|
|
38
|
+
failedClients: string[];
|
|
39
|
+
};
|
|
40
|
+
trust: {
|
|
41
|
+
status: "pass" | "warn" | "fail";
|
|
42
|
+
score: number;
|
|
43
|
+
findingCount: number;
|
|
44
|
+
};
|
|
45
|
+
recommendations: {
|
|
46
|
+
actionCount: number;
|
|
47
|
+
};
|
|
48
|
+
};
|
|
49
|
+
verification: {
|
|
50
|
+
recomputeCommand: string;
|
|
51
|
+
notes: string[];
|
|
52
|
+
};
|
|
53
|
+
signature: {
|
|
54
|
+
status: "unsigned";
|
|
55
|
+
reason: string;
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
export declare function buildDoctorAttestation(targetPath: string): Promise<DoctorAttestation>;
|
|
59
|
+
export declare function renderDoctorAttestationJson(attestation: DoctorAttestation): string;
|
|
60
|
+
export declare function renderDoctorAttestation(attestation: DoctorAttestation, options?: {
|
|
61
|
+
outputPath?: string | null;
|
|
62
|
+
}): string;
|
|
@@ -0,0 +1,238 @@
|
|
|
1
|
+
import { createHash } from "node:crypto";
|
|
2
|
+
import { readdir, readFile, stat } from "node:fs/promises";
|
|
3
|
+
import path from "node:path";
|
|
4
|
+
import { buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis } from "./package-analysis.js";
|
|
5
|
+
import { discoverPackage } from "./discover-package.js";
|
|
6
|
+
import { readJsonFile } from "./read-json-file.js";
|
|
7
|
+
import { matrixExitCode } from "../compatibility/compatibility-matrix.js";
|
|
8
|
+
import { packageVersion } from "../version.js";
|
|
9
|
+
const excludedDirectoryNames = new Set([
|
|
10
|
+
".git",
|
|
11
|
+
".hg",
|
|
12
|
+
".svn",
|
|
13
|
+
".cache",
|
|
14
|
+
".turbo",
|
|
15
|
+
".codex-doctor",
|
|
16
|
+
"node_modules",
|
|
17
|
+
"coverage"
|
|
18
|
+
]);
|
|
19
|
+
function sha256(value) {
|
|
20
|
+
return `sha256:${createHash("sha256").update(value).digest("hex")}`;
|
|
21
|
+
}
|
|
22
|
+
function isPlainObject(value) {
|
|
23
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
24
|
+
}
|
|
25
|
+
function stableStringify(value) {
|
|
26
|
+
if (Array.isArray(value)) {
|
|
27
|
+
return `[${value.map((item) => stableStringify(item)).join(",")}]`;
|
|
28
|
+
}
|
|
29
|
+
if (isPlainObject(value)) {
|
|
30
|
+
return `{${Object.keys(value)
|
|
31
|
+
.sort()
|
|
32
|
+
.map((key) => `${JSON.stringify(key)}:${stableStringify(value[key])}`)
|
|
33
|
+
.join(",")}}`;
|
|
34
|
+
}
|
|
35
|
+
return JSON.stringify(value);
|
|
36
|
+
}
|
|
37
|
+
async function collectFileEntries(rootPath, currentPath = rootPath) {
|
|
38
|
+
const entries = await readdir(currentPath, { withFileTypes: true });
|
|
39
|
+
const fileEntries = await Promise.all(entries.map(async (entry) => {
|
|
40
|
+
if (entry.isDirectory() && excludedDirectoryNames.has(entry.name)) {
|
|
41
|
+
return [];
|
|
42
|
+
}
|
|
43
|
+
const entryPath = path.join(currentPath, entry.name);
|
|
44
|
+
if (entry.isDirectory()) {
|
|
45
|
+
return collectFileEntries(rootPath, entryPath);
|
|
46
|
+
}
|
|
47
|
+
if (!entry.isFile()) {
|
|
48
|
+
return [];
|
|
49
|
+
}
|
|
50
|
+
const [details, content] = await Promise.all([
|
|
51
|
+
stat(entryPath),
|
|
52
|
+
readFile(entryPath)
|
|
53
|
+
]);
|
|
54
|
+
return [
|
|
55
|
+
{
|
|
56
|
+
relativePath: path.relative(rootPath, entryPath).split(path.sep).join("/"),
|
|
57
|
+
size: details.size,
|
|
58
|
+
digest: sha256(content)
|
|
59
|
+
}
|
|
60
|
+
];
|
|
61
|
+
}));
|
|
62
|
+
return fileEntries.flat().sort((left, right) => left.relativePath.localeCompare(right.relativePath));
|
|
63
|
+
}
|
|
64
|
+
async function buildPackageFingerprint(rootPath) {
|
|
65
|
+
const files = await collectFileEntries(rootPath);
|
|
66
|
+
const bytes = files.reduce((total, file) => total + file.size, 0);
|
|
67
|
+
const digest = sha256(stableStringify(files));
|
|
68
|
+
return {
|
|
69
|
+
algorithm: "sha256",
|
|
70
|
+
digest,
|
|
71
|
+
files: {
|
|
72
|
+
total: files.length,
|
|
73
|
+
bytes
|
|
74
|
+
}
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
async function readPackageSubject(rootPath) {
|
|
78
|
+
try {
|
|
79
|
+
const packageJson = await readJsonFile(path.join(rootPath, "package.json"));
|
|
80
|
+
return isPlainObject(packageJson) ? packageJson : null;
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
return null;
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
function buildSubject(analysis, packageJson, manifest) {
|
|
87
|
+
const name = typeof manifest?.name === "string"
|
|
88
|
+
? manifest.name
|
|
89
|
+
: typeof packageJson?.name === "string"
|
|
90
|
+
? packageJson.name
|
|
91
|
+
: path.basename(analysis.targetPath);
|
|
92
|
+
const version = typeof manifest?.version === "string"
|
|
93
|
+
? manifest.version
|
|
94
|
+
: typeof packageJson?.version === "string"
|
|
95
|
+
? packageJson.version
|
|
96
|
+
: null;
|
|
97
|
+
const description = typeof manifest?.description === "string"
|
|
98
|
+
? manifest.description
|
|
99
|
+
: typeof packageJson?.description === "string"
|
|
100
|
+
? packageJson.description
|
|
101
|
+
: null;
|
|
102
|
+
return {
|
|
103
|
+
name,
|
|
104
|
+
version,
|
|
105
|
+
description
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
async function readManifestSubject(rootPath) {
|
|
109
|
+
const discoveredPackage = await discoverPackage(rootPath);
|
|
110
|
+
if (!discoveredPackage) {
|
|
111
|
+
return null;
|
|
112
|
+
}
|
|
113
|
+
return {
|
|
114
|
+
name: discoveredPackage.manifest.name,
|
|
115
|
+
version: discoveredPackage.manifest.version,
|
|
116
|
+
description: discoveredPackage.manifest.description
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
function buildReportDigestPayload(analysis, packageFingerprint) {
|
|
120
|
+
return {
|
|
121
|
+
version: packageVersion,
|
|
122
|
+
packageFingerprint,
|
|
123
|
+
validation: {
|
|
124
|
+
status: analysis.validation.status,
|
|
125
|
+
findings: analysis.validation.findings
|
|
126
|
+
},
|
|
127
|
+
security: {
|
|
128
|
+
status: analysis.security.status,
|
|
129
|
+
score: analysis.security.score,
|
|
130
|
+
findings: analysis.security.findings
|
|
131
|
+
},
|
|
132
|
+
compatibility: analysis.compatibility.results.map((result) => ({
|
|
133
|
+
client: result.client,
|
|
134
|
+
status: result.status,
|
|
135
|
+
summary: result.summary
|
|
136
|
+
})),
|
|
137
|
+
trust: {
|
|
138
|
+
status: analysis.trust.status,
|
|
139
|
+
score: analysis.trust.score,
|
|
140
|
+
findings: analysis.trust.findings
|
|
141
|
+
},
|
|
142
|
+
recommendations: buildDoctorRecommendationsFromAnalysis(analysis).actions
|
|
143
|
+
};
|
|
144
|
+
}
|
|
145
|
+
function buildSummary(analysis) {
|
|
146
|
+
const recommendations = buildDoctorRecommendationsFromAnalysis(analysis);
|
|
147
|
+
const failedClients = analysis.compatibility.results
|
|
148
|
+
.filter((result) => result.status === "fail")
|
|
149
|
+
.map((result) => result.client);
|
|
150
|
+
const status = analysis.validation.status === "fail" ||
|
|
151
|
+
analysis.security.status === "fail" ||
|
|
152
|
+
analysis.trust.status === "fail" ||
|
|
153
|
+
matrixExitCode(analysis.compatibility) === 1
|
|
154
|
+
? "fail"
|
|
155
|
+
: analysis.validation.status === "warn" ||
|
|
156
|
+
analysis.security.status === "warn" ||
|
|
157
|
+
analysis.trust.status === "warn"
|
|
158
|
+
? "warn"
|
|
159
|
+
: "pass";
|
|
160
|
+
return {
|
|
161
|
+
status,
|
|
162
|
+
validation: {
|
|
163
|
+
status: analysis.validation.status,
|
|
164
|
+
findingCount: analysis.validation.findings.length
|
|
165
|
+
},
|
|
166
|
+
security: {
|
|
167
|
+
status: analysis.security.status,
|
|
168
|
+
score: analysis.security.score,
|
|
169
|
+
findingCount: analysis.security.findings.length
|
|
170
|
+
},
|
|
171
|
+
compatibility: {
|
|
172
|
+
failedClients
|
|
173
|
+
},
|
|
174
|
+
trust: {
|
|
175
|
+
status: analysis.trust.status,
|
|
176
|
+
score: analysis.trust.score,
|
|
177
|
+
findingCount: analysis.trust.findings.length
|
|
178
|
+
},
|
|
179
|
+
recommendations: {
|
|
180
|
+
actionCount: recommendations.actions.length
|
|
181
|
+
}
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
export async function buildDoctorAttestation(targetPath) {
|
|
185
|
+
const analysis = await buildPackageAnalysis(targetPath);
|
|
186
|
+
const [packageFingerprint, packageJson, manifest] = await Promise.all([
|
|
187
|
+
buildPackageFingerprint(analysis.targetPath),
|
|
188
|
+
readPackageSubject(analysis.targetPath),
|
|
189
|
+
readManifestSubject(analysis.targetPath)
|
|
190
|
+
]);
|
|
191
|
+
const reportDigest = sha256(stableStringify(buildReportDigestPayload(analysis, packageFingerprint)));
|
|
192
|
+
return {
|
|
193
|
+
schemaVersion: "1.0.0",
|
|
194
|
+
kind: "doctor.attestation",
|
|
195
|
+
generatedAt: analysis.generatedAt,
|
|
196
|
+
version: packageVersion,
|
|
197
|
+
targetPath: analysis.targetPath,
|
|
198
|
+
subject: buildSubject(analysis, packageJson, manifest),
|
|
199
|
+
packageFingerprint,
|
|
200
|
+
reportDigest: {
|
|
201
|
+
algorithm: "sha256",
|
|
202
|
+
digest: reportDigest
|
|
203
|
+
},
|
|
204
|
+
summary: buildSummary(analysis),
|
|
205
|
+
verification: {
|
|
206
|
+
recomputeCommand: `codex-plugin-doctor doctor attest ${analysis.targetPath} --json`,
|
|
207
|
+
notes: [
|
|
208
|
+
"Compare packageFingerprint.digest to confirm the same local package contents.",
|
|
209
|
+
"Compare reportDigest.digest to confirm the same validation, security, compatibility, trust, and recommendation signals."
|
|
210
|
+
]
|
|
211
|
+
},
|
|
212
|
+
signature: {
|
|
213
|
+
status: "unsigned",
|
|
214
|
+
reason: "v0.17 creates deterministic local attestations without key management or hosted signing."
|
|
215
|
+
}
|
|
216
|
+
};
|
|
217
|
+
}
|
|
218
|
+
export function renderDoctorAttestationJson(attestation) {
|
|
219
|
+
return JSON.stringify(attestation, null, 2);
|
|
220
|
+
}
|
|
221
|
+
export function renderDoctorAttestation(attestation, options = {}) {
|
|
222
|
+
const lines = [
|
|
223
|
+
"Doctor Attestation",
|
|
224
|
+
"==================",
|
|
225
|
+
`Target: ${attestation.targetPath}`,
|
|
226
|
+
`Subject: ${attestation.subject.name}${attestation.subject.version ? `@${attestation.subject.version}` : ""}`,
|
|
227
|
+
`Status: ${attestation.summary.status.toUpperCase()}`,
|
|
228
|
+
`Package fingerprint: ${attestation.packageFingerprint.digest}`,
|
|
229
|
+
`Report digest: ${attestation.reportDigest.digest}`,
|
|
230
|
+
`Signature: ${attestation.signature.status}`
|
|
231
|
+
];
|
|
232
|
+
if (options.outputPath) {
|
|
233
|
+
lines.push(`Output: ${options.outputPath}`);
|
|
234
|
+
}
|
|
235
|
+
lines.push("", "Verification", "------------");
|
|
236
|
+
lines.push(attestation.verification.recomputeCommand);
|
|
237
|
+
return lines.join("\n");
|
|
238
|
+
}
|
package/dist/index.d.ts
CHANGED
|
@@ -4,6 +4,7 @@ export { buildTrustScore, renderTrustScore, renderTrustScoreJson, type BuildTrus
|
|
|
4
4
|
export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson, type DoctorSnapshot } from "./core/doctor-snapshot.js";
|
|
5
5
|
export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson, type DoctorRecommendationAction, type DoctorRecommendationsReport } from "./core/doctor-recommendations.js";
|
|
6
6
|
export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson, type DoctorExportBundle } from "./core/doctor-export-bundle.js";
|
|
7
|
+
export { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson, type DoctorAttestation, type Digest, type PackageFingerprint } from "./core/attestation.js";
|
|
7
8
|
export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis, type PackageAnalysis, type PackageAnalysisOptions, type PackageAnalysisStage, type PackageAnalysisTiming } from "./core/package-analysis.js";
|
|
8
9
|
export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson, type BuildDoctorPerformanceReportOptions, type DoctorPerformanceReport, type DoctorPerformanceStage, type DoctorPerformanceStageName } from "./core/performance-report.js";
|
|
9
10
|
export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson, type BuildDoctorNpmPackageReportOptions, type DoctorNpmPackageReport } from "./core/npm-package-doctor.js";
|
package/dist/index.js
CHANGED
|
@@ -4,6 +4,7 @@ export { buildTrustScore, renderTrustScore, renderTrustScoreJson } from "./secur
|
|
|
4
4
|
export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } from "./core/doctor-snapshot.js";
|
|
5
5
|
export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
|
|
6
6
|
export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
|
|
7
|
+
export { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson } from "./core/attestation.js";
|
|
7
8
|
export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis } from "./core/package-analysis.js";
|
|
8
9
|
export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
|
|
9
10
|
export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
|
package/dist/run-cli.js
CHANGED
|
@@ -16,6 +16,7 @@ import { applyDoctorConfig, loadDoctorConfig } from "./core/doctor-config.js";
|
|
|
16
16
|
import { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } from "./core/doctor-snapshot.js";
|
|
17
17
|
import { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
|
|
18
18
|
import { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
|
|
19
|
+
import { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson } from "./core/attestation.js";
|
|
19
20
|
import { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
|
|
20
21
|
import { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
|
|
21
22
|
import { buildDoctorRiskDiffReport, renderDoctorRiskDiffReport, renderDoctorRiskDiffReportJson } from "./core/risk-diff.js";
|
|
@@ -65,7 +66,7 @@ const defaultIo = {
|
|
|
65
66
|
}
|
|
66
67
|
};
|
|
67
68
|
function printUsage(io) {
|
|
68
|
-
io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]\n codex-plugin-doctor mcp <path> [--json] [--output <path>]\n codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n codex-plugin-doctor doctor [npm <package>|inspector <path>|diff --before <path> --after <path>|recommend <path>|trust <path>|perf <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n codex-plugin-doctor init-ci [path]\n codex-plugin-doctor self-test\n codex-plugin-doctor list --installed\n codex-plugin-doctor explain <finding-id>\n codex-plugin-doctor --version\n\nFirst run:\n codex-plugin-doctor doctor\n codex-plugin-doctor self-test\n codex-plugin-doctor init my-plugin\n codex-plugin-doctor check . --runtime --explain");
|
|
69
|
+
io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]\n codex-plugin-doctor mcp <path> [--json] [--output <path>]\n codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n codex-plugin-doctor doctor [npm <package>|attest <path>|inspector <path>|diff --before <path> --after <path>|recommend <path>|trust <path>|perf <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n codex-plugin-doctor init-ci [path]\n codex-plugin-doctor self-test\n codex-plugin-doctor list --installed\n codex-plugin-doctor explain <finding-id>\n codex-plugin-doctor --version\n\nFirst run:\n codex-plugin-doctor doctor\n codex-plugin-doctor self-test\n codex-plugin-doctor init my-plugin\n codex-plugin-doctor check . --runtime --explain");
|
|
69
70
|
}
|
|
70
71
|
function renderInstalledPlugins(plugins) {
|
|
71
72
|
const lines = [
|
|
@@ -230,6 +231,30 @@ export async function runCli(args, io = defaultIo, options = {}) {
|
|
|
230
231
|
io.writeStdout(renderedReport);
|
|
231
232
|
return report.exitCode;
|
|
232
233
|
}
|
|
234
|
+
if (maybePath === "attest") {
|
|
235
|
+
const targetPath = remainingArgs[0] && !remainingArgs[0].startsWith("--")
|
|
236
|
+
? remainingArgs[0]
|
|
237
|
+
: ".";
|
|
238
|
+
const attestFlags = remainingArgs[0] && !remainingArgs[0].startsWith("--")
|
|
239
|
+
? remainingArgs.slice(1)
|
|
240
|
+
: remainingArgs;
|
|
241
|
+
const jsonOutput = attestFlags.includes("--json");
|
|
242
|
+
const outputIndex = attestFlags.indexOf("--output");
|
|
243
|
+
const outputPath = outputIndex === -1 ? null : attestFlags[outputIndex + 1];
|
|
244
|
+
if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
|
|
245
|
+
io.writeStderr("Missing path after --output.");
|
|
246
|
+
return 2;
|
|
247
|
+
}
|
|
248
|
+
const attestation = await buildDoctorAttestation(targetPath);
|
|
249
|
+
const attestationJson = renderDoctorAttestationJson(attestation);
|
|
250
|
+
if (outputPath) {
|
|
251
|
+
await writeFile(outputPath, attestationJson, "utf8");
|
|
252
|
+
}
|
|
253
|
+
io.writeStdout(jsonOutput
|
|
254
|
+
? attestationJson
|
|
255
|
+
: renderDoctorAttestation(attestation, { outputPath }));
|
|
256
|
+
return attestation.summary.status === "fail" ? 1 : 0;
|
|
257
|
+
}
|
|
233
258
|
if (maybePath === "npm") {
|
|
234
259
|
const packageSpec = remainingArgs[0] && !remainingArgs[0].startsWith("--")
|
|
235
260
|
? remainingArgs[0]
|
package/package.json
CHANGED