codex-plugin-doctor 0.17.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -1
- package/dist/core/output-contract.d.ts +40 -0
- package/dist/core/output-contract.js +208 -0
- package/dist/core/validation-corpus.d.ts +57 -0
- package/dist/core/validation-corpus.js +128 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +2 -0
- package/dist/run-cli.js +44 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -76,6 +76,8 @@ Output formats:
|
|
|
76
76
|
- Shields-compatible badge JSON and static badge Markdown
|
|
77
77
|
- validation history JSONL and trend summaries
|
|
78
78
|
- deterministic local attestation artifacts
|
|
79
|
+
- output contract and rule catalog freeze metadata
|
|
80
|
+
- bundled validation corpus reports
|
|
79
81
|
- `--output` file writing
|
|
80
82
|
- CI summary and artifact generation
|
|
81
83
|
|
|
@@ -177,6 +179,10 @@ Run these from a Codex plugin package root:
|
|
|
177
179
|
codex-plugin-doctor --version
|
|
178
180
|
codex-plugin-doctor self-test
|
|
179
181
|
codex-plugin-doctor doctor
|
|
182
|
+
codex-plugin-doctor doctor contract
|
|
183
|
+
codex-plugin-doctor doctor contract --json --output output-contract.json
|
|
184
|
+
codex-plugin-doctor doctor corpus
|
|
185
|
+
codex-plugin-doctor doctor corpus --json --output validation-corpus.json
|
|
180
186
|
codex-plugin-doctor doctor npm codex-plugin-doctor
|
|
181
187
|
codex-plugin-doctor doctor npm codex-plugin-doctor --json --output npm-preinstall.json
|
|
182
188
|
codex-plugin-doctor doctor attest .
|
|
@@ -259,7 +265,7 @@ codex-plugin-doctor check . --json --runtime --verbose-runtime
|
|
|
259
265
|
|
|
260
266
|
`self-test` runs the bundled runtime-complete sample through static validation, runtime MCP probes, and the compatibility scorecard. It is the fastest post-install check after `npm install -g codex-plugin-doctor`.
|
|
261
267
|
|
|
262
|
-
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor attest <path>` creates a deterministic local attestation with a package fingerprint, report digest, validation/security/compatibility/trust summary, and unsigned verification metadata. Add `--json` for automation or `--output attestation.json` to write the artifact to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
268
|
+
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor contract` publishes the machine-readable output contract, including public JSON schema surfaces, stable-through-1.0 compatibility metadata, and a frozen rule catalog digest. Add `--json` for automation or `--output output-contract.json` to write the contract to disk. `doctor corpus` runs the bundled validation corpus against healthy runtime, risky security, and starter skill packages, then reports whether each case matched its expected outcome. Add `--json` for automation or `--output validation-corpus.json` to write the corpus report to disk. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor attest <path>` creates a deterministic local attestation with a package fingerprint, report digest, validation/security/compatibility/trust summary, and unsigned verification metadata. Add `--json` for automation or `--output attestation.json` to write the artifact to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
263
269
|
|
|
264
270
|
`audit --installed` runs a local ecosystem audit against every discovered Codex plugin in the installed plugin cache. Add `--security` to include security scorecards, `--compat` to include the all-client compatibility matrix, and `--json --output local-audit.json` when you want a shareable machine-readable report. Add `--cache` to reuse unchanged plugin results between runs; add `--changed` to only report plugins whose fingerprint changed since the last cached audit. Use `--cache-file path/to/audit-cache.json` when CI or scripted runs need an explicit cache location.
|
|
265
271
|
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { type RuleCategory, type RuleSeverity } from "../rules/rule-catalog.js";
|
|
2
|
+
type JsonSchema = Record<string, unknown>;
|
|
3
|
+
export interface OutputContractRule {
|
|
4
|
+
id: string;
|
|
5
|
+
category: RuleCategory;
|
|
6
|
+
defaultSeverity: RuleSeverity;
|
|
7
|
+
}
|
|
8
|
+
export interface OutputContractSchema {
|
|
9
|
+
id: string;
|
|
10
|
+
command: string;
|
|
11
|
+
schemaVersion: "1.0.0";
|
|
12
|
+
stability: "stable-through-1.0";
|
|
13
|
+
outputKind: string | null;
|
|
14
|
+
schema: JsonSchema;
|
|
15
|
+
}
|
|
16
|
+
export interface DoctorOutputContract {
|
|
17
|
+
schemaVersion: "1.0.0";
|
|
18
|
+
kind: "doctor.output.contract";
|
|
19
|
+
generatedAt: string;
|
|
20
|
+
version: string;
|
|
21
|
+
contract: {
|
|
22
|
+
frozenSince: "0.18.0";
|
|
23
|
+
stability: "stable-through-1.0";
|
|
24
|
+
compatibility: string;
|
|
25
|
+
};
|
|
26
|
+
ruleCatalog: {
|
|
27
|
+
status: "frozen";
|
|
28
|
+
frozenSince: "0.18.0";
|
|
29
|
+
ruleCount: number;
|
|
30
|
+
digest: string;
|
|
31
|
+
rules: OutputContractRule[];
|
|
32
|
+
};
|
|
33
|
+
schemas: OutputContractSchema[];
|
|
34
|
+
}
|
|
35
|
+
export declare function buildDoctorOutputContract(generatedAt?: string): DoctorOutputContract;
|
|
36
|
+
export declare function renderDoctorOutputContractJson(contract: DoctorOutputContract): string;
|
|
37
|
+
export declare function renderDoctorOutputContract(contract: DoctorOutputContract, options?: {
|
|
38
|
+
outputPath?: string | null;
|
|
39
|
+
}): string;
|
|
40
|
+
export {};
|
|
@@ -0,0 +1,208 @@
|
|
|
1
|
+
import { createHash } from "node:crypto";
|
|
2
|
+
import { packageVersion } from "../version.js";
|
|
3
|
+
import { ruleCatalog } from "../rules/rule-catalog.js";
|
|
4
|
+
const publicSchemaDefinitions = [
|
|
5
|
+
{
|
|
6
|
+
id: "doctor.check.json",
|
|
7
|
+
command: "codex-plugin-doctor check <path> --json",
|
|
8
|
+
required: ["schemaVersion", "generatedAt", "summary", "findings"]
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
id: "doctor.security.json",
|
|
12
|
+
command: "codex-plugin-doctor security <path> --json",
|
|
13
|
+
required: ["schemaVersion", "generatedAt", "targetPath", "status", "score", "findings"]
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "doctor.compatibility.json",
|
|
17
|
+
command: "codex-plugin-doctor compat <path> --json",
|
|
18
|
+
required: ["schemaVersion", "targetPath", "results"]
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
id: "doctor.mcp.json",
|
|
22
|
+
command: "codex-plugin-doctor mcp <path> --json",
|
|
23
|
+
required: ["schemaVersion", "targetPath", "status", "summary", "findings"]
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
id: "doctor.audit.json",
|
|
27
|
+
command: "codex-plugin-doctor audit --installed --json",
|
|
28
|
+
required: ["schemaVersion", "generatedAt", "summary", "items"]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
id: "doctor.fix.plan.json",
|
|
32
|
+
command: "codex-plugin-doctor fix <path> --dry-run --json",
|
|
33
|
+
required: ["schemaVersion", "targetPath", "mode", "actions"]
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
id: "doctor.history.json",
|
|
37
|
+
command: "codex-plugin-doctor history <history.jsonl> --json",
|
|
38
|
+
required: ["schemaVersion", "entryCount", "latest", "previous", "delta", "regression"]
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
id: "doctor.environment.json",
|
|
42
|
+
command: "codex-plugin-doctor doctor --json",
|
|
43
|
+
required: ["schemaVersion", "generatedAt", "version", "platform", "node", "checks"]
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
id: "doctor.validation.corpus.json",
|
|
47
|
+
command: "codex-plugin-doctor doctor corpus --json",
|
|
48
|
+
outputKind: "doctor.validation.corpus",
|
|
49
|
+
required: ["schemaVersion", "kind", "generatedAt", "version", "summary", "cases"]
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
id: "doctor.recommendations.json",
|
|
53
|
+
command: "codex-plugin-doctor doctor recommend <path> --json",
|
|
54
|
+
required: ["schemaVersion", "generatedAt", "targetPath", "status", "summary", "actions"]
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
id: "doctor.trust.json",
|
|
58
|
+
command: "codex-plugin-doctor doctor trust <path> --json",
|
|
59
|
+
required: ["schemaVersion", "generatedAt", "targetPath", "status", "score", "findings"]
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
id: "doctor.performance.json",
|
|
63
|
+
command: "codex-plugin-doctor doctor perf <path> --json",
|
|
64
|
+
outputKind: "doctor.perf",
|
|
65
|
+
required: ["schemaVersion", "kind", "generatedAt", "targetPath", "summary", "stages"]
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
id: "doctor.export.bundle.json",
|
|
69
|
+
command: "codex-plugin-doctor doctor export --bundle <path> --json",
|
|
70
|
+
outputKind: "doctor.export.bundle",
|
|
71
|
+
required: ["schemaVersion", "kind", "generatedAt", "targetPath", "validation", "security", "compatibility", "recommendations", "trust"]
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
id: "doctor.attestation.json",
|
|
75
|
+
command: "codex-plugin-doctor doctor attest <path> --json",
|
|
76
|
+
outputKind: "doctor.attestation",
|
|
77
|
+
required: ["schemaVersion", "kind", "generatedAt", "targetPath", "subject", "packageFingerprint", "reportDigest", "summary", "verification", "signature"]
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
id: "doctor.npm.json",
|
|
81
|
+
command: "codex-plugin-doctor doctor npm <package> --json",
|
|
82
|
+
outputKind: "doctor.npm",
|
|
83
|
+
required: ["schemaVersion", "kind", "generatedAt", "package", "summary", "validation", "security", "trust", "recommendations"]
|
|
84
|
+
},
|
|
85
|
+
{
|
|
86
|
+
id: "doctor.risk.diff.json",
|
|
87
|
+
command: "codex-plugin-doctor doctor diff --before <path> --after <path> --json",
|
|
88
|
+
outputKind: "doctor.risk.diff",
|
|
89
|
+
required: ["schemaVersion", "kind", "generatedAt", "before", "after", "summary", "risk"]
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
id: "doctor.inspector.json",
|
|
93
|
+
command: "codex-plugin-doctor doctor inspector <path> --json",
|
|
94
|
+
outputKind: "doctor.inspector",
|
|
95
|
+
required: ["schemaVersion", "kind", "generatedAt", "targetPath", "status"]
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
id: "doctor.snapshot.json",
|
|
99
|
+
command: "codex-plugin-doctor doctor snapshot --json",
|
|
100
|
+
required: ["schemaVersion", "generatedAt", "version", "environment", "clients", "installedPlugins", "nextCommands"]
|
|
101
|
+
}
|
|
102
|
+
];
|
|
103
|
+
function sha256(value) {
|
|
104
|
+
return `sha256:${createHash("sha256").update(value).digest("hex")}`;
|
|
105
|
+
}
|
|
106
|
+
function isPlainObject(value) {
|
|
107
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
108
|
+
}
|
|
109
|
+
function stableStringify(value) {
|
|
110
|
+
if (Array.isArray(value)) {
|
|
111
|
+
return `[${value.map((item) => stableStringify(item)).join(",")}]`;
|
|
112
|
+
}
|
|
113
|
+
if (isPlainObject(value)) {
|
|
114
|
+
return `{${Object.keys(value)
|
|
115
|
+
.sort()
|
|
116
|
+
.map((key) => `${JSON.stringify(key)}:${stableStringify(value[key])}`)
|
|
117
|
+
.join(",")}}`;
|
|
118
|
+
}
|
|
119
|
+
return JSON.stringify(value);
|
|
120
|
+
}
|
|
121
|
+
function contractRules(rules) {
|
|
122
|
+
return rules
|
|
123
|
+
.map((rule) => ({
|
|
124
|
+
id: rule.id,
|
|
125
|
+
category: rule.category,
|
|
126
|
+
defaultSeverity: rule.defaultSeverity
|
|
127
|
+
}))
|
|
128
|
+
.sort((left, right) => left.id.localeCompare(right.id));
|
|
129
|
+
}
|
|
130
|
+
function buildSchema(id, outputKind, required) {
|
|
131
|
+
const properties = {
|
|
132
|
+
schemaVersion: {
|
|
133
|
+
const: "1.0.0"
|
|
134
|
+
}
|
|
135
|
+
};
|
|
136
|
+
if (outputKind) {
|
|
137
|
+
properties.kind = {
|
|
138
|
+
const: outputKind
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
return {
|
|
142
|
+
$schema: "https://json-schema.org/draft/2020-12/schema",
|
|
143
|
+
$id: `https://github.com/Esquetta/CodexPluginDoctor/schemas/${id}`,
|
|
144
|
+
title: id,
|
|
145
|
+
type: "object",
|
|
146
|
+
required: [...new Set(["schemaVersion", ...required])],
|
|
147
|
+
properties,
|
|
148
|
+
additionalProperties: true
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
function buildSchemas() {
|
|
152
|
+
return publicSchemaDefinitions.map((definition) => {
|
|
153
|
+
const outputKind = definition.outputKind ?? null;
|
|
154
|
+
return {
|
|
155
|
+
id: definition.id,
|
|
156
|
+
command: definition.command,
|
|
157
|
+
schemaVersion: "1.0.0",
|
|
158
|
+
stability: "stable-through-1.0",
|
|
159
|
+
outputKind,
|
|
160
|
+
schema: buildSchema(definition.id, outputKind, definition.required ?? [])
|
|
161
|
+
};
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
export function buildDoctorOutputContract(generatedAt = new Date().toISOString()) {
|
|
165
|
+
const rules = contractRules(ruleCatalog);
|
|
166
|
+
return {
|
|
167
|
+
schemaVersion: "1.0.0",
|
|
168
|
+
kind: "doctor.output.contract",
|
|
169
|
+
generatedAt,
|
|
170
|
+
version: packageVersion,
|
|
171
|
+
contract: {
|
|
172
|
+
frozenSince: "0.18.0",
|
|
173
|
+
stability: "stable-through-1.0",
|
|
174
|
+
compatibility: "Public JSON schema surfaces and existing rule IDs/default severities are treated as stable through 1.0.0; breaking changes require a schemaVersion or major version change."
|
|
175
|
+
},
|
|
176
|
+
ruleCatalog: {
|
|
177
|
+
status: "frozen",
|
|
178
|
+
frozenSince: "0.18.0",
|
|
179
|
+
ruleCount: rules.length,
|
|
180
|
+
digest: sha256(stableStringify(rules)),
|
|
181
|
+
rules
|
|
182
|
+
},
|
|
183
|
+
schemas: buildSchemas()
|
|
184
|
+
};
|
|
185
|
+
}
|
|
186
|
+
export function renderDoctorOutputContractJson(contract) {
|
|
187
|
+
return JSON.stringify(contract, null, 2);
|
|
188
|
+
}
|
|
189
|
+
export function renderDoctorOutputContract(contract, options = {}) {
|
|
190
|
+
const lines = [
|
|
191
|
+
"Doctor Output Contract",
|
|
192
|
+
"======================",
|
|
193
|
+
`Version: ${contract.version}`,
|
|
194
|
+
`Contract: ${contract.contract.stability} (since ${contract.contract.frozenSince})`,
|
|
195
|
+
`Rule catalog: ${contract.ruleCatalog.status}`,
|
|
196
|
+
`Rule digest: ${contract.ruleCatalog.digest}`,
|
|
197
|
+
`Rules: ${contract.ruleCatalog.ruleCount}`,
|
|
198
|
+
`Schemas: ${contract.schemas.length}`
|
|
199
|
+
];
|
|
200
|
+
if (options.outputPath) {
|
|
201
|
+
lines.push(`Output: ${options.outputPath}`);
|
|
202
|
+
}
|
|
203
|
+
lines.push("", "Schema surfaces", "---------------");
|
|
204
|
+
for (const schema of contract.schemas) {
|
|
205
|
+
lines.push(`- ${schema.id}: ${schema.command}`);
|
|
206
|
+
}
|
|
207
|
+
return lines.join("\n");
|
|
208
|
+
}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { type PackageAnalysisOptions } from "./package-analysis.js";
|
|
2
|
+
type ValidationStatus = "pass" | "warn" | "fail";
|
|
3
|
+
export interface ValidationCorpusCaseDefinition {
|
|
4
|
+
id: string;
|
|
5
|
+
label: string;
|
|
6
|
+
profile: string;
|
|
7
|
+
sourceType: "bundled-example";
|
|
8
|
+
relativePath: string;
|
|
9
|
+
runtimeEnabled: boolean;
|
|
10
|
+
expected: {
|
|
11
|
+
validationStatus: ValidationStatus;
|
|
12
|
+
findingIds?: string[];
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
export interface ValidationCorpusCaseResult {
|
|
16
|
+
id: string;
|
|
17
|
+
label: string;
|
|
18
|
+
profile: string;
|
|
19
|
+
sourceType: "bundled-example";
|
|
20
|
+
targetPath: string;
|
|
21
|
+
runtimeEnabled: boolean;
|
|
22
|
+
expected: {
|
|
23
|
+
validationStatus: ValidationStatus;
|
|
24
|
+
findingIds: string[];
|
|
25
|
+
};
|
|
26
|
+
actual: {
|
|
27
|
+
validationStatus: ValidationStatus;
|
|
28
|
+
findingIds: string[];
|
|
29
|
+
securityStatus: ValidationStatus;
|
|
30
|
+
trustStatus: ValidationStatus;
|
|
31
|
+
compatibilityFailedClients: string[];
|
|
32
|
+
};
|
|
33
|
+
expectationMatched: boolean;
|
|
34
|
+
}
|
|
35
|
+
export interface DoctorValidationCorpusReport {
|
|
36
|
+
schemaVersion: "1.0.0";
|
|
37
|
+
kind: "doctor.validation.corpus";
|
|
38
|
+
generatedAt: string;
|
|
39
|
+
version: string;
|
|
40
|
+
summary: {
|
|
41
|
+
status: "pass" | "fail";
|
|
42
|
+
caseCount: number;
|
|
43
|
+
passedExpectations: number;
|
|
44
|
+
failedExpectations: number;
|
|
45
|
+
runtimeCases: number;
|
|
46
|
+
};
|
|
47
|
+
cases: ValidationCorpusCaseResult[];
|
|
48
|
+
}
|
|
49
|
+
export interface BuildDoctorValidationCorpusOptions {
|
|
50
|
+
environment?: PackageAnalysisOptions["environment"];
|
|
51
|
+
}
|
|
52
|
+
export declare function buildDoctorValidationCorpusReport(options?: BuildDoctorValidationCorpusOptions): Promise<DoctorValidationCorpusReport>;
|
|
53
|
+
export declare function renderDoctorValidationCorpusJson(report: DoctorValidationCorpusReport): string;
|
|
54
|
+
export declare function renderDoctorValidationCorpusReport(report: DoctorValidationCorpusReport, options?: {
|
|
55
|
+
outputPath?: string | null;
|
|
56
|
+
}): string;
|
|
57
|
+
export {};
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
import path from "node:path";
|
|
2
|
+
import { fileURLToPath } from "node:url";
|
|
3
|
+
import { buildPackageAnalysis } from "./package-analysis.js";
|
|
4
|
+
import { validatePlugin } from "./validate-plugin.js";
|
|
5
|
+
import { matrixExitCode } from "../compatibility/compatibility-matrix.js";
|
|
6
|
+
import { packageVersion } from "../version.js";
|
|
7
|
+
const bundledCorpusCases = [
|
|
8
|
+
{
|
|
9
|
+
id: "bundled-runtime-healthy",
|
|
10
|
+
label: "Bundled runtime-complete example",
|
|
11
|
+
profile: "healthy-runtime",
|
|
12
|
+
sourceType: "bundled-example",
|
|
13
|
+
relativePath: "examples/codex-doctor-runtime",
|
|
14
|
+
runtimeEnabled: true,
|
|
15
|
+
expected: {
|
|
16
|
+
validationStatus: "pass"
|
|
17
|
+
}
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
id: "bundled-risky-security",
|
|
21
|
+
label: "Bundled risky security example",
|
|
22
|
+
profile: "risky-security",
|
|
23
|
+
sourceType: "bundled-example",
|
|
24
|
+
relativePath: "examples/codex-doctor-risky",
|
|
25
|
+
runtimeEnabled: false,
|
|
26
|
+
expected: {
|
|
27
|
+
validationStatus: "fail",
|
|
28
|
+
findingIds: ["plugin.security.hard_coded_secret"]
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
id: "bundled-starter-skill",
|
|
33
|
+
label: "Bundled starter skill-only example",
|
|
34
|
+
profile: "skill-only",
|
|
35
|
+
sourceType: "bundled-example",
|
|
36
|
+
relativePath: "examples/codex-doctor-starter",
|
|
37
|
+
runtimeEnabled: false,
|
|
38
|
+
expected: {
|
|
39
|
+
validationStatus: "pass"
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
];
|
|
43
|
+
function resolvePackageRoot() {
|
|
44
|
+
return path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..", "..");
|
|
45
|
+
}
|
|
46
|
+
function includesExpectedFindings(actualFindingIds, expectedFindingIds) {
|
|
47
|
+
return expectedFindingIds.every((findingId) => actualFindingIds.includes(findingId));
|
|
48
|
+
}
|
|
49
|
+
async function runCorpusCase(caseDefinition, options) {
|
|
50
|
+
const targetPath = path.resolve(resolvePackageRoot(), caseDefinition.relativePath);
|
|
51
|
+
const analysis = await buildPackageAnalysis(targetPath, {
|
|
52
|
+
environment: options.environment,
|
|
53
|
+
runCheck: (pathToCheck) => validatePlugin(pathToCheck, {
|
|
54
|
+
runtime: caseDefinition.runtimeEnabled
|
|
55
|
+
})
|
|
56
|
+
});
|
|
57
|
+
const findingIds = analysis.validation.findings.map((finding) => finding.id).sort();
|
|
58
|
+
const expectedFindingIds = [...(caseDefinition.expected.findingIds ?? [])].sort();
|
|
59
|
+
const compatibilityFailedClients = analysis.compatibility.results
|
|
60
|
+
.filter((result) => result.status === "fail")
|
|
61
|
+
.map((result) => result.client);
|
|
62
|
+
const expectationMatched = analysis.validation.status === caseDefinition.expected.validationStatus &&
|
|
63
|
+
includesExpectedFindings(findingIds, expectedFindingIds);
|
|
64
|
+
return {
|
|
65
|
+
id: caseDefinition.id,
|
|
66
|
+
label: caseDefinition.label,
|
|
67
|
+
profile: caseDefinition.profile,
|
|
68
|
+
sourceType: caseDefinition.sourceType,
|
|
69
|
+
targetPath,
|
|
70
|
+
runtimeEnabled: caseDefinition.runtimeEnabled,
|
|
71
|
+
expected: {
|
|
72
|
+
validationStatus: caseDefinition.expected.validationStatus,
|
|
73
|
+
findingIds: expectedFindingIds
|
|
74
|
+
},
|
|
75
|
+
actual: {
|
|
76
|
+
validationStatus: analysis.validation.status,
|
|
77
|
+
findingIds,
|
|
78
|
+
securityStatus: analysis.security.status,
|
|
79
|
+
trustStatus: analysis.trust.status,
|
|
80
|
+
compatibilityFailedClients: matrixExitCode(analysis.compatibility) === 1
|
|
81
|
+
? compatibilityFailedClients
|
|
82
|
+
: []
|
|
83
|
+
},
|
|
84
|
+
expectationMatched
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
export async function buildDoctorValidationCorpusReport(options = {}) {
|
|
88
|
+
const cases = await Promise.all(bundledCorpusCases.map((caseDefinition) => runCorpusCase(caseDefinition, options)));
|
|
89
|
+
const failedExpectations = cases.filter((caseResult) => !caseResult.expectationMatched).length;
|
|
90
|
+
return {
|
|
91
|
+
schemaVersion: "1.0.0",
|
|
92
|
+
kind: "doctor.validation.corpus",
|
|
93
|
+
generatedAt: new Date().toISOString(),
|
|
94
|
+
version: packageVersion,
|
|
95
|
+
summary: {
|
|
96
|
+
status: failedExpectations > 0 ? "fail" : "pass",
|
|
97
|
+
caseCount: cases.length,
|
|
98
|
+
passedExpectations: cases.length - failedExpectations,
|
|
99
|
+
failedExpectations,
|
|
100
|
+
runtimeCases: cases.filter((caseResult) => caseResult.runtimeEnabled).length
|
|
101
|
+
},
|
|
102
|
+
cases
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
export function renderDoctorValidationCorpusJson(report) {
|
|
106
|
+
return JSON.stringify(report, null, 2);
|
|
107
|
+
}
|
|
108
|
+
export function renderDoctorValidationCorpusReport(report, options = {}) {
|
|
109
|
+
const lines = [
|
|
110
|
+
"Doctor Validation Corpus",
|
|
111
|
+
"========================",
|
|
112
|
+
`Version: ${report.version}`,
|
|
113
|
+
`Status: ${report.summary.status.toUpperCase()}`,
|
|
114
|
+
`Cases: ${report.summary.caseCount}`,
|
|
115
|
+
`Passed expectations: ${report.summary.passedExpectations}`,
|
|
116
|
+
`Failed expectations: ${report.summary.failedExpectations}`,
|
|
117
|
+
`Runtime cases: ${report.summary.runtimeCases}`
|
|
118
|
+
];
|
|
119
|
+
if (options.outputPath) {
|
|
120
|
+
lines.push(`Output: ${options.outputPath}`);
|
|
121
|
+
}
|
|
122
|
+
lines.push("", "Cases", "-----");
|
|
123
|
+
for (const caseResult of report.cases) {
|
|
124
|
+
lines.push(`${caseResult.id}: ${caseResult.expectationMatched ? "PASS" : "FAIL"} ` +
|
|
125
|
+
`(${caseResult.actual.validationStatus.toUpperCase()}, ${caseResult.actual.findingIds.length} findings)`);
|
|
126
|
+
}
|
|
127
|
+
return lines.join("\n");
|
|
128
|
+
}
|
package/dist/index.d.ts
CHANGED
|
@@ -5,6 +5,8 @@ export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson, ty
|
|
|
5
5
|
export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson, type DoctorRecommendationAction, type DoctorRecommendationsReport } from "./core/doctor-recommendations.js";
|
|
6
6
|
export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson, type DoctorExportBundle } from "./core/doctor-export-bundle.js";
|
|
7
7
|
export { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson, type DoctorAttestation, type Digest, type PackageFingerprint } from "./core/attestation.js";
|
|
8
|
+
export { buildDoctorOutputContract, renderDoctorOutputContract, renderDoctorOutputContractJson, type DoctorOutputContract, type OutputContractRule, type OutputContractSchema } from "./core/output-contract.js";
|
|
9
|
+
export { buildDoctorValidationCorpusReport, renderDoctorValidationCorpusJson, renderDoctorValidationCorpusReport, type BuildDoctorValidationCorpusOptions, type DoctorValidationCorpusReport, type ValidationCorpusCaseDefinition, type ValidationCorpusCaseResult } from "./core/validation-corpus.js";
|
|
8
10
|
export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis, type PackageAnalysis, type PackageAnalysisOptions, type PackageAnalysisStage, type PackageAnalysisTiming } from "./core/package-analysis.js";
|
|
9
11
|
export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson, type BuildDoctorPerformanceReportOptions, type DoctorPerformanceReport, type DoctorPerformanceStage, type DoctorPerformanceStageName } from "./core/performance-report.js";
|
|
10
12
|
export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson, type BuildDoctorNpmPackageReportOptions, type DoctorNpmPackageReport } from "./core/npm-package-doctor.js";
|
package/dist/index.js
CHANGED
|
@@ -5,6 +5,8 @@ export { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } f
|
|
|
5
5
|
export { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
|
|
6
6
|
export { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
|
|
7
7
|
export { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson } from "./core/attestation.js";
|
|
8
|
+
export { buildDoctorOutputContract, renderDoctorOutputContract, renderDoctorOutputContractJson } from "./core/output-contract.js";
|
|
9
|
+
export { buildDoctorValidationCorpusReport, renderDoctorValidationCorpusJson, renderDoctorValidationCorpusReport } from "./core/validation-corpus.js";
|
|
8
10
|
export { buildDoctorExportBundleFromAnalysis, buildDoctorRecommendationsFromAnalysis, buildPackageAnalysis } from "./core/package-analysis.js";
|
|
9
11
|
export { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
|
|
10
12
|
export { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
|
package/dist/run-cli.js
CHANGED
|
@@ -17,6 +17,8 @@ import { buildDoctorSnapshot, renderDoctorSnapshot, renderDoctorSnapshotJson } f
|
|
|
17
17
|
import { buildDoctorRecommendations, renderDoctorRecommendations, renderDoctorRecommendationsJson } from "./core/doctor-recommendations.js";
|
|
18
18
|
import { buildDoctorExportBundle, renderDoctorExportBundle, renderDoctorExportBundleJson } from "./core/doctor-export-bundle.js";
|
|
19
19
|
import { buildDoctorAttestation, renderDoctorAttestation, renderDoctorAttestationJson } from "./core/attestation.js";
|
|
20
|
+
import { buildDoctorOutputContract, renderDoctorOutputContract, renderDoctorOutputContractJson } from "./core/output-contract.js";
|
|
21
|
+
import { buildDoctorValidationCorpusReport, renderDoctorValidationCorpusJson, renderDoctorValidationCorpusReport } from "./core/validation-corpus.js";
|
|
20
22
|
import { buildDoctorPerformanceReport, renderDoctorPerformanceReport, renderDoctorPerformanceReportJson } from "./core/performance-report.js";
|
|
21
23
|
import { buildDoctorNpmPackageReport, renderDoctorNpmPackageReport, renderDoctorNpmPackageReportJson } from "./core/npm-package-doctor.js";
|
|
22
24
|
import { buildDoctorRiskDiffReport, renderDoctorRiskDiffReport, renderDoctorRiskDiffReportJson } from "./core/risk-diff.js";
|
|
@@ -66,7 +68,7 @@ const defaultIo = {
|
|
|
66
68
|
}
|
|
67
69
|
};
|
|
68
70
|
function printUsage(io) {
|
|
69
|
-
io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]\n codex-plugin-doctor mcp <path> [--json] [--output <path>]\n codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n codex-plugin-doctor doctor [npm <package>|attest <path>|inspector <path>|diff --before <path> --after <path>|recommend <path>|trust <path>|perf <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n codex-plugin-doctor init-ci [path]\n codex-plugin-doctor self-test\n codex-plugin-doctor list --installed\n codex-plugin-doctor explain <finding-id>\n codex-plugin-doctor --version\n\nFirst run:\n codex-plugin-doctor doctor\n codex-plugin-doctor self-test\n codex-plugin-doctor init my-plugin\n codex-plugin-doctor check . --runtime --explain");
|
|
71
|
+
io.writeStderr("Usage: codex-plugin-doctor check <path|--installed> [filter] [--policy codex-publish|mcp-strict|security] [--compat] [--json|--markdown|--badge-json|--badge-markdown] [--output <path>] [--history <path>] [--runtime] [--verbose-runtime] [--explain] [--no-animations] [--ascii]\n codex-plugin-doctor audit --installed [filter] [--policy codex-publish|mcp-strict|security] [--security] [--compat] [--json] [--output <path>] [--cache] [--changed]\n codex-plugin-doctor mcp <path> [--json] [--output <path>]\n codex-plugin-doctor security <path> [--policy security] [--json|--scorecard]\n codex-plugin-doctor compat <path> [--all|--client <client>] [--json] [--scorecard] [--output <path>] [--install-preview|--apply --backup]\n codex-plugin-doctor fix <path> (--dry-run|--interactive --backup|--apply --backup)\n codex-plugin-doctor history <history.jsonl> [--json] [--fail-on-regression]\n codex-plugin-doctor doctor [npm <package>|contract|corpus|attest <path>|inspector <path>|diff --before <path> --after <path>|recommend <path>|trust <path>|perf <path>|export --bundle <path>|snapshot|clients|--json|--update-check]\n codex-plugin-doctor init [path] [--template skill-only|mcp-stdio|mcp-http|full-runtime]\n codex-plugin-doctor init-ci [path]\n codex-plugin-doctor self-test\n codex-plugin-doctor list --installed\n codex-plugin-doctor explain <finding-id>\n codex-plugin-doctor --version\n\nFirst run:\n codex-plugin-doctor doctor\n codex-plugin-doctor self-test\n codex-plugin-doctor init my-plugin\n codex-plugin-doctor check . --runtime --explain");
|
|
70
72
|
}
|
|
71
73
|
function renderInstalledPlugins(plugins) {
|
|
72
74
|
const lines = [
|
|
@@ -231,6 +233,47 @@ export async function runCli(args, io = defaultIo, options = {}) {
|
|
|
231
233
|
io.writeStdout(renderedReport);
|
|
232
234
|
return report.exitCode;
|
|
233
235
|
}
|
|
236
|
+
if (maybePath === "contract") {
|
|
237
|
+
const jsonOutput = remainingArgs.includes("--json");
|
|
238
|
+
const outputIndex = remainingArgs.indexOf("--output");
|
|
239
|
+
const outputPath = outputIndex === -1 ? null : remainingArgs[outputIndex + 1];
|
|
240
|
+
if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
|
|
241
|
+
io.writeStderr("Missing path after --output.");
|
|
242
|
+
return 2;
|
|
243
|
+
}
|
|
244
|
+
const contract = buildDoctorOutputContract();
|
|
245
|
+
const contractJson = renderDoctorOutputContractJson(contract);
|
|
246
|
+
if (outputPath) {
|
|
247
|
+
await writeFile(outputPath, contractJson, "utf8");
|
|
248
|
+
}
|
|
249
|
+
io.writeStdout(jsonOutput
|
|
250
|
+
? contractJson
|
|
251
|
+
: renderDoctorOutputContract(contract, { outputPath }));
|
|
252
|
+
return 0;
|
|
253
|
+
}
|
|
254
|
+
if (maybePath === "corpus") {
|
|
255
|
+
const jsonOutput = remainingArgs.includes("--json");
|
|
256
|
+
const outputIndex = remainingArgs.indexOf("--output");
|
|
257
|
+
const outputPath = outputIndex === -1 ? null : remainingArgs[outputIndex + 1];
|
|
258
|
+
if (outputIndex !== -1 && (!outputPath || outputPath.startsWith("--"))) {
|
|
259
|
+
io.writeStderr("Missing path after --output.");
|
|
260
|
+
return 2;
|
|
261
|
+
}
|
|
262
|
+
const report = await buildDoctorValidationCorpusReport({
|
|
263
|
+
environment: {
|
|
264
|
+
env: terminalContext.env,
|
|
265
|
+
platform: terminalContext.platform
|
|
266
|
+
}
|
|
267
|
+
});
|
|
268
|
+
const reportJson = renderDoctorValidationCorpusJson(report);
|
|
269
|
+
if (outputPath) {
|
|
270
|
+
await writeFile(outputPath, reportJson, "utf8");
|
|
271
|
+
}
|
|
272
|
+
io.writeStdout(jsonOutput
|
|
273
|
+
? reportJson
|
|
274
|
+
: renderDoctorValidationCorpusReport(report, { outputPath }));
|
|
275
|
+
return report.summary.status === "pass" ? 0 : 1;
|
|
276
|
+
}
|
|
234
277
|
if (maybePath === "attest") {
|
|
235
278
|
const targetPath = remainingArgs[0] && !remainingArgs[0].startsWith("--")
|
|
236
279
|
? remainingArgs[0]
|
package/package.json
CHANGED