npm - commitshow - Versions diffs - 0.3.26 → 0.3.28 - Mend

commitshow 0.3.26 → 0.3.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/commands/audit.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { findProjectByGithubUrl, fetchLatestSnapshot, fetchStanding, runPreviewA
 import { renderAudit, renderMarkdown, renderJson, renderUpsell, renderStarCta, renderQuotaFooter, renderRateLimitDeny, renderAuditError, writeAuditMarkdown, writeAuditJson, } from '../lib/render.js';
 import { c } from '../lib/colors.js';
 import { Spinner } from '../lib/spinner.js';
+import { maybeOfferCi } from '../lib/ci-prompt.js';
 export async function audit(args) {
     const asJson = args.includes('--json');
     const force = args.includes('--refresh') || args.includes('--force');
@@ -123,6 +124,12 @@ export async function audit(args) {
                 if (jsonPath)
                     console.log(c.dim(`  Saved → ${jsonPath}`));
             }
+            // Post-audit CI nudge · only in interactive non-JSON mode.
+            // Skipped silently if not in a git repo / no GitHub remote /
+            // workflow already exists.
+            if (!asJson && target.localPath) {
+                await maybeOfferCi(target.localPath);
+            }
         }
         return 0;
     }
@@ -248,6 +255,10 @@ export async function audit(args) {
             if (jsonPath)
                 console.log(c.dim(`  Saved → ${jsonPath}`));
         }
+        // Post-audit CI nudge · only in interactive non-JSON mode.
+        if (!asJson && target.localPath) {
+            await maybeOfferCi(target.localPath);
+        }
     }
     return 0;
 }

package/dist/lib/ci-prompt.js ADDED Viewed

@@ -0,0 +1,93 @@
+// Post-audit nudge · ask the user whether to wire the audit into CI
+// by writing .github/workflows/audit.yml in their repo. Highest-intent
+// moment (they just saw their score and concerns) and the cheapest
+// possible install path (one file, one commit).
+//
+// Skipped silently when:
+//   · stdout/stdin isn't a TTY (CI, scripted use)
+//   · target isn't a git repo
+//   · the repo has no github.com remote
+//   · the workflow file already exists (don't overwrite)
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { createInterface } from 'node:readline/promises';
+import { c } from './colors.js';
+const WORKFLOW_REL_PATH = '.github/workflows/audit.yml';
+const WORKFLOW_BODY = `name: audit
+on:
+  pull_request:
+permissions:
+  pull-requests: write
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: commitshow/audit-action@v1
+`;
+function isGitRepo(path) {
+    return existsSync(join(path, '.git'));
+}
+function hasGithubRemote(path) {
+    try {
+        const cfg = readFileSync(join(path, '.git', 'config'), 'utf8');
+        return /url\s*=\s*[^\n]*github\.com/i.test(cfg);
+    }
+    catch {
+        return false;
+    }
+}
+function existingWorkflow(path) {
+    return existsSync(join(path, WORKFLOW_REL_PATH));
+}
+async function ask(question, defaultYes = true) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    try {
+        const raw = await rl.question(question + ' ');
+        const ans = raw.trim().toLowerCase();
+        if (ans === '')
+            return defaultYes;
+        return ans === 'y' || ans === 'yes';
+    }
+    finally {
+        rl.close();
+    }
+}
+export async function maybeOfferCi(localPath) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY)
+        return;
+    if (!isGitRepo(localPath))
+        return;
+    if (!hasGithubRemote(localPath))
+        return;
+    if (existingWorkflow(localPath))
+        return;
+    console.log('');
+    console.log(c.muted('  Want this audit to run on every pull request?'));
+    console.log(c.muted(`  Drops a single file at ${WORKFLOW_REL_PATH} that uses commitshow/audit-action@v1.`));
+    console.log(c.muted('  The action posts a sticky comment on each PR so regressions surface in review.'));
+    let yes;
+    try {
+        yes = await ask(c.gold('  Add the workflow? [Y/n]'), true);
+    }
+    catch {
+        // Reading from stdin can throw on unusual terminal states (e.g. piped
+        // input that closes mid-read). Treat as "no" rather than crashing.
+        return;
+    }
+    if (!yes) {
+        console.log(c.dim('  Skipped. Run again later or copy the YAML from https://github.com/commitshow/audit-action.'));
+        return;
+    }
+    try {
+        const dir = join(localPath, '.github', 'workflows');
+        mkdirSync(dir, { recursive: true });
+        writeFileSync(join(localPath, WORKFLOW_REL_PATH), WORKFLOW_BODY, 'utf8');
+        console.log(c.gold(`  ✓ Wrote ${WORKFLOW_REL_PATH}`));
+        console.log(c.muted('  Next: commit and push, then open a pull request — the score will post automatically.'));
+    }
+    catch (e) {
+        console.log(c.scarlet(`  Could not write ${WORKFLOW_REL_PATH}: ${e.message}`));
+    }
+}

package/dist/lib/render.js CHANGED Viewed

@@ -517,6 +517,14 @@ export function renderAudit(view) {
     const name = p.project_name ?? 'untitled';
     const slug = p.github_url?.replace(/^https?:\/\//, '') ?? '';
     lines.push('  ' + c.bold(c.cream(name)) + '   ' + c.muted(slug));
+    // Scanned-scope transparency line · monorepo-aware. For supabase-style
+    // big monorepos, this disarms the "you said our service fails X" trap
+    // by stating what was actually traversed (apps/studio + apps/www, not
+    // postgres-meta or gotrue or storage which live in separate repos).
+    const scope = snapshot?.github_signals?.scanned_scope;
+    if (scope) {
+        lines.push('  ' + c.muted('Scanned · ') + c.cream(scope));
+    }
     lines.push('');
     // ── 3 strengths + 2 concerns box · errors-first reorder (2026-04-30) ──
     // CONCERNS render before STRENGTHS · the value prop is "what your AI
@@ -929,6 +937,14 @@ export function renderMarkdown(view) {
     lines.push(`**${p.project_name}**`);
     if (p.github_url)
         lines.push(`_${p.github_url}_`);
+    // Scope transparency · same string the CLI prints. Lets a downstream
+    // agent reading audit.md know whether the concerns came from the core
+    // service or from a dashboard / marketing sub-app of a monorepo.
+    const scope = snapshot?.github_signals?.scanned_scope;
+    if (scope) {
+        lines.push('');
+        lines.push(`Scanned · ${scope}`);
+    }
     lines.push('');
     // errors-first markdown order (2026-04-30) · concerns + strengths
     // BEFORE the score so the AI agent reading audit.md picks up the
@@ -1024,6 +1040,7 @@ export function toAgentShape(view) {
             status: p.status,
             creator: { name: p.creator_name, grade: p.creator_grade },
             url: `https://commit.show/projects/${p.id}`,
+            scanned_scope: snapshot?.github_signals?.scanned_scope ?? null,
         },
         score: {
             track: isWalkOn ? 'walk_on' : 'league',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "commitshow",
-  "version": "0.3.26",
+  "version": "0.3.28",
   "description": "commit.show CLI \u2014 audit any vibe-coded project from your terminal.",
   "type": "module",
   "bin": {