commitshow 0.3.31 → 0.4.0

package/dist/commands/audit.js

@@ -1,5 +1,5 @@
 import { resolveTarget, verifyRemoteExists, TargetError } from '../lib/target.js';
-import { findProjectByGithubUrl, fetchLatestSnapshot, fetchStanding, runPreviewAudit, waitForPreviewSnapshot, } from '../lib/api.js';
+import { findProjectByGithubUrl, fetchLatestSnapshot, fetchStanding, runPreviewAudit, runSiteFastLaneAudit, waitForPreviewSnapshot, } from '../lib/api.js';
 import { renderAudit, renderMarkdown, renderJson, renderUpsell, renderStarCta, renderQuotaFooter, renderRateLimitDeny, renderAuditError, writeAuditMarkdown, writeAuditJson, } from '../lib/render.js';
 import { c } from '../lib/colors.js';
 import { Spinner } from '../lib/spinner.js';
@@ -47,6 +47,13 @@ export async function audit(args) {
         }
         throw err;
     }
+    // §15-E URL Fast Lane · short-circuit before the github-specific
+    // verifyRemoteExists / findProjectByGithubUrl path. The site-url lane
+    // has its own Edge Function (audit-site-preview) and identifies projects
+    // by live_url, not github_url, so the cached-flow lookup wouldn't apply.
+    if (target.kind === 'site-url') {
+        return await runSiteAudit(target, { force, sourceFlag, asJson });
+    }
     // Pre-flight: when the user pointed at a remote URL (or owner/repo
     // shorthand), confirm it actually resolves on github.com before we
     // spend any audit budget. Catches the 'agent invented a slug' case
@@ -161,6 +168,39 @@ export async function audit(args) {
     // Error envelope
     if ('error' in result) {
         const err = result;
+        // Friendly path for the most common CLI miss: trying to audit a
+        // private/missing/typo'd repo. Used to silently produce a 'ghost
+        // repo' snapshot scored 4 — confusing because users assumed their
+        // project actually scored that. Server now bails early with a
+        // dedicated envelope; we render a clear panel instead of a score.
+        if (err.error === 'github_inaccessible') {
+            if (asJson) {
+                process.stdout.write(JSON.stringify({
+                    error: 'github_inaccessible',
+                    reason: err.reason,
+                    slug: err.slug,
+                    github_url: err.github_url,
+                    message: err.message,
+                    hints: err.hints,
+                    target: target.github_url,
+                }) + '\n');
+            }
+            else {
+                console.error('');
+                console.error(`  ${c.scarlet('✗')} ${c.bold(c.cream("Couldn't reach"))} ${c.gold(err.slug ?? target.github_url)}`);
+                console.error('');
+                console.error(`  ${c.muted(err.message ?? "We can't see this repo.")}`);
+                console.error('');
+                if (err.hints && err.hints.length > 0) {
+                    console.error(`  ${c.muted('common causes:')}`);
+                    for (const hint of err.hints) {
+                        console.error(`    ${c.gold('·')} ${c.muted(hint)}`);
+                    }
+                    console.error('');
+                }
+            }
+            return 1;
+        }
         if (err.error === 'rate_limited') {
             if (asJson) {
                 process.stdout.write(JSON.stringify({
@@ -175,8 +215,12 @@ export async function audit(args) {
             }
             else {
                 console.error('');
+                // err.reason can include non-cap values (e.g. private_or_missing)
+                // since PreviewError unions all reasons; renderRateLimitDeny only
+                // accepts the cap variants — narrow the input before passing.
+                const capReason = err.reason === 'url_cap' || err.reason === 'global_cap' ? err.reason : 'ip_cap';
                 console.error(renderRateLimitDeny({
-                    reason: err.reason ?? 'ip_cap',
+                    reason: capReason,
                     message: err.message ?? 'Rate limit hit. Try again later.',
                     limit: err.limit ?? 0,
                     count: err.count ?? 0,
@@ -286,3 +330,101 @@ function emitError(asJson, code, message, target) {
         console.error(c.scarlet(message));
     }
 }
+// §15-E URL Fast Lane CLI handler. Mirrors the runPreviewAudit branch
+// of the main flow but routes to audit-site-preview and uses live_url
+// as the project identifier instead of github_url.
+//
+// On success: renders the same audit panel with the URL lane upsell —
+// the only delta vs the repo lane is partial-cap framing in the upsell
+// copy, handled by renderUpsell when github_url is empty.
+async function runSiteAudit(target, opts) {
+    const { force, sourceFlag, asJson } = opts;
+    if (!target.site_url) {
+        emitError(asJson, 'bad_target', 'Site URL missing — internal target resolution issue.', target.slug);
+        return 2;
+    }
+    if (!asJson) {
+        if (force)
+            console.log(c.dim(`Refreshing URL audit for ${target.slug}…`));
+        else
+            console.log(c.dim(`Auditing ${target.slug} (URL fast lane · partial)…`));
+    }
+    const result = await runSiteFastLaneAudit(target.site_url, { force, source: sourceFlag });
+    if ('error' in result) {
+        const err = result;
+        if (err.error === 'rate_limited' && err.quota) {
+            const reason = (err.reason ?? 'ip_cap');
+            // Map server's domain_cap onto url_cap for renderRateLimitDeny (same shape).
+            const capReason = reason === 'ip_cap' ? 'ip_cap' : reason === 'global_cap' ? 'global_cap' : 'url_cap';
+            if (asJson) {
+                process.stdout.write(JSON.stringify({
+                    error: 'rate_limited', reason: capReason,
+                    message: err.message ?? 'Rate limit hit.',
+                    quota: err.quota,
+                }) + '\n');
+            }
+            else {
+                console.error('');
+                console.error(renderRateLimitDeny({
+                    reason: capReason,
+                    message: err.message ?? 'Rate limit hit. Try again later.',
+                    limit: err.limit ?? 0,
+                    count: err.count ?? 0,
+                    quota: err.quota,
+                }));
+                console.error('');
+            }
+            return 1;
+        }
+        if (err.error === 'domain_opted_out') {
+            emitError(asJson, 'domain_opted_out', err.message ?? `${target.slug} declined audits via DNS TXT.`, target.site_url);
+            return 1;
+        }
+        emitError(asJson, err.error ?? 'site_audit_failed', err.message ?? 'URL audit failed.', target.site_url);
+        return 1;
+    }
+    let envelope;
+    if ('status' in result && result.status === 'running') {
+        const pending = result;
+        const spinner = new Spinner();
+        if (!asJson)
+            spinner.start(`Auditing ${target.slug}`);
+        let waited;
+        try {
+            waited = await waitForPreviewSnapshot(pending.project_id, null);
+        }
+        finally {
+            spinner.stop();
+        }
+        if (!waited) {
+            emitError(asJson, 'timeout', 'URL audit is taking longer than expected. Refresh in a minute.', target.site_url);
+            return 1;
+        }
+        envelope = { ...waited, quota: pending.quota };
+    }
+    else {
+        envelope = result;
+    }
+    const view = { project: envelope.project, snapshot: envelope.snapshot, standing: null };
+    if (asJson) {
+        const shape = JSON.parse(renderJson(view));
+        if (envelope.quota)
+            shape.quota = envelope.quota;
+        shape.audit_kind = 'url_fast_lane';
+        process.stdout.write(JSON.stringify(shape, null, 2) + '\n');
+    }
+    else {
+        console.log('');
+        console.log(renderAudit(view));
+        console.log('');
+        if (envelope.quota) {
+            console.log(renderQuotaFooter(envelope.quota));
+            console.log('');
+        }
+        // Custom upsell · partial-cap framing
+        console.log(c.dim(`  ${c.gold('partial audit')} · the engine couldn't see your repo signals (tests · CI · LICENSE · brief).\n` +
+            `  Push past the URL ceiling: ${c.cream('commit.show/submit')} with your repo.`));
+        console.log('');
+    }
+    return 0;
+}

package/dist/commands/extract.js

@@ -139,21 +139,34 @@ function copyToClipboard(text) {
 export async function extract(args) {
     const asJson = args.includes('--json');
     const positional = args.find(a => !a.startsWith('--'));
-    let target;
+    // Unlike `audit`, extract doesn't NEED a GitHub URL — it just scans
+    // ~/.claude/projects/<encoded-cwd>/*.jsonl for token usage. github_url
+    // is purely optional metadata in the blob (helps the server match the
+    // receipt back to the right project on commit.show). So we try to
+    // resolve a target but fall back to a cwd-only target when there's no
+    // git remote — instead of bailing with audit's "No git remote" error.
+    let target = null;
     try {
         target = resolveTarget(positional, { workspace: null });
     }
     catch (e) {
         if (e instanceof TargetError) {
-            console.error(c.scarlet(e.message));
-            return 1;
+            // Treat as 'no github_url' rather than fatal · scan still works.
+            target = { github_url: null, localPath: positional ? positional : process.cwd() };
+        }
+        else {
+            throw e;
         }
-        throw e;
     }
     if (!asJson) {
         console.log();
         console.log(HEADER);
         console.log();
+        if (!target.github_url) {
+            console.log(c.muted(`  no git remote detected · receipt will scan local Claude Code sessions only`));
+            console.log(c.muted(`  paste the blob into your project's audition form on commit.show — that's where it gets matched`));
+            console.log();
+        }
     }
     // Use the local cwd (or the path target) as the lookup key. Remote URL
     // targets fall back to scanning the entire ~/.claude/projects/ for any

package/dist/index.js

@@ -51,6 +51,8 @@ ${c.muted('TARGET FORMS')}  ${c.dim('(default: cwd)')}
   ${c.cream('commitshow audit github.com/owner/repo')}            ${c.dim('# remote shorthand')}
   ${c.cream('commitshow audit https://github.com/o/r')}           ${c.dim('# full URL')}
   ${c.cream('commitshow audit owner/repo')}                       ${c.dim('# last-ditch shorthand')}
+  ${c.cream('commitshow audit yoursite.com')}                     ${c.dim('# URL Fast Lane · partial audit · no repo needed')}
+  ${c.cream('commitshow audit https://yoursite.com')}             ${c.dim('# same · full URL form')}
 
 ${c.muted('MONOREPO TARGETS')}  ${c.dim('(all three forms produce the same audit)')}
   ${c.cream('commitshow audit github.com/o/r --workspace apps/web')}     ${c.dim('# explicit flag')}

package/dist/lib/api.js

@@ -121,6 +121,26 @@ export async function runPreviewAudit(githubUrl, liveUrl, opts = {}) {
         return body;
     return body;
 }
+/** §15-E URL Fast Lane · sister of runPreviewAudit. Kicks off audit on a
+ *  deployed site URL (no repo). Server returns 202 + project_id like
+ *  audit-preview · same poller (waitForPreviewSnapshot) handles the wait. */
+export async function runSiteFastLaneAudit(siteUrl, opts = {}) {
+    const res = await fetch(`${baseUrl()}/functions/v1/audit-site-preview`, {
+        method: 'POST',
+        headers: headers(),
+        body: JSON.stringify({
+            site_url: siteUrl,
+            force: opts.force === true,
+            source: opts.source ?? null,
+        }),
+    });
+    const body = await res.json().catch(() => ({ error: 'invalid_json' }));
+    if (res.status === 202)
+        return body;
+    if (!res.ok)
+        return body;
+    return body;
+}
 /** Poll a preview job until the snapshot lands or we time out.
  *
  *  `since` (ISO timestamp) is the baseline we wait past. For an INITIAL audit

package/dist/lib/target.js

@@ -1,17 +1,21 @@
 // Target detection — turns the CLI positional arg into a canonical
-// { kind: 'remote-url', github_url } or { kind: 'local', path, github_url? }.
+// { kind: 'remote-url', github_url } or { kind: 'local', path, github_url? }
+// or { kind: 'site-url', site_url } (§15-E URL fast lane).
 //
-// Accepted inputs (all resolve to a GitHub HTTPS URL):
+// Accepted inputs:
 //   · (omitted)                                       → cwd · read `git remote get-url origin`
 //   · ./my-repo · /abs/path                           → local dir · same remote inference
 //   · github.com/owner/repo                           → bare host shorthand
 //   · https://github.com/owner/repo                   → full URL
 //   · git@github.com:owner/repo.git                   → ssh form (common in `git remote`)
 //   · owner/repo                                      → last-ditch shorthand (2 segments, no dot)
-//   · github.com/owner/repo/apps/web                  → inline workspace (post-2026-05-06)
+//   · github.com/owner/repo/apps/web                  → inline workspace
 //   · https://github.com/owner/repo/tree/main/apps/web → GitHub browse URL (paste-friendly)
+//   · yoursite.com  /  https://yoursite.com           → site URL (§15-E URL Fast Lane · NEW)
+//                                                       routes to audit-site-preview ·
+//                                                       partial cap ~32/50 · no repo needed
 //
-// Workspace selection precedence:
+// Workspace selection precedence (repo lanes only):
 //   1. --workspace <path> CLI flag (highest · explicit override)
 //   2. Inline path in target URL (sub-path after <owner>/<repo>)
 //   3. Auto-pick on the server (Edge Function priority-name → repo-name → file count)
@@ -113,6 +117,43 @@ function matchUrl(raw) {
     }
     return null;
 }
+// Site URL detection (§15-E URL Fast Lane).
+// Accepts:
+//   · https://example.com  / http://example.com         → full URL
+//   · example.com  / sub.example.com                    → bare host (added https://)
+//   · example.com/path                                  → host + path · we strip path (origin only)
+// Rejects:
+//   · github.com URLs (those go to remote-url path · matchUrl above)
+//   · localhost / private IPs / 1-segment hosts (no dot)
+//   · commit.show itself (reflexive)
+function matchSiteUrl(raw) {
+    const s = raw.trim();
+    if (!s)
+        return null;
+    // owner/repo shorthand has no dot in the second segment — handled by matchUrl.
+    // Anything reaching here that contains "github.com" is a github form we already
+    // tried · don't double-route.
+    if (/github\.com/i.test(s))
+        return null;
+    const candidate = /^https?:\/\//i.test(s) ? s : `https://${s}`;
+    let u;
+    try {
+        u = new URL(candidate);
+    }
+    catch {
+        return null;
+    }
+    if (u.protocol !== 'http:' && u.protocol !== 'https:')
+        return null;
+    const host = u.host.toLowerCase().replace(/^www\./, '');
+    if (!host.includes('.'))
+        return null; // localhost · single-label hosts
+    if (/^(localhost|127\.|10\.|192\.168\.|172\.(1[6-9]|2\d|3[01])\.)/.test(host))
+        return null;
+    if (host === 'commit.show' || host.endsWith('.commit.show'))
+        return null;
+    return { origin: `${u.protocol}//${host}`, host };
+}
 function gitRemoteOrigin(cwd) {
     try {
         const out = execSync('git remote get-url origin', {
@@ -135,7 +176,7 @@ export function resolveTarget(rawArg, opts = {}) {
     // Both normalized through the same path so the server receives a
     // single shape.
     const flagWorkspace = normalizeSubpath(opts.workspace ?? null);
-    // 1 · Explicit URL forms
+    // 1 · Explicit URL forms — github first (most common · most specific)
     if (rawArg) {
         const m = matchUrl(rawArg);
         if (m) {
@@ -146,6 +187,18 @@ export function resolveTarget(rawArg, opts = {}) {
                 workspace: flagWorkspace ?? m.workspace ?? null,
             };
         }
+        // 1b · Site URL fast lane (§15-E) — anything URL-shaped that isn't
+        //      github.com / a local path. Routes to audit-site-preview.
+        const site = matchSiteUrl(rawArg);
+        if (site) {
+            return {
+                kind: 'site-url',
+                github_url: '',
+                site_url: site.origin,
+                slug: site.host,
+                workspace: null,
+            };
+        }
     }
     // 2 · Local path (arg resolves to a directory) or cwd
     const path = resolve(rawArg ?? '.');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "commitshow",
-  "version": "0.3.31",
+  "version": "0.4.0",
   "description": "commit.show CLI — audit any vibe-coded project from your terminal.",
   "type": "module",
   "bin": {