devsurface 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/README.md +110 -15
- package/SECURITY.md +9 -0
- package/action/dist/index.js +644 -0
- package/action.yml +39 -0
- package/dist/cli/index.js +1312 -236
- package/dist/cli/index.js.map +1 -1
- package/package.json +9 -5
- package/src/web/dist/assets/index-7njY8n4D.js +10 -0
- package/src/web/dist/assets/index-DvunFIw4.css +1 -0
- package/src/web/dist/index.html +2 -2
- package/src/web/dist/assets/index-BPOLPimA.js +0 -10
- package/src/web/dist/assets/index-Ch_lsiJZ.css +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,28 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.3.0
|
|
4
|
+
|
|
5
|
+
- Added the reusable `mrfandu1/devsurface@v0` GitHub Action.
|
|
6
|
+
- Added static repository checks for onboarding documentation, scripts, configuration,
|
|
7
|
+
environment setup, and declared ports.
|
|
8
|
+
- Added workflow annotations, job summaries, optional update-in-place pull request
|
|
9
|
+
comments, and configurable failure thresholds.
|
|
10
|
+
- Added safe fallback behavior when fork pull requests have read-only tokens.
|
|
11
|
+
- Added Docker Compose service status with running, stopped, error, and unavailable states.
|
|
12
|
+
- Added dashboard controls to start and stop individual Compose services.
|
|
13
|
+
- Added bounded per-service Docker Compose logs in the Services view.
|
|
14
|
+
- Added Docker Desktop guidance when the engine is not responding on macOS or Windows.
|
|
15
|
+
- Reduced consumer-installed dependencies by bundling the browser opener and keeping
|
|
16
|
+
React build-only.
|
|
17
|
+
|
|
18
|
+
## 0.2.0
|
|
19
|
+
|
|
20
|
+
- Added retained process logs through `GET /api/logs` so the dashboard can recover session output without relying only on WebSocket state.
|
|
21
|
+
- Added dashboard keyboard shortcuts for refresh, section navigation, settings, sidebar collapse, and drawer close.
|
|
22
|
+
- Added exit-code-aware process status labels in the dashboard.
|
|
23
|
+
- Kept dashboard settings in memory to avoid browser storage.
|
|
24
|
+
- Documented `bunx devsurface` as a no-install launch command.
|
|
25
|
+
|
|
3
26
|
## 0.1.0
|
|
4
27
|
|
|
5
28
|
- Initial DevSurface MVP scaffold.
|
package/README.md
CHANGED
|
@@ -1,8 +1,34 @@
|
|
|
1
|
-
|
|
1
|
+
<!-- markdownlint-disable MD033 MD041 -->
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
<a id="readme-top"></a>
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
<div align="center">
|
|
6
|
+
|
|
7
|
+
<h1>DevSurface</h1>
|
|
8
|
+
|
|
9
|
+
<p><strong>Turn any Node.js repository into a local developer control panel.</strong></p>
|
|
10
|
+
|
|
11
|
+
<p>
|
|
12
|
+
<a href="#quick-start">Quick Start</a>
|
|
13
|
+
·
|
|
14
|
+
<a href="#commands">Commands</a>
|
|
15
|
+
·
|
|
16
|
+
<a href="#dashboard">Dashboard</a>
|
|
17
|
+
·
|
|
18
|
+
<a href="https://github.com/mrfandu1/devsurface/issues">Report an issue</a>
|
|
19
|
+
</p>
|
|
20
|
+
|
|
21
|
+
<p>
|
|
22
|
+
<a href="https://github.com/mrfandu1/devsurface">
|
|
23
|
+
<img alt="DevSurface ready" src="docs/devsurface-badge.svg">
|
|
24
|
+
</a>
|
|
25
|
+
<a href="LICENSE">
|
|
26
|
+
<img alt="License: MIT" src="https://img.shields.io/badge/License-MIT-informational">
|
|
27
|
+
</a>
|
|
28
|
+
<img alt="Built with TypeScript" src="https://img.shields.io/badge/Built%20with-TypeScript-3178c6">
|
|
29
|
+
</p>
|
|
30
|
+
|
|
31
|
+
</div>
|
|
6
32
|
|
|
7
33
|
DevSurface scans a project, starts a local dashboard, and shows the things contributors
|
|
8
34
|
usually need before a project will run: package scripts, environment files, ports,
|
|
@@ -14,6 +40,12 @@ No config file is required.
|
|
|
14
40
|
npx devsurface
|
|
15
41
|
```
|
|
16
42
|
|
|
43
|
+
With Bun:
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
bunx devsurface
|
|
47
|
+
```
|
|
48
|
+
|
|
17
49
|

|
|
18
50
|
|
|
19
51
|
## Why DevSurface
|
|
@@ -52,6 +84,13 @@ cd my-node-project
|
|
|
52
84
|
npx devsurface
|
|
53
85
|
```
|
|
54
86
|
|
|
87
|
+
Or, if you use Bun:
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
cd my-node-project
|
|
91
|
+
bunx devsurface
|
|
92
|
+
```
|
|
93
|
+
|
|
55
94
|
The dashboard opens at:
|
|
56
95
|
|
|
57
96
|
```text
|
|
@@ -63,6 +102,13 @@ terminal.
|
|
|
63
102
|
|
|
64
103
|
## Commands
|
|
65
104
|
|
|
105
|
+
Run DevSurface without installing it globally:
|
|
106
|
+
|
|
107
|
+
| Runtime | Command |
|
|
108
|
+
| ------- | ----------------- |
|
|
109
|
+
| npm | `npx devsurface` |
|
|
110
|
+
| Bun | `bunx devsurface` |
|
|
111
|
+
|
|
66
112
|
| Command | Description |
|
|
67
113
|
| ------------------------- | -------------------------------------------------------------------- |
|
|
68
114
|
| `devsurface` | Scan the current project, start the dashboard, and open the browser. |
|
|
@@ -71,6 +117,50 @@ terminal.
|
|
|
71
117
|
| `devsurface init` | Create a starter `devsurface.config.json`. |
|
|
72
118
|
| `devsurface run <script>` | Run a package script and stream output. |
|
|
73
119
|
|
|
120
|
+
## GitHub Action
|
|
121
|
+
|
|
122
|
+
DevSurface can check repository onboarding health on every pull request without
|
|
123
|
+
installing dependencies or running project scripts.
|
|
124
|
+
|
|
125
|
+
```yaml
|
|
126
|
+
name: DevSurface
|
|
127
|
+
|
|
128
|
+
on:
|
|
129
|
+
pull_request:
|
|
130
|
+
push:
|
|
131
|
+
branches: [main]
|
|
132
|
+
|
|
133
|
+
permissions:
|
|
134
|
+
contents: read
|
|
135
|
+
pull-requests: write
|
|
136
|
+
|
|
137
|
+
jobs:
|
|
138
|
+
health:
|
|
139
|
+
runs-on: ubuntu-latest
|
|
140
|
+
steps:
|
|
141
|
+
- uses: actions/checkout@v4
|
|
142
|
+
- uses: mrfandu1/devsurface@v0
|
|
143
|
+
with:
|
|
144
|
+
fail-on: error
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
The action always emits workflow annotations and a Markdown job summary. On pull
|
|
148
|
+
requests it also creates or updates one DevSurface comment when the workflow token
|
|
149
|
+
has `pull-requests: write`. Fork pull requests normally receive a read-only token;
|
|
150
|
+
in that case the action keeps the annotations and summary and skips the comment.
|
|
151
|
+
|
|
152
|
+
Inputs:
|
|
153
|
+
|
|
154
|
+
| Input | Default | Description |
|
|
155
|
+
| -------------- | ------- | --------------------------------------------------------------- |
|
|
156
|
+
| `path` | `.` | Repository-relative directory to check. |
|
|
157
|
+
| `fail-on` | `error` | Fail on `error`, `warning`, or never fail with `never`. |
|
|
158
|
+
| `comment` | `true` | Create or update a pull request comment when permissions allow. |
|
|
159
|
+
| `github-token` | token | Token used only for pull request comments. |
|
|
160
|
+
|
|
161
|
+
The repository checks are intentionally static. They do not install dependencies,
|
|
162
|
+
run package scripts, inspect local ports, require a real `.env`, or contact Docker.
|
|
163
|
+
|
|
74
164
|
## What It Detects
|
|
75
165
|
|
|
76
166
|
| Area | Detection |
|
|
@@ -80,7 +170,7 @@ terminal.
|
|
|
80
170
|
| Scripts | `package.json` scripts |
|
|
81
171
|
| Environment | `.env`, `.env.example`, missing and empty keys without values |
|
|
82
172
|
| Ports | Configured, inferred, and occupied ports using Node's `net` module |
|
|
83
|
-
| Docker | Compose files,
|
|
173
|
+
| Docker | Compose files, daemon status, service state, controls, and logs |
|
|
84
174
|
| Git | Repository presence and current branch |
|
|
85
175
|
| Framework | Next.js, Vite, Express, Fastify, NestJS, Remix, Prisma |
|
|
86
176
|
|
|
@@ -95,7 +185,8 @@ The dashboard includes:
|
|
|
95
185
|
- **Scripts**: every package script, plus grouped configured commands when present.
|
|
96
186
|
- **Environment**: `.env` and `.env.example` status, key presence, and copy-from-example.
|
|
97
187
|
- **Ports**: detected ports with availability and conflict warnings.
|
|
98
|
-
- **Services**: Docker Compose
|
|
188
|
+
- **Services**: Docker Compose daemon state, per-service status, start/stop controls,
|
|
189
|
+
and the latest 200 log lines for each service.
|
|
99
190
|
- **Logs**: expandable per-command logs with timestamps, streams, and exit state.
|
|
100
191
|
- **Repo Health**: doctor warnings for common setup issues.
|
|
101
192
|
|
|
@@ -157,6 +248,7 @@ DevSurface is designed for local development.
|
|
|
157
248
|
- Mutating API routes require dashboard intent headers.
|
|
158
249
|
- `.env` values are never returned by scanners, API routes, CLI output, or UI panels.
|
|
159
250
|
- Dashboard command runs show the exact command string first.
|
|
251
|
+
- Docker service start and stop actions show the exact Compose command before running.
|
|
160
252
|
- Destructive-looking configured commands, such as `rm -rf`, `docker volume rm`,
|
|
161
253
|
database drops, and `git clean -fd`, are visibly marked before execution.
|
|
162
254
|
- Child processes started by DevSurface are cleaned up when the dashboard exits.
|
|
@@ -205,18 +297,21 @@ npm test
|
|
|
205
297
|
npm run build
|
|
206
298
|
```
|
|
207
299
|
|
|
208
|
-
##
|
|
300
|
+
## Contributing
|
|
301
|
+
|
|
302
|
+
Contributions of every kind are welcome: code, documentation, bug reports,
|
|
303
|
+
examples, and reviews. Start with [CONTRIBUTING.md](CONTRIBUTING.md) for the
|
|
304
|
+
development workflow.
|
|
209
305
|
|
|
210
|
-
|
|
211
|
-
built CLI, built web UI, README, demo GIF, license, and changelog. Private notes,
|
|
212
|
-
tests, examples, and development-only files are excluded from npm publishes.
|
|
306
|
+
## License
|
|
213
307
|
|
|
214
|
-
|
|
308
|
+
DevSurface is released under the MIT License. See [LICENSE](LICENSE) for the full
|
|
309
|
+
text. Copyright (c) 2026 DevSurface contributors.
|
|
215
310
|
|
|
216
|
-
|
|
217
|
-
npm pack --dry-run
|
|
218
|
-
```
|
|
311
|
+
## Contact and community
|
|
219
312
|
|
|
220
|
-
|
|
313
|
+
- GitHub Issues: report bugs and request features through
|
|
314
|
+
[GitHub Issues](https://github.com/mrfandu1/devsurface/issues).
|
|
315
|
+
- Security: report vulnerabilities through [SECURITY.md](SECURITY.md).
|
|
221
316
|
|
|
222
|
-
|
|
317
|
+
[(back to top)](#readme-top)
|
package/SECURITY.md
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Reporting a Vulnerability
|
|
4
|
+
|
|
5
|
+
Please report security issues privately by opening a GitHub security advisory or by
|
|
6
|
+
emailing the maintainer listed in the repository profile.
|
|
7
|
+
|
|
8
|
+
DevSurface runs local commands from the project it scans. It never binds outside
|
|
9
|
+
`127.0.0.1`, never sends telemetry, and never exposes `.env` values.
|