flowlint 0.3.7 → 0.3.8

package/README.md

@@ -0,0 +1,390 @@
+# FlowLint CLI
+
+Static analysis tool for n8n workflows - detect issues early, fix them faster.
+
+## Installation
+
+```bash
+npm install -g flowlint
+```
+
+Or use with npx (no installation required):
+
+```bash
+npx flowlint scan ./workflows
+```
+
+## Quick Start
+
+Scan workflows in the current directory:
+
+```bash
+flowlint scan .
+```
+
+Scan a specific directory:
+
+```bash
+flowlint scan ./workflows
+```
+
+Scan with a custom config file:
+
+```bash
+flowlint scan . --config .flowlint.yml
+```
+
+## Output Formats
+
+FlowLint supports multiple output formats for different use cases:
+
+### Stylish (Default)
+
+Human-readable console output with colors and formatting:
+
+```bash
+flowlint scan .
+```
+
+### JSON
+
+Machine-readable JSON output:
+
+```bash
+flowlint scan . --format json
+flowlint scan . --format json --out-file report.json
+```
+
+### SARIF
+
+SARIF 2.1.0 format for GitHub Code Scanning and other security platforms:
+
+```bash
+flowlint scan . --format sarif --out-file results.sarif
+```
+
+### JUnit XML
+
+JUnit XML format for CI/CD platforms (Jenkins, GitLab CI, CircleCI, etc.):
+
+```bash
+flowlint scan . --format junit --out-file results.xml
+```
+
+### GitHub Actions
+
+GitHub Actions workflow commands for inline annotations in workflow logs:
+
+```bash
+flowlint scan . --format github-actions
+```
+
+## Command Reference
+
+### `scan`
+
+Scan workflow files for issues.
+
+```bash
+flowlint scan [path] [options]
+```
+
+**Arguments:**
+- `path` - Directory to scan (default: current directory)
+
+**Options:**
+- `--config <path>` - Path to `.flowlint.yml` config file
+- `--format <format>` - Output format: `stylish`, `json`, `sarif`, `junit`, `github-actions` (default: `stylish`)
+- `--out-file <path>` - Write results to file (format inferred from extension or `--format`)
+- `--fail-on-error` - Exit with code 1 if errors found
+
+**Examples:**
+
+```bash
+# Scan current directory with default config
+flowlint scan
+
+# Scan specific directory
+flowlint scan ./my-workflows
+
+# Use custom config
+flowlint scan --config custom-config.yml
+
+# Output JSON to file
+flowlint scan --format json --out-file report.json
+
+# Generate SARIF for GitHub Code Scanning
+flowlint scan --format sarif --out-file results.sarif
+
+# Generate JUnit XML for Jenkins
+flowlint scan --format junit --out-file test-results.xml
+
+# Fail CI build if errors found
+flowlint scan --fail-on-error
+```
+
+## CI/CD Integration
+
+### GitHub Actions
+
+#### Option 1: SARIF Upload (Recommended)
+
+Upload results to GitHub Code Scanning for permanent PR annotations:
+
+```yaml
+name: FlowLint
+
+on:
+  pull_request:
+    paths:
+      - '**.json'
+
+jobs:
+  flowlint:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write  # Required for SARIF upload
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run FlowLint
+        run: npx flowlint scan --format sarif --out-file results.sarif
+        continue-on-error: true  # Don't fail workflow on findings
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: results.sarif
+```
+
+#### Option 2: Workflow Annotations
+
+Show findings directly in workflow logs:
+
+```yaml
+name: FlowLint
+
+on:
+  pull_request:
+    paths:
+      - '**.json'
+
+jobs:
+  flowlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run FlowLint
+        run: npx flowlint scan --format github-actions --fail-on-error
+```
+
+#### Option 3: Both (Best of Both Worlds)
+
+Combine both approaches for immediate feedback and permanent annotations:
+
+```yaml
+name: FlowLint
+
+on:
+  pull_request:
+    paths:
+      - '**.json'
+
+jobs:
+  flowlint:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run FlowLint (Workflow Annotations)
+        run: npx flowlint scan --format github-actions
+        continue-on-error: true
+
+      - name: Run FlowLint (SARIF)
+        run: npx flowlint scan --format sarif --out-file results.sarif
+        continue-on-error: true
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: results.sarif
+
+      - name: Check for blocking issues
+        run: npx flowlint scan --fail-on-error
+```
+
+### GitLab CI
+
+```yaml
+flowlint:
+  stage: test
+  image: node:22
+  script:
+    - npx flowlint scan --format junit --out-file flowlint-results.xml
+  artifacts:
+    when: always
+    reports:
+      junit: flowlint-results.xml
+```
+
+### Jenkins
+
+```groovy
+pipeline {
+  agent any
+
+  stages {
+    stage('FlowLint') {
+      steps {
+        sh 'npx flowlint scan --format junit --out-file flowlint-results.xml'
+      }
+      post {
+        always {
+          junit 'flowlint-results.xml'
+        }
+      }
+    }
+  }
+}
+```
+
+### CircleCI
+
+```yaml
+version: 2.1
+
+jobs:
+  flowlint:
+    docker:
+      - image: cimg/node:22.0
+    steps:
+      - checkout
+      - run:
+          name: Run FlowLint
+          command: npx flowlint scan --format junit --out-file test-results/flowlint.xml
+      - store_test_results:
+          path: test-results
+```
+
+### Azure Pipelines
+
+```yaml
+trigger:
+  branches:
+    include:
+      - main
+      - develop
+
+pool:
+  vmImage: 'ubuntu-latest'
+
+steps:
+  - task: NodeTool@0
+    inputs:
+      versionSpec: '22.x'
+
+  - script: npx flowlint scan --format junit --out-file flowlint-results.xml
+    displayName: 'Run FlowLint'
+
+  - task: PublishTestResults@2
+    condition: always()
+    inputs:
+      testResultsFormat: 'JUnit'
+      testResultsFiles: 'flowlint-results.xml'
+      failTaskOnFailedTests: true
+```
+
+## Configuration
+
+Create a `.flowlint.yml` file in your repository root:
+
+```yaml
+files:
+  include:
+    - '**/*.json'
+  ignore:
+    - 'node_modules/**'
+    - 'dist/**'
+
+report:
+  annotations: true
+  summary_limit: 100
+
+rules:
+  R1:
+    enabled: true
+  R2:
+    enabled: true
+  # ... etc
+```
+
+See [FlowLint documentation](https://flowlint.dev) for complete configuration reference.
+
+## Exit Codes
+
+- `0` - Success (no errors or only warnings/suggestions)
+- `1` - Analysis found blocking issues (when using `--fail-on-error`)
+- `2` - Runtime error (invalid config, file not found, etc.)
+
+## Rule Severity Levels
+
+- **must** - Blocks PR (errors) - Critical issues that must be fixed
+- **should** - Warnings - Important issues that should be addressed
+- **nit** - Suggestions - Minor improvements
+
+## Supported Rules
+
+FlowLint currently implements the following rules:
+
+- **R1** - Rate Limit & Retry
+- **R2** - Error Handling
+- **R3** - Dead End Detection
+- **R4** - Credential Validation
+- **R5** - Idempotency
+- **R6** - Stop & Error Nodes
+
+See [RULES.md](https://github.com/Replikanti/flowlint-app/blob/main/RULES.md) for detailed rule documentation.
+
+## Troubleshooting
+
+### No workflows found
+
+Make sure your workflow files match the glob patterns in `.flowlint.yml`:
+
+```yaml
+files:
+  include:
+    - '**/*.json'  # Adjust pattern as needed
+```
+
+### SARIF upload fails in GitHub Actions
+
+Ensure you have the correct permissions:
+
+```yaml
+permissions:
+  contents: read
+  security-events: write  # Required for SARIF upload
+```
+
+### JUnit results not showing in CI
+
+Make sure the file path in your CI configuration matches the `--out-file` path.
+
+## Links
+
+- [Documentation](https://flowlint.dev)
+- [GitHub Repository](https://github.com/Replikanti/flowlint-app)
+- [Issue Tracker](https://github.com/Replikanti/flowlint-app/issues)
+- [npm Package](https://www.npmjs.com/package/flowlint)
+
+## License
+
+MIT

package/dist/commands/scan.js

@@ -19,29 +19,54 @@ const local_file_source_1 = require("../providers/local-file-source");
 const local_config_provider_1 = require("../providers/local-config-provider");
 const console_reporter_1 = require("../reporters/console-reporter");
 const json_reporter_1 = require("../reporters/json-reporter");
+const sarif_reporter_1 = require("../reporters/sarif-reporter");
+const junit_reporter_1 = require("../reporters/junit-reporter");
+const github_actions_reporter_1 = require("../reporters/github-actions-reporter");
 const review_1 = require("../packages/review");
 exports.scanCommand = new commander_1.Command('scan')
     .description('Scan workflow files for issues')
     .argument('[path]', 'Directory to scan', '.')
     .option('--config <path>', 'Path to .flowlint.yml config file')
-    .option('--format <format>', 'Output format: stylish|json', 'stylish')
-    .option('--out-file <path>', 'Write JSON results to file (implies --format json)')
+    .option('--format <format>', 'Output format: stylish|json|sarif|junit|github-actions', 'stylish')
+    .option('--out-file <path>', 'Write results to file (format inferred from extension or --format)')
     .option('--fail-on-error', 'Exit with code 1 if errors found')
     .action(async (scanPath, options) => {
     try {
         const absolutePath = path_1.default.resolve(process.cwd(), scanPath);
         const configPath = options.config ? path_1.default.resolve(process.cwd(), options.config) : undefined;
-        const format = options.outFile ? 'json' : options.format;
+        // Determine format from options or file extension
+        let format = options.format;
+        if (options.outFile && !options.format) {
+            format = inferFormatFromFilename(options.outFile);
+        }
+        // Validate format
+        const validFormats = ['stylish', 'json', 'sarif', 'junit', 'github-actions'];
+        if (!validFormats.includes(format)) {
+            console.error(`Invalid format: ${format}. Valid formats: ${validFormats.join(', ')}`);
+            process.exit(2);
+        }
         // Initialize providers
         const fileSource = new local_file_source_1.LocalFileSource(absolutePath);
         const configProvider = new local_config_provider_1.LocalConfigProvider(configPath);
         // Choose reporter based on format
         let reporter;
-        if (format === 'json' || options.outFile) {
-            reporter = new json_reporter_1.JsonReporter(options.outFile);
-        }
-        else {
-            reporter = new console_reporter_1.ConsoleReporter();
+        switch (format) {
+            case 'json':
+                reporter = new json_reporter_1.JsonReporter(options.outFile);
+                break;
+            case 'sarif':
+                reporter = new sarif_reporter_1.SarifReporter(options.outFile);
+                break;
+            case 'junit':
+                reporter = new junit_reporter_1.JunitReporter(options.outFile);
+                break;
+            case 'github-actions':
+                reporter = new github_actions_reporter_1.GithubActionsReporter();
+                break;
+            case 'stylish':
+            default:
+                reporter = new console_reporter_1.ConsoleReporter();
+                break;
         }
         // Run analysis
         const engine = new review_1.DefaultAnalysisEngine(fileSource, configProvider, reporter);
@@ -56,4 +81,24 @@ exports.scanCommand = new commander_1.Command('scan')
         process.exit(2);
     }
 });
+/**
+ * Infer output format from filename extension
+ */
+function inferFormatFromFilename(filename) {
+    const ext = path_1.default.extname(filename).toLowerCase();
+    switch (ext) {
+        case '.json':
+            // Check if it's SARIF based on filename
+            if (filename.includes('sarif')) {
+                return 'sarif';
+            }
+            return 'json';
+        case '.sarif':
+            return 'sarif';
+        case '.xml':
+            return 'junit';
+        default:
+            return 'json'; // Default to JSON
+    }
+}
 //# sourceMappingURL=scan.js.map

package/dist/commands/scan.js.map

@@ -1 +1 @@
-{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../../../apps/cli/src/commands/scan.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;AAEH,yCAAoC;AACpC,gDAAwB;AACxB,sEAAiE;AACjE,8EAAyE;AACzE,oEAAgE;AAChE,8DAA0D;AAC1D,4CAAwD;AAE3C,QAAA,WAAW,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;KAC3C,WAAW,CAAC,gCAAgC,CAAC;KAC7C,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,iBAAiB,EAAE,mCAAmC,CAAC;KAC9D,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,EAAE,SAAS,CAAC;KACrE,MAAM,CAAC,mBAAmB,EAAE,oDAAoD,CAAC;KACjF,MAAM,CAAC,iBAAiB,EAAE,kCAAkC,CAAC;KAC7D,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAY,EAAE,EAAE;IAC/C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5F,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QAEzD,uBAAuB;QACvB,MAAM,UAAU,GAAG,IAAI,mCAAe,CAAC,YAAY,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,IAAI,2CAAmB,CAAC,UAAU,CAAC,CAAC;QAE3D,kCAAkC;QAClC,IAAI,QAAQ,CAAC;QACb,IAAI,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACzC,QAAQ,GAAG,IAAI,4BAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAI,kCAAe,EAAE,CAAC;QACnC,CAAC;QAED,eAAe;QACf,MAAM,MAAM,GAAG,IAAI,8BAAqB,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QAEvC,6BAA6B;QAC7B,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../../../apps/cli/src/commands/scan.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;AAEH,yCAAoC;AACpC,gDAAwB;AACxB,sEAAiE;AACjE,8EAAyE;AACzE,oEAAgE;AAChE,8DAA0D;AAC1D,gEAA4D;AAC5D,gEAA4D;AAC5D,kFAA6E;AAC7E,4CAAwD;AAE3C,QAAA,WAAW,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;KAC3C,WAAW,CAAC,gCAAgC,CAAC;KAC7C,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,iBAAiB,EAAE,mCAAmC,CAAC;KAC9D,MAAM,CACL,mBAAmB,EACnB,wDAAwD,EACxD,SAAS,CACV;KACA,MAAM,CAAC,mBAAmB,EAAE,oEAAoE,CAAC;KACjG,MAAM,CAAC,iBAAiB,EAAE,kCAAkC,CAAC;KAC7D,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAY,EAAE,EAAE;IAC/C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE5F,kDAAkD;QAClD,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC5B,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,GAAG,uBAAuB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAED,kBAAkB;QAClB,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAC7E,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,mBAAmB,MAAM,oBAAoB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,uBAAuB;QACvB,MAAM,UAAU,GAAG,IAAI,mCAAe,CAAC,YAAY,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,IAAI,2CAAmB,CAAC,UAAU,CAAC,CAAC;QAE3D,kCAAkC;QAClC,IAAI,QAAQ,CAAC;QACb,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,MAAM;gBACT,QAAQ,GAAG,IAAI,4BAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC7C,MAAM;YACR,KAAK,OAAO;gBACV,QAAQ,GAAG,IAAI,8BAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC9C,MAAM;YACR,KAAK,OAAO;gBACV,QAAQ,GAAG,IAAI,8BAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC9C,MAAM;YACR,KAAK,gBAAgB;gBACnB,QAAQ,GAAG,IAAI,+CAAqB,EAAE,CAAC;gBACvC,MAAM;YACR,KAAK,SAAS,CAAC;YACf;gBACE,QAAQ,GAAG,IAAI,kCAAe,EAAE,CAAC;gBACjC,MAAM;QACV,CAAC;QAED,eAAe;QACf,MAAM,MAAM,GAAG,IAAI,8BAAqB,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QAEvC,6BAA6B;QAC7B,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL;;GAEG;AACH,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO;YACV,wCAAwC;YACxC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,OAAO,CAAC;YACjB,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,OAAO,CAAC;QACjB;YACE,OAAO,MAAM,CAAC,CAAC,kBAAkB;IACrC,CAAC;AACH,CAAC"}

package/dist/reporters/github-actions-reporter.d.ts

@@ -0,0 +1,30 @@
+/**
+ * GitHub Actions Reporter
+ * Outputs findings using GitHub Actions workflow commands
+ * Suitable for:
+ * - GitHub Actions workflows
+ * - Immediate inline annotations in workflow logs
+ * - Complementary to SARIF (SARIF for Code Scanning, this for workflow logs)
+ *
+ * Format: ::error file={file},line={line}::{message}
+ * Docs: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions
+ */
+import type { AnalysisResult, Reporter } from 'packages/review/providers';
+export declare class GithubActionsReporter implements Reporter {
+    report(results: AnalysisResult[]): Promise<void>;
+    private outputWorkflowCommand;
+    private severityToCommand;
+    private buildProperties;
+    private buildMessage;
+    private outputSummary;
+    /**
+     * Escape property values for GitHub Actions workflow commands
+     * Properties use comma as delimiter, so commas must be escaped
+     */
+    private escapeProperty;
+    /**
+     * Escape data values for GitHub Actions workflow commands
+     * Data values support newlines but special characters must be escaped
+     */
+    private escapeData;
+}

package/dist/reporters/github-actions-reporter.js

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * GitHub Actions Reporter
+ * Outputs findings using GitHub Actions workflow commands
+ * Suitable for:
+ * - GitHub Actions workflows
+ * - Immediate inline annotations in workflow logs
+ * - Complementary to SARIF (SARIF for Code Scanning, this for workflow logs)
+ *
+ * Format: ::error file={file},line={line}::{message}
+ * Docs: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubActionsReporter = void 0;
+const findings_1 = require("../packages/review/utils/findings");
+class GithubActionsReporter {
+    async report(results) {
+        const allFindings = results.flatMap((r) => r.findings);
+        // Output workflow commands for each finding
+        for (const result of results) {
+            for (const finding of result.findings) {
+                this.outputWorkflowCommand(finding);
+            }
+        }
+        // Output summary
+        this.outputSummary(allFindings);
+    }
+    outputWorkflowCommand(finding) {
+        const command = this.severityToCommand(finding.severity);
+        const properties = this.buildProperties(finding);
+        const message = this.buildMessage(finding);
+        console.log(`::${command} ${properties}::${message}`);
+    }
+    severityToCommand(severity) {
+        switch (severity) {
+            case 'must':
+                return 'error';
+            case 'should':
+                return 'warning';
+            case 'nit':
+                return 'notice';
+        }
+    }
+    buildProperties(finding) {
+        const props = [];
+        props.push(`file=${this.escapeProperty(finding.path)}`);
+        if (finding.line) {
+            props.push(`line=${finding.line}`);
+        }
+        props.push(`title=${this.escapeProperty(finding.rule)}`);
+        return props.join(',');
+    }
+    buildMessage(finding) {
+        let message = finding.message;
+        if (finding.nodeId) {
+            message += ` (Node: ${finding.nodeId})`;
+        }
+        if (finding.raw_details) {
+            // GitHub Actions workflow commands support newlines in messages
+            message += `\n\n${finding.raw_details}`;
+        }
+        if (finding.documentationUrl) {
+            message += `\n\nSee: ${finding.documentationUrl}`;
+        }
+        return this.escapeData(message);
+    }
+    outputSummary(findings) {
+        const summary = (0, findings_1.countFindingsBySeverity)(findings);
+        console.log();
+        console.log('::group::FlowLint Summary');
+        if (summary.total === 0) {
+            console.log('✓ No issues found');
+        }
+        else {
+            console.log(`Total findings: ${summary.total}`);
+            if (summary.must > 0) {
+                console.log(`  - Errors (must-fix): ${summary.must}`);
+            }
+            if (summary.should > 0) {
+                console.log(`  - Warnings (should-fix): ${summary.should}`);
+            }
+            if (summary.nit > 0) {
+                console.log(`  - Notices (nit): ${summary.nit}`);
+            }
+        }
+        console.log('::endgroup::');
+    }
+    /**
+     * Escape property values for GitHub Actions workflow commands
+     * Properties use comma as delimiter, so commas must be escaped
+     */
+    escapeProperty(value) {
+        return value.replace(/%/g, '%25').replace(/,/g, '%2C').replace(/:/g, '%3A');
+    }
+    /**
+     * Escape data values for GitHub Actions workflow commands
+     * Data values support newlines but special characters must be escaped
+     */
+    escapeData(value) {
+        return value.replace(/%/g, '%25').replace(/\r/g, '%0D').replace(/\n/g, '%0A');
+    }
+}
+exports.GithubActionsReporter = GithubActionsReporter;
+//# sourceMappingURL=github-actions-reporter.js.map

package/dist/reporters/github-actions-reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-actions-reporter.js","sourceRoot":"","sources":["../../../../../apps/cli/src/reporters/github-actions-reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAIH,6DAAyE;AAEzE,MAAa,qBAAqB;IAChC,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEvD,4CAA4C;QAC5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;IAEO,qBAAqB,CAAC,OAAgB;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAE3C,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC,CAAC;IACxD,CAAC;IAEO,iBAAiB,CAAC,QAAmC;QAC3D,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,MAAM;gBACT,OAAO,OAAO,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,SAAS,CAAC;YACnB,KAAK,KAAK;gBACR,OAAO,QAAQ,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,OAAgB;QACtC,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAExD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEzD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAEO,YAAY,CAAC,OAAgB;QACnC,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAE9B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,IAAI,WAAW,OAAO,CAAC,MAAM,GAAG,CAAC;QAC1C,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,gEAAgE;YAChE,OAAO,IAAI,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,IAAI,YAAY,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEO,aAAa,CAAC,QAAmB;QACvC,MAAM,OAAO,GAAG,IAAA,kCAAuB,EAAC,QAAQ,CAAC,CAAC;QAElD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAEzC,IAAI,OAAO,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAChD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,0BAA0B,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,8BAA8B,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACK,cAAc,CAAC,KAAa;QAClC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9E,CAAC;IAED;;;OAGG;IACK,UAAU,CAAC,KAAa;QAC9B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAChF,CAAC;CACF;AA1GD,sDA0GC"}

package/dist/reporters/junit-reporter.d.ts

@@ -0,0 +1,25 @@
+/**
+ * JUnit Reporter
+ * Outputs findings in JUnit XML format
+ * Suitable for:
+ * - Jenkins
+ * - GitLab CI
+ * - CircleCI
+ * - Azure Pipelines
+ * - Other CI/CD platforms that support JUnit test results
+ *
+ * Each workflow file becomes a test suite
+ * Each finding becomes a test failure
+ */
+import type { AnalysisResult, Reporter } from 'packages/review/providers';
+export declare class JunitReporter implements Reporter {
+    private outputFile?;
+    constructor(outputFile?: string | undefined);
+    report(results: AnalysisResult[]): Promise<void>;
+    private buildJunitXml;
+    private addTestSuite;
+    private addTestCase;
+    private buildFailureMessage;
+    private buildFailureDetails;
+    private severityToFailureType;
+}

package/dist/reporters/junit-reporter.js

@@ -0,0 +1,142 @@
+"use strict";
+/**
+ * JUnit Reporter
+ * Outputs findings in JUnit XML format
+ * Suitable for:
+ * - Jenkins
+ * - GitLab CI
+ * - CircleCI
+ * - Azure Pipelines
+ * - Other CI/CD platforms that support JUnit test results
+ *
+ * Each workflow file becomes a test suite
+ * Each finding becomes a test failure
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JunitReporter = void 0;
+const fs_1 = __importDefault(require("fs"));
+const xmlbuilder2_1 = require("xmlbuilder2");
+class JunitReporter {
+    constructor(outputFile) {
+        this.outputFile = outputFile;
+    }
+    async report(results) {
+        const xml = this.buildJunitXml(results);
+        if (this.outputFile) {
+            // Write to file
+            fs_1.default.writeFileSync(this.outputFile, xml, 'utf8');
+            console.log(`✓ JUnit report written to ${this.outputFile}`);
+        }
+        else {
+            // Print to stdout
+            console.log(xml);
+        }
+    }
+    buildJunitXml(results) {
+        const timestamp = new Date().toISOString();
+        // Count total tests: each finding is a test, or 1 passing test if no findings
+        const totalTests = results.reduce((sum, r) => sum + (r.findings.length === 0 ? 1 : r.findings.length), 0);
+        const totalFailures = results.reduce((sum, r) => sum + r.findings.length, 0);
+        const totalTime = 0; // We don't track execution time
+        // Create root element
+        const root = (0, xmlbuilder2_1.create)({ version: '1.0', encoding: 'UTF-8' })
+            .ele('testsuites', {
+            name: 'FlowLint',
+            tests: totalTests,
+            failures: totalFailures,
+            errors: 0,
+            time: totalTime,
+            timestamp,
+        });
+        // Add a test suite for each file
+        for (const result of results) {
+            this.addTestSuite(root, result);
+        }
+        return root.end({ prettyPrint: true });
+    }
+    addTestSuite(parent, result) {
+        const { file, findings } = result;
+        // If no findings, create one passing test case
+        const testCount = findings.length === 0 ? 1 : findings.length;
+        const failureCount = findings.length; // All findings are failures
+        const testsuite = parent.ele('testsuite', {
+            name: file.path,
+            tests: testCount,
+            failures: failureCount,
+            errors: 0,
+            time: 0,
+            timestamp: new Date().toISOString(),
+        });
+        // If no findings, add a passing test
+        if (findings.length === 0) {
+            testsuite.ele('testcase', {
+                name: 'No issues found',
+                classname: file.path,
+                time: 0,
+            });
+        }
+        else {
+            // Add a test case for each finding
+            for (const finding of findings) {
+                this.addTestCase(testsuite, finding, file.path);
+            }
+        }
+    }
+    addTestCase(parent, finding, filePath) {
+        const testcase = parent.ele('testcase', {
+            name: finding.rule,
+            classname: filePath,
+            time: 0,
+        });
+        // Add failure element
+        const failureMessage = this.buildFailureMessage(finding);
+        const failureType = this.severityToFailureType(finding.severity);
+        testcase.ele('failure', {
+            message: failureMessage,
+            type: failureType,
+        }).txt(this.buildFailureDetails(finding));
+    }
+    buildFailureMessage(finding) {
+        const location = finding.line ? `:${finding.line}` : '';
+        return `[${finding.severity.toUpperCase()}] ${finding.message} (${finding.path}${location})`;
+    }
+    buildFailureDetails(finding) {
+        const parts = [];
+        parts.push(`Rule: ${finding.rule}`);
+        parts.push(`Severity: ${finding.severity.toUpperCase()}`);
+        parts.push(`File: ${finding.path}`);
+        if (finding.line) {
+            parts.push(`Line: ${finding.line}`);
+        }
+        if (finding.nodeId) {
+            parts.push(`Node ID: ${finding.nodeId}`);
+        }
+        parts.push('');
+        parts.push(finding.message);
+        if (finding.raw_details) {
+            parts.push('');
+            parts.push('Details:');
+            parts.push(finding.raw_details);
+        }
+        if (finding.documentationUrl) {
+            parts.push('');
+            parts.push(`Documentation: ${finding.documentationUrl}`);
+        }
+        return parts.join('\n');
+    }
+    severityToFailureType(severity) {
+        switch (severity) {
+            case 'must':
+                return 'FlowLintError';
+            case 'should':
+                return 'FlowLintWarning';
+            case 'nit':
+                return 'FlowLintSuggestion';
+        }
+    }
+}
+exports.JunitReporter = JunitReporter;
+//# sourceMappingURL=junit-reporter.js.map

package/dist/reporters/junit-reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"junit-reporter.js","sourceRoot":"","sources":["../../../../../apps/cli/src/reporters/junit-reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;AAEH,4CAAoB;AACpB,6CAAqC;AAIrC,MAAa,aAAa;IACxB,YAAoB,UAAmB;QAAnB,eAAU,GAAV,UAAU,CAAS;IAAG,CAAC;IAE3C,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAExC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,gBAAgB;YAChB,YAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAyB;QAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,8EAA8E;QAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1G,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,gCAAgC;QAErD,sBAAsB;QACtB,MAAM,IAAI,GAAG,IAAA,oBAAM,EAAC,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;aACvD,GAAG,CAAC,YAAY,EAAE;YACjB,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE,UAAU;YACjB,QAAQ,EAAE,aAAa;YACvB,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,SAAS;YACf,SAAS;SACV,CAAC,CAAC;QAEL,iCAAiC;QACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAEO,YAAY,CAAC,MAAW,EAAE,MAAsB;QACtD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAClC,+CAA+C;QAC/C,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC9D,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,4BAA4B;QAElE,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;YACxC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,YAAY;YACtB,MAAM,EAAE,CAAC;YACT,IAAI,EAAE,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,qCAAqC;QACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE;gBACxB,IAAI,EAAE,iBAAiB;gBACvB,SAAS,EAAE,IAAI,CAAC,IAAI;gBACpB,IAAI,EAAE,CAAC;aACR,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAW,EAAE,OAAgB,EAAE,QAAgB;QACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE;YACtC,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,QAAQ;YACnB,IAAI,EAAE,CAAC;SACR,CAAC,CAAC;QAEH,sBAAsB;QACtB,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEjE,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE;YACtB,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5C,CAAC;IAEO,mBAAmB,CAAC,OAAgB;QAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,GAAG,QAAQ,GAAG,CAAC;IAC/F,CAAC;IAEO,mBAAmB,CAAC,OAAgB;QAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAEpC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3C,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAE5B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,kBAAkB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAEO,qBAAqB,CAAC,QAAmC;QAC/D,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,MAAM;gBACT,OAAO,eAAe,CAAC;YACzB,KAAK,QAAQ;gBACX,OAAO,iBAAiB,CAAC;YAC3B,KAAK,KAAK;gBACR,OAAO,oBAAoB,CAAC;QAChC,CAAC;IACH,CAAC;CACF;AAxID,sCAwIC"}

package/dist/reporters/sarif-reporter.d.ts

@@ -0,0 +1,21 @@
+/**
+ * SARIF Reporter
+ * Outputs findings in SARIF 2.1.0 format
+ * Suitable for:
+ * - GitHub Code Scanning
+ * - Azure DevOps
+ * - Security scanners and analysis platforms
+ * - CI/CD pipelines
+ *
+ * Spec: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+ */
+import type { AnalysisResult, Reporter } from 'packages/review/providers';
+export declare class SarifReporter implements Reporter {
+    private outputFile?;
+    constructor(outputFile?: string | undefined);
+    report(results: AnalysisResult[]): Promise<void>;
+    private buildSarifLog;
+    private extractUniqueRules;
+    private findingToSarifResult;
+    private severityToSarifLevel;
+}

package/dist/reporters/sarif-reporter.js

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * SARIF Reporter
+ * Outputs findings in SARIF 2.1.0 format
+ * Suitable for:
+ * - GitHub Code Scanning
+ * - Azure DevOps
+ * - Security scanners and analysis platforms
+ * - CI/CD pipelines
+ *
+ * Spec: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SarifReporter = void 0;
+const fs_1 = __importDefault(require("fs"));
+class SarifReporter {
+    constructor(outputFile) {
+        this.outputFile = outputFile;
+    }
+    async report(results) {
+        const sarifLog = this.buildSarifLog(results);
+        const json = JSON.stringify(sarifLog, null, 2);
+        if (this.outputFile) {
+            // Write to file
+            fs_1.default.writeFileSync(this.outputFile, json, 'utf8');
+            console.log(`✓ SARIF report written to ${this.outputFile}`);
+        }
+        else {
+            // Print to stdout
+            console.log(json);
+        }
+    }
+    buildSarifLog(results) {
+        const allFindings = results.flatMap((r) => r.findings);
+        // Extract unique rules
+        const uniqueRules = this.extractUniqueRules(allFindings);
+        // Build artifacts list (analyzed files)
+        const artifacts = results.map((r) => ({
+            location: {
+                uri: r.file.path,
+            },
+        }));
+        // Build SARIF results
+        const sarifResults = [];
+        for (const result of results) {
+            for (const finding of result.findings) {
+                sarifResults.push(this.findingToSarifResult(finding));
+            }
+        }
+        return {
+            version: '2.1.0',
+            $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
+            runs: [
+                {
+                    tool: {
+                        driver: {
+                            name: 'FlowLint',
+                            version: '0.3.8',
+                            informationUri: 'https://flowlint.dev',
+                            rules: uniqueRules,
+                        },
+                    },
+                    results: sarifResults,
+                    artifacts,
+                },
+            ],
+        };
+    }
+    extractUniqueRules(findings) {
+        const ruleMap = new Map();
+        for (const finding of findings) {
+            if (!ruleMap.has(finding.rule)) {
+                ruleMap.set(finding.rule, {
+                    id: finding.rule,
+                    shortDescription: {
+                        text: finding.message,
+                    },
+                    helpUri: finding.documentationUrl,
+                });
+            }
+        }
+        return Array.from(ruleMap.values());
+    }
+    findingToSarifResult(finding) {
+        const result = {
+            ruleId: finding.rule,
+            level: this.severityToSarifLevel(finding.severity),
+            message: {
+                text: finding.raw_details ? `${finding.message}\n\n${finding.raw_details}` : finding.message,
+            },
+            locations: [
+                {
+                    physicalLocation: {
+                        artifactLocation: {
+                            uri: finding.path,
+                        },
+                        region: finding.line ? { startLine: finding.line } : undefined,
+                    },
+                },
+            ],
+        };
+        // Add nodeId as property if present
+        if (finding.nodeId) {
+            result.properties = {
+                nodeId: finding.nodeId,
+            };
+        }
+        return result;
+    }
+    severityToSarifLevel(severity) {
+        switch (severity) {
+            case 'must':
+                return 'error';
+            case 'should':
+                return 'warning';
+            case 'nit':
+                return 'note';
+        }
+    }
+}
+exports.SarifReporter = SarifReporter;
+//# sourceMappingURL=sarif-reporter.js.map

package/dist/reporters/sarif-reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-reporter.js","sourceRoot":"","sources":["../../../../../apps/cli/src/reporters/sarif-reporter.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;;;;AAEH,4CAAoB;AAqEpB,MAAa,aAAa;IACxB,YAAoB,UAAmB;QAAnB,eAAU,GAAV,UAAU,CAAS;IAAG,CAAC;IAE3C,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAE/C,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,gBAAgB;YAChB,YAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAyB;QAC7C,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAEvD,uBAAuB;QACvB,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEzD,wCAAwC;QACxC,MAAM,SAAS,GAAoB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrD,QAAQ,EAAE;gBACR,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;aACjB;SACF,CAAC,CAAC,CAAC;QAEJ,sBAAsB;QACtB,MAAM,YAAY,GAAkB,EAAE,CAAC;QACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,gGAAgG;YACzG,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE;wBACJ,MAAM,EAAE;4BACN,IAAI,EAAE,UAAU;4BAChB,OAAO,EAAE,OAAO;4BAChB,cAAc,EAAE,sBAAsB;4BACtC,KAAK,EAAE,WAAW;yBACnB;qBACF;oBACD,OAAO,EAAE,YAAY;oBACrB,SAAS;iBACV;aACF;SACF,CAAC;IACJ,CAAC;IAEO,kBAAkB,CAAC,QAAmB;QAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;QAE7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBACxB,EAAE,EAAE,OAAO,CAAC,IAAI;oBAChB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO,CAAC,OAAO;qBACtB;oBACD,OAAO,EAAE,OAAO,CAAC,gBAAgB;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,OAAgB;QAC3C,MAAM,MAAM,GAAgB;YAC1B,MAAM,EAAE,OAAO,CAAC,IAAI;YACpB,KAAK,EAAE,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClD,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO;aAC7F;YACD,SAAS,EAAE;gBACT;oBACE,gBAAgB,EAAE;wBAChB,gBAAgB,EAAE;4BAChB,GAAG,EAAE,OAAO,CAAC,IAAI;yBAClB;wBACD,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;qBAC/D;iBACF;aACF;SACF,CAAC;QAEF,oCAAoC;QACpC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,CAAC,UAAU,GAAG;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,QAAmC;QAC9D,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,MAAM;gBACT,OAAO,OAAO,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,SAAS,CAAC;YACnB,KAAK,KAAK;gBACR,OAAO,MAAM,CAAC;QAClB,CAAC;IACH,CAAC;CACF;AAnHD,sCAmHC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "flowlint",
-  "version": "0.3.7",
+  "version": "0.3.8",
   "description": "Static analysis tool for n8n workflows - detect issues early, fix them faster",
   "license": "MIT",
   "type": "commonjs",
@@ -27,6 +27,7 @@
     "micromatch": "^4.0.8",
     "pino": "^10.1.0",
     "pino-pretty": "^13.1.2",
+    "xmlbuilder2": "^4.0.3",
     "yaml": "^2.4.0"
   },
   "keywords": [