gesf-vscode 1.1.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025–2026 greenarmor
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,40 @@
+# GESF VS Code Extension
+
+Real-time GDPR, security, and compliance warnings for projects using the Green Engineering Standard Framework (GESF).
+
+## Features
+
+- **Real-time warnings** for missing security headers (helmet), missing CORS config, missing .gitignore, .env not in .gitignore
+- **Compliance checks** for missing MFA implementation, missing encryption, missing retention policy documents
+- **Status bar** showing live compliance score from `ges audit`
+- **Commands** to run audit, show score, and generate reports directly from VS Code
+
+## Requirements
+
+- [GESF CLI](https://www.npmjs.com/package/@greenarmor/ges) installed globally: `npm install -g @greenarmor/ges`
+- Run `ges init` in your project to initialize compliance controls
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `GESF: Run Compliance Audit` | Runs `ges audit` in a terminal |
+| `GESF: Show Compliance Score` | Runs `ges score` in a terminal |
+| `GESF: Generate Report` | Generates a compliance report (markdown/html/pdf) |
+
+## Warnings Detected
+
+| Warning | Severity |
+|---------|----------|
+| Missing helmet middleware | High |
+| Missing CORS package | Medium |
+| No .gitignore file | High |
+| .env not in .gitignore | Critical |
+| MFA required but not implemented | High |
+| Encryption required but not detected | Critical |
+| Retention policy document missing | Medium |
+| GESF not initialized | High |
+
+## License
+
+MIT

package/build.js

@@ -0,0 +1,13 @@
+const esbuild = require("esbuild");
+
+esbuild.build({
+  entryPoints: ["src/extension.ts"],
+  bundle: true,
+  outfile: "dist/extension.js",
+  external: ["vscode"],
+  format: "cjs",
+  platform: "node",
+  target: "node18",
+  sourcemap: false,
+  minify: false,
+}).catch(() => process.exit(1));

package/dist/extension.js

@@ -0,0 +1,264 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/extension.ts
+var extension_exports = {};
+__export(extension_exports, {
+  activate: () => activate,
+  deactivate: () => deactivate
+});
+module.exports = __toCommonJS(extension_exports);
+var vscode = __toESM(require("vscode"));
+var fs = __toESM(require("node:fs"));
+var path = __toESM(require("node:path"));
+var diagnosticCollection;
+var statusBarItem;
+function activate(context) {
+  diagnosticCollection = vscode.languages.createDiagnosticCollection("gesf");
+  context.subscriptions.push(diagnosticCollection);
+  statusBarItem = vscode.window.createStatusBarItem(vscode.StatusBarAlignment.Left, 50);
+  statusBarItem.command = "gesf.showScore";
+  context.subscriptions.push(statusBarItem);
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.runAudit", runAudit)
+  );
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.showScore", showScore)
+  );
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.generateReport", generateReport)
+  );
+  context.subscriptions.push(
+    vscode.workspace.onDidSaveTextDocument(() => checkProject())
+  );
+  context.subscriptions.push(
+    vscode.window.onDidChangeActiveTextEditor(() => checkProject())
+  );
+  checkProject();
+}
+function getProjectRoot() {
+  const folders = vscode.workspace.workspaceFolders;
+  if (!folders || folders.length === 0) return void 0;
+  const root = folders[0].uri.fsPath;
+  if (fs.existsSync(path.join(root, ".ges", "config.json"))) return root;
+  return void 0;
+}
+function checkProject() {
+  const root = getProjectRoot();
+  if (!root) {
+    statusBarItem.hide();
+    return;
+  }
+  const warnings = detectComplianceWarnings(root);
+  const diagnostics = [];
+  for (const warning of warnings) {
+    const uri = vscode.Uri.file(path.join(root, warning.file));
+    const line = warning.line || 0;
+    const range = new vscode.Range(line, 0, line, 100);
+    const severity = warning.severity === "critical" ? vscode.DiagnosticSeverity.Error : warning.severity === "high" ? vscode.DiagnosticSeverity.Warning : vscode.DiagnosticSeverity.Information;
+    const diag = new vscode.Diagnostic(range, `[GESF] ${warning.message}`, severity);
+    diag.source = "gesf";
+    diagnostics.push(diag);
+  }
+  diagnosticCollection.clear();
+  for (const warning of warnings) {
+    const uri = vscode.Uri.file(path.join(root, warning.file));
+    const fileDiags = diagnostics.filter((_, i) => warnings[i].file === warning.file);
+    diagnosticCollection.set(uri, fileDiags);
+  }
+  updateStatusBar(root);
+}
+function detectComplianceWarnings(root) {
+  const warnings = [];
+  const configPath = path.join(root, ".ges", "config.json");
+  if (!fs.existsSync(configPath)) {
+    warnings.push({
+      file: "package.json",
+      severity: "high",
+      message: "GESF not initialized. Run 'ges init' to set up compliance controls."
+    });
+    return warnings;
+  }
+  let config;
+  try {
+    config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+  } catch {
+    return warnings;
+  }
+  const pkgPath = path.join(root, "package.json");
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+      if (deps.express && !deps.helmet) {
+        warnings.push({
+          file: "package.json",
+          severity: "high",
+          message: "Missing security headers. Install 'helmet' middleware."
+        });
+      }
+      if (deps.express && !deps.cors) {
+        warnings.push({
+          file: "package.json",
+          severity: "medium",
+          message: "No CORS configuration detected. Install 'cors' package."
+        });
+      }
+    } catch {
+    }
+  }
+  if (!fs.existsSync(path.join(root, ".gitignore"))) {
+    warnings.push({
+      file: ".gitignore",
+      severity: "high",
+      message: "No .gitignore file. Secrets may be committed accidentally."
+    });
+  }
+  const gitignorePath = path.join(root, ".gitignore");
+  if (fs.existsSync(gitignorePath)) {
+    const gitignore = fs.readFileSync(gitignorePath, "utf-8");
+    if (!gitignore.includes(".env")) {
+      warnings.push({
+        file: ".gitignore",
+        severity: "critical",
+        message: ".env not in .gitignore. Environment secrets may be committed."
+      });
+    }
+  }
+  const requirements = config.requirements;
+  if (requirements?.mfa?.required) {
+    const hasMFA = checkForMFA(root);
+    if (!hasMFA) {
+      warnings.push({
+        file: "package.json",
+        severity: "high",
+        message: "MFA is required by GESF config but no MFA implementation detected."
+      });
+    }
+  }
+  if (requirements?.encryption?.required) {
+    const hasEncryption = checkForEncryption(root);
+    if (!hasEncryption) {
+      warnings.push({
+        file: "package.json",
+        severity: "critical",
+        message: "Encryption is required by GESF config but no encryption detected."
+      });
+    }
+  }
+  if (requirements?.retention_policy?.required) {
+    if (!fs.existsSync(path.join(root, "compliance", "retention-policy.md"))) {
+      warnings.push({
+        file: "compliance/retention-policy.md",
+        severity: "medium",
+        message: "Retention policy document missing. Run 'ges generate --docs'."
+      });
+    }
+  }
+  return warnings;
+}
+function checkForMFA(root) {
+  const pkgPath = path.join(root, "package.json");
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+      const mfaLibs = ["otpauth", "speakeasy", "otplib", "@simplewebauthn", "node-2fa"];
+      return mfaLibs.some((lib) => deps[lib] !== void 0);
+    } catch {
+    }
+  }
+  return false;
+}
+function checkForEncryption(root) {
+  const dirs = ["src", "lib", "crypto", "security"];
+  const patterns = [/aes-256/i, /AES_256_GCM/i, /createCipheriv/i, /ChaCha20/i, /crypto\.encrypt/i];
+  for (const dir of dirs) {
+    const dirPath = path.join(root, dir);
+    if (!fs.existsSync(dirPath)) continue;
+    try {
+      const entries = fs.readdirSync(dirPath, { recursive: true });
+      for (const entry of entries) {
+        const filePath = path.join(dirPath, entry.toString());
+        if (!fs.statSync(filePath).isFile()) continue;
+        const ext = path.extname(filePath);
+        if (![".ts", ".js"].includes(ext)) continue;
+        const content = fs.readFileSync(filePath, "utf-8");
+        if (patterns.some((p) => p.test(content))) return true;
+      }
+    } catch {
+    }
+  }
+  return false;
+}
+function updateStatusBar(root) {
+  const scorePath = path.join(root, ".ges", "score.json");
+  if (fs.existsSync(scorePath)) {
+    try {
+      const score = JSON.parse(fs.readFileSync(scorePath, "utf-8"));
+      const overall = score.overall || 0;
+      const grade = score.overall_grade || "?";
+      const icon = overall >= 80 ? "$(checkmark)" : overall >= 50 ? "$(warning)" : "$(error)";
+      statusBarItem.text = `${icon} GESF: ${overall}% (${grade})`;
+    } catch {
+      statusBarItem.text = "$(question) GESF: No score";
+    }
+  } else {
+    statusBarItem.text = "$(warning) GESF: Run audit";
+  }
+  statusBarItem.show();
+}
+async function runAudit() {
+  const terminal = vscode.window.createTerminal("GESF Audit");
+  terminal.show();
+  terminal.sendText("ges audit");
+}
+async function showScore() {
+  const terminal = vscode.window.createTerminal("GESF Score");
+  terminal.show();
+  terminal.sendText("ges score");
+}
+async function generateReport() {
+  const format = await vscode.window.showQuickPick(["markdown", "html", "pdf"], {
+    placeHolder: "Select report format"
+  });
+  if (!format) return;
+  const terminal = vscode.window.createTerminal("GESF Report");
+  terminal.show();
+  terminal.sendText(`ges report --format ${format}`);
+}
+function deactivate() {
+  diagnosticCollection?.clear();
+  statusBarItem?.hide();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  activate,
+  deactivate
+});

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "gesf-vscode",
+  "displayName": "GESF - Green Engineering Standard Framework",
+  "description": "Real-time GDPR, security, and compliance warnings for your project",
+  "version": "1.1.2",
+  "publisher": "greenarmor",
+  "engines": {
+    "vscode": "^1.80.0"
+  },
+  "categories": [
+    "Linters",
+    "Security"
+  ],
+  "activationEvents": [
+    "workspaceContains:.ges/config.json"
+  ],
+  "main": "./dist/extension.js",
+  "contributes": {
+    "commands": [
+      {
+        "command": "gesf.runAudit",
+        "title": "GESF: Run Compliance Audit"
+      },
+      {
+        "command": "gesf.showScore",
+        "title": "GESF: Show Compliance Score"
+      },
+      {
+        "command": "gesf.generateReport",
+        "title": "GESF: Generate Report"
+      }
+    ],
+    "jsonValidation": [
+      {
+        "fileMatch": ".ges/config.json",
+        "url": "https://raw.githubusercontent.com/greenarmor/gesf/main/packages/core/src/schemas/config.schema.json"
+      }
+    ]
+  },
+  "devDependencies": {
+    "@types/vscode": "^1.80.0",
+    "@types/node": "^22.0.0",
+    "esbuild": "^0.28.0",
+    "typescript": "^6.0.0"
+  },
+  "license": "MIT",
+  "scripts": {
+    "build": "node build.js",
+    "test": "echo \"no tests yet\""
+  }
+}

package/src/extension.ts

@@ -0,0 +1,264 @@
+import * as vscode from "vscode";
+import * as fs from "node:fs";
+import * as path from "node:path";
+
+let diagnosticCollection: vscode.DiagnosticCollection;
+let statusBarItem: vscode.StatusBarItem;
+
+export function activate(context: vscode.ExtensionContext) {
+  diagnosticCollection = vscode.languages.createDiagnosticCollection("gesf");
+  context.subscriptions.push(diagnosticCollection);
+
+  statusBarItem = vscode.window.createStatusBarItem(vscode.StatusBarAlignment.Left, 50);
+  statusBarItem.command = "gesf.showScore";
+  context.subscriptions.push(statusBarItem);
+
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.runAudit", runAudit),
+  );
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.showScore", showScore),
+  );
+  context.subscriptions.push(
+    vscode.commands.registerCommand("gesf.generateReport", generateReport),
+  );
+
+  context.subscriptions.push(
+    vscode.workspace.onDidSaveTextDocument(() => checkProject()),
+  );
+  context.subscriptions.push(
+    vscode.window.onDidChangeActiveTextEditor(() => checkProject()),
+  );
+
+  checkProject();
+}
+
+function getProjectRoot(): string | undefined {
+  const folders = vscode.workspace.workspaceFolders;
+  if (!folders || folders.length === 0) return undefined;
+  const root = folders[0].uri.fsPath;
+  if (fs.existsSync(path.join(root, ".ges", "config.json"))) return root;
+  return undefined;
+}
+
+function checkProject() {
+  const root = getProjectRoot();
+  if (!root) {
+    statusBarItem.hide();
+    return;
+  }
+
+  const warnings = detectComplianceWarnings(root);
+  const diagnostics: vscode.Diagnostic[] = [];
+
+  for (const warning of warnings) {
+    const uri = vscode.Uri.file(path.join(root, warning.file));
+    const line = warning.line || 0;
+    const range = new vscode.Range(line, 0, line, 100);
+    const severity =
+      warning.severity === "critical"
+        ? vscode.DiagnosticSeverity.Error
+        : warning.severity === "high"
+          ? vscode.DiagnosticSeverity.Warning
+          : vscode.DiagnosticSeverity.Information;
+    const diag = new vscode.Diagnostic(range, `[GESF] ${warning.message}`, severity);
+    diag.source = "gesf";
+    diagnostics.push(diag);
+  }
+
+  diagnosticCollection.clear();
+  for (const warning of warnings) {
+    const uri = vscode.Uri.file(path.join(root, warning.file));
+    const fileDiags = diagnostics.filter((_, i) => warnings[i].file === warning.file);
+    diagnosticCollection.set(uri, fileDiags);
+  }
+
+  updateStatusBar(root);
+}
+
+interface ComplianceWarning {
+  file: string;
+  line?: number;
+  severity: string;
+  message: string;
+}
+
+function detectComplianceWarnings(root: string): ComplianceWarning[] {
+  const warnings: ComplianceWarning[] = [];
+  const configPath = path.join(root, ".ges", "config.json");
+
+  if (!fs.existsSync(configPath)) {
+    warnings.push({
+      file: "package.json",
+      severity: "high",
+      message: "GESF not initialized. Run 'ges init' to set up compliance controls.",
+    });
+    return warnings;
+  }
+
+  let config: Record<string, unknown>;
+  try {
+    config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+  } catch {
+    return warnings;
+  }
+
+  const pkgPath = path.join(root, "package.json");
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+
+      if (deps.express && !deps.helmet) {
+        warnings.push({
+          file: "package.json",
+          severity: "high",
+          message: "Missing security headers. Install 'helmet' middleware.",
+        });
+      }
+
+      if (deps.express && !deps.cors) {
+        warnings.push({
+          file: "package.json",
+          severity: "medium",
+          message: "No CORS configuration detected. Install 'cors' package.",
+        });
+      }
+    } catch {}
+  }
+
+  if (!fs.existsSync(path.join(root, ".gitignore"))) {
+    warnings.push({
+      file: ".gitignore",
+      severity: "high",
+      message: "No .gitignore file. Secrets may be committed accidentally.",
+    });
+  }
+
+  const gitignorePath = path.join(root, ".gitignore");
+  if (fs.existsSync(gitignorePath)) {
+    const gitignore = fs.readFileSync(gitignorePath, "utf-8");
+    if (!gitignore.includes(".env")) {
+      warnings.push({
+        file: ".gitignore",
+        severity: "critical",
+        message: ".env not in .gitignore. Environment secrets may be committed.",
+      });
+    }
+  }
+
+  const requirements = config.requirements as Record<string, { required: boolean }> | undefined;
+  if (requirements?.mfa?.required) {
+    const hasMFA = checkForMFA(root);
+    if (!hasMFA) {
+      warnings.push({
+        file: "package.json",
+        severity: "high",
+        message: "MFA is required by GESF config but no MFA implementation detected.",
+      });
+    }
+  }
+
+  if (requirements?.encryption?.required) {
+    const hasEncryption = checkForEncryption(root);
+    if (!hasEncryption) {
+      warnings.push({
+        file: "package.json",
+        severity: "critical",
+        message: "Encryption is required by GESF config but no encryption detected.",
+      });
+    }
+  }
+
+  if (requirements?.retention_policy?.required) {
+    if (!fs.existsSync(path.join(root, "compliance", "retention-policy.md"))) {
+      warnings.push({
+        file: "compliance/retention-policy.md",
+        severity: "medium",
+        message: "Retention policy document missing. Run 'ges generate --docs'.",
+      });
+    }
+  }
+
+  return warnings;
+}
+
+function checkForMFA(root: string): boolean {
+  const pkgPath = path.join(root, "package.json");
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+      const mfaLibs = ["otpauth", "speakeasy", "otplib", "@simplewebauthn", "node-2fa"];
+      return mfaLibs.some((lib) => deps[lib] !== undefined);
+    } catch {}
+  }
+  return false;
+}
+
+function checkForEncryption(root: string): boolean {
+  const dirs = ["src", "lib", "crypto", "security"];
+  const patterns = [/aes-256/i, /AES_256_GCM/i, /createCipheriv/i, /ChaCha20/i, /crypto\.encrypt/i];
+
+  for (const dir of dirs) {
+    const dirPath = path.join(root, dir);
+    if (!fs.existsSync(dirPath)) continue;
+    try {
+      const entries = fs.readdirSync(dirPath, { recursive: true });
+      for (const entry of entries) {
+        const filePath = path.join(dirPath, entry.toString());
+        if (!fs.statSync(filePath).isFile()) continue;
+        const ext = path.extname(filePath);
+        if (![".ts", ".js"].includes(ext)) continue;
+        const content = fs.readFileSync(filePath, "utf-8");
+        if (patterns.some((p) => p.test(content))) return true;
+      }
+    } catch {}
+  }
+  return false;
+}
+
+function updateStatusBar(root: string) {
+  const scorePath = path.join(root, ".ges", "score.json");
+  if (fs.existsSync(scorePath)) {
+    try {
+      const score = JSON.parse(fs.readFileSync(scorePath, "utf-8"));
+      const overall = score.overall || 0;
+      const grade = score.overall_grade || "?";
+      const icon = overall >= 80 ? "$(checkmark)" : overall >= 50 ? "$(warning)" : "$(error)";
+      statusBarItem.text = `${icon} GESF: ${overall}% (${grade})`;
+    } catch {
+      statusBarItem.text = "$(question) GESF: No score";
+    }
+  } else {
+    statusBarItem.text = "$(warning) GESF: Run audit";
+  }
+  statusBarItem.show();
+}
+
+async function runAudit() {
+  const terminal = vscode.window.createTerminal("GESF Audit");
+  terminal.show();
+  terminal.sendText("ges audit");
+}
+
+async function showScore() {
+  const terminal = vscode.window.createTerminal("GESF Score");
+  terminal.show();
+  terminal.sendText("ges score");
+}
+
+async function generateReport() {
+  const format = await vscode.window.showQuickPick(["markdown", "html", "pdf"], {
+    placeHolder: "Select report format",
+  });
+  if (!format) return;
+  const terminal = vscode.window.createTerminal("GESF Report");
+  terminal.show();
+  terminal.sendText(`ges report --format ${format}`);
+}
+
+export function deactivate() {
+  diagnosticCollection?.clear();
+  statusBarItem?.hide();
+}

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "lib": ["ES2022"],
+    "types": ["vscode", "node"],
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"]
+}