laxy-verify 1.3.3 → 1.4.1

package/dist/auto-fix.d.ts

@@ -0,0 +1,66 @@
+export interface AutoFixContext {
+    grade: string;
+    blockers: Array<{
+        title: string;
+        severity: string;
+        action: string;
+    }>;
+    lighthouseScores: {
+        performance: number;
+        accessibility: number;
+        seo: number;
+        bestPractices: number;
+    } | null;
+    thresholds: {
+        performance: number;
+        accessibility: number;
+        seo: number;
+        bestPractices: number;
+    };
+    buildErrors: string[];
+    e2eFailed: number;
+    e2eTotal: number;
+    securitySummary?: string;
+    /** Source file snippets keyed by relative path */
+    fileSnippets: Array<{
+        path: string;
+        content: string;
+    }>;
+}
+export interface CodeFix {
+    /** Relative file path to apply the fix to */
+    filePath: string;
+    /** Description of what this fix does */
+    description: string;
+    /** The complete replacement content for the file (or section) */
+    code: string;
+    /** Whether this is a full-file replacement or a targeted patch */
+    type: "full" | "patch";
+    /** Line range for patch-type fixes */
+    startLine?: number;
+    endLine?: number;
+}
+export interface AutoFixResult {
+    rootCause: string;
+    fixes: CodeFix[];
+    confidence: "high" | "medium" | "low";
+}
+/**
+ * Collect relevant source file snippets for AI context.
+ * Picks up to 5 files that are most likely related to the failures.
+ */
+export declare function collectFileSnippets(projectDir: string, buildErrors: string[]): Array<{
+    path: string;
+    content: string;
+}>;
+/**
+ * Apply a code fix to the project directory.
+ */
+export declare function applyCodeFix(projectDir: string, fix: CodeFix): {
+    success: boolean;
+    error?: string;
+};
+/**
+ * Request AI auto-fix from the Laxy API.
+ */
+export declare function requestAutoFix(context: AutoFixContext): Promise<AutoFixResult | null>;

package/dist/auto-fix.js

@@ -0,0 +1,178 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.collectFileSnippets = collectFileSnippets;
+exports.applyCodeFix = applyCodeFix;
+exports.requestAutoFix = requestAutoFix;
+/**
+ * AI Auto-Fix client (Pro feature).
+ *
+ * Sends verification failure context plus relevant source files
+ * to the Laxy API, which returns code fix suggestions that can
+ * be applied directly or pushed as a PR.
+ */
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const auth_js_1 = require("./auth.js");
+/**
+ * Collect relevant source file snippets for AI context.
+ * Picks up to 5 files that are most likely related to the failures.
+ */
+function collectFileSnippets(projectDir, buildErrors) {
+    const snippets = [];
+    const seen = new Set();
+    // Extract file paths from build errors
+    const errorFilePattern = /(?:^|\n)(\.?[^\s:]+(?:\/[^\s:]+)*\.[a-zA-Z]+)(?::|\s)/g;
+    const errorFiles = new Set();
+    for (const err of buildErrors) {
+        let match;
+        const localPattern = new RegExp(errorFilePattern.source, "g");
+        while ((match = localPattern.exec(err)) !== null) {
+            errorFiles.add(match[1]);
+        }
+    }
+    // Add files from build errors first
+    for (const filePath of errorFiles) {
+        if (seen.has(filePath) || snippets.length >= 5)
+            continue;
+        const absPath = path.join(projectDir, filePath);
+        if (fs.existsSync(absPath)) {
+            try {
+                const content = fs.readFileSync(absPath, "utf-8");
+                if (content.length <= 20000) {
+                    snippets.push({ path: filePath, content: content.slice(0, 4000) });
+                    seen.add(filePath);
+                }
+            }
+            catch { /* ignore */ }
+        }
+    }
+    // Fill remaining slots with common config/entry files
+    const commonFiles = [
+        "package.json",
+        "tsconfig.json",
+        "vite.config.ts",
+        "vite.config.js",
+        "next.config.js",
+        "next.config.mjs",
+        "src/App.tsx",
+        "src/App.jsx",
+        "src/main.tsx",
+        "src/main.jsx",
+        "src/pages/index.tsx",
+        "src/pages/_app.tsx",
+        "app/page.tsx",
+        "app/layout.tsx",
+        "index.html",
+    ];
+    for (const filePath of commonFiles) {
+        if (seen.has(filePath) || snippets.length >= 5)
+            continue;
+        const absPath = path.join(projectDir, filePath);
+        if (fs.existsSync(absPath)) {
+            try {
+                const content = fs.readFileSync(absPath, "utf-8");
+                if (content.length <= 20000) {
+                    snippets.push({ path: filePath, content: content.slice(0, 4000) });
+                    seen.add(filePath);
+                }
+            }
+            catch { /* ignore */ }
+        }
+    }
+    return snippets;
+}
+/**
+ * Apply a code fix to the project directory.
+ */
+function applyCodeFix(projectDir, fix) {
+    const absPath = path.resolve(projectDir, fix.filePath);
+    // Prevent path traversal outside the project directory (case-insensitive on Windows)
+    const resolvedRoot = path.resolve(projectDir);
+    const relative = path.relative(resolvedRoot, absPath);
+    if (relative.startsWith("..") || path.isAbsolute(relative)) {
+        return { success: false, error: `Path traversal detected: ${fix.filePath}` };
+    }
+    if (fix.type === "full") {
+        try {
+            fs.writeFileSync(absPath, fix.code, "utf-8");
+            return { success: true };
+        }
+        catch (err) {
+            return { success: false, error: err instanceof Error ? err.message : "Write failed" };
+        }
+    }
+    // Patch type: replace specific lines
+    if (!fs.existsSync(absPath)) {
+        return { success: false, error: `File not found: ${fix.filePath}` };
+    }
+    try {
+        const lines = fs.readFileSync(absPath, "utf-8").split("\n");
+        const start = (fix.startLine ?? 1) - 1;
+        const end = fix.endLine ?? lines.length;
+        const newLines = fix.code.split("\n");
+        lines.splice(start, end - start, ...newLines);
+        fs.writeFileSync(absPath, lines.join("\n"), "utf-8");
+        return { success: true };
+    }
+    catch (err) {
+        return { success: false, error: err instanceof Error ? err.message : "Patch failed" };
+    }
+}
+/**
+ * Request AI auto-fix from the Laxy API.
+ */
+async function requestAutoFix(context) {
+    const token = (0, auth_js_1.loadToken)();
+    if (!token)
+        return null;
+    try {
+        const res = await fetch(`${auth_js_1.LAXY_API_URL}/api/v1/auto-fix`, {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(context),
+            signal: AbortSignal.timeout(60_000),
+        });
+        if (!res.ok)
+            return null;
+        return (await res.json());
+    }
+    catch {
+        return null;
+    }
+}

package/dist/check-run.d.ts

@@ -0,0 +1,58 @@
+import type { TrendDelta } from "./trend.js";
+interface CheckRunResult {
+    grade: string;
+    verdict: string;
+    exitCode: number;
+    lighthouse: {
+        performance: number;
+        accessibility: number;
+        seo: number;
+        bestPractices: number;
+        runs: number;
+    } | null;
+    thresholds: {
+        performance: number;
+        accessibility: number;
+        seo: number;
+        bestPractices: number;
+    };
+    e2e?: {
+        passed: number;
+        failed: number;
+        total: number;
+    } | null;
+    security?: {
+        critical: number;
+        high: number;
+        total: number;
+    } | null;
+    build?: {
+        success: boolean;
+        durationMs: number;
+    };
+    blockers: Array<{
+        title: string;
+        severity: string;
+    }>;
+    typecheck?: {
+        errorCount: number;
+    } | null;
+    secretScan?: {
+        findingsCount: number;
+    } | null;
+    bundleSize?: {
+        advisory: string;
+    } | null;
+    a11yDeep?: {
+        criticalCount: number;
+        seriousCount: number;
+    } | null;
+    brokenLinks?: {
+        broken: number;
+        checked: number;
+    } | null;
+    consoleErrors?: number;
+    config_fail_on: string;
+}
+export declare function createCheckRun(result: CheckRunResult, trend?: TrendDelta | null): Promise<void>;
+export {};

package/dist/check-run.js

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCheckRun = createCheckRun;
+/**
+ * GitHub Check Run API integration (Pro feature).
+ *
+ * Creates a rich Check Run on the PR that appears in the merge box
+ * with expandable details: grade, blockers, Lighthouse scores, E2E,
+ * security, and verification verdict.
+ */
+const github_js_1 = require("./github.js");
+const trend_js_1 = require("./trend.js");
+function renderCheckRunSummary(result, trend) {
+    const lines = [];
+    const emoji = result.grade === "Gold" ? "🏆" :
+        result.grade === "Silver" ? "✅" :
+            result.grade === "Bronze" ? "🔨" : "⚠️";
+    lines.push(`## ${emoji} ${result.grade} — ${result.verdict}`);
+    lines.push("");
+    // Trend table
+    if (trend) {
+        lines.push("### vs Base Branch");
+        lines.push("| Check | This PR | Base | Delta |");
+        lines.push("|---|---|---|---|");
+        const gradeUp = (0, trend_js_1.gradeIndex)(trend.grade.current) > (0, trend_js_1.gradeIndex)(trend.grade.base);
+        const gradeDown = (0, trend_js_1.gradeIndex)(trend.grade.current) < (0, trend_js_1.gradeIndex)(trend.grade.base);
+        const gradeDelta = gradeUp ? " ↑" : gradeDown ? " ↓" : "";
+        lines.push(`| Grade | **${trend.grade.current}** | ${trend.grade.base} |${gradeDelta} |`);
+        const fmtD = (d) => d === null ? "—" : d > 0 ? `+${d}` : d < 0 ? `${d}` : "—";
+        if (trend.performance.current !== null)
+            lines.push(`| Performance | ${trend.performance.current} | ${trend.performance.base ?? "—"} | ${fmtD(trend.performance.delta)} |`);
+        if (trend.accessibility.current !== null)
+            lines.push(`| Accessibility | ${trend.accessibility.current} | ${trend.accessibility.base ?? "—"} | ${fmtD(trend.accessibility.delta)} |`);
+        if (trend.seo.current !== null)
+            lines.push(`| SEO | ${trend.seo.current} | ${trend.seo.base ?? "—"} | ${fmtD(trend.seo.delta)} |`);
+        if (trend.bestPractices.current !== null)
+            lines.push(`| Best Practices | ${trend.bestPractices.current} | ${trend.bestPractices.base ?? "—"} | ${fmtD(trend.bestPractices.delta)} |`);
+        if (trend.e2e.current !== null)
+            lines.push(`| E2E | ${trend.e2e.current} | ${trend.e2e.base ?? "—"} | — |`);
+        lines.push("");
+    }
+    // Build
+    if (result.build) {
+        const dur = (result.build.durationMs / 1000).toFixed(1);
+        lines.push(`### Build: ${result.build.success ? "✅ Passed" : "❌ Failed"} (${dur}s)`);
+        lines.push("");
+    }
+    // Lighthouse
+    if (result.lighthouse) {
+        const lh = result.lighthouse;
+        const t = result.thresholds;
+        lines.push("### Lighthouse");
+        lines.push("| Category | Score | Threshold | Status |");
+        lines.push("|---|---|---|---|");
+        lines.push(`| Performance | ${lh.performance} | ≥${t.performance} | ${lh.performance >= t.performance ? "✅" : "❌"} |`);
+        lines.push(`| Accessibility | ${lh.accessibility} | ≥${t.accessibility} | ${lh.accessibility >= t.accessibility ? "✅" : "❌"} |`);
+        lines.push(`| SEO | ${lh.seo} | ≥${t.seo} | ${lh.seo >= t.seo ? "✅" : "❌"} |`);
+        lines.push(`| Best Practices | ${lh.bestPractices} | ≥${t.bestPractices} | ${lh.bestPractices >= t.bestPractices ? "✅" : "❌"} |`);
+        lines.push("");
+    }
+    // E2E
+    if (result.e2e && result.e2e.total > 0) {
+        const e2e = result.e2e;
+        lines.push(`### E2E: ${e2e.failed === 0 ? "✅" : "❌"} ${e2e.passed}/${e2e.total} passed`);
+        lines.push("");
+    }
+    // Blockers
+    if (result.blockers.length > 0) {
+        lines.push("### Blockers");
+        for (const b of result.blockers.slice(0, 8)) {
+            lines.push(`- **[${b.severity}]** ${b.title}`);
+        }
+        lines.push("");
+    }
+    // Extra checks
+    const extras = [];
+    if (result.security && result.security.total > 0)
+        extras.push(`Security: ${result.security.critical} critical, ${result.security.high} high`);
+    if (result.typecheck && result.typecheck.errorCount > 0)
+        extras.push(`TypeScript: ${result.typecheck.errorCount} errors`);
+    if (result.secretScan && result.secretScan.findingsCount > 0)
+        extras.push(`Secrets: ${result.secretScan.findingsCount} findings`);
+    if (result.a11yDeep && (result.a11yDeep.criticalCount > 0 || result.a11yDeep.seriousCount > 0))
+        extras.push(`WCAG: ${result.a11yDeep.criticalCount} critical, ${result.a11yDeep.seriousCount} serious`);
+    if (result.brokenLinks && result.brokenLinks.broken > 0)
+        extras.push(`Broken links: ${result.brokenLinks.broken}/${result.brokenLinks.checked}`);
+    if (result.consoleErrors && result.consoleErrors > 0)
+        extras.push(`Console errors: ${result.consoleErrors}`);
+    if (extras.length > 0) {
+        lines.push("### Additional findings");
+        for (const e of extras)
+            lines.push(`- ${e}`);
+        lines.push("");
+    }
+    lines.push(`**Fail-on threshold**: ${result.config_fail_on ?? "bronze"}`);
+    lines.push("");
+    lines.push("---");
+    lines.push("[laxy-verify docs](https://github.com/SUNgm24/Laxy/tree/main/laxy-verify)");
+    return lines.join("\n");
+}
+async function createCheckRun(result, trend) {
+    const ctx = (0, github_js_1.getGitHubContext)();
+    if (!ctx)
+        return;
+    const [owner, repo] = ctx.repository.split("/");
+    const conclusion = result.exitCode === 0 ? "success" : "failure";
+    const title = result.exitCode === 0
+        ? `Laxy Verify: ${result.grade} — no blockers`
+        : `Laxy Verify: ${result.grade} — ${result.blockers.length} blocker(s)`;
+    const summary = renderCheckRunSummary(result, trend);
+    // GitHub Check Runs API
+    const url = `https://api.github.com/repos/${owner}/${repo}/check-runs`;
+    try {
+        const res = await fetch(url, {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${ctx.token}`,
+                Accept: "application/vnd.github.v3+json",
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                name: "laxy-verify",
+                head_sha: ctx.sha,
+                status: "completed",
+                conclusion,
+                output: {
+                    title,
+                    summary,
+                },
+            }),
+        });
+        if (!res.ok) {
+            console.warn(`GitHub Check Run API returned ${res.status}; falling back to status check.`);
+        }
+    }
+    catch (err) {
+        console.warn(`GitHub Check Run request failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}