mustflow 2.103.10 → 2.103.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/script-pack.js +2 -0
- package/dist/cli/i18n/en.js +33 -0
- package/dist/cli/i18n/es.js +33 -0
- package/dist/cli/i18n/fr.js +33 -0
- package/dist/cli/i18n/hi.js +33 -0
- package/dist/cli/i18n/ko.js +33 -0
- package/dist/cli/i18n/zh.js +33 -0
- package/dist/cli/lib/script-pack-registry.js +57 -0
- package/dist/cli/script-packs/repo-deploy-surface.js +98 -0
- package/dist/cli/script-packs/repo-security-pattern-scan.js +150 -0
- package/dist/core/command-env.js +26 -8
- package/dist/core/public-json-contracts.js +18 -0
- package/dist/core/repo-deploy-surface.js +428 -0
- package/dist/core/script-pack-suggestions.js +29 -2
- package/dist/core/security-pattern-scan.js +518 -0
- package/package.json +1 -1
- package/schemas/README.md +7 -0
- package/schemas/repo-deploy-surface-report.schema.json +190 -0
- package/schemas/security-pattern-scan-report.schema.json +196 -0
- package/templates/default/i18n.toml +5 -5
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +7 -1
- package/templates/default/locales/en/.mustflow/skills/api-contract-change/SKILL.md +18 -9
- package/templates/default/locales/en/.mustflow/skills/completion-evidence-gate/SKILL.md +4 -4
- package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +5 -2
- package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +25 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +2 -2
- package/templates/default/manifest.toml +1 -1
|
@@ -76,6 +76,7 @@ export function getScriptPackHelp(lang = 'en') {
|
|
|
76
76
|
'mf script-pack run repo/config-chain inspect src/cli/index.ts --json',
|
|
77
77
|
'mf script-pack run repo/env-contract scan --json',
|
|
78
78
|
'mf script-pack run repo/secret-risk-scan scan src README.md --json',
|
|
79
|
+
'mf script-pack run repo/security-pattern-scan scan src .github/workflows --json',
|
|
79
80
|
'mf script-pack run repo/generated-boundary check src/cli/index.ts --json',
|
|
80
81
|
'mf script-pack run repo/merge-conflict-scan check --json',
|
|
81
82
|
'mf script-pack run repo/git-ignore-audit audit .env.local dist/app.js --json',
|
|
@@ -83,6 +84,7 @@ export function getScriptPackHelp(lang = 'en') {
|
|
|
83
84
|
'mf script-pack run repo/skill-route-audit audit --json',
|
|
84
85
|
'mf script-pack run repo/version-source inspect --json',
|
|
85
86
|
'mf script-pack run repo/approval-gate check --action git_commit --json',
|
|
87
|
+
'mf script-pack run repo/deploy-surface inspect --json',
|
|
86
88
|
'mf script-pack run repo/related-files map src/cli/index.ts --json',
|
|
87
89
|
'mf script-pack run core/text-budget --help',
|
|
88
90
|
],
|
package/dist/cli/i18n/en.js
CHANGED
|
@@ -1123,9 +1123,29 @@ Read these files before working:
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ Read these files before working:
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
package/dist/cli/i18n/es.js
CHANGED
|
@@ -1123,9 +1123,29 @@ Lee estos archivos antes de trabajar:
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ Lee estos archivos antes de trabajar:
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
package/dist/cli/i18n/fr.js
CHANGED
|
@@ -1123,9 +1123,29 @@ Lisez ces fichiers avant de travailler :
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ Lisez ces fichiers avant de travailler :
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
package/dist/cli/i18n/hi.js
CHANGED
|
@@ -1123,9 +1123,29 @@ export const hiMessages = {
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ export const hiMessages = {
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
package/dist/cli/i18n/ko.js
CHANGED
|
@@ -1123,9 +1123,29 @@ export const koMessages = {
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ export const koMessages = {
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
package/dist/cli/i18n/zh.js
CHANGED
|
@@ -1123,9 +1123,29 @@ export const zhMessages = {
|
|
|
1123
1123
|
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1124
1124
|
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1125
1125
|
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
|
+
"scriptPack.script.securityPatternScan.summary": "Scan repository files for high-signal security code patterns",
|
|
1127
|
+
"securityPatternScan.help.summary": "Scan source, CI, and config files for security code-pattern leads without printing matched source lines or secret values.",
|
|
1128
|
+
"securityPatternScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1129
|
+
"securityPatternScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1130
|
+
"securityPatternScan.help.option.maxFindings": "Maximum number of findings to report. Default: 300",
|
|
1131
|
+
"securityPatternScan.help.exit.ok": "The security-pattern scan completed without blocking findings",
|
|
1132
|
+
"securityPatternScan.help.exit.fail": "The security-pattern scan found invalid input, unreadable files, or security-pattern findings",
|
|
1133
|
+
"securityPatternScan.title": "mustflow security pattern scan",
|
|
1134
|
+
"securityPatternScan.label.files": "Files",
|
|
1135
|
+
"securityPatternScan.label.findings": "Findings",
|
|
1136
|
+
"securityPatternScan.label.categories": "Categories",
|
|
1137
|
+
"securityPatternScan.label.highOrCritical": "High or critical",
|
|
1138
|
+
"securityPatternScan.label.truncated": "Truncated",
|
|
1139
|
+
"securityPatternScan.label.reviewFocus": "Review focus",
|
|
1140
|
+
"securityPatternScan.label.issues": "Issues",
|
|
1141
|
+
"securityPatternScan.clean": "No high-signal security code patterns were found.",
|
|
1142
|
+
"securityPatternScan.error.missingAction": "Specify a security-pattern-scan action: scan",
|
|
1143
|
+
"securityPatternScan.error.unknownAction": "Unknown security-pattern-scan action: {action}",
|
|
1144
|
+
"securityPatternScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1126
1145
|
"scriptPack.script.skillRouteAudit.summary": "Audit skill routes, template skill copies, manifest profiles, and i18n metadata for drift",
|
|
1127
1146
|
"scriptPack.script.versionSource.summary": "Inspect repository version sources before release metadata changes",
|
|
1128
1147
|
"scriptPack.script.approvalGate.summary": "Check planned actions against repository approval policy gates",
|
|
1148
|
+
"scriptPack.script.deploySurface.summary": "Inspect repository deploy and release surfaces with verification gates",
|
|
1129
1149
|
"scriptPack.script.mergeConflictScan.summary": "Scan repository files for unresolved Git merge conflict markers",
|
|
1130
1150
|
"scriptPack.script.gitIgnoreAudit.summary": "Audit Git ignore rules and path visibility evidence",
|
|
1131
1151
|
"scriptPack.script.manifestLockDrift.summary": "Check manifest-lock file hashes against current repository files",
|
|
@@ -1165,6 +1185,19 @@ export const zhMessages = {
|
|
|
1165
1185
|
"approvalGate.error.missingAction": "Specify an approval-gate action: check",
|
|
1166
1186
|
"approvalGate.error.unknownAction": "Unknown approval-gate action: {action}",
|
|
1167
1187
|
"approvalGate.error.missingActionType": "Specify at least one --action <type>",
|
|
1188
|
+
"deploySurface.help.summary": "Inspect workflows, package metadata, package scripts, and deploy config files for local deploy or release surfaces.",
|
|
1189
|
+
"deploySurface.help.exit.ok": "The deploy-surface report was generated",
|
|
1190
|
+
"deploySurface.help.exit.fail": "The deploy-surface report found unreadable metadata or invalid input",
|
|
1191
|
+
"deploySurface.title": "mustflow deploy surface",
|
|
1192
|
+
"deploySurface.label.deploySurface": "Deploy surface detected",
|
|
1193
|
+
"deploySurface.label.surfaces": "Surfaces",
|
|
1194
|
+
"deploySurface.label.surfaceDetails": "Surface details",
|
|
1195
|
+
"deploySurface.label.requiredVerification": "Required verification",
|
|
1196
|
+
"deploySurface.label.manualGates": "Manual gates",
|
|
1197
|
+
"deploySurface.label.issues": "Issues",
|
|
1198
|
+
"deploySurface.noSurfaces": "No local deploy or release surface was detected.",
|
|
1199
|
+
"deploySurface.error.missingAction": "Specify a deploy-surface action: inspect",
|
|
1200
|
+
"deploySurface.error.unknownAction": "Unknown deploy-surface action: {action}",
|
|
1168
1201
|
"mergeConflictScan.help.summary": "Scan changed files or explicit paths for unresolved Git merge conflict markers without printing file content.",
|
|
1169
1202
|
"mergeConflictScan.help.option.maxFiles": "Maximum files to scan. Default: 1000",
|
|
1170
1203
|
"mergeConflictScan.help.option.maxFileBytes": "Maximum bytes to read from each file. Default: 524288",
|
|
@@ -453,6 +453,35 @@ export const SCRIPT_PACKS = [
|
|
|
453
453
|
reportSchemaFile: 'secret-risk-scan-report.schema.json',
|
|
454
454
|
loadRunner: async () => (await import('../script-packs/repo-secret-risk-scan.js')).runRepoSecretRiskScanScript,
|
|
455
455
|
},
|
|
456
|
+
{
|
|
457
|
+
packId: 'repo',
|
|
458
|
+
id: 'security-pattern-scan',
|
|
459
|
+
ref: scriptRef('repo', 'security-pattern-scan'),
|
|
460
|
+
usage: 'mf script-pack run repo/security-pattern-scan scan [path...] [options]',
|
|
461
|
+
summaryKey: 'scriptPack.script.securityPatternScan.summary',
|
|
462
|
+
actions: ['scan'],
|
|
463
|
+
useWhen: [
|
|
464
|
+
'Scan source, CI, and config files for high-signal security code patterns without printing matched source lines or secret values.',
|
|
465
|
+
'Review filesystem, command, injection, browser, token, session, parser, logging, access-control, and transport-security pattern leads before source-to-sink review.',
|
|
466
|
+
],
|
|
467
|
+
phases: ['before_change', 'after_change', 'review'],
|
|
468
|
+
readOnly: true,
|
|
469
|
+
mutates: false,
|
|
470
|
+
network: false,
|
|
471
|
+
inputs: ['path', 'max_files', 'max_file_bytes', 'max_findings'],
|
|
472
|
+
outputs: ['human_summary', 'json_report', 'security_pattern_findings', 'review_focus'],
|
|
473
|
+
relatedSkills: [
|
|
474
|
+
'api-access-control-review',
|
|
475
|
+
'file-upload-security-review',
|
|
476
|
+
'security-flow-review',
|
|
477
|
+
'security-privacy-review',
|
|
478
|
+
'security-regression-tests',
|
|
479
|
+
],
|
|
480
|
+
riskLevel: 'medium',
|
|
481
|
+
cost: 'low',
|
|
482
|
+
reportSchemaFile: 'security-pattern-scan-report.schema.json',
|
|
483
|
+
loadRunner: async () => (await import('../script-packs/repo-security-pattern-scan.js')).runRepoSecurityPatternScanScript,
|
|
484
|
+
},
|
|
456
485
|
{
|
|
457
486
|
packId: 'repo',
|
|
458
487
|
id: 'generated-boundary',
|
|
@@ -655,6 +684,34 @@ export const SCRIPT_PACKS = [
|
|
|
655
684
|
reportSchemaFile: 'repo-approval-gate-report.schema.json',
|
|
656
685
|
loadRunner: async () => (await import('../script-packs/repo-approval-gate.js')).runRepoApprovalGateScript,
|
|
657
686
|
},
|
|
687
|
+
{
|
|
688
|
+
packId: 'repo',
|
|
689
|
+
id: 'deploy-surface',
|
|
690
|
+
ref: scriptRef('repo', 'deploy-surface'),
|
|
691
|
+
usage: 'mf script-pack run repo/deploy-surface inspect [options]',
|
|
692
|
+
summaryKey: 'scriptPack.script.deploySurface.summary',
|
|
693
|
+
actions: ['inspect'],
|
|
694
|
+
useWhen: [
|
|
695
|
+
'Inspect local workflows, package metadata, package scripts, and deploy config files before claiming push, tag, release, or deploy follow-up is available.',
|
|
696
|
+
'Review detected deploy surfaces with trigger, required verification, and manual gate evidence after repository changes.',
|
|
697
|
+
],
|
|
698
|
+
phases: ['before_change', 'after_change', 'review'],
|
|
699
|
+
readOnly: true,
|
|
700
|
+
mutates: false,
|
|
701
|
+
network: false,
|
|
702
|
+
inputs: [],
|
|
703
|
+
outputs: ['human_summary', 'json_report', 'deploy_surfaces', 'required_verification', 'manual_gates'],
|
|
704
|
+
relatedSkills: [
|
|
705
|
+
'completion-evidence-gate',
|
|
706
|
+
'deployment-rollout-safety-review',
|
|
707
|
+
'public-json-contract-change',
|
|
708
|
+
'release-publish-change',
|
|
709
|
+
],
|
|
710
|
+
riskLevel: 'low',
|
|
711
|
+
cost: 'low',
|
|
712
|
+
reportSchemaFile: 'repo-deploy-surface-report.schema.json',
|
|
713
|
+
loadRunner: async () => (await import('../script-packs/repo-deploy-surface.js')).runRepoDeploySurfaceScript,
|
|
714
|
+
},
|
|
658
715
|
{
|
|
659
716
|
packId: 'repo',
|
|
660
717
|
id: 'related-files',
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { inspectRepoDeploySurface, REPO_DEPLOY_SURFACE_SCRIPT_REF, } from '../../core/repo-deploy-surface.js';
|
|
6
|
+
const REPO_DEPLOY_SURFACE_OPTIONS = [{ name: '--json', kind: 'boolean' }];
|
|
7
|
+
export function getRepoDeploySurfaceHelp(lang = 'en') {
|
|
8
|
+
return renderHelp({
|
|
9
|
+
usage: 'mf script-pack run repo/deploy-surface inspect [options]',
|
|
10
|
+
summary: t(lang, 'deploySurface.help.summary'),
|
|
11
|
+
options: [
|
|
12
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
13
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
14
|
+
],
|
|
15
|
+
examples: [
|
|
16
|
+
'mf script-pack run repo/deploy-surface inspect',
|
|
17
|
+
'mf script-pack run repo/deploy-surface inspect --json',
|
|
18
|
+
],
|
|
19
|
+
exitCodes: [
|
|
20
|
+
{ label: '0', description: t(lang, 'deploySurface.help.exit.ok') },
|
|
21
|
+
{ label: '1', description: t(lang, 'deploySurface.help.exit.fail') },
|
|
22
|
+
],
|
|
23
|
+
}, lang);
|
|
24
|
+
}
|
|
25
|
+
function parseRepoDeploySurfaceOptions(args, lang) {
|
|
26
|
+
const [action, ...rest] = args;
|
|
27
|
+
const parsed = parseCliOptions(rest, REPO_DEPLOY_SURFACE_OPTIONS, { allowPositionals: false });
|
|
28
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
29
|
+
if (action !== 'inspect') {
|
|
30
|
+
return {
|
|
31
|
+
action: 'inspect',
|
|
32
|
+
json,
|
|
33
|
+
error: action
|
|
34
|
+
? t(lang, 'deploySurface.error.unknownAction', { action })
|
|
35
|
+
: t(lang, 'deploySurface.error.missingAction'),
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
if (parsed.error) {
|
|
39
|
+
return { action, json, error: formatCliOptionParseError(parsed.error, lang) };
|
|
40
|
+
}
|
|
41
|
+
return { action, json };
|
|
42
|
+
}
|
|
43
|
+
function renderRepoDeploySurfaceSummary(report, lang) {
|
|
44
|
+
const lines = [
|
|
45
|
+
t(lang, 'deploySurface.title'),
|
|
46
|
+
`${t(lang, 'scriptPack.label.script')}: ${REPO_DEPLOY_SURFACE_SCRIPT_REF}`,
|
|
47
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
48
|
+
`${t(lang, 'deploySurface.label.deploySurface')}: ${report.has_deploy_surface ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
49
|
+
`${t(lang, 'deploySurface.label.surfaces')}: ${report.summary.surface_count}`,
|
|
50
|
+
`${t(lang, 'deploySurface.label.requiredVerification')}: ${report.summary.required_verification_count}`,
|
|
51
|
+
`${t(lang, 'deploySurface.label.manualGates')}: ${report.summary.manual_gate_count}`,
|
|
52
|
+
];
|
|
53
|
+
if (report.surfaces.length > 0) {
|
|
54
|
+
lines.push(t(lang, 'deploySurface.label.surfaceDetails'));
|
|
55
|
+
for (const surface of report.surfaces) {
|
|
56
|
+
const location = surface.line === null ? surface.path : `${surface.path}:${surface.line}`;
|
|
57
|
+
const trigger = surface.trigger === null ? '' : `, trigger ${surface.trigger}`;
|
|
58
|
+
lines.push(`- ${surface.surface_type} (${surface.kind}) at ${location}${trigger}`);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
if (report.required_verification.length > 0) {
|
|
62
|
+
lines.push(t(lang, 'deploySurface.label.requiredVerification'));
|
|
63
|
+
for (const verification of report.required_verification) {
|
|
64
|
+
lines.push(`- ${verification}`);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
if (report.manual_gates.length > 0) {
|
|
68
|
+
lines.push(t(lang, 'deploySurface.label.manualGates'));
|
|
69
|
+
for (const gate of report.manual_gates) {
|
|
70
|
+
lines.push(`- ${gate}`);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
if (report.issues.length > 0) {
|
|
74
|
+
lines.push(t(lang, 'deploySurface.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
75
|
+
}
|
|
76
|
+
if (!report.has_deploy_surface && report.issues.length === 0) {
|
|
77
|
+
lines.push(t(lang, 'deploySurface.noSurfaces'));
|
|
78
|
+
}
|
|
79
|
+
return lines.join('\n');
|
|
80
|
+
}
|
|
81
|
+
export function runRepoDeploySurfaceScript(args, reporter, lang = 'en') {
|
|
82
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
83
|
+
reporter.stdout(getRepoDeploySurfaceHelp(lang));
|
|
84
|
+
return 0;
|
|
85
|
+
}
|
|
86
|
+
const options = parseRepoDeploySurfaceOptions(args, lang);
|
|
87
|
+
if (options.error) {
|
|
88
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/deploy-surface --help', getRepoDeploySurfaceHelp(lang), lang);
|
|
89
|
+
return 1;
|
|
90
|
+
}
|
|
91
|
+
const report = inspectRepoDeploySurface(resolveMustflowRoot());
|
|
92
|
+
if (options.json) {
|
|
93
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
94
|
+
return report.ok ? 0 : 1;
|
|
95
|
+
}
|
|
96
|
+
reporter.stdout(renderRepoDeploySurfaceSummary(report, lang));
|
|
97
|
+
return report.ok ? 0 : 1;
|
|
98
|
+
}
|