mustflow 2.75.2 → 2.85.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -3
- package/dist/cli/commands/docs.js +86 -2
- package/dist/cli/commands/script-pack.js +9 -0
- package/dist/cli/i18n/en.js +180 -2
- package/dist/cli/i18n/es.js +180 -2
- package/dist/cli/i18n/fr.js +180 -2
- package/dist/cli/i18n/hi.js +180 -2
- package/dist/cli/i18n/ko.js +180 -2
- package/dist/cli/i18n/zh.js +180 -2
- package/dist/cli/lib/repo-map.js +27 -6
- package/dist/cli/lib/run-root-trust.js +15 -1
- package/dist/cli/lib/script-pack-registry.js +275 -6
- package/dist/cli/lib/validation/index.js +2 -2
- package/dist/cli/lib/validation/primitives.js +4 -1
- package/dist/cli/script-packs/code-change-impact.js +172 -0
- package/dist/cli/script-packs/code-dependency-graph.js +181 -0
- package/dist/cli/script-packs/code-export-diff.js +160 -0
- package/dist/cli/script-packs/code-outline.js +33 -5
- package/dist/cli/script-packs/code-route-outline.js +155 -0
- package/dist/cli/script-packs/docs-reference-drift.js +150 -0
- package/dist/cli/script-packs/repo-config-chain.js +163 -0
- package/dist/cli/script-packs/repo-env-contract.js +156 -0
- package/dist/cli/script-packs/repo-related-files.js +161 -0
- package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
- package/dist/core/change-impact.js +383 -0
- package/dist/core/change-verification.js +32 -5
- package/dist/core/code-outline.js +460 -79
- package/dist/core/config-chain.js +595 -0
- package/dist/core/config-loading.js +121 -4
- package/dist/core/dependency-graph.js +490 -0
- package/dist/core/env-contract.js +450 -0
- package/dist/core/export-diff.js +359 -0
- package/dist/core/line-endings.js +26 -13
- package/dist/core/public-json-contracts.js +126 -0
- package/dist/core/reference-drift.js +388 -0
- package/dist/core/related-files.js +493 -0
- package/dist/core/route-outline.js +964 -0
- package/dist/core/script-pack-suggestions.js +131 -5
- package/dist/core/secret-risk-scan.js +440 -0
- package/dist/core/source-anchors.js +13 -1
- package/package.json +1 -1
- package/schemas/README.md +44 -6
- package/schemas/change-impact-report.schema.json +150 -0
- package/schemas/code-outline-report.schema.json +1 -1
- package/schemas/code-symbol-read-report.schema.json +64 -4
- package/schemas/commands.schema.json +12 -0
- package/schemas/config-chain-report.schema.json +187 -0
- package/schemas/dependency-graph-report.schema.json +149 -0
- package/schemas/env-contract-report.schema.json +203 -0
- package/schemas/export-diff-report.schema.json +220 -0
- package/schemas/reference-drift-report.schema.json +166 -0
- package/schemas/related-files-report.schema.json +145 -0
- package/schemas/route-outline-report.schema.json +200 -0
- package/schemas/secret-risk-scan-report.schema.json +152 -0
- package/templates/default/common/.mustflow/config/commands.toml +21 -0
- package/templates/default/i18n.toml +21 -9
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +1 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +8 -2
- package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
- package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +146 -0
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
- package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
- package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +21 -9
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +314 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +13 -10
- package/templates/default/manifest.toml +15 -1
package/dist/cli/i18n/zh.js
CHANGED
|
@@ -585,6 +585,7 @@ export const zhMessages = {
|
|
|
585
585
|
"docs.help.summary": "跟踪由 LLM 创建或修改后需要文字审阅的文档。",
|
|
586
586
|
"docs.help.option.all": "包含已批准和已忽略的文档",
|
|
587
587
|
"docs.help.option.status": "按审阅状态过滤",
|
|
588
|
+
"docs.help.option.changed": "从 git status 添加所有已更改的文档审阅候选项",
|
|
588
589
|
"docs.help.option.reason": "记录文档需要审阅的原因",
|
|
589
590
|
"docs.help.option.origin": "记录审阅来源,例如 llm_modified",
|
|
590
591
|
"docs.help.option.actorKind": "记录谁修改了文档:human、llm、tool 或 external",
|
|
@@ -600,6 +601,8 @@ export const zhMessages = {
|
|
|
600
601
|
"docs.review.empty": "没有需要审阅的文档。",
|
|
601
602
|
"docs.review.wrote": "写入",
|
|
602
603
|
"docs.review.added": "已添加",
|
|
604
|
+
"docs.review.changed.none": "没有已更改的文档需要审阅。",
|
|
605
|
+
"docs.review.changed.added": "已添加更改文档:{count}",
|
|
603
606
|
"docs.review.commented": "已添加评论",
|
|
604
607
|
"docs.review.marked.approved": "已批准",
|
|
605
608
|
"docs.review.marked.needs_human": "已标记为 needs_human",
|
|
@@ -612,6 +615,9 @@ export const zhMessages = {
|
|
|
612
615
|
"docs.error.emptyComment": "审核评论不能为空",
|
|
613
616
|
"docs.error.commentSourceConflict": "只能使用 --comment 或 --comment-file 其中一个",
|
|
614
617
|
"docs.error.commentFileIsDocument": "--comment-file 不能指向正在审核的文档",
|
|
618
|
+
"docs.error.changedPathConflict": "使用 --changed 时不要提供文档路径",
|
|
619
|
+
"docs.error.changedCommentConflict": "使用 --changed 时不要提供 --comment 或 --comment-file",
|
|
620
|
+
"docs.error.changedFilesUnavailable": "无法通过 git status 检查更改文件:{message}",
|
|
615
621
|
"docs.error.invalidStatus": "无效审阅状态。请使用:{statuses}",
|
|
616
622
|
"docs.error.invalidReviewerKind": "无效审阅者类型。请使用:{kinds}",
|
|
617
623
|
"docs.error.missingReviewerKind": "缺少 --reviewer-kind。请使用:{kinds}",
|
|
@@ -765,11 +771,19 @@ export const zhMessages = {
|
|
|
765
771
|
"scriptPack.suggest.empty": "No script-pack suggestions matched the supplied paths, skills, or phases.",
|
|
766
772
|
"scriptPack.pack.code.summary": "Source-code orientation utility scripts",
|
|
767
773
|
"scriptPack.pack.core.summary": "Core built-in utility scripts",
|
|
774
|
+
"scriptPack.pack.docs.summary": "Documentation reference utility scripts",
|
|
768
775
|
"scriptPack.pack.repo.summary": "Repository-boundary utility scripts",
|
|
769
776
|
"scriptPack.script.codeOutline.summary": "Scan TypeScript and JavaScript files for symbol headers and line ranges",
|
|
770
|
-
"scriptPack.script.
|
|
777
|
+
"scriptPack.script.codeDependencyGraph.summary": "Trace relative TypeScript and JavaScript dependency graph edges",
|
|
778
|
+
"scriptPack.script.codeChangeImpact.summary": "Analyze changed files for impact, script-pack, and verification hints",
|
|
779
|
+
"scriptPack.script.codeSymbolRead.summary": "Read a bounded source snippet by source anchor, symbol line, or explicit line range",
|
|
780
|
+
"scriptPack.script.codeRouteOutline.summary": "Scan Hono, Elysia, Axum, and NestJS route methods, paths, handlers, and lifecycle chains",
|
|
781
|
+
"scriptPack.script.codeExportDiff.summary": "Compare exported source signatures and return metadata across git refs",
|
|
771
782
|
"scriptPack.script.textBudget.summary": "Check exact text length budgets for files or JSON string fields",
|
|
783
|
+
"scriptPack.script.referenceDrift.summary": "Check documented command, script-pack, schema, and path references for drift",
|
|
784
|
+
"scriptPack.script.configChain.summary": "Inspect nearby config files and static config inheritance",
|
|
772
785
|
"scriptPack.script.generatedBoundary.summary": "Check whether candidate paths cross generated, ignored, protected, vendor, or cache boundaries",
|
|
786
|
+
"scriptPack.script.relatedFiles.summary": "Map likely related files for source-oriented repository navigation",
|
|
773
787
|
"scriptPack.label.script": "Script",
|
|
774
788
|
"scriptPack.label.actions": "actions",
|
|
775
789
|
"scriptPack.label.schema": "schema",
|
|
@@ -796,7 +810,8 @@ export const zhMessages = {
|
|
|
796
810
|
"codeOutline.error.missingPath": "Provide at least one source file or directory to scan",
|
|
797
811
|
"codeOutline.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
798
812
|
"codeOutline.error.invalidNonNegativeInteger": "{option} must be a non-negative safe integer: {value}",
|
|
799
|
-
"codeSymbolRead.help.summary": "Read a bounded TypeScript or JavaScript source snippet from a symbol line or explicit line range.",
|
|
813
|
+
"codeSymbolRead.help.summary": "Read a bounded TypeScript or JavaScript source snippet from a source anchor, symbol line, or explicit line range.",
|
|
814
|
+
"codeSymbolRead.help.option.anchor": "Source anchor id to resolve to its target symbol",
|
|
800
815
|
"codeSymbolRead.help.option.startLine": "1-based source line to resolve to a symbol or range",
|
|
801
816
|
"codeSymbolRead.help.option.endLine": "Optional explicit 1-based end line; when omitted, the containing outline symbol is read",
|
|
802
817
|
"codeSymbolRead.help.option.contextLines": "Number of surrounding context lines to include. Default: 0",
|
|
@@ -813,6 +828,56 @@ export const zhMessages = {
|
|
|
813
828
|
"codeSymbolRead.error.missingPath": "Provide exactly one source file to read",
|
|
814
829
|
"codeSymbolRead.error.tooManyPaths": "Provide only one source file to read",
|
|
815
830
|
"codeSymbolRead.error.missingStartLine": "Provide --start-line <line>",
|
|
831
|
+
"codeSymbolRead.error.anchorConflict": "Use either --anchor <id> or <path> with --start-line/--end-line, not both",
|
|
832
|
+
"codeRouteOutline.help.summary": "Scan Hono, Elysia, Axum, and NestJS route source files for method, path, handler, lifecycle, and line metadata.",
|
|
833
|
+
"codeRouteOutline.help.option.maxFiles": "Maximum number of source files to scan. Default: 200",
|
|
834
|
+
"codeRouteOutline.help.option.maxFileBytes": "Maximum bytes to read from each source file. Default: 1048576",
|
|
835
|
+
"codeRouteOutline.help.exit.ok": "The route outline was scanned without findings",
|
|
836
|
+
"codeRouteOutline.help.exit.fail": "The route outline found invalid input, unreadable files, unsupported files, or scan limits",
|
|
837
|
+
"codeRouteOutline.title": "mustflow route outline",
|
|
838
|
+
"codeRouteOutline.label.files": "Files",
|
|
839
|
+
"codeRouteOutline.label.routes": "Routes",
|
|
840
|
+
"codeRouteOutline.label.findings": "Findings",
|
|
841
|
+
"codeRouteOutline.label.outline": "Route outline",
|
|
842
|
+
"codeRouteOutline.label.issues": "Issues",
|
|
843
|
+
"codeRouteOutline.clean": "No Hono, Elysia, Axum, or NestJS routes were found.",
|
|
844
|
+
"codeRouteOutline.error.missingAction": "Specify a route-outline action: scan",
|
|
845
|
+
"codeRouteOutline.error.unknownAction": "Unknown route-outline action: {action}",
|
|
846
|
+
"codeRouteOutline.error.missingPath": "Provide at least one source file or directory to scan",
|
|
847
|
+
"codeRouteOutline.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
848
|
+
"exportDiff.help.summary": "Compare exported TS/JS signatures, return metadata, and package surface hints across a git base and head.",
|
|
849
|
+
"exportDiff.help.option.base": "Git base ref to compare from. Default: HEAD",
|
|
850
|
+
"exportDiff.help.option.head": "Git head ref to compare to. Omit to compare the base with the working tree.",
|
|
851
|
+
"exportDiff.help.option.maxFiles": "Maximum number of changed source files to inspect. Default: 100",
|
|
852
|
+
"exportDiff.help.option.maxFileBytes": "Maximum bytes to read from each source file snapshot. Default: 1048576",
|
|
853
|
+
"exportDiff.help.exit.ok": "The export diff completed without input errors",
|
|
854
|
+
"exportDiff.help.exit.fail": "The export diff could not read git input or exceeded configured limits",
|
|
855
|
+
"exportDiff.title": "mustflow export diff",
|
|
856
|
+
"exportDiff.label.files": "Files",
|
|
857
|
+
"exportDiff.label.added": "Added",
|
|
858
|
+
"exportDiff.label.removed": "Removed",
|
|
859
|
+
"exportDiff.label.changed": "Changed",
|
|
860
|
+
"exportDiff.label.exports": "Exports",
|
|
861
|
+
"exportDiff.label.findings": "Findings",
|
|
862
|
+
"exportDiff.label.issues": "Issues",
|
|
863
|
+
"exportDiff.clean": "No exported TypeScript or JavaScript declaration changes were found.",
|
|
864
|
+
"exportDiff.error.missingAction": "Specify an export-diff action: compare",
|
|
865
|
+
"exportDiff.error.unknownAction": "Unknown export-diff action: {action}",
|
|
866
|
+
"exportDiff.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
867
|
+
"referenceDrift.help.summary": "Check documentation references against current mf commands, script-pack refs, schema files, and repository paths.",
|
|
868
|
+
"referenceDrift.help.option.maxFiles": "Maximum number of document files to inspect. Default: 200",
|
|
869
|
+
"referenceDrift.help.option.maxFileBytes": "Maximum bytes to read from each document file. Default: 524288",
|
|
870
|
+
"referenceDrift.help.exit.ok": "All checked documentation references resolved against current repository surfaces",
|
|
871
|
+
"referenceDrift.help.exit.fail": "A documentation reference was stale, missing, unknown, unreadable, or over a configured limit",
|
|
872
|
+
"referenceDrift.title": "mustflow reference drift",
|
|
873
|
+
"referenceDrift.label.files": "Files",
|
|
874
|
+
"referenceDrift.label.references": "References",
|
|
875
|
+
"referenceDrift.label.findings": "Findings",
|
|
876
|
+
"referenceDrift.label.issues": "Issues",
|
|
877
|
+
"referenceDrift.clean": "No documentation references were found.",
|
|
878
|
+
"referenceDrift.error.missingAction": "Specify a reference-drift action: check",
|
|
879
|
+
"referenceDrift.error.unknownAction": "Unknown reference-drift action: {action}",
|
|
880
|
+
"referenceDrift.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
816
881
|
"textBudget.help.summary": "Check exact text length budgets for files or JSON string fields using grapheme counts by default.",
|
|
817
882
|
"textBudget.help.option.min": "Require at least this many units",
|
|
818
883
|
"textBudget.help.option.max": "Require at most this many units",
|
|
@@ -849,6 +914,119 @@ export const zhMessages = {
|
|
|
849
914
|
"generatedBoundary.error.missingAction": "Specify a generated-boundary action: check",
|
|
850
915
|
"generatedBoundary.error.unknownAction": "Unknown generated-boundary action: {action}",
|
|
851
916
|
"generatedBoundary.error.missingPath": "Provide at least one path to check",
|
|
917
|
+
"dependencyGraph.help.summary": "Trace bounded relative import, export, require, and dynamic import edges for TypeScript and JavaScript source files.",
|
|
918
|
+
"dependencyGraph.help.option.maxDepth": "Maximum dependency depth from target files. Default: 2",
|
|
919
|
+
"dependencyGraph.help.option.maxFiles": "Maximum number of source files to scan. Default: 1000",
|
|
920
|
+
"dependencyGraph.help.option.maxFileBytes": "Maximum bytes to read from each source file. Default: 262144",
|
|
921
|
+
"dependencyGraph.help.option.maxNodes": "Maximum number of graph nodes to report. Default: 300",
|
|
922
|
+
"dependencyGraph.help.option.maxEdges": "Maximum number of graph edges to report. Default: 800",
|
|
923
|
+
"dependencyGraph.help.exit.ok": "The dependency graph completed without input or scan-limit findings",
|
|
924
|
+
"dependencyGraph.help.exit.fail": "The dependency graph found invalid input, unreadable paths, or scan limits",
|
|
925
|
+
"dependencyGraph.title": "mustflow dependency graph",
|
|
926
|
+
"dependencyGraph.label.targets": "Targets",
|
|
927
|
+
"dependencyGraph.label.nodes": "Nodes",
|
|
928
|
+
"dependencyGraph.label.edges": "Edges",
|
|
929
|
+
"dependencyGraph.label.cycles": "Cycles",
|
|
930
|
+
"dependencyGraph.label.truncated": "Truncated",
|
|
931
|
+
"dependencyGraph.label.cycleList": "Cycle hints",
|
|
932
|
+
"dependencyGraph.label.findings": "Findings",
|
|
933
|
+
"dependencyGraph.label.issues": "Issues",
|
|
934
|
+
"dependencyGraph.clean": "No relative dependency edges were found.",
|
|
935
|
+
"dependencyGraph.error.missingAction": "Specify a dependency-graph action: scan",
|
|
936
|
+
"dependencyGraph.error.unknownAction": "Unknown dependency-graph action: {action}",
|
|
937
|
+
"dependencyGraph.error.missingPath": "Provide at least one path to scan",
|
|
938
|
+
"dependencyGraph.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
939
|
+
"changeImpact.help.summary": "Analyze git changes and return bounded file-impact, script-pack, and verification hints.",
|
|
940
|
+
"changeImpact.help.option.base": "Git base ref to compare from. Default: HEAD",
|
|
941
|
+
"changeImpact.help.option.head": "Git head ref to compare to. Omit to compare the base with the working tree.",
|
|
942
|
+
"changeImpact.help.option.maxFiles": "Maximum number of changed files to inspect. Default: 200",
|
|
943
|
+
"changeImpact.help.option.maxImpacts": "Maximum number of impact candidates to report. Default: 300",
|
|
944
|
+
"changeImpact.help.option.maxFileBytes": "Maximum bytes to read from each source file while tracing dependencies. Default: 262144",
|
|
945
|
+
"changeImpact.help.exit.ok": "The change-impact analysis completed without input or scan-limit findings",
|
|
946
|
+
"changeImpact.help.exit.fail": "The change-impact analysis found invalid git input or scan limits",
|
|
947
|
+
"changeImpact.title": "mustflow change impact",
|
|
948
|
+
"changeImpact.label.changedFiles": "Changed files",
|
|
949
|
+
"changeImpact.label.impacts": "Impacts",
|
|
950
|
+
"changeImpact.label.truncated": "Truncated",
|
|
951
|
+
"changeImpact.label.scriptHints": "Script hints",
|
|
952
|
+
"changeImpact.label.verificationHints": "Verification hints",
|
|
953
|
+
"changeImpact.label.findings": "Findings",
|
|
954
|
+
"changeImpact.label.issues": "Issues",
|
|
955
|
+
"changeImpact.clean": "No changed files were found for the selected git range.",
|
|
956
|
+
"changeImpact.error.missingAction": "Specify a change-impact action: analyze",
|
|
957
|
+
"changeImpact.error.unknownAction": "Unknown change-impact action: {action}",
|
|
958
|
+
"changeImpact.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
959
|
+
"relatedFiles.help.summary": "Map direct imports, importers, sibling files, and nearby config boundaries for source-oriented repository navigation.",
|
|
960
|
+
"relatedFiles.help.option.maxFiles": "Maximum number of source or related files to scan. Default: 1000",
|
|
961
|
+
"relatedFiles.help.option.maxFileBytes": "Maximum bytes to read from each source file. Default: 262144",
|
|
962
|
+
"relatedFiles.help.option.maxCandidates": "Maximum number of related-file candidates to report. Default: 200",
|
|
963
|
+
"relatedFiles.help.exit.ok": "The related-file map completed without input or scan-limit findings",
|
|
964
|
+
"relatedFiles.help.exit.fail": "The related-file map found invalid input, unreadable paths, or scan limits",
|
|
965
|
+
"relatedFiles.title": "mustflow related files",
|
|
966
|
+
"relatedFiles.label.targets": "Targets",
|
|
967
|
+
"relatedFiles.label.candidates": "Candidates",
|
|
968
|
+
"relatedFiles.label.truncated": "Truncated",
|
|
969
|
+
"relatedFiles.label.related": "Related files",
|
|
970
|
+
"relatedFiles.label.confidence": "confidence",
|
|
971
|
+
"relatedFiles.label.findings": "Findings",
|
|
972
|
+
"relatedFiles.label.issues": "Issues",
|
|
973
|
+
"relatedFiles.clean": "No related-file candidates were found.",
|
|
974
|
+
"relatedFiles.error.missingAction": "Specify a related-files action: map",
|
|
975
|
+
"relatedFiles.error.unknownAction": "Unknown related-files action: {action}",
|
|
976
|
+
"relatedFiles.error.missingPath": "Provide at least one path to map",
|
|
977
|
+
"relatedFiles.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
978
|
+
"configChain.help.summary": "Inspect nearby config files, static inheritance, workspace hints, and dynamic config boundaries.",
|
|
979
|
+
"configChain.help.option.maxConfigs": "Maximum number of config files to inspect. Default: 120",
|
|
980
|
+
"configChain.help.option.maxFileBytes": "Maximum bytes to read from each config file. Default: 262144",
|
|
981
|
+
"configChain.help.exit.ok": "The config chain was inspected without blocking findings",
|
|
982
|
+
"configChain.help.exit.fail": "The config chain found invalid input, unreadable files, parse errors, or scan limits",
|
|
983
|
+
"configChain.title": "mustflow config chain",
|
|
984
|
+
"configChain.label.targets": "Targets",
|
|
985
|
+
"configChain.label.configs": "Configs",
|
|
986
|
+
"configChain.label.edges": "Edges",
|
|
987
|
+
"configChain.label.findings": "Findings",
|
|
988
|
+
"configChain.label.dynamic": "dynamic",
|
|
989
|
+
"configChain.label.issues": "Issues",
|
|
990
|
+
"configChain.clean": "No nearby config files were found.",
|
|
991
|
+
"configChain.error.missingAction": "Specify a config-chain action: inspect",
|
|
992
|
+
"configChain.error.unknownAction": "Unknown config-chain action: {action}",
|
|
993
|
+
"configChain.error.missingPath": "Provide at least one path to inspect",
|
|
994
|
+
"configChain.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
995
|
+
"scriptPack.script.envContract.summary": "Scan repository environment-variable contracts without reading secret values",
|
|
996
|
+
"envContract.help.summary": "Scan code, CI, docs, config, and env examples for environment variable contract drift without printing env values.",
|
|
997
|
+
"envContract.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
998
|
+
"envContract.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
999
|
+
"envContract.help.option.maxKeys": "Maximum number of env keys to report. Default: 300",
|
|
1000
|
+
"envContract.help.exit.ok": "The env contract scan completed without blocking findings",
|
|
1001
|
+
"envContract.help.exit.fail": "The env contract scan found invalid input, unreadable files, or contract findings",
|
|
1002
|
+
"envContract.title": "mustflow env contract",
|
|
1003
|
+
"envContract.label.files": "Files",
|
|
1004
|
+
"envContract.label.keys": "Keys",
|
|
1005
|
+
"envContract.label.findings": "Findings",
|
|
1006
|
+
"envContract.label.truncated": "Truncated",
|
|
1007
|
+
"envContract.label.issues": "Issues",
|
|
1008
|
+
"envContract.clean": "No environment variable references were found.",
|
|
1009
|
+
"envContract.error.missingAction": "Specify an env-contract action: scan",
|
|
1010
|
+
"envContract.error.unknownAction": "Unknown env-contract action: {action}",
|
|
1011
|
+
"envContract.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
1012
|
+
"scriptPack.script.secretRiskScan.summary": "Scan repository files for plausible secrets without printing secret values",
|
|
1013
|
+
"secretRiskScan.help.summary": "Scan code, docs, config, CI, and examples for plausible hardcoded secrets without printing secret values.",
|
|
1014
|
+
"secretRiskScan.help.option.maxFiles": "Maximum number of files to inspect. Default: 1000",
|
|
1015
|
+
"secretRiskScan.help.option.maxFileBytes": "Maximum bytes to read from each inspected file. Default: 262144",
|
|
1016
|
+
"secretRiskScan.help.option.maxFindings": "Maximum number of findings to report. Default: 200",
|
|
1017
|
+
"secretRiskScan.help.exit.ok": "The secret-risk scan completed without blocking findings",
|
|
1018
|
+
"secretRiskScan.help.exit.fail": "The secret-risk scan found invalid input, unreadable files, or secret-risk findings",
|
|
1019
|
+
"secretRiskScan.title": "mustflow secret risk scan",
|
|
1020
|
+
"secretRiskScan.label.files": "Files",
|
|
1021
|
+
"secretRiskScan.label.findings": "Findings",
|
|
1022
|
+
"secretRiskScan.label.highOrCritical": "High or critical",
|
|
1023
|
+
"secretRiskScan.label.skippedSecretFiles": "Skipped secret files",
|
|
1024
|
+
"secretRiskScan.label.truncated": "Truncated",
|
|
1025
|
+
"secretRiskScan.label.issues": "Issues",
|
|
1026
|
+
"secretRiskScan.clean": "No plausible hardcoded secrets were found.",
|
|
1027
|
+
"secretRiskScan.error.missingAction": "Specify a secret-risk-scan action: scan",
|
|
1028
|
+
"secretRiskScan.error.unknownAction": "Unknown secret-risk-scan action: {action}",
|
|
1029
|
+
"secretRiskScan.error.invalidPositiveInteger": "{option} must be a positive safe integer: {value}",
|
|
852
1030
|
"run.help.summary": "从 .mustflow/config/commands.toml 运行已配置的一次性命令。",
|
|
853
1031
|
"run.help.option.dryRun": "输出命令计划但不执行",
|
|
854
1032
|
"run.help.option.planOnly": "--dry-run 的别名",
|
package/dist/cli/lib/repo-map.js
CHANGED
|
@@ -661,7 +661,7 @@ function renderSourceQuality(gitLsFilesStatus) {
|
|
|
661
661
|
'',
|
|
662
662
|
];
|
|
663
663
|
}
|
|
664
|
-
|
|
664
|
+
function createRepoMapRenderModel(projectRoot, options = {}) {
|
|
665
665
|
const depth = options.depth ?? DEFAULT_DEPTH;
|
|
666
666
|
const config = getRepoMapConfig(projectRoot);
|
|
667
667
|
const configuredPriorityPaths = config.priorityPaths;
|
|
@@ -675,10 +675,6 @@ export function generateRepoMap(projectRoot, options = {}) {
|
|
|
675
675
|
const anchorDiscovery = discoverAnchors(projectRoot, depth, priorityPathSet, nestedRepositories, workspaceRootPrefixes);
|
|
676
676
|
const anchors = anchorDiscovery.anchors;
|
|
677
677
|
const gitLsFilesStatus = anchorDiscovery.gitLsFilesStatus;
|
|
678
|
-
const priorityAnchors = configuredPriorityPaths
|
|
679
|
-
.map((relativePath) => anchors.find((anchor) => anchor.relativePath === relativePath))
|
|
680
|
-
.filter((anchor) => Boolean(anchor));
|
|
681
|
-
const otherAnchors = anchors.filter((anchor) => !priorityPathSet.has(anchor.relativePath));
|
|
682
678
|
const anchorCount = anchors.length + nestedRepositories.reduce((total, repository) => total + countNestedEntrypoints(repository), 0);
|
|
683
679
|
const sourceFingerprint = getRepoMapSourceFingerprint({
|
|
684
680
|
depth,
|
|
@@ -688,8 +684,33 @@ export function generateRepoMap(projectRoot, options = {}) {
|
|
|
688
684
|
anchors,
|
|
689
685
|
nestedRepositories,
|
|
690
686
|
});
|
|
687
|
+
return {
|
|
688
|
+
configuredPriorityPaths,
|
|
689
|
+
priorityPathSet,
|
|
690
|
+
mapConfig,
|
|
691
|
+
nestedRepositories,
|
|
692
|
+
anchors,
|
|
693
|
+
gitLsFilesStatus,
|
|
694
|
+
anchorCount,
|
|
695
|
+
sourceFingerprint,
|
|
696
|
+
};
|
|
697
|
+
}
|
|
698
|
+
export function getExpectedRepoMapSourceFingerprint(projectRoot, options = {}) {
|
|
699
|
+
return createRepoMapRenderModel(projectRoot, options).sourceFingerprint;
|
|
700
|
+
}
|
|
701
|
+
export function generateRepoMap(projectRoot, options = {}) {
|
|
702
|
+
const model = createRepoMapRenderModel(projectRoot, options);
|
|
703
|
+
const configuredPriorityPaths = model.configuredPriorityPaths;
|
|
704
|
+
const priorityPathSet = model.priorityPathSet;
|
|
705
|
+
const nestedRepositories = model.nestedRepositories;
|
|
706
|
+
const anchors = model.anchors;
|
|
707
|
+
const gitLsFilesStatus = model.gitLsFilesStatus;
|
|
708
|
+
const priorityAnchors = configuredPriorityPaths
|
|
709
|
+
.map((relativePath) => anchors.find((anchor) => anchor.relativePath === relativePath))
|
|
710
|
+
.filter((anchor) => Boolean(anchor));
|
|
711
|
+
const otherAnchors = anchors.filter((anchor) => !priorityPathSet.has(anchor.relativePath));
|
|
691
712
|
return [
|
|
692
|
-
...renderRepoMapFrontmatter(anchorCount, sourceFingerprint, gitLsFilesStatus),
|
|
713
|
+
...renderRepoMapFrontmatter(model.anchorCount, model.sourceFingerprint, gitLsFilesStatus),
|
|
693
714
|
'# REPO_MAP.md',
|
|
694
715
|
'',
|
|
695
716
|
'This file is an agent navigation map for the current mustflow root. It is not a full file listing.',
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { MANIFEST_LOCK_RELATIVE_PATH, inspectManifestLock } from './manifest-lock.js';
|
|
2
|
+
import { readCommandContractIncludePaths } from '../../core/config-loading.js';
|
|
2
3
|
export const ALLOW_UNTRUSTED_ROOT_OPTION = '--allow-untrusted-root';
|
|
3
4
|
const REQUIRED_RUN_TRUST_LOCK_PATHS = [
|
|
4
5
|
'AGENTS.md',
|
|
@@ -17,7 +18,20 @@ export function assessRunRootTrust(projectRoot) {
|
|
|
17
18
|
};
|
|
18
19
|
}
|
|
19
20
|
const trackedPaths = new Set(readResult.lock.files.map((file) => file.relativePath));
|
|
20
|
-
|
|
21
|
+
let requiredPaths = REQUIRED_RUN_TRUST_LOCK_PATHS;
|
|
22
|
+
try {
|
|
23
|
+
requiredPaths = [...REQUIRED_RUN_TRUST_LOCK_PATHS, ...readCommandContractIncludePaths(projectRoot)];
|
|
24
|
+
}
|
|
25
|
+
catch (error) {
|
|
26
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
27
|
+
return {
|
|
28
|
+
trusted: false,
|
|
29
|
+
reason: 'manifest_lock_invalid',
|
|
30
|
+
manifestLockPath: readResult.lockPath,
|
|
31
|
+
detail: message,
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
const missingRequiredPath = requiredPaths.find((relativePath) => !trackedPaths.has(relativePath));
|
|
21
35
|
if (missingRequiredPath) {
|
|
22
36
|
return {
|
|
23
37
|
trusted: false,
|