mustflow 2.84.0 → 2.85.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -2
- package/dist/cli/commands/script-pack.js +4 -0
- package/dist/cli/i18n/en.js +79 -0
- package/dist/cli/i18n/es.js +79 -0
- package/dist/cli/i18n/fr.js +79 -0
- package/dist/cli/i18n/hi.js +79 -0
- package/dist/cli/i18n/ko.js +79 -0
- package/dist/cli/i18n/zh.js +79 -0
- package/dist/cli/lib/repo-map.js +27 -6
- package/dist/cli/lib/run-root-trust.js +15 -1
- package/dist/cli/lib/script-pack-registry.js +114 -0
- package/dist/cli/lib/validation/index.js +2 -2
- package/dist/cli/lib/validation/primitives.js +4 -1
- package/dist/cli/script-packs/code-change-impact.js +172 -0
- package/dist/cli/script-packs/code-dependency-graph.js +181 -0
- package/dist/cli/script-packs/repo-env-contract.js +156 -0
- package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
- package/dist/core/change-impact.js +383 -0
- package/dist/core/change-verification.js +32 -5
- package/dist/core/config-loading.js +121 -4
- package/dist/core/dependency-graph.js +490 -0
- package/dist/core/env-contract.js +450 -0
- package/dist/core/line-endings.js +26 -13
- package/dist/core/public-json-contracts.js +51 -0
- package/dist/core/route-outline.js +57 -5
- package/dist/core/script-pack-suggestions.js +21 -1
- package/dist/core/secret-risk-scan.js +440 -0
- package/package.json +1 -1
- package/schemas/README.md +16 -0
- package/schemas/change-impact-report.schema.json +150 -0
- package/schemas/commands.schema.json +12 -0
- package/schemas/dependency-graph-report.schema.json +149 -0
- package/schemas/env-contract-report.schema.json +203 -0
- package/schemas/secret-risk-scan-report.schema.json +152 -0
- package/templates/default/i18n.toml +16 -10
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +7 -2
- package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
- package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +23 -8
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
- package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
- package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +15 -9
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +314 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +13 -10
- package/templates/default/manifest.toml +8 -1
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { DEPENDENCY_GRAPH_SCRIPT_REF, inspectDependencyGraph, } from '../../core/dependency-graph.js';
|
|
6
|
+
const DEPENDENCY_GRAPH_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
{ name: '--max-depth', kind: 'string' },
|
|
11
|
+
{ name: '--max-nodes', kind: 'string' },
|
|
12
|
+
{ name: '--max-edges', kind: 'string' },
|
|
13
|
+
];
|
|
14
|
+
function parsePositiveInteger(value, option, lang) {
|
|
15
|
+
if (value === null) {
|
|
16
|
+
return { value: null };
|
|
17
|
+
}
|
|
18
|
+
if (!/^[1-9]\d*$/u.test(value)) {
|
|
19
|
+
return { value: null, error: t(lang, 'dependencyGraph.error.invalidPositiveInteger', { option, value }) };
|
|
20
|
+
}
|
|
21
|
+
const parsed = Number(value);
|
|
22
|
+
if (!Number.isSafeInteger(parsed)) {
|
|
23
|
+
return { value: null, error: t(lang, 'dependencyGraph.error.invalidPositiveInteger', { option, value }) };
|
|
24
|
+
}
|
|
25
|
+
return { value: parsed };
|
|
26
|
+
}
|
|
27
|
+
export function getCodeDependencyGraphHelp(lang = 'en') {
|
|
28
|
+
return renderHelp({
|
|
29
|
+
usage: 'mf script-pack run code/dependency-graph scan <path...> [options]',
|
|
30
|
+
summary: t(lang, 'dependencyGraph.help.summary'),
|
|
31
|
+
options: [
|
|
32
|
+
{ label: '--max-depth <count>', description: t(lang, 'dependencyGraph.help.option.maxDepth') },
|
|
33
|
+
{ label: '--max-files <count>', description: t(lang, 'dependencyGraph.help.option.maxFiles') },
|
|
34
|
+
{ label: '--max-file-bytes <bytes>', description: t(lang, 'dependencyGraph.help.option.maxFileBytes') },
|
|
35
|
+
{ label: '--max-nodes <count>', description: t(lang, 'dependencyGraph.help.option.maxNodes') },
|
|
36
|
+
{ label: '--max-edges <count>', description: t(lang, 'dependencyGraph.help.option.maxEdges') },
|
|
37
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
38
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
39
|
+
],
|
|
40
|
+
examples: [
|
|
41
|
+
'mf script-pack run code/dependency-graph scan src/cli/index.ts --json',
|
|
42
|
+
'mf script-pack run code/dependency-graph scan src/core --max-depth 3 --json',
|
|
43
|
+
'mf script-pack run code/dependency-graph scan src tests --max-nodes 120 --max-edges 300 --json',
|
|
44
|
+
],
|
|
45
|
+
exitCodes: [
|
|
46
|
+
{ label: '0', description: t(lang, 'dependencyGraph.help.exit.ok') },
|
|
47
|
+
{ label: '1', description: t(lang, 'dependencyGraph.help.exit.fail') },
|
|
48
|
+
],
|
|
49
|
+
}, lang);
|
|
50
|
+
}
|
|
51
|
+
function parseDependencyGraphOptions(args, lang) {
|
|
52
|
+
const [action, ...rest] = args;
|
|
53
|
+
const parsed = parseCliOptions(rest, DEPENDENCY_GRAPH_OPTIONS, { allowPositionals: true });
|
|
54
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
55
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
|
|
56
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
|
|
57
|
+
const maxDepth = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-depth'), '--max-depth', lang);
|
|
58
|
+
const maxNodes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-nodes'), '--max-nodes', lang);
|
|
59
|
+
const maxEdges = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-edges'), '--max-edges', lang);
|
|
60
|
+
const positiveOptions = [maxFiles, maxFileBytes, maxDepth, maxNodes, maxEdges];
|
|
61
|
+
if (action !== 'scan') {
|
|
62
|
+
return {
|
|
63
|
+
action: 'scan',
|
|
64
|
+
json,
|
|
65
|
+
paths: parsed.positionals,
|
|
66
|
+
maxFiles: maxFiles.value,
|
|
67
|
+
maxFileBytes: maxFileBytes.value,
|
|
68
|
+
maxDepth: maxDepth.value,
|
|
69
|
+
maxNodes: maxNodes.value,
|
|
70
|
+
maxEdges: maxEdges.value,
|
|
71
|
+
error: action ? t(lang, 'dependencyGraph.error.unknownAction', { action }) : t(lang, 'dependencyGraph.error.missingAction'),
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
if (parsed.error) {
|
|
75
|
+
return {
|
|
76
|
+
action,
|
|
77
|
+
json,
|
|
78
|
+
paths: parsed.positionals,
|
|
79
|
+
maxFiles: maxFiles.value,
|
|
80
|
+
maxFileBytes: maxFileBytes.value,
|
|
81
|
+
maxDepth: maxDepth.value,
|
|
82
|
+
maxNodes: maxNodes.value,
|
|
83
|
+
maxEdges: maxEdges.value,
|
|
84
|
+
error: formatCliOptionParseError(parsed.error, lang),
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
for (const candidate of positiveOptions) {
|
|
88
|
+
if (candidate.error) {
|
|
89
|
+
return {
|
|
90
|
+
action,
|
|
91
|
+
json,
|
|
92
|
+
paths: parsed.positionals,
|
|
93
|
+
maxFiles: maxFiles.value,
|
|
94
|
+
maxFileBytes: maxFileBytes.value,
|
|
95
|
+
maxDepth: maxDepth.value,
|
|
96
|
+
maxNodes: maxNodes.value,
|
|
97
|
+
maxEdges: maxEdges.value,
|
|
98
|
+
error: candidate.error,
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
if (parsed.positionals.length === 0) {
|
|
103
|
+
return {
|
|
104
|
+
action,
|
|
105
|
+
json,
|
|
106
|
+
paths: parsed.positionals,
|
|
107
|
+
maxFiles: maxFiles.value,
|
|
108
|
+
maxFileBytes: maxFileBytes.value,
|
|
109
|
+
maxDepth: maxDepth.value,
|
|
110
|
+
maxNodes: maxNodes.value,
|
|
111
|
+
maxEdges: maxEdges.value,
|
|
112
|
+
error: t(lang, 'dependencyGraph.error.missingPath'),
|
|
113
|
+
};
|
|
114
|
+
}
|
|
115
|
+
return {
|
|
116
|
+
action,
|
|
117
|
+
json,
|
|
118
|
+
paths: parsed.positionals,
|
|
119
|
+
maxFiles: maxFiles.value,
|
|
120
|
+
maxFileBytes: maxFileBytes.value,
|
|
121
|
+
maxDepth: maxDepth.value,
|
|
122
|
+
maxNodes: maxNodes.value,
|
|
123
|
+
maxEdges: maxEdges.value,
|
|
124
|
+
};
|
|
125
|
+
}
|
|
126
|
+
function renderDependencyGraphSummary(report, lang) {
|
|
127
|
+
const lines = [
|
|
128
|
+
t(lang, 'dependencyGraph.title'),
|
|
129
|
+
`${t(lang, 'scriptPack.label.script')}: ${DEPENDENCY_GRAPH_SCRIPT_REF}`,
|
|
130
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
131
|
+
`${t(lang, 'dependencyGraph.label.targets')}: ${report.targets.length}`,
|
|
132
|
+
`${t(lang, 'dependencyGraph.label.nodes')}: ${report.nodes.length}`,
|
|
133
|
+
`${t(lang, 'dependencyGraph.label.edges')}: ${report.edges.length}`,
|
|
134
|
+
`${t(lang, 'dependencyGraph.label.cycles')}: ${report.cycles.length}`,
|
|
135
|
+
`${t(lang, 'dependencyGraph.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
136
|
+
];
|
|
137
|
+
for (const edge of report.edges.slice(0, 40)) {
|
|
138
|
+
lines.push(`- ${edge.source_path}:${edge.line} -> ${edge.target_path} (${edge.kind}, ${edge.specifier})`);
|
|
139
|
+
}
|
|
140
|
+
if (report.cycles.length > 0) {
|
|
141
|
+
lines.push(t(lang, 'dependencyGraph.label.cycleList'));
|
|
142
|
+
for (const cycle of report.cycles) {
|
|
143
|
+
lines.push(`- ${cycle.join(' -> ')}`);
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
if (report.findings.length > 0) {
|
|
147
|
+
lines.push(t(lang, 'dependencyGraph.label.findings'), ...report.findings.map((finding) => `- ${finding.path}: ${finding.code} (${finding.message})`));
|
|
148
|
+
}
|
|
149
|
+
if (report.issues.length > 0) {
|
|
150
|
+
lines.push(t(lang, 'dependencyGraph.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
151
|
+
}
|
|
152
|
+
if (report.edges.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
|
|
153
|
+
lines.push(t(lang, 'dependencyGraph.clean'));
|
|
154
|
+
}
|
|
155
|
+
return lines.join('\n');
|
|
156
|
+
}
|
|
157
|
+
export function runCodeDependencyGraphScript(args, reporter, lang = 'en') {
|
|
158
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
159
|
+
reporter.stdout(getCodeDependencyGraphHelp(lang));
|
|
160
|
+
return 0;
|
|
161
|
+
}
|
|
162
|
+
const options = parseDependencyGraphOptions(args, lang);
|
|
163
|
+
if (options.error) {
|
|
164
|
+
printUsageError(reporter, options.error, 'mf script-pack run code/dependency-graph --help', getCodeDependencyGraphHelp(lang), lang);
|
|
165
|
+
return 1;
|
|
166
|
+
}
|
|
167
|
+
const report = inspectDependencyGraph(resolveMustflowRoot(), {
|
|
168
|
+
paths: options.paths,
|
|
169
|
+
maxFiles: options.maxFiles ?? undefined,
|
|
170
|
+
maxFileBytes: options.maxFileBytes ?? undefined,
|
|
171
|
+
maxDepth: options.maxDepth ?? undefined,
|
|
172
|
+
maxNodes: options.maxNodes ?? undefined,
|
|
173
|
+
maxEdges: options.maxEdges ?? undefined,
|
|
174
|
+
});
|
|
175
|
+
if (options.json) {
|
|
176
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
177
|
+
return report.ok ? 0 : 1;
|
|
178
|
+
}
|
|
179
|
+
reporter.stdout(renderDependencyGraphSummary(report, lang));
|
|
180
|
+
return report.ok ? 0 : 1;
|
|
181
|
+
}
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { ENV_CONTRACT_SCRIPT_REF, inspectEnvContract } from '../../core/env-contract.js';
|
|
6
|
+
const ENV_CONTRACT_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
{ name: '--max-keys', kind: 'string' },
|
|
11
|
+
];
|
|
12
|
+
function parsePositiveInteger(value, option, lang) {
|
|
13
|
+
if (value === null) {
|
|
14
|
+
return { value: null };
|
|
15
|
+
}
|
|
16
|
+
if (!/^[1-9]\d*$/u.test(value)) {
|
|
17
|
+
return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
|
|
18
|
+
}
|
|
19
|
+
const parsed = Number(value);
|
|
20
|
+
if (!Number.isSafeInteger(parsed)) {
|
|
21
|
+
return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
|
|
22
|
+
}
|
|
23
|
+
return { value: parsed };
|
|
24
|
+
}
|
|
25
|
+
export function getRepoEnvContractHelp(lang = 'en') {
|
|
26
|
+
return renderHelp({
|
|
27
|
+
usage: 'mf script-pack run repo/env-contract scan [path...] [options]',
|
|
28
|
+
summary: t(lang, 'envContract.help.summary'),
|
|
29
|
+
options: [
|
|
30
|
+
{ label: '--max-files <count>', description: t(lang, 'envContract.help.option.maxFiles') },
|
|
31
|
+
{ label: '--max-file-bytes <bytes>', description: t(lang, 'envContract.help.option.maxFileBytes') },
|
|
32
|
+
{ label: '--max-keys <count>', description: t(lang, 'envContract.help.option.maxKeys') },
|
|
33
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
34
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
35
|
+
],
|
|
36
|
+
examples: [
|
|
37
|
+
'mf script-pack run repo/env-contract scan --json',
|
|
38
|
+
'mf script-pack run repo/env-contract scan src .env.example --json',
|
|
39
|
+
'mf script-pack run repo/env-contract scan .github/workflows README.md --max-keys 120 --json',
|
|
40
|
+
],
|
|
41
|
+
exitCodes: [
|
|
42
|
+
{ label: '0', description: t(lang, 'envContract.help.exit.ok') },
|
|
43
|
+
{ label: '1', description: t(lang, 'envContract.help.exit.fail') },
|
|
44
|
+
],
|
|
45
|
+
}, lang);
|
|
46
|
+
}
|
|
47
|
+
function parseEnvContractOptions(args, lang) {
|
|
48
|
+
const [action, ...rest] = args;
|
|
49
|
+
const parsed = parseCliOptions(rest, ENV_CONTRACT_OPTIONS, { allowPositionals: true });
|
|
50
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
51
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
|
|
52
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
|
|
53
|
+
const maxKeys = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-keys'), '--max-keys', lang);
|
|
54
|
+
if (action !== 'scan') {
|
|
55
|
+
return {
|
|
56
|
+
action: 'scan',
|
|
57
|
+
json,
|
|
58
|
+
paths: parsed.positionals,
|
|
59
|
+
maxFiles: maxFiles.value,
|
|
60
|
+
maxFileBytes: maxFileBytes.value,
|
|
61
|
+
maxKeys: maxKeys.value,
|
|
62
|
+
error: action ? t(lang, 'envContract.error.unknownAction', { action }) : t(lang, 'envContract.error.missingAction'),
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
if (parsed.error) {
|
|
66
|
+
return {
|
|
67
|
+
action,
|
|
68
|
+
json,
|
|
69
|
+
paths: parsed.positionals,
|
|
70
|
+
maxFiles: maxFiles.value,
|
|
71
|
+
maxFileBytes: maxFileBytes.value,
|
|
72
|
+
maxKeys: maxKeys.value,
|
|
73
|
+
error: formatCliOptionParseError(parsed.error, lang),
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
for (const candidate of [maxFiles, maxFileBytes, maxKeys]) {
|
|
77
|
+
if (candidate.error) {
|
|
78
|
+
return {
|
|
79
|
+
action,
|
|
80
|
+
json,
|
|
81
|
+
paths: parsed.positionals,
|
|
82
|
+
maxFiles: maxFiles.value,
|
|
83
|
+
maxFileBytes: maxFileBytes.value,
|
|
84
|
+
maxKeys: maxKeys.value,
|
|
85
|
+
error: candidate.error,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return {
|
|
90
|
+
action,
|
|
91
|
+
json,
|
|
92
|
+
paths: parsed.positionals,
|
|
93
|
+
maxFiles: maxFiles.value,
|
|
94
|
+
maxFileBytes: maxFileBytes.value,
|
|
95
|
+
maxKeys: maxKeys.value,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
function renderEnvContractSummary(report, lang) {
|
|
99
|
+
const lines = [
|
|
100
|
+
t(lang, 'envContract.title'),
|
|
101
|
+
`${t(lang, 'scriptPack.label.script')}: ${ENV_CONTRACT_SCRIPT_REF}`,
|
|
102
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
103
|
+
`${t(lang, 'envContract.label.files')}: ${report.summary.file_count}`,
|
|
104
|
+
`${t(lang, 'envContract.label.keys')}: ${report.summary.key_count}`,
|
|
105
|
+
`${t(lang, 'envContract.label.findings')}: ${report.findings.length}`,
|
|
106
|
+
`${t(lang, 'envContract.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
107
|
+
];
|
|
108
|
+
for (const entry of report.keys.slice(0, 40)) {
|
|
109
|
+
const flags = [
|
|
110
|
+
entry.used_in_code ? 'code' : null,
|
|
111
|
+
entry.declared_in_example ? 'example' : null,
|
|
112
|
+
entry.documented ? 'docs' : null,
|
|
113
|
+
entry.referenced_in_ci ? 'ci' : null,
|
|
114
|
+
entry.secret_like ? 'secret-like' : null,
|
|
115
|
+
entry.public_like ? 'public-like' : null,
|
|
116
|
+
].filter((flag) => flag !== null);
|
|
117
|
+
lines.push(`- ${entry.key}: ${flags.join(', ') || t(lang, 'value.none')} (${entry.source_count})`);
|
|
118
|
+
}
|
|
119
|
+
if (report.findings.length > 0) {
|
|
120
|
+
lines.push(t(lang, 'envContract.label.findings'));
|
|
121
|
+
for (const finding of report.findings.slice(0, 40)) {
|
|
122
|
+
const key = finding.key ? ` ${finding.key}` : '';
|
|
123
|
+
lines.push(`- ${finding.path}:${key} ${finding.code} (${finding.message})`);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
if (report.issues.length > 0) {
|
|
127
|
+
lines.push(t(lang, 'envContract.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
128
|
+
}
|
|
129
|
+
if (report.keys.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
|
|
130
|
+
lines.push(t(lang, 'envContract.clean'));
|
|
131
|
+
}
|
|
132
|
+
return lines.join('\n');
|
|
133
|
+
}
|
|
134
|
+
export function runRepoEnvContractScript(args, reporter, lang = 'en') {
|
|
135
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
136
|
+
reporter.stdout(getRepoEnvContractHelp(lang));
|
|
137
|
+
return 0;
|
|
138
|
+
}
|
|
139
|
+
const options = parseEnvContractOptions(args, lang);
|
|
140
|
+
if (options.error) {
|
|
141
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/env-contract --help', getRepoEnvContractHelp(lang), lang);
|
|
142
|
+
return 1;
|
|
143
|
+
}
|
|
144
|
+
const report = inspectEnvContract(resolveMustflowRoot(), {
|
|
145
|
+
paths: options.paths,
|
|
146
|
+
maxFiles: options.maxFiles ?? undefined,
|
|
147
|
+
maxFileBytes: options.maxFileBytes ?? undefined,
|
|
148
|
+
maxKeys: options.maxKeys ?? undefined,
|
|
149
|
+
});
|
|
150
|
+
if (options.json) {
|
|
151
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
152
|
+
return report.ok ? 0 : 1;
|
|
153
|
+
}
|
|
154
|
+
reporter.stdout(renderEnvContractSummary(report, lang));
|
|
155
|
+
return report.ok ? 0 : 1;
|
|
156
|
+
}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { inspectSecretRiskScan, SECRET_RISK_SCAN_SCRIPT_REF } from '../../core/secret-risk-scan.js';
|
|
6
|
+
const SECRET_RISK_SCAN_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
{ name: '--max-findings', kind: 'string' },
|
|
11
|
+
];
|
|
12
|
+
function parsePositiveInteger(value, option, lang) {
|
|
13
|
+
if (value === null) {
|
|
14
|
+
return { value: null };
|
|
15
|
+
}
|
|
16
|
+
if (!/^[1-9]\d*$/u.test(value)) {
|
|
17
|
+
return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
|
|
18
|
+
}
|
|
19
|
+
const parsed = Number(value);
|
|
20
|
+
if (!Number.isSafeInteger(parsed)) {
|
|
21
|
+
return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
|
|
22
|
+
}
|
|
23
|
+
return { value: parsed };
|
|
24
|
+
}
|
|
25
|
+
export function getRepoSecretRiskScanHelp(lang = 'en') {
|
|
26
|
+
return renderHelp({
|
|
27
|
+
usage: 'mf script-pack run repo/secret-risk-scan scan [path...] [options]',
|
|
28
|
+
summary: t(lang, 'secretRiskScan.help.summary'),
|
|
29
|
+
options: [
|
|
30
|
+
{ label: '--max-files <count>', description: t(lang, 'secretRiskScan.help.option.maxFiles') },
|
|
31
|
+
{ label: '--max-file-bytes <bytes>', description: t(lang, 'secretRiskScan.help.option.maxFileBytes') },
|
|
32
|
+
{ label: '--max-findings <count>', description: t(lang, 'secretRiskScan.help.option.maxFindings') },
|
|
33
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
34
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
35
|
+
],
|
|
36
|
+
examples: [
|
|
37
|
+
'mf script-pack run repo/secret-risk-scan scan --json',
|
|
38
|
+
'mf script-pack run repo/secret-risk-scan scan src README.md --json',
|
|
39
|
+
'mf script-pack run repo/secret-risk-scan scan .env.example docs --max-findings 50 --json',
|
|
40
|
+
],
|
|
41
|
+
exitCodes: [
|
|
42
|
+
{ label: '0', description: t(lang, 'secretRiskScan.help.exit.ok') },
|
|
43
|
+
{ label: '1', description: t(lang, 'secretRiskScan.help.exit.fail') },
|
|
44
|
+
],
|
|
45
|
+
}, lang);
|
|
46
|
+
}
|
|
47
|
+
function parseSecretRiskScanOptions(args, lang) {
|
|
48
|
+
const [action, ...rest] = args;
|
|
49
|
+
const parsed = parseCliOptions(rest, SECRET_RISK_SCAN_OPTIONS, { allowPositionals: true });
|
|
50
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
51
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
|
|
52
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
|
|
53
|
+
const maxFindings = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-findings'), '--max-findings', lang);
|
|
54
|
+
if (action !== 'scan') {
|
|
55
|
+
return {
|
|
56
|
+
action: 'scan',
|
|
57
|
+
json,
|
|
58
|
+
paths: parsed.positionals,
|
|
59
|
+
maxFiles: maxFiles.value,
|
|
60
|
+
maxFileBytes: maxFileBytes.value,
|
|
61
|
+
maxFindings: maxFindings.value,
|
|
62
|
+
error: action ? t(lang, 'secretRiskScan.error.unknownAction', { action }) : t(lang, 'secretRiskScan.error.missingAction'),
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
if (parsed.error) {
|
|
66
|
+
return {
|
|
67
|
+
action,
|
|
68
|
+
json,
|
|
69
|
+
paths: parsed.positionals,
|
|
70
|
+
maxFiles: maxFiles.value,
|
|
71
|
+
maxFileBytes: maxFileBytes.value,
|
|
72
|
+
maxFindings: maxFindings.value,
|
|
73
|
+
error: formatCliOptionParseError(parsed.error, lang),
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
for (const candidate of [maxFiles, maxFileBytes, maxFindings]) {
|
|
77
|
+
if (candidate.error) {
|
|
78
|
+
return {
|
|
79
|
+
action,
|
|
80
|
+
json,
|
|
81
|
+
paths: parsed.positionals,
|
|
82
|
+
maxFiles: maxFiles.value,
|
|
83
|
+
maxFileBytes: maxFileBytes.value,
|
|
84
|
+
maxFindings: maxFindings.value,
|
|
85
|
+
error: candidate.error,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return {
|
|
90
|
+
action,
|
|
91
|
+
json,
|
|
92
|
+
paths: parsed.positionals,
|
|
93
|
+
maxFiles: maxFiles.value,
|
|
94
|
+
maxFileBytes: maxFileBytes.value,
|
|
95
|
+
maxFindings: maxFindings.value,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
function renderSecretRiskScanSummary(report, lang) {
|
|
99
|
+
const lines = [
|
|
100
|
+
t(lang, 'secretRiskScan.title'),
|
|
101
|
+
`${t(lang, 'scriptPack.label.script')}: ${SECRET_RISK_SCAN_SCRIPT_REF}`,
|
|
102
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
103
|
+
`${t(lang, 'secretRiskScan.label.files')}: ${report.summary.file_count}`,
|
|
104
|
+
`${t(lang, 'secretRiskScan.label.findings')}: ${report.summary.finding_count}`,
|
|
105
|
+
`${t(lang, 'secretRiskScan.label.highOrCritical')}: ${report.summary.high_or_critical_count}`,
|
|
106
|
+
`${t(lang, 'secretRiskScan.label.skippedSecretFiles')}: ${report.summary.skipped_secret_file_count}`,
|
|
107
|
+
`${t(lang, 'secretRiskScan.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
108
|
+
];
|
|
109
|
+
if (report.findings.length > 0) {
|
|
110
|
+
lines.push(t(lang, 'secretRiskScan.label.findings'));
|
|
111
|
+
for (const finding of report.findings.slice(0, 40)) {
|
|
112
|
+
const line = finding.line ? `:${finding.line}` : '';
|
|
113
|
+
const detector = finding.detector ? ` ${finding.detector}` : '';
|
|
114
|
+
lines.push(`- ${finding.path}${line}: ${finding.code}${detector} (${finding.message})`);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
if (report.issues.length > 0) {
|
|
118
|
+
lines.push(t(lang, 'secretRiskScan.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
119
|
+
}
|
|
120
|
+
if (report.findings.length === 0 && report.issues.length === 0) {
|
|
121
|
+
lines.push(t(lang, 'secretRiskScan.clean'));
|
|
122
|
+
}
|
|
123
|
+
return lines.join('\n');
|
|
124
|
+
}
|
|
125
|
+
export function runRepoSecretRiskScanScript(args, reporter, lang = 'en') {
|
|
126
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
127
|
+
reporter.stdout(getRepoSecretRiskScanHelp(lang));
|
|
128
|
+
return 0;
|
|
129
|
+
}
|
|
130
|
+
const options = parseSecretRiskScanOptions(args, lang);
|
|
131
|
+
if (options.error) {
|
|
132
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/secret-risk-scan --help', getRepoSecretRiskScanHelp(lang), lang);
|
|
133
|
+
return 1;
|
|
134
|
+
}
|
|
135
|
+
const report = inspectSecretRiskScan(resolveMustflowRoot(), {
|
|
136
|
+
paths: options.paths,
|
|
137
|
+
maxFiles: options.maxFiles ?? undefined,
|
|
138
|
+
maxFileBytes: options.maxFileBytes ?? undefined,
|
|
139
|
+
maxFindings: options.maxFindings ?? undefined,
|
|
140
|
+
});
|
|
141
|
+
if (options.json) {
|
|
142
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
143
|
+
return report.ok ? 0 : 1;
|
|
144
|
+
}
|
|
145
|
+
reporter.stdout(renderSecretRiskScanSummary(report, lang));
|
|
146
|
+
return report.ok ? 0 : 1;
|
|
147
|
+
}
|