mustflow 2.84.0 → 2.99.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (105) hide show
  1. package/README.md +11 -2
  2. package/dist/cli/commands/script-pack.js +14 -0
  3. package/dist/cli/i18n/en.js +262 -0
  4. package/dist/cli/i18n/es.js +262 -0
  5. package/dist/cli/i18n/fr.js +262 -0
  6. package/dist/cli/i18n/hi.js +262 -0
  7. package/dist/cli/i18n/ko.js +262 -0
  8. package/dist/cli/i18n/zh.js +262 -0
  9. package/dist/cli/lib/repo-map.js +27 -6
  10. package/dist/cli/lib/run-root-trust.js +15 -1
  11. package/dist/cli/lib/script-pack-registry.js +397 -0
  12. package/dist/cli/lib/validation/index.js +2 -2
  13. package/dist/cli/lib/validation/primitives.js +4 -1
  14. package/dist/cli/script-packs/code-change-impact.js +178 -0
  15. package/dist/cli/script-packs/code-dependency-graph.js +181 -0
  16. package/dist/cli/script-packs/code-import-cycle.js +193 -0
  17. package/dist/cli/script-packs/docs-link-integrity.js +145 -0
  18. package/dist/cli/script-packs/repo-approval-gate.js +100 -0
  19. package/dist/cli/script-packs/repo-env-contract.js +156 -0
  20. package/dist/cli/script-packs/repo-git-ignore-audit.js +119 -0
  21. package/dist/cli/script-packs/repo-manifest-lock-drift.js +122 -0
  22. package/dist/cli/script-packs/repo-merge-conflict-scan.js +123 -0
  23. package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
  24. package/dist/cli/script-packs/repo-skill-route-audit.js +86 -0
  25. package/dist/cli/script-packs/repo-version-source.js +92 -0
  26. package/dist/cli/script-packs/test-performance-report.js +247 -0
  27. package/dist/cli/script-packs/test-regression-selector.js +167 -0
  28. package/dist/core/change-impact.js +355 -0
  29. package/dist/core/change-surface-classification.js +198 -0
  30. package/dist/core/change-verification.js +32 -5
  31. package/dist/core/config-loading.js +121 -4
  32. package/dist/core/dependency-graph.js +490 -0
  33. package/dist/core/docs-link-integrity.js +443 -0
  34. package/dist/core/env-contract.js +450 -0
  35. package/dist/core/import-cycle.js +152 -0
  36. package/dist/core/line-endings.js +26 -13
  37. package/dist/core/public-json-contracts.js +167 -0
  38. package/dist/core/repo-approval-gate.js +116 -0
  39. package/dist/core/repo-git-ignore-audit.js +302 -0
  40. package/dist/core/repo-manifest-lock-drift.js +321 -0
  41. package/dist/core/repo-merge-conflict-scan.js +335 -0
  42. package/dist/core/repo-version-source.js +82 -0
  43. package/dist/core/route-outline.js +57 -5
  44. package/dist/core/script-pack-suggestions.js +97 -1
  45. package/dist/core/secret-risk-scan.js +440 -0
  46. package/dist/core/skill-route-audit.js +354 -0
  47. package/dist/core/test-performance-report.js +697 -0
  48. package/dist/core/test-regression-selector.js +335 -0
  49. package/package.json +1 -1
  50. package/schemas/README.md +54 -0
  51. package/schemas/change-impact-report.schema.json +184 -0
  52. package/schemas/commands.schema.json +12 -0
  53. package/schemas/dependency-graph-report.schema.json +149 -0
  54. package/schemas/env-contract-report.schema.json +203 -0
  55. package/schemas/import-cycle-report.schema.json +157 -0
  56. package/schemas/link-integrity-report.schema.json +176 -0
  57. package/schemas/repo-approval-gate-report.schema.json +115 -0
  58. package/schemas/repo-git-ignore-audit-report.schema.json +201 -0
  59. package/schemas/repo-manifest-lock-drift-report.schema.json +202 -0
  60. package/schemas/repo-merge-conflict-scan-report.schema.json +169 -0
  61. package/schemas/repo-version-source-report.schema.json +127 -0
  62. package/schemas/secret-risk-scan-report.schema.json +152 -0
  63. package/schemas/skill-route-audit-report.schema.json +144 -0
  64. package/schemas/test-performance-report.schema.json +319 -0
  65. package/schemas/test-regression-selector-report.schema.json +187 -0
  66. package/templates/default/i18n.toml +80 -26
  67. package/templates/default/locales/en/.mustflow/skills/INDEX.md +51 -9
  68. package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +48 -27
  69. package/templates/default/locales/en/.mustflow/skills/api-failure-triage/SKILL.md +270 -0
  70. package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
  71. package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
  72. package/templates/default/locales/en/.mustflow/skills/auth-flow-triage/SKILL.md +192 -0
  73. package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +59 -13
  74. package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +14 -5
  75. package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +30 -15
  76. package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +45 -32
  77. package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +200 -0
  78. package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +87 -13
  79. package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +23 -8
  80. package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
  81. package/templates/default/locales/en/.mustflow/skills/docker-runtime-triage/SKILL.md +191 -0
  82. package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
  83. package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +18 -13
  84. package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
  85. package/templates/default/locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md +18 -10
  86. package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +4 -1
  87. package/templates/default/locales/en/.mustflow/skills/motion-system-contract-review/SKILL.md +155 -0
  88. package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +177 -0
  89. package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
  90. package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +15 -7
  91. package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +59 -35
  92. package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +16 -6
  93. package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +4 -1
  94. package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +19 -10
  95. package/templates/default/locales/en/.mustflow/skills/rag-pipeline-triage/SKILL.md +206 -0
  96. package/templates/default/locales/en/.mustflow/skills/routes.toml +69 -9
  97. package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +10 -4
  98. package/templates/default/locales/en/.mustflow/skills/search-index-integrity-review/SKILL.md +181 -0
  99. package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
  100. package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +37 -23
  101. package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +323 -0
  102. package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +18 -10
  103. package/templates/default/locales/en/.mustflow/skills/vector-search-integrity-review/SKILL.md +209 -0
  104. package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +16 -14
  105. package/templates/default/manifest.toml +71 -1
@@ -0,0 +1,156 @@
1
+ import { printUsageError, renderHelp } from '../lib/cli-output.js';
2
+ import { t } from '../lib/i18n.js';
3
+ import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
4
+ import { resolveMustflowRoot } from '../lib/project-root.js';
5
+ import { ENV_CONTRACT_SCRIPT_REF, inspectEnvContract } from '../../core/env-contract.js';
6
+ const ENV_CONTRACT_OPTIONS = [
7
+ { name: '--json', kind: 'boolean' },
8
+ { name: '--max-files', kind: 'string' },
9
+ { name: '--max-file-bytes', kind: 'string' },
10
+ { name: '--max-keys', kind: 'string' },
11
+ ];
12
+ function parsePositiveInteger(value, option, lang) {
13
+ if (value === null) {
14
+ return { value: null };
15
+ }
16
+ if (!/^[1-9]\d*$/u.test(value)) {
17
+ return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
18
+ }
19
+ const parsed = Number(value);
20
+ if (!Number.isSafeInteger(parsed)) {
21
+ return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
22
+ }
23
+ return { value: parsed };
24
+ }
25
+ export function getRepoEnvContractHelp(lang = 'en') {
26
+ return renderHelp({
27
+ usage: 'mf script-pack run repo/env-contract scan [path...] [options]',
28
+ summary: t(lang, 'envContract.help.summary'),
29
+ options: [
30
+ { label: '--max-files <count>', description: t(lang, 'envContract.help.option.maxFiles') },
31
+ { label: '--max-file-bytes <bytes>', description: t(lang, 'envContract.help.option.maxFileBytes') },
32
+ { label: '--max-keys <count>', description: t(lang, 'envContract.help.option.maxKeys') },
33
+ { label: '--json', description: t(lang, 'cli.option.json') },
34
+ { label: '-h, --help', description: t(lang, 'cli.option.help') },
35
+ ],
36
+ examples: [
37
+ 'mf script-pack run repo/env-contract scan --json',
38
+ 'mf script-pack run repo/env-contract scan src .env.example --json',
39
+ 'mf script-pack run repo/env-contract scan .github/workflows README.md --max-keys 120 --json',
40
+ ],
41
+ exitCodes: [
42
+ { label: '0', description: t(lang, 'envContract.help.exit.ok') },
43
+ { label: '1', description: t(lang, 'envContract.help.exit.fail') },
44
+ ],
45
+ }, lang);
46
+ }
47
+ function parseEnvContractOptions(args, lang) {
48
+ const [action, ...rest] = args;
49
+ const parsed = parseCliOptions(rest, ENV_CONTRACT_OPTIONS, { allowPositionals: true });
50
+ const json = hasParsedCliOption(parsed, '--json');
51
+ const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
52
+ const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
53
+ const maxKeys = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-keys'), '--max-keys', lang);
54
+ if (action !== 'scan') {
55
+ return {
56
+ action: 'scan',
57
+ json,
58
+ paths: parsed.positionals,
59
+ maxFiles: maxFiles.value,
60
+ maxFileBytes: maxFileBytes.value,
61
+ maxKeys: maxKeys.value,
62
+ error: action ? t(lang, 'envContract.error.unknownAction', { action }) : t(lang, 'envContract.error.missingAction'),
63
+ };
64
+ }
65
+ if (parsed.error) {
66
+ return {
67
+ action,
68
+ json,
69
+ paths: parsed.positionals,
70
+ maxFiles: maxFiles.value,
71
+ maxFileBytes: maxFileBytes.value,
72
+ maxKeys: maxKeys.value,
73
+ error: formatCliOptionParseError(parsed.error, lang),
74
+ };
75
+ }
76
+ for (const candidate of [maxFiles, maxFileBytes, maxKeys]) {
77
+ if (candidate.error) {
78
+ return {
79
+ action,
80
+ json,
81
+ paths: parsed.positionals,
82
+ maxFiles: maxFiles.value,
83
+ maxFileBytes: maxFileBytes.value,
84
+ maxKeys: maxKeys.value,
85
+ error: candidate.error,
86
+ };
87
+ }
88
+ }
89
+ return {
90
+ action,
91
+ json,
92
+ paths: parsed.positionals,
93
+ maxFiles: maxFiles.value,
94
+ maxFileBytes: maxFileBytes.value,
95
+ maxKeys: maxKeys.value,
96
+ };
97
+ }
98
+ function renderEnvContractSummary(report, lang) {
99
+ const lines = [
100
+ t(lang, 'envContract.title'),
101
+ `${t(lang, 'scriptPack.label.script')}: ${ENV_CONTRACT_SCRIPT_REF}`,
102
+ `${t(lang, 'label.status')}: ${report.status}`,
103
+ `${t(lang, 'envContract.label.files')}: ${report.summary.file_count}`,
104
+ `${t(lang, 'envContract.label.keys')}: ${report.summary.key_count}`,
105
+ `${t(lang, 'envContract.label.findings')}: ${report.findings.length}`,
106
+ `${t(lang, 'envContract.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
107
+ ];
108
+ for (const entry of report.keys.slice(0, 40)) {
109
+ const flags = [
110
+ entry.used_in_code ? 'code' : null,
111
+ entry.declared_in_example ? 'example' : null,
112
+ entry.documented ? 'docs' : null,
113
+ entry.referenced_in_ci ? 'ci' : null,
114
+ entry.secret_like ? 'secret-like' : null,
115
+ entry.public_like ? 'public-like' : null,
116
+ ].filter((flag) => flag !== null);
117
+ lines.push(`- ${entry.key}: ${flags.join(', ') || t(lang, 'value.none')} (${entry.source_count})`);
118
+ }
119
+ if (report.findings.length > 0) {
120
+ lines.push(t(lang, 'envContract.label.findings'));
121
+ for (const finding of report.findings.slice(0, 40)) {
122
+ const key = finding.key ? ` ${finding.key}` : '';
123
+ lines.push(`- ${finding.path}:${key} ${finding.code} (${finding.message})`);
124
+ }
125
+ }
126
+ if (report.issues.length > 0) {
127
+ lines.push(t(lang, 'envContract.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
128
+ }
129
+ if (report.keys.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
130
+ lines.push(t(lang, 'envContract.clean'));
131
+ }
132
+ return lines.join('\n');
133
+ }
134
+ export function runRepoEnvContractScript(args, reporter, lang = 'en') {
135
+ if (hasCliOptionToken(args, '--help', ['-h'])) {
136
+ reporter.stdout(getRepoEnvContractHelp(lang));
137
+ return 0;
138
+ }
139
+ const options = parseEnvContractOptions(args, lang);
140
+ if (options.error) {
141
+ printUsageError(reporter, options.error, 'mf script-pack run repo/env-contract --help', getRepoEnvContractHelp(lang), lang);
142
+ return 1;
143
+ }
144
+ const report = inspectEnvContract(resolveMustflowRoot(), {
145
+ paths: options.paths,
146
+ maxFiles: options.maxFiles ?? undefined,
147
+ maxFileBytes: options.maxFileBytes ?? undefined,
148
+ maxKeys: options.maxKeys ?? undefined,
149
+ });
150
+ if (options.json) {
151
+ reporter.stdout(JSON.stringify(report, null, 2));
152
+ return report.ok ? 0 : 1;
153
+ }
154
+ reporter.stdout(renderEnvContractSummary(report, lang));
155
+ return report.ok ? 0 : 1;
156
+ }
@@ -0,0 +1,119 @@
1
+ import { printUsageError, renderHelp } from '../lib/cli-output.js';
2
+ import { t } from '../lib/i18n.js';
3
+ import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
4
+ import { resolveMustflowRoot } from '../lib/project-root.js';
5
+ import { auditRepoGitIgnore, REPO_GIT_IGNORE_AUDIT_SCRIPT_REF, } from '../../core/repo-git-ignore-audit.js';
6
+ const REPO_GIT_IGNORE_AUDIT_OPTIONS = [
7
+ { name: '--json', kind: 'boolean' },
8
+ { name: '--max-paths', kind: 'string' },
9
+ ];
10
+ export function getRepoGitIgnoreAuditHelp(lang = 'en') {
11
+ return renderHelp({
12
+ usage: 'mf script-pack run repo/git-ignore-audit audit [path...] [options]',
13
+ summary: t(lang, 'gitIgnoreAudit.help.summary'),
14
+ options: [
15
+ { label: '--max-paths <n>', description: t(lang, 'gitIgnoreAudit.help.option.maxPaths') },
16
+ { label: '--json', description: t(lang, 'cli.option.json') },
17
+ { label: '-h, --help', description: t(lang, 'cli.option.help') },
18
+ ],
19
+ examples: [
20
+ 'mf script-pack run repo/git-ignore-audit audit --json',
21
+ 'mf script-pack run repo/git-ignore-audit audit .env.local dist/app.js --json',
22
+ ],
23
+ exitCodes: [
24
+ { label: '0', description: t(lang, 'gitIgnoreAudit.help.exit.ok') },
25
+ { label: '1', description: t(lang, 'gitIgnoreAudit.help.exit.fail') },
26
+ ],
27
+ }, lang);
28
+ }
29
+ function parsePositiveInteger(value, label, lang) {
30
+ if (value === undefined) {
31
+ return undefined;
32
+ }
33
+ const parsed = Number(value);
34
+ if (!Number.isInteger(parsed) || parsed <= 0) {
35
+ return t(lang, 'gitIgnoreAudit.error.invalidPositiveInteger', { option: label });
36
+ }
37
+ return parsed;
38
+ }
39
+ function parseRepoGitIgnoreAuditOptions(args, lang) {
40
+ const [action, ...rest] = args;
41
+ const parsed = parseCliOptions(rest, REPO_GIT_IGNORE_AUDIT_OPTIONS, { allowPositionals: true });
42
+ const json = hasParsedCliOption(parsed, '--json');
43
+ if (action !== 'audit') {
44
+ return {
45
+ action: 'audit',
46
+ paths: parsed.positionals,
47
+ json,
48
+ error: action
49
+ ? t(lang, 'gitIgnoreAudit.error.unknownAction', { action })
50
+ : t(lang, 'gitIgnoreAudit.error.missingAction'),
51
+ };
52
+ }
53
+ if (parsed.error) {
54
+ return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
55
+ }
56
+ const maxPaths = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-paths') ?? undefined, '--max-paths', lang);
57
+ if (typeof maxPaths === 'string') {
58
+ return { action, paths: parsed.positionals, json, error: maxPaths };
59
+ }
60
+ return {
61
+ action,
62
+ paths: parsed.positionals,
63
+ json,
64
+ maxPaths,
65
+ };
66
+ }
67
+ function renderRepoGitIgnoreAuditSummary(report, lang) {
68
+ const lines = [
69
+ t(lang, 'gitIgnoreAudit.title'),
70
+ `${t(lang, 'scriptPack.label.script')}: ${REPO_GIT_IGNORE_AUDIT_SCRIPT_REF}`,
71
+ `${t(lang, 'label.status')}: ${report.status}`,
72
+ `${t(lang, 'gitIgnoreAudit.label.pathsChecked')}: ${report.summary.paths_checked}`,
73
+ `${t(lang, 'gitIgnoreAudit.label.ignoredPaths')}: ${report.summary.ignored_paths}`,
74
+ `${t(lang, 'gitIgnoreAudit.label.ignoreSources')}: ${report.summary.ignore_sources}`,
75
+ ];
76
+ if (report.paths.length > 0) {
77
+ lines.push(t(lang, 'gitIgnoreAudit.label.paths'));
78
+ for (const entry of report.paths) {
79
+ const evidence = entry.source_path && entry.source_line
80
+ ? ` (${entry.source_path}:${entry.source_line} ${entry.pattern ?? ''})`
81
+ : '';
82
+ lines.push(`- ${entry.path}: ${entry.status}${evidence}`);
83
+ }
84
+ }
85
+ if (report.findings.length > 0) {
86
+ lines.push(t(lang, 'gitIgnoreAudit.label.findings'));
87
+ for (const finding of report.findings) {
88
+ lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
89
+ }
90
+ }
91
+ if (report.issues.length > 0) {
92
+ lines.push(t(lang, 'gitIgnoreAudit.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
93
+ }
94
+ if (report.paths.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
95
+ lines.push(t(lang, 'gitIgnoreAudit.clean'));
96
+ }
97
+ return lines.join('\n');
98
+ }
99
+ export function runRepoGitIgnoreAuditScript(args, reporter, lang = 'en') {
100
+ if (hasCliOptionToken(args, '--help', ['-h'])) {
101
+ reporter.stdout(getRepoGitIgnoreAuditHelp(lang));
102
+ return 0;
103
+ }
104
+ const options = parseRepoGitIgnoreAuditOptions(args, lang);
105
+ if (options.error) {
106
+ printUsageError(reporter, options.error, 'mf script-pack run repo/git-ignore-audit --help', getRepoGitIgnoreAuditHelp(lang), lang);
107
+ return 1;
108
+ }
109
+ const report = auditRepoGitIgnore(resolveMustflowRoot(), {
110
+ paths: options.paths,
111
+ maxPaths: options.maxPaths,
112
+ });
113
+ if (options.json) {
114
+ reporter.stdout(JSON.stringify(report, null, 2));
115
+ return report.ok ? 0 : 1;
116
+ }
117
+ reporter.stdout(renderRepoGitIgnoreAuditSummary(report, lang));
118
+ return report.ok ? 0 : 1;
119
+ }
@@ -0,0 +1,122 @@
1
+ import { printUsageError, renderHelp } from '../lib/cli-output.js';
2
+ import { t } from '../lib/i18n.js';
3
+ import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
4
+ import { resolveMustflowRoot } from '../lib/project-root.js';
5
+ import { checkRepoManifestLockDrift, REPO_MANIFEST_LOCK_DRIFT_SCRIPT_REF, } from '../../core/repo-manifest-lock-drift.js';
6
+ const REPO_MANIFEST_LOCK_DRIFT_OPTIONS = [
7
+ { name: '--json', kind: 'boolean' },
8
+ { name: '--max-entries', kind: 'string' },
9
+ ];
10
+ export function getRepoManifestLockDriftHelp(lang = 'en') {
11
+ return renderHelp({
12
+ usage: 'mf script-pack run repo/manifest-lock-drift check [path...] [options]',
13
+ summary: t(lang, 'manifestLockDrift.help.summary'),
14
+ options: [
15
+ { label: '--max-entries <n>', description: t(lang, 'manifestLockDrift.help.option.maxEntries') },
16
+ { label: '--json', description: t(lang, 'cli.option.json') },
17
+ { label: '-h, --help', description: t(lang, 'cli.option.help') },
18
+ ],
19
+ examples: [
20
+ 'mf script-pack run repo/manifest-lock-drift check --json',
21
+ 'mf script-pack run repo/manifest-lock-drift check AGENTS.md .mustflow/config/commands.toml --json',
22
+ ],
23
+ exitCodes: [
24
+ { label: '0', description: t(lang, 'manifestLockDrift.help.exit.ok') },
25
+ { label: '1', description: t(lang, 'manifestLockDrift.help.exit.fail') },
26
+ ],
27
+ }, lang);
28
+ }
29
+ function parsePositiveInteger(value, label, lang) {
30
+ if (value === undefined) {
31
+ return undefined;
32
+ }
33
+ const parsed = Number(value);
34
+ if (!Number.isInteger(parsed) || parsed <= 0) {
35
+ return t(lang, 'manifestLockDrift.error.invalidPositiveInteger', { option: label });
36
+ }
37
+ return parsed;
38
+ }
39
+ function parseRepoManifestLockDriftOptions(args, lang) {
40
+ const [action, ...rest] = args;
41
+ const parsed = parseCliOptions(rest, REPO_MANIFEST_LOCK_DRIFT_OPTIONS, { allowPositionals: true });
42
+ const json = hasParsedCliOption(parsed, '--json');
43
+ if (action !== 'check') {
44
+ return {
45
+ action: 'check',
46
+ paths: parsed.positionals,
47
+ json,
48
+ error: action
49
+ ? t(lang, 'manifestLockDrift.error.unknownAction', { action })
50
+ : t(lang, 'manifestLockDrift.error.missingAction'),
51
+ };
52
+ }
53
+ if (parsed.error) {
54
+ return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
55
+ }
56
+ const maxEntries = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-entries') ?? undefined, '--max-entries', lang);
57
+ if (typeof maxEntries === 'string') {
58
+ return { action, paths: parsed.positionals, json, error: maxEntries };
59
+ }
60
+ return {
61
+ action,
62
+ paths: parsed.positionals,
63
+ json,
64
+ maxEntries,
65
+ };
66
+ }
67
+ function renderRepoManifestLockDriftSummary(report, lang) {
68
+ const lines = [
69
+ t(lang, 'manifestLockDrift.title'),
70
+ `${t(lang, 'scriptPack.label.script')}: ${REPO_MANIFEST_LOCK_DRIFT_SCRIPT_REF}`,
71
+ `${t(lang, 'label.status')}: ${report.status}`,
72
+ `${t(lang, 'manifestLockDrift.label.entriesChecked')}: ${report.summary.entries_checked}`,
73
+ `${t(lang, 'manifestLockDrift.label.hashMismatches')}: ${report.summary.hash_mismatches}`,
74
+ `${t(lang, 'manifestLockDrift.label.missingEntries')}: ${report.summary.missing_entries}`,
75
+ ];
76
+ if (report.entries.length > 0) {
77
+ lines.push(t(lang, 'manifestLockDrift.label.entries'));
78
+ for (const entry of report.entries) {
79
+ if (entry.status === 'skipped') {
80
+ continue;
81
+ }
82
+ const evidence = entry.lock_hash && entry.actual_hash && entry.lock_hash !== entry.actual_hash
83
+ ? ` (${entry.lock_hash} != ${entry.actual_hash})`
84
+ : '';
85
+ lines.push(`- ${entry.path}: ${entry.status}${evidence}`);
86
+ }
87
+ }
88
+ if (report.findings.length > 0) {
89
+ lines.push(t(lang, 'manifestLockDrift.label.findings'));
90
+ for (const finding of report.findings) {
91
+ lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
92
+ }
93
+ }
94
+ if (report.issues.length > 0) {
95
+ lines.push(t(lang, 'manifestLockDrift.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
96
+ }
97
+ if (report.findings.length === 0 && report.issues.length === 0) {
98
+ lines.push(t(lang, 'manifestLockDrift.clean'));
99
+ }
100
+ return lines.join('\n');
101
+ }
102
+ export function runRepoManifestLockDriftScript(args, reporter, lang = 'en') {
103
+ if (hasCliOptionToken(args, '--help', ['-h'])) {
104
+ reporter.stdout(getRepoManifestLockDriftHelp(lang));
105
+ return 0;
106
+ }
107
+ const options = parseRepoManifestLockDriftOptions(args, lang);
108
+ if (options.error) {
109
+ printUsageError(reporter, options.error, 'mf script-pack run repo/manifest-lock-drift --help', getRepoManifestLockDriftHelp(lang), lang);
110
+ return 1;
111
+ }
112
+ const report = checkRepoManifestLockDrift(resolveMustflowRoot(), {
113
+ paths: options.paths,
114
+ maxEntries: options.maxEntries,
115
+ });
116
+ if (options.json) {
117
+ reporter.stdout(JSON.stringify(report, null, 2));
118
+ return report.ok ? 0 : 1;
119
+ }
120
+ reporter.stdout(renderRepoManifestLockDriftSummary(report, lang));
121
+ return report.ok ? 0 : 1;
122
+ }
@@ -0,0 +1,123 @@
1
+ import { printUsageError, renderHelp } from '../lib/cli-output.js';
2
+ import { t } from '../lib/i18n.js';
3
+ import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
4
+ import { resolveMustflowRoot } from '../lib/project-root.js';
5
+ import { checkRepoMergeConflictScan, REPO_MERGE_CONFLICT_SCAN_SCRIPT_REF, } from '../../core/repo-merge-conflict-scan.js';
6
+ const REPO_MERGE_CONFLICT_SCAN_OPTIONS = [
7
+ { name: '--json', kind: 'boolean' },
8
+ { name: '--max-files', kind: 'string' },
9
+ { name: '--max-file-bytes', kind: 'string' },
10
+ ];
11
+ export function getRepoMergeConflictScanHelp(lang = 'en') {
12
+ return renderHelp({
13
+ usage: 'mf script-pack run repo/merge-conflict-scan check [path...] [options]',
14
+ summary: t(lang, 'mergeConflictScan.help.summary'),
15
+ options: [
16
+ { label: '--max-files <n>', description: t(lang, 'mergeConflictScan.help.option.maxFiles') },
17
+ { label: '--max-file-bytes <n>', description: t(lang, 'mergeConflictScan.help.option.maxFileBytes') },
18
+ { label: '--json', description: t(lang, 'cli.option.json') },
19
+ { label: '-h, --help', description: t(lang, 'cli.option.help') },
20
+ ],
21
+ examples: [
22
+ 'mf script-pack run repo/merge-conflict-scan check --json',
23
+ 'mf script-pack run repo/merge-conflict-scan check src README.md --json',
24
+ ],
25
+ exitCodes: [
26
+ { label: '0', description: t(lang, 'mergeConflictScan.help.exit.ok') },
27
+ { label: '1', description: t(lang, 'mergeConflictScan.help.exit.fail') },
28
+ ],
29
+ }, lang);
30
+ }
31
+ function parsePositiveInteger(value, label, lang) {
32
+ if (value === undefined) {
33
+ return undefined;
34
+ }
35
+ const parsed = Number(value);
36
+ if (!Number.isInteger(parsed) || parsed <= 0) {
37
+ return t(lang, 'mergeConflictScan.error.invalidPositiveInteger', { option: label });
38
+ }
39
+ return parsed;
40
+ }
41
+ function parseRepoMergeConflictScanOptions(args, lang) {
42
+ const [action, ...rest] = args;
43
+ const parsed = parseCliOptions(rest, REPO_MERGE_CONFLICT_SCAN_OPTIONS, { allowPositionals: true });
44
+ const json = hasParsedCliOption(parsed, '--json');
45
+ if (action !== 'check') {
46
+ return {
47
+ action: 'check',
48
+ paths: parsed.positionals,
49
+ json,
50
+ error: action
51
+ ? t(lang, 'mergeConflictScan.error.unknownAction', { action })
52
+ : t(lang, 'mergeConflictScan.error.missingAction'),
53
+ };
54
+ }
55
+ if (parsed.error) {
56
+ return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
57
+ }
58
+ const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files') ?? undefined, '--max-files', lang);
59
+ if (typeof maxFiles === 'string') {
60
+ return { action, paths: parsed.positionals, json, error: maxFiles };
61
+ }
62
+ const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes') ?? undefined, '--max-file-bytes', lang);
63
+ if (typeof maxFileBytes === 'string') {
64
+ return { action, paths: parsed.positionals, json, error: maxFileBytes };
65
+ }
66
+ return {
67
+ action,
68
+ paths: parsed.positionals,
69
+ json,
70
+ maxFiles,
71
+ maxFileBytes,
72
+ };
73
+ }
74
+ function renderRepoMergeConflictScanSummary(report, lang) {
75
+ const lines = [
76
+ t(lang, 'mergeConflictScan.title'),
77
+ `${t(lang, 'scriptPack.label.script')}: ${REPO_MERGE_CONFLICT_SCAN_SCRIPT_REF}`,
78
+ `${t(lang, 'label.status')}: ${report.status}`,
79
+ `${t(lang, 'mergeConflictScan.label.filesChecked')}: ${report.summary.files_checked}`,
80
+ `${t(lang, 'mergeConflictScan.label.markersFound')}: ${report.summary.markers_found}`,
81
+ ];
82
+ if (report.markers.length > 0) {
83
+ lines.push(t(lang, 'mergeConflictScan.label.markers'));
84
+ for (const marker of report.markers) {
85
+ lines.push(`- ${marker.path}:${marker.line}:${marker.column} ${marker.marker}`);
86
+ }
87
+ }
88
+ if (report.findings.length > 0) {
89
+ lines.push(t(lang, 'mergeConflictScan.label.findings'));
90
+ for (const finding of report.findings) {
91
+ lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
92
+ }
93
+ }
94
+ if (report.issues.length > 0) {
95
+ lines.push(t(lang, 'mergeConflictScan.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
96
+ }
97
+ if (report.markers.length === 0 && report.issues.length === 0) {
98
+ lines.push(t(lang, 'mergeConflictScan.clean'));
99
+ }
100
+ return lines.join('\n');
101
+ }
102
+ export function runRepoMergeConflictScanScript(args, reporter, lang = 'en') {
103
+ if (hasCliOptionToken(args, '--help', ['-h'])) {
104
+ reporter.stdout(getRepoMergeConflictScanHelp(lang));
105
+ return 0;
106
+ }
107
+ const options = parseRepoMergeConflictScanOptions(args, lang);
108
+ if (options.error) {
109
+ printUsageError(reporter, options.error, 'mf script-pack run repo/merge-conflict-scan --help', getRepoMergeConflictScanHelp(lang), lang);
110
+ return 1;
111
+ }
112
+ const report = checkRepoMergeConflictScan(resolveMustflowRoot(), {
113
+ paths: options.paths,
114
+ maxFiles: options.maxFiles,
115
+ maxFileBytes: options.maxFileBytes,
116
+ });
117
+ if (options.json) {
118
+ reporter.stdout(JSON.stringify(report, null, 2));
119
+ return report.ok ? 0 : 1;
120
+ }
121
+ reporter.stdout(renderRepoMergeConflictScanSummary(report, lang));
122
+ return report.ok ? 0 : 1;
123
+ }
@@ -0,0 +1,147 @@
1
+ import { printUsageError, renderHelp } from '../lib/cli-output.js';
2
+ import { t } from '../lib/i18n.js';
3
+ import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
4
+ import { resolveMustflowRoot } from '../lib/project-root.js';
5
+ import { inspectSecretRiskScan, SECRET_RISK_SCAN_SCRIPT_REF } from '../../core/secret-risk-scan.js';
6
+ const SECRET_RISK_SCAN_OPTIONS = [
7
+ { name: '--json', kind: 'boolean' },
8
+ { name: '--max-files', kind: 'string' },
9
+ { name: '--max-file-bytes', kind: 'string' },
10
+ { name: '--max-findings', kind: 'string' },
11
+ ];
12
+ function parsePositiveInteger(value, option, lang) {
13
+ if (value === null) {
14
+ return { value: null };
15
+ }
16
+ if (!/^[1-9]\d*$/u.test(value)) {
17
+ return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
18
+ }
19
+ const parsed = Number(value);
20
+ if (!Number.isSafeInteger(parsed)) {
21
+ return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
22
+ }
23
+ return { value: parsed };
24
+ }
25
+ export function getRepoSecretRiskScanHelp(lang = 'en') {
26
+ return renderHelp({
27
+ usage: 'mf script-pack run repo/secret-risk-scan scan [path...] [options]',
28
+ summary: t(lang, 'secretRiskScan.help.summary'),
29
+ options: [
30
+ { label: '--max-files <count>', description: t(lang, 'secretRiskScan.help.option.maxFiles') },
31
+ { label: '--max-file-bytes <bytes>', description: t(lang, 'secretRiskScan.help.option.maxFileBytes') },
32
+ { label: '--max-findings <count>', description: t(lang, 'secretRiskScan.help.option.maxFindings') },
33
+ { label: '--json', description: t(lang, 'cli.option.json') },
34
+ { label: '-h, --help', description: t(lang, 'cli.option.help') },
35
+ ],
36
+ examples: [
37
+ 'mf script-pack run repo/secret-risk-scan scan --json',
38
+ 'mf script-pack run repo/secret-risk-scan scan src README.md --json',
39
+ 'mf script-pack run repo/secret-risk-scan scan .env.example docs --max-findings 50 --json',
40
+ ],
41
+ exitCodes: [
42
+ { label: '0', description: t(lang, 'secretRiskScan.help.exit.ok') },
43
+ { label: '1', description: t(lang, 'secretRiskScan.help.exit.fail') },
44
+ ],
45
+ }, lang);
46
+ }
47
+ function parseSecretRiskScanOptions(args, lang) {
48
+ const [action, ...rest] = args;
49
+ const parsed = parseCliOptions(rest, SECRET_RISK_SCAN_OPTIONS, { allowPositionals: true });
50
+ const json = hasParsedCliOption(parsed, '--json');
51
+ const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
52
+ const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
53
+ const maxFindings = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-findings'), '--max-findings', lang);
54
+ if (action !== 'scan') {
55
+ return {
56
+ action: 'scan',
57
+ json,
58
+ paths: parsed.positionals,
59
+ maxFiles: maxFiles.value,
60
+ maxFileBytes: maxFileBytes.value,
61
+ maxFindings: maxFindings.value,
62
+ error: action ? t(lang, 'secretRiskScan.error.unknownAction', { action }) : t(lang, 'secretRiskScan.error.missingAction'),
63
+ };
64
+ }
65
+ if (parsed.error) {
66
+ return {
67
+ action,
68
+ json,
69
+ paths: parsed.positionals,
70
+ maxFiles: maxFiles.value,
71
+ maxFileBytes: maxFileBytes.value,
72
+ maxFindings: maxFindings.value,
73
+ error: formatCliOptionParseError(parsed.error, lang),
74
+ };
75
+ }
76
+ for (const candidate of [maxFiles, maxFileBytes, maxFindings]) {
77
+ if (candidate.error) {
78
+ return {
79
+ action,
80
+ json,
81
+ paths: parsed.positionals,
82
+ maxFiles: maxFiles.value,
83
+ maxFileBytes: maxFileBytes.value,
84
+ maxFindings: maxFindings.value,
85
+ error: candidate.error,
86
+ };
87
+ }
88
+ }
89
+ return {
90
+ action,
91
+ json,
92
+ paths: parsed.positionals,
93
+ maxFiles: maxFiles.value,
94
+ maxFileBytes: maxFileBytes.value,
95
+ maxFindings: maxFindings.value,
96
+ };
97
+ }
98
+ function renderSecretRiskScanSummary(report, lang) {
99
+ const lines = [
100
+ t(lang, 'secretRiskScan.title'),
101
+ `${t(lang, 'scriptPack.label.script')}: ${SECRET_RISK_SCAN_SCRIPT_REF}`,
102
+ `${t(lang, 'label.status')}: ${report.status}`,
103
+ `${t(lang, 'secretRiskScan.label.files')}: ${report.summary.file_count}`,
104
+ `${t(lang, 'secretRiskScan.label.findings')}: ${report.summary.finding_count}`,
105
+ `${t(lang, 'secretRiskScan.label.highOrCritical')}: ${report.summary.high_or_critical_count}`,
106
+ `${t(lang, 'secretRiskScan.label.skippedSecretFiles')}: ${report.summary.skipped_secret_file_count}`,
107
+ `${t(lang, 'secretRiskScan.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
108
+ ];
109
+ if (report.findings.length > 0) {
110
+ lines.push(t(lang, 'secretRiskScan.label.findings'));
111
+ for (const finding of report.findings.slice(0, 40)) {
112
+ const line = finding.line ? `:${finding.line}` : '';
113
+ const detector = finding.detector ? ` ${finding.detector}` : '';
114
+ lines.push(`- ${finding.path}${line}: ${finding.code}${detector} (${finding.message})`);
115
+ }
116
+ }
117
+ if (report.issues.length > 0) {
118
+ lines.push(t(lang, 'secretRiskScan.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
119
+ }
120
+ if (report.findings.length === 0 && report.issues.length === 0) {
121
+ lines.push(t(lang, 'secretRiskScan.clean'));
122
+ }
123
+ return lines.join('\n');
124
+ }
125
+ export function runRepoSecretRiskScanScript(args, reporter, lang = 'en') {
126
+ if (hasCliOptionToken(args, '--help', ['-h'])) {
127
+ reporter.stdout(getRepoSecretRiskScanHelp(lang));
128
+ return 0;
129
+ }
130
+ const options = parseSecretRiskScanOptions(args, lang);
131
+ if (options.error) {
132
+ printUsageError(reporter, options.error, 'mf script-pack run repo/secret-risk-scan --help', getRepoSecretRiskScanHelp(lang), lang);
133
+ return 1;
134
+ }
135
+ const report = inspectSecretRiskScan(resolveMustflowRoot(), {
136
+ paths: options.paths,
137
+ maxFiles: options.maxFiles ?? undefined,
138
+ maxFileBytes: options.maxFileBytes ?? undefined,
139
+ maxFindings: options.maxFindings ?? undefined,
140
+ });
141
+ if (options.json) {
142
+ reporter.stdout(JSON.stringify(report, null, 2));
143
+ return report.ok ? 0 : 1;
144
+ }
145
+ reporter.stdout(renderSecretRiskScanSummary(report, lang));
146
+ return report.ok ? 0 : 1;
147
+ }