mustflow 2.84.0 → 2.99.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -2
- package/dist/cli/commands/script-pack.js +14 -0
- package/dist/cli/i18n/en.js +262 -0
- package/dist/cli/i18n/es.js +262 -0
- package/dist/cli/i18n/fr.js +262 -0
- package/dist/cli/i18n/hi.js +262 -0
- package/dist/cli/i18n/ko.js +262 -0
- package/dist/cli/i18n/zh.js +262 -0
- package/dist/cli/lib/repo-map.js +27 -6
- package/dist/cli/lib/run-root-trust.js +15 -1
- package/dist/cli/lib/script-pack-registry.js +397 -0
- package/dist/cli/lib/validation/index.js +2 -2
- package/dist/cli/lib/validation/primitives.js +4 -1
- package/dist/cli/script-packs/code-change-impact.js +178 -0
- package/dist/cli/script-packs/code-dependency-graph.js +181 -0
- package/dist/cli/script-packs/code-import-cycle.js +193 -0
- package/dist/cli/script-packs/docs-link-integrity.js +145 -0
- package/dist/cli/script-packs/repo-approval-gate.js +100 -0
- package/dist/cli/script-packs/repo-env-contract.js +156 -0
- package/dist/cli/script-packs/repo-git-ignore-audit.js +119 -0
- package/dist/cli/script-packs/repo-manifest-lock-drift.js +122 -0
- package/dist/cli/script-packs/repo-merge-conflict-scan.js +123 -0
- package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
- package/dist/cli/script-packs/repo-skill-route-audit.js +86 -0
- package/dist/cli/script-packs/repo-version-source.js +92 -0
- package/dist/cli/script-packs/test-performance-report.js +247 -0
- package/dist/cli/script-packs/test-regression-selector.js +167 -0
- package/dist/core/change-impact.js +355 -0
- package/dist/core/change-surface-classification.js +198 -0
- package/dist/core/change-verification.js +32 -5
- package/dist/core/config-loading.js +121 -4
- package/dist/core/dependency-graph.js +490 -0
- package/dist/core/docs-link-integrity.js +443 -0
- package/dist/core/env-contract.js +450 -0
- package/dist/core/import-cycle.js +152 -0
- package/dist/core/line-endings.js +26 -13
- package/dist/core/public-json-contracts.js +167 -0
- package/dist/core/repo-approval-gate.js +116 -0
- package/dist/core/repo-git-ignore-audit.js +302 -0
- package/dist/core/repo-manifest-lock-drift.js +321 -0
- package/dist/core/repo-merge-conflict-scan.js +335 -0
- package/dist/core/repo-version-source.js +82 -0
- package/dist/core/route-outline.js +57 -5
- package/dist/core/script-pack-suggestions.js +97 -1
- package/dist/core/secret-risk-scan.js +440 -0
- package/dist/core/skill-route-audit.js +354 -0
- package/dist/core/test-performance-report.js +697 -0
- package/dist/core/test-regression-selector.js +335 -0
- package/package.json +1 -1
- package/schemas/README.md +54 -0
- package/schemas/change-impact-report.schema.json +184 -0
- package/schemas/commands.schema.json +12 -0
- package/schemas/dependency-graph-report.schema.json +149 -0
- package/schemas/env-contract-report.schema.json +203 -0
- package/schemas/import-cycle-report.schema.json +157 -0
- package/schemas/link-integrity-report.schema.json +176 -0
- package/schemas/repo-approval-gate-report.schema.json +115 -0
- package/schemas/repo-git-ignore-audit-report.schema.json +201 -0
- package/schemas/repo-manifest-lock-drift-report.schema.json +202 -0
- package/schemas/repo-merge-conflict-scan-report.schema.json +169 -0
- package/schemas/repo-version-source-report.schema.json +127 -0
- package/schemas/secret-risk-scan-report.schema.json +152 -0
- package/schemas/skill-route-audit-report.schema.json +144 -0
- package/schemas/test-performance-report.schema.json +319 -0
- package/schemas/test-regression-selector-report.schema.json +187 -0
- package/templates/default/i18n.toml +80 -26
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +51 -9
- package/templates/default/locales/en/.mustflow/skills/api-access-control-review/SKILL.md +48 -27
- package/templates/default/locales/en/.mustflow/skills/api-failure-triage/SKILL.md +270 -0
- package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
- package/templates/default/locales/en/.mustflow/skills/auth-flow-triage/SKILL.md +192 -0
- package/templates/default/locales/en/.mustflow/skills/auth-permission-change/SKILL.md +59 -13
- package/templates/default/locales/en/.mustflow/skills/backend-log-evidence-review/SKILL.md +14 -5
- package/templates/default/locales/en/.mustflow/skills/cache-integrity-review/SKILL.md +30 -15
- package/templates/default/locales/en/.mustflow/skills/change-blast-radius-review/SKILL.md +45 -32
- package/templates/default/locales/en/.mustflow/skills/ci-pipeline-triage/SKILL.md +200 -0
- package/templates/default/locales/en/.mustflow/skills/clarifying-question-gate/SKILL.md +87 -13
- package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +23 -8
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/docker-runtime-triage/SKILL.md +191 -0
- package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
- package/templates/default/locales/en/.mustflow/skills/go-code-change/SKILL.md +18 -13
- package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
- package/templates/default/locales/en/.mustflow/skills/line-ending-hygiene/SKILL.md +18 -10
- package/templates/default/locales/en/.mustflow/skills/llm-hallucination-control-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/motion-system-contract-review/SKILL.md +155 -0
- package/templates/default/locales/en/.mustflow/skills/next-action-menu/SKILL.md +177 -0
- package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
- package/templates/default/locales/en/.mustflow/skills/observability-debuggability-review/SKILL.md +15 -7
- package/templates/default/locales/en/.mustflow/skills/payment-integrity-review/SKILL.md +59 -35
- package/templates/default/locales/en/.mustflow/skills/powershell-code-change/SKILL.md +16 -6
- package/templates/default/locales/en/.mustflow/skills/prompt-contract-quality-review/SKILL.md +4 -1
- package/templates/default/locales/en/.mustflow/skills/python-code-change/SKILL.md +19 -10
- package/templates/default/locales/en/.mustflow/skills/rag-pipeline-triage/SKILL.md +206 -0
- package/templates/default/locales/en/.mustflow/skills/routes.toml +69 -9
- package/templates/default/locales/en/.mustflow/skills/rust-code-change/SKILL.md +10 -4
- package/templates/default/locales/en/.mustflow/skills/search-index-integrity-review/SKILL.md +181 -0
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/service-boundary-architecture/SKILL.md +37 -23
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +323 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +18 -10
- package/templates/default/locales/en/.mustflow/skills/vector-search-integrity-review/SKILL.md +209 -0
- package/templates/default/locales/en/.mustflow/skills/version-freshness-check/SKILL.md +16 -14
- package/templates/default/manifest.toml +71 -1
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { ENV_CONTRACT_SCRIPT_REF, inspectEnvContract } from '../../core/env-contract.js';
|
|
6
|
+
const ENV_CONTRACT_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
{ name: '--max-keys', kind: 'string' },
|
|
11
|
+
];
|
|
12
|
+
function parsePositiveInteger(value, option, lang) {
|
|
13
|
+
if (value === null) {
|
|
14
|
+
return { value: null };
|
|
15
|
+
}
|
|
16
|
+
if (!/^[1-9]\d*$/u.test(value)) {
|
|
17
|
+
return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
|
|
18
|
+
}
|
|
19
|
+
const parsed = Number(value);
|
|
20
|
+
if (!Number.isSafeInteger(parsed)) {
|
|
21
|
+
return { value: null, error: t(lang, 'envContract.error.invalidPositiveInteger', { option, value }) };
|
|
22
|
+
}
|
|
23
|
+
return { value: parsed };
|
|
24
|
+
}
|
|
25
|
+
export function getRepoEnvContractHelp(lang = 'en') {
|
|
26
|
+
return renderHelp({
|
|
27
|
+
usage: 'mf script-pack run repo/env-contract scan [path...] [options]',
|
|
28
|
+
summary: t(lang, 'envContract.help.summary'),
|
|
29
|
+
options: [
|
|
30
|
+
{ label: '--max-files <count>', description: t(lang, 'envContract.help.option.maxFiles') },
|
|
31
|
+
{ label: '--max-file-bytes <bytes>', description: t(lang, 'envContract.help.option.maxFileBytes') },
|
|
32
|
+
{ label: '--max-keys <count>', description: t(lang, 'envContract.help.option.maxKeys') },
|
|
33
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
34
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
35
|
+
],
|
|
36
|
+
examples: [
|
|
37
|
+
'mf script-pack run repo/env-contract scan --json',
|
|
38
|
+
'mf script-pack run repo/env-contract scan src .env.example --json',
|
|
39
|
+
'mf script-pack run repo/env-contract scan .github/workflows README.md --max-keys 120 --json',
|
|
40
|
+
],
|
|
41
|
+
exitCodes: [
|
|
42
|
+
{ label: '0', description: t(lang, 'envContract.help.exit.ok') },
|
|
43
|
+
{ label: '1', description: t(lang, 'envContract.help.exit.fail') },
|
|
44
|
+
],
|
|
45
|
+
}, lang);
|
|
46
|
+
}
|
|
47
|
+
function parseEnvContractOptions(args, lang) {
|
|
48
|
+
const [action, ...rest] = args;
|
|
49
|
+
const parsed = parseCliOptions(rest, ENV_CONTRACT_OPTIONS, { allowPositionals: true });
|
|
50
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
51
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
|
|
52
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
|
|
53
|
+
const maxKeys = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-keys'), '--max-keys', lang);
|
|
54
|
+
if (action !== 'scan') {
|
|
55
|
+
return {
|
|
56
|
+
action: 'scan',
|
|
57
|
+
json,
|
|
58
|
+
paths: parsed.positionals,
|
|
59
|
+
maxFiles: maxFiles.value,
|
|
60
|
+
maxFileBytes: maxFileBytes.value,
|
|
61
|
+
maxKeys: maxKeys.value,
|
|
62
|
+
error: action ? t(lang, 'envContract.error.unknownAction', { action }) : t(lang, 'envContract.error.missingAction'),
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
if (parsed.error) {
|
|
66
|
+
return {
|
|
67
|
+
action,
|
|
68
|
+
json,
|
|
69
|
+
paths: parsed.positionals,
|
|
70
|
+
maxFiles: maxFiles.value,
|
|
71
|
+
maxFileBytes: maxFileBytes.value,
|
|
72
|
+
maxKeys: maxKeys.value,
|
|
73
|
+
error: formatCliOptionParseError(parsed.error, lang),
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
for (const candidate of [maxFiles, maxFileBytes, maxKeys]) {
|
|
77
|
+
if (candidate.error) {
|
|
78
|
+
return {
|
|
79
|
+
action,
|
|
80
|
+
json,
|
|
81
|
+
paths: parsed.positionals,
|
|
82
|
+
maxFiles: maxFiles.value,
|
|
83
|
+
maxFileBytes: maxFileBytes.value,
|
|
84
|
+
maxKeys: maxKeys.value,
|
|
85
|
+
error: candidate.error,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return {
|
|
90
|
+
action,
|
|
91
|
+
json,
|
|
92
|
+
paths: parsed.positionals,
|
|
93
|
+
maxFiles: maxFiles.value,
|
|
94
|
+
maxFileBytes: maxFileBytes.value,
|
|
95
|
+
maxKeys: maxKeys.value,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
function renderEnvContractSummary(report, lang) {
|
|
99
|
+
const lines = [
|
|
100
|
+
t(lang, 'envContract.title'),
|
|
101
|
+
`${t(lang, 'scriptPack.label.script')}: ${ENV_CONTRACT_SCRIPT_REF}`,
|
|
102
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
103
|
+
`${t(lang, 'envContract.label.files')}: ${report.summary.file_count}`,
|
|
104
|
+
`${t(lang, 'envContract.label.keys')}: ${report.summary.key_count}`,
|
|
105
|
+
`${t(lang, 'envContract.label.findings')}: ${report.findings.length}`,
|
|
106
|
+
`${t(lang, 'envContract.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
107
|
+
];
|
|
108
|
+
for (const entry of report.keys.slice(0, 40)) {
|
|
109
|
+
const flags = [
|
|
110
|
+
entry.used_in_code ? 'code' : null,
|
|
111
|
+
entry.declared_in_example ? 'example' : null,
|
|
112
|
+
entry.documented ? 'docs' : null,
|
|
113
|
+
entry.referenced_in_ci ? 'ci' : null,
|
|
114
|
+
entry.secret_like ? 'secret-like' : null,
|
|
115
|
+
entry.public_like ? 'public-like' : null,
|
|
116
|
+
].filter((flag) => flag !== null);
|
|
117
|
+
lines.push(`- ${entry.key}: ${flags.join(', ') || t(lang, 'value.none')} (${entry.source_count})`);
|
|
118
|
+
}
|
|
119
|
+
if (report.findings.length > 0) {
|
|
120
|
+
lines.push(t(lang, 'envContract.label.findings'));
|
|
121
|
+
for (const finding of report.findings.slice(0, 40)) {
|
|
122
|
+
const key = finding.key ? ` ${finding.key}` : '';
|
|
123
|
+
lines.push(`- ${finding.path}:${key} ${finding.code} (${finding.message})`);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
if (report.issues.length > 0) {
|
|
127
|
+
lines.push(t(lang, 'envContract.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
128
|
+
}
|
|
129
|
+
if (report.keys.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
|
|
130
|
+
lines.push(t(lang, 'envContract.clean'));
|
|
131
|
+
}
|
|
132
|
+
return lines.join('\n');
|
|
133
|
+
}
|
|
134
|
+
export function runRepoEnvContractScript(args, reporter, lang = 'en') {
|
|
135
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
136
|
+
reporter.stdout(getRepoEnvContractHelp(lang));
|
|
137
|
+
return 0;
|
|
138
|
+
}
|
|
139
|
+
const options = parseEnvContractOptions(args, lang);
|
|
140
|
+
if (options.error) {
|
|
141
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/env-contract --help', getRepoEnvContractHelp(lang), lang);
|
|
142
|
+
return 1;
|
|
143
|
+
}
|
|
144
|
+
const report = inspectEnvContract(resolveMustflowRoot(), {
|
|
145
|
+
paths: options.paths,
|
|
146
|
+
maxFiles: options.maxFiles ?? undefined,
|
|
147
|
+
maxFileBytes: options.maxFileBytes ?? undefined,
|
|
148
|
+
maxKeys: options.maxKeys ?? undefined,
|
|
149
|
+
});
|
|
150
|
+
if (options.json) {
|
|
151
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
152
|
+
return report.ok ? 0 : 1;
|
|
153
|
+
}
|
|
154
|
+
reporter.stdout(renderEnvContractSummary(report, lang));
|
|
155
|
+
return report.ok ? 0 : 1;
|
|
156
|
+
}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { auditRepoGitIgnore, REPO_GIT_IGNORE_AUDIT_SCRIPT_REF, } from '../../core/repo-git-ignore-audit.js';
|
|
6
|
+
const REPO_GIT_IGNORE_AUDIT_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-paths', kind: 'string' },
|
|
9
|
+
];
|
|
10
|
+
export function getRepoGitIgnoreAuditHelp(lang = 'en') {
|
|
11
|
+
return renderHelp({
|
|
12
|
+
usage: 'mf script-pack run repo/git-ignore-audit audit [path...] [options]',
|
|
13
|
+
summary: t(lang, 'gitIgnoreAudit.help.summary'),
|
|
14
|
+
options: [
|
|
15
|
+
{ label: '--max-paths <n>', description: t(lang, 'gitIgnoreAudit.help.option.maxPaths') },
|
|
16
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
17
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
18
|
+
],
|
|
19
|
+
examples: [
|
|
20
|
+
'mf script-pack run repo/git-ignore-audit audit --json',
|
|
21
|
+
'mf script-pack run repo/git-ignore-audit audit .env.local dist/app.js --json',
|
|
22
|
+
],
|
|
23
|
+
exitCodes: [
|
|
24
|
+
{ label: '0', description: t(lang, 'gitIgnoreAudit.help.exit.ok') },
|
|
25
|
+
{ label: '1', description: t(lang, 'gitIgnoreAudit.help.exit.fail') },
|
|
26
|
+
],
|
|
27
|
+
}, lang);
|
|
28
|
+
}
|
|
29
|
+
function parsePositiveInteger(value, label, lang) {
|
|
30
|
+
if (value === undefined) {
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
const parsed = Number(value);
|
|
34
|
+
if (!Number.isInteger(parsed) || parsed <= 0) {
|
|
35
|
+
return t(lang, 'gitIgnoreAudit.error.invalidPositiveInteger', { option: label });
|
|
36
|
+
}
|
|
37
|
+
return parsed;
|
|
38
|
+
}
|
|
39
|
+
function parseRepoGitIgnoreAuditOptions(args, lang) {
|
|
40
|
+
const [action, ...rest] = args;
|
|
41
|
+
const parsed = parseCliOptions(rest, REPO_GIT_IGNORE_AUDIT_OPTIONS, { allowPositionals: true });
|
|
42
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
43
|
+
if (action !== 'audit') {
|
|
44
|
+
return {
|
|
45
|
+
action: 'audit',
|
|
46
|
+
paths: parsed.positionals,
|
|
47
|
+
json,
|
|
48
|
+
error: action
|
|
49
|
+
? t(lang, 'gitIgnoreAudit.error.unknownAction', { action })
|
|
50
|
+
: t(lang, 'gitIgnoreAudit.error.missingAction'),
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
if (parsed.error) {
|
|
54
|
+
return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
|
|
55
|
+
}
|
|
56
|
+
const maxPaths = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-paths') ?? undefined, '--max-paths', lang);
|
|
57
|
+
if (typeof maxPaths === 'string') {
|
|
58
|
+
return { action, paths: parsed.positionals, json, error: maxPaths };
|
|
59
|
+
}
|
|
60
|
+
return {
|
|
61
|
+
action,
|
|
62
|
+
paths: parsed.positionals,
|
|
63
|
+
json,
|
|
64
|
+
maxPaths,
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
function renderRepoGitIgnoreAuditSummary(report, lang) {
|
|
68
|
+
const lines = [
|
|
69
|
+
t(lang, 'gitIgnoreAudit.title'),
|
|
70
|
+
`${t(lang, 'scriptPack.label.script')}: ${REPO_GIT_IGNORE_AUDIT_SCRIPT_REF}`,
|
|
71
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
72
|
+
`${t(lang, 'gitIgnoreAudit.label.pathsChecked')}: ${report.summary.paths_checked}`,
|
|
73
|
+
`${t(lang, 'gitIgnoreAudit.label.ignoredPaths')}: ${report.summary.ignored_paths}`,
|
|
74
|
+
`${t(lang, 'gitIgnoreAudit.label.ignoreSources')}: ${report.summary.ignore_sources}`,
|
|
75
|
+
];
|
|
76
|
+
if (report.paths.length > 0) {
|
|
77
|
+
lines.push(t(lang, 'gitIgnoreAudit.label.paths'));
|
|
78
|
+
for (const entry of report.paths) {
|
|
79
|
+
const evidence = entry.source_path && entry.source_line
|
|
80
|
+
? ` (${entry.source_path}:${entry.source_line} ${entry.pattern ?? ''})`
|
|
81
|
+
: '';
|
|
82
|
+
lines.push(`- ${entry.path}: ${entry.status}${evidence}`);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
if (report.findings.length > 0) {
|
|
86
|
+
lines.push(t(lang, 'gitIgnoreAudit.label.findings'));
|
|
87
|
+
for (const finding of report.findings) {
|
|
88
|
+
lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
if (report.issues.length > 0) {
|
|
92
|
+
lines.push(t(lang, 'gitIgnoreAudit.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
93
|
+
}
|
|
94
|
+
if (report.paths.length === 0 && report.findings.length === 0 && report.issues.length === 0) {
|
|
95
|
+
lines.push(t(lang, 'gitIgnoreAudit.clean'));
|
|
96
|
+
}
|
|
97
|
+
return lines.join('\n');
|
|
98
|
+
}
|
|
99
|
+
export function runRepoGitIgnoreAuditScript(args, reporter, lang = 'en') {
|
|
100
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
101
|
+
reporter.stdout(getRepoGitIgnoreAuditHelp(lang));
|
|
102
|
+
return 0;
|
|
103
|
+
}
|
|
104
|
+
const options = parseRepoGitIgnoreAuditOptions(args, lang);
|
|
105
|
+
if (options.error) {
|
|
106
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/git-ignore-audit --help', getRepoGitIgnoreAuditHelp(lang), lang);
|
|
107
|
+
return 1;
|
|
108
|
+
}
|
|
109
|
+
const report = auditRepoGitIgnore(resolveMustflowRoot(), {
|
|
110
|
+
paths: options.paths,
|
|
111
|
+
maxPaths: options.maxPaths,
|
|
112
|
+
});
|
|
113
|
+
if (options.json) {
|
|
114
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
115
|
+
return report.ok ? 0 : 1;
|
|
116
|
+
}
|
|
117
|
+
reporter.stdout(renderRepoGitIgnoreAuditSummary(report, lang));
|
|
118
|
+
return report.ok ? 0 : 1;
|
|
119
|
+
}
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { checkRepoManifestLockDrift, REPO_MANIFEST_LOCK_DRIFT_SCRIPT_REF, } from '../../core/repo-manifest-lock-drift.js';
|
|
6
|
+
const REPO_MANIFEST_LOCK_DRIFT_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-entries', kind: 'string' },
|
|
9
|
+
];
|
|
10
|
+
export function getRepoManifestLockDriftHelp(lang = 'en') {
|
|
11
|
+
return renderHelp({
|
|
12
|
+
usage: 'mf script-pack run repo/manifest-lock-drift check [path...] [options]',
|
|
13
|
+
summary: t(lang, 'manifestLockDrift.help.summary'),
|
|
14
|
+
options: [
|
|
15
|
+
{ label: '--max-entries <n>', description: t(lang, 'manifestLockDrift.help.option.maxEntries') },
|
|
16
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
17
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
18
|
+
],
|
|
19
|
+
examples: [
|
|
20
|
+
'mf script-pack run repo/manifest-lock-drift check --json',
|
|
21
|
+
'mf script-pack run repo/manifest-lock-drift check AGENTS.md .mustflow/config/commands.toml --json',
|
|
22
|
+
],
|
|
23
|
+
exitCodes: [
|
|
24
|
+
{ label: '0', description: t(lang, 'manifestLockDrift.help.exit.ok') },
|
|
25
|
+
{ label: '1', description: t(lang, 'manifestLockDrift.help.exit.fail') },
|
|
26
|
+
],
|
|
27
|
+
}, lang);
|
|
28
|
+
}
|
|
29
|
+
function parsePositiveInteger(value, label, lang) {
|
|
30
|
+
if (value === undefined) {
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
const parsed = Number(value);
|
|
34
|
+
if (!Number.isInteger(parsed) || parsed <= 0) {
|
|
35
|
+
return t(lang, 'manifestLockDrift.error.invalidPositiveInteger', { option: label });
|
|
36
|
+
}
|
|
37
|
+
return parsed;
|
|
38
|
+
}
|
|
39
|
+
function parseRepoManifestLockDriftOptions(args, lang) {
|
|
40
|
+
const [action, ...rest] = args;
|
|
41
|
+
const parsed = parseCliOptions(rest, REPO_MANIFEST_LOCK_DRIFT_OPTIONS, { allowPositionals: true });
|
|
42
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
43
|
+
if (action !== 'check') {
|
|
44
|
+
return {
|
|
45
|
+
action: 'check',
|
|
46
|
+
paths: parsed.positionals,
|
|
47
|
+
json,
|
|
48
|
+
error: action
|
|
49
|
+
? t(lang, 'manifestLockDrift.error.unknownAction', { action })
|
|
50
|
+
: t(lang, 'manifestLockDrift.error.missingAction'),
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
if (parsed.error) {
|
|
54
|
+
return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
|
|
55
|
+
}
|
|
56
|
+
const maxEntries = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-entries') ?? undefined, '--max-entries', lang);
|
|
57
|
+
if (typeof maxEntries === 'string') {
|
|
58
|
+
return { action, paths: parsed.positionals, json, error: maxEntries };
|
|
59
|
+
}
|
|
60
|
+
return {
|
|
61
|
+
action,
|
|
62
|
+
paths: parsed.positionals,
|
|
63
|
+
json,
|
|
64
|
+
maxEntries,
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
function renderRepoManifestLockDriftSummary(report, lang) {
|
|
68
|
+
const lines = [
|
|
69
|
+
t(lang, 'manifestLockDrift.title'),
|
|
70
|
+
`${t(lang, 'scriptPack.label.script')}: ${REPO_MANIFEST_LOCK_DRIFT_SCRIPT_REF}`,
|
|
71
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
72
|
+
`${t(lang, 'manifestLockDrift.label.entriesChecked')}: ${report.summary.entries_checked}`,
|
|
73
|
+
`${t(lang, 'manifestLockDrift.label.hashMismatches')}: ${report.summary.hash_mismatches}`,
|
|
74
|
+
`${t(lang, 'manifestLockDrift.label.missingEntries')}: ${report.summary.missing_entries}`,
|
|
75
|
+
];
|
|
76
|
+
if (report.entries.length > 0) {
|
|
77
|
+
lines.push(t(lang, 'manifestLockDrift.label.entries'));
|
|
78
|
+
for (const entry of report.entries) {
|
|
79
|
+
if (entry.status === 'skipped') {
|
|
80
|
+
continue;
|
|
81
|
+
}
|
|
82
|
+
const evidence = entry.lock_hash && entry.actual_hash && entry.lock_hash !== entry.actual_hash
|
|
83
|
+
? ` (${entry.lock_hash} != ${entry.actual_hash})`
|
|
84
|
+
: '';
|
|
85
|
+
lines.push(`- ${entry.path}: ${entry.status}${evidence}`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
if (report.findings.length > 0) {
|
|
89
|
+
lines.push(t(lang, 'manifestLockDrift.label.findings'));
|
|
90
|
+
for (const finding of report.findings) {
|
|
91
|
+
lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
if (report.issues.length > 0) {
|
|
95
|
+
lines.push(t(lang, 'manifestLockDrift.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
96
|
+
}
|
|
97
|
+
if (report.findings.length === 0 && report.issues.length === 0) {
|
|
98
|
+
lines.push(t(lang, 'manifestLockDrift.clean'));
|
|
99
|
+
}
|
|
100
|
+
return lines.join('\n');
|
|
101
|
+
}
|
|
102
|
+
export function runRepoManifestLockDriftScript(args, reporter, lang = 'en') {
|
|
103
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
104
|
+
reporter.stdout(getRepoManifestLockDriftHelp(lang));
|
|
105
|
+
return 0;
|
|
106
|
+
}
|
|
107
|
+
const options = parseRepoManifestLockDriftOptions(args, lang);
|
|
108
|
+
if (options.error) {
|
|
109
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/manifest-lock-drift --help', getRepoManifestLockDriftHelp(lang), lang);
|
|
110
|
+
return 1;
|
|
111
|
+
}
|
|
112
|
+
const report = checkRepoManifestLockDrift(resolveMustflowRoot(), {
|
|
113
|
+
paths: options.paths,
|
|
114
|
+
maxEntries: options.maxEntries,
|
|
115
|
+
});
|
|
116
|
+
if (options.json) {
|
|
117
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
118
|
+
return report.ok ? 0 : 1;
|
|
119
|
+
}
|
|
120
|
+
reporter.stdout(renderRepoManifestLockDriftSummary(report, lang));
|
|
121
|
+
return report.ok ? 0 : 1;
|
|
122
|
+
}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { checkRepoMergeConflictScan, REPO_MERGE_CONFLICT_SCAN_SCRIPT_REF, } from '../../core/repo-merge-conflict-scan.js';
|
|
6
|
+
const REPO_MERGE_CONFLICT_SCAN_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
];
|
|
11
|
+
export function getRepoMergeConflictScanHelp(lang = 'en') {
|
|
12
|
+
return renderHelp({
|
|
13
|
+
usage: 'mf script-pack run repo/merge-conflict-scan check [path...] [options]',
|
|
14
|
+
summary: t(lang, 'mergeConflictScan.help.summary'),
|
|
15
|
+
options: [
|
|
16
|
+
{ label: '--max-files <n>', description: t(lang, 'mergeConflictScan.help.option.maxFiles') },
|
|
17
|
+
{ label: '--max-file-bytes <n>', description: t(lang, 'mergeConflictScan.help.option.maxFileBytes') },
|
|
18
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
19
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
20
|
+
],
|
|
21
|
+
examples: [
|
|
22
|
+
'mf script-pack run repo/merge-conflict-scan check --json',
|
|
23
|
+
'mf script-pack run repo/merge-conflict-scan check src README.md --json',
|
|
24
|
+
],
|
|
25
|
+
exitCodes: [
|
|
26
|
+
{ label: '0', description: t(lang, 'mergeConflictScan.help.exit.ok') },
|
|
27
|
+
{ label: '1', description: t(lang, 'mergeConflictScan.help.exit.fail') },
|
|
28
|
+
],
|
|
29
|
+
}, lang);
|
|
30
|
+
}
|
|
31
|
+
function parsePositiveInteger(value, label, lang) {
|
|
32
|
+
if (value === undefined) {
|
|
33
|
+
return undefined;
|
|
34
|
+
}
|
|
35
|
+
const parsed = Number(value);
|
|
36
|
+
if (!Number.isInteger(parsed) || parsed <= 0) {
|
|
37
|
+
return t(lang, 'mergeConflictScan.error.invalidPositiveInteger', { option: label });
|
|
38
|
+
}
|
|
39
|
+
return parsed;
|
|
40
|
+
}
|
|
41
|
+
function parseRepoMergeConflictScanOptions(args, lang) {
|
|
42
|
+
const [action, ...rest] = args;
|
|
43
|
+
const parsed = parseCliOptions(rest, REPO_MERGE_CONFLICT_SCAN_OPTIONS, { allowPositionals: true });
|
|
44
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
45
|
+
if (action !== 'check') {
|
|
46
|
+
return {
|
|
47
|
+
action: 'check',
|
|
48
|
+
paths: parsed.positionals,
|
|
49
|
+
json,
|
|
50
|
+
error: action
|
|
51
|
+
? t(lang, 'mergeConflictScan.error.unknownAction', { action })
|
|
52
|
+
: t(lang, 'mergeConflictScan.error.missingAction'),
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
if (parsed.error) {
|
|
56
|
+
return { action, paths: parsed.positionals, json, error: formatCliOptionParseError(parsed.error, lang) };
|
|
57
|
+
}
|
|
58
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files') ?? undefined, '--max-files', lang);
|
|
59
|
+
if (typeof maxFiles === 'string') {
|
|
60
|
+
return { action, paths: parsed.positionals, json, error: maxFiles };
|
|
61
|
+
}
|
|
62
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes') ?? undefined, '--max-file-bytes', lang);
|
|
63
|
+
if (typeof maxFileBytes === 'string') {
|
|
64
|
+
return { action, paths: parsed.positionals, json, error: maxFileBytes };
|
|
65
|
+
}
|
|
66
|
+
return {
|
|
67
|
+
action,
|
|
68
|
+
paths: parsed.positionals,
|
|
69
|
+
json,
|
|
70
|
+
maxFiles,
|
|
71
|
+
maxFileBytes,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
function renderRepoMergeConflictScanSummary(report, lang) {
|
|
75
|
+
const lines = [
|
|
76
|
+
t(lang, 'mergeConflictScan.title'),
|
|
77
|
+
`${t(lang, 'scriptPack.label.script')}: ${REPO_MERGE_CONFLICT_SCAN_SCRIPT_REF}`,
|
|
78
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
79
|
+
`${t(lang, 'mergeConflictScan.label.filesChecked')}: ${report.summary.files_checked}`,
|
|
80
|
+
`${t(lang, 'mergeConflictScan.label.markersFound')}: ${report.summary.markers_found}`,
|
|
81
|
+
];
|
|
82
|
+
if (report.markers.length > 0) {
|
|
83
|
+
lines.push(t(lang, 'mergeConflictScan.label.markers'));
|
|
84
|
+
for (const marker of report.markers) {
|
|
85
|
+
lines.push(`- ${marker.path}:${marker.line}:${marker.column} ${marker.marker}`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
if (report.findings.length > 0) {
|
|
89
|
+
lines.push(t(lang, 'mergeConflictScan.label.findings'));
|
|
90
|
+
for (const finding of report.findings) {
|
|
91
|
+
lines.push(`- ${finding.path}: ${finding.code} (${finding.message})`);
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
if (report.issues.length > 0) {
|
|
95
|
+
lines.push(t(lang, 'mergeConflictScan.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
96
|
+
}
|
|
97
|
+
if (report.markers.length === 0 && report.issues.length === 0) {
|
|
98
|
+
lines.push(t(lang, 'mergeConflictScan.clean'));
|
|
99
|
+
}
|
|
100
|
+
return lines.join('\n');
|
|
101
|
+
}
|
|
102
|
+
export function runRepoMergeConflictScanScript(args, reporter, lang = 'en') {
|
|
103
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
104
|
+
reporter.stdout(getRepoMergeConflictScanHelp(lang));
|
|
105
|
+
return 0;
|
|
106
|
+
}
|
|
107
|
+
const options = parseRepoMergeConflictScanOptions(args, lang);
|
|
108
|
+
if (options.error) {
|
|
109
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/merge-conflict-scan --help', getRepoMergeConflictScanHelp(lang), lang);
|
|
110
|
+
return 1;
|
|
111
|
+
}
|
|
112
|
+
const report = checkRepoMergeConflictScan(resolveMustflowRoot(), {
|
|
113
|
+
paths: options.paths,
|
|
114
|
+
maxFiles: options.maxFiles,
|
|
115
|
+
maxFileBytes: options.maxFileBytes,
|
|
116
|
+
});
|
|
117
|
+
if (options.json) {
|
|
118
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
119
|
+
return report.ok ? 0 : 1;
|
|
120
|
+
}
|
|
121
|
+
reporter.stdout(renderRepoMergeConflictScanSummary(report, lang));
|
|
122
|
+
return report.ok ? 0 : 1;
|
|
123
|
+
}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
import { printUsageError, renderHelp } from '../lib/cli-output.js';
|
|
2
|
+
import { t } from '../lib/i18n.js';
|
|
3
|
+
import { formatCliOptionParseError, getParsedCliStringOption, hasCliOptionToken, hasParsedCliOption, parseCliOptions, } from '../lib/option-parser.js';
|
|
4
|
+
import { resolveMustflowRoot } from '../lib/project-root.js';
|
|
5
|
+
import { inspectSecretRiskScan, SECRET_RISK_SCAN_SCRIPT_REF } from '../../core/secret-risk-scan.js';
|
|
6
|
+
const SECRET_RISK_SCAN_OPTIONS = [
|
|
7
|
+
{ name: '--json', kind: 'boolean' },
|
|
8
|
+
{ name: '--max-files', kind: 'string' },
|
|
9
|
+
{ name: '--max-file-bytes', kind: 'string' },
|
|
10
|
+
{ name: '--max-findings', kind: 'string' },
|
|
11
|
+
];
|
|
12
|
+
function parsePositiveInteger(value, option, lang) {
|
|
13
|
+
if (value === null) {
|
|
14
|
+
return { value: null };
|
|
15
|
+
}
|
|
16
|
+
if (!/^[1-9]\d*$/u.test(value)) {
|
|
17
|
+
return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
|
|
18
|
+
}
|
|
19
|
+
const parsed = Number(value);
|
|
20
|
+
if (!Number.isSafeInteger(parsed)) {
|
|
21
|
+
return { value: null, error: t(lang, 'secretRiskScan.error.invalidPositiveInteger', { option, value }) };
|
|
22
|
+
}
|
|
23
|
+
return { value: parsed };
|
|
24
|
+
}
|
|
25
|
+
export function getRepoSecretRiskScanHelp(lang = 'en') {
|
|
26
|
+
return renderHelp({
|
|
27
|
+
usage: 'mf script-pack run repo/secret-risk-scan scan [path...] [options]',
|
|
28
|
+
summary: t(lang, 'secretRiskScan.help.summary'),
|
|
29
|
+
options: [
|
|
30
|
+
{ label: '--max-files <count>', description: t(lang, 'secretRiskScan.help.option.maxFiles') },
|
|
31
|
+
{ label: '--max-file-bytes <bytes>', description: t(lang, 'secretRiskScan.help.option.maxFileBytes') },
|
|
32
|
+
{ label: '--max-findings <count>', description: t(lang, 'secretRiskScan.help.option.maxFindings') },
|
|
33
|
+
{ label: '--json', description: t(lang, 'cli.option.json') },
|
|
34
|
+
{ label: '-h, --help', description: t(lang, 'cli.option.help') },
|
|
35
|
+
],
|
|
36
|
+
examples: [
|
|
37
|
+
'mf script-pack run repo/secret-risk-scan scan --json',
|
|
38
|
+
'mf script-pack run repo/secret-risk-scan scan src README.md --json',
|
|
39
|
+
'mf script-pack run repo/secret-risk-scan scan .env.example docs --max-findings 50 --json',
|
|
40
|
+
],
|
|
41
|
+
exitCodes: [
|
|
42
|
+
{ label: '0', description: t(lang, 'secretRiskScan.help.exit.ok') },
|
|
43
|
+
{ label: '1', description: t(lang, 'secretRiskScan.help.exit.fail') },
|
|
44
|
+
],
|
|
45
|
+
}, lang);
|
|
46
|
+
}
|
|
47
|
+
function parseSecretRiskScanOptions(args, lang) {
|
|
48
|
+
const [action, ...rest] = args;
|
|
49
|
+
const parsed = parseCliOptions(rest, SECRET_RISK_SCAN_OPTIONS, { allowPositionals: true });
|
|
50
|
+
const json = hasParsedCliOption(parsed, '--json');
|
|
51
|
+
const maxFiles = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-files'), '--max-files', lang);
|
|
52
|
+
const maxFileBytes = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-file-bytes'), '--max-file-bytes', lang);
|
|
53
|
+
const maxFindings = parsePositiveInteger(getParsedCliStringOption(parsed, '--max-findings'), '--max-findings', lang);
|
|
54
|
+
if (action !== 'scan') {
|
|
55
|
+
return {
|
|
56
|
+
action: 'scan',
|
|
57
|
+
json,
|
|
58
|
+
paths: parsed.positionals,
|
|
59
|
+
maxFiles: maxFiles.value,
|
|
60
|
+
maxFileBytes: maxFileBytes.value,
|
|
61
|
+
maxFindings: maxFindings.value,
|
|
62
|
+
error: action ? t(lang, 'secretRiskScan.error.unknownAction', { action }) : t(lang, 'secretRiskScan.error.missingAction'),
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
if (parsed.error) {
|
|
66
|
+
return {
|
|
67
|
+
action,
|
|
68
|
+
json,
|
|
69
|
+
paths: parsed.positionals,
|
|
70
|
+
maxFiles: maxFiles.value,
|
|
71
|
+
maxFileBytes: maxFileBytes.value,
|
|
72
|
+
maxFindings: maxFindings.value,
|
|
73
|
+
error: formatCliOptionParseError(parsed.error, lang),
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
for (const candidate of [maxFiles, maxFileBytes, maxFindings]) {
|
|
77
|
+
if (candidate.error) {
|
|
78
|
+
return {
|
|
79
|
+
action,
|
|
80
|
+
json,
|
|
81
|
+
paths: parsed.positionals,
|
|
82
|
+
maxFiles: maxFiles.value,
|
|
83
|
+
maxFileBytes: maxFileBytes.value,
|
|
84
|
+
maxFindings: maxFindings.value,
|
|
85
|
+
error: candidate.error,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return {
|
|
90
|
+
action,
|
|
91
|
+
json,
|
|
92
|
+
paths: parsed.positionals,
|
|
93
|
+
maxFiles: maxFiles.value,
|
|
94
|
+
maxFileBytes: maxFileBytes.value,
|
|
95
|
+
maxFindings: maxFindings.value,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
function renderSecretRiskScanSummary(report, lang) {
|
|
99
|
+
const lines = [
|
|
100
|
+
t(lang, 'secretRiskScan.title'),
|
|
101
|
+
`${t(lang, 'scriptPack.label.script')}: ${SECRET_RISK_SCAN_SCRIPT_REF}`,
|
|
102
|
+
`${t(lang, 'label.status')}: ${report.status}`,
|
|
103
|
+
`${t(lang, 'secretRiskScan.label.files')}: ${report.summary.file_count}`,
|
|
104
|
+
`${t(lang, 'secretRiskScan.label.findings')}: ${report.summary.finding_count}`,
|
|
105
|
+
`${t(lang, 'secretRiskScan.label.highOrCritical')}: ${report.summary.high_or_critical_count}`,
|
|
106
|
+
`${t(lang, 'secretRiskScan.label.skippedSecretFiles')}: ${report.summary.skipped_secret_file_count}`,
|
|
107
|
+
`${t(lang, 'secretRiskScan.label.truncated')}: ${report.truncated ? t(lang, 'value.yes') : t(lang, 'value.no')}`,
|
|
108
|
+
];
|
|
109
|
+
if (report.findings.length > 0) {
|
|
110
|
+
lines.push(t(lang, 'secretRiskScan.label.findings'));
|
|
111
|
+
for (const finding of report.findings.slice(0, 40)) {
|
|
112
|
+
const line = finding.line ? `:${finding.line}` : '';
|
|
113
|
+
const detector = finding.detector ? ` ${finding.detector}` : '';
|
|
114
|
+
lines.push(`- ${finding.path}${line}: ${finding.code}${detector} (${finding.message})`);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
if (report.issues.length > 0) {
|
|
118
|
+
lines.push(t(lang, 'secretRiskScan.label.issues'), ...report.issues.map((issue) => `- ${issue}`));
|
|
119
|
+
}
|
|
120
|
+
if (report.findings.length === 0 && report.issues.length === 0) {
|
|
121
|
+
lines.push(t(lang, 'secretRiskScan.clean'));
|
|
122
|
+
}
|
|
123
|
+
return lines.join('\n');
|
|
124
|
+
}
|
|
125
|
+
export function runRepoSecretRiskScanScript(args, reporter, lang = 'en') {
|
|
126
|
+
if (hasCliOptionToken(args, '--help', ['-h'])) {
|
|
127
|
+
reporter.stdout(getRepoSecretRiskScanHelp(lang));
|
|
128
|
+
return 0;
|
|
129
|
+
}
|
|
130
|
+
const options = parseSecretRiskScanOptions(args, lang);
|
|
131
|
+
if (options.error) {
|
|
132
|
+
printUsageError(reporter, options.error, 'mf script-pack run repo/secret-risk-scan --help', getRepoSecretRiskScanHelp(lang), lang);
|
|
133
|
+
return 1;
|
|
134
|
+
}
|
|
135
|
+
const report = inspectSecretRiskScan(resolveMustflowRoot(), {
|
|
136
|
+
paths: options.paths,
|
|
137
|
+
maxFiles: options.maxFiles ?? undefined,
|
|
138
|
+
maxFileBytes: options.maxFileBytes ?? undefined,
|
|
139
|
+
maxFindings: options.maxFindings ?? undefined,
|
|
140
|
+
});
|
|
141
|
+
if (options.json) {
|
|
142
|
+
reporter.stdout(JSON.stringify(report, null, 2));
|
|
143
|
+
return report.ok ? 0 : 1;
|
|
144
|
+
}
|
|
145
|
+
reporter.stdout(renderSecretRiskScanSummary(report, lang));
|
|
146
|
+
return report.ok ? 0 : 1;
|
|
147
|
+
}
|