pqm-cli 1.0.0

package/src/config/global.js

@@ -0,0 +1,136 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+export const CONFIG_DIR = path.join(os.homedir(), '.pqm');
+export const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+
+const DEFAULT_CONFIG = {
+  ai: {
+    provider: 'bailian',
+    apiKey: '',
+    model: 'qwen-turbo',
+    enabled: true
+  },
+  scan: {
+    exclude: ['node_modules', 'dist', '.git', '**/*.min.js', '**/*.map'],
+    maxFileSize: 1048576 // 1MB
+  }
+};
+
+/**
+ * Ensure config directory exists
+ */
+function ensureConfigDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+}
+
+/**
+ * Load global configuration
+ * @returns {Object} Configuration object
+ */
+export function loadGlobalConfig() {
+  ensureConfigDir();
+
+  if (fs.existsSync(CONFIG_FILE)) {
+    try {
+      const content = fs.readFileSync(CONFIG_FILE, 'utf-8');
+      const userConfig = JSON.parse(content);
+      return { ...DEFAULT_CONFIG, ...userConfig };
+    } catch (err) {
+      // Return defaults if config is corrupted
+      return { ...DEFAULT_CONFIG };
+    }
+  }
+
+  return { ...DEFAULT_CONFIG };
+}
+
+/**
+ * Save global configuration
+ * @param {Object} config - Configuration object to save
+ */
+export function saveGlobalConfig(config) {
+  ensureConfigDir();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+
+/**
+ * Get a nested configuration value
+ * @param {string} key - Dot-separated key path (e.g., 'ai.provider')
+ * @returns {*} Configuration value
+ */
+export function getGlobalConfigValue(key) {
+  const config = loadGlobalConfig();
+  const keys = key.split('.');
+  let result = config;
+
+  for (const k of keys) {
+    result = result?.[k];
+    if (result === undefined) break;
+  }
+
+  return result;
+}
+
+/**
+ * Set a nested configuration value
+ * @param {string} key - Dot-separated key path
+ * @param {*} value - Value to set
+ */
+export function setGlobalConfigValue(key, value) {
+  const config = loadGlobalConfig();
+  const keys = key.split('.');
+  let current = config;
+
+  for (let i = 0; i < keys.length - 1; i++) {
+    if (!current[keys[i]]) {
+      current[keys[i]] = {};
+    }
+    current = current[keys[i]];
+  }
+
+  current[keys[keys.length - 1]] = value;
+  saveGlobalConfig(config);
+}
+
+/**
+ * Update AI configuration
+ * @param {Object} aiConfig - AI configuration object
+ */
+export function updateAIConfig(aiConfig) {
+  const config = loadGlobalConfig();
+  config.ai = { ...config.ai, ...aiConfig };
+  saveGlobalConfig(config);
+}
+
+/**
+ * Get AI configuration
+ * @returns {Object} AI configuration
+ */
+export function getAIConfig() {
+  return loadGlobalConfig().ai;
+}
+
+/**
+ * Check if AI is configured
+ * @returns {boolean} True if API key is set
+ */
+export function isAIConfigured() {
+  const aiConfig = getAIConfig();
+  return !!(aiConfig && aiConfig.apiKey);
+}
+
+export default {
+  loadGlobalConfig,
+  saveGlobalConfig,
+  getGlobalConfigValue,
+  setGlobalConfigValue,
+  updateAIConfig,
+  getAIConfig,
+  isAIConfigured,
+  CONFIG_DIR,
+  CONFIG_FILE
+};

package/src/config/loader.js

@@ -0,0 +1,49 @@
+import fs from 'fs';
+import path from 'path';
+
+const CONFIG_FILE = '.pqmrc';
+
+const DEFAULT_CONFIG = {
+  root: './src',
+  exclude: ['node_modules', 'dist', '.git', '**/*.test.js', '**/*.spec.js'],
+  buildTool: 'auto',
+  buildMode: 'incremental',
+  buildOnStart: true,
+  webhook: {
+    enabled: false,
+    port: 3200
+  },
+  log: {
+    level: 'info',
+    file: '.pqm/pqm.log'
+  }
+};
+
+export function loadConfig() {
+  const configPath = path.resolve(process.cwd(), CONFIG_FILE);
+
+  if (fs.existsSync(configPath)) {
+    try {
+      const userConfig = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+      return { ...DEFAULT_CONFIG, ...userConfig };
+    } catch (err) {
+      console.warn('Failed to parse .pqmrc, using defaults');
+    }
+  }
+
+  return DEFAULT_CONFIG;
+}
+
+export function detectProjectType() {
+  const cwd = process.cwd();
+  const indicators = {
+    typescript: fs.existsSync(path.join(cwd, 'tsconfig.json')),
+    vite: fs.existsSync(path.join(cwd, 'vite.config.js')) ||
+          fs.existsSync(path.join(cwd, 'vite.config.ts')),
+    rollup: fs.existsSync(path.join(cwd, 'rollup.config.js')) ||
+            fs.existsSync(path.join(cwd, 'rollup.config.mjs')),
+    node: fs.existsSync(path.join(cwd, 'package.json'))
+  };
+
+  return indicators;
+}

package/src/core/builder.js

@@ -0,0 +1,88 @@
+import { spawn } from 'child_process';
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { logger } from '../utils/logger.js';
+
+export async function buildProject(options = {}) {
+  const { tool = 'auto', mode = 'production' } = options;
+
+  // Detect build tool
+  const buildTool = tool === 'auto' ? detectBuildTool() : tool;
+
+  if (!buildTool) {
+    throw new Error('No build tool detected. Please install vite or rollup.');
+  }
+
+  logger.info(`Using ${buildTool} for build (${mode})`);
+
+  switch (buildTool) {
+    case 'vite':
+      return runViteBuild(mode);
+    case 'rollup':
+      return runRollupBuild(mode);
+    default:
+      throw new Error(`Unknown build tool: ${buildTool}`);
+  }
+}
+
+function detectBuildTool() {
+  const cwd = process.cwd();
+
+  // Check for vite config
+  if (existsSync(join(cwd, 'vite.config.js')) ||
+      existsSync(join(cwd, 'vite.config.ts'))) {
+    return 'vite';
+  }
+
+  // Check for rollup config
+  if (existsSync(join(cwd, 'rollup.config.js')) ||
+      existsSync(join(cwd, 'rollup.config.mjs'))) {
+    return 'rollup';
+  }
+
+  // Check package.json for vite/rollup
+  try {
+    const pkgPath = join(cwd, 'package.json');
+    const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+    if (pkg.devDependencies?.vite || pkg.dependencies?.vite) {
+      return 'vite';
+    }
+    if (pkg.devDependencies?.rollup || pkg.dependencies?.rollup) {
+      return 'rollup';
+    }
+  } catch {
+    // Ignore
+  }
+
+  return null;
+}
+
+function runViteBuild(mode) {
+  return runCommand('npx', ['vite', 'build', '--mode', mode === 'production' ? 'production' : 'development']);
+}
+
+function runRollupBuild(mode) {
+  return runCommand('npx', ['rollup', '-c']);
+}
+
+function runCommand(cmd, args) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(cmd, args, {
+      cwd: process.cwd(),
+      stdio: 'inherit',
+      shell: true
+    });
+
+    child.on('close', (code) => {
+      if (code === 0) {
+        resolve();
+      } else {
+        reject(new Error(`Build failed with code ${code}`));
+      }
+    });
+
+    child.on('error', (err) => {
+      reject(err);
+    });
+  });
+}

package/src/index.js

@@ -0,0 +1,5 @@
+// Core module exports
+export { loadConfig } from './config/loader.js';
+export { detectProjectConfig, autoDetectConfig } from './config/detector.js';
+export { buildProject } from './core/builder.js';
+export { logger, formatTimestamp, logWithTime } from './utils/logger.js';

package/src/logs/build.js

@@ -0,0 +1,47 @@
+import LogManager from './manager.js';
+
+/**
+ * Logger class for building operations
+ */
+export class BuildLogger extends LogManager {
+  constructor(logFile) {
+    super(logFile);
+  }
+
+  buildStart(options) {
+    this.info('build:start', {
+      tool: options.tool,
+      mode: options.mode,
+      files: options.files
+    });
+  }
+
+  buildEnd(result) {
+    this.info('build:end', {
+      success: result.success,
+      duration: result.duration,
+      outputFiles: result.outputFiles
+    });
+  }
+
+  buildError(error) {
+    this.error('build:error', {
+      message: error.message,
+      stack: error.stack
+    });
+  }
+
+  fileChange(event, path) {
+    this.info('file:change', { event, path });
+  }
+
+  watchStart(options) {
+    this.info('watch:start', options);
+  }
+
+  watchEnd() {
+    this.info('watch:end');
+  }
+}
+
+export const buildLogger = new BuildLogger();

package/src/logs/manager.js

@@ -0,0 +1,60 @@
+import { createWriteStream, mkdirSync, existsSync } from 'fs';
+import { dirname, resolve } from 'path';
+
+class LogManager {
+  constructor(logFile = '.pqm/pqm.log') {
+    this.logPath = resolve(process.cwd(), logFile);
+    this.stream = null;
+    this.initialized = false;
+  }
+
+  init() {
+    if (this.initialized) return;
+
+    try {
+      const dir = dirname(this.logPath);
+      if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+      }
+
+      this.stream = createWriteStream(this.logPath, { flags: 'a' });
+      this.initialized = true;
+    } catch (err) {
+      console.warn('Failed to initialize log file:', err.message);
+    }
+  }
+
+  write(level, message, meta = {}) {
+    if (!this.initialized) this.init();
+
+    const timestamp = new Date().toISOString();
+    const entry = {
+      timestamp,
+      level,
+      message,
+      ...meta
+    };
+
+    const line = JSON.stringify(entry) + '\n';
+
+    if (this.stream) {
+      this.stream.write(line);
+    }
+  }
+
+  info(message, meta) { this.write('info', message, meta); }
+  warn(message, meta) { this.write('warn', message, meta); }
+  error(message, meta) { this.write('error', message, meta); }
+  debug(message, meta) { this.write('debug', message, meta); }
+
+  close() {
+    if (this.stream) {
+      this.stream.end();
+      this.stream = null;
+    }
+    this.initialized = false;
+  }
+}
+
+export const logManager = new LogManager();
+export default LogManager;

package/src/report/formatter.js

@@ -0,0 +1,282 @@
+import chalk from 'chalk';
+
+/**
+ * Severity levels
+ */
+export const Severity = {
+  CRITICAL: 'critical',
+  HIGH: 'high',
+  MEDIUM: 'medium',
+  LOW: 'low',
+  INFO: 'info'
+};
+
+/**
+ * Get severity color
+ * @param {string} severity - Severity level
+ * @returns {Function} Chalk function
+ */
+function getSeverityColor(severity) {
+  switch (severity) {
+    case Severity.CRITICAL:
+      return chalk.red.bold;
+    case Severity.HIGH:
+      return chalk.red;
+    case Severity.MEDIUM:
+      return chalk.yellow;
+    case Severity.LOW:
+      return chalk.blue;
+    case Severity.INFO:
+    default:
+      return chalk.gray;
+  }
+}
+
+/**
+ * Get severity icon
+ * @param {string} severity - Severity level
+ * @returns {string} Icon
+ */
+function getSeverityIcon(severity) {
+  switch (severity) {
+    case Severity.CRITICAL:
+      return '🔴';
+    case Severity.HIGH:
+      return '🟠';
+    case Severity.MEDIUM:
+      return '🟡';
+    case Severity.LOW:
+      return '🔵';
+    case Severity.INFO:
+    default:
+      return '⚪';
+  }
+}
+
+/**
+ * Format issue for console output
+ * @param {Object} issue - Issue object
+ * @returns {string} Formatted string
+ */
+function formatIssue(issue) {
+  const { severity, type, line, message, suggestion } = issue;
+  const color = getSeverityColor(severity);
+  const icon = getSeverityIcon(severity);
+
+  let output = `  ${icon} ${color(`[${severity.toUpperCase()}]`)} ${chalk.cyan(type)}`;
+
+  if (line) {
+    output += ` ${chalk.gray(`(line ${line})`)}`;
+  }
+
+  output += `\n    ${message}`;
+
+  if (suggestion) {
+    output += `\n    ${chalk.gray('建议:')} ${chalk.green(suggestion)}`;
+  }
+
+  return output;
+}
+
+/**
+ * Format report for console output
+ * @param {Object} report - Analysis report
+ * @returns {string} Formatted output
+ */
+export function formatConsole(report) {
+  const lines = [];
+  const { summary, issues, byFile } = report;
+
+  // Header
+  lines.push('');
+  lines.push(chalk.bold('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+  lines.push(chalk.bold('  代码安全分析报告'));
+  lines.push(chalk.bold('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+  lines.push('');
+
+  // Summary
+  lines.push(chalk.bold('📊 问题统计:'));
+  lines.push(`  🔴 严重: ${summary.critical || 0}`);
+  lines.push(`  🟠 高危: ${summary.high || 0}`);
+  lines.push(`  🟡 中危: ${summary.medium || 0}`);
+  lines.push(`  🔵 低危: ${summary.low || 0}`);
+  lines.push(`  ⚪ 信息: ${summary.info || 0}`);
+  lines.push(`  ${chalk.gray('─'.repeat(30))}`);
+  lines.push(`  📝 总计: ${chalk.bold(issues.length)} 个问题`);
+  lines.push('');
+
+  if (issues.length === 0) {
+    lines.push(chalk.green('  ✓ 没有发现安全问题'));
+    lines.push('');
+    return lines.join('\n');
+  }
+
+  // Issues by file
+  lines.push(chalk.bold('📋 问题详情:'));
+  lines.push('');
+
+  for (const [file, fileIssues] of Object.entries(byFile)) {
+    lines.push(chalk.underline(chalk.white(file)));
+    lines.push('');
+
+    for (const issue of fileIssues) {
+      lines.push(formatIssue(issue));
+      lines.push('');
+    }
+  }
+
+  // Footer
+  lines.push(chalk.gray('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+
+  return lines.join('\n');
+}
+
+/**
+ * Format report as JSON
+ * @param {Object} report - Analysis report
+ * @returns {string} JSON string
+ */
+export function formatJSON(report) {
+  return JSON.stringify(report, null, 2);
+}
+
+/**
+ * Format report as HTML
+ * @param {Object} report - Analysis report
+ * @returns {string} HTML string
+ */
+export function formatHTML(report) {
+  const { summary, issues, byFile } = report;
+
+  const html = `<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>代码安全分析报告</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      max-width: 1000px;
+      margin: 0 auto;
+      padding: 20px;
+      background: #f5f5f5;
+    }
+    h1 { color: #333; border-bottom: 2px solid #333; padding-bottom: 10px; }
+    .summary {
+      background: white;
+      padding: 20px;
+      border-radius: 8px;
+      margin: 20px 0;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+    }
+    .summary-item { display: flex; align-items: center; margin: 10px 0; }
+    .summary-count { font-size: 24px; font-weight: bold; margin-right: 10px; }
+    .critical { color: #dc3545; }
+    .high { color: #fd7e14; }
+    .medium { color: #ffc107; }
+    .low { color: #17a2b8; }
+    .info { color: #6c757d; }
+    .file-section { margin: 20px 0; }
+    .file-path {
+      background: #333;
+      color: white;
+      padding: 10px 15px;
+      border-radius: 4px 4px 0 0;
+      font-family: monospace;
+    }
+    .issue {
+      background: white;
+      padding: 15px;
+      margin: 1px 0;
+      border-left: 4px solid #ddd;
+    }
+    .issue.critical { border-left-color: #dc3545; }
+    .issue.high { border-left-color: #fd7e14; }
+    .issue.medium { border-left-color: #ffc107; }
+    .issue.low { border-left-color: #17a2b8; }
+    .issue.info { border-left-color: #6c757d; }
+    .issue-header { font-weight: bold; margin-bottom: 5px; }
+    .issue-message { color: #555; margin: 5px 0; }
+    .issue-suggestion { color: #28a745; font-size: 0.9em; }
+    .severity-badge {
+      display: inline-block;
+      padding: 2px 8px;
+      border-radius: 4px;
+      font-size: 12px;
+      color: white;
+      margin-right: 10px;
+    }
+    .severity-badge.critical { background: #dc3545; }
+    .severity-badge.high { background: #fd7e14; }
+    .severity-badge.medium { background: #ffc107; color: #333; }
+    .severity-badge.low { background: #17a2b8; }
+    .severity-badge.info { background: #6c757d; }
+  </style>
+</head>
+<body>
+  <h1>🔒 代码安全分析报告</h1>
+
+  <div class="summary">
+    <h2>📊 问题统计</h2>
+    <div class="summary-item"><span class="summary-count critical">${summary.critical || 0}</span> <span>严重</span></div>
+    <div class="summary-item"><span class="summary-count high">${summary.high || 0}</span> <span>高危</span></div>
+    <div class="summary-item"><span class="summary-count medium">${summary.medium || 0}</span> <span>中危</span></div>
+    <div class="summary-item"><span class="summary-count low">${summary.low || 0}</span> <span>低危</span></div>
+    <div class="summary-item"><span class="summary-count info">${summary.info || 0}</span> <span>信息</span></div>
+    <hr>
+    <div class="summary-item"><span class="summary-count">${issues.length}</span> <span>总计问题数</span></div>
+  </div>
+
+  <h2>📋 问题详情</h2>
+  ${Object.entries(byFile).map(([file, fileIssues]) => `
+    <div class="file-section">
+      <div class="file-path">${file}</div>
+      ${fileIssues.map(issue => `
+        <div class="issue ${issue.severity}">
+          <div class="issue-header">
+            <span class="severity-badge ${issue.severity}">${issue.severity.toUpperCase()}</span>
+            ${issue.type} ${issue.line ? `<span style="color:#666">(line ${issue.line})</span>` : ''}
+          </div>
+          <div class="issue-message">${issue.message}</div>
+          ${issue.suggestion ? `<div class="issue-suggestion">建议: ${issue.suggestion}</div>` : ''}
+        </div>
+      `).join('')}
+    </div>
+  `).join('')}
+
+  <hr>
+  <p style="color:#999;text-align:center;">
+    Generated by pqm-cli at ${new Date().toISOString()}
+  </p>
+</body>
+</html>`;
+
+  return html;
+}
+
+/**
+ * Format report based on output type
+ * @param {Object} report - Analysis report
+ * @param {string} format - Output format (console/json/html)
+ * @returns {string} Formatted output
+ */
+export function formatReport(report, format = 'console') {
+  switch (format) {
+    case 'json':
+      return formatJSON(report);
+    case 'html':
+      return formatHTML(report);
+    case 'console':
+    default:
+      return formatConsole(report);
+  }
+}
+
+export default {
+  Severity,
+  formatConsole,
+  formatJSON,
+  formatHTML,
+  formatReport
+};