slopstopper-cli 0.3.0__tar.gz

slopstopper_cli-0.3.0/.gitignore

@@ -0,0 +1,28 @@
+node_modules/
+playwright-report/
+test-results/
+.ss/playwright-report/
+.ss/test-results/
+# SlopStopper-generated reports (all under .ss/reports/<category>/)
+.ss/reports/
+# Python bytecode under .ss/scripts/. .workflows-installed is deliberately
+# NOT ignored — it's the install marker that tracks adopter deletions
+# across re-runs and must be tracked.
+.ss/scripts/**/__pycache__/
+.ss/tests/**/__pycache__/
+# CLI package build artefacts (in-tree CLI pivot — see cli/README.md)
+cli/**/__pycache__/
+cli/*.egg-info/
+cli/build/
+cli/dist/
+cli/.venv/
+cli/.pytest_cache/
+cli/.task/
+# Local Netlify folder
+.netlify
+# TypeScript compiled output (copy.js is hand-written runtime JS, not a tsc artefact)
+app/*.js
+!app/copy.js
+# Local Claude Code state — but ship shared skills with the repo
+.claude/*
+!.claude/skills/

slopstopper_cli-0.3.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Richard Griffiths
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

slopstopper_cli-0.3.0/PKG-INFO

@@ -0,0 +1,123 @@
+Metadata-Version: 2.4
+Name: slopstopper-cli
+Version: 0.3.0
+Summary: Portable code-quality suite — security, hygiene, reliability.
+Project-URL: Homepage, https://slopstopper.dev
+Project-URL: Source, https://github.com/hungovercoders/slopstopper
+Project-URL: Issues, https://github.com/hungovercoders/slopstopper/issues
+Project-URL: Documentation, https://slopstopper.dev
+Project-URL: Changelog, https://github.com/hungovercoders/slopstopper/blob/main/CHANGELOG.md
+Project-URL: Acknowledgements, https://github.com/hungovercoders/slopstopper/blob/main/ATTRIBUTIONS.md
+Author: Richard Griffiths
+Maintainer-email: Richard Griffiths <griff182uk@googlemail.com>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: accessibility,checks,ci,lighthouse,linting,playwright,quality,security,slopstopper
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: POSIX
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Testing
+Classifier: Topic :: System :: Software Distribution
+Requires-Python: >=3.11
+Provides-Extra: test
+Requires-Dist: lizard>=1.17; extra == 'test'
+Requires-Dist: pytest>=7; extra == 'test'
+Description-Content-Type: text/markdown
+
+# slopstopper-cli
+
+The SlopStopper quality suite, packaged as a `pipx`-installable CLI.
+
+> **Status: Beta.** Every check in the [public catalogue](https://slopstopper.dev/features.html) runs through this package. The CI workflows under `.github/workflows/ss-*.yml` install `slopstopper-cli` and call `slopstopper run <category>:<check>` — same code path you use locally.
+
+## Install
+
+End-user (most adopters):
+
+```bash
+pipx install slopstopper-cli
+slopstopper --version
+slopstopper checks list
+slopstopper doctor
+```
+
+> Published to PyPI on every release tag. `pipx upgrade slopstopper-cli` pulls the latest. Each release is also attached to the [latest GitHub Release](https://github.com/hungovercoders/slopstopper/releases/latest) with a Sigstore build-provenance attestation — verify with `gh attestation verify <wheel> --owner hungovercoders`.
+
+Development (editable, from a clone of this repo):
+
+```bash
+pip install -e ./cli
+slopstopper run hygiene:docs-size
+```
+
+## CLI surface
+
+```text
+slopstopper run <category>:<check>             # run a check, write reports under .ss/reports/
+slopstopper emit <c>:<n> --target {pr-comment,issue}
+slopstopper discover <check> --event <e>       # resolve pages.<check> from sitemap / changed / list
+slopstopper config get <key> [<default>]       # read .slopstopper.yml
+slopstopper templates {list, path <n>, eject <n>}   # inspect / customise bundled templates
+slopstopper serve                              # bundled static server (auto-detects worker/headers.json)
+slopstopper checks list [--category <c>] [--json]
+slopstopper doctor                             # verify external tools are installed
+slopstopper --quiet …                          # suppress decorative output (CI logs)
+```
+
+`slopstopper` with no args prints a banner of the commands above plus a quick-start block.
+
+## Run the tests
+
+```bash
+# From the repo root:
+task -t cli/Taskfile.yml test
+
+# Or from cli/:
+task test
+
+# Filter to a single test:
+task -t cli/Taskfile.yml test -- -k docs_size
+```
+
+The same `task test` target is what CI runs (see [`.github/workflows/ci-cli.yml`](../.github/workflows/ci-cli.yml)), so local and CI invocations stay in sync. The Taskfile creates and reuses a project-local venv at `cli/.venv/` (gitignored) so it doesn't conflict with system Python under PEP 668.
+
+This workflow is slopstopper-internal — it is **not** part of the distributed `ss-*-check.yml` suite and is never seeded into adopter repos.
+
+## Layout
+
+- `slopstopper/cli.py` — argparse dispatcher + bare-invocation banner
+- `slopstopper/output.py` — shared formatters (running / success / warn / error / footer / `--quiet`)
+- `slopstopper/config.py` — `.slopstopper.yml` reader (stdlib-only YAML subset)
+- `slopstopper/templates.py` — bundled-template resolver + `templates {list, path, eject}` API
+- `slopstopper/emit.py` — `gh` CLI wrapper for PR comment + main-branch issue emission
+- `slopstopper/discovery.py` — pages-to-audit resolver for reliability checks
+- `slopstopper/checks/` — one module per check; registry in `__init__.py`
+- `slopstopper/data/` — bundled Playwright specs, lighthouserc dev/prod, server.js
+
+## Adding a check
+
+1. Add `slopstopper/checks/<name>.py` exposing `run(args) -> int`. Start the module docstring with a one-line summary (`slopstopper checks list` reads it).
+2. Register it in `slopstopper/checks/__init__.py`'s `REGISTRY` dict.
+3. Write the report to `.ss/reports/<category>/<name>-report.md` in the CWD.
+4. Use `from slopstopper import output` for any user-facing print calls so `--quiet` and the consistent visual language come for free.
+5. If the check should be postable to a PR or issue, declare a `META` dict in the module — `emit.py` reads it.
+
+## Skills for agents
+
+The trio under [`.claude/skills/slopstopper-{install,update,triage}/SKILL.md`](../.claude/skills/) is the long-form playbook for Claude Code agents working with this CLI. Update them when you add or rename a check, env var, or `task ss:*` target.
+
+## Acknowledgements
+
+slopstopper-cli ships with no third-party Python dependencies — every check invokes its tool via `subprocess` only. Full credit, licences and upstream links for every tool we drive live in [`ATTRIBUTIONS.md`](../ATTRIBUTIONS.md).
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

slopstopper_cli-0.3.0/README.md

@@ -0,0 +1,89 @@
+# slopstopper-cli
+
+The SlopStopper quality suite, packaged as a `pipx`-installable CLI.
+
+> **Status: Beta.** Every check in the [public catalogue](https://slopstopper.dev/features.html) runs through this package. The CI workflows under `.github/workflows/ss-*.yml` install `slopstopper-cli` and call `slopstopper run <category>:<check>` — same code path you use locally.
+
+## Install
+
+End-user (most adopters):
+
+```bash
+pipx install slopstopper-cli
+slopstopper --version
+slopstopper checks list
+slopstopper doctor
+```
+
+> Published to PyPI on every release tag. `pipx upgrade slopstopper-cli` pulls the latest. Each release is also attached to the [latest GitHub Release](https://github.com/hungovercoders/slopstopper/releases/latest) with a Sigstore build-provenance attestation — verify with `gh attestation verify <wheel> --owner hungovercoders`.
+
+Development (editable, from a clone of this repo):
+
+```bash
+pip install -e ./cli
+slopstopper run hygiene:docs-size
+```
+
+## CLI surface
+
+```text
+slopstopper run <category>:<check>             # run a check, write reports under .ss/reports/
+slopstopper emit <c>:<n> --target {pr-comment,issue}
+slopstopper discover <check> --event <e>       # resolve pages.<check> from sitemap / changed / list
+slopstopper config get <key> [<default>]       # read .slopstopper.yml
+slopstopper templates {list, path <n>, eject <n>}   # inspect / customise bundled templates
+slopstopper serve                              # bundled static server (auto-detects worker/headers.json)
+slopstopper checks list [--category <c>] [--json]
+slopstopper doctor                             # verify external tools are installed
+slopstopper --quiet …                          # suppress decorative output (CI logs)
+```
+
+`slopstopper` with no args prints a banner of the commands above plus a quick-start block.
+
+## Run the tests
+
+```bash
+# From the repo root:
+task -t cli/Taskfile.yml test
+
+# Or from cli/:
+task test
+
+# Filter to a single test:
+task -t cli/Taskfile.yml test -- -k docs_size
+```
+
+The same `task test` target is what CI runs (see [`.github/workflows/ci-cli.yml`](../.github/workflows/ci-cli.yml)), so local and CI invocations stay in sync. The Taskfile creates and reuses a project-local venv at `cli/.venv/` (gitignored) so it doesn't conflict with system Python under PEP 668.
+
+This workflow is slopstopper-internal — it is **not** part of the distributed `ss-*-check.yml` suite and is never seeded into adopter repos.
+
+## Layout
+
+- `slopstopper/cli.py` — argparse dispatcher + bare-invocation banner
+- `slopstopper/output.py` — shared formatters (running / success / warn / error / footer / `--quiet`)
+- `slopstopper/config.py` — `.slopstopper.yml` reader (stdlib-only YAML subset)
+- `slopstopper/templates.py` — bundled-template resolver + `templates {list, path, eject}` API
+- `slopstopper/emit.py` — `gh` CLI wrapper for PR comment + main-branch issue emission
+- `slopstopper/discovery.py` — pages-to-audit resolver for reliability checks
+- `slopstopper/checks/` — one module per check; registry in `__init__.py`
+- `slopstopper/data/` — bundled Playwright specs, lighthouserc dev/prod, server.js
+
+## Adding a check
+
+1. Add `slopstopper/checks/<name>.py` exposing `run(args) -> int`. Start the module docstring with a one-line summary (`slopstopper checks list` reads it).
+2. Register it in `slopstopper/checks/__init__.py`'s `REGISTRY` dict.
+3. Write the report to `.ss/reports/<category>/<name>-report.md` in the CWD.
+4. Use `from slopstopper import output` for any user-facing print calls so `--quiet` and the consistent visual language come for free.
+5. If the check should be postable to a PR or issue, declare a `META` dict in the module — `emit.py` reads it.
+
+## Skills for agents
+
+The trio under [`.claude/skills/slopstopper-{install,update,triage}/SKILL.md`](../.claude/skills/) is the long-form playbook for Claude Code agents working with this CLI. Update them when you add or rename a check, env var, or `task ss:*` target.
+
+## Acknowledgements
+
+slopstopper-cli ships with no third-party Python dependencies — every check invokes its tool via `subprocess` only. Full credit, licences and upstream links for every tool we drive live in [`ATTRIBUTIONS.md`](../ATTRIBUTIONS.md).
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

slopstopper_cli-0.3.0/Taskfile.yml

@@ -0,0 +1,218 @@
+version: '3'
+
+# Tasks for the slopstopper-cli Python package.
+# Internal — this Taskfile is NOT part of the distributed slopstopper
+# suite and is not seeded into adopter repos. CI (`.github/workflows/ci-cli.yml`)
+# and local development must both call the targets here so versions and
+# tooling stay in sync across contexts.
+#
+# Invoke from anywhere in the repo:
+#
+#   task -t cli/Taskfile.yml test
+#   task -t cli/Taskfile.yml test -- -k docs_size   # filter
+#
+# or from cli/:
+#
+#   task test
+
+tasks:
+  install:
+    desc: Create cli/.venv and install slopstopper-cli with test extras
+    cmds:
+      - test -d .venv || python3 -m venv .venv
+      - .venv/bin/pip install --quiet --upgrade pip
+      - .venv/bin/pip install --quiet -e '.[test]'
+    sources:
+      - pyproject.toml
+    generates:
+      - .venv/pyvenv.cfg
+
+  test:
+    desc: Run the pytest suite
+    deps: [install]
+    cmds:
+      - .venv/bin/pytest tests/ {{.CLI_ARGS}}
+
+  parity:
+    desc: Verify CLI reports are byte-identical to the bash scripts they replace
+    summary: |
+      For each check that has been ported to the CLI, runs both the
+      legacy bash/python implementation under .ss/scripts/ and the CLI
+      port, then diffs their reports (excluding the timestamp line).
+      Any divergence fails CI — this is the load-bearing proof that
+      the CLI hasn't drifted from the bash scripts it will eventually
+      replace.
+
+      As more checks land, add a new section to the script below.
+      When a check is fully cut over (workflow flipped, bash script
+      deleted), remove its section.
+    deps: [install]
+    dir: '{{.TASKFILE_DIR}}/..'
+    cmds:
+      - |
+        set -e
+        TMP=$(mktemp -d)
+        trap 'rm -rf "$TMP"' EXIT
+        # Strip timestamp lines from both .md reports and .json reports so
+        # parity isn't broken by clock drift between bash and CLI runs.
+        # Patterns observed across checks:
+        #   **Generated:** YYYY-MM-DD ...     (docs-size, entry-files, docs-structure, docs-accuracy)
+        #   **Generated**: YYYY-MM-DD ...     (complexity — asterisks before colon)
+        #   "generated_at": "...",            (every JSON report)
+        STRIP='^\*\*Generated|"generated_at"'
+        FAILED=0
+
+        # check_parity NAME BASH_CMD CLI_CMD REPORT_PATH [REPORT_PATH...]
+        # Each REPORT_PATH names a single file the check owns. Both
+        # implementations must write to the same paths; we diff every
+        # named file (timestamp-stripped). Explicit paths avoid
+        # accidentally diffing co-located reports owned by other checks.
+        check_parity() {
+          local name="$1"
+          local bash_cmd="$2"
+          local cli_cmd="$3"
+          shift 3
+          local report_paths=("$@")
+
+          echo ""
+          echo "=== ${name} ==="
+
+          # Bash side. Exit code may legitimately be non-zero (some checks
+          # gate CI on violations); the report diff is what we're judging.
+          eval "$bash_cmd" > /dev/null 2>&1 || true
+          local i=0
+          for report_path in "${report_paths[@]}"; do
+            cp "$report_path" "$TMP/${name}-bash-${i}" 2>/dev/null || true
+            i=$((i + 1))
+          done
+
+          # CLI side.
+          eval "$cli_cmd" > /dev/null 2>&1 || true
+          i=0
+          for report_path in "${report_paths[@]}"; do
+            cp "$report_path" "$TMP/${name}-cli-${i}" 2>/dev/null || true
+            i=$((i + 1))
+          done
+
+          local check_failed=0
+          i=0
+          for report_path in "${report_paths[@]}"; do
+            local label="$(basename "$report_path")"
+            local bash_file="$TMP/${name}-bash-${i}"
+            local cli_file="$TMP/${name}-cli-${i}"
+            i=$((i + 1))
+            if [ ! -f "$bash_file" ]; then
+              echo "  ❌ ${label}: bash did not produce this report"
+              check_failed=1
+              continue
+            fi
+            if [ ! -f "$cli_file" ]; then
+              echo "  ❌ ${label}: CLI did not produce this report"
+              check_failed=1
+              continue
+            fi
+            grep -vE "$STRIP" "$bash_file" > "$TMP/${name}-${i}.bash-stripped" || true
+            grep -vE "$STRIP" "$cli_file" > "$TMP/${name}-${i}.cli-stripped" || true
+            if diff -u "$TMP/${name}-${i}.bash-stripped" "$TMP/${name}-${i}.cli-stripped"; then
+              echo "  ✅ ${label}"
+            else
+              echo "  ❌ ${label}"
+              check_failed=1
+            fi
+          done
+
+          if [ "$check_failed" -eq 0 ]; then
+            echo "✅ ${name} parity OK"
+          else
+            echo "❌ ${name} parity FAILED"
+            FAILED=1
+          fi
+        }
+
+        # Hygiene parity rows were removed when the hygiene category's
+        # bash scripts were deleted — `.ss/scripts/check-docs-size.sh`,
+        # `check-entry-file-size.py`, `check-docs-structure.py` (+
+        # `generate-docs-structure-md.py`), `check-docs-accuracy.py` (+
+        # `generate-docs-accuracy-md.py`), `generate-complexity-md.py`,
+        # and `check-csp-exceptions.py` (+ `headers_adapters/`) no
+        # longer exist. The hygiene checks now run only via the CLI;
+        # see `cli/tests/checks/test_*.py` for the per-check coverage.
+
+        # Security parity rows were removed when the security category's
+        # bash scripts were deleted — `generate-secrets-md.py`,
+        # `generate-sast-md.py`, `generate-dependencies-md.py`,
+        # `generate-dast-md.py`, and `check-dast-alerts.py` no longer
+        # exist. The security checks now run only via the CLI; see
+        # `cli/tests/checks/test_*.py` (+ `tests/test_dast_gate.py`
+        # for the lifted DAST gate) for the per-check coverage.
+
+        # security:dast — intentionally NOT parity-tested. ZAP baseline
+        # scans actively probe a live server and the resulting alerts
+        # are non-deterministic between runs (probe ordering, instance
+        # counts, even alert presence for low-confidence rules), so a
+        # byte-diff between two consecutive scans would fail even at
+        # 100% logical parity. Each scan is also ~1m17s of Docker time
+        # — running both back-to-back costs more than the signal is
+        # worth. The MD generation logic in
+        # cli/slopstopper/checks/dast.py is a straight lift of
+        # .ss/scripts/generate-dast-md.py and is exhaustively unit-
+        # tested in cli/tests/checks/test_dast.py. Trust the unit tests
+        # for the build_md_report layer; trust the bash workflow for
+        # the live ZAP behaviour.
+
+        # reliability:smoke — intentionally NOT parity-tested. Playwright
+        # smoke runs hit a live URL and emit playwright's own HTML/list
+        # reporter output, not .ss/reports/*-report.{md,json} files we
+        # can diff. The CLI port is a thin subprocess wrapper around
+        # `npx playwright test`: args parsing, env construction and
+        # command building are exhaustively unit-tested in
+        # cli/tests/checks/test_smoke.py (18 tests). Trust the unit
+        # tests for the launch envelope; trust the bash workflow for
+        # the live playwright behaviour.
+
+        # reliability:cwv — intentionally NOT parity-tested. Lighthouse
+        # CI hits a live URL and emits its own HTML/JSON artifacts
+        # alongside thresholding output; nothing in .ss/reports/ to
+        # diff. CWV scores are also non-deterministic (TBT, LCP vary
+        # with network and CPU jitter on the runner). The CLI port is
+        # a thin subprocess wrapper around `npx lhci autorun`;
+        # args/url/config plumbing is unit-tested in
+        # cli/tests/checks/test_cwv.py (13 tests).
+
+        # reliability:accessibility — intentionally NOT parity-tested.
+        # Same shape as reliability:smoke (Playwright + axe-core,
+        # results in .ss/playwright-report/, no .ss/reports/*-report.*
+        # to diff; results can flicker on first paint timing). Port
+        # plumbs --url, ACCESSIBILITY_TEST_URL / SMOKE_TEST_URL
+        # fallback, and ACCESSIBILITY_PAGES via discover-pages.py
+        # subprocess. Args / env / discover-pages plumbing is unit-
+        # tested in cli/tests/checks/test_accessibility.py (23 tests).
+
+        # reliability:broken-links — intentionally NOT parity-tested.
+        # Same shape as reliability:accessibility (Playwright spec
+        # against a live URL). Live HEAD probes are network-dependent;
+        # results vary with target uptime, redirects, third-party
+        # outbound link availability. Port plumbs --url,
+        # BROKEN_LINKS_TEST_URL / SMOKE_TEST_URL fallback, and
+        # BROKEN_LINKS_PAGES via discover-pages.py subprocess. Args
+        # / env / discover-pages plumbing is unit-tested in
+        # cli/tests/checks/test_broken_links.py (22 tests).
+
+        # reliability:seo — intentionally NOT parity-tested. The CLI
+        # subprocess-invokes .ss/scripts/check-seo-metatags.py, which
+        # writes diffable .ss/reports/seo/*.{md,json} reports — but
+        # the underlying audit hits live URLs and HEAD-checks
+        # og:image hosts, so two back-to-back runs can disagree on
+        # transient network state. Args / env / discover-pages
+        # plumbing is unit-tested in cli/tests/checks/test_seo.py
+        # (18 tests). When the SEO script is lifted into the CLI
+        # package (next phase), this can become a true parity-eligible
+        # check if we standardise the URL fixture.
+
+        echo ""
+        if [ "$FAILED" -eq 0 ]; then
+          echo "All parity checks passed."
+        else
+          echo "One or more parity checks failed — see diff(s) above."
+          exit 1
+        fi

slopstopper_cli-0.3.0/pyproject.toml

@@ -0,0 +1,72 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "slopstopper-cli"
+version = "0.3.0"
+description = "Portable code-quality suite — security, hygiene, reliability."
+readme = "README.md"
+requires-python = ">=3.11"
+license = "MIT"
+license-files = ["LICENSE"]
+authors = [{ name = "Richard Griffiths" }]
+maintainers = [{ name = "Richard Griffiths", email = "griff182uk@googlemail.com" }]
+keywords = [
+  "ci",
+  "quality",
+  "checks",
+  "linting",
+  "security",
+  "accessibility",
+  "lighthouse",
+  "playwright",
+  "slopstopper",
+]
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "License :: OSI Approved :: MIT License",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
+  "Topic :: Software Development :: Quality Assurance",
+  "Topic :: Software Development :: Testing",
+  "Topic :: Security",
+  "Topic :: System :: Software Distribution",
+  "Environment :: Console",
+  "Intended Audience :: Developers",
+  "Operating System :: POSIX",
+  "Operating System :: MacOS",
+]
+dependencies = []
+
+[project.optional-dependencies]
+test = [
+  "pytest>=7",
+  # `lizard` is invoked at runtime by hygiene:complexity via subprocess
+  # (`python -m lizard`). Not a runtime dep of slopstopper-cli itself —
+  # adopters install it themselves in production. Pulled into the test
+  # extra so CI parity + integration tests can exercise the real tool.
+  "lizard>=1.17",
+]
+
+[project.scripts]
+slopstopper = "slopstopper.cli:main"
+
+[project.urls]
+Homepage = "https://slopstopper.dev"
+Source = "https://github.com/hungovercoders/slopstopper"
+Issues = "https://github.com/hungovercoders/slopstopper/issues"
+Documentation = "https://slopstopper.dev"
+Changelog = "https://github.com/hungovercoders/slopstopper/blob/main/CHANGELOG.md"
+Acknowledgements = "https://github.com/hungovercoders/slopstopper/blob/main/ATTRIBUTIONS.md"
+
+[tool.hatch.build.targets.wheel]
+# `packages = ["slopstopper"]` includes the slopstopper/ tree (Python +
+# data files) automatically — no `force-include` needed; that block
+# caused a double-include error when building the wheel under hatchling.
+packages = ["slopstopper"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+addopts = "-q"

slopstopper_cli-0.3.0/slopstopper/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.3.0"

slopstopper_cli-0.3.0/slopstopper/__main__.py

@@ -0,0 +1,4 @@
+from slopstopper.cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

slopstopper_cli-0.3.0/slopstopper/checks/__init__.py

@@ -0,0 +1,41 @@
+"""Check registry. Maps `<category>:<name>` keys to check entrypoints."""
+
+from __future__ import annotations
+
+from typing import Callable, Optional
+
+from slopstopper.checks import (
+    accessibility,
+    broken_links,
+    complexity,
+    csp_exceptions,
+    cwv,
+    dast,
+    dependencies,
+    docs_accuracy,
+    docs_size,
+    docs_structure,
+    entry_files,
+    sast,
+    secrets,
+    seo,
+    smoke,
+)
+
+REGISTRY: dict[str, Callable[[Optional[list[str]]], int]] = {
+    "hygiene:complexity": complexity.run,
+    "hygiene:csp-exceptions": csp_exceptions.run,
+    "hygiene:docs-accuracy": docs_accuracy.run,
+    "hygiene:docs-size": docs_size.run,
+    "hygiene:docs-structure": docs_structure.run,
+    "hygiene:entry-files": entry_files.run,
+    "reliability:accessibility": accessibility.run,
+    "reliability:broken-links": broken_links.run,
+    "reliability:cwv": cwv.run,
+    "reliability:seo": seo.run,
+    "reliability:smoke": smoke.run,
+    "security:dast": dast.run,
+    "security:dependencies": dependencies.run,
+    "security:sast": sast.run,
+    "security:secrets": secrets.run,
+}