@@ -46,7 +46,9 @@ export interface SecurityComponentAuditCliOptions {
4646 sequential : boolean ;
4747}
4848
49- export function parseSecurityComponentAuditCliOptions ( argv : string [ ] ) : SecurityComponentAuditCliOptions {
49+ export function parseSecurityComponentAuditCliOptions (
50+ argv : string [ ] ,
51+ ) : SecurityComponentAuditCliOptions {
5052 const componentIds = new Set < string > ( ) ;
5153 let force = false ;
5254 let ledgerCheckOnly = false ;
@@ -334,9 +336,7 @@ export function summarizeSecurityComponentLedgerFreshness(
334336 const entry = ledger ?. entries [ componentId ] ;
335337
336338 if ( fixture . skipReason || ( fixture . requiresSecrets ?. length ?? 0 ) > 0 ) {
337- const hasSecrets = ( fixture . requiresSecrets ?? [ ] ) . every (
338- ( name ) => process . env [ name ] ?. trim ( ) ,
339- ) ;
339+ const hasSecrets = ( fixture . requiresSecrets ?? [ ] ) . every ( ( name ) => process . env [ name ] ?. trim ( ) ) ;
340340 if ( ! hasSecrets ) {
341341 return {
342342 componentId,
@@ -403,10 +403,7 @@ export function summarizeSecurityComponentLedgerFreshness(
403403 } ) ;
404404
405405 const allCurrent = items . every (
406- ( item ) =>
407- item . status === 'current' ||
408- item . status === 'skipped' ||
409- item . status === 'missing' ,
406+ ( item ) => item . status === 'current' || item . status === 'skipped' || item . status === 'missing' ,
410407 ) ;
411408
412409 return { allCurrent, items } ;
@@ -423,9 +420,10 @@ export function renderSecurityComponentLedgerFreshness(summary: {
423420 `- ${ item . componentId } [${ item . tier } ] ${ item . status } ${ item . verifiedAt ? ` (${ item . verifiedAt } )` : '' } : ${ item . rationale } ` ,
424421 ) ;
425422
426- return [ `Security component ledger: ${ summary . allCurrent ? 'CURRENT' : 'NEEDS ATTENTION' } ` , ...lines ] . join (
427- '\n' ,
428- ) ;
423+ return [
424+ `Security component ledger: ${ summary . allCurrent ? 'CURRENT' : 'NEEDS ATTENTION' } ` ,
425+ ...lines ,
426+ ] . join ( '\n' ) ;
429427}
430428
431429export function shouldSkipSecurityComponentLiveAudit ( options : {
@@ -435,21 +433,29 @@ export function shouldSkipSecurityComponentLiveAudit(options: {
435433 force : boolean ;
436434 fixture : SecurityComponentAuditFixture ;
437435} ) : SecurityComponentLedgerEntry | undefined {
438- if ( options . force ) {
439- return undefined ;
440- }
436+ const requiredSecrets = options . fixture . requiresSecrets ?? [ ] ;
437+ const missingRequiredSecrets = requiredSecrets . filter ( ( name ) => ! process . env [ name ] ?. trim ( ) ) ;
438+ const missingCredentialGate =
439+ missingRequiredSecrets . length > 0 ||
440+ ( requiredSecrets . length === 0 && options . fixture . skipReason !== undefined ) ;
441441
442- if ( options . fixture . skipReason && ! ( options . fixture . requiresSecrets ?? [ ] ) . some ( ( name ) => process . env [ name ] ?. trim ( ) ) ) {
442+ if ( missingCredentialGate ) {
443443 return {
444444 componentId : options . componentId ,
445445 fingerprint : options . fingerprint ,
446446 tier : options . fixture . tier ,
447447 status : 'skipped' ,
448- error : options . fixture . skipReason ,
448+ error :
449+ options . fixture . skipReason ??
450+ `Missing required secrets: ${ missingRequiredSecrets . join ( ', ' ) } ` ,
449451 verifiedAt : new Date ( ) . toISOString ( ) ,
450452 } ;
451453 }
452454
455+ if ( options . force ) {
456+ return undefined ;
457+ }
458+
453459 const existing = options . ledger ?. entries [ options . componentId ] ;
454460 if ( existing ?. fingerprint === options . fingerprint && existing . status === 'passed' ) {
455461 return existing ;
0 commit comments