kevlozano · October 27, 2025 16:24
diff --git a/copilot-audit.js b/copilot-audit.js
 #!/usr/bin/env node
 import { execa } from "execa";
 import fs from "fs-extra";
 import path from "path";

 const REPO_PATH = "";
 const FEATURE_NAME = "";
 const OUTPUT_DIR = "";
 const NODE_BIN = "";
 const COPILOT_BIN = "";
 const slug = s =>
  s.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/(^-|-$)/g, "");

 await fs.ensureDir(OUTPUT_DIR);

 async function runAudit() {
  const dateStr = new Date().toISOString().slice(0, 10);
  const base = `${dateStr}-${slug(FEATURE_NAME)}`;
  const mdFile = path.join(OUTPUT_DIR, `${base}.md`);
  const jsonFile = path.join(OUTPUT_DIR, `${base}.json`);

  const prompt = `
 You are auditing this codebase for potential bugs, edge cases, or risky patterns related to "${FEATURE_NAME}".

 Return ONLY these two fenced code blocks to STDOUT, in this order:

 \`\`\`markdown
 # Executive Summary
 - Top 5 risks (bulleted)

 # Findings
 ## <ticket title>
 - Severity: <critical|high|medium|low>
 - Files: [path:line-range, ...]
 - Why this matters:
 - Suggested fix:
 - Estimate: <number>h
 \`\`\`

 \`\`\`json
 {"tickets":[{"title":"...","description":"...","file_paths":["path:line-range"],"severity":"high","suggested_fix":"...","estimate_hours":2}]}
 \`\`\`
 `;

  console.log("🔎 Running Copilot audit...");

  const { stdout } = await execa(
    NODE_BIN,
    [COPILOT_BIN, "-p", prompt, "--allow-all-tools"],
    { 
      cwd: REPO_PATH, 
      stdin: "ignore", 
      stdout: "pipe", 
      stderr: "pipe",
      extendEnv: false,
      env: {
        PATH: '',
        HOME: '',
        USER: '',
        SHELL: ''
      }
    }
  );

  const mdMatch = stdout.match(/```markdown([\s\S]*?)```/);
  const jsonMatch = stdout.match(/```json([\s\S]*?)```/);
  if (!mdMatch || !jsonMatch) {
    throw new Error("Failed to parse Copilot output (expected markdown and json code blocks).");
  }

  await fs.writeFile(mdFile, mdMatch[1].trim());
  await fs.writeFile(jsonFile, jsonMatch[1].trim());

  console.log("✅ Audit complete!");
  console.log(`📄 ${mdFile}`);
  console.log(`📊 ${jsonFile}`);
 }

 runAudit()
  .then(() => process.exit(0))
  .catch(err => { console.error("❌ Audit failed:", err); process.exit(1); });
	#!/usr/bin/env node
	import { execa } from "execa";
	import fs from "fs-extra";
	import path from "path";

	const REPO_PATH = "";
	const FEATURE_NAME = "";
	const OUTPUT_DIR = "";
	const NODE_BIN = "";
	const COPILOT_BIN = "";
	const slug = s =>
	s.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/(^-\|-$)/g, "");

	await fs.ensureDir(OUTPUT_DIR);

	async function runAudit() {
	const dateStr = new Date().toISOString().slice(0, 10);
	const base = `${dateStr}-${slug(FEATURE_NAME)}`;
	const mdFile = path.join(OUTPUT_DIR, `${base}.md`);
	const jsonFile = path.join(OUTPUT_DIR, `${base}.json`);

	const prompt = `
	You are auditing this codebase for potential bugs, edge cases, or risky patterns related to "${FEATURE_NAME}".

	Return ONLY these two fenced code blocks to STDOUT, in this order:

	\`\`\`markdown
	# Executive Summary
	- Top 5 risks (bulleted)

	# Findings
	## <ticket title>
	- Severity: <critical\|high\|medium\|low>
	- Files: [path:line-range, ...]
	- Why this matters:
	- Suggested fix:
	- Estimate: <number>h
	\`\`\`

	\`\`\`json
	{"tickets":[{"title":"...","description":"...","file_paths":["path:line-range"],"severity":"high","suggested_fix":"...","estimate_hours":2}]}
	\`\`\`
	`;

	console.log("🔎 Running Copilot audit...");

	const { stdout } = await execa(
	NODE_BIN,
	[COPILOT_BIN, "-p", prompt, "--allow-all-tools"],
	{
	cwd: REPO_PATH,
	stdin: "ignore",
	stdout: "pipe",
	stderr: "pipe",
	extendEnv: false,
	env: {
	PATH: '',
	HOME: '',
	USER: '',
	SHELL: ''
	}
	}
	);

	const mdMatch = stdout.match(/```markdown([\s\S]*?)```/);
	const jsonMatch = stdout.match(/```json([\s\S]*?)```/);
	if (!mdMatch \|\| !jsonMatch) {
	throw new Error("Failed to parse Copilot output (expected markdown and json code blocks).");
	}

	await fs.writeFile(mdFile, mdMatch[1].trim());
	await fs.writeFile(jsonFile, jsonMatch[1].trim());

	console.log("✅ Audit complete!");
	console.log(`📄 ${mdFile}`);
	console.log(`📊 ${jsonFile}`);
	}

	runAudit()
	.then(() => process.exit(0))
	.catch(err => { console.error("❌ Audit failed:", err); process.exit(1); });
No results found