Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions astro.config.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ export default defineConfig({
label: "CLI",
collapsed: true,
items: [
{ label: "init", slug: "docs/cli/init" },
{ label: "audit", slug: "docs/cli/audit" },
{ label: "Effort Estimation", slug: "docs/cli/effort-estimate" },
{ label: "scan", slug: "docs/cli/scan" },
Expand All @@ -88,6 +89,7 @@ export default defineConfig({
{ label: "Configuration", slug: "docs/cli/configuration" },
{ label: "Report Formats", slug: "docs/cli/report-formats" },
{ label: "Exit Codes", slug: "docs/cli/exit-codes" },
{ label: "completion", slug: "docs/cli/completion" },
],
},
{
Expand Down
4 changes: 3 additions & 1 deletion src/content/docs/docs/cli/audit.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: flaglint audit
description: Generate a local flag debt audit report with risk scoring. No API key required.
lastUpdated: 2026-06-07
lastUpdated: 2026-07-01
---

`flaglint audit` scans your source code and classifies every detected LaunchDarkly Node.js SDK
Expand Down Expand Up @@ -30,6 +30,8 @@ npx flaglint audit ./src
| `--effort-estimate` | Add a directional migration-effort estimate to audit output. |
| `--hourly-rate <number>` | Add an optional engineering-cost range using a user-supplied hourly rate. Valid only with `--effort-estimate`. |
| `--write-baseline <file>` | Write current finding fingerprints to a baseline file for use with `validate --baseline --fail-on-new`. |
| `--quiet` / `-q` | Suppress all progress output. Only errors appear on stderr. Useful in scripts and CI pipelines where only the exit code matters. |
| `--verbose` | Show per-file scan progress (updates on every file instead of every 50). |

## Risk Levels

Expand Down
96 changes: 96 additions & 0 deletions src/content/docs/docs/cli/completion.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
---
title: flaglint completion
description: Output a shell completion script for bash, zsh, or fish.
lastUpdated: 2026-07-01
---

`flaglint completion` prints a shell completion script to stdout. Source it once and your shell will tab-complete subcommands, flags, and flag values (format choices, shell names, and more).

## Command

```bash
flaglint completion <shell>
```

Supported shells: `bash`, `zsh`, `fish`.

## Installation

### Bash

Load for the current session only:

```bash
source <(flaglint completion bash)
```

Load permanently (add to `~/.bashrc` or `~/.bash_profile`):

```bash
flaglint completion bash >> ~/.bash_completion
```

### Zsh

Load for the current session only:

```bash
source <(flaglint completion zsh)
```

Load permanently (requires `~/.zsh/completions` in your `$fpath`):

```bash
mkdir -p ~/.zsh/completions
flaglint completion zsh > ~/.zsh/completions/_flaglint
```

Then ensure `$fpath` includes the directory before `compinit` runs — add to `~/.zshrc`:

```zsh
fpath=(~/.zsh/completions $fpath)
autoload -Uz compinit && compinit
```

### Fish

```bash
flaglint completion fish > ~/.config/fish/completions/flaglint.fish
```
Comment on lines +55 to +59

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Create the Fish completions directory first.

~/.config/fish/completions/ is not guaranteed to exist, so this install command can fail on a fresh machine. Add a mkdir -p step before the redirect.

♻️ Proposed fix
 ### Fish
 
 ```bash
+mkdir -p ~/.config/fish/completions
 flaglint completion fish > ~/.config/fish/completions/flaglint.fish

</details>

<!-- suggestion_start -->

<details>
<summary>📝 Committable suggestion</summary>

> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

```suggestion
### Fish

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/content/docs/docs/cli/completion.md` around lines 55 - 59, The Fish
completion install example in the completion docs assumes
~/.config/fish/completions exists, which can break on a fresh machine. Update
the Fish section to add a mkdir -p step before running flaglint completion fish,
so the generated file can be redirected into an existing completions directory.


Fish auto-sources files in `~/.config/fish/completions/` on startup — no extra configuration needed.

## What Gets Completed

- **Subcommands** — `audit`, `scan`, `migrate`, `validate`, `init`, `completion`
- **Flags** — all per-command flags and global flags (`--quiet`, `--verbose`)
- **Flag values** — `--format` values (`json`, `markdown`, `html`, `sarif`, `text`), completion shell names (`bash`, `zsh`, `fish`)
- **File arguments** — `--output`, `--config`, `--baseline`, `--write-baseline` complete against the filesystem

## Examples

```bash
# Print the bash completion script
flaglint completion bash

# Activate immediately in the current bash session
source <(flaglint completion bash)

# Write the zsh completion script to the standard completions directory
flaglint completion zsh > ~/.zsh/completions/_flaglint

# Write the fish completion file
flaglint completion fish > ~/.config/fish/completions/flaglint.fish
```

## Exit Codes

| Code | Meaning |
| --- | --- |
| `0` | Script printed successfully. |
| `2` | No shell argument provided, or unsupported shell name. |

## Feedback

- [Edit this page on GitHub](https://github.com/flaglint/flaglint.dev/edit/main/src/content/docs/docs/cli/completion.md)
- [Report an unsupported pattern](https://github.com/flaglint/flaglint/issues/new?template=unsupported_pattern.yml)
43 changes: 40 additions & 3 deletions src/content/docs/docs/cli/configuration.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Configuration
description: Configure scan scope, wrappers, and imported OpenFeature client bindings.
lastUpdated: 2026-05-28
lastUpdated: 2026-07-01
---

FlagLint reads the first matching config file from:
Expand Down Expand Up @@ -40,10 +40,47 @@ Use `--config <path>` to pass a specific file.
| `exclude` | common build/test output | Files to skip. |
| `provider` | `launchdarkly` | Current implemented provider scope. |
| `minFileCount` | `0` | Optional local source review heuristic. |
| `wrappers` | `[]` | Wrapper call names to report for manual review. |
| `wrappers` | `[]` | Wrapper functions to detect as flag evaluations. Accepts string names or object form (see below). |
| `openFeatureClientBindings` | `[]` | Imported shared client allowlist for `migrate --apply`. |
| `reportTitle` | unset | Optional report title. |
| `outputDir` | `.` | Reserved CLI output setting. |
| `outputDir` | `.` | Directory for generated report files. |

## Wrappers — String and Object Form

The `wrappers` field accepts two forms, which can be mixed in the same array.

**String form** — any call to a function with that name is treated as a flag evaluation:

```json
{
"wrappers": ["evaluateFlag", "getFeature"]
}
```

**Object form** — the call is only detected when the function is imported from a specific package, preventing false positives from unrelated functions with the same name:

```json
{
"wrappers": [
"evaluateFlag",
{
"import": "my-feature-sdk",
"function": "getFlag",
"flagKeyArgument": 0
}
]
}
```

Object form fields:

| Field | Purpose |
| --- | --- |
| `import` | The package name that must be imported for this call to be detected. |
| `function` | The exported function name to detect. |
| `flagKeyArgument` | Zero-based index of the argument that holds the flag key. |

With the example above, `getFlag("my-flag-key", ctx)` is detected only when `getFlag` is imported from `my-feature-sdk`. A `getFlag` call imported from any other package is ignored.

## Feedback

Expand Down
86 changes: 86 additions & 0 deletions src/content/docs/docs/cli/init.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
---
title: flaglint init
description: Scaffold a flaglint.config.json with all fields set to their defaults.
lastUpdated: 2026-07-01
---

`flaglint init` writes a `flaglint.config.json` to the current directory with every configuration field set to its default value. Run it once to get a starting config you can edit — no manual JSON authoring required.

## Command

```bash
npx flaglint init
```

## Options

| Option | Description |
| --- | --- |
| `--output <path>` | Write the config to a different filename or path (default: `flaglint.config.json`). |
| `--force` | Overwrite an existing config file without error. |

## Config Template Written

```json
{
"include": ["**/*.{ts,tsx,js,jsx}"],
"exclude": [
"**/node_modules/**",
"**/dist/**",
"**/build/**",
"**/.next/**",
"**/coverage/**",
"**/*.d.ts"
],
"provider": "launchdarkly",
"minFileCount": 0,
"wrappers": [],
"openFeatureClientBindings": [],
"outputDir": "."
}
```

After writing, `flaglint init` prints a short explanation of each field to stderr so you know what to change.

## Config Search Order

FlagLint loads the first matching file from this list:

```text
.flaglintrc
.flaglintrc.json
flaglint.config.json
```

If you write to `flaglint.config.json` (the default) and `.flaglintrc` already exists in the same directory, FlagLint will load `.flaglintrc` instead — it has higher precedence. `flaglint init` warns you if this situation would occur.

Use `--output .flaglintrc` to write to the highest-precedence path instead, or `--config <path>` at runtime to use any file regardless of name.

## Exit Codes

| Code | Meaning |
| --- | --- |
| `0` | Config file written successfully. |
| `2` | Config file already exists and `--force` was not passed. |

## Examples

```bash
# Write flaglint.config.json in the current directory
npx flaglint init

# Write to .flaglintrc (highest-precedence name)
npx flaglint init --output .flaglintrc

# Overwrite an existing config without prompting
npx flaglint init --force

# Write to a specific path
npx flaglint init --output config/flaglint.json
```

## Feedback

- [Edit this page on GitHub](https://github.com/flaglint/flaglint.dev/edit/main/src/content/docs/docs/cli/init.md)
- [Report an unsupported pattern](https://github.com/flaglint/flaglint/issues/new?template=unsupported_pattern.yml)
- Next: [Configuration](/docs/cli/configuration/)
4 changes: 3 additions & 1 deletion src/content/docs/docs/cli/migrate.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: flaglint migrate
description: Generate migration plans, preview diffs, and apply guarded OpenFeature rewrites.
lastUpdated: 2026-05-28
lastUpdated: 2026-07-01
---

`flaglint migrate` analyzes supported LaunchDarkly Node.js server SDK evaluation calls and separates safe call-site rewrites from manual-review work.
Expand Down Expand Up @@ -30,6 +30,8 @@ npx flaglint migrate ./src --apply
| `--output <file>` | Write the default migration report to a file. |
| `--config <path>` | Use an explicit config file. |
| `--exclude-tests` | Exclude test/spec files and test directories. |
| `--quiet` / `-q` | Suppress all progress output. Only errors appear on stderr. Useful in scripts and CI pipelines where only the exit code matters. |
| `--verbose` | Show per-file scan progress (updates on every file instead of every 50). |

## Dry-Run Output

Expand Down
4 changes: 3 additions & 1 deletion src/content/docs/docs/cli/scan.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: flaglint scan
description: Inventory supported LaunchDarkly Node.js server SDK evaluation calls.
lastUpdated: 2026-05-28
lastUpdated: 2026-07-01
---

`flaglint scan` performs AST-based inventory of supported direct LaunchDarkly Node.js server SDK calls.
Expand All @@ -23,6 +23,8 @@ npx flaglint scan ./src
| `--output <file>` | Write report to a file. |
| `--config <path>` | Use an explicit config file. |
| `--exclude-tests` | Exclude test/spec files and test directories. |
| `--quiet` / `-q` | Suppress all progress output. Only errors appear on stderr. Useful in scripts and CI pipelines where only the exit code matters. |
| `--verbose` | Show per-file scan progress (updates on every file instead of every 50). |

## Example Output

Expand Down
4 changes: 3 additions & 1 deletion src/content/docs/docs/cli/validate.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: flaglint validate
description: Enforce no-direct-LaunchDarkly policy, baseline-aware CI enforcement, and SARIF findings.
lastUpdated: 2026-06-22
lastUpdated: 2026-07-01
---

`flaglint validate` checks whether source files comply with migration policy.
Expand All @@ -18,6 +18,8 @@ lastUpdated: 2026-06-22
| `--config <path>` | Use an explicit config file. |
| `--baseline <file>` | Baseline file for comparing against known debt. |
| `--fail-on-new` | Exit 1 if any findings are not in the baseline. |
| `--quiet` / `-q` | Suppress all progress output. Only errors appear on stderr. Useful in scripts and CI pipelines where only the exit code matters. |
| `--verbose` | Show per-file scan progress (updates on every file instead of every 50). |

## Blocking Policy Command

Expand Down
14 changes: 13 additions & 1 deletion src/content/docs/docs/quickstart.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Quickstart
description: Run your first FlagLint audit, inspect inventory, preview migration, and enforce the boundary in CI.
lastUpdated: 2026-05-28
lastUpdated: 2026-07-01
---

## Requirements
Expand All @@ -11,6 +11,18 @@ lastUpdated: 2026-05-28

Browser SDKs, React SDKs, non-Node SDKs, and non-LaunchDarkly providers are outside current detection coverage.

## 0. Scaffold a Config (Optional)

If you don't have a `flaglint.config.json` yet, scaffold one with all fields set to their defaults:

```bash
npx flaglint init
```

This writes `flaglint.config.json` to the current directory and prints a short explanation of every field to stderr. You can skip this step — FlagLint works with sensible defaults out of the box — but it's useful when you need to customize `include`/`exclude` patterns or configure `wrappers`.

See the [`flaglint init` reference](/docs/cli/init/) and [Configuration reference](/docs/cli/configuration/) for details.

## 1. Run an Audit

```bash
Expand Down
20 changes: 19 additions & 1 deletion src/content/docs/docs/reference/changelog.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,30 @@
---
title: Changelog
description: Recent FlagLint releases and what changed.
lastUpdated: 2026-06-22
lastUpdated: 2026-07-01
tableOfContents: false
---

import { LinkCard } from '@astrojs/starlight/components';

## [1.1.0] — 2026-07-01

### Added

- **React SDK import-verified detection** — hooks (`useFlags`, `useLDClient`, `useVariation`), HOC (`withLDConsumer`), and provider (`LDProvider`, `asyncWithLDProvider`) are now detected via verified import chains from `launchdarkly-react-client-sdk`. Previously these patterns were outside detection scope entirely.
- **Wrapper detection v2 — object form** — `wrappers` config now accepts `{ import, function, flagKeyArgument }` objects that match only when the function is imported from the specified package. Prevents false positives from unrelated functions with the same name.
- **`flaglint init`** — new command that scaffolds `flaglint.config.json` with all fields at their defaults. Warns if a higher-precedence config file would shadow the new file. Exits `2` if the file already exists without `--force`.
- **`flaglint completion`** — new command that outputs shell completion scripts for bash, zsh, and fish. Tab-completes subcommands, flags, and flag values.
- **`--quiet` / `--verbose` global flags** — `--quiet` (`-q`) suppresses all progress output; only errors appear on stderr. Useful in scripts and CI pipelines where only the exit code matters. `--verbose` lowers the spinner update threshold for more detailed progress on large codebases.
- **GitHub Action `version` input** — the `flaglint/flaglint` composite action now accepts a `version` input for pinning to a specific release instead of always using `@latest`.

### Fixed

- **Provider validation** — the `provider` config field now validates the supplied value. Unsupported providers exit `2` with a clear error message. Only `launchdarkly` is currently supported.
- **Bootstrap pattern matching** — the `--bootstrap-exclude` glob matcher now uses `micromatch` instead of a hand-rolled glob converter. Patterns that previously failed to match edge cases (e.g. complex brace expansions) now work correctly.

---

## [1.0.0] — 2026-06-22

### Summary
Expand Down
Loading
Loading