grclanker has two main surfaces:
src/: Astro marketing/docs site (src/pages,src/content/docs)cli/: TypeScript CLI runtime, prompts, extensions, scripts, and testsspecs/: product and tool build specs, usually one*-spec.mdper integration
Most contributor work lands in cli/extensions/grc-tools/ for native tools, cli/tests/ for regression coverage, and cli/scripts/ for sync or live-smoke helpers.
npm run dev: run the Astro site locallynpm run build: build the Astro sitenpm --prefix cli run build: compile the CLI tocli/dist/npm --prefix cli run dev: run the CLI entrypoint withtsxnpm --prefix cli run test:cli: build the CLI and run the full Node test suitenpm --prefix cli run sync:fedramp: refresh generated FedRAMP docs/content from official sources
Live smoke scripts exist for integrations and intentionally skip when creds or external CLIs are missing, for example npm --prefix cli run test:gws-ops:live.
Use ESM TypeScript and keep existing style consistent: 2-space indentation, semicolons, descriptive helper names, and small focused functions. New native tools should follow the existing *_check_access, *_assess_*, and *_export_* naming patterns. Keep prompts and site copy concise and grounded in shipped behavior.
Tests use Node’s built-in runner (node --test) with .test.mjs files in cli/tests/. Add targeted tests for every new tool, plus bundle/output-path checks when exporting files. Prefer mocked API coverage first, then add an optional test:*:live script for real-tenant smoke tests when relevant.
Recent history uses short imperative subjects like Add Okta compliance assessment tools and Add Google Workspace CLI operator bridge. Keep commits scoped to one feature or hardening pass. PRs should include:
- a clear summary of user-facing changes
- linked Linear issue(s)
- validation commands run
- screenshots only when site/docs UI changed
Never commit tenant credentials, generated evidence bundles, or local workspace artifacts. .gitignore already covers common secrets such as .env*, .okta.yaml, credentials.json, client_secret.json, *service-account*.json, export/, and oscal-workspace/. Prefer environment variables or local config files outside the repo for sensitive values.