Skip to content

v1.4.1 — Polished Terminal UX

Choose a tag to compare

View all tags
@greenarmor greenarmor released this 18 Jun 11:29
· 30 commits to master since this release
v1.4.1
72ba12b

Release v1.4.1 (Patch)

This is a patch release. It improves the terminal CLI experience with a more polished, readable, and interactive UX while preserving existing command behavior and Socket.dev supply-chain hardening rules.

Previous release: v1.4.0
Release date: 2026-06-11

Highlights

Polished Terminal UX

The GESF CLI now has a cleaner and more visually structured terminal experience across the most-used commands. Output is easier to scan, status indicators are clearer, and interactive prompts feel more modern while preserving compatibility with non-interactive CI/CD usage.

Socket.dev-Safe Implementation

The UX upgrade was implemented carefully to preserve existing Socket.dev supply-chain posture:

  • @inquirer/prompts remains in optionalDependencies
  • chalk added as the only new runtime UI dependency
  • No new process.env access
  • No new fetch or network calls
  • No eval
  • No obfuscated dynamic behavior
  • Existing readline fallback remains intact

What's New

1. Shared CLI UI Utility

New internal UI helper module:

packages/cli/src/utils/ui.ts

Provides reusable terminal rendering helpers:

  • Banners and section headers
  • Dividers
  • Success/warning/error/info messages
  • Key/value rows
  • Progress bars
  • Status badges
  • Severity badges
  • Grade coloring
  • Consistent color palette

This makes CLI output consistent across commands and easier to extend in future releases.

2. Improved Prompt Styling

packages/cli/src/utils/prompts.ts now uses a more polished prompt theme when @inquirer/prompts is available:

  • Styled prompt prefixes
  • Improved select and checkbox prompt display
  • Better fallback formatting for readline mode
  • New confirm() prompt helper

The existing fallback behavior remains unchanged for environments where @inquirer/prompts is unavailable.

3. Better ges init Experience

ges init now presents the initialization flow with clearer sections:

  • Branded GESF banner
  • Project structure creation summary
  • Configuration/document generation success states
  • Country privacy pack installation summary
  • Installed control pack list
  • Project summary block
  • Cleaner next-step guidance

Example structure:

Green Engineering Standard Framework
v1.4.0
════════════════════════════════════════════════════

[1/4] Creating project structure
────────────────────────────────────────
✓ Project structure created
✓ Configuration files generated
✓ Compliance documents created
✓ Security documents created
✓ Country privacy pack auto-installed br-lgpd (Brazil)
✓ Control packs installed gdpr, owasp, privacy-core, br-lgpd

4. Better ges audit Output

Human-readable audit output is now more structured:

  • Styled audit banner
  • Clear scan completion status
  • Findings summary with severity colors
  • Better category headers
  • Styled evidence lines
  • Styled compliance score section
  • Critical issue warning callout

Importantly, ges audit --json still outputs valid JSON with no extra banner or styling text.

5. Better ges doctor Output

ges doctor now includes a visual health score and clearer status indicators:

GESF Doctor
Diagnostic health check
════════════════════════════════════════════════════

Health Score  █████████████████████░░░ 88%
Checks        14 ok  2 warn  0 fail

✓ GESF initialized /path/to/project
✓ Config file /path/to/project/.ges/config.json
! Governance records 1 record(s), 0 approved, 1 with blocking issues

This makes diagnostic output easier to scan during troubleshooting.

6. Better ges policy Output

Policy pack commands now have cleaner output:

  • ges policy list uses a branded policy-pack banner
  • Pack IDs are visually emphasized
  • Control counts and project type lists are dimmed for readability
  • Install/remove operations use consistent success output
  • Errors use consistent error styling

7. Better ges governance Output

Governance Provenance Chain commands now have improved auditor-facing terminal output:

  • Governance record summaries use status badges
  • Risk levels use severity styling
  • Creation output includes clearer next steps
  • Approval/evidence/enrichment commands use consistent success sections
  • ges governance verify now has a high-clarity verification report with:
    • Banner
    • Overall status
    • Approval status badge
    • Expiry coloring
    • Evidence count
    • Styled completeness checklist
    • Styled blocking issues and warnings

Example:

VERIFICATION
Payment API
════════════════════════════════════════════════════

Overall:         ✕ ISSUES FOUND
Approval:        ○ NONE
Evidence:        0 reference(s)

Completeness Checklist
────────────────────────────────────────
  ✕ Approval Decision
  ✕ Risk Assessment
  ✕ Policy Basis
  ✕ Evidence Chain
  △ Review Cycle
  △ Data Inventory
  △ Compliance Links
  ✕ Currently Valid

8. Better Next-Step Menu

The post-command next-step menu is now visually cleaner and includes Governance as an available next step:

────────────────────────────────────────────────────
What would you like to do next?

? Choose your next action:

Socket.dev Safety Notes

This patch intentionally avoids heavier terminal UX libraries that could increase supply-chain risk or introduce unnecessary runtime behavior.

Added

Dependency Placement Reason
chalk dependencies Minimal terminal color/styling library
@inquirer/prompts optionalDependencies Interactive prompts, optional to preserve fallback and Socket.dev hardening

Avoided

The following were intentionally not added:

  • Spinner/task libraries with more complex runtime behavior
  • Terminal animation libraries
  • Full TUI frameworks
  • Network-capable helper packages
  • Packages requiring environment-variable access

Verification

Source scan confirmed no new:

  • process.env
  • fetch
  • eval
  • Network calls
  • Obfuscated dynamic behavior

Files Changed

File Change
packages/cli/src/utils/ui.ts New — Shared terminal UI helpers
packages/cli/src/utils/prompts.ts Styled inquirer prompts + improved readline fallback + confirm helper
packages/cli/src/utils/next-steps.ts Styled next-step menu + governance next action
packages/cli/src/commands/init.ts Styled initialization flow
packages/cli/src/commands/audit.ts Styled human-readable audit output; JSON output preserved
packages/cli/src/commands/doctor.ts Health score bar + styled checks
packages/cli/src/commands/policy.ts Styled policy list/install/remove output
packages/cli/src/commands/governance.ts Styled governance record summaries and verification output
packages/cli/package.json Added chalk; moved/kept @inquirer/prompts as optional dependency
pnpm-lock.yaml Updated dependency lockfile

Validation

pnpm -r run build  ✅
pnpm -r run test   ✅
438 tests passing  ✅

Additional manual checks:

  • ges --help works
  • ges governance --help works
  • ges init non-interactive flow works
  • ges policy install governance works
  • ges governance add works
  • ges governance verify works
  • ges doctor works
  • ges audit --json still emits valid JSON
  • End-to-end init → governance → audit → doctor flow verified

Upgrade Guide

No migration required.

This patch only improves terminal presentation and prompt UX. Existing command flags, JSON output, generated files, and CI/CD behavior remain compatible.

Assets 2
Loading