VOOZH about

URL: https://deepwiki.com/calevans/staticforge/9.2-audit-commands

⇱ Audit Commands | calevans/staticforge | DeepWiki

Loading...
Loading...
Last indexed: 11 February 2026 (5f6a2a)
Menu

Audit Commands

Purpose and Scope

This document details the audit commands available in StaticForge's CLI for validating site quality, configuration, and deployment integrity. Audit commands perform automated checks at various stages of the site lifecycle: pre-build configuration validation, source content integrity checks, post-build link verification, and live deployment audits.

For information about core site generation commands, see Site Commands. For artifact generation commands, see Make Commands.

Command Registration Architecture

StaticForge registers all audit commands during application bootstrap in the CLI entry point. The audit commands are organized under the EICC\StaticForge\Commands\Audit namespace and inherit from Symfony Console's Command class.

Audit Command Registration Flow



Sources: bin/staticforge.php41-69




audit:config Command


The audit:config command validates project configuration, environment variables, and feature requirements. This command should be executed before running site:render to ensure all configuration dependencies are satisfied.


Configuration Validation Stages




Sources: src/Commands/Audit/ConfigCommand.php33-194


Core Configuration Checks


The command validates three levels of core configuration:



























Check TypeRequired LocationValidation Method
SITE_BASE_URL.env or environment$_ENV['SITE_BASE_URL'] or getenv('SITE_BASE_URL')
TEMPLATEsiteconfig.yaml (site.template) or .env$container->getVariable('TEMPLATE')
site.namesiteconfig.yamlhasConfigKey($siteConfig, 'site.name')


Sources: src/Commands/Audit/ConfigCommand.php41-70


Filesystem Validation


The command verifies the existence of standard project directories relative to the current working directory:




Missing directories are reported as filesystem errors with the full path for easy diagnosis.


Sources: src/Commands/Audit/ConfigCommand.php72-93


Feature Configuration Validation


The command iterates through all loaded features and validates configuration for features implementing ConfigurableFeatureInterface. For each feature:


    

  1. Calls getRequiredConfig() to retrieve required siteconfig.yaml keys
    2. 

  2. Calls getRequiredEnv() to retrieve required environment variables
    3. 

  3. Uses hasConfigKey() to check nested configuration keys (e.g., "search.engine")
    4. 

  4. Checks multiple environment sources: $_ENV, $_SERVER, and getenv()
    5. 



If a required configuration key is missing and the feature implements getConfigHelp(), the command appends example configuration to the error message:




Sources: src/Commands/Audit/ConfigCommand.php108-162


Issue Reporting Format


Errors are grouped by scope and formatted with type indicators:


[MISSING CONFIG] Missing key in siteconfig.yaml: search
Example Configuration:
search:
 engine: minisearch



Scope categories include:


    

  • Core - Base StaticForge configuration
    • 

  • Environment - .env file issues
    • 

  • Filesystem - Directory structure issues
    • 

  • Feature: {name} - Feature-specific configuration
    • 



Sources: src/Commands/Audit/ConfigCommand.php166-193




audit:content Command


The audit:content command validates source content integrity before site generation. It scans all Markdown files in the content/ directory and performs syntactic and semantic validation.


Content Validation Pipeline




Sources: src/Commands/Audit/ContentCommand.php38-117


Frontmatter Validation


The auditFrontmatter() method validates YAML frontmatter blocks in each Markdown file:


    

  1. Block Detection: Uses regex to extract frontmatter between --- delimiters
    2. 

  2. YAML Parsing: Parses frontmatter with Symfony\Component\Yaml\Yaml::parse()
    3. 

  3. Required Fields: Validates presence of title field
    4. 

  4. Draft Warning: Issues warning for files with draft: true
    5. 



Error Types:


    

  • error - Missing or invalid frontmatter block, YAML parse errors, missing required fields
    • 

  • warning - Draft posts
    • 



Sources: src/Commands/Audit/ContentCommand.php119-180


Markdown Link Validation


The auditMarkdownLinks() method validates internal links within Markdown content:


    

  1. Link Extraction: Regex matches <FileRef file-url="https://github.com/calevans/staticforge/blob/5f6a2abf/Label" undefined file-path="Label">Hii</FileRef> patterns
    2. 

  2. Link Filtering: Excludes external links (http/https), mailto, tel, anchors (#), and .html links
    3. 

  3. Path Resolution:

      

    • Absolute paths starting with / resolve from content/ directory
      • 

    • Relative paths resolve from current file's directory
      • 

    

    4. 

  4. Existence Check: Verifies target files exist in the filesystem
    5. 



This validation checks source-level links (.md, images, etc.) but not generated output links. For validating links in generated HTML, use audit:links.


Sources: src/Commands/Audit/ContentCommand.php193-257


Issue Grouping


Issues are grouped by file path for easy diagnosis:


content/blog/my-post.md
 [ERROR] Missing required field: title
 [ERROR] Link target not found: ../images/missing.png

content/docs/guide.md
 [WARNING] Post is marked as draft



Sources: src/Commands/Audit/ContentCommand.php90-109




audit:links Command


The audit:links command validates links in generated HTML output. This command is referenced in the CLI registration but source code was not provided in the analysis files. Based on the architecture pattern, it likely:


    

  1. Scans the public/ output directory for HTML files
    2. 

  2. Parses HTML to extract anchor tags and link references
    3. 

  3. Validates internal links resolve to existing HTML files
    4. 

  4. Checks external links for accessibility (optional)
    5. 

  5. Reports broken links grouped by source page
    6. 



This command should be executed after site:render to validate the generated site's link integrity.


Sources: bin/staticforge.php44 bin/staticforge.php67




audit:live Command


The audit:live command performs post-deployment validation of a live website. It checks security headers, performance optimizations, and deployment integrity by making HTTP requests to the deployed site.


Live Site Validation Architecture




Sources: src/Commands/Audit/LiveCommand.php34-125


HTTP Request Helper


The command uses a centralized performRequest() method that wraps CURL operations:





































CURL OptionDefault ValuePurpose
CURLOPT_RETURNTRANSFERtrueReturn response as string
CURLOPT_HEADERtrueInclude headers in response
CURLOPT_TIMEOUT10Request timeout in seconds
CURLOPT_SSL_VERIFYPEERfalseAllow self-signed certificates
CURLOPT_FOLLOWLOCATIONtrueFollow redirects


The method returns a structured array:




Sources: src/Commands/Audit/LiveCommand.php130-198


SSL Certificate Validation


The checkConnectivityAndSsl() method validates SSL certificates for HTTPS sites:


    

  1. Opens SSL socket connection with certificate capture enabled
    2. 

  2. Retrieves peer certificate from stream context parameters
    3. 

  3. Parses certificate with openssl_x509_parse()
    4. 

  4. Calculates days until expiry from validTo_time_t
    5. 

  5. Issues error if expired, warning if expires within 14 days
    6. 



For non-HTTPS sites, issues a warning.


Sources: src/Commands/Audit/LiveCommand.php200-258


Security Headers Validation


The command validates three critical security headers:



























HeaderRequired ForExpected Value
Strict-Transport-SecurityHTTPS sitesAny valid value
X-Content-Type-OptionsAll sitesnosniff
X-Frame-OptionsAll sitesAny value (SAMEORIGIN, DENY)


Missing headers generate warnings, not errors, as they represent best practices rather than failures.


Sources: src/Commands/Audit/LiveCommand.php260-304


Performance Headers Validation


The checkPerformanceHeaders() method validates caching and compression:


    

  1. Content-Encoding: Checks for gzip, deflate, or brotli compression
    2. 

  2. Cache-Control: Verifies presence of cache directives
    3. 

  3. Cache Validators: Looks for ETag or Last-Modified headers
    4. 



The method explicitly requests compression by sending Accept-Encoding: gzip, deflate, br header.


Sources: src/Commands/Audit/LiveCommand.php306-356


Deployment Integrity Checks


The command validates presence and validity of standard SEO files:




Sources: src/Commands/Audit/LiveCommand.php358-388


Issue Classification


Issues are classified into three types with corresponding colors:



























TypeColorUsage
successGreenPassed validation checks
warningYellowBest practice violations, non-critical issues
errorRedCritical failures (connectivity, expired SSL)


Issues are sorted before display (success > warning > error) and include scope indicators (e.g., [SSL], [Security], [Performance]).


Sources: src/Commands/Audit/LiveCommand.php75-116




audit:seo Command


The audit:seo command validates SEO best practices in generated content. This command is referenced in the CLI registration but source code was not provided in the analysis files. Based on the architecture pattern and naming, it likely validates:


    

  1. Meta tag completeness (title, description, Open Graph tags)
    2. 

  2. Heading hierarchy (H1-H6 structure)
    3. 

  3. Image alt text presence
    4. 

  4. Canonical URL usage
    5. 

  5. XML sitemap validity
    6. 

  6. Robots.txt directives
    7. 



This command should be executed after site:render to validate the generated site's SEO configuration.


Sources: bin/staticforge.php46 bin/staticforge.php69




Common Implementation Patterns


Container Dependency


All audit commands receive the Container instance via constructor injection:




This provides access to:


    

  • Configuration variables via getVariable()
    • 

  • Services registered in the container
    • 

  • Site configuration from site_config variable
    • 



Sources: src/Commands/Audit/ConfigCommand.php22-26 src/Commands/Audit/ContentCommand.php27-31 src/Commands/Audit/LiveCommand.php22-26


SymfonyStyle Output


All commands use SymfonyStyle for consistent, formatted output:




Common formatting methods:


    

  • title() - Major section headers
    • 

  • section() - Subsection headers
    • 

  • success() - Success messages
    • 

  • error() - Error messages
    • 

  • warning() - Warning messages (via manual formatting)
    • 

  • note() - Informational notes
    • 



Sources: src/Commands/Audit/ConfigCommand.php35-36 src/Commands/Audit/ContentCommand.php40-41 src/Commands/Audit/LiveCommand.php36-37


Exit Status Codes


Commands follow Symfony Console conventions:






















Exit CodeConstantCondition
0Command::SUCCESSNo errors found
1Command::FAILUREErrors detected


The distinction between warnings and errors:


    

  • Warnings - Best practice violations, non-blocking issues
    • 

  • Errors - Configuration problems that will cause failures
    • 



Commands return FAILURE only if errors exist, warnings do not affect exit status.


Sources: src/Commands/Audit/ConfigCommand.php171-193 src/Commands/Audit/ContentCommand.php116 src/Commands/Audit/LiveCommand.php124


Issue Data Structure


Commands use a consistent array structure for issue tracking:




This structure enables:


    

  • Grouping issues by scope or file
    • 

  • Filtering by severity
    • 

  • Consistent formatting across commands
    • 



Sources: src/Commands/Audit/ConfigCommand.php46-50 src/Commands/Audit/ContentCommand.php136-140 src/Commands/Audit/LiveCommand.php231