Initial commit

Author: FDiskas

.env.example

@@ -0,0 +1,2 @@
+# OpenAI API key used for translation. Leave empty or omit to disable translation features.
+VITE_OPENAI_API_KEY=sk-your-openai-api-key-here

.github/workflows/deploy.yml

@@ -0,0 +1,56 @@
+name: Deploy to GitHub Pages
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: true
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Type check and build
+        run: pnpm run build
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: dist
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.gitignore

@@ -0,0 +1,4 @@
+node_modules
+dist
+.env
+.DS_Store

.npmrc

@@ -0,0 +1,3 @@
+onlyBuiltDependencies:
+  - esbuild
+  - core-js

LICENSE

@@ -0,0 +1,16 @@
+Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
+
+This license allows others to copy and redistribute the material in any medium or format as
+long as attribution is given to the original author and the use is non-commercial. Adaptations
+and modifications are permitted under the same terms, but any commercial use or distribution
+is prohibited without separate permission.
+
+Full license text:
+https://creativecommons.org/licenses/by-nc/4.0/legalcode
+
+---
+
+© 2026 Vytenis Kučiauskas. All rights reserved.
+
+This software is provided "as-is" without any express or implied warranty. In no event shall
+the authors be held liable for any damages arising from the use of this software.

README.md

@@ -0,0 +1,143 @@
+# 🛡️ Audit Report Generator
+
+A browser-based tool for composing, previewing, and exporting security audit reports. Upload structured Markdown issue files, edit them in a live preview, translate content, and export polished PDF or DOCX reports — all client-side with zero backend.
+
+## Features
+
+- **Drag & drop Markdown upload** — bulk-import `.md` issue files that follow the expected template
+- **Live preview** — WYSIWYG preview grouped by category with a navigable Table of Contents
+- **Inline editing** — click any field (title, description, code, severity, etc.) to edit in place
+- **Severity badges** — color-coded Critical / High / Medium / Low / Info indicators
+- **Code highlighting** — syntax-highlighted code blocks via [highlight.js](https://highlightjs.org/)
+- **AI translation** — translate individual fields or entire pages via OpenAI (requires API key; controls are disabled when the key is not set)
+- **Finding ID reindexing** — bulk-reindex IDs with a configurable prefix and category-based numbering
+- **PDF export** — pixel-perfect A4 PDF with clickable TOC links (html2canvas + jsPDF)
+- **DOCX export** — structured Word document with TOC, bookmarks, and styled tables (docx + file-saver)
+- **Markdown export** — download individual issues back as `.md` files
+- **Bulk Markdown download** — download all issues (with edits) as a single `.zip` archive
+- **Auto-save** — all state is persisted to `localStorage` with debounced saving
+- **Dirty tracking** — per-field modification indicators with one-click restore to original
+- **Add blank pages** — create new issue pages from scratch without uploading a file
+- **Collapsible file list** — uploaded files panel collapses to save screen space
+- **Scroll to top** — floating button appears after scrolling down
+
+## Tech Stack
+
+| Layer       | Technology                          |
+| ----------- | ----------------------------------- |
+| Framework   | React 18                            |
+| Language    | TypeScript (strict mode)            |
+| Build tool  | Vite 6                              |
+| Package mgr | pnpm                                |
+| PDF         | html2canvas + jsPDF                 |
+| DOCX        | docx + file-saver                   |
+| ZIP         | JSZip + file-saver                  |
+| Syntax HL   | highlight.js                        |
+| Translation | OpenAI API (`gpt-4o-mini`)          |
+| Deployment  | GitHub Pages (GitHub Actions CI/CD) |
+
+## Getting Started
+
+### Prerequisites
+
+- [Node.js](https://nodejs.org/) >= 18
+- [pnpm](https://pnpm.io/) >= 8
+
+### Install & Run
+
+```sh
+pnpm install
+pnpm dev
+```
+
+The app opens at [http://localhost:3000](http://localhost:3000).
+
+### Build
+
+```sh
+pnpm build
+```
+
+Runs TypeScript type checking (`tsc --noEmit`) followed by `vite build`. Output goes to `dist/`.
+
+### Preview Production Build
+
+```sh
+pnpm preview
+```
+
+## Markdown Template
+
+Each issue `.md` file should follow this structure. A copy is embedded in the app (see `src/templates/template.md`) and can be downloaded from the UI.
+
+### Template Fields
+
+| Field              | Description                                                     |
+| ------------------ | --------------------------------------------------------------- |
+| `Issue title`      | Short name of the finding                                       |
+| `Overall Risk`     | Severity level: Critical, High, Medium, Low, or Info            |
+| `Impact`           | Impact rating                                                   |
+| `Exploitability`   | How easily the issue can be exploited                           |
+| `Finding ID`       | Unique identifier (e.g. `NFQ-0001`)                             |
+| `Component`        | Affected file, service, or module                               |
+| `Category`         | Grouping category (e.g. Security, Infrastructure, CI/CD)        |
+| `Status`           | Current status (e.g. New, In Progress, Resolved)                |
+| `Additional Issue` | Optional extra rows in the severity table (`Title \| Severity`) |
+| `Impact details`   | Bullet list of impacts                                          |
+| `Description`      | Detailed explanation with optional `Evidence:` link             |
+| `Code example`     | Fenced code block with language tag                             |
+| `Example scenario` | Realistic exploitation or failure scenario                      |
+| `Recommendation`   | Bullet list of remediation steps                                |
+
+## Translation (Optional)
+
+The app can translate issue content to any language using the OpenAI API.
+
+1. Create a `.env` file in this directory:
+
+   ```sh
+   VITE_OPENAI_API_KEY=sk-...
+   ```
+
+2. Select a target language in the preview header (default: Lithuanian).
+
+3. Use the 🌐 button on any field or page, or press <kbd>Cmd+Shift+L</kbd> / <kbd>Ctrl+Shift+L</kbd> while editing.
+
+> **Note:** The API key is used client-side via `dangerouslyAllowBrowser`. This is acceptable for internal tooling but should not be used in public-facing deployments. Never commit your `.env` file.
+
+## Deployment
+
+The project includes a GitHub Actions workflow (`.github/workflows/deploy.yml`) that automatically builds and deploys to GitHub Pages on every push to `main`.
+
+### Setup
+
+1. Push this repository to GitHub.
+2. Go to **Settings → Pages** and set **Source** to **GitHub Actions**.
+3. Push to `main` — the workflow will build and deploy automatically.
+
+## Project Structure
+
+```
+web/
+├── index.html              # Entry HTML
+├── package.json
+├── pnpm-lock.yaml
+├── tsconfig.json            # TypeScript configuration (strict)
+├── vite.config.js           # Vite config (base: "./" for Pages)
+└── src/
+    ├── main.tsx             # React DOM entry point
+    ├── App.tsx              # Main application component
+    ├── Editable.tsx         # Inline-editable components (text, block, code, severity)
+    ├── parseIssue.ts        # Markdown parser, grouping, severity helpers
+    ├── generatePdf.ts       # PDF generation (html2canvas + jsPDF)
+    ├── generateDocx.ts      # DOCX generation (docx library)
+    ├── translate.ts         # OpenAI translation client
+    ├── types.ts             # Shared TypeScript interfaces
+    ├── templates/template.md          # Markdown issue template (source of truth)
+    ├── index.css            # All styles
+    └── vite-env.d.ts        # Vite/TypeScript env declarations
+```
+
+## License
+
+Private — internal use only.

index.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Audit Report Generator</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

package.json

@@ -0,0 +1,31 @@
+{
+  "name": "audit-report-generator",
+  "private": true,
+  "version": "1.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc --noEmit && vite build",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "docx": "^9.1.1",
+    "file-saver": "^2.0.5",
+    "highlight.js": "^11.11.1",
+    "html2canvas": "^1.4.1",
+    "jspdf": "^4.2.0",
+    "jszip": "^3.10.1",
+    "marked": "^14.1.4",
+    "openai": "^6.22.0",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1"
+  },
+  "devDependencies": {
+    "@types/file-saver": "^2.0.7",
+    "@types/react": "^18.3.12",
+    "@types/react-dom": "^18.3.1",
+    "@vitejs/plugin-react": "^4.3.4",
+    "typescript": "^5.7.0",
+    "vite": "^6.0.0"
+  }
+}