feat(formatters): add semantic HTML color tags for log levels and issue status

Replace direct chalk/ANSI color calls in markdown-emitting contexts with
semantic <tag>text</tag> color tags handled by the custom renderer.

- Add COLOR_TAGS map and colorTag() helper to markdown.ts
- renderInline() now handles html tokens: <red>text</red> → chalk.hex(red)(text)
- renderHtmlToken() extracted as module-level helper to stay within complexity limit
- log.ts: SEVERITY_COLORS (chalk fns) → SEVERITY_TAGS (tag name strings)
- human.ts: levelColor/fixabilityColor/statusColor/green/yellow/muted calls in
  markdown contexts → colorTag() with LEVEL_TAGS / FIXABILITY_TAGS maps
- In plain (non-TTY) output mode, color tags are stripped leaving bare text
- tests: strip <tag> markers alongside ANSI in content assertions

Author: BYK

AGENTS.md

@@ -664,8 +664,10 @@ mock.module("./some-module", () => ({
 
 ### Gotcha
 
-<!-- lore:019c9f03-70cc-7e04-9835-e5c21f3d4e7d -->
-* **Craft npm target requires tarball artifact — use github-only target for OIDC npm publish**: Craft's npm target expects a pre-built tarball (from \`npm pack\`) uploaded as a GitHub Actions artifact, and authenticates via \`NPM\_TOKEN\` secret. This is incompatible with npm OIDC trusted publishing (\`--provenance\`), which requires \`id-token: write\` permission and \`setup-node\` with \`registry-url\` — no token needed. Workaround: configure \`.craft.yml\` with only \`github\` target and an explicit \`preReleaseCommand\` for version bumping (e.g., \`npm version $CRAFT\_NEW\_VERSION --no-git-tag-version\`), then run \`npm publish --provenance --access public\` as a separate step after \`craft publish\`. Without the npm target, Craft's auto version bump won't touch package.json, so the preReleaseCommand is essential.
+<!-- lore:019c9f57-aa13-7ab1-8f2a-e5c9e8df1e81 -->
+* **npm OIDC only works for publish — npm info/view still needs traditional auth**: Per npm docs: "OIDC authentication is currently limited to the publish operation. Other npm commands such as install, view, or access still require traditional authentication methods." This means \`npm info \<package> version\` (used by Craft's \`getLatestVersion()\`) cannot use OIDC tokens. For public packages this is fine — \`npm info\` works without auth. For private packages, a read-only \`NPM\_TOKEN\` is still needed alongside OIDC. Craft handles this by: using token auth for \`getLatestVersion()\` when a token is available, running unauthenticated otherwise, and warning + skipping version checks for private packages in OIDC mode without a token.
+<!-- lore:019c9f57-aa0c-7a2a-8a10-911b13b48fc0 -->
+* **ESM modules prevent vi.spyOn of child\_process.spawnSync — use test subclass pattern**: In Vitest with ESM, you cannot spy on exports from Node built-in modules like \`child\_process.spawnSync\` — it throws \`Cannot spy on export. Module namespace is not configurable in ESM\`. The workaround for testing code that calls \`spawnSync\` (like npm version checks) is to create a test subclass that overrides the method calling \`spawnSync\` and injects controllable values. Example: \`TestNpmTarget\` overrides \`checkRequirements()\` to set \`this.npmVersion\` from a static \`mockVersion\` field instead of calling \`spawnSync(npm, \['--version'])\`. This avoids the ESM limitation while keeping test isolation. \`vi.mock\` at module level is another option but affects all tests in the file.
 <!-- lore:019c9ee7-f55a-7ab0-9f4a-4147b5f535c2 -->
 * **pnpm overrides become stale when dependency tree changes — audit with pnpm why**: pnpm overrides can become orphaned when the dependency tree changes. For example, removing a package that was the sole consumer of a transitive dep (like removing \`@sentry/typescript\` which pulled in \`tslint\` which was the only consumer of \`diff\`), or upgrading a package that switches to a differently-named dependency (like \`minimatch@10.2.4\` switching from \`@isaacs/brace-expansion\` to the unscoped \`brace-expansion\`). Orphaned overrides sit silently in package.json and could unexpectedly constrain versions if a future dependency reintroduces the package name. After removing packages or upgrading dependencies that change the transitive tree, audit overrides with \`pnpm why \<pkg>\` to verify each override still has consumers in the resolved tree. Remove any that return empty results.
 <!-- lore:019c9eb7-a648-70f7-8a8d-5fc5b5c0f221 -->
@@ -716,6 +718,8 @@ mock.module("./some-module", () => ({
 * **@sentry/api SDK issues filed to sentry-api-schema repo**: All @sentry/api SDK issues should be filed to https://github.com/getsentry/sentry-api-schema/ and assigned to @MathurAditya724. Two known issues: (1) unwrapResult() discards Link response headers, silently truncating listTeams/listRepositories at 100 items and preventing cursor pagination. (2) No paginated variants exist for team/repo/issue list endpoints, forcing callers to bypass the SDK with raw requests.
 <!-- lore:4729229d-36b9-4118-b90b-ea8151e6928f -->
 * **Esbuild banner template literal double-escape for newlines**: When using esbuild's \`banner\` option with a TypeScript template literal containing string literals that need \`\n\` escape sequences: use \`\\\\\\\n\` in the TS source. The chain is: TS template literal \`\\\\\\\n\` → esbuild banner output \`\\\n\` → JS runtime interprets as newline. Using only \`\\\n\` in the TS source produces a literal newline character inside a JS double-quoted string, which is a SyntaxError. This applies to any esbuild banner/footer that injects JS strings containing escape sequences. Discovered in script/bundle.ts for the Node.js version guard error message.
+<!-- lore:019c9f03-70cc-7e04-9835-e5c21f3d4e7d -->
+* **Craft npm target requires tarball artifact — use github-only target for OIDC npm publish**: Craft's npm target now supports OIDC trusted publishing with auto-detection. Three modes: 1. \*\*Auto-detect (zero config):\*\* If \`NPM\_TOKEN\` is absent but OIDC env vars are detected (\`ACTIONS\_ID\_TOKEN\_REQUEST\_URL\` + \`ACTIONS\_ID\_TOKEN\_REQUEST\_TOKEN\` for GitHub Actions, or \`NPM\_ID\_TOKEN\` for GitLab CI), and npm >= 11.5.1 is available, Craft automatically uses OIDC for publishing. 2. \*\*Explicit \`oidc: true\`:\*\* Forces OIDC mode even when \`NPM\_TOKEN\` is set. Hard-errors if npm < 11.5.1 or only yarn is available. 3. \*\*Token auth (default):\*\* When \`NPM\_TOKEN\` is set and no \`oidc: true\`, existing token-based behavior is unchanged. Key implementation details: - OIDC publish path skips the temp \`.npmrc\` file and \`npm\_config\_userconfig\` override entirely, letting npm's native OIDC auto-detection handle auth. - \`getLatestVersion()\` (uses \`npm info\`) still uses token auth if a token is available, since OIDC only works for \`npm publish\`. Without a token, it runs unauthenticated (works for public packages). - For \`checkPackageName\` on private packages in OIDC mode without \`NPM\_TOKEN\`: warns and skips the version check rather than erroring. - OIDC requires npm (not yarn) — hard error if yarn-only with \`oidc: true\`. - \`NpmTargetOptions.token\` is now optional (\`string | undefined\`), and \`useOidc: boolean\` was added. CI workflow requirements for OIDC: \`id-token: write\` permission, \`setup-node\` with \`registry-url: 'https://registry.npmjs.org'\`, npm >= 11.5.1, Node >= 22.14.0.
 <!-- lore:019c9556-e369-791d-8fad-01be6aa3633a -->
 * **Craft minVersion >= 2.21.0 silently disables custom bump-version.sh**: When \`minVersion\` in \`.craft.yml\` is >= 2.21.0 and no \`preReleaseCommand\` is defined, Craft switches from running the default \`bash scripts/bump-version.sh\` to automatic version bumping based on configured publish targets. If the only target is \`github\` (which doesn't support auto-bump — only npm, pypi, crates, gem, pub-dev, hex, nuget do), the version bump silently does nothing. The release gets tagged with unbumped files. Fix: explicitly set \`preReleaseCommand\` in \`.craft.yml\` when using targets that don't support auto-bump. For npm projects that handle publishing separately (e.g., OIDC trusted publishing), use \`preReleaseCommand: npm version $CRAFT\_NEW\_VERSION --no-git-tag-version\`.
 <!-- lore:019c99d5-69f8-716b-8908-a42537cc5a83 -->

src/lib/formatters/human.ts

@@ -25,35 +25,47 @@ import type {
   Writer,
 } from "../../types/index.js";
 import { withSerializeSpan } from "../telemetry.js";
+import { type FixabilityTier, muted } from "./colors.js";
 import {
-  type FixabilityTier,
-  fixabilityColor,
-  green,
-  levelColor,
-  muted,
-  statusColor,
-  yellow,
-} from "./colors.js";
-import {
+  colorTag,
   escapeMarkdownCell,
   escapeMarkdownInline,
   renderMarkdown,
   safeCodeSpan,
 } from "./markdown.js";
 import { type Column, writeTable } from "./table.js";
 
+// Color tag maps
+
+/** Markdown color tags for issue level values */
+const LEVEL_TAGS: Record<string, Parameters<typeof colorTag>[0]> = {
+  fatal: "red",
+  error: "red",
+  warning: "yellow",
+  info: "cyan",
+  debug: "muted",
+};
+
+/** Markdown color tags for Seer fixability tiers */
+const FIXABILITY_TAGS: Record<FixabilityTier, Parameters<typeof colorTag>[0]> =
+  {
+    high: "green",
+    med: "yellow",
+    low: "red",
+  };
+
 // Status Formatting
 
 const STATUS_ICONS: Record<IssueStatus, string> = {
-  resolved: green("✓"),
-  unresolved: yellow("●"),
-  ignored: muted("−"),
+  resolved: colorTag("green", "✓"),
+  unresolved: colorTag("yellow", "●"),
+  ignored: colorTag("muted", "−"),
 };
 
 const STATUS_LABELS: Record<IssueStatus, string> = {
-  resolved: `${green("✓")} Resolved`,
-  unresolved: `${yellow("●")} Unresolved`,
-  ignored: `${muted("−")} Ignored`,
+  resolved: `${colorTag("green", "✓")} Resolved`,
+  unresolved: `${colorTag("yellow", "●")} Unresolved`,
+  ignored: `${colorTag("muted", "−")} Ignored`,
 };
 
 /** Maximum features to display before truncating with "... and N more" */
@@ -179,22 +191,15 @@ function formatFeaturesMarkdown(features: string[] | undefined): string {
  * Get status icon for an issue status
  */
 export function formatStatusIcon(status: string | undefined): string {
-  if (!status) {
-    return statusColor("●", status);
-  }
-  return STATUS_ICONS[status as IssueStatus] ?? statusColor("●", status);
+  return STATUS_ICONS[status as IssueStatus] ?? colorTag("yellow", "●");
 }
 
 /**
  * Get full status label for an issue status
  */
 export function formatStatusLabel(status: string | undefined): string {
-  if (!status) {
-    return `${statusColor("●", status)} Unknown`;
-  }
   return (
-    STATUS_LABELS[status as IssueStatus] ??
-    `${statusColor("●", status)} Unknown`
+    STATUS_LABELS[status as IssueStatus] ?? `${colorTag("yellow", "●")} Unknown`
   );
 }
 
@@ -407,8 +412,12 @@ export function writeIssueTable(
   const columns: Column<IssueTableRow>[] = [
     {
       header: "LEVEL",
-      value: ({ issue }) =>
-        levelColor((issue.level ?? "unknown").toUpperCase(), issue.level),
+      value: ({ issue }) => {
+        const level = (issue.level ?? "unknown").toLowerCase();
+        const tag = LEVEL_TAGS[level];
+        const label = level.toUpperCase();
+        return tag ? colorTag(tag, label) : label;
+      },
     },
   ];
 
@@ -446,7 +455,8 @@ export function writeIssueTable(
         const text = formatFixability(issue.seerFixabilityScore);
         const score = issue.seerFixabilityScore;
         if (text && score !== null && score !== undefined) {
-          return fixabilityColor(text, getSeerFixabilityLabel(score));
+          const tier = getSeerFixabilityLabel(score);
+          return colorTag(FIXABILITY_TAGS[tier], text);
         }
         return "";
       },
@@ -490,7 +500,9 @@ export function formatIssueDetails(issue: SentryIssue): string {
   ) {
     const tier = getSeerFixabilityLabel(issue.seerFixabilityScore);
     const fixDetail = formatFixabilityDetail(issue.seerFixabilityScore);
-    rows.push(`| **Fixability** | ${fixabilityColor(fixDetail, tier)} |`);
+    rows.push(
+      `| **Fixability** | ${colorTag(FIXABILITY_TAGS[tier], fixDetail)} |`
+    );
   }
 
   let levelLine = issue.level ?? "unknown";

src/lib/formatters/log.ts

@@ -6,8 +6,8 @@
 
 import type { DetailedSentryLog, SentryLog } from "../../types/index.js";
 import { buildTraceUrl } from "../sentry-urls.js";
-import { cyan, muted, red, yellow } from "./colors.js";
 import {
+  colorTag,
   divider,
   escapeMarkdownCell,
   escapeMarkdownInline,
@@ -17,31 +17,32 @@ import {
   renderMarkdown,
 } from "./markdown.js";
 
-/** Color functions for log severity levels */
-const SEVERITY_COLORS: Record<string, (text: string) => string> = {
-  fatal: red,
-  error: red,
-  warning: yellow,
-  warn: yellow,
-  info: cyan,
-  debug: muted,
-  trace: muted,
+/** Markdown color tag names for log severity levels */
+const SEVERITY_TAGS: Record<string, string> = {
+  fatal: "red",
+  error: "red",
+  warning: "yellow",
+  warn: "yellow",
+  info: "cyan",
+  debug: "muted",
+  trace: "muted",
 };
 
 /** Column headers for the streaming log table */
 const LOG_TABLE_COLS = ["Timestamp", "Level", "Message"] as const;
 
 /**
- * Format severity level with appropriate color.
+ * Format severity level with appropriate color tag.
  * Pads to 7 characters for alignment (longest: "warning").
  *
  * @param severity - The log severity level
- * @returns Colored and padded severity string
+ * @returns Markdown color-tagged and padded severity string
  */
 function formatSeverity(severity: string | null | undefined): string {
   const level = (severity ?? "info").toLowerCase();
-  const colorFn = SEVERITY_COLORS[level] ?? ((s: string) => s);
-  return colorFn(level.toUpperCase().padEnd(7));
+  const tag = SEVERITY_TAGS[level];
+  const label = level.toUpperCase().padEnd(7);
+  return tag ? colorTag(tag as Parameters<typeof colorTag>[0], label) : label;
 }
 
 /**
@@ -118,15 +119,16 @@ export function formatLogTable(logs: SentryLog[]): string {
 }
 
 /**
- * Format severity level with color for detailed view (not padded).
+ * Format severity level with color tag for detailed view (not padded).
  *
  * @param severity - The log severity level
- * @returns Colored severity string
+ * @returns Markdown color-tagged severity string
  */
 function formatSeverityLabel(severity: string | null | undefined): string {
   const level = (severity ?? "info").toLowerCase();
-  const colorFn = SEVERITY_COLORS[level] ?? ((s: string) => s);
-  return colorFn(level.toUpperCase());
+  const tag = SEVERITY_TAGS[level];
+  const label = level.toUpperCase();
+  return tag ? colorTag(tag as Parameters<typeof colorTag>[0], label) : label;
 }
 
 /**

src/lib/formatters/markdown.ts

@@ -171,12 +171,78 @@ export function divider(width = 80): string {
 
 /** Sentinel-inspired color palette */
 const COLORS = {
+  red: "#fe4144",
+  green: "#83da90",
   yellow: "#FDB81B",
   blue: "#226DFC",
+  magenta: "#FF45A8",
   cyan: "#79B8FF",
   muted: "#898294",
 } as const;
 
+/**
+ * Semantic HTML color tags supported in markdown strings.
+ *
+ * Formatters can embed `<red>text</red>`, `<green>text</green>`, etc. in
+ * any markdown string and the custom renderer will apply the corresponding
+ * ANSI color. In plain (non-TTY) mode the tags are stripped, leaving only
+ * the inner text.
+ *
+ * Supported tags: red, green, yellow, blue, magenta, cyan, muted
+ */
+const COLOR_TAGS: Record<string, (text: string) => string> = {
+  red: (t) => chalk.hex(COLORS.red)(t),
+  green: (t) => chalk.hex(COLORS.green)(t),
+  yellow: (t) => chalk.hex(COLORS.yellow)(t),
+  blue: (t) => chalk.hex(COLORS.blue)(t),
+  magenta: (t) => chalk.hex(COLORS.magenta)(t),
+  cyan: (t) => chalk.hex(COLORS.cyan)(t),
+  muted: (t) => chalk.hex(COLORS.muted)(t),
+};
+
+/**
+ * Wrap text in a semantic color tag for use in markdown strings.
+ *
+ * In TTY mode the tag is rendered as an ANSI color by the custom renderer.
+ * In plain mode the tag is stripped and only the inner text is emitted.
+ *
+ * @example
+ * colorTag("red", "ERROR")   // → "<red>ERROR</red>"
+ * colorTag("green", "✓")     // → "<green>✓</green>"
+ */
+export function colorTag(tag: keyof typeof COLOR_TAGS, text: string): string {
+  return `<${tag}>${text}</${tag}>`;
+}
+
+// Pre-compiled regexes for HTML color tag parsing (module-level for performance)
+const RE_OPEN_TAG = /^<([a-z]+)>$/i;
+const RE_CLOSE_TAG = /^<\/([a-z]+)>$/i;
+const RE_SELF_TAG = /^<([a-z]+)>([\s\S]*?)<\/\1>$/i;
+
+/**
+ * Render an inline HTML token as a color-tagged string.
+ *
+ * Handles self-contained `<tag>text</tag>` forms. Bare open/close
+ * tags are dropped (marked emits them as separate tokens; the
+ * self-contained form is produced by `colorTag()`).
+ */
+function renderHtmlToken(raw: string): string {
+  const trimmed = raw.trim();
+  if (RE_OPEN_TAG.test(trimmed) || RE_CLOSE_TAG.test(trimmed)) {
+    return "";
+  }
+  const m = RE_SELF_TAG.exec(trimmed);
+  if (m) {
+    const tagName = m[1];
+    const inner = m[2];
+    if (tagName !== undefined && inner !== undefined) {
+      const colorFn = COLOR_TAGS[tagName.toLowerCase()];
+      return colorFn ? colorFn(inner) : inner;
+    }
+  }
+  return "";
+}
+
 /**
  * Syntax-highlight a code block. Falls back to uniform yellow if the
  * language is unknown or highlighting fails.
@@ -243,8 +309,10 @@ function renderInline(tokens: Token[]): string {
             return renderInline((token as Tokens.Text).tokens ?? []);
           }
           return (token as Tokens.Text).text;
-        case "html":
-          return ""; // Strip inline HTML
+        case "html": {
+          const raw = (token as Tokens.HTML).raw ?? (token as Tokens.HTML).text;
+          return renderHtmlToken(raw);
+        }
         default:
           return (token as { raw?: string }).raw ?? "";
       }

test/lib/formatters/human.utils.test.ts

@@ -24,10 +24,10 @@ import {
 } from "../../../src/lib/formatters/human.js";
 import { DEFAULT_NUM_RUNS } from "../../model-based/helpers.js";
 
-// Helper to strip ANSI codes for content testing
+// Helper to strip ANSI codes and markdown color tags for content testing
 function stripAnsi(str: string): string {
   // biome-ignore lint/suspicious/noControlCharactersInRegex: ANSI codes use control chars
-  return str.replace(/\x1b\[[0-9;]*m/g, "");
+  return str.replace(/\x1b\[[0-9;]*m/g, "").replace(/<\/?[a-z]+>/g, "");
 }
 
 // Status Formatting