@apiposture/cli 1.0.1

package/dist/core/models/source-location.d.ts

@@ -0,0 +1,7 @@
+export interface SourceLocation {
+    filePath: string;
+    line: number;
+    column: number;
+}
+export declare function formatSourceLocation(location: SourceLocation): string;
+//# sourceMappingURL=source-location.d.ts.map

package/dist/core/models/source-location.js

@@ -0,0 +1,4 @@
+export function formatSourceLocation(location) {
+    return `${location.filePath}:${location.line}:${location.column}`;
+}
+//# sourceMappingURL=source-location.js.map

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { createScanCommand } from './cli/commands/scan.js';
+import { createActivateCommand } from './cli/commands/license/activate.js';
+import { createDeactivateCommand } from './cli/commands/license/deactivate.js';
+import { createStatusCommand } from './cli/commands/license/status.js';
+const program = new Command();
+program
+    .name('apiposture')
+    .description('Static source-code analysis CLI for Node.js API security')
+    .version('1.0.0');
+// Add scan command (default)
+program.addCommand(createScanCommand(), { isDefault: true });
+// Add license subcommands
+const licenseCommand = new Command('license')
+    .description('Manage license activation');
+licenseCommand.addCommand(createActivateCommand());
+licenseCommand.addCommand(createDeactivateCommand());
+licenseCommand.addCommand(createStatusCommand());
+program.addCommand(licenseCommand);
+// Parse and run
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/licensing/license-manager.d.ts

@@ -0,0 +1,38 @@
+import { LicenseContext } from '../core/licensing/license-context.js';
+import { LicenseFeature } from '../core/licensing/license-features.js';
+export interface ActivationResult {
+    success: boolean;
+    error?: string;
+    licenseType?: string;
+    expiresAt?: Date;
+    features?: string[];
+}
+export interface DeactivationResult {
+    success: boolean;
+    error?: string;
+}
+export interface LicenseStatus {
+    isActive: boolean;
+    licenseType?: string;
+    expiresAt?: Date;
+    features?: string[];
+}
+export declare class LicenseManager {
+    private context;
+    constructor();
+    activate(key: string): Promise<ActivationResult>;
+    deactivate(): Promise<DeactivationResult>;
+    getStatus(): Promise<LicenseStatus>;
+    getContext(): LicenseContext;
+    hasFeature(feature: LicenseFeature): boolean;
+    private loadContext;
+    private loadLicense;
+    private saveLicense;
+    private removeLicense;
+    private isValidKeyFormat;
+    private activateWithServer;
+    private deactivateWithServer;
+    private activateOffline;
+    private getMachineId;
+}
+//# sourceMappingURL=license-manager.d.ts.map

package/dist/licensing/license-manager.js

@@ -0,0 +1,184 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import axios from 'axios';
+import { createCommunityContext, createLicensedContext, } from '../core/licensing/license-context.js';
+import { proFeatures, enterpriseFeatures, } from '../core/licensing/license-features.js';
+const LICENSE_DIR = path.join(os.homedir(), '.apiposture');
+const LICENSE_FILE = path.join(LICENSE_DIR, 'license.json');
+const LICENSE_SERVER = 'https://apiposture.com/api/license';
+const ENV_VAR_KEY = 'APIPOSTURE_LICENSE_KEY';
+export class LicenseManager {
+    context;
+    constructor() {
+        this.context = this.loadContext();
+    }
+    async activate(key) {
+        try {
+            // Validate key format
+            if (!this.isValidKeyFormat(key)) {
+                return { success: false, error: 'Invalid license key format' };
+            }
+            // Try to activate with server
+            const response = await this.activateWithServer(key);
+            if (response.success && response.license) {
+                // Save license locally
+                this.saveLicense(response.license);
+                this.context = createLicensedContext(response.license);
+                return {
+                    success: true,
+                    licenseType: response.license.type,
+                    expiresAt: response.license.expiresAt ?? undefined,
+                    features: response.license.features,
+                };
+            }
+            return { success: false, error: response.error ?? 'Activation failed' };
+        }
+        catch (error) {
+            // For now, allow offline activation for development
+            const offlineResult = this.activateOffline(key);
+            if (offlineResult.success) {
+                return offlineResult;
+            }
+            return {
+                success: false,
+                error: `Activation failed: ${error instanceof Error ? error.message : error}`,
+            };
+        }
+    }
+    async deactivate() {
+        try {
+            // Try to deactivate with server
+            if (this.context.info?.key) {
+                await this.deactivateWithServer(this.context.info.key);
+            }
+        }
+        catch {
+            // Continue with local deactivation even if server fails
+        }
+        // Remove local license
+        this.removeLicense();
+        this.context = createCommunityContext();
+        return { success: true };
+    }
+    async getStatus() {
+        if (!this.context.isLicensed || !this.context.info) {
+            return { isActive: false };
+        }
+        // Check expiration
+        if (this.context.info.expiresAt && new Date() > this.context.info.expiresAt) {
+            return { isActive: false };
+        }
+        return {
+            isActive: true,
+            licenseType: this.context.info.type,
+            expiresAt: this.context.info.expiresAt ?? undefined,
+            features: this.context.info.features,
+        };
+    }
+    getContext() {
+        return this.context;
+    }
+    hasFeature(feature) {
+        return this.context.hasFeature(feature);
+    }
+    loadContext() {
+        // Check environment variable first
+        const envKey = process.env[ENV_VAR_KEY];
+        if (envKey) {
+            const offlineResult = this.activateOffline(envKey);
+            if (offlineResult.success) {
+                return this.context;
+            }
+        }
+        // Try to load from file
+        const license = this.loadLicense();
+        if (license) {
+            // Check expiration
+            if (license.expiresAt && new Date() > license.expiresAt) {
+                return createCommunityContext();
+            }
+            return createLicensedContext(license);
+        }
+        return createCommunityContext();
+    }
+    loadLicense() {
+        try {
+            if (fs.existsSync(LICENSE_FILE)) {
+                const content = fs.readFileSync(LICENSE_FILE, 'utf-8');
+                const data = JSON.parse(content);
+                return {
+                    ...data,
+                    expiresAt: data.expiresAt ? new Date(data.expiresAt) : null,
+                    activatedAt: new Date(data.activatedAt),
+                };
+            }
+        }
+        catch {
+            // Ignore load errors
+        }
+        return null;
+    }
+    saveLicense(license) {
+        try {
+            if (!fs.existsSync(LICENSE_DIR)) {
+                fs.mkdirSync(LICENSE_DIR, { recursive: true });
+            }
+            fs.writeFileSync(LICENSE_FILE, JSON.stringify(license, null, 2), 'utf-8');
+        }
+        catch (error) {
+            console.warn('Failed to save license:', error);
+        }
+    }
+    removeLicense() {
+        try {
+            if (fs.existsSync(LICENSE_FILE)) {
+                fs.unlinkSync(LICENSE_FILE);
+            }
+        }
+        catch {
+            // Ignore remove errors
+        }
+    }
+    isValidKeyFormat(key) {
+        // Expected format: XXXX-XXXX-XXXX-XXXX or similar
+        return /^[A-Z0-9]{4}(-[A-Z0-9]{4}){3,}$/i.test(key);
+    }
+    async activateWithServer(key) {
+        const response = await axios.post(`${LICENSE_SERVER}/activate`, { key, machineId: this.getMachineId() }, { timeout: 10000 });
+        return response.data;
+    }
+    async deactivateWithServer(key) {
+        await axios.post(`${LICENSE_SERVER}/deactivate`, { key, machineId: this.getMachineId() }, { timeout: 10000 });
+    }
+    activateOffline(key) {
+        // Offline activation for development/testing
+        // In production, this would validate against embedded public key
+        const keyLower = key.toLowerCase();
+        let type = 'pro';
+        let features = proFeatures;
+        if (keyLower.includes('enterprise') || keyLower.startsWith('ent-')) {
+            type = 'enterprise';
+            features = enterpriseFeatures;
+        }
+        const license = {
+            key,
+            type,
+            features,
+            expiresAt: null, // Never expires for offline
+            activatedAt: new Date(),
+        };
+        this.saveLicense(license);
+        this.context = createLicensedContext(license);
+        return {
+            success: true,
+            licenseType: type,
+            features,
+        };
+    }
+    getMachineId() {
+        // Simple machine ID based on hostname and platform
+        return `${os.hostname()}-${os.platform()}-${os.arch()}`;
+    }
+}
+//# sourceMappingURL=license-manager.js.map

package/dist/output/accessibility-helper.d.ts

@@ -0,0 +1,22 @@
+import { Severity } from '../core/models/severity.js';
+import { SecurityClassification } from '../core/models/security-classification.js';
+export interface AccessibilityOptions {
+    noColor: boolean;
+    noIcons: boolean;
+}
+export declare class AccessibilityHelper {
+    private options;
+    constructor(options?: Partial<AccessibilityOptions>);
+    severityIcon(severity: Severity): string;
+    severityColor(severity: Severity, text: string): string;
+    classificationIcon(classification: SecurityClassification): string;
+    bold(text: string): string;
+    dim(text: string): string;
+    green(text: string): string;
+    red(text: string): string;
+    yellow(text: string): string;
+    cyan(text: string): string;
+    checkmark(): string;
+    crossmark(): string;
+}
+//# sourceMappingURL=accessibility-helper.d.ts.map

package/dist/output/accessibility-helper.js

@@ -0,0 +1,98 @@
+import { Severity } from '../core/models/severity.js';
+import { SecurityClassification } from '../core/models/security-classification.js';
+const severityIcons = {
+    [Severity.Critical]: '\u26a0\ufe0f',
+    [Severity.High]: '\ud83d\udd34',
+    [Severity.Medium]: '\ud83d\udfe0',
+    [Severity.Low]: '\ud83d\udfe1',
+    [Severity.Info]: '\ud83d\udfe2',
+};
+const severityColors = {
+    [Severity.Critical]: '\x1b[91m', // bright red
+    [Severity.High]: '\x1b[31m', // red
+    [Severity.Medium]: '\x1b[33m', // yellow
+    [Severity.Low]: '\x1b[36m', // cyan
+    [Severity.Info]: '\x1b[32m', // green
+};
+const classificationIcons = {
+    [SecurityClassification.Public]: '\ud83c\udf10',
+    [SecurityClassification.Authenticated]: '\ud83d\udd10',
+    [SecurityClassification.RoleRestricted]: '\ud83d\udc65',
+    [SecurityClassification.PolicyRestricted]: '\ud83d\udcdc',
+};
+export class AccessibilityHelper {
+    options;
+    constructor(options = {}) {
+        this.options = {
+            noColor: options.noColor ?? false,
+            noIcons: options.noIcons ?? false,
+        };
+    }
+    severityIcon(severity) {
+        if (this.options.noIcons) {
+            return `[${severity.toUpperCase()}]`;
+        }
+        return severityIcons[severity];
+    }
+    severityColor(severity, text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `${severityColors[severity]}${text}\x1b[0m`;
+    }
+    classificationIcon(classification) {
+        if (this.options.noIcons) {
+            return `[${classification}]`;
+        }
+        return classificationIcons[classification];
+    }
+    bold(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[1m${text}\x1b[0m`;
+    }
+    dim(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[2m${text}\x1b[0m`;
+    }
+    green(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[32m${text}\x1b[0m`;
+    }
+    red(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[31m${text}\x1b[0m`;
+    }
+    yellow(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[33m${text}\x1b[0m`;
+    }
+    cyan(text) {
+        if (this.options.noColor) {
+            return text;
+        }
+        return `\x1b[36m${text}\x1b[0m`;
+    }
+    checkmark() {
+        if (this.options.noIcons) {
+            return '[OK]';
+        }
+        return '\u2714';
+    }
+    crossmark() {
+        if (this.options.noIcons) {
+            return '[X]';
+        }
+        return '\u2716';
+    }
+}
+//# sourceMappingURL=accessibility-helper.js.map

package/dist/output/formatter-interface.d.ts

@@ -0,0 +1,11 @@
+import { ScanResult } from '../core/models/scan-result.js';
+export interface OutputFormatter {
+    readonly name: string;
+    format(result: ScanResult): string;
+}
+export interface FormatterOptions {
+    noColor?: boolean;
+    noIcons?: boolean;
+    verbose?: boolean;
+}
+//# sourceMappingURL=formatter-interface.d.ts.map

package/dist/output/formatter-interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=formatter-interface.js.map

package/dist/output/index.d.ts

@@ -0,0 +1,6 @@
+export * from './formatter-interface.js';
+export * from './accessibility-helper.js';
+export * from './terminal-formatter.js';
+export * from './json-formatter.js';
+export * from './markdown-formatter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/output/index.js

@@ -0,0 +1,6 @@
+export * from './formatter-interface.js';
+export * from './accessibility-helper.js';
+export * from './terminal-formatter.js';
+export * from './json-formatter.js';
+export * from './markdown-formatter.js';
+//# sourceMappingURL=index.js.map

package/dist/output/json-formatter.d.ts

@@ -0,0 +1,7 @@
+import { OutputFormatter } from './formatter-interface.js';
+import { ScanResult } from '../core/models/scan-result.js';
+export declare class JsonFormatter implements OutputFormatter {
+    readonly name = "json";
+    format(result: ScanResult): string;
+}
+//# sourceMappingURL=json-formatter.d.ts.map

package/dist/output/json-formatter.js

@@ -0,0 +1,72 @@
+import { getScanSummary } from '../core/models/scan-result.js';
+export class JsonFormatter {
+    name = 'json';
+    format(result) {
+        const summary = getScanSummary(result);
+        const output = {
+            scanInfo: {
+                projectPath: result.projectPath,
+                scanDate: result.scanDate.toISOString(),
+                filesScanned: result.filesScanned,
+                scanDurationMs: result.scanDurationMs,
+            },
+            summary: {
+                totalEndpoints: summary.totalEndpoints,
+                totalFindings: summary.totalFindings,
+                findingsBySeverity: summary.findingsBySeverity,
+                suppressedFindings: summary.suppressedFindings,
+            },
+            endpoints: result.endpoints.map((e) => ({
+                route: e.route,
+                method: e.method,
+                handler: e.handlerName,
+                controller: e.controllerName,
+                framework: e.type,
+                location: {
+                    file: e.location.filePath,
+                    line: e.location.line,
+                    column: e.location.column,
+                },
+                authorization: {
+                    classification: e.authorization.classification,
+                    isAuthenticated: e.authorization.isAuthenticated,
+                    isExplicitlyPublic: e.authorization.isExplicitlyPublic,
+                    roles: e.authorization.roles,
+                    policies: e.authorization.policies,
+                },
+            })),
+            findings: result.findings
+                .filter((f) => !f.suppressed)
+                .map((f) => ({
+                ruleId: f.ruleId,
+                ruleName: f.ruleName,
+                severity: f.severity,
+                message: f.message,
+                endpoint: {
+                    route: f.endpoint.route,
+                    method: f.endpoint.method,
+                },
+                location: {
+                    file: f.location.filePath,
+                    line: f.location.line,
+                    column: f.location.column,
+                },
+                recommendation: f.recommendation,
+            })),
+            suppressedFindings: result.findings
+                .filter((f) => f.suppressed)
+                .map((f) => ({
+                ruleId: f.ruleId,
+                ruleName: f.ruleName,
+                severity: f.severity,
+                endpoint: {
+                    route: f.endpoint.route,
+                    method: f.endpoint.method,
+                },
+                suppressionReason: f.suppressionReason,
+            })),
+        };
+        return JSON.stringify(output, null, 2);
+    }
+}
+//# sourceMappingURL=json-formatter.js.map

package/dist/output/markdown-formatter.d.ts

@@ -0,0 +1,10 @@
+import { OutputFormatter } from './formatter-interface.js';
+import { ScanResult } from '../core/models/scan-result.js';
+export declare class MarkdownFormatter implements OutputFormatter {
+    readonly name = "markdown";
+    format(result: ScanResult): string;
+    private formatFinding;
+    private getSeverityBadge;
+    private sortFindingsBySeverity;
+}
+//# sourceMappingURL=markdown-formatter.d.ts.map

package/dist/output/markdown-formatter.js

@@ -0,0 +1,114 @@
+import { getScanSummary } from '../core/models/scan-result.js';
+import { Severity, severityOrder } from '../core/models/severity.js';
+import { formatSourceLocation } from '../core/models/source-location.js';
+export class MarkdownFormatter {
+    name = 'markdown';
+    format(result) {
+        const lines = [];
+        const summary = getScanSummary(result);
+        // Title
+        lines.push('# ApiPosture Security Scan Report');
+        lines.push('');
+        // Scan Info
+        lines.push('## Scan Information');
+        lines.push('');
+        lines.push(`| Property | Value |`);
+        lines.push(`|----------|-------|`);
+        lines.push(`| Project | \`${result.projectPath}\` |`);
+        lines.push(`| Scan Date | ${result.scanDate.toISOString()} |`);
+        lines.push(`| Files Scanned | ${result.filesScanned} |`);
+        lines.push(`| Endpoints Found | ${summary.totalEndpoints} |`);
+        lines.push(`| Scan Duration | ${result.scanDurationMs}ms |`);
+        lines.push('');
+        // Summary
+        lines.push('## Summary');
+        lines.push('');
+        if (summary.totalFindings === 0) {
+            lines.push('**No security findings detected.**');
+        }
+        else {
+            lines.push(`**Total Findings:** ${summary.totalFindings}`);
+            lines.push('');
+            lines.push('| Severity | Count |');
+            lines.push('|----------|-------|');
+            for (const severity of Object.values(Severity).reverse()) {
+                const count = summary.findingsBySeverity[severity];
+                if (count > 0) {
+                    const badge = this.getSeverityBadge(severity);
+                    lines.push(`| ${badge} ${severity} | ${count} |`);
+                }
+            }
+        }
+        lines.push('');
+        // Findings
+        if (summary.totalFindings > 0) {
+            lines.push('## Findings');
+            lines.push('');
+            const activeFindings = result.findings.filter((f) => !f.suppressed);
+            const sortedFindings = this.sortFindingsBySeverity(activeFindings);
+            for (const finding of sortedFindings) {
+                lines.push(this.formatFinding(finding));
+            }
+        }
+        // Endpoints Table
+        lines.push('## Endpoints');
+        lines.push('');
+        lines.push('| Method | Route | Classification | Framework | Location |');
+        lines.push('|--------|-------|----------------|-----------|----------|');
+        for (const endpoint of result.endpoints) {
+            lines.push(`| ${endpoint.method} | \`${endpoint.route}\` | ${endpoint.authorization.classification} | ${endpoint.type} | ${endpoint.location.filePath}:${endpoint.location.line} |`);
+        }
+        lines.push('');
+        // Suppressed
+        if (summary.suppressedFindings > 0) {
+            lines.push('## Suppressed Findings');
+            lines.push('');
+            lines.push(`${summary.suppressedFindings} findings were suppressed.`);
+            lines.push('');
+        }
+        // Footer
+        lines.push('---');
+        lines.push('*Generated by ApiPosture*');
+        lines.push('');
+        return lines.join('\n');
+    }
+    formatFinding(finding) {
+        const lines = [];
+        const badge = this.getSeverityBadge(finding.severity);
+        lines.push(`### ${badge} ${finding.ruleId}: ${finding.ruleName}`);
+        lines.push('');
+        lines.push(`**Severity:** ${finding.severity}`);
+        lines.push('');
+        lines.push(`**Endpoint:** \`${finding.endpoint.method} ${finding.endpoint.route}\``);
+        lines.push('');
+        lines.push(`**Location:** \`${formatSourceLocation(finding.location)}\``);
+        lines.push('');
+        lines.push(`**Message:** ${finding.message}`);
+        lines.push('');
+        lines.push('**Recommendation:**');
+        lines.push('');
+        lines.push(`> ${finding.recommendation}`);
+        lines.push('');
+        return lines.join('\n');
+    }
+    getSeverityBadge(severity) {
+        switch (severity) {
+            case Severity.Critical:
+                return '\ud83d\udfe5';
+            case Severity.High:
+                return '\ud83d\udd34';
+            case Severity.Medium:
+                return '\ud83d\udfe0';
+            case Severity.Low:
+                return '\ud83d\udfe1';
+            case Severity.Info:
+                return '\ud83d\udfe2';
+            default:
+                return '\u26aa';
+        }
+    }
+    sortFindingsBySeverity(findings) {
+        return [...findings].sort((a, b) => severityOrder[b.severity] - severityOrder[a.severity]);
+    }
+}
+//# sourceMappingURL=markdown-formatter.js.map

package/dist/output/terminal-formatter.d.ts

@@ -0,0 +1,12 @@
+import { OutputFormatter, FormatterOptions } from './formatter-interface.js';
+import { ScanResult } from '../core/models/scan-result.js';
+export declare class TerminalFormatter implements OutputFormatter {
+    readonly name = "terminal";
+    private helper;
+    constructor(options?: FormatterOptions);
+    format(result: ScanResult): string;
+    private formatFindingsSummary;
+    private formatFinding;
+    private sortFindingsBySeverity;
+}
+//# sourceMappingURL=terminal-formatter.d.ts.map