@arka-labs/nemesis 1.2.0

package/src/commands/audit.js

@@ -0,0 +1,187 @@
+import { loadAuditTemplates, loadTemplate, buildAuditPrompt, saveReport, listReports } from '../../lib/core/audit.js';
+import { interactiveMenu } from '../../lib/ui/menu.js';
+import { renderTable } from '../../lib/ui/table.js';
+import { askText } from '../../lib/ui/prompt.js';
+import { style } from '../../lib/ui/colors.js';
+import { titledBox } from '../../lib/ui/box.js';
+import { ensureProject, BACK_ITEM, HOME_ITEM } from './_helpers.js';
+
+const HELP = `
+nemesis audit — Audit technique
+
+Usage: nemesis audit <subcommand>
+
+Subcommands:
+  list              Types d'audit disponibles
+  run               Lancer un audit
+  reports           Rapports generes
+
+Options:
+  -h, --help        Aide
+`;
+
+export async function handler({ args, flags, config }) {
+  if (flags.help || args.includes('--help') || args.includes('-h')) {
+    console.log(HELP);
+    return;
+  }
+
+  let sub = args[0];
+  let subArgs = args.slice(1);
+
+  if (!sub) {
+    sub = await interactiveMenu([
+      { label: 'run',     value: 'run',     description: 'Lancer un audit' },
+      { label: 'list',    value: 'list',    description: 'Types d\'audit disponibles' },
+      { label: 'reports', value: 'reports', description: 'Rapports generes' },
+      BACK_ITEM,
+      HOME_ITEM,
+    ], { title: 'nemesis audit' });
+    if (!sub || sub === '__back__') return '__back__';
+    if (sub === '__home__') return '__home__';
+    subArgs = [];
+  }
+
+  switch (sub) {
+    case 'list':
+      return handleList(flags, config);
+    case 'run':
+      return handleRun(subArgs, flags, config);
+    case 'reports':
+      return handleReports(flags, config);
+    default:
+      console.error(`Sous-commande inconnue : ${sub}`);
+      console.log(HELP);
+  }
+}
+
+async function handleList(flags, config) {
+  const project = await ensureProject(config, flags);
+  if (!project) return;
+
+  const templates = loadAuditTemplates(project);
+
+  if (templates.length === 0) {
+    console.log(`\n  ${style.dim('Aucun template d\'audit dans .nemesis/HCM/audit/')}\n`);
+    return;
+  }
+
+  console.log('');
+  console.log(renderTable(
+    [
+      { key: 'id', label: 'ID' },
+      { key: 'name', label: 'Nom' },
+      { key: 'description', label: 'Description' },
+    ],
+    templates,
+  ));
+  console.log('');
+}
+
+async function handleRun(args, flags, config) {
+  const project = await ensureProject(config, flags);
+  if (!project) return;
+
+  const templates = loadAuditTemplates(project);
+  if (templates.length === 0) {
+    console.log(`\n  ${style.dim('Aucun template d\'audit disponible.')}\n`);
+    return;
+  }
+
+  // Choose audit type
+  let templateId = args[0];
+  if (!templateId) {
+    const items = templates.map(t => ({
+      label: t.id,
+      value: t.id,
+      description: t.name,
+    }));
+    templateId = await interactiveMenu(items, { title: 'Type d\'audit' });
+    if (!templateId) return;
+  }
+
+  const template = loadTemplate(project, templateId);
+  if (!template) {
+    console.error(`  Template introuvable : ${templateId}\n`);
+    return;
+  }
+
+  // Define target
+  console.log(`\n  ${style.bold('Definition de la cible')}\n`);
+
+  const nom = await askText('Nom du projet / module');
+  if (!nom) return;
+
+  const cibleTypes = template.cible?.types_supportes || ['repo'];
+  let type;
+  if (cibleTypes.length === 1) {
+    type = cibleTypes[0];
+  } else {
+    type = await interactiveMenu(
+      cibleTypes.map(t => ({ label: t, value: t })),
+      { title: 'Type de cible' },
+    );
+    if (!type) return;
+  }
+
+  const path = await askText('Chemin vers le code source', project.root);
+  const contexte = await askText('Contexte (prototype, MVP, production, legacy...)', '');
+  const tailleEquipe = await askText('Taille equipe (petite, moyenne, grande)', '');
+  const stack = await askText('Stack technique (auto-detecte si vide)', '');
+
+  const cible = {
+    type,
+    path: path || project.root,
+    nom,
+    contexte: contexte || undefined,
+    taille_equipe: tailleEquipe || undefined,
+    stack: stack || undefined,
+  };
+
+  // Build prompt
+  const prompt = buildAuditPrompt(template, cible);
+
+  // Save as report template
+  const filepath = saveReport(project, templateId, prompt);
+
+  // Display
+  console.log('');
+  const lines = [
+    `${style.bold('Type')}    ${template.audit_meta.name}`,
+    `${style.bold('Cible')}   ${nom} (${type})`,
+    `${style.bold('Fichier')} ${filepath}`,
+    '',
+    `Le prompt d'audit a ete genere et sauvegarde.`,
+    `Copiez-le et envoyez-le a un agent ou LLM pour execution.`,
+  ];
+  console.log(titledBox('Audit genere', lines, { border: style.nemesisAccent }));
+  console.log('');
+
+  // Show first lines of prompt
+  const preview = prompt.split('\n').slice(0, 8).join('\n');
+  console.log(style.dim(preview));
+  console.log(style.dim('  ...'));
+  console.log('');
+}
+
+async function handleReports(flags, config) {
+  const project = await ensureProject(config, flags);
+  if (!project) return;
+
+  const reports = listReports(project);
+
+  if (reports.length === 0) {
+    console.log(`\n  ${style.dim('Aucun rapport genere.')}\n`);
+    return;
+  }
+
+  console.log('');
+  console.log(renderTable(
+    [
+      { key: 'filename', label: 'Rapport' },
+      { key: 'path', label: 'Chemin' },
+    ],
+    reports,
+  ));
+  console.log('');
+}

package/src/commands/auth.js

@@ -0,0 +1,316 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { diagnoseHcm } from '../../lib/sync/health.js';
+import { askText, askConfirm } from '../../lib/ui/prompt.js';
+import { interactiveMenu } from '../../lib/ui/menu.js';
+import { createSpinner, createMultiStepSpinner } from '../../lib/ui/spinner.js';
+import { style } from '../../lib/ui/colors.js';
+import { BACK_ITEM, HOME_ITEM } from './_helpers.js';
+
+const CONFIG_DIR = join(homedir(), '.nemesis');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+
+const HELP = `
+nemesis auth — Connexion HCM
+
+Usage: nemesis auth <subcommand>
+
+Subcommands:
+  login             Configurer la connexion HCM (URL + API key)
+  status            Afficher la connexion courante
+  logout            Supprimer les credentials HCM
+
+Options:
+  -h, --help        Aide
+`;
+
+export async function handler({ args, flags }) {
+  if (flags.help || args.includes('--help') || args.includes('-h')) {
+    console.log(HELP);
+    return;
+  }
+
+  let sub = args[0];
+  let _subArgs = args.slice(1);
+
+  if (!sub) {
+    sub = await interactiveMenu([
+      { label: 'status', value: 'status', description: 'Afficher la connexion courante' },
+      { label: 'login',  value: 'login',  description: 'Configurer la connexion HCM' },
+      { label: 'logout', value: 'logout', description: 'Supprimer les credentials' },
+      BACK_ITEM,
+      HOME_ITEM,
+    ], { title: 'nemesis auth' });
+    if (!sub || sub === '__back__') return '__back__';
+    if (sub === '__home__') return '__home__';
+  }
+
+  switch (sub) {
+    case 'login':
+      return handleLogin(flags);
+    case 'status':
+      return handleStatus(flags);
+    case 'logout':
+      return handleLogout(flags);
+    default:
+      console.error(`Sous-commande inconnue : ${sub}`);
+      console.log(HELP);
+  }
+}
+
+/**
+ * Read saved HCM config from ~/.nemesis/config.json
+ */
+export function readAuthConfig() {
+  if (!existsSync(CONFIG_FILE)) return null;
+  try {
+    const data = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'));
+    return {
+      hcm_url: data.hcm_url || null,
+      hcm_api_key: data.hcm_api_key || null,
+    };
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Save HCM config to ~/.nemesis/config.json
+ */
+function saveAuthConfig(hcmUrl, hcmApiKey) {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+
+  let existing = {};
+  if (existsSync(CONFIG_FILE)) {
+    try {
+      existing = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'));
+    } catch {
+      existing = {};
+    }
+  }
+
+  existing.hcm_url = hcmUrl;
+  existing.hcm_api_key = hcmApiKey;
+
+  writeFileSync(CONFIG_FILE, JSON.stringify(existing, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
+}
+
+/**
+ * Remove HCM credentials from ~/.nemesis/config.json
+ */
+function clearAuthConfig() {
+  if (!existsSync(CONFIG_FILE)) return false;
+  try {
+    const data = JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'));
+    delete data.hcm_url;
+    delete data.hcm_api_key;
+    writeFileSync(CONFIG_FILE, JSON.stringify(data, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Find shell RC files that export HCM_API_KEY or HCM_URL.
+ * Returns array of { file, line, lineNum, variable }.
+ */
+function findShellExports(...vars) {
+  const home = homedir();
+  const rcFiles = ['.zshrc', '.zprofile', '.zshenv', '.bashrc', '.bash_profile']
+    .map(f => join(home, f));
+
+  const found = [];
+  for (const file of rcFiles) {
+    if (!existsSync(file)) continue;
+    const lines = readFileSync(file, 'utf-8').split('\n');
+    for (let i = 0; i < lines.length; i++) {
+      for (const v of vars) {
+        if (lines[i].match(new RegExp(`^\\s*export\\s+${v}=`))) {
+          found.push({ file, line: lines[i], lineNum: i, variable: v });
+        }
+      }
+    }
+  }
+  return found;
+}
+
+/**
+ * Update HCM_API_KEY value in shell RC files.
+ */
+function updateShellExport(file, lineNum, variable, newValue) {
+  const lines = readFileSync(file, 'utf-8').split('\n');
+  lines[lineNum] = `export ${variable}="${newValue}"`;
+  writeFileSync(file, lines.join('\n'), 'utf-8');
+}
+
+/**
+ * Remove HCM_API_KEY / HCM_URL lines from shell RC files.
+ */
+function removeShellExport(file, lineNum) {
+  const lines = readFileSync(file, 'utf-8').split('\n');
+  lines.splice(lineNum, 1);
+  writeFileSync(file, lines.join('\n'), 'utf-8');
+}
+
+/**
+ * After login: detect stale HCM_API_KEY in shell RC and offer to update.
+ */
+function syncShellKeys(newKey, _newUrl) {
+  const exports = findShellExports('HCM_API_KEY', 'HCM_URL');
+  if (exports.length === 0) return;
+
+  const staleKeys = exports.filter(e =>
+    e.variable === 'HCM_API_KEY' && !e.line.includes(newKey)
+  );
+  if (staleKeys.length === 0) return;
+
+  for (const e of staleKeys) {
+    const shortFile = e.file.replace(homedir(), '~');
+    updateShellExport(e.file, e.lineNum, 'HCM_API_KEY', newKey);
+    console.log(`  ${style.green('\u2713')} ${shortFile} mis a jour (ancienne cle remplacee)`);
+  }
+  if (staleKeys.length > 0) {
+    console.log(`  ${style.dim('\u2192 Rechargez votre shell :')} source ~/.zshrc`);
+  }
+}
+
+/**
+ * Sync API key into .mcp.json at cwd if it exists and key is stale.
+ */
+function syncMcpJson(apiKey, hcmUrl) {
+  const mcpPath = join(process.cwd(), '.mcp.json');
+  if (!existsSync(mcpPath)) return;
+  try {
+    const existing = JSON.parse(readFileSync(mcpPath, 'utf-8'));
+    const currentKey = existing?.mcpServers?.HCM_Sipher?.env?.HCM_API_KEY || '';
+    if (currentKey === apiKey) return;
+    existing.mcpServers.HCM_Sipher.env.HCM_API_KEY = apiKey;
+    if (hcmUrl) existing.mcpServers.HCM_Sipher.env.HCM_API_URL = hcmUrl;
+    writeFileSync(mcpPath, JSON.stringify(existing, null, 2) + '\n', { encoding: 'utf-8', mode: 0o600 });
+    console.log(`  ${style.green('\u2713')} .mcp.json mis a jour (cle API synchronisee)`);
+  } catch {
+    // .mcp.json malformed or no HCM_Sipher section — skip silently
+  }
+}
+
+async function handleLogin(_flags) {
+  console.log(`\n  ${style.bold('Connexion HCM')}\n`);
+
+  const hcmUrl = await askText('URL du HCM', 'https://hcm.arkalabs.app');
+  if (!hcmUrl) return;
+
+  const hcmApiKey = await askText('API Key HCM');
+  if (!hcmApiKey) {
+    console.log(`\n  ${style.red('API key requise.')}\n`);
+    return;
+  }
+
+  // Test connection
+  const multiSpinner = createMultiStepSpinner(['Connexion HCM', 'Validation credentials']);
+  multiSpinner.start();
+
+  try {
+    const result = await diagnoseHcm({ baseUrl: hcmUrl, apiKey: hcmApiKey });
+
+    multiSpinner.nextStep();
+
+    if (result.ok) {
+      multiSpinner.complete('Connexion OK');
+      saveAuthConfig(hcmUrl, hcmApiKey);
+
+      console.log(`\n  ${style.green('\u2713')} Credentials sauvegardes dans ~/.nemesis/config.json`);
+      console.log(`  ${style.green('\u2713')} HCM : ${hcmUrl}`);
+      for (const check of result.checks) {
+        const sym = check.ok ? style.green('\u2713') : style.red('\u2717');
+        console.log(`  ${sym} ${check.label} : ${check.detail}`);
+      }
+      syncShellKeys(hcmApiKey, hcmUrl);
+      syncMcpJson(hcmApiKey, hcmUrl);
+      console.log('');
+    } else {
+      multiSpinner.fail('Connexion echouee');
+      console.log('');
+      for (const check of result.checks) {
+        const sym = check.ok ? style.green('\u2713') : style.red('\u2717');
+        console.log(`  ${sym} ${check.label} : ${check.detail}`);
+      }
+      console.log(`\n  ${style.yellow('\u26A0')} Credentials NON sauvegardes. Verifiez l'URL et la cle API.\n`);
+    }
+  } catch (err) {
+    multiSpinner.fail('Erreur');
+    console.log(`\n  ${style.red('Erreur')} : ${err.message}\n`);
+  }
+}
+
+async function handleStatus(_flags) {
+  const auth = readAuthConfig();
+
+  if (!auth || !auth.hcm_url) {
+    console.log(`\n  ${style.dim('Aucune connexion HCM configuree.')}`);
+    console.log(`  ${style.dim('\u2192 Lancez')} nemesis auth login ${style.dim('pour configurer.')}\n`);
+    return;
+  }
+
+  const envKey = process.env.HCM_API_KEY;
+  const envUrl = process.env.HCM_URL;
+  const activeUrl = envUrl || auth.hcm_url;
+  const activeKey = envKey || auth.hcm_api_key;
+  const keySource = envKey ? 'env $HCM_API_KEY' : 'config.json';
+
+  console.log(`\n  ${style.bold('HCM')}     : ${activeUrl}${envUrl ? style.dim(' (env $HCM_URL)') : ''}`);
+  console.log(`  ${style.bold('API Key')} : ${activeKey ? style.dim(activeKey.slice(0, 8) + '...' + activeKey.slice(-4)) : style.red('(manquante)')} ${style.dim(`(${keySource})`)}`);
+  if (envKey && auth.hcm_api_key && envKey !== auth.hcm_api_key) {
+    console.log(`  ${style.yellow('\u26A0')} $HCM_API_KEY ecrase la cle de config.json (cles differentes)`);
+  }
+
+  // Live check
+  const spinner = createSpinner('Verification...');
+  spinner.start();
+  try {
+    const result = await diagnoseHcm({ baseUrl: auth.hcm_url, apiKey: auth.hcm_api_key });
+    spinner.stop(result.ok ? 'HCM connecte' : 'HCM injoignable');
+    for (const check of result.checks) {
+      const sym = check.ok ? style.green('\u2713') : style.red('\u2717');
+      console.log(`  ${sym} ${check.label} : ${check.detail}`);
+    }
+  } catch (err) {
+    spinner.fail('Erreur');
+    console.log(`  ${style.red('\u2717')} ${err.message}`);
+  }
+  console.log('');
+}
+
+async function handleLogout(_flags) {
+  const auth = readAuthConfig();
+  if (!auth || !auth.hcm_url) {
+    console.log(`\n  ${style.dim('Aucune connexion HCM a supprimer.')}\n`);
+    return;
+  }
+
+  const cleared = clearAuthConfig();
+  if (cleared) {
+    console.log(`\n  ${style.green('\u2713')} Credentials HCM supprimes de ~/.nemesis/config.json`);
+  } else {
+    console.log(`\n  ${style.red('Erreur lors de la suppression.')}\n`);
+    return;
+  }
+
+  // Clean shell RC files
+  const exports = findShellExports('HCM_API_KEY', 'HCM_URL');
+  for (const e of exports) {
+    const shortFile = e.file.replace(homedir(), '~');
+    const doRemove = await askConfirm(`  Supprimer ${e.variable} de ${shortFile} ?`, true);
+    if (doRemove) {
+      removeShellExport(e.file, e.lineNum);
+      console.log(`  ${style.green('\u2713')} ${e.variable} supprime de ${shortFile}`);
+    }
+  }
+  if (exports.length > 0) {
+    console.log(`  ${style.dim('\u2192 Rechargez votre shell pour appliquer')}`);
+  }
+  console.log('');
+}