@cantinasecurity/apex-cli 0.1.0

package/dist/setup.js

@@ -0,0 +1,275 @@
+import { execFile as execFileCallback } from "node:child_process";
+import { mkdir, readFile, stat, writeFile } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { promisify } from "node:util";
+import { isJsonMode } from "./args.js";
+import { logLine, printJson } from "./output.js";
+const PACKAGE_ROOT = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+const CODEX_SKILL_NAME = "apex-cli";
+const MCP_SERVER_NAME = "apex";
+const execFile = promisify(execFileCallback);
+function quoteShellArg(value) {
+    return /[^A-Za-z0-9_./:-]/.test(value)
+        ? `'${value.replace(/'/g, `'\\''`)}'`
+        : value;
+}
+async function pathExists(targetPath) {
+    try {
+        await stat(targetPath);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function readTextFile(filePath) {
+    try {
+        return await readFile(filePath, "utf8");
+    }
+    catch {
+        return null;
+    }
+}
+async function execText(command, args, cwd) {
+    const result = await execFile(command, args, {
+        cwd,
+        encoding: "utf8",
+    });
+    return {
+        stdout: result.stdout.trim(),
+        stderr: result.stderr.trim(),
+    };
+}
+async function tryExecText(command, args, cwd) {
+    try {
+        return await execText(command, args, cwd);
+    }
+    catch {
+        return null;
+    }
+}
+async function resolveMcpLaunchSpec(packageRoot = PACKAGE_ROOT) {
+    const repoLocalBinary = path.join(packageRoot, "bin", "apex-mcp");
+    if ((await pathExists(path.join(packageRoot, ".git"))) &&
+        (await pathExists(repoLocalBinary))) {
+        return {
+            command: repoLocalBinary,
+            args: [],
+            label: quoteShellArg(repoLocalBinary),
+        };
+    }
+    return {
+        command: "apex-mcp",
+        args: [],
+        label: "apex-mcp",
+    };
+}
+function getCodexHome() {
+    const configured = process.env.CODEX_HOME?.trim();
+    if (configured) {
+        return configured;
+    }
+    return path.join(os.homedir(), ".codex");
+}
+function normalizeArgs(value) {
+    return Array.isArray(value) ? value.filter((item) => typeof item === "string") : [];
+}
+function codexConfigMatches(existing, launch) {
+    if (!existing?.transport) {
+        return false;
+    }
+    return (existing.transport.type === "stdio" &&
+        existing.transport.command === launch.command &&
+        JSON.stringify(normalizeArgs(existing.transport.args)) === JSON.stringify(launch.args));
+}
+function claudeConfigMatches(existing, launch) {
+    const env = existing?.env;
+    const normalizedEnv = env && typeof env === "object" && !Array.isArray(env) ? Object.keys(env).length : 0;
+    return (existing?.type === "stdio" &&
+        existing.command === launch.command &&
+        JSON.stringify(normalizeArgs(existing.args)) === JSON.stringify(launch.args) &&
+        normalizedEnv === 0);
+}
+async function writeManagedFile(filePath, content) {
+    const current = await readTextFile(filePath);
+    if (current === content) {
+        return "unchanged";
+    }
+    await mkdir(path.dirname(filePath), { recursive: true, mode: 0o755 });
+    await writeFile(filePath, content, "utf8");
+    return current === null ? "installed" : "updated";
+}
+async function readCodexMcpConfig() {
+    const response = await tryExecText("codex", ["mcp", "get", MCP_SERVER_NAME, "--json"]);
+    if (!response?.stdout) {
+        return null;
+    }
+    try {
+        return JSON.parse(response.stdout);
+    }
+    catch {
+        return null;
+    }
+}
+async function readClaudeUserMcpConfig() {
+    const configPath = path.join(os.homedir(), ".claude.json");
+    const raw = await readTextFile(configPath);
+    if (!raw) {
+        return null;
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        return parsed.mcpServers?.[MCP_SERVER_NAME] ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+async function configureCodex(launch) {
+    const existing = await readCodexMcpConfig();
+    const mcpStatus = existing === null
+        ? "installed"
+        : codexConfigMatches(existing, launch)
+            ? "unchanged"
+            : "updated";
+    await execText("codex", ["mcp", "add", MCP_SERVER_NAME, "--", launch.command, ...launch.args]);
+    const skillSource = path.join(PACKAGE_ROOT, "skills", CODEX_SKILL_NAME, "SKILL.md");
+    const skillTarget = path.join(getCodexHome(), "skills", CODEX_SKILL_NAME, "SKILL.md");
+    const skillContent = await readFile(skillSource, "utf8");
+    const skillStatus = await writeManagedFile(skillTarget, skillContent);
+    return [
+        {
+            client: "codex",
+            kind: "mcp",
+            status: mcpStatus,
+            path: path.join(getCodexHome(), "config.toml"),
+            detail: `Registered ${MCP_SERVER_NAME} -> ${launch.label}`,
+        },
+        {
+            client: "codex",
+            kind: "skill",
+            status: skillStatus,
+            path: skillTarget,
+            detail: "Installed the Apex Codex skill",
+        },
+    ];
+}
+async function configureClaude(cwd, launch) {
+    const existing = await readClaudeUserMcpConfig();
+    const mcpStatus = existing === null
+        ? "installed"
+        : claudeConfigMatches(existing, launch)
+            ? "unchanged"
+            : "updated";
+    if (existing) {
+        await execText("claude", ["mcp", "remove", "--scope", "user", MCP_SERVER_NAME]);
+    }
+    await execText("claude", [
+        "mcp",
+        "add",
+        "--scope",
+        "user",
+        MCP_SERVER_NAME,
+        "--",
+        launch.command,
+        ...launch.args,
+    ]);
+    const skillSource = path.join(PACKAGE_ROOT, ".claude", "skills", CODEX_SKILL_NAME, "SKILL.md");
+    const skillTarget = path.join(cwd, ".claude", "skills", CODEX_SKILL_NAME, "SKILL.md");
+    const skillContent = await readFile(skillSource, "utf8");
+    const skillStatus = await writeManagedFile(skillTarget, skillContent);
+    return [
+        {
+            client: "claude",
+            kind: "mcp",
+            status: mcpStatus,
+            path: path.join(os.homedir(), ".claude.json"),
+            detail: `Registered ${MCP_SERVER_NAME} -> ${launch.label} in Claude Code user config`,
+        },
+        {
+            client: "claude",
+            kind: "skill",
+            status: skillStatus,
+            path: skillTarget,
+            detail: "Installed the Apex Claude project skill",
+        },
+    ];
+}
+function summarizeStep(step) {
+    const prefix = `${step.client} ${step.kind}`;
+    if (step.path) {
+        return `${prefix}: ${step.status} (${step.path})`;
+    }
+    return `${prefix}: ${step.status}`;
+}
+export async function commandSetup(cwd, flags, requestedTarget, packageRoot = PACKAGE_ROOT) {
+    if (requestedTarget !== null &&
+        requestedTarget !== "all" &&
+        requestedTarget !== "codex" &&
+        requestedTarget !== "claude") {
+        throw new Error("Usage: apex setup [all|codex|claude]");
+    }
+    const target = requestedTarget ?? "all";
+    const launch = await resolveMcpLaunchSpec(packageRoot);
+    const steps = [];
+    const requestedClients = target === "all" ? ["codex", "claude"] : [target];
+    let configuredClients = 0;
+    for (const client of requestedClients) {
+        try {
+            const clientSteps = client === "codex" ? await configureCodex(launch) : await configureClaude(cwd, launch);
+            steps.push(...clientSteps);
+            configuredClients += 1;
+        }
+        catch (error) {
+            const missingClient = error instanceof Error &&
+                /spawn (codex|claude) ENOENT/i.test(error.message);
+            if (missingClient && target !== "all") {
+                throw new Error(`${client === "codex" ? "Codex" : "Claude Code"} is not installed on this machine. Install it first, then re-run \`apex setup ${client}\`.`);
+            }
+            if (!missingClient) {
+                throw error;
+            }
+            steps.push({
+                client,
+                kind: "mcp",
+                status: "skipped",
+                path: null,
+                detail: `${client} is not installed on this machine`,
+            });
+            steps.push({
+                client,
+                kind: "skill",
+                status: "skipped",
+                path: null,
+                detail: `${client} is not installed on this machine`,
+            });
+        }
+    }
+    if (configuredClients === 0) {
+        throw new Error("Neither Codex nor Claude Code is installed. Install one of them first, then re-run `apex setup`.");
+    }
+    const payload = {
+        target,
+        mcpServerName: MCP_SERVER_NAME,
+        mcpCommand: launch.label,
+        steps,
+    };
+    if (isJsonMode(flags)) {
+        printJson(payload);
+        return payload;
+    }
+    logLine(`Apex setup target: ${target}`, flags);
+    logLine(`MCP launch command: ${launch.label}`, flags);
+    for (const step of steps) {
+        logLine(summarizeStep(step), flags);
+    }
+    if (requestedClients.includes("codex")) {
+        logLine("Restart Codex to pick up a newly installed or updated skill.", flags);
+    }
+    if (requestedClients.includes("claude")) {
+        logLine("Re-run `apex setup claude` in each repository where you want the Claude project skill.", flags);
+    }
+    return payload;
+}

package/dist/shell.js

@@ -0,0 +1,320 @@
+import { SHELL_HELP_TEXT } from "./help.js";
+import { commandCancelScan, commandConnect, commandCredits, commandDoctor, commandExportFindings, commandFindings, commandLogout, commandScan, commandScans, commandStatus, commandUpdate, commandWorkspace, commandWorkspaceUse, commandWorkspaces, initializeInteractiveSession, openCurrentApexView, } from "./commands.js";
+import { withFlag } from "./args.js";
+import { printCompanyDetails, printInteractiveSessionSummary, printSourceList, printWorkspaceDetails, } from "./output.js";
+import { readLine } from "./prompt.js";
+import { formatApiError } from "./api-client.js";
+const SHELL_COMPLETIONS = [
+    { command: "credits" },
+    { command: "scan", args: ["standard", "ultra"] },
+    { command: "scans" },
+    { command: "findings" },
+    { command: "export" },
+    { command: "workspaces" },
+    { command: "cancel-scan" },
+    { command: "cancel" },
+    { command: "status" },
+    { command: "doctor" },
+    { command: "update" },
+    { command: "logout" },
+    { command: "repos" },
+    { command: "workspace", args: ["use", "name"] },
+    { command: "company" },
+    { command: "connect", args: ["github", "gitlab"] },
+    { command: "open" },
+    { command: "clear" },
+    { command: "help" },
+    { command: "exit" },
+    { command: "quit" },
+];
+function tokenizeShellInput(input) {
+    const tokens = [];
+    let current = "";
+    let activeQuote = null;
+    let escaping = false;
+    let tokenStarted = false;
+    for (const character of input) {
+        if (escaping) {
+            current += character;
+            escaping = false;
+            tokenStarted = true;
+            continue;
+        }
+        if (character === "\\") {
+            escaping = true;
+            tokenStarted = true;
+            continue;
+        }
+        if (activeQuote) {
+            if (character === activeQuote) {
+                activeQuote = null;
+                tokenStarted = true;
+                continue;
+            }
+            current += character;
+            tokenStarted = true;
+            continue;
+        }
+        if (character === '"' || character === "'") {
+            activeQuote = character;
+            tokenStarted = true;
+            continue;
+        }
+        if (/\s/.test(character)) {
+            if (tokenStarted) {
+                tokens.push(current);
+                current = "";
+                tokenStarted = false;
+            }
+            continue;
+        }
+        current += character;
+        tokenStarted = true;
+    }
+    if (escaping) {
+        current += "\\";
+    }
+    if (tokenStarted) {
+        tokens.push(current);
+    }
+    return tokens;
+}
+export function parseShellInput(input) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        return null;
+    const normalized = trimmed.startsWith("/") ? trimmed.slice(1) : trimmed;
+    const [command, ...args] = tokenizeShellInput(normalized);
+    if (!command)
+        return null;
+    return {
+        command: command.toLowerCase(),
+        args,
+    };
+}
+export function getShellCompletionCandidates(input) {
+    const trimmedStart = input.trimStart();
+    const leadingWhitespace = input.slice(0, input.length - trimmedStart.length);
+    const usesSlash = trimmedStart.startsWith("/");
+    const normalizedInput = usesSlash ? trimmedStart.slice(1) : trimmedStart;
+    const hasTrailingSpace = /\s$/.test(normalizedInput);
+    const tokens = normalizedInput.trim().length > 0
+        ? tokenizeShellInput(normalizedInput.trim()).map((token) => token.toLowerCase())
+        : [];
+    const prefix = `${leadingWhitespace}${usesSlash ? "/" : ""}`;
+    if (tokens.length === 0) {
+        return SHELL_COMPLETIONS.map((entry) => `${prefix}${entry.command}`);
+    }
+    if (tokens.length === 1 && !hasTrailingSpace) {
+        return SHELL_COMPLETIONS
+            .map((entry) => entry.command)
+            .filter((command) => command.startsWith(tokens[0]))
+            .map((command) => `${prefix}${command}`);
+    }
+    if (tokens.length > 2) {
+        return [];
+    }
+    const command = tokens[0];
+    const completion = SHELL_COMPLETIONS.find((entry) => entry.command === command);
+    if (!completion?.args) {
+        return [];
+    }
+    const argPrefix = hasTrailingSpace ? "" : tokens[1] ?? "";
+    return completion.args
+        .filter((arg) => arg.startsWith(argPrefix))
+        .map((arg) => `${prefix}${completion.command} ${arg}`);
+}
+function clearTerminal() {
+    process.stdout.write("\x1Bc");
+}
+function printShellHelp() {
+    process.stdout.write(`${SHELL_HELP_TEXT}\n`);
+}
+export async function runInteractiveShell(client, cwd, initialFlags) {
+    let shellFlags = { ...initialFlags };
+    let session = await initializeInteractiveSession(client, cwd, shellFlags);
+    printInteractiveSessionSummary(session);
+    while (true) {
+        let input;
+        try {
+            input = await readLine("apex> ", {
+                completer: getShellCompletionCandidates,
+            });
+        }
+        catch {
+            process.stdout.write("\n");
+            return;
+        }
+        const parsed = parseShellInput(input);
+        if (!parsed) {
+            continue;
+        }
+        let shouldContinue;
+        try {
+            shouldContinue = await runShellCommand(client, cwd, parsed, shellFlags, session);
+        }
+        catch (error) {
+            process.stderr.write(`${formatApiError(error)}\n`);
+            continue;
+        }
+        if (shouldContinue === false) {
+            return;
+        }
+        if (shouldContinue.flags) {
+            shellFlags = shouldContinue.flags;
+        }
+        if (shouldContinue.session) {
+            session = shouldContinue.session;
+        }
+    }
+}
+async function runShellCommand(client, cwd, parsed, shellFlags, session) {
+    switch (parsed.command) {
+        case "help":
+            printShellHelp();
+            return {};
+        case "credits":
+            await commandCredits(client, cwd, shellFlags);
+            return {};
+        case "scan": {
+            const mode = parsed.args[0];
+            if (mode && !["standard", "ultra"].includes(mode)) {
+                process.stderr.write("Usage: /scan [standard|ultra]\n");
+                return {};
+            }
+            const result = await commandScan(client, cwd, mode ? withFlag(shellFlags, "mode", mode) : shellFlags);
+            return {
+                session: {
+                    ...session,
+                    company: result.company,
+                    workspaceName: result.workspaceName,
+                    sources: result.sources,
+                    binding: result.binding,
+                },
+            };
+        }
+        case "status":
+            await commandStatus(client, cwd, shellFlags);
+            return {};
+        case "scans":
+            await commandScans(client, cwd, shellFlags);
+            return {};
+        case "findings": {
+            if (parsed.args.length > 1) {
+                process.stderr.write("Usage: /findings [scan-id]\n");
+                return {};
+            }
+            await commandFindings(client, cwd, parsed.args[0]
+                ? withFlag(shellFlags, "scan", parsed.args[0])
+                : shellFlags);
+            return {};
+        }
+        case "export": {
+            if (parsed.args.length > 1) {
+                process.stderr.write("Usage: /export [scan-id]\n");
+                return {};
+            }
+            await commandExportFindings(client, cwd, parsed.args[0]
+                ? withFlag(shellFlags, "scan", parsed.args[0])
+                : shellFlags);
+            return {};
+        }
+        case "workspaces":
+            await commandWorkspaces(client, cwd, shellFlags);
+            return {};
+        case "cancel-scan":
+        case "cancel": {
+            if (parsed.args.length > 1) {
+                process.stderr.write("Usage: /cancel-scan [scan-id]\n");
+                return {};
+            }
+            await commandCancelScan(client, cwd, shellFlags, parsed.args[0] ?? null);
+            return {};
+        }
+        case "doctor":
+            await commandDoctor(client, cwd, shellFlags);
+            return {};
+        case "update":
+            await commandUpdate(shellFlags);
+            return false;
+        case "logout":
+            await commandLogout(client, shellFlags);
+            return false;
+        case "repos":
+            printSourceList(session.sources);
+            return {};
+        case "workspace": {
+            if (parsed.args.length === 0) {
+                await commandWorkspace(cwd, shellFlags);
+                return {};
+            }
+            if (parsed.args[0] === "use") {
+                const workspaceRef = parsed.args.slice(1).join(" ").trim();
+                if (!workspaceRef) {
+                    process.stderr.write("Usage: /workspace use <workspace-id|prefix|name>\n");
+                    return {};
+                }
+                const result = await commandWorkspaceUse(client, cwd, shellFlags, workspaceRef);
+                return {
+                    session: {
+                        ...session,
+                        company: result.company,
+                        workspaceName: result.binding.workspaceName,
+                        binding: result.binding,
+                    },
+                };
+            }
+            const workspaceName = parsed.args[0] === "name"
+                ? parsed.args.slice(1).join(" ").trim()
+                : parsed.args.join(" ").trim();
+            if (!workspaceName) {
+                process.stderr.write("Usage: /workspace name <name>\n");
+                return {};
+            }
+            const nextFlags = withFlag(shellFlags, "workspace-name", workspaceName);
+            const nextSession = await initializeInteractiveSession(client, cwd, nextFlags);
+            printWorkspaceDetails(nextSession);
+            return {
+                flags: nextFlags,
+                session: nextSession,
+            };
+        }
+        case "company": {
+            if (parsed.args.length === 0) {
+                printCompanyDetails(session);
+                return {};
+            }
+            const companyRef = parsed.args.join(" ").trim();
+            const nextFlags = withFlag(shellFlags, "company", companyRef);
+            const nextSession = await initializeInteractiveSession(client, cwd, nextFlags);
+            printCompanyDetails(nextSession);
+            return {
+                flags: nextFlags,
+                session: nextSession,
+            };
+        }
+        case "connect": {
+            const provider = parsed.args[0];
+            if (provider !== "github" && provider !== "gitlab") {
+                process.stderr.write("Usage: /connect <github|gitlab>\n");
+                return {};
+            }
+            await commandConnect(client, cwd, shellFlags, provider);
+            const nextSession = await initializeInteractiveSession(client, cwd, shellFlags);
+            return { session: nextSession };
+        }
+        case "open":
+            await openCurrentApexView(client, cwd, shellFlags);
+            return {};
+        case "clear":
+            clearTerminal();
+            printInteractiveSessionSummary(session);
+            return {};
+        case "exit":
+        case "quit":
+            return false;
+        default:
+            process.stderr.write(`Unknown command: ${parsed.command}. Type /help for available commands.\n`);
+            return {};
+    }
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};