@cantinasecurity/apex-cli 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/.claude/skills/apex-cli/SKILL.md +3 -0
  2. package/.claude-plugin/marketplace.json +3 -3
  3. package/.claude-plugin/plugin.json +1 -1
  4. package/.codex-plugin/plugin.json +1 -1
  5. package/.mcp.claude.json +6 -2
  6. package/.mcp.codex.json +6 -2
  7. package/MARKETPLACE.md +1 -1
  8. package/README.md +80 -7
  9. package/dist/apex.js +21 -3
  10. package/dist/api-client.js +5 -0
  11. package/dist/commands.js +36 -0
  12. package/dist/config.js +4 -0
  13. package/dist/help.js +6 -0
  14. package/dist/mcp.js +101 -24
  15. package/dist/setup.js +52 -5
  16. package/dist/shell.js +27 -2
  17. package/dist/telemetry.js +755 -0
  18. package/package.json +1 -1
  19. package/skills/apex-cli/SKILL.md +3 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cantinasecurity/apex-cli",
3
- "version": "0.1.10",
3
+ "version": "0.1.11",
4
4
  "description": "Standalone CLI and MCP server for Apex.",
5
5
  "private": false,
6
6
  "type": "module",
package/skills/apex-cli/SKILL.md CHANGED
@@ -9,6 +9,8 @@ This skill is bundled with Apex CLI and can be installed into Codex with `apex s
9
9
 
10
10
  Prefer the Apex MCP tools over running `apex` in the shell when the server is available.
11
11
 
12
+ `apex setup codex` configures the MCP server with client attribution so Apex can distinguish Codex MCP usage from direct CLI usage. Users can inspect or disable anonymous local usage telemetry with `apex telemetry status` and `apex telemetry disable`.
13
+
12
14
  Workflow:
13
15
 
14
16
  1. Start with `apex-auth-status`.
@@ -36,6 +38,7 @@ Guidelines:
36
38
  - When checking a scan that is not the workspace binding's latest scan, pass `scanId` to `apex-status`; use `apex-scans` first if you need to discover scan IDs.
37
39
  - Prefer `apex-findings` for quick inspection and `apex-export-findings` when the user needs a file artifact.
38
40
  - Finding comments, feedback, and fix review scan starts use the same Apex device-login credentials as read tools. If a write tool reports missing auth, re-run `apex-auth-status` and complete `apex-auth-start` / `apex-auth-wait` instead of asking for browser cookies or auth tokens.
41
+ - Anonymous telemetry records only sanitized command/tool metadata such as command names, enum modes, counts, durations, success/failure categories, CLI version, and client integration. It must not include raw repository paths, scan IDs, finding IDs, comments, file paths, PR URLs, or tokens.
39
42
  - Invalid finding feedback requires `dismissalReason`; valid feedback can include `suggestedSeverity`, including `extreme`.
40
43
  - Fix PR callback feedback requires valid feedback with `labels: ["fixed"]` and `fixPrUrls`; start the fix review scan with `apex-finding-fix-review` after saving that feedback.
41
44
  - Finding identifiers such as `KERN2-25` resolve against the selected or latest scan for the current workspace binding. Pass an explicit scan when needed, or use the finding UUID directly.