@cantinasecurity/apex-cli 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/apex-cli/SKILL.md +1 -1
- package/README.md +1 -1
- package/dist/commands.js +2 -2
- package/dist/help.js +2 -2
- package/package.json +1 -1
- package/skills/apex-cli/SKILL.md +1 -1
|
@@ -31,7 +31,7 @@ If the Apex MCP server is not configured, fall back to the local CLI:
|
|
|
31
31
|
- `apex scan` scans the current working directory by default; pass `--repo` only when the user asks to scan explicit alternate roots.
|
|
32
32
|
- `apex-doctor` reports whether Apex will use remote materialization or a local snapshot upload for each selected source.
|
|
33
33
|
- Plain local directories and dirty git worktrees can scan through local snapshot uploads without provider access.
|
|
34
|
-
- Audit scans use `--mode audit` in user-facing CLI calls. The legacy `ultra` mode remains accepted as an alias, but audit scans still require provider-backed GitHub or GitLab sources.
|
|
34
|
+
- Audit scans use `--mode audit` in user-facing CLI calls and request payloads. The legacy `ultra` mode remains accepted as an alias, but audit scans still require provider-backed GitHub or GitLab sources.
|
|
35
35
|
- `apex-workspace-use` accepts a workspace name, prefix, or ID.
|
|
36
36
|
- Use `sourceMode: "remote"` only when the user explicitly wants to forbid local snapshot fallbacks.
|
|
37
37
|
- Finding comments and feedback currently require `CANTINA_AUTH_TOKEN` in the MCP server environment because those writes go through the Cantina web-app routes instead of the Apex CLI bearer-token routes.
|
package/README.md
CHANGED
|
@@ -192,7 +192,7 @@ Useful flags:
|
|
|
192
192
|
|
|
193
193
|
`auto` is the default. `remote` requires Apex to materialize from a remote repository. `local` forces a local snapshot upload even when a clean remote path is available.
|
|
194
194
|
|
|
195
|
-
Audit scans still require provider-backed GitHub or GitLab repositories that Apex can materialize remotely without a local snapshot fallback. `ultra` remains accepted as a backwards-compatible alias
|
|
195
|
+
Audit scans use `audit` as the scan mode and still require provider-backed GitHub or GitLab repositories that Apex can materialize remotely without a local snapshot fallback. `ultra` remains accepted as a backwards-compatible alias.
|
|
196
196
|
|
|
197
197
|
## LLM / MCP Usage
|
|
198
198
|
|
package/dist/commands.js
CHANGED
|
@@ -78,7 +78,7 @@ function formatAuditScanBalance(scanBalance) {
|
|
|
78
78
|
return `Audit scans: ${detailParts.join(", ")}`;
|
|
79
79
|
}
|
|
80
80
|
function normalizeRequestedScanMode(value) {
|
|
81
|
-
return value === "ultra" || value === "audit" ? "
|
|
81
|
+
return value === "ultra" || value === "audit" ? "audit" : "standard";
|
|
82
82
|
}
|
|
83
83
|
function normalizeFindingRefInput(value) {
|
|
84
84
|
const trimmed = normalizeFindingRef(value);
|
|
@@ -353,7 +353,7 @@ export async function commandScan(client, cwd, flags) {
|
|
|
353
353
|
const forceRestart = await ensureScanRestartConfirmed(flags, activeScan);
|
|
354
354
|
let workspaceId = resolvedWorkspaceId;
|
|
355
355
|
let scan;
|
|
356
|
-
if (requestedMode === "
|
|
356
|
+
if (requestedMode === "audit") {
|
|
357
357
|
if (!supportsLegacyRemoteFlow(result.resolve.plannedSources)) {
|
|
358
358
|
throw new Error("Audit scans currently require provider-backed GitHub or GitLab repositories without local snapshot fallbacks.");
|
|
359
359
|
}
|
package/dist/help.js
CHANGED
|
@@ -52,7 +52,7 @@ Flags:
|
|
|
52
52
|
Tips:
|
|
53
53
|
apex scan uses the current directory name as the default workspace name unless you pass --workspace-name.
|
|
54
54
|
apex scan uses the current directory as the default source root unless you pass --repo.
|
|
55
|
-
audit is the
|
|
55
|
+
audit is the current scan mode for audit scans; ultra remains accepted as a legacy alias.
|
|
56
56
|
apex workspace use accepts a workspace name, prefix, or ID.
|
|
57
57
|
Finding comments and feedback currently require CANTINA_AUTH_TOKEN from a logged-in Cantina/Apex browser session.
|
|
58
58
|
Invalid finding feedback requires --dismissal-reason.
|
|
@@ -93,7 +93,7 @@ Commands:
|
|
|
93
93
|
/exit Exit Apex
|
|
94
94
|
|
|
95
95
|
Tips:
|
|
96
|
-
audit is the
|
|
96
|
+
audit is the current scan mode for audit scans; ultra remains accepted as a legacy alias.
|
|
97
97
|
/workspace use accepts a workspace name, prefix, or ID.
|
|
98
98
|
/findings comment and /findings feedback require CANTINA_AUTH_TOKEN in the shell environment.
|
|
99
99
|
Invalid finding feedback requires a dismissal reason.
|
package/package.json
CHANGED
package/skills/apex-cli/SKILL.md
CHANGED
|
@@ -26,7 +26,7 @@ Guidelines:
|
|
|
26
26
|
- `apex-scan` scans the provided `cwd` by default; pass `repoPaths` only when the user asks to scan explicit alternate roots.
|
|
27
27
|
- `apex-doctor` reports whether Apex will use remote materialization or a local snapshot upload for each selected source.
|
|
28
28
|
- Apex can scan plain local directories and dirty git worktrees without provider connections by using local snapshot uploads.
|
|
29
|
-
- Audit scans use `mode: "audit"` in user-facing instructions. The legacy `ultra` mode remains accepted as an alias, but audit scans still require provider-backed GitHub or GitLab sources.
|
|
29
|
+
- Audit scans use `mode: "audit"` in user-facing instructions and request payloads. The legacy `ultra` mode remains accepted as an alias, but audit scans still require provider-backed GitHub or GitLab sources.
|
|
30
30
|
- `apex-workspace-use` accepts a workspace name, prefix, or ID.
|
|
31
31
|
- Use `sourceMode: "remote"` only when the user explicitly wants to forbid local snapshot fallbacks.
|
|
32
32
|
- Use `force: true` on `apex-scan` only when the user explicitly wants to replace or overlap an active scan.
|