@cantinasecurity/apex-cli 0.1.9 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/apex-cli/SKILL.md +3 -0
- package/.claude-plugin/marketplace.json +3 -3
- package/.claude-plugin/plugin.json +1 -1
- package/.codex-plugin/plugin.json +1 -1
- package/.mcp.claude.json +6 -2
- package/.mcp.codex.json +6 -2
- package/MARKETPLACE.md +1 -1
- package/README.md +91 -10
- package/dist/apex.js +21 -3
- package/dist/api-client.js +5 -0
- package/dist/commands.js +36 -0
- package/dist/config.js +4 -0
- package/dist/help.js +8 -1
- package/dist/mcp.js +101 -24
- package/dist/setup.js +177 -17
- package/dist/shell.js +27 -2
- package/dist/telemetry.js +755 -0
- package/dist/update.js +1 -1
- package/package.json +1 -1
- package/skills/apex-cli/SKILL.md +4 -1
package/dist/update.js
CHANGED
|
@@ -456,7 +456,7 @@ export async function commandUpdate(flags, packageRoot = PACKAGE_ROOT) {
|
|
|
456
456
|
printJson(payload);
|
|
457
457
|
}
|
|
458
458
|
else {
|
|
459
|
-
logLine("Apex CLI updated. Re-run `apex` to use the latest version. Re-run `apex setup` to refresh copied Codex or
|
|
459
|
+
logLine("Apex CLI updated. Re-run `apex` to use the latest version. Re-run `apex setup` to refresh copied Codex, Claude Code, or GitHub Copilot CLI skill files.", flags);
|
|
460
460
|
}
|
|
461
461
|
return payload;
|
|
462
462
|
}
|
package/package.json
CHANGED
package/skills/apex-cli/SKILL.md
CHANGED
|
@@ -5,10 +5,12 @@ description: Use when a user wants to start Apex scans, inspect findings, bind w
|
|
|
5
5
|
|
|
6
6
|
# Apex CLI
|
|
7
7
|
|
|
8
|
-
This skill is bundled with Apex CLI and can be installed into Codex with `apex setup codex`.
|
|
8
|
+
This skill is bundled with Apex CLI and can be installed into Codex with `apex setup codex` or GitHub Copilot CLI with `apex setup copilot`.
|
|
9
9
|
|
|
10
10
|
Prefer the Apex MCP tools over running `apex` in the shell when the server is available.
|
|
11
11
|
|
|
12
|
+
`apex setup codex` configures the MCP server with client attribution so Apex can distinguish Codex MCP usage from direct CLI usage. Users can inspect or disable anonymous local usage telemetry with `apex telemetry status` and `apex telemetry disable`.
|
|
13
|
+
|
|
12
14
|
Workflow:
|
|
13
15
|
|
|
14
16
|
1. Start with `apex-auth-status`.
|
|
@@ -36,6 +38,7 @@ Guidelines:
|
|
|
36
38
|
- When checking a scan that is not the workspace binding's latest scan, pass `scanId` to `apex-status`; use `apex-scans` first if you need to discover scan IDs.
|
|
37
39
|
- Prefer `apex-findings` for quick inspection and `apex-export-findings` when the user needs a file artifact.
|
|
38
40
|
- Finding comments, feedback, and fix review scan starts use the same Apex device-login credentials as read tools. If a write tool reports missing auth, re-run `apex-auth-status` and complete `apex-auth-start` / `apex-auth-wait` instead of asking for browser cookies or auth tokens.
|
|
41
|
+
- Anonymous telemetry records only sanitized command/tool metadata such as command names, enum modes, counts, durations, success/failure categories, CLI version, and client integration. It must not include raw repository paths, scan IDs, finding IDs, comments, file paths, PR URLs, or tokens.
|
|
39
42
|
- Invalid finding feedback requires `dismissalReason`; valid feedback can include `suggestedSeverity`, including `extreme`.
|
|
40
43
|
- Fix PR callback feedback requires valid feedback with `labels: ["fixed"]` and `fixPrUrls`; start the fix review scan with `apex-finding-fix-review` after saving that feedback.
|
|
41
44
|
- Finding identifiers such as `KERN2-25` resolve against the selected or latest scan for the current workspace binding. Pass an explicit scan when needed, or use the finding UUID directly.
|