@cencori/scan 0.3.8 → 0.4.1

package/README.md

@@ -15,11 +15,11 @@ That's it. Run it in any project directory to instantly scan for security issues
 
 ## Features
 
-- 🔍 **Pattern-based scanning** - Detects 50+ types of secrets, PII, and vulnerabilities
-- 🤖 **AI-powered auto-fix** - Automatically fixes issues with one command
-- ⚡ **Fast** - Scans thousands of files in seconds
-- 🎯 **Zero config** - Works out of the box
-- 📊 **Security scoring** - A through F tier grading
+- **Pattern-based scanning** - Detects 50+ types of secrets, PII, and vulnerabilities
+- **Cencori AI auto-fix** - Automatically fixes issues with one command
+- **Fast** - Scans thousands of files in seconds
+- **Zero config** - Works out of the box
+- **Security scoring** - A through F tier grading
 
 ## Installation
 
@@ -80,7 +80,7 @@ Your API key is saved to `~/.cencorirc` for future scans.
 
 ## What It Detects
 
-### 🔐 API Keys & Secrets
+### API Keys & Secrets
 
 | Provider | Pattern |
 |----------|---------|
@@ -94,21 +94,21 @@ Your API key is saved to `~/.cencorirc` for future scans.
 | Firebase | `firebase-adminsdk-...` |
 | And 20+ more... | |
 
-### 👤 PII (Personal Identifiable Information)
+### PII (Personal Identifiable Information)
 
 - Email addresses in code
 - Phone numbers
 - Social Security Numbers
 - Credit card numbers
 
-### 🛣️ Exposed Routes
+### Exposed Routes
 
 - Next.js API routes without authentication
 - Express routes without auth middleware
 - Sensitive files in `/public` folders
 - Dashboard/admin routes without protection
 
-### ⚠️ Security Vulnerabilities
+### Security Vulnerabilities
 
 - SQL injection patterns
 - XSS vulnerabilities (innerHTML, dangerouslySetInnerHTML)
@@ -126,6 +126,50 @@ Your API key is saved to `~/.cencorirc` for future scans.
 | **D-Tier** | Poor | Significant issues found |
 | **F-Tier** | Critical | Secrets or major vulnerabilities exposed |
 
+## Changelog Generation
+
+Generate AI-powered changelogs from your git commit history.
+
+```bash
+# Generate weekly changelog
+npx @cencori/scan changelog
+
+# Custom time range
+npx @cencori/scan changelog --since="2 weeks ago"
+
+# Output to file
+npx @cencori/scan changelog --output=CHANGELOG.md
+
+# JSON format
+npx @cencori/scan changelog --format=json
+```
+
+### Example Output
+
+```markdown
+## Changelog (Jan 23, 2026 - Jan 30, 2026)
+
+### Features
+
+- Added AI-powered changelog generation
+- New security scanning patterns for AWS secrets
+
+### Bug Fixes
+
+- Fixed telemetry not sending before process exit
+
+### Documentation
+
+- Updated README with new examples
+```
+
+### Pro Tier (with API key)
+
+Get human-readable, summarized changelogs with AI:
+- Converts developer commit messages to user-facing language
+- Intelligently groups related changes
+- Highlights breaking changes automatically
+
 ## Example Output
 
 ```

package/dist/cli.js

@@ -973,10 +973,210 @@ function buildTelemetryData(result, version, hasApiKey) {
   };
 }
 
+// src/changelog/index.ts
+var import_child_process = require("child_process");
+var CENCORI_API_URL2 = "https://api.cencori.com/v1";
+function parseCommitType(message) {
+  const lower = message.toLowerCase();
+  if (lower.startsWith("feat") || lower.startsWith("feature")) return "feat";
+  if (lower.startsWith("fix") || lower.startsWith("bugfix")) return "fix";
+  if (lower.startsWith("chore")) return "chore";
+  if (lower.startsWith("docs")) return "docs";
+  if (lower.startsWith("style")) return "style";
+  if (lower.startsWith("refactor")) return "refactor";
+  if (lower.startsWith("test")) return "test";
+  return "other";
+}
+function getCommits(since = "1 week ago", cwd) {
+  try {
+    const output = (0, import_child_process.execSync)(
+      `git log --since="${since}" --pretty=format:"%H|%aI|%an|%s" --no-merges`,
+      {
+        cwd: cwd || process.cwd(),
+        encoding: "utf-8",
+        stdio: ["pipe", "pipe", "pipe"]
+      }
+    );
+    if (!output.trim()) {
+      return [];
+    }
+    return output.trim().split("\n").map((line) => {
+      const [hash, date, author, ...messageParts] = line.split("|");
+      const message = messageParts.join("|");
+      return {
+        hash: hash.substring(0, 7),
+        date,
+        author,
+        message,
+        type: parseCommitType(message)
+      };
+    });
+  } catch (error) {
+    return [];
+  }
+}
+function groupCommitsByType(commits) {
+  const groups = {
+    feat: [],
+    fix: [],
+    docs: [],
+    other: []
+  };
+  for (const commit of commits) {
+    if (commit.type === "feat") {
+      groups.feat.push(commit);
+    } else if (commit.type === "fix") {
+      groups.fix.push(commit);
+    } else if (commit.type === "docs") {
+      groups.docs.push(commit);
+    } else {
+      groups.other.push(commit);
+    }
+  }
+  const entries = [];
+  if (groups.feat.length > 0) {
+    entries.push({
+      type: "feature",
+      title: "Features",
+      commits: groups.feat.map((c) => c.message)
+    });
+  }
+  if (groups.fix.length > 0) {
+    entries.push({
+      type: "fix",
+      title: "Bug Fixes",
+      commits: groups.fix.map((c) => c.message)
+    });
+  }
+  if (groups.docs.length > 0) {
+    entries.push({
+      type: "docs",
+      title: "Documentation",
+      commits: groups.docs.map((c) => c.message)
+    });
+  }
+  if (groups.other.length > 0) {
+    entries.push({
+      type: "other",
+      title: "Other Changes",
+      commits: groups.other.map((c) => c.message)
+    });
+  }
+  return entries;
+}
+function generateMarkdownFree(entries, period) {
+  const startDate = new Date(period.start).toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric",
+    year: "numeric"
+  });
+  const endDate = new Date(period.end).toLocaleDateString("en-US", {
+    month: "short",
+    day: "numeric",
+    year: "numeric"
+  });
+  let md = `## Changelog (${startDate} - ${endDate})
+
+`;
+  for (const entry of entries) {
+    md += `### ${entry.title}
+
+`;
+    for (const commit of entry.commits) {
+      const cleanMessage = commit.replace(/^(feat|fix|chore|docs|style|refactor|test)(\(.+?\))?:\s*/i, "").trim();
+      md += `- ${cleanMessage}
+`;
+    }
+    md += "\n";
+  }
+  return md;
+}
+async function generateChangelogAI(commits, apiKey, period) {
+  const commitMessages = commits.map((c) => c.message).join("\n");
+  try {
+    const response = await fetch(`${CENCORI_API_URL2}/changelog/generate`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({
+        commits: commitMessages,
+        period
+      })
+    });
+    if (!response.ok) {
+      throw new Error("API request failed");
+    }
+    const data = await response.json();
+    return {
+      entries: data.entries || [],
+      markdown: data.markdown || ""
+    };
+  } catch {
+    const entries = groupCommitsByType(commits);
+    return {
+      entries,
+      markdown: generateMarkdownFree(entries, period)
+    };
+  }
+}
+async function generateChangelog(since = "1 week ago", apiKey, cwd) {
+  const commits = getCommits(since, cwd);
+  const now = /* @__PURE__ */ new Date();
+  const sinceDate = /* @__PURE__ */ new Date();
+  const match = since.match(/(\d+)\s*(week|day|month)s?\s*ago/i);
+  if (match) {
+    const amount = parseInt(match[1], 10);
+    const unit = match[2].toLowerCase();
+    if (unit === "week") {
+      sinceDate.setDate(sinceDate.getDate() - amount * 7);
+    } else if (unit === "day") {
+      sinceDate.setDate(sinceDate.getDate() - amount);
+    } else if (unit === "month") {
+      sinceDate.setMonth(sinceDate.getMonth() - amount);
+    }
+  } else {
+    sinceDate.setDate(sinceDate.getDate() - 7);
+  }
+  const period = {
+    start: sinceDate.toISOString(),
+    end: now.toISOString()
+  };
+  if (commits.length === 0) {
+    return {
+      period,
+      entries: [],
+      markdown: `## Changelog
+
+No commits found in the specified period.
+`,
+      commitCount: 0
+    };
+  }
+  if (apiKey) {
+    const { entries, markdown } = await generateChangelogAI(commits, apiKey, period);
+    return {
+      period,
+      entries,
+      markdown,
+      commitCount: commits.length
+    };
+  } else {
+    const entries = groupCommitsByType(commits);
+    return {
+      period,
+      entries,
+      markdown: generateMarkdownFree(entries, period),
+      commitCount: commits.length
+    };
+  }
+}
+
 // src/cli.ts
 var fs3 = __toESM(require("fs"));
 var path3 = __toESM(require("path"));
-var VERSION = "0.3.8";
+var VERSION = "0.4.1";
 var scoreStyles = {
   A: { color: import_chalk.default.green },
   B: { color: import_chalk.default.blue },
@@ -1282,6 +1482,58 @@ async function main() {
       process.exit(1);
     }
   });
+  import_commander.program.command("changelog").description("Generate AI-powered changelog from git commits").option("-s, --since <time>", "Time range for commits", "1 week ago").option("-o, --output <file>", "Output to file instead of stdout").option("-f, --format <format>", "Output format (markdown or json)", "markdown").action(async (options) => {
+    printBanner();
+    const spinner = (0, import_ora.default)({
+      text: "Reading git history...",
+      color: "cyan"
+    }).start();
+    try {
+      const apiKey = getApiKey();
+      const result = await generateChangelog(options.since, apiKey || void 0);
+      if (result.commitCount === 0) {
+        spinner.warn("No commits found in the specified period");
+        console.log(import_chalk.default.yellow(`
+  Try a larger time range with --since "2 weeks ago"
+`));
+        process.exit(0);
+        return;
+      }
+      spinner.succeed(`Found ${result.commitCount} commits`);
+      if (options.format === "json") {
+        const output = JSON.stringify(result, null, 2);
+        if (options.output) {
+          fs3.writeFileSync(options.output, output);
+          console.log(import_chalk.default.green(`
+  \u2714 Changelog saved to ${options.output}
+`));
+        } else {
+          console.log(output);
+        }
+      } else {
+        if (options.output) {
+          fs3.writeFileSync(options.output, result.markdown);
+          console.log(import_chalk.default.green(`
+  \u2714 Changelog saved to ${options.output}
+`));
+        } else {
+          console.log("\n" + result.markdown);
+        }
+      }
+      if (!apiKey) {
+        console.log(import_chalk.default.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+        console.log(import_chalk.default.cyan("\n   Want AI-enhanced changelogs?"));
+        console.log(import_chalk.default.gray("     Get human-readable summaries with a Cencori API key"));
+        console.log(import_chalk.default.gray("     Sign up free at https://cencori.com\n"));
+      }
+      process.exit(0);
+    } catch (error) {
+      spinner.fail("Changelog generation failed");
+      console.error(import_chalk.default.red(`
+  Error: ${error instanceof Error ? error.message : "Unknown error"}`));
+      process.exit(1);
+    }
+  });
   import_commander.program.parse();
 }
 main();