@coana-tech/cli 14.12.125 → 14.12.127

package/cli.mjs

@@ -73599,9 +73599,9 @@ var require_lockfile = __commonJS({
       /* 85 */
       /***/
       function(module3, exports3) {
-        module3.exports = function(exec5) {
+        module3.exports = function(exec4) {
           try {
-            return !!exec5();
+            return !!exec4();
           } catch (e) {
             return true;
           }
@@ -73733,9 +73733,9 @@ var require_lockfile = __commonJS({
       /* 104 */
       /***/
       function(module3, exports3) {
-        module3.exports = function(exec5) {
+        module3.exports = function(exec4) {
           try {
-            return { e: false, v: exec5() };
+            return { e: false, v: exec4() };
           } catch (e) {
             return { e: true, v: e };
           }
@@ -75208,7 +75208,7 @@ ${indent3}`);
           });
         } catch (e) {
         }
-        module3.exports = function(exec5, skipClosing) {
+        module3.exports = function(exec4, skipClosing) {
           if (!skipClosing && !SAFE_CLOSING) return false;
           var safe = false;
           try {
@@ -75220,7 +75220,7 @@ ${indent3}`);
             arr[ITERATOR] = function() {
               return iter;
             };
-            exec5(arr);
+            exec4(arr);
           } catch (e) {
           }
           return safe;
@@ -75543,8 +75543,8 @@ ${indent3}`);
         var USE_NATIVE = !!function() {
           try {
             var promise = $Promise.resolve(1);
-            var FakePromise = (promise.constructor = {})[__webpack_require__(13)("species")] = function(exec5) {
-              exec5(empty2, empty2);
+            var FakePromise = (promise.constructor = {})[__webpack_require__(13)("species")] = function(exec4) {
+              exec4(empty2, empty2);
             };
             return (isNode2 || typeof PromiseRejectionEvent == "function") && promise.then(empty2) instanceof FakePromise && v8.indexOf("6.6") !== 0 && userAgent.indexOf("Chrome/66") === -1;
           } catch (e) {
@@ -205058,6 +205058,9 @@ var CLILogger = class {
   // Spinner registers itself as wrapper in order to suspend spinning when logging -- default to the empty wrapper
   wrapper = (cb) => cb();
   finished = false;
+  // Buffer for storing logs before MainProcessTransport is added (used in socket mode)
+  streamBuffer = [];
+  bufferingForStream = false;
   initWinstonLogger(debug, logFilePath) {
     if (this.logger instanceof import_winston.Logger) {
       return;
@@ -205124,20 +205127,43 @@ var CLILogger = class {
   setWrapper(wrapper) {
     this.wrapper = wrapper;
   }
+  /**
+   * Enable buffering of logs for later streaming via MainProcessTransport.
+   * Call this early (before initialize()) when in socket mode.
+   * Buffered logs will be flushed when addTransport() is called.
+   */
+  enableStreamBuffering() {
+    this.bufferingForStream = true;
+  }
+  bufferLog(level, message2, meta) {
+    if (this.bufferingForStream) {
+      this.streamBuffer.push({
+        level,
+        message: message2,
+        meta,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    }
+  }
   info(message2, ...meta) {
+    this.bufferLog("info", message2, meta);
     this.wrapper(() => this.logger.info(message2, ...meta));
   }
   file(message2, ...meta) {
     if (this.logger instanceof Console) return;
+    this.bufferLog("file", message2, meta);
     this.wrapper(() => this.logger.log("file", message2, ...meta));
   }
   debug(message2, ...meta) {
+    this.bufferLog("debug", message2, meta);
     this.wrapper(() => this.logger.debug(message2, ...meta));
   }
   warn(message2, ...meta) {
+    this.bufferLog("warn", message2, meta);
     this.wrapper(() => this.logger.warn(message2, ...meta));
   }
   error(message2, ...meta) {
+    this.bufferLog("error", message2, meta);
     this.wrapper(() => this.logger.error(message2, ...meta));
   }
   isDebugEnabled() {
@@ -205155,14 +205181,38 @@ var CLILogger = class {
   /**
    * Add a transport to the main process logger.
    * Used to add the MainProcessTransport so main process logs are sent to backend.
+   * If buffering was enabled, buffered logs will be flushed to the new transport.
    *
    * @param transport - The transport to add
    */
   addTransport(transport) {
     if (this.logger instanceof import_winston.Logger) {
       this.logger.add(transport);
+      if (this.bufferingForStream) {
+        this.flushBufferToTransport(transport);
+      }
     }
   }
+  flushBufferToTransport(transport) {
+    for (const entry of this.streamBuffer) {
+      try {
+        const fullMessage = entry.meta.length > 0 ? `${entry.message} ${entry.meta.map((m4) => typeof m4 === "object" ? JSON.stringify(m4) : String(m4)).join(" ")}` : entry.message;
+        transport.log?.(
+          {
+            level: entry.level,
+            message: fullMessage,
+            timestamp: entry.timestamp
+          },
+          () => {
+          }
+        );
+      } catch (error) {
+        console.error("Error flushing buffered log entry:", error);
+      }
+    }
+    this.streamBuffer = [];
+    this.bufferingForStream = false;
+  }
   /**
    * End the logger instance and return a promise
    * that resolves when the logger is finished.
@@ -206637,13 +206687,6 @@ async function execNeverFail(cmd, dir, options) {
     childProcess.stdin?.end();
   });
 }
-async function exec(cmd, dir, options) {
-  const { error, stdout, stderr } = await execNeverFail(cmd, dir, options);
-  if (!error) return { stdout, stderr };
-  error.stdout = stdout;
-  error.stderr = stderr;
-  throw error;
-}
 async function runCommandResolveStdOut(cmd, dir, options) {
   const { stdout, error } = await execNeverFail(cmd, dir, options);
   if (error) throw error;
@@ -213262,17 +213305,6 @@ async function execNeverFail2(cmd, dir, options) {
   logger.debug(`Command ${formatCmd(cmd, dir)} finished ${result.error ? "with error" : "successfully"}`);
   return result;
 }
-async function exec2(cmd, dir, options) {
-  logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
-  try {
-    const result = await exec(cmd, dir, options);
-    logger.debug(`Command ${formatCmd(cmd, dir)} finished successfully`);
-    return result;
-  } catch (error) {
-    logger.debug(`Command ${formatCmd(cmd, dir)} finished with error`);
-    throw error;
-  }
-}
 async function runCommandResolveStdOut2(cmd, dir, options) {
   logger.debug(`Running command: ${formatCmd(cmd, dir)}`);
   try {
@@ -213419,13 +213451,13 @@ var Diff = class {
       editLength++;
     };
     if (callback) {
-      (function exec5() {
+      (function exec4() {
         setTimeout(function() {
           if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
             return callback(void 0);
           }
           if (!execEditLength()) {
-            exec5();
+            exec4();
           }
         }, 0);
       })();
@@ -225681,8 +225713,8 @@ var getNpmBin = once(async () => {
 async function actuallyRunInstall(specificPackagesArgs = [], dir) {
   const installationCommand = cmdt2`${await getNpmBin()} install -f --ignore-scripts --no-fund --no-audit --no-progress ${specificPackagesArgs}`;
   logger.debug(`Running installation command: "${installationCommand}" in ${dir}`);
-  const result = execAndLogOnFailure4(installationCommand, dir);
-  logger.info(`Installation completed.`);
+  const result = await execAndLogOnFailure4(installationCommand, dir);
+  logger.info(`Installation ${result ? "completed" : "failed"}.`);
   return result;
 }
 async function getWorkspacePathsFromPackageJSON(projectFolder, useDotWhenNoWorkspaces = false) {
@@ -225876,7 +225908,7 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
     const installationCommand = cmdt`pnpm install --ignore-scripts${await this.getPnpmMajorVersion() >= 9 && specificPackagesCmd.length === 0 ? "--no-frozen-lockfile" : ""} --config.confirmModulesPurge=false ${specificPackagesCmd}`;
     const installDir = resolve22(this.rootDir, this.subprojectPath, workspacePath);
     logger.info(`Running installation command: "${installationCommand}" in ${installDir}`);
-    await exec2(installationCommand, installDir);
+    await execAndLogOnFailure2(installationCommand, installDir);
     logger.info(`Installation completed.`);
   }
   async getLockFileYaml() {
@@ -225976,7 +226008,10 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
   async finalizeFixes() {
     const cmd = cmdt`pnpm install --ignore-scripts --fix-lockfile --config.confirmModulesPurge=false `;
     logger.info(`Adjusting lock file changes by running '${cmd}'`);
-    await exec2(cmd, resolve22(this.rootDir, this.subprojectPath));
+    const result = await execAndLogOnFailure2(cmd, resolve22(this.rootDir, this.subprojectPath));
+    if (!result) {
+      throw new Error(`Failed to install packages`);
+    }
   }
 };
 function getVersionNumber(version4) {
@@ -231701,6 +231736,9 @@ var CLILogger2 = class {
   // Spinner registers itself as wrapper in order to suspend spinning when logging -- default to the empty wrapper
   wrapper = (cb) => cb();
   finished = false;
+  // Buffer for storing logs before MainProcessTransport is added (used in socket mode)
+  streamBuffer = [];
+  bufferingForStream = false;
   initWinstonLogger(debug, logFilePath) {
     if (this.logger instanceof import_winston2.Logger) {
       return;
@@ -231757,21 +231795,44 @@ var CLILogger2 = class {
   setWrapper(wrapper) {
     this.wrapper = wrapper;
   }
+  /**
+   * Enable buffering of logs for later streaming via MainProcessTransport.
+   * Call this early (before initialize()) when in socket mode.
+   * Buffered logs will be flushed when addTransport() is called.
+   */
+  enableStreamBuffering() {
+    this.bufferingForStream = true;
+  }
+  bufferLog(level, message2, meta) {
+    if (this.bufferingForStream) {
+      this.streamBuffer.push({
+        level,
+        message: message2,
+        meta,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    }
+  }
   info(message2, ...meta) {
+    this.bufferLog("info", message2, meta);
     this.wrapper(() => this.logger.info(message2, ...meta));
   }
   file(message2, ...meta) {
     if (this.logger instanceof Console2)
       return;
+    this.bufferLog("file", message2, meta);
     this.wrapper(() => this.logger.log("file", message2, ...meta));
   }
   debug(message2, ...meta) {
+    this.bufferLog("debug", message2, meta);
     this.wrapper(() => this.logger.debug(message2, ...meta));
   }
   warn(message2, ...meta) {
+    this.bufferLog("warn", message2, meta);
     this.wrapper(() => this.logger.warn(message2, ...meta));
   }
   error(message2, ...meta) {
+    this.bufferLog("error", message2, meta);
     this.wrapper(() => this.logger.error(message2, ...meta));
   }
   isDebugEnabled() {
@@ -231789,14 +231850,35 @@ var CLILogger2 = class {
   /**
    * Add a transport to the main process logger.
    * Used to add the MainProcessTransport so main process logs are sent to backend.
+   * If buffering was enabled, buffered logs will be flushed to the new transport.
    *
    * @param transport - The transport to add
    */
   addTransport(transport) {
     if (this.logger instanceof import_winston2.Logger) {
       this.logger.add(transport);
+      if (this.bufferingForStream) {
+        this.flushBufferToTransport(transport);
+      }
     }
   }
+  flushBufferToTransport(transport) {
+    for (const entry of this.streamBuffer) {
+      try {
+        const fullMessage = entry.meta.length > 0 ? `${entry.message} ${entry.meta.map((m4) => typeof m4 === "object" ? JSON.stringify(m4) : String(m4)).join(" ")}` : entry.message;
+        transport.log?.({
+          level: entry.level,
+          message: fullMessage,
+          timestamp: entry.timestamp
+        }, () => {
+        });
+      } catch (error) {
+        console.error("Error flushing buffered log entry:", error);
+      }
+    }
+    this.streamBuffer = [];
+    this.bufferingForStream = false;
+  }
   /**
    * End the logger instance and return a promise
    * that resolves when the logger is finished.
@@ -236145,7 +236227,7 @@ function getMongoClient() {
 }
 
 // ../security-auditor/security-auditor-api/src/vulnerability-patterns-helper/get-interesting-urls-for-vulnerability.ts
-import { exec as exec4 } from "child_process";
+import { exec as exec3 } from "child_process";
 import { promisify } from "util";
 
 // ../../node_modules/.pnpm/cheerio@1.0.0-rc.12/node_modules/cheerio/lib/esm/options.js
@@ -249741,7 +249823,7 @@ async function getInterestingURLsForVulnerability(vulnerability, packageMetadata
 }
 async function computeComparisonURLs(scmUrl, vulnAndFixVersionsArr) {
   try {
-    const gitTags = (await promisify(exec4)(`git ls-remote ${scmUrl} | grep -F "refs/tags"`)).stdout.split("\n");
+    const gitTags = (await promisify(exec3)(`git ls-remote ${scmUrl} | grep -F "refs/tags"`)).stdout.split("\n");
     logger3.debug("gitTags", gitTags);
     logger3.debug("vulnAndFixVersionsArr", vulnAndFixVersionsArr);
     const versionToSha = {};
@@ -249776,7 +249858,7 @@ async function computeInterestingCommitURLs(text3, scmUrl) {
     const repo = scmUrl.split("/").slice(-2).join("/");
     const cmd = `gh search commits ${text3} --repo ${repo}`;
     logger3.debug(`Finding issue or PR url for text ${text3}`, cmd);
-    const { stdout } = await promisify(exec4)(cmd, { shell: "/bin/zsh" });
+    const { stdout } = await promisify(exec3)(cmd, { shell: "/bin/zsh" });
     return stdout.split("\n").filter((line) => line).map((line) => {
       const [repo2, sha] = line.split("	");
       return `https://www.github.com/${repo2}/commit/${sha}`;
@@ -249790,7 +249872,7 @@ async function computeInterestingIssueAndPRUrlsWithText(text3, scmUrl) {
   const repo = scmUrl.split("/").slice(-2).join("/");
   const cmd = `gh search issues ${text3} in:title,body,comment --repo ${repo} --include-prs`;
   console.log(`Finding issue or PR url for text ${text3}`, cmd);
-  const { stdout } = await promisify(exec4)(cmd, { shell: "/bin/zsh" });
+  const { stdout } = await promisify(exec3)(cmd, { shell: "/bin/zsh" });
   return stdout.split("\n").filter((line) => line).map((line) => {
     const [issueOrPr, repo2, id] = line.split("	");
     const issueOrPrUrlPart = issueOrPr === "issue" ? "issues" : "pull";
@@ -251019,7 +251101,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.125";
+var version3 = "14.12.127";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
@@ -251142,6 +251224,9 @@ var CliCore = class {
     const tmpDir = await createTmpDirectory("coana-cli-");
     this.coanaLogPath = join30(tmpDir, "coana-log.txt");
     this.coanaSocketPath = join30(tmpDir, "coana.sock");
+    if (this.options.socketMode) {
+      logger.enableStreamBuffering();
+    }
     logger.initWinstonLogger(this.options.debug, this.coanaLogPath);
     logger.silent = this.options.silent;
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.125",
+  "version": "14.12.127",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -75753,6 +75753,9 @@ var CLILogger = class {
   // Spinner registers itself as wrapper in order to suspend spinning when logging -- default to the empty wrapper
   wrapper = (cb) => cb();
   finished = false;
+  // Buffer for storing logs before MainProcessTransport is added (used in socket mode)
+  streamBuffer = [];
+  bufferingForStream = false;
   initWinstonLogger(debug, logFilePath) {
     if (this.logger instanceof import_winston.Logger) {
       return;
@@ -75819,20 +75822,43 @@ var CLILogger = class {
   setWrapper(wrapper) {
     this.wrapper = wrapper;
   }
+  /**
+   * Enable buffering of logs for later streaming via MainProcessTransport.
+   * Call this early (before initialize()) when in socket mode.
+   * Buffered logs will be flushed when addTransport() is called.
+   */
+  enableStreamBuffering() {
+    this.bufferingForStream = true;
+  }
+  bufferLog(level, message, meta) {
+    if (this.bufferingForStream) {
+      this.streamBuffer.push({
+        level,
+        message,
+        meta,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    }
+  }
   info(message, ...meta) {
+    this.bufferLog("info", message, meta);
     this.wrapper(() => this.logger.info(message, ...meta));
   }
   file(message, ...meta) {
     if (this.logger instanceof Console) return;
+    this.bufferLog("file", message, meta);
     this.wrapper(() => this.logger.log("file", message, ...meta));
   }
   debug(message, ...meta) {
+    this.bufferLog("debug", message, meta);
     this.wrapper(() => this.logger.debug(message, ...meta));
   }
   warn(message, ...meta) {
+    this.bufferLog("warn", message, meta);
     this.wrapper(() => this.logger.warn(message, ...meta));
   }
   error(message, ...meta) {
+    this.bufferLog("error", message, meta);
     this.wrapper(() => this.logger.error(message, ...meta));
   }
   isDebugEnabled() {
@@ -75850,14 +75876,38 @@ var CLILogger = class {
   /**
    * Add a transport to the main process logger.
    * Used to add the MainProcessTransport so main process logs are sent to backend.
+   * If buffering was enabled, buffered logs will be flushed to the new transport.
    *
    * @param transport - The transport to add
    */
   addTransport(transport) {
     if (this.logger instanceof import_winston.Logger) {
       this.logger.add(transport);
+      if (this.bufferingForStream) {
+        this.flushBufferToTransport(transport);
+      }
     }
   }
+  flushBufferToTransport(transport) {
+    for (const entry of this.streamBuffer) {
+      try {
+        const fullMessage = entry.meta.length > 0 ? `${entry.message} ${entry.meta.map((m) => typeof m === "object" ? JSON.stringify(m) : String(m)).join(" ")}` : entry.message;
+        transport.log?.(
+          {
+            level: entry.level,
+            message: fullMessage,
+            timestamp: entry.timestamp
+          },
+          () => {
+          }
+        );
+      } catch (error) {
+        console.error("Error flushing buffered log entry:", error);
+      }
+    }
+    this.streamBuffer = [];
+    this.bufferingForStream = false;
+  }
   /**
    * End the logger instance and return a promise
    * that resolves when the logger is finished.
@@ -88276,6 +88326,7 @@ var ToolPathResolver = class {
 
 // dist/whole-program-code-aware-vulnerability-scanner/code-aware-vulnerability-scanner.js
 var import_lodash13 = __toESM(require_lodash(), 1);
+import { readFileSync as readFileSync3 } from "fs";
 import { resolve as resolve17 } from "path";
 
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
@@ -111524,7 +111575,7 @@ async function analyzePackages(ecosystem, packages, vulnerability, options) {
     default:
       throw new Error(`Analyze dependency chain not implemented for ${ecosystem}.`);
   }
-  return { analysis: { name: analysisName, version: await getVersion(analysisName) }, result };
+  return { analysis: { name: analysisName, version: getVersion(analysisName) }, result };
 }
 async function analyzeAlreadyInstalledPackages(ecosystem, packages, vulnerability, options) {
   let analysisName;
@@ -111557,7 +111608,7 @@ async function analyzeAlreadyInstalledPackages(ecosystem, packages, vulnerabilit
     default:
       throw new Error(`analyzePackageRegistryPackage is not implemented for ${ecosystem}.`);
   }
-  return { analysis: { name: analysisName, version: await getCurrentCommitHash(analysisName.toLowerCase()) }, result };
+  return { analysis: { name: analysisName, version: getCurrentCommitHash(analysisName.toLowerCase()) }, result };
 }
 async function runWithJSHeuristics(cb) {
   const orderedHeuristics = [heuristics.ALL_PACKAGES];
@@ -111569,8 +111620,15 @@ async function runWithJSHeuristics(cb) {
   }
   return result;
 }
-async function getCurrentCommitHash(project) {
-  return (await runCommandResolveStdOut2("git rev-parse HEAD", resolve17(COANA_REPOS_PATH(), project))).trim();
+function getCurrentCommitHash(project) {
+  const headShaPath = resolve17(COANA_REPOS_PATH(), project, "HEAD_SHA");
+  try {
+    const content = readFileSync3(headShaPath, "utf-8").trim();
+    const colonIndex = content.indexOf(":");
+    return colonIndex !== -1 ? content.slice(colonIndex + 1) : content;
+  } catch {
+    return "unknown";
+  }
 }
 function detectedOccurrencesFromAPMatches(matches, pathPrefixToRemove) {
   for (const match2 of Object.values(matches))
@@ -111606,9 +111664,9 @@ function getStacksFromAccPaths(matches, { vulnerabilityAccessPaths }) {
     stacks: relevantStacks
   };
 }
-async function getVersion(analysisName) {
+function getVersion(analysisName) {
   if (analysisName === "Jelly")
-    return await getCurrentCommitHash(analysisName.toLowerCase());
+    return getCurrentCommitHash(analysisName.toLowerCase());
   return "N/A";
 }