@continum/cli 0.1.0

package/SETUP.md

@@ -0,0 +1,517 @@
+# Continum CLI - Development Setup Guide
+
+## Overview
+
+This guide covers setting up the Continum CLI for development, testing, and deployment.
+
+## Prerequisites
+
+- Node.js >= 16.0.0
+- PostgreSQL database
+- Git
+- npm or yarn
+
+## Development Setup
+
+### Step 1: Clone and Install
+
+```bash
+# Clone the repository
+git clone <your-repo-url>
+cd continum
+
+# Install all dependencies
+npm install
+```
+
+### Step 2: Database Setup
+
+```bash
+# Navigate to API directory
+cd apps/api
+
+# Copy environment file
+cp .env.example .env
+
+# Edit .env and set your database URL
+# DATABASE_URL="postgresql://user:password@localhost:5432/continum"
+
+# Run database migrations
+npm run db:migrate
+
+# Generate Prisma client
+npm run db:generate
+
+# Verify with Prisma Studio (optional)
+npm run db:studio
+```
+
+### Step 3: Build the CLI
+
+```bash
+# From repository root
+cd ../..
+npm run build:cli
+
+# Link CLI globally for local testing
+cd packages/cli
+npm link
+cd ../..
+```
+
+### Step 4: Start Development Servers
+
+Open 3 terminal windows:
+
+**Terminal 1 - API Server:**
+```bash
+cd apps/api
+npm run dev
+# API runs on http://localhost:3000
+```
+
+**Terminal 2 - Console:**
+```bash
+cd apps/console
+npm run dev
+# Console runs on http://localhost:3001
+```
+
+**Terminal 3 - CLI Testing:**
+```bash
+# Verify CLI is available
+continum --version
+# Should show: 0.1.0
+
+continum --help
+```
+
+### Step 5: Create Test User
+
+1. Open browser to http://localhost:3001
+2. Sign up for a new account
+3. Complete onboarding
+4. You're ready to test!
+
+## Testing the CLI
+
+### Test Login Flow
+
+```bash
+continum login
+```
+
+**Expected behavior:**
+1. Browser opens to http://localhost:3001/cli/auth
+2. You sign in with your test account
+3. Browser shows "Authentication Successful"
+4. CLI shows success message
+5. Credentials saved to `~/.continum/credentials.json`
+
+### Test in a Repository
+
+```bash
+# Create test directory
+mkdir ~/test-continum
+cd ~/test-continum
+
+# Initialize git
+git init
+
+# Initialize Continum
+continum init
+# Enter sandbox name: test
+
+# Verify setup
+continum status
+```
+
+### Test Known Pattern Detection
+
+```bash
+# Create file with AWS key
+echo 'const key = "AKIAIOSFODNN7EXAMPLE";' > test.ts
+
+# Stage file
+git add test.ts
+
+# Try to commit (should be blocked)
+git commit -m "test commit"
+```
+
+**Expected output:**
+```
+Continum — scanning 1 file...
+
+❌  BLOCKED
+
+test.ts (line 1)
+──────────────────────────────────────────────────────
+Type:     AWS_ACCESS_KEY
+Found:    AKIA••••••••7EXAMPLE
+Severity: CRITICAL
+
+Fix these before committing.
+```
+
+✅ Success! The CLI blocked the commit.
+
+### Test Unknown Pattern Detection
+
+```bash
+# Create file with unknown pattern
+echo 'const acmeKey = "acme_prod_x7k9m2p8q4w6";' > config.ts
+
+# Stage file
+git add config.ts
+
+# Try to commit
+git commit -m "add acme config"
+```
+
+**Expected output:**
+```
+⚠️  POSSIBLE CREDENTIAL DETECTED
+
+config.ts (line 1)
+──────────────────────────────────────────────────────
+Type:    UNKNOWN_PATTERN (HIGH confidence)
+Found:   acme_prod_x7k9••••••••
+Pattern: acme_prod_[a-z0-9]{16}
+
+Options:
+  [b] Block this commit
+  [a] Approve pattern and block
+  [i] Ignore this pattern
+  [c] Continue anyway
+
+Choice:
+```
+
+Type `a` to approve, then enter description and severity.
+
+### Test Clean Commit
+
+```bash
+# Create clean file
+echo 'const name = "John Doe";' > user.ts
+
+# Stage and commit
+git add user.ts
+git commit -m "add user"
+```
+
+**Expected output:**
+```
+Continum — scanning 1 file...
+✓ Clean
+
+[main abc1234] add user
+```
+
+✅ Success! Clean commits go through.
+
+## Database Schema
+
+The CLI requires the `approved_patterns` table:
+
+```sql
+CREATE TABLE "approved_patterns" (
+    "id" TEXT PRIMARY KEY,
+    "customerId" TEXT NOT NULL,
+    "pattern" TEXT NOT NULL,
+    "patternType" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "severity" TEXT NOT NULL,
+    "isGlobal" BOOLEAN DEFAULT false,
+    "isActive" BOOLEAN DEFAULT true,
+    "createdBy" TEXT DEFAULT 'cli',
+    "createdAt" TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    "totalDetections" INTEGER DEFAULT 0,
+    "lastDetectedAt" TIMESTAMP,
+    
+    FOREIGN KEY ("customerId") REFERENCES "customers"("id")
+);
+```
+
+This is created automatically by the migration in `apps/api/prisma/migrations/20260324_add_patterns/`.
+
+## API Endpoints
+
+The CLI communicates with these endpoints:
+
+### POST /patterns/approve
+
+Approve a new pattern detected by the CLI.
+
+**Request:**
+```json
+{
+  "pattern": "acme_prod_[a-z0-9]{16}",
+  "patternType": "CUSTOM",
+  "description": "ACME Production API Key",
+  "severity": "HIGH",
+  "exampleValue": "acme_prod_x7k9••••••••",
+  "confidence": "HIGH",
+  "context": {
+    "file": "src/config.ts",
+    "line": 14,
+    "variableName": "apiKey"
+  }
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "patternId": "clx..."
+}
+```
+
+### GET /patterns/library
+
+Get all patterns for the customer (custom + global).
+
+**Response:**
+```json
+[
+  {
+    "pattern": "AKIA[0-9A-Z]{16}",
+    "patternType": "AWS_ACCESS_KEY",
+    "description": "AWS Access Key ID",
+    "severity": "CRITICAL"
+  }
+]
+```
+
+### GET /patterns/status
+
+Test API connection and get customer info.
+
+**Response:**
+```json
+{
+  "success": true,
+  "customer": "Acme Corp"
+}
+```
+
+### POST /patterns/audit
+
+Background audit of git diff (fire-and-forget).
+
+**Request:**
+```json
+{
+  "diff": "diff --git a/src/config.ts...",
+  "sandbox": "employee_confidential"
+}
+```
+
+## File Structure
+
+```
+packages/cli/
+├── src/
+│   ├── commands/
+│   │   ├── login.ts          # Browser-based authentication
+│   │   ├── init.ts           # Project initialization
+│   │   ├── scan.ts           # File scanning
+│   │   ├── patterns.ts       # Pattern management
+│   │   ├── status.ts         # Status check
+│   │   └── uninstall.ts      # Uninstall hook
+│   ├── scanner/
+│   │   ├── patterns.ts       # Built-in patterns
+│   │   ├── local-scan.ts     # Local scanner logic
+│   │   └── pattern-updater.ts # Pattern sync
+│   ├── api/
+│   │   └── client.ts         # API client
+│   ├── config/
+│   │   ├── default-config.ts # Default configuration
+│   │   └── loader.ts         # Config management
+│   ├── git/
+│   │   └── git-utils.ts      # Git operations
+│   ├── types.ts              # TypeScript types
+│   └── index.ts              # CLI entry point
+├── package.json
+├── tsconfig.json
+├── README.md
+└── SETUP.md (this file)
+```
+
+## Environment Variables
+
+### Development
+
+```bash
+# CLI
+CONTINUM_API_URL=http://localhost:3000
+CONTINUM_CONSOLE_URL=http://localhost:3001
+
+# Console
+NEXT_PUBLIC_API_URL=http://localhost:3000
+
+# API
+DATABASE_URL=postgresql://user:password@localhost:5432/continum
+INTERNAL_API_KEY=your-internal-key
+```
+
+### Production
+
+```bash
+# CLI (defaults)
+CONTINUM_API_URL=https://api.continum.dev
+CONTINUM_CONSOLE_URL=https://console.continum.dev
+
+# Console
+NEXT_PUBLIC_API_URL=https://api.continum.dev
+
+# API
+DATABASE_URL=postgresql://...
+INTERNAL_API_KEY=...
+```
+
+## Publishing
+
+### To npm
+
+```bash
+cd packages/cli
+
+# Update version
+npm version patch  # or minor, major
+
+# Build
+npm run build
+
+# Publish
+npm publish
+```
+
+### Users Install
+
+```bash
+npm install -g @continum/cli
+```
+
+## Troubleshooting
+
+### "Command not found: continum"
+
+```bash
+cd packages/cli
+npm link
+```
+
+### "Failed to connect to Continum API"
+
+Check:
+- API is running: `curl http://localhost:3000/health`
+- API URL is correct in credentials
+- Network connection works
+
+### "Not in a git repository"
+
+```bash
+git init
+```
+
+### Database migration fails
+
+```bash
+# Check DATABASE_URL in apps/api/.env
+cat apps/api/.env
+
+# Ensure PostgreSQL is running
+psql -U postgres -c "SELECT version();"
+
+# Run migration again
+cd apps/api
+npm run db:migrate
+```
+
+### Port 8765 already in use
+
+```bash
+# Kill process on port 8765
+lsof -ti:8765 | xargs kill -9
+
+# Or on Windows
+netstat -ano | findstr :8765
+taskkill /PID <PID> /F
+```
+
+## Testing Checklist
+
+- [ ] CLI builds successfully
+- [ ] Database migration runs
+- [ ] API starts on port 3000
+- [ ] Console starts on port 3001
+- [ ] `continum login` opens browser
+- [ ] Browser auth page loads
+- [ ] Authentication completes
+- [ ] Credentials saved to `~/.continum/credentials.json`
+- [ ] `continum init` without login shows error
+- [ ] `continum login` then `continum init` works
+- [ ] Config file created
+- [ ] Pre-commit hook installed
+- [ ] Known patterns blocked
+- [ ] Unknown patterns prompt for approval
+- [ ] Approved patterns saved
+- [ ] Patterns sync across team
+- [ ] Clean commits go through
+- [ ] `continum status` shows correct info
+
+## Architecture
+
+### Login Flow
+
+```
+Developer → CLI → Browser → Console → API → CLI → Credentials Saved
+```
+
+1. Developer runs `continum login`
+2. CLI starts local server on port 8765
+3. CLI opens browser to console.continum.dev/cli/auth
+4. User authenticates in browser
+5. Console fetches API key from API
+6. Console redirects to localhost:8765 with credentials
+7. CLI receives credentials and saves them
+
+### Scan Flow
+
+```
+Git Commit → Pre-commit Hook → CLI Scan → Block/Allow
+                                    ↓
+                            API (background audit)
+```
+
+1. Developer commits
+2. Pre-commit hook runs `continum scan --staged`
+3. CLI scans files with known patterns
+4. If violations found → Block commit
+5. If clean → Allow commit + send diff to API (background)
+
+### Pattern Learning Flow
+
+```
+Unknown Pattern → Prompt Developer → Approve → Save to API → Sync to Team
+```
+
+1. CLI detects unknown pattern
+2. Prompts developer for approval
+3. Developer approves with description
+4. CLI sends to API
+5. API saves to database
+6. Other team members get pattern on next scan
+
+## Support
+
+- Documentation: See README.md
+- Issues: GitHub Issues
+- Discord: https://discord.gg/continum
+
+## License
+
+MIT

package/dist/api/client.d.ts

@@ -0,0 +1,17 @@
+import { Pattern, ApprovePatternDto } from '../types';
+export declare class ContinumApiClient {
+    private apiUrl;
+    private apiKey;
+    constructor(apiUrl: string, apiKey: string);
+    approvePattern(dto: ApprovePatternDto): Promise<{
+        success: boolean;
+        patternId: string;
+    }>;
+    getPatternLibrary(): Promise<Pattern[]>;
+    sendSandboxAudit(diff: string, sandbox: string): Promise<void>;
+    testConnection(): Promise<{
+        success: boolean;
+        customer: string;
+    }>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/api/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAEtD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAKpC,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAkBxF,iBAAiB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAiBvC,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc9D,cAAc,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;CAexE"}

package/dist/api/client.js

@@ -0,0 +1,70 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContinumApiClient = void 0;
+const node_fetch_1 = __importDefault(require("node-fetch"));
+class ContinumApiClient {
+    constructor(apiUrl, apiKey) {
+        this.apiUrl = apiUrl.replace(/\/$/, ''); // Remove trailing slash
+        this.apiKey = apiKey;
+    }
+    async approvePattern(dto) {
+        const response = await (0, node_fetch_1.default)(`${this.apiUrl}/patterns/approve`, {
+            method: 'POST',
+            headers: {
+                'x-continum-key': this.apiKey,
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(dto)
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Failed to approve pattern: ${error}`);
+        }
+        return response.json();
+    }
+    async getPatternLibrary() {
+        const response = await (0, node_fetch_1.default)(`${this.apiUrl}/patterns/library`, {
+            method: 'GET',
+            headers: {
+                'x-continum-key': this.apiKey,
+                'Content-Type': 'application/json'
+            }
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Failed to fetch patterns: ${error}`);
+        }
+        return response.json();
+    }
+    async sendSandboxAudit(diff, sandbox) {
+        // Fire and forget - don't wait for response
+        (0, node_fetch_1.default)(`${this.apiUrl}/patterns/audit`, {
+            method: 'POST',
+            headers: {
+                'x-continum-key': this.apiKey,
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify({ diff, sandbox })
+        }).catch(() => {
+            // Silent fail - this is background audit
+        });
+    }
+    async testConnection() {
+        const response = await (0, node_fetch_1.default)(`${this.apiUrl}/patterns/status`, {
+            method: 'GET',
+            headers: {
+                'x-continum-key': this.apiKey,
+                'Content-Type': 'application/json'
+            }
+        });
+        if (!response.ok) {
+            throw new Error('Failed to connect to Continum API');
+        }
+        return response.json();
+    }
+}
+exports.ContinumApiClient = ContinumApiClient;
+//# sourceMappingURL=client.js.map

package/dist/api/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":";;;;;;AAAA,4DAA+B;AAG/B,MAAa,iBAAiB;IAI5B,YAAY,MAAc,EAAE,MAAc;QACxC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACjE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAsB;QACzC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,GAAG,IAAI,CAAC,MAAM,mBAAmB,EAAE;YAC9D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;SAC1B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAsD,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,GAAG,IAAI,CAAC,MAAM,mBAAmB,EAAE;YAC9D,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAwB,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAY,EAAE,OAAe;QAClD,4CAA4C;QAC5C,IAAA,oBAAK,EAAC,GAAG,IAAI,CAAC,MAAM,iBAAiB,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SACxC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,yCAAyC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,GAAG,IAAI,CAAC,MAAM,kBAAkB,EAAE;YAC7D,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAqD,CAAC;IAC5E,CAAC;CACF;AAzED,8CAyEC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,4 @@
+export declare function initCommand(options: {
+    silent?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAOA,wBAAsB,WAAW,CAAC,OAAO,EAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAyG9E"}