@contrast/cli 1.54.0 → 1.56.0

package/bin/config-diagnostics.mjs

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import { program } from 'commander';
+import path from 'node:path';
+import { action, version } from '../lib/config-diagnostics.mjs';
+
+program
+  .name('config-diagnostics')
+  .version(version)
+  .description('The config-diagnostics utility returns the current effective node agent configuration.')
+  .argument('<entrypoint>', 'The entrypoint JavaScript or ESM file for the application')
+  .option('-q, --quiet', 'suppress logging to stdout')
+  .option('-o, --output <string>', 'output directory for generated JSON file', path.join(process.cwd(), 'contrast_effective_config.json'))
+  .action(action)
+  .parse(process.argv);

package/bin/rewrite.mjs

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import { execFileSync } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+
+execFileSync(
+  process.argv[0],
+  [
+    '--experimental-import-meta-resolve',
+    fileURLToPath(new URL('../lib/rewrite/program.mjs', import.meta.url)),
+    ...process.argv.slice(2),
+  ],
+  { stdio: 'inherit' },
+);

package/bin/system-diagnostics.mjs

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import { program } from 'commander';
+import path from 'node:path';
+import { action, version } from '../lib/system-diagnostics.mjs';
+
+program
+  .name('system-diagnostics')
+  .version(version)
+  .description('The system-diagnostics utility returns the system info for the server/container the agent is running on.')
+  .option('-q, --quiet', 'suppress logging to stdout')
+  .option('-o, --output <string>', 'output directory for generated JSON file', path.join(process.cwd(), 'contrast_system_info.json'))
+  .action(action)
+  .parse(process.argv);

package/lib/{config-diagnostics.js → config-diagnostics.mjs}

@@ -1,4 +1,3 @@
-#!/usr/bin/env node
 /*
  * Copyright: 2025 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
@@ -13,36 +12,34 @@
  * engineered, modified, repackaged, sold, redistributed or otherwise used in a
  * way not consistent with the End User License Agreement.
  */
-'use strict';
 
-const commander = require('commander');
-const fs = require('fs');
-const { EOL } = require('os');
-const path = require('path');
-const { name: agentName, version: agentVersion } = require('../package.json');
-const { primordials: { JSONStringify } } = require('@contrast/common');
+import { primordials } from '@contrast/common';
+import configInit from '@contrast/config';
+import appInfoInit from '@contrast/core/lib/app-info.js';
+import coreMessagesInit from '@contrast/core/lib/messages.js';
+import reporterInit from '@contrast/reporter';
+import scopesInit from '@contrast/scopes';
+import loggerInit from '@contrast/logger';
+import Perf from '@contrast/perf';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { EOL } from 'node:os';
 
-if (require.main === module) {
-  commander.program
-    .name('config-diagnostics')
-    .description('The config-diagnostics utility returns the current effective node agent configuration.')
-    .argument('<entrypoint>', 'The entrypoint JavaScript or ESM file for the application')
-    .option('-q, --quiet', 'suppress logging to stdout')
-    .option('-o, --output <string>', 'output directory for generated JSON file', path.join(process.cwd(), 'contrast_effective_config.json'))
-    .action(action)
-    .parse();
-}
+const { JSONStringify } = primordials;
+const packageJson = JSON.parse(readFileSync(new URL('../package.json', import.meta.url)));
+const { name: agentName, version: agentVersion } = packageJson;
+
+export { agentVersion as version };
 
-async function action(entrypoint, options) {
-  const core = { agentName, agentVersion, Perf: require('@contrast/perf') };
-  require('@contrast/core/lib/messages')(core);
-  require('@contrast/config')(core);
-  require('@contrast/logger').default(core);
-  require('@contrast/core/lib/app-info')(core);
+export async function action(entrypoint, options) {
+  const core = { agentName, agentVersion, Perf };
+  coreMessagesInit(core);
+  configInit(core);
+  loggerInit.default(core);
+  appInfoInit(core);
   if (core.appInfo._errors?.length) throw core.appInfo._errors[0];
 
-  require('@contrast/scopes')(core);
-  require('@contrast/reporter').default(core, { reporters: ['ui'] });
+  scopesInit(core);
+  reporterInit.default(core, { reporters: ['ui'] });
 
   for (const err of core.config._errors) {
     throw err;
@@ -62,11 +59,9 @@ async function action(entrypoint, options) {
   const content = JSONStringify({ ...core.config.getReport({ redact: true }), Status }, null, 2) + EOL;
 
   if (!options.quiet) {
-    fs.writeFileSync(1, content, 'utf8');
+    writeFileSync(process.stdout.fd, content, 'utf8');
   }
   if (options.output) {
-    fs.writeFileSync(options.output, content, 'utf-8');
+    writeFileSync(options.output, content, 'utf-8');
   }
 }
-
-module.exports.action = action;

package/lib/rewrite/index.mjs

@@ -0,0 +1,187 @@
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+// @ts-check
+import { primordials } from '@contrast/common';
+import configInit from '@contrast/config';
+import appInfoInit from '@contrast/core/lib/app-info.js';
+import coreMessagesInit from '@contrast/core/lib/messages.js';
+import loggerInit from '@contrast/logger';
+import Perf from '@contrast/perf';
+import rewriterInit from '@contrast/rewriter';
+import { rewriteIsDeadzoned } from '@contrast/rewriter/lib/rewrite-is-deadzoned.js';
+import swc from '@swc/core';
+import { Visitor } from '@swc/core/Visitor.js';
+import { readFile } from 'node:fs/promises';
+import { createRequire } from 'node:module';
+import path from 'node:path';
+import { fileURLToPath, pathToFileURL } from 'node:url';
+
+const { RegExpPrototypeTest } = primordials;
+const JS_FILE_REGEX = /\.[cm]?js$/;
+
+const packageJson = JSON.parse((await readFile(new URL('../../package.json', import.meta.url))).toString());
+const { name: agentName, version: agentVersion } = packageJson;
+
+/** @type {any} */
+const core = { agentName, agentVersion, Perf };
+coreMessagesInit(core);
+const config = configInit(core);
+if (config._errors?.length) throw config._errors[0];
+// @ts-expect-error ESM interop doesn't handle this `default` very well.
+const logger = loggerInit.default(core, { name: 'contrast:rewriter:cli' });
+
+if (!config.agent.node.rewrite.enable || !config.agent.node.rewrite.cache.enable) {
+  logger.warn({ 'config.agent.node.rewrite': config.agent.node.rewrite }, 'rewriter config');
+  throw new Error('Rewriting disabled.');
+}
+
+const appInfo = appInfoInit(core);
+if (appInfo._errors?.length) throw appInfo._errors[0];
+
+const rewriter = rewriterInit(core);
+
+/**
+ * Keeps track of visited files so we don't bother rewriting multiple times.
+ * @type {Set<string>}
+ */
+const visited = new Set();
+
+class RewriteVisitor extends Visitor {
+  /** @param {string} filename */
+  constructor(filename) {
+    super();
+    visited.add(filename);
+    this.parentUrl = pathToFileURL(filename);
+    this.require = createRequire(filename);
+  }
+
+  /**
+   * Visit the argument of an import declaration or `import()` function to
+   * rewrite the arg if it's a valid (i.e., absolute) path.
+   * @param {string} source
+   */
+  visitImportSource(source) {
+    try {
+      const filename = fileURLToPath(import.meta.resolve(source, this.parentUrl));
+      if (path.isAbsolute(filename)) {
+        rewriteFile(filename);
+      }
+    } catch (err) {
+      logger.error({ err }, 'unable to resolve %s', source);
+    }
+  }
+
+  /**
+   * Visit `import ... from 'source'`, recursively rewriting the resolved path
+   * of `source`.
+   * @param {swc.ImportDeclaration} n
+   */
+  visitImportDeclaration(n) {
+    this.visitImportSource(n.source.value);
+    return super.visitImportDeclaration(n);
+  }
+
+  /**
+   * Visit the argument of a `require()` call to rewrite the arg if it's a valid
+   * (i.e., absolute) path.
+   * @param {string} arg
+   */
+  visitRequireArg(arg) {
+    try {
+      const filename = this.require.resolve(arg);
+      if (path.isAbsolute(filename)) {
+        rewriteFile(filename);
+      }
+    } catch (err) {
+      logger.error({ err }, 'unable to resolve %s', arg);
+    }
+  }
+
+  /**
+   * Visits `import(...)` or `require(...)` call expressions, recursively
+   * rewriting the resolved path of the first argument if it's a string literal.
+   * @param {swc.CallExpression} n
+   */
+  visitCallExpression(n) {
+    if (n.callee.type === 'Import') {
+      const { expression } = n.arguments[0];
+      if (expression.type === 'StringLiteral') {
+        this.visitImportSource(expression.value);
+      }
+    } else if (n.callee.type === 'Identifier' && n.callee.value === 'require') {
+      const { expression } = n.arguments[0];
+      if (expression.type === 'StringLiteral') {
+        this.visitRequireArg(expression.value);
+      }
+    }
+
+    return super.visitCallExpression(n);
+  }
+}
+
+/** @param {string} filename */
+function shouldSkipFile(filename) {
+  return (
+    !RegExpPrototypeTest.call(JS_FILE_REGEX, filename) ||
+    visited.has(filename) ||
+    !!rewriteIsDeadzoned(filename)
+  );
+}
+
+/** @param {string} filename */
+async function rewriteFile(filename) {
+  if (shouldSkipFile(filename)) return;
+
+  try {
+    const content = (await readFile(filename)).toString();
+
+    const result = await rewriter.rewrite(content, {
+      filename,
+      inject: true,
+      minify: true,
+    });
+    rewriter.cache.write(filename, result);
+
+    /** @type {swc.Module | swc.Script} */
+    const program = await swc.parse(content);
+    const visitor = new RewriteVisitor(filename);
+    visitor.visitProgram(program);
+  } catch (err) {
+    logger.error({ err }, 'unable to parse or rewrite %s', filename);
+  }
+}
+
+export { agentVersion as version };
+
+/**
+ * @param {string} filename
+ * @param {object} opts
+ * @param {boolean=} opts.assess
+ * @param {boolean=} opts.protect
+ */
+export async function action(filename, opts) {
+  if (!opts.protect && (config.assess.enable || opts.assess)) {
+    rewriter.install('assess');
+  } else {
+    rewriter.install('protect');
+  }
+
+  logger.info(
+    'Caching rewriter results to %s',
+    path.join(rewriter.cache.cacheDir, rewriter.modes.has('assess') ? 'assess' : 'protect'),
+  );
+  logger.debug({ config }, 'Agent configuration');
+  return rewriteFile(filename);
+}

package/lib/rewrite/program.mjs

@@ -0,0 +1,28 @@
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import { program } from 'commander';
+import path from 'node:path';
+import { action, version } from './index.mjs';
+
+program
+  .name('npx -p @contrast/cli rewrite')
+  .version(version)
+  .description('Rewrites application files, caching them so that rewriting does not need to occur when the application runs.')
+  .argument('<entrypoint>', 'The entrypoint for the application', entrypoint => path.resolve(entrypoint))
+  .option('-a, --assess', 'rewrite in assess mode')
+  .option('-p, --protect', 'rewrite in protect mode')
+  .action(action)
+  .parse(process.argv);

package/lib/system-diagnostics.mjs

@@ -0,0 +1,51 @@
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import { primordials } from '@contrast/common';
+import configInit from '@contrast/config';
+import appInfoInit from '@contrast/core/lib/app-info.js';
+import systemInfoInit from '@contrast/core/lib/system-info/index.js';
+import loggerInit from '@contrast/logger';
+import Perf from '@contrast/perf';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { EOL } from 'node:os';
+
+const { JSONStringify } = primordials;
+const packageJson = JSON.parse(readFileSync(new URL('../package.json', import.meta.url), 'utf8'));
+const { name: agentName, version: agentVersion } = packageJson;
+
+export { agentVersion as version };
+
+export async function action(options) {
+  const core = { agentName, agentVersion, Perf };
+  configInit(core);
+  loggerInit.default(core, { level: 'silent' });
+  appInfoInit(core);
+  systemInfoInit(core);
+
+  for (const err of core.config._errors) {
+    throw err;
+  }
+
+  const systemInfo = await core.getSystemInfo();
+  const content = JSONStringify(systemInfo, null, 2) + EOL;
+
+  if (!options.quiet) {
+    writeFileSync(process.stdout.fd, content, 'utf8');
+  }
+  if (options.output) {
+    writeFileSync(options.output, content, 'utf-8');
+  }
+}

package/package.json

@@ -1,19 +1,21 @@
 {
   "name": "@contrast/cli",
-  "version": "1.54.0",
+  "version": "1.56.0",
+  "type": "module",
   "description": "A collection of agent related CLI utilities",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
   "files": [
+    "bin/",
     "lib/",
     "!*.test.*",
     "!tsconfig.*",
     "!*.map"
   ],
   "bin": {
-    "config-diagnostics": "lib/config-diagnostics.js",
-    "rewrite": "lib/rewrite.js",
-    "system-diagnostics": "lib/system-diagnostics.js"
+    "config-diagnostics": "bin/config-diagnostics.mjs",
+    "rewrite": "bin/rewrite.mjs",
+    "system-diagnostics": "bin/system-diagnostics.mjs"
   },
   "engines": {
     "npm": ">=6.13.7 <7 || >= 8.3.1",
@@ -24,14 +26,14 @@
   },
   "dependencies": {
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/rewriter": "1.32.0",
-    "@contrast/common": "1.36.0",
-    "@contrast/config": "1.51.0",
-    "@contrast/core": "1.56.0",
-    "@contrast/logger": "1.29.0",
+    "@contrast/rewriter": "1.34.0",
+    "@contrast/common": "1.37.0",
+    "@contrast/config": "1.52.1",
+    "@contrast/core": "1.57.1",
+    "@contrast/logger": "1.30.1",
     "@contrast/perf": "1.4.0",
-    "@contrast/reporter": "1.54.0",
-    "@contrast/scopes": "1.26.0",
+    "@contrast/reporter": "1.55.1",
+    "@contrast/scopes": "1.27.1",
     "@swc/core": "1.13.3",
     "commander": "^9.4.1"
   }

package/lib/rewrite.js

@@ -1,206 +0,0 @@
-#!/usr/bin/env node
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
-
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-// @ts-check
-'use strict';
-
-const { readFile } = require('node:fs/promises');
-const { createRequire } = require('node:module');
-const path = require('node:path');
-const { program } = require('commander');
-const swc = require('@swc/core');
-const { Visitor } = require('@swc/core/Visitor');
-const { primordials: { RegExpPrototypeTest, JSONParse } } = require('@contrast/common');
-const { findPackageJson } = require('@contrast/find-package-json');
-const { rewriteIsDeadzoned } = require('@contrast/rewriter/lib/rewrite-is-deadzoned');
-const { version } = require('../package.json');
-
-const JS_FILE_REGEX = /\.[cm]?js$/;
-
-/** @type {any} */
-const core = { Perf: require('@contrast/perf') };
-require('@contrast/core/lib/messages')(core);
-const config = require('@contrast/config')(core);
-if (core.config._errors?.length) throw core.config._errors[0];
-
-const logger = require('@contrast/logger').default(core, { name: 'contrast:rewriter:cli' });
-
-if (!config.agent.node.rewrite.enable || !config.agent.node.rewrite.cache.enable) {
-  logger.warn({ 'config.agent.node.rewrite': config.agent.node.rewrite }, 'rewriter config');
-  throw new Error('Rewriting disabled.');
-}
-
-const appInfo = require('@contrast/core/lib/app-info')(core);
-if (appInfo._errors?.length) throw appInfo._errors[0];
-
-const rewriter = require('@contrast/rewriter')(core);
-
-/**
- * Keeps track of visited files so we don't bother rewriting multiple times.
- * @type {Set<string>}
- */
-const visited = new Set();
-
-/** @param {string} filename absolute path */
-async function isModuleFile(filename) {
-  // if the file extension specifies the type, there's no need to do extra IO
-  const ext = path.extname(filename);
-  if (ext === '.mjs') {
-    return true;
-  }
-
-  if (ext === '.cjs') {
-    return false;
-  }
-
-  // check for type: 'module' in a file's package json, otherwise assume CJS.
-  try {
-    const pkg = await findPackageJson({ cwd: filename });
-    if (pkg && JSONParse((await readFile(pkg)).toString()).type === 'module') {
-      return true;
-    }
-  } catch {
-    return false;
-  }
-
-  return false;
-}
-
-class RewriteVisitor extends Visitor {
-  /** @param {string} filename */
-  constructor(filename) {
-    super();
-    visited.add(filename);
-
-    /**
-     * Create a local `require` function so we can resolve relative filenames.
-     * @type {NodeRequire}
-     */
-    this.require = createRequire(filename);
-  }
-
-  /**
-   * Visit the String Literal argument of either `import` or `require`, trying
-   * to rewrite the arg if it's a valid (i.e., absolute) path.
-   * @param {swc.StringLiteral} n
-   */
-  visitImportOrRequireString(n) {
-    try {
-      const filename = this.require.resolve(n.value);
-      if (path.isAbsolute(filename)) {
-        rewriteFile(filename);
-      }
-    } catch (err) {
-      logger.debug({ n, err }, 'unable to resolve %s', n.value);
-    }
-  }
-
-  /**
-   * Visit `import ... from 'source'`, recursively rewriting the resolved path
-   * of `source`.
-   * @param {swc.ImportDeclaration} n
-   */
-  visitImportDeclaration(n) {
-    this.visitImportOrRequireString(n.source);
-    return super.visitImportDeclaration(n);
-  }
-
-  /**
-   * Visits `import(...)` or `require(...)` call expressions, recursively
-   * rewriting the resolved path of the first argument if it's a string literal.
-   * @param {swc.CallExpression} n
-   */
-  visitCallExpression(n) {
-    if (n.callee.type === 'Import' || (n.callee.type === 'Identifier' && n.callee.value === 'require')) {
-      const { expression } = n.arguments[0];
-      if (expression.type === 'StringLiteral') {
-        this.visitImportOrRequireString(expression);
-      }
-    }
-
-    return super.visitCallExpression(n);
-  }
-}
-
-/** @param {string} filename */
-async function rewriteFile(filename) {
-  if (
-    !RegExpPrototypeTest.call(JS_FILE_REGEX, filename) ||
-    visited.has(filename) ||
-    rewriteIsDeadzoned(filename)
-  ) return;
-
-  try {
-    const content = (await readFile(filename)).toString();
-    const isModule = await isModuleFile(filename);
-
-    const result = await rewriter.rewrite(content, {
-      filename,
-      isModule,
-      inject: true,
-      wrap: !isModule,
-      minify: true,
-    });
-    rewriter.cache.write(filename, result);
-
-    /** @type {swc.Module | swc.Script} */
-    const program = await swc.parse(content, {
-      // @ts-expect-error swc types expect a literal, not an arbitrary boolean.
-      isModule
-    });
-    const visitor = new RewriteVisitor(filename);
-    visitor.visitProgram(program);
-  } catch (err) {
-    logger.debug({ err }, 'unable to parse or rewrite %s', filename);
-  }
-}
-
-/**
- * @param {string} filename
- * @param {object} opts
- * @param {boolean=} opts.assess
- * @param {boolean=} opts.protect
- */
-async function action(filename, opts) {
-  if (!opts.protect && (config.assess.enable || opts.assess)) {
-    rewriter.install('assess');
-  } else {
-    rewriter.install('protect');
-  }
-
-  logger.info(
-    'Caching rewriter results to %s',
-    path.join(
-      rewriter.cache.cacheDir,
-      rewriter.modes.has('assess') ? 'assess' : 'protect'
-    ),
-  );
-  logger.debug({ config }, 'Agent configuration');
-  return rewriteFile(filename);
-}
-
-if (require.main === module) {
-  program
-    .name('npx -p @contrast/cli rewrite')
-    .version(version)
-    .description('Rewrites application files, caching them so that rewriting does not need to occur when the application runs.')
-    .argument('<entrypoint>', 'The entrypoint for the application', entrypoint => path.resolve(entrypoint))
-    .option('-a, --assess', 'rewrite in assess mode')
-    .option('-p, --protect', 'rewrite in protect mode')
-    .action(action)
-    .parse(process.argv);
-}
-
-module.exports.action = action;

package/lib/system-diagnostics.js

@@ -1,57 +0,0 @@
-#!/usr/bin/env node
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
-
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-
-const commander = require('commander');
-const fs = require('fs');
-const { EOL } = require('os');
-const path = require('path');
-const { name: agentName, version: agentVersion } = require('../package.json');
-const { primordials: { JSONStringify } } = require('@contrast/common');
-
-if (require.main === module) {
-  commander.program
-    .name('system-diagnostics')
-    .description('The system-diagnostics utility returns the system info for the server/container the agent is running on.')
-    .option('-q, --quiet', 'suppress logging to stdout')
-    .option('-o, --output <string>', 'output directory for generated JSON file', path.join(process.cwd(), 'contrast_system_info.json'))
-    .action(action)
-    .parse();
-}
-
-async function action(options) {
-  const core = { agentName, agentVersion, Perf: require('@contrast/perf') };
-  require('@contrast/config')(core);
-  require('@contrast/logger').default(core, { level: 'silent' });
-  require('@contrast/core/lib/app-info')(core);
-  require('@contrast/core/lib/system-info')(core);
-
-  for (const err of core.config._errors) {
-    throw err;
-  }
-
-  const systemInfo = await core.getSystemInfo();
-  const content = JSONStringify(systemInfo, null, 2) + EOL;
-
-  if (!options.quiet) {
-    fs.writeFileSync(1, content, 'utf8');
-  }
-  if (options.output) {
-    fs.writeFileSync(options.output, content, 'utf-8');
-  }
-}
-
-module.exports.action = action;