npm - @qlucent/fishi - Versions diffs - 0.9.0 → 0.12.0 - Mend

@qlucent/fishi 0.9.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +109 -5
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -2,7 +2,7 @@
 // src/index.ts
 import { Command } from "commander";
-import chalk12 from "chalk";
+import chalk13 from "chalk";
 // src/commands/init.ts
 import chalk from "chalk";
@@ -10,7 +10,7 @@ import ora from "ora";
 import inquirer from "inquirer";
 import path3 from "path";
 import fs3 from "fs";
-import { detectConflicts, createBackup, detectDocker } from "@qlucent/fishi-core";
+import { detectConflicts, createBackup, detectDocker, getAvailableDomains, getDomainConfigYaml } from "@qlucent/fishi-core";
 // src/analyzers/detector.ts
 import fs from "fs";
@@ -1079,6 +1079,18 @@ async function initCommand(description, options) {
       }
     }
   }
+  let selectedDomain = "general";
+  if (options.interactive !== false) {
+    const domains = getAvailableDomains();
+    const { domain } = await inquirer.prompt([{
+      type: "list",
+      name: "domain",
+      message: "What type of application are you building?",
+      choices: domains,
+      default: "general"
+    }]);
+    selectedDomain = domain;
+  }
   const conflictResult = detectConflicts(targetDir);
   let resolutions;
   if (conflictResult.hasConflicts) {
@@ -1154,7 +1166,8 @@ async function initCommand(description, options) {
       brownfieldAnalysis: brownfieldData,
       resolutions,
       docsReadmeExists: conflictResult?.docsReadmeExists,
-      rootClaudeMdExists: conflictResult?.rootClaudeMdExists
+      rootClaudeMdExists: conflictResult?.rootClaudeMdExists,
+      domain: selectedDomain
     });
     if (brownfieldAnalysis) {
       const reportPath = path3.join(targetDir, ".fishi", "memory", "brownfield-analysis.md");
@@ -1174,6 +1187,12 @@ sandbox:
     if (fs3.existsSync(fishiYamlPath)) {
       fs3.appendFileSync(fishiYamlPath, sandboxYaml, "utf-8");
     }
+    if (selectedDomain !== "general") {
+      const fishiYamlPath2 = path3.join(targetDir, ".fishi", "fishi.yaml");
+      if (fs3.existsSync(fishiYamlPath2)) {
+        fs3.appendFileSync(fishiYamlPath2, getDomainConfigYaml(selectedDomain), "utf-8");
+      }
+    }
     const { getSandboxPolicyTemplate, getDockerfileTemplate } = await import("@qlucent/fishi-core");
     fs3.writeFileSync(path3.join(targetDir, ".fishi", "sandbox-policy.yaml"), getSandboxPolicyTemplate(), "utf-8");
     if (sandboxMode === "docker") {
@@ -2256,11 +2275,95 @@ async function designCommand(action, options) {
   }
 }
+// src/commands/security.ts
+import chalk12 from "chalk";
+import ora3 from "ora";
+import fs14 from "fs";
+import path14 from "path";
+import { runSecurityScan, generateSecurityReport, getScanRules } from "@qlucent/fishi-core";
+async function securityCommand(action, options) {
+  const targetDir = process.cwd();
+  if (action === "scan") {
+    console.log("");
+    console.log(chalk12.cyan.bold("  FISHI Security Scanner"));
+    console.log(chalk12.gray("  Native SAST + OWASP vulnerability detection"));
+    console.log("");
+    const spinner = ora3("Scanning for vulnerabilities...").start();
+    const report = runSecurityScan(targetDir);
+    spinner.succeed(`Scanned ${report.summary.filesScanned} files`);
+    console.log("");
+    if (options.json) {
+      console.log(JSON.stringify(report, null, 2));
+    } else {
+      const severityOrder = ["critical", "high", "medium", "low", "info"];
+      const severityColors = {
+        critical: chalk12.red.bold,
+        high: chalk12.red,
+        medium: chalk12.yellow,
+        low: chalk12.blue,
+        info: chalk12.gray
+      };
+      for (const sev of severityOrder) {
+        const sevFindings = report.findings.filter((f) => f.severity === sev);
+        if (sevFindings.length === 0) continue;
+        console.log(severityColors[sev](`  ${sev.toUpperCase()} (${sevFindings.length})`));
+        for (const f of sevFindings) {
+          console.log(chalk12.gray(`    ${f.file}:${f.line}`));
+          console.log(`      ${f.message}`);
+          if (f.cwe) console.log(chalk12.gray(`      ${f.cwe}`));
+          console.log(chalk12.green(`      Fix: ${f.fix}`));
+          console.log("");
+        }
+      }
+      console.log(chalk12.white.bold("  Summary"));
+      if (report.summary.critical > 0) console.log(chalk12.red(`    Critical: ${report.summary.critical}`));
+      if (report.summary.high > 0) console.log(chalk12.red(`    High:     ${report.summary.high}`));
+      if (report.summary.medium > 0) console.log(chalk12.yellow(`    Medium:   ${report.summary.medium}`));
+      if (report.summary.low > 0) console.log(chalk12.blue(`    Low:      ${report.summary.low}`));
+      if (report.summary.info > 0) console.log(chalk12.gray(`    Info:     ${report.summary.info}`));
+      console.log(`    Total:    ${report.summary.total}`);
+      console.log(`    Status:   ${report.summary.passed ? chalk12.green("PASSED") : chalk12.red("FAILED")}`);
+      console.log("");
+    }
+    const outputPath = options.output || (fs14.existsSync(path14.join(targetDir, ".fishi")) ? path14.join(targetDir, ".fishi", "security-report.md") : null);
+    if (outputPath) {
+      const dir = path14.dirname(outputPath);
+      if (!fs14.existsSync(dir)) fs14.mkdirSync(dir, { recursive: true });
+      fs14.writeFileSync(outputPath, generateSecurityReport(report), "utf-8");
+      console.log(chalk12.green(`  Report saved to ${path14.relative(targetDir, outputPath)}`));
+      console.log("");
+    }
+    if (!report.summary.passed) process.exit(1);
+  } else if (action === "rules") {
+    const rules = getScanRules();
+    console.log("");
+    console.log(chalk12.cyan.bold("  FISHI Security Scanner \u2014 Rules"));
+    console.log(chalk12.gray(`  ${rules.length} rules active`));
+    console.log("");
+    const byCategory = {};
+    for (const r of rules) {
+      if (!byCategory[r.category]) byCategory[r.category] = [];
+      byCategory[r.category].push(r);
+    }
+    for (const [cat, catRules] of Object.entries(byCategory)) {
+      console.log(chalk12.white.bold(`  ${cat}`));
+      for (const r of catRules) {
+        const sevColor = r.severity === "critical" ? chalk12.red : r.severity === "high" ? chalk12.red : r.severity === "medium" ? chalk12.yellow : chalk12.blue;
+        console.log(`    ${sevColor(r.severity.padEnd(8))} ${r.id}${r.cwe ? chalk12.gray(` (${r.cwe})`) : ""}`);
+        console.log(chalk12.gray(`             ${r.message}`));
+      }
+      console.log("");
+    }
+  } else {
+    console.log(chalk12.yellow(`  Unknown action: ${action}. Use: scan, rules`));
+  }
+}
 // src/index.ts
 var program = new Command();
 program.name("fishi").description(
-  chalk12.cyan("\u{1F41F} FISHI") + " \u2014 Your AI Dev Team That Actually Ships\n   Autonomous agent framework for Claude Code"
-).version("0.9.0");
+  chalk13.cyan("\u{1F41F} FISHI") + " \u2014 Your AI Dev Team That Actually Ships\n   Autonomous agent framework for Claude Code"
+).version("0.12.0");
 program.command("init").description("Initialize FISHI in the current directory").argument("[description]", "Project description (skip wizard with zero-config)").option("-l, --language <lang>", "Primary language (e.g., typescript, python)").option("-f, --framework <framework>", "Framework (e.g., nextjs, express, django)").option(
   "-c, --cost-mode <mode>",
   "Cost mode: performance | balanced | economy",
@@ -2276,4 +2379,5 @@ program.command("sandbox").description("Sandbox status and policy management").a
 program.command("quickstart").description("Vibe mode \u2014 skip gates, scaffold + start dev server immediately").argument("[description]", "What are you building?").option("-l, --language <lang>", "Primary language").option("-f, --framework <framework>", "Framework").option("-c, --cost-mode <mode>", "Cost mode", "balanced").option("--dev-cmd <cmd>", "Custom dev server command").option("--port <port>", "Dev server port").action(quickstartCommand);
 program.command("preview").description("Start live preview dev server").option("--dev-cmd <cmd>", "Custom dev server command").option("--port <port>", "Dev server port").action(previewCommand);
 program.command("design").description("Design system \u2014 detect tokens, init design system, validate with Brand Guardian").argument("<action>", "Action: detect | init | validate").option("-o, --output <path>", "Output path for design config").action(designCommand);
+program.command("security").description("Security scanner \u2014 native SAST + OWASP vulnerability detection").argument("<action>", "Action: scan | rules").option("-o, --output <path>", "Save report to file").option("--json", "Output as JSON").action(securityCommand);
 program.parse();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@qlucent/fishi",
-  "version": "0.9.0",
+  "version": "0.12.0",
   "description": "FISHI — Your AI Dev Team That Actually Ships. Autonomous agent framework for Claude Code.",
   "license": "MIT",
   "type": "module",