@rafter-security/cli 0.1.0

package/README.md

@@ -0,0 +1,108 @@
+# @rafter-security/cli
+
+A Node.js CLI for Rafter Security that supports npm, pnpm, and yarn package managers.
+
+## Installation
+
+```bash
+# Using npm
+npm install -g @rafter-security/cli
+
+# Using pnpm
+pnpm add -g @rafter-security/cli
+
+# Using yarn
+yarn global add @rafter-security/cli
+```
+
+## Quick Start
+
+```bash
+# Set your API key
+export RAFTER_API_KEY="your-api-key-here"
+
+# Run a security scan
+rafter run
+
+# Get scan results
+rafter get <scan-id>
+
+# Check API usage
+rafter usage
+```
+
+## Commands
+
+### `rafter run [options]`
+
+Trigger a new security scan for your repository.
+
+**Options:**
+- `-r, --repo <repo>` - Repository in format `org/repo` (default: auto-detected)
+- `-b, --branch <branch>` - Branch name (default: auto-detected)
+- `-k, --api-key <key>` - API key (or set `RAFTER_API_KEY` env var)
+- `-f, --format <format>` - Output format: `json` or `md` (default: `json`)
+- `--skip-interactive` - Don't wait for scan completion
+- `--quiet` - Suppress status messages
+
+**Examples:**
+```bash
+# Basic scan with auto-detection
+rafter run
+
+# Scan specific repo/branch
+rafter run --repo myorg/myrepo --branch feature-branch
+
+# Non-interactive scan
+rafter run --skip-interactive
+```
+
+### `rafter get <scan-id> [options]`
+
+Retrieve results from a completed scan.
+
+**Options:**
+- `-k, --api-key <key>` - API key (or set `RAFTER_API_KEY` env var)
+- `-f, --format <format>` - Output format: `json` or `md` (default: `json`)
+- `--interactive` - Poll until scan completes
+- `--quiet` - Suppress status messages
+
+**Examples:**
+```bash
+# Get scan results
+rafter get <scan-id>
+
+# Wait for scan completion
+rafter get <scan-id> --interactive
+```
+
+### `rafter usage [options]`
+
+Check your API quota and usage.
+
+**Options:**
+- `-k, --api-key <key>` - API key (or set `RAFTER_API_KEY` env var)
+
+**Example:**
+```bash
+rafter usage
+```
+
+## Configuration
+
+### Environment Variables
+
+- `RAFTER_API_KEY` - Your Rafter API key (alternative to `--api-key` flag)
+
+### Git Auto-Detection
+
+The CLI automatically detects your repository and branch from the current Git repository:
+
+1. **Repository**: Extracted from Git remote URL
+2. **Branch**: Current branch name, or `main` if on detached HEAD
+
+**Note**: The CLI only scans remote repositories, not your current local branch.
+
+## Documentation
+
+For comprehensive documentation, API reference, and examples, see [https://docs.rafter.so](https://docs.rafter.so). 

package/dist/index.js

@@ -0,0 +1,281 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import axios from "axios";
+import ora from "ora";
+import * as dotenv from "dotenv";
+import { execSync } from "child_process";
+dotenv.config();
+const program = new Command()
+    .name("rafter")
+    .description("Rafter CLI")
+    .version("0.1.0");
+const API = "https://rafter.so/api/";
+// Exit codes
+const EXIT_SUCCESS = 0;
+const EXIT_GENERAL_ERROR = 1;
+const EXIT_SCAN_NOT_FOUND = 2;
+const EXIT_QUOTA_EXHAUSTED = 3;
+function resolveKey(cliKey) {
+    if (cliKey)
+        return cliKey;
+    if (process.env.RAFTER_API_KEY)
+        return process.env.RAFTER_API_KEY;
+    console.error("No API key provided. Use --api-key or set RAFTER_API_KEY");
+    process.exit(EXIT_GENERAL_ERROR);
+}
+function writePayload(data, fmt, quiet) {
+    const payload = fmt === "md" && data.markdown ? data.markdown : JSON.stringify(data, null, quiet ? 0 : 2);
+    // Stream to stdout for pipelines
+    process.stdout.write(payload);
+    return EXIT_SUCCESS;
+}
+function git(cmd) {
+    return execSync(`git ${cmd}`, { stdio: ["ignore", "pipe", "ignore"] })
+        .toString()
+        .trim();
+}
+function safeBranch(gitFn) {
+    try {
+        return gitFn("symbolic-ref --quiet --short HEAD");
+    }
+    catch {
+        return gitFn("rev-parse --short HEAD");
+    }
+}
+function parseRemote(url) {
+    url = url.replace(/^(https?:\/\/|git@)/, "").replace(":", "/");
+    if (url.endsWith(".git"))
+        url = url.slice(0, -4);
+    const parts = url.split("/");
+    return parts.slice(-2).join("/"); // owner/repo
+}
+function detectRepo(opts) {
+    if (opts.repo && opts.branch)
+        return opts;
+    const repoEnv = process.env.GITHUB_REPOSITORY || process.env.CI_REPOSITORY;
+    const branchEnv = process.env.GITHUB_REF_NAME || process.env.CI_COMMIT_BRANCH || process.env.CI_BRANCH;
+    let repoSlug = opts.repo || repoEnv;
+    let branch = opts.branch || branchEnv;
+    try {
+        if (!repoSlug || !branch) {
+            if (git("rev-parse --is-inside-work-tree") !== "true")
+                throw new Error("not a repo");
+            if (!repoSlug)
+                repoSlug = parseRemote(git("remote get-url origin"));
+            if (!branch) {
+                try {
+                    branch = safeBranch(git);
+                }
+                catch {
+                    branch = "main";
+                }
+            }
+        }
+        if ((!opts.repo || !opts.branch) && !opts.quiet) {
+            console.error(`Repo auto-detected: ${repoSlug} @ ${branch} (note: scanning remote)`);
+        }
+        return { repo: repoSlug, branch };
+    }
+    catch {
+        throw new Error("Could not auto-detect Git repository. Please pass --repo and --branch explicitly.");
+    }
+}
+async function handleScanStatus(scan_id, headers, fmt, quiet) {
+    // First poll
+    let poll;
+    try {
+        poll = await axios.get(`${API}/static/scan`, { params: { scan_id, format: fmt }, headers });
+    }
+    catch (e) {
+        if (e.response?.status === 404) {
+            console.error(`Scan '${scan_id}' not found`);
+            return EXIT_SCAN_NOT_FOUND;
+        }
+        console.error(`Error: ${e.response?.data || e.message}`);
+        return EXIT_GENERAL_ERROR;
+    }
+    let status = poll.data.status;
+    if (["queued", "pending", "processing"].includes(status)) {
+        if (!quiet) {
+            const spinner = ora("Waiting for scan to complete... (this could take several minutes)").start();
+            while (["queued", "pending", "processing"].includes(status)) {
+                await new Promise((r) => setTimeout(r, 10000));
+                poll = await axios.get(`${API}/static/scan`, { params: { scan_id, format: fmt }, headers });
+                status = poll.data.status;
+                if (status === "completed") {
+                    spinner.succeed("Scan completed");
+                    return writePayload(poll.data, fmt, quiet);
+                }
+                else if (status === "failed") {
+                    spinner.fail("Scan failed");
+                    return EXIT_GENERAL_ERROR;
+                }
+            }
+            console.error(`Scan status: ${status}`);
+        }
+        else {
+            while (["queued", "pending", "processing"].includes(status)) {
+                await new Promise((r) => setTimeout(r, 10000));
+                poll = await axios.get(`${API}/static/scan`, { params: { scan_id, format: fmt }, headers });
+                status = poll.data.status;
+                if (status === "completed") {
+                    return writePayload(poll.data, fmt, quiet);
+                }
+                else if (status === "failed") {
+                    return EXIT_GENERAL_ERROR;
+                }
+            }
+        }
+    }
+    else if (status === "completed") {
+        if (!quiet) {
+            console.error("Scan completed");
+        }
+        return writePayload(poll.data, fmt, quiet);
+    }
+    else if (status === "failed") {
+        console.error("Scan failed");
+        return EXIT_GENERAL_ERROR;
+    }
+    else {
+        if (!quiet) {
+            console.error(`Scan status: ${status}`);
+        }
+    }
+    return writePayload(poll.data, fmt, quiet);
+}
+program
+    .name("rafter")
+    .description("Rafter CLI");
+program
+    .command("run")
+    .option("-r, --repo <repo>", "org/repo (default: current)")
+    .option("-b, --branch <branch>", "branch (default: current else main)")
+    .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
+    .option("-f, --format <format>", "json | md", "json")
+    .option("--skip-interactive", "do not wait for scan to complete")
+    .option("--quiet", "suppress status messages")
+    .action(async (opts) => {
+    const key = resolveKey(opts.apiKey);
+    let repo, branch;
+    try {
+        ({ repo, branch } = detectRepo({ repo: opts.repo, branch: opts.branch, quiet: opts.quiet }));
+    }
+    catch (e) {
+        if (e instanceof Error) {
+            console.error(e.message);
+        }
+        else {
+            console.error(e);
+        }
+        process.exit(EXIT_GENERAL_ERROR);
+    }
+    if (!opts.quiet) {
+        const spinner = ora("Submitting scan").start();
+        try {
+            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch }, { headers: { "x-api-key": key } });
+            spinner.succeed(`Scan ID: ${data.scan_id}`);
+            if (opts.skipInteractive)
+                return;
+            const exitCode = await handleScanStatus(data.scan_id, { "x-api-key": key }, opts.format, opts.quiet);
+            process.exit(exitCode);
+        }
+        catch (e) {
+            spinner.fail("Request failed");
+            if (e.response?.status === 429) {
+                console.error("Quota exhausted");
+                process.exit(EXIT_QUOTA_EXHAUSTED);
+            }
+            else if (e.response?.data) {
+                console.error(e.response.data);
+            }
+            else if (e instanceof Error) {
+                console.error(e.message);
+            }
+            else {
+                console.error(e);
+            }
+            process.exit(EXIT_GENERAL_ERROR);
+        }
+    }
+    else {
+        try {
+            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch }, { headers: { "x-api-key": key } });
+            if (opts.skipInteractive)
+                return;
+            const exitCode = await handleScanStatus(data.scan_id, { "x-api-key": key }, opts.format, opts.quiet);
+            process.exit(exitCode);
+        }
+        catch (e) {
+            if (e.response?.status === 429) {
+                process.exit(EXIT_QUOTA_EXHAUSTED);
+            }
+            else if (e.response?.data) {
+                console.error(e.response.data);
+            }
+            else if (e instanceof Error) {
+                console.error(e.message);
+            }
+            else {
+                console.error(e);
+            }
+            process.exit(EXIT_GENERAL_ERROR);
+        }
+    }
+});
+program
+    .command("get")
+    .argument("<scan_id>")
+    .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
+    .option("-f, --format <format>", "json | md", "json")
+    .option("--interactive", "poll until done")
+    .option("--quiet", "suppress status messages")
+    .action(async (scan_id, opts) => {
+    const key = resolveKey(opts.apiKey);
+    if (!opts.interactive) {
+        try {
+            const { data } = await axios.get(`${API}/static/scan`, { params: { scan_id, format: opts.format }, headers: { "x-api-key": key } });
+            const exitCode = writePayload(data, opts.format, opts.quiet);
+            process.exit(exitCode);
+        }
+        catch (e) {
+            if (e.response?.status === 404) {
+                console.error(`Scan '${scan_id}' not found`);
+                process.exit(EXIT_SCAN_NOT_FOUND);
+            }
+            else if (e.response?.data) {
+                console.error(e.response.data);
+            }
+            else if (e instanceof Error) {
+                console.error(e.message);
+            }
+            else {
+                console.error(e);
+            }
+            process.exit(EXIT_GENERAL_ERROR);
+        }
+        return;
+    }
+    const exitCode = await handleScanStatus(scan_id, { "x-api-key": key }, opts.format, opts.quiet);
+    process.exit(exitCode);
+});
+program
+    .command("usage")
+    .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
+    .action(async (opts) => {
+    const key = resolveKey(opts.apiKey);
+    try {
+        const { data } = await axios.get(`${API}/static/usage`, { headers: { "x-api-key": key } });
+        console.log(JSON.stringify(data, null, 2));
+    }
+    catch (e) {
+        if (e.response?.data) {
+            console.error(e.response.data);
+        }
+        else {
+            console.error(e.message);
+        }
+        process.exit(EXIT_GENERAL_ERROR);
+    }
+});
+program.parse();

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@rafter-security/cli",
+  "version": "0.1.0",
+  "type": "module",
+  "bin": {
+    "rafter": "./dist/index.js"
+  },
+  "files": ["dist"],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "pnpm run build",
+    "test": "vitest"
+  },
+  "engines": { "node": ">=18" },
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^11.1.0",
+    "axios": "^1.6.8",
+    "dotenv": "^16.4.5",
+    "chalk": "^5.3.0",
+    "ora": "^7.0.1"
+  },
+  "devDependencies": {
+    "tsx": "^4.7.0",
+    "typescript": "^5.4.5",
+    "@types/node": "^20.11.30",
+    "vitest": "^1.5.0"
+  }
+}