@rafter-security/cli 0.5.5 → 0.6.1

package/dist/core/policy-loader.js

@@ -136,10 +136,33 @@ function validatePolicy(policy, raw) {
             }
         }
         if (policy.scan.customPatterns !== undefined) {
-            if (!Array.isArray(policy.scan.customPatterns) || !policy.scan.customPatterns.every((v) => v && typeof v === "object" && typeof v.name === "string" && v.name !== "" && typeof v.regex === "string" && v.regex !== "" && typeof v.severity === "string")) {
-                console.error(`Warning: "scan.custom_patterns" must be an array of objects with name, regex, severity — ignoring.`);
+            if (!Array.isArray(policy.scan.customPatterns)) {
+                console.error(`Warning: "scan.custom_patterns" must be an array — ignoring.`);
                 delete policy.scan.customPatterns;
             }
+            else {
+                const valid = [];
+                for (const v of policy.scan.customPatterns) {
+                    if (!v || typeof v !== "object" || typeof v.name !== "string" || !v.name || typeof v.regex !== "string" || !v.regex || typeof v.severity !== "string") {
+                        console.error(`Warning: skipping malformed custom_patterns entry — must have name, regex, severity.`);
+                        continue;
+                    }
+                    try {
+                        new RegExp(v.regex);
+                    }
+                    catch {
+                        console.error(`Warning: skipping custom pattern "${v.name}" — invalid regex.`);
+                        continue;
+                    }
+                    valid.push(v);
+                }
+                if (valid.length > 0) {
+                    policy.scan.customPatterns = valid;
+                }
+                else {
+                    delete policy.scan.customPatterns;
+                }
+            }
         }
     }
     if (policy.audit) {

package/dist/index.js

@@ -4,20 +4,25 @@ import * as dotenv from "dotenv";
 import { createRunCommand } from "./commands/backend/run.js";
 import { createGetCommand } from "./commands/backend/get.js";
 import { createUsageCommand } from "./commands/backend/usage.js";
+import { createScanGroupCommand } from "./commands/scan/index.js";
 import { createAgentCommand } from "./commands/agent/index.js";
 import { createCiCommand } from "./commands/ci/index.js";
 import { createHookCommand } from "./commands/hook/index.js";
 import { createMcpCommand } from "./commands/mcp/index.js";
 import { createPolicyCommand } from "./commands/policy/index.js";
 import { createCompletionCommand } from "./commands/completion.js";
+import { createIssuesCommand } from "./commands/issues/index.js";
 import { checkForUpdate } from "./utils/update-checker.js";
 import { setAgentMode } from "./utils/formatter.js";
+import { createRequire } from "module";
 dotenv.config();
-const VERSION = "0.5.5";
+const require = createRequire(import.meta.url);
+const { version: VERSION } = require("../package.json");
 const program = new Command()
     .name("rafter")
     .description("Rafter CLI")
     .version(VERSION)
+    .enablePositionalOptions()
     .option("-a, --agent", "Plain output for AI agents (no colors/emoji)");
 // Set agent mode before any subcommand runs
 program.hook("preAction", (thisCommand) => {
@@ -26,10 +31,12 @@ program.hook("preAction", (thisCommand) => {
         setAgentMode(true);
     }
 });
-// Backend commands (existing)
+// Backend commands
 program.addCommand(createRunCommand());
 program.addCommand(createGetCommand());
 program.addCommand(createUsageCommand());
+// Scan command group (default: remote backend scan; subcommands: local, remote)
+program.addCommand(createScanGroupCommand());
 // Agent commands
 program.addCommand(createAgentCommand());
 // CI commands
@@ -40,6 +47,8 @@ program.addCommand(createHookCommand());
 program.addCommand(createMcpCommand());
 // Policy commands
 program.addCommand(createPolicyCommand());
+// GitHub Issues integration
+program.addCommand(createIssuesCommand());
 // Shell completions
 program.addCommand(createCompletionCommand());
 // Non-blocking update check — runs after command, prints to stderr

package/dist/scanners/gitleaks.js

@@ -1,5 +1,6 @@
 import { execFile } from "child_process";
 import { promisify } from "util";
+import { randomBytes } from "crypto";
 import { BinaryManager } from "../utils/binary-manager.js";
 import fs from "fs";
 import os from "os";
@@ -26,7 +27,7 @@ export class GitleaksScanner {
             throw new Error("Gitleaks not available");
         }
         const gitleaksPath = this.binaryManager.getGitleaksPath();
-        const tmpReport = path.join(os.tmpdir(), `gitleaks-${Date.now()}-${Math.random().toString(36).slice(2, 8)}.json`);
+        const tmpReport = path.join(os.tmpdir(), `gitleaks-${Date.now()}-${randomBytes(6).toString("hex")}.json`);
         try {
             // Run gitleaks detect on file
             await execFileAsync(gitleaksPath, ["detect", "--no-git", "-f", "json", "-r", tmpReport, "-s", filePath], { timeout: 30000 });
@@ -44,11 +45,7 @@ export class GitleaksScanner {
             };
         }
         catch (e) {
-            // Clean up report
-            if (fs.existsSync(tmpReport)) {
-                fs.unlinkSync(tmpReport);
-            }
-            // Gitleaks exits with code 1 when leaks found
+            // Gitleaks exits with code 1 when leaks found — read report before cleanup
             if (e.code === 1 && fs.existsSync(tmpReport)) {
                 const results = this.parseResults(tmpReport);
                 fs.unlinkSync(tmpReport);
@@ -57,6 +54,10 @@ export class GitleaksScanner {
                     matches: results.map(r => this.convertToPatternMatch(r))
                 };
             }
+            // Clean up report for non-leak errors
+            if (fs.existsSync(tmpReport)) {
+                fs.unlinkSync(tmpReport);
+            }
             throw new Error(`Gitleaks scan failed: ${e.message}`);
         }
     }
@@ -86,7 +87,7 @@ export class GitleaksScanner {
             throw new Error("Gitleaks not available");
         }
         const gitleaksPath = this.binaryManager.getGitleaksPath();
-        const tmpReport = path.join(os.tmpdir(), `gitleaks-${Date.now()}-${Math.random().toString(36).slice(2, 8)}.json`);
+        const tmpReport = path.join(os.tmpdir(), `gitleaks-${Date.now()}-${randomBytes(6).toString("hex")}.json`);
         try {
             // Run gitleaks detect on directory
             await execFileAsync(gitleaksPath, ["detect", "--no-git", "-f", "json", "-r", tmpReport, "-s", dirPath], { timeout: 60000 });

package/dist/scanners/regex-scanner.js

@@ -57,7 +57,18 @@ export class RegexScanner {
             ".next",
             "coverage",
             ".vscode",
-            ".idea"
+            ".idea",
+            // Vendored / virtual-env / generated dirs that cause false positives
+            "vendor",
+            ".venv",
+            "venv",
+            "__pycache__",
+            ".tox",
+            ".mypy_cache",
+            ".pytest_cache",
+            "results",
+            ".terraform",
+            "bower_components"
         ];
         // Merge policy excludePaths into the exclude list
         if (options?.excludePaths) {
@@ -101,6 +112,10 @@ export class RegexScanner {
         try {
             const entries = fs.readdirSync(dir, { withFileTypes: true });
             for (const entry of entries) {
+                // Skip symlinks to prevent traversal outside intended scope
+                if (entry.isSymbolicLink()) {
+                    continue;
+                }
                 const fullPath = path.join(dir, entry.name);
                 // Skip excluded directories
                 if (exclude.includes(entry.name)) {

package/dist/scanners/secret-patterns.js

@@ -90,13 +90,13 @@ export const DEFAULT_SECRET_PATTERNS = [
     // Generic patterns
     {
         name: "Generic API Key",
-        regex: "(?i)(api[_-]?key|apikey)[\\s]*[:=][\\s]*['\"]?[0-9a-zA-Z\\-_]{16,}['\"]?",
+        regex: "(?i)(?<![a-zA-Z0-9_])(api[_-]?key|apikey)[\\s]*[:=][\\s]*['\"](?=[0-9a-zA-Z\\-_]*[0-9])[0-9a-zA-Z\\-_]{16,256}['\"]",
         severity: "high",
         description: "Generic API key pattern detected"
     },
     {
         name: "Generic Secret",
-        regex: "(?i)(secret|password|passwd|pwd)[\\s]*[:=][\\s]*['\"]?[0-9a-zA-Z\\-_!@#$%^&*()]{8,}['\"]?",
+        regex: "(?i)(?<![a-zA-Z0-9_])(secret|password|passwd|pwd)[\\s]*[:=][\\s]*['\"](?=[^\\s'\"]*[0-9])(?=[^\\s'\"]*[a-zA-Z])[0-9a-zA-Z\\-_!@#$%^&*()]{12,256}['\"]",
         severity: "high",
         description: "Generic secret pattern detected"
     },
@@ -108,21 +108,21 @@ export const DEFAULT_SECRET_PATTERNS = [
     },
     {
         name: "Bearer Token",
-        regex: "(?i)bearer[\\s]+[a-zA-Z0-9\\-_\\.=]+",
+        regex: "(?i)bearer[\\s]+(?=[a-zA-Z0-9\\-_\\.=]*[0-9])(?=[a-zA-Z0-9\\-_\\.=]*[a-zA-Z])[a-zA-Z0-9\\-_\\.=]{20,512}",
         severity: "high",
         description: "Bearer token detected"
     },
     // Database connection strings
     {
         name: "Database Connection String",
-        regex: "(?i)(postgres|mysql|mongodb)://[^\\s]+:[^\\s]+@[^\\s]+",
+        regex: "(?i)(postgres|mysql|mongodb)://[^\\s:@]+:[^\\s@]+@[^\\s]+",
         severity: "critical",
         description: "Database connection string with credentials detected"
     },
     // JWT
     {
         name: "JSON Web Token",
-        regex: "eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}",
+        regex: "eyJ[A-Za-z0-9_-]{10,2048}\\.[A-Za-z0-9_-]{10,2048}\\.[A-Za-z0-9_-]{10,2048}",
         severity: "high",
         description: "JWT token detected"
     },
@@ -136,7 +136,7 @@ export const DEFAULT_SECRET_PATTERNS = [
     // PyPI token
     {
         name: "PyPI Token",
-        regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\\-_]{50,}",
+        regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\\-_]{50,1024}",
         severity: "critical",
         description: "PyPI API token detected"
     }

package/dist/utils/api.js

@@ -4,6 +4,24 @@ export const EXIT_SUCCESS = 0;
 export const EXIT_GENERAL_ERROR = 1;
 export const EXIT_SCAN_NOT_FOUND = 2;
 export const EXIT_QUOTA_EXHAUSTED = 3;
+export const EXIT_INSUFFICIENT_SCOPE = 4;
+/**
+ * Detect a 403 scope-enforcement error from the API and print a helpful message.
+ * Returns true if the error was a scope error (caller should exit), false otherwise.
+ */
+export function handleScopeError(e) {
+    if (!e || e.response?.status !== 403)
+        return false;
+    const body = e.response?.data;
+    const msg = typeof body === "string" ? body : body?.error ?? "";
+    if (msg.includes("scope")) {
+        console.error('Error: This API key only has read access.\nTo trigger scans, create a key with "Read & Scan" scope at https://rfrr.co/account');
+    }
+    else {
+        console.error(`Error: Forbidden (403) — ${msg || "access denied"}`);
+    }
+    return true;
+}
 export function resolveKey(cliKey) {
     if (cliKey)
         return cliKey;

package/dist/utils/binary-manager.js

@@ -1,6 +1,7 @@
 import fs from "fs";
 import os from "os";
 import path from "path";
+import crypto from "crypto";
 import https from "https";
 import { exec, execSync } from "child_process";
 import { promisify } from "util";
@@ -75,10 +76,10 @@ export class BinaryManager {
             return false;
         }
         try {
-            const { stdout } = await execAsync(`"${this.getGitleaksPath()}" version`, {
-                timeout: 5000
-            });
-            return stdout.includes("gitleaks version");
+            // execAsync rejects on non-zero exit, so reaching here means exit code 0.
+            // Accept any successful exit — don't require specific stdout content.
+            await execAsync(`"${this.getGitleaksPath()}" version`, { timeout: 5000 });
+            return true;
         }
         catch {
             return false;
@@ -91,8 +92,9 @@ export class BinaryManager {
         const gitleaksPath = binaryPath ?? this.getGitleaksPath();
         try {
             const { stdout, stderr } = await execAsync(`"${gitleaksPath}" version`, { timeout: 5000 });
-            const ok = stdout.includes("gitleaks version");
-            return { ok, stdout: stdout.trim(), stderr: stderr.trim() };
+            // execAsync rejects on non-zero exit, so reaching here means exit code 0.
+            // Accept any successful exit — don't require specific stdout content.
+            return { ok: true, stdout: stdout.trim(), stderr: stderr.trim() };
         }
         catch (e) {
             const err = e;
@@ -172,6 +174,10 @@ export class BinaryManager {
             // Log downloaded file size as basic integrity signal
             const stats = fs.statSync(archivePath);
             log(`  Downloaded: ${(stats.size / 1024).toFixed(1)} KB`);
+            // Verify SHA256 checksum against official checksums file
+            log("Verifying checksum...");
+            await this.verifyChecksum(archivePath, platform, arch, version, log);
+            log("  ✓ Checksum verified");
             // Extract binary
             log("Extracting binary...");
             if (platform === "windows") {
@@ -321,6 +327,64 @@ export class BinaryManager {
             });
         });
     }
+    /**
+     * Verify downloaded archive checksum against official gitleaks checksums file.
+     */
+    async verifyChecksum(archivePath, platform, arch, version, onProgress) {
+        const checksumsUrl = `https://github.com/gitleaks/gitleaks/releases/download/v${version}/gitleaks_${version}_checksums.txt`;
+        const checksumsPath = path.join(this.binDir, "checksums.txt");
+        try {
+            await this.downloadFile(checksumsUrl, checksumsPath, () => { });
+            const checksumsContent = fs.readFileSync(checksumsPath, "utf-8");
+            const archiveFilename = platform === "windows"
+                ? `gitleaks_${version}_windows_${arch}.zip`
+                : `gitleaks_${version}_${platform}_${arch}.tar.gz`;
+            const expectedHash = this.parseChecksumFile(checksumsContent, archiveFilename);
+            if (!expectedHash) {
+                throw new Error(`Checksum not found for ${archiveFilename} in checksums file`);
+            }
+            const actualHash = await this.computeSHA256(archivePath);
+            if (actualHash !== expectedHash) {
+                throw new Error(`Checksum mismatch for ${archiveFilename}:\n` +
+                    `  Expected: ${expectedHash}\n` +
+                    `  Actual:   ${actualHash}\n` +
+                    `The downloaded file may be corrupted or tampered with.`);
+            }
+        }
+        finally {
+            if (fs.existsSync(checksumsPath)) {
+                fs.unlinkSync(checksumsPath);
+            }
+        }
+    }
+    /**
+     * Parse a checksums.txt file and return the SHA256 hash for the given filename.
+     */
+    parseChecksumFile(content, filename) {
+        for (const line of content.split("\n")) {
+            const trimmed = line.trim();
+            if (!trimmed)
+                continue;
+            // Format: "<sha256>  <filename>" (two spaces between hash and filename)
+            const parts = trimmed.split(/\s+/);
+            if (parts.length >= 2 && parts[1] === filename) {
+                return parts[0].toLowerCase();
+            }
+        }
+        return null;
+    }
+    /**
+     * Compute SHA256 hash of a file.
+     */
+    computeSHA256(filePath) {
+        return new Promise((resolve, reject) => {
+            const hash = crypto.createHash("sha256");
+            const stream = fs.createReadStream(filePath);
+            stream.on("data", (data) => hash.update(data));
+            stream.on("end", () => resolve(hash.digest("hex")));
+            stream.on("error", reject);
+        });
+    }
     /**
      * Extract zip (Windows) — uses PowerShell's Expand-Archive, then copies
      * only the gitleaks.exe binary to binDir. Cleans up the temp extract dir.
@@ -329,7 +393,10 @@ export class BinaryManager {
         const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), "rafter-gitleaks-"));
         try {
             // PowerShell 5+ ships on all supported Windows versions
-            await execAsync(`powershell -NoProfile -Command "Expand-Archive -Force -LiteralPath '${zipPath}' -DestinationPath '${tempDir}'"`, { timeout: 30000 });
+            // Escape single quotes to prevent shell injection ('' is the PS escape for ')
+            const safeZipPath = zipPath.replace(/'/g, "''");
+            const safeTempDir = tempDir.replace(/'/g, "''");
+            await execAsync(`powershell -NoProfile -Command "Expand-Archive -Force -LiteralPath '${safeZipPath}' -DestinationPath '${safeTempDir}'"`, { timeout: 30000 });
             // Find gitleaks.exe — may be at root or inside a subdirectory
             const findBinary = (dir) => {
                 for (const entry of fs.readdirSync(dir)) {

package/dist/utils/skill-manager.js

@@ -156,15 +156,17 @@ export class SkillManager {
     async installRafterSkillVerbose(force = false) {
         const skillPath = this.getRafterSkillPath();
         const sourcePath = this.getRafterSkillSourcePath();
-        if (!this.isOpenClawInstalled()) {
-            return { ok: false, sourcePath, destPath: skillPath, error: `OpenClaw skills directory not found: ${this.getOpenClawSkillsDir()}` };
+        // Check if ~/.openclaw exists (the parent dir), not just the skills subdir
+        const openclawDir = path.join(os.homedir(), ".openclaw");
+        if (!fs.existsSync(openclawDir)) {
+            return { ok: false, sourcePath, destPath: skillPath, error: `OpenClaw not found: ${openclawDir}` };
         }
         // Check if already installed and not forcing
         if (!force && this.isRafterSkillInstalled()) {
             return { ok: true, sourcePath, destPath: skillPath };
         }
         try {
-            // Ensure skills directory exists
+            // Ensure skills directory exists (may not exist on fresh OpenClaw installs)
             const skillsDir = this.getOpenClawSkillsDir();
             if (!fs.existsSync(skillsDir)) {
                 fs.mkdirSync(skillsDir, { recursive: true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rafter-security/cli",
-  "version": "0.5.5",
+  "version": "0.6.1",
   "type": "module",
   "bin": {
     "rafter": "./dist/index.js"
@@ -20,13 +20,15 @@
   "license": "MIT",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.0",
-    "axios": "^1.6.8",
+    "axios": "^1.13.5",
     "chalk": "^5.3.0",
+    "chokidar": "^5.0.0",
     "commander": "^11.1.0",
     "dotenv": "^16.4.5",
     "js-yaml": "^4.1.0",
+    "minimatch": "^10.2.4",
     "ora": "^7.0.1",
-    "tar": "^7.5.7"
+    "tar": "^7.5.10"
   },
   "devDependencies": {
     "@types/js-yaml": "^4.0.9",

package/resources/pre-commit-hook.sh

@@ -27,14 +27,14 @@ fi
 echo "🔍 Rafter: Scanning staged files for secrets..."
 
 # Scan staged files
-rafter agent scan --staged --quiet
+rafter scan local --staged --quiet
 
 EXIT_CODE=$?
 
 if [ $EXIT_CODE -ne 0 ]; then
     echo -e "${RED}❌ Commit blocked: Secrets detected in staged files${NC}"
     echo ""
-    echo "   Run: rafter agent scan --staged"
+    echo "   Run: rafter scan local --staged"
     echo "   To see details and remediate."
     echo ""
     echo "   To bypass (NOT recommended): git commit --no-verify"

package/resources/pre-push-hook.sh

@@ -38,7 +38,7 @@ while read local_ref local_sha remote_ref remote_sha; do
 
     echo "🔍 Rafter: Scanning commits being pushed ($local_ref)..."
 
-    rafter agent scan --diff "$ref_arg" --quiet
+    rafter scan local --diff "$ref_arg" --quiet
     EXIT_CODE=$?
 
     if [ $EXIT_CODE -ne 0 ]; then
@@ -49,7 +49,7 @@ done
 if [ $FOUND_SECRETS -ne 0 ]; then
     echo -e "${RED}❌ Push blocked: Secrets detected in commits being pushed${NC}"
     echo ""
-    echo "   Run: rafter agent scan --diff <remote-sha>"
+    echo "   Run: rafter scan local --diff <remote-sha>"
     echo "   To see details and remediate."
     echo ""
     echo "   To bypass (NOT recommended): git push --no-verify"

package/resources/rafter-security-skill.md

@@ -6,8 +6,8 @@ openclaw:
   always: false
   requires:
     bins: [rafter]
-version: 0.4.0
-last_updated: 2026-02-03
+version: 0.5.8
+last_updated: 2026-03-04
 ---
 
 # Rafter Security
@@ -32,7 +32,7 @@ Rafter provides real-time security checks for agent operations:
 Scan files for secrets before committing.
 
 ```bash
-rafter agent scan <path>
+rafter scan local <path>
 ```
 
 **When to use:**
@@ -57,21 +57,17 @@ rafter agent scan <path>
 
 ### /rafter-bash
 
-Execute shell command with security validation.
+Explicitly run a command through Rafter's security validator.
 
 ```bash
 rafter agent exec <command>
 ```
 
-**Features:**
-- Blocks destructive commands (rm -rf /, fork bombs)
-- Requires approval for dangerous operations
-- Logs all command attempts
-- Scans staged files before git commits
+**When to use:** Only needed in environments where the `PreToolUse` hook is not installed. When `rafter agent init` has been run, all shell commands are validated automatically — you do not need to route commands through this.
 
 **Risk levels:**
 - **Critical** (blocked): rm -rf /, fork bombs, dd to /dev
-- **High** (approval required): sudo rm, chmod 777, curl|bash
+- **High** (approval required): sudo rm, chmod 777, curl | bash
 - **Medium** (approval on moderate+): sudo, chmod, kill -9
 - **Low** (allowed): npm install, git commit, ls
 
@@ -269,7 +265,7 @@ Configure with: `rafter agent config set agent.riskLevel moderate`
 
 ## Best Practices
 
-1. **Always scan before commits**: Run `rafter agent scan` before `git commit`
+1. **Always scan before commits**: Run `rafter scan local` before `git commit`
 2. **Audit untrusted skills**: Run `/rafter-audit-skill` on skills from unknown sources before installation
 3. **Review audit logs**: Check `rafter agent audit` after suspicious activity
 4. **Keep patterns updated**: Patterns updated automatically with CLI updates