npm - @rafter-security/cli - Versions diffs - 0.7.0 → 0.7.1 - Mend

@rafter-security/cli 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/README.md +20 -1
package/dist/commands/agent/audit-skill.js +2 -1
package/dist/commands/agent/audit.js +27 -0
package/dist/commands/agent/components.js +800 -0
package/dist/commands/agent/disable.js +47 -0
package/dist/commands/agent/enable.js +50 -0
package/dist/commands/agent/index.js +6 -0
package/dist/commands/agent/init.js +162 -164
package/dist/commands/agent/list.js +72 -0
package/dist/commands/brief.js +20 -0
package/dist/commands/docs/index.js +18 -0
package/dist/commands/docs/list.js +37 -0
package/dist/commands/docs/show.js +64 -0
package/dist/commands/mcp/server.js +84 -0
package/dist/commands/skill/index.js +14 -0
package/dist/commands/skill/install.js +89 -0
package/dist/commands/skill/list.js +79 -0
package/dist/commands/skill/registry.js +273 -0
package/dist/commands/skill/remote.js +333 -0
package/dist/commands/skill/review.js +975 -0
package/dist/commands/skill/uninstall.js +65 -0
package/dist/core/audit-logger.js +262 -21
package/dist/core/config-manager.js +3 -0
package/dist/core/docs-loader.js +148 -0
package/dist/core/policy-loader.js +72 -1
package/dist/index.js +6 -0
package/package.json +1 -1
package/resources/skills/rafter/SKILL.md +76 -96
package/resources/skills/rafter/docs/backend.md +106 -0
package/resources/skills/rafter/docs/cli-reference.md +199 -0
package/resources/skills/rafter/docs/finding-triage.md +79 -0
package/resources/skills/rafter/docs/guardrails.md +91 -0
package/resources/skills/rafter/docs/shift-left.md +64 -0
package/resources/skills/rafter-code-review/SKILL.md +91 -0
package/resources/skills/rafter-code-review/docs/api.md +90 -0
package/resources/skills/rafter-code-review/docs/asvs.md +120 -0
package/resources/skills/rafter-code-review/docs/cwe-top25.md +78 -0
package/resources/skills/rafter-code-review/docs/investigation-playbook.md +101 -0
package/resources/skills/rafter-code-review/docs/llm.md +87 -0
package/resources/skills/rafter-code-review/docs/web-app.md +84 -0
package/resources/skills/rafter-secure-design/SKILL.md +103 -0
package/resources/skills/rafter-secure-design/docs/api-design.md +97 -0
package/resources/skills/rafter-secure-design/docs/auth.md +67 -0
package/resources/skills/rafter-secure-design/docs/data-storage.md +90 -0
package/resources/skills/rafter-secure-design/docs/dependencies.md +101 -0
package/resources/skills/rafter-secure-design/docs/deployment.md +104 -0
package/resources/skills/rafter-secure-design/docs/ingestion.md +98 -0
package/resources/skills/rafter-secure-design/docs/standards-pointers.md +102 -0
package/resources/skills/rafter-secure-design/docs/threat-modeling.md +128 -0
package/resources/skills/rafter-skill-review/SKILL.md +106 -0
package/resources/skills/rafter-skill-review/docs/authorship-provenance.md +82 -0
package/resources/skills/rafter-skill-review/docs/changelog-review.md +99 -0
package/resources/skills/rafter-skill-review/docs/data-practices.md +88 -0
package/resources/skills/rafter-skill-review/docs/malware-indicators.md +79 -0
package/resources/skills/rafter-skill-review/docs/prompt-injection.md +85 -0
package/resources/skills/rafter-skill-review/docs/telemetry.md +78 -0

package/README.md CHANGED Viewed

@@ -59,20 +59,39 @@ rafter usage
 ```bash
 # Initialize local security
 rafter agent init
+rafter agent init --local              # write config to ./.rafter (ephemeral/benchmark)
+# Granular per-component control
+rafter agent list
+rafter agent enable claude-code
+rafter agent disable gemini
 # Scan files for secrets
 rafter agent scan .
+rafter agent scan --history            # full git history (gitleaks engine)
 # Execute commands safely
 rafter agent exec "git commit -m 'Add feature'"
-# View audit logs
+# View audit logs (tamper-evident hash chain)
 rafter agent audit
+rafter agent audit --verify            # verify chain; exit 1 if tampered
 # Manage configuration
 rafter agent config show
 ```
+### Skills
+Four first-party skills ship with the CLI: `rafter` (CYOA router), `rafter-code-review`, `rafter-secure-design`, `rafter-skill-review`.
+```bash
+rafter skill list                              # installed + available
+rafter skill install --all                     # install all four
+rafter skill review github:owner/repo          # audit a third-party skill before install
+rafter skill review --installed                # audit every skill already on disk
+```
 ## Global Options
 | Flag | Description |

package/dist/commands/agent/audit-skill.js CHANGED Viewed

@@ -7,11 +7,12 @@ import { SkillManager } from "../../utils/skill-manager.js";
 import { fmt } from "../../utils/formatter.js";
 export function createAuditSkillCommand() {
     return new Command("audit-skill")
-        .description("Security audit of a Claude Code skill file")
+        .description("[deprecated] Security audit of a Claude Code skill file — use `rafter skill review` instead")
         .argument("<skill-path>", "Path to skill file to audit")
         .option("--skip-openclaw", "Skip OpenClaw integration, show manual review prompt")
         .option("--json", "Output results as JSON")
         .action(async (skillPath, opts) => {
+        process.stderr.write("[deprecated] `rafter agent audit-skill` is deprecated; use `rafter skill review <path-or-url>` instead.\n");
         await auditSkill(skillPath, opts);
     });
 }

package/dist/commands/agent/audit.js CHANGED Viewed

@@ -13,13 +13,28 @@ export function createAuditCommand() {
         .option("--event <type>", "Filter by event type")
         .option("--agent <type>", "Filter by agent type (openclaw, claude-code)")
         .option("--since <date>", "Show entries since date (YYYY-MM-DD)")
+        .option("--repo <pattern>", "Filter by git repo path (substring match)")
+        .option("--cwd <pattern>", "Filter by working directory (substring match)")
         .option("--share", "Generate a redacted excerpt for issue reports")
+        .option("--verify", "Verify the audit log hash chain and report tampering")
         .action((opts) => {
         if (opts.share) {
             generateShareExcerpt();
             return;
         }
         const logger = new AuditLogger();
+        if (opts.verify) {
+            const breaks = logger.verify();
+            if (breaks.length === 0) {
+                console.log("✓ Audit log hash chain intact");
+                return;
+            }
+            console.error(`✗ Audit log hash chain broken (${breaks.length} break${breaks.length === 1 ? "" : "s"}):`);
+            for (const b of breaks) {
+                console.error(`  line ${b.line}: ${b.reason}`);
+            }
+            process.exit(1);
+        }
         const filter = {
             limit: parseInt(opts.last, 10)
         };
@@ -32,6 +47,12 @@ export function createAuditCommand() {
         if (opts.since) {
             filter.since = new Date(opts.since);
         }
+        if (opts.repo) {
+            filter.gitRepo = opts.repo;
+        }
+        if (opts.cwd) {
+            filter.cwd = opts.cwd;
+        }
         const entries = logger.read(filter);
         if (entries.length === 0) {
             console.log("No audit log entries found");
@@ -46,6 +67,12 @@ export function createAuditCommand() {
             if (entry.agentType) {
                 console.log(`   Agent: ${entry.agentType}`);
             }
+            if (entry.gitRepo) {
+                console.log(`   Repo: ${entry.gitRepo}`);
+            }
+            else if (entry.cwd) {
+                console.log(`   Cwd: ${entry.cwd}`);
+            }
             if (entry.action?.command) {
                 console.log(`   Command: ${entry.action.command}`);
             }