@rajadeveloper12/headerguard 1.0.0

package/bin/headerguard.js

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+import { program } from 'commander';
+import { scanCommand } from '../src/scan.js';
+import { ciCommand } from '../src/ci.js';
+
+program
+  .name('headerguard')
+  .description('HTTP Security Header Analyzer & Fixer')
+  .version('1.0.0');
+
+program
+  .command('scan <url>')
+  .description('Scan a URL for security header issues')
+  .option('-s, --stack <stack>', 'Your backend stack: fastapi|express|django|nginx|caddy')
+  .option('-j, --json', 'Output raw JSON')
+  .option('--fail-below <score>', 'Exit with code 1 if score below threshold (for CI)')
+  .action(scanCommand);
+
+program
+  .command('ci <url>')
+  .description('CI mode: exit 1 if score below --fail-below threshold')
+  .option('--fail-below <score>', 'Minimum passing score', '70')
+  .option('-s, --stack <stack>', 'Backend stack')
+  .action(ciCommand);
+
+program.parse();

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@rajadeveloper12/headerguard",
+  "version": "1.0.0",
+  "description": "HTTP Security Header Analyzer & Fixer CLI",
+  "type": "module",
+  "main": "index.js",
+  "bin": {
+    "headerguard": "./bin/headerguard.js"
+  },
+  "scripts": {
+    "test": "echo \"No tests yet\""
+  },
+  "keywords": ["security", "headers", "cors", "csp", "hsts", "devtools"],
+  "author": "ClearFix.co",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "node-fetch": "^3.3.2",
+    "ora": "^8.0.1",
+    "commander": "^12.1.0"
+  }
+}

package/src/ci.js

@@ -0,0 +1,54 @@
+import chalk from 'chalk';
+import fetch from 'node-fetch';
+
+const API_URL = process.env.HEADERGUARD_API || 'https://api.headerguard.dev';
+
+export async function ciCommand(url, options) {
+  if (!url.startsWith('http')) url = 'https://' + url;
+  const threshold = parseInt(options.failBelow || '70');
+
+  console.log(`::group::HeaderGuard Security Scan`);
+  console.log(`Scanning: ${url}`);
+  console.log(`Threshold: ${threshold}`);
+
+  try {
+    const res = await fetch(`${API_URL}/scan`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ url, stack: options.stack || null }),
+    });
+
+    const data = await res.json();
+
+    console.log(`Score: ${data.score}/100 (Grade: ${data.grade})`);
+    console.log(`Summary: ${data.summary}`);
+    console.log('');
+
+    // GitHub Actions annotations
+    for (const [key, result] of Object.entries(data.headers)) {
+      if (result.status === 'missing') {
+        console.log(`::error::Missing security header: ${key.toUpperCase()} - ${result.issue}`);
+      } else if (result.status === 'warn') {
+        console.log(`::warning::Security header warning: ${key.toUpperCase()} - ${result.issue}`);
+      }
+    }
+
+    console.log(`::endgroup::`);
+
+    // Set output for GitHub Actions
+    console.log(`::set-output name=score::${data.score}`);
+    console.log(`::set-output name=grade::${data.grade}`);
+
+    if (data.score < threshold) {
+      console.log(`::error::HeaderGuard: Score ${data.score} below threshold ${threshold}. Deploy blocked.`);
+      process.exit(1);
+    }
+
+    console.log(`HeaderGuard: PASSED (${data.score}/${threshold} threshold)`);
+    process.exit(0);
+
+  } catch (err) {
+    console.log(`::error::HeaderGuard scan failed: ${err.message}`);
+    process.exit(1);
+  }
+}

package/src/scan.js

@@ -0,0 +1,122 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import fetch from 'node-fetch';
+
+const API_URL = process.env.HEADERGUARD_API || 'https://headerguard-api-production.up.railway.app';
+
+const HEADER_LABELS = {
+  cors: 'CORS (Access-Control-Allow-Origin)',
+  csp: 'Content-Security-Policy',
+  hsts: 'Strict-Transport-Security',
+  x_frame_options: 'X-Frame-Options',
+  x_content_type: 'X-Content-Type-Options',
+  referrer_policy: 'Referrer-Policy',
+  permissions_policy: 'Permissions-Policy',
+};
+
+function gradeColor(grade) {
+  if (grade.startsWith('A')) return chalk.greenBright(grade);
+  if (grade === 'B') return chalk.green(grade);
+  if (grade === 'C') return chalk.yellow(grade);
+  if (grade === 'D') return chalk.red(grade);
+  return chalk.bgRed.white(grade);
+}
+
+function statusIcon(status) {
+  if (status === 'pass') return chalk.green('✓');
+  if (status === 'warn') return chalk.yellow('⚠');
+  if (status === 'missing') return chalk.red('✗');
+  return chalk.red('✗');
+}
+
+function scoreBar(score, max) {
+  const pct = Math.round((score / max) * 10);
+  const filled = '█'.repeat(pct);
+  const empty = '░'.repeat(10 - pct);
+  const color = pct >= 8 ? chalk.green : pct >= 5 ? chalk.yellow : chalk.red;
+  return color(filled + empty) + chalk.dim(` ${score}/${max}`);
+}
+
+export async function scanCommand(url, options) {
+  if (!url.startsWith('http')) url = 'https://' + url;
+
+  const spinner = ora(`Scanning ${chalk.cyan(url)}...`).start();
+
+  try {
+    const res = await fetch(`${API_URL}/scan`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ url, stack: options.stack || null }),
+    });
+
+    if (!res.ok) {
+      const err = await res.json();
+      spinner.fail(chalk.red(`Scan failed: ${err.detail || res.statusText}`));
+      process.exit(1);
+    }
+
+    const data = await res.json();
+    spinner.stop();
+
+    if (options.json) {
+      console.log(JSON.stringify(data, null, 2));
+      return;
+    }
+
+    // Header
+    console.log('');
+    console.log(chalk.bold('  HeaderGuard Security Report'));
+    console.log(chalk.dim('  ' + '─'.repeat(50)));
+    console.log(`  ${chalk.dim('URL')}     ${chalk.cyan(data.url)}`);
+    console.log(`  ${chalk.dim('Score')}   ${scoreBar(data.score, 100)}`);
+    console.log(`  ${chalk.dim('Grade')}   ${gradeColor(data.grade)}`);
+    console.log(`  ${chalk.dim('Summary')} ${data.summary}`);
+    console.log('');
+
+    // Headers breakdown
+    console.log(chalk.bold('  Header Analysis'));
+    console.log(chalk.dim('  ' + '─'.repeat(50)));
+
+    for (const [key, result] of Object.entries(data.headers)) {
+      const label = HEADER_LABELS[key] || key;
+      const icon = statusIcon(result.status);
+      const bar = scoreBar(result.score, result.max);
+
+      console.log(`  ${icon}  ${chalk.white(label.padEnd(35))} ${bar}`);
+      if (result.issue) {
+        console.log(`     ${chalk.dim(result.issue)}`);
+      }
+    }
+
+    // Fixes
+    const fixKeys = Object.keys(data.fixes);
+    if (fixKeys.length > 0) {
+      console.log('');
+      console.log(chalk.bold('  Recommended Fixes'));
+      console.log(chalk.dim('  ' + '─'.repeat(50)));
+
+      for (const key of fixKeys) {
+        const fix = data.fixes[key];
+        const label = HEADER_LABELS[key] || key;
+        console.log('');
+        console.log(`  ${chalk.yellow('→')} ${chalk.bold(label)} ${chalk.dim(`(${fix.stack})`)}`);
+        const lines = fix.snippet.split('\n');
+        lines.forEach(line => console.log(`    ${chalk.dim(line)}`));
+      }
+    }
+
+    console.log('');
+    console.log(chalk.dim('  Docs: https://headerguard.dev/docs'));
+    console.log('');
+
+    // CI fail-below
+    if (options.failBelow && data.score < parseInt(options.failBelow)) {
+      console.log(chalk.red(`  ✗ Score ${data.score} is below threshold ${options.failBelow}. Failing.`));
+      process.exit(1);
+    }
+
+  } catch (err) {
+    spinner.fail(chalk.red(`Error: ${err.message}`));
+    process.exit(1);
+  }
+}