@securityreviewai/securityreview-kit 0.1.34 → 0.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +1 -1
  2. package/package.json +1 -1
  3. package/src/cli.js +1 -1
  4. package/src/commands/init.js +6 -6
  5. package/src/generators/rules/guardrails-init-profile.md +1 -1
  6. package/src/utils/profiler-agent.js +3 -2
package/README.md CHANGED
@@ -53,7 +53,7 @@ Options:
53
53
  --skip-rules Skip workspace rule installation
54
54
  --profile-repo Run the guardrails profiler after init
55
55
  --profiler-copilot-login
56
- Run GitHub Copilot CLI setup before VS Code Copilot profiling
56
+ Run GitHub Copilot CLI login before VS Code Copilot profiling
57
57
  ```
58
58
 
59
59
  ### `@securityreviewai/securityreview-kit init --switch-project`
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@securityreviewai/securityreview-kit",
3
- "version": "0.1.34",
3
+ "version": "0.1.35",
4
4
  "description": "Bootstrap security-review-mcp for AI IDEs and CLI tools",
5
5
  "author": "Debarshi Das <debarshi.das@we45.com>",
6
6
  "license": "UNLICENSED",
package/src/cli.js CHANGED
@@ -39,7 +39,7 @@ export function run() {
39
39
  )
40
40
  .option(
41
41
  '--profiler-copilot-login',
42
- 'Before VS Code Copilot profiling, run `copilot` in this terminal so you can complete /login and workspace trust',
42
+ 'Before VS Code Copilot profiling, run `copilot login` in this terminal',
43
43
  )
44
44
  .option(
45
45
  '--profiler-quiet',
package/src/commands/init.js CHANGED
@@ -465,21 +465,21 @@ export async function initCommand(options) {
465
465
  if (!runLogin && interactive) {
466
466
  runLogin = await confirm({
467
467
  message:
468
- 'Run GitHub Copilot CLI setup in this terminal now? Use /login if prompted, then exit Copilot to continue profiling.',
468
+ 'Run GitHub Copilot CLI login in this terminal now? (Same init profiling runs next. Choose No if already signed in.)',
469
469
  default: true,
470
470
  });
471
471
  }
472
472
  if (runLogin) {
473
473
  console.log('');
474
- console.log(chalk.bold.white(' GitHub Copilot CLI setup'));
475
- console.log(chalk.dim(' Complete /login or workspace trust prompts, then exit Copilot to continue.\n'));
474
+ console.log(chalk.bold.white(' GitHub Copilot CLI login'));
475
+ console.log(chalk.dim(' Complete the browser or device-code prompt, then return here.\n'));
476
476
  const loginResult = runCopilotLogin(cwd);
477
477
  if (loginResult.ok) {
478
- console.log(chalk.green(' \u2713 GitHub Copilot CLI setup step finished.'));
478
+ console.log(chalk.green(' \u2713 GitHub Copilot CLI login step finished.'));
479
479
  } else {
480
480
  console.log(
481
481
  chalk.yellow(
482
- ` \u26a0 Copilot setup exited with status ${loginResult.status ?? 'unknown'}. Profiling will still be attempted; sign in and re-run init if it fails.`,
482
+ ` \u26a0 Copilot login exited with status ${loginResult.status ?? 'unknown'}. Profiling will still be attempted; sign in and re-run init if it fails.`,
483
483
  ),
484
484
  );
485
485
  }
@@ -538,7 +538,7 @@ export async function initCommand(options) {
538
538
  console.log(chalk.dim(' Typical fixes:'));
539
539
  console.log(
540
540
  chalk.dim(
541
- ' • Not signed in or workspace not trusted: re-run `securityreview-kit init` and choose Yes for GitHub Copilot CLI setup, or pass `--profiler-copilot-login` with `--profile-repo`.',
541
+ ' • Not signed in: re-run `securityreview-kit init` and choose Yes for GitHub Copilot CLI login, or pass `--profiler-copilot-login` with `--profile-repo`.',
542
542
  ),
543
543
  );
544
544
  console.log(
package/src/generators/rules/guardrails-init-profile.md CHANGED
@@ -37,4 +37,4 @@ From the repo root, non-interactive runs should load the SRAI MCP server and all
37
37
 
38
38
  `copilot -p "<your profiling instructions>" --additional-mcp-config '{"mcpServers":{"security-review-mcp":{"type":"stdio","command":"npx","args":["-y","@securityreviewai/security-review-mcp@latest"]}}}' --allow-all`
39
39
 
40
- During `securityreview-kit init`, choose **Yes** when asked to run GitHub Copilot CLI setup, or pass **`--profiler-copilot-login`** with **`--profile-repo`** so `/login`, workspace trust, and profiling stay in one run.
40
+ During `securityreview-kit init`, choose **Yes** when asked to run GitHub Copilot CLI login, or pass **`--profiler-copilot-login`** with **`--profile-repo`** so `copilot login` and profiling stay in one run.
package/src/utils/profiler-agent.js CHANGED
@@ -51,7 +51,8 @@ export function runCursorAgentLogin(cwd) {
51
51
  }
52
52
 
53
53
  /**
54
- * Run GitHub Copilot CLI so the user can complete /login in this terminal.
54
+ * Run GitHub Copilot CLI OAuth login in the current terminal (stdio inherited).
55
+ * `copilot login` exits after the device-flow succeeds, so init can continue into profiling.
55
56
  */
56
57
  export function runCopilotLogin(cwd) {
57
58
  const env = augmentPathEnv(process.env);
@@ -63,7 +64,7 @@ export function runCopilotLogin(cwd) {
63
64
  'GitHub Copilot CLI not found (`copilot`). Install from https://docs.github.com/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.',
64
65
  };
65
66
  }
66
- const r = spawnSync('copilot', [], { cwd, stdio: 'inherit', env });
67
+ const r = spawnSync('copilot', ['login'], { cwd, stdio: 'inherit', env });
67
68
  const spawnErr = r.error ? r.error.message : null;
68
69
  if (r.status === null && spawnErr) {
69
70
  return { ok: false, status: null, message: spawnErr };