@securityreviewai/securityreview-kit 0.1.48 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/dist/api.js +44 -0
  2. package/dist/commands/guardrails.js +13 -0
  3. package/dist/commands/init.js +88 -0
  4. package/dist/commands/profile.js +14 -0
  5. package/dist/commands/status.js +27 -0
  6. package/dist/commands/sync.js +6 -0
  7. package/dist/config.js +18 -0
  8. package/dist/fs.js +43 -0
  9. package/dist/index.js +44 -0
  10. package/dist/profile.js +113 -0
  11. package/dist/scaffold/claude-code.js +37 -0
  12. package/dist/scaffold/codex.js +35 -0
  13. package/dist/scaffold/cursor.js +39 -0
  14. package/dist/scaffold/gemini.js +10 -0
  15. package/dist/scaffold/index.js +22 -0
  16. package/dist/scaffold/mcp.js +15 -0
  17. package/dist/scaffold/rules.js +165 -0
  18. package/dist/scaffold/vibreview.js +24 -0
  19. package/dist/scaffold/vscode.js +22 -0
  20. package/dist/scaffold/windsurf.js +10 -0
  21. package/dist/sync/index.js +34 -0
  22. package/dist/sync/payload.js +23 -0
  23. package/dist/sync/state.js +12 -0
  24. package/dist/types.js +1 -0
  25. package/package.json +24 -30
  26. package/templates/claude/CLAUDE.md +13 -0
  27. package/templates/claude/agents/guardrail_profiler.md +12 -0
  28. package/templates/claude/agents/threat_modeler.md +5 -0
  29. package/templates/claude/skills/vibreview/SKILL.md +21 -0
  30. package/templates/claude/skills/vibreview/guardrail_patterns.md +12 -0
  31. package/templates/cursor/rules/vibreview-security.mdc +8 -0
  32. package/README.md +0 -105
  33. package/bin/securityreview-kit.js +0 -5
  34. package/src/cli.js +0 -109
  35. package/src/commands/init.js +0 -851
  36. package/src/commands/status.js +0 -99
  37. package/src/commands/switch-project.js +0 -207
  38. package/src/generators/mcp/claude.js +0 -85
  39. package/src/generators/mcp/claude.test.js +0 -64
  40. package/src/generators/mcp/codex.js +0 -70
  41. package/src/generators/mcp/codex.test.js +0 -43
  42. package/src/generators/mcp/cursor.js +0 -29
  43. package/src/generators/mcp/cursor.test.js +0 -50
  44. package/src/generators/mcp/gemini.js +0 -28
  45. package/src/generators/mcp/vscode.js +0 -29
  46. package/src/generators/mcp/windsurf.js +0 -27
  47. package/src/generators/rules/antigravity.js +0 -22
  48. package/src/generators/rules/claude.js +0 -87
  49. package/src/generators/rules/claude.test.js +0 -60
  50. package/src/generators/rules/codex.js +0 -141
  51. package/src/generators/rules/codex.test.js +0 -59
  52. package/src/generators/rules/content.js +0 -110
  53. package/src/generators/rules/content.md +0 -57
  54. package/src/generators/rules/cursor.js +0 -128
  55. package/src/generators/rules/gemini.js +0 -13
  56. package/src/generators/rules/guardrails-init-profile.md +0 -56
  57. package/src/generators/rules/guardrails-profiler/SKILL.md +0 -130
  58. package/src/generators/rules/guardrails-profiler/references/signal-registry.json +0 -514
  59. package/src/generators/rules/guardrails-selection/SKILL.md +0 -187
  60. package/src/generators/rules/guardrails-selection/references/category-threat-map.md +0 -232
  61. package/src/generators/rules/guardrails_rule.md +0 -94
  62. package/src/generators/rules/hooks.json +0 -11
  63. package/src/generators/rules/skill.md +0 -256
  64. package/src/generators/rules/srai-profile.md +0 -32
  65. package/src/generators/rules/vibereview-sync/SKILL.md +0 -378
  66. package/src/generators/rules/vscode.js +0 -101
  67. package/src/generators/rules/vscode.test.js +0 -54
  68. package/src/generators/rules/windsurf.js +0 -13
  69. package/src/utils/constants.js +0 -95
  70. package/src/utils/cursor-agent-path.js +0 -67
  71. package/src/utils/cursor-cli-permissions.js +0 -28
  72. package/src/utils/detect.js +0 -27
  73. package/src/utils/fs-helpers.js +0 -82
  74. package/src/utils/guardrails-profiler-bundle.js +0 -84
  75. package/src/utils/ide-cli-install.js +0 -138
  76. package/src/utils/profiler-agent.js +0 -446
  77. package/src/utils/profiler-agent.test.js +0 -81
  78. package/src/utils/srai.js +0 -252
package/src/cli.js DELETED
@@ -1,109 +0,0 @@
1
- import { Command } from 'commander';
2
- import { initCommand } from './commands/init.js';
3
- import { statusCommand } from './commands/status.js';
4
- import { switchProjectCommand } from './commands/switch-project.js';
5
- import { TARGET_NAMES } from './utils/constants.js';
6
-
7
- export function run() {
8
- const program = new Command();
9
-
10
- program
11
- .name('securityreview-kit')
12
- .description('Bootstrap security-review-mcp for AI IDEs and CLI tools')
13
- .version('0.1.0');
14
-
15
- program
16
- .command('init')
17
- .description('Configure security-review-mcp for your IDE / CLI tool')
18
- .option(
19
- '-t, --target <name...>',
20
- `Target IDE/CLI (${TARGET_NAMES.join(', ')}). Omit for interactive mode.`,
21
- )
22
- .option('-a, --all', 'Install for all supported targets')
23
- .option('--project-name <name>', 'Default SRAI project name to preselect in project menu')
24
- .option('--api-url <url>', 'SRAI API URL (or set SECURITY_REVIEW_API_URL env var)')
25
- .option('--api-key <token>', 'SRAI API Token (or set SECURITY_REVIEW_API_TOKEN env var)')
26
- .option('--switch-project', 'Fetch projects and only update mapped workspace rules')
27
- .option('--skip-mcp', 'Skip MCP server config installation')
28
- .option('--skip-rules', 'Skip workspace rule installation')
29
- .option('--skip-ide-cli-install', 'Do not install Cursor / Copilot / Claude Code / Codex CLIs when those targets are selected')
30
- .option('--profile-repo', 'After init, run the guardrails profiler agent (non-interactive; needs cursor, vscode, claude, or codex target)')
31
- .option('--no-profile-repo', 'Skip the optional profiler agent step after init')
32
- .option(
33
- '--profiler-no-trust',
34
- 'When profiling with Cursor, do not pass --trust (use if you need interactive workspace trust or login in the terminal)',
35
- )
36
- .option(
37
- '--profiler-cursor-login',
38
- 'Before Cursor profiling, run `agent login` (or `cursor-agent login`) in this terminal (then profiling runs in the same init)',
39
- )
40
- .option(
41
- '--profiler-claude-login',
42
- 'Before Claude Code profiling, run `claude auth login` in this terminal',
43
- )
44
- .option(
45
- '--claude-auth-mode <mode>',
46
- 'Claude profiling auth mode: current, claudeai, console, api_key, gateway, bedrock, vertex, or setup_token',
47
- )
48
- .option(
49
- '--claude-api-key <key>',
50
- 'Anthropic API key for Claude profiling when using --claude-auth-mode api_key',
51
- )
52
- .option(
53
- '--claude-base-url <url>',
54
- 'Anthropic-compatible base URL for Claude profiling when using --claude-auth-mode gateway',
55
- )
56
- .option(
57
- '--claude-auth-token <token>',
58
- 'Auth token for Claude profiling when using --claude-auth-mode gateway',
59
- )
60
- .option(
61
- '--claude-provider-model <model>',
62
- 'Optional Claude provider model override for gateway, Bedrock, or Vertex profiling',
63
- )
64
- .option(
65
- '--profiler-copilot-login',
66
- 'Before VS Code Copilot profiling, run `copilot login` in this terminal',
67
- )
68
- .option(
69
- '--profiler-codex-login',
70
- 'Before Codex profiling, run `codex login --device-auth` in this terminal',
71
- )
72
- .option(
73
- '--profiler-quiet',
74
- 'When profiling, use the standard progress message (default; retained for compatibility)',
75
- )
76
- .option(
77
- '--profiler-verbose',
78
- 'When profiling, show live agent output for troubleshooting',
79
- )
80
- .option(
81
- '--show-profiler-logs',
82
- 'Alias for --profiler-verbose; show live profiler logs while profiling runs',
83
- )
84
- .action(async (options) => {
85
- try {
86
- if (options.switchProject) {
87
- await switchProjectCommand(options);
88
- } else {
89
- await initCommand(options);
90
- }
91
- } catch (err) {
92
- if (err.name === 'ExitPromptError') {
93
- // User cancelled interactive prompt
94
- console.log('\n Cancelled.\n');
95
- process.exit(0);
96
- }
97
- throw err;
98
- }
99
- });
100
-
101
- program
102
- .command('status')
103
- .description('Show current security-review-mcp configuration status')
104
- .action(async () => {
105
- await statusCommand();
106
- });
107
-
108
- program.parse();
109
- }