@sentriflow/cli 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +122 -40
  2. package/dist/index.js +3 -3
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -18,70 +18,134 @@ bun add -g @sentriflow/cli
18
18
 
19
19
  ```bash
20
20
  # Validate a single configuration file
21
- sentriflow scan router.conf
21
+ sentriflow router.conf
22
22
 
23
- # Validate multiple files
24
- sentriflow scan configs/*.conf
23
+ # Validate with specific vendor
24
+ sentriflow -v cisco-ios router.conf
25
25
 
26
- # Output results in SARIF format (for CI/CD integration)
27
- sentriflow scan router.conf --format sarif -o results.sarif
26
+ # Scan a directory of configs
27
+ sentriflow -D configs/
28
28
 
29
- # Auto-detect vendor from file content
30
- sentriflow scan unknown.conf --detect
29
+ # Scan directory recursively
30
+ sentriflow -D configs/ -R
31
+
32
+ # Output results in SARIF format
33
+ sentriflow router.conf -f sarif
34
+
35
+ # List available vendors
36
+ sentriflow --list-vendors
37
+
38
+ # List active rules
39
+ sentriflow --list-rules
31
40
  ```
32
41
 
33
42
  ## Usage
34
43
 
35
44
  ```
36
- Usage: sentriflow [options] [command]
45
+ Usage: sentriflow [options] [file]
37
46
 
38
- Network configuration linter and validator
47
+ SentriFlow Network Configuration Validator
39
48
 
40
- Options:
41
- -V, --version output the version number
42
- -h, --help display help for command
49
+ Arguments:
50
+ file Path to the configuration file
43
51
 
44
- Commands:
45
- scan [options] <files...> Scan configuration files for issues
46
- help [command] display help for command
52
+ Options:
53
+ -V, --version output the version number
54
+ -h, --help display help for command
47
55
  ```
48
56
 
49
- ### Scan Command Options
57
+ ### Output Options
50
58
 
51
- ```
52
- Usage: sentriflow scan [options] <files...>
59
+ | Option | Description |
60
+ |--------|-------------|
61
+ | `-f, --format <format>` | Output format: `json` (default), `sarif` |
62
+ | `-q, --quiet` | Only output failures (suppress passed results) |
63
+ | `--ast` | Output the parsed AST instead of rule results |
64
+ | `--relative-paths` | Use relative paths in SARIF output |
53
65
 
54
- Options:
55
- -v, --vendor <vendor> Specify vendor (cisco-ios, juniper-junos, etc.)
56
- -f, --format <format> Output format: text, json, sarif (default: "text")
57
- -o, --output <file> Write output to file
58
- -s, --severity <level> Minimum severity: info, warning, error (default: "warning")
59
- --detect Auto-detect vendor from file content
60
- -h, --help display help for command
61
- ```
66
+ ### Vendor Options
67
+
68
+ | Option | Description |
69
+ |--------|-------------|
70
+ | `-v, --vendor <vendor>` | Vendor type (default: `auto`) |
71
+ | `--list-vendors` | List all supported vendors and exit |
72
+
73
+ Supported vendors: `cisco-ios`, `juniper-junos`, `palo-alto`, `fortinet`, `arista-eos`, `mikrotik`, and more.
74
+
75
+ ### Rule Configuration
76
+
77
+ | Option | Description |
78
+ |--------|-------------|
79
+ | `-c, --config <path>` | Path to config file (default: auto-detect `.sentriflowrc`) |
80
+ | `--no-config` | Ignore config file |
81
+ | `-d, --disable <ids>` | Comma-separated rule IDs to disable |
82
+ | `--list-rules` | List all active rules and exit |
83
+ | `-p, --rule-pack <path>` | Rule pack file to load |
84
+ | `--json-rules <path...>` | Path(s) to JSON rules file(s) |
85
+ | `-r, --rules <path>` | Additional rules file (legacy) |
86
+
87
+ ### Encrypted Rule Packs
88
+
89
+ | Option | Description |
90
+ |--------|-------------|
91
+ | `--encrypted-pack <path...>` | Path(s) to encrypted rule pack(s) (.grpx) |
92
+ | `--license-key <key>` | License key (or set `SENTRIFLOW_LICENSE_KEY` env var) |
93
+ | `--strict-packs` | Fail if encrypted pack cannot be loaded |
94
+
95
+ ### Directory Scanning
96
+
97
+ | Option | Description |
98
+ |--------|-------------|
99
+ | `-D, --directory <path>` | Scan all config files in a directory |
100
+ | `-R, --recursive` | Scan directories recursively |
101
+ | `--glob <pattern>` | Glob pattern for file matching (e.g., `"*.cfg"`) |
102
+ | `--extensions <exts>` | File extensions to include (comma-separated) |
103
+ | `--exclude <patterns>` | Exclude patterns (comma-separated glob patterns) |
104
+ | `--progress` | Show progress during directory scanning |
105
+
106
+ ### Security Options
107
+
108
+ | Option | Description |
109
+ |--------|-------------|
110
+ | `--allow-external` | Allow reading files outside the current directory |
62
111
 
63
112
  ## Output Formats
64
113
 
65
- ### Text (default)
114
+ ### JSON (default)
66
115
 
67
- ```
68
- router.conf:12:5 error SEC-001 Telnet is enabled - use SSH instead
69
- router.conf:45:1 warning NET-003 No description on interface GigabitEthernet0/1
116
+ ```json
117
+ {
118
+ "vendor": {
119
+ "id": "cisco-ios",
120
+ "name": "Cisco IOS"
121
+ },
122
+ "results": [
123
+ {
124
+ "ruleId": "SEC-001",
125
+ "passed": false,
126
+ "message": "Telnet is enabled - use SSH instead",
127
+ "line": 12,
128
+ "column": 1
129
+ }
130
+ ]
131
+ }
70
132
  ```
71
133
 
72
- ### JSON
134
+ ### JSON (directory mode)
73
135
 
74
136
  ```json
75
137
  {
76
- "files": 1,
77
- "issues": [
138
+ "summary": {
139
+ "filesScanned": 3,
140
+ "totalResults": 15,
141
+ "failures": 5,
142
+ "passed": 10
143
+ },
144
+ "files": [
78
145
  {
79
- "file": "router.conf",
80
- "line": 12,
81
- "column": 5,
82
- "severity": "error",
83
- "ruleId": "SEC-001",
84
- "message": "Telnet is enabled - use SSH instead"
146
+ "file": "/path/to/router.conf",
147
+ "vendor": { "id": "cisco-ios", "name": "Cisco IOS" },
148
+ "results": [...]
85
149
  }
86
150
  ]
87
151
  }
@@ -91,6 +155,10 @@ router.conf:45:1 warning NET-003 No description on interface GigabitEthernet0/1
91
155
 
92
156
  Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning, VS Code, and other tools.
93
157
 
158
+ ```bash
159
+ sentriflow router.conf -f sarif > results.sarif
160
+ ```
161
+
94
162
  ## CI/CD Integration
95
163
 
96
164
  ### GitHub Actions
@@ -98,7 +166,7 @@ Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning,
98
166
  ```yaml
99
167
  - name: Lint network configs
100
168
  run: |
101
- npx @sentriflow/cli scan configs/*.conf --format sarif -o results.sarif
169
+ npx @sentriflow/cli -D configs/ -R -f sarif > results.sarif
102
170
 
103
171
  - name: Upload SARIF
104
172
  uses: github/codeql-action/upload-sarif@v2
@@ -106,6 +174,20 @@ Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning,
106
174
  sarif_file: results.sarif
107
175
  ```
108
176
 
177
+ ## Configuration File
178
+
179
+ SentriFlow automatically looks for `.sentriflowrc` or `.sentriflowrc.json` in the config file directory and its parents.
180
+
181
+ ```json
182
+ {
183
+ "extends": "@sentriflow/rules-default",
184
+ "rules": {
185
+ "SEC-001": "error",
186
+ "NET-003": "off"
187
+ }
188
+ }
189
+ ```
190
+
109
191
  ## Related Packages
110
192
 
111
193
  - [`@sentriflow/core`](https://github.com/sentriflow/sentriflow/tree/main/packages/core) - Core parsing engine
package/dist/index.js CHANGED
@@ -10407,7 +10407,7 @@ function generateSarif(results, filePath, rules, options = {}) {
10407
10407
  tool: {
10408
10408
  driver: {
10409
10409
  name: "Sentriflow",
10410
- version: "0.1.0",
10410
+ version: "0.1.1",
10411
10411
  informationUri: "https://github.com/sentriflow/sentriflow",
10412
10412
  rules: sarifRules,
10413
10413
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -10513,7 +10513,7 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
10513
10513
  tool: {
10514
10514
  driver: {
10515
10515
  name: "Sentriflow",
10516
- version: "0.1.0",
10516
+ version: "0.1.1",
10517
10517
  informationUri: "https://github.com/sentriflow/sentriflow",
10518
10518
  rules: sarifRules,
10519
10519
  // SEC-007: Include CWE taxonomy when rules reference it
@@ -14194,7 +14194,7 @@ function validateDirectoryPath(dirPath, allowedBaseDirs) {
14194
14194
 
14195
14195
  // index.ts
14196
14196
  var program = new Command();
14197
- program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.0").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
14197
+ program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.1").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
14198
14198
  "--encrypted-pack <path...>",
14199
14199
  "SEC-012: Path(s) to encrypted rule pack(s) (.grpx), can specify multiple"
14200
14200
  ).option(
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sentriflow/cli",
3
- "version": "0.1.0",
3
+ "version": "0.1.1",
4
4
  "description": "SentriFlow CLI - Network configuration linter and validator",
5
5
  "license": "Apache-2.0",
6
6
  "main": "dist/index.js",