npm - @sentriflow/cli - Versions diffs - 0.1.0 → 0.1.2 - Mend

@sentriflow/cli 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -18,70 +18,134 @@ bun add -g @sentriflow/cli
 ```bash
 # Validate a single configuration file
-sentriflow scan router.conf
+sentriflow router.conf
-# Validate multiple files
-sentriflow scan configs/*.conf
+# Validate with specific vendor
+sentriflow -v cisco-ios router.conf
-# Output results in SARIF format (for CI/CD integration)
-sentriflow scan router.conf --format sarif -o results.sarif
+# Scan a directory of configs
+sentriflow -D configs/
-# Auto-detect vendor from file content
-sentriflow scan unknown.conf --detect
+# Scan directory recursively
+sentriflow -D configs/ -R
+# Output results in SARIF format
+sentriflow router.conf -f sarif
+# List available vendors
+sentriflow --list-vendors
+# List active rules
+sentriflow --list-rules
 ```
 ## Usage
 ```
-Usage: sentriflow [options] [command]
+Usage: sentriflow [options] [file]
-Network configuration linter and validator
+SentriFlow Network Configuration Validator
-Options:
-  -V, --version              output the version number
-  -h, --help                 display help for command
+Arguments:
+  file                          Path to the configuration file
-Commands:
-  scan [options] <files...>  Scan configuration files for issues
-  help [command]             display help for command
+Options:
+  -V, --version                 output the version number
+  -h, --help                    display help for command
 ```
-### Scan Command Options
+### Output Options
-```
-Usage: sentriflow scan [options] <files...>
+| Option | Description |
+|--------|-------------|
+| `-f, --format <format>` | Output format: `json` (default), `sarif` |
+| `-q, --quiet` | Only output failures (suppress passed results) |
+| `--ast` | Output the parsed AST instead of rule results |
+| `--relative-paths` | Use relative paths in SARIF output |
-Options:
-  -v, --vendor <vendor>     Specify vendor (cisco-ios, juniper-junos, etc.)
-  -f, --format <format>     Output format: text, json, sarif (default: "text")
-  -o, --output <file>       Write output to file
-  -s, --severity <level>    Minimum severity: info, warning, error (default: "warning")
-  --detect                  Auto-detect vendor from file content
-  -h, --help                display help for command
-```
+### Vendor Options
+| Option | Description |
+|--------|-------------|
+| `-v, --vendor <vendor>` | Vendor type (default: `auto`) |
+| `--list-vendors` | List all supported vendors and exit |
+Supported vendors: `cisco-ios`, `juniper-junos`, `palo-alto`, `fortinet`, `arista-eos`, `mikrotik`, and more.
+### Rule Configuration
+| Option | Description |
+|--------|-------------|
+| `-c, --config <path>` | Path to config file (default: auto-detect `.sentriflowrc`) |
+| `--no-config` | Ignore config file |
+| `-d, --disable <ids>` | Comma-separated rule IDs to disable |
+| `--list-rules` | List all active rules and exit |
+| `-p, --rule-pack <path>` | Rule pack file to load |
+| `--json-rules <path...>` | Path(s) to JSON rules file(s) |
+| `-r, --rules <path>` | Additional rules file (legacy) |
+### Encrypted Rule Packs
+| Option | Description |
+|--------|-------------|
+| `--encrypted-pack <path...>` | Path(s) to encrypted rule pack(s) (.grpx) |
+| `--license-key <key>` | License key (or set `SENTRIFLOW_LICENSE_KEY` env var) |
+| `--strict-packs` | Fail if encrypted pack cannot be loaded |
+### Directory Scanning
+| Option | Description |
+|--------|-------------|
+| `-D, --directory <path>` | Scan all config files in a directory |
+| `-R, --recursive` | Scan directories recursively |
+| `--glob <pattern>` | Glob pattern for file matching (e.g., `"*.cfg"`) |
+| `--extensions <exts>` | File extensions to include (comma-separated) |
+| `--exclude <patterns>` | Exclude patterns (comma-separated glob patterns) |
+| `--progress` | Show progress during directory scanning |
+### Security Options
+| Option | Description |
+|--------|-------------|
+| `--allow-external` | Allow reading files outside the current directory |
 ## Output Formats
-### Text (default)
+### JSON (default)
-```
-router.conf:12:5 error SEC-001 Telnet is enabled - use SSH instead
-router.conf:45:1 warning NET-003 No description on interface GigabitEthernet0/1
+```json
+{
+  "vendor": {
+    "id": "cisco-ios",
+    "name": "Cisco IOS"
+  },
+  "results": [
+    {
+      "ruleId": "SEC-001",
+      "passed": false,
+      "message": "Telnet is enabled - use SSH instead",
+      "line": 12,
+      "column": 1
+    }
+  ]
+}
 ```
-### JSON
+### JSON (directory mode)
 ```json
 {
-  "files": 1,
-  "issues": [
+  "summary": {
+    "filesScanned": 3,
+    "totalResults": 15,
+    "failures": 5,
+    "passed": 10
+  },
+  "files": [
     {
-      "file": "router.conf",
-      "line": 12,
-      "column": 5,
-      "severity": "error",
-      "ruleId": "SEC-001",
-      "message": "Telnet is enabled - use SSH instead"
+      "file": "/path/to/router.conf",
+      "vendor": { "id": "cisco-ios", "name": "Cisco IOS" },
+      "results": [...]
     }
   ]
 }
@@ -91,6 +155,10 @@ router.conf:45:1 warning NET-003 No description on interface GigabitEthernet0/1
 Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning, VS Code, and other tools.
+```bash
+sentriflow router.conf -f sarif > results.sarif
+```
 ## CI/CD Integration
 ### GitHub Actions
@@ -98,7 +166,7 @@ Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning,
 ```yaml
 - name: Lint network configs
   run: |
-    npx @sentriflow/cli scan configs/*.conf --format sarif -o results.sarif
+    npx @sentriflow/cli -D configs/ -R -f sarif > results.sarif
 - name: Upload SARIF
   uses: github/codeql-action/upload-sarif@v2
@@ -106,6 +174,20 @@ Produces SARIF 2.1.0 compliant output for integration with GitHub Code Scanning,
     sarif_file: results.sarif
 ```
+## Configuration File
+SentriFlow automatically looks for `.sentriflowrc` or `.sentriflowrc.json` in the config file directory and its parents.
+```json
+{
+  "extends": "@sentriflow/rules-default",
+  "rules": {
+    "SEC-001": "error",
+    "NET-003": "off"
+  }
+}
+```
 ## Related Packages
 - [`@sentriflow/core`](https://github.com/sentriflow/sentriflow/tree/main/packages/core) - Core parsing engine

package/dist/index.js CHANGED Viewed

@@ -10407,7 +10407,7 @@ function generateSarif(results, filePath, rules, options = {}) {
         tool: {
           driver: {
             name: "Sentriflow",
-            version: "0.1.0",
+            version: "0.1.2",
             informationUri: "https://github.com/sentriflow/sentriflow",
             rules: sarifRules,
             // SEC-007: Include CWE taxonomy when rules reference it
@@ -10513,7 +10513,7 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
         tool: {
           driver: {
             name: "Sentriflow",
-            version: "0.1.0",
+            version: "0.1.2",
             informationUri: "https://github.com/sentriflow/sentriflow",
             rules: sarifRules,
             // SEC-007: Include CWE taxonomy when rules reference it
@@ -14194,7 +14194,7 @@ function validateDirectoryPath(dirPath, allowedBaseDirs) {
 // index.ts
 var program = new Command();
-program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.0").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
+program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.2").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
   "--encrypted-pack <path...>",
   "SEC-012: Path(s) to encrypted rule pack(s) (.grpx), can specify multiple"
 ).option(

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sentriflow/cli",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "SentriFlow CLI - Network configuration linter and validator",
   "license": "Apache-2.0",
   "main": "dist/index.js",
@@ -8,7 +8,7 @@
   "type": "module",
   "repository": {
     "type": "git",
-    "url": "https://github.com/sentriflow/sentriflow.git",
+    "url": "git+https://github.com/sentriflow/sentriflow.git",
     "directory": "packages/cli"
   },
   "homepage": "https://github.com/sentriflow/sentriflow#readme",
@@ -46,7 +46,7 @@
     "esbuild": "^0.27.0"
   },
   "bin": {
-    "sentriflow": "./dist/index.js"
+    "sentriflow": "dist/index.js"
   },
   "engines": {
     "node": ">=18.0.0"