@sentriflow/cli 0.1.4 → 0.1.5

package/README.md

@@ -1,6 +1,6 @@
 # @sentriflow/cli
 
-Command-line interface for SentriFlow - lint and validate network configurations.
+Command-line interface for SentriFlow - check network configurations for compliance against best practices or organization-specific policies.
 
 ## Installation
 
@@ -17,10 +17,10 @@ bun add -g @sentriflow/cli
 ## Quick Start
 
 ```bash
-# Validate a single configuration file
+# Check a single configuration file
 sentriflow router.conf
 
-# Validate with specific vendor
+# Check with specific vendor
 sentriflow -v cisco-ios router.conf
 
 # Scan a directory of configs
@@ -44,7 +44,7 @@ sentriflow --list-rules
 ```
 Usage: sentriflow [options] [file]
 
-SentriFlow Network Configuration Validator
+SentriFlow Network Configuration Compliance Checker
 
 Arguments:
   file                          Path to the configuration file
@@ -164,7 +164,7 @@ sentriflow router.conf -f sarif > results.sarif
 ### GitHub Actions
 
 ```yaml
-- name: Lint network configs
+- name: Check network config compliance
   run: |
     npx @sentriflow/cli -D configs/ -R -f sarif > results.sarif
 
@@ -190,8 +190,8 @@ SentriFlow automatically looks for `.sentriflowrc` or `.sentriflowrc.json` in th
 
 ## Related Packages
 
-- [`@sentriflow/core`](https://github.com/sentriflow/sentriflow/tree/main/packages/core) - Core parsing engine
-- [`@sentriflow/rules-default`](https://github.com/sentriflow/sentriflow/tree/main/packages/rules-default) - Default validation rules
+- [`@sentriflow/core`](https://github.com/sentriflow/sentriflow/tree/main/packages/core) - Core parsing and compliance engine
+- [`@sentriflow/rules-default`](https://github.com/sentriflow/sentriflow/tree/main/packages/rules-default) - Default compliance rules
 
 ## License
 

package/dist/index.js

@@ -10407,7 +10407,7 @@ function generateSarif(results, filePath, rules, options = {}) {
         tool: {
           driver: {
             name: "Sentriflow",
-            version: "0.1.4",
+            version: "0.1.5",
             informationUri: "https://github.com/sentriflow/sentriflow",
             rules: sarifRules,
             // SEC-007: Include CWE taxonomy when rules reference it
@@ -10513,7 +10513,7 @@ function generateMultiFileSarif(fileResults, rules, options = {}) {
         tool: {
           driver: {
             name: "Sentriflow",
-            version: "0.1.4",
+            version: "0.1.5",
             informationUri: "https://github.com/sentriflow/sentriflow",
             rules: sarifRules,
             // SEC-007: Include CWE taxonomy when rules reference it
@@ -13490,6 +13490,43 @@ function validateInputFilePath(filePath, maxSize = 10 * 1024 * 1024, baseDirs) {
   });
 }
 
+// src/loaders/index.ts
+function validatePathOrThrow(path, pathValidator, errorContext, baseDirs) {
+  const validation = pathValidator(path, baseDirs);
+  if (!validation.valid) {
+    throw new SentriflowConfigError(
+      `Invalid ${errorContext} path: ${validation.error}`
+    );
+  }
+  return validation.canonicalPath;
+}
+async function wrapLoadError(operation, errorContext) {
+  try {
+    return await operation();
+  } catch (error) {
+    if (error instanceof SentriflowConfigError) {
+      throw error;
+    }
+    throw new SentriflowConfigError(`Failed to load ${errorContext} file`);
+  }
+}
+async function loadAndValidate(options) {
+  const { path, baseDirs, pathValidator, loader, validator, errorContext } = options;
+  const canonicalPath = validatePathOrThrow(
+    path,
+    pathValidator,
+    errorContext,
+    baseDirs
+  );
+  return wrapLoadError(async () => {
+    const data = await loader(canonicalPath);
+    if (!validator(data)) {
+      throw new SentriflowConfigError(`Invalid ${errorContext} structure`);
+    }
+    return data;
+  }, errorContext);
+}
+
 // src/config.ts
 var CONFIG_FILES = [
   "sentriflow.config.ts",
@@ -13655,36 +13692,30 @@ function isValidRulePack(pack) {
   return true;
 }
 async function loadConfigFile(configPath, baseDirs) {
-  const validation = validateConfigPath(configPath, baseDirs);
-  if (!validation.valid) {
-    throw new SentriflowConfigError(`Invalid config path: ${validation.error}`);
-  }
-  try {
-    const module = await import(validation.canonicalPath);
-    const config = module.default ?? module;
-    if (!isValidSentriflowConfig(config)) {
-      throw new SentriflowConfigError("Invalid configuration structure");
-    }
-    return config;
-  } catch (error) {
-    if (error instanceof SentriflowConfigError) {
-      throw error;
-    }
-    throw new SentriflowConfigError("Failed to load configuration file");
-  }
+  return loadAndValidate({
+    path: configPath,
+    baseDirs,
+    pathValidator: validateConfigPath,
+    loader: async (p) => {
+      const m = await import(p);
+      return m.default ?? m;
+    },
+    validator: isValidSentriflowConfig,
+    errorContext: "config"
+  });
 }
 async function loadExternalRules(rulesPath, baseDirs) {
-  const validation = validateConfigPath(rulesPath, baseDirs);
-  if (!validation.valid) {
-    throw new SentriflowConfigError(`Invalid rules path: ${validation.error}`);
-  }
-  try {
-    const module = await import(validation.canonicalPath);
+  const canonicalPath = validatePathOrThrow(
+    rulesPath,
+    validateConfigPath,
+    "rules",
+    baseDirs
+  );
+  return wrapLoadError(async () => {
+    const module = await import(canonicalPath);
     const rules = module.default ?? module.rules ?? module;
     if (!Array.isArray(rules)) {
-      throw new SentriflowConfigError(
-        "Rules file must export an array of rules"
-      );
+      throw new SentriflowConfigError("Rules file must export an array of rules");
     }
     const validRules = [];
     for (const rule of rules) {
@@ -13692,29 +13723,24 @@ async function loadExternalRules(rulesPath, baseDirs) {
         validRules.push(rule);
       } else {
         const safeRuleId = typeof rule === "object" && rule !== null && "id" in rule ? String(rule.id).slice(0, 50) : "unknown";
-        console.warn(
-          `Skipping invalid rule: ${safeRuleId} (validation failed)`
-        );
+        console.warn(`Skipping invalid rule: ${safeRuleId} (validation failed)`);
       }
     }
     if (validRules.length === 0 && rules.length > 0) {
       throw new SentriflowConfigError("No valid rules found in rules file");
     }
     return validRules;
-  } catch (error) {
-    if (error instanceof SentriflowConfigError) {
-      throw error;
-    }
-    throw new SentriflowConfigError("Failed to load rules file");
-  }
+  }, "rules");
 }
 async function loadJsonRules(jsonPath, baseDirs) {
-  const validation = validateJsonRulesPath(jsonPath, baseDirs);
-  if (!validation.valid) {
-    throw new SentriflowConfigError(`Invalid JSON rules path: ${validation.error}`);
-  }
-  try {
-    const content = await readFileAsync(validation.canonicalPath, "utf-8");
+  const canonicalPath = validatePathOrThrow(
+    jsonPath,
+    validateJsonRulesPath,
+    "JSON rules",
+    baseDirs
+  );
+  return wrapLoadError(async () => {
+    const content = await readFileAsync(canonicalPath, "utf-8");
     let jsonData;
     try {
       jsonData = JSON.parse(content);
@@ -13723,16 +13749,12 @@ async function loadJsonRules(jsonPath, baseDirs) {
     }
     const validationResult = validateJsonRuleFile(jsonData);
     if (!validationResult.valid) {
-      const errorMessages = validationResult.errors.map((e) => `  ${e.path}: ${e.message}`).join("\n");
-      throw new SentriflowConfigError(
-        `Invalid JSON rules file:
-${errorMessages}`
-      );
+      const errors = validationResult.errors.map((e) => `  ${e.path}: ${e.message}`).join("\n");
+      throw new SentriflowConfigError(`Invalid JSON rules file:
+${errors}`);
     }
-    if (validationResult.warnings.length > 0) {
-      for (const warning of validationResult.warnings) {
-        console.warn(`[JSON Rules] Warning: ${warning.path}: ${warning.message}`);
-      }
+    for (const warning of validationResult.warnings) {
+      console.warn(`[JSON Rules] Warning: ${warning.path}: ${warning.message}`);
     }
     const ruleFile = jsonData;
     const compiledRules = compileJsonRules(ruleFile.rules);
@@ -13740,12 +13762,7 @@ ${errorMessages}`
       throw new SentriflowConfigError("No valid rules compiled from JSON file");
     }
     return compiledRules;
-  } catch (error) {
-    if (error instanceof SentriflowConfigError) {
-      throw error;
-    }
-    throw new SentriflowConfigError("Failed to load JSON rules file");
-  }
+  }, "JSON rules");
 }
 function ruleAppliesToVendor(rule, vendorId) {
   if (!rule.vendor) return true;
@@ -13766,70 +13783,52 @@ function isDefaultRuleDisabled(ruleId, vendorId, packs, legacyDisableIds) {
   return false;
 }
 async function loadRulePackFile(packPath, baseDirs) {
-  const validation = validateConfigPath(packPath, baseDirs);
-  if (!validation.valid) {
-    throw new SentriflowConfigError(
-      `Invalid rule pack path: ${validation.error}`
-    );
-  }
-  try {
-    const module = await import(validation.canonicalPath);
-    const pack = module.default ?? module;
-    if (!isValidRulePack(pack)) {
-      throw new SentriflowConfigError("Invalid rule pack structure");
-    }
-    return pack;
-  } catch (error) {
-    if (error instanceof SentriflowConfigError) throw error;
-    throw new SentriflowConfigError("Failed to load rule pack file");
-  }
+  return loadAndValidate({
+    path: packPath,
+    baseDirs,
+    pathValidator: validateConfigPath,
+    loader: async (p) => {
+      const m = await import(p);
+      return m.default ?? m;
+    },
+    validator: isValidRulePack,
+    errorContext: "rule pack"
+  });
+}
+function mapPackLoadError(error) {
+  const messages = {
+    DECRYPTION_FAILED: "Invalid license key for encrypted pack",
+    EXPIRED: "Encrypted pack has expired",
+    MACHINE_MISMATCH: "License is not valid for this machine",
+    ACTIVATION_LIMIT: "Maximum activations exceeded for this license"
+  };
+  throw new SentriflowConfigError(
+    messages[error.code] ?? `Failed to load encrypted pack: ${error.message}`
+  );
 }
 async function loadEncryptedRulePack(packPath, licenseKey, baseDirs) {
-  const validation = validateEncryptedPackPath(packPath, baseDirs);
-  if (!validation.valid) {
-    throw new SentriflowConfigError(
-      `Invalid encrypted pack path: ${validation.error}`
-    );
-  }
+  const canonicalPath = validatePathOrThrow(
+    packPath,
+    validateEncryptedPackPath,
+    "encrypted pack",
+    baseDirs
+  );
   try {
-    const packData = await readFileAsync(validation.canonicalPath);
+    const packData = await readFileAsync(canonicalPath);
     if (!validatePackFormat(packData)) {
       throw new SentriflowConfigError("Invalid encrypted pack format");
     }
     const loadedPack = await loadEncryptedPack(packData, {
       licenseKey,
       timeout: 1e4
-      // 10 seconds for pack validation
     });
     return {
       ...loadedPack.metadata,
       priority: 200,
-      // High priority for licensed packs
       rules: loadedPack.rules
     };
   } catch (error) {
-    if (error instanceof PackLoadError) {
-      switch (error.code) {
-        case "DECRYPTION_FAILED":
-          throw new SentriflowConfigError(
-            "Invalid license key for encrypted pack"
-          );
-        case "EXPIRED":
-          throw new SentriflowConfigError("Encrypted pack has expired");
-        case "MACHINE_MISMATCH":
-          throw new SentriflowConfigError(
-            "License is not valid for this machine"
-          );
-        case "ACTIVATION_LIMIT":
-          throw new SentriflowConfigError(
-            "Maximum activations exceeded for this license"
-          );
-        default:
-          throw new SentriflowConfigError(
-            `Failed to load encrypted pack: ${error.message}`
-          );
-      }
-    }
+    if (error instanceof PackLoadError) mapPackLoadError(error);
     if (error instanceof SentriflowConfigError) throw error;
     throw new SentriflowConfigError("Failed to load encrypted rule pack");
   }
@@ -14191,7 +14190,7 @@ function validateDirectoryPath(dirPath, allowedBaseDirs) {
 
 // index.ts
 var program = new Command();
-program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.4").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
+program.name("sentriflow").description("SentriFlow Network Configuration Validator").version("0.1.5").argument("[file]", "Path to the configuration file").option("--ast", "Output the AST instead of rule results").option("-f, --format <format>", "Output format (json, sarif)", "json").option("-q, --quiet", "Only output failures (suppress passed results)").option("-c, --config <path>", "Path to config file (default: auto-detect)").option("--no-config", "Ignore config file").option("-r, --rules <path>", "Additional rules file to load (legacy)").option("-p, --rule-pack <path>", "Rule pack file to load").option(
   "--encrypted-pack <path...>",
   "SEC-012: Path(s) to encrypted rule pack(s) (.grpx), can specify multiple"
 ).option(

package/package.json

@@ -1,54 +1,54 @@
-{
-  "name": "@sentriflow/cli",
-  "version": "0.1.4",
-  "description": "SentriFlow CLI - Network configuration linter and validator",
-  "license": "Apache-2.0",
-  "main": "dist/index.js",
-  "module": "dist/index.js",
-  "type": "module",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/sentriflow/sentriflow.git",
-    "directory": "packages/cli"
-  },
-  "homepage": "https://github.com/sentriflow/sentriflow#readme",
-  "bugs": {
-    "url": "https://github.com/sentriflow/sentriflow/issues"
-  },
-  "keywords": [
-    "cli",
-    "network",
-    "configuration",
-    "linter",
-    "security",
-    "compliance",
-    "sarif"
-  ],
-  "files": [
-    "dist",
-    "LICENSE",
-    "README.md"
-  ],
-  "publishConfig": {
-    "access": "public"
-  },
-  "scripts": {
-    "build": "bun build.mjs",
-    "prepublishOnly": "bun run build"
-  },
-  "dependencies": {
-    "commander": "^14.0.2"
-  },
-  "devDependencies": {
-    "@sentriflow/core": "workspace:*",
-    "@sentriflow/rules-default": "workspace:*",
-    "bun-types": "latest",
-    "esbuild": "^0.27.0"
-  },
-  "bin": {
-    "sentriflow": "dist/index.js"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  }
-}
+{
+  "name": "@sentriflow/cli",
+  "version": "0.1.5",
+  "description": "SentriFlow CLI - Network configuration linter and validator",
+  "license": "Apache-2.0",
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sentriflow/sentriflow.git",
+    "directory": "packages/cli"
+  },
+  "homepage": "https://github.com/sentriflow/sentriflow#readme",
+  "bugs": {
+    "url": "https://github.com/sentriflow/sentriflow/issues"
+  },
+  "keywords": [
+    "cli",
+    "network",
+    "configuration",
+    "linter",
+    "security",
+    "compliance",
+    "sarif"
+  ],
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "bun build.mjs",
+    "prepublishOnly": "bun run build"
+  },
+  "dependencies": {
+    "commander": "^14.0.2"
+  },
+  "devDependencies": {
+    "@sentriflow/core": "workspace:*",
+    "@sentriflow/rules-default": "workspace:*",
+    "bun-types": "latest",
+    "esbuild": "^0.27.0"
+  },
+  "bin": {
+    "sentriflow": "dist/index.js"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}