@vibecheckai/cli 3.3.0 → 3.5.0

package/bin/runners/runContainer.js

@@ -0,0 +1,366 @@
+/**
+ * Container Security Scanner CLI
+ * 
+ * Scans Dockerfiles for security issues and best practices
+ */
+
+"use strict";
+
+const path = require("path");
+const fs = require("fs");
+const { parseGlobalFlags, shouldShowBanner } = require("./lib/global-flags");
+const { EXIT } = require("./lib/exit-codes");
+
+// Terminal UI
+let terminalUI;
+try {
+  terminalUI = require("./lib/terminal-ui");
+} catch {
+  terminalUI = {
+    c: { reset: "", bold: "", dim: "", red: "", yellow: "", green: "", cyan: "" },
+    rgb: () => "",
+    icons: { check: "✓", cross: "✗", warning: "⚠", info: "ℹ" },
+    Spinner: class { start() {} succeed() {} fail() {} },
+  };
+}
+
+const { c, rgb, icons, Spinner } = terminalUI;
+
+// Unified Output System
+const { output } = require("./lib/output/index.js");
+
+// Colors
+const colors = {
+  critical: rgb(255, 80, 80),
+  high: rgb(255, 150, 50),
+  medium: rgb(255, 200, 0),
+  low: rgb(100, 200, 255),
+  info: rgb(150, 150, 150),
+  success: rgb(0, 255, 150),
+  accent: rgb(0, 200, 255),
+};
+
+const BANNER = `
+${rgb(0, 200, 255)}  ╔═══════════════════════════════════════════════════════════════╗${c.reset}
+${rgb(0, 180, 255)}  ║  ${c.bold}CONTAINER SECURITY${c.reset}${rgb(0, 180, 255)} • Dockerfile Scanning               ║${c.reset}
+${rgb(0, 160, 255)}  ╚═══════════════════════════════════════════════════════════════╝${c.reset}
+`;
+
+function printBanner() {
+  console.log(BANNER);
+}
+
+function printHelp() {
+  console.log(`
+${c.bold}Usage:${c.reset} vibecheck container [options] [path]
+
+${c.bold}Description:${c.reset}
+  Scan Dockerfiles for security issues and best practices.
+
+${c.bold}Options:${c.reset}
+  ${colors.accent}--path, -p${c.reset}      Path to Dockerfile or directory (default: .)
+  ${colors.accent}--json${c.reset}          Output as JSON
+  ${colors.accent}--sarif${c.reset}         Output as SARIF for GitHub
+  ${colors.accent}--ignore${c.reset}        Ignore specific rule IDs (comma-separated)
+  ${colors.accent}--min-severity${c.reset}  Minimum severity to report (critical/high/medium/low)
+  ${colors.accent}--verbose, -v${c.reset}   Show detailed output
+  ${colors.accent}--help, -h${c.reset}      Show this help
+
+${c.bold}Examples:${c.reset}
+  ${c.dim}# Scan current directory${c.reset}
+  vibecheck container
+
+  ${c.dim}# Scan specific Dockerfile${c.reset}
+  vibecheck container Dockerfile.prod
+
+  ${c.dim}# JSON output for CI${c.reset}
+  vibecheck container --json
+
+  ${c.dim}# Ignore specific rules${c.reset}
+  vibecheck container --ignore CIS-DI-0001,BP-003
+`);
+}
+
+function parseArgs(args) {
+  const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
+  
+  const opts = {
+    path: globalFlags.path || ".",
+    json: globalFlags.json || false,
+    sarif: false,
+    verbose: globalFlags.verbose || false,
+    help: globalFlags.help || false,
+    ignore: [],
+    minSeverity: null,
+    noBanner: globalFlags.noBanner || false,
+    ci: globalFlags.ci || false,
+    quiet: globalFlags.quiet || false,
+  };
+
+  for (let i = 0; i < cleanArgs.length; i++) {
+    const arg = cleanArgs[i];
+    
+    if (arg === "--sarif") opts.sarif = true;
+    else if (arg === "--ignore") {
+      opts.ignore = (cleanArgs[++i] || "").split(",").filter(Boolean);
+    }
+    else if (arg.startsWith("--ignore=")) {
+      opts.ignore = arg.split("=")[1].split(",").filter(Boolean);
+    }
+    else if (arg === "--min-severity") {
+      opts.minSeverity = cleanArgs[++i];
+    }
+    else if (arg.startsWith("--min-severity=")) {
+      opts.minSeverity = arg.split("=")[1];
+    }
+    else if (!arg.startsWith("-")) {
+      opts.path = arg;
+    }
+  }
+
+  return opts;
+}
+
+function formatFinding(finding, verbose = false) {
+  const severityColors = {
+    critical: colors.critical,
+    high: colors.high,
+    medium: colors.medium,
+    low: colors.low,
+    info: colors.info,
+  };
+  
+  const severityIcons = {
+    critical: "🔴",
+    high: "🟠",
+    medium: "🟡",
+    low: "🔵",
+    info: "⚪",
+  };
+
+  const color = severityColors[finding.severity] || colors.info;
+  const icon = severityIcons[finding.severity] || "⚪";
+  
+  let output = `  ${icon} ${color}${finding.severity.toUpperCase()}${c.reset} ${finding.title}\n`;
+  output += `     ${c.dim}${finding.id}${c.reset}`;
+  
+  if (finding.line) {
+    output += ` ${c.dim}• Line ${finding.line}${c.reset}`;
+  }
+  
+  output += "\n";
+  
+  if (verbose) {
+    output += `     ${c.dim}${finding.description}${c.reset}\n`;
+    output += `     ${colors.accent}Fix:${c.reset} ${finding.recommendation}\n`;
+  }
+  
+  return output;
+}
+
+async function runContainer(args) {
+  const opts = parseArgs(args);
+
+  if (opts.help) {
+    printHelp();
+    return EXIT.SUCCESS;
+  }
+
+  if (shouldShowBanner(opts)) {
+    printBanner();
+  }
+
+  const spinner = new Spinner();
+  spinner.start("Scanning for Dockerfiles...");
+
+  try {
+    // Dynamic import of the security package
+    let containerScanner;
+    try {
+      containerScanner = require("@vibecheck/security").scanDockerfile || 
+                        require("@vibecheck/security").container?.scanDockerfile;
+      
+      if (!containerScanner) {
+        // Try direct import
+        const security = require("../../packages/security/src/container/scanner");
+        containerScanner = security.scanDockerfile;
+      }
+    } catch (e) {
+      // Fallback: try relative path
+      try {
+        const security = require("../../packages/security/src/container/scanner");
+        containerScanner = security.scanDockerfile;
+      } catch {
+        spinner.fail("Container scanning module not available");
+        console.error(`\n  ${colors.critical}${icons.cross}${c.reset} Container scanning requires @vibecheck/security package\n`);
+        return EXIT.INTERNAL_ERROR;
+      }
+    }
+
+    const targetPath = path.resolve(opts.path);
+    const stat = fs.statSync(targetPath);
+    
+    let results = [];
+    
+    if (stat.isDirectory()) {
+      // Find all Dockerfiles in directory
+      const dockerfiles = [];
+      
+      function findDockerfiles(dir) {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+          const fullPath = path.join(dir, entry.name);
+          if (entry.isDirectory() && !["node_modules", ".git", ".terraform"].includes(entry.name)) {
+            findDockerfiles(fullPath);
+          } else if (
+            entry.name === "Dockerfile" ||
+            entry.name.match(/^Dockerfile\.\w+$/) ||
+            entry.name.match(/\.dockerfile$/i)
+          ) {
+            dockerfiles.push(fullPath);
+          }
+        }
+      }
+      
+      findDockerfiles(targetPath);
+      
+      if (dockerfiles.length === 0) {
+        spinner.succeed("No Dockerfiles found");
+        console.log(`\n  ${c.dim}No Dockerfiles found in ${targetPath}${c.reset}\n`);
+        return EXIT.SUCCESS;
+      }
+      
+      spinner.succeed(`Found ${dockerfiles.length} Dockerfile(s)`);
+      
+      for (const dockerfile of dockerfiles) {
+        const result = await containerScanner({
+          dockerfilePath: dockerfile,
+          ignoreRules: opts.ignore,
+          minSeverity: opts.minSeverity,
+        });
+        results.push(result);
+      }
+    } else {
+      // Single file
+      spinner.succeed("Scanning Dockerfile");
+      const result = await containerScanner({
+        dockerfilePath: targetPath,
+        ignoreRules: opts.ignore,
+        minSeverity: opts.minSeverity,
+      });
+      results.push(result);
+    }
+
+    // Aggregate results
+    const totalFindings = results.flatMap(r => r.findings);
+    const totalScore = results.length > 0 
+      ? Math.round(results.reduce((sum, r) => sum + r.score, 0) / results.length)
+      : 100;
+
+    // JSON output
+    if (opts.json) {
+      console.log(JSON.stringify({
+        success: true,
+        results,
+        summary: {
+          filesScanned: results.length,
+          totalFindings: totalFindings.length,
+          score: totalScore,
+          critical: totalFindings.filter(f => f.severity === "critical").length,
+          high: totalFindings.filter(f => f.severity === "high").length,
+          medium: totalFindings.filter(f => f.severity === "medium").length,
+          low: totalFindings.filter(f => f.severity === "low").length,
+        },
+      }, null, 2));
+      
+      return totalFindings.some(f => f.severity === "critical" || f.severity === "high")
+        ? EXIT.BLOCKING
+        : totalFindings.length > 0 ? EXIT.WARNINGS : EXIT.SUCCESS;
+    }
+
+    // SARIF output
+    if (opts.sarif) {
+      const sarif = {
+        $schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+        version: "2.1.0",
+        runs: [{
+          tool: {
+            driver: {
+              name: "vibecheck-container",
+              version: "1.0.0",
+              informationUri: "https://vibecheckai.dev",
+            },
+          },
+          results: totalFindings.map(f => ({
+            ruleId: f.id,
+            level: f.severity === "critical" || f.severity === "high" ? "error" : "warning",
+            message: { text: f.description },
+            locations: [{
+              physicalLocation: {
+                artifactLocation: { uri: f.file || opts.path },
+                region: f.line ? { startLine: f.line } : undefined,
+              },
+            }],
+          })),
+        }],
+      };
+      console.log(JSON.stringify(sarif, null, 2));
+      return EXIT.SUCCESS;
+    }
+
+    // Human-readable output
+    console.log("");
+    
+    for (const result of results) {
+      const relPath = path.relative(process.cwd(), result.dockerfile);
+      console.log(`${c.bold}📄 ${relPath}${c.reset}`);
+      console.log(`   Score: ${result.score >= 80 ? colors.success : result.score >= 60 ? colors.medium : colors.critical}${result.score}/100${c.reset}`);
+      console.log("");
+      
+      if (result.findings.length === 0) {
+        console.log(`  ${colors.success}${icons.check}${c.reset} No issues found\n`);
+      } else {
+        // Group by severity
+        const bySeverity = {
+          critical: result.findings.filter(f => f.severity === "critical"),
+          high: result.findings.filter(f => f.severity === "high"),
+          medium: result.findings.filter(f => f.severity === "medium"),
+          low: result.findings.filter(f => f.severity === "low"),
+        };
+        
+        for (const [severity, findings] of Object.entries(bySeverity)) {
+          if (findings.length > 0) {
+            for (const finding of findings) {
+              console.log(formatFinding(finding, opts.verbose));
+            }
+          }
+        }
+      }
+      
+      // Recommendations
+      if (result.recommendations && result.recommendations.length > 0 && opts.verbose) {
+        console.log(`${c.bold}  💡 Recommendations:${c.reset}`);
+        for (const rec of result.recommendations) {
+          console.log(`     • ${rec}`);
+        }
+        console.log("");
+      }
+    }
+
+    // Summary
+    console.log(`${c.dim}─────────────────────────────────────────────────────────────${c.reset}`);
+    console.log(`${c.bold}Summary:${c.reset} ${results.length} file(s), ${totalFindings.length} finding(s), Score: ${totalScore}/100`);
+    console.log("");
+
+    return totalFindings.some(f => f.severity === "critical" || f.severity === "high")
+      ? EXIT.BLOCKING
+      : totalFindings.length > 0 ? EXIT.WARNINGS : EXIT.SUCCESS;
+
+  } catch (error) {
+    spinner.fail("Scan failed");
+    console.error(`\n  ${colors.critical}${icons.cross}${c.reset} ${error.message}\n`);
+    return EXIT.INTERNAL_ERROR;
+  }
+}
+
+module.exports = { runContainer };

package/bin/runners/runContext.js

@@ -24,6 +24,9 @@ const {
   getTierFromKey,
 } = require("./lib/unified-cli-output");
 
+// Unified Output System
+const { output } = require("./lib/output/index.js");
+
 async function runContext(args) {
   const { flags: globalFlags, cleanArgs } = parseGlobalFlags(args);
   const quiet = shouldSuppressOutput(globalFlags);

package/bin/runners/runDoctor.js

@@ -24,44 +24,15 @@ const { formatWorkflowUpsell } = require("./lib/upsell");
 const { getApiKey } = require("./lib/auth");
 
 // ═══════════════════════════════════════════════════════════════════════════════
-// ADVANCED TERMINAL - ANSI CODES & UTILITIES
+// TERMINAL UI - Import from shared module
 // ═══════════════════════════════════════════════════════════════════════════════
 
-const c = {
-  reset: '\x1b[0m',
-  bold: '\x1b[1m',
-  dim: '\x1b[2m',
-  italic: '\x1b[3m',
-  underline: '\x1b[4m',
-  // Colors
-  black: '\x1b[30m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  blue: '\x1b[34m',
-  magenta: '\x1b[35m',
-  cyan: '\x1b[36m',
-  white: '\x1b[37m',
-  // Bright colors
-  gray: '\x1b[90m',
-  brightRed: '\x1b[91m',
-  brightGreen: '\x1b[92m',
-  brightYellow: '\x1b[93m',
-  brightBlue: '\x1b[94m',
-  brightMagenta: '\x1b[95m',
-  brightCyan: '\x1b[96m',
-  brightWhite: '\x1b[97m',
-  // Cursor control
-  clearLine: '\x1b[2K',
-  hideCursor: '\x1b[?25l',
-  showCursor: '\x1b[?25h',
-};
+const { c, rgb, bgRgb, icons, Spinner } = require("./lib/terminal-ui");
 
-// 256-color / True color support
-const rgb = (r, g, b) => `\x1b[38;2;${r};${g};${b}m`;
-const bgRgb = (r, g, b) => `\x1b[48;2;${r};${g};${b}m`;
+// Unified Output System
+const { output } = require("./lib/output/index.js");
 
-// Premium color palette
+// Extended color palette for doctor command
 const colors = {
   // Gradients for banner
   gradient1: rgb(100, 200, 255),   // Light blue
@@ -305,6 +276,13 @@ async function runDoctor(args, context = {}) {
   const json = isJsonMode(opts);
   const executionStart = Date.now();
   
+  // Configure unified output mode
+  output.setMode({ 
+    json: json, 
+    quiet: quiet, 
+    ci: opts.ci 
+  });
+  
   if (opts.help) {
     printHelp(shouldShowBanner(opts));
     return EXIT.SUCCESS;
@@ -603,14 +581,20 @@ function runDoctorLegacy() {
   
   // Get tier for upsell
   const { key } = getApiKey();
-  const currentTier = key ? "starter" : "free";
+  const currentTier = key ? "pro" : "free";
   
   if (hasIssues) {
     console.log("  ❌ Issues found. Fix them and run doctor again.");
     console.log();
-    console.log(`  ${c.dim}Need help?${c.reset} ${colors.accent}vibecheck fix${c.reset} ${c.dim}can auto-repair many issues${c.reset}`);
+    
     if (currentTier === "free") {
-      console.log(`  ${c.dim}Requires STARTER plan • vibecheckai.dev${c.reset}`);
+      console.log(`  ${c.gray}╭${'─'.repeat(58)}╮${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}  ${c.magenta}★ PRO${c.reset} Auto-fix environment issues with AI            ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}       ${c.cyan}vibecheck fix${c.reset} can auto-repair many issues       ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}       ${c.dim}https://vibecheckai.dev/pricing${c.reset}                   ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}╰${'─'.repeat(58)}╯${c.reset}`);
+    } else {
+      console.log(`  ${c.dim}Need help?${c.reset} ${colors.accent}vibecheck fix${c.reset} ${c.dim}can auto-repair many issues${c.reset}`);
     }
     console.log();
     return EXIT.BLOCKING;
@@ -618,10 +602,13 @@ function runDoctorLegacy() {
     console.log("  ✅ Environment healthy!");
     console.log();
     
-    // Workflow upsell
-    const workflow = formatWorkflowUpsell("doctor", currentTier);
-    if (workflow) {
-      console.log(`  ${workflow}`);
+    if (currentTier === "free") {
+      console.log(`  ${c.gray}╭${'─'.repeat(58)}╮${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}  ${c.green}✓${c.reset} Ready to scan! Try: ${c.cyan}vibecheck scan${c.reset}                  ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}                                                          ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}  ${c.magenta}★ PRO${c.reset} AI-powered fixes, CI gates, ship badges          ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}│${c.reset}       ${c.dim}https://vibecheckai.dev/pricing${c.reset}                   ${c.gray}│${c.reset}`);
+      console.log(`  ${c.gray}╰${'─'.repeat(58)}╯${c.reset}`);
     } else {
       console.log(`  ${c.dim}Ready to scan?${c.reset} ${colors.accent}vibecheck scan${c.reset} ${c.dim}finds AI mistakes before they ship${c.reset}`);
     }