@westbayberry/dg 2.0.7 → 2.0.10

package/dist/scan-ui/components/ScoreHeader.js

@@ -3,6 +3,9 @@ import { Text, Box } from "ink";
 import chalk from "chalk";
 import { useTerminalSize } from "../hooks/useTerminalSize.js";
 import { renderLogo } from "../logo.js";
+export const COMPACT_ROWS = 24;
+// Below ~75 cols the side-by-side logo column garbles the header layout.
+export const LOGO_MIN_COLS = 75;
 function scoreColor(score, action) {
     const colorFn = action === "block" ? chalk.red.bold :
         action === "warn" ? chalk.yellow.bold :
@@ -12,9 +15,10 @@ function scoreColor(score, action) {
 }
 export const ScoreHeader = ({ score, action, total, flagged, clean, userStatus, scanUsage, usageNearLimit, }) => {
     const logo = renderLogo(action);
-    const { cols } = useTerminalSize();
-    const showLogo = cols >= 60;
-    return (_jsx(Box, { flexDirection: "column", borderStyle: "round", borderColor: action === "block" ? "red" : action === "warn" ? "yellow" : action === "analysis_incomplete" ? "cyan" : "green", paddingLeft: 1, paddingRight: 1, width: "100%", children: _jsxs(Box, { flexDirection: "row", children: [_jsxs(Box, { flexDirection: "column", flexGrow: 1, children: [_jsxs(Text, { bold: true, children: ["Dependency Guardian  ", userStatus ?? ""] }), _jsx(Text, { children: " " }), _jsxs(Text, { children: [chalk.dim("Score"), "  ", scoreColor(score, action)] }), total !== undefined && (_jsxs(_Fragment, { children: [_jsx(Text, { children: " " }), _jsxs(Text, { children: [chalk.dim(`${total} package${total !== 1 ? "s" : ""} scanned`), flagged !== undefined && flagged > 0 ? (_jsxs(_Fragment, { children: ["    ", chalk.yellow(`${flagged} flagged`), "    ", chalk.green(`${clean ?? 0} clean`)] })) : (_jsxs(_Fragment, { children: ["    ", chalk.green("all clean")] }))] }), scanUsage && (usageNearLimit
-                                    ? _jsxs(Text, { color: "yellow", children: [scanUsage, "  \u2191 dg upgrade for Pro"] })
+    const { cols, rows } = useTerminalSize();
+    const compact = rows < COMPACT_ROWS;
+    const showLogo = cols >= LOGO_MIN_COLS && !compact;
+    return (_jsx(Box, { flexDirection: "column", borderStyle: "round", borderColor: action === "block" ? "red" : action === "warn" ? "yellow" : action === "analysis_incomplete" ? "cyan" : "green", paddingLeft: 1, paddingRight: 1, width: "100%", children: _jsxs(Box, { flexDirection: "row", children: [_jsxs(Box, { flexDirection: "column", flexGrow: 1, children: [_jsxs(Text, { bold: true, children: ["Dependency Guardian  ", userStatus ?? ""] }), !compact && _jsx(Text, { children: " " }), _jsxs(Text, { children: [chalk.dim("Score"), "  ", scoreColor(score, action)] }), total !== undefined && (_jsxs(_Fragment, { children: [!compact && _jsx(Text, { children: " " }), _jsxs(Text, { children: [chalk.dim(`${total} package${total !== 1 ? "s" : ""} scanned`), flagged !== undefined && flagged > 0 ? (_jsxs(_Fragment, { children: ["    ", chalk.yellow(`${flagged} flagged`), "    ", chalk.green(`${clean ?? 0} clean`)] })) : (_jsxs(_Fragment, { children: ["    ", chalk.green("all clean")] }))] }), scanUsage && (usageNearLimit
+                                    ? _jsxs(Text, { color: "yellow", children: [scanUsage, "  \u2191 Pro: westbayberry.com/pricing"] })
                                     : _jsx(Text, { dimColor: true, children: scanUsage }))] }))] }), showLogo && (_jsx(Box, { flexDirection: "column", marginLeft: 2, children: logo.map((line, i) => _jsx(Text, { children: line }, i)) }))] }) }));
 };

package/dist/scan-ui/hooks/useScan.js

@@ -1,3 +1,4 @@
+import { randomUUID } from "node:crypto";
 import { useReducer, useEffect, useRef, useCallback, useState } from "react";
 import { analyzePackages, AnalyzeError, mergeAnalyzeResponses } from "../../api/analyze.js";
 import { collectScanPackages, discoverScanProjectsAsync } from "../../scan/collect.js";
@@ -37,7 +38,12 @@ function reducer(_state, action) {
 export function useScan(config) {
     const [state, dispatch] = useReducer(reducer, { phase: "discovering" });
     const started = useRef(false);
+    const abortRef = useRef(null);
+    if (abortRef.current === null) {
+        abortRef.current = new AbortController();
+    }
     const [multiProjects, setMultiProjects] = useState(null);
+    useEffect(() => () => abortRef.current?.abort(), []);
     useEffect(() => {
         if (started.current) {
             return;
@@ -56,11 +62,11 @@ export function useScan(config) {
                 dispatch({ type: "PROJECTS_FOUND", projects });
                 return;
             }
-            await scanProjects(projects, dispatch);
+            await scanProjects(projects, dispatch, abortRef.current?.signal);
         })();
     }, [config]);
     const scanSelectedProjects = useCallback((projects) => {
-        void scanProjects(projects, dispatch);
+        void scanProjects(projects, dispatch, abortRef.current?.signal);
     }, []);
     const restartSelection = useCallback(() => {
         if (multiProjects) {
@@ -73,43 +79,84 @@ export function useScan(config) {
         restartSelection: multiProjects ? restartSelection : null
     };
 }
-async function scanProjects(projects, dispatch) {
+async function scanProjects(projects, dispatch, signal) {
+    const startMs = Date.now();
+    let skipped = 0;
+    let total = 0;
     try {
-        const { byEcosystem, skipped } = collectScanPackages(projects);
-        const total = [...byEcosystem.values()].reduce((sum, list) => sum + list.length, 0);
+        const collected = collectScanPackages(projects);
+        skipped = collected.skipped;
+        const entries = [...collected.byEcosystem.entries()];
+        total = entries.reduce((sum, [, list]) => sum + list.length, 0);
         if (total === 0) {
             dispatch({ type: "DISCOVERY_EMPTY", message: "No packages to scan." });
             return;
         }
         dispatch({ type: "DISCOVERY_COMPLETE", total });
-        const startMs = Date.now();
-        const responses = [];
-        let completed = 0;
-        for (const [ecosystem, packages] of byEcosystem) {
-            const base = completed;
-            responses.push(await analyzePackages(packages, {
-                ecosystem,
-                onProgress: (progress) => {
-                    dispatch({ type: "SCAN_PROGRESS", done: base + progress.done, total, batchIndex: progress.batchIndex, batchCount: progress.batchCount });
-                }
-            }));
-            completed = base + packages.length;
+        const scanId = randomUUID();
+        const progressByEcosystem = new Map(entries.map(([ecosystem]) => [ecosystem, { done: 0, batchIndex: 0, batchCount: 1 }]));
+        const reportProgress = () => {
+            let done = 0;
+            let batchIndex = 0;
+            let batchCount = 0;
+            for (const progress of progressByEcosystem.values()) {
+                done += progress.done;
+                batchIndex += progress.batchIndex;
+                batchCount += progress.batchCount;
+            }
+            dispatch({ type: "SCAN_PROGRESS", done, total, batchIndex, batchCount });
+        };
+        const outcomes = await Promise.all(entries.map(async ([ecosystem, packages]) => {
+            try {
+                const response = await analyzePackages(packages, {
+                    ecosystem,
+                    scanId,
+                    ...(signal ? { signal } : {}),
+                    onProgress: (progress) => {
+                        progressByEcosystem.set(ecosystem, {
+                            done: progress.done,
+                            batchIndex: progress.batchIndex,
+                            batchCount: progress.batchCount
+                        });
+                        reportProgress();
+                    }
+                });
+                return { response };
+            }
+            catch (error) {
+                return { error };
+            }
+        }));
+        if (signal?.aborted) {
+            return;
+        }
+        const responses = outcomes.flatMap((outcome) => ("response" in outcome ? [outcome.response] : []));
+        const firstFailure = outcomes.find((outcome) => "error" in outcome);
+        if (responses.length > 0) {
+            const merged = mergeAnalyzeResponses(responses);
+            dispatch({
+                type: "SCAN_COMPLETE",
+                result: firstFailure && merged.action === "pass" ? { ...merged, action: "analysis_incomplete" } : merged,
+                durationMs: Date.now() - startMs,
+                skippedCount: skipped,
+                discoveredTotal: total
+            });
+            return;
+        }
+        if (firstFailure) {
+            throw firstFailure.error;
         }
-        dispatch({
-            type: "SCAN_COMPLETE",
-            result: mergeAnalyzeResponses(responses),
-            durationMs: Date.now() - startMs,
-            skippedCount: skipped,
-            discoveredTotal: total
-        });
     }
     catch (error) {
-        if (error instanceof AnalyzeError && (error.statusCode === 402 || error.statusCode === 429)) {
+        if (signal?.aborted) {
+            return;
+        }
+        if (error instanceof AnalyzeError && error.code === "quota_exceeded") {
             const body = (error.body ?? {});
             dispatch({
                 type: "FREE_CAP_REACHED",
-                scansUsed: body.scansUsed ?? 0,
-                maxScans: body.maxScans ?? 0,
+                scansUsed: error.scansUsed ?? 0,
+                maxScans: error.scansLimit ?? 0,
                 capReason: body.reason === "prefix_cap" ? "prefix_cap" : "monthly_limit",
                 ...(typeof body.resetsAt === "string" ? { resetsAt: body.resetsAt } : {})
             });

package/dist/scan-ui/launch.js

@@ -1,5 +1,7 @@
 import { loadUserConfig } from "../config/settings.js";
 import { resolvePresentation } from "../presentation/mode.js";
+import { pendingUpdate } from "../runtime/nudges.js";
+import { enterTui, leaveTui } from "./alt-screen.js";
 export function shouldLaunchScanTui(options) {
     if (options.format !== "text" || options.outputPath) {
         return false;
@@ -7,6 +9,9 @@ export function shouldLaunchScanTui(options) {
     if (options.targetPath !== ".") {
         return false;
     }
+    if (process.env.TERM === "dumb") {
+        return false;
+    }
     return resolvePresentation().mode === "rich";
 }
 export async function launchScanTui(initialView = "results") {
@@ -19,9 +24,18 @@ export async function launchScanTui(initialView = "results") {
         import("react"),
         import("./LegacyApp.js")
     ]);
-    const policyMode = loadUserConfig().policy.mode;
-    const mode = policyMode === "off" ? "off" : policyMode === "warn" ? "warn" : "block";
+    const mode = loadUserConfig().policy.mode;
     const config = { mode };
-    const instance = render(react.default.createElement(app.App, { config, initialView }), { exitOnCtrlC: true });
-    await instance.waitUntilExit();
+    const update = pendingUpdate();
+    const updateAvailable = update
+        ? `Update available: ${update.current} → ${update.latest} · run dg update`
+        : undefined;
+    enterTui();
+    try {
+        const instance = render(react.default.createElement(app.App, { config, initialView, updateAvailable }), { exitOnCtrlC: true });
+        await instance.waitUntilExit();
+    }
+    finally {
+        leaveTui();
+    }
 }

package/dist/service/state.js

@@ -4,8 +4,8 @@ import { dirname, join } from "node:path";
 import { randomUUID } from "node:crypto";
 import { fileURLToPath } from "node:url";
 import { loadUserConfig } from "../config/settings.js";
-import { applyTrustInstall, applyTrustUninstall, readCertificateFingerprints, readServiceTrustRecord, renderTrustStorePlanLines, resolveTrustInstallPlan, TrustStoreError, writeServiceTrustRecord } from "./trust-store.js";
-import { acquireLockSync, cleanupSessionSync, createSessionSync, resolveDgPaths, CLEANUP_REGISTRY_LOCK } from "../state/index.js";
+import { applyTrustInstall, applyTrustUninstall, readCertificateFingerprints, readServiceTrustRecord, renderTrustStorePlanLines, resolveTrustInstallPlan, TrustStoreError, TrustToolMissingError, writeServiceTrustRecord } from "./trust-store.js";
+import { acquireLockSync, cleanupSessionSync, createSessionSync, preserveCorruptCleanupRegistrySync, resolveDgPaths, CLEANUP_REGISTRY_LOCK } from "../state/index.js";
 export const SERVICE_SENTINEL = "dg-service-mode-v1";
 export const TRUST_SENTINEL = "dg-service-trust-v1";
 export const SERVICE_LOCK = "service-control";
@@ -68,7 +68,7 @@ export function buildTrustInstallPlan(env) {
         writes: [
             ...renderTrustStorePlanLines(trustPlan).map((line) => ({
                 action: line,
-                path: trustPlan?.target ?? paths.trustRecordPath
+                path: ""
             })),
             {
                 action: "write dg-owned managed trust record after trust-store mutation succeeds",
@@ -135,7 +135,7 @@ export function renderServicePlan(title, plan) {
         title,
         "",
         "No service or trust-store state is changed until this plan is confirmed.",
-        ...plan.writes.map((write) => `- ${write.action}: ${write.path}`)
+        ...plan.writes.map((write) => (write.path ? `- ${write.action}: ${write.path}` : `- ${write.action}`))
     ];
     return `${lines.join("\n")}\n`;
 }
@@ -435,6 +435,13 @@ export class ServiceTrustStoreError extends Error {
         super(message);
     }
 }
+export class ServiceTrustToolMissingError extends ServiceTrustStoreError {
+    tool;
+    constructor(tool) {
+        super(`native trust tool '${tool}' is not available on this system`);
+        this.tool = tool;
+    }
+}
 export class ServiceProxyError extends Error {
     constructor(message) {
         super(message);
@@ -446,6 +453,9 @@ function trustStoreOperation(operation) {
         return operation();
     }
     catch (error) {
+        if (error instanceof TrustToolMissingError) {
+            throw new ServiceTrustToolMissingError(error.tool);
+        }
         if (error instanceof TrustStoreError) {
             throw new ServiceTrustStoreError(error.message);
         }
@@ -782,6 +792,7 @@ function readRegistry(paths) {
         return parsed;
     }
     catch {
+        preserveCorruptCleanupRegistrySync(paths);
         return {
             version: 1,
             entries: []

package/dist/service/trust-store.js

@@ -8,6 +8,13 @@ export class TrustStoreError extends Error {
         super(message);
     }
 }
+export class TrustToolMissingError extends TrustStoreError {
+    tool;
+    constructor(tool) {
+        super(`native trust tool '${tool}' is not available on this system`);
+        this.tool = tool;
+    }
+}
 export function resolveTrustInstallPlan(caPath, env = process.env, platform = process.platform) {
     const cert = readCertificateInfo(caPath);
     const backend = env.DG_SERVICE_TRUST_STORE_BACKEND ?? "native";
@@ -104,7 +111,15 @@ export function applyTrustInstall(plan, installedAt, sentinel) {
             mode: 0o755
         });
         copyFileSync(plan.caPath, plan.target);
-        runNativeCommand(["update-ca-certificates"], "Linux trust-store refresh failed");
+        try {
+            runNativeCommand(["update-ca-certificates"], "Linux trust-store refresh failed");
+        }
+        catch (error) {
+            rmSync(plan.target, {
+                force: true
+            });
+            throw error;
+        }
     }
     return {
         version: 1,
@@ -227,8 +242,14 @@ function runNativeCommand(command, failureMessage) {
     const result = spawnSync(program, args, {
         encoding: "utf8"
     });
+    if (result.error) {
+        if (result.error.code === "ENOENT") {
+            throw new TrustToolMissingError(program);
+        }
+        throw new TrustStoreError(`${failureMessage}: ${result.error.message}`);
+    }
     if (result.status !== 0) {
-        const detail = result.stderr.trim() || result.stdout.trim() || `exit ${result.status ?? "unknown"}`;
+        const detail = result.stderr?.trim() || result.stdout?.trim() || `exit ${result.status ?? "unknown"}`;
         throw new TrustStoreError(`${failureMessage}: ${detail}`);
     }
 }

package/dist/setup/git-hook.js

@@ -4,7 +4,7 @@ import { isAbsolute, join, resolve, sep } from "node:path";
 import { randomBytes } from "node:crypto";
 import { acquireLockSync, CLEANUP_REGISTRY_LOCK, resolveDgPaths } from "../state/index.js";
 import { gitTrimmed } from "../util/git.js";
-import { GUARD_HOOK_SENTINEL, SETUP_UNINSTALL_LOCK, SETUP_UNINSTALL_LOCK_STALE_MS, mergeRegistry, readRegistry, reverseGitHookEntry, writeRegistry } from "./plan.js";
+import { GUARD_HOOK_SENTINEL, SETUP_UNINSTALL_LOCK, SETUP_UNINSTALL_LOCK_STALE_MS, chainedHookOriginal, guardHookScript, mergeRegistry, readRegistry, reverseGitHookEntry, writeRegistry } from "./plan.js";
 export { GUARD_HOOK_SENTINEL } from "./plan.js";
 export const GUARD_SELFTEST_ENV = "DG_GUARD_COMMIT_SELFTEST";
 function dgEntrypoint() {
@@ -48,14 +48,17 @@ export function resolveGitRepo(options = {}) {
         env
     };
 }
-function secondLine(path) {
+function hookText(path) {
     try {
-        return readFileSync(path, "utf8").split("\n", 2)[1] ?? "";
+        return readFileSync(path, "utf8");
     }
     catch {
         return "";
     }
 }
+function secondLine(path) {
+    return hookText(path).split("\n", 2)[1] ?? "";
+}
 function isManaged(path) {
     return existsSync(path) && secondLine(path).includes(GUARD_HOOK_SENTINEL);
 }
@@ -77,29 +80,25 @@ export function planGitHook(context) {
     const state = gitHookState(context);
     return { context, state, willChain: state === "foreign" };
 }
-function hookScript(dgPath, chainedOriginal) {
-    const lines = [
-        "#!/bin/sh",
-        `# ${GUARD_HOOK_SENTINEL}`,
-        `"${dgPath}" scan --staged --hook || exit $?`
-    ];
-    if (chainedOriginal) {
-        lines.push(`[ -x "${chainedOriginal}" ] && exec "${chainedOriginal}" "$@"`);
-    }
-    lines.push("exit 0");
-    return `${lines.join("\n")}\n`;
+function registryOriginal(context) {
+    const entry = readRegistry(context.paths).registry.entries.find((candidate) => candidate.kind === "git-hook" && candidate.owner === "dg" && candidate.path === context.hookTarget);
+    return entry?.original ?? null;
 }
 export function applyGitHook(context, now = new Date()) {
     const lock = acquireLockSync(context.paths, SETUP_UNINSTALL_LOCK, { staleMs: SETUP_UNINSTALL_LOCK_STALE_MS });
     let chainedOriginal = null;
     try {
         mkdirSync(context.hooksDir, { recursive: true });
-        if (gitHookState(context) === "foreign") {
+        const state = gitHookState(context);
+        if (state === "foreign") {
             const backup = join(context.hooksDir, `pre-commit.dg-chained-${randomBytes(4).toString("hex")}`);
             renameSync(context.hookTarget, backup);
             chainedOriginal = backup;
         }
-        writeFileSync(context.hookTarget, hookScript(context.dgPath, chainedOriginal), { encoding: "utf8", mode: 0o755 });
+        else if (state === "managed") {
+            chainedOriginal = chainedHookOriginal(hookText(context.hookTarget)) ?? registryOriginal(context);
+        }
+        writeFileSync(context.hookTarget, guardHookScript(context.dgPath, chainedOriginal), { encoding: "utf8", mode: 0o755 });
         chmodSync(context.hookTarget, 0o755);
         const entry = {
             kind: "git-hook",
@@ -191,6 +190,18 @@ function runSelfTest(context) {
         detail: `self-test expected exit 2, got ${result.status === null ? "no exit" : result.status}`
     };
 }
+function unregisteredHookEntry(context) {
+    const original = chainedHookOriginal(hookText(context.hookTarget));
+    return {
+        kind: "git-hook",
+        path: context.hookTarget,
+        mode: "mode1",
+        sentinel: GUARD_HOOK_SENTINEL,
+        installedAt: "",
+        owner: "dg",
+        ...(original ? { original } : {})
+    };
+}
 function isUnderRoot(path, root) {
     const a = resolve(path);
     const b = resolve(root);
@@ -221,7 +232,7 @@ export function removeGitHookForRepo(context) {
             const targets = mine.length > 0
                 ? mine
                 : isManaged(context.hookTarget)
-                    ? [{ kind: "git-hook", path: context.hookTarget, mode: "mode1", sentinel: GUARD_HOOK_SENTINEL, installedAt: "", owner: "dg" }]
+                    ? [unregisteredHookEntry(context)]
                     : [];
             for (const entry of targets) {
                 reverseGitHookEntry(entry, removed, missing, warnings);