agentaudit 3.9.17 → 3.9.18

package/cli.mjs

@@ -9,6 +9,7 @@
  *   agentaudit audit <repo-url>                     Deep LLM-powered security audit
  *   agentaudit lookup <name>                        Look up package in registry
  *   agentaudit check <name|url>                     Lookup + auto-audit if not found
+ *   agentaudit status                               Check configured API keys + providers
  *   agentaudit setup                                Register + configure API key
  * 
  * Global flags: --json, --quiet, --no-color
@@ -25,6 +26,26 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const SKILL_DIR = path.resolve(__dirname);
 const REGISTRY_URL = 'https://agentaudit.dev';
 
+// ── Provider resolution ────
+function resolveProvider(preferred, keys) {
+  const providers = {
+    anthropic: keys.anthropicKey ? { id: 'anthropic', label: 'Anthropic (Claude)', key: keys.anthropicKey } : null,
+    openai: keys.openaiKey ? { id: 'openai', label: 'OpenAI (GPT-4o)', key: keys.openaiKey } : null,
+    openrouter: keys.openrouterKey ? { id: 'openrouter', label: `OpenRouter (${process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4'})`, key: keys.openrouterKey } : null,
+  };
+  // Aliases
+  const aliases = { claude: 'anthropic', gpt: 'openai', 'gpt-4o': 'openai', 'gpt4': 'openai', or: 'openrouter' };
+
+  if (preferred) {
+    const resolved = aliases[preferred] || preferred;
+    const p = providers[resolved];
+    if (!p) return null; // requested provider not available
+    return p;
+  }
+  // Auto-detect: Anthropic > OpenAI > OpenRouter
+  return providers.anthropic || providers.openai || providers.openrouter || null;
+}
+
 // ── Global flags (set in main before command routing) ────
 let jsonMode = false;
 let quietMode = false;
@@ -1312,9 +1333,15 @@ async function auditRepo(url) {
   const openaiKey = process.env.OPENAI_API_KEY;
   const openrouterKey = process.env.OPENROUTER_API_KEY;
   const openrouterModel = process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
-  const activeProvider = anthropicKey ? 'Anthropic (Claude)' : openaiKey ? 'OpenAI (GPT-4o)' : openrouterKey ? `OpenRouter (${openrouterModel})` : null;
+
+  // --provider flag overrides auto-detection
+  const providerFlag = process.argv.find(a => a.startsWith('--provider='))?.split('=')[1]?.toLowerCase()
+    || (process.argv.includes('--provider') ? process.argv[process.argv.indexOf('--provider') + 1]?.toLowerCase() : null);
+
+  const resolvedProvider = resolveProvider(providerFlag, { anthropicKey, openaiKey, openrouterKey });
+  const activeProvider = resolvedProvider?.label || null;
   
-  if (!anthropicKey && !openaiKey && !openrouterKey) {
+  if (!resolvedProvider) {
     // No LLM API key — clear explanation
     console.log();
     console.log(`  ${c.yellow}No LLM API key found.${c.reset} The ${c.bold}audit${c.reset} command needs an LLM to analyze code.`);
@@ -1397,11 +1424,11 @@ async function auditRepo(url) {
   let _lastLlmText = '';
   
   try {
-    if (anthropicKey) {
+    if (resolvedProvider.id === 'anthropic') {
       const res = await fetch('https://api.anthropic.com/v1/messages', {
         method: 'POST',
         headers: {
-          'x-api-key': anthropicKey,
+          'x-api-key': resolvedProvider.key,
           'anthropic-version': '2023-06-01',
           'content-type': 'application/json',
         },
@@ -1423,17 +1450,17 @@ async function auditRepo(url) {
       const text = data.content?.[0]?.text || '';
       _lastLlmText = text;
       report = extractJSON(text);
-    } else if (openaiKey || openrouterKey) {
-      const isOpenRouter = !openaiKey && !!openrouterKey;
+    } else {
+      // OpenAI or OpenRouter (both use OpenAI-compatible API)
+      const isOpenRouter = resolvedProvider.id === 'openrouter';
       const apiUrl = isOpenRouter ? 'https://openrouter.ai/api/v1/chat/completions' : 'https://api.openai.com/v1/chat/completions';
-      const apiToken = isOpenRouter ? openrouterKey : openaiKey;
       const modelName = isOpenRouter ? (process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4') : 'gpt-4o';
       const extraHeaders = isOpenRouter ? { 'HTTP-Referer': 'https://agentaudit.dev', 'X-Title': 'AgentAudit' } : {};
 
       const res = await fetch(apiUrl, {
         method: 'POST',
         headers: {
-          'Authorization': `Bearer ${apiToken}`,
+          'Authorization': `Bearer ${resolvedProvider.key}`,
           'Content-Type': 'application/json',
           ...extraHeaders,
         },
@@ -1656,12 +1683,14 @@ async function main() {
     console.log(`    ${c.cyan}agentaudit audit${c.reset} <url> [url...]              Deep LLM-powered security audit`);
     console.log(`    ${c.cyan}agentaudit lookup${c.reset} <name>                     Look up package in registry`);
     console.log(`    ${c.cyan}agentaudit check${c.reset} <name|url>                  Lookup + auto-audit if not found`);
+    console.log(`    ${c.cyan}agentaudit status${c.reset}                            Check API keys + active provider`);
     console.log(`    ${c.cyan}agentaudit setup${c.reset}                             Register + configure API key`);
     console.log();
     console.log(`  ${c.bold}Global flags:${c.reset}`);
     console.log(`    ${c.dim}--json       Output JSON to stdout (machine-readable)${c.reset}`);
     console.log(`    ${c.dim}--quiet      Suppress banner and tree visualization${c.reset}`);
     console.log(`    ${c.dim}--no-color   Disable ANSI colors (also: NO_COLOR env)${c.reset}`);
+    console.log(`    ${c.dim}--provider   Force LLM provider (anthropic, openai, openrouter)${c.reset}`);
     console.log();
     console.log(`  ${c.bold}Quick Scan${c.reset} vs ${c.bold}Deep Audit${c.reset}:`);
     console.log(`    ${c.dim}scan  = fast regex-based static analysis (~2s)${c.reset}`);
@@ -1709,6 +1738,69 @@ async function main() {
     return;
   }
   
+  if (command === 'status') {
+    console.log(`  ${c.bold}LLM Providers:${c.reset}`);
+    console.log();
+    const keys = {
+      anthropicKey: process.env.ANTHROPIC_API_KEY,
+      openaiKey: process.env.OPENAI_API_KEY,
+      openrouterKey: process.env.OPENROUTER_API_KEY,
+    };
+    const checks = [
+      { name: 'Anthropic', env: 'ANTHROPIC_API_KEY', key: keys.anthropicKey, testUrl: 'https://api.anthropic.com/v1/messages', testHeaders: (k) => ({ 'x-api-key': k, 'anthropic-version': '2023-06-01', 'content-type': 'application/json' }), testBody: JSON.stringify({ model: 'claude-sonnet-4-20250514', max_tokens: 1, messages: [{ role: 'user', content: 'hi' }] }) },
+      { name: 'OpenAI', env: 'OPENAI_API_KEY', key: keys.openaiKey, testUrl: 'https://api.openai.com/v1/models', testHeaders: (k) => ({ 'Authorization': `Bearer ${k}` }), testBody: null },
+      { name: 'OpenRouter', env: 'OPENROUTER_API_KEY', key: keys.openrouterKey, testUrl: 'https://openrouter.ai/api/v1/models', testHeaders: (k) => ({ 'Authorization': `Bearer ${k}` }), testBody: null },
+    ];
+
+    for (const p of checks) {
+      if (!p.key) {
+        console.log(`    ${c.dim}○${c.reset}  ${p.name.padEnd(12)} ${c.dim}not set${c.reset}  ${c.dim}(${p.env})${c.reset}`);
+        continue;
+      }
+      const masked = p.key.substring(0, 8) + '...' + p.key.substring(p.key.length - 4);
+      process.stdout.write(`    ${c.yellow}●${c.reset}  ${p.name.padEnd(12)} ${c.dim}${masked}${c.reset}  checking...`);
+      try {
+        const res = await fetch(p.testUrl, {
+          method: p.testBody ? 'POST' : 'GET',
+          headers: p.testHeaders(p.key),
+          ...(p.testBody ? { body: p.testBody } : {}),
+          signal: AbortSignal.timeout(10_000),
+        });
+        if (res.ok || res.status === 200 || res.status === 201) {
+          process.stdout.write(`\r    ${c.green}●${c.reset}  ${p.name.padEnd(12)} ${c.dim}${masked}${c.reset}  ${c.green}valid ✓${c.reset}  \n`);
+        } else {
+          const body = await res.json().catch(() => ({}));
+          const errMsg = body?.error?.message || `HTTP ${res.status}`;
+          process.stdout.write(`\r    ${c.red}●${c.reset}  ${p.name.padEnd(12)} ${c.dim}${masked}${c.reset}  ${c.red}invalid ✗${c.reset} ${c.dim}(${errMsg})${c.reset}  \n`);
+        }
+      } catch (e) {
+        process.stdout.write(`\r    ${c.red}●${c.reset}  ${p.name.padEnd(12)} ${c.dim}${masked}${c.reset}  ${c.red}error ✗${c.reset} ${c.dim}(${e.message})${c.reset}  \n`);
+      }
+    }
+
+    const resolved = resolveProvider(null, keys);
+    console.log();
+    if (resolved) {
+      console.log(`    ${c.bold}Active provider:${c.reset} ${resolved.label}`);
+      console.log(`    ${c.dim}Override with: --provider=openai | --provider=openrouter | --provider=anthropic${c.reset}`);
+    } else {
+      console.log(`    ${c.yellow}No LLM provider configured.${c.reset} Set one of the API keys above for deep audits.`);
+    }
+
+    // AgentAudit registry key
+    console.log();
+    console.log(`  ${c.bold}Registry:${c.reset}`);
+    const creds = loadCredentials();
+    if (creds?.api_key) {
+      const masked = creds.api_key.substring(0, 8) + '...' + creds.api_key.substring(creds.api_key.length - 4);
+      console.log(`    ${c.green}●${c.reset}  AgentAudit  ${c.dim}${masked}${c.reset}  ${c.dim}(${creds.agent_name || 'unknown'})${c.reset}`);
+    } else {
+      console.log(`    ${c.dim}○${c.reset}  AgentAudit   ${c.dim}not set${c.reset}  ${c.dim}(run: agentaudit setup)${c.reset}`);
+    }
+    console.log();
+    return;
+  }
+  
   if (command === 'discover') {
     const scanFlag = targets.includes('--quick') || targets.includes('--scan') || targets.includes('-s');
     const auditFlag = targets.includes('--deep') || targets.includes('--audit') || targets.includes('-a');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.9.17",
+  "version": "3.9.18",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {