agentaudit 3.9.22 → 3.9.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.mjs +32 -4
  2. package/package.json +1 -1
package/cli.mjs CHANGED
@@ -39,7 +39,7 @@ function resolveProvider(flagOverride, keys) {
39
39
  // Aliases
40
40
  const aliases = { claude: 'anthropic', gpt: 'openai', 'gpt-4o': 'openai', 'gpt4': 'openai', or: 'openrouter', local: 'ollama' };
41
41
 
42
- // Priority: --provider flag > AGENTAUDIT_PROVIDER env > config file > auto-detect
42
+ // Priority: --provider flag > AGENTAUDIT_PROVIDER env > config file > model-inferred > auto-detect
43
43
  const preferred = flagOverride
44
44
  || process.env.AGENTAUDIT_PROVIDER?.toLowerCase()
45
45
  || loadConfig()?.preferred_provider
@@ -51,6 +51,14 @@ function resolveProvider(flagOverride, keys) {
51
51
  if (!p) return null;
52
52
  return p;
53
53
  }
54
+
55
+ // Smart inference: if model override looks like "provider/model" (e.g. z-ai/glm-5, anthropic/claude-sonnet-4)
56
+ // → auto-select OpenRouter (which uses that format)
57
+ const activeModel = globalModelOverride || process.env.AGENTAUDIT_MODEL || loadConfig()?.preferred_model;
58
+ if (activeModel && activeModel.includes('/') && providers.openrouter) {
59
+ return providers.openrouter;
60
+ }
61
+
54
62
  // Auto-detect priority: Anthropic > OpenAI > OpenRouter > Custom > Ollama (local last — usually weaker)
55
63
  return providers.anthropic || providers.openai || providers.openrouter || providers.custom || providers.ollama || null;
56
64
  }
@@ -59,6 +67,7 @@ function resolveProvider(flagOverride, keys) {
59
67
  let jsonMode = false;
60
68
  let quietMode = false;
61
69
  let modelOverride = null; // --model flag or AGENTAUDIT_MODEL env or config
70
+ let globalModelOverride = null; // same, but set early for resolveProvider
62
71
 
63
72
  // ── ANSI Colors (respects NO_COLOR and --no-color) ───────
64
73
 
@@ -1457,8 +1466,22 @@ async function auditRepo(url) {
1457
1466
  return null;
1458
1467
  }
1459
1468
 
1469
+ // Determine actual model name for display
1470
+ let actualModel;
1471
+ if (resolvedProvider.id === 'anthropic') {
1472
+ actualModel = modelOverride || 'claude-sonnet-4-20250514';
1473
+ } else if (resolvedProvider.id === 'openrouter') {
1474
+ actualModel = modelOverride || process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
1475
+ } else if (resolvedProvider.id === 'openai') {
1476
+ actualModel = modelOverride || 'gpt-4o';
1477
+ } else if (resolvedProvider.id === 'ollama') {
1478
+ actualModel = modelOverride || resolvedProvider.model;
1479
+ } else {
1480
+ actualModel = modelOverride || resolvedProvider.model || 'unknown';
1481
+ }
1482
+
1460
1483
  // We have an API key — run LLM audit
1461
- process.stdout.write(` ${c.dim}[4/4]${c.reset} Running LLM analysis ${c.dim}(${activeProvider})${c.reset}...`);
1484
+ process.stdout.write(` ${c.dim}[4/4]${c.reset} Running LLM analysis ${c.dim}(${resolvedProvider.id}: ${actualModel})${c.reset}...`);
1462
1485
 
1463
1486
  const systemPrompt = auditPrompt || 'You are a security auditor. Analyze the code and report findings as JSON.';
1464
1487
  const userMessage = [
@@ -1579,7 +1602,11 @@ async function auditRepo(url) {
1579
1602
  // Display results
1580
1603
  console.log();
1581
1604
  const riskScore = report.risk_score || 0;
1582
- console.log(` ${riskBadge(riskScore)} Risk ${riskScore}/100 ${c.bold}${report.result || 'unknown'}${c.reset}`);
1605
+ const trustScore = 100 - riskScore;
1606
+ const trustColor = trustScore >= 70 ? c.green : trustScore >= 40 ? c.yellow : c.red;
1607
+ const trustLabel = trustScore >= 70 ? 'SAFE' : trustScore >= 40 ? 'CAUTION' : 'UNSAFE';
1608
+ console.log(` ${trustColor}${c.bold}${trustLabel}${c.reset} ${trustColor}Trust Score: ${trustScore}/100${c.reset} ${c.dim}(Risk: ${riskScore}/100)${c.reset}`);
1609
+ console.log(` ${c.dim}Model: ${resolvedProvider.id}/${actualModel} Duration: ${elapsed(start)}${c.reset}`);
1583
1610
  console.log();
1584
1611
 
1585
1612
  if (report.findings && report.findings.length > 0) {
@@ -1608,7 +1635,7 @@ async function auditRepo(url) {
1608
1635
  'Authorization': `Bearer ${creds.api_key}`,
1609
1636
  'Content-Type': 'application/json',
1610
1637
  },
1611
- body: JSON.stringify(report),
1638
+ body: JSON.stringify({ ...report, audit_model: actualModel, audit_provider: resolvedProvider.id }),
1612
1639
  signal: AbortSignal.timeout(15_000),
1613
1640
  });
1614
1641
  if (res.ok) {
@@ -1741,6 +1768,7 @@ async function main() {
1741
1768
  || process.env.AGENTAUDIT_MODEL
1742
1769
  || loadConfig()?.preferred_model
1743
1770
  || null;
1771
+ globalModelOverride = modelOverride;
1744
1772
 
1745
1773
  // Strip global flags from args
1746
1774
  const globalFlags = new Set(['--json', '--quiet', '-q', '--no-color']);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentaudit",
3
- "version": "3.9.22",
3
+ "version": "3.9.23",
4
4
  "description": "Security scanner for AI packages — MCP server + CLI",
5
5
  "type": "module",
6
6
  "bin": {