agentaudit 3.9.22 → 3.9.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.mjs +39 -4
  2. package/package.json +1 -1
package/cli.mjs CHANGED
@@ -39,7 +39,7 @@ function resolveProvider(flagOverride, keys) {
39
39
  // Aliases
40
40
  const aliases = { claude: 'anthropic', gpt: 'openai', 'gpt-4o': 'openai', 'gpt4': 'openai', or: 'openrouter', local: 'ollama' };
41
41
 
42
- // Priority: --provider flag > AGENTAUDIT_PROVIDER env > config file > auto-detect
42
+ // Priority: --provider flag > AGENTAUDIT_PROVIDER env > config file > model-inferred > auto-detect
43
43
  const preferred = flagOverride
44
44
  || process.env.AGENTAUDIT_PROVIDER?.toLowerCase()
45
45
  || loadConfig()?.preferred_provider
@@ -51,6 +51,21 @@ function resolveProvider(flagOverride, keys) {
51
51
  if (!p) return null;
52
52
  return p;
53
53
  }
54
+
55
+ // Smart inference: if model is set, try to match it to a provider
56
+ const activeModel = globalModelOverride || process.env.AGENTAUDIT_MODEL || loadConfig()?.preferred_model;
57
+ if (activeModel) {
58
+ const lm = activeModel.toLowerCase();
59
+ // Direct provider models (no slash = native format)
60
+ if (!lm.includes('/')) {
61
+ if (lm.startsWith('claude') && providers.anthropic) return providers.anthropic;
62
+ if ((lm.startsWith('gpt') || lm.startsWith('o3') || lm.startsWith('o4') || lm.startsWith('o1')) && providers.openai) return providers.openai;
63
+ if (providers.ollama && (process.env.OLLAMA_MODEL || process.env.OLLAMA_HOST)) return providers.ollama;
64
+ }
65
+ // Slash format = OpenRouter convention (provider/model)
66
+ if (lm.includes('/') && providers.openrouter) return providers.openrouter;
67
+ }
68
+
54
69
  // Auto-detect priority: Anthropic > OpenAI > OpenRouter > Custom > Ollama (local last — usually weaker)
55
70
  return providers.anthropic || providers.openai || providers.openrouter || providers.custom || providers.ollama || null;
56
71
  }
@@ -59,6 +74,7 @@ function resolveProvider(flagOverride, keys) {
59
74
  let jsonMode = false;
60
75
  let quietMode = false;
61
76
  let modelOverride = null; // --model flag or AGENTAUDIT_MODEL env or config
77
+ let globalModelOverride = null; // same, but set early for resolveProvider
62
78
 
63
79
  // ── ANSI Colors (respects NO_COLOR and --no-color) ───────
64
80
 
@@ -1457,8 +1473,22 @@ async function auditRepo(url) {
1457
1473
  return null;
1458
1474
  }
1459
1475
 
1476
+ // Determine actual model name for display
1477
+ let actualModel;
1478
+ if (resolvedProvider.id === 'anthropic') {
1479
+ actualModel = modelOverride || 'claude-sonnet-4-20250514';
1480
+ } else if (resolvedProvider.id === 'openrouter') {
1481
+ actualModel = modelOverride || process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
1482
+ } else if (resolvedProvider.id === 'openai') {
1483
+ actualModel = modelOverride || 'gpt-4o';
1484
+ } else if (resolvedProvider.id === 'ollama') {
1485
+ actualModel = modelOverride || resolvedProvider.model;
1486
+ } else {
1487
+ actualModel = modelOverride || resolvedProvider.model || 'unknown';
1488
+ }
1489
+
1460
1490
  // We have an API key — run LLM audit
1461
- process.stdout.write(` ${c.dim}[4/4]${c.reset} Running LLM analysis ${c.dim}(${activeProvider})${c.reset}...`);
1491
+ process.stdout.write(` ${c.dim}[4/4]${c.reset} Running LLM analysis ${c.dim}(${resolvedProvider.id}: ${actualModel})${c.reset}...`);
1462
1492
 
1463
1493
  const systemPrompt = auditPrompt || 'You are a security auditor. Analyze the code and report findings as JSON.';
1464
1494
  const userMessage = [
@@ -1579,7 +1609,11 @@ async function auditRepo(url) {
1579
1609
  // Display results
1580
1610
  console.log();
1581
1611
  const riskScore = report.risk_score || 0;
1582
- console.log(` ${riskBadge(riskScore)} Risk ${riskScore}/100 ${c.bold}${report.result || 'unknown'}${c.reset}`);
1612
+ const trustScore = 100 - riskScore;
1613
+ const trustColor = trustScore >= 70 ? c.green : trustScore >= 40 ? c.yellow : c.red;
1614
+ const trustLabel = trustScore >= 70 ? 'SAFE' : trustScore >= 40 ? 'CAUTION' : 'UNSAFE';
1615
+ console.log(` ${trustColor}${c.bold}${trustLabel}${c.reset} ${trustColor}Trust Score: ${trustScore}/100${c.reset} ${c.dim}(Risk: ${riskScore}/100)${c.reset}`);
1616
+ console.log(` ${c.dim}Model: ${resolvedProvider.id}/${actualModel} Duration: ${elapsed(start)}${c.reset}`);
1583
1617
  console.log();
1584
1618
 
1585
1619
  if (report.findings && report.findings.length > 0) {
@@ -1608,7 +1642,7 @@ async function auditRepo(url) {
1608
1642
  'Authorization': `Bearer ${creds.api_key}`,
1609
1643
  'Content-Type': 'application/json',
1610
1644
  },
1611
- body: JSON.stringify(report),
1645
+ body: JSON.stringify({ ...report, audit_model: actualModel, audit_provider: resolvedProvider.id }),
1612
1646
  signal: AbortSignal.timeout(15_000),
1613
1647
  });
1614
1648
  if (res.ok) {
@@ -1741,6 +1775,7 @@ async function main() {
1741
1775
  || process.env.AGENTAUDIT_MODEL
1742
1776
  || loadConfig()?.preferred_model
1743
1777
  || null;
1778
+ globalModelOverride = modelOverride;
1744
1779
 
1745
1780
  // Strip global flags from args
1746
1781
  const globalFlags = new Set(['--json', '--quiet', '-q', '--no-color']);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentaudit",
3
- "version": "3.9.22",
3
+ "version": "3.9.24",
4
4
  "description": "Security scanner for AI packages — MCP server + CLI",
5
5
  "type": "module",
6
6
  "bin": {