aidevops 2.52.1

package/.agent/scripts/secretlint-helper.sh

@@ -0,0 +1,847 @@
+#!/bin/bash
+# shellcheck disable=SC2034,SC2155,SC2317,SC2329,SC2016,SC2181,SC1091,SC2154,SC2015,SC2086,SC2129,SC2030,SC2031,SC2119,SC2120,SC2001,SC2162,SC2088,SC2089,SC2090,SC2029,SC2006,SC2153
+
+# Secretlint Integration Script
+# Pluggable linting tool to prevent committing credentials and secrets
+#
+# Usage: ./secretlint-helper.sh [command] [options]
+# Commands:
+#   install     - Install Secretlint and recommended rules
+#   init        - Initialize project configuration
+#   scan        - Scan for secrets (alias for lint)
+#   lint        - Lint files for secrets
+#   mask        - Mask secrets in a file
+#   status      - Check installation and configuration
+#   fix         - Mask secrets and fix files in place
+#   quick       - Quick scan without installation (npx)
+#   docker      - Run scan via Docker
+#   help        - Show this help message
+#
+# Author: AI DevOps Framework
+# Version: 1.0.0
+# License: MIT
+# Reference: https://github.com/secretlint/secretlint
+
+# Colors for output
+readonly GREEN='\033[0;32m'
+readonly BLUE='\033[0;34m'
+readonly YELLOW='\033[1;33m'
+readonly RED='\033[0;31m'
+readonly PURPLE='\033[0;35m'
+readonly CYAN='\033[0;36m'
+readonly NC='\033[0m' # No Color
+
+# Common constants
+readonly ERROR_UNKNOWN_COMMAND="Unknown command:"
+readonly SECRETLINT_CONFIG_FILE=".secretlintrc.json"
+readonly SECRETLINT_IGNORE_FILE=".secretlintignore"
+readonly DEFAULT_GLOB_PATTERN="**/*"
+
+# Print functions
+print_success() {
+    local message="$1"
+    echo -e "${GREEN}✅ $message${NC}"
+    return 0
+}
+
+print_info() {
+    local message="$1"
+    echo -e "${BLUE}ℹ️  $message${NC}"
+    return 0
+}
+
+print_warning() {
+    local message="$1"
+    echo -e "${YELLOW}⚠️  $message${NC}"
+    return 0
+}
+
+print_error() {
+    local message="$1"
+    echo -e "${RED}❌ $message${NC}" >&2
+    return 0
+}
+
+print_header() {
+    local message="$1"
+    echo -e "${PURPLE}🔐 $message${NC}"
+    return 0
+}
+
+print_secret() {
+    local message="$1"
+    echo -e "${CYAN}🛡️  $message${NC}"
+    return 0
+}
+
+# Check if Secretlint is installed
+check_secretlint_installed() {
+    if command -v secretlint &> /dev/null; then
+        local version
+        version=$(secretlint --version 2>/dev/null || echo "unknown")
+        print_success "Secretlint installed: v$version"
+        return 0
+    elif [[ -f "node_modules/.bin/secretlint" ]]; then
+        local version
+        version=$(./node_modules/.bin/secretlint --version 2>/dev/null || echo "unknown")
+        print_success "Secretlint installed (local): v$version"
+        return 0
+    else
+        print_warning "Secretlint not found"
+        return 1
+    fi
+}
+
+# Check if Docker is available
+check_docker_available() {
+    if command -v docker &> /dev/null; then
+        print_success "Docker available"
+        return 0
+    else
+        print_warning "Docker not found"
+        return 1
+    fi
+}
+
+# Get secretlint command (global or local)
+get_secretlint_cmd() {
+    if command -v secretlint &> /dev/null; then
+        echo "secretlint"
+    elif [[ -f "node_modules/.bin/secretlint" ]]; then
+        echo "./node_modules/.bin/secretlint"
+    else
+        echo "npx secretlint"
+    fi
+    return 0
+}
+
+# Install Secretlint and recommended rules
+install_secretlint() {
+    local install_type="${1:-local}"
+    
+    print_header "Installing Secretlint"
+    
+    # Check for Node.js
+    if ! command -v node &> /dev/null; then
+        print_error "Node.js is required. Please install Node.js 20+ first."
+        print_info "Alternatively, use Docker: $0 docker scan"
+        return 1
+    fi
+    
+    local node_version
+    node_version=$(node -v | sed 's/v//' | cut -d. -f1)
+    if [[ $node_version -lt 18 ]]; then
+        print_warning "Node.js 20+ recommended. Current version: $(node -v)"
+    fi
+    
+    case "$install_type" in
+        "global")
+            print_info "Installing Secretlint globally..."
+            npm install -g secretlint @secretlint/secretlint-rule-preset-recommend
+            ;;
+        "local"|*)
+            print_info "Installing Secretlint locally..."
+            npm install --save-dev secretlint @secretlint/secretlint-rule-preset-recommend
+            ;;
+    esac
+    
+    if [[ $? -eq 0 ]]; then
+        print_success "Secretlint installed successfully"
+        
+        # Initialize if config doesn't exist
+        if [[ ! -f "$SECRETLINT_CONFIG_FILE" ]]; then
+            print_info "Initializing configuration..."
+            init_secretlint_config
+        fi
+        
+        return 0
+    else
+        print_error "Installation failed"
+        return 1
+    fi
+}
+
+# Install additional rules
+install_additional_rules() {
+    local rules="${1:-pattern}"
+    
+    print_header "Installing Additional Secretlint Rules"
+    
+    local npm_cmd="npm install --save-dev"
+    if command -v secretlint &> /dev/null; then
+        npm_cmd="npm install -g"
+    fi
+    
+    case "$rules" in
+        "pattern")
+            print_info "Installing custom pattern rule..."
+            $npm_cmd @secretlint/secretlint-rule-pattern
+            ;;
+        "sarif")
+            print_info "Installing SARIF formatter..."
+            $npm_cmd @secretlint/secretlint-formatter-sarif
+            ;;
+        "all")
+            print_info "Installing all recommended additional rules..."
+            $npm_cmd @secretlint/secretlint-rule-pattern \
+                     @secretlint/secretlint-rule-no-k8s-kind-secret \
+                     @secretlint/secretlint-rule-no-homedir \
+                     @secretlint/secretlint-rule-no-dotenv \
+                     @secretlint/secretlint-formatter-sarif
+            ;;
+        *)
+            print_info "Installing rule: $rules"
+            $npm_cmd "$rules"
+            ;;
+    esac
+    
+    if [[ $? -eq 0 ]]; then
+        print_success "Additional rules installed"
+        return 0
+    else
+        print_error "Failed to install rules"
+        return 1
+    fi
+}
+
+# Initialize Secretlint configuration
+init_secretlint_config() {
+    print_header "Initializing Secretlint Configuration"
+    
+    local cmd
+    cmd=$(get_secretlint_cmd)
+    
+    if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then
+        print_warning "Configuration already exists: $SECRETLINT_CONFIG_FILE"
+        print_info "Use 'secretlint --init' to overwrite"
+        return 0
+    fi
+    
+    # Try to use secretlint --init
+    if $cmd --init &>/dev/null; then
+        print_success "Configuration initialized: $SECRETLINT_CONFIG_FILE"
+    else
+        # Manually create comprehensive config
+        print_info "Creating comprehensive configuration..."
+        create_comprehensive_config
+    fi
+    
+    # Create ignore file if it doesn't exist
+    if [[ ! -f "$SECRETLINT_IGNORE_FILE" ]]; then
+        create_ignore_file
+    fi
+    
+    return 0
+}
+
+# Create comprehensive configuration
+create_comprehensive_config() {
+    cat > "$SECRETLINT_CONFIG_FILE" << 'EOF'
+{
+  "rules": [
+    {
+      "id": "@secretlint/secretlint-rule-preset-recommend",
+      "rules": [
+        {
+          "id": "@secretlint/secretlint-rule-aws",
+          "options": {
+            "allows": []
+          }
+        },
+        {
+          "id": "@secretlint/secretlint-rule-github",
+          "options": {
+            "allows": []
+          }
+        },
+        {
+          "id": "@secretlint/secretlint-rule-privatekey"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-basicauth"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-slack"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-sendgrid"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-openai"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-anthropic"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-gcp"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-npm"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-shopify"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-linear"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-1password"
+        },
+        {
+          "id": "@secretlint/secretlint-rule-database-connection-string"
+        }
+      ]
+    }
+  ]
+}
+EOF
+    print_success "Created comprehensive configuration: $SECRETLINT_CONFIG_FILE"
+    return 0
+}
+
+# Create ignore file
+create_ignore_file() {
+    cat > "$SECRETLINT_IGNORE_FILE" << 'EOF'
+# Secretlint Ignore File
+# Uses .gitignore syntax
+
+# Dependencies
+**/node_modules/**
+**/vendor/**
+**/.venv/**
+**/venv/**
+
+# Build outputs
+**/dist/**
+**/build/**
+**/.next/**
+**/out/**
+
+# IDE and editor
+**/.idea/**
+**/.vscode/**
+**/.vs/**
+*.swp
+*.swo
+
+# Git
+**/.git/**
+
+# Test fixtures (may contain fake secrets for testing)
+**/test/fixtures/**
+**/tests/fixtures/**
+**/__tests__/fixtures/**
+**/testdata/**
+
+# Generated files
+**/*.min.js
+**/*.min.css
+**/package-lock.json
+**/pnpm-lock.yaml
+**/yarn.lock
+**/composer.lock
+**/Gemfile.lock
+**/Cargo.lock
+**/poetry.lock
+
+# Documentation and examples (review manually if needed)
+**/docs/**
+**/examples/**
+
+# Binary files
+**/*.png
+**/*.jpg
+**/*.jpeg
+**/*.gif
+**/*.ico
+**/*.svg
+**/*.woff
+**/*.woff2
+**/*.ttf
+**/*.eot
+**/*.pdf
+**/*.zip
+**/*.tar
+**/*.gz
+**/*.rar
+
+# Logs
+**/*.log
+**/logs/**
+
+# Coverage reports
+**/coverage/**
+**/.nyc_output/**
+
+# Cache
+**/.cache/**
+**/.tmp/**
+**/tmp/**
+EOF
+    print_success "Created ignore file: $SECRETLINT_IGNORE_FILE"
+    return 0
+}
+
+# Run Secretlint scan
+run_secretlint_scan() {
+    local target="${1:-$DEFAULT_GLOB_PATTERN}"
+    local format="${2:-stylish}"
+    local output_file="$3"
+    local extra_args="$4"
+    
+    print_header "Running Secretlint Scan"
+    
+    # Validate target pattern for dangerous characters
+    if [[ "$target" == *";"* ]] || [[ "$target" == *"|"* ]] || [[ "$target" == *"&"* ]] || [[ "$target" == *"\`"* ]]; then
+        print_error "Invalid target pattern: contains forbidden characters"
+        return 1
+    fi
+    
+    local cmd
+    cmd=$(get_secretlint_cmd)
+    
+    # Check if configuration exists
+    if [[ ! -f "$SECRETLINT_CONFIG_FILE" ]]; then
+        print_warning "No configuration found. Initializing..."
+        init_secretlint_config
+    fi
+    
+    # Build command array for safe execution
+    local -a cmd_array
+    read -ra cmd_array <<< "$cmd"
+    cmd_array+=("$target" "--format" "$format")
+    
+    if [[ -n "$output_file" ]]; then
+        cmd_array+=("--output" "$output_file")
+    fi
+    
+    # Handle extra_args safely by splitting on spaces (limited use case)
+    if [[ -n "$extra_args" ]]; then
+        read -ra extra_array <<< "$extra_args"
+        cmd_array+=("${extra_array[@]}")
+    fi
+    
+    print_info "Scanning: $target"
+    print_info "Format: $format"
+    print_info "Command: ${cmd_array[*]}"
+    echo ""
+    
+    # Execute scan using array (safe from injection)
+    "${cmd_array[@]}"
+    local exit_code=$?
+    
+    echo ""
+    if [[ $exit_code -eq 0 ]]; then
+        print_success "No secrets detected! Your code is clean."
+    elif [[ $exit_code -eq 1 ]]; then
+        print_error "Secrets detected! Please review and remove/rotate exposed credentials."
+        print_info "Tip: Use 'secretlint-disable-line' comments to ignore false positives"
+    else
+        print_error "Scan failed with error code: $exit_code"
+    fi
+    
+    return $exit_code
+}
+
+# Run quick scan via npx (no installation)
+run_quick_scan() {
+    local target="${1:-$DEFAULT_GLOB_PATTERN}"
+    
+    # Validate target pattern for dangerous characters
+    if [[ "$target" == *";"* ]] || [[ "$target" == *"|"* ]] || [[ "$target" == *"&"* ]] || [[ "$target" == *"\`"* ]]; then
+        print_error "Invalid target pattern: contains forbidden characters"
+        return 1
+    fi
+    
+    print_header "Quick Secretlint Scan (via npx)"
+    print_info "This requires no installation"
+    
+    npx @secretlint/quick-start "$target"
+}
+
+# Run scan via Docker
+run_docker_scan() {
+    local target="${1:-$DEFAULT_GLOB_PATTERN}"
+    local extra_args="$2"
+    
+    print_header "Running Secretlint via Docker"
+    
+    # Validate target pattern for dangerous characters
+    if [[ "$target" == *";"* ]] || [[ "$target" == *"|"* ]] || [[ "$target" == *"&"* ]] || [[ "$target" == *"\`"* ]]; then
+        print_error "Invalid target pattern: contains forbidden characters"
+        return 1
+    fi
+    
+    if ! check_docker_available; then
+        print_error "Docker is required for this command"
+        return 1
+    fi
+    
+    local current_dir
+    current_dir=$(pwd)
+    
+    # Build command array for safe execution
+    local -a cmd_array=(
+        "docker" "run"
+        "-v" "${current_dir}:${current_dir}"
+        "-w" "$current_dir"
+        "--rm" "-it"
+        "secretlint/secretlint"
+        "secretlint" "$target"
+    )
+    
+    # Handle extra_args safely
+    if [[ -n "$extra_args" ]]; then
+        read -ra extra_array <<< "$extra_args"
+        cmd_array+=("${extra_array[@]}")
+    fi
+    
+    print_info "Command: ${cmd_array[*]}"
+    echo ""
+    
+    # Execute using array (safe from injection)
+    "${cmd_array[@]}"
+}
+
+# Mask secrets in a file
+mask_secrets() {
+    local input_file="$1"
+    local output_file="${2:-$input_file}"
+    
+    print_header "Masking Secrets"
+    
+    if [[ -z "$input_file" ]]; then
+        print_error "Input file required"
+        print_info "Usage: $0 mask <input-file> [output-file]"
+        return 1
+    fi
+    
+    if [[ ! -f "$input_file" ]]; then
+        print_error "File not found: $input_file"
+        return 1
+    fi
+    
+    local cmd
+    cmd=$(get_secretlint_cmd)
+    
+    print_info "Input: $input_file"
+    print_info "Output: $output_file"
+    
+    $cmd "$input_file" --format=mask-result --output="$output_file"
+    
+    if [[ $? -eq 0 ]]; then
+        print_success "Secrets masked successfully"
+        return 0
+    else
+        print_error "Failed to mask secrets"
+        return 1
+    fi
+}
+
+# Show status
+show_status() {
+    print_header "Secretlint Status"
+    echo ""
+    
+    # Check installation
+    print_info "Installation:"
+    check_secretlint_installed
+    check_docker_available
+    echo ""
+    
+    # Check Node.js
+    print_info "Node.js:"
+    if command -v node &> /dev/null; then
+        print_success "Node.js: $(node -v)"
+    else
+        print_warning "Node.js: Not installed"
+    fi
+    echo ""
+    
+    # Check configuration
+    print_info "Configuration:"
+    if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then
+        print_success "Config file: $SECRETLINT_CONFIG_FILE"
+        
+        # Count rules
+        if command -v jq &> /dev/null; then
+            local rules_count
+            rules_count=$(jq -r '.rules | length' "$SECRETLINT_CONFIG_FILE" 2>/dev/null || echo "unknown")
+            print_info "Configured rule presets: $rules_count"
+        fi
+    else
+        print_warning "Config file: Not found"
+        print_info "Run: $0 init"
+    fi
+    
+    if [[ -f "$SECRETLINT_IGNORE_FILE" ]]; then
+        print_success "Ignore file: $SECRETLINT_IGNORE_FILE"
+        local ignore_count
+        ignore_count=$(grep -cv '^#\|^$' "$SECRETLINT_IGNORE_FILE" 2>/dev/null || echo "0")
+        print_info "Ignore patterns: $ignore_count"
+    else
+        print_warning "Ignore file: Not found"
+    fi
+    echo ""
+    
+    # Show available rules in preset
+    print_info "Recommended Rules (preset-recommend):"
+    echo "  - AWS credentials (Access Key, Secret Key, Account ID)"
+    echo "  - GCP credentials"
+    echo "  - GitHub tokens (PAT, OAuth, App)"
+    echo "  - npm tokens"
+    echo "  - Private keys (RSA, DSA, EC, OpenSSH)"
+    echo "  - Basic auth in URLs"
+    echo "  - Slack tokens and webhooks"
+    echo "  - SendGrid API keys"
+    echo "  - Shopify API keys"
+    echo "  - OpenAI API keys"
+    echo "  - Anthropic/Claude API keys"
+    echo "  - Linear API keys"
+    echo "  - 1Password service account tokens"
+    echo "  - Database connection strings"
+    echo ""
+    
+    return 0
+}
+
+# Generate SARIF output
+generate_sarif() {
+    local target="${1:-$DEFAULT_GLOB_PATTERN}"
+    local output_file="${2:-secretlint-results.sarif}"
+    
+    print_header "Generating SARIF Output"
+    
+    # Check if SARIF formatter is installed
+    if ! npm list @secretlint/secretlint-formatter-sarif &>/dev/null; then
+        print_info "Installing SARIF formatter..."
+        npm install --save-dev @secretlint/secretlint-formatter-sarif
+    fi
+    
+    local cmd
+    cmd=$(get_secretlint_cmd)
+    
+    $cmd "$target" --format @secretlint/secretlint-formatter-sarif > "$output_file"
+    
+    if [[ $? -eq 0 ]]; then
+        print_success "SARIF output saved: $output_file"
+        return 0
+    else
+        print_error "Failed to generate SARIF output"
+        return 1
+    fi
+}
+
+# Pre-commit hook setup
+setup_precommit_hook() {
+    print_header "Setting Up Pre-commit Hook"
+    
+    local hook_file=".git/hooks/pre-commit"
+    local hook_dir=".git/hooks"
+    
+    if [[ ! -d ".git" ]]; then
+        print_error "Not a git repository"
+        return 1
+    fi
+    
+    mkdir -p "$hook_dir"
+    
+    # Check if hook already exists
+    if [[ -f "$hook_file" ]]; then
+        if grep -q "secretlint" "$hook_file"; then
+            print_warning "Secretlint hook already configured"
+            return 0
+        else
+            print_warning "Pre-commit hook exists. Adding Secretlint..."
+            # Append to existing hook
+            cat >> "$hook_file" << 'EOF'
+
+# Secretlint - Secret Detection
+FILES=$(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g')
+[ -z "$FILES" ] && exit 0
+
+echo "Running Secretlint..."
+echo "$FILES" | xargs npx secretlint
+RET=$?
+if [ $RET -ne 0 ]; then
+    echo "Secretlint found potential secrets. Please review before committing."
+    exit 1
+fi
+EOF
+        fi
+    else
+        # Create new hook
+        cat > "$hook_file" << 'EOF'
+#!/bin/sh
+# Pre-commit hook with Secretlint integration
+
+# Secretlint - Secret Detection
+FILES=$(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g')
+[ -z "$FILES" ] && exit 0
+
+echo "Running Secretlint..."
+echo "$FILES" | xargs npx secretlint
+RET=$?
+if [ $RET -ne 0 ]; then
+    echo "Secretlint found potential secrets. Please review before committing."
+    exit 1
+fi
+
+exit 0
+EOF
+    fi
+    
+    chmod +x "$hook_file"
+    print_success "Pre-commit hook configured: $hook_file"
+    
+    return 0
+}
+
+# Setup with Husky + lint-staged
+setup_husky_integration() {
+    print_header "Setting Up Husky + lint-staged Integration"
+    
+    if [[ ! -f "package.json" ]]; then
+        print_error "package.json not found. Initialize npm project first."
+        return 1
+    fi
+    
+    print_info "Installing Husky and lint-staged..."
+    npx husky-init 2>/dev/null || npm install husky --save-dev
+    npm install lint-staged --save-dev
+    
+    # Initialize Husky
+    npx husky install
+    
+    # Add pre-commit hook
+    npx husky add .husky/pre-commit "npx --no-install lint-staged"
+    
+    # Update package.json with lint-staged config
+    print_info "Adding lint-staged configuration to package.json..."
+    
+    if command -v jq &> /dev/null; then
+        local tmp_file
+        tmp_file=$(mktemp)
+        jq '. + {"lint-staged": {"*": ["secretlint"]}}' package.json > "$tmp_file" && mv "$tmp_file" package.json
+        print_success "Added lint-staged configuration"
+    else
+        print_warning "jq not available. Please add manually to package.json:"
+        echo '  "lint-staged": {'
+        echo '    "*": ["secretlint"]'
+        echo '  }'
+    fi
+    
+    print_success "Husky + lint-staged configured"
+    
+    return 0
+}
+
+# Show help
+show_help() {
+    print_header "Secretlint Helper - Secret Detection Tool"
+    echo ""
+    echo "Usage: $0 <command> [options]"
+    echo ""
+    echo "Commands:"
+    echo "  install [local|global]   - Install Secretlint and recommended rules"
+    echo "  install-rules [rule]     - Install additional rules (pattern|sarif|all|<pkg>)"
+    echo "  init                     - Initialize project configuration"
+    echo "  scan [target] [format]   - Scan files for secrets"
+    echo "  lint [target] [format]   - Alias for scan"
+    echo "  quick [target]           - Quick scan via npx (no install)"
+    echo "  docker [target]          - Scan via Docker"
+    echo "  mask <file> [output]     - Mask secrets in a file"
+    echo "  sarif [target] [output]  - Generate SARIF output"
+    echo "  hook                     - Setup git pre-commit hook"
+    echo "  husky                    - Setup Husky + lint-staged"
+    echo "  status                   - Show installation and configuration status"
+    echo "  help                     - Show this help message"
+    echo ""
+    echo "Formats: stylish (default), json, compact, table, sarif, mask-result"
+    echo ""
+    echo "Examples:"
+    echo "  $0 install               # Install locally"
+    echo "  $0 init                  # Initialize configuration"
+    echo "  $0 scan                  # Scan all files"
+    echo "  $0 scan \"src/**/*\"       # Scan specific directory"
+    echo "  $0 scan . json           # Output as JSON"
+    echo "  $0 quick                 # Quick scan (no install)"
+    echo "  $0 docker                # Scan via Docker"
+    echo "  $0 mask .env.example     # Mask secrets in file"
+    echo "  $0 sarif                 # Generate SARIF for CI/CD"
+    echo "  $0 hook                  # Setup pre-commit hook"
+    echo ""
+    echo "Environment Variables:"
+    echo "  None required - Secretlint works offline"
+    echo ""
+    echo "Detected Secret Types:"
+    echo "  - AWS credentials (Access Key, Secret Key)"
+    echo "  - GCP service account keys"
+    echo "  - GitHub tokens (PAT, OAuth, App, Actions)"
+    echo "  - OpenAI/Anthropic API keys"
+    echo "  - Private keys (RSA, DSA, EC, OpenSSH)"
+    echo "  - Database connection strings"
+    echo "  - Slack tokens and webhooks"
+    echo "  - npm tokens"
+    echo "  - And many more..."
+    echo ""
+    echo "Reference: https://github.com/secretlint/secretlint"
+    return 0
+}
+
+# Main function
+main() {
+    local command="${1:-help}"
+    local arg2="${2:-}"
+    local arg3="${3:-}"
+    local arg4="${4:-}"
+    
+    case "$command" in
+        "install")
+            install_secretlint "$arg2"
+            ;;
+        "install-rules")
+            install_additional_rules "$arg2"
+            ;;
+        "init")
+            init_secretlint_config
+            ;;
+        "scan"|"lint")
+            run_secretlint_scan "$arg2" "$arg3" "$arg4"
+            ;;
+        "quick")
+            run_quick_scan "$arg2"
+            ;;
+        "docker")
+            run_docker_scan "$arg2" "$arg3"
+            ;;
+        "mask"|"fix")
+            mask_secrets "$arg2" "$arg3"
+            ;;
+        "sarif")
+            generate_sarif "$arg2" "$arg3"
+            ;;
+        "hook")
+            setup_precommit_hook
+            ;;
+        "husky")
+            setup_husky_integration
+            ;;
+        "status")
+            show_status
+            ;;
+        "help"|"--help"|"-h")
+            show_help
+            ;;
+        *)
+            print_error "$ERROR_UNKNOWN_COMMAND $command"
+            echo ""
+            show_help
+            return 1
+            ;;
+    esac
+    return $?
+}
+
+# Execute main function with all arguments
+main "$@"