auditreach-cli 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +127 -2
  2. package/package.json +13 -4
package/README.md CHANGED
@@ -5,6 +5,7 @@
5
5
  Research Reddit and YouTube from your AI agent using only official APIs, your own keys, and a log that proves exactly what you queried and why it was allowed.
6
6
 
7
7
  [![CI](https://github.com/RudrenduPaul/auditreach/actions/workflows/ci.yml/badge.svg)](https://github.com/RudrenduPaul/auditreach/actions/workflows/ci.yml)
8
+ [![npm version](https://img.shields.io/npm/v/auditreach-cli)](https://www.npmjs.com/package/auditreach-cli)
8
9
  [![License: Apache 2.0](https://img.shields.io/github/license/RudrenduPaul/auditreach)](LICENSE)
9
10
  [![Node](https://img.shields.io/badge/node-%3E%3D20-brightgreen)](package.json)
10
11
 
@@ -18,7 +19,18 @@ Research Reddit and YouTube from your AI agent using only official APIs, your ow
18
19
 
19
20
  ## Install
20
21
 
21
- There's no published npm package yet -- clone and build directly, verified working end to end:
22
+ ```sh
23
+ npx auditreach-cli search --platform reddit --query "your query"
24
+ ```
25
+
26
+ Or install it globally:
27
+
28
+ ```sh
29
+ npm install -g auditreach-cli
30
+ auditreach search --platform reddit --query "your query"
31
+ ```
32
+
33
+ Building from source works the same way, if you want to read or modify the code first:
22
34
 
23
35
  ```sh
24
36
  git clone https://github.com/RudrenduPaul/auditreach.git
@@ -34,6 +46,8 @@ node dist/cli.js search --platform reddit --query "your query"
34
46
  - [How it compares](#how-it-compares)
35
47
  - [What it does](#what-it-does)
36
48
  - [Getting started](#getting-started)
49
+ - [Commands](#commands)
50
+ - [Library API reference](#library-api-reference)
37
51
  - [Platform coverage](#platform-coverage)
38
52
  - [Result limits](#result-limits)
39
53
  - [What is a "consent basis," honestly](#what-is-a-consent-basis-honestly)
@@ -107,7 +121,7 @@ See `docs/security-review-2026-07-12.md` for how the tamper-detection path was v
107
121
 
108
122
  ## Getting started
109
123
 
110
- **1. Install:** see [Install](#install) above -- clone and build, `npm install -g` isn't available yet.
124
+ **1. Install:** see [Install](#install) above -- `npx auditreach-cli`, `npm install -g auditreach-cli`, or clone and build from source.
111
125
 
112
126
  **2. Set up credentials for the platform you want to search (BYO-key -- your own, never ours):**
113
127
 
@@ -130,6 +144,117 @@ All credentials are stored in your OS keychain (`@napi-rs/keyring`), never in a
130
144
 
131
145
  Honest note on setup time: getting your own API credentials from Reddit and Google takes a few minutes the first time -- this is slower than Agent-Reach's cookie-import flow (which just reuses a browser session you already have) by design. BYOK means the setup cost is real, not hidden.
132
146
 
147
+ ## Commands
148
+
149
+ `auditreach` has three subcommands. Every flag below is pulled directly from the CLI's own `--help` output, not from memory of what it used to support.
150
+
151
+ ### `auditreach search`
152
+
153
+ Search a platform using its official API only.
154
+
155
+ | Flag | Description |
156
+ | ------------------------- | ------------------------------------------------------------------------------- |
157
+ | `--platform <platform>` | `reddit` \| `youtube` (required) |
158
+ | `--query <query>` | search query (required) |
159
+ | `--subreddit <subreddit>` | restrict search to one subreddit (Reddit only) |
160
+ | `--channel <handle>` | restrict search to one channel, e.g. `@AnthropicAI` (YouTube only) |
161
+ | `--since <date>` | only results published after this date, e.g. `2026-06-01` (YouTube only) |
162
+ | `--max-results <n>` | maximum results to return (default: 25; platform caps: 100 Reddit / 50 YouTube) |
163
+ | `--before <fullname>` | page results before this Reddit fullname cursor, e.g. `t3_abc123` (Reddit only) |
164
+ | `--after <fullname>` | page results after this Reddit fullname cursor, e.g. `t3_abc123` (Reddit only) |
165
+ | `--output <path>` | write full results JSON to this path |
166
+
167
+ node dist/cli.js search --platform reddit --query "agent memory poisoning" --subreddit MachineLearning --max-results 50
168
+
169
+ ### `auditreach auth`
170
+
171
+ Set up, verify, or clear BYOK credentials for a platform (stored in your OS keychain).
172
+
173
+ | Flag | Description |
174
+ | ----------------------- | -------------------------------------------------------------------------------------------------- |
175
+ | `--platform <platform>` | `reddit` \| `youtube` (required) |
176
+ | `--clear` | delete stored credentials for this platform |
177
+ | `--verify` | verify stored credentials are valid without running a search (no results file, no audit-log entry) |
178
+
179
+ node dist/cli.js auth --platform reddit --verify
180
+
181
+ ### `auditreach verify-log`
182
+
183
+ Verify the local hash-chained audit log has not been tampered with.
184
+
185
+ | Flag | Description |
186
+ | --------------- | ---------------------------------------------------------------------------- |
187
+ | `--path <path>` | path to the audit log file (defaults to `./auditreach.log.jsonl` if omitted) |
188
+
189
+ node dist/cli.js verify-log --path ./auditreach.log.jsonl
190
+
191
+ Run `auditreach <command> --help` any time to see the exact flags your installed version supports.
192
+
193
+ ## Library API reference
194
+
195
+ `auditreach-cli` is also importable as a library, not just a CLI. Every export below comes straight from `dist/index.d.ts` in the published package.
196
+
197
+ ```ts
198
+ import {
199
+ RedditClient,
200
+ YoutubeClient,
201
+ getCredential,
202
+ setCredential,
203
+ deleteCredential,
204
+ getRedditCredentials,
205
+ getYoutubeCredentials,
206
+ appendAuditLogEntry,
207
+ getLastEntryHash,
208
+ computeEntryHash,
209
+ verifyAuditLogChain,
210
+ credentialFingerprint,
211
+ canonicalJson,
212
+ sha256Hex,
213
+ DEFAULT_AUDIT_LOG_PATH,
214
+ } from "auditreach-cli";
215
+ ```
216
+
217
+ **Clients**
218
+
219
+ - `new RedditClient(credentials: RedditCredentials)` -- talks to Reddit's official OAuth API only, using the password grant ("script app" flow). `.search(options: RedditSearchOptions): Promise<SearchOutcome>`, `.verifyCredentials(): Promise<void>`.
220
+ - `new YoutubeClient(credentials: YoutubeCredentials)` -- wraps the official YouTube Data API v3. `.search(options: YoutubeSearchOptions): Promise<SearchOutcome>`, `.verifyCredentials(): Promise<void>` (a 1-quota-unit call, no query needed).
221
+
222
+ ```ts
223
+ const credentials = getRedditCredentials();
224
+ if (!credentials) throw new Error("run `auditreach auth --platform reddit` first");
225
+
226
+ const client = new RedditClient(credentials);
227
+ const outcome = await client.search({
228
+ query: "agent memory poisoning",
229
+ subreddit: "MachineLearning",
230
+ });
231
+ ```
232
+
233
+ **Credentials** (`setCredential` / `getCredential` / `deleteCredential` / `getRedditCredentials` / `getYoutubeCredentials`) -- all credential I/O goes through this module. It's the one place allowed to touch a raw secret; values come back only to hand directly to a client's constructor, never to log or print.
234
+
235
+ **Audit log**
236
+
237
+ - `appendAuditLogEntry(entryWithoutHash: UnhashedAuditLogEntry, logPath?: string): Promise<AuditLogEntry>` -- the only write path into the log; entries are never edited or deleted in place.
238
+ - `getLastEntryHash(logPath?: string): Promise<string | null>`
239
+ - `computeEntryHash(entry: UnhashedAuditLogEntry): string`
240
+ - `verifyAuditLogChain(logPath?: string): Promise<ChainVerificationResult>` -- re-derives every entry's hash and checks the chain end to end.
241
+ - `DEFAULT_AUDIT_LOG_PATH` -- `"./auditreach.log.jsonl"`
242
+
243
+ ```ts
244
+ const result = await verifyAuditLogChain();
245
+ if (!result.valid) {
246
+ console.error(`Chain broken at entry ${result.brokenAtIndex}: ${result.reason}`);
247
+ }
248
+ ```
249
+
250
+ **Crypto utilities**
251
+
252
+ - `canonicalJson(value: unknown): string` -- recursively sorts object keys so the same logical entry always serializes to the same bytes, which the hash chain depends on to verify deterministically.
253
+ - `sha256Hex(input: string): string`
254
+ - `credentialFingerprint(secret: string): string` -- keeps only the last 6 hex characters of the hash, enough to distinguish rotated keys in a local audit log, never enough to be a partial credential leak.
255
+
256
+ No generated API docs site exists yet (no TypeDoc build wired into CI) -- the exports above are the complete public surface. Check `dist/index.d.ts` in the published package for exact types.
257
+
133
258
  ## Platform coverage
134
259
 
135
260
  | Platform | API used | Status | Known constraint |
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "auditreach-cli",
3
- "version": "0.1.0",
4
- "description": "Official-API-only, BYOK research CLI with a hash-chained compliance audit log -- for AI agents that can't legally use cookie-based scraping",
3
+ "version": "0.1.1",
4
+ "description": "Official-API-only, BYOK CLI for researching Reddit and YouTube with your own API keys and a tamper-evident, hash-chained audit log -- built for AI agents and compliance teams that can't rely on cookie-based scraping or shared credential pools.",
5
5
  "type": "module",
6
6
  "bin": {
7
7
  "auditreach": "./dist/cli.js"
@@ -32,8 +32,13 @@
32
32
  "audit-log",
33
33
  "reddit-api",
34
34
  "youtube-api",
35
- "ai-agent",
36
- "research"
35
+ "ai-agents",
36
+ "research",
37
+ "oauth2",
38
+ "typescript",
39
+ "developer-tools",
40
+ "security",
41
+ "api-client"
37
42
  ],
38
43
  "author": "Rudrendu Paul",
39
44
  "license": "Apache-2.0",
@@ -41,6 +46,10 @@
41
46
  "type": "git",
42
47
  "url": "git+https://github.com/RudrenduPaul/auditreach.git"
43
48
  },
49
+ "homepage": "https://github.com/RudrenduPaul/auditreach#readme",
50
+ "bugs": {
51
+ "url": "https://github.com/RudrenduPaul/auditreach/issues"
52
+ },
44
53
  "dependencies": {
45
54
  "@napi-rs/keyring": "^1.3.0",
46
55
  "commander": "^12.1.0",