berget 1.3.1 → 1.4.0

package/dist/tests/commands/chat.test.js

@@ -0,0 +1,107 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const commander_1 = require("commander");
+const chat_1 = require("../../src/commands/chat");
+const chat_service_1 = require("../../src/services/chat-service");
+const default_api_key_1 = require("../../src/utils/default-api-key");
+// Mock dependencies
+vitest_1.vi.mock('../../src/services/chat-service');
+vitest_1.vi.mock('../../src/utils/default-api-key');
+vitest_1.vi.mock('readline', () => ({
+    createInterface: vitest_1.vi.fn(() => ({
+        question: vitest_1.vi.fn(),
+        close: vitest_1.vi.fn()
+    }))
+}));
+(0, vitest_1.describe)('Chat Commands', () => {
+    let program;
+    let mockChatService;
+    let mockDefaultApiKeyManager;
+    (0, vitest_1.beforeEach)(() => {
+        program = new commander_1.Command();
+        // Mock ChatService
+        mockChatService = {
+            createCompletion: vitest_1.vi.fn(),
+            listModels: vitest_1.vi.fn()
+        };
+        vitest_1.vi.mocked(chat_service_1.ChatService.getInstance).mockReturnValue(mockChatService);
+        // Mock DefaultApiKeyManager
+        mockDefaultApiKeyManager = {
+            getDefaultApiKeyData: vitest_1.vi.fn(),
+            promptForDefaultApiKey: vitest_1.vi.fn()
+        };
+        vitest_1.vi.mocked(default_api_key_1.DefaultApiKeyManager.getInstance).mockReturnValue(mockDefaultApiKeyManager);
+        (0, chat_1.registerChatCommands)(program);
+    });
+    (0, vitest_1.afterEach)(() => {
+        vitest_1.vi.clearAllMocks();
+    });
+    (0, vitest_1.describe)('chat run command', () => {
+        (0, vitest_1.it)('should use openai/gpt-oss as default model', () => {
+            const chatCommand = program.commands.find(cmd => cmd.name() === 'chat');
+            const runCommand = chatCommand === null || chatCommand === void 0 ? void 0 : chatCommand.commands.find(cmd => cmd.name() === 'run');
+            (0, vitest_1.expect)(runCommand).toBeDefined();
+            // Check the help text which contains the default model
+            const helpText = runCommand === null || runCommand === void 0 ? void 0 : runCommand.helpInformation();
+            (0, vitest_1.expect)(helpText).toContain('openai/gpt-oss');
+        });
+        (0, vitest_1.it)('should have streaming enabled by default', () => {
+            const chatCommand = program.commands.find(cmd => cmd.name() === 'chat');
+            const runCommand = chatCommand === null || chatCommand === void 0 ? void 0 : chatCommand.commands.find(cmd => cmd.name() === 'run');
+            (0, vitest_1.expect)(runCommand).toBeDefined();
+            // Check that the option is --no-stream (meaning streaming is default)
+            const streamOption = runCommand === null || runCommand === void 0 ? void 0 : runCommand.options.find(opt => opt.long === '--no-stream');
+            (0, vitest_1.expect)(streamOption).toBeDefined();
+            (0, vitest_1.expect)(streamOption === null || streamOption === void 0 ? void 0 : streamOption.description).toContain('Disable streaming');
+        });
+        (0, vitest_1.it)('should create completion with correct default options', () => __awaiter(void 0, void 0, void 0, function* () {
+            // Mock API key
+            process.env.BERGET_API_KEY = 'test-key';
+            // Mock successful completion
+            mockChatService.createCompletion.mockResolvedValue({
+                choices: [{
+                        message: { content: 'Test response' }
+                    }]
+            });
+            // This would normally test the actual command execution
+            // but since it involves readline interaction, we just verify
+            // that the service would be called with correct defaults
+            (0, vitest_1.expect)(mockChatService.createCompletion).not.toHaveBeenCalled();
+            // Clean up
+            delete process.env.BERGET_API_KEY;
+        }));
+    });
+    (0, vitest_1.describe)('chat list command', () => {
+        (0, vitest_1.it)('should list available models', () => __awaiter(void 0, void 0, void 0, function* () {
+            const mockModels = {
+                data: [
+                    {
+                        id: 'gpt-oss',
+                        owned_by: 'openai',
+                        active: true,
+                        capabilities: {
+                            vision: false,
+                            function_calling: true,
+                            json_mode: true
+                        }
+                    }
+                ]
+            };
+            mockChatService.listModels.mockResolvedValue(mockModels);
+            const chatCommand = program.commands.find(cmd => cmd.name() === 'chat');
+            const listCommand = chatCommand === null || chatCommand === void 0 ? void 0 : chatCommand.commands.find(cmd => cmd.name() === 'list');
+            (0, vitest_1.expect)(listCommand).toBeDefined();
+            (0, vitest_1.expect)(listCommand === null || listCommand === void 0 ? void 0 : listCommand.description()).toBe('List available chat models');
+        }));
+    });
+});

package/dist/vitest.config.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const config_1 = require("vitest/config");
+exports.default = (0, config_1.defineConfig)({
+    test: {
+        globals: true,
+        environment: 'node',
+    },
+});

package/examples/README.md

@@ -0,0 +1,95 @@
+# Berget CLI Examples
+
+This folder contains practical examples of how you can use Berget CLI for various automation tasks.
+
+## Scripts
+
+### smart-commit.sh
+Automatic generation of conventional commit messages based on git diff.
+
+```bash
+# Make the script executable
+chmod +x examples/smart-commit.sh
+
+# Use it
+git add .
+./examples/smart-commit.sh
+```
+
+### ai-review.sh
+AI-driven code review that analyzes files for quality, bugs, and security aspects.
+
+```bash
+# Make the script executable
+chmod +x examples/ai-review.sh
+
+# Review a file
+./examples/ai-review.sh src/main.js
+```
+
+### security-check.sh
+Security review of git commits that blocks commits with critical security risks.
+
+```bash
+# Make the script executable
+chmod +x examples/security-check.sh
+
+# Run security check
+git add .
+./examples/security-check.sh
+```
+
+## Installation
+
+To use these scripts:
+
+1. Copy them to your `~/bin` folder or another location in your PATH
+2. Make them executable with `chmod +x`
+3. Make sure you have Berget CLI installed and configured
+
+```bash
+# Copy to ~/bin
+cp examples/*.sh ~/bin/
+
+# Make them executable
+chmod +x ~/bin/smart-commit.sh ~/bin/ai-review.sh ~/bin/security-check.sh
+```
+
+## Global Security Hook
+
+For maximum security, you can install a global git hook that automatically runs security checks before every push:
+
+```bash
+# Install the global security hook
+chmod +x examples/install-global-security-hook.sh
+./examples/install-global-security-hook.sh
+```
+
+This will:
+- Create a global pre-push hook that runs on all repositories
+- Automatically analyze commits for security vulnerabilities using OWASP Top 20
+- Block pushes with critical security issues
+- Warn about medium-risk issues and allow you to choose
+
+The hook will run automatically before every `git push`. To bypass it temporarily (not recommended):
+```bash
+git push --no-verify
+```
+
+## Git Aliases
+
+You can also add these as git aliases:
+
+```bash
+git config --global alias.ai-commit '!~/bin/smart-commit.sh'
+git config --global alias.ai-review '!~/bin/ai-review.sh'
+git config --global alias.security-check '!~/bin/security-check.sh'
+```
+
+Then you can use:
+
+```bash
+git ai-commit
+git ai-review src/main.js
+git security-check
+```

package/examples/ai-review.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# AI code review using Berget AI
+# Usage: ./ai-review.sh <filename>
+set -e
+
+if [[ $# -eq 0 ]]; then
+    echo "Usage: ai-review <file>"
+    exit 1
+fi
+
+FILE="$1"
+
+if [[ ! -f "$FILE" ]]; then
+    echo "Error: File '$FILE' does not exist"
+    exit 1
+fi
+
+echo "🔍 Reviewing $FILE with AI..."
+echo "================================"
+
+cat "$FILE" | npx berget chat run openai/gpt-oss "
+Review this code and provide feedback on:
+1. Code quality and readability
+2. Potential bugs or issues
+3. Performance improvements
+4. Best practices
+5. Security aspects
+
+Provide concrete suggestions for improvements:
+"

package/examples/install-global-security-hook.sh

@@ -0,0 +1,170 @@
+#!/bin/bash
+# Install global git security hook
+# This script sets up a global pre-push hook that runs security checks on all repositories
+
+set -e
+
+echo "🔧 Installing global git security hook..."
+
+# Create global git hooks directory
+GLOBAL_HOOKS_DIR="$HOME/.git-hooks"
+mkdir -p "$GLOBAL_HOOKS_DIR"
+
+# Create the pre-push hook
+cat > "$GLOBAL_HOOKS_DIR/pre-push" << 'EOF'
+#!/bin/bash
+# Global pre-push security hook using Berget AI
+# This hook runs automatically before every git push
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}🔒 Running security check before push...${NC}"
+
+# Check if we're in a git repository
+if ! git rev-parse --git-dir > /dev/null 2>&1; then
+    echo -e "${RED}Error: Not in a git repository${NC}"
+    exit 1
+fi
+
+# Check if there are any commits to push
+if [[ -z $(git log @{u}.. --oneline 2>/dev/null) ]]; then
+    echo -e "${GREEN}✅ No new commits to push${NC}"
+    exit 0
+fi
+
+# Get the diff of commits being pushed
+DIFF=$(git diff @{u}.. 2>/dev/null || git diff HEAD~1)
+
+if [[ -z "$DIFF" ]]; then
+    echo -e "${GREEN}✅ No changes to analyze${NC}"
+    exit 0
+fi
+
+echo -e "${BLUE}Analyzing security risks in commits being pushed...${NC}"
+
+# Check if Berget CLI is available
+if ! command -v npx > /dev/null 2>&1; then
+    echo -e "${YELLOW}⚠️  npx not found. Skipping security check.${NC}"
+    echo -e "${YELLOW}Install Node.js and npm to enable security checks.${NC}"
+    exit 0
+fi
+
+# Run security analysis
+SECURITY_REPORT=$(echo "$DIFF" | npx berget chat run openai/gpt-oss "
+Analyze this git diff for security vulnerabilities using OWASP Top 20 Code Review recommendations:
+
+**OWASP Top 20 Security Categories to Check:**
+
+1. **A01 - Broken Access Control**: Authorization bypasses, privilege escalation, insecure direct object references
+2. **A02 - Cryptographic Failures**: Weak encryption, hardcoded keys, insecure random number generation, plain text storage
+3. **A03 - Injection**: SQL injection, NoSQL injection, command injection, LDAP injection, XSS
+4. **A04 - Insecure Design**: Missing security controls, threat modeling gaps, insecure architecture patterns
+5. **A05 - Security Misconfiguration**: Default credentials, unnecessary features enabled, verbose error messages
+6. **A06 - Vulnerable Components**: Outdated dependencies, known vulnerable libraries, unpatched components
+7. **A07 - Authentication Failures**: Weak passwords, session management flaws, credential stuffing vulnerabilities
+8. **A08 - Software Integrity Failures**: Unsigned code, insecure CI/CD pipelines, auto-update without verification
+9. **A09 - Logging Failures**: Insufficient logging, sensitive data in logs, log injection
+10. **A10 - Server-Side Request Forgery**: SSRF vulnerabilities, unvalidated URLs, internal service access
+
+**Additional Critical Areas:**
+11. **Input Validation**: Insufficient sanitization, buffer overflows, format string vulnerabilities
+12. **Output Encoding**: XSS prevention, content type validation, encoding bypasses
+13. **File Operations**: Path traversal, file upload vulnerabilities, insecure file permissions
+14. **Network Security**: Insecure protocols, certificate validation, CSRF protection
+15. **Session Management**: Session fixation, insecure cookies, session timeout issues
+16. **Error Handling**: Information disclosure, stack traces in production, verbose error messages
+17. **Business Logic**: Race conditions, workflow bypasses, price manipulation
+18. **API Security**: Rate limiting, input validation, authentication on all endpoints
+19. **Mobile Security**: Insecure data storage, weak encryption, certificate pinning
+20. **Cloud Security**: Misconfigured permissions, exposed storage, insecure defaults
+
+**Assessment Criteria:**
+- 🟢 SAFE: No security risks identified according to OWASP guidelines
+- 🟡 WARNING: Minor security risks that should be addressed (OWASP Medium risk)
+- 🔴 CRITICAL: Serious security risks that MUST be addressed immediately (OWASP High/Critical risk)
+
+**Required Response Format:**
+**SECURITY ASSESSMENT: [🟢/🟡/🔴] [SAFE/WARNING/CRITICAL]**
+
+**OWASP CATEGORIES AFFECTED:**
+- [List specific OWASP categories if any vulnerabilities found]
+
+**IDENTIFIED RISKS:**
+- [List specific vulnerabilities with OWASP category references]
+
+**RECOMMENDATIONS:**
+- [Concrete remediation steps following OWASP secure coding practices]
+
+**COMPLIANCE NOTES:**
+- [Any additional security considerations or compliance requirements]
+
+Diff to analyze:
+\`\`\`diff
+$DIFF
+\`\`\`
+" 2>/dev/null)
+
+if [[ $? -ne 0 ]] || [[ -z "$SECURITY_REPORT" ]]; then
+    echo -e "${YELLOW}⚠️  Security analysis failed or unavailable. Proceeding with push.${NC}"
+    echo -e "${YELLOW}Make sure you have BERGET_API_KEY set or are logged in with 'npx berget auth login'${NC}"
+    exit 0
+fi
+
+echo "$SECURITY_REPORT"
+echo ""
+
+# Extract security level from report
+if echo "$SECURITY_REPORT" | grep -q "🔴.*CRITICAL"; then
+    echo -e "${RED}❌ CRITICAL security risks identified!${NC}"
+    echo -e "${RED}Push blocked. Address security issues before pushing.${NC}"
+    echo ""
+    echo -e "${YELLOW}To bypass this check (NOT RECOMMENDED):${NC}"
+    echo -e "${YELLOW}git push --no-verify${NC}"
+    exit 1
+elif echo "$SECURITY_REPORT" | grep -q "🟡.*WARNING"; then
+    echo -e "${YELLOW}⚠️  Security warnings identified.${NC}"
+    read -p "Do you want to continue with push despite warnings? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        echo -e "${YELLOW}Push cancelled. Address security issues first.${NC}"
+        echo ""
+        echo -e "${YELLOW}To bypass this check (NOT RECOMMENDED):${NC}"
+        echo -e "${YELLOW}git push --no-verify${NC}"
+        exit 1
+    fi
+elif echo "$SECURITY_REPORT" | grep -q "🟢.*SAFE"; then
+    echo -e "${GREEN}✅ No security risks identified. Safe to push!${NC}"
+else
+    echo -e "${YELLOW}⚠️  Could not determine security status. Proceeding with caution.${NC}"
+fi
+
+echo -e "${GREEN}Security check complete. Proceeding with push...${NC}"
+EOF
+
+# Make the hook executable
+chmod +x "$GLOBAL_HOOKS_DIR/pre-push"
+
+# Configure git to use the global hooks directory
+git config --global core.hooksPath "$GLOBAL_HOOKS_DIR"
+
+echo -e "${GREEN}✅ Global security hook installed successfully!${NC}"
+echo ""
+echo -e "${BLUE}The security hook will now run automatically before every 'git push' in all repositories.${NC}"
+echo ""
+echo -e "${YELLOW}Requirements:${NC}"
+echo -e "  • Node.js and npm installed"
+echo -e "  • Berget CLI configured (npx berget auth login or BERGET_API_KEY set)"
+echo ""
+echo -e "${YELLOW}To disable the hook temporarily:${NC}"
+echo -e "  git push --no-verify"
+echo ""
+echo -e "${YELLOW}To uninstall the global hook:${NC}"
+echo -e "  git config --global --unset core.hooksPath"
+echo -e "  rm -rf $GLOBAL_HOOKS_DIR"

package/examples/security-check.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+# Security check for git commits using Berget AI
+# Usage: ./security-check.sh
+set -e
+
+echo "🔒 Security review of commits..."
+echo "===================================="
+
+# Check if there are staged changes
+if [[ -z $(git diff --cached) ]]; then
+    echo "No staged changes found. Run 'git add' first."
+    exit 1
+fi
+
+# Get diff for security review
+DIFF=$(git diff --cached)
+
+echo "Analyzing security risks in staged changes..."
+
+SECURITY_REPORT=$(echo "$DIFF" | npx berget chat run openai/gpt-oss "
+Analyze this git diff for security vulnerabilities using OWASP Top 20 Code Review recommendations:
+
+**OWASP Top 20 Security Categories to Check:**
+
+1. **A01 - Broken Access Control**: Authorization bypasses, privilege escalation, insecure direct object references
+2. **A02 - Cryptographic Failures**: Weak encryption, hardcoded keys, insecure random number generation, plain text storage
+3. **A03 - Injection**: SQL injection, NoSQL injection, command injection, LDAP injection, XSS
+4. **A04 - Insecure Design**: Missing security controls, threat modeling gaps, insecure architecture patterns
+5. **A05 - Security Misconfiguration**: Default credentials, unnecessary features enabled, verbose error messages
+6. **A06 - Vulnerable Components**: Outdated dependencies, known vulnerable libraries, unpatched components
+7. **A07 - Authentication Failures**: Weak passwords, session management flaws, credential stuffing vulnerabilities
+8. **A08 - Software Integrity Failures**: Unsigned code, insecure CI/CD pipelines, auto-update without verification
+9. **A09 - Logging Failures**: Insufficient logging, sensitive data in logs, log injection
+10. **A10 - Server-Side Request Forgery**: SSRF vulnerabilities, unvalidated URLs, internal service access
+
+**Additional Critical Areas:**
+11. **Input Validation**: Insufficient sanitization, buffer overflows, format string vulnerabilities
+12. **Output Encoding**: XSS prevention, content type validation, encoding bypasses
+13. **File Operations**: Path traversal, file upload vulnerabilities, insecure file permissions
+14. **Network Security**: Insecure protocols, certificate validation, CSRF protection
+15. **Session Management**: Session fixation, insecure cookies, session timeout issues
+16. **Error Handling**: Information disclosure, stack traces in production, verbose error messages
+17. **Business Logic**: Race conditions, workflow bypasses, price manipulation
+18. **API Security**: Rate limiting, input validation, authentication on all endpoints
+19. **Mobile Security**: Insecure data storage, weak encryption, certificate pinning
+20. **Cloud Security**: Misconfigured permissions, exposed storage, insecure defaults
+
+**Assessment Criteria:**
+- 🟢 SAFE: No security risks identified according to OWASP guidelines
+- 🟡 WARNING: Minor security risks that should be addressed (OWASP Medium risk)
+- 🔴 CRITICAL: Serious security risks that MUST be addressed immediately (OWASP High/Critical risk)
+
+**Required Response Format:**
+**SECURITY ASSESSMENT: [🟢/🟡/🔴] [SAFE/WARNING/CRITICAL]**
+
+**OWASP CATEGORIES AFFECTED:**
+- [List specific OWASP categories if any vulnerabilities found]
+
+**IDENTIFIED RISKS:**
+- [List specific vulnerabilities with OWASP category references]
+
+**RECOMMENDATIONS:**
+- [Concrete remediation steps following OWASP secure coding practices]
+
+**COMPLIANCE NOTES:**
+- [Any additional security considerations or compliance requirements]
+
+Diff to analyze:
+\`\`\`diff
+$DIFF
+\`\`\`
+")
+
+echo "$SECURITY_REPORT"
+echo ""
+
+# Extract security level from report
+if echo "$SECURITY_REPORT" | grep -q "🔴.*CRITICAL"; then
+    echo "❌ CRITICAL security risks identified!"
+    echo "Commit blocked. Address security issues before continuing."
+    exit 1
+elif echo "$SECURITY_REPORT" | grep -q "🟡.*WARNING"; then
+    echo "⚠️  Security warnings identified."
+    read -p "Do you want to continue with commit despite warnings? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        echo "Commit cancelled. Address security issues first."
+        exit 1
+    fi
+elif echo "$SECURITY_REPORT" | grep -q "🟢.*SAFE"; then
+    echo "✅ No security risks identified. Safe to continue!"
+else
+    echo "⚠️  Could not determine security status. Review manually."
+    read -p "Do you want to continue with commit? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        echo "Commit cancelled."
+        exit 1
+    fi
+fi
+
+echo "Security review complete. You can now run 'git commit'."

package/examples/smart-commit.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# Smart commit generator using Berget AI
+# Usage: ./smart-commit.sh
+set -e
+
+# Check if there are staged changes
+if [[ -z $(git diff --cached) ]]; then
+    echo "No staged changes found. Run 'git add' first."
+    exit 1
+fi
+
+# Generate commit message
+COMMIT_MSG=$(git diff --cached | npx berget chat run openai/gpt-oss "Generate a conventional commit message for this staged diff. Reply with only the commit message, nothing else:")
+
+echo "Suggested commit message:"
+echo "  $COMMIT_MSG"
+echo
+
+read -p "Do you want to use this message? (y/N): " -n 1 -r
+echo
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    git commit -m "$COMMIT_MSG"
+    echo "✅ Commit created!"
+else
+    echo "❌ Commit cancelled"
+fi

package/package.json

@@ -1,17 +1,22 @@
 {
   "name": "berget",
-  "version": "1.3.1",
+  "version": "1.4.0",
   "main": "dist/index.js",
   "bin": {
     "berget": "dist/index.js"
   },
   "private": false,
+  "publishConfig": {
+    "access": "public"
+  },
   "scripts": {
     "start": "node --import tsx ./index.ts --local",
     "login": "node --import tsx ./index.ts --local auth login",
     "logout": "node --import tsx ./index.ts --local auth logout",
     "whoami": "node --import tsx ./index.ts --local auth whoami",
     "build": "tsc",
+    "test": "vitest",
+    "test:run": "vitest run",
     "prepublishOnly": "npm run build",
     "generate-types": "openapi-typescript https://api.berget.ai/openapi.json -o src/types/api.d.ts"
   },
@@ -23,7 +28,8 @@
     "@types/marked-terminal": "^6.1.1",
     "@types/node": "^20.11.20",
     "tsx": "^4.19.3",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "vitest": "^1.0.0"
   },
   "dependencies": {
     "chalk": "^4.1.2",