cipher-security 2.0.4 → 2.0.6

package/bin/cipher.js

@@ -72,7 +72,7 @@ ${B}Commands:${R}
 
   ${GRN}api${R}               Start REST API server
   ${GRN}mcp${R}               Start MCP server (stdio)
-  ${GRN}bot${R}               Start Signal bot
+  ${GRN}bot${R}               Start Signal bot (background)
 
   ${GRN}workflow${R}           Generate CI/CD security workflow
   ${GRN}memory-export${R}     Export memory to JSON
@@ -82,8 +82,6 @@ ${B}Commands:${R}
   ${GRN}plugin${R}            Manage plugins
   ${GRN}setup-signal${R}      Configure Signal integration
   ${GRN}score${R}             Score response quality
-  ${GRN}dashboard${R}         System dashboard
-  ${GRN}web${R}               Web interface (use cipher api)
 
 ${B}Options:${R}
   --version, -V     Print version and exit
@@ -194,7 +192,7 @@ if (autonomousMode === '__pending__') {
 const knownCommands = new Set([
   // Gateway
   'query', 'ingest', 'status', 'doctor', 'setup-signal',
-  'dashboard', 'web', 'version', 'plugin',
+  'version', 'plugin',
   // Pipeline
   'scan', 'search', 'store', 'diff', 'workflow', 'stats', 'domains',
   'skills', 'score', 'marketplace', 'compliance', 'leaderboard',
@@ -456,11 +454,74 @@ if (mode === 'native') {
       mcp.startStdio();
     // ── Bot command: Signal bot ──────────────────────────────────────────
     } else if (command === 'bot') {
-      const { banner, header, info, warn, success, divider } = await import('../lib/brand.js');
+      const { banner, header, info, warn, success, divider, error: brandError } = await import('../lib/brand.js');
       const { loadConfig, configExists } = await import('../lib/config.js');
+      const { existsSync, readFileSync, unlinkSync } = await import('node:fs');
+      const { join } = await import('node:path');
+      const { homedir } = await import('node:os');
+
+      const pidFile = join(homedir(), '.cipher', 'bot.pid');
+      const logFile = join(homedir(), '.cipher', 'bot.log');
+      const subAction = commandArgs[0];
+
+      // ── cipher bot stop ────────────────────────────────────────────
+      if (subAction === 'stop') {
+        if (!existsSync(pidFile)) {
+          header('Signal Bot');
+          warn('Bot is not running (no PID file).');
+          process.exit(0);
+        }
+        const pid = parseInt(readFileSync(pidFile, 'utf-8').trim(), 10);
+        try {
+          process.kill(pid, 'SIGTERM');
+          unlinkSync(pidFile);
+          header('Signal Bot');
+          success(`Bot stopped (PID ${pid}).`);
+        } catch (err) {
+          // Process already gone
+          unlinkSync(pidFile);
+          header('Signal Bot');
+          warn(`Bot process ${pid} not found — cleaned up stale PID file.`);
+        }
+        process.exit(0);
+      }
 
-      banner(pkg.version);
-      header('Signal Bot');
+      // ── cipher bot status ──────────────────────────────────────────
+      if (subAction === 'status') {
+        header('Signal Bot');
+        if (!existsSync(pidFile)) {
+          warn('Bot is not running.');
+        } else {
+          const pid = parseInt(readFileSync(pidFile, 'utf-8').trim(), 10);
+          try {
+            process.kill(pid, 0); // signal 0 = check if alive
+            success(`Bot is running (PID ${pid}).`);
+            info(`Log: ${logFile}`);
+          } catch {
+            warn(`Bot PID ${pid} is stale — not running.`);
+            unlinkSync(pidFile);
+          }
+        }
+        process.exit(0);
+      }
+
+      // ── cipher bot (start) ─────────────────────────────────────────
+      // Fork as foreground if --foreground, otherwise daemonize
+      const foreground = commandArgs.includes('--foreground') || commandArgs.includes('-f');
+
+      // Check if already running (skip in foreground mode — we ARE the child)
+      if (!foreground && existsSync(pidFile)) {
+        const existingPid = parseInt(readFileSync(pidFile, 'utf-8').trim(), 10);
+        try {
+          process.kill(existingPid, 0);
+          header('Signal Bot');
+          warn(`Bot is already running (PID ${existingPid}).`);
+          info('Run: cipher bot stop');
+          process.exit(1);
+        } catch {
+          unlinkSync(pidFile); // stale PID file
+        }
+      }
 
       // Load signal config
       let signalCfg = {};
@@ -480,6 +541,7 @@ if (mode === 'native') {
         : signalCfg.whitelist || [];
 
       if (!svc || !phone) {
+        header('Signal Bot');
         divider();
         warn('Signal is not configured.');
         info('Run: cipher setup-signal');
@@ -487,19 +549,52 @@ if (mode === 'native') {
         process.exit(1);
       }
 
-      divider();
-      success(`Service:   ${svc}`);
-      success(`Phone:     ${phone}`);
-      if (whitelist.length) {
-        success(`Whitelist: ${whitelist.join(', ')}`);
+      if (foreground) {
+        banner(pkg.version);
+        header('Signal Bot (foreground)');
+        divider();
+        success(`Service:   ${svc}`);
+        success(`Phone:     ${phone}`);
+        if (whitelist.length) {
+          success(`Whitelist: ${whitelist.join(', ')}`);
+        } else {
+          warn('Whitelist: none (all senders allowed)');
+        }
+        divider();
+        info('Running in foreground (Ctrl+C to stop)...');
+
+        const { runBot } = await import('../lib/bot/bot.js');
+        await runBot({ signalService: svc, phoneNumber: phone, whitelist, sessionTimeout: signalCfg.session_timeout || 3600 });
       } else {
-        warn('Whitelist: none (all senders allowed)');
-      }
-      divider();
-      info('Starting bot... (Ctrl+C to stop)');
+        // Daemonize: spawn detached child with --foreground flag
+        const { spawn } = await import('node:child_process');
+        const { openSync, writeFileSync: writePid, mkdirSync } = await import('node:fs');
+
+        mkdirSync(join(homedir(), '.cipher'), { recursive: true });
+        const logFd = openSync(logFile, 'a');
+
+        const child = spawn(process.execPath, [
+          ...process.argv.slice(1), '--foreground',
+        ], {
+          detached: true,
+          stdio: ['ignore', logFd, logFd],
+          env: { ...process.env },
+        });
+
+        writePid(pidFile, String(child.pid), 'utf-8');
+        child.unref();
 
-      const { runBot } = await import('../lib/bot/bot.js');
-      await runBot({ signalService: svc, phoneNumber: phone, whitelist, sessionTimeout: signalCfg.session_timeout || 3600 });
+        header('Signal Bot');
+        divider();
+        success(`Service:   ${svc}`);
+        success(`Phone:     ${phone}`);
+        divider();
+        success(`Bot started in background (PID ${child.pid}).`);
+        info(`Log: ${logFile}`);
+        info('Run: cipher bot stop    — stop the bot');
+        info('Run: cipher bot status  — check if running');
+        divider();
+      }
     // ── Query command: streaming via Gateway or non-streaming via handler ──
     } else if (command === 'query') {
       const queryText = commandArgs.filter(a => !a.startsWith('-')).join(' ');

package/lib/commands.js

@@ -5,7 +5,7 @@
 /**
  * commands.js — Command routing table for the CIPHER CLI.
  *
- * Maps all 30 CLI commands to one of three dispatch modes:
+ * Maps all 28 CLI commands to one of three dispatch modes:
  *   - native:       Dispatched directly through Node.js handler functions (no Python)
  *   - passthrough:  Legacy mode — no commands use this as of v2.0
  *                   (full terminal access for Rich panels, Textual TUIs, long-running services)
@@ -49,8 +49,6 @@ export const COMMAND_MODES = {
   // ── Passthrough commands (direct Python spawn, full terminal) ──────────
   // These were Python-dependent — now ported to Node.js.
   scan:            { mode: 'native', description: 'Run a security scan' },
-  dashboard:       { mode: 'native', description: 'System dashboard' },
-  web:             { mode: 'native', description: 'Web interface (use `cipher api` instead)' },
   bot:             { mode: 'native', description: 'Manage bot integrations (long-running service)' },
   mcp:             { mode: 'native', description: 'MCP server tools (long-running service)' },
   api:             { mode: 'native', description: 'API management (long-running server)' },

package/lib/gateway/commands.js

@@ -3,7 +3,7 @@
 // CIPHER is a trademark of defconxt.
 
 /**
- * commands.js — Node.js handler functions for all 30 CLI commands.
+ * commands.js — Node.js handler functions for all 28 CLI commands.
  *
  * Each handler accepts a plain args object and returns a plain JS object.
  * No Rich formatting, no Typer framework — just data. The rendering
@@ -261,14 +261,25 @@ export async function handleMemoryExport(args = {}) {
   const { CipherMemory } = await import('../memory/index.js');
   const memory = new CipherMemory(defaultMemoryDir());
   try {
-    const results = memory.search('', {}, 10000);
-    let entries = results.map(r => (typeof r.toDict === 'function' ? r.toDict() : r));
+    // Query all entries directly — memory.search('') returns nothing for empty queries
+    const rows = memory.symbolic.db.prepare(
+      'SELECT * FROM entries WHERE is_archived = 0 ORDER BY created_at DESC LIMIT 10000'
+    ).all();
+    let entries = rows.map(r => ({
+      entry_id: r.entry_id,
+      content: r.content,
+      memory_type: r.memory_type,
+      severity: r.severity,
+      engagement_id: r.engagement_id,
+      mitre_attack: r.mitre_attack ? JSON.parse(r.mitre_attack) : [],
+      targets: r.targets ? JSON.parse(r.targets) : [],
+      tags: r.tags ? JSON.parse(r.tags) : [],
+      created_at: r.created_at,
+    }));
     if (args.engagement) {
-      entries = entries.filter(e =>
-        (e.engagement_id || e.engagementId) === args.engagement
-      );
+      entries = entries.filter(e => e.engagement_id === args.engagement);
     }
-    const output = args.output || 'cipher-memory-export.json';
+    const output = getFlagArg(args, 'output', '--output', 'cipher-memory-export.json');
     const data = { entries, count: entries.length };
     writeFileSync(output, JSON.stringify(data, null, 2), 'utf-8');
     debug(`memory-export: ${entries.length} entries → ${output}`);
@@ -388,14 +399,26 @@ export async function handleStatus(args = {}) {
  */
 export async function handleDiff(args = {}) {
   let diffText = getArg(args, 'file');
-  if (!diffText) {
+
+  // Check for stdin marker '-' — getArg filters it as a flag, so check raw args
+  const isStdin = Array.isArray(args) && args.includes('-');
+
+  if (!diffText && !isStdin) {
     return { error: true, message: 'Usage: cipher diff <file.patch>\n       cat changes.diff | cipher diff -' };
   }
   const { SecurityDiffAnalyzer } = await import('../pipeline/index.js');
   const analyzer = new SecurityDiffAnalyzer();
 
+  // Read from stdin when argument is '-'
+  if (isStdin) {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    diffText = Buffer.concat(chunks).toString('utf-8');
+  }
   // If it looks like a file path (no newlines, exists on disk), read it
-  if (diffText && !diffText.includes('\n') && existsSync(diffText)) {
+  else if (diffText && !diffText.includes('\n') && existsSync(diffText)) {
     diffText = readFileSync(diffText, 'utf-8');
   }
 
@@ -472,23 +495,50 @@ export async function handleSarif(args = {}) {
 export async function handleOsint(args = {}) {
   const target = getArg(args, 'target');
   if (!target) {
-    return { error: true, message: 'Usage: cipher osint <domain|ip> [--type domain|ip]' };
+    return { error: true, message: 'Usage: cipher osint <target> [--type domain|ip|username|email|url]\n\nInvestigation types:\n  domain    DNS, WHOIS, cert transparency, Wayback Machine, web tech, IP geolocation\n  ip        Reverse DNS, IP classification, geolocation\n  username  Search 400+ platforms via Sherlock\n  email     Check account existence on 120+ services via Holehe\n  url       Wayback Machine + archive.today snapshots' };
   }
   const { OSINTPipeline } = await import('../pipeline/index.js');
   const pipeline = new OSINTPipeline();
-  const type = getFlagArg(args, 'type', '--type', 'domain');
+  const type = getFlagArg(args, 'type', '--type', null);
+
+  // Auto-detect type if not specified
+  let investigationType = type;
+  if (!investigationType) {
+    if (target.includes('@')) investigationType = 'email';
+    else if (target.startsWith('http://') || target.startsWith('https://')) investigationType = 'url';
+    else if (/^\d+\.\d+\.\d+\.\d+$/.test(target) || (target.includes(':') && !target.includes('/'))) investigationType = 'ip';
+    else if (target.includes('/')) investigationType = 'url';
+    else if (target.includes('.')) investigationType = 'domain';
+    else investigationType = 'username';
+  }
 
-  const results = type === 'ip'
-    ? pipeline.investigateIp(target)
-    : pipeline.investigateDomain(target);
+  let results;
+  switch (investigationType) {
+    case 'ip':
+      results = await pipeline.investigateIp(target);
+      break;
+    case 'username':
+      results = pipeline.investigateUsername(target);
+      break;
+    case 'email':
+      results = pipeline.investigateEmail(target);
+      break;
+    case 'url':
+      results = await pipeline.investigateUrl(target);
+      break;
+    case 'domain':
+    default:
+      results = await pipeline.investigateDomain(target);
+      break;
+  }
 
   const data = {
     target,
-    type,
+    type: investigationType,
     results: results.map(r => (typeof r.toDict === 'function' ? r.toDict() : r)),
     summary: pipeline.summary(),
   };
-  debug(`osint: ${target} (${type}) → ${results.length} results`);
+  debug(`osint: ${target} (${investigationType}) → ${results.length} results`);
   return data;
 }
 
@@ -908,19 +958,74 @@ function countFiles(dir, filename, subdir) {
 export async function handleScan(args = {}) {
   const target = Array.isArray(args) ? args.find(a => !a.startsWith('-')) : args.target;
   if (!target) {
-    return { error: true, message: 'Usage: cipher scan <target> [--profile <profile>]' };
+    return { error: true, message: 'Usage: cipher scan <target> [--profile <profile>]\n\nProfiles: quick, standard, pentest, recon, full\n  quick     Tech detection + known CVEs only (~30s)\n  standard  Common vulns + misconfigs (~2-5 min)\n  pentest   Full pentest template set (~5-15 min)\n  recon     Discovery + exposure (~2-5 min)\n  full      All templates (~15-30 min)' };
   }
   try {
     const { NucleiRunner, ScanProfile } = await import('../pipeline/scanner.js');
     const runner = new NucleiRunner();
+
+    if (!runner.available) {
+      return { error: true, message: 'nuclei is not installed.\nInstall: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest' };
+    }
+
     const profileArg = Array.isArray(args) ? (args.find((a, i) => args[i - 1] === '--profile') || 'standard') : (args.profile || 'standard');
-    const result = await runner.scan(target, { profile: ScanProfile.fromDomain(profileArg) });
+
+    // Quick profile — fast tech detection + critical CVEs only
+    let scanOpts;
+    if (profileArg === 'quick') {
+      // Quick mode: use specific fast templates instead of tag-based matching
+      // This avoids nuclei loading 900+ templates for the 'tech' tag
+      const quickTemplates = [
+        'http/technologies/tech-detect.yaml',
+        'http/technologies/waf-detect.yaml',
+        'dns/dns-waf-detect.yaml',
+      ];
+      // Resolve template paths — check nuclei's default template dir
+      const { homedir: hd } = await import('node:os');
+      const { existsSync: exists } = await import('node:fs');
+      const { join: pjoin } = await import('node:path');
+      const templateBase = pjoin(hd(), 'nuclei-templates');
+      const resolvedPaths = quickTemplates
+        .map(t => pjoin(templateBase, t))
+        .filter(t => exists(t));
+
+      if (resolvedPaths.length > 0) {
+        scanOpts = { templatePaths: resolvedPaths, timeout: 30 };
+      } else {
+        // Fallback: use tags if template dir not found
+        scanOpts = {
+          profile: { tags: ['tech'], severity: ['info'], rateLimit: 150, bulkSize: 50, concurrency: 50, requestTimeout: 5, headless: false },
+          timeout: 120,
+        };
+      }
+      process.stderr.write('  ● Scanning (quick — tech detection, ~5-10s)...\n');
+    } else {
+      scanOpts = { profile: ScanProfile.fromDomain(profileArg) };
+      process.stderr.write(`  ● Scanning (${profileArg} profile — this may take several minutes)...\n`);
+    }
+
+    const result = scanOpts.templatePaths
+      ? await runner.scanWithTemplates(target, scanOpts)
+      : await runner.scan(target, scanOpts);
+
+    process.stderr.write(`  ✔ Scan complete: ${(result.findings || []).length} finding(s) in ${result.durationSeconds || '?'}s\n`);
+
     return {
       output: JSON.stringify({
         target,
         profile: profileArg,
-        findings: (result.findings || []).length,
-        status: 'completed',
+        findings_count: (result.findings || []).length,
+        findings: (result.findings || []).map(f => ({
+          name: f.name || f.templateId,
+          severity: f.severity,
+          matched_at: f.matchedAt || f.host,
+          template: f.templateId,
+          description: f.description || '',
+        })),
+        stats: result.stats || {},
+        duration_seconds: result.durationSeconds || 0,
+        status: result.success ? 'completed' : 'completed_with_errors',
+        errors: (result.errors || []).length > 0 ? result.errors : undefined,
       }, null, 2),
     };
   } catch (err) {
@@ -928,36 +1033,6 @@ export async function handleScan(args = {}) {
   }
 }
 
-// ---------------------------------------------------------------------------
-// Dashboard command — stub for Node.js TUI (Textual TUI not ported)
-// ---------------------------------------------------------------------------
-
-export async function handleDashboard() {
-  const brand = await import('../brand.js');
-  brand.header('Dashboard');
-  brand.divider();
-  brand.info('Dashboard TUI is not yet available.');
-  brand.info('Use: cipher status    \u2014 system status');
-  brand.info('Use: cipher doctor    \u2014 health check');
-  brand.info('Use: cipher api       \u2014 REST API server');
-  brand.divider();
-  return {};
-}
-
-// ---------------------------------------------------------------------------
-// Web command — delegates to API server
-// ---------------------------------------------------------------------------
-
-export async function handleWeb(args = {}) {
-  const brand = await import('../brand.js');
-  brand.header('Web Interface');
-  brand.divider();
-  brand.info('The web interface has been consolidated into the API server.');
-  brand.info('Use: cipher api --no-auth --port 8443');
-  brand.divider();
-  return {};
-}
-
 // ---------------------------------------------------------------------------
 // Setup Signal command — Signal bot configuration
 // ---------------------------------------------------------------------------

package/lib/gateway/index.js

@@ -60,8 +60,6 @@ export {
   handleMarketplace,
   handleCompliance,
   handleScan,
-  handleDashboard,
-  handleWeb,
   handleSetupSignal,
   handleUpdate,
 } from './commands.js';