codeant-cli 0.1.0

package/README.md

@@ -0,0 +1,226 @@
+# CodeAnt CLI
+
+A command-line tool for code review and security scanning.
+
+## Installation
+
+```bash
+npm install -g codeant-cli
+```
+
+Or run locally:
+
+```bash
+git clone https://github.com/codeantai/codeant-cli.git
+cd codeant-cli
+npm install
+npm link
+```
+
+## Quick Start
+
+```bash
+# Login to CodeAnt
+codeant login
+
+# Scan staged files for secrets
+codeant secrets
+```
+
+## Usage
+
+```bash
+codeant <command> [options]
+```
+
+### Commands
+
+#### `login`
+
+Authenticate with CodeAnt. Opens a browser window for login.
+
+```bash
+codeant login
+```
+
+#### `logout`
+
+Log out from CodeAnt.
+
+```bash
+codeant logout
+```
+
+#### `secrets`
+
+Scan your code for exposed secrets, API keys, and credentials.
+
+```bash
+codeant secrets [options]
+```
+
+**Options:**
+
+| Option | Description |
+|--------|-------------|
+| `--staged` | Scan only staged files (default) |
+| `--all` | Scan all changed files compared to base branch |
+| `--uncommitted` | Scan all uncommitted changes |
+| `--last-commit` | Scan files from the last commit |
+| `--fail-on <level>` | Fail only on HIGH, MEDIUM, or all (default: HIGH) |
+
+**Examples:**
+
+```bash
+# Scan staged files (default)
+codeant secrets
+
+# Scan all changed files
+codeant secrets --all
+
+# Scan last commit
+codeant secrets --last-commit
+
+# Only fail on HIGH confidence secrets (default)
+codeant secrets --fail-on HIGH
+
+# Fail on HIGH and MEDIUM confidence secrets
+codeant secrets --fail-on MEDIUM
+
+# Fail on all secrets (except false positives)
+codeant secrets --fail-on all
+```
+
+**Exit codes:**
+- `0` - No blocking secrets found (or only false positives)
+- `1` - Secrets detected that match the `--fail-on` threshold
+
+**Confidence Levels:**
+- `HIGH` - High confidence, likely a real secret
+- `MEDIUM` - Medium confidence, may need review
+- `FALSE_POSITIVE` - Detected but likely not a real secret (always ignored)
+
+#### `set-base-url <url>`
+
+Set a custom API base URL.
+
+```bash
+codeant set-base-url https://api.example.com
+```
+
+#### `get-base-url`
+
+Show the current API base URL and its source.
+
+```bash
+codeant get-base-url
+```
+
+### Global Options
+
+```bash
+codeant --version    # Show version
+codeant --help       # Show help
+```
+
+## Configuration
+
+Config is stored in `~/.codeant/config.json`.
+
+You can also use environment variables:
+
+| Variable | Description |
+|----------|-------------|
+| `CODEANT_API_URL` | API base URL (overrides config) |
+| `CODEANT_API_TOKEN` | Authentication token (overrides config) |
+
+**Priority order:**
+1. Environment variables (highest)
+2. Config file (`~/.codeant/config.json`)
+3. Default values
+
+## Git Hooks
+
+Use CodeAnt as a pre-commit hook to prevent secrets from being committed.
+
+### Manual Setup
+
+Create `.git/hooks/pre-commit`:
+
+```bash
+#!/bin/sh
+codeant secrets
+```
+
+Make it executable:
+
+```bash
+chmod +x .git/hooks/pre-commit
+```
+
+### With Husky
+
+```bash
+npx husky add .husky/pre-commit "codeant secrets"
+```
+
+### With lefthook
+
+Add to `lefthook.yml`:
+
+```yaml
+pre-commit:
+  commands:
+    secrets:
+      run: codeant secrets
+```
+
+## Example Output
+
+### Secrets Found (blocking)
+
+```
+✗ 2 secret(s) found!
+
+src/config.js
+  Line 5: AWS Access Key (HIGH)
+  Line 12: API Key (HIGH)
+
+Remove secrets before committing.
+```
+
+### Only False Positives (non-blocking)
+
+```
+⚠ 1 potential secret(s) found (ignored)
+
+Ignored (false positives):
+  src/example.js
+    Line 10: Generic Secret (FALSE_POSITIVE)
+
+✓ Commit allowed (only false positives found)
+```
+
+### No Secrets
+
+```
+✓ No secrets found
+```
+
+## Development
+
+```bash
+# Run locally
+node src/index.js secrets
+
+# Run with npm
+npm start secrets
+
+# Test different scan types
+node src/index.js secrets --last-commit
+node src/index.js secrets --all
+```
+
+## License
+
+MIT

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "codeant-cli",
+  "version": "0.1.0",
+  "description": "Code review CLI tool",
+  "type": "module",
+  "bin": {
+    "codeant": "./src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js"
+  },
+  "keywords": ["cli", "code-review", "secrets"],
+  "author": "",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": ""
+  },
+  "files": [
+    "src"
+  ],
+  "dependencies": {
+    "commander": "^12.1.0",
+    "ink": "^5.0.1",
+    "open": "^10.1.0",
+    "react": "^18.3.1"
+  }
+}

package/src/commands/getBaseUrl.js

@@ -0,0 +1,25 @@
+import React, { useEffect } from 'react';
+import { Text, Box, useApp } from 'ink';
+import { getConfigValue } from '../utils/config.js';
+
+export default function GetBaseUrl() {
+  const { exit } = useApp();
+
+  const envUrl = process.env.CODEANT_API_URL;
+  const configUrl = getConfigValue('baseUrl');
+  const defaultUrl = 'https://api.codeant.ai';
+
+  const activeUrl = envUrl || configUrl || defaultUrl;
+  const source = envUrl ? 'env' : configUrl ? 'config' : 'default';
+
+  useEffect(() => {
+    exit();
+  }, []);
+
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    React.createElement(Text, { bold: true }, 'Base URL: ', activeUrl),
+    React.createElement(Text, { color: 'gray' }, 'Source: ', source)
+  );
+}

package/src/commands/login.js

@@ -0,0 +1,124 @@
+import React, { useState, useEffect } from 'react';
+import { Text, Box, useApp } from 'ink';
+import { getConfigValue, setConfigValue } from '../utils/config.js';
+import { randomUUID } from 'crypto';
+
+const POLL_INTERVAL = 10000; // 10 seconds
+const TIMEOUT = 10 * 60 * 1000; // 10 minutes
+
+export default function Login() {
+  const { exit } = useApp();
+  const [status, setStatus] = useState('opening');
+  const [error, setError] = useState(null);
+
+  useEffect(() => {
+    // Check if already logged in
+    const existingToken = getConfigValue('apiKey');
+    if (existingToken) {
+      setStatus('already_logged_in');
+      setTimeout(() => exit(), 100);
+      return;
+    }
+
+    const token = randomUUID();
+    const baseUrl = getConfigValue('baseUrl') || 'https://api.codeant.ai';
+    const loginUrl = `https://app.codeant.ai?ideLoginToken=${token}`;
+    const pollUrl = `${baseUrl}/extension/login/status?apiKey=${token}`;
+
+    // Open browser
+    import('open').then(({ default: open }) => {
+      open(loginUrl);
+      setStatus('waiting');
+    }).catch(() => {
+      // Fallback: just show the URL
+      console.log(`\nOpen this URL in your browser:\n${loginUrl}\n`);
+      setStatus('waiting');
+    });
+
+    // Poll for login status
+    let timeoutId;
+    const intervalId = setInterval(async () => {
+      try {
+        const response = await fetch(pollUrl);
+        const data = await response.json();
+
+        if (data.status === 'yes') {
+          clearInterval(intervalId);
+          clearTimeout(timeoutId);
+
+          // Save the API key
+          setConfigValue('apiKey', token);
+
+          // Check for custom API URL based on email domain
+          if (data.item?.email?.includes('commvault.com')) {
+            setConfigValue('baseUrl', 'https://codeant-api.commvault.com');
+          }
+
+          setStatus('success');
+          setTimeout(() => exit(), 100);
+        }
+      } catch (err) {
+        // Silently continue polling
+      }
+    }, POLL_INTERVAL);
+
+    // Timeout after 10 minutes
+    timeoutId = setTimeout(() => {
+      clearInterval(intervalId);
+      setError('Login timed out. Please try again.');
+      setStatus('error');
+      setTimeout(() => exit(new Error('Login timed out')), 100);
+    }, TIMEOUT);
+
+    // Cleanup
+    return () => {
+      clearInterval(intervalId);
+      clearTimeout(timeoutId);
+    };
+  }, []);
+
+  if (status === 'already_logged_in') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'Already logged in.'),
+      React.createElement(Text, { color: 'gray' }, 'Run "codeant logout" first to re-authenticate.')
+    );
+  }
+
+  if (status === 'opening') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, null, 'Opening browser...')
+    );
+  }
+
+  if (status === 'waiting') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, 'Waiting for login...'),
+      React.createElement(Text, { color: 'gray' }, 'Complete the login in your browser.'),
+      React.createElement(Text, { color: 'gray' }, 'Checking every 10 seconds. Timeout in 10 minutes.')
+    );
+  }
+
+  if (status === 'success') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'green' }, '✓ Login successful!')
+    );
+  }
+
+  if (status === 'error') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ ', error)
+    );
+  }
+
+  return null;
+}

package/src/commands/logout.js

@@ -0,0 +1,30 @@
+import React, { useEffect } from 'react';
+import { Text, Box, useApp } from 'ink';
+import { getConfigValue, setConfigValue } from '../utils/config.js';
+
+export default function Logout() {
+  const { exit } = useApp();
+
+  const wasLoggedIn = !!getConfigValue('apiKey');
+
+  useEffect(() => {
+    if (wasLoggedIn) {
+      setConfigValue('apiKey', null);
+    }
+    exit();
+  }, []);
+
+  if (!wasLoggedIn) {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'Not logged in.')
+    );
+  }
+
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    React.createElement(Text, { color: 'green' }, '✓ Logged out successfully.')
+  );
+}

package/src/commands/secrets.js

@@ -0,0 +1,251 @@
+import React, { useState, useEffect } from 'react';
+import { Text, Box, useApp } from 'ink';
+import { getConfigValue } from '../utils/config.js';
+import { fetchApi } from '../utils/fetchApi.js';
+import SecretsApiHelper from '../utils/secretsApiHelper.js';
+
+export default function Secrets({ scanType = 'staged-only', failOn = 'HIGH' }) {
+  const { exit } = useApp();
+  const [status, setStatus] = useState('initializing');
+  const [secrets, setSecrets] = useState([]);
+  const [error, setError] = useState(null);
+  const [fileCount, setFileCount] = useState(0);
+
+  const apiKey = getConfigValue('apiKey');
+
+  // Check if logged in
+  if (!apiKey) {
+    useEffect(() => {
+      exit(new Error('Not logged in'));
+    }, []);
+
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Not logged in.'),
+      React.createElement(Text, { color: 'gray' }, 'Run "codeant login" to authenticate.')
+    );
+  }
+
+  // Helper to check if a secret should cause failure based on failOn level
+  const shouldFailOn = (confidenceScore) => {
+    const score = confidenceScore?.toUpperCase();
+    if (score === 'FALSE_POSITIVE') return false;
+    if (failOn === 'HIGH') return score === 'HIGH';
+    if (failOn === 'MEDIUM') return score === 'HIGH' || score === 'MEDIUM';
+    return true; // 'all' - fail on any non-false-positive
+  };
+
+  useEffect(() => {
+    async function scanSecrets() {
+      try {
+        setStatus('scanning');
+
+        // Initialize git helper and get staged files
+        const helper = new SecretsApiHelper(process.cwd());
+        await helper.init();
+
+        const requestBody = await helper.buildSecretsApiRequest(scanType);
+        setFileCount(requestBody.files.length);
+
+        if (requestBody.files.length === 0) {
+          setStatus('no_files');
+          return;
+        }
+
+        // Call the secrets detection API
+        const response = await fetchApi(
+          '/extension/pr-review/secrets-detection',
+          'POST',
+          requestBody
+        );
+
+        const detectedSecrets = response.secretsDetected || [];
+
+        // Filter to only include files with actual secrets
+        const filesWithSecrets = detectedSecrets.filter(
+          file => file.secrets && file.secrets.length > 0
+        );
+
+        setSecrets(filesWithSecrets);
+        setStatus('done');
+      } catch (err) {
+        setError(err.message);
+        setStatus('error');
+      }
+    }
+
+    scanSecrets();
+  }, []);
+
+  // Handle exit after status changes
+  useEffect(() => {
+    if (status === 'done') {
+      // Check if any secrets should cause failure based on failOn level
+      const hasBlockingSecrets = secrets.some(file =>
+        file.secrets.some(secret => shouldFailOn(secret.confidence_score))
+      );
+
+      if (hasBlockingSecrets) {
+        setTimeout(() => {
+          process.exitCode = 1;
+          exit(new Error('Secrets detected'));
+        }, 100);
+      } else {
+        setTimeout(() => exit(), 100);
+      }
+    } else if (status === 'no_files') {
+      setTimeout(() => exit(), 100);
+    } else if (status === 'error') {
+      setTimeout(() => exit(new Error(error)), 100);
+    }
+  }, [status, secrets]);
+
+  // Render: Initializing
+  if (status === 'initializing') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, 'Initializing...')
+    );
+  }
+
+  // Render: Scanning
+  if (status === 'scanning') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, `Scanning ${fileCount} file(s) for secrets...`)
+    );
+  }
+
+  // Render: No files to scan
+  if (status === 'no_files') {
+    const noFilesMessages = {
+      'staged-only': 'Stage some changes first with "git add".',
+      'branch-diff': 'No changes found compared to the base branch.',
+      'uncommitted': 'No uncommitted changes found.',
+      'last-commit': 'No files found in the last commit.'
+    };
+
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'No files to scan.'),
+      React.createElement(Text, { color: 'gray' }, noFilesMessages[scanType] || 'No files found.')
+    );
+  }
+
+  // Render: Error
+  if (status === 'error') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Error: ', error)
+    );
+  }
+
+  // Render: Done with secrets found
+  if (status === 'done' && secrets.length > 0) {
+    const allSecrets = secrets.flatMap(file =>
+      file.secrets.map(s => ({ ...s, file_path: file.file_path }))
+    );
+
+    const blockingSecrets = allSecrets.filter(s => shouldFailOn(s.confidence_score));
+    const falsePositives = allSecrets.filter(s => !shouldFailOn(s.confidence_score));
+
+    const hasBlockingSecrets = blockingSecrets.length > 0;
+
+    // Group by file for display
+    const groupByFile = (secretsList) => {
+      const grouped = {};
+      secretsList.forEach(s => {
+        if (!grouped[s.file_path]) grouped[s.file_path] = [];
+        grouped[s.file_path].push(s);
+      });
+      return grouped;
+    };
+
+    const blockingByFile = groupByFile(blockingSecrets);
+    const falsePositivesByFile = groupByFile(falsePositives);
+
+    const elements = [
+      // Header
+      React.createElement(
+        Text,
+        { key: 'header', color: hasBlockingSecrets ? 'red' : 'yellow', bold: true },
+        hasBlockingSecrets
+          ? `✗ ${blockingSecrets.length} secret(s) found!`
+          : `⚠ ${falsePositives.length} potential secret(s) found (ignored)`
+      ),
+      React.createElement(Text, { key: 'spacer1' }, '')
+    ];
+
+    // Blocking secrets
+    if (blockingSecrets.length > 0) {
+      Object.entries(blockingByFile).forEach(([filePath, fileSecrets]) => {
+        elements.push(
+          React.createElement(Text, { key: `file-${filePath}`, color: 'yellow', bold: true }, filePath)
+        );
+        fileSecrets.forEach((secret, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `secret-${filePath}-${idx}`, color: 'red' },
+              `  Line ${secret.line_number}: ${secret.type} (${secret.confidence_score})`
+            )
+          );
+        });
+      });
+    }
+
+    // False positives / ignored
+    if (falsePositives.length > 0) {
+      if (blockingSecrets.length > 0) {
+        elements.push(React.createElement(Text, { key: 'spacer2' }, ''));
+      }
+      elements.push(
+        React.createElement(Text, { key: 'fp-header', color: 'gray' }, 'Ignored (false positives):')
+      );
+      Object.entries(falsePositivesByFile).forEach(([filePath, fileSecrets]) => {
+        elements.push(
+          React.createElement(Text, { key: `fp-file-${filePath}`, color: 'gray' }, `  ${filePath}`)
+        );
+        fileSecrets.forEach((secret, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `fp-secret-${filePath}-${idx}`, color: 'gray', dimColor: true },
+              `    Line ${secret.line_number}: ${secret.type} (${secret.confidence_score})`
+            )
+          );
+        });
+      });
+    }
+
+    elements.push(React.createElement(Text, { key: 'spacer3' }, ''));
+
+    if (hasBlockingSecrets) {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'gray' }, 'Remove secrets before committing.')
+      );
+    } else {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'green' }, '✓ Commit allowed (only false positives found)')
+      );
+    }
+
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      ...elements
+    );
+  }
+
+  // Render: Done with no secrets
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    React.createElement(Text, { color: 'green' }, '✓ No secrets found')
+  );
+}