codeant-cli 0.1.1 → 0.1.3

package/README.md

@@ -115,6 +115,51 @@ Use `--include` and `--exclude` with glob patterns to filter files:
 - `MEDIUM` - Medium confidence, may need review
 - `FALSE_POSITIVE` - Detected but likely not a real secret (always ignored)
 
+#### `static-analysis`
+
+Run static code analysis to detect code quality issues, bugs, and code smells.
+
+```bash
+codeant static-analysis [options]
+```
+
+**Options:**
+
+| Option | Description |
+|--------|-------------|
+| `--staged` | Scan only staged files (default) |
+| `--all` | Scan all changed files compared to base branch |
+| `--uncommitted` | Scan all uncommitted changes |
+| `--last-commit` | Scan files from the last commit |
+| `--fail-on <level>` | Fail on issues at or above this level (default: CRITICAL) |
+| `--auto-fix` | Automatically apply fixes when available |
+| `--include <patterns>` | Comma-separated glob patterns to include files |
+| `--exclude <patterns>` | Comma-separated glob patterns to exclude files |
+
+**Issue Levels:** `BLOCKER` > `CRITICAL` > `MAJOR` > `MINOR` > `INFO`
+
+#### `security-analysis`
+
+Run security analysis to detect vulnerabilities in your code.
+
+```bash
+codeant security-analysis [options]
+```
+
+**Options:**
+
+| Option | Description |
+|--------|-------------|
+| `--staged` | Scan only staged files (default) |
+| `--all` | Scan all changed files compared to base branch |
+| `--uncommitted` | Scan all uncommitted changes |
+| `--last-commit` | Scan files from the last commit |
+| `--fail-on <level>` | Fail on issues at or above this level (default: HIGH) |
+| `--include <patterns>` | Comma-separated glob patterns to include files |
+| `--exclude <patterns>` | Comma-separated glob patterns to exclude files |
+
+**Severity Levels:** `CRITICAL` > `HIGH` > `MEDIUM`
+
 #### `set-base-url <url>`
 
 Set a custom API base URL.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeant-cli",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Code review CLI tool",
   "type": "module",
   "bin": {

package/src/commands/securityAnalysis.js

@@ -0,0 +1,284 @@
+import React, { useEffect, useState } from 'react';
+import { Box, Text, useApp } from 'ink';
+import { getConfigValue } from '../utils/config.js';
+import { fetchApi } from '../utils/fetchApi.js';
+import SecurityAnalysisApiHelper from '../utils/securityAnalysisApiHelper.js';
+
+export default function SecurityAnalysis({ scanType = 'staged-only', failOn = 'HIGH', include = [], exclude = [] }) {
+  const { exit } = useApp();
+  const [status, setStatus] = useState('initializing');
+  const [issues, setIssues] = useState([]);
+  const [error, setError] = useState(null);
+  const [fileCount, setFileCount] = useState(0);
+
+  const apiKey = getConfigValue('apiKey');
+
+  // Handle not logged in state
+  useEffect(() => {
+    if (!apiKey) {
+      const id = setTimeout(() => exit(new Error('Not logged in')), 0);
+      return () => clearTimeout(id);
+    }
+  }, [apiKey, exit]);
+
+  // Check if logged in
+  if (!apiKey) {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Not logged in.'),
+      React.createElement(Text, { color: 'gray' }, 'Run "codeant login" to authenticate.'),
+    );
+  }
+
+  // Helper to check if an issue should cause failure based on failOn level
+  const shouldFailOn = (severity) => {
+    const score = severity?.toUpperCase();
+    if (score === 'FALSE_POSITIVE') return false;
+    if (failOn === 'CRITICAL') return score === 'CRITICAL';
+    if (failOn === 'HIGH') return score === 'HIGH' || score === 'CRITICAL';
+    if (failOn === 'MEDIUM') return score === 'HIGH' || score === 'MEDIUM';
+    return true; // 'all' - fail on any non-false-positive
+  };
+
+  useEffect(() => {
+    let cancelled = false;
+
+    async function scanForIssues() {
+      try {
+        if (cancelled) return;
+        setStatus('scanning');
+
+        // Initialize git helper and get staged files
+        const helper = new SecurityAnalysisApiHelper(process.cwd());
+        await helper.init();
+
+        if (cancelled) return;
+        const requestBody = await helper.buildSecurityAnalysisApiRequest(scanType, include, exclude);
+        if (cancelled) return;
+
+        if (requestBody.files.length === 0) {
+          if (!cancelled) setStatus('no_files');
+          return;
+        }
+
+        // Call the security analysis API
+        const response = await fetchApi(
+          '/extension/pr-review/security-analysis',
+          'POST',
+          requestBody,
+        );
+
+        if (cancelled) return;
+
+        // Transform security issues response to the expected format
+        const detectedIssues = (response.securityIssues || []).map(file => ({
+          file_path: file.file_path,
+          issues: (file.security_issues || []).map(issue => ({
+            line_number: issue.line_number,
+            end_line: issue.end_line,
+            type: issue.issue_text,
+            confidence_score: issue.false_positive ? 'FALSE_POSITIVE' : issue.severity,
+            test_id: issue.test_id,
+            confidence: issue.confidence,
+            likelihood: issue.likelihood,
+            cwe: issue.cwe,
+            owasp: issue.owasp,
+          })),
+        }));
+
+        // Filter to only include files with actual issues
+        const filesWithIssues = detectedIssues.filter(
+          file => file.issues && file.issues.length > 0,
+        );
+
+        if (!cancelled) {
+          setIssues(filesWithIssues);
+          setStatus('done');
+        }
+      } catch (err) {
+        if (!cancelled) {
+          setError(err.message);
+          setStatus('error');
+        }
+      }
+    }
+
+    scanForIssues();
+
+    return () => {
+      cancelled = true;
+    };
+  }, [scanType, include, exclude]);
+
+  // Handle exit after status changes
+  useEffect(() => {
+    if (status === 'done') {
+      // Check if any issues should cause failure based on failOn level
+      const hasBlockingIssues = issues.some(file =>
+        file.issues.some(issue => issue.false_positive !== true &&shouldFailOn(issue.severity)),
+      );
+
+      if (hasBlockingIssues) {
+        setTimeout(() => {
+          process.exitCode = 1;
+          exit(new Error('Security issues detected'));
+        }, 100);
+      } else {
+        setTimeout(() => exit(), 100);
+      }
+    } else if (status === 'no_files') {
+      setTimeout(() => exit(), 100);
+    } else if (status === 'error') {
+      setTimeout(() => exit(new Error(error)), 100);
+    }
+  }, [status, issues]);
+
+  // Render: Initializing
+  if (status === 'initializing') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, 'Initializing...'),
+    );
+  }
+
+  // Render: Scanning
+  if (status === 'scanning') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, `Scanning ${fileCount} file(s) for security issues...`),
+    );
+  }
+
+  // Render: No files to scan
+  if (status === 'no_files') {
+    const noFilesMessages = {
+      'staged-only': 'Stage some changes first with "git add".',
+      'branch-diff': 'No changes found compared to the base branch.',
+      'uncommitted': 'No uncommitted changes found.',
+      'last-commit': 'No files found in the last commit.',
+    };
+
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'No files to scan.'),
+      React.createElement(Text, { color: 'gray' }, noFilesMessages[scanType] || 'No files found.'),
+    );
+  }
+
+  // Render: Error
+  if (status === 'error') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Error: ', error),
+    );
+  }
+
+  // Render: Done with issues found
+  if (status === 'done' && issues.length > 0) {
+    const allIssues = issues.flatMap(file =>
+      file.issues.map(s => ({ ...s, file_path: file.file_path })),
+    );
+
+    const blockingIssues = allIssues.filter(s => s.false_positive !== true && shouldFailOn(s.severity));
+    const falsePositives = allIssues.filter(s => s.false_positive !== true && !shouldFailOn(s.severity));
+
+    const hasBlockingIssues = blockingIssues.length > 0;
+
+    // Group by file for display
+    const groupByFile = (issuesList) => {
+      const grouped = {};
+      issuesList.forEach(s => {
+        if (!grouped[s.file_path]) grouped[s.file_path] = [];
+        grouped[s.file_path].push(s);
+      });
+      return grouped;
+    };
+
+    const blockingByFile = groupByFile(blockingIssues);
+    const falsePositivesByFile = groupByFile(falsePositives);
+
+    const elements = [
+      // Header
+      React.createElement(
+        Text,
+        { key: 'header', color: hasBlockingIssues ? 'red' : 'yellow', bold: true },
+        hasBlockingIssues
+          ? `✗ ${blockingIssues.length} security issue(s) found!`
+          : `⚠ ${falsePositives.length} potential security issue(s) found (ignored)`,
+      ),
+      React.createElement(Text, { key: 'spacer1' }, ''),
+    ];
+
+    // Blocking issues
+    if (blockingIssues.length > 0) {
+      Object.entries(blockingByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `file-${filePath}`, color: 'yellow', bold: true }, filePath),
+        );
+        fileIssues.forEach((issue, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `issue-${filePath}-${idx}`, color: 'red' },
+              `  Line ${issue.line_number}: ${issue.type} (${issue.confidence_score})`,
+            ),
+          );
+        });
+      });
+    }
+
+    // False positives / ignored
+    if (falsePositives.length > 0) {
+      if (blockingIssues.length > 0) {
+        elements.push(React.createElement(Text, { key: 'spacer2' }, ''));
+      }
+      elements.push(
+        React.createElement(Text, { key: 'fp-header', color: 'gray' }, 'Ignored (false positives):'),
+      );
+      Object.entries(falsePositivesByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `fp-file-${filePath}`, color: 'gray' }, `  ${filePath}`),
+        );
+        fileIssues.forEach((issue, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `fp-issue-${filePath}-${idx}`, color: 'gray', dimColor: true },
+              `    Line ${issue.line_number}: ${issue.type} (${issue.confidence_score})`,
+            ),
+          );
+        });
+      });
+    }
+
+    elements.push(React.createElement(Text, { key: 'spacer3' }, ''));
+
+    if (hasBlockingIssues) {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'gray' }, 'Fix security issues before committing.'),
+      );
+    } else {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'green' }, '✓ Commit allowed (only false positives found)'),
+      );
+    }
+
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      ...elements,
+    );
+  }
+
+  // Render: Done with no issues
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    React.createElement(Text, { color: 'green' }, '✓ No security issues found'),
+  );
+}