npm - codeant-cli - Versions diffs - 0.1.2 → 0.1.3 - Mend

codeant-cli 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +45 -0
package/package.json +1 -1
package/src/commands/securityAnalysis.js +284 -0
package/src/commands/staticAnalysis.js +405 -0
package/src/index.js +70 -9
package/src/utils/commonApiHelper.js +84 -0
package/src/utils/secretsApiHelper.js +15 -73
package/src/utils/securityAnalysisApiHelper.js +118 -0
package/src/utils/staticAnalysisApiHelper.js +118 -0

package/README.md CHANGED Viewed

@@ -115,6 +115,51 @@ Use `--include` and `--exclude` with glob patterns to filter files:
 - `MEDIUM` - Medium confidence, may need review
 - `FALSE_POSITIVE` - Detected but likely not a real secret (always ignored)
+#### `static-analysis`
+Run static code analysis to detect code quality issues, bugs, and code smells.
+```bash
+codeant static-analysis [options]
+```
+**Options:**
+| Option | Description |
+|--------|-------------|
+| `--staged` | Scan only staged files (default) |
+| `--all` | Scan all changed files compared to base branch |
+| `--uncommitted` | Scan all uncommitted changes |
+| `--last-commit` | Scan files from the last commit |
+| `--fail-on <level>` | Fail on issues at or above this level (default: CRITICAL) |
+| `--auto-fix` | Automatically apply fixes when available |
+| `--include <patterns>` | Comma-separated glob patterns to include files |
+| `--exclude <patterns>` | Comma-separated glob patterns to exclude files |
+**Issue Levels:** `BLOCKER` > `CRITICAL` > `MAJOR` > `MINOR` > `INFO`
+#### `security-analysis`
+Run security analysis to detect vulnerabilities in your code.
+```bash
+codeant security-analysis [options]
+```
+**Options:**
+| Option | Description |
+|--------|-------------|
+| `--staged` | Scan only staged files (default) |
+| `--all` | Scan all changed files compared to base branch |
+| `--uncommitted` | Scan all uncommitted changes |
+| `--last-commit` | Scan files from the last commit |
+| `--fail-on <level>` | Fail on issues at or above this level (default: HIGH) |
+| `--include <patterns>` | Comma-separated glob patterns to include files |
+| `--exclude <patterns>` | Comma-separated glob patterns to exclude files |
+**Severity Levels:** `CRITICAL` > `HIGH` > `MEDIUM`
 #### `set-base-url <url>`
 Set a custom API base URL.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeant-cli",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Code review CLI tool",
   "type": "module",
   "bin": {

package/src/commands/securityAnalysis.js ADDED Viewed

@@ -0,0 +1,284 @@
+import React, { useEffect, useState } from 'react';
+import { Box, Text, useApp } from 'ink';
+import { getConfigValue } from '../utils/config.js';
+import { fetchApi } from '../utils/fetchApi.js';
+import SecurityAnalysisApiHelper from '../utils/securityAnalysisApiHelper.js';
+export default function SecurityAnalysis({ scanType = 'staged-only', failOn = 'HIGH', include = [], exclude = [] }) {
+  const { exit } = useApp();
+  const [status, setStatus] = useState('initializing');
+  const [issues, setIssues] = useState([]);
+  const [error, setError] = useState(null);
+  const [fileCount, setFileCount] = useState(0);
+  const apiKey = getConfigValue('apiKey');
+  // Handle not logged in state
+  useEffect(() => {
+    if (!apiKey) {
+      const id = setTimeout(() => exit(new Error('Not logged in')), 0);
+      return () => clearTimeout(id);
+    }
+  }, [apiKey, exit]);
+  // Check if logged in
+  if (!apiKey) {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Not logged in.'),
+      React.createElement(Text, { color: 'gray' }, 'Run "codeant login" to authenticate.'),
+    );
+  }
+  // Helper to check if an issue should cause failure based on failOn level
+  const shouldFailOn = (severity) => {
+    const score = severity?.toUpperCase();
+    if (score === 'FALSE_POSITIVE') return false;
+    if (failOn === 'CRITICAL') return score === 'CRITICAL';
+    if (failOn === 'HIGH') return score === 'HIGH' || score === 'CRITICAL';
+    if (failOn === 'MEDIUM') return score === 'HIGH' || score === 'MEDIUM';
+    return true; // 'all' - fail on any non-false-positive
+  };
+  useEffect(() => {
+    let cancelled = false;
+    async function scanForIssues() {
+      try {
+        if (cancelled) return;
+        setStatus('scanning');
+        // Initialize git helper and get staged files
+        const helper = new SecurityAnalysisApiHelper(process.cwd());
+        await helper.init();
+        if (cancelled) return;
+        const requestBody = await helper.buildSecurityAnalysisApiRequest(scanType, include, exclude);
+        if (cancelled) return;
+        if (requestBody.files.length === 0) {
+          if (!cancelled) setStatus('no_files');
+          return;
+        }
+        // Call the security analysis API
+        const response = await fetchApi(
+          '/extension/pr-review/security-analysis',
+          'POST',
+          requestBody,
+        );
+        if (cancelled) return;
+        // Transform security issues response to the expected format
+        const detectedIssues = (response.securityIssues || []).map(file => ({
+          file_path: file.file_path,
+          issues: (file.security_issues || []).map(issue => ({
+            line_number: issue.line_number,
+            end_line: issue.end_line,
+            type: issue.issue_text,
+            confidence_score: issue.false_positive ? 'FALSE_POSITIVE' : issue.severity,
+            test_id: issue.test_id,
+            confidence: issue.confidence,
+            likelihood: issue.likelihood,
+            cwe: issue.cwe,
+            owasp: issue.owasp,
+          })),
+        }));
+        // Filter to only include files with actual issues
+        const filesWithIssues = detectedIssues.filter(
+          file => file.issues && file.issues.length > 0,
+        );
+        if (!cancelled) {
+          setIssues(filesWithIssues);
+          setStatus('done');
+        }
+      } catch (err) {
+        if (!cancelled) {
+          setError(err.message);
+          setStatus('error');
+        }
+      }
+    }
+    scanForIssues();
+    return () => {
+      cancelled = true;
+    };
+  }, [scanType, include, exclude]);
+  // Handle exit after status changes
+  useEffect(() => {
+    if (status === 'done') {
+      // Check if any issues should cause failure based on failOn level
+      const hasBlockingIssues = issues.some(file =>
+        file.issues.some(issue => issue.false_positive !== true &&shouldFailOn(issue.severity)),
+      );
+      if (hasBlockingIssues) {
+        setTimeout(() => {
+          process.exitCode = 1;
+          exit(new Error('Security issues detected'));
+        }, 100);
+      } else {
+        setTimeout(() => exit(), 100);
+      }
+    } else if (status === 'no_files') {
+      setTimeout(() => exit(), 100);
+    } else if (status === 'error') {
+      setTimeout(() => exit(new Error(error)), 100);
+    }
+  }, [status, issues]);
+  // Render: Initializing
+  if (status === 'initializing') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, 'Initializing...'),
+    );
+  }
+  // Render: Scanning
+  if (status === 'scanning') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, `Scanning ${fileCount} file(s) for security issues...`),
+    );
+  }
+  // Render: No files to scan
+  if (status === 'no_files') {
+    const noFilesMessages = {
+      'staged-only': 'Stage some changes first with "git add".',
+      'branch-diff': 'No changes found compared to the base branch.',
+      'uncommitted': 'No uncommitted changes found.',
+      'last-commit': 'No files found in the last commit.',
+    };
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'No files to scan.'),
+      React.createElement(Text, { color: 'gray' }, noFilesMessages[scanType] || 'No files found.'),
+    );
+  }
+  // Render: Error
+  if (status === 'error') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Error: ', error),
+    );
+  }
+  // Render: Done with issues found
+  if (status === 'done' && issues.length > 0) {
+    const allIssues = issues.flatMap(file =>
+      file.issues.map(s => ({ ...s, file_path: file.file_path })),
+    );
+    const blockingIssues = allIssues.filter(s => s.false_positive !== true && shouldFailOn(s.severity));
+    const falsePositives = allIssues.filter(s => s.false_positive !== true && !shouldFailOn(s.severity));
+    const hasBlockingIssues = blockingIssues.length > 0;
+    // Group by file for display
+    const groupByFile = (issuesList) => {
+      const grouped = {};
+      issuesList.forEach(s => {
+        if (!grouped[s.file_path]) grouped[s.file_path] = [];
+        grouped[s.file_path].push(s);
+      });
+      return grouped;
+    };
+    const blockingByFile = groupByFile(blockingIssues);
+    const falsePositivesByFile = groupByFile(falsePositives);
+    const elements = [
+      // Header
+      React.createElement(
+        Text,
+        { key: 'header', color: hasBlockingIssues ? 'red' : 'yellow', bold: true },
+        hasBlockingIssues
+          ? `✗ ${blockingIssues.length} security issue(s) found!`
+          : `⚠ ${falsePositives.length} potential security issue(s) found (ignored)`,
+      ),
+      React.createElement(Text, { key: 'spacer1' }, ''),
+    ];
+    // Blocking issues
+    if (blockingIssues.length > 0) {
+      Object.entries(blockingByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `file-${filePath}`, color: 'yellow', bold: true }, filePath),
+        );
+        fileIssues.forEach((issue, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `issue-${filePath}-${idx}`, color: 'red' },
+              `  Line ${issue.line_number}: ${issue.type} (${issue.confidence_score})`,
+            ),
+          );
+        });
+      });
+    }
+    // False positives / ignored
+    if (falsePositives.length > 0) {
+      if (blockingIssues.length > 0) {
+        elements.push(React.createElement(Text, { key: 'spacer2' }, ''));
+      }
+      elements.push(
+        React.createElement(Text, { key: 'fp-header', color: 'gray' }, 'Ignored (false positives):'),
+      );
+      Object.entries(falsePositivesByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `fp-file-${filePath}`, color: 'gray' }, `  ${filePath}`),
+        );
+        fileIssues.forEach((issue, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `fp-issue-${filePath}-${idx}`, color: 'gray', dimColor: true },
+              `    Line ${issue.line_number}: ${issue.type} (${issue.confidence_score})`,
+            ),
+          );
+        });
+      });
+    }
+    elements.push(React.createElement(Text, { key: 'spacer3' }, ''));
+    if (hasBlockingIssues) {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'gray' }, 'Fix security issues before committing.'),
+      );
+    } else {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'green' }, '✓ Commit allowed (only false positives found)'),
+      );
+    }
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      ...elements,
+    );
+  }
+  // Render: Done with no issues
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    React.createElement(Text, { color: 'green' }, '✓ No security issues found'),
+  );
+}

package/src/commands/staticAnalysis.js ADDED Viewed

@@ -0,0 +1,405 @@
+import React, { useEffect, useState } from 'react';
+import { Box, Text, useApp } from 'ink';
+import { getConfigValue } from '../utils/config.js';
+import { fetchApi } from '../utils/fetchApi.js';
+import StaticAnalysisApiHelper from '../utils/staticAnalysisApiHelper.js';
+import fs from 'fs/promises';
+import path from 'path';
+export default function StaticAnalysis({ scanType = 'staged-only', failOn = 'CRITICAL', include = [], exclude = [], autoFix = false }) {
+  const { exit } = useApp();
+  const [status, setStatus] = useState('initializing');
+  const [issues, setIssues] = useState([]);
+  const [error, setError] = useState(null);
+  const [fileCount, setFileCount] = useState(0);
+  const [fixedFiles, setFixedFiles] = useState([]);
+  const apiKey = getConfigValue('apiKey');
+  // Handle not logged in state
+  useEffect(() => {
+    if (!apiKey) {
+      const id = setTimeout(() => exit(new Error('Not logged in')), 0);
+      return () => clearTimeout(id);
+    }
+  }, [apiKey, exit]);
+  // Check if logged in
+  if (!apiKey) {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Not logged in.'),
+      React.createElement(Text, { color: 'gray' }, 'Run "codeant login" to authenticate.'),
+    );
+  }
+  // Helper to check if an issue should cause failure based on failOn level
+  const shouldFailOn = (issueType) => {
+    const type = issueType?.toUpperCase();
+    const failOnUpper = failOn?.toUpperCase();
+    if (!failOnUpper || failOnUpper === 'NONE') return false;
+    if (failOnUpper === 'BLOCKER') return type === 'BLOCKER';
+    if (failOnUpper === 'CRITICAL') return type === 'BLOCKER' || type === 'CRITICAL';
+    if (failOnUpper === 'MAJOR') return type === 'BLOCKER' || type === 'CRITICAL' || type === 'MAJOR';
+    if (failOnUpper === 'MINOR') return type === 'BLOCKER' || type === 'CRITICAL' || type === 'MAJOR' || type === 'MINOR';
+    return true; // 'INFO' or 'ALL' - fail on any issue
+  };
+  useEffect(() => {
+    let cancelled = false;
+    async function scanCode() {
+      try {
+        if (cancelled) return;
+        setStatus('scanning');
+        // Initialize git helper and get files
+        const helper = new StaticAnalysisApiHelper(process.cwd());
+        await helper.init();
+        if (cancelled) return;
+        const requestBody = await helper.buildStaticAnalysisApiRequest(scanType, include, exclude);
+        setFileCount(requestBody.filesData.length);
+        if (requestBody.filesData.length === 0) {
+          if (!cancelled) setStatus('no_files');
+          return;
+        }
+        // Call the static analysis API
+        const response = await fetchApi(
+          '/extension/prReview/static-analysis',
+          'POST',
+          requestBody,
+        );
+        if (cancelled) return;
+        const codeSuggestions = response.codeSuggestions || [];
+        // Filter to only include files with actual issues
+        const filesWithIssues = codeSuggestions.filter(
+          file => file.issues && file.issues.length > 0,
+        );
+        // Auto-fix issues if enabled
+        const fixedFilesList = [];
+        if (autoFix && filesWithIssues.length > 0) {
+          const gitRoot = helper.getGitRoot();
+          for (const fileData of filesWithIssues) {
+            const fixableIssues = fileData.issues.filter(
+              issue => issue.fixAvailable && issue.fix?.inputFileEdits?.length > 0
+            );
+            if (fixableIssues.length > 0) {
+              try {
+                const filePath = path.join(gitRoot, fileData.file);
+                let fileContent = await fs.readFile(filePath, 'utf8');
+                const lines = fileContent.split('\n');
+                // Collect all text edits from all issues
+                const allEdits = [];
+                for (const issue of fixableIssues) {
+                  for (const fileEdit of issue.fix.inputFileEdits) {
+                    if (fileEdit.target === fileData.file) {
+                      for (const textEdit of fileEdit.textEdits) {
+                        allEdits.push({
+                          textRange: textEdit.textRange,
+                          newText: textEdit.newText,
+                        });
+                      }
+                    }
+                  }
+                }
+                // Sort edits by position (descending) to avoid offset issues
+                allEdits.sort((a, b) => {
+                  if (b.textRange.startLine !== a.textRange.startLine) {
+                    return b.textRange.startLine - a.textRange.startLine;
+                  }
+                  if (b.textRange.startLineOffset !== a.textRange.startLineOffset) {
+                    return b.textRange.startLineOffset - a.textRange.startLineOffset;
+                  }
+                  if (b.textRange.endLine !== a.textRange.endLine) {
+                    return b.textRange.endLine - a.textRange.endLine;
+                  }
+                  return b.textRange.endLineOffset - a.textRange.endLineOffset;
+                });
+                // Apply each edit
+                for (const edit of allEdits) {
+                  const { startLine, startLineOffset, endLine, endLineOffset } = edit.textRange;
+                  if (startLine === endLine) {
+                    // Single line edit
+                    const line = lines[startLine - 1];
+                    lines[startLine - 1] =
+                      line.substring(0, startLineOffset) +
+                      edit.newText +
+                      line.substring(endLineOffset);
+                  } else {
+                    // Multi-line edit
+                    const firstLine = lines[startLine - 1];
+                    const lastLine = lines[endLine - 1];
+                    const newContent =
+                      firstLine.substring(0, startLineOffset) +
+                      edit.newText +
+                      lastLine.substring(endLineOffset);
+                    // Replace the lines
+                    lines.splice(startLine - 1, endLine - startLine + 1, newContent);
+                  }
+                }
+                await fs.writeFile(filePath, lines.join('\n'), 'utf8');
+                fixedFilesList.push({
+                  file: fileData.file,
+                  fixedCount: fixableIssues.length,
+                });
+              } catch (err) {
+                console.error(`Failed to fix ${fileData.file}: ${err.message}`);
+              }
+            }
+          }
+        }
+        if (!cancelled) {
+          setFixedFiles(fixedFilesList);
+          setIssues(filesWithIssues);
+          setStatus('done');
+        }
+      } catch (err) {
+        if (!cancelled) {
+          setError(err.message);
+          setStatus('error');
+        }
+      }
+    }
+    scanCode();
+    return () => {
+      cancelled = true;
+    };
+  }, [scanType, include, exclude, autoFix]);
+  // Handle exit after status changes
+  useEffect(() => {
+    if (status === 'done') {
+      // Check if any issues should cause failure based on failOn level
+      const hasBlockingIssues = issues.some(file =>
+        file.issues.some(issue => shouldFailOn(issue.type)),
+      );
+      if (hasBlockingIssues) {
+        setTimeout(() => {
+          process.exitCode = 1;
+          exit(new Error('Code issues detected'));
+        }, 100);
+      } else {
+        setTimeout(() => exit(), 100);
+      }
+    } else if (status === 'no_files') {
+      setTimeout(() => exit(), 100);
+    } else if (status === 'error') {
+      setTimeout(() => exit(new Error(error)), 100);
+    }
+  }, [status, issues, failOn, exit, shouldFailOn, error]);
+  // Render: Initializing
+  if (status === 'initializing') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, 'Initializing...'),
+    );
+  }
+  // Render: Scanning
+  if (status === 'scanning') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'cyan' }, `Analyzing ${fileCount} file(s)...`),
+    );
+  }
+  // Render: No files to scan
+  if (status === 'no_files') {
+    const noFilesMessages = {
+      'staged-only': 'Stage some changes first with "git add".',
+      'branch-diff': 'No changes found compared to the base branch.',
+      'uncommitted': 'No uncommitted changes found.',
+      'last-commit': 'No files found in the last commit.',
+    };
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'yellow' }, 'No files to scan.'),
+      React.createElement(Text, { color: 'gray' }, noFilesMessages[scanType] || 'No files found.'),
+    );
+  }
+  // Render: Error
+  if (status === 'error') {
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      React.createElement(Text, { color: 'red' }, '✗ Error: ', error),
+    );
+  }
+  // Render: Done with issues found
+  if (status === 'done' && issues.length > 0) {
+    const allIssues = issues.flatMap(file =>
+      file.issues.map(i => ({ ...i, file_path: file.file })),
+    );
+    const blockingIssues = allIssues.filter(i => shouldFailOn(i.type));
+    const nonBlockingIssues = allIssues.filter(i => !shouldFailOn(i.type));
+    const hasBlockingIssues = blockingIssues.length > 0;
+    // Group by file for display
+    const groupByFile = (issuesList) => {
+      const grouped = Object.create(null);
+      issuesList.forEach(i => {
+        if (!grouped[i.file_path]) grouped[i.file_path] = [];
+        grouped[i.file_path].push(i);
+      });
+      return grouped;
+    };
+    const blockingByFile = groupByFile(blockingIssues);
+    const nonBlockingByFile = groupByFile(nonBlockingIssues);
+    // Helper to get color based on issue type
+    const getIssueColor = (type) => {
+      const t = type?.toUpperCase();
+      if (t === 'BLOCKER') return 'red';
+      if (t === 'CRITICAL') return 'red';
+      if (t === 'MAJOR') return 'red';
+      if (t === 'MINOR') return 'yellow';
+      return 'gray';
+    };
+    const elements = [
+      // Header
+      React.createElement(
+        Text,
+        { key: 'header', color: hasBlockingIssues ? 'red' : 'yellow', bold: true },
+        hasBlockingIssues
+          ? `✗ ${blockingIssues.length} issue(s) found!`
+          : `⚠ ${nonBlockingIssues.length} issue(s) found (not blocking)`,
+      ),
+      React.createElement(Text, { key: 'spacer1' }, ''),
+    ];
+    // Blocking issues
+    if (blockingIssues.length > 0) {
+      Object.entries(blockingByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `file-${filePath}`, color: 'yellow', bold: true }, filePath),
+        );
+        fileIssues.forEach((issue, idx) => {
+          const color = getIssueColor(issue.type);
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `issue-${filePath}-${idx}`, color },
+              `  Line ${issue.line_number}: ${issue.issue_text} (${issue.type})`,
+            ),
+          );
+          // Show fix suggestion if available
+          if (issue.fixAvailable && issue.fix?.message) {
+            elements.push(
+              React.createElement(
+                Text,
+                { key: `fix-${filePath}-${idx}`, color: 'green', dimColor: true },
+                `    💡 ${issue.fix.message}`,
+              ),
+            );
+          }
+        });
+      });
+    }
+    // Non-blocking issues
+    if (nonBlockingIssues.length > 0) {
+      if (blockingIssues.length > 0) {
+        elements.push(React.createElement(Text, { key: 'spacer2' }, ''));
+      }
+      elements.push(
+        React.createElement(Text, { key: 'nb-header', color: 'gray' }, 'Additional issues (not blocking):')
+      );
+      Object.entries(nonBlockingByFile).forEach(([filePath, fileIssues]) => {
+        elements.push(
+          React.createElement(Text, { key: `nb-file-${filePath}`, color: 'gray' }, `  ${filePath}`)
+        );
+        fileIssues.forEach((issue, idx) => {
+          elements.push(
+            React.createElement(
+              Text,
+              { key: `nb-issue-${filePath}-${idx}`, color: 'gray', dimColor: true },
+              `    Line ${issue.line_number}: ${issue.issue_text} (${issue.type})`
+            )
+          );
+        });
+      });
+    }
+    elements.push(React.createElement(Text, { key: 'spacer3' }, ''));
+    // Show auto-fix summary
+    if (fixedFiles.length > 0) {
+      const totalFixed = fixedFiles.reduce((sum, f) => sum + f.fixedCount, 0);
+      elements.push(
+        React.createElement(Text, { key: 'autofix', color: 'green' }, `✓ Auto-fixed ${totalFixed} issue(s) in ${fixedFiles.length} file(s)`)
+      );
+      elements.push(React.createElement(Text, { key: 'spacer4' }, ''));
+    }
+    if (hasBlockingIssues) {
+      // TODO: change message based on whether auto-fix fixed some issues or not
+      const message = (fixedFiles.length > 0)
+        ? `✓ Fixed issues automatically. Please review changes before committing.`
+        : `Fix issues before committing.`;
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'red' }, message)
+      );
+    } else {
+      elements.push(
+        React.createElement(Text, { key: 'footer', color: 'green' }, '✓ Commit allowed (no blocking issues)')
+      );
+    }
+    return React.createElement(
+      Box,
+      { flexDirection: 'column', padding: 1 },
+      ...elements
+    );
+  }
+  // Render: Done with no issues
+  const elements = [];
+  if (fixedFiles.length > 0) {
+    const totalFixed = fixedFiles.reduce((sum, f) => sum + f.fixedCount, 0);
+    elements.push(
+      React.createElement(Text, { key: 'autofix', color: 'green' }, `✓ Auto-fixed ${totalFixed} issue(s) in ${fixedFiles.length} file(s)`)
+    );
+    elements.push(React.createElement(Text, { key: 'spacer' }, ''));
+  }
+  elements.push(
+    React.createElement(Text, { key: 'no-issues', color: 'green' }, '✓ No issues found')
+  );
+  return React.createElement(
+    Box,
+    { flexDirection: 'column', padding: 1 },
+    ...elements
+  );
+}

package/src/index.js CHANGED Viewed

@@ -8,6 +8,8 @@ import SetBaseUrl from './commands/setBaseUrl.js';
 import GetBaseUrl from './commands/getBaseUrl.js';
 import Login from './commands/login.js';
 import Logout from './commands/logout.js';
+import StaticAnalysis from './commands/staticAnalysis.js';
+import SecurityAnalysis from './commands/securityAnalysis.js';
 import Welcome from './components/Welcome.js';
 // Show welcome animation if no arguments provided
@@ -17,7 +19,7 @@ if (process.argv.length === 2) {
   program
     .name('codeant')
     .description('Code review CLI tool')
-    .version('0.1.0');
+    .version('0.1.3');
 program
   .command('secrets')
@@ -36,11 +38,11 @@ program
     else if (options.lastCommit) scanType = 'last-commit';
     const include = options.include
-      ? (Array.isArray(options.include) ? options.include : options.include.split(',')).map(s => s.trim()).filter(Boolean)
+      ? (Array.isArray(options.include) ? options.include : String(options.include).split(',')).map(s => s.trim()).filter(Boolean)
       : [];
     const exclude = options.exclude
-      ? (Array.isArray(options.exclude) ? options.exclude : options.exclude.split(',')).map(s => s.trim()).filter(Boolean)
+      ? (Array.isArray(options.exclude) ? options.exclude : String(options.exclude).split(',')).map(s => s.trim()).filter(Boolean)
       : [];
     const failOn = options.failOn?.toUpperCase() || 'HIGH';
@@ -48,12 +50,71 @@ program
     render(React.createElement(Secrets, { scanType, failOn, include, exclude }));
   });
-  program
-    .command('set-base-url <url>')
-    .description('Set the API base URL')
-    .action((url) => {
-      render(React.createElement(SetBaseUrl, { url }));
-    });
+program
+  .command('static-analysis')
+  .description('Run static analysis on your code')
+  .option('--staged', 'Scan only staged files (default)')
+  .option('--all', 'Scan all changed files')
+  .option('--uncommitted', 'Scan uncommitted changes')
+  .option('--last-commit', 'Scan last commit')
+  .option('--fail-on <level>', 'Fail on issues at or above this level: BLOCKER, CRITICAL, MAJOR, MINOR, INFO (default: CRITICAL)', 'CRITICAL')
+  .option('--auto-fix', 'Automatically apply fixes when available')
+  .option('--include <paths>', 'Comma-separated list of file paths regex to include')
+  .option('--exclude <paths>', 'Comma-separated list of file paths regex to exclude')
+  .action((options) => {
+    let scanType = 'staged-only';
+    if (options.all) scanType = 'branch-diff';
+    else if (options.uncommitted) scanType = 'uncommitted';
+    else if (options.lastCommit) scanType = 'last-commit';
+    const include = options.include
+      ? (Array.isArray(options.include) ? options.include : String(options.include).split(',')).map(s => s.trim()).filter(Boolean)
+      : [];
+    const exclude = options.exclude
+      ? (Array.isArray(options.exclude) ? options.exclude : String(options.exclude).split(',')).map(s => s.trim()).filter(Boolean)
+      : [];
+    const failOn = options.failOn?.toUpperCase() || 'CRITICAL';
+    const autoFix = options.autoFix || false;
+    render(React.createElement(StaticAnalysis, {scanType, failOn, include, exclude, autoFix}));
+  });
+program
+  .command('security-analysis')
+  .description('Run security analysis on your code')
+  .option('--staged', 'Scan only staged files (default)')
+  .option('--all', 'Scan all changed files')
+  .option('--uncommitted', 'Scan uncommitted changes')
+  .option('--last-commit', 'Scan last commit')
+  .option('--fail-on <level>', 'Fail on issues at or above this level: BLOCKER, CRITICAL, MAJOR, MINOR, INFO (default: CRITICAL)', 'CRITICAL')
+  .option('--include <paths>', 'Comma-separated list of file paths regex to include')
+  .option('--exclude <paths>', 'Comma-separated list of file paths regex to exclude')
+  .action((options) => {
+    let scanType = 'staged-only';
+    if (options.all) scanType = 'branch-diff';
+    else if (options.uncommitted) scanType = 'uncommitted';
+    else if (options.lastCommit) scanType = 'last-commit';
+    const include = options.include
+      ? (Array.isArray(options.include) ? options.include : String(options.include).split(',')).map(s => s.trim()).filter(Boolean)
+      : [];
+    const exclude = options.exclude
+      ? (Array.isArray(options.exclude) ? options.exclude : String(options.exclude).split(',')).map(s => s.trim()).filter(Boolean)
+      : [];
+    const failOn = options.failOn?.toUpperCase() || 'HIGH';
+    render(React.createElement(SecurityAnalysis, { scanType, failOn, include, exclude }));
+  });
+program
+  .command('set-base-url <url>')
+  .description('Set the API base URL')
+  .action((url) => {
+    render(React.createElement(SetBaseUrl, { url }));
+  });
   program
     .command('get-base-url')

package/src/utils/commonApiHelper.js ADDED Viewed

@@ -0,0 +1,84 @@
+import GitDiffHelper from './gitDiffHelper.js';
+/**
+ * Common base class for API helpers that transform git diff data
+ * Contains shared functionality for filtering and retrieving files
+ */
+class CommonApiHelper {
+  constructor(workspacePath) {
+    this.workspacePath = workspacePath;
+    this.gitHelper = new GitDiffHelper(workspacePath);
+  }
+  async init() {
+    await this.gitHelper.init();
+  }
+  /**
+   * Get staged files formatted for the API
+   * This is used for pre-commit hooks
+   */
+  async getStagedFilesForApi() {
+    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'staged-only' });
+    return this._transformDiffsToApiFormat(diffs);
+  }
+  /**
+   * Get all changed files formatted for the API
+   */
+  async getChangedFilesForApi() {
+    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'branch-diff' });
+    return this._transformDiffsToApiFormat(diffs);
+  }
+  /**
+   * Get uncommitted files formatted for the API
+   */
+  async getUncommittedFilesForApi() {
+    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'uncommitted' });
+    return this._transformDiffsToApiFormat(diffs);
+  }
+  /**
+   * Get last commit files formatted for the API
+   */
+  async getLastCommitFilesForApi() {
+    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'last-commit' });
+    return this._transformDiffsToApiFormat(diffs);
+  }
+  /**
+   * Transform diff info array to API format
+   * Must be implemented by subclasses
+   */
+  _transformDiffsToApiFormat(diffs) {
+    throw new Error('_transformDiffsToApiFormat must be implemented by subclass');
+  }
+  /**
+   * Get files based on scan type
+   * Returns the raw array - child classes handle filtering and wrapping
+   * @param {string} type - Type of scan (staged-only, branch-diff, etc.)
+   */
+  async getFilesForType(type = 'staged-only') {
+    switch (type) {
+      case 'staged-only':
+        return await this.getStagedFilesForApi();
+      case 'branch-diff':
+        return await this.getChangedFilesForApi();
+      case 'uncommitted':
+        return await this.getUncommittedFilesForApi();
+      case 'last-commit':
+        return await this.getLastCommitFilesForApi();
+      default:
+        return await this.getStagedFilesForApi();
+    }
+  }
+  getGitRoot() {
+    return this.gitHelper.getGitRoot();
+  }
+}
+export default CommonApiHelper;

package/src/utils/secretsApiHelper.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import GitDiffHelper from './gitDiffHelper.js';
+import CommonApiHelper from './commonApiHelper.js';
 import { minimatch } from 'minimatch';
 /**
@@ -15,49 +15,7 @@ import { minimatch } from 'minimatch';
  *   ]
  * }
  */
-class SecretsApiHelper {
-  constructor(workspacePath) {
-    this.workspacePath = workspacePath;
-    this.gitHelper = new GitDiffHelper(workspacePath);
-  }
-  async init() {
-    await this.gitHelper.init();
-  }
-  /**
-   * Get staged files formatted for the secrets API
-   * This is used for pre-commit hooks
-   */
-  async getStagedFilesForApi() {
-    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'staged-only' });
-    return this._transformDiffsToApiFormat(diffs);
-  }
-  /**
-   * Get all changed files formatted for the secrets API
-   */
-  async getChangedFilesForApi() {
-    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'branch-diff' });
-    return this._transformDiffsToApiFormat(diffs);
-  }
-  /**
-   * Get uncommitted files formatted for the secrets API
-   */
-  async getUncommittedFilesForApi() {
-    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'uncommitted' });
-    return this._transformDiffsToApiFormat(diffs);
-  }
-  /**
-   * Get last commit files formatted for the secrets API
-   */
-  async getLastCommitFilesForApi() {
-    const diffs = await this.gitHelper.getDiffBasedOnReviewConfig({ type: 'last-commit' });
-    return this._transformDiffsToApiFormat(diffs);
-  }
+class SecretsApiHelper extends CommonApiHelper {
   /**
    * Transform diff info array to API format
    * Groups by file and extracts diff ranges
@@ -69,6 +27,11 @@ class SecretsApiHelper {
     for (const diff of diffs) {
       const filePath = diff.filename_str;
+      // Skip diffs with missing or invalid filename
+      if (!filePath) {
+        continue;
+      }
       if (!fileMap.has(filePath)) {
         fileMap.set(filePath, {
           file_path: filePath,
@@ -96,24 +59,21 @@ class SecretsApiHelper {
   /**
    * Filter files based on include and exclude glob patterns
-   * @param {Array} files - Array of file objects with file_path property
+   * @param {Array} files - Array of file objects with 'file_path' property
    * @param {Array} includePatterns - Array of glob pattern strings to include
    * @param {Array} excludePatterns - Array of glob pattern strings to exclude
-   * @returns {Array} Filtered array of files
    */
   _filterFiles(files, includePatterns = [], excludePatterns = []) {
-    return files.filter(file => {
-      const filePath = file.file_path;
+    return files.filter(fileObj => {
+      const filePath = fileObj.file_path;
       // If include patterns are specified, file must match at least one
       if (includePatterns.length > 0) {
         const matchesInclude = includePatterns.some(pattern => {
           try {
-            // If pattern is a RegExp, test it directly against the file path.
             if (pattern instanceof RegExp) {
               return pattern.test(filePath);
             }
-            // Use matchBase option to match basename patterns like '*.js' for glob strings
             return minimatch(filePath, pattern, { matchBase: true });
           } catch (e) {
             console.warn(`Invalid include pattern: ${pattern}`, e.message);
@@ -130,11 +90,9 @@ class SecretsApiHelper {
       if (excludePatterns.length > 0) {
         const matchesExclude = excludePatterns.some(pattern => {
           try {
-            // If pattern is a RegExp, test it directly against the file path.
             if (pattern instanceof RegExp) {
               return pattern.test(filePath);
             }
-            // Use matchBase option to match basename patterns like '*.js' for glob strings
             return minimatch(filePath, pattern, { matchBase: true });
           } catch (e) {
             console.warn(`Invalid exclude pattern: ${pattern}`, e.message);
@@ -158,23 +116,11 @@ class SecretsApiHelper {
    * @param {Array} excludePatterns - Optional array of glob patterns to exclude files
    */
   async buildSecretsApiRequest(type = 'staged-only', includePatterns = [], excludePatterns = []) {
-    let files;
-    switch (type) {
-      case 'staged-only':
-        files = await this.getStagedFilesForApi();
-        break;
-      case 'branch-diff':
-        files = await this.getChangedFilesForApi();
-        break;
-      case 'uncommitted':
-        files = await this.getUncommittedFilesForApi();
-        break;
-      case 'last-commit':
-        files = await this.getLastCommitFilesForApi();
-        break;
-      default:
-        files = await this.getStagedFilesForApi();
+    let files = await this.getFilesForType(type);
+    // Handle null/undefined return
+    if (!files || !Array.isArray(files)) {
+      files = [];
     }
     // Apply include/exclude filters
@@ -182,10 +128,6 @@ class SecretsApiHelper {
     return { files };
   }
-  getGitRoot() {
-    return this.gitHelper.getGitRoot();
-  }
 }
 export default SecretsApiHelper;

package/src/utils/securityAnalysisApiHelper.js ADDED Viewed

@@ -0,0 +1,118 @@
+import CommonApiHelper from './commonApiHelper.js';
+import { minimatch } from 'minimatch';
+/**
+ * Transforms git diff data into the format expected by the static analysis API
+ *
+ * API Input Format:
+ * {
+ *   "filesData": [
+ *     {
+ *       "file": str,
+ *       "code": str
+ *     }
+ *   ]
+ * }
+ */
+class SecurityAnalysisApiHelper extends CommonApiHelper {
+  /**
+   * Transform diff info array to API format
+   * Groups by file (without diff ranges for static analysis)
+   */
+  _transformDiffsToApiFormat(diffs) {
+    // Group diffs by filename
+    const fileMap = new Map();
+    for (const diff of diffs) {
+      const filePath = diff.filename_str;
+      // Skip diffs with missing or invalid filename
+      if (!filePath) {
+        continue;
+      }
+      if (!fileMap.has(filePath)) {
+        fileMap.set(filePath, {
+          file_path: filePath,
+          code: diff.head_file_str || ''
+        });
+      }
+    }
+    return Array.from(fileMap.values());
+  }
+  /**
+   * Filter files based on include and exclude glob patterns
+   * @param {Array} files - Array of file objects with 'file' property
+   * @param {Array} includePatterns - Array of glob pattern strings to include
+   * @param {Array} excludePatterns - Array of glob pattern strings to exclude
+   */
+  _filterFiles(files, includePatterns = [], excludePatterns = []) {
+    return files.filter(fileObj => {
+      const filePath = fileObj.file;
+      // If include patterns are specified, file must match at least one
+      if (includePatterns.length > 0) {
+        const matchesInclude = includePatterns.some(pattern => {
+          try {
+            if (pattern instanceof RegExp) {
+              return pattern.test(filePath);
+            }
+            return minimatch(filePath, pattern, { matchBase: true });
+          } catch (e) {
+            console.warn(`Invalid include pattern: ${pattern}`, e.message);
+            return false;
+          }
+        });
+        if (!matchesInclude) {
+          return false;
+        }
+      }
+      // If exclude patterns are specified, file must not match any
+      if (excludePatterns.length > 0) {
+        const matchesExclude = excludePatterns.some(pattern => {
+          try {
+            if (pattern instanceof RegExp) {
+              return pattern.test(filePath);
+            }
+            return minimatch(filePath, pattern, { matchBase: true });
+          } catch (e) {
+            console.warn(`Invalid exclude pattern: ${pattern}`, e.message);
+            return false;
+          }
+        });
+        if (matchesExclude) {
+          return false;
+        }
+      }
+      return true;
+    });
+  }
+  /**
+   * Build the complete request body for the static analysis API
+   * @param {string} type - Type of scan (staged-only, branch-diff, etc.)
+   * @param {Array} includePatterns - Optional array of glob patterns to include files
+   * @param {Array} excludePatterns - Optional array of glob patterns to exclude files
+   */
+  async buildSecurityAnalysisApiRequest(type = 'staged-only', includePatterns = [], excludePatterns = []) {
+    let files = await this.getFilesForType(type);
+    // Handle null/undefined return
+    if (!files || !Array.isArray(files)) {
+      files = [];
+    }
+    // Apply include/exclude filters
+    files = this._filterFiles(files, includePatterns, excludePatterns);
+    return { files };
+  }
+}
+export default SecurityAnalysisApiHelper;

package/src/utils/staticAnalysisApiHelper.js ADDED Viewed

@@ -0,0 +1,118 @@
+import CommonApiHelper from './commonApiHelper.js';
+import { minimatch } from 'minimatch';
+/**
+ * Transforms git diff data into the format expected by the static analysis API
+ *
+ * API Input Format:
+ * {
+ *   "filesData": [
+ *     {
+ *       "file": str,
+ *       "code": str
+ *     }
+ *   ]
+ * }
+ */
+class StaticAnalysisApiHelper extends CommonApiHelper {
+  /**
+   * Transform diff info array to API format
+   * Groups by file (without diff ranges for static analysis)
+   */
+  _transformDiffsToApiFormat(diffs) {
+    // Group diffs by filename
+    const fileMap = new Map();
+    for (const diff of diffs) {
+      const filePath = diff.filename_str;
+      // Skip diffs with missing or invalid filename
+      if (!filePath) {
+        continue;
+      }
+      if (!fileMap.has(filePath)) {
+        fileMap.set(filePath, {
+          file: filePath,
+          code: diff.head_file_str || ''
+        });
+      }
+    }
+    return Array.from(fileMap.values());
+  }
+  /**
+   * Filter files based on include and exclude glob patterns
+   * @param {Array} files - Array of file objects with 'file' property
+   * @param {Array} includePatterns - Array of glob pattern strings to include
+   * @param {Array} excludePatterns - Array of glob pattern strings to exclude
+   */
+  _filterFiles(files, includePatterns = [], excludePatterns = []) {
+    return files.filter(fileObj => {
+      const filePath = fileObj.file;
+      // If include patterns are specified, file must match at least one
+      if (includePatterns.length > 0) {
+        const matchesInclude = includePatterns.some(pattern => {
+          try {
+            if (pattern instanceof RegExp) {
+              return pattern.test(filePath);
+            }
+            return minimatch(filePath, pattern, { matchBase: true });
+          } catch (e) {
+            console.warn(`Invalid include pattern: ${pattern}`, e.message);
+            return false;
+          }
+        });
+        if (!matchesInclude) {
+          return false;
+        }
+      }
+      // If exclude patterns are specified, file must not match any
+      if (excludePatterns.length > 0) {
+        const matchesExclude = excludePatterns.some(pattern => {
+          try {
+            if (pattern instanceof RegExp) {
+              return pattern.test(filePath);
+            }
+            return minimatch(filePath, pattern, { matchBase: true });
+          } catch (e) {
+            console.warn(`Invalid exclude pattern: ${pattern}`, e.message);
+            return false;
+          }
+        });
+        if (matchesExclude) {
+          return false;
+        }
+      }
+      return true;
+    });
+  }
+  /**
+   * Build the complete request body for the static analysis API
+   * @param {string} type - Type of scan (staged-only, branch-diff, etc.)
+   * @param {Array} includePatterns - Optional array of glob patterns to include files
+   * @param {Array} excludePatterns - Optional array of glob patterns to exclude files
+   */
+  async buildStaticAnalysisApiRequest(type = 'staged-only', includePatterns = [], excludePatterns = []) {
+    let files = await this.getFilesForType(type);
+    // Handle null/undefined return
+    if (!files || !Array.isArray(files)) {
+      files = [];
+    }
+    // Apply include/exclude filters
+    files = this._filterFiles(files, includePatterns, excludePatterns);
+    return { filesData: files };
+  }
+}
+export default StaticAnalysisApiHelper;