codegate-ai 0.1.8 → 0.2.0

package/dist/cli-prompts.d.ts

@@ -4,3 +4,4 @@ export declare function promptDeepScanConsent(resource: DeepScanResource): Promi
 export declare function promptDeepAgentSelection(options: DeepAgentOption[]): Promise<DeepAgentOption | null>;
 export declare function promptMetaAgentCommandConsent(context: MetaAgentCommandConsentContext): Promise<boolean>;
 export declare function promptRemediationConsent(context: RemediationConsentContext): Promise<boolean>;
+export declare function promptSkillSelection(options: string[]): Promise<string | null>;

package/dist/cli-prompts.js

@@ -92,3 +92,32 @@ export async function promptRemediationConsent(context) {
         rl.close();
     }
 }
+export async function promptSkillSelection(options) {
+    if (options.length === 0) {
+        return null;
+    }
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    const optionLines = options.map((option, index) => `  ${index + 1}. ${option}`);
+    const prompt = [
+        "Multiple skills detected in repository.",
+        ...optionLines,
+        `Choose [1-${options.length}] (q to cancel): `,
+    ].join("\n");
+    try {
+        const answer = (await rl.question(prompt)).trim().toLowerCase();
+        if (answer === "q" || answer === "quit" || answer === "cancel") {
+            return null;
+        }
+        const numeric = Number.parseInt(answer, 10);
+        if (Number.isNaN(numeric) || numeric < 1 || numeric > options.length) {
+            return null;
+        }
+        return options[numeric - 1] ?? null;
+    }
+    finally {
+        rl.close();
+    }
+}

package/dist/cli.d.ts

@@ -26,6 +26,9 @@ export interface CliDeps {
     resolveScanTarget?: (input: {
         rawTarget: string;
         cwd: string;
+        preferredSkill?: string;
+        interactive?: boolean;
+        requestSkillSelection?: (options: string[]) => Promise<string | null> | string | null;
     }) => Promise<ResolvedScanTarget> | ResolvedScanTarget;
     stdout: (message: string) => void;
     stderr: (message: string) => void;
@@ -50,6 +53,7 @@ export interface CliDeps {
     runMetaAgentCommand?: (context: MetaAgentCommandConsentContext) => Promise<MetaAgentCommandRunResult> | MetaAgentCommandRunResult;
     requestRemediationConsent?: (context: RemediationConsentContext) => Promise<boolean> | boolean;
     requestRunWarningConsent?: (context: RunWarningConsentContext) => Promise<boolean> | boolean;
+    requestSkillSelection?: (options: string[]) => Promise<string | null> | string | null;
     executeDeepResource?: (resource: DeepScanResource) => Promise<ResourceFetchResult>;
     runWrapper?: (input: {
         target: string;

package/dist/cli.js

@@ -20,13 +20,16 @@ import { executeWrapperRun } from "./wrapper.js";
 import { runRemediation as runRemediationWorkflow, } from "./layer4-remediation/remediation-runner.js";
 import { undoLatestSession } from "./commands/undo.js";
 import { executeScanCommand } from "./commands/scan-command.js";
-import { promptDeepAgentSelection, promptDeepScanConsent, promptMetaAgentCommandConsent, promptRemediationConsent, } from "./cli-prompts.js";
+import { promptDeepAgentSelection, promptDeepScanConsent, promptMetaAgentCommandConsent, promptRemediationConsent, promptSkillSelection, } from "./cli-prompts.js";
 import { resetScanState } from "./layer2-static/state/scan-state.js";
 const require = createRequire(import.meta.url);
 const packageJson = require("../package.json");
 function isNoTuiEnabled(options) {
     return options.noTui === true || options.tui === false;
 }
+function renderExampleHelp(lines) {
+    return ["", "Examples:", ...lines.map((line) => `  ${line}`)].join("\n");
+}
 export function isDirectCliInvocation(importMetaUrl, argv1, deps = {}) {
     if (!argv1) {
         return false;
@@ -155,8 +158,8 @@ const defaultCliDeps = {
 };
 function addScanCommand(program, version, deps) {
     program
-        .command("scan [dir]")
-        .description("Scan a directory, file, or safely staged artifact target for AI tool config risks")
+        .command("scan [target]")
+        .description("Scan a local path or URL target for AI tool config risks")
         .option("--deep", "enable Layer 3 dynamic analysis")
         .option("--remediate", "enter remediation mode after scan")
         .option("--fix-safe", "auto-fix unambiguous critical findings")
@@ -171,11 +174,21 @@ function addScanCommand(program, version, deps) {
         .option("--config <path>", "use a specific global config file")
         .option("--force", "skip interactive confirmations")
         .option("--include-user-scope", "include user/home AI tool config paths in scan")
+        .option("--skill <name>", "select one skill directory when scanning a skills index repo URL")
         .option("--reset-state", "clear persisted scan-state history and exit")
-        .action(async (dir, options) => {
-        const rawTarget = dir ?? ".";
+        .addHelpText("after", renderExampleHelp([
+        "codegate scan .",
+        "codegate scan ./skills/security-review/SKILL.md",
+        "codegate scan https://github.com/owner/repo",
+        "codegate scan https://github.com/owner/repo --skill security-review",
+        "codegate scan https://github.com/owner/repo/blob/main/skills/security-review/SKILL.md",
+        "codegate scan https://example.com/security-review/SKILL.md --format json",
+    ]))
+        .action(async (target, options) => {
+        const rawTarget = target ?? ".";
         const noTui = isNoTuiEnabled(options);
         const promptCallbacksEnabled = noTui !== true;
+        const interactivePromptsEnabled = deps.isTTY() && noTui !== true;
         const cliConfig = {
             format: options.format,
             configPath: options.config,
@@ -188,6 +201,12 @@ function addScanCommand(program, version, deps) {
             resolvedTarget = await resolveTarget({
                 rawTarget,
                 cwd: deps.cwd(),
+                preferredSkill: options.skill,
+                interactive: interactivePromptsEnabled,
+                requestSkillSelection: promptCallbacksEnabled
+                    ? (deps.requestSkillSelection ??
+                        (interactivePromptsEnabled ? promptSkillSelection : undefined))
+                    : undefined,
             });
             const scanTarget = resolvedTarget.scanTarget;
             const baseConfig = deps.resolveConfig({
@@ -207,7 +226,6 @@ function addScanCommand(program, version, deps) {
                 deps.setExitCode(0);
                 return;
             }
-            const interactivePromptsEnabled = deps.isTTY() && noTui !== true;
             await executeScanCommand({
                 version,
                 cwd: resolve(deps.cwd()),
@@ -290,6 +308,11 @@ function addRunCommand(program, version, deps) {
         .option("--no-tui", "disable TUI and interactive prompts")
         .option("--config <path>", "use a specific global config file")
         .option("--force", "skip interactive confirmations")
+        .addHelpText("after", renderExampleHelp([
+        "codegate run claude",
+        "codegate run codex --force",
+        "codegate run cursor",
+    ]))
         .action(async (tool, options) => {
         const cwd = resolve(deps.cwd());
         const noTui = isNoTuiEnabled(options);
@@ -346,6 +369,7 @@ function addUndoCommand(program, deps) {
     program
         .command("undo [dir]")
         .description("Restore the most recent remediation backup session")
+        .addHelpText("after", renderExampleHelp(["codegate undo", "codegate undo ./project"]))
         .action((dir) => {
         const projectRoot = resolve(deps.cwd(), dir ?? ".");
         try {
@@ -367,6 +391,11 @@ function addInitCommand(program, deps) {
         .description("Create ~/.codegate/config.json with defaults")
         .option("--path <path>", "write to a custom config path")
         .option("--force", "overwrite existing config file")
+        .addHelpText("after", renderExampleHelp([
+        "codegate init",
+        "codegate init --path ./.codegate/config.json",
+        "codegate init --force",
+    ]))
         .action((options) => {
         try {
             const home = deps.homeDir?.() ?? homedir();
@@ -399,6 +428,7 @@ function addUpdateCommands(program, deps) {
     program
         .command("update-kb")
         .description("Check for newer knowledge-base content")
+        .addHelpText("after", renderExampleHelp(["codegate update-kb"]))
         .action(() => {
         deps.stdout("update-kb:");
         for (const line of guidance) {
@@ -409,6 +439,7 @@ function addUpdateCommands(program, deps) {
     program
         .command("update-rules")
         .description("Check for newer rules content")
+        .addHelpText("after", renderExampleHelp(["codegate update-rules"]))
         .action(() => {
         deps.stdout("update-rules:");
         for (const line of guidance) {
@@ -432,7 +463,13 @@ export function createCli(version = packageJson.version ?? "0.0.0-dev", deps = d
         .name(APP_NAME)
         .description("Pre-flight security scanner for AI coding tool configurations.")
         .version(versionDisplay)
-        .helpOption("-h, --help", "display help for command");
+        .helpOption("-h, --help", "display help for command")
+        .addHelpText("after", renderExampleHelp([
+        "codegate scan .",
+        "codegate scan https://github.com/owner/repo",
+        "codegate scan https://github.com/owner/repo/blob/main/skills/security-review/SKILL.md",
+        "codegate run claude",
+    ]));
     addScanCommand(program, version, deps);
     addRunCommand(program, version, deps);
     addUndoCommand(program, deps);

package/dist/commands/scan-command/helpers.d.ts

@@ -1,6 +1,7 @@
 import type { OutputFormat } from "../../config.js";
 import type { RemediationRunnerResult } from "../../layer4-remediation/remediation-runner.js";
 import type { CodeGateReport } from "../../types/report.js";
+export declare function summarizeRequestedTargetFindings(report: CodeGateReport, displayTarget?: string): string | null;
 export declare function metadataSummary(metadata: unknown): string;
 export declare function parseMetaAgentOutput(stdout: string): unknown | null;
 export declare function withMetaAgentFinding(metadata: unknown, finding: {

package/dist/commands/scan-command/helpers.js

@@ -7,6 +7,29 @@ import { renderTerminalReport } from "../../reporter/terminal.js";
 function isRecord(value) {
     return typeof value === "object" && value !== null && !Array.isArray(value);
 }
+function isHttpLikeTarget(target) {
+    return /^https?:\/\//iu.test(target);
+}
+function isUserScopeFindingPath(path) {
+    return path === "~" || path.startsWith("~/");
+}
+export function summarizeRequestedTargetFindings(report, displayTarget) {
+    if (!displayTarget || !isHttpLikeTarget(displayTarget)) {
+        return null;
+    }
+    const targetFindings = report.findings.filter((finding) => !isUserScopeFindingPath(finding.file_path)).length;
+    const userScopeFindings = report.findings.length - targetFindings;
+    if (targetFindings === 0) {
+        if (userScopeFindings === 0) {
+            return "Requested URL target result: no findings were detected in the URL content.";
+        }
+        return `Requested URL target result: no findings were detected in the URL content. ${userScopeFindings} finding(s) came from enabled user-scope paths (~/*).`;
+    }
+    if (userScopeFindings === 0) {
+        return `Requested URL target result: ${targetFindings} finding(s) were detected in the URL content.`;
+    }
+    return `Requested URL target result: ${targetFindings} finding(s) were detected in the URL content. ${userScopeFindings} additional finding(s) came from enabled user-scope paths (~/*).`;
+}
 export function metadataSummary(metadata) {
     let raw;
     if (typeof metadata === "string") {

package/dist/commands/scan-command.d.ts

@@ -20,6 +20,7 @@ export interface ScanCommandOptions {
     force?: boolean;
     resetState?: boolean;
     includeUserScope?: boolean;
+    skill?: string;
 }
 export interface ScanRunnerInput {
     version: string;

package/dist/commands/scan-command.js

@@ -6,7 +6,7 @@ import { buildMetaAgentCommand, } from "../layer3-dynamic/command-builder.js";
 import { buildPromptEvidenceText, supportsToollessLocalTextAnalysis, } from "../layer3-dynamic/local-text-analysis.js";
 import { buildLocalTextAnalysisPrompt, buildSecurityAnalysisPrompt, } from "../layer3-dynamic/meta-agent.js";
 import { layer3OutcomesToFindings, mergeLayer3Findings, runDeepScanWithConsent, } from "../pipeline.js";
-import { mergeMetaAgentMetadata, metadataSummary, noEligibleDeepResourceNotes, parseLocalTextFindings, parseMetaAgentOutput, remediationSummaryLines, renderByFormat, withMetaAgentFinding, } from "./scan-command/helpers.js";
+import { mergeMetaAgentMetadata, metadataSummary, noEligibleDeepResourceNotes, parseLocalTextFindings, parseMetaAgentOutput, remediationSummaryLines, renderByFormat, summarizeRequestedTargetFindings, withMetaAgentFinding, } from "./scan-command/helpers.js";
 function toMetaAgentPreference(value) {
     const normalized = value.trim().toLowerCase();
     if (normalized === "claude" || normalized === "claude-code") {
@@ -373,13 +373,17 @@ export async function executeScanCommand(input, deps) {
             !input.options.output &&
             deps.isTTY() &&
             deps.renderTui !== undefined;
+        const targetSummaryNote = input.config.output_format === "terminal"
+            ? summarizeRequestedTargetFindings(report, input.displayTarget)
+            : null;
+        const scanNotes = targetSummaryNote ? [...deepScanNotes, targetSummaryNote] : deepScanNotes;
         if (shouldUseTui) {
-            deps.renderTui?.({ view: "dashboard", report, notices: deepScanNotes });
+            deps.renderTui?.({ view: "dashboard", report, notices: scanNotes });
             deps.renderTui?.({ view: "summary", report });
         }
         else {
-            if (deepScanNotes.length > 0) {
-                for (const note of deepScanNotes) {
+            if (scanNotes.length > 0) {
+                for (const note of scanNotes) {
                     deps.stdout(note);
                 }
             }

package/dist/scan-target/helpers.d.ts

@@ -4,6 +4,10 @@ export interface GitHubFileSource {
     repoUrl: string;
     filePath: string;
 }
+export interface GitHubTreeSource {
+    repoUrl: string;
+    treePath: string;
+}
 export declare function cleanupTempDir(path: string): void;
 export declare function isLikelyHttpUrl(value: string): boolean;
 export declare function isLikelyGitRepoUrl(value: URL): boolean;
@@ -18,3 +22,5 @@ export declare function inferToolFromReportPath(reportPath: string): string;
 export declare function copyDirectoryRecursive(sourceDir: string, destinationDir: string): void;
 export declare function collectExplicitCandidates(root: string): ExplicitScanCandidate[];
 export declare function parseGitHubFileSource(rawTarget: string): GitHubFileSource | null;
+export declare function parseGitHubTreeSource(rawTarget: string): GitHubTreeSource | null;
+export declare function extractSkillFromRepoPath(path: string): string | null;

package/dist/scan-target/helpers.js

@@ -266,3 +266,38 @@ export function parseGitHubFileSource(rawTarget) {
     }
     return null;
 }
+export function parseGitHubTreeSource(rawTarget) {
+    let url;
+    try {
+        url = new URL(rawTarget);
+    }
+    catch {
+        return null;
+    }
+    if (url.hostname.toLowerCase() !== "github.com") {
+        return null;
+    }
+    const segments = url.pathname.split("/").filter((segment) => segment.length > 0);
+    if (segments.length < 4) {
+        return null;
+    }
+    const [owner, repo, marker, , ...treePathSegments] = segments;
+    if (marker !== "tree") {
+        return null;
+    }
+    return {
+        repoUrl: `https://github.com/${owner}/${repo}.git`,
+        treePath: treePathSegments.join("/"),
+    };
+}
+export function extractSkillFromRepoPath(path) {
+    const normalized = path.replaceAll("\\", "/").replace(/^\/+/u, "");
+    const segments = normalized.split("/").filter((segment) => segment.length > 0);
+    if (segments.length < 2) {
+        return null;
+    }
+    if (segments[0]?.toLowerCase() !== "skills") {
+        return null;
+    }
+    return segments[1] ?? null;
+}

package/dist/scan-target/staging.d.ts

@@ -1,5 +1,13 @@
 import type { ResolvedScanTarget } from "./types.js";
+interface CloneGitRepoOptions {
+    preferredSkill?: string;
+    inferredSkill?: string;
+    interactive?: boolean;
+    requestSkillSelection?: (options: string[]) => Promise<string | null> | string | null;
+    displayTarget?: string;
+}
 export declare function stageLocalFile(absolutePath: string): ResolvedScanTarget;
-export declare function cloneGitRepo(rawTarget: string): ResolvedScanTarget;
+export declare function cloneGitRepo(rawTarget: string, options?: CloneGitRepoOptions): Promise<ResolvedScanTarget>;
 export declare function stageRepoSubdirectory(repoUrl: string, filePath: string, displayTarget: string): ResolvedScanTarget;
 export declare function downloadRemoteFile(rawTarget: string): Promise<ResolvedScanTarget>;
+export {};

package/dist/scan-target/staging.js

@@ -1,8 +1,8 @@
-import { copyFileSync, existsSync, mkdirSync, mkdtempSync } from "node:fs";
+import { copyFileSync, existsSync, mkdirSync, mkdtempSync, readdirSync, statSync } from "node:fs";
 import { spawnSync } from "node:child_process";
 import { tmpdir } from "node:os";
 import { dirname, join } from "node:path";
-import { cleanupTempDir, collectExplicitCandidates, copyDirectoryRecursive, inferRemoteCandidateFormat, inferLocalFileStagePath, inferRemoteFileStagePath, inferToolFromReportPath, parseGitHubFileSource, preserveTailSegments, shouldStageContainingFolder, } from "./helpers.js";
+import { cleanupTempDir, collectExplicitCandidates, copyDirectoryRecursive, extractSkillFromRepoPath, inferRemoteCandidateFormat, inferLocalFileStagePath, inferRemoteFileStagePath, inferToolFromReportPath, parseGitHubFileSource, preserveTailSegments, shouldStageContainingFolder, } from "./helpers.js";
 function cloneRepository(source, destination) {
     const result = spawnSync("git", ["clone", "--depth", "1", "--filter=blob:none", source, destination], {
         encoding: "utf8",
@@ -37,27 +37,126 @@ export function stageLocalFile(absolutePath) {
         cleanup: () => cleanupTempDir(tempRoot),
     };
 }
-export function cloneGitRepo(rawTarget) {
+function listAvailableSkills(repoDir) {
+    const skillsRoot = join(repoDir, "skills");
+    if (!existsSync(skillsRoot)) {
+        return [];
+    }
+    try {
+        if (!statSync(skillsRoot).isDirectory()) {
+            return [];
+        }
+    }
+    catch {
+        return [];
+    }
+    const skills = readdirSync(skillsRoot, { withFileTypes: true })
+        .filter((entry) => entry.isDirectory())
+        .map((entry) => entry.name)
+        .filter((name) => existsSync(join(skillsRoot, name, "SKILL.md")))
+        .sort((left, right) => left.localeCompare(right));
+    return skills;
+}
+function copyRootScanSurface(repoDir, stageRoot) {
+    for (const entry of readdirSync(repoDir, { withFileTypes: true })) {
+        if (entry.name === ".git" || entry.name === "skills") {
+            continue;
+        }
+        const sourcePath = join(repoDir, entry.name);
+        const destinationPath = join(stageRoot, entry.name);
+        if (entry.isFile()) {
+            mkdirSync(stageRoot, { recursive: true });
+            copyFileSync(sourcePath, destinationPath);
+            continue;
+        }
+        if (entry.isDirectory() && (entry.name.startsWith(".") || entry.name === "hooks")) {
+            copyDirectoryRecursive(sourcePath, destinationPath);
+        }
+    }
+}
+function normalizeSkillName(value) {
+    const trimmed = value?.trim();
+    if (!trimmed) {
+        return null;
+    }
+    return trimmed.replace(/^skills\//iu, "").replace(/^\/+/u, "");
+}
+function pickSkill(availableSkills, preferredSkill, inferredSkill) {
+    const normalizedPreferred = normalizeSkillName(preferredSkill);
+    if (normalizedPreferred) {
+        return normalizedPreferred;
+    }
+    const normalizedInferred = normalizeSkillName(inferredSkill);
+    if (normalizedInferred) {
+        return normalizedInferred;
+    }
+    if (availableSkills.length === 1) {
+        return availableSkills[0] ?? null;
+    }
+    return null;
+}
+async function stageSkillAwareRepository(tempRoot, repoDir, displayTarget, options = {}) {
+    const availableSkills = listAvailableSkills(repoDir);
+    if (availableSkills.length === 0) {
+        return {
+            scanTarget: repoDir,
+            displayTarget,
+            cleanup: () => cleanupTempDir(tempRoot),
+        };
+    }
+    let selectedSkill = pickSkill(availableSkills, options.preferredSkill, options.inferredSkill);
+    if (!selectedSkill &&
+        options.interactive === true &&
+        options.requestSkillSelection &&
+        availableSkills.length > 1) {
+        const choice = await options.requestSkillSelection(availableSkills);
+        selectedSkill = normalizeSkillName(choice ?? undefined);
+    }
+    if (!selectedSkill) {
+        throw new Error(`Multiple skills detected (${availableSkills.join(", ")}). Re-run with --skill <name>.`);
+    }
+    if (!availableSkills.includes(selectedSkill)) {
+        throw new Error(`Requested skill "${selectedSkill}" was not found. Available skills: ${availableSkills.join(", ")}.`);
+    }
+    const stageRoot = join(tempRoot, "staged");
+    copyRootScanSurface(repoDir, stageRoot);
+    copyDirectoryRecursive(join(repoDir, "skills", selectedSkill), join(stageRoot, "skills", selectedSkill));
+    return {
+        scanTarget: stageRoot,
+        displayTarget,
+        explicitCandidates: collectExplicitCandidates(stageRoot),
+        cleanup: () => cleanupTempDir(tempRoot),
+    };
+}
+export async function cloneGitRepo(rawTarget, options = {}) {
     const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-repo-"));
     const repoDir = join(tempRoot, "repo");
     try {
         cloneRepository(rawTarget, repoDir);
+        return await stageSkillAwareRepository(tempRoot, repoDir, options.displayTarget ?? rawTarget, options);
     }
     catch (error) {
         cleanupTempDir(tempRoot);
         throw error;
     }
-    return {
-        scanTarget: repoDir,
-        displayTarget: rawTarget,
-        cleanup: () => cleanupTempDir(tempRoot),
-    };
 }
 export function stageRepoSubdirectory(repoUrl, filePath, displayTarget) {
     const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-repo-file-"));
     const repoDir = join(tempRoot, "repo");
     try {
         cloneRepository(repoUrl, repoDir);
+        const inferredSkill = extractSkillFromRepoPath(filePath);
+        if (inferredSkill) {
+            const stageRoot = join(tempRoot, "staged");
+            copyRootScanSurface(repoDir, stageRoot);
+            copyDirectoryRecursive(join(repoDir, "skills", inferredSkill), join(stageRoot, "skills", inferredSkill));
+            return {
+                scanTarget: stageRoot,
+                displayTarget,
+                explicitCandidates: collectExplicitCandidates(stageRoot),
+                cleanup: () => cleanupTempDir(tempRoot),
+            };
+        }
         const absoluteFile = join(repoDir, filePath);
         if (!existsSync(absoluteFile)) {
             throw new Error(`Resolved repository file not found after clone: ${filePath}`);

package/dist/scan-target/types.d.ts

@@ -15,4 +15,7 @@ export interface ResolvedScanTarget {
 export interface ResolveScanTargetInput {
     rawTarget: string;
     cwd: string;
+    preferredSkill?: string;
+    interactive?: boolean;
+    requestSkillSelection?: (options: string[]) => Promise<string | null> | string | null;
 }

package/dist/scan-target.js

@@ -1,6 +1,6 @@
 import { existsSync, statSync } from "node:fs";
 import { resolve } from "node:path";
-import { isLikelyGitRepoUrl, isLikelyHttpUrl } from "./scan-target/helpers.js";
+import { extractSkillFromRepoPath, isLikelyGitRepoUrl, isLikelyHttpUrl, parseGitHubTreeSource, } from "./scan-target/helpers.js";
 import { cloneGitRepo, downloadRemoteFile, stageLocalFile } from "./scan-target/staging.js";
 export async function resolveScanTarget(input) {
     const localPath = resolve(input.cwd, input.rawTarget);
@@ -25,7 +25,23 @@ export async function resolveScanTarget(input) {
     }
     const url = new URL(input.rawTarget);
     if (isLikelyGitRepoUrl(url)) {
-        return cloneGitRepo(input.rawTarget);
+        return cloneGitRepo(input.rawTarget, {
+            preferredSkill: input.preferredSkill,
+            inferredSkill: extractSkillFromRepoPath(url.pathname) ?? undefined,
+            interactive: input.interactive === true,
+            requestSkillSelection: input.requestSkillSelection,
+            displayTarget: input.rawTarget,
+        });
+    }
+    const githubTree = parseGitHubTreeSource(input.rawTarget);
+    if (githubTree) {
+        return cloneGitRepo(githubTree.repoUrl, {
+            preferredSkill: input.preferredSkill,
+            inferredSkill: extractSkillFromRepoPath(githubTree.treePath) ?? undefined,
+            interactive: input.interactive === true,
+            requestSkillSelection: input.requestSkillSelection,
+            displayTarget: input.rawTarget,
+        });
     }
     return downloadRemoteFile(input.rawTarget);
 }

package/dist/tui/views/dashboard.js

@@ -4,5 +4,5 @@ import { toAbsoluteDisplayPath } from "../../path-display.js";
 import { defaultTheme } from "../theme.js";
 export function DashboardView(props) {
     const visibleFindings = props.report.findings.slice(0, 5);
-    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", paddingX: 1, children: [_jsxs(Text, { color: defaultTheme.title, children: ["CodeGate v", props.report.version] }), _jsxs(Text, { color: defaultTheme.muted, children: ["Target: ", props.report.scan_target] }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Text, { children: ["Installed tools: ", props.report.tools_detected.join(", ") || "none"] }), _jsxs(Text, { children: ["Findings: ", props.report.summary.total, " (CRITICAL", " ", props.report.summary.by_severity.CRITICAL ?? 0, ", HIGH", " ", props.report.summary.by_severity.HIGH ?? 0, ", MEDIUM", " ", props.report.summary.by_severity.MEDIUM ?? 0, ", LOW", " ", props.report.summary.by_severity.LOW ?? 0, ", INFO", " ", props.report.summary.by_severity.INFO ?? 0, ")"] }), props.notices && props.notices.length > 0 ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: defaultTheme.title, children: "Deep scan:" }), props.notices.map((notice, index) => (_jsx(Text, { color: defaultTheme.muted, children: notice }, `notice-${index}`)))] })) : null] }), visibleFindings.length > 0 ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: defaultTheme.title, children: "Findings detail:" }), visibleFindings.map((finding) => (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { children: ["[", finding.severity, "]", " ", toAbsoluteDisplayPath(props.report.scan_target, finding.file_path)] }), _jsx(Text, { children: finding.description }), finding.evidence ? (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { children: "Evidence:" }), finding.evidence.split("\n").map((line, index) => (_jsx(Text, { children: line }, `${finding.finding_id}-evidence-${index}`)))] })) : null] }, finding.finding_id))), props.report.findings.length > visibleFindings.length ? (_jsxs(Text, { color: defaultTheme.muted, children: ["...and ", props.report.findings.length - visibleFindings.length, " more findings"] })) : null] })) : null] }));
+    return (_jsxs(Box, { flexDirection: "column", borderStyle: "round", paddingX: 1, children: [_jsxs(Text, { color: defaultTheme.title, children: ["CodeGate v", props.report.version] }), _jsxs(Text, { color: defaultTheme.muted, children: ["Target: ", props.report.scan_target] }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Text, { children: ["Installed tools: ", props.report.tools_detected.join(", ") || "none"] }), _jsxs(Text, { children: ["Findings: ", props.report.summary.total, " (CRITICAL", " ", props.report.summary.by_severity.CRITICAL ?? 0, ", HIGH", " ", props.report.summary.by_severity.HIGH ?? 0, ", MEDIUM", " ", props.report.summary.by_severity.MEDIUM ?? 0, ", LOW", " ", props.report.summary.by_severity.LOW ?? 0, ", INFO", " ", props.report.summary.by_severity.INFO ?? 0, ")"] }), props.notices && props.notices.length > 0 ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: defaultTheme.title, children: "Notes:" }), props.notices.map((notice, index) => (_jsx(Text, { color: defaultTheme.muted, children: notice }, `notice-${index}`)))] })) : null] }), visibleFindings.length > 0 ? (_jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { color: defaultTheme.title, children: "Findings detail:" }), visibleFindings.map((finding) => (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { children: ["[", finding.severity, "]", " ", toAbsoluteDisplayPath(props.report.scan_target, finding.file_path)] }), _jsx(Text, { children: finding.description }), finding.evidence ? (_jsxs(Box, { flexDirection: "column", children: [_jsx(Text, { children: "Evidence:" }), finding.evidence.split("\n").map((line, index) => (_jsx(Text, { children: line }, `${finding.finding_id}-evidence-${index}`)))] })) : null] }, finding.finding_id))), props.report.findings.length > visibleFindings.length ? (_jsxs(Text, { color: defaultTheme.muted, children: ["...and ", props.report.findings.length - visibleFindings.length, " more findings"] })) : null] })) : null] }));
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codegate-ai",
-  "version": "0.1.8",
+  "version": "0.2.0",
   "description": "Pre-flight security scanner for AI coding tool configurations.",
   "license": "MIT",
   "type": "module",