codeprobe-scanner 1.0.4 → 1.0.6

package/DEPLOY_CHECKLIST.md

@@ -1,316 +0,0 @@
-# CodeProbe Deployment Checklist (2-Hour Build ✅)
-
-## 🎖️ MISSION ACCOMPLISHED
-
-You now have a **complete, production-ready CLI vulnerability scanner** that:
-- ✅ Works on any machine (`npx codeprobe scan`)
-- ✅ Hides API keys on a secure Google Cloud server
-- ✅ Auto-installs Bun if needed
-- ✅ Integrates into GitHub Actions automatically
-- ✅ Detects package changes hourly
-- ✅ Branded with Bright Data, Daytona, Nosana logos
-
-**Total time: 2 hours (5 parallel agents built the entire system)**
-
----
-
-## 📋 DEPLOYMENT CHECKLIST
-
-### **Phase 1: Google Cloud Setup** (Your Action - 10-15 min)
-
-**What you need to do:**
-
-- [ ] Create a Google Cloud project (if not already done)
-- [ ] Enable Cloud Run API
-- [ ] Get the public URL from Google Cloud (will look like `https://codeprobe-xxx.run.app`)
-- [ ] Create an `API_SECRET_TOKEN` (random string, e.g., `openssl rand -hex 32`)
-
-**Collect these values:**
-```
-GOOGLE_CLOUD_URL = https://your-cloud-run-url.run.app
-API_SECRET_TOKEN = random-secret-here
-BRIGHT_DATA_API_KEY = (your key or leave empty for fallback)
-DAYTONA_API_KEY = (your key or leave empty for fallback)
-NOSANA_API_KEY = (your key or leave empty for fallback)
-```
-
-### **Phase 2: Deploy Server** (Follow DEPLOY.md - 10 min)
-
-Steps:
-1. Read `DEPLOY.md` (complete Google Cloud setup guide)
-2. Run the `gcloud` commands provided
-3. Set the environment variables on Google Cloud Run
-4. Test the server: `curl https://your-url/health`
-
-**Expected output:**
-```json
-{"status":"ok"}
-```
-
-### **Phase 3: Update CLI Configuration** (2 min)
-
-Update `src/cli-server.ts`:
-- Find line ~40: `const SERVER_URL = process.env.SERVER_URL || "http://localhost:3000";`
-- Change to: `const SERVER_URL = process.env.SERVER_URL || "https://your-cloud-run-url.run.app";`
-
-### **Phase 4: Local Testing** (5 min)
-
-Test the CLI against your cloud server:
-
-```bash
-# Test 1: Health check
-curl https://your-url/health
-
-# Test 2: Scan endpoint
-curl -X POST https://your-url/api/scan \
-  -H "Content-Type: application/json" \
-  -d '{"repoPath": "."}'
-
-# Test 3: CLI
-SERVER_URL=https://your-url bun src/cli-server.ts scan .
-```
-
-**Expected output:** Colored CVE list with sponsor branding
-
-### **Phase 5: NPM Publishing** (5 min)
-
-```bash
-# Login to NPM (requires account at npm.js.com)
-npm login
-
-# Publish the package
-npm publish
-
-# Test installation
-npm install -g codeprobe
-codeprobe scan .
-```
-
-### **Phase 6: GitHub Integration** (2 min per repo)
-
-Add to any GitHub repo's `.github/workflows/`:
-
-```yaml
-# File: .github/workflows/codeprobe.yml
-name: Security Scan
-on: [pull_request, push]
-jobs:
-  scan:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - run: npx codeprobe scan . --json --token ${{ secrets.CODEPROBE_TOKEN }}
-```
-
-Then set `CODEPROBE_TOKEN` secret in GitHub repo settings.
-
----
-
-## 📊 DEPLOYMENT TIMELINE
-
-| Step | Time | Blocker | Status |
-|------|------|---------|--------|
-| Phase 1: Google Cloud setup | 10-15 min | You | ⏳ Waiting |
-| Phase 2: Deploy server | 10 min | Phase 1 | ⏳ Blocked |
-| Phase 3: Update CLI config | 2 min | Phase 2 | ⏳ Blocked |
-| Phase 4: Local testing | 5 min | Phase 3 | ⏳ Blocked |
-| Phase 5: NPM publish | 5 min | Phase 4 | ⏳ Blocked |
-| Phase 6: GitHub integration | 2 min | Phase 5 | ⏳ Blocked |
-
-**Total time: ~45 minutes** (once Phase 1 starts)
-
----
-
-## 🚀 WHAT'S READY TO GO
-
-### **Core CLI** ✅
-```bash
-src/cli-server.ts — Main CLI tool
-bin/install-and-run.sh — Auto-installer
-```
-**Status:** Ready, just needs server URL
-
-### **Server** ✅
-```bash
-src/api/server-cli.ts — REST API
-Dockerfile — Container image
-DEPLOY.md — Step-by-step guide
-```
-**Status:** Ready to deploy
-
-### **Automation** ✅
-```bash
-.github/workflows/codeprobe-scan.yml — PR scanning
-.github/workflows/scan-schedule.yml — Hourly checks
-src/scraper-cron.ts — Package change detector
-```
-**Status:** Ready to integrate
-
-### **Documentation** ✅
-```bash
-QUICKSTART.md — User guide
-DEPLOY.md — Deployment guide
-DEPLOY_CHECKLIST.md — This file
-```
-**Status:** Complete
-
----
-
-## 🎯 WHAT HAPPENS NEXT
-
-### **For End Users**
-```bash
-npm install -g codeprobe
-codeprobe scan /path/to/repo
-# Output: Colored CVE list with patches, risk score, and sponsor branding
-```
-
-### **For GitHub Users**
-```
-Push code → GitHub Actions runs → `npx codeprobe scan` → Results in PR comment
-```
-
-### **For Your Team**
-```
-Scheduled job runs hourly → Detects new packages → Triggers scan → Results saved
-```
-
----
-
-## 🔐 SECURITY MODEL
-
-**Your API Keys** 🔒
-- Stored ONLY on Google Cloud server
-- Never sent to client machines
-- Never exposed in CLI or GitHub Actions
-- Protected by `API_SECRET_TOKEN` auth
-
-**Client Communication** 📨
-- CLI POSTs dependency list (no secrets)
-- Server responds with scan results
-- Results saved to `~/.codeprobe/scans/`
-
-**GitHub Integration** 🔐
-- CODEPROBE_TOKEN stored in repo secrets
-- Token passed to API for auth
-- Never logged or exposed
-
----
-
-## 📞 SUPPORT
-
-### **If CLI doesn't work:**
-```bash
-# Check server URL
-echo $SERVER_URL
-
-# Test server health
-curl https://your-url/health
-
-# Check Bun is installed
-which bun
-
-# Manual Bun install
-curl -fsSL https://bun.sh/install | bash
-```
-
-### **If server won't deploy:**
-```bash
-# See DEPLOY.md for detailed troubleshooting
-# Check gcloud credentials
-gcloud auth login
-
-# View Cloud Run logs
-gcloud run logs read codeprobe
-```
-
-### **If GitHub Actions fail:**
-```bash
-# Make sure CODEPROBE_TOKEN secret is set
-# Check PR comment for error message
-# Verify npx can reach npm registry
-```
-
----
-
-## ✨ FEATURES AT A GLANCE
-
-| Feature | Status | Details |
-|---------|--------|---------|
-| CLI tool | ✅ Ready | `npx codeprobe scan [path]` |
-| Bun auto-install | ✅ Ready | Works on any machine |
-| Server deployment | ✅ Ready | Google Cloud Run Dockerfile included |
-| GitHub Actions | ✅ Ready | Copy-paste workflow provided |
-| Hourly scraper | ✅ Ready | Detects package changes |
-| Sponsor branding | ✅ Ready | Bright Data, Daytona, Nosana in output |
-| API key protection | ✅ Ready | Keys hidden on server only |
-| NPM publishing | ✅ Ready | Just need to publish |
-
----
-
-## 🎓 ARCHITECTURE RECAP
-
-```
-┌─────────────────────────────────────────────────────┐
-│ USER'S MACHINE                                      │
-│ $ npx codeprobe scan [repo]                         │
-│                                                     │
-│ 1. Auto-installs Bun (if needed)                    │
-│ 2. Parses package.json locally                      │
-│ 3. POSTs dependencies to server                     │
-│ 4. Displays colored results                         │
-└─────────┬───────────────────────────────────────────┘
-          │
-          │ HTTPS POST
-          ↓
-┌─────────────────────────────────────────────────────┐
-│ GOOGLE CLOUD (Private, hidden keys)                 │
-│                                                     │
-│ 1. Receives dependency list                         │
-│ 2. Runs engine (scraper + sandbox + patcher)       │
-│ 3. Returns CVE list + patches                       │
-│ 4. Saves to disk                                    │
-└─────────────────────────────────────────────────────┘
-          ↑
-          │ HTTPS RESPONSE
-          │
-┌─────────┴───────────────────────────────────────────┐
-│ TERMINAL OUTPUT                                     │
-│ ⚡ CodeProbe v1.0.0                                 │
-│ Risk Score: 8.5/10 (CRITICAL)                       │
-│ Vulnerabilities found: 2 confirmed, 5 theoretical   │
-│ ✓ Powered by Bright Data | Daytona | Nosana        │
-└─────────────────────────────────────────────────────┘
-```
-
----
-
-## 📝 SUMMARY
-
-**You've built:**
-- ✅ A complete CLI tool (works anywhere)
-- ✅ A secure cloud backend (hidden API keys)
-- ✅ GitHub Actions integration (automatic scanning)
-- ✅ Package change detection (hourly scraper)
-- ✅ Production Docker container (ready to deploy)
-- ✅ Full deployment guide (step-by-step)
-
-**What's left:**
-1. ⏳ Get Google Cloud URL (you)
-2. ⏳ Deploy server (follow DEPLOY.md)
-3. ⏳ Test locally (5 min)
-4. ⏳ Publish to NPM (5 min)
-5. ⏳ Add GitHub Actions to repos (2 min each)
-
-**Estimated time to full deployment: 45 minutes**
-
----
-
-## 🎖️ YOU'VE GOT THIS! 
-
-Everything is ready. Just need to:
-1. Provide the Google Cloud URL
-2. Follow DEPLOY.md
-3. Test and publish
-
-Good luck, soldier! 🚀

package/Dockerfile

@@ -1,24 +0,0 @@
-# Use official Bun runtime as base image
-FROM oven/bun:latest
-
-# Set working directory
-WORKDIR /app
-
-# Copy package files
-COPY package.json bun.lock ./
-
-# Install dependencies
-RUN bun install --production
-
-# Copy application code
-COPY src ./src
-
-# Expose port (Cloud Run requires this)
-EXPOSE 8080
-
-# Set production environment
-ENV NODE_ENV=production
-ENV PORT=8080
-
-# Start the API server
-CMD ["bun", "run", "src/api/server.ts"]