codeproof 1.0.2 → 1.0.4

package/.env

@@ -0,0 +1 @@
+AI_API_URL = "https://api-risk-fgef.onrender.com/predict"

package/commands/reportDashboard.js

@@ -37,8 +37,13 @@ export async function runReportDashboard({ cwd }) {
 
     if (!latestReport) {
       logWarn("No reports found. Run `codeproof run` first.");
-    } else {
-      const integration = config?.integration || {};
+      return;
+    }
+
+    const integration = config?.integration || {};
+    const integrationEnabled = features.integration && Boolean(integration.enabled);
+    
+    if (integrationEnabled) {
       // Integrations are fail-open: never throw on network errors.
       withFailOpenIntegration(() => {
         sendReportToServer(latestReport, {
@@ -46,10 +51,13 @@ export async function runReportDashboard({ cwd }) {
           endpointUrl: integration.endpointUrl
         });
       });
+      logInfo("Report sent to server.");
+    } else {
+      reportFeatureDisabled("Integration", verbose, logInfo);
+    }
 
-      if (latestReport?.projectId) {
-        logInfo(`View dashboard: https://dashboard.codeproof.dev/project/${latestReport.projectId}`);
-      }
+    if (latestReport?.projectId) {
+      logInfo(`View dashboard: https://dashboard.codeproof.dev/project/${latestReport.projectId}`);
     }
   } else {
     reportFeatureDisabled("Reporting", verbose, logInfo);

package/commands/run.js

@@ -1,6 +1,6 @@
 import fs from "fs";
 import path from "path";
-import { ensureGitRepo, getGitRoot, getStagedFiles } from "../utils/git.js";
+import { ensureGitRepo, getGitRoot, getStagedFiles, getRepoIdentifier, getProjectName } from "../utils/git.js";
 import { logError, logInfo, logSuccess, logWarn } from "../utils/logger.js";
 import { buildScanTargets } from "../utils/fileScanner.js";
 import { runRuleEngine } from "../engine/ruleEngine.js";
@@ -110,7 +110,7 @@ export async function runCli({ args = [], cwd }) {
     }
 
     const aiDecisions = aiInputs.length > 0
-        ? withFailOpenAiEscalation(features.aiEscalation, () => analyze(aiInputs, projectContext))
+        ? await withFailOpenAiEscalation(features.aiEscalation, () => analyze(aiInputs, projectContext))
         : [];
     const { blockFindings, warnFindings, aiReviewed, exitCode } = mergeDecisions({
         baselineFindings: [...findings, ...escalations],
@@ -118,14 +118,18 @@ export async function runCli({ args = [], cwd }) {
     });
 
     if (features.reporting) {
-        withFailOpenReporting(() => {
+        await withFailOpenReporting(async () => {
             const timestamp = new Date().toISOString();
             const reportId = randomUUID();
             const projectId = config.projectId || "";
             const clientId = getClientId();
+            const projectName = getProjectName(gitRoot);
+            const repoIdentifier = getRepoIdentifier(gitRoot);
             const report = buildReport({
                 projectRoot: gitRoot,
                 projectId,
+                projectName,
+                repoIdentifier,
                 clientId,
                 reportId,
                 scanMode,
@@ -134,62 +138,88 @@ export async function runCli({ args = [], cwd }) {
                 aiReviewed,
                 timestamp
             });
-            // Reporting is fail-open: never block commits if logging fails.
+            // Report is saved to file and sent to server regardless of findings
+            logInfo("Saving report to file...");
             writeReport({ projectRoot: gitRoot, report });
+            logSuccess("Report saved locally.");
 
             const integration = config?.integration || {};
             const integrationEnabled = features.integration && Boolean(integration.enabled);
+            
+            // Always send to server in pre-commit or manual mode
             if (integrationEnabled) {
-                withFailOpenIntegration(() => {
+                logInfo("Syncing report to server...");
+                await withFailOpenIntegration(async () => {
                     // Network calls are fail-open; never affect exit codes.
-                    sendReportToServer(report, {
+                    return await sendReportToServer(report, {
                         enabled: true,
                         endpointUrl: integration.endpointUrl
                     });
                 });
+                logSuccess("Report synced to server.");
             } else {
                 reportFeatureDisabled("Integration", verbose, logInfo);
             }
         }, () => {
-            logWarn("Failed to write CodeProof report. Continuing without blocking.");
+            logWarn("Failed to process report. Continuing without blocking.");
         });
     } else {
         reportFeatureDisabled("Reporting", verbose, logInfo);
     }
 
     if (blockFindings.length > 0) {
-        logError(`Baseline rule violations (${blockFindings.length}):`);
+        logError(`\n❌ CRITICAL ISSUES FOUND (${blockFindings.length}):\n`);
         for (const finding of blockFindings) {
             const relative = path.relative(gitRoot, finding.filePath) || finding.filePath;
-            logError(
-                `${finding.ruleId} [${finding.severity}/${finding.confidence}] ${relative}:${finding.line} ${finding.message}`
-            );
-            logError(`  ${finding.snippet}`);
+            logError(`  • ${finding.ruleId.toUpperCase()}`);
+            logError(`    File: ${relative}:${finding.line}`);
+            logError(`    Issue: ${finding.message}`);
+            // console.log(`    Code: ${finding.snippet}`);
+            logError("");
         }
     }
 
     if (warnFindings.length > 0) {
-        logWarn(`Baseline warnings (${warnFindings.length}):`);
-        for (const finding of warnFindings) {
-            const relative = path.relative(gitRoot, finding.filePath) || finding.filePath;
-            logWarn(
-                `${finding.ruleId} [${finding.severity}/${finding.confidence}] ${relative}:${finding.line} ${finding.message}`
-            );
-            logWarn(`  ${finding.snippet}`);
+        // Filter to show only HIGH risk warnings
+        const highRiskWarnings = warnFindings.filter(f => f.confidence === "high");
+        if (highRiskWarnings.length > 0) {
+            logWarn(`\n⚠️  HIGH RISK WARNINGS (${highRiskWarnings.length}):\n`);
+            for (const finding of highRiskWarnings) {
+                const relative = path.relative(gitRoot, finding.filePath) || finding.filePath;
+                logWarn(`  • ${finding.ruleId.toUpperCase()}`);
+                logWarn(`    File: ${relative}:${finding.line}`);
+                logWarn(`    Issue: ${finding.message}`);
+                // console.log(`    Code: ${finding.snippet}`);
+                logWarn("");
+            }
         }
+        // comment out low risk warnings
+        // const lowRiskWarnings = warnFindings.filter(f => f.confidence !== "high");
+        // if (lowRiskWarnings.length > 0) {
+        //     logWarn(`Baseline warnings (${lowRiskWarnings.length}):`);
+        //     for (const finding of lowRiskWarnings) {
+        //         const relative = path.relative(gitRoot, finding.filePath) || finding.filePath;
+        //         logWarn(
+        //             `${finding.ruleId} [${finding.severity}/${finding.confidence}] ${relative}:${finding.line} ${finding.message}`
+        //         );
+        //         logWarn(`  ${finding.snippet}`);
+        //     }
+        // }
     }
 
     if (aiReviewed.length > 0) {
-        logWarn(`AI-reviewed findings (${aiReviewed.length}):`);
+        logWarn(`\n🤖 AI-REVIEWED FINDINGS (${aiReviewed.length}):\n`);
         for (const entry of aiReviewed) {
             const { finding, decision } = entry;
             const relative = path.relative(gitRoot, finding.filePath) || finding.filePath;
-            logWarn(
-                `${finding.ruleId} [${decision.verdict}/${decision.confidence.toFixed(2)}] ${relative}:${finding.line} ${decision.explanation}`
-            );
+            const verdict = decision.verdict === "block" ? "BLOCKED" : "WARNING";
+            logWarn(`  • ${finding.ruleId.toUpperCase()} [${verdict}]`);
+            logWarn(`    File: ${relative}:${finding.line}`);
+            logWarn(`    Analysis: ${decision.explanation}`);
             if (decision.suggestedFix) {
-                logWarn(`  Suggested fix: ${decision.suggestedFix}`);
+                logWarn(`    Fix: ${decision.suggestedFix}`);
             }
+            logWarn("");
         }
     }
 

package/core/safetyGuards.js

@@ -18,9 +18,13 @@ export function reportFeatureDisabled(name, verbose, logInfo) {
   logInfo(`${name} disabled by feature flag.`);
 }
 
-export function withFailOpenReporting(action, onError) {
+export async function withFailOpenReporting(action, onError) {
   try {
-    return action();
+    const result = action();
+    if (result && typeof result.then === 'function') {
+      return await result;
+    }
+    return result;
   } catch {
     if (onError) {
       onError();
@@ -29,21 +33,24 @@ export function withFailOpenReporting(action, onError) {
   }
 }
 
-export function withFailOpenIntegration(action) {
+export async function withFailOpenIntegration(action) {
   try {
-    action();
+    const result = action();
+    if (result && typeof result.then === 'function') {
+      await result;
+    }
   } catch {
     // Integration failures are ignored to avoid affecting commits.
   }
 }
 
-export function withFailOpenAiEscalation(enabled, action) {
+export async function withFailOpenAiEscalation(enabled, action) {
   if (!enabled) {
     return [];
   }
 
   try {
-    return action();
+    return await action();
   } catch {
     // AI failures downgrade to warnings by returning no decisions.
     return [];

package/engine/aiAnalyzer.js

@@ -1,13 +1,23 @@
+import http from "http";
+import https from "https";
+import { logWarn } from "../utils/logger.js";
+
 // AI contextual analysis layer. Only low-confidence findings reach this stage.
 // Regex-first keeps the fast baseline deterministic; AI is a cautious fallback.
 
-function callModel(payload) {
-  void payload;
-  // Stubbed: No provider hardcoded. Return null to trigger safe fallback.
-  return null;
+const DEFAULT_TIMEOUT_MS = 5000;
+
+function getAiConfig() {
+  const apiUrl = process.env.AI_API_URL || "";
+  const timeoutMs = Number(process.env.AI_TIMEOUT_MS) || DEFAULT_TIMEOUT_MS;
+  return { apiUrl, timeoutMs };
 }
 
-function fallbackDecision(finding) {
+function fallbackDecision(finding, reason) {
+  if (reason) {
+    logWarn(`AI escalation failed: ${reason}`);
+  }
+
   return {
     findingId: finding.findingId,
     verdict: "warn",
@@ -17,33 +27,115 @@ function fallbackDecision(finding) {
   };
 }
 
-export function analyze(findings, projectContext) {
-  const payload = {
-    version: 1,
-    projectContext,
-    findings: findings.map((finding) => ({
-      findingId: finding.findingId,
-      ruleId: finding.ruleId,
-      filePath: finding.filePath,
-      fileType: finding.fileType,
-      isTestLike: finding.isTestLike,
-      snippet: finding.snippet
-    }))
+function postJsonWithTimeout({ url, payload, timeoutMs }) {
+  return new Promise((resolve, reject) => {
+    let parsedUrl;
+    try {
+      parsedUrl = new URL(url);
+    } catch {
+      reject(new Error("Invalid AI_API_URL"));
+      return;
+    }
+
+    const data = JSON.stringify(payload);
+    const transport = parsedUrl.protocol === "http:" ? http : https;
+
+    const request = transport.request(
+      {
+        method: "POST",
+        hostname: parsedUrl.hostname,
+        port: parsedUrl.port || (parsedUrl.protocol === "http:" ? 80 : 443),
+        path: `${parsedUrl.pathname}${parsedUrl.search}`,
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(data)
+        },
+        timeout: timeoutMs
+      },
+      (res) => {
+        let body = "";
+        res.setEncoding("utf8");
+        res.on("data", (chunk) => {
+          body += chunk;
+        });
+        res.on("end", () => {
+          if (res.statusCode && res.statusCode >= 400) {
+            reject(new Error(`AI API responded with ${res.statusCode}`));
+            return;
+          }
+          try {
+            resolve(JSON.parse(body));
+          } catch {
+            reject(new Error("AI API returned invalid JSON"));
+          }
+        });
+      }
+    );
+
+    request.on("timeout", () => {
+      request.destroy(new Error("AI request timed out"));
+    });
+
+    request.on("error", (err) => {
+      reject(err);
+    });
+
+    request.write(data);
+    request.end();
+  });
+}
+
+async function callModel(finding) {
+  const { apiUrl, timeoutMs } = getAiConfig();
+
+  if (!apiUrl) {
+    throw new Error("AI_API_URL is not configured");
+  }
+
+  const response = await postJsonWithTimeout({
+    url: apiUrl,
+    timeoutMs,
+    payload: {
+      code: finding.snippet || ""
+    }
+  });
+
+  if (!response || typeof response.found !== "boolean") {
+    throw new Error("AI API returned invalid payload");
+  }
+
+  const verdict = response.found && response.risk === "Critical" ? "block" : "warn";
+  const confidence = response.found ? 0.85 : 0.35;
+  const explanation = response.found
+    ? `AI detected ${response.risk} risk: ${response.secret || "secret value"}`
+    : "AI did not detect risk in this code snippet.";
+
+  return {
+    findingId: finding.findingId,
+    verdict,
+    confidence,
+    explanation,
+    suggestedFix: response.found ? "Move secrets to environment variables." : undefined
   };
+}
 
-  const response = callModel(payload);
+export async function analyze(findings, projectContext) {
+  void projectContext;
 
-  if (!response || !Array.isArray(response.decisions)) {
-    return findings.map(fallbackDecision);
+  if (!Array.isArray(findings) || findings.length === 0) {
+    return [];
   }
 
-  return response.decisions.map((decision) => ({
-    findingId: decision.findingId,
-    verdict: decision.verdict || "warn",
-    confidence: typeof decision.confidence === "number" ? decision.confidence : 0.5,
-    explanation: decision.explanation || "AI decision provided.",
-    suggestedFix: decision.suggestedFix
-  }));
+  return Promise.all(
+    findings.map(async (finding) => {
+      try {
+        return await callModel(finding);
+      } catch (error) {
+        const reason = error instanceof Error ? error.message : "AI call failed";
+        return fallbackDecision(finding, reason);
+      }
+    })
+  );
 }
 
 

package/hooks/preCommit.js

@@ -18,14 +18,14 @@ function getHookBlock() {
     "fi",
     "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
     "if [ -f \"$CONFIG_PATH\" ]; then",
-    "  ENFORCEMENT=$(node -e \"const fs=require('fs');try{const c=JSON.parse(fs.readFileSync('$CONFIG_PATH','utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\")",
+    "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
     "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
     "    echo \"CodeProof enforcement is temporarily disabled.\"",
     "    echo \"Commit allowed.\"",
     "    exit 0",
     "  fi",
     "fi",
-    "CODEPROOF_PRECOMMIT=1 codeproof run --precommit",
+    "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
     "RESULT=$?",
     "if [ $RESULT -ne 0 ]; then",
     "  echo \"CodeProof checks failed. Commit blocked.\"",
@@ -55,14 +55,14 @@ export function installPreCommitHook(gitRoot) {
       "fi",
       "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
       "if [ -f \"$CONFIG_PATH\" ]; then",
-      "  ENFORCEMENT=$(node -e \"const fs=require('fs');try{const c=JSON.parse(fs.readFileSync('$CONFIG_PATH','utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\")",
+      "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
       "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
       "    echo \"CodeProof enforcement is temporarily disabled.\"",
       "    echo \"Commit allowed.\"",
       "    exit 0",
       "  fi",
       "fi",
-      "CODEPROOF_PRECOMMIT=1 codeproof run --precommit",
+      "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
       "RESULT=$?",
       "if [ $RESULT -ne 0 ]; then",
       "  echo \"CodeProof checks failed. Commit blocked.\"",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeproof",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "CodeProof CLI",
   "type": "module",
   "bin": {

package/reporting/reportBuilder.js

@@ -46,6 +46,8 @@ function normalizeSeverity(value) {
 export function buildReport({
   projectRoot,
   projectId,
+  projectName,
+  repoIdentifier,
   clientId,
   reportId,
   scanMode,
@@ -85,17 +87,24 @@ export function buildReport({
       ? "allowed_with_warnings"
       : "allowed";
 
+  // Server-compatible format
   return {
-    reportId,
-    timestamp,
     projectId,
     clientId,
-    scanMode,
-    summary: {
-      totalFilesScanned: filesScannedCount,
-      totalFindings: findings.length,
-      blocksCount,
-      warningsCount
+    project: {
+      name: projectName || "Unknown Project",
+      repoIdentifier: repoIdentifier || projectRoot
+    },
+    report: {
+      timestamp,
+      scanMode,
+      summary: {
+        filesScanned: filesScannedCount,
+        findings: findings.length,
+        blocks: blocksCount,
+        warnings: warningsCount,
+        finalVerdict
+      }
     },
     findings,
     finalVerdict

package/reporting/reportWriter.js

@@ -44,6 +44,22 @@ export function writeReport({ projectRoot, report }) {
   const reportDir = getReportDir(projectRoot);
   ensureReportDir(reportDir);
 
+  // Cleanup old temp files before creating new ones
+  try {
+    const files = fs.readdirSync(reportDir);
+    for (const file of files) {
+      if (file.startsWith('.tmp-')) {
+        try {
+          fs.unlinkSync(path.join(reportDir, file));
+        } catch {
+          // Ignore errors on cleanup
+        }
+      }
+    }
+  } catch {
+    // Ignore cleanup errors
+  }
+
   // Per-run JSON keeps every audit entry immutable and easy to archive.
   let reportNumber = getNextReportNumber(reportDir);
   let reportPath = path.join(reportDir, `${REPORT_PREFIX}${reportNumber}${REPORT_SUFFIX}`);
@@ -55,8 +71,21 @@ export function writeReport({ projectRoot, report }) {
   // Use numeric sequencing over timestamps to avoid collisions in fast CI runs.
   const tempPath = path.join(reportDir, `.tmp-${process.pid}-${Date.now()}.json`);
   const payload = JSON.stringify(report, null, 2) + "\n";
-  fs.writeFileSync(tempPath, payload, "utf8");
-  fs.renameSync(tempPath, reportPath);
+  
+  try {
+    fs.writeFileSync(tempPath, payload, "utf8");
+    fs.renameSync(tempPath, reportPath);
+  } catch (err) {
+    // Cleanup temp file on error
+    try {
+      if (fs.existsSync(tempPath)) {
+        fs.unlinkSync(tempPath);
+      }
+    } catch {
+      // Ignore cleanup errors
+    }
+    throw err;
+  }
 
   return reportPath;
 }

package/utils/apiClient.js

@@ -4,11 +4,17 @@ import https from "https";
 // Boundary: integration layer only. Must not import CLI, rule engine, or reporting.
 // Network calls are fail-open to avoid impacting commits or developer flow.
 
-const DEFAULT_ENDPOINT = "https://api.codeproof.dev/report";
+const DEFAULT_ENDPOINT = "http://127.0.0.1:4000/api/reports";
 
-export function sendReportToServer(report, options = {}) {
+export async function sendReportToServer(report, options = {}) {
   const enabled = Boolean(options.enabled);
+  
+  // console.log("[API Client] sendReportToServer called");
+  // console.log("[API Client] enabled:", enabled);
+  // console.log("[API Client] options:", JSON.stringify(options, null, 2));
+  
   if (!enabled) {
+    // console.log("[API Client] Integration disabled, skipping");
     return;
   }
 
@@ -16,41 +22,75 @@ export function sendReportToServer(report, options = {}) {
     ? options.endpointUrl.trim()
     : DEFAULT_ENDPOINT;
 
-  try {
-    const url = new URL(endpointUrl);
-    const payload = JSON.stringify(report);
-    const transport = url.protocol === "http:" ? http : https;
-
-    const request = transport.request(
-      {
-        method: "POST",
-        hostname: url.hostname,
-        port: url.port || (url.protocol === "http:" ? 80 : 443),
-        path: `${url.pathname}${url.search}`,
-        headers: {
-          "Content-Type": "application/json",
-          "Content-Length": Buffer.byteLength(payload)
+  // console.log("[API Client] Target endpoint:", endpointUrl);
+  // console.log("[API Client] Report summary:", {
+  //   projectId: report.projectId,
+  //   clientId: report.clientId,
+  //   findingsCount: report.findings?.length || 0
+  // });
+
+  return new Promise((resolve) => {
+    try {
+      const url = new URL(endpointUrl);
+      const payload = JSON.stringify(report);
+      const transport = url.protocol === "http:" ? http : https;
+
+      // console.log("[API Client] URL parsed - protocol:", url.protocol, "hostname:", url.hostname, "port:", url.port, "pathname:", url.pathname);
+      // console.log("[API Client] Payload size:", Buffer.byteLength(payload), "bytes");
+      // console.log("[API Client] Payload preview:", payload.substring(0, 200) + "...");
+
+      const portNumber = url.port ? parseInt(url.port, 10) : (url.protocol === "http:" ? 80 : 443);
+      
+      // console.log("[API Client] Sending POST to:", `${url.protocol}//${url.hostname}:${portNumber}${url.pathname}`);
+
+      const request = transport.request(
+        {
+          method: "POST",
+          hostname: url.hostname,
+          port: portNumber,
+          path: `${url.pathname}${url.search}`,
+          headers: {
+            "Content-Type": "application/json",
+            "Content-Length": Buffer.byteLength(payload)
+          },
+          timeout: 5000
         },
-        timeout: 2000
-      },
-      (res) => {
-        // UX: fail-open integrations never read or store server responses.
-        res.resume();
-      }
-    );
-
-    request.on("timeout", () => {
-      // Integrations are fail-open: timeout should not block or throw.
-      request.destroy();
-    });
-
-    request.on("error", () => {
-      // Integrations are fail-open: network errors are ignored silently.
-    });
-
-    request.write(payload);
-    request.end();
-  } catch {
-    // Integrations are fail-open: invalid URLs or serialization issues are ignored silently.
-  }
+        (res) => {
+          // console.log("[API Client] Response received:", res.statusCode);
+          let body = "";
+          res.on("data", (chunk) => {
+            body += chunk;
+          });
+          res.on("end", () => {
+            // console.log("[API Client] Response body:", body);
+            if (res.statusCode === 201) {
+              // Report sent successfully
+            } else {
+              console.error("[API Client] Server returned status:", res.statusCode);
+            }
+            resolve();
+          });
+          res.resume();
+        }
+      );
+
+      request.on("timeout", () => {
+        console.error("[API Client] Request timeout");
+        request.destroy();
+        resolve();
+      });
+
+      request.on("error", (err) => {
+        console.error("[API Client] Request error:", err.message);
+        resolve();
+      });
+
+      request.write(payload);
+      request.end();
+      // console.log("[API Client] Request sent");
+    } catch (err) {
+      console.error("[API Client] Exception:", err.message);
+      resolve();
+    }
+  });
 }

package/utils/git.js

@@ -44,3 +44,20 @@ export function getStagedFiles(cwd) {
         .map((line) => line.trim())
         .filter(Boolean);
 }
+
+export function getRepoIdentifier(gitRoot) {
+    try {
+        const result = runGit(["config", "--get", "remote.origin.url"], gitRoot);
+        if (result.status === 0) {
+            return String(result.stdout).trim() || gitRoot;
+        }
+    } catch {
+        // Fallback to directory name
+    }
+    return gitRoot;
+}
+
+export function getProjectName(gitRoot) {
+    const parts = gitRoot.split(/[\\/]/);
+    return parts[parts.length - 1] || "Unknown";
+}