npm - codeproof - Versions diffs - 1.0.5 → 1.1.0 - Mend

codeproof 1.0.5 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/bin/codeproof.js CHANGED Viewed

@@ -6,14 +6,16 @@ import { runMoveSecret } from "../commands/moveSecret.js";
 import { runWhoAmI } from "../commands/whoami.js";
 import { runIgnore } from "../commands/ignore.js";
 import { runApply } from "../commands/apply.js";
-import { logError, logInfo } from "../utils/logger.js";
+import { runHelp } from "../commands/help.js";
+import { logError } from "../utils/logger.js";
 const [, , command, ...args] = process.argv;
 async function main() {
-  if (!command || command === "-h" || command === "--help") {
-    logInfo("Usage: codeproof <command>\n\nCommands:\n  init               Initialize CodeProof in a Git repository\n  run                Run CodeProof checks (stub)\n  report@dashboard   Send latest report and show dashboard link\n  move-secret        Move high-confidence secrets to .env\n  ignore             Temporarily disable commit enforcement\n  apply              Re-enable commit enforcement\n  whoami             Show the local CodeProof client ID");
-    process.exit(0);
+  // Show help for no command or explicit help flags
+  if (!command || command === "-h" || command === "--help" || command === "help") {
+    await runHelp();
+    return;
   }
   if (command === "init") {

package/commands/help.js ADDED Viewed

@@ -0,0 +1,34 @@
+// Help command implementation
+// Displays banner and available commands
+import { displayBanner } from "../ui/banner.js";
+import { formatBlock } from "../ui/formatting.js";
+const HELP_TEXT = `Usage: codeproof <command>
+Commands:
+  init               Initialize CodeProof in a Git repository
+  run                Run CodeProof checks
+  report@dashboard   Send latest report and show dashboard link
+  move-secret        Move high-risk secrets to .env
+  ignore             Temporarily disable commit enforcement
+  apply              Re-enable commit enforcement
+  whoami             Show the local CodeProof client ID
+  help               Show this help menu
+  -h, --help         Show this help menu
+Examples:
+  codeproof init
+  codeproof run
+  codeproof move-secret --yes
+  codeproof help
+`;
+/**
+ * Display help information with banner
+ */
+export async function runHelp() {
+  displayBanner();
+  formatBlock(HELP_TEXT);
+  process.exit(0);
+}

package/commands/init.js CHANGED Viewed

@@ -5,12 +5,16 @@ import { logInfo, logSuccess, logWarn } from "../utils/logger.js";
 import { detectProjectType } from "../utils/projectType.js";
 import { installPreCommitHook } from "../hooks/preCommit.js";
 import { showWelcomeScreen } from "../ui/welcomeScreen.js";
+import { displayBanner } from "../ui/banner.js";
 import { getClientId } from "../core/identity.js";
 import { randomUUID } from "crypto";
 export async function runInit({ cwd }) {
+  // Display banner at the start of initialization
+  displayBanner();
   logInfo("Initializing CodeProof...");
   getClientId();

package/commands/moveSecret.js CHANGED Viewed

@@ -52,7 +52,9 @@ function confirmProceed(message) {
   });
 }
-export async function runMoveSecret({ cwd }) {
+export async function runMoveSecret({ args, cwd }) {
+  // Check for --yes flag to skip confirmation (for testing/CI)
+  const autoConfirm = args?.includes("--yes") || args?.includes("-y");
   // Boundary: remediation reads reports only and must not depend on analysis state.
   ensureGitRepo(cwd);
   const gitRoot = getGitRoot(cwd);
@@ -74,27 +76,49 @@ export async function runMoveSecret({ cwd }) {
   }
   warnExperimentalOnce("Experimental feature enabled: move-secret.", logWarn);
-  const latestReport = readLatestReport(gitRoot)?.report || null;
-  if (!latestReport || !Array.isArray(latestReport.findings)) {
+  // Safety: Read latest report with validation
+  const reportData = readLatestReport(gitRoot);
+  if (!reportData) {
     logWarn("No reports found. Run 'codeproof run' first.");
     process.exit(0);
   }
+  // The reportReader returns { report: parsedJSON, reportPath }
+  // The parsedJSON has structure: { projectId, clientId, project, report: {...}, ...}
+  // So reportData.report.report contains the actual report with findings
+  const fullReport = reportData.report;
+  const latestReport = fullReport.report || {};
+  if (!Array.isArray(latestReport.findings)) {
+    logWarn("Report has no findings array. Invalid report format.");
+    process.exit(1);
+  }
   const excludes = getDefaultExcludes();
   const eligible = latestReport.findings.filter((finding) => {
-    if (finding.ruleId?.startsWith("secret.") !== true) {
+    // Debug logging
+    const isSecret = finding.ruleId?.startsWith("secret.");
+    if (!isSecret) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (not secret): ${finding.ruleId}`);
       return false;
     }
-    if (finding.severity !== "block" || finding.confidence !== "high") {
+    // Process findings where severity is "block" OR "high"
+    const isHighRisk = finding.severity === "block" || finding.severity === "high";
+    if (!isHighRisk) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (low severity): ${finding.ruleId} severity=${finding.severity}`);
       return false;
     }
     if (!finding.filePath || !finding.lineNumber) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (no path/line): ${finding.ruleId}`);
       return false;
     }
     if (!finding.codeSnippet) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (no snippet): ${finding.filePath}:${finding.lineNumber}`);
       return false;
     }
@@ -103,10 +127,12 @@ export async function runMoveSecret({ cwd }) {
       : path.join(gitRoot, finding.filePath);
     if (isTestLike(absolutePath)) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (test-like): ${absolutePath}`);
       return false;
     }
     if (isIgnoredPath(absolutePath, excludes)) {
+      if (process.env.DEBUG_MOVE_SECRET) logWarn(`Filtered (ignored path): ${absolutePath}`);
       return false;
     }
@@ -126,7 +152,7 @@ export async function runMoveSecret({ cwd }) {
   }
   logInfo(`Secrets to move: ${eligible.length}`);
-  const confirmed = await confirmProceed("Proceed with moving these secrets? (y/N): ");
+  const confirmed = autoConfirm || await confirmProceed("Proceed with moving these secrets? (y/N): ");
   if (!confirmed) {
     logInfo("No changes made.");
     process.exit(0);
@@ -139,6 +165,7 @@ export async function runMoveSecret({ cwd }) {
   let secretIndex = 1;
   let secretsMoved = 0;
   const modifiedFiles = new Set();
+  const errors = [];
   for (const finding of eligible) {
     const absolutePath = path.isAbsolute(finding.filePath)
@@ -150,17 +177,18 @@ export async function runMoveSecret({ cwd }) {
       const content = fs.readFileSync(absolutePath, "utf8");
       const lines = content.split(/\r?\n/);
       lineContent = lines[finding.lineNumber - 1] || "";
-    } catch {
-      logWarn(`Skipped ${finding.filePath}:${finding.lineNumber} (unable to read file).`);
+    } catch (err) {
+      errors.push(`${finding.filePath}:${finding.lineNumber} - unable to read file: ${err.message}`);
       continue;
     }
     const expectedSecretValue = extractSecretValueFromLine(lineContent);
     if (!expectedSecretValue) {
-      logWarn(`Skipped ${finding.filePath}:${finding.lineNumber} (unable to validate secret value).`);
+      errors.push(`${finding.filePath}:${finding.lineNumber} - unable to extract secret value from line`);
       continue;
     }
+    // Avoid key collisions
     while (existingKeys.has(`CODEPROOF_SECRET_${secretIndex}`)) {
       secretIndex += 1;
     }
@@ -168,7 +196,12 @@ export async function runMoveSecret({ cwd }) {
     const envKey = `CODEPROOF_SECRET_${secretIndex}`;
     // Safety: keep an original copy before any rewrite.
-    backupFileOnce(gitRoot, absolutePath, backedUp);
+    try {
+      backupFileOnce(gitRoot, absolutePath, backedUp);
+    } catch (err) {
+      errors.push(`${finding.filePath} - backup failed: ${err.message}`);
+      continue;
+    }
     const result = replaceSecretInFile({
       filePath: absolutePath,
@@ -179,7 +212,7 @@ export async function runMoveSecret({ cwd }) {
     });
     if (!result.updated) {
-      logWarn(`Skipped ${finding.filePath}:${finding.lineNumber} (${result.reason}).`);
+      errors.push(`${finding.filePath}:${finding.lineNumber} - ${result.reason}`);
       continue;
     }
@@ -190,13 +223,32 @@ export async function runMoveSecret({ cwd }) {
     modifiedFiles.add(absolutePath);
     const relative = path.relative(gitRoot, absolutePath) || absolutePath;
-    logInfo(`Updated ${relative}:${finding.lineNumber} → process.env.${envKey}`);
+    logInfo(`✓ Updated ${relative}:${finding.lineNumber} → process.env.${envKey}`);
   }
-  appendEnvEntries(envPath, newEntries);
+  // Append env entries atomically
+  try {
+    appendEnvEntries(envPath, newEntries);
+  } catch (err) {
+    logWarn(`Failed to write .env entries: ${err.message}`);
+    errors.push(`env-write: ${err.message}`);
+  }
-  logInfo("Secret move summary:");
+  // Output summary
+  logInfo("");
+  logInfo("═══════════════════════════════════════════");
+  logInfo("Secret Move Summary");
+  logInfo("═══════════════════════════════════════════");
+  logInfo(`Secrets processed: ${eligible.length}`);
   logInfo(`Secrets moved: ${secretsMoved}`);
   logInfo(`Files modified: ${modifiedFiles.size}`);
   logInfo(`Backup location: ${path.join(gitRoot, ".codeproof-backup")}`);
+  if (errors.length > 0) {
+    logInfo("");
+    logWarn(`Errors/Skipped (${errors.length}):`);
+    errors.forEach((err) => logWarn(`  - ${err}`));
+  }
+  logInfo("═══════════════════════════════════════════");
 }

package/commands/whoami.js CHANGED Viewed

@@ -13,7 +13,7 @@ export async function runWhoAmI() {
   logInfo(clientId);
   logInfo("");
   logInfo("Use this ID to log in at:");
-  logInfo("https://your-dashboard-url.com/login");
+  logInfo("http://localhost:3000/login");
   logInfo("");
   logInfo(`Config: ${getGlobalConfigPath()}`);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeproof",
-  "version": "1.0.5",
+  "version": "1.1.0",
   "description": "CodeProof CLI",
   "type": "module",
   "bin": {

package/ui/banner.js ADDED Viewed

@@ -0,0 +1,36 @@
+// ASCII banner for CodeProof CLI
+// Professional-grade banner displayed on init and help commands
+const BANNER_TEXT = `
+ ██████╗ ██████╗ ██████╗ ███████╗██████╗ ██████╗  ██████╗  ██████╗ ███████╗
+██╔════╝██╔═══██╗██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔═══██╗██╔════╝ ██╔════╝
+██║     ██║   ██║██████╔╝█████╗  ██████╔╝██████╔╝██║   ██║██║  ███╗█████╗
+██║     ██║   ██║██╔═══╝ ██╔══╝  ██╔═══╝ ██╔══██╗██║   ██║██║   ██║██╔══╝
+╚██████╗╚██████╔╝██║     ███████╗██║     ██║  ██║╚██████╔╝╚██████╔╝███████╗
+ ╚═════╝ ╚═════╝ ╚═╝     ╚══════╝╚═╝     ╚═╝  ╚═╝ ╚═════╝  ╚═════╝ ╚══════╝
+`;
+const TAGLINE = "AI-Powered Pre-Commit Security Enforcement";
+/**
+ * Display the CodeProof banner with tagline.
+ * Used on init and help commands.
+ */
+export function displayBanner() {
+  console.log(BANNER_TEXT);
+  console.log(`  ${TAGLINE}\n`);
+}
+/**
+ * Get the banner text for programmatic use.
+ */
+export function getBannerText() {
+  return BANNER_TEXT;
+}
+/**
+ * Get the tagline for programmatic use.
+ */
+export function getTagline() {
+  return TAGLINE;
+}

package/ui/formatting.js ADDED Viewed

@@ -0,0 +1,76 @@
+// CLI output formatting helpers
+// Provides consistent, professional-grade output formatting
+const DIVIDER = "─".repeat(50);
+/**
+ * Log informational message
+ */
+function logInfo(message) {
+  console.log(`[codeproof] ${message}`);
+}
+/**
+ * Log success message (for completed actions)
+ */
+function logSuccess(message) {
+  console.log(`[codeproof] ✓ ${message}`);
+}
+/**
+ * Log warning message
+ */
+function logWarning(message) {
+  console.warn(`[codeproof] ⚠ ${message}`);
+}
+/**
+ * Log error message
+ */
+function logError(message) {
+  console.error(`[codeproof] ✗ ${message}`);
+}
+/**
+ * Print a section header with dividers
+ * Usage: sectionHeader("Initializing CodeProof")
+ */
+function sectionHeader(title) {
+  console.log(DIVIDER);
+  console.log(title.padStart(title.length + Math.floor((DIVIDER.length - title.length) / 2)));
+  console.log(DIVIDER);
+}
+/**
+ * Print structured output block (like a code block)
+ */
+function formatBlock(content) {
+  const lines = content.split("\n");
+  lines.forEach((line) => {
+    if (line.trim()) {
+      console.log(`  ${line}`);
+    } else {
+      console.log("");
+    }
+  });
+}
+/**
+ * Print a key-value pair with alignment
+ */
+function logKeyValue(key, value, indent = 2) {
+  const spaces = " ".repeat(indent);
+  console.log(`${spaces}${key.padEnd(20)} ${value}`);
+}
+/**
+ * Print an unordered list
+ */
+function logList(items, indent = 2) {
+  const spaces = " ".repeat(indent);
+  items.forEach((item) => {
+    console.log(`${spaces}• ${item}`);
+  });
+}
+export { logInfo, logSuccess, logWarning, logError, sectionHeader, formatBlock, logKeyValue, logList, DIVIDER };