codeproof 1.1.0 → 1.1.2

package/Readme.md

@@ -0,0 +1,130 @@
+CodeProof CLI
+=============
+
+CodeProof is a security-focused CLI that scans your codebase, blocks risky commits, and reports findings to a server-backed dashboard.
+
+Features
+--------
+- Run security scans on staged or full files.
+- Enforce commit safety with configurable rules.
+- Generate local reports and optionally sync them to the server.
+- Usage tracking with monthly limits (free tier default 20 runs).
+
+Installation
+------------
+Use npx (recommended):
+
+```bash
+npx codeproof init
+```
+
+Or install globally:
+
+```bash
+npm install -g codeproof
+codeproof init
+```
+
+Quick Start
+-----------
+1. Initialize in a Git repo:
+
+```bash
+codeproof init
+```
+
+2. Run a scan:
+
+```bash
+codeproof run
+```
+
+3. View reports in the dashboard (requires server):
+
+```bash
+codeproof report@dashboard
+```
+
+Commands
+--------
+- init: Initialize CodeProof in the current Git repo.
+- run: Run a security scan based on your config.
+- report@dashboard: Send latest report and show dashboard link.
+- move-secret: Move high-risk secrets to .env safely.
+- ignore: Temporarily disable commit enforcement.
+- apply: Re-enable commit enforcement.
+- whoami: Show the local clientId.
+- help: Show CLI help.
+
+Configuration
+-------------
+CodeProof uses codeproof.config.json at the repo root.
+
+Example:
+
+```json
+{
+	"projectId": "<uuid>",
+	"projectType": "Node",
+	"scanMode": "staged",
+	"enforcement": "enabled",
+	"features": {
+		"reporting": true,
+		"integration": true,
+		"aiEscalation": false,
+		"secretRemediation": false
+	},
+	"integration": {
+		"enabled": true,
+		"endpointUrl": "http://127.0.0.1:4000/api/reports"
+	}
+}
+```
+
+Usage Limits (Server-Enforced)
+------------------------------
+CodeProof enforces monthly run limits on the server.
+
+- Default plan: free
+- Default monthly limit: 20
+- The CLI checks usage before each run
+- If the server is unreachable, the CLI fails closed and stops the run
+
+API Base Override
+-----------------
+By default the CLI uses http://127.0.0.1:4000/api for usage checks.
+Override with:
+
+```bash
+set CODEPROOF_API_BASE=http://your-server:4000/api
+```
+
+move-secret Command
+-------------------
+Safely moves high-risk secrets to .env with backups:
+
+```bash
+codeproof move-secret --yes
+```
+
+Server Setup (Required for Dashboard)
+-------------------------------------
+This CLI expects the CodeProof server to be running for:
+
+- Usage enforcement
+- Report ingestion
+- Dashboard views
+
+If you only want local scanning, disable integration in your config.
+
+Dashboard
+---------
+The Next.js dashboard displays:
+
+- Project and report metrics
+- Analytics charts
+- Usage and limit graphs
+
+License
+-------
+Proprietary. All rights reserved.

package/commands/help.js

@@ -7,21 +7,17 @@ import { formatBlock } from "../ui/formatting.js";
 const HELP_TEXT = `Usage: codeproof <command>
 
 Commands:
-  init               Initialize CodeProof in a Git repository
-  run                Run CodeProof checks
-  report@dashboard   Send latest report and show dashboard link
-  move-secret        Move high-risk secrets to .env
-  ignore             Temporarily disable commit enforcement
-  apply              Re-enable commit enforcement
-  whoami             Show the local CodeProof client ID
-  help               Show this help menu
-  -h, --help         Show this help menu
+  codeproof init               Initialize CodeProof in a Git repository
+  codeproof run                Run CodeProof checks
+  codeproof report@dashboard   Send latest report and show dashboard link
+  codeproof move-secret        Move high-risk secrets to .env
+  codeproof ignore             Temporarily disable commit enforcement
+  codeproof apply              Re-enable commit enforcement
+  codeproof whoami             Show the local CodeProof client ID
+  codeproof help               Show this help menu
+  codeproof -h, --help         Show this help menu
+
 
-Examples:
-  codeproof init
-  codeproof run
-  codeproof move-secret --yes
-  codeproof help
 `;
 
 /**

package/commands/run.js

@@ -13,6 +13,7 @@ import { sendReportToServer } from "../utils/apiClient.js";
 import { resolveFeatureFlags, isVerbose } from "../core/featureFlags.js";
 import { getClientId } from "../core/identity.js";
 import { getEnforcementState } from "../core/enforcement.js";
+import { checkUsageOrThrow } from "../core/usageCheck.js";
 import {
     reportFeatureDisabled,
     warnExperimentalOnce,
@@ -67,6 +68,22 @@ export async function runCli({ args = [], cwd }) {
         process.exit(1);
     }
 
+    const clientId = getClientId();
+    try {
+        const usage = await checkUsageOrThrow({ clientId, config });
+        if (!usage.allowed) {
+            const limit = usage.limit ?? 20;
+            const used = usage.used ?? limit;
+            logError(`Free limit reached (${used}/${limit} runs/month).`);
+            logError("Upgrade to premium to continue.");
+            process.exit(1);
+        }
+    } catch (error) {
+        logError("Usage check failed. Unable to reach CodeProof server.");
+        logError(error?.message || "Usage enforcement failed.");
+        process.exit(1);
+    }
+
     const scanMode = String(config.scanMode).toLowerCase();
     let targets = [];
 

package/commands/whoami.js

@@ -14,6 +14,7 @@ export async function runWhoAmI() {
   logInfo("");
   logInfo("Use this ID to log in at:");
   logInfo("http://localhost:3000/login");
+  logInfo("http://localhost:3000/login");
   logInfo("");
   logInfo(`Config: ${getGlobalConfigPath()}`);
 }

package/core/usageCheck.js

@@ -0,0 +1,98 @@
+import http from "http";
+import https from "https";
+
+const DEFAULT_API_BASE = "http://127.0.0.1:4000/api";
+
+function resolveApiBase(config) {
+  const envBase = typeof process.env.CODEPROOF_API_BASE === "string"
+    ? process.env.CODEPROOF_API_BASE.trim()
+    : "";
+  if (envBase) {
+    return envBase.replace(/\/+$/, "");
+  }
+
+  const endpoint = typeof config?.integration?.endpointUrl === "string"
+    ? config.integration.endpointUrl.trim()
+    : "";
+
+  if (endpoint) {
+    try {
+      const url = new URL(endpoint);
+      return `${url.origin}/api`;
+    } catch {
+      return DEFAULT_API_BASE;
+    }
+  }
+
+  return DEFAULT_API_BASE;
+}
+
+export async function checkUsageOrThrow({ clientId, config }) {
+  const apiBase = resolveApiBase(config);
+  const endpoint = `${apiBase}/usage/check-and-increment`;
+  const payload = JSON.stringify({ clientId });
+
+  return new Promise((resolve, reject) => {
+    try {
+      const url = new URL(endpoint);
+      const transport = url.protocol === "http:" ? http : https;
+      const portNumber = url.port
+        ? parseInt(url.port, 10)
+        : url.protocol === "http:"
+          ? 80
+          : 443;
+
+      const request = transport.request(
+        {
+          method: "POST",
+          hostname: url.hostname,
+          port: portNumber,
+          path: `${url.pathname}${url.search}`,
+          headers: {
+            "Content-Type": "application/json",
+            "Content-Length": Buffer.byteLength(payload),
+          },
+          timeout: 5000,
+        },
+        (res) => {
+          let body = "";
+          res.on("data", (chunk) => {
+            body += chunk;
+          });
+          res.on("end", () => {
+            if (res.statusCode !== 200) {
+              reject(new Error(`Usage check failed (${res.statusCode})`));
+              return;
+            }
+
+            try {
+              const data = body ? JSON.parse(body) : null;
+              if (!data || typeof data.allowed !== "boolean") {
+                reject(new Error("Invalid usage response"));
+                return;
+              }
+              resolve(data);
+            } catch (error) {
+              reject(new Error("Invalid usage response"));
+            }
+          });
+          res.resume();
+        }
+      );
+
+      request.on("timeout", () => {
+        request.destroy();
+        reject(new Error("Usage check timeout"));
+      });
+
+      request.on("error", (err) => {
+        reject(new Error(`Usage check error: ${err.message}`));
+      });
+
+      request.write(payload);
+      request.end();
+    } catch (error) {
+      reject(new Error("Usage check failed"));
+    }
+  });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeproof",
-  "version": "1.1.0",
+  "version": "1.1.2",
   "description": "CodeProof CLI",
   "type": "module",
   "bin": {