codeproof 1.1.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/Readme.md +130 -0
  2. package/commands/init.js +1 -1
  3. package/commands/whoami.js +1 -0
  4. package/core/usageCheck.js +1 -1
  5. package/package.json +1 -1
  6. package/utils/apiClient.js +1 -1
package/Readme.md ADDED
@@ -0,0 +1,130 @@
1
+ CodeProof CLI
2
+ =============
3
+
4
+ CodeProof is a security-focused CLI that scans your codebase, blocks risky commits, and reports findings to a server-backed dashboard.
5
+
6
+ Features
7
+ --------
8
+ - Run security scans on staged or full files.
9
+ - Enforce commit safety with configurable rules.
10
+ - Generate local reports and optionally sync them to the server.
11
+ - Usage tracking with monthly limits (free tier default 20 runs).
12
+
13
+ Installation
14
+ ------------
15
+ Use npx (recommended):
16
+
17
+ ```bash
18
+ npx codeproof init
19
+ ```
20
+
21
+ Or install globally:
22
+
23
+ ```bash
24
+ npm install -g codeproof
25
+ codeproof init
26
+ ```
27
+
28
+ Quick Start
29
+ -----------
30
+ 1. Initialize in a Git repo:
31
+
32
+ ```bash
33
+ codeproof init
34
+ ```
35
+
36
+ 2. Run a scan:
37
+
38
+ ```bash
39
+ codeproof run
40
+ ```
41
+
42
+ 3. View reports in the dashboard (requires server):
43
+
44
+ ```bash
45
+ codeproof report@dashboard
46
+ ```
47
+
48
+ Commands
49
+ --------
50
+ - init: Initialize CodeProof in the current Git repo.
51
+ - run: Run a security scan based on your config.
52
+ - report@dashboard: Send latest report and show dashboard link.
53
+ - move-secret: Move high-risk secrets to .env safely.
54
+ - ignore: Temporarily disable commit enforcement.
55
+ - apply: Re-enable commit enforcement.
56
+ - whoami: Show the local clientId.
57
+ - help: Show CLI help.
58
+
59
+ Configuration
60
+ -------------
61
+ CodeProof uses codeproof.config.json at the repo root.
62
+
63
+ Example:
64
+
65
+ ```json
66
+ {
67
+ "projectId": "<uuid>",
68
+ "projectType": "Node",
69
+ "scanMode": "staged",
70
+ "enforcement": "enabled",
71
+ "features": {
72
+ "reporting": true,
73
+ "integration": true,
74
+ "aiEscalation": false,
75
+ "secretRemediation": false
76
+ },
77
+ "integration": {
78
+ "enabled": true,
79
+ "endpointUrl": "http://127.0.0.1:4000/api/reports"
80
+ }
81
+ }
82
+ ```
83
+
84
+ Usage Limits (Server-Enforced)
85
+ ------------------------------
86
+ CodeProof enforces monthly run limits on the server.
87
+
88
+ - Default plan: free
89
+ - Default monthly limit: 20
90
+ - The CLI checks usage before each run
91
+ - If the server is unreachable, the CLI fails closed and stops the run
92
+
93
+ API Base Override
94
+ -----------------
95
+ By default the CLI uses http://127.0.0.1:4000/api for usage checks.
96
+ Override with:
97
+
98
+ ```bash
99
+ set CODEPROOF_API_BASE=http://your-server:4000/api
100
+ ```
101
+
102
+ move-secret Command
103
+ -------------------
104
+ Safely moves high-risk secrets to .env with backups:
105
+
106
+ ```bash
107
+ codeproof move-secret --yes
108
+ ```
109
+
110
+ Server Setup (Required for Dashboard)
111
+ -------------------------------------
112
+ This CLI expects the CodeProof server to be running for:
113
+
114
+ - Usage enforcement
115
+ - Report ingestion
116
+ - Dashboard views
117
+
118
+ If you only want local scanning, disable integration in your config.
119
+
120
+ Dashboard
121
+ ---------
122
+ The Next.js dashboard displays:
123
+
124
+ - Project and report metrics
125
+ - Analytics charts
126
+ - Usage and limit graphs
127
+
128
+ License
129
+ -------
130
+ Proprietary. All rights reserved.
package/commands/init.js CHANGED
@@ -63,7 +63,7 @@ export async function runInit({ cwd }) {
63
63
  },
64
64
  integration: {
65
65
  enabled: false,
66
- endpointUrl: ""
66
+ endpointUrl: "https://code-proof.onrender.com/api/reports"
67
67
  },
68
68
  severityRules: {
69
69
  block: [],
package/commands/whoami.js CHANGED
@@ -14,6 +14,7 @@ export async function runWhoAmI() {
14
14
  logInfo("");
15
15
  logInfo("Use this ID to log in at:");
16
16
  logInfo("http://localhost:3000/login");
17
+ logInfo("http://localhost:3000/login");
17
18
  logInfo("");
18
19
  logInfo(`Config: ${getGlobalConfigPath()}`);
19
20
  }
package/core/usageCheck.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import http from "http";
2
2
  import https from "https";
3
3
 
4
- const DEFAULT_API_BASE = "http://127.0.0.1:4000/api";
4
+ const DEFAULT_API_BASE = "https://code-proof.onrender.com/api";
5
5
 
6
6
  function resolveApiBase(config) {
7
7
  const envBase = typeof process.env.CODEPROOF_API_BASE === "string"
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "codeproof",
3
- "version": "1.1.1",
3
+ "version": "1.2.0",
4
4
  "description": "CodeProof CLI",
5
5
  "type": "module",
6
6
  "bin": {
package/utils/apiClient.js CHANGED
@@ -4,7 +4,7 @@ import https from "https";
4
4
  // Boundary: integration layer only. Must not import CLI, rule engine, or reporting.
5
5
  // Network calls are fail-open to avoid impacting commits or developer flow.
6
6
 
7
- const DEFAULT_ENDPOINT = "http://127.0.0.1:4000/api/reports";
7
+ const DEFAULT_ENDPOINT = "https://code-proof.onrender.com/api/reports";
8
8
 
9
9
  export async function sendReportToServer(report, options = {}) {
10
10
  const enabled = Boolean(options.enabled);