devvami 1.4.1 → 1.5.0

package/src/commands/tasks/today.js

@@ -1,9 +1,9 @@
-import { Command } from '@oclif/core'
+import {Command} from '@oclif/core'
 import chalk from 'chalk'
 import ora from 'ora'
-import { getTasksToday, isAuthenticated } from '../../services/clickup.js'
-import { loadConfig } from '../../services/config.js'
-import { renderTable } from '../../formatters/table.js'
+import {getTasksToday, isAuthenticated} from '../../services/clickup.js'
+import {loadConfig} from '../../services/config.js'
+import {renderTable} from '../../formatters/table.js'
 
 /**
  * Return today's date as a local YYYY-MM-DD string.
@@ -15,17 +15,15 @@ function localTodayString() {
 }
 
 export default class TasksToday extends Command {
-  static description = 'Task in lavorazione oggi: data odierna nel range [startDate, dueDate]. Include task scaduti non conclusi.'
+  static description =
+    'Task in lavorazione oggi: data odierna nel range [startDate, dueDate]. Include task scaduti non conclusi.'
 
-  static examples = [
-    '<%= config.bin %> tasks today',
-    '<%= config.bin %> tasks today --json',
-  ]
+  static examples = ['<%= config.bin %> tasks today', '<%= config.bin %> tasks today --json']
 
   static enableJsonFlag = true
 
   async run() {
-    const { flags } = await this.parse(TasksToday)
+    const {flags} = await this.parse(TasksToday)
     const isJson = flags.json
     const config = await loadConfig()
 
@@ -36,38 +34,42 @@ export default class TasksToday extends Command {
     const teamId = config.clickup?.teamId
     if (!teamId) this.error('ClickUp team ID not configured. Run `dvmi init` to configure ClickUp.')
 
-    const spinner = isJson ? null : ora({ spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Fetching today\'s tasks...') }).start()
+    const spinner = isJson
+      ? null
+      : ora({spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')("Fetching today's tasks...")}).start()
     const tasks = await getTasksToday(teamId)
     spinner?.stop()
 
-    if (isJson) return { tasks }
+    if (isJson) return {tasks}
 
     if (tasks.length === 0) {
       this.log(chalk.dim('No tasks for today.'))
       this.log(chalk.dim('Check `dvmi tasks list` for all assigned tasks.'))
-      return { tasks: [] }
+      return {tasks: []}
     }
 
     const today = localTodayString()
 
-    this.log(chalk.bold('\nToday\'s tasks:\n'))
-    this.log(renderTable(tasks, [
-      { header: 'Title', key: 'name', width: 45 },
-      { header: 'Status', key: 'status', width: 15 },
-      {
-        header: 'Due',
-        key: 'dueDate',
-        width: 12,
-        format: (v) => v ?? '—',
-        colorize: (v) => {
-          if (!v) return chalk.dim('—')
-          if (v < today) return chalk.red.bold(v)
-          return v
+    this.log(chalk.bold("\nToday's tasks:\n"))
+    this.log(
+      renderTable(tasks, [
+        {header: 'Title', key: 'name', width: 45},
+        {header: 'Status', key: 'status', width: 15},
+        {
+          header: 'Due',
+          key: 'dueDate',
+          width: 12,
+          format: (v) => v ?? '—',
+          colorize: (v) => {
+            if (!v) return chalk.dim('—')
+            if (v < today) return chalk.red.bold(v)
+            return v
+          },
         },
-      },
-      { header: 'Link', key: 'url', format: (v) => v ?? '—' },
-    ]))
+        {header: 'Link', key: 'url', format: (v) => v ?? '—'},
+      ]),
+    )
 
-    return { tasks }
+    return {tasks}
   }
 }

package/src/commands/upgrade.js

@@ -1,25 +1,24 @@
-import { Command } from '@oclif/core'
+import {Command} from '@oclif/core'
 import chalk from 'chalk'
 import ora from 'ora'
-import { checkForUpdate } from '../services/version-check.js'
-import { exec } from '../services/shell.js'
+import {checkForUpdate} from '../services/version-check.js'
+import {exec} from '../services/shell.js'
 
 export default class Upgrade extends Command {
-  static description = 'Aggiorna la CLI all\'ultima versione disponibile'
+  static description = "Aggiorna la CLI all'ultima versione disponibile"
 
-  static examples = [
-    '<%= config.bin %> upgrade',
-    '<%= config.bin %> upgrade --json',
-  ]
+  static examples = ['<%= config.bin %> upgrade', '<%= config.bin %> upgrade --json']
 
   static enableJsonFlag = true
 
   async run() {
-    const { flags } = await this.parse(Upgrade)
+    const {flags} = await this.parse(Upgrade)
     const isJson = flags.json
 
-    const spinner = isJson ? null : ora({ spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Checking for updates...') }).start()
-    const { hasUpdate, current, latest } = await checkForUpdate({ force: true })
+    const spinner = isJson
+      ? null
+      : ora({spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Checking for updates...')}).start()
+    const {hasUpdate, current, latest} = await checkForUpdate({force: true})
     spinner?.stop()
 
     // Guard against malformed version strings from the GitHub Releases API
@@ -29,7 +28,7 @@ export default class Upgrade extends Command {
 
     if (!hasUpdate) {
       const msg = `You're already on the latest version (${current})`
-      if (isJson) return { currentVersion: current, latestVersion: latest, updated: false }
+      if (isJson) return {currentVersion: current, latestVersion: latest, updated: false}
       this.log(chalk.green('✓') + ' ' + msg)
       return
     }
@@ -38,17 +37,19 @@ export default class Upgrade extends Command {
       this.log(`Updating from ${chalk.yellow(current)} to ${chalk.green(latest)}`)
     }
 
-     const updateSpinner = isJson ? null : ora({ spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Installing update...') }).start()
-     // Non passare --registry globale: verrebbe usato anche per le dipendenze.
-     // ~/.npmrc ha già devvami:registry per il solo scope corretto.
-     const result = await exec('npm', ['install', '-g', `devvami@${latest}`])
+    const updateSpinner = isJson
+      ? null
+      : ora({spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Installing update...')}).start()
+    // Non passare --registry globale: verrebbe usato anche per le dipendenze.
+    // ~/.npmrc ha già devvami:registry per il solo scope corretto.
+    const result = await exec('npm', ['install', '-g', `devvami@${latest}`])
     if (result.exitCode !== 0) {
       updateSpinner?.fail('Update failed')
       this.error(`Update failed: ${result.stderr}`)
     }
     updateSpinner?.succeed(`Updated to ${latest}`)
 
-    const response = { currentVersion: current, latestVersion: latest, updated: true }
+    const response = {currentVersion: current, latestVersion: latest, updated: true}
     if (isJson) return response
 
     this.log(chalk.green('✓') + ` Successfully updated to ${latest}`)

package/src/commands/vuln/detail.js

@@ -1,9 +1,9 @@
-import { Command, Args, Flags } from '@oclif/core'
+import {Command, Args, Flags} from '@oclif/core'
 import ora from 'ora'
-import { getCveDetail } from '../../services/nvd.js'
-import { formatCveDetail } from '../../formatters/vuln.js'
-import { openBrowser } from '../../utils/open-browser.js'
-import { ValidationError } from '../../utils/errors.js'
+import {getCveDetail} from '../../services/nvd.js'
+import {formatCveDetail} from '../../formatters/vuln.js'
+import {openBrowser} from '../../utils/open-browser.js'
+import {ValidationError} from '../../utils/errors.js'
 
 export default class VulnDetail extends Command {
   static description = 'View full details for a specific CVE'
@@ -17,7 +17,7 @@ export default class VulnDetail extends Command {
   static enableJsonFlag = true
 
   static args = {
-    cveId: Args.string({ description: 'CVE identifier (e.g. CVE-2021-44228)', required: true }),
+    cveId: Args.string({description: 'CVE identifier (e.g. CVE-2021-44228)', required: true}),
   }
 
   static flags = {
@@ -29,9 +29,9 @@ export default class VulnDetail extends Command {
   }
 
   async run() {
-    const { args, flags } = await this.parse(VulnDetail)
+    const {args, flags} = await this.parse(VulnDetail)
     const isJson = flags.json
-    const { cveId } = args
+    const {cveId} = args
 
     if (!cveId || !/^CVE-\d{4}-\d{4,}$/i.test(cveId)) {
       throw new ValidationError(

package/src/commands/vuln/scan.js

@@ -1,10 +1,29 @@
-import { Command, Flags } from '@oclif/core'
-import { writeFile } from 'node:fs/promises'
+import {Command, Flags} from '@oclif/core'
+import {writeFile} from 'node:fs/promises'
 import ora from 'ora'
 import chalk from 'chalk'
-import { detectEcosystems, supportedEcosystemsMessage } from '../../services/audit-detector.js'
-import { runAudit, summarizeFindings, filterBySeverity } from '../../services/audit-runner.js'
-import { formatFindingsTable, formatScanSummary, formatMarkdownReport } from '../../formatters/vuln.js'
+import {detectEcosystems, supportedEcosystemsMessage} from '../../services/audit-detector.js'
+import {runAudit, summarizeFindings, filterBySeverity} from '../../services/audit-runner.js'
+import {
+  formatFindingsTable,
+  formatScanSummary,
+  formatMarkdownReport,
+  truncate,
+  colorSeverity,
+} from '../../formatters/vuln.js'
+import {getCveDetail} from '../../services/nvd.js'
+import {startInteractiveTable} from '../../utils/tui/navigable-table.js'
+
+// Minimum terminal rows required to show the interactive TUI (same threshold as vuln search)
+const MIN_TTY_ROWS = 6
+
+// Column widths for the navigable table (match the static findings table)
+const COL_WIDTHS = {
+  pkg: 20,
+  version: 12,
+  severity: 10,
+  cve: 20,
+}
 
 export default class VulnScan extends Command {
   static description = 'Scan the current directory for known vulnerabilities in dependencies'
@@ -36,9 +55,9 @@ export default class VulnScan extends Command {
   }
 
   async run() {
-    const { flags } = await this.parse(VulnScan)
+    const {flags} = await this.parse(VulnScan)
     const isJson = flags.json
-    const { severity, 'no-fail': noFail, report } = flags
+    const {severity, 'no-fail': noFail, report} = flags
 
     const projectPath = process.env.DVMI_SCAN_DIR ?? process.cwd()
     const scanDate = new Date().toISOString()
@@ -53,8 +72,8 @@ export default class VulnScan extends Command {
           scanDate,
           ecosystems: [],
           findings: [],
-          summary: { critical: 0, high: 0, medium: 0, low: 0, unknown: 0, total: 0 },
-          errors: [{ ecosystem: 'none', message: 'No supported package manager detected.' }],
+          summary: {critical: 0, high: 0, medium: 0, low: 0, unknown: 0, total: 0},
+          errors: [{ecosystem: 'none', message: 'No supported package manager detected.'}],
         }
       }
 
@@ -86,11 +105,11 @@ export default class VulnScan extends Command {
     for (const eco of ecosystems) {
       const spinner = isJson ? null : ora(`  Scanning ${eco.name} dependencies...`).start()
 
-      const { findings, error } = await runAudit(eco)
+      const {findings, error} = await runAudit(eco)
 
       if (error) {
         spinner?.fail(`  Scanning ${eco.name} dependencies... failed`)
-        errors.push({ ecosystem: eco.name, message: error })
+        errors.push({ecosystem: eco.name, message: error})
       } else {
         spinner?.succeed(`  Scanning ${eco.name} dependencies... done`)
         allFindings.push(...findings)
@@ -112,7 +131,7 @@ export default class VulnScan extends Command {
       errors,
     }
 
-    // Write report if requested
+    // Write report if requested (always, regardless of TTY mode)
     if (report) {
       const markdown = formatMarkdownReport(result)
       await writeFile(report, markdown, 'utf8')
@@ -128,17 +147,71 @@ export default class VulnScan extends Command {
       return result
     }
 
-    if (filteredFindings.length > 0) {
-      this.log(chalk.bold(`  Findings (${filteredFindings.length} ${filteredFindings.length === 1 ? 'vulnerability' : 'vulnerabilities'})`))
-      this.log('')
-      this.log(formatFindingsTable(filteredFindings))
-      this.log('')
-      this.log(chalk.bold('  Summary'))
-      this.log(formatScanSummary(summary))
-      this.log('')
-      this.log(chalk.yellow(`  ⚠ ${filteredFindings.length} ${filteredFindings.length === 1 ? 'vulnerability' : 'vulnerabilities'} found. Run \`dvmi vuln detail <CVE-ID>\` for details.`))
+    // ── TTY interactive table ──────────────────────────────────────────────────
+    // In a real TTY with enough rows and at least one finding, replace the static
+    // table with the navigable TUI (same experience as `dvmi vuln search`).
+    const ttyRows = process.stdout.rows ?? 0
+    const useTUI = process.stdout.isTTY && filteredFindings.length > 0 && ttyRows >= MIN_TTY_ROWS
+
+    if (useTUI) {
+      const count = filteredFindings.length
+      const label = count === 1 ? 'finding' : 'findings'
+      const heading = `Vulnerability Scan: ${count} ${label}`
+
+      const termCols = process.stdout.columns || 80
+      // Title width: whatever is left after Package + Version + Severity + CVE + separators
+      const fixedCols = COL_WIDTHS.pkg + COL_WIDTHS.version + COL_WIDTHS.severity + COL_WIDTHS.cve
+      const separators = 5 * 2 // 5 gaps between 5 columns
+      const titleWidth = Math.max(15, Math.min(50, termCols - fixedCols - separators))
+
+      const rows = filteredFindings.map((f) => ({
+        id: f.cveId ?? null,
+        pkg: f.package,
+        version: f.installedVersion ?? '—',
+        severity: f.severity,
+        cve: f.cveId ?? '—',
+        title: truncate(f.title ?? '—', titleWidth),
+        advisoryUrl: f.advisoryUrl ?? null,
+      }))
+
+      /** @type {import('../../utils/tui/navigable-table.js').TableColumnDef[]} */
+      const columns = [
+        {header: 'Package', key: 'pkg', width: COL_WIDTHS.pkg},
+        {header: 'Version', key: 'version', width: COL_WIDTHS.version},
+        {header: 'Severity', key: 'severity', width: COL_WIDTHS.severity, colorize: (v) => colorSeverity(v)},
+        {
+          header: 'CVE',
+          key: 'cve',
+          width: COL_WIDTHS.cve,
+          colorize: (v) => (v !== '—' ? chalk.cyan(v) : chalk.gray(v)),
+        },
+        {header: 'Title', key: 'title', width: titleWidth},
+      ]
+
+      await startInteractiveTable(rows, columns, heading, filteredFindings.length, getCveDetail)
+    } else {
+      // Non-TTY fallback: static table + summary (unchanged from pre-TUI behaviour)
+      if (filteredFindings.length > 0) {
+        this.log(
+          chalk.bold(
+            `  Findings (${filteredFindings.length} ${filteredFindings.length === 1 ? 'vulnerability' : 'vulnerabilities'})`,
+          ),
+        )
+        this.log('')
+        this.log(formatFindingsTable(filteredFindings))
+        this.log('')
+        this.log(chalk.bold('  Summary'))
+        this.log(formatScanSummary(summary))
+        this.log('')
+        this.log(
+          chalk.yellow(
+            `  ⚠ ${filteredFindings.length} ${filteredFindings.length === 1 ? 'vulnerability' : 'vulnerabilities'} found. Run \`dvmi vuln detail <CVE-ID>\` for details.`,
+          ),
+        )
+      }
     }
 
+    // Always print audit errors (e.g. tool not installed) after findings/TUI
     if (errors.length > 0) {
       this.log('')
       for (const err of errors) {
@@ -146,6 +219,7 @@ export default class VulnScan extends Command {
       }
     }
 
+    // Preserve exit code semantics: exit 1 when vulns found (unless --no-fail)
     if (filteredFindings.length > 0 && !noFail) {
       this.exit(1)
     }

package/src/commands/vuln/search.js

@@ -1,10 +1,10 @@
-import { Command, Args, Flags } from '@oclif/core'
+import {Command, Args, Flags} from '@oclif/core'
 import ora from 'ora'
 import chalk from 'chalk'
-import { searchCves, getCveDetail } from '../../services/nvd.js'
-import { formatCveSearchTable, colorSeverity, formatScore, formatDate, truncate } from '../../formatters/vuln.js'
-import { startInteractiveTable } from '../../utils/tui/navigable-table.js'
-import { ValidationError } from '../../utils/errors.js'
+import {searchCves, getCveDetail} from '../../services/nvd.js'
+import {formatCveSearchTable, colorSeverity, formatScore, formatDate, truncate} from '../../formatters/vuln.js'
+import {startInteractiveTable} from '../../utils/tui/navigable-table.js'
+import {ValidationError} from '../../utils/errors.js'
 
 // Minimum terminal rows required to show the interactive TUI
 const MIN_TTY_ROWS = 6
@@ -33,7 +33,10 @@ export default class VulnSearch extends Command {
   static enableJsonFlag = true
 
   static args = {
-    keyword: Args.string({ description: 'Product, library, or keyword to search for (optional — omit to see all recent CVEs)', required: false }),
+    keyword: Args.string({
+      description: 'Product, library, or keyword to search for (optional — omit to see all recent CVEs)',
+      required: false,
+    }),
   }
 
   static flags = {
@@ -55,11 +58,11 @@ export default class VulnSearch extends Command {
   }
 
   async run() {
-    const { args, flags } = await this.parse(VulnSearch)
+    const {args, flags} = await this.parse(VulnSearch)
     const isJson = flags.json
 
-    const { keyword } = args
-    const { days, severity, limit } = flags
+    const {keyword} = args
+    const {days, severity, limit} = flags
 
     if (days < 1 || days > 120) {
       throw new ValidationError(
@@ -75,13 +78,15 @@ export default class VulnSearch extends Command {
       )
     }
 
-    const spinner = isJson ? null : ora(keyword ? `Searching NVD for "${keyword}"...` : `Fetching recent CVEs (last ${days} days)...`).start()
+    const spinner = isJson
+      ? null
+      : ora(keyword ? `Searching NVD for "${keyword}"...` : `Fetching recent CVEs (last ${days} days)...`).start()
 
     try {
-      const { results, totalResults } = await searchCves({ keyword, days, severity, limit })
+      const {results, totalResults} = await searchCves({keyword, days, severity, limit})
       spinner?.stop()
 
-      const result = { keyword: keyword ?? null, days, severity: severity ?? null, totalResults, results }
+      const result = {keyword: keyword ?? null, days, severity: severity ?? null, totalResults, results}
 
       if (isJson) return result
 
@@ -108,12 +113,12 @@ export default class VulnSearch extends Command {
 
         /** @type {import('../../utils/tui/navigable-table.js').TableColumnDef[]} */
         const columns = [
-          { header: 'CVE ID',      key: 'id',          width: COL_WIDTHS.id,        colorize: (v) => chalk.cyan(v) },
-          { header: 'Severity',    key: 'severity',     width: COL_WIDTHS.severity,  colorize: (v) => colorSeverity(v) },
-          { header: 'Score',       key: 'score',        width: COL_WIDTHS.score },
-          { header: 'Published',   key: 'published',    width: COL_WIDTHS.published },
-          { header: 'Description', key: 'description',  width: descWidth },
-          { header: 'Reference',   key: 'reference',    width: COL_WIDTHS.reference },
+          {header: 'CVE ID', key: 'id', width: COL_WIDTHS.id, colorize: (v) => chalk.cyan(v)},
+          {header: 'Severity', key: 'severity', width: COL_WIDTHS.severity, colorize: (v) => colorSeverity(v)},
+          {header: 'Score', key: 'score', width: COL_WIDTHS.score},
+          {header: 'Published', key: 'published', width: COL_WIDTHS.published},
+          {header: 'Description', key: 'description', width: descWidth},
+          {header: 'Reference', key: 'reference', width: COL_WIDTHS.reference},
         ]
 
         await startInteractiveTable(rows, columns, heading, totalResults, getCveDetail)

package/src/commands/welcome.js

@@ -1,5 +1,5 @@
-import { Command } from '@oclif/core'
-import { printWelcomeScreen } from '../utils/welcome.js'
+import {Command} from '@oclif/core'
+import {printWelcomeScreen} from '../utils/welcome.js'
 
 /**
  * Display the dvmi cyberpunk mission dashboard.

package/src/commands/whoami.js

@@ -1,66 +1,62 @@
-import { Command } from '@oclif/core'
+import {Command} from '@oclif/core'
 import chalk from 'chalk'
 import ora from 'ora'
-import { createOctokit } from '../services/github.js'
-import { checkAWSAuth } from '../services/auth.js'
-import { getCurrentVersion } from '../services/version-check.js'
-import { CONFIG_PATH, loadConfig } from '../services/config.js'
-import { getUser, isAuthenticated } from '../services/clickup.js'
+import {createOctokit} from '../services/github.js'
+import {checkAWSAuth} from '../services/auth.js'
+import {getCurrentVersion} from '../services/version-check.js'
+import {CONFIG_PATH, loadConfig} from '../services/config.js'
+import {getUser, isAuthenticated} from '../services/clickup.js'
 
 export default class Whoami extends Command {
   static description = 'Mostra la tua identita su GitHub, AWS e ClickUp'
 
-  static examples = [
-    '<%= config.bin %> whoami',
-    '<%= config.bin %> whoami --json',
-  ]
+  static examples = ['<%= config.bin %> whoami', '<%= config.bin %> whoami --json']
 
   static enableJsonFlag = true
 
   async run() {
-    const { flags } = await this.parse(Whoami)
+    const {flags} = await this.parse(Whoami)
     const isJson = flags.json
 
-    const spinner = isJson ? null : ora({ spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Fetching identity...') }).start()
+    const spinner = isJson
+      ? null
+      : ora({spinner: 'arc', color: false, text: chalk.hex('#FF6B2B')('Fetching identity...')}).start()
 
     const [ghResult, awsResult, version, cuResult] = await Promise.allSettled([
       (async () => {
         const octokit = await createOctokit()
-        const { data: user } = await octokit.rest.users.getAuthenticated()
-        return { username: user.login, name: user.name ?? '', org: '', teams: [] }
+        const {data: user} = await octokit.rest.users.getAuthenticated()
+        return {username: user.login, name: user.name ?? '', org: '', teams: []}
       })(),
       checkAWSAuth(),
       getCurrentVersion(),
       (async () => {
         if (!(await isAuthenticated())) return null
         const [user, config] = await Promise.all([getUser(), loadConfig()])
-        return { username: user.username, teamName: config.clickup?.teamName ?? null }
+        return {username: user.username, teamName: config.clickup?.teamName ?? null}
       })(),
     ])
 
     spinner?.stop()
 
-    const github =
-      ghResult.status === 'fulfilled'
-        ? ghResult.value
-        : { username: null, error: '[NOT AUTHENTICATED]' }
+    const github = ghResult.status === 'fulfilled' ? ghResult.value : {username: null, error: '[NOT AUTHENTICATED]'}
 
     const aws =
       awsResult.status === 'fulfilled' && awsResult.value.authenticated
-        ? { accountId: awsResult.value.account, role: awsResult.value.role }
-        : { accountId: null, error: '[NOT AUTHENTICATED]' }
+        ? {accountId: awsResult.value.account, role: awsResult.value.role}
+        : {accountId: null, error: '[NOT AUTHENTICATED]'}
 
     const clickup =
       cuResult.status === 'fulfilled' && cuResult.value
         ? cuResult.value
-        : { username: null, teamName: null, error: '[NOT AUTHENTICATED]' }
+        : {username: null, teamName: null, error: '[NOT AUTHENTICATED]'}
 
     const cli = {
       version: version.status === 'fulfilled' ? version.value : '?',
       configPath: CONFIG_PATH,
     }
 
-    const result = { github, aws, clickup, cli }
+    const result = {github, aws, clickup, cli}
 
     if (isJson) return result