devvami 1.4.2 → 1.5.1

package/src/services/nvd.js

@@ -1,13 +1,12 @@
-import { loadConfig } from './config.js'
-import { DvmiError } from '../utils/errors.js'
+import {loadConfig} from './config.js'
+import {DvmiError} from '../utils/errors.js'
 
 /** @import { CveSearchResult, CveDetail } from '../types.js' */
 
 const NVD_BASE_URL = 'https://services.nvd.nist.gov/rest/json/cves/2.0'
 
 /** NVD attribution required in all interactive output. */
-export const NVD_ATTRIBUTION =
-  'This product uses data from the NVD API but is not endorsed or certified by the NVD.'
+export const NVD_ATTRIBUTION = 'This product uses data from the NVD API but is not endorsed or certified by the NVD.'
 
 /**
  * Normalize a raw NVD severity string to the 4-tier canonical form.
@@ -31,11 +30,7 @@ export function normalizeSeverity(raw) {
  * @returns {{ score: number|null, severity: string, vector: string|null }}
  */
 function extractCvss(metrics) {
-  const sources = [
-    (metrics?.cvssMetricV31 ?? []),
-    (metrics?.cvssMetricV40 ?? []),
-    (metrics?.cvssMetricV2 ?? []),
-  ]
+  const sources = [metrics?.cvssMetricV31 ?? [], metrics?.cvssMetricV40 ?? [], metrics?.cvssMetricV2 ?? []]
 
   for (const list of sources) {
     if (Array.isArray(list) && list.length > 0) {
@@ -50,7 +45,7 @@ function extractCvss(metrics) {
     }
   }
 
-  return { score: null, severity: 'Unknown', vector: null }
+  return {score: null, severity: 'Unknown', vector: null}
 }
 
 /**
@@ -88,15 +83,12 @@ function buildParams(params) {
 async function nvdFetch(params, apiKey) {
   const url = `${NVD_BASE_URL}?${params.toString()}`
   /** @type {Record<string, string>} */
-  const headers = { Accept: 'application/json' }
+  const headers = {Accept: 'application/json'}
   if (apiKey) headers['apiKey'] = apiKey
 
-  const res = await fetch(url, { headers })
+  const res = await fetch(url, {headers})
   if (!res.ok) {
-    throw new DvmiError(
-      `NVD API returned HTTP ${res.status}`,
-      'Check your network connection or try again later.',
-    )
+    throw new DvmiError(`NVD API returned HTTP ${res.status}`, 'Check your network connection or try again later.')
   }
   return res.json()
 }
@@ -108,7 +100,7 @@ async function nvdFetch(params, apiKey) {
  */
 function parseCveSearchResult(raw) {
   const cve = raw.cve
-  const { score, severity } = extractCvss(cve.metrics ?? {})
+  const {score, severity} = extractCvss(cve.metrics ?? {})
   return {
     id: cve.id,
     description: getEnDescription(cve.descriptions),
@@ -127,7 +119,7 @@ function parseCveSearchResult(raw) {
  */
 function parseCveDetail(raw) {
   const cve = raw.cve
-  const { score, severity, vector } = extractCvss(cve.metrics ?? {})
+  const {score, severity, vector} = extractCvss(cve.metrics ?? {})
 
   // Weaknesses: flatten all CWE descriptions
   const weaknesses = (cve.weaknesses ?? []).flatMap((w) =>
@@ -149,10 +141,11 @@ function parseCveDetail(raw) {
           const product = parts[4] ?? 'unknown'
           const versionStart = m.versionStartIncluding ?? m.versionStartExcluding ?? ''
           const versionEnd = m.versionEndExcluding ?? m.versionEndIncluding ?? ''
-          const versions = versionStart && versionEnd
-            ? `${versionStart} to ${versionEnd}`
-            : versionStart || versionEnd || (parts[5] ?? '*')
-          return { vendor, product, versions }
+          const versions =
+            versionStart && versionEnd
+              ? `${versionStart} to ${versionEnd}`
+              : versionStart || versionEnd || (parts[5] ?? '*')
+          return {vendor, product, versions}
         }),
     ),
   )
@@ -188,7 +181,7 @@ function parseCveDetail(raw) {
  * @param {number} [options.limit=20] - Maximum results to return
  * @returns {Promise<{ results: CveSearchResult[], totalResults: number }>}
  */
-export async function searchCves({ keyword, days = 14, severity, limit = 20 }) {
+export async function searchCves({keyword, days = 14, severity, limit = 20}) {
   const config = await loadConfig()
   const apiKey = config.nvd?.apiKey
 
@@ -202,17 +195,17 @@ export async function searchCves({ keyword, days = 14, severity, limit = 20 }) {
   const trimmedKeyword = keyword?.trim()
 
   const params = buildParams({
-    ...(trimmedKeyword ? { keywordSearch: trimmedKeyword } : {}),
+    ...(trimmedKeyword ? {keywordSearch: trimmedKeyword} : {}),
     pubStartDate,
     pubEndDate,
     resultsPerPage: limit,
-    ...(severity ? { cvssV3Severity: severity.toUpperCase() } : {}),
+    ...(severity ? {cvssV3Severity: severity.toUpperCase()} : {}),
   })
 
   const data = /** @type {any} */ (await nvdFetch(params, apiKey))
 
   const results = (data.vulnerabilities ?? []).map(parseCveSearchResult)
-  return { results, totalResults: data.totalResults ?? results.length }
+  return {results, totalResults: data.totalResults ?? results.length}
 }
 
 /**
@@ -231,14 +224,11 @@ export async function getCveDetail(cveId) {
   const config = await loadConfig()
   const apiKey = config.nvd?.apiKey
 
-  const params = buildParams({ cveId: cveId.toUpperCase() })
+  const params = buildParams({cveId: cveId.toUpperCase()})
   const data = /** @type {any} */ (await nvdFetch(params, apiKey))
 
   if (!data.vulnerabilities || data.vulnerabilities.length === 0) {
-    throw new DvmiError(
-      `CVE not found: ${cveId}`,
-      'Verify the CVE ID is correct and exists in the NVD database.',
-    )
+    throw new DvmiError(`CVE not found: ${cveId}`, 'Verify the CVE ID is correct and exists in the NVD database.')
   }
 
   return parseCveDetail(data.vulnerabilities[0])

package/src/services/platform.js

@@ -1,5 +1,5 @@
-import { readFile } from 'node:fs/promises'
-import { existsSync } from 'node:fs'
+import {readFile} from 'node:fs/promises'
+import {existsSync} from 'node:fs'
 
 /** @import { Platform, PlatformInfo } from '../types.js' */
 

package/src/services/prompts.js

@@ -1,10 +1,10 @@
-import { mkdir, writeFile, readFile, access } from 'node:fs/promises'
-import { join, dirname, resolve, sep } from 'node:path'
-import { execa } from 'execa'
-import { createOctokit } from './github.js'
-import { which } from './shell.js'
-import { parseFrontmatter, serializeFrontmatter } from '../utils/frontmatter.js'
-import { DvmiError } from '../utils/errors.js'
+import {mkdir, writeFile, readFile, access} from 'node:fs/promises'
+import {join, dirname, resolve, sep} from 'node:path'
+import {execa} from 'execa'
+import {createOctokit} from './github.js'
+import {which} from './shell.js'
+import {parseFrontmatter, serializeFrontmatter} from '../utils/frontmatter.js'
+import {DvmiError} from '../utils/errors.js'
 
 /** @import { Prompt, AITool } from '../types.js' */
 
@@ -13,15 +13,15 @@ import { DvmiError } from '../utils/errors.js'
  * @type {Record<AITool, { bin: string[], promptFlag: string }>}
  */
 export const SUPPORTED_TOOLS = {
-  opencode: { bin: ['opencode'], promptFlag: '--prompt' },
-  copilot: { bin: ['gh', 'copilot'], promptFlag: '-p' },
+  opencode: {bin: ['opencode'], promptFlag: '--prompt'},
+  copilot: {bin: ['gh', 'copilot'], promptFlag: '-p'},
 }
 
 /**
  * GitHub repository containing the personal prompt collection.
  * @type {{ owner: string, repo: string }}
  */
-export const PROMPT_REPO = { owner: 'savez', repo: 'prompt-for-ai' }
+export const PROMPT_REPO = {owner: 'savez', repo: 'prompt-for-ai'}
 
 /**
  * Default branch used when fetching the repository tree.
@@ -75,7 +75,7 @@ function categoryFromPath(filePath) {
  */
 function contentToPrompt(path, base64Content) {
   const raw = Buffer.from(base64Content, 'base64').toString('utf8')
-  const { frontmatter, body } = parseFrontmatter(raw)
+  const {frontmatter, body} = parseFrontmatter(raw)
   return {
     path,
     title: typeof frontmatter.title === 'string' ? frontmatter.title : titleFromPath(path),
@@ -101,7 +101,7 @@ export async function listPrompts() {
   const octokit = await createOctokit()
   let tree
   try {
-    const { data } = await octokit.rest.git.getTree({
+    const {data} = await octokit.rest.git.getTree({
       owner: PROMPT_REPO.owner,
       repo: PROMPT_REPO.repo,
       tree_sha: DEFAULT_BRANCH,
@@ -132,7 +132,7 @@ export async function listPrompts() {
 
   const prompts = await Promise.all(
     mdFiles.map(async (item) => {
-      const { data } = await octokit.rest.repos.getContent({
+      const {data} = await octokit.rest.repos.getContent({
         owner: PROMPT_REPO.owner,
         repo: PROMPT_REPO.repo,
         path: item.path ?? '',
@@ -169,10 +169,7 @@ export async function fetchPromptByPath(relativePath) {
   } catch (err) {
     const status = /** @type {{ status?: number }} */ (err).status
     if (status === 404) {
-      throw new DvmiError(
-        `Prompt not found: ${relativePath}`,
-        `Run \`dvmi prompts list\` to see available prompts`,
-      )
+      throw new DvmiError(`Prompt not found: ${relativePath}`, `Run \`dvmi prompts list\` to see available prompts`)
     }
     throw err
   }
@@ -207,17 +204,14 @@ export async function downloadPrompt(relativePath, localDir, opts = {}) {
   // Prevent path traversal: destPath must remain within localDir
   const safeBase = resolve(localDir) + sep
   if (!resolve(destPath).startsWith(safeBase)) {
-    throw new DvmiError(
-      `Invalid prompt path: "${relativePath}"`,
-      'Path must stay within the prompts directory',
-    )
+    throw new DvmiError(`Invalid prompt path: "${relativePath}"`, 'Path must stay within the prompts directory')
   }
 
   // Fast-path: skip without a network round-trip if file exists and no overwrite
   if (!opts.overwrite) {
     try {
       await access(destPath)
-      return { path: destPath, skipped: true }
+      return {path: destPath, skipped: true}
     } catch {
       // File does not exist — fall through to download
     }
@@ -237,10 +231,10 @@ export async function downloadPrompt(relativePath, localDir, opts = {}) {
 
   const content = serializeFrontmatter(fm, prompt.body)
 
-  await mkdir(dirname(destPath), { recursive: true, mode: 0o700 })
-  await writeFile(destPath, content, { encoding: 'utf8', mode: 0o600 })
+  await mkdir(dirname(destPath), {recursive: true, mode: 0o700})
+  await writeFile(destPath, content, {encoding: 'utf8', mode: 0o600})
 
-  return { path: destPath, skipped: false }
+  return {path: destPath, skipped: false}
 }
 
 /**
@@ -258,10 +252,7 @@ export async function resolveLocalPrompt(relativePath, localDir) {
   // Prevent path traversal: fullPath must remain within localDir
   const safeBase = resolve(localDir) + sep
   if (!resolve(fullPath).startsWith(safeBase)) {
-    throw new DvmiError(
-      `Invalid prompt path: "${relativePath}"`,
-      'Path must stay within the prompts directory',
-    )
+    throw new DvmiError(`Invalid prompt path: "${relativePath}"`, 'Path must stay within the prompts directory')
   }
 
   let raw
@@ -274,7 +265,7 @@ export async function resolveLocalPrompt(relativePath, localDir) {
     )
   }
 
-  const { frontmatter, body } = parseFrontmatter(raw)
+  const {frontmatter, body} = parseFrontmatter(raw)
   return {
     path: relativePath,
     title: typeof frontmatter.title === 'string' ? frontmatter.title : titleFromPath(relativePath),
@@ -301,10 +292,7 @@ export async function resolveLocalPrompt(relativePath, localDir) {
 export async function invokeTool(toolName, promptContent) {
   const tool = SUPPORTED_TOOLS[toolName]
   if (!tool) {
-    throw new DvmiError(
-      `Unknown AI tool: "${toolName}"`,
-      `Supported tools: ${Object.keys(SUPPORTED_TOOLS).join(', ')}`,
-    )
+    throw new DvmiError(`Unknown AI tool: "${toolName}"`, `Supported tools: ${Object.keys(SUPPORTED_TOOLS).join(', ')}`)
   }
 
   // Verify binary availability
@@ -322,5 +310,5 @@ export async function invokeTool(toolName, promptContent) {
   }
 
   // Spawn tool with prompt content — inherits stdio so TUI/interactive tools work
-  await execa(bin, [...subArgs, tool.promptFlag, promptContent], { stdio: 'inherit' })
+  await execa(bin, [...subArgs, tool.promptFlag, promptContent], {stdio: 'inherit'})
 }