fuzzi-cli 0.1.0

package/README.md

@@ -0,0 +1,123 @@
+# Fuzzi CLI
+
+Node.js/TypeScript command-line tool for running Fuzzi security scans without a browser. Supports an interactive shell (`fuzzi`) and direct commands for CI/CD (`fuzzi scan <url>`).
+
+## Install
+
+```bash
+npm install -g fuzzi-cli
+# or zero-install
+npx fuzzi-cli@latest scan https://example.com
+```
+
+## Quick start
+
+1. Generate an API key at [app.fuzzi.dev/settings/api-keys](https://app.fuzzi.dev/settings/api-keys)
+2. Log in:
+
+```bash
+fuzzi auth login
+```
+
+3. Run a scan:
+
+```bash
+fuzzi scan https://example.com
+```
+
+## Two modes
+
+| Invocation | Behavior |
+|------------|----------|
+| `fuzzi` | Interactive home screen + `>` slash-command REPL |
+| `fuzzi scan <url>` | One-shot command, exits (CI/scripting) |
+
+### Interactive slash commands
+
+```
+/scan <url>       Run scan with live progress
+/scans            Browse recent scans
+/status           Auth status & rate limits
+/keys             View/revoke API keys
+/config k=v       Set local config
+/changelog        Release notes
+/help             All commands
+/exit             Leave the shell
+```
+
+### Direct commands
+
+```bash
+fuzzi scan <url> [--title] [--env production|staging|development] [--wait] [--no-wait] [--format table|json|markdown] [--fail-on low|medium|high|critical] [--fail-threshold 0.0-1.0]
+fuzzi scans list [--status] [--risk-level] [--limit 20] [--format table|json]
+fuzzi scans get <scan-id> [--format table|json|markdown]
+fuzzi report <scan-id> --format pdf|csv|json [--output ./path]
+fuzzi whatif <scan-id> --set dimension=value [--format json]
+fuzzi compare <scan-a> <scan-b> [--format table|json]
+fuzzi auth login [--api-key] | logout | status
+fuzzi config get [key] | set <key> <value> | list
+fuzzi --version
+fuzzi --help
+```
+
+## CI exit codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success; scan risk below `--fail-on` threshold |
+| 1 | Scan succeeded but risk meets/exceeds `--fail-on` |
+| 2 | Command failed (network, auth, invalid URL, etc.) |
+
+```bash
+fuzzi scan https://staging.example.com --fail-on critical
+# exit 0 = risk < CRITICAL
+# exit 1 = risk >= CRITICAL (intentional gate)
+# exit 2 = scan error
+```
+
+## Configuration
+
+**Credentials:** `~/.fuzzi/credentials` (mode 600)
+
+**CLI config:** `~/.fuzzi/config`
+
+```bash
+fuzzi config set default_env staging
+fuzzi config set default_format markdown
+```
+
+**Project config:** `.fuzzirc` (JSON) or `fuzzi.toml` in the working directory:
+
+```json
+{
+  "scan": {
+    "url": "https://staging.example.com",
+    "environment": "staging",
+    "fail_on": "high"
+  },
+  "output": {
+    "format": "markdown"
+  }
+}
+```
+
+CLI flags override project config values.
+
+## Development
+
+```bash
+npm install
+npm run build
+npm test
+npm link   # optional global `fuzzi` command
+```
+
+## Brand
+
+- Accent: `#4FC3A1` (teal)
+- Risk colors: LOW green, MEDIUM amber, HIGH red, CRITICAL purple
+
+## v2 (not yet)
+
+- Browser login (`fuzzi auth login --browser`)
+- GitHub Action wrapper

package/assets/changelog.json

@@ -0,0 +1,21 @@
+[
+  {
+    "version": "0.1.0",
+    "date": "2026-06-19",
+    "highlights": [
+      "Added confidence gating",
+      "Fixed Netflix-style false positives",
+      "Interactive home screen with slash commands",
+      "API key authentication"
+    ]
+  },
+  {
+    "version": "0.0.9",
+    "date": "2026-06-01",
+    "highlights": [
+      "OTP signup flow on backend",
+      "Production deployment",
+      "Branded transactional emails"
+    ]
+  }
+]

package/bin/fuzzi.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+
+const here = dirname(fileURLToPath(import.meta.url));
+await import(join(here, "..", "dist", "index.js"));

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+
+export {  }