getdoorman 1.1.0 → 1.2.0

package/bin/doorman.js

@@ -1,11 +1,9 @@
 #!/usr/bin/env node
 
-import { Command } from 'commander';
-import { check } from '../src/index.js';
-import { generateReport } from '../src/compliance.js';
 import { readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
-import { dirname, join } from 'path';
+import { dirname, join, resolve } from 'path';
+import { Command } from 'commander';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
@@ -14,445 +12,52 @@ const program = new Command();
 
 program
   .name('getdoorman')
-  .description('Find security issues. Tell your AI to fix them.')
+  .description('10 checks. Zero false positives. Ship with confidence.')
   .version(pkg.version);
 
 program
-  .command('check')
-  .alias('scan')
-  .description('Scan your code for issues (always free)')
-  .argument('[path]', 'Path to scan', '.')
-  .option('--ci', 'CI mode — exit with code 1 if score below threshold')
-  .option('--min-score <number>', 'Minimum score to pass in CI mode', '70')
+  .command('check', { isDefault: true })
+  .description('Check your code before shipping')
+  .argument('[path]', 'Path to check', '.')
   .option('--json', 'Output results as JSON')
-  .option('--sarif [path]', 'Output SARIF 2.1.0 report (for GitHub Code Scanning, VS Code)')
-  .option('--html [path]', 'Output standalone HTML report')
-  .option('--category <categories>', 'Only run specific categories (comma-separated)')
-  .option('--severity <level>', 'Minimum severity to report (critical,high,medium,low,info)', 'low')
-  .option('--full', 'Force full scan (skip incremental)')
-  .option('--no-cache', 'Disable file hash caching (force re-scan all files)')
-  .option('--timeout <seconds>', 'Custom scan timeout in seconds', '60')
-  .option('--verbose', 'Show all findings including suggestions')
-  .option('--detail', 'Show all findings individually (disables smart summary)')
-  .option('--strict', 'Show all severity levels including medium/low')
-  .option('-q, --quiet', 'Only show one-line summary (no findings detail)')
-  .option('--config <path>', 'Path to a custom config file')
-  .option('--baseline [path]', 'Only show NEW findings (diff against baseline file)')
-  .option('--save-baseline [path]', 'Save current findings as baseline for future diffs')
-  .option('--profile', 'Show performance profile of slowest rules')
-  .option('--share', 'Generate a shareable score card')
+  .option('--ci', 'Exit with code 1 if issues found')
   .action(async (path, options) => {
     try {
-      const result = await check(path, options);
-
-      // Generate shareable score card
-      if (options.share && result) {
-        const { generateScoreCard } = await import('../src/share.js');
-        const cardPath = generateScoreCard(path, result);
-        const chalk = (await import('chalk')).default;
-        console.log('');
-        console.log(chalk.bold.green('  Score card saved!'));
-        console.log(chalk.gray(`  Open: ${cardPath}`));
-        console.log(chalk.gray('  Share it on Twitter, Discord, or Slack.'));
-        console.log('');
+      const { collectFiles } = await import('../src/scanner.js');
+      const { runSimpleChecks, printSimpleReport } = await import('../src/simple-reporter.js');
+
+      const files = await collectFiles(resolve(path), { silent: true });
+      const results = runSimpleChecks(files);
+
+      if (options.json) {
+        const output = results.map(r => ({
+          check: r.name,
+          passed: r.passed,
+          issues: r.findings.map(f => ({ message: f.message, file: f.file, line: f.line })),
+        }));
+        console.log(JSON.stringify(output, null, 2));
+      } else {
+        printSimpleReport(results);
       }
 
-      // After first scan: add CLAUDE.md, offer hooks, collect email
-      if (!options.ci && !options.quiet && !options.json && !options.sarif && !options.html && !options.silent) {
+      // On first scan: add doorman to AI tool configs
+      try {
         const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
-        const { loadAuth, saveAuth } = await import('../src/auth.js');
-        const { resolve } = await import('path');
         const resolvedPath = resolve(path);
-
         if (isFirstScan(resolvedPath)) {
-          const chalk = (await import('chalk')).default;
-
-          // Add Doorman instructions to AI config files (only appends, never overwrites)
-          const claudeMd = installClaudeMd(resolvedPath);
-          const agentsMd = installAgentsMd(resolvedPath);
-          const cursorRules = installCursorRules(resolvedPath);
-          if (claudeMd) console.log(chalk.dim('  Added Doorman to CLAUDE.md'));
-          if (agentsMd) console.log(chalk.dim('  Added Doorman to AGENTS.md'));
-          if (cursorRules) console.log(chalk.dim('  Added Doorman to .cursorrules'));
-
-          // Auto-run hook for Claude Code (non-blocking, just a scan)
-          const hookInstalled = installClaudeHook(resolvedPath);
-          if (hookInstalled) console.log(chalk.dim('  Auto-run enabled for Claude Code'));
-
-          // NOTE: No pre-commit hook on first scan — too aggressive.
-          // Users can opt in with: npx getdoorman init
-
-          // Collect email
-          const auth = loadAuth();
-          if (!auth?.email) {
-            const readline = await import('readline');
-            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-            console.log('');
-            const email = await new Promise(r => {
-              rl.question(chalk.green('  Enter your email for updates (optional): '), a => { rl.close(); r(a.trim()); });
-            });
-            if (email && email.includes('@')) {
-              saveAuth(email);
-              console.log(chalk.green('  ✓ Saved!'));
-            }
-          }
-          console.log('');
+          installClaudeMd(resolvedPath);
+          installAgentsMd(resolvedPath);
+          installCursorRules(resolvedPath);
+          installClaudeHook(resolvedPath);
         }
-      }
+      } catch {}
 
-      process.exit(result.exitCode || 0);
+      const failCount = results.filter(r => !r.passed).length;
+      process.exit(options.ci && failCount > 0 ? 1 : 0);
     } catch (err) {
       console.error('Error:', err.message);
       process.exit(2);
     }
   });
 
-program
-  .command('fix')
-  .description('Tell your AI to fix issues — works in Claude, Codex, Cursor')
-  .argument('[severity]', 'Filter: critical, high, medium, or all', 'critical')
-  .argument('[path]', 'Path to scan', '.')
-  .action(async (severity, path, options) => {
-    const chalk = (await import('chalk')).default;
-
-    // Load cached scan or run a quick scan
-    let findings = [];
-    try {
-      const { loadScanCache } = await import('../src/scan-cache.js');
-      const { resolve } = await import('path');
-      const cache = loadScanCache(resolve(path));
-      if (cache && cache.findings) findings = cache.findings;
-    } catch {}
-
-    if (findings.length === 0) {
-      console.log('Scanning...');
-      const result = await check(path, { silent: true, full: true });
-      findings = result.findings;
-    }
-
-    // Filter by severity
-    const sevFilter = severity.toLowerCase();
-    let filtered;
-    if (sevFilter === 'all') {
-      filtered = findings;
-    } else if (sevFilter === 'critical') {
-      filtered = findings.filter(f => f.severity === 'critical');
-    } else if (sevFilter === 'high') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high');
-    } else if (sevFilter === 'medium') {
-      filtered = findings.filter(f => f.severity === 'critical' || f.severity === 'high' || f.severity === 'medium');
-    } else {
-      filtered = findings.filter(f => f.severity === sevFilter);
-    }
-
-    const top = filtered.slice(0, 20);
-
-    if (top.length === 0) {
-      console.log(`No ${sevFilter} issues found.`);
-      return;
-    }
-
-    // Build the prompt
-    const issueList = top.map(f => {
-      const loc = f.file ? ` in ${f.file}${f.line ? ':' + f.line : ''}` : '';
-      return `- ${f.severity.toUpperCase()}: ${f.title}${loc}`;
-    }).join('\n');
-
-    const prompt = `Fix these ${sevFilter === 'all' ? '' : sevFilter + ' '}issues in my code:\n\n${issueList}`;
-
-    // Detect environment: AI tool or manual terminal
-    const isAI = process.env.CLAUDE_CODE || process.env.CURSOR_SESSION || process.env.CODEX_SANDBOX || process.env.TERM_PROGRAM === 'claude';
-    const isCI = process.env.CI || process.env.GITHUB_ACTIONS;
-
-    if (isAI) {
-      // Inside an AI tool — just output the prompt directly, the AI will act on it
-      console.log(prompt);
-    } else if (isCI) {
-      // CI — just list issues
-      console.log(prompt);
-    } else {
-      // Manual terminal — show formatted + copy to clipboard
-      console.log('');
-      console.log(chalk.bold('  Paste this into Claude, Codex, or Cursor:'));
-      console.log('');
-      console.log(chalk.cyan('  ┌───────────────────────────────────────────────'));
-      for (const line of prompt.split('\n')) {
-        console.log(chalk.cyan('  │ ') + line);
-      }
-      console.log(chalk.cyan('  └───────────────────────────────────────────────'));
-      console.log('');
-
-      // Copy to clipboard
-      try {
-        const { execSync } = await import('child_process');
-        const cmd = process.platform === 'darwin' ? 'pbcopy' : process.platform === 'win32' ? 'clip' : 'xclip -selection clipboard';
-        execSync(cmd, { input: prompt, stdio: ['pipe', 'ignore', 'ignore'] });
-        console.log(chalk.green('  ✓ Copied to clipboard! Just paste it.'));
-      } catch {
-        console.log(chalk.dim('  Tip: copy the text above and paste into your AI tool'));
-      }
-      console.log('');
-    }
-  });
-
-program
-  .command('review')
-  .description('Review only changed files (for git hooks and PRs)')
-  .argument('[path]', 'Path to scan', '.')
-  .option('--json', 'Output as JSON')
-  .option('--min-score <number>', 'Minimum score', '70')
-  .action(async (path, options) => {
-    try {
-      const result = await check(path, { ...options, incremental: true });
-      process.exit(result.exitCode || 0);
-    } catch (err) {
-      console.error('Error:', err.message);
-      process.exit(2);
-    }
-  });
-
-program
-  .command('ignore')
-  .description('Ignore a rule (mark as false positive)')
-  .argument('<ruleId>', 'Rule ID to ignore (e.g., SEC-INJ-001)')
-  .option('--file <path>', 'Only ignore in this file')
-  .option('--reason <reason>', 'Reason for ignoring')
-  .action(async (ruleId, options) => {
-    const { addIgnore } = await import('../src/config.js');
-    addIgnore('.', ruleId, options.file || null, options.reason || 'User dismissed');
-    console.log(`Ignored ${ruleId}${options.file ? ' in ' + options.file : ''}`);
-  });
-
-program
-  .command('init')
-  .description('Initialize Doorman: create config, hooks, and auto-run')
-  .option('--no-hook', 'Skip pre-commit hook installation')
-  .option('--claude', 'Install Claude Code auto-run hook')
-  .action(async (options) => {
-    const { writeFileSync, existsSync, mkdirSync } = await import('fs');
-    const { installClaudeHook, installGitHook, installClaudeMd } = await import('../src/hooks.js');
-    const { resolve } = await import('path');
-
-    // 1. Config file — create .doormanrc with recommended preset
-    if (existsSync('.doormanrc') || existsSync('.doormanrc.json')) {
-      const which = existsSync('.doormanrc') ? '.doormanrc' : '.doormanrc.json';
-      console.log(`  ✓ Config already exists at ${which}`);
-    } else {
-      const config = {
-        extends: 'recommended',
-        rules: {},
-        categories: [],
-        severity: 'medium',
-        ignore: ['test/**', 'vendor/**', '*.min.js'],
-      };
-      writeFileSync('.doormanrc', JSON.stringify(config, null, 2) + '\n');
-      console.log('  ✓ Created .doormanrc (recommended preset)');
-    }
-
-    // 2. Pre-commit hook
-    if (options.hook !== false) {
-      const installed = installGitHook(resolve('.'));
-      if (installed) {
-        console.log('  ✓ Installed pre-commit hook — critical issues will block commits');
-      } else if (!existsSync('.git')) {
-        console.log('  ⚠ Not a git repository — skipping pre-commit hook');
-      } else {
-        console.log('  ✓ Pre-commit hook already installed');
-      }
-    }
-
-    // 3. Claude Code hook
-    if (options.claude) {
-      const installed = installClaudeHook(resolve('.'));
-      if (installed) {
-        console.log('  ✓ Claude Code hook installed — Doorman runs after every file edit');
-      } else {
-        console.log('  ✓ Claude Code hook already installed');
-      }
-    }
-
-    // 4. CLAUDE.md — teach Claude to use Doorman
-    const mdInstalled = installClaudeMd(resolve('.'));
-    if (mdInstalled) {
-      console.log('  ✓ Added Doorman to CLAUDE.md — Claude will suggest it automatically');
-    } else {
-      console.log('  ✓ CLAUDE.md already mentions Doorman');
-    }
-
-    console.log('');
-    console.log('Doorman is ready. Run `npx getdoorman check` to scan your codebase.');
-    if (!options.claude) {
-      console.log('Tip: Run `npx getdoorman init --claude` to auto-scan when Claude writes code.');
-    }
-  });
-
-program
-  .command('dashboard')
-  .description('Open your project dashboard in the browser')
-  .argument('[path]', 'Project path', '.')
-  .action(async (path) => {
-    const chalk = (await import('chalk')).default;
-    const { openDashboard } = await import('../src/dashboard.js');
-    const result = openDashboard(path);
-    if (result.error) {
-      console.log('');
-      console.log(chalk.yellow(`  ${result.error}`));
-      console.log('');
-    } else {
-      console.log('');
-      console.log(chalk.green(`  ✓ Dashboard opened: ${result.path}`));
-      console.log('');
-    }
-  });
-
-program
-  .command('benchmark')
-  .description('Run the real-world vulnerability detection benchmark')
-  .action(async () => {
-    console.log('Running Doorman benchmark...');
-    const { execSync } = await import('child_process');
-    try {
-      execSync('node --test test/benchmark-real-world.test.js', { stdio: 'inherit' });
-    } catch (e) {
-      // Test runner reports results
-    }
-  });
-
-program
-  .command('hook')
-  .description('Install Doorman as a pre-commit git hook')
-  .option('--remove', 'Remove the git hook')
-  .action(async (options) => {
-    const { writeFileSync, unlinkSync, existsSync, mkdirSync } = await import('fs');
-    const hookPath = '.git/hooks/pre-commit';
-
-    if (options.remove) {
-      if (existsSync(hookPath)) {
-        unlinkSync(hookPath);
-        console.log('Removed Doorman pre-commit hook');
-      }
-      return;
-    }
-
-    if (!existsSync('.git/hooks')) mkdirSync('.git/hooks', { recursive: true });
-
-    const hookScript = `#!/bin/sh
-# Doorman pre-commit hook
-npx getdoorman review --min-score 70
-`;
-    writeFileSync(hookPath, hookScript, { mode: 0o755 });
-    console.log('Installed Doorman pre-commit hook');
-    console.log('Every commit will be checked. Remove with: doorman hook --remove');
-  });
-
-program
-  .command('credits')
-  .description('Check your credit balance or buy more')
-  .option('--buy', 'Open the credit purchase page')
-  .action(async (options) => {
-    const chalk = (await import('chalk')).default;
-    const { loadAuth, checkCredits, getCreditPacks } = await import('../src/auth.js');
-
-    const auth = loadAuth();
-
-    if (!auth || !auth.email) {
-      console.log('');
-      console.log(chalk.dim('  No account yet. Run `npx getdoorman fix` to get 3 free credits.'));
-      console.log('');
-      return;
-    }
-
-    const credits = await checkCredits(auth.email);
-    const packs = getCreditPacks(auth.email);
-
-    console.log('');
-    console.log(chalk.bold('  Doorman Account'));
-    console.log(`    Email:   ${auth.email}`);
-    console.log(`    Credits: ${credits ? credits.credits : 'unknown (offline)'}`);
-    console.log('');
-
-    if (options.buy || (credits && credits.credits <= 0)) {
-      console.log(chalk.bold('  Buy credits:'));
-      console.log('');
-      for (const pack of packs) {
-        const bonus = pack.bonus ? chalk.green(` (${pack.bonus})`) : '';
-        console.log(`    ${String(pack.credits).padStart(3)} credits — ${pack.price}${bonus}   ${chalk.cyan(pack.buyUrl)}`);
-      }
-      console.log('');
-      // Try to open browser
-      try {
-        const { execSync } = await import('child_process');
-        const cmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open';
-        execSync(`${cmd} ${packs[0].buyUrl}`, { stdio: 'ignore' });
-        console.log(chalk.dim('  Opened in your browser.'));
-      } catch { /* ignore */ }
-    }
-    console.log('');
-  });
-
-// ai-fix is now merged into `fix` — kept as hidden alias for backward compat
-program
-  .command('ai-fix')
-  .description(false)  // hidden
-  .argument('[path]', 'Path to scan', '.')
-  .action(async () => {
-    console.log('ai-fix has been merged into `fix`. Just run: npx getdoorman fix');
-  });
-
-program
-  .command('report')
-  .description('Generate a compliance report (SOC2, GDPR, HIPAA, PCI-DSS)')
-  .argument('[path]', 'Path to scan', '.')
-  .option('--framework <name>', 'Framework: SOC2, GDPR, HIPAA, PCI, or all', 'all')
-  .option('--output <path>', 'Output file path', 'doorman-report.html')
-  .option('--project <name>', 'Project name for the report')
-  .action(async (path, options) => {
-    const chalk = (await import('chalk')).default;
-    const { basename, resolve } = await import('path');
-
-    const framework = options.framework.toLowerCase();
-    const validFrameworks = ['soc2', 'gdpr', 'hipaa', 'pci', 'all'];
-    if (!validFrameworks.includes(framework)) {
-      console.error(`Error: Unknown framework "${options.framework}". Choose from: SOC2, GDPR, HIPAA, PCI, or all`);
-      process.exit(1);
-    }
-
-    const projectName = options.project || basename(resolve(path));
-
-    console.log('');
-    console.log(chalk.bold.cyan('  Doorman — Compliance Report Generator'));
-    console.log('');
-
-    // Step 1: Run a full scan
-    console.log(chalk.gray('  Running full scan...'));
-    let result;
-    try {
-      result = await check(path, { silent: true, full: true });
-    } catch (err) {
-      console.error(chalk.red(`  Scan failed: ${err.message}`));
-      process.exit(1);
-    }
-
-    console.log(chalk.gray(`  Found ${result.findings.length} finding(s), score: ${result.score}/100`));
-    console.log('');
-
-    // Step 2: Generate the compliance report
-    const { summary } = generateReport(
-      { findings: result.findings, score: result.score, stack: result.stack },
-      { framework, projectName, outputPath: options.output }
-    );
-
-    // Step 3: Print summary
-    const frameworkEntries = Object.entries(summary.frameworks);
-    for (const [, fw] of frameworkEntries) {
-      const statusColor = fw.status === 'compliant' ? chalk.green : fw.status === 'partial' ? chalk.yellow : chalk.red;
-      console.log(`  ${fw.name.padEnd(22)} ${statusColor(fw.status.toUpperCase().padEnd(15))} ${fw.score}%`);
-    }
-
-    console.log('');
-    console.log(chalk.bold.green(`  Report saved to ${options.output}`));
-    console.log(chalk.gray('  Open in a browser to view the full compliance report.'));
-    console.log('');
-  });
-
 program.parse();