guardrail-cli 1.0.6 → 2.0.0

package/README.md

@@ -5,14 +5,17 @@ The official command-line interface for Guardrail - AI-native code security and
 ## Installation
 
 ```bash
-npm install -g @guardrail/cli
+npm install -g guardrail-cli
 ```
 
 ## Quick Start
 
 ```bash
-# Authenticate
-guardrail auth --key gr_starter_your_api_key_here
+# Authenticate with your API key
+guardrail auth --key gr_pro_your_api_key_here
+
+# Check authentication status (shows masked key)
+guardrail auth --status
 
 # Scan your project
 guardrail scan --path ./your-project
@@ -21,27 +24,497 @@ guardrail scan --path ./your-project
 guardrail ship --path ./your-project
 ```
 
+## Authentication
+
+The CLI uses enterprise-grade authentication with secure credential storage.
+
+### Commands
+
+```bash
+# Authenticate with API key (validates against Guardrail API)
+guardrail auth --key gr_pro_abc123xyz789
+
+# Check current authentication status
+# Shows masked key (gr_pro_****xyz9), tier, email, expiry
+guardrail auth --status
+
+# Force refresh cached entitlements
+guardrail auth --refresh
+
+# Logout and remove stored credentials
+guardrail auth --logout
+```
+
+### Features
+
+- **Real API Validation**: Keys are validated against `POST /v1/cli/auth/validate`
+- **Secure Storage**: Credentials stored with 0600 permissions (Unix) or NTFS ACLs (Windows)
+- **Local Caching**: Entitlements cached for 15 minutes to reduce API calls
+- **Auto-Refresh**: Cache reused if > 5 minutes remaining; use `--refresh` to force
+- **Key Masking**: API keys always displayed masked: `gr_pro_****abcd`
+- **Expiry Warnings**: Yellow warning if entitlements expire within 72 hours
+
+### Credential Storage
+
+| Platform | Location |
+|----------|----------|
+| macOS | `~/Library/Application Support/guardrail/state.json` |
+| Linux | `~/.config/guardrail/state.json` |
+| Windows | `%APPDATA%\guardrail\state.json` |
+
+If `keytar` is available, sensitive tokens are stored in the OS keychain.
+
 ## Commands
 
 - `guardrail auth` - Authenticate with your API key
 - `guardrail scan` - Run security scans
-- `guardrail ship` - Ship readiness checks
-- `guardrail reality` - Browser testing for fake data
-- `guardrail smells` - Code smell analysis (Pro)
+- `guardrail scan:secrets` - Scan for hardcoded secrets
+- `guardrail scan:vulnerabilities` - Scan dependencies for CVEs (OSV integration)
+- `guardrail scan:compliance` - Compliance assessment (Pro)
+- `guardrail sbom:generate` - Generate SBOM (Pro)
+- `guardrail ship` - Ship readiness checks (Starter+)
+- `guardrail reality` - Browser testing for fake data (Starter+)
+- `guardrail smells` - Code smell analysis
 - `guardrail fix` - Manual fix suggestions (Starter+)
+- `guardrail autopilot` - AI-powered batch remediation (Pro)
+- `guardrail cache:clear` - Clear OSV vulnerability cache
+- `guardrail cache:status` - Show cache statistics
+- `guardrail init` - Initialize Guardrail in a project (see [Init Command](#init-command))
+- `guardrail menu` - Interactive menu
+
+## Init Command
+
+The `guardrail init` command provides enterprise-grade project initialization with automatic framework detection and template-based configuration.
+
+### Basic Usage
+
+```bash
+# Initialize with interactive prompts (auto-detects framework)
+guardrail init
+
+# Initialize with a specific template
+guardrail init --template enterprise
+
+# Initialize with CI and git hooks
+guardrail init --ci --hooks
+
+# Non-interactive mode
+guardrail init --template startup --no-interactive
+```
+
+### Options
+
+| Option | Description |
+|--------|-------------|
+| `-p, --path <path>` | Project path (default: `.`) |
+| `-t, --template <template>` | Template: `startup`, `enterprise`, or `oss` |
+| `--ci` | Generate CI/CD workflow (GitHub Actions with SARIF upload) |
+| `--hooks` | Install git hooks (husky or lefthook) |
+| `--hook-runner <runner>` | Specify hook runner: `husky` or `lefthook` |
+| `--no-interactive` | Disable interactive prompts |
+
+### Framework Detection
+
+Guardrail automatically detects your project framework by inspecting `package.json` and file structure:
+
+| Framework | Detection Signals |
+|-----------|-------------------|
+| **Next.js** | `next` dependency, `next.config.*`, `app/` or `pages/` directory |
+| **Express** | `express` dependency, `src/server.*` patterns, `routes/` directory |
+| **NestJS** | `@nestjs/core` dependency, `nest-cli.json`, `*.module.ts` files |
+| **Fastify** | `fastify` dependency, `@fastify/*` packages |
+| **Remix** | `@remix-run/*` packages, `remix.config.*`, `app/routes/` |
+| **Vite+React** | `vite` + `react` dependencies, `@vitejs/plugin-react` |
+
+Based on the detected framework, Guardrail recommends the most relevant scans:
+
+- **Next.js/Remix**: secrets, vulnerabilities, ship readiness, reality mode (auth flows)
+- **Express/NestJS/Fastify**: secrets, vulnerabilities, ship readiness, compliance (logging/rate limits)
+- **Vite+React**: secrets, vulnerabilities, ship readiness
+
+### Templates
+
+Templates configure `.guardrail/config.json` with different defaults:
+
+#### Startup Template
+- **Use case**: Early-stage teams, fast iteration
+- **Scan thresholds**: High (fewer alerts)
+- **Compliance**: Disabled
+- **Gating**: Block on critical only
+- **Output**: Table format
+- **Noise reduction**: Suppress test files, low-confidence findings
+
+```bash
+guardrail init --template startup
+```
+
+#### Enterprise Template
+- **Use case**: Regulated industries, strict security requirements
+- **Scan thresholds**: Low (catch everything)
+- **Compliance**: Enabled (SOC2 by default)
+- **Gating**: Block on critical and high, baseline/allowlist enabled
+- **Output**: SARIF format with upload
+- **SBOM**: Enabled
+
+```bash
+guardrail init --template enterprise
+```
+
+#### OSS Template
+- **Use case**: Open source projects, contributor-friendly
+- **Focus**: Supply chain security (SBOM, vulnerabilities)
+- **Gating**: Permissive, baseline/allowlist enabled
+- **Output**: Markdown format (PR-friendly)
+- **Noise reduction**: Suppress test files, examples
+
+```bash
+guardrail init --template oss
+```
+
+### Generated Files
+
+#### Configuration (`.guardrail/config.json`)
+
+```json
+{
+  "version": "1.0.0",
+  "template": "enterprise",
+  "framework": "nextjs",
+  "scans": {
+    "secrets": { "enabled": true, "threshold": "low" },
+    "vulnerabilities": { "enabled": true, "threshold": "medium" },
+    "compliance": { "enabled": true, "frameworks": ["soc2"] },
+    "sbom": { "enabled": true }
+  },
+  "gating": {
+    "enabled": true,
+    "blockOnCritical": true,
+    "blockOnHigh": true,
+    "baselineEnabled": true,
+    "allowlistEnabled": true
+  },
+  "output": {
+    "format": "sarif",
+    "sarifUpload": true,
+    "badgeGeneration": true
+  }
+}
+```
+
+#### CI Workflow (`.github/workflows/guardrail.yml`)
+
+When using `--ci`, generates a GitHub Actions workflow that:
+- Runs secrets and vulnerability scans
+- Runs compliance checks (if enabled)
+- Generates SBOM (if enabled)
+- Uploads SARIF results to GitHub Security tab
+- Runs ship readiness check
+- Fails the workflow on critical/high findings
+
+**Required**: Add `GUARDRAIL_API_KEY` to your repository secrets.
+
+#### Git Hooks (`.husky/` or `lefthook.yml`)
+
+When using `--hooks`, installs:
+- **pre-commit**: Secrets scan on staged files
+- **pre-push**: Full secrets + vulnerability scan + ship check
+
+### Examples
+
+```bash
+# Next.js project with enterprise security
+guardrail init --template enterprise --ci --hooks
+
+# Express API with startup defaults
+guardrail init --path ./api --template startup
+
+# OSS project with lefthook
+guardrail init --template oss --hooks --hook-runner lefthook
+
+# CI-only setup (no hooks)
+guardrail init --template enterprise --ci --no-interactive
+```
+
+## Vulnerability Scanning (OSV Integration)
+
+The `scan:vulnerabilities` command uses real-time data from the [Open Source Vulnerabilities (OSV)](https://osv.dev) database.
+
+### Features
+
+- **Real-time OSV API queries** - Live vulnerability data from Google's OSV database
+- **Multi-ecosystem support** - npm, PyPI, RubyGems, Go
+- **Lockfile parsing** - package-lock.json, pnpm-lock.yaml, yarn.lock
+- **24-hour caching** - Reduces API calls with local cache in `.guardrail/cache/osv.json`
+- **CVSS scoring** - Severity levels with optional NVD enrichment
+- **Remediation paths** - Upgrade suggestions with breaking change detection
+- **SARIF output** - GitHub code scanning integration
+
+### Usage
+
+```bash
+# Basic vulnerability scan
+guardrail scan:vulnerabilities --path ./my-project
+
+# Bypass cache for fresh data
+guardrail scan:vulnerabilities --no-cache
+
+# Enable NVD enrichment for CVSS scores (slower)
+guardrail scan:vulnerabilities --nvd
+
+# Output as SARIF for GitHub code scanning
+guardrail scan:vulnerabilities --format sarif -o results.sarif
+
+# Filter by ecosystem
+guardrail scan:vulnerabilities --ecosystem npm
+
+# Fail CI if critical vulnerabilities found
+guardrail scan:vulnerabilities --fail-on-critical
+```
+
+### Options
+
+| Option | Description |
+|--------|-------------|
+| `-p, --path <path>` | Project path to scan (default: `.`) |
+| `-f, --format <format>` | Output format: `table`, `json`, `sarif` (default: `table`) |
+| `-o, --output <file>` | Write report to file |
+| `--no-cache` | Bypass 24h cache, fetch fresh data from OSV |
+| `--nvd` | Enable NVD enrichment for CVSS scores (slower) |
+| `--fail-on-critical` | Exit with error if critical vulnerabilities found |
+| `--fail-on-high` | Exit with error if high+ vulnerabilities found |
+| `--ecosystem <eco>` | Filter by ecosystem: `npm`, `PyPI`, `RubyGems`, `Go` |
+
+### Cache Management
+
+Vulnerability data is cached for 24 hours in `.guardrail/cache/osv.json`.
+
+```bash
+# View cache statistics
+guardrail cache:status
+
+# Clear the cache
+guardrail cache:clear
+
+# Clear global cache
+guardrail cache:clear --global
+```
+
+### SARIF Output for GitHub
+
+Generate SARIF v2.1.0 output for GitHub code scanning:
+
+```bash
+# Generate SARIF report
+guardrail scan:vulnerabilities --format sarif -o vuln-results.sarif
+
+# In GitHub Actions workflow:
+- name: Run Guardrail Vulnerability Scan
+  run: guardrail scan:vulnerabilities --format sarif -o results.sarif
+  
+- name: Upload SARIF to GitHub
+  uses: github/codeql-action/upload-sarif@v2
+  with:
+    sarif_file: results.sarif
+```
+
+The SARIF output includes:
+- Rule metadata with CVE/GHSA IDs
+- CVSS scores and vectors
+- Remediation suggestions
+- Package.json line locations
+- Direct vs transitive classification
+
+### Consistent Command Headers
+
+All analysis commands (`scan`, `ship`, `smells`, etc.) display a consistent framed header with:
+- **Title**: Command name with icon
+- **Project**: Project name from directory
+- **Path**: Project path (truncated for long paths)
+- **Started**: Timestamp when command started
+- **Mode**: Tier badge when authenticated (FREE/STARTER/PRO/ENTERPRISE)
+- **Metadata**: Command-specific options (e.g., scan type, severity filter)
+
+The header respects `NO_COLOR` environment variable and `--no-color` flag for CI/accessibility.
 
 ## Tiers
 
 - **Free**: Basic scanning and validation
 - **Starter** ($29/mo): Ship checks, reality mode, fix suggestions
-- **Pro** ($99/mo): Advanced analysis, autopilot, smells detection
+- **Pro** ($99/mo): Advanced analysis, autopilot, smells detection, compliance
 - **Enterprise** ($499/mo): Custom policies, SSO, dedicated support
 
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `GUARDRAIL_API_BASE_URL` | Override API endpoint (default: `https://api.guardrail.dev`) |
+| `GUARDRAIL_NO_INTERACTIVE` | Disable interactive prompts (`1` to disable) |
+| `GUARDRAIL_NO_UNICODE` | Disable Unicode output (`1` for ASCII-only) |
+
+## Reality Mode
+
+Reality Mode detects fake data, mock backends, and placeholder content in your running application using Playwright browser automation.
+
+### Generate Only (default)
+
+```bash
+# Generate a Playwright test for the auth flow
+guardrail reality --flow auth
+
+# Generate test for a custom URL
+guardrail reality --url http://localhost:8080 --flow checkout
+```
+
+### Generate + Run
+
+```bash
+# Generate and immediately execute the test
+guardrail reality --run --flow auth
+
+# Run in headed mode (show browser)
+guardrail reality --run --flow auth --headless=false
+
+# Custom timeout and workers
+guardrail reality --run --timeout 60 --workers 2
+
+# Use HTML reporter for detailed results
+guardrail reality --run --reporter html,list
+
+# Full configuration example
+guardrail reality --run \
+  --url http://localhost:8080 \
+  --flow checkout \
+  --timeout 45 \
+  --workers 4 \
+  --reporter html,json \
+  --trace retain-on-failure \
+  --video retain-on-failure \
+  --screenshot only-on-failure
+```
+
+**Exit Code**: Mirrors Playwright's exit code (0 = pass, non-zero = fail)
+
+#### 3. Record Mode
+
+Opens Playwright in interactive recording mode using `codegen` to capture user actions.
+
+```bash
+# Start recording session
+guardrail reality --record --url http://localhost:3000
+
+# Record with custom flow name
+guardrail reality --record --url http://localhost:8080 --flow signup
+```
+
+**How it works**:
+1. Opens browser with Playwright Inspector
+2. Interact with your app (click, type, navigate)
+3. Playwright records all actions with robust selectors
+4. Generated test saved to `.guardrail/reality/<runId>/reality-<flow>.test.ts`
+5. Press Ctrl+C when done
+
+### Options
+
+| Flag | Description | Default |
+|------|-------------|---------|
+| `-p, --path <path>` | Project path | `.` |
+| `-u, --url <url>` | Base URL of running app | `http://localhost:3000` |
+| `-f, --flow <flow>` | Flow to test: auth, checkout, dashboard | `auth` |
+| `-t, --timeout <seconds>` | Test timeout in seconds | `30` |
+| `--headless` | Run in headless mode | `false` |
+| `--run` | Execute the generated test immediately | `false` |
+| `--record` | Open Playwright codegen for recording | `false` |
+| `--workers <n>` | Number of parallel workers | `1` |
+| `--reporter <type>` | Test reporter: list, dot, html, json | `list` |
+| `--trace <mode>` | Trace mode: on, off, retain-on-failure, on-first-retry | `retain-on-failure` |
+| `--video <mode>` | Video mode: on, off, retain-on-failure, on-first-retry | `retain-on-failure` |
+| `--screenshot <mode>` | Screenshot mode: on, off, only-on-failure | `only-on-failure` |
+
+### Artifacts
+
+When using `--run`, artifacts are saved under `.guardrail/reality/<runId>/`:
+
+```
+.guardrail/reality/auth-1704123456789-a1b2c3d4/
+├── reality-auth.test.ts      # Generated test file
+├── output.log                 # Playwright console output
+├── result.json                # Run result summary (success, exitCode, duration)
+├── run-metadata.json          # Execution configuration
+├── screenshots/               # Failure screenshots (if --screenshot enabled)
+│   ├── test-failed-1.png
+│   └── test-failed-2.png
+└── report/                    # HTML report (if --reporter html)
+    └── index.html
+```
+
+### Viewing Results
+
+**HTML Report** (if `--reporter html`):
+```bash
+npx playwright show-report .guardrail/reality/<runId>/report
+```
+
+**JSON Results**:
+```bash
+cat .guardrail/reality/<runId>/result.json
+```
+
+**Logs**:
+```bash
+cat .guardrail/reality/<runId>/output.log
+```
+
+### Prerequisites
+
+Reality Mode requires Playwright and browser binaries.
+
+**Install Playwright**:
+```bash
+npm install -D @playwright/test
+npx playwright install
+```
+
+The CLI automatically detects missing dependencies and provides exact install commands with exit code 2.
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Tests passed |
+| 1 | Tests failed |
+| 2 | Playwright or browsers not installed |
+
+### Examples
+
+**Quick test in CI**:
+```bash
+guardrail reality --run --flow auth --headless --timeout 30
+```
+
+**Debug with full visibility**:
+```bash
+guardrail reality --run --flow checkout \
+  --no-headless \
+  --trace on \
+  --video on \
+  --screenshot on
+```
+
+**Record custom flow**:
+```bash
+guardrail reality --record --url http://localhost:3000 --flow onboarding
+```
+
+**Parallel execution**:
+```bash
+guardrail reality --run --workers 4 --reporter html,json
+```
+
 ## Support
 
-- 📖 [Documentation](https://guardrail.dev/docs)
-- 💬 [Discord](https://discord.gg/guardrail)
-- 📧 [Support](mailto:support@guardrail.dev)
+- [Documentation](https://guardrail.dev/docs)
+- [Discord](https://discord.gg/guardrail)
+- [Support](mailto:support@guardrail.dev)
 
 ## License
 

package/dist/commands/baseline.d.ts

@@ -0,0 +1,7 @@
+/**
+ * baseline command
+ * Generate and manage baseline files for suppressing known findings
+ */
+import { Command } from 'commander';
+export declare function registerBaselineCommand(program: Command, requireAuth: () => any, printLogo: () => void): void;
+//# sourceMappingURL=baseline.d.ts.map

package/dist/commands/baseline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseline.d.ts","sourceRoot":"","sources":["../../src/commands/baseline.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAapC,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,GAAG,EAAE,SAAS,EAAE,MAAM,IAAI,GAAG,IAAI,CAqE7G"}

package/dist/commands/baseline.js

@@ -0,0 +1,79 @@
+"use strict";
+/**
+ * baseline command
+ * Generate and manage baseline files for suppressing known findings
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerBaselineCommand = registerBaselineCommand;
+const path_1 = require("path");
+const baseline_1 = require("../scanner/baseline");
+const scan_secrets_1 = require("./scan-secrets");
+const scan_vulnerabilities_1 = require("./scan-vulnerabilities");
+const c = {
+    bold: (s) => `\x1b[1m${s}\x1b[0m`,
+    dim: (s) => `\x1b[2m${s}\x1b[0m`,
+    success: (s) => `\x1b[32m${s}\x1b[0m`,
+    info: (s) => `\x1b[34m${s}\x1b[0m`,
+};
+function registerBaselineCommand(program, requireAuth, printLogo) {
+    program
+        .command('baseline')
+        .description('Generate baseline file to suppress known findings')
+        .option('-p, --path <path>', 'Project path to scan', '.')
+        .option('--write <file>', 'Write baseline to file', '.guardrail/baseline.json')
+        .option('-t, --type <type>', 'Scan type: all, secrets, vulnerabilities', 'all')
+        .action(async (opts) => {
+        requireAuth();
+        printLogo();
+        console.log(`\n${c.bold('📋 BASELINE GENERATION')}\n`);
+        const projectPath = (0, path_1.resolve)(opts.path);
+        const baselinePath = (0, path_1.resolve)(opts.write);
+        console.log(`  ${c.dim('Project:')} ${projectPath}`);
+        console.log(`  ${c.dim('Baseline:')} ${baselinePath}`);
+        console.log(`  ${c.dim('Type:')} ${opts.type}\n`);
+        const allFindings = [];
+        if (opts.type === 'all' || opts.type === 'secrets') {
+            console.log(`  ${c.info('→')} Scanning for secrets...`);
+            const secretsResult = await (0, scan_secrets_1.scanSecrets)(projectPath, {
+                path: projectPath,
+                format: 'json',
+                excludeTests: false,
+                failOnDetection: false,
+                evidence: false,
+            });
+            for (const finding of secretsResult.findings) {
+                allFindings.push({
+                    type: finding.type,
+                    category: 'secrets',
+                    title: finding.type,
+                    file: finding.file,
+                    line: finding.line,
+                    snippet: finding.match,
+                });
+            }
+            console.log(`  ${c.success('✓')} Found ${secretsResult.findings.length} secrets\n`);
+        }
+        if (opts.type === 'all' || opts.type === 'vulnerabilities') {
+            console.log(`  ${c.info('→')} Scanning for vulnerabilities...`);
+            const vulnResult = await (0, scan_vulnerabilities_1.scanVulnerabilities)(projectPath, {
+                format: 'json',
+            });
+            for (const finding of vulnResult.findings) {
+                allFindings.push({
+                    category: 'vulnerability',
+                    title: `${finding.cve}: ${finding.title}`,
+                    file: 'package.json',
+                    line: 1,
+                    snippet: `${finding.package}@${finding.version}`,
+                });
+            }
+            console.log(`  ${c.success('✓')} Found ${vulnResult.findings.length} vulnerabilities\n`);
+        }
+        baseline_1.BaselineManager.saveBaseline(baselinePath, allFindings);
+        console.log(`${c.success('✓')} ${c.bold('Baseline created successfully!')}`);
+        console.log(`  ${c.dim('File:')} ${baselinePath}`);
+        console.log(`  ${c.dim('Findings:')} ${allFindings.length}`);
+        console.log(`\n  ${c.dim('Use')} ${c.bold(`--baseline ${baselinePath}`)} ${c.dim('with scan commands to suppress these findings.')}\n`);
+    });
+}
+//# sourceMappingURL=baseline.js.map

package/dist/commands/baseline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseline.js","sourceRoot":"","sources":["../../src/commands/baseline.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAeH,0DAqEC;AAjFD,+BAA+B;AAC/B,kDAAsD;AACtD,iDAA6C;AAC7C,iEAA6D;AAE7D,MAAM,CAAC,GAAG;IACR,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;IACzC,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS;IACxC,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;IAC7C,IAAI,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS;CAC3C,CAAC;AAEF,SAAgB,uBAAuB,CAAC,OAAgB,EAAE,WAAsB,EAAE,SAAqB;IACrG,OAAO;SACJ,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,mDAAmD,CAAC;SAChE,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,EAAE,GAAG,CAAC;SACxD,MAAM,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,0BAA0B,CAAC;SAC9E,MAAM,CAAC,mBAAmB,EAAE,0CAA0C,EAAE,KAAK,CAAC;SAC9E,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,WAAW,EAAE,CAAC;QACd,SAAS,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC;QAEvD,MAAM,WAAW,GAAG,IAAA,cAAO,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,YAAY,GAAG,IAAA,cAAO,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;QAElD,MAAM,WAAW,GAAU,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACxD,MAAM,aAAa,GAAG,MAAM,IAAA,0BAAW,EAAC,WAAW,EAAE;gBACnD,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,MAAM;gBACd,YAAY,EAAE,KAAK;gBACnB,eAAe,EAAE,KAAK;gBACtB,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;YAEH,KAAK,MAAM,OAAO,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;gBAC7C,WAAW,CAAC,IAAI,CAAC;oBACf,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,OAAO,CAAC,IAAI;oBACnB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,OAAO,CAAC,KAAK;iBACvB,CAAC,CAAC;YACL,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,aAAa,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;YAChE,MAAM,UAAU,GAAG,MAAM,IAAA,0CAAmB,EAAC,WAAW,EAAE;gBACxD,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAC1C,WAAW,CAAC,IAAI,CAAC;oBACf,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,GAAG,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,KAAK,EAAE;oBACzC,IAAI,EAAE,cAAc;oBACpB,IAAI,EAAE,CAAC;oBACP,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE;iBACjD,CAAC,CAAC;YACL,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,UAAU,CAAC,QAAQ,CAAC,MAAM,oBAAoB,CAAC,CAAC;QAC3F,CAAC;QAED,0BAAe,CAAC,YAAY,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAExD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,gDAAgD,CAAC,IAAI,CAAC,CAAC;IAC1I,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/cache.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Cache management commands
+ *
+ * Commands:
+ * - cache:clear - Clear the OSV vulnerability cache
+ * - cache:status - Show cache statistics
+ */
+import { Command } from 'commander';
+/**
+ * Register cache commands
+ */
+export declare function registerCacheCommands(program: Command, printLogo: () => void): void;
+//# sourceMappingURL=cache.d.ts.map

package/dist/commands/cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/commands/cache.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA2FpC;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,MAAM,IAAI,GACpB,IAAI,CAiFN"}