npm - hackmyagent - Versions diffs - 0.11.2 → 0.11.4 - Mend

hackmyagent 0.11.2 → 0.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/cli.js +51 -61
package/dist/cli.js.map +1 -1
package/dist/hardening/scanner.d.ts.map +1 -1
package/dist/hardening/scanner.js +107 -112
package/dist/hardening/scanner.js.map +1 -1
package/dist/hardening/taxonomy.d.ts.map +1 -1
package/dist/hardening/taxonomy.js +67 -66
package/dist/hardening/taxonomy.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -1
package/dist/telemetry/contribute.d.ts +5 -0
package/dist/telemetry/contribute.d.ts.map +1 -1
package/dist/telemetry/contribute.js +34 -0
package/dist/telemetry/contribute.js.map +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -1538,43 +1538,22 @@ function resolvePackageVersion(targetDir) {
     catch { /* ignore */ }
     return null;
 }
-/**
- * Build an anonymized contribution summary from scan findings.
- * Contains only aggregate data -- no file paths, no code, no project names.
- */
-function buildContributionSummary(findings, score, projectType) {
-    const failed = findings.filter((f) => !f.passed);
-    const categories = [...new Set(failed.map((f) => f.category).filter(Boolean))].sort();
-    const counts = { critical: 0, high: 0, medium: 0, low: 0 };
-    for (const f of failed) {
-        if (f.severity in counts)
-            counts[f.severity]++;
-    }
-    return {
-        packageType: projectType,
-        findingCategories: categories,
-        findingCounts: counts,
-        score,
-        toolVersion: index_1.VERSION,
-    };
-}
 /**
  * Handle community contribution after a scan completes.
  *
  * Determines whether to contribute based on:
  *   1. --contribute / --no-contribute CLI flags (highest priority)
- *   2. --ci mode: skip prompt, only contribute if --contribute is explicit
- *   3. ~/.opena2a/config.json contribute.enabled setting
- *   4. Interactive opt-in prompt (first scan or scan #10)
+ *   2. ~/.opena2a/config.json contribute.enabled setting
+ *   3. Interactive opt-in prompt (first scan or scan #10)
  *
- * Shows what will be sent before sending (transparency).
+ * If contributing, builds an anonymized payload and submits it
+ * asynchronously (non-blocking). Failures are logged as warnings.
  */
-async function handleContribution(contributeFlag, targetDir, findings, registryUrl, format, contributionOptions) {
+async function handleContribution(contributeFlag, targetDir, findings, registryUrl, format) {
     try {
         const { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayloadFromDir, submitContribution, } = await Promise.resolve().then(() => __importStar(require('./telemetry')));
         // Always increment scan count
         incrementScanCount();
-        const isCi = contributionOptions?.ci === true;
         // Determine whether to contribute
         let shouldContribute;
         if (contributeFlag === true) {
@@ -1585,10 +1564,6 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
             // --no-contribute flag: skip this scan
             shouldContribute = false;
         }
-        else if (isCi) {
-            // CI mode: never prompt, only contribute if --contribute was explicit
-            shouldContribute = false;
-        }
         else {
             // Check config
             const configSetting = isContributeEnabled();
@@ -1599,7 +1574,7 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
                 shouldContribute = false;
             }
             else {
-                // Not configured -- prompt (interactive TTY only)
+                // Not configured -- prompt after 3 scans (interactive TTY only)
                 if (format === 'text' && process.stdout.isTTY && shouldPromptContribute()) {
                     shouldContribute = await showContributePrompt();
                 }
@@ -1610,21 +1585,6 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
         }
         if (!shouldContribute)
             return;
-        // Build the anonymized contribution summary for transparency display
-        const score = contributionOptions?.score ?? 0;
-        const projectType = contributionOptions?.projectType ?? 'unknown';
-        const summary = buildContributionSummary(findings, score, projectType);
-        // Transparency: show what will be sent before sending
-        if (format === 'text' && !isCi) {
-            console.log('');
-            console.log('Contributing anonymized scan summary to OpenA2A Registry:');
-            console.log(`  Package type: ${summary.packageType}`);
-            console.log(`  Categories:   ${summary.findingCategories.join(', ') || '(none)'}`);
-            console.log(`  Findings:     ${summary.findingCounts.critical} critical, ${summary.findingCounts.high} high, ${summary.findingCounts.medium} medium, ${summary.findingCounts.low} low`);
-            console.log(`  Score:        ${summary.score}`);
-            console.log(`  Tool version: ${summary.toolVersion}`);
-            console.log('  (No file paths, code, or project names are sent)');
-        }
         // Build and submit contribution (non-blocking)
         const packageName = resolvePackageName(targetDir);
         if (!packageName)
@@ -1646,7 +1606,7 @@ async function handleContribution(contributeFlag, targetDir, findings, registryU
  * Converts SoulScanResult controls into SecurityFinding-like objects
  * for the contribution module, then delegates to handleContribution.
  */
-async function handleSoulContribution(contributeFlag, targetDir, result, registryUrl, format, contributionOptions) {
+async function handleSoulContribution(contributeFlag, targetDir, result, registryUrl, format) {
     // Convert soul controls into SecurityFinding-shaped objects
     const findings = [];
     for (const domain of result.domains) {
@@ -1665,11 +1625,7 @@ async function handleSoulContribution(contributeFlag, targetDir, result, registr
             });
         }
     }
-    await handleContribution(contributeFlag, targetDir, findings, registryUrl, format, {
-        ci: contributionOptions?.ci,
-        score: result.score,
-        projectType: 'soul',
-    });
+    await handleContribution(contributeFlag, targetDir, findings, registryUrl, format);
 }
 program
     .command('secure')
@@ -1730,10 +1686,18 @@ Examples:
     .option('--registry-key <key>', 'Registry API key (default: REGISTRY_API_KEY env)')
     .option('--contribute', 'Share anonymized scan findings with OpenA2A Registry (overrides config)')
     .option('--no-contribute', 'Do not share findings for this scan (overrides config)')
-    .option('--ci', 'CI mode: suppress interactive prompts, machine-friendly output')
+    .option('--ci', 'CI mode: suppress interactive prompts, exit non-zero on findings')
     .action(async (directory, options) => {
     try {
         const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        // CI mode: force non-interactive defaults
+        if (options.ci) {
+            if (!options.format && !options.json)
+                options.format = 'text';
+            // In CI, never prompt -- only contribute if explicitly --contribute
+            if (options.contribute === undefined)
+                options.contribute = false;
+        }
         // Check if directory exists
         if (!require('fs').existsSync(targetDir)) {
             console.error(`Error: Directory '${targetDir}' does not exist.`);
@@ -1935,7 +1899,7 @@ Examples:
                 writeJsonStdout(jsonOutput);
             }
             // Community contribution (non-blocking, runs in JSON mode too)
-            await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format, { ci: options.ci, score: result.score, projectType: result.projectType });
+            await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format);
             const critHigh = result.findings.filter((f) => !f.passed && !f.fixed && (f.severity === 'critical' || f.severity === 'high'));
             if (critHigh.length > 0)
                 process.exitCode = 1;
@@ -2015,10 +1979,11 @@ Examples:
                         ? `${finding.file}:${finding.line}`
                         : finding.file
                     : '';
-                // Format: SEVERITY  file:line
+                // Format: SEVERITY  [DRY RUN] Would fix: file:line
                 //         Description
                 //         Fix: command
-                console.log(`${display.color()}${display.symbol} ${finding.severity.toUpperCase()}${RESET()}  ${location}`);
+                const dryRunPrefix = finding.wouldFix ? `${colors.cyan}[DRY RUN] Would fix: ${RESET()}` : '';
+                console.log(`${display.color()}${display.symbol} ${finding.severity.toUpperCase()}${RESET()}  ${dryRunPrefix}${location}`);
                 console.log(`       ${finding.description}`);
                 if (finding.fix) {
                     console.log(`       ${colors.cyan}Fix:${RESET()} ${finding.fix}`);
@@ -2056,6 +2021,14 @@ Examples:
             if (summaryParts.length > 0) {
                 console.log(`${summaryParts.join(' | ')}\n`);
             }
+            // Dry-run summary
+            if (result.dryRun) {
+                const wouldFixCount = issues.filter((f) => f.wouldFix).length;
+                if (wouldFixCount > 0) {
+                    console.log(`${colors.cyan}Dry run complete:${RESET()} ${wouldFixCount} issue${wouldFixCount === 1 ? '' : 's'} auto-fixable. Run without --dry-run to apply.`);
+                }
+                console.log(`  No changes were made.\n`);
+            }
         }
         // Print fixed findings
         if (fixedFindings.length > 0) {
@@ -2155,12 +2128,15 @@ Examples:
             }
         }
         // Community contribution: share anonymized findings with OpenA2A Registry
-        await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format, { ci: options.ci, score: result.score, projectType: result.projectType });
+        await handleContribution(options.contribute, targetDir, result.findings, options.registryUrl, format);
         // Star prompt (interactive TTY only, text format only)
         if (process.stdout.isTTY) {
             console.log(`${colors.cyan}Helpful?${RESET()} Star the project: https://github.com/opena2a-org/opena2a\n`);
         }
-        // Exit with non-zero if critical/high issues remain
+        // Exit with non-zero if critical/high issues remain (or any issues in --ci mode)
+        if (options.ci && issues.length > 0) {
+            process.exit(1);
+        }
         const criticalOrHigh = issues.filter((f) => f.severity === 'critical' || f.severity === 'high');
         if (criticalOrHigh.length > 0) {
             process.exit(1);
@@ -2426,7 +2402,9 @@ Examples:
     .option('-v, --verbose', 'Show detailed finding information')
     .action(async (target, options) => {
     try {
-        console.log(`\nScanning ${target}...\n`);
+        if (!options.json) {
+            console.log(`\nScanning ${target}...\n`);
+        }
         const scanner = new index_1.ExternalScanner();
         const customPorts = options.ports
             ? options.ports.split(',').map((p) => parseInt(p.trim(), 10))
@@ -4054,10 +4032,15 @@ Examples:
     .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://api.oa2a.org')
     .option('--contribute', 'Share anonymized scan findings with OpenA2A Registry (overrides config)')
     .option('--no-contribute', 'Do not share findings for this scan (overrides config)')
-    .option('--ci', 'CI mode: suppress interactive prompts, machine-friendly output')
+    .option('--ci', 'CI mode: suppress interactive prompts, exit non-zero on findings')
     .action(async (directory, options) => {
     try {
         const targetDir = directory.startsWith('/') ? directory : process.cwd() + '/' + directory;
+        // CI mode: force non-interactive defaults
+        if (options.ci) {
+            if (options.contribute === undefined)
+                options.contribute = false;
+        }
         if (!require('fs').existsSync(targetDir)) {
             process.stderr.write(`Error: Directory '${targetDir}' does not exist.\n`);
             process.exit(1);
@@ -4220,7 +4203,14 @@ Examples:
         }
         // Community contribution: share anonymized findings with OpenA2A Registry
         const soulFormat = options.json ? 'json' : 'text';
-        await handleSoulContribution(options.contribute, targetDir, result, options.registryUrl, soulFormat, { ci: options.ci });
+        await handleSoulContribution(options.contribute, targetDir, result, options.registryUrl, soulFormat);
+        // In CI mode, exit non-zero if any controls failed
+        if (options.ci) {
+            const failedControls = result.domains.flatMap(d => d.controls).filter(c => !c.passed);
+            if (failedControls.length > 0) {
+                process.exit(1);
+            }
+        }
         // Check fail threshold
         if (options.failBelow) {
             const threshold = parseInt(options.failBelow, 10);