npm - korext - Versions diffs - 0.9.12 → 1.0.1 - Mend

korext 0.9.12 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,8 @@
-# Korext CLI
+# KOREXT CLI
-Enforce compliance on AI-generated code from the command line and CI/CD pipelines. 478 rules across 44 policy packs with real detection logic. Every violation mapped to specific regulatory clauses. SARIF output for CI scanner integration.
+AI Code Governance for your terminal and CI/CD pipelines.
+Enforce compliance policies on human written and AI generated code. 72 policy packs. 532 detection rules. 13 languages. Cryptographically signed proof bundles.
 ## Install
@@ -11,115 +13,127 @@ npm install -g korext
 ## Quick Start
 ```bash
+# Sign in
 korext login
-korext enforce ./src --pack web-platform-v2
+# Initialize your project
+korext init
+# Enforce policies on your code
+korext enforce .
+# Enforce with specific packs
+korext enforce . --pack web,pci-dss-v1
+# Enforce with a specific region
+korext enforce . --region eu --pack web
+# Generate a signed proof bundle
+korext enforce . --pack web --sign
 ```
 ## Commands
 | Command | Description |
 |---------|-------------|
-| `korext login [token]` | Save API token |
-| `korext status` | Check connection and subscription |
-| `korext enforce [dir]` | Scan files for violations |
-| `korext policy init` | Initialize a policy document |
-| `korext policy extract` | AI rule extraction from documents |
-| `korext policy review` | Review extracted rules |
-| `korext rules sync` | Cache rules for offline use |
-### Enforce Options
-| Flag | Description |
-|------|-------------|
-| `--pack <id>` | Select a policy pack |
-| `--format text\|json\|sarif` | Output format |
-| `--offline` | Use cached rules only |
-| `--sync-rules` | Download rule cache before scan |
+| `korext login` | Sign in to your KOREXT account |
+| `korext init` | Initialize a project with korext.json |
+| `korext enforce <path>` | Run policy enforcement on files |
+| `korext packs list` | List all available policy packs |
+| `korext industries` | List industries and their packs |
+| `korext bundle list` | List your recent proof bundles |
+| `korext bundle export <id>` | Download a proof bundle as PDF |
+| `korext bundle verify <id>` | Verify a proof bundle signature |
+| `korext status` | Show current configuration and region |
+## Enforce Options
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--pack <ids>` | Comma separated pack IDs | web |
+| `--region <name>` | Data region (us, eu, apac) | us |
+| `--format <type>` | Output format (text, json, sarif) | text |
+| `--sign` | Request signed proof bundle | false |
+| `--industry <name>` | Select packs by industry | (none) |
+| `--offline` | Run with local engine only | false |
+## Output Formats
+**Text** (default): Human readable violation list with governance context.
+**JSON**: Machine readable output with full violation details, confidence scores, and proof bundle metadata.
+**SARIF**: Static Analysis Results Interchange Format for CI/CD integration. Compatible with GitHub Code Scanning, Azure DevOps, and other SARIF consumers.
 ## CI/CD Integration
 ### GitHub Actions
 ```yaml
-- name: Korext Compliance Check
-  run: |
-    npm install -g korext
-    korext enforce ./src \
-      --pack cmmc-level2-v1 \
-      --format sarif
+- uses: korext/enforce-action@v3
+  with:
+    pack: web,pci-dss-v1
+    region: eu
   env:
     KOREXT_API_TOKEN: ${{ secrets.KOREXT_API_TOKEN }}
 ```
-### Exit Codes
-| Code | Meaning |
-|------|---------|
-| `0` | Clean (no critical or high violations) |
-| `1` | Violations found |
-| `2` | Error |
-Writes GitHub Actions Step Summary via `GITHUB_STEP_SUMMARY` when detected.
-## SARIF Output
+### Pre-commit Hook
 ```bash
-korext enforce ./src --format sarif > results.sarif
+# .husky/pre-commit
+korext enforce . --pack web
 ```
-Generates OASIS SARIF 2.1.0 for CI scanner integration (GitHub Code Scanning, Azure DevOps, etc.).
-## Offline Mode
+### Generic CI
 ```bash
-korext rules sync
-korext enforce ./src --offline
+npm install -g korext
+korext login --token $KOREXT_API_TOKEN
+korext enforce . --pack web --format sarif --sign
 ```
-Cached rules enforce locally with zero network calls. Status output shows "Offline (local rules only)".
+## Exit Codes
+| Code | Meaning |
+|------|---------|
+| 0 | PASS (no violations) |
+| 1 | BLOCK (violations found) |
+| 2 | ERROR (invalid input, network, auth) |
-## Supported Compliance Frameworks
+CI pipelines should fail on exit code 1 to block non-compliant code from merging.
-OWASP Top 10 | PCI-DSS | HIPAA | GDPR | SOC 2 | NIST SP 800-53 | NIST SP 800-171 | CMMC Level 2/3 | FedRAMP | ISO 27001 | DORA | NIS2 | CIS Benchmarks | UK DPA | Australian Privacy Act | APPI (Japan) | PDPA (Singapore, Taiwan) | and 25+ more
+## Configuration
-## Key Features
+### korext.json
-- 478 rules across 44 policy packs
-- Three-layer governance: regulatory, technical standards (CWE, OWASP), security intelligence (MITRE ATT&CK)
-- 9 jurisdiction coverage (US, EU, UK, Canada, Australia, New Zealand, Japan, Taiwan, Singapore)
-- SARIF 2.1.0 output for CI scanner integration
-- GitHub Actions Step Summary generation
-- Offline mode with cached rules
-- Custom policy packs from uploaded documents
+```json
+{
+  "project": "my-app",
+  "targetPacks": ["web", "pci-dss-v1"],
+  "region": "eu",
+  "industry": "finance"
+}
+```
-## Environment Variables
+### Environment Variables
 | Variable | Description |
 |----------|-------------|
-| `KOREXT_API_TOKEN` | API authentication token (recommended) |
-| `KOREXT_TOKEN` | Deprecated alias (shows warning) |
-## Changelog
+| `KOREXT_API_TOKEN` | API token for CI/CD (from dashboard) |
-### v0.9.5
+## Data Sovereignty
-Fixed
-- Watch mode now detects file changes correctly and scans on startup
-- Enforcing a nonexistent directory now prints an error and exits with code 2 instead of silently passing
-- Offline enforcement prints how many rules are available versus how many require server analysis
-- Policy commands now default to the production API instead of localhost
+Choose your data processing region: US, EU, or Asia Pacific. Set via `--region` flag, `korext.json`, or `korext init`. All enforcement data stays in your chosen region.
 ## Links
-- Website: [korext.com](https://www.korext.com)
-- Dashboard: [app.korext.com](https://app.korext.com)
-- VS Code Extension: [marketplace.visualstudio.com](https://marketplace.visualstudio.com/items?itemName=Korext.korext)
-- LinkedIn: [linkedin.com/company/korext](https://www.linkedin.com/company/korext)
-- GitHub: [github.com/Korext](https://github.com/Korext)
-- Support: support@korext.com
+- [Website](https://korext.com)
+- [Dashboard](https://app.korext.com)
+- [Documentation](https://korext.com/docs)
+- [GitHub Action](https://github.com/marketplace/actions/korext-enforce)
+- [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=Korext.korext)
----
+## License
-**Publisher**: Korext
-**License**: Proprietary
-**Version**: 0.9.5
+Proprietary. See [Terms of Service](https://korext.com/legal).

package/bin/korext.js CHANGED Viewed

@@ -295,6 +295,15 @@ async function fetchAndCacheRules() {
  * Run rules locally against code using cached regex definitions.
  * Mirrors korext-core/src/engine/localEngine.ts analyzeLocally().
  */
+// M1: Check if a line is a comment (skip from local engine scanning)
+function isCommentLine(line) {
+  const trimmed = line.trim();
+  return trimmed.startsWith('//')
+    || trimmed.startsWith('*')
+    || trimmed.startsWith('/*')
+    || trimmed.startsWith('#');
+}
 function analyzeLocally(code, packId, definitions) {
   // Normalize packId to array to support multi-pack (e.g. ["web", "pci-dss-v1"])
   const packIdList = Array.isArray(packId) ? packId : [packId];
@@ -321,6 +330,8 @@ function analyzeLocally(code, packId, definitions) {
       try {
         const re = new RegExp(pattern.regex, pattern.flags || 'gi');
         lines.forEach((line, i) => {
+          // M1: Skip comment lines to avoid false positives
+          if (isCommentLine(line)) return;
           re.lastIndex = 0;
           if (re.test(line)) {
             violations.push({
@@ -371,7 +382,12 @@ const program = new Command();
 program
   .name('korext')
   .description('Korext Command Line Interface - Enterprise Policy Enforcement')
-  .version(version);
+  .version(version)
+  .action(() => {
+    // H3: Show help and exit 0 when no subcommand is provided
+    program.outputHelp();
+    process.exit(0);
+  });
 program
   .command('login [token]')
@@ -585,6 +601,7 @@ program
   .command('init')
   .description('Initialize a korext.json configuration file for your project')
   .option('--non-interactive', 'Skip prompts and use defaults', false)
+  .option('--region <region>', 'Data processing region (us, eu, apac)')
   .action(async (options) => {
     console.log(chalk.bold.hex('#F27D26')('\n\u25b2 KOREXT PROJECT INIT'));
     console.log(chalk.dim('=======================================\n'));
@@ -613,13 +630,15 @@ program
     const taxonomy = buildTaxonomyFromPacks(defs.packs);
     if (options.nonInteractive) {
-      // Non-interactive: default to web pack
+      // Non-interactive: default to web pack, optionally with region
       const config = {
         targetPacks: ['web'],
+        ...(options.region && { region: options.region }),
         exclude: ['node_modules', 'dist', 'build', '.next']
       };
       fs.writeFileSync(outputPath, JSON.stringify(config, null, 2));
-      console.log(chalk.green(`Created ${outputPath} with default pack: web\n`));
+      const regionNote = options.region ? ` (region: ${options.region})` : '';
+      console.log(chalk.green(`Created ${outputPath} with default pack: web${regionNote}\n`));
       process.exit(0);
     }
@@ -856,6 +875,13 @@ program
     const format = options.format.toLowerCase();
     const isText = format === 'text';
+    // H1: Validate output format before proceeding
+    const SUPPORTED_FORMATS = ['text', 'json', 'sarif'];
+    if (!SUPPORTED_FORMATS.includes(format)) {
+      console.error(chalk.red(`\n\u2716 Unsupported format: "${format}". Supported formats: ${SUPPORTED_FORMATS.join(', ')}`));
+      process.exit(2);
+    }
     // ── Workspace config reader ──────────────────────────────────────────────
     function loadWorkspaceConfig(targetDir) {
       const configPaths = [
@@ -916,7 +942,7 @@ program
           } else {
             console.error(JSON.stringify({ error: `Unknown pack ID(s): ${unknownPacks.join(', ')}` }));
           }
-          process.exit(1);
+          process.exit(2); // C2: Error exit for invalid pack ID
         }
       }
     } else if (options.industry) {
@@ -925,14 +951,14 @@ program
       if (!taxonomy) {
         if (isText) console.error(chalk.red('\n\u2716 --industry requires cached rule definitions.'));
         if (isText) console.error(chalk.dim(`  Run ${chalk.green('korext rules sync')} first to cache pack tags.`));
-        process.exit(1);
+        process.exit(2); // C2: Error exit for missing cache
       }
       packIds = resolvePacksForIndustryRegion(options.industry, options.region || null, taxonomy);
       packSource = 'industry-flag';
       if (packIds.length === 0) {
         if (isText) console.error(chalk.red(`\n\u2716 No packs found for industry '${options.industry}'${options.region ? ` in region '${options.region}'` : ''}.`));
         if (isText) console.error(chalk.dim(`  Run ${chalk.green('korext industries')} to see valid industry names.`));
-        process.exit(1);
+        process.exit(2); // C2: Error exit for no matching packs
       }
       if (isText) console.log(`[KOREXT] Resolved ${packIds.length} packs for industry: ${options.industry}${options.region ? ` (region: ${options.region})` : ''}`);
     } else {
@@ -1002,11 +1028,30 @@ program
     let forceOffline = options.offline;
     let localDefinitions = null;
-    // Pre-flight: verify directory exists
+    // C1: Pre-flight: verify path exists and determine file vs directory
     const resolvedInputDir = path.resolve(dir);
     if (!fs.existsSync(resolvedInputDir)) {
-      if (isText) console.error(chalk.red(`\n✖ Directory does not exist: ${resolvedInputDir}`));
-      else console.error(JSON.stringify({ error: `Directory does not exist: ${resolvedInputDir}` }));
+      if (isText) console.error(chalk.red(`\n\u2716 Path does not exist: ${resolvedInputDir}`));
+      else console.error(JSON.stringify({ error: `Path does not exist: ${resolvedInputDir}` }));
+      process.exit(2);
+    }
+    // C1: Detect single file vs directory
+    let isSingleFile = false;
+    const inputStats = fs.statSync(resolvedInputDir);
+    if (inputStats.isFile()) {
+      isSingleFile = true;
+      const ext = path.extname(resolvedInputDir);
+      const SUPPORTED_EXTENSIONS = ['.ts', '.tsx', '.js', '.jsx', '.py', '.go', '.java', '.rs'];
+      if (!SUPPORTED_EXTENSIONS.includes(ext)) {
+        if (isText) console.error(chalk.red(`\n\u2716 Unsupported file type: ${ext}`));
+        else console.error(JSON.stringify({ error: `Unsupported file type: ${ext}` }));
+        if (isText) console.error(chalk.dim(`  Supported: ${SUPPORTED_EXTENSIONS.join(', ')}\n`));
+        process.exit(2);
+      }
+    } else if (!inputStats.isDirectory()) {
+      if (isText) console.error(chalk.red(`\n\u2716 Invalid path (not a file or directory): ${resolvedInputDir}`));
+      else console.error(JSON.stringify({ error: `Invalid path: ${resolvedInputDir}` }));
       process.exit(2);
     }
@@ -1033,7 +1078,7 @@ program
       if (!localDefinitions) {
         if (isText) console.error(chalk.red('\n✖ Offline mode requires cached rule definitions.'));
         if (isText) console.error(chalk.dim(`  Run ${chalk.green('korext rules sync')} or ${chalk.green('korext enforce --sync-rules')} first while online.`));
-        process.exit(1);
+        process.exit(2); // C2: Error exit for missing offline cache
       }
       if (isText) {
         console.log(chalk.yellow('\n⚡ Offline mode: using local rule engine (regex-based analysis)'));
@@ -1079,12 +1124,17 @@ program
       bundles: []
     };
+    // C1: Single file support
     let files;
-    try {
-      files = findFiles(dir);
-    } catch (e) {
-      if (isText) console.error(chalk.red(`Error reading directory: ${e.message}`));
-      process.exit(1);
+    if (isSingleFile) {
+      files = [resolvedInputDir];
+    } else {
+      try {
+        files = findFiles(dir);
+      } catch (e) {
+        if (isText) console.error(chalk.red(`Error reading directory: ${e.message}`));
+        process.exit(2); // C2: Error exit for filesystem errors
+      }
     }
     report.summary.totalFiles = files.length;
@@ -1150,6 +1200,18 @@ program
           });
           clearTimeout(timeoutId);
+          // C3 + H2: Differentiate auth errors from server/network errors
+          if (res.status === 401 || res.status === 403) {
+            if (fileSpinner) fileSpinner.stop();
+            if (isText) {
+              console.error(chalk.red('\n\u2716 Authentication failed. Your token may be expired.'));
+              console.error(chalk.dim(`  Run: ${chalk.green('korext login')} to re-authenticate.\n`));
+            } else {
+              console.error(JSON.stringify({ error: 'Authentication failed. Token may be expired. Run: korext login' }));
+            }
+            process.exit(2);
+          }
           if (!res.ok) {
             throw new Error(`HTTP ${res.status}`);
           }
@@ -1170,7 +1232,7 @@ program
               file: displayPath,
               bundleId: result.proofBundle.bundleId,
               decision: result.proofBundle.decision,
-              signed: !!result.proofBundle.hmacSignature,
+              signed: !!result.proofBundle.hmacSignature || !!result.proofBundle.signature,
               verifyUrl: `https://app.korext.com/verify/${result.proofBundle.bundleId}`,
             });
           }
@@ -1180,12 +1242,12 @@ program
             fetchAndCacheRules().catch(() => {});
           }
         } catch (e) {
-          // Server unreachable — fall back to local engine
+          // Network error or server 5xx: fall back to local engine
           if (localDefinitions) {
             if (!usedLocalEngine && isText && i === 0) {
               // Show fallback banner once
-              console.log(chalk.yellow(`\n⚡ Server unreachable. Falling back to local engine (regex-based analysis).`));
-              console.log(chalk.dim(`   Cached rules: v${localDefinitions.version} · ${localDefinitions.ruleCount} rules\n`));
+              console.log(chalk.yellow(`\n\u26a1 Server unreachable. Falling back to local engine (regex-based analysis).`));
+              console.log(chalk.dim(`   Cached rules: v${localDefinitions.version} \u00b7 ${localDefinitions.ruleCount} rules\n`));
             }
             fileViolations = analyzeLocally(fileContent, pack, localDefinitions);
             usedLocalEngine = true;

package/package.json CHANGED Viewed

@@ -1,15 +1,15 @@
 {
   "name": "korext",
-  "version": "0.9.12",
+  "version": "1.0.1",
   "mcpName": "io.github.Korext/governance",
-  "description": "Korext Command Line Interface",
+  "description": "KOREXT CLI. AI Code Governance. Enforce compliance policies on human written and AI generated code. 72 policy packs. 532 rules. 13 languages. Signed proof bundles.",
   "type": "module",
   "main": "bin/korext.js",
   "bin": {
     "korext": "bin/korext.js"
   },
-  "author": "Korext <support@korext.com>",
-  "license": "ISC",
+  "author": "Korext <tombruno@korext.com> (https://korext.com)",
+  "license": "SEE LICENSE IN LICENSE",
   "dependencies": {
     "chalk": "^4.1.2",
     "commander": "^14.0.3",
@@ -19,24 +19,35 @@
     "ora": "^5.4.1"
   },
   "files": [
-    "bin/"
+    "bin/",
+    "README.md",
+    "LICENSE"
   ],
-  "homepage": "https://www.korext.com",
+  "homepage": "https://korext.com",
+  "repository": {
+    "type": "git",
+    "url": "https://korext.com"
+  },
   "bugs": {
+    "url": "https://korext.com/support",
     "email": "support@korext.com"
   },
+  "engines": {
+    "node": ">=18.0.0"
+  },
   "keywords": [
     "governance",
     "compliance",
     "security",
-    "cli",
-    "cicd",
-    "sarif",
+    "SAST",
+    "linter",
+    "code-quality",
     "AI",
-    "code review",
+    "policy",
     "PCI-DSS",
     "HIPAA",
-    "OWASP",
-    "korext"
+    "GDPR",
+    "proof-bundle",
+    "sovereignty"
   ]
 }