npm - korext - Versions diffs - 0.9.3 → 0.9.5 - Mend

korext 0.9.3 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -99,6 +99,16 @@ OWASP Top 10 | PCI-DSS | HIPAA | GDPR | SOC 2 | NIST SP 800-53 | NIST SP 800-171
 | `KOREXT_API_TOKEN` | API authentication token (recommended) |
 | `KOREXT_TOKEN` | Deprecated alias (shows warning) |
+## Changelog
+### v0.9.5
+Fixed
+- Watch mode now detects file changes correctly and scans on startup
+- Enforcing a nonexistent directory now prints an error and exits with code 2 instead of silently passing
+- Offline enforcement prints how many rules are available versus how many require server analysis
+- Policy commands now default to the production API instead of localhost
 ## Links
 - Website: [korext.com](https://www.korext.com)
@@ -112,4 +122,4 @@ OWASP Top 10 | PCI-DSS | HIPAA | GDPR | SOC 2 | NIST SP 800-53 | NIST SP 800-171
 **Publisher**: Korext
 **License**: Proprietary
-**Version**: 0.8.0
+**Version**: 0.9.5

package/bin/korext.js CHANGED Viewed

@@ -172,8 +172,11 @@ program
   .action((tokenArg) => {
     let token = tokenArg;
     if (!token) {
-      console.log(`\nPlease generate an API token at ${chalk.cyan('https://app.korext.com/settings/tokens')}`);
-      console.log(`Then run: ${chalk.green('korext login <your-token>')}\n`);
+      console.log(`\nTo authenticate, sign in at ${chalk.cyan('https://app.korext.com')} and use your session token.`);
+      console.log(`Long-lived API tokens for CI/CD are coming soon.`);
+      console.log(`\nFor CI/CD, Korext works in anonymous mode (20 requests per hour).`);
+      console.log(`Set ${chalk.green('KOREXT_API_TOKEN')} for higher limits.`);
+      console.log(`\nThen run: ${chalk.green('korext login <your-token>')}\n`);
       process.exit(1);
     }
     const config = getConfig();
@@ -264,6 +267,14 @@ program
     let forceOffline = options.offline;
     let localDefinitions = null;
+    // Pre-flight: verify directory exists
+    const resolvedInputDir = path.resolve(dir);
+    if (!fs.existsSync(resolvedInputDir)) {
+      if (isText) console.error(chalk.red(`\n✖ Directory does not exist: ${resolvedInputDir}`));
+      else console.error(JSON.stringify({ error: `Directory does not exist: ${resolvedInputDir}` }));
+      process.exit(2);
+    }
     if (isText) {
       console.log(`\n${chalk.bold.hex('#F27D26')('▲ KOREXT CLI ENFORCEMENT ENGINE')} v${version}`);
       console.log(chalk.dim('======================================='));
@@ -292,6 +303,11 @@ program
       if (isText) {
         console.log(chalk.yellow('\n⚡ Offline mode: using local rule engine (regex-based analysis)'));
         console.log(chalk.dim(`   Cached rules: v${localDefinitions.version} · ${localDefinitions.ruleCount} rules · ${localDefinitions.packCount} packs`));
+        // Show rule coverage breakdown
+        const packRules = localDefinitions.packs?.[pack]?.rules || [];
+        const availableCount = packRules.filter(r => localDefinitions.rules?.[r]).length;
+        const serverOnlyCount = packRules.length - availableCount;
+        console.log(chalk.dim(`   Offline mode: ${availableCount} of ${packRules.length} rules available. ${serverOnlyCount} rules require server analysis.`));
         console.log(chalk.dim('   Note: AI-powered deep analysis is unavailable in offline mode.\n'));
       }
     }
@@ -331,9 +347,12 @@ program
     let usedLocalEngine = false;
+    const resolvedDir = path.resolve(dir);
     for (let i = 0; i < files.length; i++) {
       const file = files[i];
       const displayPath = path.relative(process.cwd(), file);
+      const sarifPath = path.relative(resolvedDir, file);
       let fileSpinner = null;
       if (isText) fileSpinner = ora(`Analyzing ${displayPath} (${i + 1}/${files.length})...`).start();
@@ -433,39 +452,51 @@ program
           }
           storedV.push(v);
         }
-        report.results.push({ file: displayPath, violations: storedV });
+        report.results.push({ file: displayPath, sarifFile: sarifPath, violations: storedV });
       } else {
         if (fileSpinner) fileSpinner.stop();
-        report.results.push({ file: displayPath, violations: [] });
+        report.results.push({ file: displayPath, sarifFile: sarifPath, violations: [] });
       }
     }
     if (format === 'json') {
       console.log(JSON.stringify(report, null, 2));
     } else if (format === 'sarif') {
-      const sarif = {
-        version: "2.1.0",
-        $schema: "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json",
-        runs: [{
-          tool: { driver: { name: "Korext", version } },
-          results: []
-        }]
-      };
+      // Build SARIF results
+      const sarifResults = [];
       for (const res of report.results) {
         for (const v of res.violations) {
-          sarif.runs[0].results.push({
-            ruleId: v.ruleName,
+          const messageText = v.explanation
+            || (v.ruleName ? v.ruleName + ': ' + (v.message || 'violation detected') : (v.ruleId || 'unknown') + ' violation detected');
+          sarifResults.push({
+            ruleId: v.ruleName || v.ruleId || 'unknown',
             level: v.severity === 'critical' || v.severity === 'high' ? "error" : v.severity === 'medium' ? "warning" : "note",
-            message: { text: v.explanation },
+            message: { text: messageText },
             locations: [{
               physicalLocation: {
-                artifactLocation: { uri: res.file },
+                artifactLocation: { uri: res.sarifFile || res.file },
                 region: { startLine: v.line, startColumn: v.column || 1 }
               }
             }]
           });
         }
       }
+      // Build driver.rules from unique ruleIds
+      const ruleIds = [...new Set(sarifResults.map(r => r.ruleId))];
+      const rules = ruleIds.map(id => ({
+        id,
+        shortDescription: { text: id.replace(/-/g, ' ') }
+      }));
+      const sarif = {
+        version: "2.1.0",
+        $schema: "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json",
+        runs: [{
+          tool: { driver: { name: "Korext", version, rules } },
+          results: sarifResults
+        }]
+      };
       console.log(JSON.stringify(sarif, null, 2));
     } else {
       console.log('\n' + chalk.dim('======================================='));
@@ -1291,6 +1322,29 @@ program
           if (fs.existsSync(fullPath)) analyzeWatchedFile(fullPath);
         }, DEBOUNCE_MS));
       });
+      // Also do an initial scan of all existing files on startup
+      const initialFiles = [];
+      function walkDir(d) {
+        let entries;
+        try { entries = fs.readdirSync(d, { withFileTypes: true }); } catch { return; }
+        for (const entry of entries) {
+          if (IGNORE_DIRS.has(entry.name)) continue;
+          const fullPath = path.join(d, entry.name);
+          if (entry.isDirectory()) {
+            walkDir(fullPath);
+          } else if (SUPPORTED_EXTS.has(path.extname(entry.name))) {
+            initialFiles.push(fullPath);
+          }
+        }
+      }
+      walkDir(dir);
+      if (initialFiles.length > 0) {
+        console.log(chalk.dim(`  Initial scan: ${initialFiles.length} file(s)...\n`));
+        for (const f of initialFiles) {
+          await analyzeWatchedFile(f);
+        }
+      }
     } catch (e) {
       console.error(chalk.red(`Failed to watch ${dir}: ${e.message}`));
       process.exit(1);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "korext",
-  "version": "0.9.3",
+  "version": "0.9.5",
   "description": "Korext Command Line Interface",
   "type": "module",
   "main": "bin/korext.js",