kramscan 0.1.1 → 0.2.0

package/dist/commands/analyze.js

@@ -1,47 +1,66 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerAnalyzeCommand = registerAnalyzeCommand;
+const commander_1 = require("commander");
 const chalk_1 = __importDefault(require("chalk"));
 const ai_client_1 = require("../core/ai-client");
+const scan_storage_1 = require("../core/scan-storage");
 const logger_1 = require("../utils/logger");
+const theme_1 = require("../utils/theme");
 const promises_1 = __importDefault(require("fs/promises"));
-const path_1 = __importDefault(require("path"));
-const os_1 = __importDefault(require("os"));
 function registerAnalyzeCommand(program) {
     program
         .command("analyze [scan-file]")
         .description("AI-powered analysis of scan results")
         .option("-m, --model <name>", "Override default AI model")
         .option("-v, --verbose", "Show detailed analysis")
-        .action(async (scanFile, options) => {
+        .action(async (scanFile) => {
         console.log("");
-        console.log(chalk_1.default.bold.cyan("🧠 AI Security Analysis"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("AI Security Analysis"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
+        let spinner = null;
         try {
-            // Load scan results
-            let filepath;
-            if (scanFile) {
-                filepath = path_1.default.isAbsolute(scanFile)
-                    ? scanFile
-                    : path_1.default.join(process.cwd(), scanFile);
-            }
-            else {
-                // Find latest scan
-                const scanDir = path_1.default.join(os_1.default.homedir(), ".kramscan", "scans");
-                const files = await promises_1.default.readdir(scanDir);
-                const scanFiles = files.filter((f) => f.endsWith(".json"));
-                if (scanFiles.length === 0) {
-                    logger_1.logger.error("No scan results found. Run 'kramscan scan <url>' first.");
-                    process.exit(1);
-                }
-                // Get most recent
-                scanFiles.sort().reverse();
-                filepath = path_1.default.join(scanDir, scanFiles[0]);
-                logger_1.logger.info(`Using latest scan: ${scanFiles[0]}`);
+            const resolved = await (0, scan_storage_1.resolveScanFile)(scanFile);
+            const filepath = resolved.filepath;
+            if (resolved.isLatest) {
+                logger_1.logger.info(`Using latest scan: ${resolved.filename}`);
             }
             const content = await promises_1.default.readFile(filepath, "utf-8");
             const scanResult = JSON.parse(content);
@@ -49,26 +68,53 @@ function registerAnalyzeCommand(program) {
                 logger_1.logger.success("No vulnerabilities to analyze!");
                 return;
             }
-            const spinner = logger_1.logger.spinner("Analyzing vulnerabilities with AI...");
-            // Create AI client
+            spinner = logger_1.logger.spinner("Analyzing vulnerabilities with AI...");
+            const { getConfig } = await Promise.resolve().then(() => __importStar(require("../core/config")));
+            const config = await getConfig();
+            if (!config.ai.enabled) {
+                spinner.stop();
+                const { default: inquirer } = await Promise.resolve().then(() => __importStar(require("inquirer")));
+                const { setup } = await inquirer.prompt([
+                    {
+                        type: "confirm",
+                        name: "setup",
+                        message: theme_1.theme.yellow("AI analysis is not enabled. Would you like to set it up now?"),
+                        default: true,
+                    },
+                ]);
+                if (setup) {
+                    const { registerOnboardCommand } = await Promise.resolve().then(() => __importStar(require("./onboard")));
+                    const onboardProgram = new commander_1.Command();
+                    registerOnboardCommand(onboardProgram);
+                    await onboardProgram.parseAsync(["node", "kramscan", "onboard"]);
+                    // Re-check after onboarding
+                    const updatedConfig = await getConfig();
+                    if (!updatedConfig.ai.enabled) {
+                        logger_1.logger.error("AI analysis still not enabled. Exiting.");
+                        return;
+                    }
+                    spinner.start("Analyzing vulnerabilities with AI...");
+                }
+                else {
+                    logger_1.logger.warn("AI analysis skipped.");
+                    return;
+                }
+            }
             const aiClient = await (0, ai_client_1.createAIClient)();
-            // Build analysis prompt
             const prompt = buildAnalysisPrompt(scanResult);
-            // Get AI analysis
             const response = await aiClient.analyze(prompt);
             spinner.succeed("Analysis complete!");
             console.log("");
-            console.log(chalk_1.default.bold("📝 AI Analysis"));
-            console.log(chalk_1.default.gray("─".repeat(50)));
+            console.log(chalk_1.default.bold("AI Analysis"));
+            console.log(chalk_1.default.gray("-".repeat(50)));
             console.log("");
             console.log(response.content);
             console.log("");
             if (response.usage) {
-                console.log(chalk_1.default.gray("─".repeat(50)));
+                console.log(chalk_1.default.gray("-".repeat(50)));
                 console.log(chalk_1.default.gray(`Tokens used: ${response.usage.totalTokens} (${response.usage.promptTokens} prompt + ${response.usage.completionTokens} completion)`));
                 console.log("");
             }
-            // Save enhanced results
             const enhancedResult = {
                 ...scanResult,
                 aiAnalysis: {
@@ -82,6 +128,9 @@ function registerAnalyzeCommand(program) {
             console.log("");
         }
         catch (error) {
+            if (spinner) {
+                spinner.fail("Analysis failed");
+            }
             logger_1.logger.error(error.message);
             process.exit(1);
         }
@@ -89,27 +138,27 @@ function registerAnalyzeCommand(program) {
 }
 function buildAnalysisPrompt(scanResult) {
     const vulnList = scanResult.vulnerabilities
-        .map((v, i) => `${i + 1}. [${v.severity.toUpperCase()}] ${v.title}
-   URL: ${v.url}
-   Description: ${v.description}
-   ${v.evidence ? `Evidence: ${v.evidence}` : ""}
-   ${v.cwe ? `CWE: ${v.cwe}` : ""}`)
+        .map((v, i) => `${i + 1}. [${v.severity.toUpperCase()}] ${v.title}\n` +
+        `   URL: ${v.url}\n` +
+        `   Description: ${v.description}\n` +
+        `${v.evidence ? `   Evidence: ${v.evidence}\n` : ""}` +
+        `${v.cwe ? `   CWE: ${v.cwe}` : ""}`)
         .join("\n\n");
-    return `You are a security expert analyzing web application vulnerabilities.
-
-Target: ${scanResult.target}
-Scan Date: ${scanResult.timestamp}
-Total Vulnerabilities: ${scanResult.summary.total}
-
-Vulnerabilities Found:
-${vulnList}
-
-Please provide:
-1. **Executive Summary**: Brief overview of the security posture
-2. **Risk Assessment**: Overall risk level and business impact
-3. **Priority Recommendations**: Top 3-5 vulnerabilities to fix first, with specific remediation steps
-4. **Attack Scenarios**: How an attacker could chain these vulnerabilities
-5. **Remediation Roadmap**: Step-by-step plan to address all findings
-
+    return `You are a security expert analyzing web application vulnerabilities.
+
+Target: ${scanResult.target}
+Scan Date: ${scanResult.timestamp}
+Total Vulnerabilities: ${scanResult.summary.total}
+
+Vulnerabilities Found:
+${vulnList}
+
+Please provide:
+1. Executive Summary: Brief overview of the security posture
+2. Risk Assessment: Overall risk level and business impact
+3. Priority Recommendations: Top 3-5 vulnerabilities to fix first, with specific remediation steps
+4. Attack Scenarios: How an attacker could chain these vulnerabilities
+5. Remediation Roadmap: Step-by-step plan to address all findings
+
 Format your response in clear markdown with headers and bullet points.`;
 }

package/dist/commands/config.js

@@ -22,21 +22,26 @@ function registerConfigCommand(program) {
             logger_1.logger.error(`Configuration key '${key}' not found`);
             process.exit(1);
         }
-        console.log(chalk_1.default.cyan(key), "=", chalk_1.default.white(JSON.stringify(value, null, 2)));
+        const displayValue = key === "ai.apiKey" && typeof value === "string" && value
+            ? "***configured***"
+            : value;
+        console.log(chalk_1.default.cyan(key), "=", chalk_1.default.white(JSON.stringify(displayValue, null, 2)));
     });
     configCmd
         .command("set <key> <value>")
         .description("Set a configuration value")
         .action(async (key, value) => {
         const config = await (0, config_1.getConfig)();
-        // Parse value
         let parsedValue = value;
-        if (value === "true")
+        if (value === "true") {
             parsedValue = true;
-        else if (value === "false")
+        }
+        else if (value === "false") {
             parsedValue = false;
-        else if (!isNaN(Number(value)))
+        }
+        else if (!Number.isNaN(Number(value))) {
             parsedValue = Number(value);
+        }
         setNestedValue(config, key, parsedValue);
         await (0, config_1.setConfig)(config);
         logger_1.logger.success(`Set ${chalk_1.default.cyan(key)} = ${chalk_1.default.white(JSON.stringify(parsedValue))}`);
@@ -46,11 +51,18 @@ function registerConfigCommand(program) {
         .description("List all configuration")
         .action(async () => {
         const config = await (0, config_1.getConfig)();
+        const sanitizedConfig = {
+            ...config,
+            ai: {
+                ...config.ai,
+                apiKey: config.ai.apiKey ? "***configured***" : "",
+            },
+        };
         console.log("");
-        console.log(chalk_1.default.bold.cyan("📋 Current Configuration"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("Current Configuration"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
-        console.log(JSON.stringify(config, null, 2));
+        console.log(JSON.stringify(sanitizedConfig, null, 2));
         console.log("");
     });
     configCmd
@@ -59,8 +71,8 @@ function registerConfigCommand(program) {
         .action(async () => {
         const config = await (0, config_1.getConfig)();
         console.log("");
-        console.log(chalk_1.default.bold.cyan("⚙️  Configuration Editor"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("Configuration Editor"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
         const answers = await inquirer_1.default.prompt([
             {
@@ -73,23 +85,23 @@ function registerConfigCommand(program) {
                 type: "list",
                 name: "aiProvider",
                 message: "AI provider:",
-                choices: ["openai", "anthropic"],
+                choices: ["openai", "anthropic", "gemini", "openrouter", "mistral", "kimi", "groq"],
                 default: config.ai.provider,
-                when: (answers) => answers.aiEnabled,
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "input",
                 name: "apiKey",
-                message: "API key:",
-                default: config.ai.apiKey,
-                when: (answers) => answers.aiEnabled,
+                message: "API key (leave blank to keep current):",
+                default: "",
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "input",
                 name: "model",
                 message: "Default AI model:",
                 default: config.ai.defaultModel,
-                when: (answers) => answers.aiEnabled,
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "list",
@@ -103,36 +115,50 @@ function registerConfigCommand(program) {
                 name: "rateLimit",
                 message: "Requests per second rate limit:",
                 default: config.scan.rateLimitPerSecond,
+                validate: (value) => Number.isFinite(value) && value > 0
+                    ? true
+                    : "Rate limit must be a positive number",
             },
         ]);
-        // Update config
-        if (answers.aiEnabled !== undefined)
+        if (answers.aiEnabled !== undefined) {
             config.ai.enabled = answers.aiEnabled;
-        if (answers.aiProvider)
+        }
+        if (answers.aiProvider) {
             config.ai.provider = answers.aiProvider;
-        if (answers.apiKey)
+        }
+        if (answers.apiKey) {
             config.ai.apiKey = answers.apiKey;
-        if (answers.model)
+        }
+        if (answers.model) {
             config.ai.defaultModel = answers.model;
-        if (answers.reportFormat)
+        }
+        if (answers.reportFormat) {
             config.report.defaultFormat = answers.reportFormat;
-        if (answers.rateLimit)
+        }
+        if (Number.isFinite(answers.rateLimit) && answers.rateLimit > 0) {
             config.scan.rateLimitPerSecond = answers.rateLimit;
-        (0, config_1.setConfig)(config);
+        }
+        await (0, config_1.setConfig)(config);
         console.log("");
         logger_1.logger.success("Configuration updated successfully!");
         console.log("");
     });
 }
-function getNestedValue(obj, path) {
-    return path.split(".").reduce((current, key) => current?.[key], obj);
+function getNestedValue(obj, keyPath) {
+    return keyPath
+        .split(".")
+        .reduce((current, key) => current?.[key], obj);
 }
-function setNestedValue(obj, path, value) {
-    const keys = path.split(".");
+function setNestedValue(obj, keyPath, value) {
+    const keys = keyPath.split(".");
     const lastKey = keys.pop();
+    if (!lastKey) {
+        return;
+    }
     const target = keys.reduce((current, key) => {
-        if (!current[key])
+        if (!current[key] || typeof current[key] !== "object") {
             current[key] = {};
+        }
         return current[key];
     }, obj);
     target[lastKey] = value;

package/dist/commands/doctor.js

@@ -40,11 +40,9 @@ exports.registerDoctorCommand = registerDoctorCommand;
 const chalk_1 = __importDefault(require("chalk"));
 const config_1 = require("../core/config");
 const logger_1 = require("../utils/logger");
-const child_process_1 = require("child_process");
-const util_1 = require("util");
+const dns = __importStar(require("dns/promises"));
 const promises_1 = __importDefault(require("fs/promises"));
 const os_1 = __importDefault(require("os"));
-const execAsync = (0, util_1.promisify)(child_process_1.exec);
 function registerDoctorCommand(program) {
     program
         .command("doctor")
@@ -123,7 +121,7 @@ async function checkNodeVersion() {
 }
 async function checkPuppeteer() {
     try {
-        const puppeteer = await Promise.resolve().then(() => __importStar(require("puppeteer")));
+        await Promise.resolve().then(() => __importStar(require("puppeteer")));
         return {
             name: "Puppeteer",
             status: "pass",
@@ -158,6 +156,15 @@ async function checkConfig() {
 async function checkAPIKeys() {
     try {
         const config = await (0, config_1.getConfig)();
+        const envFallback = {
+            openai: process.env.OPENAI_API_KEY,
+            anthropic: process.env.ANTHROPIC_API_KEY,
+            gemini: process.env.GEMINI_API_KEY,
+            openrouter: process.env.OPENROUTER_API_KEY,
+            mistral: process.env.MISTRAL_API_KEY,
+            kimi: process.env.KIMI_API_KEY,
+            groq: process.env.GROQ_API_KEY,
+        };
         if (!config.ai.enabled) {
             return {
                 name: "AI Configuration",
@@ -165,7 +172,8 @@ async function checkAPIKeys() {
                 message: "AI analysis is disabled. Run 'kramscan onboard' to enable it.",
             };
         }
-        if (!config.ai.apiKey) {
+        const apiKey = config.ai.apiKey || envFallback[config.ai.provider] || "";
+        if (!apiKey) {
             return {
                 name: "AI Configuration",
                 status: "warn",
@@ -208,16 +216,13 @@ async function checkDiskSpace() {
 }
 async function checkNetwork() {
     try {
-        // Simple DNS check
-        const { exec } = require("child_process");
-        await new Promise((resolve, reject) => {
-            exec("ping -n 1 8.8.8.8", (error) => {
-                if (error)
-                    reject(error);
-                else
-                    resolve(true);
-            });
-        });
+        const timeoutMs = 3000;
+        await Promise.race([
+            dns.lookup("example.com"),
+            new Promise((_, reject) => {
+                setTimeout(() => reject(new Error("DNS lookup timeout")), timeoutMs);
+            }),
+        ]);
         return {
             name: "Network Connectivity",
             status: "pass",