kramscan 0.1.1 → 0.3.0

package/dist/commands/doctor.js

@@ -40,11 +40,9 @@ exports.registerDoctorCommand = registerDoctorCommand;
 const chalk_1 = __importDefault(require("chalk"));
 const config_1 = require("../core/config");
 const logger_1 = require("../utils/logger");
-const child_process_1 = require("child_process");
-const util_1 = require("util");
+const dns = __importStar(require("dns/promises"));
 const promises_1 = __importDefault(require("fs/promises"));
 const os_1 = __importDefault(require("os"));
-const execAsync = (0, util_1.promisify)(child_process_1.exec);
 function registerDoctorCommand(program) {
     program
         .command("doctor")
@@ -123,7 +121,7 @@ async function checkNodeVersion() {
 }
 async function checkPuppeteer() {
     try {
-        const puppeteer = await Promise.resolve().then(() => __importStar(require("puppeteer")));
+        await Promise.resolve().then(() => __importStar(require("puppeteer")));
         return {
             name: "Puppeteer",
             status: "pass",
@@ -158,6 +156,15 @@ async function checkConfig() {
 async function checkAPIKeys() {
     try {
         const config = await (0, config_1.getConfig)();
+        const envFallback = {
+            openai: process.env.OPENAI_API_KEY,
+            anthropic: process.env.ANTHROPIC_API_KEY,
+            gemini: process.env.GEMINI_API_KEY,
+            openrouter: process.env.OPENROUTER_API_KEY,
+            mistral: process.env.MISTRAL_API_KEY,
+            kimi: process.env.KIMI_API_KEY,
+            groq: process.env.GROQ_API_KEY,
+        };
         if (!config.ai.enabled) {
             return {
                 name: "AI Configuration",
@@ -165,7 +172,8 @@ async function checkAPIKeys() {
                 message: "AI analysis is disabled. Run 'kramscan onboard' to enable it.",
             };
         }
-        if (!config.ai.apiKey) {
+        const apiKey = config.ai.apiKey || envFallback[config.ai.provider] || "";
+        if (!apiKey) {
             return {
                 name: "AI Configuration",
                 status: "warn",
@@ -208,16 +216,13 @@ async function checkDiskSpace() {
 }
 async function checkNetwork() {
     try {
-        // Simple DNS check
-        const { exec } = require("child_process");
-        await new Promise((resolve, reject) => {
-            exec("ping -n 1 8.8.8.8", (error) => {
-                if (error)
-                    reject(error);
-                else
-                    resolve(true);
-            });
-        });
+        const timeoutMs = 3000;
+        await Promise.race([
+            dns.lookup("example.com"),
+            new Promise((_, reject) => {
+                setTimeout(() => reject(new Error("DNS lookup timeout")), timeoutMs);
+            }),
+        ]);
         return {
             name: "Network Connectivity",
             status: "pass",

package/dist/commands/gate.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerGateCommand(program: Command): void;

package/dist/commands/gate.js

@@ -0,0 +1,109 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerGateCommand = registerGateCommand;
+const scanner_1 = require("../core/scanner");
+const server_probe_1 = require("../core/server-probe");
+const theme_1 = require("../utils/theme");
+const logger_1 = require("../utils/logger");
+function registerGateCommand(program) {
+    program
+        .command("gate <url>")
+        .description("CI/CD security quality gate — scan and exit with code 1 if thresholds are breached")
+        .option("--fail-on <severity>", "Minimum severity to fail on (critical|high|medium|low)", "high")
+        .option("--max-vulns <number>", "Maximum allowed vulnerabilities before failing", "0")
+        .option("--profile <name>", "Scan profile: quick|balanced|deep", "quick")
+        .option("--timeout <ms>", "Maximum scan duration", "60000")
+        .option("--json", "Output results as JSON")
+        .action(async (url, options) => {
+        const jsonMode = options.json === true;
+        if (!jsonMode) {
+            console.log("");
+            console.log(theme_1.theme.brand.bold("🚧 KramScan Security Gate"));
+            console.log(theme_1.theme.gray("─".repeat(50)));
+            console.log("");
+        }
+        // Probe server
+        if (!jsonMode) {
+            const probeSpinner = logger_1.logger.spinner(`Checking server at ${url}...`);
+            const probeResult = await (0, server_probe_1.probeServer)(url, { timeout: 10000, maxAttempts: 5 });
+            if (!probeResult.reachable) {
+                probeSpinner.fail(`Server at ${url} is not responding`);
+                if (jsonMode) {
+                    console.log(JSON.stringify({ error: "Server unreachable", passed: false }));
+                }
+                process.exit(1);
+            }
+            probeSpinner.succeed(`Server ready (${probeResult.responseTime}ms)`);
+        }
+        // Run scan
+        const scanSpinner = jsonMode ? null : logger_1.logger.spinner("Running security scan...");
+        try {
+            const scanner = new scanner_1.Scanner(true);
+            const scanOptions = {
+                depth: 2,
+                timeout: parseInt(options.timeout, 10) || 60000,
+                headless: true,
+                maxPages: 20,
+                maxLinksPerPage: 30,
+                profile: options.profile,
+            };
+            const result = await scanner.scan(url, scanOptions);
+            await scanner.close();
+            if (scanSpinner)
+                scanSpinner.succeed(`Scan complete: ${result.summary.total} vulnerabilities`);
+            // Evaluate threshold
+            const severityLevels = {
+                critical: 4, high: 3, medium: 2, low: 1, info: 0,
+            };
+            const threshold = severityLevels[options.failOn.toLowerCase()] ?? 3;
+            const maxVulns = parseInt(options.maxVulns, 10) || 0;
+            const vulnsAboveThreshold = result.vulnerabilities.filter((v) => (severityLevels[v.severity] ?? 0) >= threshold);
+            const passed = vulnsAboveThreshold.length <= maxVulns;
+            if (jsonMode) {
+                console.log(JSON.stringify({
+                    passed,
+                    total: result.summary.total,
+                    threshold: options.failOn,
+                    vulnsAboveThreshold: vulnsAboveThreshold.length,
+                    maxAllowed: maxVulns,
+                    summary: result.summary,
+                    vulnerabilities: vulnsAboveThreshold,
+                }, null, 2));
+            }
+            else {
+                console.log("");
+                if (passed) {
+                    console.log(theme_1.theme.success.bold("✅ SECURITY GATE: PASSED"));
+                    console.log(theme_1.theme.gray(`   ${result.summary.total} total vulnerabilities found`));
+                    console.log(theme_1.theme.gray(`   ${vulnsAboveThreshold.length} at or above '${options.failOn}' severity (max allowed: ${maxVulns})`));
+                }
+                else {
+                    console.log(theme_1.theme.error.bold("❌ SECURITY GATE: FAILED"));
+                    console.log(theme_1.theme.error(`   ${vulnsAboveThreshold.length} vulnerabilities at or above '${options.failOn}' severity (max allowed: ${maxVulns})`));
+                    console.log("");
+                    for (const v of vulnsAboveThreshold.slice(0, 10)) {
+                        const color = v.severity === "critical" ? theme_1.theme.critical : theme_1.theme.high;
+                        console.log(color(`   [${v.severity.toUpperCase()}] ${v.title}`));
+                        console.log(theme_1.theme.gray(`     ${v.url}`));
+                        if (v.remediation) {
+                            console.log(theme_1.theme.dim(`     Fix: ${v.remediation}`));
+                        }
+                    }
+                    if (vulnsAboveThreshold.length > 10) {
+                        console.log(theme_1.theme.gray(`   ... and ${vulnsAboveThreshold.length - 10} more`));
+                    }
+                }
+                console.log("");
+            }
+            process.exit(passed ? 0 : 1);
+        }
+        catch (err) {
+            if (scanSpinner)
+                scanSpinner.fail(`Scan failed: ${err.message}`);
+            if (jsonMode) {
+                console.log(JSON.stringify({ error: err.message, passed: false }));
+            }
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/onboard.js

@@ -1,164 +1,211 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerOnboardCommand = registerOnboardCommand;
-const readline = __importStar(require("readline"));
+const inquirer_1 = __importDefault(require("inquirer"));
+const axios_1 = __importDefault(require("axios"));
+const openai_1 = __importDefault(require("openai"));
 const config_1 = require("../core/config");
 const logger_1 = require("../utils/logger");
-// ─── ANSI Helpers ──────────────────────────────────────────────────
-const c = {
-    reset: "\x1b[0m",
-    bold: "\x1b[1m",
-    dim: "\x1b[2m",
-    cyan: "\x1b[36m",
-    green: "\x1b[32m",
-    yellow: "\x1b[33m",
-    gray: "\x1b[90m",
-    white: "\x1b[37m",
-    brightCyan: "\x1b[96m",
-};
-// ─── Prompt Utilities ──────────────────────────────────────────────
-function ask(rl, question, defaultVal) {
-    const defaultHint = defaultVal ? ` ${c.gray}(${defaultVal})${c.reset}` : "";
-    return new Promise((resolve) => {
-        rl.question(`  ${c.cyan}?${c.reset} ${question}${defaultHint} `, (answer) => {
-            resolve(answer.trim() || defaultVal || "");
-        });
-    });
-}
-function askConfirm(rl, question, defaultVal = true) {
-    const hint = defaultVal ? `${c.gray}(Y/n)${c.reset}` : `${c.gray}(y/N)${c.reset}`;
-    return new Promise((resolve) => {
-        rl.question(`  ${c.cyan}?${c.reset} ${question} ${hint} `, (answer) => {
-            const a = answer.trim().toLowerCase();
-            if (a === "")
-                resolve(defaultVal);
-            else
-                resolve(a === "y" || a === "yes");
-        });
-    });
+const theme_1 = require("../utils/theme");
+function getDefaultModel(provider) {
+    switch (provider) {
+        case "anthropic":
+            return "claude-3-5-sonnet-20241022";
+        case "gemini":
+            return "gemini-2.0-flash";
+        case "openrouter":
+            return "anthropic/claude-3.5-sonnet";
+        case "mistral":
+            return "mistral-large-latest";
+        case "kimi":
+            return "moonshot-v1-8k";
+        case "groq":
+            return "llama-3.1-8b-instant";
+        default:
+            return "gpt-4";
+    }
 }
-function askList(rl, question, choices, defaultVal) {
-    const choicesStr = choices
-        .map((ch, i) => {
-        const isDefault = ch === defaultVal;
-        return `    ${isDefault ? c.brightCyan + "❯" : " "} ${ch}${c.reset}`;
-    })
-        .join("\n");
-    return new Promise((resolve) => {
-        console.log(`  ${c.cyan}?${c.reset} ${question}`);
-        console.log(choicesStr);
-        rl.question(`  ${c.gray}Enter choice:${c.reset} `, (answer) => {
-            const trimmed = answer.trim();
-            if (choices.includes(trimmed)) {
-                resolve(trimmed);
-            }
-            else {
-                resolve(defaultVal || choices[0]);
-            }
-        });
-    });
+function getEnvApiKey(provider) {
+    const envVars = {
+        openai: process.env.OPENAI_API_KEY,
+        anthropic: process.env.ANTHROPIC_API_KEY,
+        gemini: process.env.GEMINI_API_KEY,
+        mistral: process.env.MISTRAL_API_KEY,
+        openrouter: process.env.OPENROUTER_API_KEY,
+        kimi: process.env.KIMI_API_KEY,
+        groq: process.env.GROQ_API_KEY,
+    };
+    return envVars[provider] || "";
 }
-function askPassword(rl, question) {
-    return new Promise((resolve) => {
-        rl.question(`  ${c.cyan}?${c.reset} ${question} ${c.gray}(hidden)${c.reset} `, (answer) => {
-            resolve(answer.trim());
+async function modelExists(provider, apiKey, model) {
+    if (!apiKey || !model) {
+        return true;
+    }
+    if (provider === "gemini") {
+        const resp = await axios_1.default.get("https://generativelanguage.googleapis.com/v1beta/models", { params: { key: apiKey } });
+        const models = resp.data?.models || [];
+        return models.some((m) => {
+            const id = m.name?.startsWith("models/")
+                ? m.name.slice("models/".length)
+                : m.name;
+            return (id === model &&
+                (m.supportedGenerationMethods || []).includes("generateContent"));
         });
-    });
+    }
+    if (provider === "openai" ||
+        provider === "openrouter" ||
+        provider === "kimi" ||
+        provider === "groq") {
+        const baseURL = provider === "openrouter"
+            ? "https://openrouter.ai/api/v1"
+            : provider === "kimi"
+                ? "https://api.moonshot.cn/v1"
+                : provider === "groq"
+                    ? "https://api.groq.com/openai/v1"
+                    : undefined;
+        const client = new openai_1.default(baseURL ? { apiKey, baseURL } : { apiKey });
+        const resp = await client.models.list();
+        return (resp.data || []).some((m) => m.id === model);
+    }
+    return true;
 }
-// ─── Command Registration ─────────────────────────────────────────
 function registerOnboardCommand(program) {
     program
         .command("onboard")
         .description("First-time setup wizard")
         .action(async () => {
-        const store = (0, config_1.getConfigStore)();
-        const rl = readline.createInterface({
-            input: process.stdin,
-            output: process.stdout,
-        });
+        const config = await (0, config_1.getConfig)();
         console.log("");
-        console.log(`  ${c.bold}${c.brightCyan}━━━ KramScan Setup Wizard ━━━${c.reset}`);
-        console.log(`  ${c.gray}Configure your scanning environment${c.reset}`);
+        console.log(theme_1.theme.brand.bold("🚀 KramScan Setup Wizard"));
+        console.log(theme_1.theme.gray("─".repeat(50)));
+        console.log(theme_1.theme.white("  Configure your scanning environment in a few easy steps."));
         console.log("");
-        // AI Configuration
-        const aiEnabled = await askConfirm(rl, "Enable AI analysis?", false);
-        store.set("ai.enabled", aiEnabled);
-        if (aiEnabled) {
-            const aiProvider = await askList(rl, "Select AI provider", [
-                "openai",
-                "anthropic",
-                "gemini",
-                "openrouter",
-                "mistral",
-                "kimi"
-            ], "openai");
-            store.set("ai.provider", aiProvider);
-            const apiKey = await askPassword(rl, "API key (leave blank to skip)");
-            if (apiKey) {
-                store.set("ai.apiKey", apiKey);
+        // Smart detection for API keys
+        const detectedProviders = Object.keys({
+            openai: process.env.OPENAI_API_KEY,
+            anthropic: process.env.ANTHROPIC_API_KEY,
+            gemini: process.env.GEMINI_API_KEY,
+            mistral: process.env.MISTRAL_API_KEY,
+            openrouter: process.env.OPENROUTER_API_KEY,
+            kimi: process.env.KIMI_API_KEY,
+            groq: process.env.GROQ_API_KEY,
+        }).filter(p => !!getEnvApiKey(p));
+        if (detectedProviders.length > 0) {
+            console.log(theme_1.theme.green(`  ✨ Detected API keys in environment for: ${detectedProviders.join(", ")}`));
+            console.log("");
+        }
+        const answers = await inquirer_1.default.prompt([
+            {
+                type: "confirm",
+                name: "aiEnabled",
+                message: "Enable AI analysis?",
+                default: config.ai.enabled,
+            },
+            {
+                type: "list",
+                name: "aiProvider",
+                message: "Select AI provider",
+                choices: [
+                    "openai",
+                    "anthropic",
+                    "gemini",
+                    "openrouter",
+                    "mistral",
+                    "kimi",
+                    "groq",
+                ],
+                default: config.ai.provider,
+                when: (a) => a.aiEnabled,
+            },
+            {
+                type: "password",
+                name: "apiKey",
+                message: "API key (leave blank to keep existing)",
+                default: "",
+                mask: "*",
+                when: (a) => a.aiEnabled,
+            },
+            {
+                type: "input",
+                name: "model",
+                message: "Default AI model",
+                default: (a) => config.ai.defaultModel ||
+                    getDefaultModel((a.aiProvider || config.ai.provider)),
+                when: (a) => a.aiEnabled,
+            },
+            {
+                type: "list",
+                name: "reportFormat",
+                message: "Default report format",
+                choices: ["word", "txt", "json"],
+                default: config.report.defaultFormat,
+            },
+            {
+                type: "confirm",
+                name: "strictScope",
+                message: "Enable strict scope enforcement?",
+                default: config.scan.strictScope,
+            },
+            {
+                type: "number",
+                name: "rateLimit",
+                message: "Requests per second rate limit",
+                default: config.scan.rateLimitPerSecond,
+                validate: (v) => Number.isFinite(v) && v > 0 ? true : "Enter a positive number",
+            },
+        ]);
+        config.ai.enabled = !!answers.aiEnabled;
+        if (config.ai.enabled) {
+            config.ai.provider = answers.aiProvider;
+            if (answers.apiKey) {
+                config.ai.apiKey = answers.apiKey;
+            }
+            const keyForCheck = config.ai.apiKey || getEnvApiKey(config.ai.provider);
+            let chosenModel = String(answers.model || getDefaultModel(config.ai.provider));
+            if (keyForCheck) {
+                try {
+                    const ok = await modelExists(config.ai.provider, keyForCheck, chosenModel);
+                    if (!ok) {
+                        logger_1.logger.warn(`Model '${chosenModel}' is not available for provider '${config.ai.provider}'.`);
+                        logger_1.logger.warn("Tip: run 'kramscan ai models' to see valid models.");
+                        const retry = await inquirer_1.default.prompt([
+                            {
+                                type: "confirm",
+                                name: "retry",
+                                message: "Enter a different model now?",
+                                default: true,
+                            },
+                        ]);
+                        if (retry.retry) {
+                            const modelAns = await inquirer_1.default.prompt([
+                                {
+                                    type: "input",
+                                    name: "model",
+                                    message: "Default AI model",
+                                    default: getDefaultModel(config.ai.provider),
+                                },
+                            ]);
+                            chosenModel = String(modelAns.model || chosenModel);
+                        }
+                    }
+                }
+                catch (error) {
+                    logger_1.logger.warn(`Model preflight check failed: ${error.message}`);
+                }
             }
-            // Provider-specific default models
-            let defaultModel = "gpt-4";
-            if (aiProvider === "anthropic")
-                defaultModel = "claude-3-5-sonnet-20241022";
-            else if (aiProvider === "gemini")
-                defaultModel = "gemini-2.0-flash-exp";
-            else if (aiProvider === "openrouter")
-                defaultModel = "anthropic/claude-3.5-sonnet";
-            else if (aiProvider === "mistral")
-                defaultModel = "mistral-large-latest";
-            else if (aiProvider === "kimi")
-                defaultModel = "moonshot-v1-8k";
-            const model = await ask(rl, "Default AI model", defaultModel);
-            store.set("ai.defaultModel", model);
+            config.ai.defaultModel = chosenModel;
         }
-        // Report Configuration
-        const reportFormat = await askList(rl, "Default report format", ["word", "txt", "json"], "word");
-        store.set("report.defaultFormat", reportFormat);
-        // Scan Configuration
-        const strictScope = await askConfirm(rl, "Enable strict scope enforcement?", true);
-        store.set("scan.strictScope", strictScope);
-        const rateLimitStr = await ask(rl, "Requests per second rate limit", "5");
-        const rateLimit = parseInt(rateLimitStr, 10) || 5;
-        store.set("scan.rateLimitPerSecond", rateLimit);
-        rl.close();
+        config.report.defaultFormat = answers.reportFormat;
+        config.scan.strictScope = !!answers.strictScope;
+        config.scan.rateLimitPerSecond = answers.rateLimit;
+        await (0, config_1.setConfig)(config);
         console.log("");
         logger_1.logger.success("Onboarding complete! Your configuration has been saved.");
-        console.log(`  ${c.gray}Config location: ~/.kramscan/config.json${c.reset}`);
-        console.log(`  ${c.gray}Run ${c.cyan}kramscan${c.gray} to get started.${c.reset}`);
+        console.log("Config location: ~/.kramscan/config.json");
+        console.log("Run 'kramscan' to get started.");
         console.log("");
     });
 }