periderm-cli 0.1.12 → 0.1.14

package/dist/api.js

@@ -58,3 +58,19 @@ export async function uploadScan(token, result) {
         return { error: e.message || "Network error: failed to reach server" };
     }
 }
+export async function fetchCloudPolicies(token) {
+    const { apiUrl } = readConfig();
+    try {
+        const res = await fetch(`${apiUrl}/api/policies`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ token }),
+        });
+        if (!res.ok)
+            return { global_ignores: [], custom_ai_rules: "" };
+        return (await res.json());
+    }
+    catch {
+        return { global_ignores: [], custom_ai_rules: "" };
+    }
+}

package/dist/index.js

@@ -8,7 +8,7 @@ import { scan } from "./scanner/index.js";
 import { runDeepReview } from "./review/deep.js";
 import { printTerminal } from "./report/terminal.js";
 import { readConfig, writeConfig } from "./config.js";
-import { verifyToken, uploadScan } from "./api.js";
+import { verifyToken, uploadScan, fetchCloudPolicies } from "./api.js";
 import http from "node:http";
 import ora from "ora";
 import { PERIDERM_ASCII } from "./constants.js";
@@ -50,12 +50,28 @@ program
         verifySpinner.fail(`Couldn't connect — ${v.error}. Run \`periderm login\` again.`);
         process.exit(1);
     }
+    if (process.env.CI && v.plan === "starter") {
+        verifySpinner.fail("Automated CI/CD reporting requires the Scale or Unlimited plan.");
+        console.info(chalk.yellow(`\nUpgrade at ${cfg.apiUrl}/dashboard/billing\n`));
+        process.exit(1);
+    }
     if (v.plan !== "unlimited" && (v.scans_remaining === undefined || v.scans_remaining <= 0)) {
         verifySpinner.fail(`No scans left on your ${v.plan} plan.`);
         console.info(chalk.yellow(`\nRenew or upgrade at ${cfg.apiUrl}/dashboard/billing\n`));
         process.exit(1);
     }
     verifySpinner.stop();
+    // Fetch cloud policies for Unlimited users
+    let cloudIgnores = [];
+    let cloudAiRules = "";
+    if (v.plan === "unlimited") {
+        const policies = await fetchCloudPolicies(cfg.token);
+        cloudIgnores = policies.global_ignores ?? [];
+        cloudAiRules = policies.custom_ai_rules ?? "";
+        if (cloudIgnores.length > 0) {
+            console.info(chalk.dim(`  ↳ Applying ${cloudIgnores.length} cloud ignore rule(s) from your dashboard policies.`));
+        }
+    }
     const startTime = Date.now();
     console.info(chalk.cyan("Discovering project files…"));
     let scanSpinner = ora({ text: "Initializing...", color: "cyan" }).start();
@@ -67,7 +83,7 @@ program
         const empty = 20 - filled;
         return `[${"█".repeat(filled)}${"░".repeat(empty)}] ${Math.round(pct * 100)}%`;
     };
-    const result = await scan(root, {
+    const result = await scan(root, { cloudIgnores, cloudAiRules,
         onProgress: (ev) => {
             switch (ev.type) {
                 case "discovering":

package/dist/review/deep.js

@@ -84,6 +84,9 @@ function parseAction(raw) {
     }
 }
 export async function runDeepReview(root, scan, token, apiUrl, onStatus) {
+    const orgRulesSection = scan.cloudAiRules?.trim()
+        ? `\n\nOrganization-specific instructions (MUST follow):\n${scan.cloudAiRules.trim()}`
+        : "";
     const system = `You are Periderm's deep launch reviewer. Respond with JSON only.
 
 Existing static scan found ${scan.findings.length} issues. Your job: find ADDITIONAL nuanced launch risks the deterministic scanner missed — legal/UX/business logic edge cases, contradictions, deceptive flows, subtle security gaps.
@@ -94,7 +97,7 @@ Tools (respond with {"action":"tool",...}):
 
 When finished: {"action":"done","summary":"...","findings":[{"message":"...","severity":"high|medium|low|critical","file":"path","why":"...","fix":"..."}]}
 
-Rules: max 5 new findings, be specific, cite files, no hallucinated files.`;
+Rules: max 5 new findings, be specific, cite files, no hallucinated files.${orgRulesSection}`;
     const context = {
         project: scan.projectName,
         verdict: scan.verdict,

package/dist/scanner/index.js

@@ -11,10 +11,10 @@ import { renderMarkdown } from "../report/markdown.js";
 import { mapWithProgress } from "./progress.js";
 export { formatScanPath } from "./progress.js";
 export async function scan(root, options = {}) {
-    const { onProgress } = options;
+    const { onProgress, cloudIgnores = [], cloudAiRules = "" } = options;
     const findings = [];
     onProgress?.({ type: "discovering" });
-    const files = await walk(root);
+    const files = await walk(root, cloudIgnores);
     onProgress?.({ type: "discovered", total: files.length });
     const estimatedChecks = files.length * PER_FILE_CHECK_COUNT +
         REPO_WIDE_CHECK_COUNT +
@@ -96,5 +96,6 @@ export async function scan(root, options = {}) {
         verdict,
         markdown,
         meta,
+        cloudAiRules: cloudAiRules || undefined,
     };
 }

package/dist/scanner/walk.js

@@ -1,7 +1,6 @@
 import fg from "fast-glob";
-export async function walk(root) {
-    return fg([
-        "**/*.{ts,tsx,js,jsx,mjs,cjs}",
+export async function walk(root, extraIgnores = []) {
+    const baseIgnores = [
         "!**/node_modules/**",
         "!**/dist/**",
         "!**/build/**",
@@ -12,5 +11,12 @@ export async function walk(root) {
         "!**/*.d.ts",
         "!**/routeTree.gen.*",
         "!**/packages/cli/**", // never scan the scanner itself
+    ];
+    // Cloud policy ignores: normalize to negated globs
+    const cloudIgnoreGlobs = extraIgnores.map((ig) => ig.startsWith("!") ? ig : `!${ig}`);
+    return fg([
+        "**/*.{ts,tsx,js,jsx,mjs,cjs}",
+        ...baseIgnores,
+        ...cloudIgnoreGlobs,
     ], { cwd: root, absolute: true, dot: false });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "periderm-cli",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "description": "A pre-launch checklist for your codebase.",
   "type": "module",
   "bin": {