pinata-security-cli 0.2.2 → 0.2.3

package/dist/cli/index.js

@@ -1,13 +1,13 @@
 #!/usr/bin/env node
 import { z } from 'zod';
 import fs, { mkdir, writeFile, readFile, stat, readdir } from 'fs/promises';
-import path, { dirname, resolve, basename, relative, join, extname } from 'path';
+import path, { dirname, resolve, join, basename, relative, extname } from 'path';
+import { existsSync, readFileSync, writeFileSync, chmodSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
 import { useState } from 'react';
 import { render, useApp, useInput, Box, Text } from 'ink';
 import Spinner from 'ink-spinner';
 import { jsx, jsxs } from 'react/jsx-runtime';
-import { existsSync, readFileSync, writeFileSync, chmodSync, mkdirSync } from 'fs';
-import { homedir } from 'os';
 import { fileURLToPath } from 'url';
 import chalk5 from 'chalk';
 import { Command } from 'commander';
@@ -742,6 +742,109 @@ var init_junit_formatter = __esm({
   }
 });
 
+// src/cli/config.ts
+var config_exports = {};
+__export(config_exports, {
+  deleteConfigValue: () => deleteConfigValue,
+  getApiKey: () => getApiKey,
+  getConfigPath: () => getConfigPath,
+  getConfigValue: () => getConfigValue,
+  getDefaultProvider: () => getDefaultProvider,
+  hasApiKey: () => hasApiKey,
+  loadConfig: () => loadConfig,
+  maskApiKey: () => maskApiKey,
+  saveConfig: () => saveConfig,
+  setConfigValue: () => setConfigValue,
+  validateApiKey: () => validateApiKey
+});
+function ensureConfigDir() {
+  mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
+}
+function loadConfig() {
+  try {
+    const content = readFileSync(CONFIG_FILE, "utf-8");
+    const parsed = JSON.parse(content);
+    const result = ConfigSchema.safeParse(parsed);
+    return result.success ? result.data : {};
+  } catch {
+    return {};
+  }
+}
+function saveConfig(config2) {
+  ensureConfigDir();
+  const content = JSON.stringify(config2, null, 2);
+  writeFileSync(CONFIG_FILE, content, { mode: 384 });
+  chmodSync(CONFIG_FILE, 384);
+}
+function setConfigValue(key, value) {
+  const config2 = loadConfig();
+  config2[key] = value;
+  saveConfig(config2);
+}
+function getConfigValue(key) {
+  const config2 = loadConfig();
+  return config2[key];
+}
+function deleteConfigValue(key) {
+  const config2 = loadConfig();
+  delete config2[key];
+  saveConfig(config2);
+}
+function getApiKey(provider) {
+  const envVar = provider === "anthropic" ? "ANTHROPIC_API_KEY" : "OPENAI_API_KEY";
+  const envValue = process.env[envVar];
+  if (envValue !== void 0 && envValue.length > 0) {
+    return envValue;
+  }
+  const config2 = loadConfig();
+  return provider === "anthropic" ? config2.anthropicApiKey : config2.openaiApiKey;
+}
+function hasApiKey(provider) {
+  const key = getApiKey(provider);
+  return key !== void 0 && key.length > 0;
+}
+function getDefaultProvider() {
+  const config2 = loadConfig();
+  return config2.defaultProvider ?? "anthropic";
+}
+function maskApiKey(key) {
+  if (key.length <= 12) {
+    return "****";
+  }
+  return `${key.slice(0, 4)}...${key.slice(-4)}`;
+}
+function validateApiKey(provider, key) {
+  if (key.length === 0) {
+    return { valid: false, error: "API key cannot be empty" };
+  }
+  if (provider === "anthropic") {
+    if (!key.startsWith("sk-ant-")) {
+      return { valid: false, error: "Anthropic API keys should start with 'sk-ant-'" };
+    }
+  } else if (provider === "openai") {
+    if (!key.startsWith("sk-")) {
+      return { valid: false, error: "OpenAI API keys should start with 'sk-'" };
+    }
+  }
+  return { valid: true };
+}
+function getConfigPath() {
+  return CONFIG_FILE;
+}
+var CONFIG_DIR, CONFIG_FILE, ConfigSchema;
+var init_config = __esm({
+  "src/cli/config.ts"() {
+    CONFIG_DIR = join(homedir(), ".pinata");
+    CONFIG_FILE = join(CONFIG_DIR, "config.json");
+    ConfigSchema = z.object({
+      anthropicApiKey: z.string().optional(),
+      openaiApiKey: z.string().optional(),
+      defaultProvider: z.enum(["anthropic", "openai"]).optional(),
+      telemetry: z.boolean().optional()
+    });
+  }
+});
+
 // src/core/verifier/ai-verifier.ts
 var SKIP_PATTERNS, BATCH_PROMPT, SINGLE_ITEM_TEMPLATE, AIVerifier;
 var init_ai_verifier = __esm({
@@ -1456,109 +1559,6 @@ var init_tui = __esm({
     init_App();
   }
 });
-
-// src/cli/config.ts
-var config_exports = {};
-__export(config_exports, {
-  deleteConfigValue: () => deleteConfigValue,
-  getApiKey: () => getApiKey,
-  getConfigPath: () => getConfigPath,
-  getConfigValue: () => getConfigValue,
-  getDefaultProvider: () => getDefaultProvider,
-  hasApiKey: () => hasApiKey,
-  loadConfig: () => loadConfig,
-  maskApiKey: () => maskApiKey,
-  saveConfig: () => saveConfig,
-  setConfigValue: () => setConfigValue,
-  validateApiKey: () => validateApiKey
-});
-function ensureConfigDir() {
-  mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
-}
-function loadConfig() {
-  try {
-    const content = readFileSync(CONFIG_FILE, "utf-8");
-    const parsed = JSON.parse(content);
-    const result = ConfigSchema.safeParse(parsed);
-    return result.success ? result.data : {};
-  } catch {
-    return {};
-  }
-}
-function saveConfig(config2) {
-  ensureConfigDir();
-  const content = JSON.stringify(config2, null, 2);
-  writeFileSync(CONFIG_FILE, content, { mode: 384 });
-  chmodSync(CONFIG_FILE, 384);
-}
-function setConfigValue(key, value) {
-  const config2 = loadConfig();
-  config2[key] = value;
-  saveConfig(config2);
-}
-function getConfigValue(key) {
-  const config2 = loadConfig();
-  return config2[key];
-}
-function deleteConfigValue(key) {
-  const config2 = loadConfig();
-  delete config2[key];
-  saveConfig(config2);
-}
-function getApiKey(provider) {
-  const envVar = provider === "anthropic" ? "ANTHROPIC_API_KEY" : "OPENAI_API_KEY";
-  const envValue = process.env[envVar];
-  if (envValue !== void 0 && envValue.length > 0) {
-    return envValue;
-  }
-  const config2 = loadConfig();
-  return provider === "anthropic" ? config2.anthropicApiKey : config2.openaiApiKey;
-}
-function hasApiKey(provider) {
-  const key = getApiKey(provider);
-  return key !== void 0 && key.length > 0;
-}
-function getDefaultProvider() {
-  const config2 = loadConfig();
-  return config2.defaultProvider ?? "anthropic";
-}
-function maskApiKey(key) {
-  if (key.length <= 12) {
-    return "****";
-  }
-  return `${key.slice(0, 4)}...${key.slice(-4)}`;
-}
-function validateApiKey(provider, key) {
-  if (key.length === 0) {
-    return { valid: false, error: "API key cannot be empty" };
-  }
-  if (provider === "anthropic") {
-    if (!key.startsWith("sk-ant-")) {
-      return { valid: false, error: "Anthropic API keys should start with 'sk-ant-'" };
-    }
-  } else if (provider === "openai") {
-    if (!key.startsWith("sk-")) {
-      return { valid: false, error: "OpenAI API keys should start with 'sk-'" };
-    }
-  }
-  return { valid: true };
-}
-function getConfigPath() {
-  return CONFIG_FILE;
-}
-var CONFIG_DIR, CONFIG_FILE, ConfigSchema;
-var init_config = __esm({
-  "src/cli/config.ts"() {
-    CONFIG_DIR = join(homedir(), ".pinata");
-    CONFIG_FILE = join(CONFIG_DIR, "config.json");
-    ConfigSchema = z.object({
-      anthropicApiKey: z.string().optional(),
-      openaiApiKey: z.string().optional(),
-      defaultProvider: z.enum(["anthropic", "openai"]).optional(),
-      telemetry: z.boolean().optional()
-    });
-  }
-});
 var RiskDomainSchema = z.enum([
   "security",
   "data",
@@ -3576,7 +3576,7 @@ function createScanner(categoryStore) {
 init_types();
 
 // src/core/index.ts
-var VERSION = "0.2.2";
+var VERSION = "0.2.3";
 
 // src/lib/index.ts
 init_errors();
@@ -5974,42 +5974,78 @@ program.command("analyze [path]").description("Analyze codebase for test coverag
     spinner?.stop();
     const shouldVerify = Boolean(options["verify"]);
     if (shouldVerify && scanResult.data.gaps.length > 0) {
-      const verifySpinner = showSpinner ? ora("Verifying gaps with AI...").start() : null;
-      try {
-        const { AIVerifier: AIVerifier2 } = await Promise.resolve().then(() => (init_verifier(), verifier_exports));
-        const { readFile: readFile5 } = await import('fs/promises');
-        const verifier = new AIVerifier2({ provider: "anthropic" });
-        const { verified, dismissed, stats } = await verifier.verifyAll(
-          scanResult.data.gaps,
-          async (path2) => readFile5(path2, "utf-8")
-        );
-        scanResult.data.gaps = verified;
-        const severityWeights = { critical: 10, high: 5, medium: 2, low: 1 };
-        let deduction = 0;
-        for (const gap of verified) {
-          deduction += severityWeights[gap.severity] ?? 1;
+      const { hasApiKey: hasApiKey2, setConfigValue: setConfigValue2, getApiKey: getApiKey2 } = await Promise.resolve().then(() => (init_config(), config_exports));
+      const { createInterface } = await import('readline');
+      let provider = "anthropic";
+      if (!hasApiKey2("anthropic") && !hasApiKey2("openai")) {
+        spinner?.stop();
+        console.log(chalk5.yellow("\nAI verification requires an API key."));
+        console.log(chalk5.gray("Get one at: https://console.anthropic.com/settings/keys"));
+        console.log(chalk5.gray("Or: https://platform.openai.com/api-keys\n"));
+        const rl = createInterface({ input: process.stdin, output: process.stdout });
+        const askQuestion = (question) => {
+          return new Promise((resolve6) => {
+            rl.question(question, (answer) => resolve6(answer.trim()));
+          });
+        };
+        const apiKey = await askQuestion(chalk5.cyan("Enter your Anthropic or OpenAI API key: "));
+        rl.close();
+        if (!apiKey) {
+          console.log(chalk5.red("No API key provided. Skipping AI verification."));
+        } else {
+          if (apiKey.startsWith("sk-ant-")) {
+            setConfigValue2("anthropicApiKey", apiKey);
+            provider = "anthropic";
+            console.log(chalk5.green("Anthropic API key saved to ~/.pinata/config.json\n"));
+          } else {
+            setConfigValue2("openaiApiKey", apiKey);
+            provider = "openai";
+            console.log(chalk5.green("OpenAI API key saved to ~/.pinata/config.json\n"));
+          }
         }
-        const newOverall = Math.max(0, 100 - deduction);
-        const newGrade = newOverall >= 90 ? "A" : newOverall >= 80 ? "B" : newOverall >= 70 ? "C" : newOverall >= 60 ? "D" : "F";
-        scanResult.data.score.overall = newOverall;
-        scanResult.data.score.grade = newGrade;
-        verifySpinner?.succeed(
-          `AI Verification: ${stats.total} total \u2192 ${stats.preFiltered} pre-filtered \u2192 ${stats.aiVerified} verified, ${stats.aiDismissed} AI-dismissed`
-        );
-        if (isVerbose && dismissed.length > 0) {
-          console.log(chalk5.gray("\nDismissed as false positives:"));
-          for (const { gap, reason } of dismissed.slice(0, 5)) {
-            console.log(chalk5.gray(`  - ${gap.categoryName} at ${gap.filePath}:${gap.lineStart}`));
-            console.log(chalk5.gray(`    Reason: ${reason.slice(0, 100)}...`));
+      } else if (hasApiKey2("openai") && !hasApiKey2("anthropic")) {
+        provider = "openai";
+      }
+      if (!hasApiKey2(provider)) {
+      } else {
+        const verifySpinner = showSpinner ? ora("Verifying gaps with AI...").start() : null;
+        try {
+          const { AIVerifier: AIVerifier2 } = await Promise.resolve().then(() => (init_verifier(), verifier_exports));
+          const { readFile: readFile5 } = await import('fs/promises');
+          const apiKey = getApiKey2(provider);
+          const verifier = new AIVerifier2({ provider, ...apiKey ? { apiKey } : {} });
+          const { verified, dismissed, stats } = await verifier.verifyAll(
+            scanResult.data.gaps,
+            async (path2) => readFile5(path2, "utf-8")
+          );
+          scanResult.data.gaps = verified;
+          const severityWeights = { critical: 10, high: 5, medium: 2, low: 1 };
+          let deduction = 0;
+          for (const gap of verified) {
+            deduction += severityWeights[gap.severity] ?? 1;
           }
-          if (dismissed.length > 5) {
-            console.log(chalk5.gray(`  ... and ${dismissed.length - 5} more`));
+          const newOverall = Math.max(0, 100 - deduction);
+          const newGrade = newOverall >= 90 ? "A" : newOverall >= 80 ? "B" : newOverall >= 70 ? "C" : newOverall >= 60 ? "D" : "F";
+          scanResult.data.score.overall = newOverall;
+          scanResult.data.score.grade = newGrade;
+          verifySpinner?.succeed(
+            `AI Verification: ${stats.total} total \u2192 ${stats.preFiltered} pre-filtered \u2192 ${stats.aiVerified} verified, ${stats.aiDismissed} AI-dismissed`
+          );
+          if (isVerbose && dismissed.length > 0) {
+            console.log(chalk5.gray("\nDismissed as false positives:"));
+            for (const { gap, reason } of dismissed.slice(0, 5)) {
+              console.log(chalk5.gray(`  - ${gap.categoryName} at ${gap.filePath}:${gap.lineStart}`));
+              console.log(chalk5.gray(`    Reason: ${reason.slice(0, 100)}...`));
+            }
+            if (dismissed.length > 5) {
+              console.log(chalk5.gray(`  ... and ${dismissed.length - 5} more`));
+            }
+          }
+        } catch (error) {
+          verifySpinner?.fail("AI verification failed (results unverified)");
+          if (isVerbose) {
+            console.error(chalk5.yellow(`Verification error: ${error instanceof Error ? error.message : String(error)}`));
           }
-        }
-      } catch (error) {
-        verifySpinner?.fail("AI verification failed (results unverified)");
-        if (isVerbose) {
-          console.error(chalk5.yellow(`Verification error: ${error instanceof Error ? error.message : String(error)}`));
         }
       }
     }