sastai 1.0.0

package/README.md

@@ -0,0 +1,27 @@
+# sastai
+
+AI-powered **SAST** engine launcher, by **Insomnia**. See [insom.ai](https://insom.ai).
+
+```bash
+npm install -g sastai
+sastai scan ./my-project
+```
+
+On first use, `sastai` detects your OS and CPU architecture (Windows/Linux/macOS,
+x64 & arm64), downloads the matching native engine from
+[insom.ai](https://insom.ai), verifies it with SHA-256, caches it under
+`~/.insom/engine`, and checks for updates once a day. All arguments are passed
+straight through to the engine — the same model as the `sast` package on PyPI,
+delivered for the Node / npm ecosystem.
+
+## Commands
+
+| Command            | Description                              |
+|--------------------|------------------------------------------|
+| `sastai scan <path>` | Run a SAST scan over a project           |
+| `sastai --version` | Print the engine version                 |
+| `sastai help`      | Show launcher help                       |
+
+## License
+
+UNLICENSED — proprietary. © Insomnia / insom.ai.

package/bin/cli.js

@@ -0,0 +1,194 @@
+#!/usr/bin/env node
+"use strict";
+
+const https = require("https");
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const crypto = require("crypto");
+const { spawnSync } = require("child_process");
+
+const pkg = require("../package.json");
+
+const MANIFEST_URL = "https://insom.ai/api/plugin/manifest";
+const DOWNLOAD_BASE = "https://insom.ai/static/downloads/";
+const HOME_DIR = path.join(os.homedir(), ".insom", "engine");
+const MARKER = path.join(HOME_DIR, "current.json");
+const UPDATE_INTERVAL_MS = 24 * 60 * 60 * 1000; // daily check, like the pip launcher
+
+function platformKey() {
+  const p = process.platform;
+  const a = process.arch;
+  if (p === "win32") return "windows";
+  if (p === "linux") return a === "arm64" ? "linux-arm64" : "linux";
+  if (p === "darwin") return a === "arm64" ? "macos-arm64" : "macos";
+  return null;
+}
+
+function httpGet(url) {
+  return new Promise((resolve, reject) => {
+    https
+      .get(url, { headers: { "User-Agent": `sastai-npm/${pkg.version}` } }, (res) => {
+        if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+          res.resume();
+          return resolve(httpGet(res.headers.location));
+        }
+        if (res.statusCode !== 200) {
+          res.resume();
+          return reject(new Error(`HTTP ${res.statusCode} for ${url}`));
+        }
+        const chunks = [];
+        res.on("data", (c) => chunks.push(c));
+        res.on("end", () => resolve(Buffer.concat(chunks)));
+      })
+      .on("error", reject);
+  });
+}
+
+function download(url, dest) {
+  return new Promise((resolve, reject) => {
+    const file = fs.createWriteStream(dest);
+    const req = https.get(
+      url,
+      { headers: { "User-Agent": `sastai-npm/${pkg.version}` } },
+      (res) => {
+        if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+          res.resume();
+          file.close();
+          return resolve(download(res.headers.location, dest));
+        }
+        if (res.statusCode !== 200) {
+          res.resume();
+          file.close();
+          return reject(new Error(`HTTP ${res.statusCode} for ${url}`));
+        }
+        const total = parseInt(res.headers["content-length"] || "0", 10);
+        let got = 0;
+        res.on("data", (c) => {
+          got += c.length;
+          if (total && process.stderr.isTTY) {
+            const pct = ((got / total) * 100).toFixed(0);
+            process.stderr.write(`\r  downloading engine… ${pct}%`);
+          }
+        });
+        res.pipe(file);
+        file.on("finish", () => file.close(() => {
+          if (process.stderr.isTTY) process.stderr.write("\r  downloading engine… done   \n");
+          resolve();
+        }));
+      }
+    );
+    req.on("error", (e) => {
+      file.close();
+      reject(e);
+    });
+  });
+}
+
+function sha256(file) {
+  const h = crypto.createHash("sha256");
+  h.update(fs.readFileSync(file));
+  return h.digest("hex");
+}
+
+function readMarker() {
+  try {
+    return JSON.parse(fs.readFileSync(MARKER, "utf8"));
+  } catch {
+    return null;
+  }
+}
+
+async function ensureEngine() {
+  const key = platformKey();
+  if (!key) {
+    throw new Error(`Unsupported platform: ${process.platform}/${process.arch}`);
+  }
+  fs.mkdirSync(HOME_DIR, { recursive: true });
+
+  const marker = readMarker();
+  const haveBinary = marker && fs.existsSync(path.join(HOME_DIR, marker.filename));
+  const fresh = marker && Date.now() - (marker.checkedAt || 0) < UPDATE_INTERVAL_MS;
+
+  // Use cached binary without hitting the network if it's fresh.
+  if (haveBinary && fresh) return path.join(HOME_DIR, marker.filename);
+
+  let entry;
+  try {
+    const manifest = JSON.parse((await httpGet(MANIFEST_URL)).toString("utf8"));
+    entry = manifest.sast && manifest.sast[key];
+  } catch (e) {
+    // Offline: fall back to whatever we already have.
+    if (haveBinary) return path.join(HOME_DIR, marker.filename);
+    throw new Error(`Could not fetch manifest and no cached engine present: ${e.message}`);
+  }
+  if (!entry) throw new Error(`No engine build for platform "${key}"`);
+
+  const dest = path.join(HOME_DIR, entry.filename);
+  const upToDate =
+    fs.existsSync(dest) && marker && marker.sha256 === entry.sha256;
+
+  if (!upToDate) {
+    await download(DOWNLOAD_BASE + entry.filename, dest);
+    const got = sha256(dest);
+    if (got !== entry.sha256) {
+      fs.unlinkSync(dest);
+      throw new Error(
+        `Checksum mismatch for ${entry.filename}\n    expected ${entry.sha256}\n    got      ${got}`
+      );
+    }
+    if (process.platform !== "win32") fs.chmodSync(dest, 0o755);
+  }
+
+  fs.writeFileSync(
+    MARKER,
+    JSON.stringify(
+      { key, filename: entry.filename, sha256: entry.sha256, version: entry.version, checkedAt: Date.now() },
+      null,
+      2
+    )
+  );
+  return dest;
+}
+
+async function main() {
+  const argv = process.argv.slice(2);
+
+  if (argv[0] === "--launcher-version") {
+    process.stdout.write(pkg.version + "\n");
+    return;
+  }
+  if (argv[0] === "help" && argv.length === 1) {
+    process.stdout.write(
+      [
+        "  sastai — AI-powered SAST engine launcher (insom.ai)",
+        "",
+        "  Usage: sastai <command> [options]   (passed through to the engine)",
+        "         sastai scan <path>",
+        "         sastai --version",
+        "",
+        `  Launcher v${pkg.version}. Engine is downloaded on first use to ~/.insom/engine.`,
+        "  Docs & downloads: https://insom.ai",
+        "",
+      ].join("\n")
+    );
+    return;
+  }
+
+  let engine;
+  try {
+    engine = await ensureEngine();
+  } catch (e) {
+    process.stderr.write(`  sastai: ${e.message}\n  See https://insom.ai\n`);
+    process.exit(1);
+  }
+
+  const res = spawnSync(engine, argv, { stdio: "inherit" });
+  if (res.error) {
+    process.stderr.write(`  sastai: failed to launch engine: ${res.error.message}\n`);
+    process.exit(1);
+  }
+  process.exit(res.status === null ? 1 : res.status);
+}
+
+main();

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "sastai",
+  "version": "1.0.0",
+  "description": "sastai — AI-powered SAST engine launcher (Insomnia / insom.ai)",
+  "bin": {
+    "sastai": "bin/cli.js"
+  },
+  "scripts": {
+    "test": "node bin/cli.js --launcher-version"
+  },
+  "keywords": [
+    "sast",
+    "sast-ai",
+    "ai",
+    "security",
+    "static-analysis",
+    "insomnia",
+    "insom",
+    "vulnerability-scanner",
+    "appsec",
+    "sdlc",
+    "cicd"
+  ],
+  "homepage": "https://insom.ai",
+  "bugs": {
+    "url": "https://insom.ai"
+  },
+  "author": "Insomnia (insom.ai)",
+  "license": "UNLICENSED",
+  "engines": {
+    "node": ">=14"
+  },
+  "files": [
+    "bin/",
+    "README.md"
+  ]
+}