npm - ship-safe - Versions diffs - 9.2.2 → 9.2.3 - Mend

ship-safe 9.2.2 → 9.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -98,7 +98,7 @@ $ ship-safe
   ███████╗██╗  ██╗██╗██████╗     ███████╗ █████╗ ███████╗███████╗
   ...
-  v9.2.1  ·  DeepSeek  ·  ~/my-project
+  v9.2.3  ·  DeepSeek  ·  ~/my-project
   /scan to find issues  ·  /agent to fix them  ·  /help for more
@@ -113,6 +113,7 @@ shipsafe ›
 | `/show <n>` | Full detail on finding n |
 | `/plan <n>` | Preview fix plan for finding n (no writes) |
 | `/undo [--all]` | Revert the last fix (or all fixes) |
+| `/share` | Publish scan report as a public URL (7 days) |
 | `/diff` | Show git working-tree diff |
 | `/provider <name>` | Switch LLM provider mid-session |
 | `/quit` | Exit (also `Ctrl-D` or `Ctrl-C`) |

package/cli/bin/ship-safe.js CHANGED Viewed

@@ -31,6 +31,7 @@ import { rotateCommand } from '../commands/rotate.js';
 import { agentCommand } from '../commands/agent.js';
 import { agentFixCommand } from '../commands/agent-fix.js';
 import { undoCommand } from '../commands/undo.js';
+import { shareCommand } from '../commands/share.js';
 import { shellCommand } from '../commands/shell.js';
 import { depsCommand } from '../commands/deps.js';
 import { scoreCommand } from '../commands/score.js';
@@ -217,6 +218,14 @@ program
   .option('--dry-run', 'Show what would be reverted without writing anything')
   .action(undoCommand);
+// -----------------------------------------------------------------------------
+// SHARE COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('share [path]')
+  .description('Publish your latest scan report as a public URL (valid 7 days)')
+  .action(shareCommand);
 // -----------------------------------------------------------------------------
 // SHELL COMMAND
 // -----------------------------------------------------------------------------

package/cli/commands/audit.js CHANGED Viewed

@@ -499,6 +499,18 @@ export async function auditCommand(targetPath = '.', options = {}) {
       printComparison(scoringEngine, absolutePath, scoreResult);
     }
+    // ── Upgrade prompt ────────────────────────────────────────────────────
+    const criticalCount = filteredFindings.filter(f => f.severity === 'critical').length;
+    const highCount     = filteredFindings.filter(f => f.severity === 'high').length;
+    const fixable       = criticalCount + highCount;
+    if (fixable > 0 && scoreResult.score < 80) {
+      console.log();
+      console.log(chalk.yellow('  ┌─────────────────────────────────────────────────────────┐'));
+      console.log(chalk.yellow('  │') + chalk.white.bold(`  ${fixable} critical/high finding${fixable === 1 ? '' : 's'} — fix them automatically`) + chalk.yellow('        │'));
+      console.log(chalk.yellow('  │') + chalk.cyan('  npx ship-safe agent .') + chalk.gray('  ·  ') + chalk.cyan('shipsafecli.com/pricing') + chalk.yellow('     │'));
+      console.log(chalk.yellow('  └─────────────────────────────────────────────────────────┘'));
+    }
     console.log();
     console.log(chalk.cyan('═'.repeat(60)));
     console.log();

package/cli/commands/share.js ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Share Command — Publish a scan report as a public URL
+ *
+ * Usage:
+ *   ship-safe share [path]
+ *
+ * Reads the latest scan from .ship-safe/history.json (or runs a fresh scan),
+ * uploads it to shipsafecli.com, and returns a shareable link valid for 7 days.
+ */
+import fs from 'fs';
+import path from 'path';
+import chalk from 'chalk';
+import ora from 'ora';
+const SHARE_ENDPOINT = 'https://shipsafecli.com/api/share';
+export async function shareCommand(targetPath = '.', options = {}) {
+  const root = path.resolve(targetPath);
+  // ── Load last scan from history ──────────────────────────────────────────
+  const historyPath = path.join(root, '.ship-safe', 'history.json');
+  let report = null;
+  if (fs.existsSync(historyPath)) {
+    try {
+      const history = JSON.parse(fs.readFileSync(historyPath, 'utf8'));
+      const entries = Array.isArray(history) ? history : [history];
+      if (entries.length > 0) report = entries[entries.length - 1];
+    } catch {
+      // fall through
+    }
+  }
+  if (!report) {
+    console.log(chalk.yellow('  No scan found. Run a scan first:'));
+    console.log(chalk.gray('  npx ship-safe audit .'));
+    process.exit(1);
+  }
+  const spinner = ora({ text: 'Uploading report...', color: 'cyan' }).start();
+  try {
+    const res = await fetch(SHARE_ENDPOINT, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        score:    report.score ?? null,
+        grade:    report.grade ?? null,
+        repo:     report.rootPath ? path.basename(report.rootPath) : null,
+        findings: report.totalFindings ?? 0,
+        report,
+      }),
+    });
+    if (!res.ok) {
+      throw new Error(`Server returned ${res.status}`);
+    }
+    const { url } = await res.json();
+    spinner.succeed(chalk.green('Report shared!'));
+    console.log();
+    console.log(chalk.white('  Share URL: ') + chalk.cyan.bold(url));
+    console.log(chalk.gray('  Link expires in 7 days.'));
+    console.log();
+  } catch (err) {
+    spinner.fail(chalk.red('Failed to share report'));
+    console.log(chalk.gray(`  ${err.message}`));
+    process.exit(1);
+  }
+}

package/cli/commands/shell.js CHANGED Viewed

@@ -29,6 +29,7 @@ import { autoDetectProvider } from '../providers/llm-provider.js';
 import { auditCommand } from './audit.js';
 import { agentFixCommand } from './agent-fix.js';
 import { undoCommand } from './undo.js';
+import { shareCommand } from './share.js';
 import * as output from '../utils/output.js';
 const SEV_RANK = { critical: 4, high: 3, medium: 2, low: 1, info: 0 };
@@ -320,6 +321,11 @@ async function handleSlashCommand(line, state, options) {
       return true;
     }
+    case 'share': {
+      await shareCommand(state.root);
+      return true;
+    }
     case 'provider': {
       const name = args[0];
       if (!name) {
@@ -428,6 +434,7 @@ function printHelp() {
   console.log('    /plan <n>             Preview a fix plan for finding <n> (no writes)');
   console.log('    /agent [--plan-only]  Run the interactive fix loop');
   console.log('    /undo [--all]         Revert the last fix (or all)');
+  console.log('    /share                Publish scan report as a public URL (7 days)');
   console.log('    /diff [path]          Show git working-tree diff');
   console.log('    /git <args>           Pass through to git (status, log, stash, ...)');
   console.log('    /provider <name>      Switch LLM provider');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ship-safe",
-  "version": "9.2.2",
+  "version": "9.2.3",
   "description": "AI-powered multi-agent security platform. 23 agents scan 80+ attack classes including AI integration supply chain (Vercel-class attacks), Hermes Agent deployments (ASI-01–ASI-10), tool registry poisoning, function-call injection, skill permission drift, and agent attestation. Ship Safe × Hermes Agent.",
   "main": "cli/index.js",
   "bin": {