npm - subto - Versions diffs - 9.0.4 → 9.0.6 - Mend

subto 9.0.4 → 9.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -23,8 +23,8 @@ npm install -g subto
 ```bash
 subto login
 subto account
-subto scan https://example.com
-subto scan https://example.com --wait
+subto scan https://example.com basic
+subto scan https://example.com full yes --wait
 subto chat
 ```
@@ -74,18 +74,24 @@ Output includes:
 - scan count
 - member-since date
-### `subto scan <url>`
+### `subto scan <url> <basic|full> [yes|no]`
 Requests a remote scan for a URL via the Subto API.
 ```bash
-subto scan https://example.com
-subto scan https://example.com --wait
-subto scan https://example.com --no-wait
-subto scan https://example.com --json
-subto scan https://example.com --chat
+subto scan https://example.com basic
+subto scan https://example.com basic --wait
+subto scan https://example.com full yes
+subto scan https://example.com full no --json
+subto scan https://example.com full yes --chat
 ```
+Arguments:
+- `<basic|full>` is required.
+- `[yes|no]` is required when mode is `full`.
+- Do not provide a video argument when mode is `basic`.
 Options:
 - `--json` prints the raw JSON response.
@@ -93,6 +99,12 @@ Options:
 - `--no-wait` returns immediately instead of polling.
 - `--chat` opens the local interactive assistant after the scan completes.
+Examples:
+- `subto scan https://example.com basic`
+- `subto scan https://example.com full yes`
+- `subto scan https://example.com full no --wait`
 If the server returns HTML instead of JSON, the CLI attempts to recover the `scanId` automatically. If it cannot, it saves the HTML response to a temporary file for inspection.
 ### `subto scan upload [dir]`

package/dist/package/index.js CHANGED Viewed

@@ -11,7 +11,7 @@ const chalk = (_chalk && _chalk.default) ? _chalk.default : _chalk;
 const CONFIG_DIR = path.join(os.homedir(), '.subto');
 const CONFIG_PATH = path.join(CONFIG_DIR, 'config.json');
 const DEFAULT_API_BASE = 'https://subto.one';
-const CLIENT_META = { name: 'subto-cli', version: '9.0.3' };
+const CLIENT_META = { name: 'subto-cli', version: '9.0.5' };
 function configFilePath() { return CONFIG_PATH; }
@@ -167,7 +167,7 @@ function printAccountSummary(payload) {
 async function run(argv) {
   const program = new Command();
-  program.name('subto').description('Subto CLI — wrapper around Subto.One API').version(CLIENT_META.version || '9.0.3');
+  program.name('subto').description('Subto CLI — wrapper around Subto.One API').version(CLIENT_META.version || '9.0.5');
   program.command('login').description('Store your API key in ~/.subto/config.json').action(async () => {
     try {

package/index.js CHANGED Viewed

@@ -11,7 +11,7 @@ const chalk = (_chalk && _chalk.default) ? _chalk.default : _chalk;
 const CONFIG_DIR = path.join(os.homedir(), '.subto');
 const CONFIG_PATH = path.join(CONFIG_DIR, 'config.json');
 const DEFAULT_API_BASE = 'https://subto.one/api/v1';
-const CLIENT_META = { name: 'subto-cli', version: '9.0.3' };
+const CLIENT_META = { name: 'subto-cli', version: '9.0.5' };
 const cp = require('child_process');
 // Normalize SUBTO API base so callers can set either
@@ -215,13 +215,19 @@ async function _maskHeaders(obj){
   return out;
 }
-async function postScan(url, apiKey, debug=false) {
+async function postScan(url, apiKey, scanProfile, recordVideo, debug=false) {
   // Use normalized API base
   const endpointObj = new URL('scan', SUBTO_API_BASE_SLASH);
   // API key is sent via headers only — never in query strings to prevent
   // leakage via server logs, proxy logs, and Referer headers.
   const endpoint = endpointObj.toString();
-  const body = { url, source: 'cli', client: CLIENT_META };
+  const body = {
+    url,
+    source: 'cli',
+    client: CLIENT_META,
+    scanProfile,
+    recordVideo
+  };
     const fetchFn = global.fetch;
       if (typeof fetchFn !== 'function') throw new Error('Global fetch() is not available in this Node runtime. Use Node 18+');
   // Validate header-safety to avoid undici/node fetch ByteString conversion errors
@@ -399,8 +405,10 @@ async function printFullReport(data) {
   // Malware reporting via VirusTotal has been disabled in API responses.
   // Video link
-  if (scan.videoUrl || scan.videoPath || scan.hasVideo) {
-    const vurl = scan.videoUrl || ((scan.videoPath) ? `${SUBTO_HOST_BASE}/video/${scan.scanId || scan.id}` : null);
+  const nestedVideoUrl = scan.comprehensive?.videoMp4Url || scan.comprehensive?.videoUrl || null;
+  const nestedVideoPath = scan.comprehensive?.videoPath || null;
+  if (scan.videoUrl || scan.videoPath || scan.hasVideo || nestedVideoUrl || nestedVideoPath || scan.comprehensive?.hasVideo) {
+    const vurl = scan.videoUrl || nestedVideoUrl || ((scan.videoPath || nestedVideoPath) ? `${SUBTO_HOST_BASE}/video/${scan.scanId || scan.id}` : null);
     if (vurl) {
       // attempt to HEAD the video URL to detect expiry / 404
       let note = '';
@@ -563,7 +571,7 @@ async function answerFromScan(scan, question){
   // Local heuristic fallback
   const lq = q.toLowerCase();
   if(lq.includes('video')||lq.includes('record')){
-    const url = scan.videoUrl || (scan.videoPath? `${SUBTO_HOST_BASE}/video/${scan.scanId||scan.id}` : null);
+    const url = scan.videoUrl || scan.comprehensive?.videoMp4Url || scan.comprehensive?.videoUrl || ((scan.videoPath || scan.comprehensive?.videoPath) ? `${SUBTO_HOST_BASE}/video/${scan.scanId||scan.id}` : null);
     return url? `Session video: ${url}` : 'No session video available for this scan.';
   }
   if(lq.includes('issues')||lq.includes('problem')){
@@ -612,7 +620,7 @@ async function startChatREPL(scanData){
 async function run(argv) {
   const program = new Command();
-  program.name('subto').description('Subto CLI — wrapper around Subto.One API').version(CLIENT_META.version || '9.0.3');
+  program.name('subto').description('Subto CLI — wrapper around Subto.One API').version(CLIENT_META.version || '9.0.5');
   program.addHelpText('after', `
 Common commands:
@@ -623,12 +631,12 @@ Common commands:
   subto account --json
     Show your account name, email, API call count, scan count, and member-since date.
-  subto scan <url>
-  subto scan <url> --wait
-  subto scan <url> --no-wait
-  subto scan <url> --json
-  subto scan <url> --chat
-    Request a remote scan for a URL. Polling happens automatically when the server queues the scan unless you pass --no-wait.
+  subto scan <url> basic
+  subto scan <url> basic --wait
+  subto scan <url> full yes
+  subto scan <url> full no --json
+  subto scan <url> full yes --chat
+    Request a remote scan for a URL. You must choose basic or full. Full scans also require an explicit video choice: yes or no.
   subto scan upload [dir]
   subto scan upload [dir] --wait
@@ -730,19 +738,40 @@ Notes:
       }
     });
-  program
-    .command('scan <url>')
-    .description('Request a scan for <url> via the Subto API')
+  const scanCommand = program
+    .command('scan')
+    .description('Request a remote scan for a URL, or use a scan subcommand')
+    .argument('<url>')
+    .argument('<mode>')
+    .argument('[videoChoice]')
     .option('--json', 'Output raw JSON')
     .option('--wait', 'Poll for completion and show progress')
     .option('--no-wait', 'Do not poll; return immediately')
     .option('--chat', 'Open interactive AI assistant after scan completes')
-    .action(async (url, opts) => {
+    .action(async (url, mode, videoChoice, opts) => {
       if (!validateUrl(url)) { console.error(chalk.red('Invalid URL. Provide a full URL including http:// or https://')); process.exit(1); }
+      const normalizedMode = String(mode || '').trim().toLowerCase();
+      if (!['basic', 'full'].includes(normalizedMode)) {
+        console.error(chalk.red('Invalid scan mode. Use `basic` or `full`.'));
+        process.exit(1);
+      }
+      let effectiveVideoChoice = null;
+      if (normalizedMode === 'full') {
+        effectiveVideoChoice = String(videoChoice || '').trim().toLowerCase();
+        if (!['yes', 'no'].includes(effectiveVideoChoice)) {
+          console.error(chalk.red('Full scan mode requires an explicit video choice: `yes` or `no`.'));
+          process.exit(1);
+        }
+      } else if (videoChoice !== undefined) {
+        console.error(chalk.red('Basic scan mode does not accept a video argument. Use `subto scan <url> basic`.'));
+        process.exit(1);
+      }
       const cfg = await readConfig(); if (!cfg || !cfg.apiKey) { console.error(chalk.red('Missing API key. Run:'), chalk.cyan('subto login')); process.exit(1); }
       try {
         const DEBUG = (program && typeof program.opts === 'function') ? Boolean(program.opts().debug) : false;
-        const resp = await postScan(url, cfg.apiKey, DEBUG);
+        const resp = await postScan(url, cfg.apiKey, normalizedMode, effectiveVideoChoice === 'yes', DEBUG);
         if (resp.status === 429) {
           let retrySeconds = null;
           if (resp.body && typeof resp.body === 'object' && resp.body.retry_after) retrySeconds = resp.body.retry_after;
@@ -1264,8 +1293,8 @@ Notes:
     });
   // Upload and scan locally via server: `subto scan upload [dir]`
-  program
-    .command('scan upload [dir]')
+  scanCommand
+    .command('upload [dir]')
     .description('Upload a directory to the server and request a scan (respects .subtoignore)')
     .option('--wait', 'Poll until analysis completes')
     .action(async (dir, opts) => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "subto",
-  "version": "9.0.4",
+  "version": "9.0.6",
   "description": "Subto CLI — thin wrapper around the Subto.One API",
   "bin": {
     "subto": "bin/subto.js"