npm - vanguard-cli - Versions diffs - 3.0.0 → 3.1.3 - Mend

vanguard-cli 3.0.0 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Changelog
+## 3.1.3 (2026-01-24)
+### Features
+* enterprise-grade AI resilience with gemini-1.5-flash-latest 🛡️❄️🚀✨ ([3ab3f1d](https://github.com/bazobehram/vanguard/commit/3ab3f1da4866c3e8bb833efd039f43b1dd6e8942))
+* implement scanner resilience and add test suite 🛡️🧪🧬✨ ([20310c3](https://github.com/bazobehram/vanguard/commit/20310c30d2787cbc2dedb0a19d8d2a5d2b308d0d))
+* implement smart throttling and robust 429 recovery logic 🛡️❄️✨ ([4123794](https://github.com/bazobehram/vanguard/commit/4123794b1cced382fb628a1b828a466d83c24a3e))
+* initial public release of Vanguard V3 Enterprise Edition ��️🚀✨ ([2335c1a](https://github.com/bazobehram/vanguard/commit/2335c1aa78a95a871cc600e62dd45431147088b9))
+## 3.1.2 (2026-01-24)
+### Features
+* implement scanner resilience and add test suite 🛡️🧪🧬✨ ([20310c3](https://github.com/bazobehram/vanguard/commit/20310c30d2787cbc2dedb0a19d8d2a5d2b308d0d))
+* implement smart throttling and robust 429 recovery logic 🛡️❄️✨ ([4123794](https://github.com/bazobehram/vanguard/commit/4123794b1cced382fb628a1b828a466d83c24a3e))
+* initial public release of Vanguard V3 Enterprise Edition ��️🚀✨ ([2335c1a](https://github.com/bazobehram/vanguard/commit/2335c1aa78a95a871cc600e62dd45431147088b9))
+## 3.1.1 (2026-01-24)
+### Features
+* implement smart throttling and robust 429 recovery logic 🛡️❄️✨ ([4123794](https://github.com/bazobehram/vanguard/commit/4123794b1cced382fb628a1b828a466d83c24a3e))
+* initial public release of Vanguard V3 Enterprise Edition ��️🚀✨ ([2335c1a](https://github.com/bazobehram/vanguard/commit/2335c1aa78a95a871cc600e62dd45431147088b9))

package/lib/commands/config.js CHANGED Viewed

@@ -14,7 +14,7 @@ export async function runConfigWizard() {
             name: 'providerSelection',
             message: 'Select AI Provider:',
             choices: [
-                { name: 'Google Gemini 2.0 (Cloud - Fast & Smart)', value: 'gemini' },
+                { name: 'Google Gemini (Cloud - Reliable & Smart)', value: 'gemini' },
                 { name: 'Local Ollama (Private - Offline)', value: 'ollama' },
             ],
         },
@@ -33,7 +33,7 @@ export async function runConfigWizard() {
             },
         ]);
         config.set('GEMINI_KEY', apiKey);
-        console.log('✅ Gemini 2.0 configured and saved.');
+        console.log('✅ Gemini configured and saved.');
     } else {
         const spinner = createSpinner('🔍 Detecting local Ollama models...').start();
         try {

package/lib/commands/scan.js CHANGED Viewed

@@ -37,7 +37,14 @@ export async function handlePull(cmdOptions, programOptions) {
     }
     const scanner = new VanguardScanner(programOptions.model, context);
-    const analysis = await scanner.scan('git_diff', diff);
+    let analysis;
+    try {
+        analysis = await scanner.scan('git_diff', diff, spinner);
+    } catch (err) {
+        spinner.fail(`AI Audit Failed: ${err.message}`);
+        console.log(chalk.yellow('\n💡 Tip: You might be rate-limited. Try again in 60s or run "vanguard config" to switch to local Ollama.'));
+        return;
+    }
     spinner.stop();
     showAlert(analysis);
@@ -107,14 +114,21 @@ export async function handleClone(url, directory, programOptions) {
             continue;
         }
-        const result = await scanner.scan(file, content);
-        if (result.verdict === 'BLOCK') {
-            finalVerdict = 'BLOCK';
-            allThreats.push(
-                ...result.threats.map((t) => ({ ...t, file: path.relative(tempPath, file) }))
-            );
-        } else {
-            CacheManager.save(file, content, 'SAFE');
+        try {
+            const result = await scanner.scan(file, content, scanSpinner);
+            if (result.verdict === 'BLOCK') {
+                finalVerdict = 'BLOCK';
+                allThreats.push(
+                    ...result.threats.map((t) => ({ ...t, file: path.relative(tempPath, file) }))
+                );
+            } else {
+                CacheManager.save(file, content, 'SAFE');
+            }
+        } catch (err) {
+            scanSpinner.fail(`Audit Interrupted: ${err.message}`);
+            console.log(chalk.yellow('\n⚠️  Service Error. Part of the codebase remains unverified.'));
+            await cleanupSandbox(tempPath);
+            return;
         }
     }

package/lib/services/scanner.js CHANGED Viewed

@@ -10,7 +10,9 @@ import pLimit from 'p-limit';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const THREATS_PATH = path.join(__dirname, '../threats.json');
-const limit = pLimit(3); // Enterprise concurrency limit: 3 files at a time
+const limit = pLimit(1); // Conservative concurrency for free tier stability
+export const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
 export class VanguardScanner {
   constructor(modelOverride, intelligenceContext = '') {
@@ -19,36 +21,20 @@ export class VanguardScanner {
     this.intelligenceContext = intelligenceContext;
   }
-  /**
-   * Enterprise Filtering Logic: Skip binaries, images, and massive files.
-   */
   shouldSkip(filePath, stats) {
     const ext = path.extname(filePath).toLowerCase();
     const binaryExtensions = [
-      '.exe',
-      '.dll',
-      '.so',
-      '.bin',
-      '.png',
-      '.jpg',
-      '.jpeg',
-      '.gif',
-      '.pdf',
-      '.zip',
-      '.gz',
+      '.exe', '.dll', '.so', '.bin', '.png', '.jpg', '.jpeg', '.gif', '.pdf', '.zip', '.gz',
     ];
     if (binaryExtensions.includes(ext)) return true;
-    if (stats.size > 100 * 1024) return true; // 100KB limit
+    if (stats.size > 100 * 1024) return true;
     if (filePath.includes('node_modules')) return true;
     return false;
   }
   async getSystemInstruction() {
     const threatsData = await fs.readFile(THREATS_PATH, 'utf-8');
     const threats = JSON.parse(threatsData);
     const categoriesListing = threats
       .map((t, i) => `${i + 1}. **${t.name}:** ${t.description}`)
       .join('\n');
@@ -62,44 +48,64 @@ ${categoriesListing}
 ${this.intelligenceContext}
-TASK: Combine the code analysis with the latest intelligence and vulnerability data above.
-If OSV reports a critical vulnerability or the remote rules flag a new pattern, YOU MUST VERDICT: BLOCK.
 JSON OUTPUT RULES:
-- risk_score: 0-100 (Be aggressive).
-- verdict: "BLOCK" (if risk found) or "SAFE".
-- threats: Array of objects: { "file": "filename", "line": number, "threat": "category", "reason": "why" }
-- summary: Clear high-level explanation for a developer.
+- risk_score: 0-100.
+- verdict: "BLOCK" or "SAFE".
+- threats: Array of { "file", "line", "threat", "reason" }
+- summary: Clear explanation.
 RESPONSE FORMAT (JSON ONLY):
-{ "risk_score": 95, "verdict": "BLOCK", "threats": [{ "file": "lib/utils.js", "line": 42, "threat": "Secret Exfiltration", "reason": "Accesses .env and sends to remote server." }], "summary": "Critical vulnerability found." }
+{ "risk_score": 95, "verdict": "BLOCK", "threats": [], "summary": "..." }
 `;
   }
-  async scan(filePath, content) {
-    return limit(() => this.scanWithRetry(filePath, content));
+  async scan(filePath, content, spinner = null) {
+    // Random Jitter Throttling (1s - 3s)
+    if (this.provider === 'gemini') {
+      const jitter = Math.floor(Math.random() * 2000) + 1000;
+      await sleep(jitter);
+    }
+    return limit(() => this.scanWithRetry(filePath, content, spinner));
   }
-  async scanWithRetry(filePath, content, retries = 3) {
-    for (let i = 0; i < retries; i++) {
-      try {
-        if (this.provider === 'gemini') {
-          return await this.scanWithGemini(content);
+  async scanWithRetry(filePath, content, spinner, attempt = 1) {
+    const maxAttempts = 3;
+    try {
+      if (this.provider === 'gemini') {
+        return await this.scanWithGemini(content);
+      } else {
+        return await this.scanWithOllama(content);
+      }
+    } catch (error) {
+      const isRateLimit =
+        error.message.includes('429') ||
+        error.message.includes('Too Many Requests') ||
+        error.message.includes('Quota');
+      const isServerErr = error.message.includes('500') || error.message.includes('503');
+      if (isRateLimit && attempt <= maxAttempts) {
+        const waitTime = attempt === 1 ? 30 : 60; // Increase wait on second failure
+        if (spinner) {
+          const originalText = spinner.text;
+          for (let i = waitTime; i > 0; i--) {
+            spinner.text = `❄️ Quota hit. Cooling down API (${i}s remaining)...`;
+            await sleep(1000);
+          }
+          spinner.text = originalText;
         } else {
-          return await this.scanWithOllama(content);
-        }
-      } catch (error) {
-        const isRateLimit =
-          error.message.includes('429') || error.message.includes('Too Many Requests');
-        if (isRateLimit && i < retries - 1) {
-          const delay = Math.pow(2, i) * 1000;
-          if (config.get('VERBOSE'))
-            console.log(chalk.yellow(`  ⚠ Rate limited. Retrying in ${delay}ms...`));
-          await new Promise((res) => setTimeout(res, delay));
-          continue;
+          console.log(chalk.yellow(`\n⚠️ Rate limit hit. Cooling down for ${waitTime}s (Attempt ${attempt}/${maxAttempts})...`));
+          await sleep(waitTime * 1000);
         }
-        throw error;
+        return this.scanWithRetry(filePath, content, spinner, attempt + 1);
       }
+      if (isServerErr && attempt === 1) {
+        if (spinner) spinner.text = '🔄 AI Server hiccup. Retrying immediately...';
+        return this.scanWithRetry(filePath, content, spinner, attempt + 1);
+      }
+      throw error;
     }
   }
@@ -108,13 +114,12 @@ RESPONSE FORMAT (JSON ONLY):
     if (!apiKey) throw new Error('Gemini API Key missing. Run "vanguard config"');
     const genAI = new GoogleGenerativeAI(apiKey);
-    const model = genAI.getGenerativeModel({ model: 'gemini-2.0-flash-exp' });
+    // Use the -latest alias for better cross-region compatibility
+    const model = genAI.getGenerativeModel({ model: 'gemini-1.5-flash-latest' });
     const instruction = await this.getSystemInstruction();
     const result = await model.generateContent({
-      contents: [
-        { role: 'user', parts: [{ text: `${instruction}\n\nFILE CONTENT:\n${content}` }] },
-      ],
+      contents: [{ role: 'user', parts: [{ text: `${instruction}\n\nFILE CONTENT:\n${content}` }] }],
     });
     const response = await result.response;

package/package.json CHANGED Viewed

@@ -1,50 +1,51 @@
-{
-  "name": "vanguard-cli",
-  "version": "3.0.0",
-  "description": "AI-Powered Supply Chain Firewall for Git",
-  "type": "module",
-  "bin": {
-    "vanguard": "./bin/vanguard.js"
-  },
-  "scripts": {
-    "test": "vitest run",
-    "format": "prettier --write .",
-    "lint": "eslint .",
-    "release": "release-it",
-    "release:dry": "release-it --dry-run"
-  },
-  "keywords": [],
-  "author": "Behram Bazo",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/bazob/vanguard.git"
-  },
-  "dependencies": {
-    "@google/generative-ai": "^0.21.0",
-    "boxen": "^8.0.1",
-    "chalk": "^4.1.2",
-    "cli-table3": "^0.6.5",
-    "commander": "^13.1.0",
-    "conf": "^12.0.0",
-    "crypto-js": "^4.2.0",
-    "figlet": "^1.8.0",
-    "inquirer": "^8.2.4",
-    "node-fetch": "^2.7.0",
-    "ora": "^8.1.1",
-    "p-limit": "^7.2.0",
-    "simple-git": "^3.27.0"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.39.2",
-    "@release-it/conventional-changelog": "^10.0.4",
-    "eslint": "^9.39.2",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-node": "^11.1.0",
-    "globals": "^17.1.0",
-    "nock": "^14.0.10",
-    "prettier": "^3.8.1",
-    "release-it": "^19.2.4",
-    "vitest": "^4.0.18"
-  }
-}
+{
+  "name": "vanguard-cli",
+  "version": "3.1.3",
+  "description": "AI-Powered Supply Chain Firewall for Git",
+  "type": "module",
+  "bin": {
+    "vanguard": "./bin/vanguard.js"
+  },
+  "scripts": {
+    "test": "vitest run",
+    "format": "prettier --write .",
+    "lint": "eslint .",
+    "release": "release-it",
+    "release:dry": "release-it --dry-run",
+    "ship": "node scripts/ship.js"
+  },
+  "keywords": [],
+  "author": "Behram Bazo",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bazob/vanguard.git"
+  },
+  "dependencies": {
+    "@google/generative-ai": "^0.21.0",
+    "boxen": "^8.0.1",
+    "chalk": "^4.1.2",
+    "cli-table3": "^0.6.5",
+    "commander": "^13.1.0",
+    "conf": "^12.0.0",
+    "crypto-js": "^4.2.0",
+    "figlet": "^1.8.0",
+    "inquirer": "^8.2.4",
+    "node-fetch": "^2.7.0",
+    "ora": "^8.1.1",
+    "p-limit": "^7.2.0",
+    "simple-git": "^3.27.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.2",
+    "@release-it/conventional-changelog": "^10.0.4",
+    "eslint": "^9.39.2",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-node": "^11.1.0",
+    "globals": "^17.1.0",
+    "nock": "^14.0.10",
+    "prettier": "^3.8.1",
+    "release-it": "^19.2.4",
+    "vitest": "^4.0.18"
+  }
+}