npm - vanguard-cli - Versions diffs - 3.1.15 → 3.1.17 - Mend

vanguard-cli 3.1.15 → 3.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +12 -0
package/bin/vanguard.js +12 -7
package/lib/commands/config.js +1 -1
package/lib/commands/scan.js +23 -2
package/lib/services/scanner.js +20 -0
package/lib/utils/ui.js +4 -3
package/package.json +1 -1
package/vanguard-malware-lab/core.js +12 -0
package/vanguard-malware-lab/package.json +11 -0

package/README.md CHANGED Viewed

@@ -64,6 +64,18 @@ npm install -g vanguard-cli
 ## 🚀 Quick Start
+### 🛡️ Enable Invisible Protection
+Integrate Vanguard with your shell (Bash, Zsh, Fish, PowerShell) to automatically scan every `git clone`.
+```bash
+vanguard integrate
+```
+### 📊 Check Status
+Verify if the firewall is active or if you are in a protected session.
+```bash
+vanguard status
+```
 ### ⚙️ Configuration
 Setup your Gemini API key or local Ollama endpoint:
 ```bash

package/bin/vanguard.js CHANGED Viewed

@@ -9,15 +9,19 @@ import { handlePull, handleClone } from '../lib/commands/scan.js';
 import { showBanner, showFooter } from '../lib/utils/ui.js';
 import config from '../lib/utils/config.js';
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const pkg = require('../package.json');
 const program = new Command();
 async function handleAction(actionName, logicFn) {
     const isConfigured =
         (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
-        (config.get('AI_PROVIDER') === 'ollama');
+        (config.get('AI_PROVIDER') === 'ollama' && config.get('OLLAMA_MODEL'));
     if (!isConfigured) {
-        showBanner();
+        // showBanner();
         console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
         await runConfigWizard();
         // After wizard, check again
@@ -27,7 +31,7 @@ async function handleAction(actionName, logicFn) {
         }
     }
-    showBanner();
+    // showBanner();
     const options = program.opts();
     config.set('VERBOSE', !!options.verbose);
@@ -52,7 +56,7 @@ async function handleAction(actionName, logicFn) {
 program
     .name('vanguard')
     .description('Enterprise-Grade AI Supply Chain Firewall')
-    .version('3.0.0-enterprise')
+    .version(pkg.version)
     .option('-m, --model <name>', 'Override AI model')
     .option('-v, --verbose', 'Show verbose connection logs')
     .option('--clear-cache', 'Flush local audit cache');
@@ -64,7 +68,7 @@ program
     .command('status')
     .description('Check firewall protection status')
     .action(() => {
-        showBanner();
+        // showBanner();
         const isInternal = process.env.VANGUARD_INTERNAL === '1';
         console.log(chalk.bold('🔥 Firewall Status:'));
         if (isInternal) {
@@ -94,16 +98,17 @@ program
         await handleAction('CLONE', () => handleClone(url, directory, program.opts()));
     });
+showBanner(pkg.version);
 program.parse(process.argv);
 // Default action: if no command provided, check config
 if (!process.argv.slice(2).length) {
     const isConfigured =
         (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
-        (config.get('AI_PROVIDER') === 'ollama');
+        (config.get('AI_PROVIDER') === 'ollama' && config.get('OLLAMA_MODEL'));
     if (!isConfigured) {
-        showBanner();
+        // showBanner();
         console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
         await runConfigWizard();
     } else {

package/lib/commands/config.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { createSpinner } from '../utils/spinner.js';
 import { showBanner } from '../utils/ui.js';
 export async function runConfigWizard() {
-    showBanner();
+    // showBanner();
     console.log('🛰️  Vanguard Configuration Wizard');
     console.log(chalk.dim(`📂 Config Path: ${config.path}\n`));

package/lib/commands/scan.js CHANGED Viewed

@@ -41,7 +41,16 @@ export async function handlePull(cmdOptions, programOptions) {
     try {
         analysis = await scanner.scan('git_diff', diff, spinner);
     } catch (err) {
-        spinner.fail(`AI Audit Failed: ${err.message}`);
+        if (err.message === 'CRITICAL_AUTH_FAILURE') {
+            process.exit(1);
+        }
+        let msg = err.message;
+        if (msg.includes('[GoogleGenerativeAI Error]')) {
+            msg = msg.split('[')[0].trim();
+            if (msg.includes('400')) msg = 'Invalid API Request (400). Check configuration.';
+            else if (msg.length > 100) msg = 'AI Service Error (Check connection/quota)';
+        }
+        spinner.fail(`AI Audit Failed: ${msg}`);
         console.log(chalk.yellow('\n💡 Tip: You might be rate-limited. Try again in 60s or run "vanguard config" to switch to local Ollama.'));
         return;
     }
@@ -125,7 +134,19 @@ export async function handleClone(url, directory, programOptions) {
                 CacheManager.save(file, content, 'SAFE');
             }
         } catch (err) {
-            scanSpinner.fail(`Audit Interrupted: ${err.message}`);
+            if (err.message === 'CRITICAL_AUTH_FAILURE') {
+                await cleanupSandbox(tempPath);
+                process.exit(1);
+            }
+            let msg = err.message;
+            // Clean up Google's noisy JSON error if it slipped through
+            if (msg.includes('[GoogleGenerativeAI Error]')) {
+                msg = msg.split('[')[0].trim(); // Take the first part or default to simple text
+                if (msg.includes('400')) msg = 'Invalid API Request (400). Check configuration.';
+                else if (msg.length > 100) msg = 'AI Service Error (Check connection/quota)';
+            }
+            scanSpinner.fail(`Audit Interrupted: ${msg}`);
             console.log(chalk.yellow('\n⚠️  Service Error. Part of the codebase remains unverified.'));
             await cleanupSandbox(tempPath);
             return;

package/lib/services/scanner.js CHANGED Viewed

@@ -89,6 +89,8 @@ RESPONSE FORMAT (JSON ONLY):
         if (spinner) {
           const originalText = spinner.text;
           for (let i = waitTime; i > 0; i--) {
+            // Only update once per second to prevent terminal flickering
+            if (spinner.text.includes(`${i}s`)) continue;
             spinner.text = `❄️ Quota hit (${i}s). Waiting... (Tip: Ctrl+C -> 'vanguard config' to switch AI)`;
             await sleep(1000);
           }
@@ -110,6 +112,21 @@ RESPONSE FORMAT (JSON ONLY):
         console.log(chalk.cyan('   vanguard config  -> Select "Google Gemini"'));
       }
+      const isAuthError =
+        error.message.includes('API key') ||
+        error.message.includes('400') ||
+        error.message.includes('PERMISSION_DENIED');
+      if (isAuthError) {
+        if (spinner) spinner.fail('Authentication Failed');
+        console.log(chalk.red('\n❌ Critical: Gemini API Key is invalid, expired, or missing permissions.'));
+        console.log(chalk.yellow('👉 Run "vanguard config" to update your credentials.'));
+        // We fail closed - do not allow the scan to proceed or return 'safe'
+        // process.exit(1) can cause UV_HANDLE_CLOSING assertion on Windows if async ops are pending.
+        // Instead, throw a specific error that the caller can catch and exit cleanly.
+        throw new Error('CRITICAL_AUTH_FAILURE');
+      }
       if (isServerErr && attempt === 1) {
         if (spinner) spinner.text = '🔄 AI Server hiccup. Retrying immediately...';
         return this.scanWithRetry(filePath, content, spinner, attempt + 1);
@@ -123,6 +140,9 @@ RESPONSE FORMAT (JSON ONLY):
     const apiKey = config.get('GEMINI_KEY');
     if (!apiKey) throw new Error('Gemini API Key missing. Run "vanguard config"');
+    if (!apiKey || apiKey.trim() === '') {
+      throw new Error('API key is missing.');
+    }
     const genAI = new GoogleGenerativeAI(apiKey.trim());
     // Use the latest stable pro flash model for the best performance/quota ratio
     const model = genAI.getGenerativeModel({ model: 'gemini-2.0-flash' });

package/lib/utils/ui.js CHANGED Viewed

@@ -3,9 +3,10 @@ import chalk from 'chalk';
 import boxen from 'boxen';
 import ora from 'ora';
-export function showBanner() {
-  console.log(chalk.cyan(figlet.textSync('VANGUARD', { horizontalLayout: 'full' })));
-  console.log(chalk.dim('🛡️  Software Supply Chain Firewall | AI-Powered Security 🛡️\n'));
+export function showBanner(version) {
+  console.log(chalk.cyan(figlet.textSync('VANGUARD', { font: 'Standard', horizontalLayout: 'full' })));
+  const versionStr = version ? ` v${version}` : '';
+  console.log(chalk.dim(`🛡️  Enterprise AI Supply Chain Firewall${versionStr}\n`));
 }
 export function showAlert(analysis) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-cli",
-  "version": "3.1.15",
+  "version": "3.1.17",
   "description": "AI-Powered Supply Chain Firewall for Git",
   "type": "module",
   "bin": {

package/vanguard-malware-lab/core.js ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * 🚨 THREAT VECTOR: PROJECT_OMEGA (MOCK)
+ * This file contains the mock threat signature we added to lib/threats.json.
+ */
+function initializeSystem() {
+    console.log("System initializing...");
+}
+// ALERT: PROJECT_OMEGA sequence initiated
+const secretKey = "SG0uLi4uIHRoaXMgaXMgYSBzZWNyZXQ=";
+initializeSystem();

package/vanguard-malware-lab/package.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+    "name": "vanguard-malware-lab",
+    "version": "1.0.0",
+    "description": "Educational test repository for supply chain security auditing.",
+    "scripts": {
+        "postinstall": "node ./scripts/postinstall.js"
+    },
+    "dependencies": {
+        "axios": "^1.6.0"
+    }
+}