vanguard-cli 3.1.16 → 3.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/bin/vanguard.js +34 -3
  2. package/lib/commands/scan.js +7 -0
  3. package/lib/services/scanner.js +3 -1
  4. package/package.json +1 -1
  5. package/vanguard-malware-lab/core.js +0 -12
  6. package/vanguard-malware-lab/package.json +0 -11
package/bin/vanguard.js CHANGED
@@ -18,7 +18,7 @@ const program = new Command();
18
18
  async function handleAction(actionName, logicFn) {
19
19
  const isConfigured =
20
20
  (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
21
- (config.get('AI_PROVIDER') === 'ollama');
21
+ (config.get('AI_PROVIDER') === 'ollama' && config.get('OLLAMA_MODEL'));
22
22
 
23
23
  if (!isConfigured) {
24
24
  // showBanner();
@@ -45,7 +45,38 @@ async function handleAction(actionName, logicFn) {
45
45
  ]);
46
46
 
47
47
  if (!proceed) {
48
- console.log('⚠️ Skipping protection. Proceeding at your own risk.');
48
+ console.log(chalk.yellow('⚠️ Skipping protection. Proceeding at your own risk.'));
49
+
50
+ // If the user skips Vanguard, we must execute the original git command
51
+ if (actionName === 'CLONE') {
52
+ // Reconstruct arguments
53
+ const args = process.argv.slice(3); // Remove node, bin, clone
54
+ // This is a simplified fallback. In a real integration, we'd want to execSync/spawn
55
+ // "git clone ..." but since we are inside a node process wrapping git,
56
+ // we can suggest the user run usage logic or attempt spawn.
57
+
58
+ // However, for the 'integrate' shell function, if 'vanguard' exits with 0 and no output,
59
+ // the shell function expects to be done.
60
+ // The Shell Integration logic:
61
+ // if [ "$1" = "clone" ] ... vanguard clone ... else git clone ...
62
+
63
+ // If we return here, Vanguard finishes. The shell wrapper won't run `git clone` because
64
+ // it delegated the job to `vanguard clone`.
65
+
66
+ // SO: We must actually perform the git clone ourselves now, or exit with a specific code
67
+ // that tells the shell wrapper to fallback (complex).
68
+
69
+ // Easiest path: Spawn 'git' directly here.
70
+ const { spawn } = await import('child_process');
71
+ const gitArgs = [actionName.toLowerCase(), ...process.argv.slice(3)];
72
+
73
+ const child = spawn('git', gitArgs, { stdio: 'inherit', shell: true });
74
+ child.on('close', (code) => {
75
+ process.exit(code);
76
+ });
77
+ // We return promise to await exit
78
+ return new Promise(() => { });
79
+ }
49
80
  return;
50
81
  }
51
82
 
@@ -105,7 +136,7 @@ program.parse(process.argv);
105
136
  if (!process.argv.slice(2).length) {
106
137
  const isConfigured =
107
138
  (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
108
- (config.get('AI_PROVIDER') === 'ollama');
139
+ (config.get('AI_PROVIDER') === 'ollama' && config.get('OLLAMA_MODEL'));
109
140
 
110
141
  if (!isConfigured) {
111
142
  // showBanner();
package/lib/commands/scan.js CHANGED
@@ -41,6 +41,9 @@ export async function handlePull(cmdOptions, programOptions) {
41
41
  try {
42
42
  analysis = await scanner.scan('git_diff', diff, spinner);
43
43
  } catch (err) {
44
+ if (err.message === 'CRITICAL_AUTH_FAILURE') {
45
+ process.exit(1);
46
+ }
44
47
  let msg = err.message;
45
48
  if (msg.includes('[GoogleGenerativeAI Error]')) {
46
49
  msg = msg.split('[')[0].trim();
@@ -131,6 +134,10 @@ export async function handleClone(url, directory, programOptions) {
131
134
  CacheManager.save(file, content, 'SAFE');
132
135
  }
133
136
  } catch (err) {
137
+ if (err.message === 'CRITICAL_AUTH_FAILURE') {
138
+ await cleanupSandbox(tempPath);
139
+ process.exit(1);
140
+ }
134
141
  let msg = err.message;
135
142
  // Clean up Google's noisy JSON error if it slipped through
136
143
  if (msg.includes('[GoogleGenerativeAI Error]')) {
package/lib/services/scanner.js CHANGED
@@ -122,7 +122,9 @@ RESPONSE FORMAT (JSON ONLY):
122
122
  console.log(chalk.red('\n❌ Critical: Gemini API Key is invalid, expired, or missing permissions.'));
123
123
  console.log(chalk.yellow('👉 Run "vanguard config" to update your credentials.'));
124
124
  // We fail closed - do not allow the scan to proceed or return 'safe'
125
- process.exit(1);
125
+ // process.exit(1) can cause UV_HANDLE_CLOSING assertion on Windows if async ops are pending.
126
+ // Instead, throw a specific error that the caller can catch and exit cleanly.
127
+ throw new Error('CRITICAL_AUTH_FAILURE');
126
128
  }
127
129
 
128
130
  if (isServerErr && attempt === 1) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vanguard-cli",
3
- "version": "3.1.16",
3
+ "version": "3.1.18",
4
4
  "description": "AI-Powered Supply Chain Firewall for Git",
5
5
  "type": "module",
6
6
  "bin": {
package/vanguard-malware-lab/core.js DELETED
@@ -1,12 +0,0 @@
1
- /**
2
- * 🚨 THREAT VECTOR: PROJECT_OMEGA (MOCK)
3
- * This file contains the mock threat signature we added to lib/threats.json.
4
- */
5
-
6
- function initializeSystem() {
7
- console.log("System initializing...");
8
- }
9
-
10
- // ALERT: PROJECT_OMEGA sequence initiated
11
- const secretKey = "SG0uLi4uIHRoaXMgaXMgYSBzZWNyZXQ=";
12
- initializeSystem();
package/vanguard-malware-lab/package.json DELETED
@@ -1,11 +0,0 @@
1
- {
2
- "name": "vanguard-malware-lab",
3
- "version": "1.0.0",
4
- "description": "Educational test repository for supply chain security auditing.",
5
- "scripts": {
6
- "postinstall": "node ./scripts/postinstall.js"
7
- },
8
- "dependencies": {
9
- "axios": "^1.6.0"
10
- }
11
- }