vanguard-cli 3.1.17 → 3.1.19

package/bin/vanguard.js

@@ -45,7 +45,38 @@ async function handleAction(actionName, logicFn) {
     ]);
 
     if (!proceed) {
-        console.log('⚠️  Skipping protection. Proceeding at your own risk.');
+        console.log(chalk.yellow('⚠️  Skipping protection. Proceeding at your own risk.'));
+
+        // If the user skips Vanguard, we must execute the original git command
+        if (actionName === 'CLONE') {
+            // Reconstruct arguments
+            const args = process.argv.slice(3); // Remove node, bin, clone
+            // This is a simplified fallback. In a real integration, we'd want to execSync/spawn 
+            // "git clone ..." but since we are inside a node process wrapping git, 
+            // we can suggest the user run usage logic or attempt spawn.
+
+            // However, for the 'integrate' shell function, if 'vanguard' exits with 0 and no output,
+            // the shell function expects to be done.
+            // The Shell Integration logic:
+            // if [ "$1" = "clone" ] ... vanguard clone ... else git clone ...
+
+            // If we return here, Vanguard finishes. The shell wrapper won't run `git clone` because 
+            // it delegated the job to `vanguard clone`.
+
+            // SO: We must actually perform the git clone ourselves now, or exit with a specific code 
+            // that tells the shell wrapper to fallback (complex).
+
+            // Easiest path: Spawn 'git' directly here.
+            const { spawn } = await import('child_process');
+            const gitArgs = [actionName.toLowerCase(), ...process.argv.slice(3)];
+
+            const child = spawn('git', gitArgs, { stdio: 'inherit', shell: true });
+            child.on('close', (code) => {
+                process.exit(code);
+            });
+            // We return promise to await exit
+            return new Promise(() => { });
+        }
         return;
     }
 

package/lib/commands/scan.js

@@ -42,7 +42,8 @@ export async function handlePull(cmdOptions, programOptions) {
         analysis = await scanner.scan('git_diff', diff, spinner);
     } catch (err) {
         if (err.message === 'CRITICAL_AUTH_FAILURE') {
-            process.exit(1);
+            process.exitCode = 1;
+            return;
         }
         let msg = err.message;
         if (msg.includes('[GoogleGenerativeAI Error]')) {
@@ -136,7 +137,8 @@ export async function handleClone(url, directory, programOptions) {
         } catch (err) {
             if (err.message === 'CRITICAL_AUTH_FAILURE') {
                 await cleanupSandbox(tempPath);
-                process.exit(1);
+                process.exitCode = 1;
+                return;
             }
             let msg = err.message;
             // Clean up Google's noisy JSON error if it slipped through

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-cli",
-  "version": "3.1.17",
+  "version": "3.1.19",
   "description": "AI-Powered Supply Chain Firewall for Git",
   "type": "module",
   "bin": {

package/vanguard-malware-lab/core.js

@@ -1,12 +0,0 @@
-/**
- * 🚨 THREAT VECTOR: PROJECT_OMEGA (MOCK)
- * This file contains the mock threat signature we added to lib/threats.json.
- */
-
-function initializeSystem() {
-    console.log("System initializing...");
-}
-
-// ALERT: PROJECT_OMEGA sequence initiated
-const secretKey = "SG0uLi4uIHRoaXMgaXMgYSBzZWNyZXQ=";
-initializeSystem();

package/vanguard-malware-lab/package.json

@@ -1,11 +0,0 @@
-{
-    "name": "vanguard-malware-lab",
-    "version": "1.0.0",
-    "description": "Educational test repository for supply chain security auditing.",
-    "scripts": {
-        "postinstall": "node ./scripts/postinstall.js"
-    },
-    "dependencies": {
-        "axios": "^1.6.0"
-    }
-}