npm - vanguard-cli - Versions diffs - 3.1.3 → 3.1.7 - Mend

vanguard-cli 3.1.3 → 3.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/RECOVERY_GUIDE.md +36 -0
package/bin/vanguard.js +33 -5
package/lib/commands/config.js +8 -3
package/lib/commands/integrate.js +123 -0
package/lib/commands/scan.js +1 -0
package/lib/services/git.js +20 -17
package/lib/services/scanner.js +3 -3
package/package.json +3 -1

package/RECOVERY_GUIDE.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Enterprise Publication Recovery Guide 🛡️🔑🏗️
+If you see an `ENEEDAUTH` or `Access token expired` error when publishing to NPM (like the one you saw on the homeserver), follow these steps to restore your automated shipping pipeline.
+## 1. Refresh Your Session 🔄
+Your CLI session for NPM has likely expired. Run this in your terminal to log back in:
+```bash
+npm login
+```
+*Note: This will likely open a browser windows or ask for your 2FA Passkey signature.*
+---
+## 2. Using a Permanent Token (Recommended) 🔑
+To avoid Passkey/Browser prompts on your remote servers, use a **Granular Access Token**:
+1.  **Generate Token**: Go to [NPM Tokens](https://www.npmjs.com/settings/tokens/granular-access-tokens/new).
+2.  **Permissions**: Select "Read and write" for the specific package.
+3.  **Bypass 2FA**: **CHECK THIS BOX** in the NPM settings for the token.
+4.  **Set Environment**: On your server, add this to your `.bashrc` or `.env`:
+    ```bash
+    export NPM_TOKEN="your_token_here"
+    ```
+---
+## 3. Finishing the Vanguard V3.1.5 Release 🚀
+I have already versioned and pushed the codes to GitHub. To finish the live NPM update, simply run:
+```bash
+npm run ship
+```
+- Select **"Patch"**.
+- When asked about 2FA, select **"No"** (after you've logged in or set the token).
+---
+🛡️ **Vanguard is perfectly synchronized and ready for the world.**

package/bin/vanguard.js CHANGED Viewed

@@ -3,6 +3,7 @@
 import { Command } from 'commander';
 import inquirer from 'inquirer';
 import { runConfigWizard } from '../lib/commands/config.js';
+import { runIntegrate } from '../lib/commands/integrate.js';
 import { handlePull, handleClone } from '../lib/commands/scan.js';
 import { showBanner, showFooter } from '../lib/utils/ui.js';
 import config from '../lib/utils/config.js';
@@ -10,6 +11,21 @@ import config from '../lib/utils/config.js';
 const program = new Command();
 async function handleAction(actionName, logicFn) {
+    const isConfigured =
+        (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
+        (config.get('AI_PROVIDER') === 'ollama');
+    if (!isConfigured) {
+        showBanner();
+        console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
+        await runConfigWizard();
+        // After wizard, check again
+        if (!config.get('GEMINI_KEY') && config.get('AI_PROVIDER') === 'gemini') {
+            console.log(chalk.red('\n❌ Configuration incomplete. Please provide a Gemini API key.'));
+            return;
+        }
+    }
     showBanner();
     const options = program.opts();
     config.set('VERBOSE', !!options.verbose);
@@ -28,11 +44,6 @@ async function handleAction(actionName, logicFn) {
         return;
     }
-    if (config.get('AI_PROVIDER') === 'gemini' && !config.get('GEMINI_KEY')) {
-        console.log('❌ Gemini not configured.');
-        await runConfigWizard();
-    }
     await logicFn();
     showFooter();
 }
@@ -46,6 +57,8 @@ program
     .option('--clear-cache', 'Flush local audit cache');
 program.command('config').description('Configure AI providers').action(runConfigWizard);
+program.command('integrate').description('Install "Invisible Protection" shell wrapper').action(runIntegrate);
 program
     .command('pull')
@@ -65,3 +78,18 @@ program
     });
 program.parse(process.argv);
+// Default action: if no command provided, check config
+if (!process.argv.slice(2).length) {
+    const isConfigured =
+        (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
+        (config.get('AI_PROVIDER') === 'ollama');
+    if (!isConfigured) {
+        showBanner();
+        console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
+        await runConfigWizard();
+    } else {
+        program.help();
+    }
+}

package/lib/commands/config.js CHANGED Viewed

@@ -6,7 +6,8 @@ import { showBanner } from '../utils/ui.js';
 export async function runConfigWizard() {
     showBanner();
-    console.log('🛰️  Vanguard Configuration Wizard\n');
+    console.log('🛰️  Vanguard Configuration Wizard');
+    console.log(chalk.dim(`📂 Config Path: ${config.path}\n`));
     const { providerSelection } = await inquirer.prompt([
         {
@@ -29,10 +30,14 @@ export async function runConfigWizard() {
                 name: 'apiKey',
                 message: 'Enter your Gemini API Key:',
                 default: config.get('GEMINI_KEY'),
-                validate: (val) => val.length > 0 || 'Key is required',
+                validate: (val) => {
+                    if (val.length === 0) return 'Key is required';
+                    if (val.startsWith('sk-')) return '⚠️ That looks like an OpenAI key. Gemini keys usually start with "AIza"';
+                    return true;
+                },
             },
         ]);
-        config.set('GEMINI_KEY', apiKey);
+        config.set('GEMINI_KEY', apiKey.trim());
         console.log('✅ Gemini configured and saved.');
     } else {
         const spinner = createSpinner('🔍 Detecting local Ollama models...').start();

package/lib/commands/integrate.js ADDED Viewed

@@ -0,0 +1,123 @@
+import fs from 'fs-extra';
+import path from 'path';
+import os from 'os';
+import chalk from 'chalk';
+import { createSpinner } from '../utils/spinner.js';
+const SCRIPTS = {
+    bash: {
+        file: '.bashrc',
+        template: `
+# --- VANGUARD PROTECTION START ---
+git() {
+  if [ "$1" = "clone" ]; then
+    vanguard clone "$@"
+  else
+    command git "$@"
+  fi
+}
+# --- VANGUARD PROTECTION END ---
+`
+    },
+    zsh: {
+        file: '.zshrc',
+        template: `
+# --- VANGUARD PROTECTION START ---
+git() {
+  if [ "$1" = "clone" ]; then
+    vanguard clone "$@"
+  else
+    command git "$@"
+  fi
+}
+# --- VANGUARD PROTECTION END ---
+`
+    },
+    fish: {
+        file: '.config/fish/config.fish',
+        template: `
+# --- VANGUARD PROTECTION START ---
+function git
+  if test "$argv[1]" = "clone"
+    vanguard clone $argv[2..-1]
+  else
+    command git $argv
+  end
+end
+# --- VANGUARD PROTECTION END ---
+`
+    },
+    powershell: {
+        file: 'Documents/PowerShell/Microsoft.PowerShell_profile.ps1',
+        template: `
+# --- VANGUARD PROTECTION START ---
+function git {
+    if ($args[0] -eq "clone") {
+        vanguard clone @(if ($args.Length -gt 1) { $args[1..($args.Length-1)] })
+    } else {
+        & (Get-Command git -CommandType Application) @args
+    }
+}
+# --- VANGUARD PROTECTION END ---
+`
+    }
+};
+export async function runIntegrate() {
+    console.log(chalk.bold('🐚 Vanguard Shell Integrator\n'));
+    const spinner = createSpinner('🔍 Detecting shells and profiles...').start();
+    const home = os.homedir();
+    let detected = [];
+    // Check Unix shells
+    for (const [shell, info] of Object.entries(SCRIPTS)) {
+        if (shell === 'powershell') continue;
+        const profilePath = path.join(home, info.file);
+        if (await fs.pathExists(profilePath)) {
+            detected.push({ name: shell, path: profilePath, info });
+        }
+    }
+    // Check PowerShell
+    const psProfile = path.join(home, SCRIPTS.powershell.file);
+    if (await fs.pathExists(psProfile) || os.platform() === 'win32') {
+        detected.push({ name: 'powershell', path: psProfile, info: SCRIPTS.powershell });
+    }
+    if (detected.length === 0) {
+        spinner.fail('No supported shell profiles detected.');
+        return;
+    }
+    spinner.succeed(`Detected ${detected.length} shell profiles.`);
+    for (const shell of detected) {
+        const profilePath = shell.path;
+        const backupPath = `${profilePath}.backup`;
+        try {
+            // Backup
+            if (await fs.pathExists(profilePath)) {
+                await fs.copy(profilePath, backupPath);
+                console.log(chalk.dim(`💾 Backup created: ${backupPath}`));
+            } else {
+                await fs.ensureDir(path.dirname(profilePath));
+                await fs.writeFile(profilePath, '');
+            }
+            const content = await fs.readFile(profilePath, 'utf-8');
+            if (content.includes('VANGUARD PROTECTION START')) {
+                console.log(chalk.yellow(`⏩ ${shell.name} already integrated. Skipping.`));
+                continue;
+            }
+            await fs.appendFile(profilePath, shell.info.template);
+            console.log(chalk.green(`✅ Integrated with ${shell.name} (${profilePath})`));
+        } catch (err) {
+            console.log(chalk.red(`❌ Failed to integrate with ${shell.name}: ${err.message}`));
+        }
+    }
+    console.log(chalk.bold('\n✨ Invisible Protection Active! Restart your terminal to apply. 🛡️'));
+}

package/lib/commands/scan.js CHANGED Viewed

@@ -142,6 +142,7 @@ export async function handleClone(url, directory, programOptions) {
             summary: 'Enterprise Deep Audit identified multiple high-risk vectors.',
         });
         await cleanupSandbox(tempPath);
+        console.log(chalk.red.bold('\n🛡️ Malware Detected! Clone aborted. Your disk is safe.'));
     } else {
         console.log(chalk.green(`\n✅ Deep Audit Passed. Finalizing clone to ${targetPath}...`));
         await finalizeClone(tempPath, targetPath);

package/lib/services/git.js CHANGED Viewed

@@ -1,6 +1,8 @@
 import simpleGit from 'simple-git';
 import path from 'path';
-import fs from 'fs/promises';
+import fs from 'fs-extra';
+import os from 'os';
+import { nanoid } from 'nanoid';
 export const git = simpleGit();
@@ -28,14 +30,15 @@ export async function mergeUpstream() {
 }
 /**
- * Clones into a temporary sandbox.
+ * Clones into a temporary sandbox in system temp directory.
  */
 export async function createSandboxClone(url) {
-  const tempPath = path.join(process.cwd(), '.vanguard_temp');
+  const randomId = nanoid(8);
+  const tempPath = path.join(os.tmpdir(), `vanguard_${randomId}`);
-  // Cleanup if exists
-  await fs.rm(tempPath, { recursive: true, force: true }).catch(() => { });
-  await fs.mkdir(tempPath, { recursive: true });
+  // Ensure fresh directory
+  await fs.remove(tempPath);
+  await fs.ensureDir(tempPath);
   const tempGit = simpleGit(tempPath);
   await tempGit.clone(url, '.');
@@ -44,23 +47,23 @@ export async function createSandboxClone(url) {
 /**
  * Moves files from sandbox to target and cleans up.
- * Improved for Windows EPERM stability.
+ * Uses fs-extra to handle cross-partition moves safely.
  */
 export async function finalizeClone(tempPath, targetPath) {
   const absTemp = path.resolve(tempPath);
   const absTarget = path.resolve(targetPath);
   try {
-    await fs.rename(absTemp, absTarget);
+    // Ensure parent directory of target exists
+    await fs.ensureDir(path.dirname(absTarget));
+    // Use fs-extra move which handles cross-device moves automatically
+    await fs.move(absTemp, absTarget, { overwrite: true });
   } catch (e) {
-    if (e.code === 'EPERM' || e.code === 'EXDEV' || e.code === 'EACCES') {
-      // Fallback: Force purge target if it exists, then copy
-      await fs.rm(absTarget, { recursive: true, force: true }).catch(() => { });
-      await fs.cp(absTemp, absTarget, { recursive: true, force: true });
-      await fs.rm(absTemp, { recursive: true, force: true });
-    } else {
-      throw e;
-    }
+    throw new Error(`Failed to finalize clone: ${e.message}`);
+  } finally {
+    // Final cleanup attempt
+    await cleanupSandbox(tempPath);
   }
 }
@@ -68,5 +71,5 @@ export async function finalizeClone(tempPath, targetPath) {
  * Completely removes the sandbox.
  */
 export async function cleanupSandbox(tempPath) {
-  await fs.rm(tempPath, { recursive: true, force: true }).catch(() => { });
+  await fs.remove(tempPath).catch(() => { });
 }

package/lib/services/scanner.js CHANGED Viewed

@@ -113,9 +113,9 @@ RESPONSE FORMAT (JSON ONLY):
     const apiKey = config.get('GEMINI_KEY');
     if (!apiKey) throw new Error('Gemini API Key missing. Run "vanguard config"');
-    const genAI = new GoogleGenerativeAI(apiKey);
-    // Use the -latest alias for better cross-region compatibility
-    const model = genAI.getGenerativeModel({ model: 'gemini-1.5-flash-latest' });
+    const genAI = new GoogleGenerativeAI(apiKey.trim());
+    // Use the latest stable pro flash model for the best performance/quota ratio
+    const model = genAI.getGenerativeModel({ model: 'gemini-2.0-flash' });
     const instruction = await this.getSystemInstruction();
     const result = await model.generateContent({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-cli",
-  "version": "3.1.3",
+  "version": "3.1.7",
   "description": "AI-Powered Supply Chain Firewall for Git",
   "type": "module",
   "bin": {
@@ -30,7 +30,9 @@
     "conf": "^12.0.0",
     "crypto-js": "^4.2.0",
     "figlet": "^1.8.0",
+    "fs-extra": "^11.3.3",
     "inquirer": "^8.2.4",
+    "nanoid": "^5.1.6",
     "node-fetch": "^2.7.0",
     "ora": "^8.1.1",
     "p-limit": "^7.2.0",