vanguard-cli 3.1.6 → 3.1.10

package/bin/vanguard.js

@@ -3,6 +3,7 @@
 import { Command } from 'commander';
 import inquirer from 'inquirer';
 import { runConfigWizard } from '../lib/commands/config.js';
+import { runIntegrate } from '../lib/commands/integrate.js';
 import { handlePull, handleClone } from '../lib/commands/scan.js';
 import { showBanner, showFooter } from '../lib/utils/ui.js';
 import config from '../lib/utils/config.js';
@@ -10,6 +11,21 @@ import config from '../lib/utils/config.js';
 const program = new Command();
 
 async function handleAction(actionName, logicFn) {
+    const isConfigured =
+        (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
+        (config.get('AI_PROVIDER') === 'ollama');
+
+    if (!isConfigured) {
+        showBanner();
+        console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
+        await runConfigWizard();
+        // After wizard, check again
+        if (!config.get('GEMINI_KEY') && config.get('AI_PROVIDER') === 'gemini') {
+            console.log(chalk.red('\n❌ Configuration incomplete. Please provide a Gemini API key.'));
+            return;
+        }
+    }
+
     showBanner();
     const options = program.opts();
     config.set('VERBOSE', !!options.verbose);
@@ -28,11 +44,6 @@ async function handleAction(actionName, logicFn) {
         return;
     }
 
-    if (config.get('AI_PROVIDER') === 'gemini' && !config.get('GEMINI_KEY')) {
-        console.log('❌ Gemini not configured.');
-        await runConfigWizard();
-    }
-
     await logicFn();
     showFooter();
 }
@@ -46,6 +57,8 @@ program
     .option('--clear-cache', 'Flush local audit cache');
 
 program.command('config').description('Configure AI providers').action(runConfigWizard);
+program.command('integrate').description('Install "Invisible Protection" shell wrapper').action(runIntegrate);
+
 
 program
     .command('pull')
@@ -65,3 +78,18 @@ program
     });
 
 program.parse(process.argv);
+
+// Default action: if no command provided, check config
+if (!process.argv.slice(2).length) {
+    const isConfigured =
+        (config.get('AI_PROVIDER') === 'gemini' && config.get('GEMINI_KEY')) ||
+        (config.get('AI_PROVIDER') === 'ollama');
+
+    if (!isConfigured) {
+        showBanner();
+        console.log(chalk.yellow(`🛡️ Vanguard V3 is not fully configured. Starting setup...\n`));
+        await runConfigWizard();
+    } else {
+        program.help();
+    }
+}

package/lib/commands/config.js

@@ -28,6 +28,8 @@ export async function runConfigWizard() {
             {
                 type: 'password',
                 name: 'apiKey',
+                message: 'Enter your Gemini API Key:',
+                default: config.get('GEMINI_KEY'),
                 validate: (val) => {
                     if (val.length === 0) return 'Key is required';
                     if (val.startsWith('sk-')) return '⚠️ That looks like an OpenAI key. Gemini keys usually start with "AIza"';

package/lib/commands/integrate.js

@@ -0,0 +1,139 @@
+import fs from 'fs-extra';
+import path from 'path';
+import os from 'os';
+import chalk from 'chalk';
+import { execSync } from 'child_process';
+import { createSpinner } from '../utils/spinner.js';
+
+const BASH_ZSH_TEMPLATE = `
+# --- VANGUARD PROTECTION START ---
+git() {
+  if [ "$1" = "clone" ] && [ -z "$VANGUARD_INTERNAL" ]; then
+    export VANGUARD_INTERNAL=1
+    vanguard clone "\${@:2}"
+    unset VANGUARD_INTERNAL
+  else
+    command git "$@"
+  fi
+}
+# --- VANGUARD PROTECTION END ---
+`;
+
+const FISH_TEMPLATE = `
+# --- VANGUARD PROTECTION START ---
+function git
+  if test "$argv[1]" = "clone"
+    vanguard clone $argv[2..-1]
+  else
+    command git $argv
+  end
+end
+# --- VANGUARD PROTECTION END ---
+`;
+
+const POWERSHELL_TEMPLATE = `
+# --- VANGUARD PROTECTION START ---
+function git {
+    if ($args[0] -eq "clone" -and !$env:VANGUARD_INTERNAL) {
+        $env:VANGUARD_INTERNAL = "1"
+        try {
+            vanguard clone @(if ($args.Length -gt 1) { $args[1..($args.Length-1)] })
+        } finally {
+            $env:VANGUARD_INTERNAL = $null
+        }
+    } else {
+        & (Get-Command git -CommandType Application) @args
+    }
+}
+# --- VANGUARD PROTECTION END ---
+`;
+
+const SCRIPTS = {
+    bash: { file: '.bashrc', template: BASH_ZSH_TEMPLATE },
+    zsh: { file: '.zshrc', template: BASH_ZSH_TEMPLATE },
+    fish: { file: '.config/fish/config.fish', template: FISH_TEMPLATE },
+    powershell: { file: 'Documents/PowerShell/Microsoft.PowerShell_profile.ps1', template: POWERSHELL_TEMPLATE }
+};
+
+export async function runIntegrate() {
+    console.log(chalk.bold('🐚 Vanguard Shell Integrator\n'));
+    const spinner = createSpinner('🔍 Detecting shells and profiles...').start();
+
+    const home = os.homedir();
+    let detected = [];
+
+    // Check Unix shells
+    for (const [shell, info] of Object.entries(SCRIPTS)) {
+        if (shell === 'powershell') continue;
+        const profilePath = path.join(home, info.file);
+        if (await fs.pathExists(profilePath)) {
+            detected.push({ name: shell, path: profilePath, template: info.template });
+        }
+    }
+
+    // Check PowerShell with robust detection
+    const psProfiles = [];
+    if (os.platform() === 'win32') {
+        const documentsPath = path.join(home, 'Documents');
+        const oneDriveDocumentsPath = path.join(home, 'OneDrive', 'Documents');
+        const oneDriveBelgelerPath = path.join(home, 'OneDrive', 'Belgeler'); // User specific Turkish path
+
+        const possibleRoots = [documentsPath, oneDriveDocumentsPath, oneDriveBelgelerPath, home];
+        const psFolders = ['PowerShell', 'WindowsPowerShell'];
+
+        for (const root of possibleRoots) {
+            for (const folder of psFolders) {
+                const profile = path.join(root, folder, 'Microsoft.PowerShell_profile.ps1');
+                psProfiles.push(profile);
+            }
+        }
+    } else {
+        psProfiles.push(path.join(home, SCRIPTS.powershell.file));
+    }
+
+    for (const profilePath of psProfiles) {
+        if (await fs.pathExists(profilePath) || (os.platform() === 'win32' && profilePath.includes('PowerShell'))) {
+            if (!detected.some(d => d.path === profilePath)) {
+                detected.push({ name: 'powershell', path: profilePath, template: POWERSHELL_TEMPLATE });
+            }
+        }
+    }
+
+    if (detected.length === 0) {
+        spinner.fail('No supported shell profiles detected.');
+        return;
+    }
+
+    spinner.succeed(`Detected ${detected.length} shell profiles.`);
+
+    for (const shell of detected) {
+        const profilePath = shell.path;
+        const backupPath = `${profilePath}.backup`;
+
+        try {
+            // Backup
+            if (await fs.pathExists(profilePath)) {
+                await fs.copy(profilePath, backupPath);
+                console.log(chalk.dim(`💾 Backup created: ${backupPath}`));
+            } else {
+                await fs.ensureDir(path.dirname(profilePath));
+                await fs.writeFile(profilePath, '');
+            }
+
+            const content = await fs.readFile(profilePath, 'utf-8');
+            if (content.includes('VANGUARD PROTECTION START')) {
+                // Update existing integration if template differs significantly
+                console.log(chalk.yellow(`⏩ ${shell.name} already integrated. Updating wrapper...`));
+                const stripped = content.replace(/# --- VANGUARD PROTECTION START ---[\s\S]*?# --- VANGUARD PROTECTION END ---/g, '').trim();
+                await fs.writeFile(profilePath, stripped + '\n' + shell.template);
+            } else {
+                await fs.appendFile(profilePath, '\n' + shell.template);
+            }
+            console.log(chalk.green(`✅ Integrated with ${shell.name} (${profilePath})`));
+        } catch (err) {
+            console.log(chalk.red(`❌ Failed to integrate with ${shell.name}: ${err.message}`));
+        }
+    }
+
+    console.log(chalk.bold('\n✨ Invisible Protection Active! Restart your terminal to apply. 🛡️'));
+}

package/lib/commands/scan.js

@@ -142,6 +142,7 @@ export async function handleClone(url, directory, programOptions) {
             summary: 'Enterprise Deep Audit identified multiple high-risk vectors.',
         });
         await cleanupSandbox(tempPath);
+        console.log(chalk.red.bold('\n🛡️ Malware Detected! Clone aborted. Your disk is safe.'));
     } else {
         console.log(chalk.green(`\n✅ Deep Audit Passed. Finalizing clone to ${targetPath}...`));
         await finalizeClone(tempPath, targetPath);

package/lib/services/git.js

@@ -1,6 +1,8 @@
 import simpleGit from 'simple-git';
 import path from 'path';
-import fs from 'fs/promises';
+import fs from 'fs-extra';
+import os from 'os';
+import { nanoid } from 'nanoid';
 
 
 export const git = simpleGit();
@@ -28,14 +30,15 @@ export async function mergeUpstream() {
 }
 
 /**
- * Clones into a temporary sandbox.
+ * Clones into a temporary sandbox in system temp directory.
  */
 export async function createSandboxClone(url) {
-  const tempPath = path.join(process.cwd(), '.vanguard_temp');
+  const randomId = nanoid(8);
+  const tempPath = path.join(os.tmpdir(), `vanguard_${randomId}`);
 
-  // Cleanup if exists
-  await fs.rm(tempPath, { recursive: true, force: true }).catch(() => { });
-  await fs.mkdir(tempPath, { recursive: true });
+  // Ensure fresh directory
+  await fs.remove(tempPath);
+  await fs.ensureDir(tempPath);
 
   const tempGit = simpleGit(tempPath);
   await tempGit.clone(url, '.');
@@ -44,23 +47,23 @@ export async function createSandboxClone(url) {
 
 /**
  * Moves files from sandbox to target and cleans up.
- * Improved for Windows EPERM stability.
+ * Uses fs-extra to handle cross-partition moves safely.
  */
 export async function finalizeClone(tempPath, targetPath) {
   const absTemp = path.resolve(tempPath);
   const absTarget = path.resolve(targetPath);
 
   try {
-    await fs.rename(absTemp, absTarget);
+    // Ensure parent directory of target exists
+    await fs.ensureDir(path.dirname(absTarget));
+
+    // Use fs-extra move which handles cross-device moves automatically
+    await fs.move(absTemp, absTarget, { overwrite: true });
   } catch (e) {
-    if (e.code === 'EPERM' || e.code === 'EXDEV' || e.code === 'EACCES') {
-      // Fallback: Force purge target if it exists, then copy
-      await fs.rm(absTarget, { recursive: true, force: true }).catch(() => { });
-      await fs.cp(absTemp, absTarget, { recursive: true, force: true });
-      await fs.rm(absTemp, { recursive: true, force: true });
-    } else {
-      throw e;
-    }
+    throw new Error(`Failed to finalize clone: ${e.message}`);
+  } finally {
+    // Final cleanup attempt
+    await cleanupSandbox(tempPath);
   }
 }
 
@@ -68,5 +71,5 @@ export async function finalizeClone(tempPath, targetPath) {
  * Completely removes the sandbox.
  */
 export async function cleanupSandbox(tempPath) {
-  await fs.rm(tempPath, { recursive: true, force: true }).catch(() => { });
+  await fs.remove(tempPath).catch(() => { });
 }

package/lib/services/intelligence.js

@@ -32,7 +32,7 @@ export class IntelligenceEngine {
         )
       );
     } catch {
-      console.log(chalk.yellow('  ⚠️ Using Local Rules Only (Offline Fallback)'));
+      console.log(chalk.yellow('  ⚠️  Using Local Rules Only (Offline Fallback)'));
     }
   }
 

package/lib/utils/ui.js

@@ -53,13 +53,13 @@ export function showFooter() {
     chalk.dim('\n----------------------------------------------------------------------')
   );
   console.log(
-    chalk.yellow('⭐ Star on GitHub: ') + chalk.underline('https://github.com/bazob/vanguard')
+    chalk.yellow('⭐  Star on GitHub: ') + chalk.underline('https://github.com/bazobehram/vanguard')
   );
   console.log(
-    chalk.green('🤝 Contribute: ') + chalk.underline('https://github.com/bazob/vanguard/pulls')
+    chalk.green('🤝  Contribute: ') + chalk.underline('https://github.com/bazobehram/vanguard/pulls')
   );
   console.log(
-    chalk.cyan('☕ Support the project: ') +
+    chalk.cyan('☕  Support the project: ') +
     chalk.underline('https://www.buymeacoffee.com/bazobehram')
   );
   console.log(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vanguard-cli",
-  "version": "3.1.6",
+  "version": "3.1.10",
   "description": "AI-Powered Supply Chain Firewall for Git",
   "type": "module",
   "bin": {
@@ -19,7 +19,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/bazob/vanguard.git"
+    "url": "git+https://github.com/bazobehram/vanguard.git"
   },
   "dependencies": {
     "@google/generative-ai": "^0.21.0",
@@ -30,7 +30,9 @@
     "conf": "^12.0.0",
     "crypto-js": "^4.2.0",
     "figlet": "^1.8.0",
+    "fs-extra": "^11.3.3",
     "inquirer": "^8.2.4",
+    "nanoid": "^5.1.6",
     "node-fetch": "^2.7.0",
     "ora": "^8.1.1",
     "p-limit": "^7.2.0",

package/vanguard-malware-lab/core.js

@@ -0,0 +1,12 @@
+/**
+ * 🚨 THREAT VECTOR: PROJECT_OMEGA (MOCK)
+ * This file contains the mock threat signature we added to lib/threats.json.
+ */
+
+function initializeSystem() {
+    console.log("System initializing...");
+}
+
+// ALERT: PROJECT_OMEGA sequence initiated
+const secretKey = "SG0uLi4uIHRoaXMgaXMgYSBzZWNyZXQ=";
+initializeSystem();

package/vanguard-malware-lab/package.json

@@ -0,0 +1,11 @@
+{
+    "name": "vanguard-malware-lab",
+    "version": "1.0.0",
+    "description": "Educational test repository for supply chain security auditing.",
+    "scripts": {
+        "postinstall": "node ./scripts/postinstall.js"
+    },
+    "dependencies": {
+        "axios": "^1.6.0"
+    }
+}