cycode 2.3.4.dev3__tar.gz → 3.0.0__tar.gz

{cycode-2.3.4.dev3 → cycode-3.0.0}/PKG-INFO

@@ -1,13 +1,13 @@
 Metadata-Version: 2.1
 Name: cycode
-Version: 2.3.4.dev3
+Version: 3.0.0
 Summary: Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.
 Home-page: https://github.com/cycodehq/cycode-cli
 License: MIT
 Keywords: secret-scan,cycode,devops,token,secret,security,cycode,code
 Author: Cycode
 Author-email: support@cycode.com
-Requires-Python: >=3.8,<3.14
+Requires-Python: >=3.9,<3.14
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: License :: OSI Approved :: MIT License
@@ -15,7 +15,6 @@ Classifier: Natural Language :: English
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
@@ -34,7 +33,8 @@ Requires-Dist: pyyaml (>=6.0,<7.0)
 Requires-Dist: requests (>=2.32.2,<3.0)
 Requires-Dist: rich (>=13.9.4,<14)
 Requires-Dist: sentry-sdk (>=2.8.0,<3.0)
-Requires-Dist: texttable (>=1.6.7,<1.8.0)
+Requires-Dist: tenacity (>=9.0.0,<9.1.0)
+Requires-Dist: typer (>=0.15.3,<0.16.0)
 Requires-Dist: urllib3 (==1.26.19)
 Project-URL: Repository, https://github.com/cycodehq/cycode-cli
 Description-Content-Type: text/markdown
@@ -62,7 +62,7 @@ This guide walks you through both installation and usage.
         1. [Options](#options)
            1. [Severity Threshold](#severity-option)
            2. [Monitor](#monitor-option)
-           3. [Report](#report-option)
+           3. [Cycode Report](#cycode-report-option)
            4. [Package Vulnerabilities](#package-vulnerabilities-option)
            5. [License Compliance](#license-compliance-option)
            6. [Lock Restore](#lock-restore-option)
@@ -95,7 +95,7 @@ This guide walks you through both installation and usage.
 
 # Prerequisites
 
-- The Cycode CLI application requires Python version 3.8 or later.
+- The Cycode CLI application requires Python version 3.9 or later.
 - Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
   - Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.
 
@@ -249,7 +249,7 @@ Cycode’s pre-commit hook can be set up within your local repository so that th
 
 Perform the following steps to install the pre-commit hook:
 
-1. Install the pre-commit framework (Python 3.8 or higher must be installed):
+1. Install the pre-commit framework (Python 3.9 or higher must be installed):
 
    ```bash
    pip3 install pre-commit
@@ -262,11 +262,11 @@ Perform the following steps to install the pre-commit hook:
     ```yaml
     repos:
       - repo: https://github.com/cycodehq/cycode-cli
-        rev: v2.3.0
+        rev: v3.0.0
         hooks:
           - id: cycode
             stages:
-              - commit
+              - pre-commit
     ```
 
 4. Modify the created file for your specific needs. Use hook ID `cycode` to enable scan for Secrets. Use hook ID `cycode-sca` to enable SCA scan. If you want to enable both, use this configuration:
@@ -274,14 +274,14 @@ Perform the following steps to install the pre-commit hook:
     ```yaml
     repos:
       - repo: https://github.com/cycodehq/cycode-cli
-        rev: v2.3.0
+        rev: v3.0.0
         hooks:
           - id: cycode
             stages:
-              - commit
+              - pre-commit
           - id: cycode-sca
             stages:
-              - commit
+              - pre-commit
     ```
 
 5. Install Cycode’s hook:
@@ -322,8 +322,8 @@ The following are the options and commands available with the Cycode CLI applica
 | [auth](#using-the-auth-command)           | Authenticate your machine to associate the CLI with your Cycode account.                                                                     |
 | [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication.                                                                                 |
 | [ignore](#ignoring-scan-results)          | Ignores a specific value, path or rule ID.                                                                                                   |
-| [scan](#running-a-scan)                   | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit_history/path/repository/etc. |
-| [report](#report-command)                 | Generate report. You`ll need to specify which report type to perform.                                                                        |
+| [scan](#running-a-scan)                   | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
+| [report](#report-command)                 | Generate report. You`ll need to specify which report type to perform as SBOM.                                                                |
 | status                                    | Show the CLI status and exit.                                                                                                                |
 
 # Scan Command
@@ -335,24 +335,23 @@ The Cycode CLI application offers several types of scans so that you can choose
 | Option                                                     | Description                                                                                                                                                                                                                                             |
 |------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                                                                                                                                                            |
-| `--secret TEXT`                                            | Specify a Cycode client secret for this specific scan execution.                                                                                                                                                                                        |
+| `--client-secret TEXT`                                     | Specify a Cycode client secret for this specific scan execution.                                                                                                                                                                                        |
 | `--client-id TEXT`                                         | Specify a Cycode client ID for this specific scan execution.                                                                                                                                                                                            |
 | `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                                                                                                                                        |
 | `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.                                                                                                                                  |
 | `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                                                                                                                                                  |
 | `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.                                                                                                                                         |
 | `--monitor`                                                | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
-| `--report`                                                 | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution.                                                                                                                  |
+| `--cycode-report`                                          | When specified, displays a link to the scan report in the Cycode platform in the console output.                                                                                                                                                        |
 | `--no-restore`                                             | When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!                                                                                                                                                                |
-| `--sync`                                                   | Run scan synchronously (the default is asynchronous).                                                                                                                                                                                                   |
 | `--gradle-all-sub-projects`                                | When specified, Cycode will run gradle restore command for all sub projects. Should run from root project directory ONLY!                                                                                                                               |
 | `--help`                                                   | Show options for given command.                                                                                                                                                                                                                         |
 
 | Command                                | Description                                                     |
 |----------------------------------------|-----------------------------------------------------------------|
-| [commit_history](#commit-history-scan) | Scan all the commits history in this git repository             |
+| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository             |
 | [path](#path-scan)                     | Scan the files in the path supplied in the command              |
-| [pre_commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
+| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
 | [repository](#repository-scan)         | Scan git repository including its history                       |
 
 ### Options
@@ -381,18 +380,15 @@ When using this option, the scan results from this scan will appear in the knowl
 > [!WARNING]
 > You must be an `owner` or an `admin` in Cycode to view the knowledge graph page.
 
-#### Report Option
+#### Cycode Report Option
 
-> [!NOTE]
-> This option is not available to IaC scans.
-
-To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
+For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.
 
-`cycode scan -t sca --report repository ~/home/git/codebase`
+To have the direct URL to this Cycode report printed in your CLI output after the scan completes, add the argument `--cycode-report` to your scan command.
 
-In the same way, you can push scan results of Secrets and SAST scans to Cycode by adding the `--report` option to the scan command.
+`cycode scan --cycode-report repository ~/home/git/codebase`
 
-When using this option, the scan results from this scan will appear in the On-Demand Scans section of Cycode. To get to this page, click the link that appears after the printed results:
+All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.
 
 > [!WARNING]
 > You must be an `owner` or an `admin` in Cycode to view this page.
@@ -508,25 +504,25 @@ A commit history scan is limited to a local repository’s previous commits, foc
 
 To execute a commit history scan, execute the following:
 
-`cycode scan commit_history {{path}}`
+`cycode scan commit-history {{path}}`
 
 For example, consider a scenario in which you want to scan the commit history for a repository stored in `~/home/git/codebase`. You could then execute the following:
 
-`cycode scan commit_history ~/home/git/codebase`
+`cycode scan commit-history ~/home/git/codebase`
 
 The following options are available for use with this command:
 
 | Option                    | Description                                                                                              |
 |---------------------------|----------------------------------------------------------------------------------------------------------|
-| `-r, --commit_range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
+| `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
 
 #### Commit Range Option
 
-The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit_range` (`-r`) followed by the name you specify.
+The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
 
 Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
 
-`cycode scan commit_history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
+`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
 
 ### Pre-Commit Scan
 
@@ -865,7 +861,7 @@ The following commands are available for use with this command:
 | Command          | Description                                                     |
 |------------------|-----------------------------------------------------------------|
 | `path`           | Generate SBOM report for provided path in the command           |
-| `repository_url` | Generate SBOM report for provided repository URI in the command |
+| `repository-url` | Generate SBOM report for provided repository URI in the command |
 
 ### Repository
 

{cycode-2.3.4.dev3 → cycode-3.0.0}/README.md

@@ -21,7 +21,7 @@ This guide walks you through both installation and usage.
         1. [Options](#options)
            1. [Severity Threshold](#severity-option)
            2. [Monitor](#monitor-option)
-           3. [Report](#report-option)
+           3. [Cycode Report](#cycode-report-option)
            4. [Package Vulnerabilities](#package-vulnerabilities-option)
            5. [License Compliance](#license-compliance-option)
            6. [Lock Restore](#lock-restore-option)
@@ -54,7 +54,7 @@ This guide walks you through both installation and usage.
 
 # Prerequisites
 
-- The Cycode CLI application requires Python version 3.8 or later.
+- The Cycode CLI application requires Python version 3.9 or later.
 - Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
   - Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.
 
@@ -208,7 +208,7 @@ Cycode’s pre-commit hook can be set up within your local repository so that th
 
 Perform the following steps to install the pre-commit hook:
 
-1. Install the pre-commit framework (Python 3.8 or higher must be installed):
+1. Install the pre-commit framework (Python 3.9 or higher must be installed):
 
    ```bash
    pip3 install pre-commit
@@ -221,11 +221,11 @@ Perform the following steps to install the pre-commit hook:
     ```yaml
     repos:
       - repo: https://github.com/cycodehq/cycode-cli
-        rev: v2.3.0
+        rev: v3.0.0
         hooks:
           - id: cycode
             stages:
-              - commit
+              - pre-commit
     ```
 
 4. Modify the created file for your specific needs. Use hook ID `cycode` to enable scan for Secrets. Use hook ID `cycode-sca` to enable SCA scan. If you want to enable both, use this configuration:
@@ -233,14 +233,14 @@ Perform the following steps to install the pre-commit hook:
     ```yaml
     repos:
       - repo: https://github.com/cycodehq/cycode-cli
-        rev: v2.3.0
+        rev: v3.0.0
         hooks:
           - id: cycode
             stages:
-              - commit
+              - pre-commit
           - id: cycode-sca
             stages:
-              - commit
+              - pre-commit
     ```
 
 5. Install Cycode’s hook:
@@ -281,8 +281,8 @@ The following are the options and commands available with the Cycode CLI applica
 | [auth](#using-the-auth-command)           | Authenticate your machine to associate the CLI with your Cycode account.                                                                     |
 | [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication.                                                                                 |
 | [ignore](#ignoring-scan-results)          | Ignores a specific value, path or rule ID.                                                                                                   |
-| [scan](#running-a-scan)                   | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit_history/path/repository/etc. |
-| [report](#report-command)                 | Generate report. You`ll need to specify which report type to perform.                                                                        |
+| [scan](#running-a-scan)                   | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
+| [report](#report-command)                 | Generate report. You`ll need to specify which report type to perform as SBOM.                                                                |
 | status                                    | Show the CLI status and exit.                                                                                                                |
 
 # Scan Command
@@ -294,24 +294,23 @@ The Cycode CLI application offers several types of scans so that you can choose
 | Option                                                     | Description                                                                                                                                                                                                                                             |
 |------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `-t, --scan-type [secret\|iac\|sca\|sast]`                 | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`.                                                                                                                                                            |
-| `--secret TEXT`                                            | Specify a Cycode client secret for this specific scan execution.                                                                                                                                                                                        |
+| `--client-secret TEXT`                                     | Specify a Cycode client secret for this specific scan execution.                                                                                                                                                                                        |
 | `--client-id TEXT`                                         | Specify a Cycode client ID for this specific scan execution.                                                                                                                                                                                            |
 | `--show-secret BOOLEAN`                                    | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details.                                                                                                                                                        |
 | `--soft-fail BOOLEAN`                                      | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details.                                                                                                                                  |
 | `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher.                                                                                                                                                                                                  |
 | `--sca-scan`                                               | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both.                                                                                                                                         |
 | `--monitor`                                                | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
-| `--report`                                                 | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution.                                                                                                                  |
+| `--cycode-report`                                          | When specified, displays a link to the scan report in the Cycode platform in the console output.                                                                                                                                                        |
 | `--no-restore`                                             | When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!                                                                                                                                                                |
-| `--sync`                                                   | Run scan synchronously (the default is asynchronous).                                                                                                                                                                                                   |
 | `--gradle-all-sub-projects`                                | When specified, Cycode will run gradle restore command for all sub projects. Should run from root project directory ONLY!                                                                                                                               |
 | `--help`                                                   | Show options for given command.                                                                                                                                                                                                                         |
 
 | Command                                | Description                                                     |
 |----------------------------------------|-----------------------------------------------------------------|
-| [commit_history](#commit-history-scan) | Scan all the commits history in this git repository             |
+| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository             |
 | [path](#path-scan)                     | Scan the files in the path supplied in the command              |
-| [pre_commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
+| [pre-commit](#pre-commit-scan)         | Use this command to scan the content that was not committed yet |
 | [repository](#repository-scan)         | Scan git repository including its history                       |
 
 ### Options
@@ -340,18 +339,15 @@ When using this option, the scan results from this scan will appear in the knowl
 > [!WARNING]
 > You must be an `owner` or an `admin` in Cycode to view the knowledge graph page.
 
-#### Report Option
+#### Cycode Report Option
 
-> [!NOTE]
-> This option is not available to IaC scans.
-
-To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
+For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.
 
-`cycode scan -t sca --report repository ~/home/git/codebase`
+To have the direct URL to this Cycode report printed in your CLI output after the scan completes, add the argument `--cycode-report` to your scan command.
 
-In the same way, you can push scan results of Secrets and SAST scans to Cycode by adding the `--report` option to the scan command.
+`cycode scan --cycode-report repository ~/home/git/codebase`
 
-When using this option, the scan results from this scan will appear in the On-Demand Scans section of Cycode. To get to this page, click the link that appears after the printed results:
+All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.
 
 > [!WARNING]
 > You must be an `owner` or an `admin` in Cycode to view this page.
@@ -467,25 +463,25 @@ A commit history scan is limited to a local repository’s previous commits, foc
 
 To execute a commit history scan, execute the following:
 
-`cycode scan commit_history {{path}}`
+`cycode scan commit-history {{path}}`
 
 For example, consider a scenario in which you want to scan the commit history for a repository stored in `~/home/git/codebase`. You could then execute the following:
 
-`cycode scan commit_history ~/home/git/codebase`
+`cycode scan commit-history ~/home/git/codebase`
 
 The following options are available for use with this command:
 
 | Option                    | Description                                                                                              |
 |---------------------------|----------------------------------------------------------------------------------------------------------|
-| `-r, --commit_range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
+| `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
 
 #### Commit Range Option
 
-The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit_range` (`-r`) followed by the name you specify.
+The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
 
 Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
 
-`cycode scan commit_history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
+`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
 
 ### Pre-Commit Scan
 
@@ -824,7 +820,7 @@ The following commands are available for use with this command:
 | Command          | Description                                                     |
 |------------------|-----------------------------------------------------------------|
 | `path`           | Generate SBOM report for provided path in the command           |
-| `repository_url` | Generate SBOM report for provided repository URI in the command |
+| `repository-url` | Generate SBOM report for provided repository URI in the command |
 
 ### Repository
 

cycode-3.0.0/cycode/__init__.py

@@ -0,0 +1 @@
+__version__ = '3.0.0'  # DON'T TOUCH. Placeholder. Will be filled automatically on poetry build from Git Tag

cycode-3.0.0/cycode/__main__.py

@@ -0,0 +1,4 @@
+from cycode.cli.consts import PROGRAM_NAME
+from cycode.cli.main import app
+
+app(prog_name=PROGRAM_NAME)

cycode-3.0.0/cycode/cli/app.py

@@ -0,0 +1,156 @@
+import logging
+from typing import Annotated, Optional
+
+import typer
+from typer import rich_utils
+from typer._completion_classes import completion_init
+from typer.completion import install_callback, show_callback
+
+from cycode import __version__
+from cycode.cli.apps import ai_remediation, auth, configure, ignore, report, scan, status
+from cycode.cli.cli_types import OutputTypeOption
+from cycode.cli.consts import CLI_CONTEXT_SETTINGS
+from cycode.cli.printers import ConsolePrinter
+from cycode.cli.user_settings.configuration_manager import ConfigurationManager
+from cycode.cli.utils.progress_bar import SCAN_PROGRESS_BAR_SECTIONS, get_progress_bar
+from cycode.cli.utils.sentry import add_breadcrumb, init_sentry
+from cycode.cli.utils.version_checker import version_checker
+from cycode.cyclient.cycode_client_base import CycodeClientBase
+from cycode.cyclient.models import UserAgentOptionScheme
+from cycode.logger import set_logging_level
+
+# By default, it uses dim style which is hard to read with the combination of color from RICH_HELP
+rich_utils.STYLE_ERRORS_SUGGESTION = 'bold'
+# By default, it uses blue color which is too dark for some terminals
+rich_utils.RICH_HELP = "Try [cyan]'{command_path} {help_option}'[/] for help."
+
+completion_init()  # DO NOT TOUCH; this is required for the completion to work properly
+
+_cycode_cli_docs = 'https://github.com/cycodehq/cycode-cli/blob/main/README.md'
+_cycode_cli_epilog = f'[bold]Documentation:[/] [link={_cycode_cli_docs}]{_cycode_cli_docs}[/link]'
+
+app = typer.Typer(
+    pretty_exceptions_show_locals=False,
+    pretty_exceptions_short=True,
+    context_settings=CLI_CONTEXT_SETTINGS,
+    epilog=_cycode_cli_epilog,
+    rich_markup_mode='rich',
+    no_args_is_help=True,
+    add_completion=False,  # we add it manually to control the rich help panel
+)
+
+app.add_typer(ai_remediation.app)
+app.add_typer(auth.app)
+app.add_typer(configure.app)
+app.add_typer(ignore.app)
+app.add_typer(report.app)
+app.add_typer(scan.app)
+app.add_typer(status.app)
+
+
+def check_latest_version_on_close(ctx: typer.Context) -> None:
+    output = ctx.obj.get('output')
+    # don't print anything if the output is JSON
+    if output == OutputTypeOption.JSON:
+        return
+
+    # we always want to check the latest version for "version" and "status" commands
+    should_use_cache = ctx.invoked_subcommand not in {'version', 'status'}
+    version_checker.check_and_notify_update(current_version=__version__, use_cache=should_use_cache)
+
+
+def export_if_needed_on_close(ctx: typer.Context) -> None:
+    scan_finalized = ctx.obj.get('scan_finalized')
+    printer = ctx.obj.get('console_printer')
+    if scan_finalized and printer.is_recording:
+        printer.export()
+
+
+_AUTH_RICH_HELP_PANEL = 'Authentication options'
+_COMPLETION_RICH_HELP_PANEL = 'Completion options'
+
+
+@app.callback()
+def app_callback(
+    ctx: typer.Context,
+    verbose: Annotated[bool, typer.Option('--verbose', '-v', help='Show detailed logs.')] = False,
+    no_progress_meter: Annotated[
+        bool, typer.Option('--no-progress-meter', help='Do not show the progress meter.')
+    ] = False,
+    no_update_notifier: Annotated[
+        bool, typer.Option('--no-update-notifier', help='Do not check CLI for updates.')
+    ] = False,
+    output: Annotated[
+        OutputTypeOption, typer.Option('--output', '-o', case_sensitive=False, help='Specify the output type.')
+    ] = OutputTypeOption.RICH,
+    user_agent: Annotated[
+        Optional[str],
+        typer.Option(hidden=True, help='Characteristic JSON object that lets servers identify the application.'),
+    ] = None,
+    client_secret: Annotated[
+        Optional[str],
+        typer.Option(
+            help='Specify a Cycode client secret for this specific scan execution.',
+            rich_help_panel=_AUTH_RICH_HELP_PANEL,
+        ),
+    ] = None,
+    client_id: Annotated[
+        Optional[str],
+        typer.Option(
+            help='Specify a Cycode client ID for this specific scan execution.',
+            rich_help_panel=_AUTH_RICH_HELP_PANEL,
+        ),
+    ] = None,
+    _: Annotated[
+        Optional[bool],
+        typer.Option(
+            '--install-completion',
+            callback=install_callback,
+            is_eager=True,
+            expose_value=False,
+            help='Install completion for the current shell.',
+            rich_help_panel=_COMPLETION_RICH_HELP_PANEL,
+        ),
+    ] = False,
+    __: Annotated[
+        Optional[bool],
+        typer.Option(
+            '--show-completion',
+            callback=show_callback,
+            is_eager=True,
+            expose_value=False,
+            help='Show completion for the current shell, to copy it or customize the installation.',
+            rich_help_panel=_COMPLETION_RICH_HELP_PANEL,
+        ),
+    ] = False,
+) -> None:
+    """[bold cyan]Cycode CLI - Command Line Interface for Cycode.[/]"""
+    init_sentry()
+    add_breadcrumb('cycode')
+
+    ctx.ensure_object(dict)
+    configuration_manager = ConfigurationManager()
+
+    verbose = verbose or configuration_manager.get_verbose_flag()
+    ctx.obj['verbose'] = verbose
+    if verbose:
+        set_logging_level(logging.DEBUG)
+
+    ctx.obj['output'] = output
+    if output == OutputTypeOption.JSON:
+        no_progress_meter = True
+
+    ctx.obj['client_id'] = client_id
+    ctx.obj['client_secret'] = client_secret
+
+    ctx.obj['progress_bar'] = get_progress_bar(hidden=no_progress_meter, sections=SCAN_PROGRESS_BAR_SECTIONS)
+
+    ctx.obj['console_printer'] = ConsolePrinter(ctx)
+    ctx.call_on_close(lambda: export_if_needed_on_close(ctx))
+
+    if user_agent:
+        user_agent_option = UserAgentOptionScheme().loads(user_agent)
+        CycodeClientBase.enrich_user_agent(user_agent_option.user_agent_suffix)
+
+    if not no_update_notifier:
+        ctx.call_on_close(lambda: check_latest_version_on_close(ctx))

cycode-3.0.0/cycode/cli/apps/ai_remediation/__init__.py

@@ -0,0 +1,20 @@
+import typer
+
+from cycode.cli.apps.ai_remediation.ai_remediation_command import ai_remediation_command
+
+app = typer.Typer()
+
+_ai_remediation_epilog = (
+    'Note: AI remediation suggestions are generated automatically and should be reviewed before applying.'
+)
+
+app.command(
+    name='ai-remediation',
+    short_help='Get AI remediation (INTERNAL).',
+    epilog=_ai_remediation_epilog,
+    hidden=True,
+    no_args_is_help=True,
+)(ai_remediation_command)
+
+# backward compatibility
+app.command(hidden=True, name='ai_remediation')(ai_remediation_command)

cycode-3.0.0/cycode/cli/apps/ai_remediation/ai_remediation_command.py

@@ -0,0 +1,39 @@
+from typing import Annotated
+from uuid import UUID
+
+import typer
+
+from cycode.cli.apps.ai_remediation.apply_fix import apply_fix
+from cycode.cli.apps.ai_remediation.print_remediation import print_remediation
+from cycode.cli.exceptions.handle_ai_remediation_errors import handle_ai_remediation_exception
+from cycode.cli.utils.get_api_client import get_scan_cycode_client
+
+
+def ai_remediation_command(
+    ctx: typer.Context,
+    detection_id: Annotated[UUID, typer.Argument(help='Detection ID to get remediation for', show_default=False)],
+    fix: Annotated[
+        bool, typer.Option('--fix', help='Apply fixes to resolve violations. Note: fix could be not available.')
+    ] = False,
+) -> None:
+    """:robot: [bold cyan]Get AI-powered remediation for security issues.[/]
+
+    This command provides AI-generated remediation guidance for detected security issues.
+
+    Example usage:
+    * `cycode ai-remediation <detection_id>`: View remediation guidance
+    * `cycode ai-remediation <detection_id> --fix`: Apply suggested fixes
+    """
+    client = get_scan_cycode_client(ctx)
+
+    try:
+        remediation_markdown = client.get_ai_remediation(detection_id)
+        fix_diff = client.get_ai_remediation(detection_id, fix=True)
+        is_fix_available = bool(fix_diff)  # exclude empty string, None, etc.
+
+        if fix:
+            apply_fix(ctx, fix_diff, is_fix_available)
+        else:
+            print_remediation(ctx, remediation_markdown, is_fix_available)
+    except Exception as err:
+        handle_ai_remediation_exception(ctx, err)

cycode-3.0.0/cycode/cli/apps/ai_remediation/apply_fix.py

@@ -0,0 +1,24 @@
+import os
+
+import typer
+from patch_ng import fromstring
+
+from cycode.cli.models import CliResult
+
+
+def apply_fix(ctx: typer.Context, diff: str, is_fix_available: bool) -> None:
+    printer = ctx.obj.get('console_printer')
+    if not is_fix_available:
+        printer.print_result(CliResult(success=False, message='Fix is not available for this violation'))
+        return
+
+    patch = fromstring(diff.encode('UTF-8'))
+    if patch is False:
+        printer.print_result(CliResult(success=False, message='Failed to parse fix diff'))
+        return
+
+    is_fix_applied = patch.apply(root=os.getcwd(), strip=0)
+    if is_fix_applied:
+        printer.print_result(CliResult(success=True, message='Fix applied successfully'))
+    else:
+        printer.print_result(CliResult(success=False, message='Failed to apply fix'))

cycode-3.0.0/cycode/cli/apps/ai_remediation/print_remediation.py

@@ -0,0 +1,14 @@
+import typer
+from rich.markdown import Markdown
+
+from cycode.cli.console import console
+from cycode.cli.models import CliResult
+
+
+def print_remediation(ctx: typer.Context, remediation_markdown: str, is_fix_available: bool) -> None:
+    printer = ctx.obj.get('console_printer')
+    if printer.is_json_printer:
+        data = {'remediation': remediation_markdown, 'is_fix_available': is_fix_available}
+        printer.print_result(CliResult(success=True, message='Remediation fetched successfully', data=data))
+    else:  # text or table
+        console.print(Markdown(remediation_markdown))

cycode-3.0.0/cycode/cli/apps/auth/__init__.py

@@ -0,0 +1,9 @@
+import typer
+
+from cycode.cli.apps.auth.auth_command import auth_command
+
+_auth_command_docs = 'https://github.com/cycodehq/cycode-cli/blob/main/README.md#using-the-auth-command'
+_auth_command_epilog = f'[bold]Documentation:[/] [link={_auth_command_docs}]{_auth_command_docs}[/link]'
+
+app = typer.Typer(no_args_is_help=False)
+app.command(name='auth', epilog=_auth_command_epilog, short_help='Authenticate your machine with Cycode.')(auth_command)