kekkai-cli 2.0.1__tar.gz → 2.2.1__tar.gz

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: kekkai-cli
-Version: 2.0.1
+Version: 2.2.1
 Summary: Terminal UI for Trivy/Semgrep/Gitleaks. Local-first security triage.
 Requires-Python: >=3.12
 Description-Content-Type: text/markdown
@@ -14,19 +14,20 @@ Requires-Dist: jinja2>=3.1.6
   <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
 </p>
 
-<p align="center"><strong>Stop parsing JSON. Security triage in your terminal.</strong></p>
+<p align="center"><strong>Interactive security triage in the terminal.</strong></p>
 
 <p align="center">
   <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
   <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
-  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+  <img alt="PyPI - Version" src="https://img.shields.io/pypi/v/kekkai-cli">
+
 </p>
 
 ---
 
 # Kekkai
 
-**Interactive security triage in the terminal.**
+**Stop parsing JSON.**
 
 Kekkai is a small open-source CLI that wraps existing security scanners (Trivy, Semgrep, Gitleaks) and focuses on the part that tends to be slow and frustrating: reviewing and triaging results.
 
@@ -73,6 +74,17 @@ kekkai triage
 # Interactive TUI to review findings with keyboard navigation
 ```
 
+### ⚡️ Auto-Install (Pre-commit)
+
+Add this to your `.pre-commit-config.yaml` to scan on every commit:
+
+```yaml
+  - repo: [https://github.com/kademoslabs/kekkai](https://github.com/kademoslabs/kekkai)
+    rev: v2.0.1
+    hooks:
+      - id: kekkai-scan
+```
+
 No signup, no cloud service required.
 
 ---
@@ -114,34 +126,11 @@ kekkai triage
 
 ---
 
-### CI/CD Policy Gate
-
-Break builds on severity thresholds.
-
-Kekkai can be used as a CI gate based on severity thresholds.
+### 🚦 CI/CD in 1 Second
 
+Don't write YAML. Run this in your repo:
 ```bash
-# Fail on any critical or high findings
-kekkai scan --ci --fail-on high
-
-# Fail only on critical
-kekkai scan --ci --fail-on critical
-```
-
-**Exit Codes:**
-| Code | Meaning |
-|------|---------|
-| 0 | No findings above threshold |
-| 1 | Findings exceed threshold |
-| 2 | Scanner error |
-
-**GitHub Actions Example:**
-
-```yaml
-- name: Security Scan
-  run: |
-    pipx install kekkai-cli
-    kekkai scan --ci --fail-on high
+kekkai init --ci
 ```
 
 [Full CI Documentation →](docs/ci/ci-mode.md)

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/README.md

@@ -2,19 +2,20 @@
   <img src="https://raw.githubusercontent.com/kademoslabs/assets/main/logos/kekkai-slim.png" alt="Kekkai CLI Logo" width="250"/>
 </p>
 
-<p align="center"><strong>Stop parsing JSON. Security triage in your terminal.</strong></p>
+<p align="center"><strong>Interactive security triage in the terminal.</strong></p>
 
 <p align="center">
   <img src="https://img.shields.io/github/actions/workflow/status/kademoslabs/kekkai/docker-publish.yml?logo=github"/>
   <img src="https://img.shields.io/circleci/build/github/kademoslabs/kekkai?logo=circleci"/>
-  <img src="https://img.shields.io/pypi/v/kekkai-cli?pypiBaseUrl=https%3A%2F%2Fpypi.org&logo=pypi"/>
+  <img alt="PyPI - Version" src="https://img.shields.io/pypi/v/kekkai-cli">
+
 </p>
 
 ---
 
 # Kekkai
 
-**Interactive security triage in the terminal.**
+**Stop parsing JSON.**
 
 Kekkai is a small open-source CLI that wraps existing security scanners (Trivy, Semgrep, Gitleaks) and focuses on the part that tends to be slow and frustrating: reviewing and triaging results.
 
@@ -61,6 +62,17 @@ kekkai triage
 # Interactive TUI to review findings with keyboard navigation
 ```
 
+### ⚡️ Auto-Install (Pre-commit)
+
+Add this to your `.pre-commit-config.yaml` to scan on every commit:
+
+```yaml
+  - repo: [https://github.com/kademoslabs/kekkai](https://github.com/kademoslabs/kekkai)
+    rev: v2.0.1
+    hooks:
+      - id: kekkai-scan
+```
+
 No signup, no cloud service required.
 
 ---
@@ -102,34 +114,11 @@ kekkai triage
 
 ---
 
-### CI/CD Policy Gate
-
-Break builds on severity thresholds.
-
-Kekkai can be used as a CI gate based on severity thresholds.
+### 🚦 CI/CD in 1 Second
 
+Don't write YAML. Run this in your repo:
 ```bash
-# Fail on any critical or high findings
-kekkai scan --ci --fail-on high
-
-# Fail only on critical
-kekkai scan --ci --fail-on critical
-```
-
-**Exit Codes:**
-| Code | Meaning |
-|------|---------|
-| 0 | No findings above threshold |
-| 1 | Findings exceed threshold |
-| 2 | Scanner error |
-
-**GitHub Actions Example:**
-
-```yaml
-- name: Security Scan
-  run: |
-    pipx install kekkai-cli
-    kekkai scan --ci --fail-on high
+kekkai init --ci
 ```
 
 [Full CI Documentation →](docs/ci/ci-mode.md)

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "kekkai-cli"
-version = "2.0.1"
+version = "2.2.1"
 description = "Terminal UI for Trivy/Semgrep/Gitleaks. Local-first security triage."
 readme = "README.md"
 requires-python = ">=3.12"
@@ -21,7 +21,7 @@ line-length = 100
 extend-exclude = ["dist", "build", ".venv"]
 lint.select = ["E", "F", "I", "B", "UP", "S", "SIM"]
 lint.ignore = ["S101"]  # allow asserts in tests
-lint.per-file-ignores = { "tests/**" = ["S"], "src/kekkai_core/docker/**" = ["S603"], "src/kekkai_core/slsa/**" = ["S603", "S607"], "src/kekkai/github/**" = ["S105"] }
+lint.per-file-ignores = { "tests/**" = ["S", "SIM117"], "src/kekkai_core/docker/**" = ["S603"], "src/kekkai_core/slsa/**" = ["S603", "S607"], "src/kekkai/github/**" = ["S105"] }
 
 [tool.mypy]
 python_version = "3.12"

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/src/kekkai/cli.py

@@ -221,6 +221,17 @@ def main(argv: Sequence[str] | None = None) -> int:
         type=str,
         help="Path for .kekkaiignore output (default: .kekkaiignore)",
     )
+    triage_parser.add_argument(
+        "--repo",
+        type=str,
+        help="Repository root path (default: auto-detect from run.json)",
+    )
+    triage_parser.add_argument(
+        "--context-lines",
+        type=int,
+        default=10,
+        help="Context lines before/after line (default: 10, range: 5-100)",
+    )
 
     # Fix subcommand - AI-powered remediation
     fix_parser = subparsers.add_parser("fix", help="generate AI-powered code fixes for findings")
@@ -1186,6 +1197,11 @@ def _command_triage(parsed: argparse.Namespace) -> int:
 
     input_path_str = cast(str | None, getattr(parsed, "input", None))
     output_path_str = cast(str | None, getattr(parsed, "output", None))
+    repo_path_str = cast(str | None, getattr(parsed, "repo", None))
+    context_lines = cast(int, getattr(parsed, "context_lines", 10))
+
+    # Validate context_lines range
+    context_lines = max(5, min(100, context_lines))
 
     # Default to latest run if no input specified
     if not input_path_str:
@@ -1232,7 +1248,39 @@ def _command_triage(parsed: argparse.Namespace) -> int:
 
     console.print(f"[info]Loaded {len(findings)} finding(s)[/info]\n")
 
-    return run_triage(findings=findings, output_path=output_path)
+    # Auto-detect repo_path from run.json if not explicitly provided
+    repo_path: Path | None = None
+    if repo_path_str:
+        repo_path = Path(repo_path_str).expanduser().resolve()
+    elif input_path.is_dir():
+        # Try to read repo_path from run.json
+        manifest_path = input_path / "run.json"
+        if manifest_path.exists():
+            try:
+                import json
+
+                with manifest_path.open() as f:
+                    manifest_data = json.load(f)
+                stored_repo = manifest_data.get("repo_path")
+                if stored_repo:
+                    repo_path = Path(stored_repo).expanduser().resolve()
+                    console.print(f"[dim]Using repo path from run metadata: {repo_path}[/dim]\n")
+            except (OSError, json.JSONDecodeError, KeyError):
+                pass
+
+    # Fall back to current directory if still not set (with warning)
+    if repo_path is None:
+        repo_path = Path.cwd()
+        console.print("[warning]⚠ Repo path not detected. Using current directory.[/warning]")
+        console.print("[dim]Tip: Use --repo to specify repository root explicitly.[/dim]")
+        console.print(f"[dim]Current directory: {repo_path}[/dim]\n")
+
+    return run_triage(
+        findings=findings,
+        output_path=output_path,
+        repo_path=repo_path,
+        context_lines=context_lines,
+    )
 
 
 def _command_fix(parsed: argparse.Namespace) -> int:

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/src/kekkai/output.py

@@ -57,7 +57,7 @@ BANNER_ASCII = r"""
 /_/\_\\___/_/\_/_/\_\\_,_/_/
 """
 
-VERSION = "2.0.1"
+VERSION = "2.2.1"
 
 
 def print_dashboard() -> None:

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/src/kekkai/triage/__init__.py

@@ -29,6 +29,8 @@ def run_triage(
     input_path: Path | None = None,
     output_path: Path | None = None,
     findings: Sequence[FindingEntry] | None = None,
+    repo_path: Path | None = None,
+    context_lines: int = 10,
 ) -> int:
     """Run the triage TUI (lazy import).
 
@@ -36,6 +38,8 @@ def run_triage(
         input_path: Path to findings JSON file.
         output_path: Path for .kekkaiignore output.
         findings: Pre-loaded findings (alternative to input_path).
+        repo_path: Repository root path for code context display.
+        context_lines: Number of lines to show before/after vulnerable line.
 
     Returns:
         Exit code (0 for success).
@@ -50,6 +54,8 @@ def run_triage(
             input_path=input_path,
             output_path=output_path,
             findings=findings,
+            repo_path=repo_path,
+            context_lines=context_lines,
         )
     except ImportError as e:
         raise RuntimeError(

{kekkai_cli-2.0.1 → kekkai_cli-2.2.1}/src/kekkai/triage/app.py

@@ -51,6 +51,8 @@ class TriageApp(App[None]):
         input_path: Path | None = None,
         output_path: Path | None = None,
         audit_path: Path | None = None,
+        repo_path: Path | None = None,
+        context_lines: int = 10,
     ) -> None:
         """Initialize triage application.
 
@@ -59,6 +61,8 @@ class TriageApp(App[None]):
             input_path: Path to findings JSON file.
             output_path: Path for .kekkaiignore output.
             audit_path: Path for audit log.
+            repo_path: Repository root path for code context display.
+            context_lines: Number of lines to show before/after vulnerable line.
         """
         super().__init__()
         self._input_path = input_path
@@ -66,6 +70,8 @@ class TriageApp(App[None]):
         self.ignore_file = IgnoreFile(output_path)
         self.audit_log = TriageAuditLog(audit_path)
         self._decisions: dict[str, TriageDecision] = {}
+        self.repo_path = repo_path or Path.cwd()
+        self.context_lines = context_lines
 
     @property
     def findings(self) -> list[FindingEntry]:
@@ -148,6 +154,8 @@ def run_triage(
     input_path: Path | None = None,
     output_path: Path | None = None,
     findings: Sequence[FindingEntry] | None = None,
+    repo_path: Path | None = None,
+    context_lines: int = 10,
 ) -> int:
     """Run the triage TUI.
 
@@ -155,6 +163,8 @@ def run_triage(
         input_path: Path to findings JSON file.
         output_path: Path for .kekkaiignore output.
         findings: Pre-loaded findings (alternative to input_path).
+        repo_path: Repository root path for code context display.
+        context_lines: Number of lines to show before/after vulnerable line.
 
     Returns:
         Exit code (0 for success).
@@ -163,6 +173,8 @@ def run_triage(
         findings=findings,
         input_path=input_path,
         output_path=output_path,
+        repo_path=repo_path,
+        context_lines=context_lines,
     )
     app.run()
     return 0