prismor 0.1.2__py3-none-any.whl → 1.0.5__py3-none-any.whl

prismor/__init__.py

@@ -1,6 +1,6 @@
 """Prismor CLI - Security scanning tool for GitHub repositories."""
 
-__version__ = "0.1.2"
+__version__ = "1.0.4"
 __author__ = "Prismor"
 __description__ = "A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs"
 

prismor/api.py

@@ -1,8 +1,10 @@
 """API client for Prismor security scanning service."""
 
 import os
+import re
 import requests
 from typing import Optional, Dict, Any
+from urllib.parse import urlparse
 
 
 class PrismorAPIError(Exception):
@@ -10,6 +12,137 @@ class PrismorAPIError(Exception):
     pass
 
 
+def parse_github_repo(repo_input: str) -> str:
+    """Extract user/repo_name from various GitHub URL formats or return as-is if already in correct format.
+    
+    This function handles multiple GitHub URL formats:
+    - user/repo_name (already in correct format)
+    - https://github.com/user/repo_name
+    - https://www.github.com/user/repo_name
+    - http://github.com/user/repo_name
+    - http://www.github.com/user/repo_name
+    - github.com/user/repo_name
+    - www.github.com/user/repo_name
+    - git@github.com:user/repo_name.git
+    - https://github.com/user/repo_name.git
+    - https://github.com/user/repo_name/
+    - https://github.com/user/repo_name#branch
+    - https://github.com/user/repo_name/tree/branch
+    - https://github.com/user/repo_name/blob/branch/file
+    
+    Args:
+        repo_input: Repository input in any of the supported formats
+        
+    Returns:
+        Repository in "user/repo_name" format
+        
+    Raises:
+        PrismorAPIError: If the input format is not recognized or invalid
+    """
+    if not repo_input or not isinstance(repo_input, str):
+        raise PrismorAPIError("Repository input cannot be empty")
+    
+    repo_input = repo_input.strip()
+    
+    # If it's already in user/repo format (no protocol, no domain), return as-is
+    if "/" in repo_input and not any(repo_input.startswith(prefix) for prefix in 
+                                    ["http://", "https://", "git@", "github.com", "www.github.com"]):
+        # Validate it has exactly one slash and both parts are non-empty
+        parts = repo_input.split("/")
+        if len(parts) == 2 and parts[0] and parts[1]:
+            return repo_input
+        else:
+            raise PrismorAPIError(f"Invalid repository format: {repo_input}. Expected 'user/repo_name'")
+    
+    # Handle SSH format: git@github.com:user/repo.git
+    if repo_input.startswith("git@github.com:"):
+        repo_part = repo_input[15:]  # Remove "git@github.com:"
+        # Remove .git suffix if present
+        if repo_part.endswith(".git"):
+            repo_part = repo_part[:-4]
+        if "/" in repo_part:
+            return repo_part
+        else:
+            raise PrismorAPIError(f"Invalid SSH repository format: {repo_input}")
+    
+    # Handle HTTP/HTTPS URLs
+    if repo_input.startswith(("http://", "https://")):
+        try:
+            parsed = urlparse(repo_input)
+            hostname = parsed.hostname.lower()
+            
+            # Check if it's a GitHub URL
+            if hostname in ["github.com", "www.github.com"]:
+                path = parsed.path.strip("/")
+                
+                # Remove .git suffix if present
+                if path.endswith(".git"):
+                    path = path[:-4]
+                
+                # Split path and extract user/repo
+                path_parts = path.split("/")
+                if len(path_parts) >= 2:
+                    user = path_parts[0]
+                    repo = path_parts[1]
+                    
+                    # Handle special GitHub paths like /tree/branch, /blob/branch/file
+                    if len(path_parts) > 2 and path_parts[2] in ["tree", "blob"]:
+                        # This is a branch/file reference, just take user/repo
+                        pass
+                    
+                    if user and repo:
+                        return f"{user}/{repo}"
+                    else:
+                        raise PrismorAPIError(f"Invalid GitHub URL format: {repo_input}")
+                else:
+                    raise PrismorAPIError(f"Invalid GitHub URL format: {repo_input}")
+            else:
+                raise PrismorAPIError(f"Not a GitHub URL: {repo_input}")
+                
+        except Exception as e:
+            raise PrismorAPIError(f"Failed to parse URL: {repo_input}. Error: {str(e)}")
+    
+    # Handle bare domain formats: github.com/user/repo or www.github.com/user/repo
+    if repo_input.startswith(("github.com/", "www.github.com/")):
+        # Remove domain prefix
+        if repo_input.startswith("github.com/"):
+            repo_part = repo_input[11:]  # Remove "github.com/"
+        else:  # www.github.com/
+            repo_part = repo_input[15:]  # Remove "www.github.com/"
+        
+        # Remove .git suffix if present
+        if repo_part.endswith(".git"):
+            repo_part = repo_part[:-4]
+        
+        # Remove trailing slash
+        repo_part = repo_part.rstrip("/")
+        
+        # Split and validate
+        parts = repo_part.split("/")
+        if len(parts) >= 2:
+            user = parts[0]
+            repo = parts[1]
+            
+            # Handle special GitHub paths like /tree/branch, /blob/branch/file
+            if len(parts) > 2 and parts[2] in ["tree", "blob"]:
+                # This is a branch/file reference, just take user/repo
+                pass
+            
+            if user and repo:
+                return f"{user}/{repo}"
+            else:
+                raise PrismorAPIError(f"Invalid repository format: {repo_input}")
+        else:
+            raise PrismorAPIError(f"Invalid repository format: {repo_input}")
+    
+    # If we get here, the format is not recognized
+    raise PrismorAPIError(
+        f"Unrecognized repository format: {repo_input}. "
+        "Supported formats: 'user/repo', 'https://github.com/user/repo', "
+        "'git@github.com:user/repo.git', or 'github.com/user/repo'"
+    )
+
+
 class PrismorClient:
     """Client for interacting with Prismor API."""
     
@@ -23,7 +156,8 @@ class PrismorClient:
         if not self.api_key:
             raise PrismorAPIError(
                 "PRISMOR_API_KEY environment variable is not set. "
-                "Please set it with: export PRISMOR_API_KEY=your_api_key"
+                "Please specify your API key. You can generate one for free at https://www.prismor.dev/cli\n"
+                "Set it with: export PRISMOR_API_KEY=your_api_key"
             )
         
         # self.base_url = "http://localhost:3000"
@@ -76,27 +210,21 @@ class PrismorClient:
         """Normalize repository input to a full GitHub URL.
         
         Args:
-            repo: Repository in format 'username/repo' or full GitHub URL
+            repo: Repository in various formats (username/repo, GitHub URL, etc.)
             
         Returns:
             Full GitHub repository URL
         """
-        if repo.startswith("http://") or repo.startswith("https://"):
-            return repo
+        # Use the comprehensive parser to extract user/repo_name
+        repo_name = parse_github_repo(repo)
         
-        # Assume it's in username/repo format
-        if "/" in repo:
-            return f"https://github.com/{repo}"
-        
-        raise PrismorAPIError(
-            f"Invalid repository format: {repo}. "
-            "Please use 'username/repo' or full GitHub URL"
-        )
+        # Convert to full GitHub URL
+        return f"https://github.com/{repo_name}"
     
     def scan(
         self,
         repo: str,
-        vex: bool = False,
+        scan: bool = False,
         sbom: bool = False,
         detect_secret: bool = False,
         fullscan: bool = False,
@@ -106,7 +234,7 @@ class PrismorClient:
         
         Args:
             repo: Repository URL or username/repo format
-            vex: Enable vulnerability scanning
+            scan: Enable vulnerability scanning
             sbom: Enable SBOM generation
             detect_secret: Enable secret detection
             fullscan: Enable all scan types
@@ -125,7 +253,7 @@ class PrismorClient:
         payload = {
             "repo_url": repo_url,
             "api_key": self.api_key,
-            "vex": vex or fullscan,
+            "scan": scan or fullscan,
             "sbom": sbom or fullscan,
             "detect_secret": detect_secret or fullscan,
             "fullscan": fullscan,
@@ -133,11 +261,13 @@ class PrismorClient:
         }
         
         try:
+            # Note: Vulnerability scans now run asynchronously and can take up to 10 minutes
+            # The web API handles polling internally, so we just need a longer timeout
             response = requests.post(
                 f"{self.base_url}/api/cli/scan",
                 json=payload,
                 headers={"Content-Type": "application/json"},
-                timeout=300  # 5 minute timeout
+                timeout=600  # 10 minute timeout to accommodate async vulnerability scans
             )
             
             if response.status_code == 401:
@@ -166,8 +296,123 @@ class PrismorClient:
             
         except requests.exceptions.Timeout:
             raise PrismorAPIError(
-                "Request timed out. The repository scan is taking longer than expected."
+                "Request timed out. The repository scan is taking longer than expected. "
+                "Large repositories may require more time. Please try again or check the dashboard for results."
+            )
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Request failed: {str(e)}")
+    
+    def start_vulnerability_scan(
+        self,
+        repo: str,
+        branch: Optional[str] = None,
+        github_token: Optional[str] = None
+    ) -> Dict[str, Any]:
+        """Start a vulnerability scan and return immediately with a job_id.
+        
+        This method directly calls the backend API to start an async scan.
+        Use check_scan_status() to poll for completion.
+        
+        Args:
+            repo: Repository URL or username/repo format
+            branch: Specific branch to scan (defaults to main)
+            github_token: Optional GitHub token. If not provided, will try to get from env var GITHUB_TOKEN
+            
+        Returns:
+            Dictionary containing job_id and status information
+            
+        Raises:
+            PrismorAPIError: If request fails
+        """
+        # Directly call the backend API
+        backend_url = os.environ.get(
+            "PRISMOR_BACKEND_URL", 
+            "https://2dlxuia6i5.execute-api.us-east-1.amazonaws.com/prod"
+        )
+        
+        repo_url = self.normalize_repo_url(repo)
+        
+        # Get GitHub token from parameter, env var, or raise error
+        gh_token = github_token or os.environ.get("GITHUB_TOKEN")
+        
+        if not gh_token:
+            raise PrismorAPIError(
+                "GitHub token required. Provide it as a parameter, set GITHUB_TOKEN environment variable, "
+                "or use 'prismor --scan <repo> --scan' which handles authentication automatically."
+            )
+        
+        try:
+            response = requests.post(
+                f"{backend_url}/scan",
+                json={
+                    "repo_url": repo_url,
+                    "token": gh_token,
+                    "branch": branch or "main"
+                },
+                headers={"Content-Type": "application/json"},
+                timeout=30
+            )
+            
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Unknown error")
+                raise PrismorAPIError(f"API error: {error_msg}")
+            
+            response.raise_for_status()
+            return response.json()
+            
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError("Request timed out.")
+        except requests.exceptions.ConnectionError:
+            raise PrismorAPIError(
+                "Failed to connect to Prismor API. Please check your internet connection."
+            )
+        except requests.exceptions.RequestException as e:
+            raise PrismorAPIError(f"Request failed: {str(e)}")
+    
+    def check_scan_status(self, job_id: str) -> Dict[str, Any]:
+        """Check the status of a vulnerability scan job.
+        
+        This method directly calls the backend API to check scan status.
+        Use this when you have a job_id from starting an async scan.
+        
+        Args:
+            job_id: The job ID returned from starting a scan
+            
+        Returns:
+            Dictionary containing scan status and results if completed
+            
+        Raises:
+            PrismorAPIError: If request fails
+        """
+        # Directly call the backend API for status check
+        backend_url = os.environ.get(
+            "PRISMOR_BACKEND_URL", 
+            "https://2dlxuia6i5.execute-api.us-east-1.amazonaws.com/prod"
+        )
+        
+        try:
+            response = requests.get(
+                f"{backend_url}/scan/status/{job_id}",
+                headers={"Content-Type": "application/json"},
+                timeout=30
             )
+            
+            if response.status_code == 404:
+                raise PrismorAPIError(f"Scan job '{job_id}' not found.")
+            
+            if response.status_code >= 400:
+                error_msg = response.json().get("error", "Unknown error")
+                raise PrismorAPIError(f"API error: {error_msg}")
+            
+            response.raise_for_status()
+            return response.json()
+            
+        except requests.exceptions.Timeout:
+            raise PrismorAPIError("Request timed out.")
         except requests.exceptions.ConnectionError:
             raise PrismorAPIError(
                 "Failed to connect to Prismor API. Please check your internet connection."

prismor/cli.py

@@ -3,8 +3,10 @@
 import sys
 import json
 import click
+import threading
+import time
 from typing import Optional
-from .api import PrismorClient, PrismorAPIError
+from .api import PrismorClient, PrismorAPIError, parse_github_repo
 
 
 def print_success(message: str):
@@ -27,6 +29,43 @@ def print_warning(message: str):
     click.secho(f"⚠ {message}", fg="yellow")
 
 
+class Spinner:
+    """Simple spinner for showing loading state."""
+    
+    def __init__(self, message: str = "Processing"):
+        self.message = message
+        self.spinner_chars = "|/-\\"
+        self.spinner_index = 0
+        self.running = False
+        self.thread = None
+    
+    def _spin(self):
+        """Internal spinner loop."""
+        while self.running:
+            char = self.spinner_chars[self.spinner_index % len(self.spinner_chars)]
+            sys.stdout.write(f"\r{char} {self.message}...")
+            sys.stdout.flush()
+            self.spinner_index += 1
+            time.sleep(0.1)
+    
+    def start(self):
+        """Start the spinner."""
+        self.running = True
+        self.thread = threading.Thread(target=self._spin, daemon=True)
+        self.thread.start()
+    
+    def stop(self, message: str = None):
+        """Stop the spinner and clear the line."""
+        self.running = False
+        if self.thread:
+            self.thread.join(timeout=0.2)
+        # Clear the spinner line
+        sys.stdout.write("\r" + " " * (len(self.message) + 15) + "\r")
+        sys.stdout.flush()
+        if message:
+            click.echo(message)
+
+
 def format_scan_results(results: dict, scan_type: str):
     """Format and display scan results."""
     click.echo("\n" + "=" * 60)
@@ -117,71 +156,85 @@ def format_scan_results(results: dict, scan_type: str):
 
 @click.group(invoke_without_command=True)
 @click.option(
-    "--scan",
+    "--repo",
+    "scan_repo",
     type=str,
-    help="Repository to scan (username/repo or full GitHub URL)"
+    help="Repository to scan (username/repo, GitHub URL, SSH URL, etc.)"
 )
-@click.option("--vex", is_flag=True, help="Perform vulnerability scanning")
+@click.option("--scan", is_flag=True, help="Perform vulnerability scanning")
 @click.option("--sbom", is_flag=True, help="Generate Software Bill of Materials")
 @click.option("--detect-secret", is_flag=True, help="Detect secrets in repository")
 @click.option("--fullscan", is_flag=True, help="Perform all scan types")
 @click.option("--branch", type=str, help="Specific branch to scan (defaults to main/master)")
 @click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
-@click.version_option(version="0.1.2", prog_name="prismor")
+@click.version_option(version="1.0.5", prog_name="prismor")
 @click.pass_context
-def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool, 
+def cli(ctx, scan_repo: Optional[str], scan: bool, sbom: bool, detect_secret: bool, 
         fullscan: bool, branch: Optional[str], output_json: bool):
     """Prismor CLI - Security scanning tool for GitHub repositories.
     
     Examples:
-        prismor --scan username/repo --vex
-        prismor --scan username/repo --fullscan
-        prismor --scan https://github.com/username/repo --detect-secret
-        prismor --scan username/repo --sbom --branch develop
+        prismor --repo username/repo --scan
+        prismor --repo username/repo --fullscan
+        prismor --repo https://github.com/username/repo --detect-secret
+        prismor --repo git@github.com:username/repo.git --sbom
+        prismor --repo github.com/username/repo --fullscan --branch develop
         prismor status
         prismor repos
     """
     # If no command and no scan option, show help
-    if ctx.invoked_subcommand is None and not scan:
+    if ctx.invoked_subcommand is None and not scan_repo:
         click.echo(ctx.get_help())
         return
     
     # If scan option is provided, perform the scan
-    if scan:
+    if scan_repo:
         # Check if at least one scan type is selected
-        if not any([vex, sbom, detect_secret, fullscan]):
-            print_error("Please specify at least one scan type: --vex, --sbom, --detect-secret, or --fullscan")
+        if not any([scan, sbom, detect_secret, fullscan]):
+            print_error("Please specify at least one scan type: --scan, --sbom, --detect-secret, or --fullscan")
             sys.exit(1)
         
         try:
             # Initialize API client
-            print_info(f"Initializing Prismor scan for: {scan}")
+            print_info(f"Initializing Prismor scan for: {scan_repo}")
             client = PrismorClient()
             
             # Determine scan type for display
             scan_types = []
             if fullscan:
-                scan_types.append("Full Scan (VEX + SBOM + Secret Detection)")
+                scan_types.append("Full Scan (scan + SBOM + Secret Detection)")
             else:
-                if vex:
-                    scan_types.append("VEX")
+                if scan:
+                    scan_types.append("scan")
                 if sbom:
                     scan_types.append("SBOM")
                 if detect_secret:
                     scan_types.append("Secret Detection")
             
             print_info(f"Scan type: {', '.join(scan_types)}")
-            print_info("Starting scan... (this may take a few minutes)")
+            if scan or fullscan:
+                print_info("Starting scan... (vulnerability scans run asynchronously and may take up to 10 minutes)")
+            else:
+                print_info("Starting scan... (this may take a few minutes)")
+            
+            # Show loading spinner during scan
+            spinner = Spinner("Scanning repository")
+            spinner.start()
             
-            # Perform scan
-            results = client.scan(
-                repo=scan,
-                vex=vex,
-                sbom=sbom,
-                detect_secret=detect_secret,
-                fullscan=fullscan,
-                branch=branch
-            )
+            try:
+                # Perform scan
+                results = client.scan(
+                    repo=scan_repo,
+                    scan=scan,
+                    sbom=sbom,
+                    detect_secret=detect_secret,
+                    fullscan=fullscan,
+                    branch=branch
+                )
+                spinner.stop()
+            except Exception as e:
+                spinner.stop()
+                raise e
             
             # Output results
             if output_json:
@@ -192,12 +245,8 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
                 
                 # Try to get repository ID and display dashboard link
                 try:
-                    # Extract repo name from scan input
-                    repo_name = scan
-                    if scan.startswith("http://") or scan.startswith("https://"):
-                        # Extract from GitHub URL
-                        if "github.com/" in scan:
-                            repo_name = scan.split("github.com/")[1].rstrip("/")
+                    # Extract repo name from scan input using the comprehensive parser
+                    repo_name = parse_github_repo(scan_repo)
                     
                     # Get repository ID
                     repo_info = client.get_repository_by_name(repo_name)
@@ -236,7 +285,7 @@ def cli(ctx, scan: Optional[str], vex: bool, sbom: bool, detect_secret: bool,
 @cli.command()
 def version():
     """Display the version of Prismor CLI."""
-    click.echo("Prismor CLI v0.1.0")
+    click.echo("Prismor CLI v1.0.5")
 
 
 @cli.command()
@@ -256,6 +305,8 @@ def config():
         print_success(f"PRISMOR_API_KEY: {masked_key}")
     else:
         print_error("PRISMOR_API_KEY: Not set")
+        click.echo("\nPlease specify your API key. You can generate one for free at:")
+        click.secho("  https://www.prismor.dev/cli", fg="cyan", underline=True)
         click.echo("\nTo set your API key, run:")
         click.echo("  export PRISMOR_API_KEY=your_api_key")
     
@@ -268,7 +319,14 @@ def repos():
     """List your connected repositories."""
     try:
         client = PrismorClient()
-        repos_data = client.get_repositories()
+        spinner = Spinner("Loading repositories")
+        spinner.start()
+        try:
+            repos_data = client.get_repositories()
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
         
         click.echo("\n" + "=" * 60)
         click.secho("  Your Repositories", fg="cyan", bold=True)
@@ -299,12 +357,216 @@ def repos():
         sys.exit(1)
 
 
+@cli.command()
+@click.argument("repo", type=str)
+@click.option("--branch", type=str, help="Specific branch to scan (defaults to main)")
+@click.option("--token", type=str, help="GitHub token (or set GITHUB_TOKEN env var)")
+@click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
+def start_scan(repo: str, branch: Optional[str], token: Optional[str], output_json: bool):
+    """Start a vulnerability scan and return a job_id for status checking.
+    
+    REPO is the repository to scan (username/repo, GitHub URL, SSH URL, etc.)
+    
+    This command starts a scan asynchronously and returns immediately with a job_id.
+    Use 'prismor scan-status <job_id>' to check when the scan completes.
+    
+    Note: Requires GitHub token. Set GITHUB_TOKEN environment variable or use --token option.
+    
+    Examples:
+        prismor start-scan username/repo
+        prismor start-scan https://github.com/username/repo --branch develop
+        prismor start-scan username/repo --token ghp_xxxxx
+        prismor start-scan username/repo --json
+    """
+    try:
+        client = PrismorClient()
+        print_info(f"Starting vulnerability scan for: {repo}")
+        if branch:
+            print_info(f"Branch: {branch}")
+        
+        spinner = Spinner("Starting scan")
+        spinner.start()
+        try:
+            result = client.start_vulnerability_scan(repo, branch, token)
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
+        
+        if output_json:
+            click.echo(json.dumps(result, indent=2))
+        else:
+            click.echo("\n" + "=" * 60)
+            click.secho("  Scan Started", fg="cyan", bold=True)
+            click.echo("=" * 60 + "\n")
+            
+            job_id = result.get("job_id")
+            if job_id:
+                print_success(f"Scan started successfully!")
+                click.echo()
+                click.secho(f"Job ID: {job_id}", fg="yellow", bold=True)
+                click.echo()
+                click.secho("Repository:", fg="yellow", bold=True)
+                click.echo(f"  {result.get('repository', repo)}")
+                click.echo()
+                if "branch" in result:
+                    click.secho("Branch:", fg="yellow", bold=True)
+                    click.echo(f"  {result['branch']}")
+                    click.echo()
+                click.secho("Status:", fg="yellow", bold=True)
+                click.echo(f"  {result.get('status', 'accepted')}")
+                click.echo()
+                click.secho("Next Steps:", fg="cyan", bold=True)
+                click.echo(f"  Check scan status with:")
+                click.secho(f"    prismor scan-status {job_id}", fg="green", bold=True)
+                click.echo()
+            else:
+                print_error("Failed to get job_id from response")
+                click.echo(json.dumps(result, indent=2))
+            
+            click.echo("=" * 60 + "\n")
+            
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+
+
+@cli.command()
+@click.argument("job_id", type=str)
+@click.option("--json", "output_json", is_flag=True, help="Output results in JSON format")
+def scan_status(job_id: str, output_json: bool):
+    """Check the status of a vulnerability scan job.
+    
+    JOB_ID is the job ID returned when starting a scan.
+    
+    Examples:
+        prismor scan-status a724a4663cda4bf087ad171683cb726d
+        prismor scan-status 50cbe253e5634227b81fe744c2a0b3e7 --json
+    """
+    try:
+        client = PrismorClient()
+        print_info(f"Checking scan status for job: {job_id}")
+        
+        spinner = Spinner("Checking status")
+        spinner.start()
+        try:
+            status_data = client.check_scan_status(job_id)
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
+        
+        if output_json:
+            click.echo(json.dumps(status_data, indent=2))
+        else:
+            click.echo("\n" + "=" * 60)
+            click.secho("  Scan Status", fg="cyan", bold=True)
+            click.echo("=" * 60 + "\n")
+            
+            click.secho(f"Job ID: {status_data.get('job_id', job_id)}", fg="yellow", bold=True)
+            click.echo()
+            
+            status = status_data.get("status", "unknown")
+            if status == "completed":
+                print_success(f"Status: {status}")
+                click.echo()
+                
+                if "repository" in status_data:
+                    click.secho("Repository:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['repository']}")
+                    click.echo()
+                
+                if "branch" in status_data:
+                    click.secho("Branch:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['branch']}")
+                    click.echo()
+                
+                if "duration" in status_data:
+                    click.secho("Duration:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['duration']:.2f} seconds")
+                    click.echo()
+                
+                if "public_url" in status_data:
+                    click.secho("Results URL:", fg="yellow", bold=True)
+                    click.secho(f"  {status_data['public_url']}", fg="green")
+                    click.echo()
+                
+                if "presigned_url" in status_data:
+                    click.secho("Presigned URL (expires in 1 hour):", fg="yellow", bold=True)
+                    click.secho(f"  {status_data['presigned_url']}", fg="blue")
+                    click.echo()
+                
+                # Display vulnerability summary if available
+                if "summary" in status_data:
+                    summary = status_data["summary"]
+                    click.secho("Vulnerability Summary:", fg="yellow", bold=True)
+                    click.echo(f"  Total Vulnerabilities: {summary.get('total_vulnerabilities', 0)}")
+                    click.echo(f"  Total Targets Scanned: {summary.get('total_targets', 0)}")
+                    click.echo()
+                    
+                    severity_breakdown = summary.get('severity_breakdown', {})
+                    if severity_breakdown:
+                        click.secho("  Severity Breakdown:", fg="yellow")
+                        if severity_breakdown.get('CRITICAL', 0) > 0:
+                            click.secho(f"    CRITICAL: {severity_breakdown['CRITICAL']}", fg="red", bold=True)
+                        if severity_breakdown.get('HIGH', 0) > 0:
+                            click.secho(f"    HIGH: {severity_breakdown['HIGH']}", fg="red")
+                        if severity_breakdown.get('MEDIUM', 0) > 0:
+                            click.secho(f"    MEDIUM: {severity_breakdown['MEDIUM']}", fg="yellow")
+                        if severity_breakdown.get('LOW', 0) > 0:
+                            click.secho(f"    LOW: {severity_breakdown['LOW']}", fg="blue")
+                        if severity_breakdown.get('UNKNOWN', 0) > 0:
+                            click.secho(f"    UNKNOWN: {severity_breakdown['UNKNOWN']}", fg="white")
+                        click.echo()
+                
+                if "scan_date" in status_data:
+                    click.secho("Scan Date:", fg="yellow", bold=True)
+                    click.echo(f"  {status_data['scan_date']}")
+                    click.echo()
+                    
+            elif status == "running":
+                print_info(f"Status: {status}")
+                if "message" in status_data:
+                    click.echo(f"  {status_data['message']}")
+                click.echo()
+                click.echo("The scan is still in progress. Check back in a few moments.")
+                click.echo()
+                
+            elif status == "failed":
+                print_error(f"Status: {status}")
+                if "error" in status_data:
+                    click.echo(f"  Error: {status_data['error']}")
+                click.echo()
+            else:
+                click.secho(f"Status: {status}", fg="yellow")
+                click.echo()
+            
+            click.echo("=" * 60 + "\n")
+            
+    except PrismorAPIError as e:
+        print_error(str(e))
+        sys.exit(1)
+    except Exception as e:
+        print_error(f"Unexpected error: {str(e)}")
+        sys.exit(1)
+
+
 @cli.command()
 def status():
     """Check your account status and GitHub integration."""
     try:
         client = PrismorClient()
-        auth_data = client.authenticate()
+        spinner = Spinner("Checking account status")
+        spinner.start()
+        try:
+            auth_data = client.authenticate()
+            spinner.stop()
+        except Exception as e:
+            spinner.stop()
+            raise e
         
         click.echo("\n" + "=" * 60)
         click.secho("  Account Status", fg="cyan", bold=True)
@@ -312,9 +574,7 @@ def status():
         
         user_info = auth_data.get("user", {})
         if user_info:
-            click.secho(f"User: {user_info.get('name', 'Unknown')} ({user_info.get('email', 'No email')})", fg="yellow")
-            click.echo()
-            
+                        
             repositories = user_info.get("repositories", [])
             click.secho(f"Connected Repositories: {len(repositories)}", fg="green")
             

{prismor-0.1.2.dist-info → prismor-1.0.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: prismor
-Version: 0.1.2
+Version: 1.0.5
 Summary: A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
 Home-page: https://github.com/PrismorSec/prismor-cli
 Author: Prismor
@@ -48,12 +48,12 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 
 ## Features
 
-- 🔍 **Vulnerability Scanning (VEX)** - Detect security vulnerabilities in your codebase
+- 🔍 **Vulnerability Scanning (scan)** - Detect security vulnerabilities in your codebase
 - 🔐 **Secret Detection** - Find exposed secrets, API keys, and credentials
 - 📦 **SBOM Generation** - Generate comprehensive Software Bill of Materials
 - ⚡ **Full Scan** - Run all security checks in one command
 - 🎨 **Beautiful CLI Output** - Colorful, easy-to-read results
-- 🔗 **Flexible Repository Input** - Support for `username/repo` or full GitHub URLs
+- 🔗 **Flexible Repository Input** - Support for multiple GitHub URL formats including SSH, HTTPS, and bare domain formats
 
 ## Quick Start
 
@@ -61,7 +61,7 @@ A powerful command-line tool for scanning GitHub repositories for security vulne
 2. **Generate your API Key** from the dashboard
 3. **Install** the CLI: `pip install prismor`
 4. **Set your API key**: `export PRISMOR_API_KEY=your_api_key`
-5. **Run your first scan**: `prismor --scan username/repo --fullscan`
+5. **Run your first scan**: `prismor --repo username/repo --fullscan`
 
 For the complete analysis with dashboards and reports, visit [Prismor.dev](https://prismor.dev) after running scans!
 
@@ -116,39 +116,91 @@ This allows Prismor to securely access and scan your private repositories.
 ### Basic Syntax
 
 ```bash
-prismor --scan <repository> [scan-type]
+prismor --repo <repository> [scan-type]
 ```
 
+**Note**: The `--scan` flag is used to enable vulnerability scanning, while `--repo` specifies the repository to scan.
+
 ### Repository Format
 
-You can specify repositories in two ways:
+Prismor CLI supports multiple GitHub repository URL formats for maximum flexibility:
+
+#### 1. **Username/Repository format** (recommended):
+```bash
+prismor --repo Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 2. **HTTPS URLs**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://www.github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 3. **HTTP URLs**:
+```bash
+prismor --repo http://github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo http://www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 4. **Bare domain formats**:
+```bash
+prismor --repo github.com/Ar9av/trychai-web-revamped --fullscan
+prismor --repo www.github.com/Ar9av/trychai-web-revamped --fullscan
+```
+
+#### 5. **SSH format**:
+```bash
+prismor --repo git@github.com:Ar9av/trychai-web-revamped.git --fullscan
+```
+
+#### 6. **URLs with paths and fragments**:
+```bash
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/tree/main --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped/blob/main/file.py --fullscan
+prismor --repo https://github.com/Ar9av/trychai-web-revamped#branch --fullscan
+```
+
+**All formats are automatically parsed and normalized to extract the `user/repo_name` format for processing.**
 
-1. **Username/Repository format:**
-   ```bash
-   prismor --scan Ar9av/trychai-web-revamped --fullscan
-   ```
+### Smart URL Parsing
 
-2. **Full GitHub URL:**
-   ```bash
-   prismor --scan https://github.com/Ar9av/trychai-web-revamped --fullscan
-   ```
+Prismor CLI features intelligent GitHub URL parsing that automatically:
+
+- ✅ **Detects and extracts** repository information from any supported format
+- ✅ **Handles edge cases** like trailing slashes, `.git` suffixes, and branch references
+- ✅ **Validates input** to ensure it's a valid GitHub repository
+- ✅ **Provides clear error messages** for unsupported formats
+- ✅ **Supports special characters** in repository names (hyphens, underscores, numbers)
+
+**Examples of what gets automatically parsed:**
+```bash
+# All of these resolve to "facebook/react":
+prismor --repo facebook/react --scan
+prismor --repo https://github.com/facebook/react --scan
+prismor --repo git@github.com:facebook/react.git --scan
+prismor --repo github.com/facebook/react --scan
+prismor --repo https://github.com/facebook/react/tree/main --scan
+```
 
 ### Scan Types
 
-#### 1. Vulnerability Scanning (VEX)
+#### 1. Vulnerability Scanning (scan)
 
 Scan for security vulnerabilities in your dependencies and code:
 
 ```bash
-prismor --scan myrepository --vex
+prismor --repo myrepository --scan
 ```
 
+**Note**: Vulnerability scans now run asynchronously for large repositories. The CLI will wait for completion automatically, but you can also use `prismor start-scan` to get a job ID and check status separately.
+
 #### 2. Secret Detection
 
 Detect exposed secrets, API keys, passwords, and other sensitive information:
 
 ```bash
-prismor --scan myrepository --detect-secret
+prismor --repo myrepository --detect-secret
 ```
 
 #### 3. SBOM Generation
@@ -156,15 +208,15 @@ prismor --scan myrepository --detect-secret
 Generate a Software Bill of Materials for your repository:
 
 ```bash
-prismor --scan myrepository --sbom
+prismor --repo myrepository --sbom
 ```
 
 #### 4. Full Scan
 
-Run all security checks (VEX + Secret Detection + SBOM):
+Run all security checks (scan + Secret Detection + SBOM):
 
 ```bash
-prismor --scan myrepository --fullscan
+prismor --repo myrepository --fullscan
 ```
 
 ### Multiple Scan Types
@@ -172,7 +224,7 @@ prismor --scan myrepository --fullscan
 You can combine multiple scan types:
 
 ```bash
-prismor --scan myrepository --vex --detect-secret
+prismor --repo myrepository --scan --detect-secret
 ```
 
 ### JSON Output
@@ -180,37 +232,127 @@ prismor --scan myrepository --vex --detect-secret
 Get results in JSON format for automation and integration:
 
 ```bash
-prismor --scan myrepository --fullscan --json
+prismor --repo myrepository --fullscan --json
 ```
 
 ## Examples
 
-### Example 1: Quick Vulnerability Scan
+### Example 1: Quick Vulnerability Scan (Username/Repo format)
+
+```bash
+prismor --repo facebook/react --scan
+```
+
+### Example 2: Comprehensive Security Audit (HTTPS URL)
+
+```bash
+prismor --repo https://github.com/microsoft/vscode --fullscan
+```
+
+### Example 3: Secret Detection with SSH URL
+
+```bash
+prismor --repo git@github.com:openai/gpt-3.git --detect-secret
+```
+
+### Example 4: SBOM Generation with Bare Domain
 
 ```bash
-prismor --scan facebook/react --vex
+prismor --repo github.com/kubernetes/kubernetes --sbom --json > sbom-results.json
 ```
 
-### Example 2: Comprehensive Security Audit
+### Example 5: Full Scan with Branch Reference
 
 ```bash
-prismor --scan https://github.com/microsoft/vscode --fullscan
+prismor --repo https://github.com/tensorflow/tensorflow/tree/v2.13.0 --fullscan
 ```
 
-### Example 3: Secret Detection Only
+### Example 6: Multiple Scan Types with Different URL Formats
 
 ```bash
-prismor --scan openai/gpt-3 --detect-secret
+# Using HTTPS URL
+prismor --repo https://github.com/pytorch/pytorch --scan --sbom
+
+# Using SSH URL
+prismor --repo git@github.com:nodejs/node.git --detect-secret --sbom
+
+# Using bare domain
+prismor --repo www.github.com/vercel/next.js --fullscan
 ```
 
-### Example 4: SBOM Generation with JSON Output
+### Example 7: Async Scan with Status Checking
 
 ```bash
-prismor --scan kubernetes/kubernetes --sbom --json > sbom-results.json
+# Start a scan and get job ID
+prismor start-scan username/repo --branch main
+
+# Check scan status (use job ID from previous command)
+prismor scan-status <job_id>
+
+# Check status with JSON output
+prismor scan-status <job_id> --json
 ```
 
 ## Additional Commands
 
+### Start Async Vulnerability Scan
+
+Start a vulnerability scan asynchronously and get a job ID for status checking:
+
+```bash
+prismor start-scan username/repo
+prismor start-scan username/repo --branch develop
+prismor start-scan username/repo --token ghp_xxxxx
+```
+
+**Note**: Requires GitHub token. Set `GITHUB_TOKEN` environment variable or use `--token` option.
+
+### Check Scan Status
+
+Check the status of a running or completed vulnerability scan:
+
+```bash
+prismor scan-status <job_id>
+prismor scan-status <job_id> --json
+```
+
+**Status Response Includes**:
+- Job status (running/completed/failed)
+- Repository and branch information
+- Results URLs (public and presigned)
+- Vulnerability summary with severity breakdown
+- Scan date and duration
+
+**Example Output**:
+```
+============================================================
+  Scan Status
+============================================================
+
+Job ID: abc123def456...
+
+Status: completed
+
+Repository:
+  https://github.com/username/repo
+
+Branch:
+  main
+
+Vulnerability Summary:
+  Total Vulnerabilities: 15
+  Total Targets Scanned: 3
+
+  Severity Breakdown:
+    CRITICAL: 2
+    HIGH: 5
+    MEDIUM: 6
+    LOW: 2
+
+Results URL:
+  https://prismor-sbom-public-dev.s3.amazonaws.com/...
+```
+
 ### Check Configuration
 
 View your current Prismor CLI configuration:
@@ -303,9 +445,24 @@ export PRISMOR_API_KEY=your_api_key_here
 
 ### Invalid Repository Format
 
-Ensure your repository is in one of these formats:
-- `username/repository`
+Ensure your repository is in one of the supported formats:
+
+**Supported formats:**
+- `username/repository` (recommended)
 - `https://github.com/username/repository`
+- `https://www.github.com/username/repository`
+- `http://github.com/username/repository`
+- `http://www.github.com/username/repository`
+- `github.com/username/repository`
+- `www.github.com/username/repository`
+- `git@github.com:username/repository.git`
+- `https://github.com/username/repository/tree/branch`
+- `https://github.com/username/repository/blob/branch/file`
+
+**Not supported:**
+- Non-GitHub URLs (GitLab, Bitbucket, etc.)
+- Invalid URL formats
+- Empty or malformed repository names
 
 ### Connection Issues
 

prismor-1.0.5.dist-info/RECORD

@@ -0,0 +1,9 @@
+prismor/__init__.py,sha256=_1mv0XdQk8KdVm_Fua-h0nBJJS3SrZIKOPJYhi8Vt00,230
+prismor/api.py,sha256=ydcovvL5ior_dpQByoYfCySoO1jIbtjrwr8iCjnBa58,19020
+prismor/cli.py,sha256=k_3IAIntTNyV8Gkw2gNwDoH_B_dFZXC_sZ9V98C_9MQ,24197
+prismor-1.0.5.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
+prismor-1.0.5.dist-info/METADATA,sha256=1TIjbE3iKGy0U46NWYsxKkS0lVtAjLR8eHXB5Wjaizo,14319
+prismor-1.0.5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+prismor-1.0.5.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
+prismor-1.0.5.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
+prismor-1.0.5.dist-info/RECORD,,

prismor-0.1.2.dist-info/RECORD

@@ -1,9 +0,0 @@
-prismor/__init__.py,sha256=6sRGygr6VrNie8Xd_B9Zeq6Q0ThWRftLBnVzZBdGEb4,230
-prismor/api.py,sha256=YrFnw1adT4ci6ehR4qB03kSOxw9l1o4fm0KSGUlDU4s,8886
-prismor/cli.py,sha256=K0aOxtbhE-gUoRw7selqT1a7BTr80A4Ogvvcspx5BUk,13582
-prismor-0.1.2.dist-info/licenses/LICENSE,sha256=qWFF8Eh6gpZOq_3effdd6hfeMN2WN9ZG4vOyFk2MyhU,1065
-prismor-0.1.2.dist-info/METADATA,sha256=sDwR9KP4wlNOdQON-j-42Sabowz2q7IhCXb4dss8s1I,9394
-prismor-0.1.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-prismor-0.1.2.dist-info/entry_points.txt,sha256=Uiu0HW04eq2Gb6sQC9o-LqMKMyW1SKwkojxrkFeVfqg,45
-prismor-0.1.2.dist-info/top_level.txt,sha256=nlJGoJ3fQXRL27RXQ5LJU2LX1kl1VSgKXyKjcSR28lw,8
-prismor-0.1.2.dist-info/RECORD,,