shieldops-cli 1.0.0__py3-none-any.whl

shieldops_cli/commands/scan_image.py

@@ -0,0 +1,118 @@
+"""shieldops scan-image — Scan a Docker image for vulnerabilities (requires Trivy)."""
+import sys
+import click
+from rich.console import Console
+from rich.table import Table
+from rich.text import Text
+
+console = Console()
+
+SEVERITY_COLORS = {
+    "CRITICAL": "bold white on red",
+    "HIGH": "bold red",
+    "MEDIUM": "yellow",
+    "LOW": "dim",
+}
+
+
+@click.command("scan-image")
+@click.argument("image_name")
+@click.option("--severity", "-s", default="HIGH,CRITICAL",
+              help="Severity levels to report (e.g., HIGH,CRITICAL)")
+@click.option("-f", "--format", "fmt", type=click.Choice(["table", "json", "summary"]),
+              default="table", help="Output format.")
+@click.option("-o", "--output", type=click.Path(), default=None,
+              help="Write output to file.")
+def scan_image(image_name, severity, fmt, output):
+    """Scan a Docker image from a registry for vulnerabilities.
+
+    Requires Trivy to be installed locally.
+
+    \b
+    Examples:
+      shieldops scan-image nginx:latest
+      shieldops scan-image python:3.11-slim --severity CRITICAL
+      shieldops scan-image myapp:v1 -f json -o vulns.json
+    """
+    try:
+        sys.path.insert(0, ".")
+        from src.analysis.registry_scanner import RegistryScanner
+
+        scanner = RegistryScanner()
+
+        if not scanner.is_trivy_installed():
+            console.print(f"[yellow]{scanner.get_installation_instructions()}[/yellow]")
+            return
+
+        with console.status(f"[bold blue]Scanning image: {image_name}...", spinner="dots"):
+            result = scanner.scan_image(image_name, severity)
+
+        if "error" in result:
+            console.print(f"[red]\u274c Error: {result['error']}[/red]")
+            if result.get("message"):
+                console.print(result["message"])
+            return
+
+        total = result["total_vulnerabilities"]
+
+        if fmt == "json":
+            import json
+            out = json.dumps(result, indent=2, ensure_ascii=False, default=str)
+            if output:
+                from pathlib import Path
+                Path(output).write_text(out, encoding="utf-8")
+                console.print(f"[green]\u2705 Report saved to {output}[/green]")
+            else:
+                console.print(out)
+            return
+
+        if fmt == "summary":
+            if total == 0:
+                line = f"\u2705 scan-image: No {severity} vulnerabilities in {image_name}"
+            else:
+                line = f"\u26a0\ufe0f  scan-image: {total} vulnerabilities in {image_name}"
+            if output:
+                from pathlib import Path
+                Path(output).write_text(line, encoding="utf-8")
+            else:
+                console.print(line)
+            return
+
+        # Table format
+        if total == 0:
+            console.print(f"[green bold]\u2705 No {severity} vulnerabilities found in {image_name}![/green bold]")
+        else:
+            console.print(f"[red bold]\u26a0\ufe0f  Found {total} vulnerabilities in {image_name}:[/red bold]")
+            console.print(f"Image: {result['image']}")
+            console.print(f"Scan Date: {result.get('scan_date', 'Unknown')}\n")
+
+            table = Table(title="Vulnerabilities", show_lines=True)
+            table.add_column("ID", width=18)
+            table.add_column("Severity", width=10)
+            table.add_column("Package", width=20)
+            table.add_column("Installed", width=12)
+            table.add_column("Fixed In", width=12)
+            table.add_column("Title", ratio=2)
+
+            for v in result["vulnerabilities"][:30]:
+                sev = v["severity"]
+                style = SEVERITY_COLORS.get(sev, "")
+                table.add_row(
+                    v["vulnerability_id"],
+                    Text(sev, style=style),
+                    v["package_name"],
+                    v["installed_version"],
+                    v["fixed_version"],
+                    v["title"][:80],
+                )
+
+            console.print(table)
+
+            if total > 30:
+                console.print(f"\n[dim]... and {total - 30} more vulnerabilities[/dim]")
+
+    except ImportError as e:
+        console.print(f"[red]\u274c Error importing scanner: {e}[/red]")
+        console.print("Make sure you're running from the project directory.")
+    except Exception as e:
+        console.print(f"[red]\u274c Unexpected error: {e}[/red]")

shieldops_cli/commands/tui.py

@@ -0,0 +1,27 @@
+"""TUI command — entry point for the interactive Terminal UI.
+
+Thin Click wrapper that delegates to the shieldops_tui package.
+"""
+from __future__ import annotations
+
+import click
+
+
+@click.command("tui")
+@click.option(
+    "--theme",
+    type=click.Choice(["dark", "light"], case_sensitive=False),
+    default="dark",
+    show_default=True,
+    help="Color theme for the TUI.",
+)
+def tui(theme: str) -> None:
+    """Launch the interactive TUI (Claude-Code-like experience)."""
+    try:
+        from shieldops_tui.app import run
+    except ImportError as exc:
+        raise click.ClickException(
+            f"TUI dependencies missing: {exc}.\n\n"
+            "Install with: pip install 'shieldops-cli[tui]'"
+        )
+    run(theme=theme)

shieldops_cli/config.py

@@ -0,0 +1,54 @@
+"""Manage ~/.shieldops/config.json"""
+from __future__ import annotations
+import json
+import os
+from pathlib import Path
+
+CONFIG_DIR = Path.home() / ".shieldops"
+CONFIG_FILE = CONFIG_DIR / "config.json"
+
+DEFAULT_CONFIG = {
+    "api_url": "https://shieldops-ai.dev",
+    "api_key": "",
+    "default_format": "table",
+    "language": "en",
+    "color": True,
+}
+
+
+def load() -> dict:
+    if not CONFIG_FILE.exists():
+        return dict(DEFAULT_CONFIG)
+    try:
+        with open(CONFIG_FILE, "r", encoding="utf-8") as f:
+            stored = json.load(f)
+        merged = dict(DEFAULT_CONFIG)
+        merged.update(stored)
+        return merged
+    except Exception:
+        return dict(DEFAULT_CONFIG)
+
+
+def save(config: dict) -> None:
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    with open(CONFIG_FILE, "w", encoding="utf-8") as f:
+        json.dump(config, f, indent=2)
+
+
+def get(key: str, default=None):
+    return load().get(key, default)
+
+
+def set_key(key: str, value) -> None:
+    cfg = load()
+    cfg[key] = value
+    save(cfg)
+
+
+def get_api_key() -> str:
+    """API key priority: env var > config file."""
+    return os.environ.get("SHIELDOPS_API_KEY", "") or load().get("api_key", "")
+
+
+def get_api_url() -> str:
+    return os.environ.get("SHIELDOPS_API_URL", "") or load().get("api_url", DEFAULT_CONFIG["api_url"])

shieldops_cli/formatters/__init__.py

@@ -0,0 +1,17 @@
+"""Output formatters for ShieldOps CLI."""
+from shieldops_cli import config
+
+
+def format_result(task: str, result: dict, fmt: str | None = None) -> str:
+    fmt = fmt or config.get("default_format", "table")
+    if fmt == "json":
+        from shieldops_cli.formatters.json_fmt import to_json
+        return to_json(result)
+    if fmt == "sarif":
+        from shieldops_cli.formatters.sarif import to_sarif
+        return to_sarif(task, result)
+    if fmt == "summary":
+        from shieldops_cli.formatters.summary import to_summary
+        return to_summary(task, result)
+    from shieldops_cli.formatters.table import to_table
+    return to_table(task, result)

shieldops_cli/formatters/json_fmt.py

@@ -0,0 +1,6 @@
+"""JSON output formatter."""
+import json
+
+
+def to_json(result: dict) -> str:
+    return json.dumps(result, indent=2, ensure_ascii=False, default=str)

shieldops_cli/formatters/sarif.py

@@ -0,0 +1,62 @@
+"""SARIF v2.1.0 formatter for CI/CD integration."""
+import json
+
+
+def to_sarif(task: str, result: dict) -> str:
+    findings = (
+        result.get("report_contract", {}).get("detailed_issues")
+        or result.get("results")
+        or result.get("findings")
+        or []
+    )
+
+    rules = {}
+    sarif_results = []
+
+    for f in findings:
+        rule_id = f.get("rule_id") or f.get("canonical_rule_id") or f"shieldops-{len(rules)}"
+        sev = str(f.get("severity", "info")).lower()
+        sarif_level = {
+            "critical": "error",
+            "high": "error",
+            "medium": "warning",
+            "low": "note",
+        }.get(sev, "note")
+
+        if rule_id not in rules:
+            rules[rule_id] = {
+                "id": rule_id,
+                "shortDescription": {"text": f.get("title") or f.get("message", rule_id)},
+                "defaultConfiguration": {"level": sarif_level},
+            }
+
+        line = int(f.get("line") or 1)
+        sarif_results.append({
+            "ruleId": rule_id,
+            "level": sarif_level,
+            "message": {"text": f.get("message") or f.get("title", "")},
+            "locations": [{
+                "physicalLocation": {
+                    "artifactLocation": {"uri": f.get("file", "Dockerfile")},
+                    "region": {"startLine": line},
+                }
+            }],
+        })
+
+    sarif_doc = {
+        "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
+        "version": "2.1.0",
+        "runs": [{
+            "tool": {
+                "driver": {
+                    "name": "ShieldOps AI",
+                    "informationUri": "https://shieldops-ai.onrender.com",
+                    "version": "1.0.0",
+                    "rules": list(rules.values()),
+                }
+            },
+            "results": sarif_results,
+        }],
+    }
+
+    return json.dumps(sarif_doc, indent=2, ensure_ascii=False)

shieldops_cli/formatters/summary.py

@@ -0,0 +1,46 @@
+"""One-line summary for scripts and CI logs."""
+SEVERITY_ORDER = {"critical": 0, "high": 1, "medium": 2, "low": 3}
+
+
+def _first_present(*values):
+    """Return first non-None non-empty value (preserves 0 as valid)."""
+    for v in values:
+        if v is not None and v != "":
+            return v
+    return None
+
+
+def _safe_score(result: dict) -> str:
+    contract = result.get("report_contract", {})
+    stats = result.get("stats", {})
+    score = _first_present(
+        result.get("security_score"),
+        result.get("security_score_percent"),
+        contract.get("security_score"),
+        contract.get("security_score_percent"),
+        contract.get("score"),
+        stats.get("security_score"),
+        stats.get("score"),
+        stats.get("security_score_percent"),
+        result.get("score"),
+        result.get("overall_score"),
+    )
+    return str(score) if score is not None else "N/A"
+
+
+def to_summary(task: str, result: dict) -> str:
+    contract = result.get("report_contract", {})
+    findings = (
+        contract.get("detailed_issues")
+        or result.get("results")
+        or result.get("findings")
+        or []
+    )
+    total = len(findings)
+    critical = int(contract.get("critical_count", 0) or 0)
+    high = int(contract.get("high_count", 0) or 0)
+    score = _safe_score(result)
+
+    if total == 0:
+        return f"\u2705 {task}: No issues found. Score: {score}"
+    return f"\u26a0\ufe0f  {task}: {total} issues (C:{critical} H:{high}). Score: {score}"

shieldops_cli/formatters/table.py

@@ -0,0 +1,260 @@
+"""Human-friendly Rich table output."""
+from __future__ import annotations
+
+from rich import box
+from rich.console import Console, Group
+from rich.panel import Panel
+from rich.table import Table
+from rich.text import Text
+
+SEVERITY_COLORS = {
+    "critical": "bold white on red",
+    "high": "bold red",
+    "medium": "yellow",
+    "low": "dim",
+    "info": "dim cyan",
+}
+
+SEVERITY_ORDER = {"critical": 0, "high": 1, "medium": 2, "low": 3}
+
+
+def _first_present(*values):
+    """Return first non-None non-empty value (preserves 0 as valid)."""
+    for v in values:
+        if v is not None and v != "":
+            return v
+    return None
+
+
+def _safe_get_score(result: dict) -> tuple[object, str]:
+    contract = result.get("report_contract", {})
+    stats = result.get("stats", {})
+
+    score = _first_present(
+        result.get("security_score"),
+        result.get("security_score_percent"),
+        contract.get("security_score"),
+        contract.get("security_score_percent"),
+        contract.get("score"),
+        stats.get("security_score"),
+        stats.get("score"),
+        stats.get("security_score_percent"),
+        result.get("score"),
+        result.get("overall_score"),
+    )
+    if score is None:
+        score = "N/A"
+    grade = _first_present(
+        result.get("security_score_grade"),
+        contract.get("security_score_grade"),
+        contract.get("grade"),
+        stats.get("grade"),
+        result.get("grade"),
+        result.get("risk_grade"),
+    )
+    if grade is None:
+        grade = ""
+    return score, str(grade).strip()
+
+
+def _safe_severity_counts(result: dict) -> dict[str, int]:
+    contract = result.get("report_contract", {})
+    counts = {"critical": 0, "high": 0, "medium": 0, "low": 0}
+    for severity in counts:
+        counts[severity] = int(
+            contract.get(f"{severity}_count", 0)
+            or result.get(f"{severity}_count", 0)
+            or 0
+        )
+    return counts
+
+
+def to_table(task: str, result: dict, limit: int | None = None, **kwargs) -> str:
+    """Render readable plain text for files, tests, and no-color terminals."""
+    score, grade = _safe_get_score(result)
+    score_text = "Unavailable" if score == "N/A" else str(score)
+    if grade and score_text != "Unavailable":
+        score_text = f"{score_text} {grade}"
+
+    contract = result.get("report_contract", {})
+    findings = _get_findings(result)
+    counts = _safe_severity_counts(result)
+    total = len(findings)
+
+    lines = [
+        "ShieldOps AI",
+        _task_label(task),
+        f"Score: {score_text}",
+        f"Engine: {result.get('engine', 'ShieldOps AI')}",
+        "",
+        (
+            f"Total: {total} issues "
+            f"(C:{counts['critical']} H:{counts['high']} "
+            f"M:{counts['medium']} L:{counts['low']})"
+        ),
+    ]
+
+    if not findings:
+        lines.append("")
+        lines.append("OK No issues found!")
+        return "\n".join(lines) + "\n"
+
+    if limit is not None and limit <= 0:
+        lines.append("")
+        lines.append(f"Showing 0 of {total} findings. Use --full to see all.")
+        return "\n".join(lines) + "\n"
+
+    display = findings if limit is None else findings[:limit]
+    remaining = total - len(display) if limit else 0
+
+    lines.append("")
+    lines.append(f"Findings ({len(display)} of {total})" if remaining else f"Findings ({total})")
+    lines.append("")
+
+    for index, finding in enumerate(display, 1):
+        severity = _clean(finding.get("severity", "info")).upper()
+        rule = _clean(finding.get("rule_id") or finding.get("id") or finding.get("line") or "-")
+        category = _clean(finding.get("category", "-"))
+        message = _clean(
+            finding.get("message")
+            or finding.get("title")
+            or finding.get("description")
+            or "-"
+        )
+        fix = _clean(finding.get("fix") or finding.get("recommendation") or "-")
+
+        lines.extend(
+            [
+                f"{index}. {severity} - {rule}",
+                f"   Category: {category}",
+                f"   Finding: {message}",
+                f"   Fix: {fix}",
+                "",
+            ]
+        )
+
+    if remaining > 0:
+        lines.append(f"... and {remaining} more findings. Use --full to see all.")
+
+    result_summary = result.get("summary")
+    if isinstance(result_summary, str) and result_summary:
+        lines.append("")
+        lines.append(result_summary)
+
+    return "\n".join(lines).rstrip() + "\n"
+
+
+def render_table(task: str, result: dict, limit: int | None = None):
+    """Return Rich renderables for direct terminal output."""
+    score, grade = _safe_get_score(result)
+    if score == "N/A":
+        score_line = "Score: [bold dim]Unavailable[/bold dim]"
+    elif grade:
+        score_line = f"Score: [bold cyan]{score}[/bold cyan] {grade}"
+    else:
+        score_line = f"Score: [bold cyan]{score}[/bold cyan]"
+
+    header = Panel(
+        f"[bold]{_task_label(task)}[/bold]\n"
+        f"{score_line}\n"
+        f"Engine: {result.get('engine', 'ShieldOps AI')}",
+        title="ShieldOps AI",
+        border_style="blue",
+        box=box.ASCII,
+        expand=False,
+    )
+
+    findings = _get_findings(result)
+    if not findings:
+        return Group(header, Text("OK No issues found!", style="green"))
+
+    counts = _safe_severity_counts(result)
+    total = len(findings)
+    summary = Text.assemble(
+        ("Total: ", "bold"),
+        str(total),
+        "  ",
+        (f" C:{counts['critical']} ", SEVERITY_COLORS["critical"]),
+        "  ",
+        (f"H:{counts['high']}", SEVERITY_COLORS["high"]),
+        "  ",
+        (f"M:{counts['medium']}", SEVERITY_COLORS["medium"]),
+        "  ",
+        (f"L:{counts['low']}", SEVERITY_COLORS["low"]),
+    )
+
+    if limit is not None and limit <= 0:
+        return Group(
+            header,
+            summary,
+            Text(f"Showing 0 of {total} findings. Use --full to see all.", style="dim"),
+        )
+
+    display = findings if limit is None else findings[:limit]
+    remaining = total - len(display) if limit else 0
+
+    table = Table(
+        title=f"Findings ({len(display)} of {total})" if remaining else f"Findings ({total})",
+        show_lines=True,
+        box=box.ASCII,
+        expand=False,
+    )
+    table.add_column("#", justify="right", width=3, no_wrap=True)
+    table.add_column("Severity", width=10, no_wrap=True)
+    table.add_column("Rule", width=12, overflow="fold")
+    table.add_column("Category", width=16, overflow="fold")
+    table.add_column("Finding", min_width=24, ratio=3, overflow="fold")
+    table.add_column("Fix", min_width=24, ratio=2, overflow="fold")
+
+    for index, finding in enumerate(display, 1):
+        severity = str(finding.get("severity", "info")).lower()
+        table.add_row(
+            str(index),
+            Text(severity.upper(), style=SEVERITY_COLORS.get(severity, "")),
+            _clean(finding.get("rule_id") or finding.get("id") or finding.get("line") or "-"),
+            _clean(finding.get("category", "-")),
+            _clean(
+                finding.get("message")
+                or finding.get("title")
+                or finding.get("description")
+                or "-"
+            ),
+            _clean(finding.get("fix") or finding.get("recommendation") or "-"),
+        )
+
+    renderables = [header, summary, table]
+    if remaining > 0:
+        renderables.append(Text(f"... and {remaining} more findings. Use --full to see all.", style="dim"))
+
+    result_summary = result.get("summary")
+    if isinstance(result_summary, str) and result_summary:
+        renderables.append(Text(f"\n{result_summary}", style="dim"))
+
+    return Group(*renderables)
+
+
+def _clean(value) -> str:
+    text = str(value if value is not None else "-").strip()
+    return text or "-"
+
+
+def _get_findings(result: dict) -> list:
+    contract = result.get("report_contract", {})
+    return (
+        contract.get("detailed_issues")
+        or result.get("results")
+        or result.get("findings")
+        or []
+    )
+
+
+def _task_label(task: str) -> str:
+    return {
+        "analyze": "Dockerfile Analysis",
+        "autofix": "AutoFix",
+        "sbom": "SBOM",
+        "compose": "Compose Scan",
+        "k8s": "Kubernetes Scan",
+        "cost": "Cloud Cost",
+        "compose_generator": "Compose Generator",
+    }.get(task, task.title())

shieldops_cli/main.py

@@ -0,0 +1,45 @@
+"""shieldops — CLI entry point."""
+import click
+from shieldops_cli import __version__
+
+
+@click.group()
+@click.version_option(__version__, prog_name="shieldops")
+def cli():
+    """ShieldOps AI — Security scanner for Docker, Kubernetes, Compose, SBOM, and more."""
+    pass
+
+
+# ── Import and register commands ──
+from shieldops_cli.auth import login, logout, whoami
+from shieldops_cli.commands.analyze import analyze
+from shieldops_cli.commands.autofix import autofix
+from shieldops_cli.commands.sbom import sbom
+from shieldops_cli.commands.compose_scan import compose_scan
+from shieldops_cli.commands.k8s_scan import k8s_scan
+from shieldops_cli.commands.compose_gen import compose_generate
+from shieldops_cli.commands.scan_image import scan_image
+from shieldops_cli.commands.config_cmd import config_group
+
+cli.add_command(login)
+cli.add_command(logout)
+cli.add_command(whoami)
+cli.add_command(analyze)
+cli.add_command(autofix)
+cli.add_command(sbom)
+cli.add_command(compose_scan, "compose-scan")
+cli.add_command(k8s_scan, "k8s-scan")
+cli.add_command(compose_generate, "compose-generate")
+cli.add_command(scan_image, "scan-image")
+cli.add_command(config_group, "config")
+
+# ── TUI command (optional, requires prompt_toolkit) ──
+try:
+    from shieldops_cli.commands.tui import tui
+    cli.add_command(tui)
+except ImportError:
+    pass  # TUI extra not installed; CLI works without it
+
+
+if __name__ == "__main__":
+    cli()