agentflow-cli 0.1.2

Git worktree workflow manager with AI agent task monitoring, Kanban board, and terminal UI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

use crate::ui::{self, colors, icons};
use anyhow::Result;
use crossterm::style::Stylize;

#[allow(clippy::unnecessary_wraps)]
pub fn run(all: bool) -> Result<()> {
    ui::print_header("  Security Audit  ");

    println!(
        "\n{} {}",
        icons::SHIELD.with(colors::CYAN),
        "Checking available scanners...".with(colors::WHITE)
    );

    let mut available = Vec::new();
    let mut unavailable = Vec::new();

    // Check for semgrep
    if which_command("semgrep") {
        available.push(("semgrep", "Static analysis for multiple languages"));
    } else {
        unavailable.push(("semgrep", "pip install semgrep"));
    }

    // Check for trivy
    if which_command("trivy") {
        available.push(("trivy", "Vulnerability scanner for containers/filesystems"));
    } else {
        unavailable.push(("trivy", "brew install trivy"));
    }

    // Check for cargo-audit
    if which_command("cargo-audit") {
        available.push(("cargo-audit", "Rust dependency vulnerability scanner"));
    } else {
        unavailable.push(("cargo-audit", "cargo install cargo-audit"));
    }

    // Show available scanners
    if !available.is_empty() {
        ui::print_section(icons::CHECK, "Available Scanners");
        for (name, desc) in &available {
            println!(
                "  {} {} {}",
                icons::DOT.with(colors::GREEN),
                name.bold().with(colors::GREEN),
                format!("- {desc}").with(colors::DIM)
            );
        }
    }

    // Show unavailable scanners
    if !unavailable.is_empty() {
        ui::print_section(icons::CROSS, "Not Installed");
        for (name, install) in &unavailable {
            println!(
                "  {} {} {}",
                icons::DOT.with(colors::DIM),
                name.with(colors::DIM),
                format!("({install})").with(colors::DIM)
            );
        }
    }

    // Run scans if --all
    if all && !available.is_empty() {
        println!();
        ui::print_section(icons::GAUGE, "Running Scans");

        for (name, _) in &available {
            println!(
                "\n  {} Running {}...",
                icons::ARROW.with(colors::CYAN),
                name.bold().with(colors::WHITE)
            );

            let result = match *name {
                "semgrep" => run_semgrep(),
                "trivy" => run_trivy(),
                "cargo-audit" => run_cargo_audit(),
                _ => Ok(()),
            };

            match result {
                Ok(()) => {
                    println!(
                        "  {} {} complete",
                        icons::CHECK.with(colors::GREEN),
                        name.with(colors::GREEN)
                    );
                }
                Err(e) => {
                    println!(
                        "  {} {} failed: {}",
                        icons::CROSS.with(colors::RED),
                        name.with(colors::RED),
                        e.to_string().with(colors::DIM)
                    );
                }
            }
        }
    } else if !all {
        println!(
            "\n{} Use {} to run all available scanners",
            icons::ARROW.with(colors::DIM),
            "--all".with(colors::YELLOW)
        );
    }

    Ok(())
}

fn which_command(cmd: &str) -> bool {
    #[cfg(windows)]
    let result = std::process::Command::new("where.exe").arg(cmd).output();
    #[cfg(not(windows))]
    let result = std::process::Command::new("which").arg(cmd).output();
    result.is_ok_and(|o| o.status.success())
}

fn run_semgrep() -> Result<()> {
    let output = std::process::Command::new("semgrep")
        .args(["scan", "--config", "auto", ".", "--quiet"])
        .output()?;

    if !output.stdout.is_empty() {
        print!("{}", String::from_utf8_lossy(&output.stdout));
    }
    Ok(())
}

fn run_trivy() -> Result<()> {
    let output = std::process::Command::new("trivy")
        .args(["fs", ".", "--quiet"])
        .output()?;

    if !output.stdout.is_empty() {
        print!("{}", String::from_utf8_lossy(&output.stdout));
    }
    Ok(())
}

fn run_cargo_audit() -> Result<()> {
    // Only run if Cargo.toml exists
    if !std::path::Path::new("Cargo.toml").exists() {
        return Ok(());
    }

    let output = std::process::Command::new("cargo")
        .args(["audit", "--quiet"])
        .output()?;

    if !output.stdout.is_empty() {
        print!("{}", String::from_utf8_lossy(&output.stdout));
    }
    Ok(())
}