syncable-cli 0.37.0

A Rust-based CLI that analyzes code repositories and generates Infrastructure as Code configurations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

---
name: syncable-project-assessment
description: Use when a user wants a comprehensive project health check - combines stack analysis, security scanning, vulnerability checks, and dependency auditing via Syncable CLI. Trigger on: "assess this project", "full health check", "project overview", "what's the state of this codebase", "onboard me to this repo".
---

## Purpose

Run a comprehensive project health check by chaining multiple Syncable CLI commands. Produces a unified report covering tech stack, security posture, vulnerability status, and dependency health.

## Prerequisites

- `sync-ctl` binary installed and on PATH
- Agent has access to the project directory

## Workflow Steps

### Step 1: Analyze the project stack

```bash
sync-ctl analyze <PATH> --agent
```

Parse the output to understand:
- What languages and frameworks are present
- Whether dependencies exist (needed for steps 3 and 4)
- Whether secrets-capable files exist (affects step 2 mode)

Save the `full_data_ref` from the analyze output — you'll use it to retrieve details without re-running analyze.

### Step 2: Security scan

```bash
sync-ctl security <PATH> --mode balanced --agent
```

**Decision point:** If step 1 shows no config files, secrets files, or environment files, use `--mode lightning` instead of `--mode balanced` to save time.

### Step 3: Vulnerability scan

```bash
sync-ctl vulnerabilities <PATH> --agent
```

**Decision point:** If step 1 detected no dependencies (no package.json, requirements.txt, Cargo.toml, go.mod, etc.), **skip this step entirely** and note "No dependencies detected" in the report.

### Step 4: Dependency audit

```bash
sync-ctl dependencies <PATH> --licenses --agent
```

**Decision point:** Same as step 3 — skip if no dependencies detected.

## Decision Points Summary

| Condition | Action |
|-----------|--------|
| No dependencies detected in step 1 | Skip steps 3 and 4 |
| No secrets-capable files in step 1 | Use `--mode lightning` in step 2 |
| Vulnerability scanner missing | Run `sync-ctl tools install --yes`, then retry step 3 |

## Report Synthesis

After all steps complete, synthesize a unified report for the user:

1. **Tech Stack** — primary language, frameworks, runtimes
2. **Security Score** — score from security scan, critical/high finding count
3. **Vulnerabilities** — critical/high CVE count, packages with available fixes
4. **Dependencies** — total count, license concerns (copyleft, unknown)
5. **Recommendations** — top 3-5 actionable items prioritized by severity

## Examples

**Assess current directory:**

The agent runs these commands in sequence, skipping steps based on decision points:

```bash
sync-ctl analyze . --agent
sync-ctl security . --mode balanced --agent
sync-ctl vulnerabilities . --agent
sync-ctl dependencies . --licenses --agent
```

Then synthesizes the results into a single report for the user.

## Cross-Step Retrieval

Each step produces a `full_data_ref` in its output. You can retrieve details from any previous step at any time:

```bash
# Check what data is available from all steps
sync-ctl retrieve --list

# Get framework details from Step 1 (analyze)
sync-ctl retrieve <analyze_ref_id> --query "section:frameworks"

# Get critical security findings from Step 2
sync-ctl retrieve <security_ref_id> --query "severity:critical"

# Get vulnerability details from Step 3
sync-ctl retrieve <vuln_ref_id> --query "severity:high"
```

Do NOT re-run a command just to get more detail — use `sync-ctl retrieve` instead.