llm-security/bin/llm-security.mjs
Kjell Tore Guttormsen 4cffa30725 chore(llm-security): v7.8.3 — docs consistency + version bump (#8,#44,#45,#46,#47)
Bumps plugin to 7.8.3 (package.json, plugin.json, README version badge) and syncs the documentation surfaces that had drifted: orchestrated scanner count 9/10/13 to 14 (#8; the WFL/workflow scanner was omitted from the reference list), posture categories 13 to 16 (#44), red-team scenarios 64 to 72 (#45), tests badge/prose 1822 to 2013 (#46). Corrects the pathguard hook-table matcher and header comment to Edit|Write (follows the #9 fix) and removes the two dangling ROADMAP.md references (#47; the roadmap is not a public file). Adds the v7.8.3 CHANGELOG entry, README Recent-versions row, and CLAUDE.md highlights. The '23 scanners' total is a separate module count and is left unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Claude-Session: https://claude.ai/code/session_01TcQyMTQfyrsAapaCMPxTtQ
2026-07-18 10:50:50 +02:00

85 lines
2.9 KiB
JavaScript
Executable file

#!/usr/bin/env node
// llm-security CLI — standalone entry point for llm-security scanners.
// Usage: llm-security <subcommand> [args]
// Works without Claude Code. Zero dependencies.
import { spawn } from 'node:child_process';
import { readFileSync } from 'node:fs';
import { fileURLToPath } from 'node:url';
import { dirname, resolve } from 'node:path';
const __dirname = dirname(fileURLToPath(import.meta.url));
const ROOT = resolve(__dirname, '..');
const PKG = JSON.parse(readFileSync(resolve(ROOT, 'package.json'), 'utf8'));
const USAGE = `llm-security v${PKG.version} — AI security scanning for Claude Code projects
Usage: llm-security <command> [options]
Commands:
scan <target> [--fail-on <critical|high|medium|low>] [--compact]
[--format sarif] [--output-file <path>] [--baseline] [--save-baseline]
Run deterministic deep-scan (14 scanners)
deep-scan <target>
Alias for scan
posture <target>
Quick security posture assessment (16 categories)
audit-bom <target> [--output-file <path>]
Generate AI Bill of Materials (CycloneDX 1.6)
ide-scan [target|url] [--vscode-only] [--intellij-only] [--include-builtin]
[--online] [--format compact|json] [--fail-on <severity>]
Scan installed VS Code / JetBrains extensions, OR fetch a remote VSIX:
- https://marketplace.visualstudio.com/items?itemName=publisher.name
- https://open-vsx.org/extension/publisher/name[/version]
- https://example.com/foo.vsix (direct .vsix download)
benchmark [--adaptive] [--category <name>]
Run attack simulation benchmark
Options:
--help Show this help
--version Show version
`;
const [subcommand, ...rest] = process.argv.slice(2);
if (!subcommand || subcommand === '--help' || subcommand === '-h') {
process.stdout.write(USAGE);
process.exit(0);
}
if (subcommand === '--version' || subcommand === '-v') {
process.stdout.write(`${PKG.version}\n`);
process.exit(0);
}
// Map subcommands to scanner scripts and their arguments
const COMMANDS = {
scan: { script: 'scanners/scan-orchestrator.mjs' },
'deep-scan': { script: 'scanners/scan-orchestrator.mjs' },
posture: { script: 'scanners/posture-scanner.mjs' },
'audit-bom': { script: 'scanners/ai-bom-generator.mjs' },
'ide-scan': { script: 'scanners/ide-extension-scanner.mjs' },
benchmark: { script: 'scanners/attack-simulator.mjs', prependArgs: ['--benchmark', '--json'] },
};
const cmd = COMMANDS[subcommand];
if (!cmd) {
process.stderr.write(`Unknown command: ${subcommand}\n\n`);
process.stderr.write(USAGE);
process.exit(1);
}
const scriptPath = resolve(ROOT, cmd.script);
const args = [...(cmd.prependArgs || []), ...rest];
const child = spawn('node', [scriptPath, ...args], {
cwd: process.cwd(),
stdio: ['ignore', 'pipe', 'pipe'],
});
child.stdout.pipe(process.stdout);
child.stderr.pipe(process.stderr);
child.on('close', (code) => {
process.exitCode = code ?? 1;
});