cli/cmd/monitor/cmd_commands.go

// Package monitor provides security monitoring commands.
//
// Commands:
//   - monitor: Aggregate security findings from GitHub Security Tab, workflow artifacts, and PR comments
//
// Data sources (all free tier):
//   - Code scanning: Semgrep, Trivy, Gitleaks, OSV-Scanner, Checkov, CodeQL
//   - Dependabot: Dependency vulnerability alerts
//   - Secret scanning: Exposed secrets/credentials
package monitor

import (
	"forge.lthn.ai/core/go/pkg/cli"
	"forge.lthn.ai/core/go/pkg/i18n"
)

func init() {
	cli.RegisterCommands(AddMonitorCommands)
}

// Style aliases from shared package
var (
	successStyle = cli.SuccessStyle
	errorStyle   = cli.ErrorStyle
	warningStyle = cli.WarningStyle
	dimStyle     = cli.DimStyle
)

// AddMonitorCommands registers the 'monitor' command.
func AddMonitorCommands(root *cli.Command) {
	monitorCmd := &cli.Command{
		Use:   "monitor",
		Short: i18n.T("cmd.monitor.short"),
		Long:  i18n.T("cmd.monitor.long"),
		RunE: func(cmd *cli.Command, args []string) error {
			return runMonitor()
		},
	}

	// Flags
	monitorCmd.Flags().StringVarP(&monitorRepo, "repo", "r", "", i18n.T("cmd.monitor.flag.repo"))
	monitorCmd.Flags().StringSliceVarP(&monitorSeverity, "severity", "s", []string{}, i18n.T("cmd.monitor.flag.severity"))
	monitorCmd.Flags().BoolVar(&monitorJSON, "json", false, i18n.T("cmd.monitor.flag.json"))
	monitorCmd.Flags().BoolVar(&monitorAll, "all", false, i18n.T("cmd.monitor.flag.all"))

	root.AddCommand(monitorCmd)
}
feat(monitor): add security findings aggregation command (#68) * feat(monitor): add security findings aggregation command Implements `core monitor` to aggregate security findings from GitHub: - Code scanning alerts (Semgrep, Trivy, Gitleaks, CodeQL, etc.) - Dependabot vulnerability alerts - Secret scanning alerts Features: - Scan current repo, specific repo, or all repos via registry - Filter by severity (--severity critical,high) - JSON output for piping to other tools (--json) - Grouped output by repo with severity highlighting Closes #49 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(monitor): address CodeRabbit review feedback - Fix DependabotAlert JSON parsing with proper nested struct for dependency.manifest_path field - Remove unnecessary --jq flag from code scanning API call - Fix truncate() to use runes for proper UTF-8 handling - Sort repo names for deterministic output ordering - Document hardcoded org fallback behavior Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(monitor): improve error handling per CodeRabbit review - Use errors.E() consistently instead of errors.Wrap() - Pass underlying errors to errors.E() for better context - Return errors from fetch functions instead of swallowing - Distinguish expected conditions (feature not enabled) from real errors - Display fetch warnings in non-JSON mode - Continue scanning other repos even if one fails Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-01 05:44:46 +00:00			`// Package monitor provides security monitoring commands.`
			`//`
			`// Commands:`
			`// - monitor: Aggregate security findings from GitHub Security Tab, workflow artifacts, and PR comments`
			`//`
			`// Data sources (all free tier):`
			`// - Code scanning: Semgrep, Trivy, Gitleaks, OSV-Scanner, Checkov, CodeQL`
			`// - Dependabot: Dependency vulnerability alerts`
			`// - Secret scanning: Exposed secrets/credentials`
			`package monitor`

			`import (`
refactor: split CLI from monorepo, import core/go as library (#1) - Change module from forge.lthn.ai/core/go to forge.lthn.ai/core/cli - Remove pkg/ directory (now served from core/go) - Add require + replace for forge.lthn.ai/core/go => ../go - Update go.work to include ../go workspace module - Fix all internal/cmd/* imports: pkg/ refs → forge.lthn.ai/core/go/pkg/ - Rename internal/cmd/sdk package to sdkcmd (avoids conflict with pkg/sdk) - Remove SDK library files from internal/cmd/sdk/ (now in core/go/pkg/sdk/) - Remove duplicate RAG helper functions from internal/cmd/rag/ - Remove stale cmd/core-ide/ (now in core/ide repo) - Update IDE variant to remove core-ide import - Fix test assertion for new module name - Run go mod tidy to sync dependencies core/cli is now a pure CLI application importing core/go for packages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Claude <developers@lethean.io> Reviewed-on: https://forge.lthn.ai/core/cli/pulls/1 2026-02-16 14:24:37 +00:00			`"forge.lthn.ai/core/go/pkg/cli"`
			`"forge.lthn.ai/core/go/pkg/i18n"`
feat(monitor): add security findings aggregation command (#68) * feat(monitor): add security findings aggregation command Implements `core monitor` to aggregate security findings from GitHub: - Code scanning alerts (Semgrep, Trivy, Gitleaks, CodeQL, etc.) - Dependabot vulnerability alerts - Secret scanning alerts Features: - Scan current repo, specific repo, or all repos via registry - Filter by severity (--severity critical,high) - JSON output for piping to other tools (--json) - Grouped output by repo with severity highlighting Closes #49 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(monitor): address CodeRabbit review feedback - Fix DependabotAlert JSON parsing with proper nested struct for dependency.manifest_path field - Remove unnecessary --jq flag from code scanning API call - Fix truncate() to use runes for proper UTF-8 handling - Sort repo names for deterministic output ordering - Document hardcoded org fallback behavior Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(monitor): improve error handling per CodeRabbit review - Use errors.E() consistently instead of errors.Wrap() - Pass underlying errors to errors.E() for better context - Return errors from fetch functions instead of swallowing - Distinguish expected conditions (feature not enabled) from real errors - Display fetch warnings in non-JSON mode - Continue scanning other repos even if one fails Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-01 05:44:46 +00:00			`)`

			`func init() {`
			`cli.RegisterCommands(AddMonitorCommands)`
			`}`

			`// Style aliases from shared package`
			`var (`
			`successStyle = cli.SuccessStyle`
			`errorStyle = cli.ErrorStyle`
			`warningStyle = cli.WarningStyle`
			`dimStyle = cli.DimStyle`
			`)`

			`// AddMonitorCommands registers the 'monitor' command.`
			`func AddMonitorCommands(root *cli.Command) {`
			`monitorCmd := &cli.Command{`
			`Use: "monitor",`
			`Short: i18n.T("cmd.monitor.short"),`
			`Long: i18n.T("cmd.monitor.long"),`
			`RunE: func(cmd *cli.Command, args []string) error {`
			`return runMonitor()`
			`},`
			`}`

			`// Flags`
			`monitorCmd.Flags().StringVarP(&monitorRepo, "repo", "r", "", i18n.T("cmd.monitor.flag.repo"))`
			`monitorCmd.Flags().StringSliceVarP(&monitorSeverity, "severity", "s", []string{}, i18n.T("cmd.monitor.flag.severity"))`
			`monitorCmd.Flags().BoolVar(&monitorJSON, "json", false, i18n.T("cmd.monitor.flag.json"))`
			`monitorCmd.Flags().BoolVar(&monitorAll, "all", false, i18n.T("cmd.monitor.flag.all"))`

			`root.AddCommand(monitorCmd)`
			`}`