Add architecture documentation and utility organization

Author: jdalton

ARCHITECTURE.md

@@ -0,0 +1,172 @@
+# Socket CLI Architecture
+
+## Overview
+
+The Socket CLI is a TypeScript-based command-line tool for security analysis and package management. It's designed with modularity and maintainability in mind, using a clear separation of concerns.
+
+## Directory Structure
+
+```
+socket-cli/
+├── src/                      # Source code
+│   ├── cli.mts              # Main CLI entry point
+│   ├── commands.mts         # Command registry
+│   ├── constants.mts        # Shared constants
+│   ├── types.mts            # Type definitions
+│   ├── commands/            # Command implementations
+│   ├── utils/               # Shared utilities
+│   ├── shadow/              # Package manager shadows
+│   ├── sea/                 # Single Executable Application
+│   └── external/            # External dependencies
+├── bin/                     # Binary entry points
+├── dist/                    # Compiled output
+├── scripts/                 # Build and utility scripts
+├── test/                    # Test files
+└── .config/                 # Configuration files
+```
+
+## Core Concepts
+
+### 1. Command Pattern
+Each command follows a consistent pattern:
+- `cmd-*.mts` - CLI interface and flag parsing
+- `handle-*.mts` - Business logic implementation
+- `output-*.mts` - Output formatting
+- `fetch-*.mts` - API data fetching
+
+### 2. Shadow Binaries
+The CLI can act as a shadow for npm, npx, and pnpm, intercepting and enhancing their functionality:
+- Located in `src/shadow/`
+- Provides security scanning during package operations
+- Transparent to the end user
+
+### 3. Utils Organization
+Utilities are grouped by function to reduce cognitive load:
+- **API & Network** - API client and HTTP utilities
+- **Error Handling** - Centralized error types and handlers
+- **Output & Formatting** - Consistent output formatting
+- **File System** - File operations and path handling
+- **Package Management** - Package manager detection and operations
+
+### 4. Constants Management
+Constants are imported from `@socketsecurity/registry` and extended with CLI-specific values:
+- Shared constants from registry
+- CLI-specific constants
+- Environment variables
+- Configuration keys
+
+## Key Design Patterns
+
+### Result/Either Pattern
+Used throughout for error handling:
+```typescript
+type CResult<T> =
+  | { ok: true; data: T; message?: string }
+  | { ok: false; message: string; code?: number }
+```
+
+### Lazy Loading
+Heavy dependencies are loaded only when needed to improve startup time.
+
+### Configuration Cascade
+Configuration is resolved in order:
+1. Command-line flags
+2. Environment variables
+3. Local config file (.socketrc)
+4. Global config file
+5. Default values
+
+## Build System
+
+### Rollup Configuration
+- Main build uses Rollup for tree-shaking and optimization
+- Separate configs for different build targets
+- JSON files are inlined during build
+
+### TypeScript Compilation
+- Uses `.mts` extensions for ES modules
+- Compiled with `tsgo` for better performance
+- Type definitions generated separately
+
+## Testing Strategy
+
+### Unit Tests
+- Located alongside source files as `*.test.mts`
+- Focus on individual function behavior
+- Run with Vitest
+
+### Integration Tests
+- Located in `test/integration/`
+- Test command flows end-to-end
+- Mock external API calls
+
+## Performance Considerations
+
+### Startup Time
+- Minimal dependencies loaded at startup
+- Commands lazy-loaded on demand
+- Constants use lazy getters
+
+### Memory Usage
+- Configurable memory limits via flags
+- Streaming for large data sets
+- Efficient caching strategies
+
+## Security
+
+### API Token Management
+- Tokens never logged or displayed
+- Stored securely in system keychain when possible
+- Validated before use
+
+### Package Scanning
+- Real-time scanning during installs
+- Comprehensive vulnerability database
+- Configurable risk policies
+
+## Extension Points
+
+### Custom Commands
+Commands can be added by:
+1. Creating files in `src/commands/`
+2. Following the command pattern
+3. Registering in `src/commands.mts`
+
+### Plugins
+Future support planned for plugins via:
+- Standard plugin interface
+- Dynamic loading
+- Isolated execution context
+
+## Best Practices
+
+1. **Keep files focused** - Single responsibility per file
+2. **Use TypeScript strictly** - No `any` types without good reason
+3. **Document exports** - JSDoc for all public APIs
+4. **Test thoroughly** - Aim for high coverage
+5. **Handle errors gracefully** - Use Result pattern
+6. **Optimize imports** - Import only what's needed
+7. **Follow patterns** - Consistency reduces cognitive load
+
+## Common Tasks
+
+### Adding a New Command
+1. Create `src/commands/[name]/cmd-[name].mts`
+2. Implement command logic in `handle-[name].mts`
+3. Add output formatting in `output-[name].mts`
+4. Register in `src/commands.mts`
+5. Add tests
+
+### Adding a Utility
+1. Choose appropriate category in `src/utils/`
+2. Create focused utility file
+3. Export from category index if applicable
+4. Document with JSDoc
+5. Add unit tests
+
+### Updating Constants
+1. Check if constant exists in `@socketsecurity/registry`
+2. If shared, add to registry
+3. If CLI-specific, add to `src/constants.mts`
+4. Use descriptive names
+5. Group related constants

scripts/build/build-binary.mjs

@@ -66,9 +66,9 @@ async function checkYaoPkgNodeVersions() {
     const newerVersions = versions.filter(v => {
       const parts = v.split('.').map(Number)
       // Only check same major version for patch updates
-      if (parts[0] !== currentParts[0]) return false
-      if (parts[1] > currentParts[1]) return true
-      if (parts[1] === currentParts[1] && parts[2] > currentParts[2]) return true
+      if (parts[0] !== currentParts[0]) {return false}
+      if (parts[1] > currentParts[1]) {return true}
+      if (parts[1] === currentParts[1] && parts[2] > currentParts[2]) {return true}
       return false
     })
 
@@ -85,9 +85,9 @@ async function checkYaoPkgNodeVersions() {
       console.log(colors.magenta('║') + ' 3. Update version in ' + colors.cyan('.config/socket-node.json'))
       console.log(colors.magenta('║'))
       console.log(colors.magenta('║') + ' Latest versions by major:')
-      if (v24) console.log(colors.magenta('║') + `   Node 24: ${colors.cyan(`v${v24}`)}`)
-      if (v22) console.log(colors.magenta('║') + `   Node 22: ${colors.cyan(`v${v22}`)}`)
-      if (v20) console.log(colors.magenta('║') + `   Node 20: ${colors.cyan(`v${v20}`)}`)
+      if (v24) {console.log(colors.magenta('║') + `   Node 24: ${colors.cyan(`v${v24}`)}`)}
+      if (v22) {console.log(colors.magenta('║') + `   Node 22: ${colors.cyan(`v${v22}`)}`)}
+      if (v20) {console.log(colors.magenta('║') + `   Node 20: ${colors.cyan(`v${v20}`)}`)}
       console.log(colors.magenta('═'.repeat(70)) + '\n')
     }
 

scripts/build/build-stub.mjs

@@ -6,13 +6,12 @@
  * yao-pkg with custom Node.js builds.
  */
 
-import { spawn, execSync } from 'node:child_process'
+import { execSync, spawn } from 'node:child_process'
 import { existsSync, readFileSync, readdirSync } from 'node:fs'
-import { mkdir, writeFile, copyFile, stat, unlink, rename } from 'node:fs/promises'
+import { copyFile, mkdir, rename, stat, unlink, writeFile } from 'node:fs/promises'
+import { homedir, arch as osArch, platform as osPlatform, tmpdir  } from 'node:os'
 import { dirname, join, resolve } from 'node:path'
-import { tmpdir } from 'node:os'
 import { fileURLToPath } from 'node:url'
-import { platform as osPlatform, arch as osArch, homedir } from 'node:os'
 
 import colors from 'yoctocolors-cjs'
 
@@ -350,7 +349,7 @@ export async function buildStub(options = {}) {
 
   // Step 1: Sync yao-pkg patches if needed (force sync with --sync-yao-patches)
   if (syncYaoPatches) {
-    if (!quiet) console.log('🔄 Syncing yao-pkg patches from upstream...')
+    if (!quiet) {console.log('🔄 Syncing yao-pkg patches from upstream...')}
     await fetchYaoPatches({ quiet })
   }
 
@@ -580,7 +579,7 @@ export async function buildStub(options = {}) {
                 return
               }
             }
-            if (!quiet) process.stderr.write(data)
+            if (!quiet) {process.stderr.write(data)}
           })
         }
       }

src/utils/README.md

@@ -0,0 +1,119 @@
+# Utils Directory Organization Guide
+
+## Directory Structure
+
+The utils directory contains shared utilities used across the Socket CLI. To reduce cognitive load, utilities are organized by their primary function:
+
+### API & Network (`api-*.mts`, `http.mts`)
+- `api.mts` - Main API client and request handling
+- `api-types.mts` - TypeScript types for API responses
+- `api-wrapper.mts` - High-level API wrapper functions
+- `http.mts` - HTTP utilities and helpers
+
+### Command & CLI (`cmd-*.mts`, `meow-*.mts`)
+- `cmd.mts` - Command execution utilities
+- `command-builder.mts` - Build command structures
+- `command-logger.mts` - Log command execution
+- `meow-with-subcommands.mts` - Meow CLI framework extensions
+
+### Error Handling (`error-*.mts`, `fail-*.mts`)
+- `errors.mts` - Error type definitions
+- `error-display.mts` - Format errors for display
+- `error-filter.mts` - Filter and categorize errors
+- `error-handler.mts` - Central error handling
+- `fail-msg-with-badge.mts` - Format failure messages
+- `result.mts` - Result/Either pattern implementation
+
+### Output & Formatting (`output*.mts`, `*format*.mts`, `color*.mts`)
+- `output.mts` - Main output handler
+- `output-formatting.mts` - Format output for different modes
+- `simple-output.mts` - Simplified output helpers
+- `color-or-markdown.mts` - Choose between colored or markdown output
+- `markdown.mts` - Markdown formatting utilities
+
+### File System (`fs.mts`, `glob.mts`, `path*.mts`)
+- `fs.mts` - File system operations
+- `glob.mts` - File globbing utilities
+- `path-resolve.mts` - Path resolution helpers
+
+### Package Management (`package-*.mts`, `npm-*.mts`, `pnpm.mts`)
+- `package-manager.mts` - Detect and use package managers
+- `package-environment.mts` - Package environment detection
+- `npm-config.mts` - NPM configuration utilities
+- `pnpm.mts` - PNPM-specific utilities
+
+### Process & Execution (`process-*.mts`, `spawn.mts`)
+- `process-runner.mts` - Run processes with retries
+- `spawn.mts` - Spawn child processes
+- `coana-spawn.mts` - Spawn Coana processes
+- `shadow-runner.mts` - Run shadow binaries
+
+### Git & Version Control (`git*.mts`)
+- `git.mts` - Git operations
+- `git-url.mts` - Parse and build git URLs
+- `github.mts` - GitHub API utilities
+
+### Security & Validation (`socket-*.mts`, `purl*.mts`)
+- `socket-package-alert.mts` - Package security alerts
+- `purl.mts` - Package URL (PURL) utilities
+- `purl-to-ghsa.mts` - Convert PURLs to GitHub Security Advisories
+
+### Configuration (`config*.mts`, `filter-*.mts`)
+- `config.mts` - Main configuration loader
+- `filter-config.mts` - Filter configuration options
+- `registry.mts` - Package registry utilities
+
+### Interactive & UI (`ink*.mts`, `bordered-*.mts`, `ask-*.mts`)
+- `ink.mts` - Ink React components
+- `bordered-input.mts` - Bordered input components
+- `ask-mode.mts` - Interactive prompt mode
+
+### Update & Version Management (`update-*.mts`)
+- `update-checker.mts` - Check for CLI updates
+- `update-manager.mts` - Manage CLI updates
+
+### Caching (`cache-*.mts`)
+- `cache-strategies.mts` - Different caching strategies
+
+### Utilities & Helpers
+- `alerts-map.mts` - Map alert types to display
+- `check-input.mts` - Validate user input
+- `constants-runtime.mts` - Runtime constants
+- `debug.mts` - Debug utilities
+- `dlx-*.mts` - DLX (package runner) utilities
+- `log.mts` - Logging utilities
+- `objects.mts` - Object manipulation utilities
+- `normalize-options.mts` - Normalize command options
+- `requirements.mts` - API requirements configuration
+- `sdk.mts` - Socket SDK utilities
+- `serialize-*.mts` - Serialization utilities
+- `translations.mts` - Alert translations
+- `visitor.mts` - AST visitor pattern utilities
+
+## Best Practices
+
+1. **Group imports** - Import related utilities together
+2. **Use specific imports** - Import only what you need
+3. **Avoid circular dependencies** - Check imports carefully
+4. **Keep utilities focused** - Each file should have a single responsibility
+5. **Document exports** - Use JSDoc for public functions
+
+## Common Patterns
+
+### Error Handling
+```typescript
+import { InputError, AuthError } from './utils/errors.mts'
+import { outputError } from './utils/error-display.mts'
+```
+
+### Output Formatting
+```typescript
+import { outputResult } from './utils/output.mts'
+import { formatMarkdown } from './utils/markdown.mts'
+```
+
+### API Calls
+```typescript
+import { setupSdk } from './utils/sdk.mts'
+import { apiWrapper } from './utils/api-wrapper.mts'
+```