Update coana fix code

jdalton · jdalton · commit ee8e44bb631d · 2025-07-23T11:44:51.000-04:00
diff --git a/src/commands/fix/handle-fix.mts b/src/commands/fix/handle-fix.mts
@@ -1,18 +1,21 @@
-import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
+import { debugDir } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
-import { pluralize } from '@socketsecurity/registry/lib/words'
 
 import { npmFix } from './npm-fix.mts'
 import { outputFixResult } from './output-fix-result.mts'
 import { pnpmFix } from './pnpm-fix.mts'
 import { CMD_NAME } from './shared.mts'
 import constants from '../../constants.mts'
+import { handleApiCall } from '../../utils/api.mts'
 import { cmdFlagValueToArray } from '../../utils/cmd.mts'
 import { spawnCoana } from '../../utils/coana.mts'
 import { detectAndValidatePackageEnvironment } from '../../utils/package-environment.mts'
+import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
+import { setupSdk } from '../../utils/sdk.mts'
+import { fetchSupportedScanFileNames } from '../scan/fetch-supported-scan-file-names.mts'
 
 import type { FixConfig } from './agent-fix.mts'
-import type { OutputKind } from '../../types.mts'
+import type { CResult, OutputKind } from '../../types.mts'
 import type { Remap } from '@socketsecurity/registry/lib/objects'
 
 export type HandleFixConfig = Remap<
@@ -40,66 +43,105 @@ export async function handleFix({
   testScript,
   unknownFlags,
 }: HandleFixConfig) {
-  let { length: ghsasCount } = ghsas
-  if (ghsasCount) {
-    spinner?.start('Fetching GHSA IDs...')
-
-    if (ghsasCount === 1 && ghsas[0] === 'auto') {
-      const ghsasCResult = await spawnCoana(
-        ['compute-fixes-and-upgrade-purls', cwd],
-        { cwd, spinner },
-      )
-
-      spinner?.stop()
-
-      if (ghsasCResult.ok) {
-        const ghsasOutput = ghsasCResult.data as string
-        ghsas = cmdFlagValueToArray(
-          /(?<=Vulnerabilities found: )[^\n]+/.exec(ghsasOutput)?.[0],
-        )
-        ghsasCount = ghsas.length
-      } else {
-        debugFn('error', 'fail: Coana CLI')
-        debugDir('inspect', {
-          message: ghsasCResult.message,
-          cause: ghsasCResult.cause,
-        })
-        ghsas = []
-        ghsasCount = 0
-      }
+  if (ghsas.length === 1 && ghsas[0] === 'auto') {
+    let lastCResult: CResult<any>
+    const sockSdkCResult = await setupSdk()
+
+    lastCResult = sockSdkCResult
+    const sockSdk = sockSdkCResult.ok ? sockSdkCResult.data : undefined
 
-      spinner?.start()
+    const supportedFilesCResult = sockSdk
+      ? await fetchSupportedScanFileNames()
+      : undefined
+
+    if (supportedFilesCResult) {
+      lastCResult = supportedFilesCResult
     }
 
-    if (ghsasCount) {
-      spinner?.info(`Found ${ghsasCount} GHSA ${pluralize('ID', ghsasCount)}.`)
+    const supportedFiles = supportedFilesCResult?.ok
+      ? supportedFilesCResult.data
+      : undefined
 
-      const ghsaFixesCResult = await spawnCoana(
-        [
-          'compute-fixes-and-upgrade-purls',
+    const packagePaths = supportedFiles
+      ? await getPackageFilesForScan(['.'], supportedFiles!, {
           cwd,
-          '--apply-fixes-to',
-          ...ghsas,
-          ...unknownFlags,
-        ],
-        { cwd, spinner },
-      )
-
-      spinner?.stop()
-
-      if (!ghsaFixesCResult.ok) {
-        debugFn('error', 'fail: Coana CLI')
-        debugDir('inspect', {
-          message: ghsaFixesCResult.message,
-          cause: ghsaFixesCResult.cause,
         })
-      }
+      : []
+
+    const uploadCResult = sockSdk
+      ? await handleApiCall(
+          sockSdk?.uploadManifestFiles(orgSlug, packagePaths),
+          {
+            desc: 'upload manifests',
+          },
+        )
+      : undefined
 
-      await outputFixResult(ghsaFixesCResult, outputKind)
-      return
+    if (uploadCResult) {
+      lastCResult = uploadCResult
+    }
+
+    const tarHash = uploadCResult?.ok ? (uploadCResult as any).data.tarHash : ''
+
+    const idsOutputCResult = tarHash
+      ? await spawnCoana(
+          [
+            'compute-fixes-and-upgrade-purls',
+            cwd,
+            '--manifests-tar-hash',
+            tarHash,
+          ],
+          { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
+        )
+      : undefined
+
+    if (idsOutputCResult) {
+      lastCResult = idsOutputCResult
     }
 
-    spinner?.infoAndStop('No GHSA IDs found.')
+    const idsOutput = idsOutputCResult?.ok
+      ? (idsOutputCResult.data as string)
+      : ''
+
+    const ids = cmdFlagValueToArray(
+      /(?<=Vulnerabilities found: )[^\n]+/.exec(idsOutput)?.[0],
+    )
+
+    const fixCResult = ids.length
+      ? await spawnCoana(
+          [
+            'compute-fixes-and-upgrade-purls',
+            cwd,
+            '--manifests-tar-hash',
+            tarHash,
+            '--apply-fixes-to',
+            ...ids,
+            ...unknownFlags,
+          ],
+          { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
+        )
+      : undefined
+
+    if (fixCResult) {
+      lastCResult = fixCResult
+    }
+    // const fixCResult = await spawnCoana(
+    //   [
+    //     cwd,
+    //     '--socket-mode',
+    //     DOT_SOCKET_DOT_FACTS_JSON,
+    //     '--manifests-tar-hash',
+    //     tarHash,
+    //     ...unknownFlags,
+    //   ],
+    //   { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
+    // )
+    debugDir('inspect', { lastCResult })
+
+    if (!lastCResult.ok) {
+      await outputFixResult(lastCResult, outputKind)
+      return
+    }
 
     await outputFixResult(
       {
diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts
@@ -330,7 +330,7 @@ async function run(
     )
   }
 
-  if (updatedInput && orgSlug && targets?.length) {
+  if (updatedInput && orgSlug && targets.length) {
     logger.info(
       'Note: You can invoke this command next time to skip the interactive questions:',
     )
diff --git a/src/utils/coana.mts b/src/utils/coana.mts
@@ -2,6 +2,7 @@ import { spawn } from '@socketsecurity/registry/lib/spawn'
 
 import constants from '../constants.mts'
 import { getDefaultToken } from './sdk.mts'
+import { getDefaultOrgSlug } from '../commands/ci/fetch-default-org-slug.mts'
 
 import type { CResult } from '../types.mts'
 import type {
@@ -15,6 +16,9 @@ export async function spawnCoana(
   extra?: SpawnExtra | undefined,
 ): Promise<CResult<unknown>> {
   const { env: spawnEnv } = { __proto__: null, ...options } as SpawnOptions
+  const orgSlugCResult = await getDefaultOrgSlug()
+  const SOCKET_CLI_API_TOKEN = getDefaultToken()
+  const SOCKET_ORG_SLUG = orgSlugCResult.ok ? orgSlugCResult.data : undefined
   try {
     const output = await spawn(
       constants.execPath,
@@ -31,7 +35,9 @@ export async function spawnCoana(
           ...process.env,
           // Lazily access constants.processEnv.
           ...constants.processEnv,
-          SOCKET_CLI_API_TOKEN: getDefaultToken(),
+          RUN_WITHOUT_DOCKER: 'true',
+          SOCKET_CLI_API_TOKEN,
+          SOCKET_ORG_SLUG,
           ...spawnEnv,
         },
       },

Original file line number	Diff line number	Diff line change
`@@ -330,7 +330,7 @@ async function run(`
`330`	`330`	`)`
`331`	`331`	`}`
`332`	`332`
`333`		`- if (updatedInput && orgSlug && targets?.length) {`
	`333`	`+ if (updatedInput && orgSlug && targets.length) {`
`334`	`334`	`logger.info(`
`335`	`335`	`'Note: You can invoke this command next time to skip the interactive questions:',`
`336`	`336`	`)`