Merge pull request #6 from CodeAnt-AI/feat/set-telemetry

secret hooks

Author: Chhinna

changelog.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## [0.3.9] - 04/04/2026
+- Secrets bypass
+
 ## [0.3.8] - 03/04/2026
 - Graceful handling of review
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeant-cli",
-  "version": "0.3.8",
+  "version": "0.3.9",
   "description": "Code review CLI tool",
   "type": "module",
   "bin": {

src/commands/secrets.js

@@ -2,16 +2,19 @@ import { useState, useEffect } from 'react';
 import { useApp } from 'ink';
 import SecretsApiHelper from '../utils/secretsApiHelper.js';
 import { detectSecrets } from '../utils/secretsDetector.js';
+import { fetchApi } from '../utils/fetchApi.js';
+import { detectRemote, detectRepoName, detectBaseUrl } from '../scm/index.js';
 import {
   renderInitializing,
   renderFetchingDiff,
   renderScanning,
   renderNoFiles,
   renderError,
   renderDone,
+  renderBypassPrompt,
 } from '../components/SecretsUI.js';
 
-export default function Secrets({ scanType = 'all', include = [], exclude = [], lastNCommits = 1, baseBranch = null, baseCommit = null }) {
+export default function Secrets({ scanType = 'all', include = [], exclude = [], lastNCommits = 1, baseBranch = null, baseCommit = null, hook = false }) {
   const { exit } = useApp();
   const [status, setStatus] = useState('initializing');
   const [secrets, setSecrets] = useState([]);
@@ -71,13 +74,65 @@ export default function Secrets({ scanType = 'all', include = [], exclude = [],
     return () => { cancelled = true; };
   }, [scanType, include, exclude, lastNCommits, baseBranch, baseCommit]);
 
+  // Build secrets payload for API calls
+  function buildSecretsPayload() {
+    return secrets.flatMap(file =>
+      file.secrets.map(s => ({ type: s.type, file_path: file.file_path, line_number: s.line_number }))
+    );
+  }
+
+  // Build remote info using existing scm detection
+  function getRemoteBody() {
+    const service = detectRemote();
+    const repo = detectRepoName();
+    if (!service || !repo) return null;
+    return { service, repo, base_url: detectBaseUrl() };
+  }
+
+  // Fire-and-forget block event + exit 1
+  function reportBlockAndExit() {
+    const remote = getRemoteBody();
+    if (remote) {
+      fetchApi('/extension/push-protection/event', 'POST', {
+        ...remote,
+        secrets: buildSecretsPayload(),
+      }).catch(() => {});
+    }
+    setTimeout(() => { process.exitCode = 1; exit(new Error('Secrets detected')); }, 100);
+  }
+
+  // Handle bypass selection
+  async function handleBypassSelect(reason) {
+    if (reason === 'cancel') {
+      reportBlockAndExit();
+      return;
+    }
+    const remote = getRemoteBody();
+    if (remote) {
+      try {
+        await fetchApi('/extension/push-protection/bypass', 'POST', {
+          ...remote,
+          secrets: buildSecretsPayload(),
+          reason: reason.startsWith('other:') ? 'other' : reason,
+          custom_reason: reason.startsWith('other:') ? reason.slice(6) : undefined,
+        });
+      } catch {
+        reportBlockAndExit();
+        return;
+      }
+    }
+    setTimeout(() => exit(), 100);
+  }
+
   useEffect(() => {
     if (status === 'done') {
-      const hasSecrets = secrets.some(file =>
-        file.secrets.length > 0
-      );
+      const hasSecrets = secrets.some(file => file.secrets.length > 0);
       if (hasSecrets) {
-        setTimeout(() => { process.exitCode = 1; exit(new Error('Secrets detected')); }, 100);
+        if (hook && process.stdin.isTTY) {
+          setStatus('prompt_bypass');
+        } else {
+          reportBlockAndExit();
+        }
       } else {
         setTimeout(() => exit(), 100);
       }
@@ -93,6 +148,7 @@ export default function Secrets({ scanType = 'all', include = [], exclude = [],
   if (status === 'scanning') return renderScanning(startTime, fileCount, scanMeta);
   if (status === 'no_files') return renderNoFiles(scanType, lastNCommits, baseBranch, baseCommit);
   if (status === 'error') return renderError(error);
+  if (status === 'prompt_bypass') return renderBypassPrompt(secrets, handleBypassSelect);
   if (status === 'done') return renderDone(secrets, startTime, fileCount, scanMeta);
 
   return null;

src/components/SecretsUI.js

@@ -1,5 +1,5 @@
 import React, { useState, useEffect } from 'react';
-import { Box, Text } from 'ink';
+import { Box, Text, useInput } from 'ink';
 
 // ── Constants ────────────────────────────────────────────────────────────────
 
@@ -326,3 +326,89 @@ export function renderDone(secrets, startTime, fileCount, meta) {
     Box, { flexDirection: 'column', paddingX: 1, paddingY: 1 }, ...els,
   );
 }
+
+
+// ── Bypass Prompt ───────────────────────────────────────────────────────────
+
+function BypassPrompt({ secrets, onSelect }) {
+  const [selected, setSelected] = React.useState(0);
+  const [mode, setMode] = React.useState('menu'); // 'menu' | 'typing'
+  const [customReason, setCustomReason] = React.useState('');
+  const allSecrets = secrets.flatMap(file =>
+    file.secrets.map(s => ({ ...s, file_path: file.file_path }))
+  );
+
+  const options = [
+    { label: "It's a false positive", value: 'false_positive' },
+    { label: "It's used in tests", value: 'used_in_tests' },
+    { label: "I'll fix it later", value: 'fix_later' },
+    { label: 'Other (type your reason)', value: 'other' },
+    { label: 'Cancel \u2014 block this push', value: 'cancel' },
+  ];
+
+  useInput((input, key) => {
+    if (mode === 'menu') {
+      if (key.upArrow) {
+        setSelected(s => (s - 1 + options.length) % options.length);
+      } else if (key.downArrow) {
+        setSelected(s => (s + 1) % options.length);
+      } else if (key.return) {
+        if (options[selected].value === 'other') {
+          setMode('typing');
+        } else {
+          onSelect(options[selected].value);
+        }
+      }
+    } else {
+      // typing mode
+      if (key.return) {
+        const reason = customReason.trim();
+        if (reason) {
+          onSelect('other:' + reason);
+        }
+      } else if (key.escape) {
+        setMode('menu');
+        setCustomReason('');
+      } else if (key.backspace || key.delete) {
+        setCustomReason(s => s.slice(0, -1));
+      } else if (input && !key.ctrl && !key.meta) {
+        setCustomReason(s => s + input);
+      }
+    }
+  });
+
+  const els = [];
+  els.push(React.createElement(Text, { key: 'div-top', color: 'gray', dimColor: true }, DIVIDER));
+  els.push(React.createElement(
+    Text, { key: 'title', color: 'yellow', bold: true },
+    `${allSecrets.length} secret(s) detected. Select an action:`,
+  ));
+  els.push(React.createElement(Text, { key: 'sp' }, ''));
+
+  if (mode === 'menu') {
+    options.forEach((opt, i) => {
+      const prefix = i === selected ? '> ' : '  ';
+      const color = i === selected ? 'cyan' : 'white';
+      els.push(React.createElement(
+        Text, { key: `opt-${i}`, color, bold: i === selected },
+        `${prefix}${opt.label}`,
+      ));
+    });
+  } else {
+    els.push(React.createElement(Text, { key: 'typing-label', color: 'cyan' }, '  Type your reason (Enter to submit, Esc to go back):'));
+    els.push(React.createElement(Text, { key: 'typing-sp' }, ''));
+    els.push(React.createElement(
+      Text, { key: 'typing-input', color: 'white' },
+      `  > ${customReason}\u2588`,
+    ));
+  }
+
+  els.push(React.createElement(Text, { key: 'sp2' }, ''));
+  els.push(React.createElement(Text, { key: 'div-bot', color: 'gray', dimColor: true }, DIVIDER));
+
+  return React.createElement(Box, { flexDirection: 'column', paddingX: 1, paddingY: 1 }, ...els);
+}
+
+export function renderBypassPrompt(secrets, onSelect) {
+  return React.createElement(BypassPrompt, { secrets, onSelect });
+}

src/index.js

@@ -61,6 +61,7 @@ program
   .option('--base-commit <commit>', 'Compare against a specific commit (e.g. --base-commit HEAD~3)')
   .option('--include <paths>', 'Comma-separated list of file paths glob patterns to include')
   .option('--exclude <paths>', 'Comma-separated list of file paths glob patterns to exclude')
+  .option('--hook', 'Running from pre-push hook (enables bypass prompt)')
   .action((options) => {
     let scanType = 'all';
     let lastNCommits = 1;
@@ -95,7 +96,7 @@ program
       ? (Array.isArray(options.exclude) ? options.exclude : splitGlobs(options.exclude))
       : [];
 
-    render(React.createElement(Secrets, { scanType, include, exclude, lastNCommits, baseBranch, baseCommit }));
+    render(React.createElement(Secrets, { scanType, include, exclude, lastNCommits, baseBranch, baseCommit, hook: options.hook }));
   });
 
 program

src/scm/index.js

@@ -95,3 +95,10 @@ export function listCodeReviews(opts) { return getProvider(opts.remote).listCode
 export function getCodeReview(opts) { return getProvider(opts.remote).getCodeReview(opts); }
 export function searchComments(opts) { return getProvider(opts.remote).searchComments(opts); }
 export function resolveConversation(opts) { return getProvider(opts.remote).resolveConversation(opts); }
+
+// Auto-detect base URL (git host) from origin
+export function detectBaseUrl() {
+  const origin = getOrigin();
+  if (!origin) return '';
+  const host = parseOriginUrl(origin); return host ? 'https://' + host : '';
+}

src/utils/installPushProtectionHook.js

@@ -22,7 +22,7 @@ function buildHookBlock() {
 # Auto-installed by CodeAnt AI — blocks pushes containing secrets.
 # To disable: delete this hook or run "codeant push-protection disable"
 command -v codeant >/dev/null 2>&1 || exit 0
-codeant secrets --committed
+codeant secrets --committed --hook
 ${HOOK_MARKER_END}`;
 }