feat(cli): bootstrap CLI package structure — test script + src/lib module

[Copilot]

packages/cli was missing two structural elements called for in the bootstrap spec: a test script and a src/lib/ module directory.

Changes

• packages/cli/package.json — adds "test": "vitest run" alongside the existing dev script, completing the minimal scripts requirement
• packages/cli/src/lib/index.ts — creates the src/lib/ counterpart to src/commands/, exporting shared CLI utilities (apiBaseUrl, readCredentials, writeCredentials, clearCredentials, resolveInput, describeInput) from a single stable import path

// src/lib/index.ts
export { apiBaseUrl, readCredentials, writeCredentials, clearCredentials } from '../credentials.js';
export { resolveInput, describeInput } from '../input.js';

[github-actions]

vu1nz Security Review

0 finding(s) in PR #432

No security issues found.

Full AI Analysis

Looking at this pull request diff, I can see:

1. Addition of a test script in package.json
2. Creation of a new library index file that re-exports functions from other modules

Let me analyze each change for security vulnerabilities:

Analysis

package.json changes:

• Added "test": "vitest run" script - This is a standard testing command using vitest, which is a legitimate testing framework. No security concerns here.

New lib/index.ts file:

• This is a simple re-export module that exposes functions from credentials.js and input.js
• The exported functions (apiBaseUrl, readCredentials, writeCredentials, clearCredentials, resolveInput, describeInput) suggest credential management and input handling functionality
• However, this file only contains re-exports - it doesn't implement any logic itself
• The actual security implications would depend on the implementation of the functions being re-exported, which are not visible in this diff

Potential concerns to investigate (but not visible in this diff):

• The credential management functions could potentially have security issues, but their implementation is not shown
• Input handling functions could be vulnerable to injection attacks, but again, implementation is not visible

Findings

NO security issues identified in the code changes shown in this diff.

Severity	File	Line	Issue	Suggestion
-	-	-	No security vulnerabilities found in this diff	-

The changes appear to be routine refactoring (creating a library index for cleaner imports) and adding a test script. While the re-exported functions related to credentials and input handling should be carefully reviewed for security issues, those implementations are not part of this diff and therefore cannot be assessed here.