openSVM
diff --git a/‎src/commands/ai_query.rs‎
Lines changed: 115 additions & 0 deletions b/‎src/commands/ai_query.rs‎
Lines changed: 115 additions & 0 deletions
diff --git a/‎src/commands/audit_handler.rs‎
Lines changed: 85 additions & 0 deletions b/‎src/commands/audit_handler.rs‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎src/commands/balance.rs‎
Lines changed: 25 additions & 0 deletions b/‎src/commands/balance.rs‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/commands/deploy_handler.rs‎
Lines changed: 87 additions & 0 deletions b/‎src/commands/deploy_handler.rs‎
Lines changed: 87 additions & 0 deletions
@@ -0,0 +1,115 @@
+use crate::services::ai_service::AiService;
+use crate::utils::markdown_renderer::MarkdownRenderer;
+
+pub async fn handle_ai_query(
+    sub_command: &str,
+    sub_matches: &clap::ArgMatches,
+    app_matches: &clap::ArgMatches,
+) -> Result<(), Box<dyn std::error::Error>> {
+    // For external subcommands, clap collects additional arguments in subcommand_value
+    // This is the proper way to handle external subcommands with clap
+    let mut query_parts = vec![sub_command.to_string()];
+
+    // Get additional arguments from clap's external subcommand handling
+    // External subcommands store arguments as OsString, not String
+    if let Some(external_args) = sub_matches.get_many::<std::ffi::OsString>("") {
+        query_parts.extend(external_args.map(|os_str| os_str.to_string_lossy().to_string()));
+    }
+
+    // If clap doesn't provide args (fallback), parse from environment
+    // This maintains compatibility while documenting the limitation
+    if query_parts.len() == 1 {
+        let args: Vec<String> = std::env::args().collect();
+
+        // Collect non-flag arguments starting from the subcommand
+        let mut found_subcommand = false;
+        for arg in args.iter().skip(1) {
+            if found_subcommand {
+                if !arg.starts_with('-') {
+                    query_parts.push(arg.clone());
+                }
+            } else if arg == sub_command {
+                found_subcommand = true;
+            }
+        }
+    }
+
+    let query = sanitize_user_input(&query_parts.join(" "))?;
+
+    // Get debug flag from global args
+    let debug_mode = app_matches.get_flag("debug");
+
+    // Make AI request
+    if debug_mode {
+        println!("🔍 Interpreting as AI query: \"{}\"", query);
+    }
+
+    let ai_service = AiService::new_with_debug(debug_mode);
+    match ai_service.query_with_debug(&query, debug_mode).await {
+        Ok(response) => {
+            if debug_mode {
+                println!("🤖 AI Response:");
+            }
+            // Render the response as markdown for better formatting
+            let renderer = MarkdownRenderer::new();
+            renderer.render(&response);
+        }
+        Err(e) => {
+            eprintln!("❌ AI query failed: {}", e);
+            eprintln!("💡 Use 'osvm --help' to see available commands");
+        }
+    }
+
+    Ok(())
+}
+
+/// Sanitize user input to prevent command injection and ensure safe processing
+fn sanitize_user_input(input: &str) -> Result<String, Box<dyn std::error::Error>> {
+    // Remove potentially dangerous characters and sequences
+    let sanitized = input
+        .chars()
+        .filter(|c| {
+            // Allow alphanumeric, spaces, basic punctuation, but block command injection chars
+            c.is_alphanumeric()
+                || matches!(
+                    *c,
+                    ' ' | '.'
+                        | ','
+                        | '?'
+                        | '!'
+                        | ':'
+                        | ';'
+                        | '\''
+                        | '"'
+                        | '-'
+                        | '_'
+                        | '('
+                        | ')'
+                        | '['
+                        | ']'
+                        | '{'
+                        | '}'
+                )
+        })
+        .collect::<String>();
+
+    // Remove potentially dangerous sequences
+    let sanitized = sanitized
+        .replace("&&", " and ")
+        .replace("||", " or ")
+        .replace("$(", " ")
+        .replace("`", " ")
+        .replace("${", " ");
+
+    // Limit length to prevent resource exhaustion
+    if sanitized.len() > 2048 {
+        return Err("Input too long (max 2048 characters)".into());
+    }
+
+    // Ensure non-empty after sanitization
+    if sanitized.trim().is_empty() {
+        return Err("Input cannot be empty after sanitization".into());
+    }
+
+    Ok(sanitized.trim().to_string())
+}
@@ -0,0 +1,85 @@
+use crate::services::audit_service::{AuditRequest, AuditService};
+
+/// Handle the audit command using the dedicated audit service
+pub async fn handle_audit_command(
+    app_matches: &clap::ArgMatches,
+    matches: &clap::ArgMatches,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let no_commit = matches.get_flag("no-commit");
+    let default_output_dir = matches.get_one::<String>("output").unwrap().to_string();
+
+    // If --no-commit is used and output directory is the default, use current directory
+    let output_dir = if no_commit && default_output_dir == "audit_reports" {
+        ".".to_string()
+    } else {
+        default_output_dir
+    };
+
+    let format = matches.get_one::<String>("format").unwrap().to_string();
+    let verbose = matches.get_count("verbose");
+    let test_mode = matches.get_flag("test");
+
+    // AI analysis is enabled by default, disabled only if --noai is provided
+    let ai_analysis = !matches.get_flag("noai");
+
+    // Handle repository parsing - check positional argument first, then --gh flag
+    let gh_repo = if let Some(repo) = matches.get_one::<String>("repository") {
+        // Parse positional argument as GitHub repo
+        if repo.contains('/') {
+            // Looks like owner/repo format
+            if repo.contains('#') {
+                Some(repo.to_string())
+            } else {
+                // No branch specified, try main first, then default branch
+                Some(format!("{}#main", repo))
+            }
+        } else {
+            // Not a repo format, treat as regular path
+            None
+        }
+    } else {
+        matches.get_one::<String>("gh").map(|s| s.to_string())
+    };
+
+    let template_path = matches.get_one::<String>("template").map(|s| s.to_string());
+    let api_url = matches.get_one::<String>("api-url").map(|s| s.to_string());
+
+    let request = AuditRequest {
+        output_dir,
+        format,
+        verbose,
+        test_mode,
+        ai_analysis,
+        gh_repo,
+        template_path,
+        no_commit,
+        api_url,
+    };
+
+    // Create the audit service with custom API URL if provided
+    let service = if ai_analysis {
+        if let Some(api_url) = &request.api_url {
+            println!("🤖 Using custom AI API: {}", api_url);
+            AuditService::with_custom_ai(api_url.clone())
+        } else {
+            // Use default (osvm.ai unless explicitly configured for OpenAI)
+            println!("🤖 Using default OSVM AI service");
+            AuditService::with_internal_ai()
+        }
+    } else {
+        println!("🤖 AI analysis disabled");
+        AuditService::new()
+    };
+
+    // Execute the audit
+    let result = service.execute_audit(&request).await?;
+
+    // Handle exit code for CI/CD systems
+    if !result.success {
+        println!("⚠️  Critical or high-severity findings detected. Please review and address them promptly.");
+        println!("📋 This audit exits with code 1 to signal CI/CD systems about security issues.");
+        std::process::exit(1);
+    }
+
+    Ok(())
+}
@@ -0,0 +1,25 @@
+use crate::config::Config;
+use solana_client::rpc_client::RpcClient;
+use solana_sdk::{native_token::Sol, pubkey::Pubkey};
+use std::str::FromStr;
+
+pub async fn handle_balance_command(
+    matches: &clap::ArgMatches,
+    rpc_client: &RpcClient,
+    config: &Config,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let address = matches
+        .get_one::<String>("address")
+        .and_then(|s| Pubkey::from_str(s).ok())
+        .unwrap_or_else(|| config.default_signer.pubkey());
+
+    println!(
+        "{} has a balance of {}",
+        address,
+        Sol(rpc_client
+            .get_balance_with_commitment(&address, config.commitment_config)?
+            .value)
+    );
+
+    Ok(())
+}
@@ -0,0 +1,87 @@
+use crate::config::Config;
+use crate::utils::ebpf_deploy;
+
+pub async fn handle_deploy_command(
+    matches: &clap::ArgMatches,
+    config: &Config,
+) -> Result<(), Box<dyn std::error::Error>> {
+    // Command to deploy eBPF binary to all SVM networks
+            let binary_path = matches
+                .get_one::<String>("binary")
+                .map(|s| s.as_str())
+                .unwrap();
+            let program_id_path = matches
+                .get_one::<String>("program-id")
+                .map(|s| s.as_str())
+                .unwrap();
+            let owner_path = matches
+                .get_one::<String>("owner")
+                .map(|s| s.as_str())
+                .unwrap();
+            let fee_payer_path = matches
+                .get_one::<String>("fee")
+                .map(|s| s.as_str())
+                .unwrap();
+            let publish_idl = matches.get_flag("publish-idl");
+            let idl_file_path = matches.get_one::<String>("idl-file").map(|s| s.to_string());
+            let network_str = matches
+                .get_one::<String>("network")
+                .map(|s| s.as_str())
+                .unwrap_or("all");
+            let json_output = matches.get_flag("json");
+            let retry_attempts = matches
+                .get_one::<String>("retry-attempts")
+                .and_then(|s| s.parse().ok())
+                .unwrap_or(3);
+            let confirm_large_binaries = matches.get_flag("confirm-large");
+
+            // Create deployment configuration
+            let deploy_config = ebpf_deploy::DeployConfig {
+                binary_path: binary_path.to_string(),
+                program_id_path: program_id_path.to_string(),
+                owner_path: owner_path.to_string(),
+                fee_payer_path: fee_payer_path.to_string(),
+                publish_idl,
+                idl_file_path,
+                network_selection: network_str.to_string(),
+                json_output,
+                retry_attempts,
+                confirm_large_binaries,
+            };
+
+            println!("🚀 OSVM eBPF Deployment Tool");
+            println!("============================");
+            println!("📁 Binary path: {binary_path}");
+            println!("🆔 Program ID: {program_id_path}");
+            println!("👤 Owner: {owner_path}");
+            println!("💰 Fee payer: {fee_payer_path}");
+            println!("📄 Publish IDL: {}", if publish_idl { "yes" } else { "no" });
+            println!("🌐 Target network(s): {network_str}");
+            println!();
+
+            // Execute deployment
+            let results = ebpf_deploy::deploy_to_all_networks(
+                deploy_config.clone(),
+                config.commitment_config,
+            )
+            .await;
+
+            // Display results using the new display function
+            if let Err(e) =
+                ebpf_deploy::display_deployment_results(&results, deploy_config.json_output)
+            {
+                eprintln!("Error displaying results: {}", e);
+            }
+
+            // Determine exit status
+            let failure_count = results
+                .iter()
+                .filter(|r| r.as_ref().map_or(true, |d| !d.success))
+                .count();
+
+            if failure_count > 0 {
+                return Err("Some deployments failed".into());
+            }
+
+    Ok(())
+}