Skip to content

feat: SDElements integration — projects, tasks, threats, users#13

Merged
kolatts merged 4 commits intomainfrom
feat/sde-integration
Apr 6, 2026
Merged

feat: SDElements integration — projects, tasks, threats, users#13
kolatts merged 4 commits intomainfrom
feat/sde-integration

Conversation

@kolatts
Copy link
Copy Markdown
Owner

@kolatts kolatts commented Apr 6, 2026

Summary

  • Adds pncli sde command group with 8 read-only subcommands against the SDElements REST API v2
  • Supports both cloud (*.sdelements.com) and on-premise deployments via configurable baseUrl
  • Follows the same integration pattern as Jira, SonarQube, Confluence, and Bitbucket

Commands

Command Description
sde server-info Server version/release info (super-user only)
sde whoami Current authenticated user
sde users List users with filtering
sde projects List projects with filtering and pagination
sde project Get single project by ID
sde tasks List countermeasures for a project
sde task Get single countermeasure
sde threats List threats for a project

All list commands support --all for full pagination, or --page/--page-size for manual control.

Configuration

{
  "sde": {
    "baseUrl": "https://your-org.sdelements.com",
    "token": "<api-token>"
  },
  "defaults": {
    "sde": { "project": "42" }
  }
}

Env vars: PNCLI_SDE_BASE_URL, PNCLI_SDE_TOKEN. Default project also settable per-repo via .pncli.json.

Notes

  • Auth uses Authorization: Token <token> (SDElements format) rather than Bearer
  • Connectivity test in pncli config test uses GET /api/v2/users/me/ (avoids super-user requirement of /server-info/)
  • SDElements project IDs are numeric; resolveProject() parses and validates them

Test plan

  • npm run build — clean TypeScript compilation
  • pncli sde --help — all 8 subcommands listed
  • pncli config init — SDElements prompts appear
  • pncli sde whoami --dry-run — request uses Token auth header, correct URL
  • pncli config test — SDE connectivity result appears
  • Against a live SDElements instance: pncli sde whoami, pncli sde projects --all, pncli sde tasks --project <id>

🤖 Generated with Claude Code

@claude
feat: SDElements integration — projects, tasks, threats, users (#13)
b1b2f24 
Adds `pncli sde` command group with 8 read-only subcommands against the
SDElements REST API v2. Supports both cloud (*.sdelements.com) and
on-premise deployments via configurable baseUrl.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 6, 2026 03:34
Copilot AI reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new SDElements service integration to pncli, following the existing “service client + commands + config” pattern used for Jira/Sonar/etc., enabling read-only querying of SDElements API v2 resources from the CLI.

Changes:

  • Introduces pncli sde command group with subcommands for server info, current user, users, projects, tasks (countermeasures), and threats.
  • Adds SDElements configuration support (config init/test, env vars, resolved config + masking) and HTTP client support with Authorization: Token ….
  • Defines TypeScript response types for SDElements API v2.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/types/sde.ts Adds SDElements API v2 response type definitions (server info, users, projects, tasks, threats, pagination).
src/types/config.ts Extends config schema with sde config + defaults.sde.
src/services/sde/commands.ts Registers pncli sde subcommands and wires them to the SDE client, including default project resolution.
src/services/sde/client.ts Implements SDElements REST API v2 client methods and pagination helpers.
src/services/config/commands.ts Extends config init prompts and config test connectivity checks for SDElements.
src/lib/http.ts Adds http.sde() and http.sdePaginate() plus Token auth header support.
src/lib/config.ts Adds env var support and resolved config masking for SDElements.
src/cli.ts Registers the new SDE command group in the CLI.
copilot-instructions.md Documents the new pncli sde commands and flags.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/services/sde/commands.ts Outdated
Comment on lines +19 to +20
const id = parseInt(project, 10);
if (isNaN(id)) throw new PncliError(`Invalid project ID: ${project}. SDElements project IDs are numeric.`);
Copy link

Copilot AI Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resolveProject() uses parseInt(project, 10), which will accept partially-numeric strings like "42abc" (parses to 42). Since the CLI help/error says project IDs are numeric, this should be a stricter validation (e.g., /^\d+$/ check before parsing, and optionally enforce id > 0).

Suggested change
const id = parseInt(project, 10);
if (isNaN(id)) throw new PncliError(`Invalid project ID: ${project}. SDElements project IDs are numeric.`);
if (!/^\d+$/.test(project)) throw new PncliError(`Invalid project ID: ${project}. SDElements project IDs are numeric.`);
const id = parseInt(project, 10);
if (id <= 0) throw new PncliError(`Invalid project ID: ${project}. SDElements project IDs are numeric.`);

Copilot uses AI. Check for mistakes.
Sunny Kolattukudy and others added 3 commits April 5, 2026 23:38
@claude
fix: address code review — param dedup, NaN guards, active validation…
909f4de 
…, README

- Extract projectParams/taskParams/threatParams/userParams builders in
  SdeClient to eliminate duplicated params objects across list/listAll pairs
- Add parsePage() helper in commands.ts with NaN + range check on all
  --page and --page-size flags
- Add validateActive() helper to enforce allowed values at command layer
  (users: true|false, projects: true|false|all)
- Add SDE to README services table and env var docs; add npm badge

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
chore: optimize SDElements for cloud — init prompt, docs, copilot ins…
0148550 
…tructions

- Config init prompt now shows cloud vs on-prem URL format separately
- copilot-instructions.md: update tagline to include SDElements, add setup
  note with cloud URL format, token generation path, and project ID tip
- TLS comment in cli.ts left as-is (global concern, not SDE-specific)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: stricter project ID validation in resolveProject
d6d8512 
Reject partially-numeric strings like "42abc" by testing against /^\d+$/
before parseInt. Also enforce id > 0 to catch zero inputs.

Addresses copilot-pull-request-reviewer inline comment on PR #13.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kolatts kolatts merged commit 7608ebe into main Apr 6, 2026
@kolatts kolatts deleted the feat/sde-integration branch April 6, 2026 03:42
@github-actions github-actions Bot mentioned this pull request Apr 6, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kolatts