# KOREXT CLI

AI Code Governance for your terminal and CI/CD pipelines.

Enforce compliance policies on human written and AI generated code. 72 policy packs. 532 detection rules. 13 languages. Cryptographically signed proof bundles.

## Install

```bash
npm install -g korext
```

## Quick Start

```bash
# Sign in
korext login

# Initialize your project
korext init

# Enforce policies on your code
korext enforce .

# Enforce with specific packs
korext enforce . --pack web,pci-dss-v1

# Enforce with a specific region
korext enforce . --region eu --pack web

# Generate a signed proof bundle
korext enforce . --pack web --sign
```

## Commands

| Command | Description |
|---------|-------------|
| `korext login` | Sign in to your KOREXT account |
| `korext init` | Initialize a project with korext.json |
| `korext enforce <path>` | Run policy enforcement on files |
| `korext packs list` | List all available policy packs |
| `korext industries` | List industries and their packs |
| `korext bundle list` | List your recent proof bundles |
| `korext bundle export <id>` | Download a proof bundle as PDF |
| `korext bundle verify <id>` | Verify a proof bundle signature |
| `korext status` | Show current configuration and region |

## Enforce Options

| Flag | Description | Default |
|------|-------------|---------|
| `--pack <ids>` | Comma separated pack IDs | web |
| `--region <name>` | Data region (us, eu, apac) | us |
| `--format <type>` | Output format (text, json, sarif) | text |
| `--sign` | Request signed proof bundle | false |
| `--industry <name>` | Select packs by industry | (none) |
| `--offline` | Run with local engine only | false |

## Output Formats

**Text** (default): Human readable violation list with governance context.

**JSON**: Machine readable output with full violation details, confidence scores, and proof bundle metadata.

**SARIF**: Static Analysis Results Interchange Format for CI/CD integration. Compatible with GitHub Code Scanning, Azure DevOps, and other SARIF consumers.

## CI/CD Integration

### GitHub Actions

```yaml
- uses: korext/enforce-action@v3
  with:
    pack: web,pci-dss-v1
    region: eu
  env:
    KOREXT_API_TOKEN: ${{ secrets.KOREXT_API_TOKEN }}
```

### Pre-commit Hook

```bash
# .husky/pre-commit
korext enforce . --pack web
```

### Generic CI

```bash
npm install -g korext
korext login --token $KOREXT_API_TOKEN
korext enforce . --pack web --format sarif --sign
```

## Exit Codes

| Code | Meaning |
|------|---------|
| 0 | PASS (no violations) |
| 1 | BLOCK (violations found) |
| 2 | ERROR (invalid input, network, auth) |

CI pipelines should fail on exit code 1 to block non-compliant code from merging.

## Configuration

### korext.json

```json
{
  "project": "my-app",
  "targetPacks": ["web", "pci-dss-v1"],
  "region": "eu",
  "industry": "finance"
}
```

### Environment Variables

| Variable | Description |
|----------|-------------|
| `KOREXT_API_TOKEN` | API token for CI/CD (from dashboard) |

## Data Sovereignty

Choose your data processing region: US, EU, or Asia Pacific. Set via `--region` flag, `korext.json`, or `korext init`. All enforcement data stays in your chosen region.

## Links

- [Website](https://korext.com)
- [Dashboard](https://app.korext.com)
- [Documentation](https://korext.com/docs)
- [GitHub Action](https://github.com/marketplace/actions/korext-enforce)
- [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=Korext.korext)

## License

Proprietary. See [Terms of Service](https://korext.com/legal).