diff --git a/src/commands/status-json.ts b/src/commands/status-json.ts index 035f2c71245..2579717679c 100644 --- a/src/commands/status-json.ts +++ b/src/commands/status-json.ts @@ -2,17 +2,22 @@ import { callGateway } from "../gateway/call.js"; import type { HeartbeatEventPayload } from "../infra/heartbeat-events.js"; import { normalizeUpdateChannel, resolveUpdateChannelDisplay } from "../infra/update-channels.js"; import type { RuntimeEnv } from "../runtime.js"; -import { runSecurityAudit } from "../security/audit.js"; import { getDaemonStatusSummary, getNodeDaemonStatusSummary } from "./status.daemon.js"; import { scanStatus } from "./status.scan.js"; let providerUsagePromise: Promise | undefined; +let securityAuditModulePromise: Promise | undefined; function loadProviderUsage() { providerUsagePromise ??= import("../infra/provider-usage.js"); return providerUsagePromise; } +function loadSecurityAuditModule() { + securityAuditModulePromise ??= import("../security/audit.runtime.js"); + return securityAuditModulePromise; +} + export async function statusJsonCommand( opts: { deep?: boolean; @@ -23,13 +28,15 @@ export async function statusJsonCommand( runtime: RuntimeEnv, ) { const scan = await scanStatus({ json: true, timeoutMs: opts.timeoutMs, all: opts.all }, runtime); - const securityAudit = await runSecurityAudit({ - config: scan.cfg, - sourceConfig: scan.sourceConfig, - deep: false, - includeFilesystem: true, - includeChannelSecurity: true, - }); + const securityAudit = await loadSecurityAuditModule().then(({ runSecurityAudit }) => + runSecurityAudit({ + config: scan.cfg, + sourceConfig: scan.sourceConfig, + deep: false, + includeFilesystem: true, + includeChannelSecurity: true, + }), + ); const usage = opts.usage ? await loadProviderUsage().then(({ loadProviderUsageSummary }) => diff --git a/src/commands/status.command.ts b/src/commands/status.command.ts index 92702bac66e..9f17b1a9fee 100644 --- a/src/commands/status.command.ts +++ b/src/commands/status.command.ts @@ -14,7 +14,6 @@ import { type Tone, } from "../memory/status-format.js"; import type { RuntimeEnv } from "../runtime.js"; -import { runSecurityAudit } from "../security/audit.js"; import { getTerminalTableWidth, renderTable } from "../terminal/table.js"; import { theme } from "../terminal/theme.js"; import { formatHealthChannelLines, type HealthSummary } from "./health.js"; @@ -37,12 +36,18 @@ import { } from "./status.update.js"; let providerUsagePromise: Promise | undefined; +let securityAuditModulePromise: Promise | undefined; function loadProviderUsage() { providerUsagePromise ??= import("../infra/provider-usage.js"); return providerUsagePromise; } +function loadSecurityAuditModule() { + securityAuditModulePromise ??= import("../security/audit.runtime.js"); + return securityAuditModulePromise; +} + function resolvePairingRecoveryContext(params: { error?: string | null; closeReason?: string | null; @@ -90,28 +95,25 @@ export async function statusCommand( { json: opts.json, timeoutMs: opts.timeoutMs, all: opts.all }, runtime, ); - const securityAudit = opts.json - ? await runSecurityAudit({ + const runSecurityAudit = async () => + await loadSecurityAuditModule().then(({ runSecurityAudit }) => + runSecurityAudit({ config: scan.cfg, sourceConfig: scan.sourceConfig, deep: false, includeFilesystem: true, includeChannelSecurity: true, - }) + }), + ); + const securityAudit = opts.json + ? await runSecurityAudit() : await withProgress( { label: "Running security audit…", indeterminate: true, enabled: true, }, - async () => - await runSecurityAudit({ - config: scan.cfg, - sourceConfig: scan.sourceConfig, - deep: false, - includeFilesystem: true, - includeChannelSecurity: true, - }), + async () => await runSecurityAudit(), ); const { cfg, diff --git a/src/security/audit.runtime.ts b/src/security/audit.runtime.ts new file mode 100644 index 00000000000..349d2f26fe5 --- /dev/null +++ b/src/security/audit.runtime.ts @@ -0,0 +1 @@ +export { runSecurityAudit } from "./audit.js";