Checkmarx · cx-rahul-pidde · Oct 16, 2025 · Oct 16, 2025 · Oct 17, 2025 · Oct 17, 2025
@@ -5,6 +5,7 @@ import (
 	"log"
 
 	"github.com/MakeNowJust/heredoc"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/google/uuid"
@@ -38,7 +39,7 @@ type ClientCreated struct {
 	Secret string `json:"secret"`
 }
 
-func NewAuthCommand(authWrapper wrappers.AuthWrapper) *cobra.Command {
+func NewAuthCommand(authWrapper wrappers.AuthWrapper, telemetryWrapper wrappers.TelemetryWrapper) *cobra.Command {
 	authCmd := &cobra.Command{
 		Use:   "auth",
 		Short: "Validate authentication and create OAuth2 credentials",
@@ -110,13 +111,13 @@ func NewAuthCommand(authWrapper wrappers.AuthWrapper) *cobra.Command {
 			`,
 			),
 		},
-		RunE: validLogin(),
+		RunE: validLogin(telemetryWrapper),
 	}
 	authCmd.AddCommand(createClientCmd, validLoginCmd)
 	return authCmd
 }
 
-func validLogin() func(cmd *cobra.Command, args []string) error {
+func validLogin(telemetryWrapper wrappers.TelemetryWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		clientID := viper.GetString(params.AccessKeyIDConfigKey)
 		clientSecret := viper.GetString(params.AccessKeySecretConfigKey)
@@ -125,6 +126,19 @@ func validLogin() func(cmd *cobra.Command, args []string) error {
 			authWrapper := wrappers.NewAuthHTTPWrapper()
 			authWrapper.SetPath(viper.GetString(params.ScansPathKey))
 			err := authWrapper.ValidateLogin()
+
+			uniqueID := wrappers.GetUniqueID()
+			if uniqueID != "" {
+				telemetryErr := telemetryWrapper.SendAIDataToLog(&wrappers.DataForAITelemetry{
+					UniqueID: uniqueID,
+					Type:     "authentication",
+					SubType:  "authentication",
+				})
+				if telemetryErr != nil {
+					logger.PrintIfVerbose("Failed to send telemetry data: " + telemetryErr.Error())
+				}
+			}
+
 			if err != nil {
 				return errors.Errorf("%s", err)
 			}

@@ -205,7 +205,7 @@ func NewAstCLI(
 	)
 
 	versionCmd := util.NewVersionCommand()
-	authCmd := NewAuthCommand(authWrapper)
+	authCmd := NewAuthCommand(authWrapper, telemetryWrapper)
 	utilsCmd := util.NewUtilsCommand(
 		gitHubWrapper,
 		azureWrapper,
@@ -215,6 +215,7 @@ func NewAstCLI(
 		prWrapper,
 		learnMoreWrapper,
 		tenantWrapper,
+		jwtWrapper,
 		chatWrapper,
 		policyWrapper,
 		scansWrapper,

@@ -58,7 +58,7 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 		scanType, _ := cmd.Flags().GetString("scan-type")
 		status, _ := cmd.Flags().GetString("status")
 		totalCount, _ := cmd.Flags().GetInt("total-count")
-
+		uniqueID := wrappers.GetUniqueID()
 		err := telemetryWrapper.SendAIDataToLog(&wrappers.DataForAITelemetry{
 			AIProvider:      aiProvider,
 			ProblemSeverity: problemSeverity,
@@ -69,6 +69,7 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 			ScanType:        scanType,
 			Status:          status,
 			TotalCount:      totalCount,
+			UniqueID:        uniqueID,
 		})
 
 		if err != nil {

@@ -11,7 +11,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper) *cobra.Command {
+func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper, jwtWrapper wrappers.JWTWrapper) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "tenant",
 		Short: "Shows the tenant settings",
@@ -27,7 +27,7 @@ func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper)
 			`,
 			),
 		},
-		RunE: runTenantCmd(wrapper),
+		RunE: runTenantCmd(wrapper, jwtWrapper),
 	}
 	cmd.PersistentFlags().String(
 		params.FormatFlag,
@@ -40,7 +40,7 @@ func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper)
 	return cmd
 }
 
-func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper) func(cmd *cobra.Command, args []string) error {
+func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper, jwtWrapper wrappers.JWTWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		tenantConfigurationResponse, errorModel, err := wrapper.GetTenantConfiguration()
 		if err != nil {
@@ -52,10 +52,16 @@ func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper) func(cmd *cobra.C
 		if tenantConfigurationResponse != nil {
 			format, _ := cmd.Flags().GetString(params.FormatFlag)
 			tenantConfigurationResponseView := toTenantConfigurationResponseView(tenantConfigurationResponse)
+
+			licenseDetails, err := jwtWrapper.GetLicenseDetails()
+			if err == nil {
+				tenantConfigurationResponseView = appendLicenseDetails(tenantConfigurationResponseView, licenseDetails)
+			}
+
 			if format == "" {
 				format = defaultFormat
 			}
-			err := printer.Print(cmd.OutOrStdout(), tenantConfigurationResponseView, format)
+			err = printer.Print(cmd.OutOrStdout(), tenantConfigurationResponseView, format)
 			if err != nil {
 				return err
 			}
@@ -76,3 +82,17 @@ func toTenantConfigurationResponseView(response *[]*wrappers.TenantConfiguration
 	}
 	return tenantConfigurationResponseView
 }
+
+func appendLicenseDetails(responseView interface{}, licenseDetails map[string]string) interface{} {
+	tenantConfigurationResponseView := responseView.([]*wrappers.TenantConfigurationResponse)
+
+	for key, value := range licenseDetails {
+		licenseEntry := &wrappers.TenantConfigurationResponse{
+			Key:   key,
+			Value: value,
+		}
+		tenantConfigurationResponseView = append(tenantConfigurationResponseView, licenseEntry)
+	}
+
+	return tenantConfigurationResponseView
+}
@@ -8,41 +8,41 @@ import (
 )
 
 func TestTenantConfigurationHelp(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--help"})
 	err := cmd.Execute()
 	assert.Assert(t, err == nil)
 }
 
 func TestTenantConfigurationJsonFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "json"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to json")
 }
 
 func TestTenantConfigurationListFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "list"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to list")
 }
 
 func TestTenantConfigurationTableFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "table"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to table")
 }
 
 func TestTenantConfigurationInvalidFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "MOCK"})
 	err := cmd.Execute()
 	assert.Assert(t, err.Error() == mockFormatErrorMessage)
 }
 
 func TestNewTenantConfigurationCommand(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{})
 	assert.Assert(t, cmd != nil, "Tenant configuration command must exist")
 }
@@ -35,6 +35,7 @@ func NewUtilsCommand(
 	prWrapper wrappers.PRWrapper,
 	learnMoreWrapper wrappers.LearnMoreWrapper,
 	tenantWrapper wrappers.TenantConfigurationWrapper,
+	jwtWrapper wrappers.JWTWrapper,
 	chatWrapper wrappers.ChatWrapper,
 	policyWrapper wrappers.PolicyWrapper,
 	scansWrapper wrappers.ScansWrapper,
@@ -76,7 +77,7 @@ func NewUtilsCommand(
 
 	learnMoreCmd := NewLearnMoreCommand(learnMoreWrapper)
 
-	tenantCmd := NewTenantConfigurationCommand(tenantWrapper)
+	tenantCmd := NewTenantConfigurationCommand(tenantWrapper, jwtWrapper)
 
 	maskSecretsCmd := NewMaskSecretsCommand(chatWrapper)
 

@@ -22,6 +22,7 @@ func TestNewUtilsCommand(t *testing.T) {
 		nil,
 		mock.LearnMoreMockWrapper{},
 		mock.TenantConfigurationMockWrapper{},
+		&mock.JWTMockWrapper{},
 		mock.ChatMockWrapper{},
 		nil,
 		nil,

@@ -80,6 +80,7 @@ const (
 	RiskManagementPathEnv               = "CX_RISK_MANAGEMENT_PATH"
 	ConfigFilePathEnv                   = "CX_CONFIG_FILE_PATH"
 	RealtimeScannerPathEnv              = "CX_REALTIME_SCANNER_PATH"
+	UniqueIDEnv                         = "CX_UNIQUE_ID"
 	StartMultiPartUploadPathEnv         = "CX_START_MULTIPART_UPLOAD_PATH"
 	MultipartPresignedPathEnv           = "CX_MULTIPART_PRESIGNED_URL_PATH"
 	CompleteMultipartUploadPathEnv      = "CX_COMPLETE_MULTIPART_UPLOAD_PATH"

@@ -289,6 +289,7 @@ const (
 	APISecurityType                = "api-security"
 	AIProtectionType               = "AI Protection"
 	CheckmarxOneAssistType         = "Checkmarx One Assist"
+	CheckmarxDevAssistType         = "Checkmarx Developer Assist"
 	ContainersType                 = "containers"
 	APIDocumentationFlag           = "apisec-swagger-filter"
 	IacType                        = "iac-security"

@@ -79,6 +79,7 @@ var (
 	RiskManagementPathKey               = strings.ToLower(RiskManagementPathEnv)
 	ConfigFilePathKey                   = strings.ToLower(ConfigFilePathEnv)
 	RealtimeScannerPathKey              = strings.ToLower(RealtimeScannerPathEnv)
+	UniqueIDConfigKey                   = strings.ToLower(UniqueIDEnv)
 	StartMultiPartUploadPathKey         = strings.ToLower(StartMultiPartUploadPathEnv)
 	MultipartPresignedPathKey           = strings.ToLower(MultipartPresignedPathEnv)
 	CompleteMultiPartUploadPathKey      = strings.ToLower(CompleteMultipartUploadPathEnv)

@@ -34,7 +34,12 @@ func EnsureLicense(jwtWrapper wrappers.JWTWrapper) error {
 		return errors.Wrap(err, "failed to check AIProtectionType engine allowance")
 	}
 
-	if aiAllowed || assistAllowed {
+	devAssistAllowed, err := jwtWrapper.IsAllowedEngine(params.CheckmarxDevAssistType)
+	if err != nil {
+		return errors.Wrap(err, "failed to check Checkmarx Developer Assist engine allowance")
+	}
+
+	if aiAllowed || assistAllowed || devAssistAllowed {
 		return nil
 	}
 	return errors.New(errorconstants.ErrMissingAIFeatureLicense)

@@ -126,12 +126,19 @@ func retryHTTPForIAMRequest(requestFunc func() (*http.Response, error), retries
 	return nil, err
 }
 
-func setAgentNameAndOrigin(req *http.Request) {
+func setAgentNameAndOrigin(req *http.Request, isAuth bool) {
 	agentStr := viper.GetString(commonParams.AgentNameKey) + "/" + commonParams.Version
 	req.Header.Set("User-Agent", agentStr)
 
 	originStr := viper.GetString(commonParams.OriginKey)
 	req.Header.Set("Cx-Origin", originStr)
+
+	if !isAuth {
+		uniqueID := GetUniqueID()
+		if uniqueID != "" {
+			req.Header.Set("UniqueId", uniqueID)
+		}
+	}
 }
 
 func GetClient(timeout uint) *http.Client {
@@ -375,7 +382,7 @@ func SendHTTPRequestByFullURLContentLength(
 		req.ContentLength = contentLength
 	}
 	client := GetClient(timeout)
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, false)
 	if auth {
 		enrichWithOath2Credentials(req, accessToken, bearerFormat)
 	}
@@ -427,7 +434,7 @@ func SendHTTPRequestPasswordAuth(method string, body io.Reader, timeout uint, us
 	}
 	req, err := http.NewRequest(method, u, body)
 	client := GetClient(timeout)
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, true)
 	if err != nil {
 		return nil, err
 	}
@@ -464,7 +471,7 @@ func HTTPRequestWithQueryParams(
 	}
 	req, err := http.NewRequest(method, u, body)
 	client := GetClient(timeout)
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, false)
 	if err != nil {
 		return nil, err
 	}
@@ -512,7 +519,7 @@ func SendHTTPRequestWithJSONContentType(method, path string, body io.Reader, aut
 	}
 	req, err := http.NewRequest(method, fullURL, body)
 	client := GetClient(timeout)
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, false)
 	req.Header.Add("Content-Type", jsonContentType)
 	if err != nil {
 		return nil, err
@@ -645,7 +652,7 @@ func writeCredentialsToCache(accessToken string) {
 func getNewToken(credentialsPayload, authServerURI string) (string, error) {
 	payload := strings.NewReader(credentialsPayload)
 	req, err := http.NewRequest(http.MethodPost, authServerURI, payload)
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, true)
 	if err != nil {
 		return "", err
 	}

@@ -192,7 +192,7 @@ func TestSetAgentNameAndOrigin(t *testing.T) {
 
 	req := httptest.NewRequest(http.MethodGet, "http://example.com", nil)
 
-	setAgentNameAndOrigin(req)
+	setAgentNameAndOrigin(req, false)
 
 	userAgent := req.Header.Get("User-Agent")
 	origin := req.Header.Get("origin")