make securelens show usage when run with no subcommand and pass api_base in scan triage and analysis

tests/test_cli_api_base.py

@@ -52,3 +52,45 @@ async def test_backend_call_ai_passes_api_base():
         finally:
             settings.ai_api_key = original_key
             settings.ai_api_base = original_base
+
+@pytest.mark.asyncio
+async def test_triage_files_passes_api_base():
+    from securelens.scanners import triage_files
+    from securelens.config import CLIConfig
+    from pathlib import Path
+    
+    cfg = CLIConfig()
+    cfg.api_key = "mock_key"
+    cfg.api_base = "https://agentrouter.org/v1"
+    cfg.default_model = "openai/deepseek-chat"
+    
+    with patch("securelens.scanners.call_ai_json", new_callable=AsyncMock) as mock_call_ai_json:
+        mock_call_ai_json.return_value = {"critical_files": []}
+        
+        await triage_files([Path("test.py")], Path("."), cfg)
+        
+        mock_call_ai_json.assert_called_once()
+        called_kwargs = mock_call_ai_json.call_args[1]
+        assert called_kwargs["api_base"] == "https://agentrouter.org/v1"
+
+@pytest.mark.asyncio
+async def test_analyze_file_passes_api_base():
+    from securelens.scanners import analyze_file
+    from securelens.config import CLIConfig
+    from pathlib import Path
+    
+    cfg = CLIConfig()
+    cfg.api_key = "mock_key"
+    cfg.api_base = "https://agentrouter.org/v1"
+    cfg.default_model = "openai/deepseek-chat"
+    
+    mock_file = Path("test.py")
+    with patch("pathlib.Path.read_text", return_value="print('hello')"):
+        with patch("securelens.scanners.call_ai_json", new_callable=AsyncMock) as mock_call_ai_json:
+            mock_call_ai_json.return_value = {"vulnerabilities": []}
+            
+            await analyze_file(mock_file, Path("."), cfg)
+            
+            mock_call_ai_json.assert_called_once()
+            called_kwargs = mock_call_ai_json.call_args[1]
+            assert called_kwargs["api_base"] == "https://agentrouter.org/v1"