@getvetai/cli 0.3.0 → 0.4.1

package/README.md

@@ -2,7 +2,7 @@
 
 Security audit CLI for AI skills and MCP servers. Scan, audit, and discover tools before you install them.
 
-🌐 **Registry:** [getvet.ai](https://getvet.ai) — 20,000+ AI tools cataloged and scored
+🌐 **Registry:** [getvet.ai](https://getvet.ai) — 23,000+ AI tools verified and scored
 
 ## Install
 
@@ -16,12 +16,6 @@ Or run without installing:
 npx @getvetai/cli scan .
 ```
 
-## What's New in v0.3.0
-
-- **`vet find --limit <n>`** — control how many results to return (default: 10, max: 48)
-- **`vet find --type <type>`** — filter by `skill`, `mcp`, or `all`
-- **20,000+ tools** in the registry (up from 12K) — now indexing 10 sources including Smithery, mcp.so, MCP Registry, PyPI, npm, GitHub, and more
-
 ## Commands
 
 ### `vet scan <target>`
@@ -99,20 +93,41 @@ vet install @modelcontextprotocol/server-github
 vet install -g some-mcp-server
 ```
 
-## Trust Scores
+## Verification Levels
 
-| Score | Badge | Meaning |
+| Level | Badge | Meaning |
 |-------|-------|---------|
-| 75+ | ✅ Certified | No critical issues, good practices |
-| 50–74 | 🔍 Reviewed | Some concerns, use with caution |
-| 25–49 | ⚠️ Unverified | Not yet reviewed or limited info |
-| 0–24 | 🚫 Flagged | Critical security issues found |
+| L2 | ✅ Verified | Installs, boots, tools discovered and tested |
+| L1 | 🔍 Boots | Installs and boots successfully |
+| L0 | ⚠️ Indexed | Cataloged, not yet verified |
 
 ## What It Detects
 
 - **Permissions:** shell execution, file I/O, network access, browser control, database queries, crypto operations
 - **Security issues:** destructive commands, remote code execution, dynamic eval, credential patterns, elevated privileges
 - **MCP-specific:** tool parameter analysis, transport detection (stdio/http/sse), runtime detection
+- **Requirements:** environment variables, API keys, Docker dependencies
+
+## API Access
+
+Access verified tool schemas programmatically. Create a free API key at [getvet.ai/dashboard](https://getvet.ai/dashboard) → API Keys.
+
+```bash
+# Fetch tool schemas
+curl -H "x-api-key: vet_sk_YOUR_KEY" https://getvet.ai/api/v1/tools/TOOL_SLUG/schemas
+
+# Or use Bearer token
+curl -H "Authorization: Bearer vet_sk_YOUR_KEY" https://getvet.ai/api/v1/tools/TOOL_SLUG/schemas
+
+# Bulk fetch (multiple tools at once)
+curl -X POST \
+  -H "x-api-key: vet_sk_YOUR_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"slugs":["tool-1","tool-2"]}' \
+  https://getvet.ai/api/v1/tools/schemas/bulk
+```
+
+See [getvet.ai/get-started](https://getvet.ai/get-started) for full documentation.
 
 ## Links
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@getvetai/cli",
-  "version": "0.3.0",
+  "version": "0.4.1",
   "description": "Security audit CLI for AI skills and MCP servers — scan, audit, and score tools before you install them",
   "type": "module",
   "license": "MIT",
@@ -12,6 +12,11 @@
     "README.md",
     "LICENSE"
   ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/getvetai/cli.git"
+  },
+  "bugs": "https://github.com/getvetai/cli/issues",
   "homepage": "https://getvet.ai",
   "keywords": [
     "ai",

package/dist/utils/fetch.d.ts

@@ -1,6 +0,0 @@
-export interface FetchedContent {
-    content: string;
-    type: 'skill' | 'mcp' | 'unknown';
-    name: string;
-}
-export declare function fetchTarget(target: string): Promise<FetchedContent>;

package/dist/utils/fetch.js

@@ -1,38 +0,0 @@
-import { readFileSync, existsSync } from 'fs';
-function detect(content, source) {
-    if (/SKILL\.md/i.test(source) || /^#\s+.*skill/im.test(content))
-        return 'skill';
-    if (/mcp|model.context.protocol/i.test(content))
-        return 'mcp';
-    if (/^#\s+/m.test(content))
-        return 'skill';
-    return 'unknown';
-}
-export async function fetchTarget(target) {
-    if (existsSync(target)) {
-        const c = readFileSync(target, 'utf-8');
-        return { content: c, type: detect(c, target), name: target.split('/').pop() || target };
-    }
-    if (/^https?:\/\//i.test(target)) {
-        const r = await fetch(target);
-        if (!r.ok)
-            throw new Error('HTTP ' + r.status);
-        const c = await r.text();
-        return { content: c, type: detect(c, target), name: target.split('/').pop()?.replace(/\?.*$/, '') || target };
-    }
-    if (/^[\w-]+\/[\w.-]+$/.test(target) && !target.startsWith('@')) {
-        const r = await fetch('https://raw.githubusercontent.com/' + target + '/main/README.md');
-        if (r.ok)
-            return { content: await r.text(), type: 'mcp', name: target.split('/')[1] };
-        throw new Error('GitHub fetch failed: ' + target);
-    }
-    if (/^@?[\w-]/.test(target)) {
-        const r = await fetch('https://registry.npmjs.org/' + encodeURIComponent(target));
-        if (r.ok) {
-            const d = await r.json();
-            return { content: d.readme || '', type: 'mcp', name: d.name || target };
-        }
-        throw new Error('npm not found: ' + target);
-    }
-    throw new Error('Unknown target: ' + target);
-}