npm - @securityreviewai/securityreview-kit - Versions diffs - 0.1.28 → 0.1.30 - Mend

@securityreviewai/securityreview-kit 0.1.28 → 0.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json +1 -1
package/src/cli.js +1 -1
package/src/commands/init.js +6 -1
package/src/generators/rules/cursor.js +3 -1
package/src/generators/rules/guardrails-init-profile.md +2 -2
package/src/generators/rules/guardrails-profiler/SKILL.md +2 -2
package/src/utils/cursor-agent-path.js +25 -5
package/src/utils/ide-cli-install.js +2 -2
package/src/utils/profiler-agent.js +2 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@securityreviewai/securityreview-kit",
-  "version": "0.1.28",
+  "version": "0.1.30",
   "description": "Bootstrap security-review-mcp for AI IDEs and CLI tools",
   "author": "Debarshi Das <debarshi.das@we45.com>",
   "license": "UNLICENSED",

package/src/cli.js CHANGED Viewed

@@ -35,7 +35,7 @@ export function run() {
         )
         .option(
             '--profiler-cursor-login',
-            'Before Cursor profiling, run cursor-agent login in this terminal (then profiling runs in the same init)',
+            'Before Cursor profiling, run `agent login` (or `cursor-agent login`) in this terminal (then profiling runs in the same init)',
         )
         .option(
             '--profiler-quiet',

package/src/commands/init.js CHANGED Viewed

@@ -479,7 +479,12 @@ export async function initCommand(options) {
                     console.log(chalk.dim('  Typical fixes:'));
                     console.log(
                         chalk.dim(
-                            '    • Not signed in: re-run `securityreview-kit init` and choose Yes for “Run Cursor Agent login”, or pass `--profiler-cursor-login` with `--profile-repo`.',
+                            '    • Not signed in: re-run `securityreview-kit init` and choose Yes for “Run Cursor Agent login”, or pass `--profiler-cursor-login` with `--profile-repo`. Use `agent login` (or `cursor-agent login`) if prompted manually.',
+                        ),
+                    );
+                    console.log(
+                        chalk.dim(
+                            '    • CLI missing: install from https://cursor.com/docs/cli/installation and verify `agent --version` (new installs use the `agent` command; `cursor-agent` is legacy).',
                         ),
                     );
                     console.log(

package/src/generators/rules/cursor.js CHANGED Viewed

@@ -52,7 +52,9 @@ function mergeCursorCliMcpAllowlist(cwd) {
     if (!existing.permissions.allow.includes(token)) {
         existing.permissions.allow.push(token);
     }
-    if (existing.permissions.deny !== undefined && !Array.isArray(existing.permissions.deny)) {
+    // Cursor CLI schema requires permissions.deny to be a string[] (may be empty).
+    // @see https://cursor.com/docs/cli/reference/configuration
+    if (!Array.isArray(existing.permissions.deny)) {
         existing.permissions.deny = [];
     }
     writeJson(cliPath, existing);

package/src/generators/rules/guardrails-init-profile.md CHANGED Viewed

@@ -23,10 +23,10 @@ Do **not** ask the user to verbally approve MCP for `security-review-mcp`. The r
 From the repo root, non-interactive runs should include workspace trust, MCP approval, and **streaming progress** (matches default `securityreview-kit init`):
-`cursor-agent -p "<your profiling instructions>" --output-format stream-json --stream-partial-output --trust --approve-mcps`
+`agent -p "<your profiling instructions>" --output-format stream-json --stream-partial-output --trust --approve-mcps` (or `cursor-agent` if that is what your install provides)
 Omit `--output-format` / `--stream-partial-output` if you want less verbose terminal output (or use `securityreview-kit init` with `--profiler-quiet`).
 During `securityreview-kit init`, choose **Yes** when asked to run Cursor login in-terminal, or pass **`--profiler-cursor-login`** with **`--profile-repo`** so login and profiling stay in one run.
-You can still sign in manually with `cursor-agent login`. To handle trust/login interactively in the terminal, omit `--trust` and `--approve-mcps`.
+You can still sign in manually with `agent login` (or `cursor-agent login`). To handle trust/login interactively in the terminal, omit `--trust` and `--approve-mcps`.

package/src/generators/rules/guardrails-profiler/SKILL.md CHANGED Viewed

@@ -70,7 +70,7 @@ Build the object for `.guardrails/profile.json`:
   "schema_version": "1.0",
   "project_name": "<directory name>",
   "profiled_at": "<ISO 8601 timestamp>",
-  "profiled_by": "<ide or cli id, e.g. cursor-agent, claude, codex>",
+  "profiled_by": "<ide or cli id, e.g. agent, cursor-agent, claude, codex>",
   "detection_summary": {
     "languages": [],
     "frameworks": [],
@@ -149,4 +149,4 @@ If there are no signals:
 ## IDE-Specific Notes
-When run from Cursor Agent CLI, Claude Code, or Codex CLI, set `profiled_by` to a stable id (`cursor-agent`, `claude`, `codex`).
+When run from Cursor Agent CLI, Claude Code, or Codex CLI, set `profiled_by` to a stable id (`agent` or `cursor-agent`, `claude`, `codex`).

package/src/utils/cursor-agent-path.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { existsSync } from 'node:fs';
 import { spawnSync } from 'node:child_process';
 import { homedir } from 'node:os';
-import { delimiter, join } from 'node:path';
+import { delimiter, isAbsolute, join } from 'node:path';
 /**
  * Extra PATH segments where Cursor / other CLIs are often installed.
@@ -25,17 +25,37 @@ export function augmentPathEnv(baseEnv = process.env) {
 }
 /**
- * Executable that responds to `cursor-agent --version`, or null.
+ * Cursor Agent CLI binary (`agent` or legacy `cursor-agent`) that responds to `--version`, or null.
+ * New installs often only ship `agent` in ~/.local/bin (see https://cursor.com/docs/cli/installation).
  */
 export function resolveCursorAgentExecutable() {
     const env = augmentPathEnv();
+    const home = homedir();
     const candidates = [
+        join(home, '.local', 'bin', 'agent'),
+        join(home, '.local', 'bin', 'cursor-agent'),
+        ...(process.platform === 'win32'
+            ? [
+                  join(home, '.local', 'bin', 'agent.cmd'),
+                  join(home, '.local', 'bin', 'cursor-agent.cmd'),
+              ]
+            : []),
+        join(home, '.cursor', 'bin', 'agent'),
+        join(home, '.cursor', 'bin', 'cursor-agent'),
+        'agent',
         'cursor-agent',
-        join(homedir(), '.local', 'bin', 'cursor-agent'),
-        join(homedir(), '.cursor', 'bin', 'cursor-agent'),
     ];
+    if (process.platform === 'win32') {
+        const base = join(home, 'AppData', 'Local', 'Programs', 'cursor');
+        candidates.splice(
+            candidates.length - 2,
+            0,
+            join(base, 'agent.exe'),
+            join(base, 'cursor-agent.exe'),
+        );
+    }
     for (const cmd of candidates) {
-        if (cmd !== 'cursor-agent' && !existsSync(cmd)) {
+        if (isAbsolute(cmd) && !existsSync(cmd)) {
             continue;
         }
         const r = spawnSync(cmd, ['--version'], { stdio: 'ignore', env });

package/src/utils/ide-cli-install.js CHANGED Viewed

@@ -32,7 +32,7 @@ export function ensureIdeCliForTarget(target, options = {}) {
                 target,
                 ok: false,
                 message:
-                    'cursor-agent not found (install from https://cursor.com/cli; Node may need ~/.local/bin — kit augments PATH when running the profiler)',
+                    'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation.',
             };
         }
         if (process.platform === 'win32') {
@@ -51,7 +51,7 @@ export function ensureIdeCliForTarget(target, options = {}) {
                 target,
                 ok: false,
                 message:
-                    'cursor-agent not found after install; open a new shell or ensure ~/.local/bin exists and re-run init',
+                    'Cursor Agent CLI (`agent` / `cursor-agent`) not found after install; open a new shell or ensure ~/.local/bin exists and re-run init',
             };
         }
         return { target, ok: true };

package/src/utils/profiler-agent.js CHANGED Viewed

@@ -36,7 +36,7 @@ export function runCursorAgentLogin(cwd) {
             ok: false,
             status: null,
             message:
-                'cursor-agent not found (install from https://cursor.com/cli and ensure ~/.local/bin is on PATH, or re-run init without --skip-ide-cli-install)',
+                'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation (add ~/.local/bin to PATH), or re-run init without --skip-ide-cli-install.',
         };
     }
     const env = augmentPathEnv(process.env);
@@ -85,7 +85,7 @@ export function runProfilerAgent(cwd, { target, projectName, cursorTrust = true,
             return {
                 ok: false,
                 message:
-                    'cursor-agent not found. Install via Cursor CLI (https://cursor.com/cli) or run init Step 1b without --skip-ide-cli-install; ensure your shell PATH includes ~/.local/bin (Node may not inherit it).',
+                    'Cursor Agent CLI not found (`agent` or `cursor-agent`). Install from https://cursor.com/docs/cli/installation and ensure ~/.local/bin exists; run init Step 1b without --skip-ide-cli-install (Node subprocesses get an augmented PATH, but the binary must be installed).',
             };
         }
         const args = ['-p', prompt];