agent-mcp-guard 0.4.1 → 0.4.3

package/README.md

@@ -19,7 +19,7 @@ Live demo PR: [mcp-guard-demo#1](https://github.com/ChaoYue0307/mcp-guard-demo/p
   <a href="https://github.com/marketplace/actions/mcp-guard-mcp-security-scanner"><img alt="GitHub Marketplace" src="https://img.shields.io/badge/Marketplace-mcp--guard-0f766e?logo=github"></a>
   <a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
   <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
-  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.1"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.3"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
 </p>
 
 ## Install
@@ -29,6 +29,18 @@ npm install -g agent-mcp-guard
 mcp-guard scan
 ```
 
+Bootstrap a repository with a GitHub Action:
+
+```bash
+mcp-guard init
+```
+
+Bootstrap CI and accept current reviewed findings as a baseline:
+
+```bash
+mcp-guard init --write-baseline --upload-sarif
+```
+
 Scan a specific config:
 
 ```bash
@@ -69,7 +81,7 @@ mcp-guard scan --config .mcp.json --baseline .mcp-guard-baseline.json --fail-on
 Use the GitHub Action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -117,6 +129,14 @@ For the GitHub Action workflow, inspect the public demo repository: [ChaoYue0307
 
 The GitHub Action can also post an optional pull request comment with the active finding summary.
 
+For a guided setup, run:
+
+```bash
+mcp-guard init --write-baseline --upload-sarif
+```
+
+This writes `.github/workflows/mcp-guard.yml` and `.mcp-guard-baseline.json`, using `actions/checkout@v6`, the current Marketplace Action tag, PR comments, and optional SARIF upload.
+
 ## Example Output
 
 ```text
@@ -163,11 +183,19 @@ MCP configs often contain sensitive local paths, internal hostnames, tokens, and
 - secret-like values redacted in reports;
 - text, Markdown, HTML, JSON, and SARIF output for local review, CI artifacts, and GitHub code scanning.
 
-## Early Access and Feedback
+## Setup Pilot
 
 Want to try `mcp-guard` on a real AI agent or MCP setup?
 
-The project is currently an automated local scanner. I am collecting early users, real-world config examples, CI setup feedback, baseline workflow feedback, and rule requests to improve coverage.
+The project is an automated local scanner. Paid setup help is available for teams that want the CLI, GitHub Action, baseline workflow, PR comments, and SARIF reporting wired into a real repository.
+
+Typical scope:
+
+- install and run the CLI against redacted local MCP configs;
+- create the GitHub Action workflow;
+- generate and review an initial baseline;
+- enable PR comments and optional GitHub code scanning;
+- record missing rules or config shapes as product feedback.
 
 Contact: [hechaoyue0307@gmail.com](mailto:hechaoyue0307@gmail.com)
 
@@ -178,6 +206,7 @@ Contact: [hechaoyue0307@gmail.com](mailto:hechaoyue0307@gmail.com)
 - [GitHub Action](docs/github-action.md)
 - [Marketplace publishing plan](docs/marketplace.md)
 - [Privacy and security](docs/privacy-and-security.md)
+- [Trusted publishing](docs/trusted-publishing.md)
 - [Roadmap](docs/roadmap.md)
 - [Operator runbook](docs/operator-runbook.md)
 

package/docs/baseline.md

@@ -30,7 +30,7 @@ If the scan finds only baseline-accepted findings, the exit code is `0`. If a ne
 ## GitHub Action
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -45,7 +45,7 @@ The generated Markdown, HTML, JSON, and PR comment separate active findings from
 {
   "version": 1,
   "generatedAt": "2026-05-10T00:00:00.000Z",
-  "toolVersion": "0.4.1",
+  "toolVersion": "0.4.3",
   "findings": [
     {
       "fingerprint": "mcpg_a009b2c2",

package/docs/business-playbook.md

@@ -15,12 +15,15 @@ This is setup and product onboarding, not a manual security audit.
 Deliverables:
 
 - install the CLI and GitHub Action;
+- run `mcp-guard init` or generate an equivalent workflow manually;
 - generate Markdown, HTML, JSON, and SARIF reports;
 - create an initial baseline for accepted known findings;
 - enable PR comments and optional SARIF upload;
 - document missing rule requests for future product work;
 - provide a short setup handoff note.
 
+For product operations, npm Trusted Publishing should be used after the package setting is configured. This avoids manual QR-code publish flows and makes small releases repeatable.
+
 ## Pricing
 
 | Customer | Price |
@@ -36,6 +39,8 @@ I built mcp-guard, an open-source local scanner for MCP and AI agent tool config
 
 It checks for risky shell access, unpinned npx packages, broad filesystem permissions, exposed secrets, and remote MCP servers.
 
+It now includes `mcp-guard init`, which creates a GitHub Action workflow and can generate a baseline for accepted current findings.
+
 I am collecting real-world MCP and AI agent config patterns from teams using Claude, Cursor, Codex, or MCP in production-like workflows. If you can share a redacted config or run the CLI locally, your feedback can help improve the scanner's rules and reports.
 ```
 

package/docs/github-action.md

@@ -10,6 +10,14 @@ Marketplace/action repository: <https://github.com/ChaoYue0307/mcp-guard-action>
 
 ## Basic Workflow
 
+Fastest setup:
+
+```bash
+mcp-guard init
+```
+
+That creates `.github/workflows/mcp-guard.yml` with PR comments enabled. Use `mcp-guard init --write-baseline --upload-sarif` when you want to accept current reviewed findings and send SARIF to GitHub code scanning.
+
 ```yaml
 name: mcp-guard
 
@@ -26,8 +34,8 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.1
+      - uses: actions/checkout@v6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.3
         with:
           config: .mcp.json
           fail-on: high
@@ -54,8 +62,8 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.1
+      - uses: actions/checkout@v6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.3
         with:
           config: .mcp.json
           fail-on: high
@@ -67,7 +75,7 @@ jobs:
 Use `fail-on: none` when you want artifacts and summaries without blocking a pull request.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     fail-on: none
 ```
@@ -83,7 +91,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Commit `.mcp-guard-baseline.json`, then reference it from the action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json

package/docs/launch-checklist.md

@@ -31,7 +31,7 @@ mcp-guard scan --config .mcp.json --fail-on high
 ## GitHub Action Setup
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json

package/docs/marketplace-action-readme.md

@@ -22,8 +22,8 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.1
+      - uses: actions/checkout@v6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.3
         with:
           config: .mcp.json
           fail-on: high
@@ -41,8 +41,8 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.1
+      - uses: actions/checkout@v6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.3
         with:
           config: .mcp.json
           fail-on: high
@@ -95,7 +95,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Then enforce only new findings:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json

package/docs/marketplace.md

@@ -79,21 +79,20 @@ Secondary category:
 Code quality
 ```
 
-Release title:
+Current release title:
 
 ```text
-v0.4.1
+v0.4.3
 ```
 
 Release notes:
 
 ```text
-Node 24 compatibility release.
+Trusted Publishing readiness release.
 
-- Keeps the v0.4 baseline and pull request comment workflow.
-- Uses Node.js 24 for the scanner runtime.
-- Updates first-party GitHub Actions dependencies to current major versions.
-- Uses CodeQL SARIF upload v4.
+- Adds a GitHub Actions workflow for npm Trusted Publishing readiness.
+- Keeps `mcp-guard init` for generating a GitHub Action workflow and baseline.
+- Keeps Node.js 24, PR comments, artifacts, and SARIF upload support.
 ```
 
 ## Manual Publishing Steps
@@ -102,11 +101,11 @@ Completed:
 
 - Public repository created: <https://github.com/ChaoYue0307/mcp-guard-action>
 - `dist/mcp-guard-action/` exported, committed, and pushed.
-- Release created: <https://github.com/ChaoYue0307/mcp-guard-action/releases/tag/v0.4.1>
+- Initial release created: <https://github.com/ChaoYue0307/mcp-guard-action/releases/tag/v0.4.1>
 - README, docs, and website examples now use:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.1
+- uses: ChaoYue0307/mcp-guard-action@v0.4.3
 ```
 
 Remaining Marketplace web step:

package/docs/roadmap.md

@@ -11,6 +11,8 @@
 - GitHub Action wrapper that writes a job summary, uploads Markdown/HTML/JSON/SARIF artifacts, and can upload SARIF to GitHub code scanning.
 - Baseline/allowlist mode for accepting known findings and failing only on new risks.
 - Optional GitHub pull request comments from the Marketplace Action.
+- `mcp-guard init` for bootstrapping a GitHub Action workflow and optional baseline.
+- npm Trusted Publishing workflow prepared for tokenless release publishing.
 
 ## Next
 

package/docs/trusted-publishing.md

@@ -0,0 +1,61 @@
+# Trusted Publishing
+
+`mcp-guard` includes a GitHub Actions workflow for npm Trusted Publishing so future releases can publish without npm browser QR links, OTP prompts, or long-lived npm tokens.
+
+## Why
+
+npm browser authentication links can expire quickly and may open as 404. Trusted Publishing lets npm accept a publish from a specific GitHub Actions workflow through OIDC.
+
+The workflow is committed at:
+
+```text
+.github/workflows/publish-npm.yml
+```
+
+It uses:
+
+- `permissions: id-token: write`
+- `actions/checkout@v6`
+- `actions/setup-node@v6`
+- Node.js 24
+- `npm publish --access public`
+
+## npm Package Settings
+
+Configure this once on npmjs.com:
+
+| Field | Value |
+| --- | --- |
+| Package | `agent-mcp-guard` |
+| Publisher | GitHub Actions |
+| Organization or user | `ChaoYue0307` |
+| Repository | `mcp-guard` |
+| Workflow filename | `publish-npm.yml` |
+| Environment name | leave empty |
+
+After this is saved, run the workflow from GitHub Actions with the release tag, for example:
+
+```text
+v0.4.3
+```
+
+## Release Flow After Setup
+
+1. Update `package.json` and `src/cli.js`.
+2. Run `npm test` and `npm run release:check`.
+3. Commit and push to `main`.
+4. Create a GitHub release tag such as `v0.4.3`.
+5. Run the `Publish npm` workflow with the same tag.
+6. Verify npm:
+
+```bash
+npm view agent-mcp-guard version
+```
+
+## Troubleshooting
+
+- The workflow filename configured on npm must be exactly `publish-npm.yml`.
+- The package `repository.url` must match `https://github.com/ChaoYue0307/mcp-guard`.
+- The workflow must run on GitHub-hosted runners.
+- The workflow must keep `id-token: write`.
+- If npm says authentication failed, re-check the npm Trusted Publisher fields before retrying.

package/examples/sample-report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T13:15:24.269Z
+Generated: 2026-05-10T13:47:08.616Z
 
 ## Summary
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
   "homepage": "https://chaoyue0307.github.io/mcp-guard/",

package/site/e2e/report.html

@@ -297,7 +297,7 @@
           <div class="metric"><strong>1</strong><span>Scanned files</span></div>
           <div class="metric"><strong>3</strong><span>MCP servers</span></div>
           <div class="metric"><strong>9</strong><span>Active findings</span></div>
-          <div class="metric"><strong>2026-05-10 13:15 UTC</strong><span>Generated</span></div>
+          <div class="metric"><strong>2026-05-10 13:47 UTC</strong><span>Generated</span></div>
         </div>
       </div>
       <aside class="scorecard" aria-label="Risk score">

package/site/e2e/report.json

@@ -1,9 +1,9 @@
 {
   "metadata": {
-    "generatedAt": "2026-05-10T13:15:24.365Z",
+    "generatedAt": "2026-05-10T13:47:08.576Z",
     "cwd": ".",
     "home": "~",
-    "toolVersion": "0.4.1"
+    "toolVersion": "0.4.3"
   },
   "scannedFiles": [
     "site/e2e/claude_desktop_config.json"

package/site/e2e/report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T13:15:24.330Z
+Generated: 2026-05-10T13:47:08.555Z
 
 ## Summary
 

package/site/e2e/report.sarif

@@ -7,7 +7,7 @@
         "driver": {
           "name": "mcp-guard",
           "informationUri": "https://github.com/ChaoYue0307/mcp-guard",
-          "semanticVersion": "0.4.1",
+          "semanticVersion": "0.4.3",
           "rules": [
             {
               "id": "MCP010",

package/src/cli.js

@@ -1,11 +1,12 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { applyBaseline, loadBaselineFile, writeBaselineFile } from "./baseline.js";
+import { initProject, renderInitSummary } from "./init.js";
 import { scan } from "./scan.js";
 import { generateHtmlReport, generateJsonReport, generateMarkdownReport, generateSarifReport, generateTextReport } from "./report.js";
 import { compareSeverity, severityRank } from "./severity.js";
 
-const VERSION = "0.4.1";
+const VERSION = "0.4.3";
 
 export async function runCli(argv, io) {
   const args = argv.slice(2);
@@ -21,6 +22,34 @@ export async function runCli(argv, io) {
     return 0;
   }
 
+  if (command === "init") {
+    if (args.includes("--help") || args.includes("-h")) {
+      io.stdout.write(helpText());
+      return 0;
+    }
+
+    const options = parseInitArgs(args.slice(1), io.cwd);
+    const result = await initProject({
+      cwd: options.cwd,
+      env: io.env,
+      configPaths: options.configPaths,
+      includeDefaults: options.includeDefaults,
+      workflowPath: options.workflowPath,
+      baselinePath: options.baselinePath,
+      failOn: options.failOn,
+      commentPr: options.commentPr,
+      uploadSarif: options.uploadSarif,
+      writeBaseline: options.writeBaseline,
+      useBaseline: options.useBaseline,
+      baselineReason: options.baselineReason,
+      force: options.force,
+      dryRun: options.dryRun,
+      toolVersion: VERSION
+    });
+    io.stdout.write(renderInitSummary(result, options.cwd));
+    return 0;
+  }
+
   if (command !== "scan") {
     io.stderr.write(`Unknown command: ${command}\n\n`);
     io.stderr.write(helpText());
@@ -70,6 +99,82 @@ export async function runCli(argv, io) {
   return 0;
 }
 
+function parseInitArgs(args, defaultCwd) {
+  const options = {
+    cwd: defaultCwd,
+    configPaths: [],
+    includeDefaults: true,
+    workflowPath: "",
+    baselinePath: "",
+    failOn: "high",
+    commentPr: true,
+    uploadSarif: false,
+    writeBaseline: false,
+    useBaseline: false,
+    baselineReason: "Accepted current MCP findings",
+    force: false,
+    dryRun: false
+  };
+  options.workflowPath = path.join(options.cwd, ".github", "workflows", "mcp-guard.yml");
+  options.baselinePath = path.join(options.cwd, ".mcp-guard-baseline.json");
+  let workflowPathProvided = false;
+  let baselinePathProvided = false;
+
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--config" || arg === "-c") {
+      options.configPaths.push(resolveInputPath(readValue(args, index, arg), options.cwd));
+      index += 1;
+    } else if (arg === "--workflow") {
+      options.workflowPath = resolveInputPath(readValue(args, index, arg), options.cwd);
+      workflowPathProvided = true;
+      index += 1;
+    } else if (arg === "--baseline" || arg === "--allowlist") {
+      options.baselinePath = resolveInputPath(readValue(args, index, arg), options.cwd);
+      options.useBaseline = true;
+      baselinePathProvided = true;
+      index += 1;
+    } else if (arg === "--write-baseline" || arg === "--write-allowlist") {
+      options.writeBaseline = true;
+      options.useBaseline = true;
+    } else if (arg === "--baseline-reason") {
+      options.baselineReason = readValue(args, index, arg);
+      index += 1;
+    } else if (arg === "--fail-on") {
+      options.failOn = readValue(args, index, arg);
+      index += 1;
+      if (!["critical", "high", "medium", "low", "none"].includes(options.failOn)) {
+        throw new Error("--fail-on must be one of: critical, high, medium, low, none");
+      }
+    } else if (arg === "--comment-pr") {
+      options.commentPr = true;
+    } else if (arg === "--no-comment-pr") {
+      options.commentPr = false;
+    } else if (arg === "--upload-sarif") {
+      options.uploadSarif = true;
+    } else if (arg === "--cwd") {
+      options.cwd = path.resolve(readValue(args, index, arg));
+      if (!workflowPathProvided) {
+        options.workflowPath = path.join(options.cwd, ".github", "workflows", "mcp-guard.yml");
+      }
+      if (!baselinePathProvided) {
+        options.baselinePath = path.join(options.cwd, ".mcp-guard-baseline.json");
+      }
+      index += 1;
+    } else if (arg === "--no-defaults") {
+      options.includeDefaults = false;
+    } else if (arg === "--force") {
+      options.force = true;
+    } else if (arg === "--dry-run") {
+      options.dryRun = true;
+    } else {
+      throw new Error(`Unknown init option: ${arg}`);
+    }
+  }
+
+  return options;
+}
+
 function parseScanArgs(args, defaultCwd) {
   const options = {
     cwd: defaultCwd,
@@ -165,9 +270,26 @@ Open-source scanner for risky MCP server and AI agent tool configuration.
 
 Usage:
   mcp-guard scan [options]
+  mcp-guard init [options]
   mcp-guard version
   mcp-guard help
 
+Init options:
+      --workflow <path>     Workflow path to create. Default: .github/workflows/mcp-guard.yml.
+  -c, --config <path>       MCP config path to reference in the workflow. Can be repeated for baseline generation.
+      --fail-on <severity>  Workflow fail threshold. Default: high.
+      --baseline <path>     Reference an existing baseline JSON file in the workflow.
+      --write-baseline      Generate a baseline from current findings and reference it in the workflow.
+      --baseline-reason <text>
+                            Reason stored for newly written baseline entries.
+      --comment-pr          Enable pull request comments. Default.
+      --no-comment-pr       Do not add pull request comment permission or input.
+      --upload-sarif        Upload SARIF to GitHub code scanning.
+      --cwd <path>          Project directory to initialize.
+      --no-defaults         Only scan paths passed with --config for baseline generation.
+      --force               Overwrite existing workflow or baseline files.
+      --dry-run             Print planned files without writing them.
+
 Scan options:
   -c, --config <path>       Scan a specific MCP config file. Can be repeated.
   -o, --output <path>       Write report to a file.
@@ -183,6 +305,8 @@ Scan options:
       --no-defaults         Only scan paths passed with --config.
 
 Examples:
+  mcp-guard init
+  mcp-guard init --write-baseline --upload-sarif
   mcp-guard scan
   mcp-guard scan --format markdown --output mcp-guard-report.md
   mcp-guard scan --format html --output mcp-guard-report.html

package/src/init.js

@@ -0,0 +1,255 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { writeBaselineFile } from "./baseline.js";
+import { discoverConfigFiles } from "./discovery.js";
+import { displayPath } from "./fingerprint.js";
+import { scan } from "./scan.js";
+
+export async function initProject({
+  cwd,
+  env,
+  configPaths = [],
+  includeDefaults = true,
+  workflowPath,
+  baselinePath,
+  failOn = "high",
+  commentPr = true,
+  uploadSarif = false,
+  writeBaseline = false,
+  useBaseline = false,
+  baselineReason = "Accepted current MCP findings",
+  force = false,
+  dryRun = false,
+  toolVersion
+}) {
+  const discoveredConfigPaths = configPaths.length === 0 && includeDefaults
+    ? await discoverConfigFiles({ cwd, env })
+    : [];
+  const workflowConfigPath = selectWorkflowConfigPath({
+    cwd,
+    explicitConfigPaths: configPaths,
+    discoveredConfigPaths
+  });
+  const files = [];
+
+  if (writeBaseline) {
+    const baselineConfigPaths = configPaths.length > 0
+      ? configPaths
+      : workflowConfigPath
+        ? [workflowConfigPath]
+        : [];
+    if (baselineConfigPaths.length === 0) {
+      throw new Error("No project MCP config found for baseline generation. Add .mcp.json, pass --config, or run init without --write-baseline.");
+    }
+    const result = await scan({
+      cwd,
+      env,
+      configPaths: baselineConfigPaths,
+      includeDefaults: false,
+      toolVersion
+    });
+    const baseline = await writeBaselineFileIfAllowed(baselinePath, result, {
+      reason: baselineReason,
+      force,
+      dryRun
+    });
+    files.push({
+      type: "baseline",
+      path: baselinePath,
+      action: baseline.action,
+      findingCount: baseline.findingCount
+    });
+  }
+
+  const workflow = renderGithubWorkflow({
+    actionRef: `ChaoYue0307/mcp-guard-action@v${toolVersion}`,
+    configPath: workflowConfigPath ? displayPath(workflowConfigPath, cwd) : "",
+    baselinePath: useBaseline || writeBaseline ? displayPath(baselinePath, cwd) : "",
+    failOn,
+    commentPr,
+    uploadSarif
+  });
+  const workflowWrite = await writeTextFileIfAllowed(workflowPath, workflow, { force, dryRun });
+  files.push({
+    type: "workflow",
+    path: workflowPath,
+    action: workflowWrite.action
+  });
+
+  return {
+    dryRun,
+    workflowPath,
+    baselinePath,
+    configPath: workflowConfigPath,
+    discoveredConfigPaths,
+    files,
+    nextSteps: buildNextSteps({ workflowPath, baselinePath, writeBaseline, uploadSarif })
+  };
+}
+
+export function renderInitSummary(result, cwd) {
+  const lines = ["mcp-guard init completed"];
+
+  if (result.dryRun) {
+    lines[0] = "mcp-guard init dry run";
+  }
+
+  if (result.configPath) {
+    lines.push(`Config: ${displayPath(result.configPath, cwd)}`);
+  } else {
+    lines.push("Config: default discovery paths");
+  }
+
+  for (const file of result.files) {
+    const label = file.action === "skipped" ? "Skipped" : actionLabel(file.action);
+    const suffix = file.type === "baseline" ? ` (${file.findingCount} findings)` : "";
+    lines.push(`${label}: ${displayPath(file.path, cwd)}${suffix}`);
+  }
+
+  lines.push("");
+  lines.push("Next:");
+  for (const step of result.nextSteps) {
+    lines.push(`- ${step}`);
+  }
+
+  return `${lines.join("\n")}\n`;
+}
+
+export function renderGithubWorkflow({ actionRef, configPath, baselinePath, failOn, commentPr, uploadSarif }) {
+  const permissions = ["  contents: read"];
+  if (commentPr) {
+    permissions.push("  pull-requests: write");
+  }
+  if (uploadSarif) {
+    permissions.push("  security-events: write");
+  }
+
+  const inputs = [];
+  if (configPath) {
+    inputs.push(`          config: ${quoteYaml(configPath)}`);
+  }
+  if (baselinePath) {
+    inputs.push(`          baseline: ${quoteYaml(baselinePath)}`);
+  }
+  inputs.push(`          fail-on: ${quoteYaml(failOn)}`);
+  if (commentPr) {
+    inputs.push('          comment-pr: "true"');
+  }
+  if (uploadSarif) {
+    inputs.push('          upload-sarif: "true"');
+  }
+
+  return `name: mcp-guard
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+${permissions.join("\n")}
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ${actionRef}
+        with:
+${inputs.join("\n")}
+`;
+}
+
+function selectWorkflowConfigPath({ cwd, explicitConfigPaths, discoveredConfigPaths }) {
+  if (explicitConfigPaths.length > 0) {
+    return explicitConfigPaths[0];
+  }
+
+  return discoveredConfigPaths.find((filePath) => isInsideDirectory(filePath, cwd)) || "";
+}
+
+async function writeBaselineFileIfAllowed(filePath, result, { reason, force, dryRun }) {
+  const existing = await fileExists(filePath);
+  if (existing && !force) {
+    throw new Error(`Refusing to overwrite ${filePath}; use --force to replace it.`);
+  }
+
+  if (dryRun) {
+    return {
+      action: existing ? "would-overwrite" : "would-create",
+      findingCount: result.findings.length + result.acceptedFindings.length
+    };
+  }
+
+  const baseline = await writeBaselineFile(filePath, result, { reason });
+  return {
+    action: existing ? "overwritten" : "created",
+    findingCount: baseline.findings.length
+  };
+}
+
+async function writeTextFileIfAllowed(filePath, content, { force, dryRun }) {
+  const existing = await fileExists(filePath);
+  if (existing && !force) {
+    throw new Error(`Refusing to overwrite ${filePath}; use --force to replace it.`);
+  }
+
+  if (dryRun) {
+    return {
+      action: existing ? "would-overwrite" : "would-create"
+    };
+  }
+
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  await fs.writeFile(filePath, content, "utf8");
+  return {
+    action: existing ? "overwritten" : "created"
+  };
+}
+
+async function fileExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function buildNextSteps({ workflowPath, baselinePath, writeBaseline, uploadSarif }) {
+  const steps = [
+    `Review ${path.basename(workflowPath)} before committing it.`,
+    "Run mcp-guard scan locally and confirm the findings are expected.",
+    "Commit the workflow and open a pull request that changes MCP config to verify the check."
+  ];
+
+  if (writeBaseline) {
+    steps.splice(1, 0, `Review ${path.basename(baselinePath)} because accepted findings will not fail CI.`);
+  }
+
+  if (uploadSarif) {
+    steps.push("Confirm GitHub code scanning is enabled for SARIF results.");
+  }
+
+  return steps;
+}
+
+function actionLabel(action) {
+  if (action === "would-create") return "Would create";
+  if (action === "would-overwrite") return "Would overwrite";
+  if (action === "overwritten") return "Overwrote";
+  return "Created";
+}
+
+function isInsideDirectory(filePath, directory) {
+  const relative = path.relative(path.resolve(directory), path.resolve(filePath));
+  return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
+}
+
+function quoteYaml(value) {
+  if (/^[A-Za-z0-9_./-]+$/.test(value)) {
+    return value;
+  }
+  return JSON.stringify(value);
+}