agentaudit 3.12.7 → 3.12.9

package/README.md

@@ -11,7 +11,7 @@
 Scan MCP servers, AI skills, and packages for vulnerabilities, prompt injection,
 and supply chain attacks. Powered by regex static analysis and deep LLM audits.
 
-[![AgentAudit](https://www.agentaudit.dev/api/badge/agentaudit-mcp)](https://www.agentaudit.dev/skills/agentaudit-mcp)
+[![AgentAudit](https://www.agentaudit.dev/api/badge/agentaudit-mcp)](https://www.agentaudit.dev/packages/agentaudit-mcp)
 [![npm version](https://img.shields.io/npm/v/agentaudit?style=for-the-badge&color=CB3837&logo=npm)](https://www.npmjs.com/package/agentaudit)
 [![Trust Registry](https://img.shields.io/badge/Trust_Registry-Live-00C853?style=for-the-badge)](https://agentaudit.dev)
 [![License](https://img.shields.io/badge/License-AGPL_3.0-F9A825?style=for-the-badge)](LICENSE)
@@ -77,7 +77,7 @@ agentaudit lookup fastmcp
 
 **Example output:**
 ```
-  ⛨ AgentAudit v3.10.4  │  my-scanner #3 · 280pts · 19 audits
+  ⛨ AgentAudit v3.12.9  │  my-scanner #3 · 280pts · 19 audits
 
   Discovering MCP servers in your AI editors...
 
@@ -227,7 +227,7 @@ Then ask your agent: *"Check which MCP servers I have installed and audit any un
 | Command | Alias | Description |
 |---------|-------|-------------|
 | `agentaudit model` | — | Interactive LLM provider + model configuration |
-| `agentaudit setup` | — | Register agent + configure API key for registry uploads |
+| `agentaudit setup` | `login` | Sign in with GitHub OAuth or paste API key manually |
 | `agentaudit status` | `whoami` | Show current config, API keys, and personal stats |
 
 ### Global Flags
@@ -481,7 +481,7 @@ agentaudit search fastmcp --json    # Machine-readable search results
 
 AgentAudit stores credentials in `~/.config/agentaudit/credentials.json` (or `$XDG_CONFIG_HOME/agentaudit/credentials.json`).
 
-Run `agentaudit setup` to configure interactively, or set via environment:
+Run `agentaudit setup` to sign in with GitHub or paste an API key, or set via environment:
 
 ```bash
 export AGENTAUDIT_API_KEY=asf_your_key_here
@@ -595,10 +595,10 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
 | | Project | Description |
 |---|---------|-------------|
 | 🌐 | [agentaudit.dev](https://agentaudit.dev) | Trust Registry -- browse packages, findings, leaderboard |
-| 🛡️ | [agentaudit-skill](https://github.com/starbuck100/agentaudit-skill) | Agent Skill -- pre-install security gate for Claude Code, Cursor, Windsurf |
-| ⚡ | [agentaudit-github-action](https://github.com/ecap0-ai/agentaudit-github-action) | GitHub Action -- CI/CD security scanning |
-| 📚 | [agentaudit-mcp](https://github.com/ecap0-ai/agentaudit-mcp) | This repo -- CLI + MCP server source |
-| 🐛 | [Report Issues](https://github.com/ecap0-ai/agentaudit-mcp/issues) | Bug reports and feature requests |
+| 🛡️ | [agentaudit-skill](https://github.com/agentaudit-dev/agentaudit-skill) | Agent Skill -- pre-install security gate for Claude Code, Cursor, Windsurf |
+| ⚡ | [agentaudit-github-action](https://github.com/agentaudit-dev/agentaudit-github-action) | GitHub Action -- CI/CD security scanning |
+| 📚 | [agentaudit-cli](https://github.com/agentaudit-dev/agentaudit-cli) | This repo -- CLI + MCP server source |
+| 🐛 | [Report Issues](https://github.com/agentaudit-dev/agentaudit-cli/issues) | Bug reports and feature requests |
 
 ---
 
@@ -612,6 +612,6 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
 
 **Protect your AI stack. Scan before you trust.**
 
-[Trust Registry](https://agentaudit.dev) · [Leaderboard](https://agentaudit.dev/leaderboard) · [Report Issues](https://github.com/ecap0-ai/agentaudit-mcp/issues)
+[Trust Registry](https://agentaudit.dev) · [Leaderboard](https://agentaudit.dev/leaderboard) · [Report Issues](https://github.com/agentaudit-dev/agentaudit-cli/issues)
 
 </div>

package/cli.mjs

@@ -516,12 +516,12 @@ async function validateApiKey(apiKey) {
 
 async function setupCommand() {
   console.log(`  ${c.bold}AgentAudit Setup${c.reset}`);
-  console.log(`  ${c.dim}Link your API key to upload audit reports to agentaudit.dev${c.reset}`);
+  console.log(`  ${c.dim}Sign in to upload audit reports to agentaudit.dev${c.reset}`);
   console.log();
 
   const existing = loadCredentials();
   if (existing) {
-    console.log(`  ${icons.safe}  Already configured as ${c.bold}${existing.agent_name}${c.reset}`);
+    console.log(`  ${icons.safe}  Already logged in as ${c.bold}${existing.agent_name}${c.reset}`);
     console.log(`  ${c.dim}Key: ${existing.api_key.slice(0, 12)}...${c.reset}`);
     console.log();
     const answer = await askQuestion(`  Reconfigure? ${c.dim}(y/N)${c.reset} `);
@@ -532,6 +532,25 @@ async function setupCommand() {
     console.log();
   }
 
+  // Offer choice: GitHub OAuth (recommended) or manual API key
+  console.log(`  ${c.bold}How do you want to sign in?${c.reset}`);
+  console.log();
+  console.log(`  ${c.cyan}1${c.reset}  Sign in with GitHub ${c.dim}(recommended — opens browser)${c.reset}`);
+  console.log(`  ${c.cyan}2${c.reset}  Paste an API key manually ${c.dim}(from ${REGISTRY_URL}/profile)${c.reset}`);
+  console.log();
+  const choice = await askQuestion(`  Choice ${c.dim}(1/2, default: 1):${c.reset} `);
+  console.log();
+
+  if (choice.trim() === '2') {
+    // ── Manual API key flow ──
+    await setupManualKey();
+  } else {
+    // ── GitHub OAuth Device Flow (default) ──
+    await loginCommand();
+  }
+}
+
+async function setupManualKey() {
   console.log(`  ${c.bold}Step 1:${c.reset} Create an API key at ${c.cyan}${REGISTRY_URL}/profile${c.reset}`);
   console.log(`  ${c.dim}Sign in with GitHub, then click "Create API Key".${c.reset}`);
   console.log();
@@ -556,6 +575,10 @@ async function setupCommand() {
     return;
   }
 
+  setupReadyMessage();
+}
+
+function setupReadyMessage() {
   console.log();
 
   // ── LLM configuration hint ──
@@ -633,9 +656,14 @@ async function loginCommand() {
 
   // Try to auto-open browser
   try {
-    const openCmd = process.platform === 'darwin' ? 'open' : process.platform === 'win32' ? 'start' : 'xdg-open';
     const { exec } = await import('child_process');
-    exec(`${openCmd} "${verifyUrl}"`);
+    if (process.platform === 'darwin') {
+      exec(`open "${verifyUrl}"`);
+    } else if (process.platform === 'win32') {
+      exec(`start "" "${verifyUrl}"`);
+    } else {
+      exec(`xdg-open "${verifyUrl}"`);
+    }
     console.log(`  ${c.dim}(Browser should open automatically)${c.reset}`);
   } catch {}
 
@@ -658,14 +686,9 @@ async function loginCommand() {
       if (res.ok && data.api_key) {
         // Success!
         saveCredentials({ api_key: data.api_key, agent_name: data.agent_name });
-        console.log(`  ${c.green}${icons.safe}  Logged in as ${c.bold}${data.agent_name}${c.reset}`);
+        console.log(`\r  ${c.green}${icons.safe}  Logged in as ${c.bold}${data.agent_name}${c.reset}                `);
         console.log(`  ${c.dim}Key saved to: ${USER_CRED_FILE}${c.reset}`);
-        console.log();
-        console.log(`  ${c.bold}Ready!${c.reset} You can now:`);
-        console.log(`  ${c.dim}•${c.reset} Audit packages:   ${c.cyan}agentaudit audit <repo-url>${c.reset}`);
-        console.log(`  ${c.dim}•${c.reset} Quick scan:        ${c.cyan}agentaudit scan <repo-url>${c.reset}`);
-        console.log(`  ${c.dim}•${c.reset} Check registry:    ${c.cyan}agentaudit check <name>${c.reset}`);
-        console.log();
+        setupReadyMessage();
         return;
       }
 
@@ -4734,16 +4757,11 @@ async function main() {
 
   banner();
 
-  if (command === 'setup') {
+  if (command === 'setup' || command === 'login') {
     await setupCommand();
     return;
   }
 
-  if (command === 'login') {
-    await loginCommand();
-    return;
-  }
-
   if (command === 'status' || command === 'whoami') {
     // ── Status / diagnostic overview ──
     const config = loadLlmConfig();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.12.7",
+  "version": "3.12.9",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {
@@ -39,7 +39,7 @@
   "license": "AGPL-3.0",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/agentaudit-dev/agentaudit-mcp.git"
+    "url": "git+https://github.com/agentaudit-dev/agentaudit-cli.git"
   },
   "homepage": "https://agentaudit.dev",
   "engines": {