agentaudit 3.8.0 → 3.9.1

package/README.md

@@ -2,26 +2,93 @@
 
 # 🛡️ AgentAudit
 
-**Security scanner for AI packages**
+**Security scanner for AI packages — MCP server + CLI**
 
-Scan MCP servers, agent skills, and AI tools for vulnerabilities.  
-MCP server for agents + standalone CLI for humans.
+Scan MCP servers, AI skills, and packages for vulnerabilities, prompt injection,
+and supply chain attacks. Powered by regex static analysis and deep LLM audits.
 
-[![npm](https://img.shields.io/npm/v/agentaudit?style=flat-square&color=00C853)](https://www.npmjs.com/package/agentaudit)
-[![Registry](https://img.shields.io/badge/Registry-agentaudit.dev-00C853?style=flat-square)](https://agentaudit.dev)
-[![License](https://img.shields.io/badge/License-AGPL_3.0-F9A825?style=flat-square)](LICENSE)
+[![npm version](https://img.shields.io/npm/v/agentaudit?style=for-the-badge&color=CB3837&logo=npm)](https://www.npmjs.com/package/agentaudit)
+[![Trust Registry](https://img.shields.io/badge/Trust_Registry-Live-00C853?style=for-the-badge)](https://agentaudit.dev)
+[![License](https://img.shields.io/badge/License-AGPL_3.0-F9A825?style=for-the-badge)](LICENSE)
 
 </div>
 
 ---
 
-## Getting Started
+## 📑 Table of Contents
+
+- [What is AgentAudit?](#what-is-agentaudit)
+- [Quick Start](#-quick-start)
+- [Commands Reference](#-commands-reference)
+- [Quick Scan vs Deep Audit](#-quick-scan-vs-deep-audit)
+- [MCP Server](#-mcp-server)
+- [What It Detects](#-what-it-detects)
+- [How the 3-Pass Audit Works](#-how-the-3-pass-audit-works)
+- [CI/CD Integration](#-cicd-integration)
+- [Configuration](#-configuration)
+- [Requirements](#-requirements)
+- [FAQ](#-faq)
+- [Related Links](#-related-links)
+- [License](#-license)
 
-There are two ways to use AgentAudit:
+---
+
+## What is AgentAudit?
+
+AgentAudit is a security scanner purpose-built for the AI package ecosystem. It works in two modes:
+
+1. **CLI tool** — Run `agentaudit` in your terminal to discover and scan MCP servers installed in your AI editors
+2. **MCP server** — Add to Claude Desktop, Cursor, or Windsurf so your AI agent can audit packages on your behalf
+
+It checks packages against the [AgentAudit Trust Registry](https://agentaudit.dev) — a shared, community-driven database of security findings — and can perform local scans ranging from fast regex analysis to deep LLM-powered 3-pass audits.
+
+---
+
+## 🚀 Quick Start
+
+### Option A: CLI (recommended)
+
+```bash
+# Install globally
+npm install -g agentaudit
+
+# Discover MCP servers in your AI editors
+agentaudit
+
+# Quick scan a specific repo
+agentaudit scan https://github.com/owner/repo
+
+# Deep LLM-powered audit
+agentaudit audit https://github.com/owner/repo
+
+# Look up a package in the trust registry
+agentaudit lookup fastmcp
+```
+
+**Example output:**
+```
+  AgentAudit v3.9.0
+  Security scanner for AI packages
+
+  Discovering MCP servers in your AI editors...
 
-### Option A: MCP Server in your AI editor (recommended)
+•  Scanning Cursor  ~/.cursor/mcp.json    found 3 servers
 
-Add AgentAudit to Claude Desktop, Cursor, or Windsurf. **No API key needed** — your editor's agent runs audits using its own LLM.
+├──  tool   supabase-mcp              ✔ ok
+│   SAFE  Risk 0  https://agentaudit.dev/skills/supabase-mcp
+├──  tool   browser-tools-mcp         ✔ ok
+│   ⚠ not audited  Run: agentaudit audit https://github.com/nichochar/browser-tools-mcp
+└──  tool   filesystem                ✔ ok
+│   SAFE  Risk 0  https://agentaudit.dev/skills/filesystem
+
+  Looking for general package scanning? Try `pip audit` or `npm audit`.
+```
+
+### Option B: MCP Server in your editor
+
+Add to your MCP config:
+
+**Claude Desktop** (`~/.claude/mcp.json`), **Cursor** (`.cursor/mcp.json`), **Windsurf** (`~/.codeium/windsurf/mcp_config.json`):
 
 ```json
 {
@@ -34,223 +101,332 @@ Add AgentAudit to Claude Desktop, Cursor, or Windsurf. **No API key needed** —
 }
 ```
 
-Then just ask your agent: *"Check which MCP servers I have installed and audit any unaudited ones."*
+**VS Code** (`.vscode/mcp.json`):
 
-### Option B: CLI
+```json
+{
+  "servers": {
+    "agentaudit": {
+      "command": "npx",
+      "args": ["-y", "agentaudit"]
+    }
+  }
+}
+```
 
-```bash
-# Install
-npm install -g agentaudit    # or use npx agentaudit <command>
+Your AI agent can then use AgentAudit's tools to scan packages directly within your editor.
 
-# 1. Discover your MCP servers
-npx agentaudit discover
+---
 
-# 2. Audit unaudited packages (needs an LLM API key)
-export ANTHROPIC_API_KEY=sk-ant-...    # or OPENAI_API_KEY=sk-...
-npx agentaudit audit https://github.com/owner/repo
+## 📋 Commands Reference
+
+| Command | Description | Example |
+|---------|-------------|---------|
+| `agentaudit` | Discover MCP servers (default, same as `discover`) | `agentaudit` |
+| `agentaudit discover` | Find MCP servers in Cursor, Claude, VS Code, Windsurf | `agentaudit discover` |
+| `agentaudit discover --quick` | Discover + auto-scan all servers | `agentaudit discover --quick` |
+| `agentaudit discover --deep` | Discover + interactively select servers to deep-audit | `agentaudit discover --deep` |
+| `agentaudit scan <url>` | Quick regex-based static scan (~2s) | `agentaudit scan https://github.com/owner/repo` |
+| `agentaudit scan <url> --deep` | Deep audit (same as `audit`) | `agentaudit scan https://github.com/owner/repo --deep` |
+| `agentaudit audit <url>` | Deep LLM-powered 3-pass audit (~30s) | `agentaudit audit https://github.com/owner/repo` |
+| `agentaudit lookup <name>` | Look up package in trust registry | `agentaudit lookup fastmcp` |
+| `agentaudit setup` | Register agent + configure API key | `agentaudit setup` |
+
+### Global Flags
+
+| Flag | Description |
+|------|-------------|
+| `--json` | Output machine-readable JSON to stdout |
+| `--quiet` / `-q` | Suppress banner and decorative output (show findings only) |
+| `--no-color` | Disable ANSI colors (also respects `NO_COLOR` env var) |
+| `--help` / `-h` | Show help text |
+| `-v` / `--version` | Show version |
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| `0` | Clean — no findings detected, or successful lookup |
+| `1` | Findings detected |
+| `2` | Error (clone failed, network error, invalid args) |
 
-# 3. (Optional) Register to upload reports to the public registry
-npx agentaudit setup
-```
+---
 
-> **Note:** The `audit` command requires an LLM API key (`ANTHROPIC_API_KEY` or `OPENAI_API_KEY`) to analyze code. The `discover`, `scan`, and `check` commands work without one. If you don't have an API key, use `--export` to generate a markdown file you can paste into any LLM, or use AgentAudit as an MCP server (Option A) where no extra key is needed.
+## ⚖️ Quick Scan vs Deep Audit
 
-### Quick example
+| | Quick Scan (`scan`) | Deep Audit (`audit`) |
+|---|---------------------|---------------------|
+| **Speed** | ~2 seconds | ~30 seconds |
+| **Method** | Regex pattern matching | LLM-powered 3-pass analysis |
+| **API key needed** | No | Yes (`ANTHROPIC_API_KEY` or `OPENAI_API_KEY`) |
+| **False positives** | Higher (regex limitations) | Very low (context-aware) |
+| **Detects** | Common patterns (injection, secrets, eval) | Complex attack chains, AI-specific threats, obfuscation |
+| **Best for** | Quick triage, CI pipelines | Critical packages, pre-production review |
 
-```
-$ npx agentaudit discover
+**Tip:** Use `agentaudit scan <url> --deep` to run a deep audit via the scan command.
 
-  AgentAudit v3.3.0
-  Security scanner for AI packages
+---
 
-•  Scanning Claude Desktop  ~/.claude/mcp.json    found 2 servers
+## 🔌 MCP Server
 
-├──  fastmcp-demo       npm:fastmcp
-│    SAFE  Risk 0  ✔ official  https://agentaudit.dev/skills/fastmcp
-└──  my-tool            npm:some-mcp-tool
-     ⚠ not audited      Run: agentaudit audit https://github.com/user/some-mcp-tool
+When running as an MCP server, AgentAudit exposes the following tools to your AI agent:
 
-  Summary  2 servers across 1 config
+| Tool | Description |
+|------|-------------|
+| `audit_package` | Deep LLM-powered audit of a repository |
+| `check_registry` | Look up a package in the trust registry |
+| `submit_report` | Upload audit findings to the registry |
+| `discover_servers` | Find MCP servers in local editor configs |
 
-  ✔  1 audited
-  ⚠  1 not audited
+### Workflow
 
-  To audit unaudited servers:
-  agentaudit audit https://github.com/user/some-mcp-tool  (my-tool)
+```
+User asks agent to install a package
+         │
+         ▼
+Agent calls check_registry(package_name)
+         │
+    ┌────┴────┐
+    │         │
+  Found    Not Found
+    │         │
+    ▼         ▼
+ Return    Agent calls audit_package(repo_url)
+ score        │
+              ▼
+         LLM analyzes code (3-pass)
+              │
+              ▼
+         Agent calls submit_report(findings)
+              │
+              ▼
+         Return findings + risk score
 ```
 
 ---
 
-## Commands
+## 🎯 What It Detects
 
-| Command | What it does | Speed |
-|---------|-------------|-------|
-| `discover` | Find local MCP servers + check registry | ⚡ instant |
-| `check <name>` | Look up a package in the registry | ⚡ instant |
-| `scan <url>` | Quick static analysis (regex-based, local) | 🔵 ~2s |
-| `audit <url>` | **Deep LLM-powered security audit** | 🔴 ~30s |
-| `setup` | Register + configure API key | interactive |
+<table>
+<tr>
+<td>
 
-### `scan` vs `audit`
+**Core Security**
 
-| | `scan` | `audit` |
-|--|--------|---------|
-| **How** | Regex pattern matching | LLM 3-pass: UNDERSTAND → DETECT → CLASSIFY |
-| **Speed** | ~2 seconds | ~30 seconds |
-| **Depth** | Surface-level patterns | Semantic code understanding |
-| **Needs LLM API key** | No | Yes (`ANTHROPIC_API_KEY` or `OPENAI_API_KEY`) |
-| **Uploads to registry** | No | Yes (with `agentaudit setup`) |
+![Command Injection](https://img.shields.io/badge/-Command_Injection-E53935?style=flat-square)
+![Credential Theft](https://img.shields.io/badge/-Credential_Theft-E53935?style=flat-square)
+![Data Exfiltration](https://img.shields.io/badge/-Data_Exfiltration-E53935?style=flat-square)
+![SQL Injection](https://img.shields.io/badge/-SQL_Injection-E53935?style=flat-square)
+![Path Traversal](https://img.shields.io/badge/-Path_Traversal-E53935?style=flat-square)
+![Unsafe Deserialization](https://img.shields.io/badge/-Unsafe_Deserialization-E53935?style=flat-square)
 
-### Examples
+</td>
+<td>
 
-```bash
-# Discover all MCP servers on your machine
-npx agentaudit discover
+**AI-Specific**
 
-# Quick static scan
-npx agentaudit scan https://github.com/owner/repo
+![Prompt Injection](https://img.shields.io/badge/-Prompt_Injection-7B1FA2?style=flat-square)
+![Jailbreak](https://img.shields.io/badge/-Jailbreak-7B1FA2?style=flat-square)
+![Agent Impersonation](https://img.shields.io/badge/-Agent_Impersonation-7B1FA2?style=flat-square)
+![Capability Escalation](https://img.shields.io/badge/-Capability_Escalation-7B1FA2?style=flat-square)
+![Context Pollution](https://img.shields.io/badge/-Context_Pollution-7B1FA2?style=flat-square)
+![Hidden Instructions](https://img.shields.io/badge/-Hidden_Instructions-7B1FA2?style=flat-square)
 
-# Deep LLM-powered audit
-export ANTHROPIC_API_KEY=sk-ant-...
-npx agentaudit audit https://github.com/owner/repo
+</td>
+</tr>
+<tr>
+<td>
 
-# Export code + audit prompt for manual LLM review
-npx agentaudit audit https://github.com/owner/repo --export
+**MCP-Specific**
 
-# Registry lookup
-npx agentaudit check fastmcp
+![Tool Poisoning](https://img.shields.io/badge/-Tool_Poisoning-FF6F00?style=flat-square)
+![Desc Injection](https://img.shields.io/badge/-Desc_Injection-FF6F00?style=flat-square)
+![Resource Traversal](https://img.shields.io/badge/-Resource_Traversal-FF6F00?style=flat-square)
+![Unpinned npx](https://img.shields.io/badge/-Unpinned_npx-FF6F00?style=flat-square)
+![Broad Permissions](https://img.shields.io/badge/-Broad_Permissions-FF6F00?style=flat-square)
 
-# Register for an API key (free)
-npx agentaudit setup
-```
+</td>
+<td>
+
+**Persistence & Obfuscation**
+
+![Crontab Mod](https://img.shields.io/badge/-Crontab_Mod-455A64?style=flat-square)
+![Shell RC Inject](https://img.shields.io/badge/-Shell_RC_Inject-455A64?style=flat-square)
+![Git Hook Abuse](https://img.shields.io/badge/-Git_Hook_Abuse-455A64?style=flat-square)
+![Zero-Width Chars](https://img.shields.io/badge/-Zero--Width_Chars-455A64?style=flat-square)
+![Base64 Exec](https://img.shields.io/badge/-Base64_Exec-455A64?style=flat-square)
+![ANSI Escape](https://img.shields.io/badge/-ANSI_Escape-455A64?style=flat-square)
+
+</td>
+</tr>
+</table>
 
 ---
 
-## MCP Server
+## 🧠 How the 3-Pass Audit Works
 
-Add AgentAudit to your AI editor. Your agent gets 4 tools:
+The deep audit (`agentaudit audit`) uses a structured 3-phase LLM analysis — not a single-shot prompt, but a rigorous multi-pass process:
 
-| MCP Tool | Description |
-|----------|-------------|
-| `discover_servers` | Find all locally installed MCP servers, check registry status |
-| `audit_package` | Clone a repo → return source code + audit prompt → you analyze → `submit_report` |
-| `submit_report` | Upload your audit report to [agentaudit.dev](https://agentaudit.dev) |
-| `check_package` | Quick registry lookup for a package |
+| Phase | Name | What Happens |
+|-------|------|-------------|
+| **1** | 🔍 **UNDERSTAND** | Read all files and build a **Package Profile**: purpose, category, expected behaviors, trust boundaries. No scanning yet — the goal is to understand what the package *should* do before looking for what it *shouldn't*. |
+| **2** | 🎯 **DETECT** | Evidence collection against **50+ detection patterns** across 8 categories (AI-specific, MCP, persistence, obfuscation, cross-file correlation). Only facts are recorded — no severity judgments yet. |
+| **3** | ⚖️ **CLASSIFY** | Every finding goes through a **Mandatory Self-Check** (5 questions), **Exploitability Assessment**, and **Confidence Gating**. HIGH/CRITICAL findings must survive a **Devil's Advocate** challenge and include a full **Reasoning Chain**. |
 
-### Setup
+**Why 3 passes?** Single-pass analysis is the #1 cause of false positives. By separating understanding → detection → classification:
 
-One-line config — works with `npx`, no manual clone needed:
+- Phase 1 prevents flagging core functionality as suspicious (e.g., SQL execution in a database tool)
+- Phase 2 ensures evidence is collected without severity bias
+- Phase 3 catches false positives before they reach the report
 
-**Claude Desktop** (`~/.claude/mcp.json`):
-```json
-{
-  "mcpServers": {
-    "agentaudit": {
-      "command": "npx",
-      "args": ["-y", "agentaudit"]
-    }
-  }
-}
+This architecture achieved **0% false positives** on our 11-package test set, down from 42% in v2.
+
+---
+
+## 🔄 CI/CD Integration
+
+AgentAudit is designed for CI pipelines with proper exit codes and JSON output:
+
+```yaml
+# GitHub Actions example
+- name: Scan MCP servers
+  run: |
+    npx agentaudit scan https://github.com/org/mcp-server --json --quiet > results.json
+    # Exit code 1 = findings detected → fail the build
 ```
 
-**Cursor** (`.cursor/mcp.json`):
-```json
-{
-  "mcpServers": {
-    "agentaudit": {
-      "command": "npx",
-      "args": ["-y", "agentaudit"]
-    }
-  }
-}
+```bash
+# Shell scripting
+agentaudit scan https://github.com/owner/repo --json --quiet 2>/dev/null
+if [ $? -eq 1 ]; then
+  echo "Security findings detected!"
+  exit 1
+fi
+```
+
+### JSON Output Examples
+
+```bash
+# Scan with JSON output
+agentaudit scan https://github.com/owner/repo --json
 ```
 
-**Windsurf** (`~/.codeium/windsurf/mcp_config.json`):
 ```json
 {
-  "mcpServers": {
-    "agentaudit": {
-      "command": "npx",
-      "args": ["-y", "agentaudit"]
+  "slug": "repo",
+  "url": "https://github.com/owner/repo",
+  "findings": [
+    {
+      "severity": "high",
+      "title": "Command injection risk",
+      "file": "src/handler.js",
+      "line": 42,
+      "snippet": "exec(`git ${userInput}`)"
     }
-  }
+  ],
+  "fileCount": 15,
+  "duration": "1.8s"
 }
 ```
 
-### How an audit works via MCP
-
+```bash
+# Registry lookup with JSON
+agentaudit lookup fastmcp --json
 ```
-You: "Audit the blender-mcp server"
-                ↓
-Agent calls discover_servers → finds blender-mcp
-                ↓
-Agent calls check_package("blender-mcp") → not in registry
-                ↓
-Agent calls audit_package("https://github.com/user/blender-mcp")
-                ↓
-MCP server clones repo, returns source code + audit methodology
-                ↓
-Agent's LLM analyzes code (3-pass: UNDERSTAND → DETECT → CLASSIFY)
-                ↓
-Agent calls submit_report(findings_json)
-                ↓
-Report published at agentaudit.dev/skills/blender-mcp
+
+> **Coming soon:** `--fail-on <severity>` flag to set minimum severity threshold for non-zero exit (e.g., `--fail-on high` ignores low/medium findings).
+
+---
+
+## ⚙️ Configuration
+
+### Credentials
+
+AgentAudit stores credentials in `~/.config/agentaudit/credentials.json` (or `$XDG_CONFIG_HOME/agentaudit/credentials.json`).
+
+Run `agentaudit setup` to configure interactively, or set via environment:
+
+```bash
+export AGENTAUDIT_API_KEY=asf_your_key_here
 ```
 
-### Authentication
+### Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `AGENTAUDIT_API_KEY` | API key for registry access |
+| `ANTHROPIC_API_KEY` | Anthropic API key for deep audits (Claude) |
+| `OPENAI_API_KEY` | OpenAI API key for deep audits (GPT-4o) |
+| `NO_COLOR` | Disable ANSI colors ([no-color.org](https://no-color.org)) |
 
-Run `npx agentaudit setup` once. Both CLI and MCP server find credentials automatically:
+---
 
-1. `AGENTAUDIT_API_KEY` environment variable
-2. `~/.config/agentaudit/credentials.json` (created by `setup`)
+## 📦 Requirements
 
-**`discover`, `scan`, and `check` work without a key.** Only `audit`/`submit_report` need one.
+- **Node.js** ≥ 18.0.0
+- **Git** (for cloning repositories during scan/audit)
 
 ---
 
-## What it detects
+## ❓ FAQ
+
+### How do I set up AgentAudit?
+
+```bash
+npm install -g agentaudit
+agentaudit setup
+```
+
+Or use without installing: `npx agentaudit`
+
+### Do I need an API key?
 
-### Static scan (`scan`)
+- **Quick scan** (`scan`): No API key needed — runs locally with regex
+- **Deep audit** (`audit`): Needs `ANTHROPIC_API_KEY` or `OPENAI_API_KEY`
+- **Registry lookup** (`lookup`): No key needed for reading; key needed for uploading reports
+- **MCP server**: No extra key needed — uses the host editor's LLM
 
-- 🔴 Prompt injection & tool poisoning
-- 🔴 Shell command injection
-- 🔴 SQL injection
-- 🔴 Unsafe deserialization (pickle, YAML)
-- 🟡 Hardcoded secrets
-- 🟡 SSL/TLS verification disabled
-- 🟡 Path traversal
-- 🔵 Wildcard CORS
-- 🔵 Undisclosed telemetry
+### What data is sent externally?
 
-### Deep audit (`audit` / MCP `audit_package`)
+- **Registry lookups**: Package name/slug is sent to `agentaudit.dev` to check for existing audits
+- **Report uploads**: Audit findings are uploaded to the public registry (requires API key)
+- **Deep audits**: Source code is sent to Anthropic or OpenAI for LLM analysis
+- **Quick scans**: Everything stays local — no data leaves your machine
 
-Everything above, plus:
+### Can I use it offline?
 
-- 🔴 Multi-file attack chains (credential harvest → exfiltration)
-- 🔴 Agent manipulation (impersonation, capability escalation, jailbreaks)
-- 🔴 MCP-specific: tool description injection, resource traversal, unpinned npx
-- 🟡 Persistence mechanisms (crontab, shell RC, git hooks, systemd)
-- 🟡 Obfuscation (base64 exec, zero-width chars, ANSI escapes)
-- 🟡 Context pollution & indirect prompt injection
+Quick scans (`agentaudit scan`) work fully offline after cloning. Registry lookups and deep audits require network access.
 
-50+ detection patterns across 8 categories. [Full pattern list →](https://github.com/starbuck100/agentaudit-skill)
+### Can I use it as an MCP server without the CLI?
+
+Yes! `npx agentaudit` starts the MCP server when invoked by an editor. The CLI and MCP server are the same package — behavior is determined by how it's called.
+
+### How does `discover` know which editors I use?
+
+It checks standard config file locations for Claude Desktop, Cursor, VS Code, and Windsurf. It also checks the current working directory for project-level `.cursor/mcp.json` and `.vscode/mcp.json`.
 
 ---
 
-## Requirements
+## 🔗 Related Links
 
-- **Node.js 18+**
-- **Git** (for cloning repos)
+- **Trust Registry**: [agentaudit.dev](https://agentaudit.dev)
+- **Leaderboard**: [agentaudit.dev/leaderboard](https://agentaudit.dev/leaderboard)
+- **Skill Repository**: [github.com/starbuck100/agentaudit-skill](https://github.com/starbuck100/agentaudit-skill)
+- **MCP Server Repository**: [github.com/starbuck100/agentaudit-mcp](https://github.com/starbuck100/agentaudit-mcp)
+- **Report Issues**: [GitHub Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
 
 ---
 
-## Related
+## 📄 License
 
-- **[agentaudit.dev](https://agentaudit.dev)** — Trust registry with 400+ audit reports
-- **[agentaudit-skill](https://github.com/starbuck100/agentaudit-skill)** — Full agent skill with gate scripts, detection patterns & peer review system
+[AGPL-3.0](LICENSE) — Free for open source use. Commercial license available for proprietary integrations.
 
 ---
 
-## License
+<div align="center">
 
-[AGPL-3.0](LICENSE)
+**Protect your AI stack. Scan before you trust.**
+
+[Trust Registry](https://agentaudit.dev) · [Leaderboard](https://agentaudit.dev/leaderboard) · [Report Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
+
+</div>

package/cli.mjs

@@ -1,16 +1,16 @@
 #!/usr/bin/env node
 /**
- * AgentAudit CLI — Beautiful terminal output for security audits
+ * AgentAudit CLI — Security scanner for AI packages
  * 
  * Usage:
- *   agentaudit setup                              Interactive setup (register + API key)
- *   agentaudit scan <repo-url> [repo-url...]       Scan repositories
- *   agentaudit check <package-name>                Look up in registry
+ *   agentaudit                                     Discover local MCP servers
+ *   agentaudit discover [--quick|--deep]            Find MCP servers in AI editors
+ *   agentaudit scan <repo-url> [--deep]             Quick scan (or deep audit with --deep)
+ *   agentaudit audit <repo-url>                     Deep LLM-powered security audit
+ *   agentaudit lookup <name>                        Look up package in registry
+ *   agentaudit setup                                Register + configure API key
  * 
- * Examples:
- *   agentaudit setup
- *   agentaudit scan https://github.com/owner/repo
- *   agentaudit scan repo1 repo2 repo3
+ * Global flags: --json, --quiet, --no-color
  */
 
 import fs from 'fs';
@@ -24,9 +24,19 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const SKILL_DIR = path.resolve(__dirname);
 const REGISTRY_URL = 'https://agentaudit.dev';
 
-// ── ANSI Colors ──────────────────────────────────────────
+// ── Global flags (set in main before command routing) ────
+let jsonMode = false;
+let quietMode = false;
 
-const c = {
+// ── ANSI Colors (respects NO_COLOR and --no-color) ───────
+
+const noColor = !!(process.env.NO_COLOR || process.argv.includes('--no-color'));
+
+const c = noColor ? {
+  reset: '', bold: '', dim: '', red: '', green: '', yellow: '',
+  blue: '', magenta: '', cyan: '', white: '', gray: '',
+  bgRed: '', bgGreen: '', bgYellow: '',
+} : {
   reset: '\x1b[0m',
   bold: '\x1b[1m',
   dim: '\x1b[2m',
@@ -145,7 +155,7 @@ function multiSelect(items, { title = 'Select items', hint = 'Space=toggle  ↑
         process.stdin.pause();
         process.stdin.removeListener('data', onData);
         console.log();
-        process.exit(0);
+        process.exitCode = 0; return;
       }
       
       // Enter
@@ -281,6 +291,7 @@ function getVersion() {
 }
 
 function banner() {
+  if (quietMode || jsonMode) return;
   console.log();
   console.log(`  ${c.bold}${c.cyan}AgentAudit${c.reset} ${c.dim}v${getVersion()}${c.reset}`);
   console.log(`  ${c.dim}Security scanner for AI packages${c.reset}`);
@@ -576,8 +587,30 @@ async function checkRegistry(slug) {
 // ── Print results ───────────────────────────────────────
 
 function printScanResult(url, info, files, findings, registryData, duration) {
+  if (jsonMode) return; // JSON mode handles output separately
+  
   const slug = slugFromUrl(url);
   
+  // Quiet mode: compact one-line-per-package output
+  if (quietMode) {
+    if (findings.length > 0) {
+      const bySev = {};
+      for (const f of findings) { bySev[f.severity] = (bySev[f.severity] || 0) + 1; }
+      const sevStr = Object.entries(bySev).map(([s, n]) => {
+        const sc = severityColor(s);
+        return `${sc}${n} ${s}${c.reset}`;
+      }).join(', ');
+      console.log(`${icons.caution}  ${c.bold}${slug}${c.reset}  ${findings.length} findings (${sevStr})  ${c.dim}${duration}${c.reset}`);
+      for (const f of findings) {
+        const sc = severityColor(f.severity);
+        console.log(`   ${severityIcon(f.severity)} ${sc}${f.severity.toUpperCase().padEnd(8)}${c.reset} ${f.title}  ${c.dim}${f.file}:${f.line}${c.reset}`);
+      }
+    } else {
+      console.log(`${icons.safe}  ${c.bold}${slug}${c.reset}  ${c.green}clean${c.reset}  ${c.dim}${files.length} files, ${duration}${c.reset}`);
+    }
+    return;
+  }
+  
   // Header
   console.log(`${icons.scan}  ${c.bold}${slug}${c.reset}  ${c.dim}${url}${c.reset}`);
   console.log(`${icons.pipe}  ${c.dim}${info.language} ${info.type}${c.reset}  ${c.dim}${files.length} files scanned in ${duration}${c.reset}`);
@@ -676,7 +709,7 @@ async function scanRepo(url) {
   const start = Date.now();
   const slug = slugFromUrl(url);
   
-  process.stdout.write(`${icons.scan}  Scanning ${c.bold}${slug}${c.reset} ${c.dim}...${c.reset}`);
+  if (!jsonMode) process.stdout.write(`${icons.scan}  Scanning ${c.bold}${slug}${c.reset} ${c.dim}...${c.reset}`);
   
   // Clone
   const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'agentaudit-'));
@@ -687,10 +720,12 @@ async function scanRepo(url) {
       stdio: 'pipe',
     });
   } catch (err) {
-    process.stdout.write(`  ${c.red}✖ clone failed${c.reset}\n`);
-    const msg = err.stderr?.toString().trim() || err.message?.split('\n')[0] || '';
-    if (msg) console.log(`    ${c.dim}${msg}${c.reset}`);
-    console.log(`    ${c.dim}Make sure git is installed and the URL is accessible.${c.reset}`);
+    if (!jsonMode) {
+      process.stdout.write(`  ${c.red}✖ clone failed${c.reset}\n`);
+      const msg = err.stderr?.toString().trim() || err.message?.split('\n')[0] || '';
+      if (msg) console.log(`    ${c.dim}${msg}${c.reset}`);
+      console.log(`    ${c.dim}Make sure git is installed and the URL is accessible.${c.reset}`);
+    }
     return null;
   }
   
@@ -711,11 +746,13 @@ async function scanRepo(url) {
   
   const duration = elapsed(start);
   
-  // Clear the "Scanning..." line
-  process.stdout.write('\r\x1b[K');
-  
-  // Print result
-  printScanResult(url, info, files, findings, registryData, duration);
+  if (!jsonMode) {
+    // Clear the "Scanning..." line
+    process.stdout.write('\r\x1b[K');
+    
+    // Print result
+    printScanResult(url, info, files, findings, registryData, duration);
+  }
   
   return { slug, url, info, files: files.length, findings, registryData, duration };
 }
@@ -941,8 +978,10 @@ async function discoverCommand(options = {}) {
   const autoScan = options.scan || false;
   const interactiveAudit = options.audit || false;
   
-  console.log(`  ${c.bold}Discovering local MCP servers...${c.reset}`);
-  console.log();
+  if (!jsonMode) {
+    console.log(`  ${c.bold}Discovering MCP servers in your AI editors...${c.reset}`);
+    console.log();
+  }
   
   const configs = findMcpConfigs();
   
@@ -1096,10 +1135,10 @@ async function discoverCommand(options = {}) {
         console.log();
         if (serversWithFindings > 0) {
           console.log(`  ${c.yellow}${serversWithFindings}/${scanResults.length} server${scanResults.length !== 1 ? 's' : ''} with findings (${totalFindings} total)${c.reset}`);
-          console.log(`  ${c.dim}Run ${c.cyan}agentaudit audit <url>${c.dim} for deep LLM analysis on flagged servers${c.reset}`);
+          console.log(`  ${c.dim}Run ${c.cyan}agentaudit scan <url> --deep${c.dim} for deep LLM analysis on flagged servers${c.reset}`);
         } else {
           console.log(`  ${c.green}All servers passed quick scan${c.reset}`);
-          console.log(`  ${c.dim}Run ${c.cyan}agentaudit audit <url>${c.dim} for thorough LLM-powered analysis${c.reset}`);
+          console.log(`  ${c.dim}Run ${c.cyan}agentaudit scan <url> --deep${c.dim} for thorough LLM-powered analysis${c.reset}`);
         }
         console.log();
       }
@@ -1157,8 +1196,13 @@ async function discoverCommand(options = {}) {
       console.log(`  ${c.cyan}agentaudit audit <source-url>${c.reset}`);
     }
     console.log();
-    console.log(`  ${c.dim}Or run ${c.cyan}agentaudit discover --scan${c.dim} to quick-scan all servers${c.reset}`);
-    console.log(`  ${c.dim}Or run ${c.cyan}agentaudit discover --audit${c.dim} to select & deep-audit interactively${c.reset}`);
+    console.log(`  ${c.dim}Or run ${c.cyan}agentaudit discover --quick${c.dim} to quick-scan all servers${c.reset}`);
+    console.log(`  ${c.dim}Or run ${c.cyan}agentaudit discover --deep${c.dim} to select & deep-audit interactively${c.reset}`);
+    console.log();
+  }
+  
+  if (!autoScan && !interactiveAudit && !jsonMode) {
+    console.log(`  ${c.dim}Looking for general package scanning? Try ${c.cyan}pip audit${c.dim} or ${c.cyan}npm audit${c.dim}.${c.reset}`);
     console.log();
   }
 }
@@ -1416,57 +1460,83 @@ async function auditRepo(url) {
 // ── Check command ───────────────────────────────────────
 
 async function checkPackage(name) {
-  console.log(`${icons.info}  Looking up ${c.bold}${name}${c.reset} in registry...`);
-  console.log();
+  if (!jsonMode) {
+    console.log(`${icons.info}  Looking up ${c.bold}${name}${c.reset} in registry...`);
+    console.log();
+  }
   
   const data = await checkRegistry(name);
   if (!data) {
-    console.log(`  ${c.yellow}Not found${c.reset} — package "${name}" hasn't been audited yet.`);
-    console.log(`  ${c.dim}Run: agentaudit audit <repo-url> for a deep LLM audit${c.reset}`);
-    return;
+    if (!jsonMode) {
+      console.log(`  ${c.yellow}Not found${c.reset} — package "${name}" hasn't been audited yet.`);
+      console.log(`  ${c.dim}Run: agentaudit audit <repo-url> for a deep LLM audit${c.reset}`);
+    }
+    return null;
   }
   
-  const riskScore = data.risk_score ?? data.latest_risk_score ?? 0;
-  console.log(`  ${c.bold}${name}${c.reset}  ${riskBadge(riskScore)}`);
-  console.log(`  ${c.dim}Risk Score: ${riskScore}/100${c.reset}`);
-  if (data.source_url) console.log(`  ${c.dim}Source: ${data.source_url}${c.reset}`);
-  console.log(`  ${c.dim}Registry: ${REGISTRY_URL}/skills/${name}${c.reset}`);
-  if (data.has_official_audit) console.log(`  ${c.green}✔ Officially audited${c.reset}`);
-  console.log();
+  if (!jsonMode) {
+    const riskScore = data.risk_score ?? data.latest_risk_score ?? 0;
+    console.log(`  ${c.bold}${name}${c.reset}  ${riskBadge(riskScore)}`);
+    console.log(`  ${c.dim}Risk Score: ${riskScore}/100${c.reset}`);
+    if (data.source_url) console.log(`  ${c.dim}Source: ${data.source_url}${c.reset}`);
+    console.log(`  ${c.dim}Registry: ${REGISTRY_URL}/skills/${name}${c.reset}`);
+    if (data.has_official_audit) console.log(`  ${c.green}✔ Officially audited${c.reset}`);
+    console.log();
+  }
+  return data;
 }
 
 // ── Main ────────────────────────────────────────────────
 
 async function main() {
-  const args = process.argv.slice(2);
+  const rawArgs = process.argv.slice(2);
+  
+  // Parse global flags early
+  jsonMode = rawArgs.includes('--json');
+  quietMode = rawArgs.includes('--quiet') || rawArgs.includes('-q');
+  // --no-color already handled at top level for `c` object
+  
+  // Strip global flags from args
+  const globalFlags = new Set(['--json', '--quiet', '-q', '--no-color']);
+  const args = rawArgs.filter(a => !globalFlags.has(a));
   
   if (args[0] === '-v' || args[0] === '--version') {
     console.log(`agentaudit ${getVersion()}`);
-    process.exit(0);
+    process.exitCode = 0; return;
   }
   
-  if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
+  if (args[0] === '--help' || args[0] === '-h') {
     banner();
     console.log(`  ${c.bold}Commands:${c.reset}`);
     console.log();
-    console.log(`    ${c.cyan}agentaudit discover${c.reset}                         Find local MCP servers + check registry`);
-    console.log(`    ${c.cyan}agentaudit discover --scan${c.reset}                  Discover + auto-scan all servers`);
-    console.log(`    ${c.cyan}agentaudit discover --audit${c.reset}                 Discover + select servers to deep-audit`);
+    console.log(`    ${c.cyan}agentaudit${c.reset}                                   Discover MCP servers (same as discover)`);
+    console.log(`    ${c.cyan}agentaudit discover${c.reset}                          Find MCP servers in your AI editors (Cursor, Claude, VS Code, Windsurf)`);
+    console.log(`    ${c.cyan}agentaudit discover --quick${c.reset}                  Discover + auto-scan all servers`);
+    console.log(`    ${c.cyan}agentaudit discover --deep${c.reset}                   Discover + select servers to deep-audit`);
     console.log(`    ${c.cyan}agentaudit scan${c.reset} <url> [url...]               Quick static scan (regex, local)`);
+    console.log(`    ${c.cyan}agentaudit scan${c.reset} <url> ${c.dim}--deep${c.reset}                Deep audit (same as audit)`);
     console.log(`    ${c.cyan}agentaudit audit${c.reset} <url> [url...]              Deep LLM-powered security audit`);
-    console.log(`    ${c.cyan}agentaudit check${c.reset} <name>                      Look up package in registry`);
+    console.log(`    ${c.cyan}agentaudit lookup${c.reset} <name>                     Look up package in registry`);
     console.log(`    ${c.cyan}agentaudit setup${c.reset}                             Register + configure API key`);
     console.log();
-    console.log(`  ${c.bold}scan${c.reset} vs ${c.bold}audit${c.reset}:`);
+    console.log(`  ${c.bold}Global flags:${c.reset}`);
+    console.log(`    ${c.dim}--json       Output JSON to stdout (machine-readable)${c.reset}`);
+    console.log(`    ${c.dim}--quiet      Suppress banner and tree visualization${c.reset}`);
+    console.log(`    ${c.dim}--no-color   Disable ANSI colors (also: NO_COLOR env)${c.reset}`);
+    console.log();
+    console.log(`  ${c.bold}Quick Scan${c.reset} vs ${c.bold}Deep Audit${c.reset}:`);
     console.log(`    ${c.dim}scan  = fast regex-based static analysis (~2s)${c.reset}`);
     console.log(`    ${c.dim}audit = deep LLM analysis with 3-pass methodology (~30s)${c.reset}`);
     console.log();
+    console.log(`  ${c.bold}Exit codes:${c.reset}`);
+    console.log(`    ${c.dim}0 = clean / success    1 = findings detected    2 = error${c.reset}`);
+    console.log();
     console.log(`  ${c.bold}Examples:${c.reset}`);
-    console.log(`    agentaudit discover`);
-    console.log(`    agentaudit discover --scan`);
+    console.log(`    agentaudit`);
+    console.log(`    agentaudit discover --quick`);
     console.log(`    agentaudit scan https://github.com/owner/repo`);
     console.log(`    agentaudit audit https://github.com/owner/repo`);
-    console.log(`    agentaudit check fastmcp`);
+    console.log(`    agentaudit lookup fastmcp --json`);
     console.log();
     console.log(`  ${c.bold}For deep audits,${c.reset} set an LLM API key:`);
     if (process.platform === 'win32') {
@@ -1481,10 +1551,11 @@ async function main() {
     console.log(`    ${c.dim}Add to your MCP config:${c.reset}`);
     console.log(`    ${c.dim}{ "agentaudit": { "command": "npx", "args": ["-y", "agentaudit"] } }${c.reset}`);
     console.log();
-    process.exit(0);
+    process.exitCode = 0; return;
   }
   
-  const command = args[0];
+  // Default no-arg → discover
+  const command = args.length === 0 ? 'discover' : args[0];
   const targets = args.slice(1);
   
   banner();
@@ -1495,38 +1566,83 @@ async function main() {
   }
   
   if (command === 'discover') {
-    const scanFlag = targets.includes('--scan') || targets.includes('-s');
-    const auditFlag = targets.includes('--audit') || targets.includes('-a');
+    const scanFlag = targets.includes('--quick') || targets.includes('--scan') || targets.includes('-s');
+    const auditFlag = targets.includes('--deep') || targets.includes('--audit') || targets.includes('-a');
     await discoverCommand({ scan: scanFlag, audit: auditFlag });
     return;
   }
   
-  if (command === 'check') {
-    if (targets.length === 0) {
+  if (command === 'lookup' || command === 'check') {
+    const names = targets.filter(t => !t.startsWith('--'));
+    if (names.length === 0) {
       console.log(`  ${c.red}Error: package name required${c.reset}`);
-      process.exit(1);
+      process.exitCode = 2;
+      return;
+    }
+    const results = [];
+    for (const t of names) {
+      const data = await checkPackage(t);
+      results.push(data);
     }
-    for (const t of targets) await checkPackage(t);
+    if (jsonMode) {
+      console.log(JSON.stringify(results.length === 1 ? (results[0] || { error: 'not_found' }) : results, null, 2));
+    }
+    process.exitCode = 0; return;
     return;
   }
   
   if (command === 'scan') {
-    if (targets.length === 0) {
+    const deepFlag = targets.includes('--deep');
+    const urls = targets.filter(t => !t.startsWith('--'));
+    if (urls.length === 0) {
       console.log(`  ${c.red}Error: at least one repository URL required${c.reset}`);
       console.log(`  ${c.dim}Tip: use ${c.cyan}agentaudit discover${c.dim} to find & check locally installed MCP servers${c.reset}`);
       console.log(`  ${c.dim}Tip: use ${c.cyan}agentaudit audit <url>${c.dim} for a deep LLM-powered audit${c.reset}`);
-      process.exit(1);
+      process.exitCode = 2;
+      return;
+    }
+    
+    // --deep redirects to audit flow
+    if (deepFlag) {
+      let hasFindings = false;
+      for (const url of urls) {
+        const report = await auditRepo(url);
+        if (report?.findings?.length > 0) hasFindings = true;
+      }
+      process.exitCode = hasFindings ? 1 : 0;
+      return;
     }
     
     const results = [];
-    for (const url of targets) {
+    let hadErrors = false;
+    for (const url of urls) {
       const result = await scanRepo(url);
       if (result) results.push(result);
+      else hadErrors = true;
     }
     
-    if (results.length > 1) {
+    if (jsonMode) {
+      const jsonOut = results.map(r => ({
+        slug: r.slug,
+        url: r.url,
+        findings: r.findings.map(f => ({
+          severity: f.severity,
+          title: f.title,
+          file: f.file,
+          line: f.line,
+          snippet: f.snippet,
+        })),
+        fileCount: r.files,
+        duration: r.duration,
+      }));
+      console.log(JSON.stringify(jsonOut.length === 1 ? jsonOut[0] : jsonOut, null, 2));
+    } else if (results.length > 1) {
       printSummary(results);
     }
+    
+    if (hadErrors && results.length === 0) { process.exitCode = 2; return; }
+    const totalFindings = results.reduce((sum, r) => sum + r.findings.length, 0);
+    process.exitCode = totalFindings > 0 ? 1 : 0;
     return;
   }
   
@@ -1534,21 +1650,25 @@ async function main() {
     const urls = targets.filter(t => !t.startsWith('--'));
     if (urls.length === 0) {
       console.log(`  ${c.red}Error: at least one repository URL required${c.reset}`);
-      process.exit(1);
+      process.exitCode = 2;
+      return;
     }
     
+    let hasFindings = false;
     for (const url of urls) {
-      await auditRepo(url);
+      const report = await auditRepo(url);
+      if (report?.findings?.length > 0) hasFindings = true;
     }
+    process.exitCode = hasFindings ? 1 : 0;
     return;
   }
   
   console.log(`  ${c.red}Unknown command: ${command}${c.reset}`);
   console.log(`  ${c.dim}Run agentaudit --help for usage${c.reset}`);
-  process.exit(1);
+  process.exitCode = 2;
 }
 
 main().catch(err => {
   console.error(`${c.red}Error: ${err.message}${c.reset}`);
-  process.exit(1);
+  process.exitCode = 2;
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.8.0",
+  "version": "3.9.1",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {