agentaudit 3.9.0 → 3.9.2

package/README.md

@@ -46,22 +46,26 @@ It checks packages against the [AgentAudit Trust Registry](https://agentaudit.de
 
 ## 🚀 Quick Start
 
+<p align="center">
+<img src="docs/cli-screenshot.png" alt="AgentAudit CLI — discover and scan" width="700">
+</p>
+
 ### Option A: CLI (recommended)
 
 ```bash
-# Install globally
+# Install globally (or use npx agentaudit)
 npm install -g agentaudit
 
-# Discover MCP servers in your AI editors
+# Discover MCP servers configured in your AI editors
 agentaudit
 
-# Quick scan a specific repo
+# Quick scan — clones repo, checks code with regex patterns (~2s)
 agentaudit scan https://github.com/owner/repo
 
-# Deep LLM-powered audit
+# Deep audit — clones repo, sends code to LLM for 3-pass analysis (~30s)
 agentaudit audit https://github.com/owner/repo
 
-# Look up a package in the trust registry
+# Registry lookup — check if a package has been audited before (no cloning)
 agentaudit lookup fastmcp
 ```
 
@@ -84,11 +88,42 @@ agentaudit lookup fastmcp
   Looking for general package scanning? Try `pip audit` or `npm audit`.
 ```
 
-### Option B: MCP Server in your editor
+### Option B: MCP Server in your AI editor
+
+Add AgentAudit as an MCP server — your AI agent can then discover, scan, and audit packages using its own LLM. **No extra API key needed.**
+
+<details>
+<summary><strong>Claude Desktop</strong> — <code>~/.claude/mcp.json</code></summary>
+
+```json
+{
+  "mcpServers": {
+    "agentaudit": {
+      "command": "npx",
+      "args": ["-y", "agentaudit"]
+    }
+  }
+}
+```
+</details>
+
+<details>
+<summary><strong>Cursor</strong> — <code>.cursor/mcp.json</code> (project) or <code>~/.cursor/mcp.json</code> (global)</summary>
 
-Add to your MCP config:
+```json
+{
+  "mcpServers": {
+    "agentaudit": {
+      "command": "npx",
+      "args": ["-y", "agentaudit"]
+    }
+  }
+}
+```
+</details>
 
-**Claude Desktop** (`~/.claude/mcp.json`), **Cursor** (`.cursor/mcp.json`), **Windsurf** (`~/.codeium/windsurf/mcp_config.json`):
+<details>
+<summary><strong>Windsurf</strong> — <code>~/.codeium/windsurf/mcp_config.json</code></summary>
 
 ```json
 {
@@ -100,8 +135,10 @@ Add to your MCP config:
   }
 }
 ```
+</details>
 
-**VS Code** (`.vscode/mcp.json`):
+<details>
+<summary><strong>VS Code</strong> — <code>.vscode/mcp.json</code></summary>
 
 ```json
 {
@@ -113,8 +150,43 @@ Add to your MCP config:
   }
 }
 ```
+</details>
+
+<details>
+<summary><strong>Continue.dev</strong> — <code>~/.continue/config.json</code></summary>
+
+Add to the `mcpServers` section of your existing config:
+```json
+{
+  "mcpServers": [
+    {
+      "name": "agentaudit",
+      "command": "npx",
+      "args": ["-y", "agentaudit"]
+    }
+  ]
+}
+```
+</details>
+
+<details>
+<summary><strong>Zed</strong> — <code>~/.config/zed/settings.json</code></summary>
+
+```json
+{
+  "context_servers": {
+    "agentaudit": {
+      "command": {
+        "path": "npx",
+        "args": ["-y", "agentaudit"]
+      }
+    }
+  }
+}
+```
+</details>
 
-Your AI agent can then use AgentAudit's tools to scan packages directly within your editor.
+Then ask your agent: *"Check which MCP servers I have installed and audit any unaudited ones."*
 
 ---
 

package/cli.mjs

@@ -155,7 +155,7 @@ function multiSelect(items, { title = 'Select items', hint = 'Space=toggle  ↑
         process.stdin.pause();
         process.stdin.removeListener('data', onData);
         console.log();
-        process.exit(0);
+        process.exitCode = 0; return;
       }
       
       // Enter
@@ -1502,7 +1502,7 @@ async function main() {
   
   if (args[0] === '-v' || args[0] === '--version') {
     console.log(`agentaudit ${getVersion()}`);
-    process.exit(0);
+    process.exitCode = 0; return;
   }
   
   if (args[0] === '--help' || args[0] === '-h') {
@@ -1551,7 +1551,7 @@ async function main() {
     console.log(`    ${c.dim}Add to your MCP config:${c.reset}`);
     console.log(`    ${c.dim}{ "agentaudit": { "command": "npx", "args": ["-y", "agentaudit"] } }${c.reset}`);
     console.log();
-    process.exit(0);
+    process.exitCode = 0; return;
   }
   
   // Default no-arg → discover
@@ -1576,7 +1576,8 @@ async function main() {
     const names = targets.filter(t => !t.startsWith('--'));
     if (names.length === 0) {
       console.log(`  ${c.red}Error: package name required${c.reset}`);
-      process.exit(2);
+      process.exitCode = 2;
+      return;
     }
     const results = [];
     for (const t of names) {
@@ -1586,7 +1587,7 @@ async function main() {
     if (jsonMode) {
       console.log(JSON.stringify(results.length === 1 ? (results[0] || { error: 'not_found' }) : results, null, 2));
     }
-    process.exit(0);
+    process.exitCode = 0; return;
     return;
   }
   
@@ -1597,7 +1598,8 @@ async function main() {
       console.log(`  ${c.red}Error: at least one repository URL required${c.reset}`);
       console.log(`  ${c.dim}Tip: use ${c.cyan}agentaudit discover${c.dim} to find & check locally installed MCP servers${c.reset}`);
       console.log(`  ${c.dim}Tip: use ${c.cyan}agentaudit audit <url>${c.dim} for a deep LLM-powered audit${c.reset}`);
-      process.exit(2);
+      process.exitCode = 2;
+      return;
     }
     
     // --deep redirects to audit flow
@@ -1607,7 +1609,7 @@ async function main() {
         const report = await auditRepo(url);
         if (report?.findings?.length > 0) hasFindings = true;
       }
-      process.exit(hasFindings ? 1 : 0);
+      process.exitCode = hasFindings ? 1 : 0;
       return;
     }
     
@@ -1638,9 +1640,9 @@ async function main() {
       printSummary(results);
     }
     
-    if (hadErrors && results.length === 0) process.exit(2);
+    if (hadErrors && results.length === 0) { process.exitCode = 2; return; }
     const totalFindings = results.reduce((sum, r) => sum + r.findings.length, 0);
-    process.exit(totalFindings > 0 ? 1 : 0);
+    process.exitCode = totalFindings > 0 ? 1 : 0;
     return;
   }
   
@@ -1648,7 +1650,8 @@ async function main() {
     const urls = targets.filter(t => !t.startsWith('--'));
     if (urls.length === 0) {
       console.log(`  ${c.red}Error: at least one repository URL required${c.reset}`);
-      process.exit(2);
+      process.exitCode = 2;
+      return;
     }
     
     let hasFindings = false;
@@ -1656,16 +1659,16 @@ async function main() {
       const report = await auditRepo(url);
       if (report?.findings?.length > 0) hasFindings = true;
     }
-    process.exit(hasFindings ? 1 : 0);
+    process.exitCode = hasFindings ? 1 : 0;
     return;
   }
   
   console.log(`  ${c.red}Unknown command: ${command}${c.reset}`);
   console.log(`  ${c.dim}Run agentaudit --help for usage${c.reset}`);
-  process.exit(2);
+  process.exitCode = 2;
 }
 
 main().catch(err => {
   console.error(`${c.red}Error: ${err.message}${c.reset}`);
-  process.exit(2);
+  process.exitCode = 2;
 });

package/index.mjs

@@ -268,9 +268,14 @@ async function checkRegistry(slug) {
 
 // ── MCP Server ───────────────────────────────────────────
 
+const pkg = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8'));
+
 const server = new Server(
-  { name: 'agentaudit', version: '3.2.0' },
-  { capabilities: { tools: {} } }
+  { name: 'agentaudit', version: pkg.version },
+  {
+    capabilities: { tools: {} },
+    instructions: 'AgentAudit — Security scanner for AI packages. Use discover_servers to find MCP servers in editor configs, check_package for registry lookups, audit_package for deep LLM-powered code analysis, and submit_report to upload findings.',
+  }
 );
 
 server.setRequestHandler(ListToolsRequestSchema, async () => ({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.9.0",
+  "version": "3.9.2",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {