agentaudit 3.9.3 → 3.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +7 -7
  2. package/cli.mjs +3 -8
  3. package/index.mjs +5 -10
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -100,7 +100,7 @@ Add AgentAudit as an MCP server — your AI agent can then discover, scan, and a
100
100
  "mcpServers": {
101
101
  "agentaudit": {
102
102
  "command": "npx",
103
- "args": ["-y", "agentaudit"]
103
+ "args": ["-y", "agentaudit", "--stdio"]
104
104
  }
105
105
  }
106
106
  }
@@ -115,7 +115,7 @@ Add AgentAudit as an MCP server — your AI agent can then discover, scan, and a
115
115
  "mcpServers": {
116
116
  "agentaudit": {
117
117
  "command": "npx",
118
- "args": ["-y", "agentaudit"]
118
+ "args": ["-y", "agentaudit", "--stdio"]
119
119
  }
120
120
  }
121
121
  }
@@ -130,7 +130,7 @@ Add AgentAudit as an MCP server — your AI agent can then discover, scan, and a
130
130
  "mcpServers": {
131
131
  "agentaudit": {
132
132
  "command": "npx",
133
- "args": ["-y", "agentaudit"]
133
+ "args": ["-y", "agentaudit", "--stdio"]
134
134
  }
135
135
  }
136
136
  }
@@ -145,7 +145,7 @@ Add AgentAudit as an MCP server — your AI agent can then discover, scan, and a
145
145
  "servers": {
146
146
  "agentaudit": {
147
147
  "command": "npx",
148
- "args": ["-y", "agentaudit"]
148
+ "args": ["-y", "agentaudit", "--stdio"]
149
149
  }
150
150
  }
151
151
  }
@@ -162,7 +162,7 @@ Add to the `mcpServers` section of your existing config:
162
162
  {
163
163
  "name": "agentaudit",
164
164
  "command": "npx",
165
- "args": ["-y", "agentaudit"]
165
+ "args": ["-y", "agentaudit", "--stdio"]
166
166
  }
167
167
  ]
168
168
  }
@@ -178,7 +178,7 @@ Add to the `mcpServers` section of your existing config:
178
178
  "agentaudit": {
179
179
  "command": {
180
180
  "path": "npx",
181
- "args": ["-y", "agentaudit"]
181
+ "args": ["-y", "agentaudit", "--stdio"]
182
182
  }
183
183
  }
184
184
  }
@@ -483,7 +483,7 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
483
483
 
484
484
  - **Trust Registry**: [agentaudit.dev](https://agentaudit.dev)
485
485
  - **Leaderboard**: [agentaudit.dev/leaderboard](https://agentaudit.dev/leaderboard)
486
- - **Skill Repository**: [github.com/starbuck100/agentaudit-skill](https://github.com/starbuck100/agentaudit-skill)
486
+ - **Agent Skill**: [github.com/starbuck100/agentaudit-skill](https://github.com/starbuck100/agentaudit-skill) — Full agent skill with pre-install security gate, detection patterns & peer review system
487
487
  - **MCP Server Repository**: [github.com/starbuck100/agentaudit-mcp](https://github.com/starbuck100/agentaudit-mcp)
488
488
  - **Report Issues**: [GitHub Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
489
489
 
package/cli.mjs CHANGED
@@ -1491,14 +1491,9 @@ async function checkPackage(name) {
1491
1491
  async function main() {
1492
1492
  const rawArgs = process.argv.slice(2);
1493
1493
 
1494
- // If stdin is not a TTY and no args we're being launched as MCP server by an editor
1495
- // Delegate to the MCP server (index.mjs) instead of running the CLI
1496
- if (!process.stdin.isTTY && rawArgs.length === 0) {
1497
- const { fileURLToPath: fu } = await import('url');
1498
- const mcpPath = path.join(path.dirname(fu(import.meta.url)), 'index.mjs');
1499
- const { fork } = await import('child_process');
1500
- const child = fork(mcpPath, [], { stdio: 'inherit' });
1501
- child.on('exit', (code) => { process.exitCode = code || 0; });
1494
+ // MCP server mode: launched by an editor (no TTY + no args) or explicit --stdio flag
1495
+ if (rawArgs.includes('--stdio') || (!process.stdin.isTTY && rawArgs.length === 0)) {
1496
+ await import('./index.mjs');
1502
1497
  return;
1503
1498
  }
1504
1499
 
package/index.mjs CHANGED
@@ -268,21 +268,16 @@ async function checkRegistry(slug) {
268
268
 
269
269
  // ── MCP Server ───────────────────────────────────────────
270
270
 
271
- const pkg = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8'));
272
-
273
271
  const server = new Server(
274
- { name: 'agentaudit', version: pkg.version },
275
- {
276
- capabilities: { tools: {} },
277
- instructions: 'AgentAudit — Security scanner for AI packages. Use discover_servers to find MCP servers in editor configs, check_package for registry lookups, audit_package for deep LLM-powered code analysis, and submit_report to upload findings.',
278
- }
272
+ { name: 'agentaudit', version: '3.2.0' },
273
+ { capabilities: { tools: {} } }
279
274
  );
280
275
 
281
276
  server.setRequestHandler(ListToolsRequestSchema, async () => ({
282
277
  tools: [
283
278
  {
284
279
  name: 'discover_servers',
285
- description: 'Find all locally installed MCP servers by scanning config files (Claude Desktop, Cursor, Windsurf, VS Code). Returns the list of configured servers with their names, commands, and package sources. Use this to see what MCP servers are installed, then check each against the registry with check_package, or audit them with audit_package.',
280
+ description: 'Scan local config files to list ALREADY INSTALLED MCP servers (Claude Desktop, Cursor, Windsurf, VS Code). Use ONLY when the user wants to review/list their existing servers. Do NOT use this when the user wants to install, evaluate, or look up a specific package use check_package for that instead.',
286
281
  inputSchema: {
287
282
  type: 'object',
288
283
  properties: {
@@ -295,7 +290,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
295
290
  },
296
291
  {
297
292
  name: 'audit_package',
298
- description: 'Deep security audit: clone a repository and prepare it for LLM-powered analysis. Returns the source code and a 3-pass audit methodology (UNDERSTAND → DETECT → CLASSIFY). You (the agent) then analyze the code following the instructions and call submit_report with your findings. This is a DEEP audit — use check_package first for a quick registry lookup.',
293
+ description: 'Deep security audit of a Git repository. Clones the repo and returns source code with a 3-pass audit methodology (UNDERSTAND → DETECT → CLASSIFY). You then analyze the code and call submit_report with findings. Use check_package FIRST to see if an audit already exists only use this for unaudited packages or when a fresh audit is requested.',
299
294
  inputSchema: {
300
295
  type: 'object',
301
296
  properties: {
@@ -323,7 +318,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
323
318
  },
324
319
  {
325
320
  name: 'check_package',
326
- description: 'Quick registry lookup: check if a package has already been audited on agentaudit.dev. Returns the latest audit results (risk score, findings, official status) if available. Use this before audit_package to avoid duplicate work.',
321
+ description: 'Look up a package in the AgentAudit security registry. USE THIS FIRST whenever the user wants to install, add, evaluate, or learn about a specific MCP server or package. Returns risk score, findings, and official audit status if available. If the package is not yet in the registry, suggests running an audit. This is the go-to tool for any "is this safe?" or "should I install this?" question.',
327
322
  inputSchema: {
328
323
  type: 'object',
329
324
  properties: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentaudit",
3
- "version": "3.9.3",
3
+ "version": "3.9.5",
4
4
  "description": "Security scanner for AI packages — MCP server + CLI",
5
5
  "type": "module",
6
6
  "bin": {