autoremediator 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +20 -1
  2. package/dist/{chunk-DQKT2CUG.js → chunk-URM53GSJ.js} +388 -133
  3. package/dist/chunk-URM53GSJ.js.map +1 -0
  4. package/dist/cli.d.ts +5 -0
  5. package/dist/cli.js +51 -13
  6. package/dist/cli.js.map +1 -1
  7. package/dist/index.d.ts +42 -2
  8. package/dist/index.js +3 -1
  9. package/dist/mcp/server.d.ts +277 -0
  10. package/dist/mcp/server.js +115 -15
  11. package/dist/mcp/server.js.map +1 -1
  12. package/dist/openapi/server.d.ts +400 -1
  13. package/dist/openapi/server.js +192 -50
  14. package/dist/openapi/server.js.map +1 -1
  15. package/package.json +1 -1
  16. package/dist/chunk-DQKT2CUG.js.map +0 -1
package/README.md CHANGED
@@ -16,6 +16,8 @@ This package is designed for teams that want remediation integrated into GitHub
16
16
 
17
17
  It exposes stable SDK and CLI surfaces for direct CVE remediation and scanner-driven automation.
18
18
 
19
+ It also exposes non-mutating planning and correlation context for agent orchestration workflows.
20
+
19
21
  ## Why Teams Use It
20
22
 
21
23
  - Continuous remediation in CI and scheduled GitHub workflows
@@ -44,10 +46,27 @@ Core pipeline behavior:
44
46
 
45
47
  Safety and policy controls are applied through each stage.
46
48
 
49
+ ## Trust and Advisory Sources
50
+
51
+ The remediation engine relies on public vulnerability intelligence sources and deterministic policy checks.
52
+
53
+ Primary sources:
54
+
55
+ - [OSV](https://osv.dev)
56
+ - [GitHub Advisory Database](https://github.com/advisories)
57
+ - [NVD](https://nvd.nist.gov)
58
+
59
+ Trust controls:
60
+
61
+ - correlate advisory data with local dependency inventory before action
62
+ - prefer safe version remediation when fixed versions are available
63
+ - emit structured evidence so every remediation attempt is traceable
64
+ - preserve unresolved status when confidence or validation gates fail
65
+
47
66
  ## Surfaces
48
67
 
49
68
  - CLI: workflow and CI execution
50
- - SDK: custom automation programs
69
+ - SDK: custom automation programs (`remediate`, `planRemediation`, `remediateFromScan`)
51
70
  - MCP: AI host integrations
52
71
  - OpenAPI: service-based automation
53
72