autoremediator 0.2.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -1
- package/dist/{chunk-DQKT2CUG.js → chunk-GBOD3DV6.js} +739 -159
- package/dist/chunk-GBOD3DV6.js.map +1 -0
- package/dist/cli.d.ts +5 -0
- package/dist/cli.js +55 -17
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +77 -11
- package/dist/index.js +3 -1
- package/dist/mcp/server.d.ts +292 -0
- package/dist/mcp/server.js +120 -16
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +445 -1
- package/dist/openapi/server.js +215 -54
- package/dist/openapi/server.js.map +1 -1
- package/package.json +1 -1
- package/dist/chunk-DQKT2CUG.js.map +0 -1
package/README.md
CHANGED
|
@@ -16,6 +16,8 @@ This package is designed for teams that want remediation integrated into GitHub
|
|
|
16
16
|
|
|
17
17
|
It exposes stable SDK and CLI surfaces for direct CVE remediation and scanner-driven automation.
|
|
18
18
|
|
|
19
|
+
It also exposes non-mutating planning and correlation context for agent orchestration workflows.
|
|
20
|
+
|
|
19
21
|
## Why Teams Use It
|
|
20
22
|
|
|
21
23
|
- Continuous remediation in CI and scheduled GitHub workflows
|
|
@@ -54,6 +56,17 @@ Primary sources:
|
|
|
54
56
|
- [GitHub Advisory Database](https://github.com/advisories)
|
|
55
57
|
- [NVD](https://nvd.nist.gov)
|
|
56
58
|
|
|
59
|
+
Supplemental enrichment and prioritization sources:
|
|
60
|
+
|
|
61
|
+
- [CISA KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
|
|
62
|
+
- [FIRST EPSS](https://www.first.org/epss/)
|
|
63
|
+
- [CVE Services](https://www.cve.org/)
|
|
64
|
+
- [GitLab Advisory Database](https://advisories.gitlab.com)
|
|
65
|
+
- [CERT/CC Vulnerability Notes](https://www.kb.cert.org/vuls/)
|
|
66
|
+
- [deps.dev](https://deps.dev)
|
|
67
|
+
- [OpenSSF Scorecard](https://securityscorecards.dev)
|
|
68
|
+
- Optional vendor and commercial feeds via environment-configured connectors
|
|
69
|
+
|
|
57
70
|
Trust controls:
|
|
58
71
|
|
|
59
72
|
- correlate advisory data with local dependency inventory before action
|
|
@@ -64,10 +77,12 @@ Trust controls:
|
|
|
64
77
|
## Surfaces
|
|
65
78
|
|
|
66
79
|
- CLI: workflow and CI execution
|
|
67
|
-
- SDK: custom automation programs
|
|
80
|
+
- SDK: custom automation programs (`remediate`, `planRemediation`, `remediateFromScan`)
|
|
68
81
|
- MCP: AI host integrations
|
|
69
82
|
- OpenAPI: service-based automation
|
|
70
83
|
|
|
84
|
+
Public API naming canon: `runTests`, `policy`, `evidence`, `patchCount`, and `patchesDir`.
|
|
85
|
+
|
|
71
86
|
## Documentation
|
|
72
87
|
|
|
73
88
|
- [Docs Home](https://rawlings.github.io/autoremediator/)
|