autoremediator 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -15
- package/dist/{chunk-ZXPLOIB7.js → chunk-5S4Y3WVZ.js} +3450 -2538
- package/dist/chunk-5S4Y3WVZ.js.map +1 -0
- package/dist/cli.js +220 -14
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +5 -256
- package/dist/index.js +9 -3
- package/dist/mcp/server.d.ts +75 -2
- package/dist/mcp/server.js +73 -4
- package/dist/mcp/server.js.map +1 -1
- package/dist/openapi/server.d.ts +305 -24
- package/dist/openapi/server.js +212 -6
- package/dist/openapi/server.js.map +1 -1
- package/dist/options-schema-DHXBY2qm.d.ts +43 -0
- package/dist/remediate-from-scan-BmFPbhp2.d.ts +328 -0
- package/llms.txt +49 -11
- package/package.json +6 -2
- package/dist/chunk-ZXPLOIB7.js.map +0 -1
package/README.md
CHANGED
|
@@ -26,13 +26,11 @@ See the [documentation](https://rawlings.github.io/autoremediator/docs/getting-s
|
|
|
26
26
|
|
|
27
27
|
## Why Teams Use It
|
|
28
28
|
|
|
29
|
-
-
|
|
30
|
-
- Risk-
|
|
31
|
-
- Scanner-
|
|
32
|
-
-
|
|
33
|
-
-
|
|
34
|
-
- Structured evidence and summary outputs for security operations
|
|
35
|
-
- Multiple integration surfaces for platform engineering and automation agents
|
|
29
|
+
- Deterministic remediation pipeline with policy-first behavior
|
|
30
|
+
- Risk-informed prioritization via KEV and EPSS enrichment
|
|
31
|
+
- Scanner-driven remediation for npm audit, yarn audit, and SARIF inputs
|
|
32
|
+
- Clear CI summary outputs for routing and governance
|
|
33
|
+
- Patch lifecycle workflows for listing, inspecting, and validating generated patch artifacts
|
|
36
34
|
|
|
37
35
|
## Primary Use Cases
|
|
38
36
|
|
|
@@ -42,18 +40,25 @@ See the [documentation](https://rawlings.github.io/autoremediator/docs/getting-s
|
|
|
42
40
|
- Platform-level remediation orchestration across many services
|
|
43
41
|
- Agentic integration via CLI, SDK, MCP, and OpenAPI
|
|
44
42
|
|
|
45
|
-
##
|
|
43
|
+
## Core Pipeline Behavior
|
|
46
44
|
|
|
47
|
-
|
|
45
|
+
Autoremediator follows a deterministic remediation order:
|
|
48
46
|
|
|
49
|
-
1.
|
|
50
|
-
2.
|
|
51
|
-
3. vulnerable
|
|
52
|
-
4. safe version
|
|
53
|
-
5.
|
|
47
|
+
1. lookup CVE intelligence
|
|
48
|
+
2. inspect local dependency inventory
|
|
49
|
+
3. match vulnerable installed versions
|
|
50
|
+
4. attempt direct safe version remediation
|
|
51
|
+
5. attempt transitive override/resolution when direct bump is not possible
|
|
52
|
+
6. attempt patch fallback only when safe version paths cannot remediate
|
|
54
53
|
|
|
55
54
|
Safety and policy controls are applied through each stage.
|
|
56
55
|
|
|
56
|
+
Patch lifecycle operations are available through:
|
|
57
|
+
|
|
58
|
+
- CLI: `autoremediator patches list`, `autoremediator patches inspect`, `autoremediator patches validate`
|
|
59
|
+
- SDK: `listPatchArtifacts`, `inspectPatchArtifact`, `validatePatchArtifact`
|
|
60
|
+
- MCP and OpenAPI: equivalent patch artifact tools and routes
|
|
61
|
+
|
|
57
62
|
## Trust and Advisory Sources
|
|
58
63
|
|
|
59
64
|
The remediation engine relies on public vulnerability intelligence sources and deterministic policy checks.
|
|
@@ -86,7 +91,7 @@ Trust controls:
|
|
|
86
91
|
|
|
87
92
|
- CLI: workflow and CI execution
|
|
88
93
|
- SDK: custom automation programs (`remediate`, `planRemediation`, `remediateFromScan`)
|
|
89
|
-
- MCP: AI host integrations
|
|
94
|
+
- MCP: AI host integrations, including Claude Mythos workflows
|
|
90
95
|
- OpenAPI: service-based automation
|
|
91
96
|
|
|
92
97
|
Public API naming canon: `runTests`, `policy`, `evidence`, `patchCount`, and `patchesDir`.
|