decoy-mcp 0.4.2 → 0.4.5

package/README.md

@@ -1,8 +1,8 @@
 # Decoy
 
-Security tripwires for AI agents. Detect prompt injection before it causes damage.
+Security tripwires for AI agents. Detect prompt injection in real time.
 
-Decoy is a fake MCP server that advertises tools an AI agent should never call — `execute_command`, `read_file`, `make_payment`, and more. In normal operation, your agent ignores them. When prompt injection overrides behavior, the decoy catches the full attack payload and alerts you.
+Decoy adds a decoy MCP server alongside your real tools — 12 tripwire tools like `execute_command`, `read_file`, and `make_payment` that no legitimate agent should ever call. When a prompt injection attack tricks your agent into calling one, Decoy captures the full payload and alerts you instantly.
 
 ## Quick start
 
@@ -117,14 +117,14 @@ Add to your `claude_desktop_config.json`:
   "mcpServers": {
     "system-tools": {
       "command": "node",
-      "args": ["~/.config/Claude/decoy/server.mjs"],
+      "args": ["~/Library/Application Support/Claude/decoy/server.mjs"],
       "env": { "DECOY_TOKEN": "your-token" }
     }
   }
 }
 ```
 
-Get a token at [decoy.run](https://decoy.run).
+Get a token at [app.decoy.run/login](https://app.decoy.run/login?signup).
 
 ## Dashboard
 
@@ -134,9 +134,9 @@ Your dashboard is at [app.decoy.run/dashboard](https://app.decoy.run/dashboard).
 
 You can also sign in with your token directly. Find it with `npx decoy-mcp status`.
 
-**Free** — 12 tripwire tools, 7-day history, email alerts for triggers, weekly threat digest, dashboard + API. Forever.
+**Free** — 12 tripwire tools, 7-day history, email alerts, dashboard + API. Forever.
 
-**Pro ($9/mo)** — 90-day history, Slack + webhook alerts for triggers, threat digest to Slack, multiple projects, agent fingerprinting.
+**Pro ($9/mo)** — 90-day history, Slack + webhook alerts, agent fingerprinting, agent pause/resume.
 
 ## Local-only mode
 
@@ -169,7 +169,7 @@ This is the same principle behind canary tokens and network deception. Tripwires
 
 ## Research
 
-We tested prompt injection against 12 models. Qwen 2.5 was fully compromised at both 7B and 14B — it called all three tools with attacker-controlled arguments. All Claude models resisted.
+We tested prompt injection against 12 models. Qwen 2.5 was fully compromised at both 7B and 14B — it called all three tools with attacker-controlled arguments. All Claude models resisted. Read the full report: [State of Prompt Injection 2026](https://decoy.run/blog/state-of-prompt-injection-2026).
 
 ## License
 

package/bin/cli.mjs

@@ -218,6 +218,15 @@ async function init(flags) {
   try {
     data = await signup(email);
   } catch (e) {
+    if (e.message.includes("already exists")) {
+      log(`  ${DIM}Account exists for ${email}. Log in with your token:${RESET}`);
+      log("");
+      log(`    ${BOLD}npx decoy-mcp login --token=YOUR_TOKEN${RESET}`);
+      log("");
+      log(`  ${DIM}Find your token in your welcome email or at${RESET}`);
+      log(`  ${DIM}https://app.decoy.run/login${RESET}`);
+      process.exit(1);
+    }
     log(`  ${RED}${e.message}${RESET}`);
     process.exit(1);
   }
@@ -564,7 +573,8 @@ async function login(flags) {
 }
 
 function pad(str, width) {
-  return str.length >= width ? str : str + " ".repeat(width - str.length);
+  const s = String(str || "");
+  return s.length >= width ? s : s + " ".repeat(width - s.length);
 }
 
 function timeAgo(isoString) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "decoy-mcp",
-  "version": "0.4.2",
-  "description": "Security tripwires for AI agents. Detect prompt injection attacks on your MCP tools.",
+  "version": "0.4.5",
+  "description": "Security tripwires for AI agents. Detect prompt injection in real time.",
   "bin": {
     "decoy-mcp": "bin/cli.mjs"
   },