fullcourtdefense-cli 1.0.2 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/api.d.ts +1 -0
- package/dist/commands/credits.js +2 -2
- package/dist/commands/discover.d.ts +11 -0
- package/dist/commands/discover.js +283 -0
- package/dist/commands/hook.d.ts +22 -0
- package/dist/commands/hook.js +301 -0
- package/dist/commands/init.js +14 -14
- package/dist/commands/installCursorHook.d.ts +12 -0
- package/dist/commands/installCursorHook.js +186 -0
- package/dist/commands/local-scan.d.ts +3 -0
- package/dist/commands/local-scan.js +908 -8
- package/dist/commands/scan.d.ts +3 -0
- package/dist/commands/scan.js +5 -2
- package/dist/index.js +80 -4
- package/package.json +1 -1
package/dist/commands/scan.d.ts
CHANGED
package/dist/commands/scan.js
CHANGED
|
@@ -46,12 +46,15 @@ async function scanCommand(args, config) {
|
|
|
46
46
|
configShieldKey: config.shieldKey,
|
|
47
47
|
configApiUrl: config.apiUrl,
|
|
48
48
|
apiUrl: args.apiUrl,
|
|
49
|
+
open: args.open,
|
|
50
|
+
noOpen: args.noOpen,
|
|
51
|
+
openUi: args.openUi,
|
|
49
52
|
});
|
|
50
53
|
return;
|
|
51
54
|
}
|
|
52
|
-
const apiKey = args.apiKey || config.apiKey || process.env.BOTGUARD_API_KEY;
|
|
55
|
+
const apiKey = args.apiKey || config.apiKey || process.env.FULLCOURTDEFENSE_API_KEY || process.env.BOTGUARD_API_KEY;
|
|
53
56
|
if (!apiKey) {
|
|
54
|
-
console.error('Error: API key required. Use --api-key,
|
|
57
|
+
console.error('Error: API key required. Use --api-key, FULLCOURTDEFENSE_API_KEY env var, or .fullcourtdefense.yml');
|
|
55
58
|
console.error('Get your API key at: https://fullcourtdefense.ai → Account → API Keys');
|
|
56
59
|
process.exit(1);
|
|
57
60
|
}
|
package/dist/index.js
CHANGED
|
@@ -7,7 +7,10 @@ const credits_1 = require("./commands/credits");
|
|
|
7
7
|
const init_1 = require("./commands/init");
|
|
8
8
|
const doctor_1 = require("./commands/doctor");
|
|
9
9
|
const configure_1 = require("./commands/configure");
|
|
10
|
-
const
|
|
10
|
+
const discover_1 = require("./commands/discover");
|
|
11
|
+
const hook_1 = require("./commands/hook");
|
|
12
|
+
const installCursorHook_1 = require("./commands/installCursorHook");
|
|
13
|
+
const VERSION = '1.1.1';
|
|
11
14
|
function parseArgs(argv) {
|
|
12
15
|
const flags = {};
|
|
13
16
|
let command = '';
|
|
@@ -61,6 +64,16 @@ function printHelp() {
|
|
|
61
64
|
doctor First step. Checks outbound HTTPS access to FullCourtDefense.
|
|
62
65
|
configure Saves Shield ID, Shield key, and API URL to .fullcourtdefense.yml.
|
|
63
66
|
scan Runs the scan. Use --local for inside-organization scans.
|
|
67
|
+
discover Finds MCP servers configured on this machine (Cursor, Claude,
|
|
68
|
+
VS Code, Windsurf) and reports their risk. Use --upload to add
|
|
69
|
+
them to your AI Inventory.
|
|
70
|
+
install-cursor-hook
|
|
71
|
+
Installs a Cursor hook so every AI prompt + agent action
|
|
72
|
+
(shell, MCP) on this machine is scanned by your Shield.
|
|
73
|
+
uninstall-cursor-hook
|
|
74
|
+
Removes the FullCourtDefense Cursor hook entries.
|
|
75
|
+
hook Internal: invoked by Cursor per agent event (reads stdin JSON,
|
|
76
|
+
returns an allow/deny verdict). Not run by hand.
|
|
64
77
|
credits Shows hosted scan credits for CI/CD API-key scans.
|
|
65
78
|
init Creates a starter .fullcourtdefense.yml config file.
|
|
66
79
|
|
|
@@ -79,12 +92,15 @@ function printHelp() {
|
|
|
79
92
|
4. Run a guided local scan:
|
|
80
93
|
fullcourtdefense scan --local
|
|
81
94
|
The CLI asks whether to scan endpoint, mcp, or rag.
|
|
95
|
+
To open the localhost web scan UI first:
|
|
96
|
+
fullcourtdefense scan --local --open-ui
|
|
82
97
|
|
|
83
98
|
5. Review results:
|
|
84
99
|
Use --format summary for CI, --format table for terminal view,
|
|
85
100
|
--format report for evidence, --format full-report for every row,
|
|
86
101
|
or --format json for raw output.
|
|
87
|
-
With a Shield key configured, reports are saved to the web Reports page
|
|
102
|
+
With a Shield key configured, reports are saved to the web Reports page
|
|
103
|
+
and the browser opens to the saved report. Use --no-open to suppress.
|
|
88
104
|
|
|
89
105
|
\x1b[1mLocal Destinations:\x1b[0m
|
|
90
106
|
endpoint Internal HTTP URL, for example http://agent.local/chat.
|
|
@@ -111,8 +127,9 @@ function printHelp() {
|
|
|
111
127
|
|
|
112
128
|
\x1b[1mScan Options:\x1b[0m
|
|
113
129
|
--local Run scan from this machine, inside your network
|
|
130
|
+
--open-ui Open localhost browser scan UI with all options
|
|
114
131
|
--type <type> Local scan type: endpoint, mcp, rag
|
|
115
|
-
--api-key <key> API key (or set
|
|
132
|
+
--api-key <key> API key (or set FULLCOURTDEFENSE_API_KEY env var)
|
|
116
133
|
--api-url <url> API base URL (default: https://api.fullcourtdefense.ai)
|
|
117
134
|
--endpoint <url> Agent API endpoint to scan
|
|
118
135
|
--mcp-url <url> Already-running HTTP MCP server URL
|
|
@@ -141,6 +158,9 @@ function printHelp() {
|
|
|
141
158
|
--progress <mode> MCP progress: verbose, compact, silent (default: verbose)
|
|
142
159
|
--fail-threshold <n> Exit code 1 if score below n (default: 0)
|
|
143
160
|
--format <fmt> Output: table, json, summary, report, full-report (default: table)
|
|
161
|
+
--open Open browser scan UI and saved local scan report
|
|
162
|
+
--open-ui Open only the browser scan UI before local execution
|
|
163
|
+
--no-open Do not open the browser during/after local scans
|
|
144
164
|
--webhook-format <fmt> Hosted webhook format, or legacy local request format
|
|
145
165
|
--config <path> Path to .fullcourtdefense.yml config file
|
|
146
166
|
|
|
@@ -148,16 +168,25 @@ function printHelp() {
|
|
|
148
168
|
$ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
|
|
149
169
|
$ fullcourtdefense help
|
|
150
170
|
$ fullcourtdefense scan --local
|
|
171
|
+
$ fullcourtdefense scan --local --open-ui
|
|
151
172
|
$ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
|
|
152
173
|
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
|
|
153
174
|
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
|
|
154
175
|
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
|
|
155
176
|
$ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
|
|
156
177
|
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
178
|
+
$ fullcourtdefense discover
|
|
179
|
+
$ fullcourtdefense discover --upload
|
|
180
|
+
$ fullcourtdefense discover --type mcp --json
|
|
181
|
+
$ fullcourtdefense install-cursor-hook --shield-id <id> --shield-key <key>
|
|
182
|
+
$ fullcourtdefense install-cursor-hook --shadow true # monitor only
|
|
183
|
+
$ fullcourtdefense install-cursor-hook --events prompt,shell,mcp,file
|
|
184
|
+
$ fullcourtdefense install-cursor-hook --project true # this repo only
|
|
185
|
+
$ fullcourtdefense uninstall-cursor-hook
|
|
157
186
|
$ fullcourtdefense configure
|
|
158
187
|
$ fullcourtdefense doctor
|
|
159
188
|
$ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
|
|
160
|
-
$ fullcourtdefense scan --config .
|
|
189
|
+
$ fullcourtdefense scan --config .fullcourtdefense.yml --format json
|
|
161
190
|
$ fullcourtdefense credits
|
|
162
191
|
$ fullcourtdefense init
|
|
163
192
|
|
|
@@ -218,6 +247,9 @@ async function main() {
|
|
|
218
247
|
ragUrl: flags['rag-url'],
|
|
219
248
|
shieldId: flags['shield-id'],
|
|
220
249
|
shieldKey: flags['shield-key'],
|
|
250
|
+
open: flags.open,
|
|
251
|
+
openUi: flags['open-ui'],
|
|
252
|
+
noOpen: flags['no-open'],
|
|
221
253
|
};
|
|
222
254
|
await (0, scan_1.scanCommand)(args, config);
|
|
223
255
|
break;
|
|
@@ -250,6 +282,50 @@ async function main() {
|
|
|
250
282
|
await (0, credits_1.creditsCommand)(args, config);
|
|
251
283
|
break;
|
|
252
284
|
}
|
|
285
|
+
case 'discover': {
|
|
286
|
+
const args = {
|
|
287
|
+
type: flags.type,
|
|
288
|
+
apiKey: flags['api-key'],
|
|
289
|
+
apiUrl: flags['api-url'],
|
|
290
|
+
json: flags.json,
|
|
291
|
+
upload: flags.upload,
|
|
292
|
+
connectorName: flags['connector-name'],
|
|
293
|
+
extraPath: flags.path,
|
|
294
|
+
};
|
|
295
|
+
await (0, discover_1.discoverCommand)(args, config);
|
|
296
|
+
break;
|
|
297
|
+
}
|
|
298
|
+
case 'install-cursor-hook': {
|
|
299
|
+
const args = {
|
|
300
|
+
project: flags.project,
|
|
301
|
+
shieldId: flags['shield-id'],
|
|
302
|
+
shieldKey: flags['shield-key'],
|
|
303
|
+
apiUrl: flags['api-url'],
|
|
304
|
+
shadow: flags.shadow,
|
|
305
|
+
failClosed: flags['fail-closed'],
|
|
306
|
+
events: flags.events,
|
|
307
|
+
};
|
|
308
|
+
await (0, installCursorHook_1.installCursorHookCommand)(args, config);
|
|
309
|
+
break;
|
|
310
|
+
}
|
|
311
|
+
case 'uninstall-cursor-hook': {
|
|
312
|
+
const args = { project: flags.project };
|
|
313
|
+
await (0, installCursorHook_1.uninstallCursorHookCommand)(args);
|
|
314
|
+
break;
|
|
315
|
+
}
|
|
316
|
+
case 'hook': {
|
|
317
|
+
const args = {
|
|
318
|
+
event: flags.event,
|
|
319
|
+
apiUrl: flags['api-url'],
|
|
320
|
+
shieldId: flags['shield-id'],
|
|
321
|
+
shieldKey: flags['shield-key'],
|
|
322
|
+
shadow: flags.shadow,
|
|
323
|
+
failClosed: flags['fail-closed'],
|
|
324
|
+
timeout: flags.timeout,
|
|
325
|
+
};
|
|
326
|
+
await (0, hook_1.hookCommand)(args, config);
|
|
327
|
+
break;
|
|
328
|
+
}
|
|
253
329
|
case 'init': {
|
|
254
330
|
await (0, init_1.initCommand)();
|
|
255
331
|
break;
|