fullcourtdefense-cli 1.0.2

package/dist/commands/scan.d.ts

@@ -0,0 +1,45 @@
+import { BotGuardConfig } from '../config';
+export interface ScanArgs {
+    apiKey?: string;
+    apiUrl?: string;
+    endpoint?: string;
+    description?: string;
+    systemPrompt?: string;
+    mode?: string;
+    categories?: string;
+    attackCount?: string;
+    progress?: string;
+    failThreshold?: string;
+    format?: string;
+    requestFormat?: string;
+    webhookFormat?: string;
+    local?: string;
+    type?: string;
+    method?: string;
+    inputField?: string;
+    outputField?: string;
+    authType?: string;
+    username?: string;
+    password?: string;
+    token?: string;
+    apiKeyHeader?: string;
+    endpointApiKey?: string;
+    mcpUrl?: string;
+    mcpTransport?: string;
+    mcpAuthType?: string;
+    mcpUsername?: string;
+    mcpPassword?: string;
+    mcpToken?: string;
+    mcpApiKeyHeader?: string;
+    mcpApiKey?: string;
+    mcpCommand?: string;
+    mcpArgs?: string;
+    mcpTool?: string;
+    mcpToolArgs?: string;
+    ragPath?: string;
+    ragUrl?: string;
+    shieldId?: string;
+    shieldKey?: string;
+    localOnly?: string;
+}
+export declare function scanCommand(args: ScanArgs, config: BotGuardConfig): Promise<void>;

package/dist/commands/scan.js

@@ -0,0 +1,131 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanCommand = scanCommand;
+const api_1 = require("../api");
+const config_1 = require("../config");
+const output_1 = require("../output");
+const local_scan_1 = require("./local-scan");
+async function scanCommand(args, config) {
+    if (args.local === 'true') {
+        await (0, local_scan_1.localScanCommand)({
+            type: args.type,
+            endpoint: args.endpoint,
+            method: args.method,
+            format: args.requestFormat || args.webhookFormat,
+            inputField: args.inputField,
+            outputField: args.outputField,
+            authType: args.authType,
+            username: args.username,
+            password: args.password,
+            token: args.token,
+            apiKeyHeader: args.apiKeyHeader,
+            apiKey: args.endpointApiKey,
+            mcpUrl: args.mcpUrl,
+            mcpTransport: args.mcpTransport,
+            mcpAuthType: args.mcpAuthType,
+            mcpUsername: args.mcpUsername,
+            mcpPassword: args.mcpPassword,
+            mcpToken: args.mcpToken,
+            mcpApiKeyHeader: args.mcpApiKeyHeader,
+            mcpApiKey: args.mcpApiKey,
+            mcpCommand: args.mcpCommand,
+            mcpArgs: args.mcpArgs,
+            mcpTool: args.mcpTool,
+            mcpToolArgs: args.mcpToolArgs,
+            ragPath: args.ragPath,
+            ragUrl: args.ragUrl,
+            attackCount: args.attackCount,
+            progress: args.progress,
+            failThreshold: args.failThreshold,
+            outputFormat: args.format,
+            scanMode: args.mode,
+            focus: args.description,
+            shieldId: args.shieldId,
+            shieldKey: args.shieldKey,
+            configShieldId: config.shieldId,
+            configShieldKey: config.shieldKey,
+            configApiUrl: config.apiUrl,
+            apiUrl: args.apiUrl,
+        });
+        return;
+    }
+    const apiKey = args.apiKey || config.apiKey || process.env.BOTGUARD_API_KEY;
+    if (!apiKey) {
+        console.error('Error: API key required. Use --api-key, BOTGUARD_API_KEY env var, or .botguard.yml');
+        console.error('Get your API key at: https://fullcourtdefense.ai → Account → API Keys');
+        process.exit(1);
+    }
+    const endpoint = args.endpoint || config.scan?.endpoint;
+    const description = args.description || config.scan?.description;
+    const systemPrompt = args.systemPrompt || config.scan?.systemPrompt;
+    const mode = (args.mode || config.scan?.mode || 'sync');
+    const format = args.format || config.scan?.format || 'table';
+    const failThreshold = Number(args.failThreshold ?? config.scan?.failThreshold ?? 0);
+    const attackCount = args.attackCount ? Number(args.attackCount) : config.scan?.attackCount;
+    const webhookFormat = args.webhookFormat || config.scan?.webhookFormat;
+    const categoriesRaw = args.categories || (config.scan?.categories ? config.scan.categories.join(',') : undefined);
+    const categories = categoriesRaw ? categoriesRaw.split(',').map(s => s.trim()) : undefined;
+    if (!endpoint) {
+        console.error('Error: --endpoint is required. Provide the URL of your AI agent to scan.');
+        console.error('Usage: fullcourtdefense scan --endpoint https://my-agent.com/chat --description "My chatbot"');
+        process.exit(1);
+    }
+    const resolvedPrompt = systemPrompt ? (0, config_1.resolveSystemPrompt)(systemPrompt) : undefined;
+    const agentDesc = description || `AI agent at ${endpoint}`;
+    const scanReq = {
+        agentDescription: agentDesc,
+        securitySchema: {
+            allowedCapabilities: ['answer questions', 'provide help'],
+            forbiddenCapabilities: ['reveal system prompt', 'execute code', 'access files', 'ignore instructions'],
+            sensitiveData: ['api keys', 'passwords', 'internal URLs', 'database credentials', 'system prompt'],
+            authenticationRequiredFor: ['admin actions', 'data export', 'configuration changes'],
+        },
+        mode,
+        notify: true,
+    };
+    scanReq.agentConfig = {
+        type: 'api',
+        description: agentDesc,
+        apiUrl: endpoint,
+        systemPrompt: resolvedPrompt,
+    };
+    if (categories) {
+        scanReq.auditOptions = { ...scanReq.auditOptions, attackCategories: categories };
+    }
+    if (attackCount) {
+        scanReq.auditOptions = { ...scanReq.auditOptions, attackCount };
+    }
+    if (webhookFormat) {
+        scanReq.webhookConfig = { format: webhookFormat };
+    }
+    const api = new api_1.BotGuardApi(apiKey, args.apiUrl || config.apiUrl);
+    const spin = (0, output_1.spinner)('Running security scan...');
+    let result;
+    try {
+        if (mode === 'sync') {
+            result = (await api.startScan(scanReq));
+        }
+        else {
+            const job = (await api.startScan(scanReq));
+            spin.stop();
+            const pollSpin = (0, output_1.spinner)(`Scan started (job: ${job.jobId}). Polling for results...`);
+            result = await api.pollUntilDone(job.jobId);
+            pollSpin.stop('Scan complete');
+        }
+        spin.stop('Scan complete');
+    }
+    catch (err) {
+        spin.stop();
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+    if (!result) {
+        console.error('Error: No scan result received');
+        process.exit(1);
+    }
+    console.log((0, output_1.formatScanResult)(result, format));
+    if (failThreshold > 0 && result.score < failThreshold) {
+        console.error(`Score ${result.score} is below threshold ${failThreshold}`);
+        process.exit(1);
+    }
+}

package/dist/config.d.ts

@@ -0,0 +1,25 @@
+export interface BotGuardConfig {
+    apiKey?: string;
+    apiUrl?: string;
+    shieldId?: string;
+    shieldKey?: string;
+    scan?: {
+        endpoint?: string;
+        description?: string;
+        systemPrompt?: string;
+        categories?: string[];
+        attackCount?: number;
+        failThreshold?: number;
+        format?: 'json' | 'table' | 'summary';
+        mode?: 'sync' | 'async';
+        webhookFormat?: string;
+    };
+}
+export declare function loadConfig(configPath?: string): BotGuardConfig;
+export declare function getDefaultConfigPath(): string;
+export declare function saveShieldConfig(input: {
+    shieldId: string;
+    shieldKey?: string;
+    apiUrl?: string;
+}): string;
+export declare function resolveSystemPrompt(value: string): string;

package/dist/config.js

@@ -0,0 +1,199 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadConfig = loadConfig;
+exports.getDefaultConfigPath = getDefaultConfigPath;
+exports.saveShieldConfig = saveShieldConfig;
+exports.resolveSystemPrompt = resolveSystemPrompt;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const CONFIG_FILENAMES = [
+    '.fullcourtdefense.yml',
+    '.fullcourtdefense.yaml',
+    'fullcourtdefense.yml',
+    'fullcourtdefense.yaml',
+    '.botguard.yml',
+    '.botguard.yaml',
+    'botguard.yml',
+    'botguard.yaml',
+];
+function interpolateEnv(value) {
+    return value.replace(/\$\{([^}]+)\}/g, (_, varName) => {
+        return process.env[varName.trim()] || '';
+    });
+}
+function parseSimpleYaml(content) {
+    const result = {};
+    const lines = content.split('\n');
+    const stack = [{ indent: -1, obj: result }];
+    for (const rawLine of lines) {
+        const line = rawLine.replace(/\r$/, '');
+        if (!line.trim() || line.trim().startsWith('#'))
+            continue;
+        const indent = line.search(/\S/);
+        const trimmed = line.trim();
+        // Array item
+        if (trimmed.startsWith('- ')) {
+            const parentEntry = stack[stack.length - 1];
+            const parentKeys = Object.keys(parentEntry.obj);
+            const lastKey = parentKeys[parentKeys.length - 1];
+            if (lastKey && !Array.isArray(parentEntry.obj[lastKey])) {
+                parentEntry.obj[lastKey] = [];
+            }
+            if (lastKey) {
+                parentEntry.obj[lastKey].push(parseValue(trimmed.slice(2).trim()));
+            }
+            continue;
+        }
+        const colonIdx = trimmed.indexOf(':');
+        if (colonIdx === -1)
+            continue;
+        const key = trimmed.slice(0, colonIdx).trim();
+        const rawVal = trimmed.slice(colonIdx + 1).trim();
+        // Pop stack to correct nesting level
+        while (stack.length > 1 && stack[stack.length - 1].indent >= indent) {
+            stack.pop();
+        }
+        const parent = stack[stack.length - 1].obj;
+        if (rawVal === '' || rawVal === '|') {
+            // Nested object
+            const child = {};
+            parent[key] = child;
+            stack.push({ indent, obj: child });
+        }
+        else if (rawVal.startsWith('[') && rawVal.endsWith(']')) {
+            // Inline array
+            parent[key] = rawVal
+                .slice(1, -1)
+                .split(',')
+                .map(s => parseValue(s.trim()))
+                .filter(s => s !== '');
+        }
+        else {
+            parent[key] = parseValue(interpolateEnv(rawVal));
+        }
+    }
+    return result;
+}
+function parseValue(s) {
+    if (s === 'true')
+        return true;
+    if (s === 'false')
+        return false;
+    if (s === 'null')
+        return null;
+    const stripped = s.replace(/^["']|["']$/g, '');
+    const num = Number(stripped);
+    if (!isNaN(num) && stripped !== '')
+        return num;
+    return stripped;
+}
+function loadConfig(configPath) {
+    let filePath;
+    if (configPath) {
+        filePath = path.resolve(configPath);
+    }
+    else {
+        for (const name of CONFIG_FILENAMES) {
+            const candidate = path.resolve(process.cwd(), name);
+            if (fs.existsSync(candidate)) {
+                filePath = candidate;
+                break;
+            }
+        }
+    }
+    if (!filePath || !fs.existsSync(filePath)) {
+        return {};
+    }
+    const content = fs.readFileSync(filePath, 'utf-8');
+    const raw = parseSimpleYaml(content);
+    return {
+        apiKey: raw.apiKey ? interpolateEnv(String(raw.apiKey)) : undefined,
+        apiUrl: raw.apiUrl ? interpolateEnv(String(raw.apiUrl)) : undefined,
+        shieldId: raw.shieldId ? interpolateEnv(String(raw.shieldId)) : undefined,
+        shieldKey: raw.shieldKey ? interpolateEnv(String(raw.shieldKey)) : undefined,
+        scan: raw.scan
+            ? {
+                endpoint: raw.scan.endpoint,
+                description: raw.scan.description,
+                systemPrompt: raw.scan.systemPrompt,
+                categories: raw.scan.categories,
+                attackCount: raw.scan.attackCount,
+                failThreshold: raw.scan.failThreshold,
+                format: raw.scan.format,
+                mode: raw.scan.mode,
+                webhookFormat: raw.scan.webhookFormat,
+            }
+            : undefined,
+    };
+}
+function getDefaultConfigPath() {
+    return path.resolve(process.cwd(), '.fullcourtdefense.yml');
+}
+function saveShieldConfig(input) {
+    const target = getDefaultConfigPath();
+    const existing = fs.existsSync(target) ? fs.readFileSync(target, 'utf-8') : '';
+    const lines = existing ? existing.split(/\r?\n/) : [
+        '# FullCourtDefense CLI Configuration',
+        '# Docs: https://fullcourtdefense.ai/docs/cli',
+        '',
+    ];
+    const setTopLevel = (key, value) => {
+        if (!value)
+            return;
+        const idx = lines.findIndex(line => new RegExp(`^${key}:`).test(line.trim()));
+        const next = `${key}: ${value}`;
+        if (idx >= 0)
+            lines[idx] = next;
+        else {
+            const insertAt = lines.findIndex(line => line.trim().startsWith('scan:'));
+            if (insertAt >= 0)
+                lines.splice(insertAt, 0, next);
+            else
+                lines.push(next);
+        }
+    };
+    setTopLevel('shieldId', input.shieldId);
+    setTopLevel('shieldKey', input.shieldKey);
+    setTopLevel('apiUrl', input.apiUrl);
+    fs.writeFileSync(target, `${lines.filter((line, idx, arr) => !(line === '' && arr[idx - 1] === '')).join('\n').trim()}\n`, 'utf-8');
+    return target;
+}
+function resolveSystemPrompt(value) {
+    if (fs.existsSync(value)) {
+        return fs.readFileSync(value, 'utf-8').trim();
+    }
+    return value;
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,266 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const config_1 = require("./config");
+const scan_1 = require("./commands/scan");
+const credits_1 = require("./commands/credits");
+const init_1 = require("./commands/init");
+const doctor_1 = require("./commands/doctor");
+const configure_1 = require("./commands/configure");
+const VERSION = '1.0.2';
+function parseArgs(argv) {
+    const flags = {};
+    let command = '';
+    for (let i = 0; i < argv.length; i++) {
+        const arg = argv[i];
+        if (!command && !arg.startsWith('-')) {
+            command = arg;
+            continue;
+        }
+        if (arg.startsWith('--')) {
+            const key = arg.slice(2);
+            const eqIdx = key.indexOf('=');
+            if (eqIdx !== -1) {
+                flags[key.slice(0, eqIdx)] = key.slice(eqIdx + 1);
+            }
+            else {
+                const next = argv[i + 1];
+                if (next && !next.startsWith('-')) {
+                    flags[key] = next;
+                    i++;
+                }
+                else {
+                    flags[key] = 'true';
+                }
+            }
+        }
+        else if (arg.startsWith('-')) {
+            const key = arg.slice(1);
+            const next = argv[i + 1];
+            if (next && !next.startsWith('-')) {
+                flags[key] = next;
+                i++;
+            }
+            else {
+                flags[key] = 'true';
+            }
+        }
+    }
+    return { command, flags };
+}
+function printHelp() {
+    console.log(`
+  \x1b[1m\x1b[36mFullCourtDefense CLI\x1b[0m v${VERSION}
+  Security scanning for AI agents from your terminal.
+
+  \x1b[1mUsage:\x1b[0m
+    fullcourtdefense <command> [options]
+
+  \x1b[1mCommands:\x1b[0m
+    help        Show this onboarding guide and command reference.
+    doctor      First step. Checks outbound HTTPS access to FullCourtDefense.
+    configure   Saves Shield ID, Shield key, and API URL to .fullcourtdefense.yml.
+    scan        Runs the scan. Use --local for inside-organization scans.
+    credits     Shows hosted scan credits for CI/CD API-key scans.
+    init        Creates a starter .fullcourtdefense.yml config file.
+
+  \x1b[1mNew User Process:\x1b[0m
+    1. In the web app, create a Shield.
+       Copy the Shield ID and Shield key from the Shield Integrate tab.
+
+    2. Check outbound connectivity from the customer machine:
+       fullcourtdefense doctor
+       This confirms the machine can reach https://api.fullcourtdefense.ai over HTTPS.
+
+    3. Save Shield credentials locally:
+       fullcourtdefense configure
+       This creates or updates .fullcourtdefense.yml.
+
+    4. Run a guided local scan:
+       fullcourtdefense scan --local
+       The CLI asks whether to scan endpoint, mcp, or rag.
+
+    5. Review results:
+       Use --format summary for CI, --format table for terminal view,
+       --format report for evidence, --format full-report for every row,
+       or --format json for raw output.
+       With a Shield key configured, reports are saved to the web Reports page.
+
+  \x1b[1mLocal Destinations:\x1b[0m
+    endpoint    Internal HTTP URL, for example http://agent.local/chat.
+                The CLI sends attack prompts to this endpoint and scans responses.
+
+    mcp         Either stdio command + args, or an already-running HTTP/SSE MCP URL.
+                Stdio example: node ./mcp-server.js
+                HTTP/HTTPS examples: http://mcp.internal/mcp or https://internal.company.com/mcp
+                Legacy SSE example: https://internal.company.com/sse
+                Secured HTTP MCP supports bearer, basic, and API-key auth.
+
+    rag         File/directory path or live RAG HTTP endpoint.
+                Use --rag-path for local documents, or --rag-url for a RAG service.
+
+  \x1b[1mRecommended Commands:\x1b[0m
+    fullcourtdefense doctor
+    fullcourtdefense configure
+    fullcourtdefense scan --local
+    fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
+    fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token TOKEN --mcp-tool all --mode full --format report
+    fullcourtdefense scan --local --type rag --rag-path ./docs --format report
+    fullcourtdefense scan --local --type rag --rag-url http://rag.internal/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report
+    fullcourtdefense scan --local --type endpoint --endpoint http://agent.local/chat --method POST --mode full --format report
+
+  \x1b[1mScan Options:\x1b[0m
+    --local                 Run scan from this machine, inside your network
+    --type <type>           Local scan type: endpoint, mcp, rag
+    --api-key <key>         API key (or set BOTGUARD_API_KEY env var)
+    --api-url <url>         API base URL (default: https://api.fullcourtdefense.ai)
+    --endpoint <url>        Agent API endpoint to scan
+    --mcp-url <url>         Already-running HTTP MCP server URL
+    --mcp-transport <t>     MCP transport: stdio, http, or sse
+    --mcp-command <cmd>     MCP server command, for example node or npx.cmd
+    --mcp-args <args>       MCP server args/path, for example ./server.js
+    --mcp-tool <tool>       MCP tool to test, or all
+    --mcp-auth-type <type>  HTTP MCP auth: none, bearer, basic, api-key
+    --mcp-token <token>     HTTP MCP bearer token
+    --mcp-username <user>   HTTP MCP basic username
+    --mcp-password <pass>   HTTP MCP basic password
+    --mcp-api-key-header <h> HTTP MCP API-key header name
+    --mcp-api-key <key>     HTTP MCP API key value
+    --rag-path <path>       RAG file or directory to scan
+    --rag-url <url>         Live RAG HTTP endpoint to scan
+    --shield-id <id>        Shield ID for local outbound Shield verdicts
+    --shield-key <key>      Optional Shield key for locked Shields
+    --method <GET|POST>     Local endpoint method
+    --request-format <fmt>  Local endpoint request format: custom or openai
+    --auth-type <type>      none, bearer, basic, api-key
+    --description <text>    Agent description
+    --system-prompt <text>  System prompt (text or path to file)
+    --mode <sync|async>     Hosted mode, or local mode: quick, full, targeted, deep
+    --categories <list>     Comma-separated attack categories
+    --attack-count <n>      Number of attacks to run
+    --progress <mode>       MCP progress: verbose, compact, silent (default: verbose)
+    --fail-threshold <n>    Exit code 1 if score below n (default: 0)
+    --format <fmt>          Output: table, json, summary, report, full-report (default: table)
+    --webhook-format <fmt>  Hosted webhook format, or legacy local request format
+    --config <path>         Path to .fullcourtdefense.yml config file
+
+  \x1b[1mExamples:\x1b[0m
+    $ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
+    $ fullcourtdefense help
+    $ fullcourtdefense scan --local
+    $ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
+    $ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
+    $ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
+    $ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
+    $ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
+    $ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
+    $ fullcourtdefense configure
+    $ fullcourtdefense doctor
+    $ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
+    $ fullcourtdefense scan --config .botguard.yml --format json
+    $ fullcourtdefense credits
+    $ fullcourtdefense init
+
+  \x1b[2mDocs: https://fullcourtdefense.ai/docs/cli\x1b[0m
+`);
+}
+async function main() {
+    const { command, flags } = parseArgs(process.argv.slice(2));
+    if (flags.version || flags.v) {
+        console.log(VERSION);
+        return;
+    }
+    if (!command || flags.help || flags.h) {
+        printHelp();
+        return;
+    }
+    const config = (0, config_1.loadConfig)(flags.config);
+    switch (command) {
+        case 'scan': {
+            const args = {
+                apiKey: flags['api-key'],
+                apiUrl: flags['api-url'],
+                endpoint: flags.endpoint,
+                description: flags.description,
+                systemPrompt: flags['system-prompt'],
+                mode: flags.mode,
+                categories: flags.categories,
+                attackCount: flags['attack-count'],
+                progress: flags.progress,
+                failThreshold: flags['fail-threshold'],
+                format: flags.format,
+                requestFormat: flags['request-format'],
+                webhookFormat: flags['webhook-format'],
+                local: flags.local,
+                type: flags.type,
+                method: flags.method,
+                inputField: flags['input-field'],
+                outputField: flags['output-field'],
+                authType: flags['auth-type'],
+                username: flags.username,
+                password: flags.password,
+                token: flags.token,
+                apiKeyHeader: flags['api-key-header'],
+                endpointApiKey: flags['endpoint-api-key'],
+                mcpUrl: flags['mcp-url'],
+                mcpTransport: flags['mcp-transport'],
+                mcpAuthType: flags['mcp-auth-type'],
+                mcpUsername: flags['mcp-username'],
+                mcpPassword: flags['mcp-password'],
+                mcpToken: flags['mcp-token'],
+                mcpApiKeyHeader: flags['mcp-api-key-header'],
+                mcpApiKey: flags['mcp-api-key'],
+                mcpCommand: flags['mcp-command'],
+                mcpArgs: flags['mcp-args'],
+                mcpTool: flags['mcp-tool'],
+                mcpToolArgs: flags['mcp-tool-args'],
+                ragPath: flags['rag-path'],
+                ragUrl: flags['rag-url'],
+                shieldId: flags['shield-id'],
+                shieldKey: flags['shield-key'],
+            };
+            await (0, scan_1.scanCommand)(args, config);
+            break;
+        }
+        case 'help': {
+            printHelp();
+            break;
+        }
+        case 'doctor': {
+            const args = {
+                apiUrl: flags['api-url'],
+            };
+            await (0, doctor_1.doctorCommand)(args, config);
+            break;
+        }
+        case 'configure': {
+            const args = {
+                shieldId: flags['shield-id'],
+                shieldKey: flags['shield-key'],
+                apiUrl: flags['api-url'],
+            };
+            await (0, configure_1.configureCommand)(args, config);
+            break;
+        }
+        case 'credits': {
+            const args = {
+                apiKey: flags['api-key'],
+                apiUrl: flags['api-url'],
+            };
+            await (0, credits_1.creditsCommand)(args, config);
+            break;
+        }
+        case 'init': {
+            await (0, init_1.initCommand)();
+            break;
+        }
+        default:
+            console.error(`Unknown command: ${command}`);
+            console.error('Run "fullcourtdefense --help" for usage.');
+            process.exit(1);
+    }
+}
+main().catch(err => {
+    console.error(`Fatal: ${err.message}`);
+    process.exit(1);
+});

package/dist/output.d.ts

@@ -0,0 +1,11 @@
+import type { ScanResult, CreditsResponse } from './api';
+export declare function formatTable(result: ScanResult): string;
+export declare function formatSummary(result: ScanResult): string;
+export declare function formatReport(result: ScanResult): string;
+export declare function formatFullReport(result: ScanResult): string;
+export declare function formatJson(result: ScanResult): string;
+export declare function formatCredits(credits: CreditsResponse): string;
+export declare function formatScanResult(result: ScanResult, format: string): string;
+export declare function spinner(message: string): {
+    stop: (finalMsg?: string) => void;
+};