fullcourtdefense-cli 1.1.15 → 1.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/mcpGateway.js +25 -5
- package/dist/index.js +168 -168
- package/package.json +1 -1
|
@@ -49,11 +49,19 @@ function parseArgsList(value) {
|
|
|
49
49
|
return [];
|
|
50
50
|
const trimmed = value.trim();
|
|
51
51
|
if (trimmed.startsWith('[')) {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
try {
|
|
53
|
+
const parsed = JSON.parse(trimmed);
|
|
54
|
+
if (!Array.isArray(parsed) || parsed.some(item => typeof item !== 'string')) {
|
|
55
|
+
throw new Error('MCP args JSON must be an array of strings.');
|
|
56
|
+
}
|
|
57
|
+
return parsed;
|
|
58
|
+
}
|
|
59
|
+
catch (error) {
|
|
60
|
+
const inner = trimmed.replace(/^\[/, '').replace(/\]$/, '').trim();
|
|
61
|
+
if (inner && !inner.includes(','))
|
|
62
|
+
return [inner.replace(/^"|"$/g, '')];
|
|
63
|
+
throw error;
|
|
55
64
|
}
|
|
56
|
-
return parsed;
|
|
57
65
|
}
|
|
58
66
|
return trimmed.match(/(?:[^\s"]+|"[^"]*")+/g)?.map(part => part.replace(/^"|"$/g, '')) ?? [];
|
|
59
67
|
}
|
|
@@ -885,10 +893,22 @@ async function installClaudeCodeMcpGatewayCommand(args, config) {
|
|
|
885
893
|
const includeShieldKey = scope !== 'project' || Boolean(args.shieldKey);
|
|
886
894
|
const commandArgs = buildGatewayCommandArgs(gatewayConfig, downstreamCommand, downstreamArgs, { includeShieldKey });
|
|
887
895
|
const claudeArgs = ['mcp', 'add', '--scope', scope, '--transport', 'stdio', serverName, '--', nodeExe, ...commandArgs];
|
|
888
|
-
|
|
896
|
+
let result = (0, child_process_1.spawnSync)('claude', claudeArgs, {
|
|
889
897
|
stdio: 'inherit',
|
|
890
898
|
shell: process.platform === 'win32',
|
|
891
899
|
});
|
|
900
|
+
if (result.status !== 0) {
|
|
901
|
+
const removeResult = (0, child_process_1.spawnSync)('claude', ['mcp', 'remove', '--scope', scope, serverName], {
|
|
902
|
+
stdio: 'ignore',
|
|
903
|
+
shell: process.platform === 'win32',
|
|
904
|
+
});
|
|
905
|
+
if (removeResult.status === 0) {
|
|
906
|
+
result = (0, child_process_1.spawnSync)('claude', claudeArgs, {
|
|
907
|
+
stdio: 'inherit',
|
|
908
|
+
shell: process.platform === 'win32',
|
|
909
|
+
});
|
|
910
|
+
}
|
|
911
|
+
}
|
|
892
912
|
if (result.status === 0) {
|
|
893
913
|
console.log(`AgentGuard MCP Gateway installed for Claude Code (${scope}).`);
|
|
894
914
|
console.log(`Server: ${serverName}`);
|
package/dist/index.js
CHANGED
|
@@ -11,7 +11,7 @@ const discover_1 = require("./commands/discover");
|
|
|
11
11
|
const hook_1 = require("./commands/hook");
|
|
12
12
|
const installCursorHook_1 = require("./commands/installCursorHook");
|
|
13
13
|
const mcpGateway_1 = require("./commands/mcpGateway");
|
|
14
|
-
const VERSION = '1.1.
|
|
14
|
+
const VERSION = '1.1.17';
|
|
15
15
|
function parseArgs(argv) {
|
|
16
16
|
const flags = {};
|
|
17
17
|
let command = '';
|
|
@@ -53,173 +53,173 @@ function parseArgs(argv) {
|
|
|
53
53
|
return { command, flags };
|
|
54
54
|
}
|
|
55
55
|
function printHelp() {
|
|
56
|
-
console.log(`
|
|
57
|
-
\x1b[1m\x1b[36mFullCourtDefense CLI\x1b[0m v${VERSION}
|
|
58
|
-
Security scanning for AI agents from your terminal.
|
|
59
|
-
|
|
60
|
-
\x1b[1mUsage:\x1b[0m
|
|
61
|
-
fullcourtdefense <command> [options]
|
|
62
|
-
|
|
63
|
-
\x1b[1mCommands:\x1b[0m
|
|
64
|
-
help Show this onboarding guide and command reference.
|
|
65
|
-
doctor First step. Checks outbound HTTPS access to FullCourtDefense.
|
|
66
|
-
configure Saves Shield ID, Shield key, and API URL to .fullcourtdefense.yml.
|
|
67
|
-
scan Runs the scan. Use --local for inside-organization scans.
|
|
68
|
-
discover Finds MCP servers configured on this machine (Cursor, Claude,
|
|
69
|
-
VS Code, Windsurf) and reports their risk. Use --upload to add
|
|
70
|
-
them to your AI Inventory.
|
|
71
|
-
install-cursor-hook
|
|
72
|
-
Installs a Cursor hook so every AI prompt + agent action
|
|
73
|
-
(shell, MCP) on this machine is scanned by your Shield.
|
|
74
|
-
uninstall-cursor-hook
|
|
75
|
-
Removes the FullCourtDefense Cursor hook entries.
|
|
76
|
-
install-mcp-gateway
|
|
77
|
-
One command to install the AgentGuard MCP Gateway into detected
|
|
78
|
-
clients (Cursor, Claude Code, Claude Desktop).
|
|
79
|
-
mcp-gateway
|
|
80
|
-
Runs a local MCP gateway that checks AgentGuard runtime/action
|
|
81
|
-
policies before forwarding tool calls to a real MCP server.
|
|
82
|
-
install-cursor-mcp-gateway
|
|
83
|
-
Adds the AgentGuard MCP Gateway to Cursor's mcp.json.
|
|
84
|
-
install-claude-code-mcp-gateway
|
|
85
|
-
Adds the AgentGuard MCP Gateway to Claude Code using claude mcp add.
|
|
86
|
-
install-claude-desktop-mcp-gateway
|
|
87
|
-
Adds the AgentGuard MCP Gateway to Claude Desktop config.
|
|
88
|
-
hook Internal: invoked by Cursor per agent event (reads stdin JSON,
|
|
89
|
-
returns an allow/deny verdict). Not run by hand.
|
|
90
|
-
credits Shows hosted scan credits for CI/CD API-key scans.
|
|
91
|
-
init Creates a starter .fullcourtdefense.yml config file.
|
|
92
|
-
|
|
93
|
-
\x1b[1mNew User Process:\x1b[0m
|
|
94
|
-
1. In the web app, create a Shield.
|
|
95
|
-
Copy the Shield ID and Shield key from the Shield Integrate tab.
|
|
96
|
-
|
|
97
|
-
2. Check outbound connectivity from the customer machine:
|
|
98
|
-
fullcourtdefense doctor
|
|
99
|
-
This confirms the machine can reach https://api.fullcourtdefense.ai over HTTPS.
|
|
100
|
-
|
|
101
|
-
3. Save Shield credentials locally:
|
|
102
|
-
fullcourtdefense configure
|
|
103
|
-
This creates or updates .fullcourtdefense.yml.
|
|
104
|
-
|
|
105
|
-
4. Run a guided local scan:
|
|
106
|
-
fullcourtdefense scan --local
|
|
107
|
-
The CLI asks whether to scan endpoint, mcp, or rag.
|
|
108
|
-
To open the localhost web scan UI first:
|
|
109
|
-
fullcourtdefense scan --local --open-ui
|
|
110
|
-
|
|
111
|
-
5. Review results:
|
|
112
|
-
Use --format summary for CI, --format table for terminal view,
|
|
113
|
-
--format report for evidence, --format full-report for every row,
|
|
114
|
-
or --format json for raw output.
|
|
115
|
-
With a Shield key configured, reports are saved to the web Reports page
|
|
116
|
-
and the browser opens to the saved report. Use --no-open to suppress.
|
|
117
|
-
|
|
118
|
-
\x1b[1mLocal Destinations:\x1b[0m
|
|
119
|
-
endpoint Internal HTTP URL, for example http://agent.local/chat.
|
|
120
|
-
The CLI sends attack prompts to this endpoint and scans responses.
|
|
121
|
-
|
|
122
|
-
mcp Either stdio command + args, or an already-running HTTP/SSE MCP URL.
|
|
123
|
-
Stdio example: node ./mcp-server.js
|
|
124
|
-
HTTP/HTTPS examples: http://mcp.internal/mcp or https://internal.company.com/mcp
|
|
125
|
-
Legacy SSE example: https://internal.company.com/sse
|
|
126
|
-
Secured HTTP MCP supports bearer, basic, and API-key auth.
|
|
127
|
-
|
|
128
|
-
rag File/directory path or live RAG HTTP endpoint.
|
|
129
|
-
Use --rag-path for local documents, or --rag-url for a RAG service.
|
|
130
|
-
|
|
131
|
-
\x1b[1mRecommended Commands:\x1b[0m
|
|
132
|
-
fullcourtdefense doctor
|
|
133
|
-
fullcourtdefense configure
|
|
134
|
-
fullcourtdefense scan --local
|
|
135
|
-
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
136
|
-
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token TOKEN --mcp-tool all --mode full --format report
|
|
137
|
-
fullcourtdefense scan --local --type rag --rag-path ./docs --format report
|
|
138
|
-
fullcourtdefense scan --local --type rag --rag-url http://rag.internal/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report
|
|
139
|
-
fullcourtdefense scan --local --type endpoint --endpoint http://agent.local/chat --method POST --mode full --format report
|
|
140
|
-
|
|
141
|
-
\x1b[1mScan Options:\x1b[0m
|
|
142
|
-
--local Run scan from this machine, inside your network
|
|
143
|
-
--open-ui Open localhost browser scan UI with all options
|
|
144
|
-
--type <type> Local scan type: endpoint, mcp, rag
|
|
145
|
-
--api-key <key> API key (or set FULLCOURTDEFENSE_API_KEY env var)
|
|
146
|
-
--api-url <url> API base URL (default: https://api.fullcourtdefense.ai)
|
|
147
|
-
--endpoint <url> Agent API endpoint to scan
|
|
148
|
-
--mcp-url <url> Already-running HTTP MCP server URL
|
|
149
|
-
--mcp-transport <t> MCP transport: stdio, http, or sse
|
|
150
|
-
--mcp-command <cmd> MCP server command, for example node or npx.cmd
|
|
151
|
-
--mcp-args <args> MCP server args/path, for example ./server.js
|
|
152
|
-
--mcp-tool <tool> MCP tool to test, or all
|
|
153
|
-
--server-name <name> MCP gateway server name for client installers
|
|
154
|
-
--clients <list> Gateway install clients: auto, all, cursor,
|
|
155
|
-
claude-code, claude-desktop
|
|
156
|
-
--developer-name <name> Runtime identity for user-scoped policies (auto-detected if omitted)
|
|
157
|
-
--agent-name <name> Runtime agent name (auto-generated from identity + client if omitted)
|
|
158
|
-
--scope <scope> Claude Code MCP scope: local, project, or user
|
|
159
|
-
--claude-code-scope <s> Claude Code scope for install-mcp-gateway
|
|
160
|
-
--cursor-project <bool> Cursor project config for install-mcp-gateway
|
|
161
|
-
--config-path <path> Claude Desktop config override path
|
|
162
|
-
--mcp-auth-type <type> HTTP MCP auth: none, bearer, basic, api-key
|
|
163
|
-
--mcp-token <token> HTTP MCP bearer token
|
|
164
|
-
--mcp-username <user> HTTP MCP basic username
|
|
165
|
-
--mcp-password <pass> HTTP MCP basic password
|
|
166
|
-
--mcp-api-key-header <h> HTTP MCP API-key header name
|
|
167
|
-
--mcp-api-key <key> HTTP MCP API key value
|
|
168
|
-
--rag-path <path> RAG file or directory to scan
|
|
169
|
-
--rag-url <url> Live RAG HTTP endpoint to scan
|
|
170
|
-
--shield-id <id> Shield ID for local outbound Shield verdicts
|
|
171
|
-
--shield-key <key> Optional Shield key for locked Shields
|
|
172
|
-
--method <GET|POST> Local endpoint method
|
|
173
|
-
--request-format <fmt> Local endpoint request format: custom or openai
|
|
174
|
-
--auth-type <type> none, bearer, basic, api-key
|
|
175
|
-
--description <text> Agent description
|
|
176
|
-
--system-prompt <text> System prompt (text or path to file)
|
|
177
|
-
--mode <sync|async> Hosted mode, or local mode: quick, full, targeted, deep
|
|
178
|
-
--categories <list> Comma-separated attack categories
|
|
179
|
-
--attack-count <n> Number of attacks to run
|
|
180
|
-
--progress <mode> MCP progress: verbose, compact, silent (default: verbose)
|
|
181
|
-
--fail-threshold <n> Exit code 1 if score below n (default: 0)
|
|
182
|
-
--format <fmt> Output: table, json, summary, report, full-report (default: table)
|
|
183
|
-
--open Open browser scan UI and saved local scan report
|
|
184
|
-
--open-ui Open only the browser scan UI before local execution
|
|
185
|
-
--no-open Do not open the browser during/after local scans
|
|
186
|
-
--webhook-format <fmt> Hosted webhook format, or legacy local request format
|
|
187
|
-
--config <path> Path to .fullcourtdefense.yml config file
|
|
188
|
-
|
|
189
|
-
\x1b[1mExamples:\x1b[0m
|
|
190
|
-
$ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
|
|
191
|
-
$ fullcourtdefense help
|
|
192
|
-
$ fullcourtdefense scan --local
|
|
193
|
-
$ fullcourtdefense scan --local --open-ui
|
|
194
|
-
$ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
|
|
195
|
-
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
|
|
196
|
-
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
|
|
197
|
-
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
|
|
198
|
-
$ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
|
|
199
|
-
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
200
|
-
$ fullcourtdefense discover
|
|
201
|
-
$ fullcourtdefense discover --upload
|
|
202
|
-
$ fullcourtdefense discover --type mcp --json
|
|
203
|
-
$ fullcourtdefense install-cursor-hook --shield-id <id> --shield-key <key>
|
|
204
|
-
$ fullcourtdefense install-cursor-hook --shadow true # monitor only
|
|
205
|
-
$ fullcourtdefense install-cursor-hook --events prompt,shell,mcp,file
|
|
206
|
-
$ fullcourtdefense install-cursor-hook --project true # this repo only
|
|
207
|
-
$ fullcourtdefense uninstall-cursor-hook
|
|
208
|
-
$ fullcourtdefense install-mcp-gateway --clients auto --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
209
|
-
$ fullcourtdefense install-mcp-gateway --clients all --mcp-command node --mcp-args ./server.js
|
|
210
|
-
$ fullcourtdefense install-cursor-mcp-gateway --project true --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
211
|
-
$ fullcourtdefense install-claude-code-mcp-gateway --scope local --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
212
|
-
$ fullcourtdefense install-claude-code-mcp-gateway --scope project --shield-id <id> --mcp-command npm --mcp-args "run mcp"
|
|
213
|
-
$ fullcourtdefense install-claude-desktop-mcp-gateway --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
214
|
-
$ fullcourtdefense mcp-gateway --shield-id <id> --mcp-command npm --mcp-args "run mcp"
|
|
215
|
-
$ fullcourtdefense configure
|
|
216
|
-
$ fullcourtdefense doctor
|
|
217
|
-
$ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
|
|
218
|
-
$ fullcourtdefense scan --config .fullcourtdefense.yml --format json
|
|
219
|
-
$ fullcourtdefense credits
|
|
220
|
-
$ fullcourtdefense init
|
|
221
|
-
|
|
222
|
-
\x1b[2mDocs: https://fullcourtdefense.ai/docs/cli\x1b[0m
|
|
56
|
+
console.log(`
|
|
57
|
+
\x1b[1m\x1b[36mFullCourtDefense CLI\x1b[0m v${VERSION}
|
|
58
|
+
Security scanning for AI agents from your terminal.
|
|
59
|
+
|
|
60
|
+
\x1b[1mUsage:\x1b[0m
|
|
61
|
+
fullcourtdefense <command> [options]
|
|
62
|
+
|
|
63
|
+
\x1b[1mCommands:\x1b[0m
|
|
64
|
+
help Show this onboarding guide and command reference.
|
|
65
|
+
doctor First step. Checks outbound HTTPS access to FullCourtDefense.
|
|
66
|
+
configure Saves Shield ID, Shield key, and API URL to .fullcourtdefense.yml.
|
|
67
|
+
scan Runs the scan. Use --local for inside-organization scans.
|
|
68
|
+
discover Finds MCP servers configured on this machine (Cursor, Claude,
|
|
69
|
+
VS Code, Windsurf) and reports their risk. Use --upload to add
|
|
70
|
+
them to your AI Inventory.
|
|
71
|
+
install-cursor-hook
|
|
72
|
+
Installs a Cursor hook so every AI prompt + agent action
|
|
73
|
+
(shell, MCP) on this machine is scanned by your Shield.
|
|
74
|
+
uninstall-cursor-hook
|
|
75
|
+
Removes the FullCourtDefense Cursor hook entries.
|
|
76
|
+
install-mcp-gateway
|
|
77
|
+
One command to install the AgentGuard MCP Gateway into detected
|
|
78
|
+
clients (Cursor, Claude Code, Claude Desktop).
|
|
79
|
+
mcp-gateway
|
|
80
|
+
Runs a local MCP gateway that checks AgentGuard runtime/action
|
|
81
|
+
policies before forwarding tool calls to a real MCP server.
|
|
82
|
+
install-cursor-mcp-gateway
|
|
83
|
+
Adds the AgentGuard MCP Gateway to Cursor's mcp.json.
|
|
84
|
+
install-claude-code-mcp-gateway
|
|
85
|
+
Adds the AgentGuard MCP Gateway to Claude Code using claude mcp add.
|
|
86
|
+
install-claude-desktop-mcp-gateway
|
|
87
|
+
Adds the AgentGuard MCP Gateway to Claude Desktop config.
|
|
88
|
+
hook Internal: invoked by Cursor per agent event (reads stdin JSON,
|
|
89
|
+
returns an allow/deny verdict). Not run by hand.
|
|
90
|
+
credits Shows hosted scan credits for CI/CD API-key scans.
|
|
91
|
+
init Creates a starter .fullcourtdefense.yml config file.
|
|
92
|
+
|
|
93
|
+
\x1b[1mNew User Process:\x1b[0m
|
|
94
|
+
1. In the web app, create a Shield.
|
|
95
|
+
Copy the Shield ID and Shield key from the Shield Integrate tab.
|
|
96
|
+
|
|
97
|
+
2. Check outbound connectivity from the customer machine:
|
|
98
|
+
fullcourtdefense doctor
|
|
99
|
+
This confirms the machine can reach https://api.fullcourtdefense.ai over HTTPS.
|
|
100
|
+
|
|
101
|
+
3. Save Shield credentials locally:
|
|
102
|
+
fullcourtdefense configure
|
|
103
|
+
This creates or updates .fullcourtdefense.yml.
|
|
104
|
+
|
|
105
|
+
4. Run a guided local scan:
|
|
106
|
+
fullcourtdefense scan --local
|
|
107
|
+
The CLI asks whether to scan endpoint, mcp, or rag.
|
|
108
|
+
To open the localhost web scan UI first:
|
|
109
|
+
fullcourtdefense scan --local --open-ui
|
|
110
|
+
|
|
111
|
+
5. Review results:
|
|
112
|
+
Use --format summary for CI, --format table for terminal view,
|
|
113
|
+
--format report for evidence, --format full-report for every row,
|
|
114
|
+
or --format json for raw output.
|
|
115
|
+
With a Shield key configured, reports are saved to the web Reports page
|
|
116
|
+
and the browser opens to the saved report. Use --no-open to suppress.
|
|
117
|
+
|
|
118
|
+
\x1b[1mLocal Destinations:\x1b[0m
|
|
119
|
+
endpoint Internal HTTP URL, for example http://agent.local/chat.
|
|
120
|
+
The CLI sends attack prompts to this endpoint and scans responses.
|
|
121
|
+
|
|
122
|
+
mcp Either stdio command + args, or an already-running HTTP/SSE MCP URL.
|
|
123
|
+
Stdio example: node ./mcp-server.js
|
|
124
|
+
HTTP/HTTPS examples: http://mcp.internal/mcp or https://internal.company.com/mcp
|
|
125
|
+
Legacy SSE example: https://internal.company.com/sse
|
|
126
|
+
Secured HTTP MCP supports bearer, basic, and API-key auth.
|
|
127
|
+
|
|
128
|
+
rag File/directory path or live RAG HTTP endpoint.
|
|
129
|
+
Use --rag-path for local documents, or --rag-url for a RAG service.
|
|
130
|
+
|
|
131
|
+
\x1b[1mRecommended Commands:\x1b[0m
|
|
132
|
+
fullcourtdefense doctor
|
|
133
|
+
fullcourtdefense configure
|
|
134
|
+
fullcourtdefense scan --local
|
|
135
|
+
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
136
|
+
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token TOKEN --mcp-tool all --mode full --format report
|
|
137
|
+
fullcourtdefense scan --local --type rag --rag-path ./docs --format report
|
|
138
|
+
fullcourtdefense scan --local --type rag --rag-url http://rag.internal/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report
|
|
139
|
+
fullcourtdefense scan --local --type endpoint --endpoint http://agent.local/chat --method POST --mode full --format report
|
|
140
|
+
|
|
141
|
+
\x1b[1mScan Options:\x1b[0m
|
|
142
|
+
--local Run scan from this machine, inside your network
|
|
143
|
+
--open-ui Open localhost browser scan UI with all options
|
|
144
|
+
--type <type> Local scan type: endpoint, mcp, rag
|
|
145
|
+
--api-key <key> API key (or set FULLCOURTDEFENSE_API_KEY env var)
|
|
146
|
+
--api-url <url> API base URL (default: https://api.fullcourtdefense.ai)
|
|
147
|
+
--endpoint <url> Agent API endpoint to scan
|
|
148
|
+
--mcp-url <url> Already-running HTTP MCP server URL
|
|
149
|
+
--mcp-transport <t> MCP transport: stdio, http, or sse
|
|
150
|
+
--mcp-command <cmd> MCP server command, for example node or npx.cmd
|
|
151
|
+
--mcp-args <args> MCP server args/path, for example ./server.js
|
|
152
|
+
--mcp-tool <tool> MCP tool to test, or all
|
|
153
|
+
--server-name <name> MCP gateway server name for client installers
|
|
154
|
+
--clients <list> Gateway install clients: auto, all, cursor,
|
|
155
|
+
claude-code, claude-desktop
|
|
156
|
+
--developer-name <name> Runtime identity for user-scoped policies (auto-detected if omitted)
|
|
157
|
+
--agent-name <name> Runtime agent name (auto-generated from identity + client if omitted)
|
|
158
|
+
--scope <scope> Claude Code MCP scope: local, project, or user
|
|
159
|
+
--claude-code-scope <s> Claude Code scope for install-mcp-gateway
|
|
160
|
+
--cursor-project <bool> Cursor project config for install-mcp-gateway
|
|
161
|
+
--config-path <path> Claude Desktop config override path
|
|
162
|
+
--mcp-auth-type <type> HTTP MCP auth: none, bearer, basic, api-key
|
|
163
|
+
--mcp-token <token> HTTP MCP bearer token
|
|
164
|
+
--mcp-username <user> HTTP MCP basic username
|
|
165
|
+
--mcp-password <pass> HTTP MCP basic password
|
|
166
|
+
--mcp-api-key-header <h> HTTP MCP API-key header name
|
|
167
|
+
--mcp-api-key <key> HTTP MCP API key value
|
|
168
|
+
--rag-path <path> RAG file or directory to scan
|
|
169
|
+
--rag-url <url> Live RAG HTTP endpoint to scan
|
|
170
|
+
--shield-id <id> Shield ID for local outbound Shield verdicts
|
|
171
|
+
--shield-key <key> Optional Shield key for locked Shields
|
|
172
|
+
--method <GET|POST> Local endpoint method
|
|
173
|
+
--request-format <fmt> Local endpoint request format: custom or openai
|
|
174
|
+
--auth-type <type> none, bearer, basic, api-key
|
|
175
|
+
--description <text> Agent description
|
|
176
|
+
--system-prompt <text> System prompt (text or path to file)
|
|
177
|
+
--mode <sync|async> Hosted mode, or local mode: quick, full, targeted, deep
|
|
178
|
+
--categories <list> Comma-separated attack categories
|
|
179
|
+
--attack-count <n> Number of attacks to run
|
|
180
|
+
--progress <mode> MCP progress: verbose, compact, silent (default: verbose)
|
|
181
|
+
--fail-threshold <n> Exit code 1 if score below n (default: 0)
|
|
182
|
+
--format <fmt> Output: table, json, summary, report, full-report (default: table)
|
|
183
|
+
--open Open browser scan UI and saved local scan report
|
|
184
|
+
--open-ui Open only the browser scan UI before local execution
|
|
185
|
+
--no-open Do not open the browser during/after local scans
|
|
186
|
+
--webhook-format <fmt> Hosted webhook format, or legacy local request format
|
|
187
|
+
--config <path> Path to .fullcourtdefense.yml config file
|
|
188
|
+
|
|
189
|
+
\x1b[1mExamples:\x1b[0m
|
|
190
|
+
$ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
|
|
191
|
+
$ fullcourtdefense help
|
|
192
|
+
$ fullcourtdefense scan --local
|
|
193
|
+
$ fullcourtdefense scan --local --open-ui
|
|
194
|
+
$ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
|
|
195
|
+
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
|
|
196
|
+
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
|
|
197
|
+
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
|
|
198
|
+
$ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
|
|
199
|
+
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
200
|
+
$ fullcourtdefense discover
|
|
201
|
+
$ fullcourtdefense discover --upload
|
|
202
|
+
$ fullcourtdefense discover --type mcp --json
|
|
203
|
+
$ fullcourtdefense install-cursor-hook --shield-id <id> --shield-key <key>
|
|
204
|
+
$ fullcourtdefense install-cursor-hook --shadow true # monitor only
|
|
205
|
+
$ fullcourtdefense install-cursor-hook --events prompt,shell,mcp,file
|
|
206
|
+
$ fullcourtdefense install-cursor-hook --project true # this repo only
|
|
207
|
+
$ fullcourtdefense uninstall-cursor-hook
|
|
208
|
+
$ fullcourtdefense install-mcp-gateway --clients auto --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
209
|
+
$ fullcourtdefense install-mcp-gateway --clients all --mcp-command node --mcp-args ./server.js
|
|
210
|
+
$ fullcourtdefense install-cursor-mcp-gateway --project true --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
211
|
+
$ fullcourtdefense install-claude-code-mcp-gateway --scope local --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
212
|
+
$ fullcourtdefense install-claude-code-mcp-gateway --scope project --shield-id <id> --mcp-command npm --mcp-args "run mcp"
|
|
213
|
+
$ fullcourtdefense install-claude-desktop-mcp-gateway --shield-id <id> --shield-key <key> --mcp-command npm --mcp-args "run mcp"
|
|
214
|
+
$ fullcourtdefense mcp-gateway --shield-id <id> --mcp-command npm --mcp-args "run mcp"
|
|
215
|
+
$ fullcourtdefense configure
|
|
216
|
+
$ fullcourtdefense doctor
|
|
217
|
+
$ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
|
|
218
|
+
$ fullcourtdefense scan --config .fullcourtdefense.yml --format json
|
|
219
|
+
$ fullcourtdefense credits
|
|
220
|
+
$ fullcourtdefense init
|
|
221
|
+
|
|
222
|
+
\x1b[2mDocs: https://fullcourtdefense.ai/docs/cli\x1b[0m
|
|
223
223
|
`);
|
|
224
224
|
}
|
|
225
225
|
async function main() {
|