fullcourtdefense-cli 1.6.0 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,12 +1,16 @@
1
1
  import { BotGuardConfig } from '../config';
2
- import { InstallMcpGatewayArgs } from './mcpGateway';
3
- export interface InstallAllArgs extends InstallMcpGatewayArgs {
2
+ import { ProtectAllArgs } from './mcpGateway';
3
+ export interface InstallAllArgs extends ProtectAllArgs {
4
+ apiKey?: string;
5
+ cursorProject?: string;
6
+ upload?: string;
4
7
  hooks?: string;
5
8
  discover?: string;
9
+ autoProtect?: string;
10
+ intervalMinutes?: string;
6
11
  }
7
12
  /**
8
- * One-click install: MCP gateway into every supported AI client, optional
9
- * Cursor hooks, optional fleet upload. Hooks are opt-in because Action Policies
10
- * should be the default enforcement path for MCP tools.
13
+ * One-click install: discover/wrap every existing MCP server, install Cursor
14
+ * hooks for built-in Cursor actions, optional self-heal and fleet upload.
11
15
  */
12
16
  export declare function installAllCommand(args: InstallAllArgs, config: BotGuardConfig): Promise<void>;
@@ -5,10 +5,10 @@ const config_1 = require("../config");
5
5
  const discover_1 = require("./discover");
6
6
  const installCursorHook_1 = require("./installCursorHook");
7
7
  const mcpGateway_1 = require("./mcpGateway");
8
+ const autoProtect_1 = require("./autoProtect");
8
9
  /**
9
- * One-click install: MCP gateway into every supported AI client, optional
10
- * Cursor hooks, optional fleet upload. Hooks are opt-in because Action Policies
11
- * should be the default enforcement path for MCP tools.
10
+ * One-click install: discover/wrap every existing MCP server, install Cursor
11
+ * hooks for built-in Cursor actions, optional self-heal and fleet upload.
12
12
  */
13
13
  async function installAllCommand(args, config) {
14
14
  const creds = (0, config_1.requireCliSetup)(config, {
@@ -23,15 +23,17 @@ async function installAllCommand(args, config) {
23
23
  clients: args.clients || 'all',
24
24
  };
25
25
  console.log('\n\x1b[1m\x1b[36mFullCourtDefense — install all AI clients\x1b[0m');
26
- console.log('\x1b[2mMCP gateway + optional fleet upload. Cursor hooks are opt-in with --hooks true.\x1b[0m\n');
27
- await (0, mcpGateway_1.installMcpGatewayCommand)(gatewayArgs, config);
28
- if (args.hooks === 'true') {
26
+ console.log('\x1b[2mAuto-protect existing MCP servers + Cursor action hooks. No --mcp-command or folder path needed.\x1b[0m\n');
27
+ await (0, mcpGateway_1.protectAllCommand)(gatewayArgs, config);
28
+ if (args.hooks !== 'false') {
29
29
  console.log('\n\x1b[1mInstalling Cursor runtime hooks…\x1b[0m');
30
30
  const hookArgs = {
31
31
  shieldId: creds.shieldId,
32
32
  shieldKey: creds.shieldKey,
33
33
  apiUrl: creds.apiUrl,
34
34
  project: args.cursorProject,
35
+ events: 'shell,mcp',
36
+ failClosed: 'true',
35
37
  };
36
38
  try {
37
39
  await (0, installCursorHook_1.installCursorHookCommand)(hookArgs, config);
@@ -40,6 +42,13 @@ async function installAllCommand(args, config) {
40
42
  console.log(`Cursor hooks skipped: ${error instanceof Error ? error.message : String(error)}`);
41
43
  }
42
44
  }
45
+ if (args.autoProtect === 'true') {
46
+ console.log('\n\x1b[1mScheduling self-healing MCP protection…\x1b[0m');
47
+ await (0, autoProtect_1.autoProtectCommand)({
48
+ ...gatewayArgs,
49
+ intervalMinutes: args.intervalMinutes || '60',
50
+ }, config);
51
+ }
43
52
  if (args.discover === 'true' || args.upload === 'true') {
44
53
  console.log('\n\x1b[1mUploading desktop posture to AI Fleet…\x1b[0m');
45
54
  const discoverArgs = {
@@ -52,5 +61,5 @@ async function installAllCommand(args, config) {
52
61
  };
53
62
  await (0, discover_1.discoverCommand)(discoverArgs, config);
54
63
  }
55
- console.log('\n\x1b[32mDone.\x1b[0m Restart each AI client you use, then run \x1b[1mfullcourtdefense discover --surface mcp\x1b[0m to verify gateways.');
64
+ console.log('\n\x1b[32mDone.\x1b[0m Restart each AI client you use, then run \x1b[1mfullcourtdefense protect-all --dry-run true\x1b[0m to verify gateways.');
56
65
  }
@@ -109,8 +109,8 @@ async function installCursorHookCommand(args, config) {
109
109
  const projectScope = args.project === 'true';
110
110
  const shadow = args.shadow === 'true';
111
111
  const file = hooksJsonPath(projectScope);
112
- const requested = (args.events || 'prompt,shell,mcp')
113
- .split(',').map((e) => e.trim().toLowerCase()).filter(Boolean);
112
+ const requested = (args.events || 'shell,mcp')
113
+ .split(/[\s,]+/).map((e) => e.trim().toLowerCase()).filter(Boolean);
114
114
  const events = requested.filter((e) => EVENT_MAP[e]);
115
115
  if (events.length === 0) {
116
116
  console.error(`${COLOR.red}No valid events. Choose from: ${Object.keys(EVENT_MAP).join(', ')}${COLOR.reset}`);
@@ -125,9 +125,9 @@ async function installCursorHookCommand(args, config) {
125
125
  const json = readHooksJson(file);
126
126
  for (const e of events) {
127
127
  const { hookKey, flag, failClosedDefault, timeoutSec } = EVENT_MAP[e];
128
- const failClosed = args.failClosed !== undefined ? args.failClosed === 'true' : failClosedDefault;
128
+ const failClosed = e === 'prompt' ? false : (args.failClosed !== undefined ? args.failClosed === 'true' : failClosedDefault);
129
129
  const entry = {
130
- command: buildHookCommand(flag, { shadow, failClosed }),
130
+ command: buildHookCommand(flag, { shadow: e === 'prompt' ? true : shadow, failClosed }),
131
131
  timeout: timeoutSec,
132
132
  };
133
133
  if (failClosed)
package/dist/index.js CHANGED
@@ -113,7 +113,9 @@ function printHelp() {
113
113
  configure Saves org API key, Organization ID, Shield ID, and Shield key to ~/.fullcourtdefense.yml.
114
114
  After setup, other commands read credentials automatically — no --shield-id/--api-key needed.
115
115
  setup Same as configure — validates credentials against the server before saving.
116
- install-all One-click: MCP gateway in every AI client. Cursor hooks are opt-in.
116
+ install-all One-click: protect existing MCP servers in every AI client and
117
+ install Cursor hooks for built-in Cursor actions. No folder path
118
+ or --mcp-command needed. Use --hooks false to skip Cursor hooks.
117
119
  install Alias for install-all.
118
120
  scan Runs the scan. Use --local for inside-organization scans.
119
121
  discover Finds MCP servers, local secrets, agent rules/skills, and machine
@@ -174,8 +176,8 @@ function printHelp() {
174
176
  fullcourtdefense setup
175
177
  Saves to ~/.fullcourtdefense.yml — install, discover --upload, scan, gateway, and hooks use it automatically.
176
178
 
177
- 4. One-click protect every AI client on this machine with MCP Action Policies:
178
- fullcourtdefense install-all --mcp-command npm --mcp-args "run mcp"
179
+ 4. One-click protect every AI client on this machine with Action Policies:
180
+ fullcourtdefense install-all
179
181
  Verify installs:
180
182
  fullcourtdefense discover --surface mcp
181
183
  Or install one client: fullcourtdefense install-cursor-mcp-gateway ...
@@ -295,8 +297,8 @@ function printHelp() {
295
297
  $ fullcourtdefense install-claude-desktop-mcp-gateway --mcp-command npm --mcp-args "run mcp"
296
298
  $ fullcourtdefense mcp-gateway --mcp-command npm --mcp-args "run mcp"
297
299
  $ fullcourtdefense setup
298
- $ fullcourtdefense install-all --mcp-command npm --mcp-args "run mcp"
299
- $ fullcourtdefense install-all --mcp-command npm --mcp-args "run mcp" --upload
300
+ $ fullcourtdefense install-all
301
+ $ fullcourtdefense install-all --auto-protect true --upload
300
302
  $ fullcourtdefense install-mcp-gateway --clients cursor,codex --mcp-command npm --mcp-args "run mcp"
301
303
  $ fullcourtdefense install-codex-mcp-gateway --mcp-command npm --mcp-args "run mcp"
302
304
  $ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
@@ -505,6 +507,8 @@ async function main() {
505
507
  ...buildInstallArgs(),
506
508
  hooks: flags.hooks,
507
509
  discover: flags.discover,
510
+ autoProtect: flags['auto-protect'],
511
+ intervalMinutes: flags['interval-minutes'],
508
512
  };
509
513
  await (0, installAll_1.installAllCommand)(args, config);
510
514
  break;
package/dist/version.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "version": "1.6.0"
2
+ "version": "1.6.2"
3
3
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fullcourtdefense-cli",
3
- "version": "1.6.0",
3
+ "version": "1.6.2",
4
4
  "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
5
  "main": "dist/index.js",
6
6
  "bin": {