fullcourtdefense-cli 1.7.22 → 1.7.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,690 +1,690 @@
1
- # FullCourtDefense CLI
2
-
3
- [Full Court Defense](https://fullcourtdefense.ai/) is an AI agent security platform and runtime firewall for teams shipping LLM apps, agentic workflows, MCP tools, and RAG systems. We help builders find and block prompt injection, jailbreaks, data exfiltration, unsafe tool use, and poisoned retrieval content before those failures reach production.
4
-
5
- The FullCourtDefense CLI brings that security workflow to your terminal. It can run hosted CI/CD scans against public agents, or local in-organization scans against private APIs, MCP servers, RAG document corpora, and live RAG services. Local scans execute from your machine or VPN, then send captured content outbound to your Shield for verdicts and saved web reports.
6
-
7
- ## Install
8
-
9
- ```bash
10
- npm install -g fullcourtdefense-cli
11
- # or run directly
12
- npx fullcourtdefense-cli scan
13
- ```
14
-
15
- ## Quick Start
16
-
17
- ```bash
18
- # Show onboarding help
19
- fullcourtdefense help
20
-
21
- # 1. Check outbound HTTPS from the customer machine
22
- fullcourtdefense doctor
23
-
24
- # 2. Save Shield ID and Shield key
25
- fullcourtdefense configure
26
-
27
- # 3. Run an in-organization local scan with guided questions
28
- fullcourtdefense scan --local
29
-
30
- # 4. Run a detailed MCP report
31
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
32
-
33
- # Hosted CI/CD scan, if using an API key instead of local Shield scan
34
- fullcourtdefense scan --api-key YOUR_KEY --endpoint https://my-agent.com/chat --description "My chatbot"
35
-
36
- # Check remaining credits
37
- fullcourtdefense credits --api-key YOUR_KEY
38
-
39
- # Generate a config file
40
- fullcourtdefense init
41
- ```
42
-
43
- ## Command Guide
44
-
45
- - `fullcourtdefense help` — shows the full onboarding flow and command reference.
46
- - `fullcourtdefense doctor` — confirms outbound HTTPS to FullCourtDefense is open before scanning.
47
- - `fullcourtdefense configure` — saves Shield ID, Shield key, and API URL to `.fullcourtdefense.yml`.
48
- - `fullcourtdefense scan --local` — runs inside the customer network and asks whether to scan endpoint, MCP, or RAG.
49
- - `fullcourtdefense scan --local --type mcp ...` — launches a local stdio MCP server, calls tools, and sends tool responses to Shield.
50
- - `fullcourtdefense scan --local --type rag ...` — scans local RAG files/directories or a live RAG HTTP service.
51
- - `fullcourtdefense scan --local --type endpoint ...` — scans an internal HTTP/OpenAI-compatible endpoint.
52
- - `fullcourtdefense install-cursor-mcp-gateway ...` — registers the protected MCP gateway in Cursor.
53
- - `fullcourtdefense install-claude-code-mcp-gateway ...` — registers the protected MCP gateway in Claude Code.
54
- - `fullcourtdefense install-claude-desktop-mcp-gateway ...` — registers the protected MCP gateway in Claude Desktop.
55
- - `fullcourtdefense credits` — checks hosted scan credits for CI/CD API-key scans.
56
- - `fullcourtdefense discover` — scans local MCP client configs and reports risk; `--upload` sends desktop inventory to AI Inventory.
57
- - `fullcourtdefense init` — creates a starter config file.
58
-
59
- ## Shadow AI / Desktop Discovery
60
-
61
- Find MCP servers configured on developer machines without reading chat history or spawning stdio servers by default:
62
-
63
- ```bash
64
- # Scan this machine and print results
65
- fullcourtdefense discover
66
-
67
- # JSON output (includes host fingerprint + servers)
68
- fullcourtdefense discover --json
69
-
70
- # Upload to AI Inventory (requires CI/CD API key with audit:write)
71
- fullcourtdefense discover --upload --api-key YOUR_KEY
72
-
73
- # Live-probe HTTP/SSE MCP servers for tools/list (stdio stays config-only)
74
- fullcourtdefense discover --deep
75
-
76
- # Fleet / MDM script — silent upload with user attribution
77
- fullcourtdefense discover --upload --silent --user-email you@company.com --api-key YOUR_KEY
78
-
79
- # Daily automatic scan on this laptop (uses API key from env or ~/.fullcourtdefense.yml)
80
- fullcourtdefense discover --schedule daily --user-email you@company.com
81
-
82
- # Remove daily schedule
83
- fullcourtdefense discover --unschedule true
84
-
85
- # Scan an extra config path
86
- fullcourtdefense discover --path /path/to/mcp.json
87
- ```
88
-
89
- Each upload includes host metadata (`machineId`, `hostname`, `platform`, `user`) so the same MCP server on different laptops appears as separate desktop inventory rows. The CLI is also available as `fcd` or `botguard` after global install.
90
-
91
- ## Config File
92
-
93
- Create a `.fullcourtdefense.yml` to avoid passing flags every time:
94
-
95
- ```yaml
96
- apiKey: ${FULLCOURTDEFENSE_API_KEY}
97
- apiUrl: https://api.fullcourtdefense.ai
98
- shieldId: sh_your_shield_id
99
- # shieldKey: shsk_optional_if_locked
100
- scan:
101
- endpoint: https://my-agent.com/chat
102
- description: "Customer support chatbot"
103
- categories: [jailbreak, prompt_injection, data_extraction]
104
- failThreshold: 80
105
- format: table
106
- ```
107
-
108
- Then just run:
109
-
110
- ```bash
111
- fullcourtdefense scan
112
- ```
113
-
114
- ## Modes
115
-
116
- Hosted scans use a CI/CD API key and scan a public or reachable agent endpoint through the FullCourtDefense backend.
117
-
118
- | Mode | Use When | Behavior |
119
- |---|---|---|
120
- | `--mode sync` | Small hosted scans from CI or a terminal | Waits for the hosted scan result before exiting. |
121
- | `--mode async` | Longer hosted scans | Starts a hosted job, polls until complete, then prints the result. |
122
-
123
- Local scans run from the customer machine or VPN and only send captured text outbound to Shield for verdicts.
124
-
125
- | Mode | Use When | Behavior |
126
- |---|---|---|
127
- | `--mode quick` | Smoke test before a demo or install handoff | Runs a small default attack set. |
128
- | `--mode full` | Real evidence report | Runs the bundled 229+ attack corpus. |
129
- | `--mode targeted` | You know what the agent protects | Runs default plus targeted attacks and appends `--description` as focus context. |
130
- | `--mode deep` | Stress and broad regression testing | Runs the broad corpus plus deeper multi-step/stress cases. |
131
-
132
- ## Full Option Reference
133
-
134
- ### Global
135
-
136
- | Flag | Applies To | Description | Default |
137
- |---|---|---|---|
138
- | `--help`, `-h` | all commands | Show help. | — |
139
- | `--version`, `-v` | all commands | Print package version. | — |
140
- | `--config <path>` | scan/config | Path to `.fullcourtdefense.yml`, `.fullcourtdefense.yaml`, or legacy `.botguard.yml`. | auto-detect |
141
- | `--api-url <url>` | doctor/configure/scan | FullCourtDefense backend URL. | `https://api.fullcourtdefense.ai` |
142
-
143
- ### Shield And Hosted API
144
-
145
- | Flag | Applies To | Description | Default |
146
- |---|---|---|---|
147
- | `--api-key <key>` | hosted scan/credits | Hosted scan API key. Can also use `FULLCOURTDEFENSE_API_KEY` or legacy `BOTGUARD_API_KEY`. | config/env |
148
- | `--shield-id <id>` | local scan | Shield ID from the Shield Integrate tab. Can also use `FULLCOURTDEFENSE_SHIELD_ID`, `FCD_SHIELD_ID`, or `AGENTGUARD_SHIELD_ID`. | config/env/prompt |
149
- | `--shield-key <key>` | local scan | Optional Shield key for locked Shields. Can also use `FULLCOURTDEFENSE_SHIELD_KEY`, `FCD_SHIELD_KEY`, or `AGENTGUARD_SHIELD_KEY`. | config/env/prompt |
150
-
151
- ### Hosted Scan
152
-
153
- | Flag | Applies To | Description | Default |
154
- |---|---|---|---|
155
- | `--endpoint <url>` | hosted scan | Public/reachable AI agent API URL. | config |
156
- | `--description <text>` | hosted scan/local targeted | Agent description. For `--mode targeted`, also used as local focus context. | config |
157
- | `--system-prompt <text-or-path>` | hosted scan | System prompt text or path to a file. | config |
158
- | `--categories <list>` | hosted scan | Comma-separated attack categories. | all |
159
- | `--attack-count <n>` | hosted/local | Limit number of attacks. Useful for smoke tests. | mode default |
160
- | `--webhook-format <fmt>` | hosted scan | Webhook format: `n8n`, `make`, `zapier`, or `custom`. Legacy alias for local request format. | — |
161
-
162
- ### Local Target Selection
163
-
164
- | Flag | Applies To | Description | Default |
165
- |---|---|---|---|
166
- | `--local` | scan | Run from this machine, inside the customer's network/VPN. | false |
167
- | `--type <type>` | local scan | Local target type: `endpoint`, `mcp`, or `rag`. | prompt |
168
-
169
- ### Local HTTP API Endpoint
170
-
171
- | Flag | Applies To | Description | Default |
172
- |---|---|---|---|
173
- | `--endpoint <url>` | `--type endpoint` | Internal HTTP API URL, for example `http://agent.local/chat`. | prompt |
174
- | `--method <GET|POST>` | endpoint/rag-url | HTTP method. | prompt/`POST` |
175
- | `--request-format <fmt>` | endpoint/rag-url | Request body shape: `custom` or `openai`. | prompt/`custom` |
176
- | `--input-field <field>` | endpoint/rag-url | Request field that receives the attack prompt, for example `message`, `query`, `question`, or `input`. | `message` |
177
- | `--output-field <field>` | endpoint/rag-url | Response field containing the bot answer, for example `answer`, `response`, `text`, or `choices.0.message.content`. | auto-detect |
178
- | `--auth-type <type>` | endpoint/rag-url | HTTP auth type: `none`, `bearer`, `basic`, or `api-key`. | `none` |
179
- | `--username <user>` | endpoint/rag-url basic auth | Basic auth username. | prompt |
180
- | `--password <pass>` | endpoint/rag-url basic auth | Basic auth password. | prompt |
181
- | `--token <token>` | endpoint/rag-url bearer auth | Bearer token. | prompt |
182
- | `--api-key-header <header>` | endpoint/rag-url API-key auth | API key header name, for example `X-API-Key`. | `X-API-Key` |
183
- | `--endpoint-api-key <key>` | endpoint/rag-url API-key auth | API key value for the scanned endpoint. | prompt |
184
-
185
- ### MCP
186
-
187
- | Flag | Applies To | Description | Default |
188
- |---|---|---|---|
189
- | `--mcp-command <cmd>` | stdio MCP | Command that starts the MCP server, for example `node`, `python`, or `npx.cmd`. | prompt |
190
- | `--mcp-args <args>` | stdio MCP | Args passed to `--mcp-command`, for example `.\dist\server.js`. JSON array strings are also supported. | empty |
191
- | `--mcp-url <url>` | HTTP/SSE MCP | Already-running MCP URL, for example `https://internal.company.com/mcp`. | prompt |
192
- | `--mcp-transport <t>` | MCP | Transport: `stdio`, `http`, or `sse`. HTTP/SSE can usually be inferred from `--mcp-url`. | inferred |
193
- | `--mcp-tool <tool>` | MCP | Tool to scan, or `all` to scan every listed tool. | `all` when destination is provided |
194
- | `--mcp-tool-args <json>` | MCP | Tool args JSON. Use `{{attack}}` anywhere the current attack prompt should be inserted. | `{}` |
195
- | `--mcp-auth-type <type>` | HTTP/SSE MCP | Auth type: `none`, `bearer`, `basic`, or `api-key`. | `none` |
196
- | `--mcp-token <token>` | HTTP/SSE MCP bearer auth | Bearer token. | prompt |
197
- | `--mcp-username <user>` | HTTP/SSE MCP basic auth | Basic auth username. | prompt |
198
- | `--mcp-password <pass>` | HTTP/SSE MCP basic auth | Basic auth password. | prompt |
199
- | `--mcp-api-key-header <header>` | HTTP/SSE MCP API-key auth | API key header name. | `X-API-Key` |
200
- | `--mcp-api-key <key>` | HTTP/SSE MCP API-key auth | API key value. | prompt |
201
- | `--progress <mode>` | MCP | Console progress: `verbose`, `compact`, or `silent`. | `verbose` |
202
- | `--server-name <name>` | MCP gateway installers | MCP server name to write into the client config. | `agentguard-gateway` |
203
- | `--developer-name <name>` | MCP gateway installers | Runtime identity used for user-scoped Action Policies. Auto-detected from `FCD_DEVELOPER_NAME`, git email, npm username, or OS username. | auto |
204
- | `--agent-name <name>` | MCP gateway installers | Runtime agent name shown in AI Users. Auto-generated from runtime identity plus client, e.g. `boaz.lautman-claude-desktop`. | auto |
205
- | `--scope <scope>` | Claude Code gateway installer | Claude Code MCP scope: `local`, `project`, or `user`. | `local` |
206
- | `--config-path <path>` | Claude Desktop gateway installer | Override path to `claude_desktop_config.json`. | OS default |
207
-
208
- ### RAG
209
-
210
- | Flag | Applies To | Description | Default |
211
- |---|---|---|---|
212
- | `--rag-path <path>` | `--type rag` | Local RAG file or directory to scan as a corpus. Supports `.txt`, `.md`, `.json`, `.csv`, and `.html`. | prompt |
213
- | `--rag-url <url>` | `--type rag` | Live RAG HTTP endpoint to scan like an app. Uses the same HTTP flags as endpoint scans. | — |
214
-
215
- ### Output And CI
216
-
217
- | Flag | Applies To | Description | Default |
218
- |---|---|---|---|
219
- | `--mode <mode>` | scan | Hosted: `sync`, `async`. Local: `quick`, `full`, `targeted`, `deep`. | hosted `sync`, local `quick` |
220
- | `--format <fmt>` | scan | Output: `table`, `summary`, `report`, `full-report`, or `json`. | hosted `table`, local `summary` |
221
- | `--fail-threshold <n>` | scan | Exit with code 1 if score is below this 0-100 threshold. | `0` |
222
-
223
- ## Realistic Command Examples
224
-
225
- ### First-Time Setup
226
-
227
- Run these on the same machine that can reach the customer's private agent, MCP server, or RAG service:
228
-
229
- ```powershell
230
- fullcourtdefense doctor
231
- fullcourtdefense configure
232
- fullcourtdefense scan --local
233
- ```
234
-
235
- Expected `doctor` output:
236
-
237
- ```text
238
- BotGuard outbound diagnostic
239
- Target: https://api.fullcourtdefense.ai
240
-
241
- PASS outbound HTTPS open (200, 487ms)
242
- Checked: https://api.fullcourtdefense.ai/api/health/ping
243
- ```
244
-
245
- ### Hosted CI/CD Scan
246
-
247
- Use hosted scans when the agent endpoint is reachable by FullCourtDefense and you have a CI/CD API key.
248
-
249
- ```powershell
250
- $env:FULLCOURTDEFENSE_API_KEY = "bg_live_..."
251
- fullcourtdefense scan --endpoint "https://support-bot.example.com/chat" --description "Customer support chatbot" --mode sync --format summary --fail-threshold 80
252
- ```
253
-
254
- Async hosted scan for a longer job:
255
-
256
- ```powershell
257
- fullcourtdefense scan --api-key "bg_live_..." --endpoint "https://agent.example.com/chat" --description "Production sales assistant" --mode async --format report
258
- ```
259
-
260
- ### Local Modes
261
-
262
- Use quick mode first:
263
-
264
- ```powershell
265
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report
266
- ```
267
-
268
- Use full mode for evidence:
269
-
270
- ```powershell
271
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode full --format report
272
- ```
273
-
274
- Use targeted mode when you know the protected domain:
275
-
276
- ```powershell
277
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode targeted --description "Healthcare support bot with patient records and billing data" --format report
278
- ```
279
-
280
- Use deep mode for broad regression:
281
-
282
- ```powershell
283
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode deep --format full-report
284
- ```
285
-
286
- ### Local API Endpoint Examples
287
-
288
- Typical Express/FastAPI app:
289
-
290
- ```powershell
291
- fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report
292
- ```
293
-
294
- Query-style endpoint:
295
-
296
- ```powershell
297
- fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report
298
- ```
299
-
300
- OpenAI-compatible endpoint:
301
-
302
- ```powershell
303
- fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/v1/chat/completions" --method POST --request-format openai --mode full --format report
304
- ```
305
-
306
- ### MCP Examples
307
-
308
- Local stdio MCP server built from your repo:
309
-
310
- ```powershell
311
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool all --mode full --format report
312
- ```
313
-
314
- Filesystem MCP over `npx.cmd` on Windows:
315
-
316
- ```powershell
317
- fullcourtdefense scan --local --type mcp --mcp-command npx.cmd --mcp-args "-y @modelcontextprotocol/server-filesystem C:\company\docs" --mcp-tool all --mode full --format report
318
- ```
319
-
320
- Single MCP tool with attack inserted into an argument:
321
-
322
- ```powershell
323
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}", "limit": 5 }' --mode quick --format report
324
- ```
325
-
326
- Already-running HTTP MCP:
327
-
328
- ```powershell
329
- fullcourtdefense scan --local --type mcp --mcp-url "http://127.0.0.1:5066/mcp" --mcp-tool all --mode full --format report
330
- ```
331
-
332
- Secured HTTP MCP:
333
-
334
- ```powershell
335
- fullcourtdefense scan --local --type mcp --mcp-url "https://mcp.internal.company.com/mcp" --mcp-auth-type bearer --mcp-token "mcp_token_..." --mcp-tool all --mode full --format report
336
- ```
337
-
338
- ### MCP Gateway Install Examples
339
-
340
- Use the MCP gateway when you want Cursor, Claude Code, or Claude Desktop tool calls checked against AgentGuard runtime/action policies before they reach the real MCP server.
341
-
342
- Cursor project install:
343
-
344
- ```powershell
345
- fullcourtdefense install-cursor-mcp-gateway --project true --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
346
- ```
347
-
348
- Claude Code local install, private to you in the current project:
349
-
350
- ```powershell
351
- fullcourtdefense install-claude-code-mcp-gateway --scope local --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
352
- ```
353
-
354
- Claude Code project install, shared through `.mcp.json`:
355
-
356
- ```powershell
357
- fullcourtdefense install-claude-code-mcp-gateway --scope project --shield-id "sh_..." --mcp-command npm --mcp-args "run mcp"
358
- ```
359
-
360
- Claude Desktop install:
361
-
362
- ```powershell
363
- fullcourtdefense install-claude-desktop-mcp-gateway --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
364
- ```
365
-
366
- The gateway auto-detects runtime identity when `--developer-name` is omitted. Detection order is `FCD_DEVELOPER_NAME`, `FULLCOURTDEFENSE_DEVELOPER_NAME`, `AGENTGUARD_DEVELOPER_NAME`, `USER_EMAIL`, `git config user.email`, `npm whoami`, then OS username. Use `--developer-name` only when you want to override the detected employee/runtime identity.
367
-
368
- Direct gateway run for debugging:
369
-
370
- ```powershell
371
- fullcourtdefense mcp-gateway --agent-client claude-code --shield-id "sh_..." --mcp-command npm --mcp-args "run mcp"
372
- ```
373
-
374
- ### RAG Examples
375
-
376
- Scan local documents before ingestion:
377
-
378
- ```powershell
379
- fullcourtdefense scan --local --type rag --rag-path "C:\company\kb-docs" --mode full --format report
380
- ```
381
-
382
- Scan one suspicious file:
383
-
384
- ```powershell
385
- fullcourtdefense scan --local --type rag --rag-path ".\docs\release-notes.md" --mode quick --format report
386
- ```
387
-
388
- Scan a live RAG service:
389
-
390
- ```powershell
391
- fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report
392
- ```
393
-
394
- Scan an OpenAI-compatible RAG service:
395
-
396
- ```powershell
397
- fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report
398
- ```
399
-
400
- ### Auth Examples
401
-
402
- Bearer auth for an internal agent:
403
-
404
- ```powershell
405
- fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type bearer --token "eyJ..." --mode full --format report
406
- ```
407
-
408
- Basic auth:
409
-
410
- ```powershell
411
- fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type basic --username "scanner" --password "scanner-password" --mode full --format report
412
- ```
413
-
414
- API key header:
415
-
416
- ```powershell
417
- fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type api-key --api-key-header X-Internal-Key --endpoint-api-key "internal_key_..." --mode full --format report
418
- ```
419
-
420
- ### CI Gate Examples
421
-
422
- Fail the build if score is below 80:
423
-
424
- ```powershell
425
- fullcourtdefense scan --api-key "$env:FULLCOURTDEFENSE_API_KEY" --endpoint "https://agent.example.com/chat" --description "Production support agent" --mode sync --format summary --fail-threshold 80
426
- ```
427
-
428
- Local CI against a service started earlier in the job:
429
-
430
- ```powershell
431
- fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format summary --fail-threshold 80
432
- ```
433
-
434
- ## In-Organization Local Scan
435
-
436
- Use local scan when the AI endpoint, MCP server, RAG service, or RAG corpus is only reachable from inside your organization. The CLI executes the local target, then sends the captured content outbound to your FullCourtDefense Shield for the real verdict.
437
-
438
- ```bash
439
- fullcourtdefense scan --local
440
- ```
441
-
442
- On first local scan, the CLI asks for your Shield ID and saves it to `.fullcourtdefense.yml`. You can also pass it directly:
443
-
444
- ```bash
445
- fullcourtdefense scan --local --shield-id sh_your_shield_id
446
- ```
447
-
448
- The CLI asks what to scan:
449
-
450
- - `endpoint` — internal HTTP API or OpenAI-compatible endpoint.
451
- - `mcp` — MCP destination. For stdio MCP, the destination is the command plus args needed to launch the server, for example `node ./mcp-server.js` or `npx.cmd -y @modelcontextprotocol/server-filesystem C:\data`. For an already-running HTTP/HTTPS or legacy SSE MCP server, the destination is `--mcp-url`.
452
- - `rag` — local file/directory of RAG documents/chunks, or a live RAG HTTP endpoint via `--rag-url`.
453
-
454
- ### Recommended Flow
455
-
456
- 1. Run `doctor` first from the customer machine. This confirms outbound HTTPS to FullCourtDefense works before you try a scan.
457
- 2. Run `configure` once. Paste the Shield ID and Shield key from the web app's Shield Integrate tab.
458
- 3. Pick the target type: API endpoint, MCP, RAG corpus, or live RAG service.
459
- 4. Use `--mode quick` for a smoke test, then `--mode full --format report` for evidence and web history.
460
-
461
- ```powershell
462
- fullcourtdefense doctor
463
- fullcourtdefense configure
464
- ```
465
-
466
- With a Shield key configured, local scans are saved to the web Reports history automatically.
467
-
468
- ### API Endpoint Scan
469
-
470
- Use this when the AI agent is a normal HTTP API, for example `/chat`, `/ask`, `/query`, or an OpenAI-compatible `/v1/chat/completions` route.
471
-
472
- For custom JSON APIs, tell the CLI which request field receives the attack prompt and which response field contains the bot answer:
473
-
474
- ```powershell
475
- fullcourtdefense scan --local --type endpoint --endpoint "http://internal-agent.local/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report
476
- ```
477
-
478
- Common custom field mappings:
479
-
480
- ```powershell
481
- # Request: { "query": "..." }, response: { "answer": "..." }
482
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/query" --method POST --request-format custom --input-field query --output-field answer --mode full --format report
483
-
484
- # GET endpoint: /ask?q=...
485
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/ask" --method GET --request-format custom --input-field q --output-field answer --mode quick --format report
486
- ```
487
-
488
- For OpenAI-compatible APIs:
489
-
490
- ```powershell
491
- fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/v1/chat/completions" --method POST --request-format openai --mode full --format report
492
- ```
493
-
494
- Authenticated API examples:
495
-
496
- ```powershell
497
- # Bearer token
498
- fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type bearer --token YOUR_TOKEN --mode full --format report
499
-
500
- # API key header
501
- fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type api-key --api-key-header X-API-Key --endpoint-api-key YOUR_KEY --mode full --format report
502
- ```
503
-
504
- ### MCP Scan
505
-
506
- Use this when the target exposes tools through the Model Context Protocol. The CLI calls the tool with attack prompts, captures the tool response, sends that response to Shield, and saves the report to history.
507
-
508
- For stdio MCP servers:
509
-
510
- ```powershell
511
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool all --mode full --format report
512
- ```
513
-
514
- For a single stdio tool with fixed args:
515
-
516
- ```powershell
517
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}" }' --mode quick --format report
518
- ```
519
-
520
- For already-running HTTP MCP servers:
521
-
522
- ```powershell
523
- fullcourtdefense scan --local --type mcp --mcp-url "http://mcp.internal.company.com/mcp" --mcp-tool all --mode full --format report
524
- ```
525
-
526
- For secured MCP servers:
527
-
528
- ```powershell
529
- # Bearer auth
530
- fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report
531
-
532
- # Basic auth
533
- fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report
534
-
535
- # API key header
536
- fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report
537
- ```
538
-
539
- For legacy SSE MCP:
540
-
541
- ```powershell
542
- fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url "https://internal.company.com/sse" --mcp-tool all --mode full --format report
543
- ```
544
-
545
- MCP progress controls:
546
-
547
- ```powershell
548
- fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress verbose --format report
549
- fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress compact --format summary
550
- ```
551
-
552
- ### RAG Corpus Scan
553
-
554
- Use this when you have local documents or chunks before they are indexed. The CLI reads `.txt`, `.md`, `.json`, `.csv`, and `.html` files, sends chunks to the RAG Shield endpoint, and saves the report as a RAG scan.
555
-
556
- ```powershell
557
- fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode quick --format report
558
- fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode full --format full-report
559
- ```
560
-
561
- Use corpus scan to find poisoned files before ingestion. Use live RAG scan when you need to test the actual retrieval service behavior.
562
-
563
- ### Live RAG Service Scan
564
-
565
- Use this when RAG is a running service, not just files. This is common for retrieval APIs that accept a question and return an answer with retrieved context.
566
-
567
- ```powershell
568
- fullcourtdefense scan --local --type rag --rag-url "http://rag.internal.company.com/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report
569
- ```
570
-
571
- Common live RAG shapes:
572
-
573
- ```powershell
574
- # Request: { "question": "..." }, response: { "answer": "..." }
575
- fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/chat" --method POST --request-format custom --input-field question --output-field answer --mode full --format report
576
-
577
- # Request: { "query": "..." }, response: { "result": "..." }
578
- fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report
579
-
580
- # OpenAI-compatible RAG endpoint
581
- fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report
582
- ```
583
-
584
- The web report will show `Agent Tested: Local full RAG endpoint scan: ...` and is saved with `scanType: rag`.
585
-
586
- ### Local Demo RAG Server
587
-
588
- This repository includes a deliberately vulnerable RAG service for testing the CLI flow:
589
-
590
- ```powershell
591
- $env:PORT = "5065"
592
- node samples\rag\rag-server.js
593
- ```
594
-
595
- In another terminal:
596
-
597
- ```powershell
598
- fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report
599
- ```
600
-
601
- The demo should fail because it echoes raw poisoned retrieved context. That is expected and proves the scanner is catching RAG poisoning.
602
-
603
- ### Older Compact Examples
604
-
605
- ```bash
606
- # Internal web API
607
- fullcourtdefense scan --local --type endpoint --endpoint http://internal-agent.local/chat --method POST --shield-id sh_your_shield_id
608
-
609
- # Internal OpenAI-compatible endpoint
610
- fullcourtdefense scan --local --type endpoint --endpoint http://localhost:8080/v1/chat/completions --webhook-format openai --shield-id sh_your_shield_id
611
-
612
- # MCP stdio server
613
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool search_docs --mcp-tool-args '{"query":"security policy"}' --shield-id sh_your_shield_id
614
-
615
- # Already-running HTTP or HTTPS MCP server
616
- fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp
617
- fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
618
- fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
619
-
620
- # Legacy SSE MCP server
621
- fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
622
-
623
- # Secured HTTP MCP server with bearer auth
624
- fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
625
-
626
- # Secured HTTP MCP server with basic auth
627
- fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
628
-
629
- # Secured HTTP MCP server with API-key auth
630
- fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
631
-
632
- # MCP full scan: all tools x bundled 229+ web attacks
633
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --shield-id sh_your_shield_id
634
-
635
- # MCP smoke test with same full corpus, limited to 10 attacks per tool
636
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --shield-id sh_your_shield_id
637
-
638
- # MCP evidence report: includes each attack sent, captured tool response, and Shield verdict
639
- fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --format report --shield-id sh_your_shield_id
640
-
641
- # MCP full scan with per-attack live progress
642
- fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --progress verbose --format report --shield-id sh_your_shield_id
643
-
644
- # RAG documents
645
- fullcourtdefense scan --local --type rag --rag-path ./docs --format table --shield-id sh_your_shield_id
646
-
647
- # Live RAG HTTP service
648
- fullcourtdefense scan --local --type rag --rag-url http://rag.internal.company.com/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report --shield-id sh_your_shield_id
649
- ```
650
-
651
- Local scans run from the machine executing the CLI, so they can reach private/VPN/internal targets without opening inbound firewall access. The only required network path is outbound HTTPS to your FullCourtDefense backend. With a Shield key configured, the CLI saves the completed scan into the same web Reports history used by hosted scans. The web report keeps every test row with bounded evidence text; use `--format report` or `--format json` locally for the full raw evidence artifact.
652
-
653
- When an MCP destination is provided (`--mcp-url` or `--mcp-command`), the CLI defaults to a full all-tools report scan with per-attack live progress. Use `--progress compact` for shorter logs, or `--progress silent` for CI logs.
654
-
655
- ## Outbound Diagnostic
656
-
657
- Use `doctor` before local scans to confirm the customer environment can reach the FullCourtDefense backend over outbound HTTPS:
658
-
659
- ```bash
660
- fullcourtdefense doctor
661
- fullcourtdefense doctor --api-url https://api.fullcourtdefense.ai
662
- ```
663
-
664
- It checks `GET /api/health/ping` and reports whether outbound TCP 443/HTTPS is open.
665
-
666
- ## CI/CD Usage
667
-
668
- The CLI returns exit code 1 when the score is below `--fail-threshold`, making it CI-friendly:
669
-
670
- ```bash
671
- fullcourtdefense scan --fail-threshold 80 --format summary
672
- ```
673
-
674
- For GitHub Actions, use [botguardai/security-scan](https://github.com/botguardai/security-scan) which wraps this CLI with PR comments and check status.
675
-
676
- ## Get Your API Key
677
-
678
- 1. Sign up at [fullcourtdefense.ai](https://fullcourtdefense.ai)
679
- 2. Go to **Account > API Keys**
680
- 3. Create a CI/CD key
681
-
682
- ## Related
683
-
684
- - [BotGuard](https://fullcourtdefense.ai) — Automated red-teaming & real-time firewall for AI agents
685
- - [GitHub Action](https://github.com/botguardai/security-scan) — CI/CD security scanning
686
- - [Attack Library](https://github.com/botguardai/llm-attacks) — 229+ open-source LLM attack templates
687
-
688
- ## License
689
-
690
- MIT
1
+ # FullCourtDefense CLI
2
+
3
+ [Full Court Defense](https://fullcourtdefense.ai/) is an AI agent security platform and runtime firewall for teams shipping LLM apps, agentic workflows, MCP tools, and RAG systems. We help builders find and block prompt injection, jailbreaks, data exfiltration, unsafe tool use, and poisoned retrieval content before those failures reach production.
4
+
5
+ The FullCourtDefense CLI brings that security workflow to your terminal. It can run hosted CI/CD scans against public agents, or local in-organization scans against private APIs, MCP servers, RAG document corpora, and live RAG services. Local scans execute from your machine or VPN, then send captured content outbound to your Shield for verdicts and saved web reports.
6
+
7
+ ## Install
8
+
9
+ ```bash
10
+ npm install -g fullcourtdefense-cli
11
+ # or run directly
12
+ npx fullcourtdefense-cli scan
13
+ ```
14
+
15
+ ## Quick Start
16
+
17
+ ```bash
18
+ # Show onboarding help
19
+ fullcourtdefense help
20
+
21
+ # 1. Check outbound HTTPS from the customer machine
22
+ fullcourtdefense doctor
23
+
24
+ # 2. Save Shield ID and Shield key
25
+ fullcourtdefense configure
26
+
27
+ # 3. Run an in-organization local scan with guided questions
28
+ fullcourtdefense scan --local
29
+
30
+ # 4. Run a detailed MCP report
31
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
32
+
33
+ # Hosted CI/CD scan, if using an API key instead of local Shield scan
34
+ fullcourtdefense scan --api-key YOUR_KEY --endpoint https://my-agent.com/chat --description "My chatbot"
35
+
36
+ # Check remaining credits
37
+ fullcourtdefense credits --api-key YOUR_KEY
38
+
39
+ # Generate a config file
40
+ fullcourtdefense init
41
+ ```
42
+
43
+ ## Command Guide
44
+
45
+ - `fullcourtdefense help` — shows the full onboarding flow and command reference.
46
+ - `fullcourtdefense doctor` — confirms outbound HTTPS to FullCourtDefense is open before scanning.
47
+ - `fullcourtdefense configure` — saves Shield ID, Shield key, and API URL to `.fullcourtdefense.yml`.
48
+ - `fullcourtdefense scan --local` — runs inside the customer network and asks whether to scan endpoint, MCP, or RAG.
49
+ - `fullcourtdefense scan --local --type mcp ...` — launches a local stdio MCP server, calls tools, and sends tool responses to Shield.
50
+ - `fullcourtdefense scan --local --type rag ...` — scans local RAG files/directories or a live RAG HTTP service.
51
+ - `fullcourtdefense scan --local --type endpoint ...` — scans an internal HTTP/OpenAI-compatible endpoint.
52
+ - `fullcourtdefense install-cursor-mcp-gateway ...` — registers the protected MCP gateway in Cursor.
53
+ - `fullcourtdefense install-claude-code-mcp-gateway ...` — registers the protected MCP gateway in Claude Code.
54
+ - `fullcourtdefense install-claude-desktop-mcp-gateway ...` — registers the protected MCP gateway in Claude Desktop.
55
+ - `fullcourtdefense credits` — checks hosted scan credits for CI/CD API-key scans.
56
+ - `fullcourtdefense discover` — scans local MCP client configs and reports risk; `--upload` sends desktop inventory to AI Inventory.
57
+ - `fullcourtdefense init` — creates a starter config file.
58
+
59
+ ## Shadow AI / Desktop Discovery
60
+
61
+ Find MCP servers configured on developer machines without reading chat history or spawning stdio servers by default:
62
+
63
+ ```bash
64
+ # Scan this machine and print results
65
+ fullcourtdefense discover
66
+
67
+ # JSON output (includes host fingerprint + servers)
68
+ fullcourtdefense discover --json
69
+
70
+ # Upload to AI Inventory (requires CI/CD API key with audit:write)
71
+ fullcourtdefense discover --upload --api-key YOUR_KEY
72
+
73
+ # Live-probe HTTP/SSE MCP servers for tools/list (stdio stays config-only)
74
+ fullcourtdefense discover --deep
75
+
76
+ # Fleet / MDM script — silent upload with user attribution
77
+ fullcourtdefense discover --upload --silent --user-email you@company.com --api-key YOUR_KEY
78
+
79
+ # Daily automatic scan on this laptop (uses API key from env or ~/.fullcourtdefense.yml)
80
+ fullcourtdefense discover --schedule daily --user-email you@company.com
81
+
82
+ # Remove daily schedule
83
+ fullcourtdefense discover --unschedule true
84
+
85
+ # Scan an extra config path
86
+ fullcourtdefense discover --path /path/to/mcp.json
87
+ ```
88
+
89
+ Each upload includes host metadata (`machineId`, `hostname`, `platform`, `user`) so the same MCP server on different laptops appears as separate desktop inventory rows. The CLI is also available as `fcd` or `botguard` after global install.
90
+
91
+ ## Config File
92
+
93
+ Create a `.fullcourtdefense.yml` to avoid passing flags every time:
94
+
95
+ ```yaml
96
+ apiKey: ${FULLCOURTDEFENSE_API_KEY}
97
+ apiUrl: https://api.fullcourtdefense.ai
98
+ shieldId: sh_your_shield_id
99
+ # shieldKey: shsk_optional_if_locked
100
+ scan:
101
+ endpoint: https://my-agent.com/chat
102
+ description: "Customer support chatbot"
103
+ categories: [jailbreak, prompt_injection, data_extraction]
104
+ failThreshold: 80
105
+ format: table
106
+ ```
107
+
108
+ Then just run:
109
+
110
+ ```bash
111
+ fullcourtdefense scan
112
+ ```
113
+
114
+ ## Modes
115
+
116
+ Hosted scans use a CI/CD API key and scan a public or reachable agent endpoint through the FullCourtDefense backend.
117
+
118
+ | Mode | Use When | Behavior |
119
+ |---|---|---|
120
+ | `--mode sync` | Small hosted scans from CI or a terminal | Waits for the hosted scan result before exiting. |
121
+ | `--mode async` | Longer hosted scans | Starts a hosted job, polls until complete, then prints the result. |
122
+
123
+ Local scans run from the customer machine or VPN and only send captured text outbound to Shield for verdicts.
124
+
125
+ | Mode | Use When | Behavior |
126
+ |---|---|---|
127
+ | `--mode quick` | Smoke test before a demo or install handoff | Runs a small default attack set. |
128
+ | `--mode full` | Real evidence report | Runs the bundled 229+ attack corpus. |
129
+ | `--mode targeted` | You know what the agent protects | Runs default plus targeted attacks and appends `--description` as focus context. |
130
+ | `--mode deep` | Stress and broad regression testing | Runs the broad corpus plus deeper multi-step/stress cases. |
131
+
132
+ ## Full Option Reference
133
+
134
+ ### Global
135
+
136
+ | Flag | Applies To | Description | Default |
137
+ |---|---|---|---|
138
+ | `--help`, `-h` | all commands | Show help. | — |
139
+ | `--version`, `-v` | all commands | Print package version. | — |
140
+ | `--config <path>` | scan/config | Path to `.fullcourtdefense.yml`, `.fullcourtdefense.yaml`, or legacy `.botguard.yml`. | auto-detect |
141
+ | `--api-url <url>` | doctor/configure/scan | FullCourtDefense backend URL. | `https://api.fullcourtdefense.ai` |
142
+
143
+ ### Shield And Hosted API
144
+
145
+ | Flag | Applies To | Description | Default |
146
+ |---|---|---|---|
147
+ | `--api-key <key>` | hosted scan/credits | Hosted scan API key. Can also use `FULLCOURTDEFENSE_API_KEY` or legacy `BOTGUARD_API_KEY`. | config/env |
148
+ | `--shield-id <id>` | local scan | Shield ID from the Shield Integrate tab. Can also use `FULLCOURTDEFENSE_SHIELD_ID`, `FCD_SHIELD_ID`, or `AGENTGUARD_SHIELD_ID`. | config/env/prompt |
149
+ | `--shield-key <key>` | local scan | Optional Shield key for locked Shields. Can also use `FULLCOURTDEFENSE_SHIELD_KEY`, `FCD_SHIELD_KEY`, or `AGENTGUARD_SHIELD_KEY`. | config/env/prompt |
150
+
151
+ ### Hosted Scan
152
+
153
+ | Flag | Applies To | Description | Default |
154
+ |---|---|---|---|
155
+ | `--endpoint <url>` | hosted scan | Public/reachable AI agent API URL. | config |
156
+ | `--description <text>` | hosted scan/local targeted | Agent description. For `--mode targeted`, also used as local focus context. | config |
157
+ | `--system-prompt <text-or-path>` | hosted scan | System prompt text or path to a file. | config |
158
+ | `--categories <list>` | hosted scan | Comma-separated attack categories. | all |
159
+ | `--attack-count <n>` | hosted/local | Limit number of attacks. Useful for smoke tests. | mode default |
160
+ | `--webhook-format <fmt>` | hosted scan | Webhook format: `n8n`, `make`, `zapier`, or `custom`. Legacy alias for local request format. | — |
161
+
162
+ ### Local Target Selection
163
+
164
+ | Flag | Applies To | Description | Default |
165
+ |---|---|---|---|
166
+ | `--local` | scan | Run from this machine, inside the customer's network/VPN. | false |
167
+ | `--type <type>` | local scan | Local target type: `endpoint`, `mcp`, or `rag`. | prompt |
168
+
169
+ ### Local HTTP API Endpoint
170
+
171
+ | Flag | Applies To | Description | Default |
172
+ |---|---|---|---|
173
+ | `--endpoint <url>` | `--type endpoint` | Internal HTTP API URL, for example `http://agent.local/chat`. | prompt |
174
+ | `--method <GET|POST>` | endpoint/rag-url | HTTP method. | prompt/`POST` |
175
+ | `--request-format <fmt>` | endpoint/rag-url | Request body shape: `custom` or `openai`. | prompt/`custom` |
176
+ | `--input-field <field>` | endpoint/rag-url | Request field that receives the attack prompt, for example `message`, `query`, `question`, or `input`. | `message` |
177
+ | `--output-field <field>` | endpoint/rag-url | Response field containing the bot answer, for example `answer`, `response`, `text`, or `choices.0.message.content`. | auto-detect |
178
+ | `--auth-type <type>` | endpoint/rag-url | HTTP auth type: `none`, `bearer`, `basic`, or `api-key`. | `none` |
179
+ | `--username <user>` | endpoint/rag-url basic auth | Basic auth username. | prompt |
180
+ | `--password <pass>` | endpoint/rag-url basic auth | Basic auth password. | prompt |
181
+ | `--token <token>` | endpoint/rag-url bearer auth | Bearer token. | prompt |
182
+ | `--api-key-header <header>` | endpoint/rag-url API-key auth | API key header name, for example `X-API-Key`. | `X-API-Key` |
183
+ | `--endpoint-api-key <key>` | endpoint/rag-url API-key auth | API key value for the scanned endpoint. | prompt |
184
+
185
+ ### MCP
186
+
187
+ | Flag | Applies To | Description | Default |
188
+ |---|---|---|---|
189
+ | `--mcp-command <cmd>` | stdio MCP | Command that starts the MCP server, for example `node`, `python`, or `npx.cmd`. | prompt |
190
+ | `--mcp-args <args>` | stdio MCP | Args passed to `--mcp-command`, for example `.\dist\server.js`. JSON array strings are also supported. | empty |
191
+ | `--mcp-url <url>` | HTTP/SSE MCP | Already-running MCP URL, for example `https://internal.company.com/mcp`. | prompt |
192
+ | `--mcp-transport <t>` | MCP | Transport: `stdio`, `http`, or `sse`. HTTP/SSE can usually be inferred from `--mcp-url`. | inferred |
193
+ | `--mcp-tool <tool>` | MCP | Tool to scan, or `all` to scan every listed tool. | `all` when destination is provided |
194
+ | `--mcp-tool-args <json>` | MCP | Tool args JSON. Use `{{attack}}` anywhere the current attack prompt should be inserted. | `{}` |
195
+ | `--mcp-auth-type <type>` | HTTP/SSE MCP | Auth type: `none`, `bearer`, `basic`, or `api-key`. | `none` |
196
+ | `--mcp-token <token>` | HTTP/SSE MCP bearer auth | Bearer token. | prompt |
197
+ | `--mcp-username <user>` | HTTP/SSE MCP basic auth | Basic auth username. | prompt |
198
+ | `--mcp-password <pass>` | HTTP/SSE MCP basic auth | Basic auth password. | prompt |
199
+ | `--mcp-api-key-header <header>` | HTTP/SSE MCP API-key auth | API key header name. | `X-API-Key` |
200
+ | `--mcp-api-key <key>` | HTTP/SSE MCP API-key auth | API key value. | prompt |
201
+ | `--progress <mode>` | MCP | Console progress: `verbose`, `compact`, or `silent`. | `verbose` |
202
+ | `--server-name <name>` | MCP gateway installers | MCP server name to write into the client config. | `agentguard-gateway` |
203
+ | `--developer-name <name>` | MCP gateway installers | Runtime identity used for user-scoped Action Policies. Auto-detected from `FCD_DEVELOPER_NAME`, git email, npm username, or OS username. | auto |
204
+ | `--agent-name <name>` | MCP gateway installers | Runtime agent name shown in AI Users. Auto-generated from runtime identity plus client, e.g. `boaz.lautman-claude-desktop`. | auto |
205
+ | `--scope <scope>` | Claude Code gateway installer | Claude Code MCP scope: `local`, `project`, or `user`. | `local` |
206
+ | `--config-path <path>` | Claude Desktop gateway installer | Override path to `claude_desktop_config.json`. | OS default |
207
+
208
+ ### RAG
209
+
210
+ | Flag | Applies To | Description | Default |
211
+ |---|---|---|---|
212
+ | `--rag-path <path>` | `--type rag` | Local RAG file or directory to scan as a corpus. Supports `.txt`, `.md`, `.json`, `.csv`, and `.html`. | prompt |
213
+ | `--rag-url <url>` | `--type rag` | Live RAG HTTP endpoint to scan like an app. Uses the same HTTP flags as endpoint scans. | — |
214
+
215
+ ### Output And CI
216
+
217
+ | Flag | Applies To | Description | Default |
218
+ |---|---|---|---|
219
+ | `--mode <mode>` | scan | Hosted: `sync`, `async`. Local: `quick`, `full`, `targeted`, `deep`. | hosted `sync`, local `quick` |
220
+ | `--format <fmt>` | scan | Output: `table`, `summary`, `report`, `full-report`, or `json`. | hosted `table`, local `summary` |
221
+ | `--fail-threshold <n>` | scan | Exit with code 1 if score is below this 0-100 threshold. | `0` |
222
+
223
+ ## Realistic Command Examples
224
+
225
+ ### First-Time Setup
226
+
227
+ Run these on the same machine that can reach the customer's private agent, MCP server, or RAG service:
228
+
229
+ ```powershell
230
+ fullcourtdefense doctor
231
+ fullcourtdefense configure
232
+ fullcourtdefense scan --local
233
+ ```
234
+
235
+ Expected `doctor` output:
236
+
237
+ ```text
238
+ BotGuard outbound diagnostic
239
+ Target: https://api.fullcourtdefense.ai
240
+
241
+ PASS outbound HTTPS open (200, 487ms)
242
+ Checked: https://api.fullcourtdefense.ai/api/health/ping
243
+ ```
244
+
245
+ ### Hosted CI/CD Scan
246
+
247
+ Use hosted scans when the agent endpoint is reachable by FullCourtDefense and you have a CI/CD API key.
248
+
249
+ ```powershell
250
+ $env:FULLCOURTDEFENSE_API_KEY = "bg_live_..."
251
+ fullcourtdefense scan --endpoint "https://support-bot.example.com/chat" --description "Customer support chatbot" --mode sync --format summary --fail-threshold 80
252
+ ```
253
+
254
+ Async hosted scan for a longer job:
255
+
256
+ ```powershell
257
+ fullcourtdefense scan --api-key "bg_live_..." --endpoint "https://agent.example.com/chat" --description "Production sales assistant" --mode async --format report
258
+ ```
259
+
260
+ ### Local Modes
261
+
262
+ Use quick mode first:
263
+
264
+ ```powershell
265
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report
266
+ ```
267
+
268
+ Use full mode for evidence:
269
+
270
+ ```powershell
271
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode full --format report
272
+ ```
273
+
274
+ Use targeted mode when you know the protected domain:
275
+
276
+ ```powershell
277
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode targeted --description "Healthcare support bot with patient records and billing data" --format report
278
+ ```
279
+
280
+ Use deep mode for broad regression:
281
+
282
+ ```powershell
283
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode deep --format full-report
284
+ ```
285
+
286
+ ### Local API Endpoint Examples
287
+
288
+ Typical Express/FastAPI app:
289
+
290
+ ```powershell
291
+ fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report
292
+ ```
293
+
294
+ Query-style endpoint:
295
+
296
+ ```powershell
297
+ fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report
298
+ ```
299
+
300
+ OpenAI-compatible endpoint:
301
+
302
+ ```powershell
303
+ fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/v1/chat/completions" --method POST --request-format openai --mode full --format report
304
+ ```
305
+
306
+ ### MCP Examples
307
+
308
+ Local stdio MCP server built from your repo:
309
+
310
+ ```powershell
311
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool all --mode full --format report
312
+ ```
313
+
314
+ Filesystem MCP over `npx.cmd` on Windows:
315
+
316
+ ```powershell
317
+ fullcourtdefense scan --local --type mcp --mcp-command npx.cmd --mcp-args "-y @modelcontextprotocol/server-filesystem C:\company\docs" --mcp-tool all --mode full --format report
318
+ ```
319
+
320
+ Single MCP tool with attack inserted into an argument:
321
+
322
+ ```powershell
323
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}", "limit": 5 }' --mode quick --format report
324
+ ```
325
+
326
+ Already-running HTTP MCP:
327
+
328
+ ```powershell
329
+ fullcourtdefense scan --local --type mcp --mcp-url "http://127.0.0.1:5066/mcp" --mcp-tool all --mode full --format report
330
+ ```
331
+
332
+ Secured HTTP MCP:
333
+
334
+ ```powershell
335
+ fullcourtdefense scan --local --type mcp --mcp-url "https://mcp.internal.company.com/mcp" --mcp-auth-type bearer --mcp-token "mcp_token_..." --mcp-tool all --mode full --format report
336
+ ```
337
+
338
+ ### MCP Gateway Install Examples
339
+
340
+ Use the MCP gateway when you want Cursor, Claude Code, or Claude Desktop tool calls checked against AgentGuard runtime/action policies before they reach the real MCP server.
341
+
342
+ Cursor project install:
343
+
344
+ ```powershell
345
+ fullcourtdefense install-cursor-mcp-gateway --project true --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
346
+ ```
347
+
348
+ Claude Code local install, private to you in the current project:
349
+
350
+ ```powershell
351
+ fullcourtdefense install-claude-code-mcp-gateway --scope local --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
352
+ ```
353
+
354
+ Claude Code project install, shared through `.mcp.json`:
355
+
356
+ ```powershell
357
+ fullcourtdefense install-claude-code-mcp-gateway --scope project --shield-id "sh_..." --mcp-command npm --mcp-args "run mcp"
358
+ ```
359
+
360
+ Claude Desktop install:
361
+
362
+ ```powershell
363
+ fullcourtdefense install-claude-desktop-mcp-gateway --shield-id "sh_..." --shield-key "shsk_..." --mcp-command npm --mcp-args "run mcp"
364
+ ```
365
+
366
+ The gateway auto-detects runtime identity when `--developer-name` is omitted. Detection order is `FCD_DEVELOPER_NAME`, `FULLCOURTDEFENSE_DEVELOPER_NAME`, `AGENTGUARD_DEVELOPER_NAME`, `USER_EMAIL`, `git config user.email`, `npm whoami`, then OS username. Use `--developer-name` only when you want to override the detected employee/runtime identity.
367
+
368
+ Direct gateway run for debugging:
369
+
370
+ ```powershell
371
+ fullcourtdefense mcp-gateway --agent-client claude-code --shield-id "sh_..." --mcp-command npm --mcp-args "run mcp"
372
+ ```
373
+
374
+ ### RAG Examples
375
+
376
+ Scan local documents before ingestion:
377
+
378
+ ```powershell
379
+ fullcourtdefense scan --local --type rag --rag-path "C:\company\kb-docs" --mode full --format report
380
+ ```
381
+
382
+ Scan one suspicious file:
383
+
384
+ ```powershell
385
+ fullcourtdefense scan --local --type rag --rag-path ".\docs\release-notes.md" --mode quick --format report
386
+ ```
387
+
388
+ Scan a live RAG service:
389
+
390
+ ```powershell
391
+ fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report
392
+ ```
393
+
394
+ Scan an OpenAI-compatible RAG service:
395
+
396
+ ```powershell
397
+ fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report
398
+ ```
399
+
400
+ ### Auth Examples
401
+
402
+ Bearer auth for an internal agent:
403
+
404
+ ```powershell
405
+ fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type bearer --token "eyJ..." --mode full --format report
406
+ ```
407
+
408
+ Basic auth:
409
+
410
+ ```powershell
411
+ fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type basic --username "scanner" --password "scanner-password" --mode full --format report
412
+ ```
413
+
414
+ API key header:
415
+
416
+ ```powershell
417
+ fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type api-key --api-key-header X-Internal-Key --endpoint-api-key "internal_key_..." --mode full --format report
418
+ ```
419
+
420
+ ### CI Gate Examples
421
+
422
+ Fail the build if score is below 80:
423
+
424
+ ```powershell
425
+ fullcourtdefense scan --api-key "$env:FULLCOURTDEFENSE_API_KEY" --endpoint "https://agent.example.com/chat" --description "Production support agent" --mode sync --format summary --fail-threshold 80
426
+ ```
427
+
428
+ Local CI against a service started earlier in the job:
429
+
430
+ ```powershell
431
+ fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format summary --fail-threshold 80
432
+ ```
433
+
434
+ ## In-Organization Local Scan
435
+
436
+ Use local scan when the AI endpoint, MCP server, RAG service, or RAG corpus is only reachable from inside your organization. The CLI executes the local target, then sends the captured content outbound to your FullCourtDefense Shield for the real verdict.
437
+
438
+ ```bash
439
+ fullcourtdefense scan --local
440
+ ```
441
+
442
+ On first local scan, the CLI asks for your Shield ID and saves it to `.fullcourtdefense.yml`. You can also pass it directly:
443
+
444
+ ```bash
445
+ fullcourtdefense scan --local --shield-id sh_your_shield_id
446
+ ```
447
+
448
+ The CLI asks what to scan:
449
+
450
+ - `endpoint` — internal HTTP API or OpenAI-compatible endpoint.
451
+ - `mcp` — MCP destination. For stdio MCP, the destination is the command plus args needed to launch the server, for example `node ./mcp-server.js` or `npx.cmd -y @modelcontextprotocol/server-filesystem C:\data`. For an already-running HTTP/HTTPS or legacy SSE MCP server, the destination is `--mcp-url`.
452
+ - `rag` — local file/directory of RAG documents/chunks, or a live RAG HTTP endpoint via `--rag-url`.
453
+
454
+ ### Recommended Flow
455
+
456
+ 1. Run `doctor` first from the customer machine. This confirms outbound HTTPS to FullCourtDefense works before you try a scan.
457
+ 2. Run `configure` once. Paste the Shield ID and Shield key from the web app's Shield Integrate tab.
458
+ 3. Pick the target type: API endpoint, MCP, RAG corpus, or live RAG service.
459
+ 4. Use `--mode quick` for a smoke test, then `--mode full --format report` for evidence and web history.
460
+
461
+ ```powershell
462
+ fullcourtdefense doctor
463
+ fullcourtdefense configure
464
+ ```
465
+
466
+ With a Shield key configured, local scans are saved to the web Reports history automatically.
467
+
468
+ ### API Endpoint Scan
469
+
470
+ Use this when the AI agent is a normal HTTP API, for example `/chat`, `/ask`, `/query`, or an OpenAI-compatible `/v1/chat/completions` route.
471
+
472
+ For custom JSON APIs, tell the CLI which request field receives the attack prompt and which response field contains the bot answer:
473
+
474
+ ```powershell
475
+ fullcourtdefense scan --local --type endpoint --endpoint "http://internal-agent.local/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report
476
+ ```
477
+
478
+ Common custom field mappings:
479
+
480
+ ```powershell
481
+ # Request: { "query": "..." }, response: { "answer": "..." }
482
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/query" --method POST --request-format custom --input-field query --output-field answer --mode full --format report
483
+
484
+ # GET endpoint: /ask?q=...
485
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/ask" --method GET --request-format custom --input-field q --output-field answer --mode quick --format report
486
+ ```
487
+
488
+ For OpenAI-compatible APIs:
489
+
490
+ ```powershell
491
+ fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/v1/chat/completions" --method POST --request-format openai --mode full --format report
492
+ ```
493
+
494
+ Authenticated API examples:
495
+
496
+ ```powershell
497
+ # Bearer token
498
+ fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type bearer --token YOUR_TOKEN --mode full --format report
499
+
500
+ # API key header
501
+ fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type api-key --api-key-header X-API-Key --endpoint-api-key YOUR_KEY --mode full --format report
502
+ ```
503
+
504
+ ### MCP Scan
505
+
506
+ Use this when the target exposes tools through the Model Context Protocol. The CLI calls the tool with attack prompts, captures the tool response, sends that response to Shield, and saves the report to history.
507
+
508
+ For stdio MCP servers:
509
+
510
+ ```powershell
511
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool all --mode full --format report
512
+ ```
513
+
514
+ For a single stdio tool with fixed args:
515
+
516
+ ```powershell
517
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}" }' --mode quick --format report
518
+ ```
519
+
520
+ For already-running HTTP MCP servers:
521
+
522
+ ```powershell
523
+ fullcourtdefense scan --local --type mcp --mcp-url "http://mcp.internal.company.com/mcp" --mcp-tool all --mode full --format report
524
+ ```
525
+
526
+ For secured MCP servers:
527
+
528
+ ```powershell
529
+ # Bearer auth
530
+ fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report
531
+
532
+ # Basic auth
533
+ fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report
534
+
535
+ # API key header
536
+ fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report
537
+ ```
538
+
539
+ For legacy SSE MCP:
540
+
541
+ ```powershell
542
+ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url "https://internal.company.com/sse" --mcp-tool all --mode full --format report
543
+ ```
544
+
545
+ MCP progress controls:
546
+
547
+ ```powershell
548
+ fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress verbose --format report
549
+ fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress compact --format summary
550
+ ```
551
+
552
+ ### RAG Corpus Scan
553
+
554
+ Use this when you have local documents or chunks before they are indexed. The CLI reads `.txt`, `.md`, `.json`, `.csv`, and `.html` files, sends chunks to the RAG Shield endpoint, and saves the report as a RAG scan.
555
+
556
+ ```powershell
557
+ fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode quick --format report
558
+ fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode full --format full-report
559
+ ```
560
+
561
+ Use corpus scan to find poisoned files before ingestion. Use live RAG scan when you need to test the actual retrieval service behavior.
562
+
563
+ ### Live RAG Service Scan
564
+
565
+ Use this when RAG is a running service, not just files. This is common for retrieval APIs that accept a question and return an answer with retrieved context.
566
+
567
+ ```powershell
568
+ fullcourtdefense scan --local --type rag --rag-url "http://rag.internal.company.com/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report
569
+ ```
570
+
571
+ Common live RAG shapes:
572
+
573
+ ```powershell
574
+ # Request: { "question": "..." }, response: { "answer": "..." }
575
+ fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/chat" --method POST --request-format custom --input-field question --output-field answer --mode full --format report
576
+
577
+ # Request: { "query": "..." }, response: { "result": "..." }
578
+ fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report
579
+
580
+ # OpenAI-compatible RAG endpoint
581
+ fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report
582
+ ```
583
+
584
+ The web report will show `Agent Tested: Local full RAG endpoint scan: ...` and is saved with `scanType: rag`.
585
+
586
+ ### Local Demo RAG Server
587
+
588
+ This repository includes a deliberately vulnerable RAG service for testing the CLI flow:
589
+
590
+ ```powershell
591
+ $env:PORT = "5065"
592
+ node samples\rag\rag-server.js
593
+ ```
594
+
595
+ In another terminal:
596
+
597
+ ```powershell
598
+ fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report
599
+ ```
600
+
601
+ The demo should fail because it echoes raw poisoned retrieved context. That is expected and proves the scanner is catching RAG poisoning.
602
+
603
+ ### Older Compact Examples
604
+
605
+ ```bash
606
+ # Internal web API
607
+ fullcourtdefense scan --local --type endpoint --endpoint http://internal-agent.local/chat --method POST --shield-id sh_your_shield_id
608
+
609
+ # Internal OpenAI-compatible endpoint
610
+ fullcourtdefense scan --local --type endpoint --endpoint http://localhost:8080/v1/chat/completions --webhook-format openai --shield-id sh_your_shield_id
611
+
612
+ # MCP stdio server
613
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool search_docs --mcp-tool-args '{"query":"security policy"}' --shield-id sh_your_shield_id
614
+
615
+ # Already-running HTTP or HTTPS MCP server
616
+ fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp
617
+ fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
618
+ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
619
+
620
+ # Legacy SSE MCP server
621
+ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
622
+
623
+ # Secured HTTP MCP server with bearer auth
624
+ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
625
+
626
+ # Secured HTTP MCP server with basic auth
627
+ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
628
+
629
+ # Secured HTTP MCP server with API-key auth
630
+ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
631
+
632
+ # MCP full scan: all tools x bundled 229+ web attacks
633
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --shield-id sh_your_shield_id
634
+
635
+ # MCP smoke test with same full corpus, limited to 10 attacks per tool
636
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --shield-id sh_your_shield_id
637
+
638
+ # MCP evidence report: includes each attack sent, captured tool response, and Shield verdict
639
+ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --format report --shield-id sh_your_shield_id
640
+
641
+ # MCP full scan with per-attack live progress
642
+ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --progress verbose --format report --shield-id sh_your_shield_id
643
+
644
+ # RAG documents
645
+ fullcourtdefense scan --local --type rag --rag-path ./docs --format table --shield-id sh_your_shield_id
646
+
647
+ # Live RAG HTTP service
648
+ fullcourtdefense scan --local --type rag --rag-url http://rag.internal.company.com/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report --shield-id sh_your_shield_id
649
+ ```
650
+
651
+ Local scans run from the machine executing the CLI, so they can reach private/VPN/internal targets without opening inbound firewall access. The only required network path is outbound HTTPS to your FullCourtDefense backend. With a Shield key configured, the CLI saves the completed scan into the same web Reports history used by hosted scans. The web report keeps every test row with bounded evidence text; use `--format report` or `--format json` locally for the full raw evidence artifact.
652
+
653
+ When an MCP destination is provided (`--mcp-url` or `--mcp-command`), the CLI defaults to a full all-tools report scan with per-attack live progress. Use `--progress compact` for shorter logs, or `--progress silent` for CI logs.
654
+
655
+ ## Outbound Diagnostic
656
+
657
+ Use `doctor` before local scans to confirm the customer environment can reach the FullCourtDefense backend over outbound HTTPS:
658
+
659
+ ```bash
660
+ fullcourtdefense doctor
661
+ fullcourtdefense doctor --api-url https://api.fullcourtdefense.ai
662
+ ```
663
+
664
+ It checks `GET /api/health/ping` and reports whether outbound TCP 443/HTTPS is open.
665
+
666
+ ## CI/CD Usage
667
+
668
+ The CLI returns exit code 1 when the score is below `--fail-threshold`, making it CI-friendly:
669
+
670
+ ```bash
671
+ fullcourtdefense scan --fail-threshold 80 --format summary
672
+ ```
673
+
674
+ For GitHub Actions, use [botguardai/security-scan](https://github.com/botguardai/security-scan) which wraps this CLI with PR comments and check status.
675
+
676
+ ## Get Your API Key
677
+
678
+ 1. Sign up at [fullcourtdefense.ai](https://fullcourtdefense.ai)
679
+ 2. Go to **Account > API Keys**
680
+ 3. Create a CI/CD key
681
+
682
+ ## Related
683
+
684
+ - [BotGuard](https://fullcourtdefense.ai) — Automated red-teaming & real-time firewall for AI agents
685
+ - [GitHub Action](https://github.com/botguardai/security-scan) — CI/CD security scanning
686
+ - [Attack Library](https://github.com/botguardai/llm-attacks) — 229+ open-source LLM attack templates
687
+
688
+ ## License
689
+
690
+ MIT