fullcourtdefense-cli 1.7.26 → 1.7.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +232 -232
- package/dist/version.json +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -104,238 +104,238 @@ function parseArgs(argv) {
|
|
|
104
104
|
return { command, flags };
|
|
105
105
|
}
|
|
106
106
|
function printHelp() {
|
|
107
|
-
console.log(`
|
|
108
|
-
\x1b[1m\x1b[36mFullCourtDefense CLI\x1b[0m v${VERSION}
|
|
109
|
-
Security scanning for AI agents from your terminal.
|
|
110
|
-
|
|
111
|
-
\x1b[1mUsage:\x1b[0m
|
|
112
|
-
fullcourtdefense <command> [options]
|
|
113
|
-
|
|
114
|
-
\x1b[1mCommands:\x1b[0m
|
|
115
|
-
help Show this onboarding guide and command reference.
|
|
116
|
-
doctor First step. Checks outbound HTTPS access to FullCourtDefense.
|
|
117
|
-
login Enrolls this machine with a fleet enrollment token and saves
|
|
118
|
-
per-machine Shield credentials to ~/.fullcourtdefense.yml.
|
|
119
|
-
configure Legacy/manual setup: saves org API key, Organization ID,
|
|
120
|
-
Shield ID, and Shield key to ~/.fullcourtdefense.yml.
|
|
121
|
-
setup Same as configure — manual fallback when not using fleet login.
|
|
122
|
-
install-all One-click: protect existing MCP servers in every AI client and
|
|
123
|
-
install available runtime hooks for built-in actions. No folder path
|
|
124
|
-
or --mcp-command needed. Use --hooks false to skip runtime hooks.
|
|
125
|
-
install Alias for install-all.
|
|
126
|
-
scan Runs the scan. Use --local for inside-organization scans.
|
|
127
|
-
discover Finds MCP servers, local secrets, agent rules/skills, and machine
|
|
128
|
-
blast radius on this laptop. Use --surface all --upload for AI Fleet.
|
|
129
|
-
Use --schedule logon to upload inventory/posture at machine login.
|
|
130
|
-
agent-ci CI/CD gate for agents and tools only. Fails builds on risky MCP,
|
|
131
|
-
agent instruction, gateway, policy, or secret drift. Not a bot scan.
|
|
132
|
-
install-cursor-hook
|
|
133
|
-
Installs a Cursor hook so EVERY agent action on this machine is
|
|
134
|
-
checked against your org's Action Policies — in any repo/folder.
|
|
135
|
-
Prompts are scanned by your Shield; shell/MCP/file/read actions
|
|
136
|
-
are allowed, blocked, or paused for human approval per policy.
|
|
137
|
-
uninstall-cursor-hook
|
|
138
|
-
Removes the FullCourtDefense Cursor hook entries.
|
|
139
|
-
install-claude-hook
|
|
140
|
-
Installs Claude-format hooks in ~/.claude/settings.json — ONE file
|
|
141
|
-
enforces Action Policies + Local Safety rules in Claude Code,
|
|
142
|
-
VS Code Copilot agent mode, and GitHub Copilot CLI.
|
|
143
|
-
uninstall-claude-hook
|
|
144
|
-
Removes the FullCourtDefense Claude-format hook entries.
|
|
145
|
-
protect-all Auto-detect EVERY MCP server already configured in EVERY client
|
|
146
|
-
(Cursor, Claude Code/Desktop, Codex, Gemini, Windsurf, VS Code)
|
|
147
|
-
and wrap each through the Shield proxy — no --mcp-command needed.
|
|
148
|
-
Enforces your org Action Policies on every tool. --dry-run to preview.
|
|
149
|
-
Per-tool: --clients cursor (or claude-code, claude-desktop, codex,
|
|
150
|
-
gemini-cli, windsurf, vscode; comma-separated). Default: all tools.
|
|
151
|
-
unprotect-all
|
|
152
|
-
Reverse protect-all: restore every server to its original command.
|
|
153
|
-
Also supports --clients to target one tool, and --dry-run.
|
|
154
|
-
auto-protect
|
|
155
|
-
Self-healing: schedule protect-all to re-run automatically so any
|
|
156
|
-
server that loses the proxy is re-wrapped. --interval-minutes 60
|
|
157
|
-
(default) or --on-logon true. --uninstall true / --status true.
|
|
158
|
-
install-mcp-gateway
|
|
159
|
-
Install MCP gateway into selected clients (--clients all for every tool).
|
|
160
|
-
install-cursor-mcp-gateway
|
|
161
|
-
Cursor only — adds gateway to mcp.json.
|
|
162
|
-
install-claude-code-mcp-gateway
|
|
163
|
-
Claude Code only — uses claude mcp add or .mcp.json.
|
|
164
|
-
install-claude-desktop-mcp-gateway
|
|
165
|
-
Claude Desktop only.
|
|
166
|
-
install-codex-mcp-gateway
|
|
167
|
-
Codex only — writes ~/.codex/config.toml.
|
|
168
|
-
install-gemini-mcp-gateway
|
|
169
|
-
Gemini CLI only — writes settings.json mcpServers.
|
|
170
|
-
install-windsurf-mcp-gateway
|
|
171
|
-
Windsurf only.
|
|
172
|
-
install-vscode-mcp-gateway
|
|
173
|
-
VS Code only — .vscode/mcp.json or user settings.
|
|
174
|
-
mcp-gateway
|
|
175
|
-
Runs a local MCP gateway that checks AgentGuard runtime/action
|
|
176
|
-
policies before forwarding tool calls to a real MCP server.
|
|
177
|
-
hook Internal: invoked by Cursor per agent event (reads stdin JSON,
|
|
178
|
-
returns an allow/deny verdict). Not run by hand.
|
|
179
|
-
credits Shows hosted scan credits for CI/CD API-key scans.
|
|
180
|
-
init Creates a starter .fullcourtdefense.yml config file.
|
|
181
|
-
|
|
182
|
-
\x1b[1mNew User Process:\x1b[0m
|
|
183
|
-
1. In the web app, an org admin creates a fleet enrollment token:
|
|
184
|
-
AI Fleet → Settings → Fleet enrollment token.
|
|
185
|
-
|
|
186
|
-
2. Check outbound connectivity from the customer machine:
|
|
187
|
-
fullcourtdefense doctor
|
|
188
|
-
This confirms the machine can reach https://api.fullcourtdefense.ai over HTTPS.
|
|
189
|
-
|
|
190
|
-
3. Enroll this developer machine (one time):
|
|
191
|
-
fullcourtdefense login --token <fleet-enrollment-token>
|
|
192
|
-
Or set FCD_ENROLL_TOKEN and run: fullcourtdefense login
|
|
193
|
-
Saves per-machine Shield credentials to ~/.fullcourtdefense.yml —
|
|
194
|
-
install, discover --upload, scan, gateway, and hooks use it automatically.
|
|
195
|
-
|
|
196
|
-
4. One-click protect every AI client on this machine with Action Policies:
|
|
197
|
-
fullcourtdefense install-all
|
|
198
|
-
Verify installs:
|
|
199
|
-
fullcourtdefense protect-all --dry-run true
|
|
200
|
-
Or install one client: fullcourtdefense install-cursor-mcp-gateway ...
|
|
201
|
-
|
|
202
|
-
5. Run a guided local scan:
|
|
203
|
-
fullcourtdefense scan --local
|
|
204
|
-
The CLI asks whether to scan endpoint, mcp, or rag.
|
|
205
|
-
To open the localhost web scan UI first:
|
|
206
|
-
fullcourtdefense scan --local --open-ui
|
|
207
|
-
|
|
208
|
-
6. Review results:
|
|
209
|
-
Use --format summary for CI, --format table for terminal view,
|
|
210
|
-
--format report for evidence, --format full-report for every row,
|
|
211
|
-
or --format json for raw output.
|
|
212
|
-
With a Shield key configured, reports are saved to the web Reports page
|
|
213
|
-
and the browser opens to the saved report. Use --no-open to suppress.
|
|
214
|
-
|
|
215
|
-
\x1b[1mLocal Destinations:\x1b[0m
|
|
216
|
-
endpoint Internal HTTP URL, for example http://agent.local/chat.
|
|
217
|
-
The CLI sends attack prompts to this endpoint and scans responses.
|
|
218
|
-
|
|
219
|
-
mcp Either stdio command + args, or an already-running HTTP/SSE MCP URL.
|
|
220
|
-
Stdio example: node ./mcp-server.js
|
|
221
|
-
HTTP/HTTPS examples: http://mcp.internal/mcp or https://internal.company.com/mcp
|
|
222
|
-
Legacy SSE example: https://internal.company.com/sse
|
|
223
|
-
Secured HTTP MCP supports bearer, basic, and API-key auth.
|
|
224
|
-
|
|
225
|
-
rag File/directory path or live RAG HTTP endpoint.
|
|
226
|
-
Use --rag-path for local documents, or --rag-url for a RAG service.
|
|
227
|
-
|
|
228
|
-
\x1b[1mRecommended Commands:\x1b[0m
|
|
229
|
-
fullcourtdefense doctor
|
|
230
|
-
fullcourtdefense configure
|
|
231
|
-
fullcourtdefense agent-ci --fail-on high --require-gateway --format summary
|
|
232
|
-
fullcourtdefense agent-ci --fail-on high --format sarif --upload
|
|
233
|
-
fullcourtdefense scan --local
|
|
234
|
-
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
235
|
-
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token TOKEN --mcp-tool all --mode full --format report
|
|
236
|
-
fullcourtdefense scan --local --type rag --rag-path ./docs --format report
|
|
237
|
-
fullcourtdefense scan --local --type rag --rag-url http://rag.internal/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report
|
|
238
|
-
fullcourtdefense scan --local --type endpoint --endpoint http://agent.local/chat --method POST --mode full --format report
|
|
239
|
-
|
|
240
|
-
\x1b[1mScan Options:\x1b[0m
|
|
241
|
-
--local Run scan from this machine, inside your network
|
|
242
|
-
--open-ui Open localhost browser scan UI with all options
|
|
243
|
-
--type <type> Local scan type: endpoint, mcp, rag
|
|
244
|
-
--api-key <key> API key (or set FULLCOURTDEFENSE_API_KEY env var)
|
|
245
|
-
--api-url <url> API base URL (default: https://api.fullcourtdefense.ai)
|
|
246
|
-
--endpoint <url> Agent API endpoint to scan
|
|
247
|
-
--mcp-url <url> Already-running HTTP MCP server URL
|
|
248
|
-
--mcp-transport <t> MCP transport: stdio, http, or sse
|
|
249
|
-
--mcp-command <cmd> MCP server command, for example node or npx.cmd
|
|
250
|
-
--mcp-args <args> MCP server args/path, for example ./server.js
|
|
251
|
-
--mcp-tool <tool> MCP tool to test, or all
|
|
252
|
-
--server-name <name> MCP gateway server name for client installers
|
|
253
|
-
--clients <list> Gateway clients: all, auto, cursor, claude-code,
|
|
254
|
-
claude-desktop, codex, gemini-cli, windsurf, vscode
|
|
255
|
-
--developer-name <name> Runtime identity for user-scoped policies (auto-detected if omitted)
|
|
256
|
-
--agent-name <name> Runtime agent name (auto-generated from identity + client if omitted)
|
|
257
|
-
--scope <scope> Claude Code MCP scope: local, project, or user
|
|
258
|
-
--claude-code-scope <s> Claude Code scope for install-mcp-gateway
|
|
259
|
-
--cursor-project <bool> Cursor project config for install-mcp-gateway
|
|
260
|
-
--config-path <path> Claude Desktop config override path
|
|
261
|
-
--mcp-auth-type <type> HTTP MCP auth: none, bearer, basic, api-key
|
|
262
|
-
--mcp-token <token> HTTP MCP bearer token
|
|
263
|
-
--mcp-username <user> HTTP MCP basic username
|
|
264
|
-
--mcp-password <pass> HTTP MCP basic password
|
|
265
|
-
--mcp-api-key-header <h> HTTP MCP API-key header name
|
|
266
|
-
--mcp-api-key <key> HTTP MCP API key value
|
|
267
|
-
--rag-path <path> RAG file or directory to scan
|
|
268
|
-
--rag-url <url> Live RAG HTTP endpoint to scan
|
|
269
|
-
--shield-id <id> Shield ID for local outbound Shield verdicts
|
|
270
|
-
--shield-key <key> Optional Shield key for locked Shields
|
|
271
|
-
--fail-on <severity> agent-ci fail threshold: critical, high, medium, low
|
|
272
|
-
--require-gateway agent-ci requires risky MCP servers to use FCD gateway
|
|
273
|
-
--require-approval-for agent-ci risky controls list, e.g. payment,delete,shell,secrets
|
|
274
|
-
--require-upload agent-ci fails if evidence cannot upload to AgentGuard UI
|
|
275
|
-
--changed-only agent-ci limits findings to changed files
|
|
276
|
-
--changed-files <path> file or comma/newline list of changed files for agent-ci
|
|
277
|
-
--method <GET|POST> Local endpoint method
|
|
278
|
-
--request-format <fmt> Local endpoint request format: custom or openai
|
|
279
|
-
--auth-type <type> none, bearer, basic, api-key
|
|
280
|
-
--description <text> Agent description
|
|
281
|
-
--system-prompt <text> System prompt (text or path to file)
|
|
282
|
-
--mode <sync|async> Hosted mode, or local mode: quick, full, targeted, deep
|
|
283
|
-
--categories <list> Comma-separated attack categories
|
|
284
|
-
--attack-count <n> Number of attacks to run
|
|
285
|
-
--surface <list> Discover surfaces: mcp, secrets, agent-files, posture, all
|
|
286
|
-
--fail-threshold <n> Exit code 1 if score below n (default: 0)
|
|
287
|
-
--format <fmt> Output: table, json, summary, report, full-report (default: table)
|
|
288
|
-
--open Open browser scan UI and saved local scan report
|
|
289
|
-
--open-ui Open only the browser scan UI before local execution
|
|
290
|
-
--no-open Do not open the browser during/after local scans
|
|
291
|
-
--webhook-format <fmt> Hosted webhook format, or legacy local request format
|
|
292
|
-
--config <path> Path to .fullcourtdefense.yml config file
|
|
293
|
-
|
|
294
|
-
\x1b[1mExamples:\x1b[0m
|
|
295
|
-
$ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
|
|
296
|
-
$ fullcourtdefense help
|
|
297
|
-
$ fullcourtdefense scan --local
|
|
298
|
-
$ fullcourtdefense scan --local --open-ui
|
|
299
|
-
$ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
|
|
300
|
-
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
|
|
301
|
-
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
|
|
302
|
-
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
|
|
303
|
-
$ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
|
|
304
|
-
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
305
|
-
$ fullcourtdefense discover
|
|
306
|
-
$ fullcourtdefense discover --surface mcp
|
|
307
|
-
$ fullcourtdefense discover --surface all --upload
|
|
308
|
-
$ fullcourtdefense discover --surface secrets
|
|
309
|
-
$ fullcourtdefense discover --surface agent-files
|
|
310
|
-
$ fullcourtdefense discover --deep --upload --silent --user-email you@company.com
|
|
311
|
-
$ fullcourtdefense discover --type mcp --json
|
|
312
|
-
$ fullcourtdefense install-cursor-hook
|
|
313
|
-
$ fullcourtdefense install-cursor-hook --shadow true # monitor only
|
|
314
|
-
$ fullcourtdefense install-cursor-hook --events prompt,shell,mcp,file
|
|
315
|
-
$ fullcourtdefense install-cursor-hook --project true # this repo only
|
|
316
|
-
$ fullcourtdefense uninstall-cursor-hook
|
|
317
|
-
$ fullcourtdefense install-claude-hook # Claude Code + VS Code + Copilot CLI
|
|
318
|
-
$ fullcourtdefense install-claude-hook --events tools,prompt # also scan prompts
|
|
319
|
-
$ fullcourtdefense uninstall-claude-hook
|
|
320
|
-
$ fullcourtdefense install-mcp-gateway --clients auto --mcp-command npm --mcp-args "run mcp"
|
|
321
|
-
$ fullcourtdefense install-mcp-gateway --clients all --mcp-command npm --mcp-args "run mcp" --upload
|
|
322
|
-
$ fullcourtdefense install-cursor-mcp-gateway --project true --mcp-command npm --mcp-args "run mcp"
|
|
323
|
-
$ fullcourtdefense install-claude-code-mcp-gateway --scope local --mcp-command npm --mcp-args "run mcp"
|
|
324
|
-
$ fullcourtdefense install-claude-code-mcp-gateway --scope project --mcp-command npm --mcp-args "run mcp"
|
|
325
|
-
$ fullcourtdefense install-claude-desktop-mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
326
|
-
$ fullcourtdefense mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
327
|
-
$ fullcourtdefense login --token <fleet-enrollment-token>
|
|
328
|
-
$ fullcourtdefense install-all
|
|
329
|
-
$ fullcourtdefense install-all --auto-protect true --upload
|
|
330
|
-
$ fullcourtdefense discover --surface all --upload --schedule logon
|
|
331
|
-
$ fullcourtdefense install-mcp-gateway --clients cursor,codex --mcp-command npm --mcp-args "run mcp"
|
|
332
|
-
$ fullcourtdefense install-codex-mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
333
|
-
$ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
|
|
334
|
-
$ fullcourtdefense scan --config .fullcourtdefense.yml --format json
|
|
335
|
-
$ fullcourtdefense credits
|
|
336
|
-
$ fullcourtdefense init
|
|
337
|
-
|
|
338
|
-
\x1b[2mDocs: https://fullcourtdefense.ai/docs/cli\x1b[0m
|
|
107
|
+
console.log(`
|
|
108
|
+
\x1b[1m\x1b[36mFullCourtDefense CLI\x1b[0m v${VERSION}
|
|
109
|
+
Security scanning for AI agents from your terminal.
|
|
110
|
+
|
|
111
|
+
\x1b[1mUsage:\x1b[0m
|
|
112
|
+
fullcourtdefense <command> [options]
|
|
113
|
+
|
|
114
|
+
\x1b[1mCommands:\x1b[0m
|
|
115
|
+
help Show this onboarding guide and command reference.
|
|
116
|
+
doctor First step. Checks outbound HTTPS access to FullCourtDefense.
|
|
117
|
+
login Enrolls this machine with a fleet enrollment token and saves
|
|
118
|
+
per-machine Shield credentials to ~/.fullcourtdefense.yml.
|
|
119
|
+
configure Legacy/manual setup: saves org API key, Organization ID,
|
|
120
|
+
Shield ID, and Shield key to ~/.fullcourtdefense.yml.
|
|
121
|
+
setup Same as configure — manual fallback when not using fleet login.
|
|
122
|
+
install-all One-click: protect existing MCP servers in every AI client and
|
|
123
|
+
install available runtime hooks for built-in actions. No folder path
|
|
124
|
+
or --mcp-command needed. Use --hooks false to skip runtime hooks.
|
|
125
|
+
install Alias for install-all.
|
|
126
|
+
scan Runs the scan. Use --local for inside-organization scans.
|
|
127
|
+
discover Finds MCP servers, local secrets, agent rules/skills, and machine
|
|
128
|
+
blast radius on this laptop. Use --surface all --upload for AI Fleet.
|
|
129
|
+
Use --schedule logon to upload inventory/posture at machine login.
|
|
130
|
+
agent-ci CI/CD gate for agents and tools only. Fails builds on risky MCP,
|
|
131
|
+
agent instruction, gateway, policy, or secret drift. Not a bot scan.
|
|
132
|
+
install-cursor-hook
|
|
133
|
+
Installs a Cursor hook so EVERY agent action on this machine is
|
|
134
|
+
checked against your org's Action Policies — in any repo/folder.
|
|
135
|
+
Prompts are scanned by your Shield; shell/MCP/file/read actions
|
|
136
|
+
are allowed, blocked, or paused for human approval per policy.
|
|
137
|
+
uninstall-cursor-hook
|
|
138
|
+
Removes the FullCourtDefense Cursor hook entries.
|
|
139
|
+
install-claude-hook
|
|
140
|
+
Installs Claude-format hooks in ~/.claude/settings.json — ONE file
|
|
141
|
+
enforces Action Policies + Local Safety rules in Claude Code,
|
|
142
|
+
VS Code Copilot agent mode, and GitHub Copilot CLI.
|
|
143
|
+
uninstall-claude-hook
|
|
144
|
+
Removes the FullCourtDefense Claude-format hook entries.
|
|
145
|
+
protect-all Auto-detect EVERY MCP server already configured in EVERY client
|
|
146
|
+
(Cursor, Claude Code/Desktop, Codex, Gemini, Windsurf, VS Code)
|
|
147
|
+
and wrap each through the Shield proxy — no --mcp-command needed.
|
|
148
|
+
Enforces your org Action Policies on every tool. --dry-run to preview.
|
|
149
|
+
Per-tool: --clients cursor (or claude-code, claude-desktop, codex,
|
|
150
|
+
gemini-cli, windsurf, vscode; comma-separated). Default: all tools.
|
|
151
|
+
unprotect-all
|
|
152
|
+
Reverse protect-all: restore every server to its original command.
|
|
153
|
+
Also supports --clients to target one tool, and --dry-run.
|
|
154
|
+
auto-protect
|
|
155
|
+
Self-healing: schedule protect-all to re-run automatically so any
|
|
156
|
+
server that loses the proxy is re-wrapped. --interval-minutes 60
|
|
157
|
+
(default) or --on-logon true. --uninstall true / --status true.
|
|
158
|
+
install-mcp-gateway
|
|
159
|
+
Install MCP gateway into selected clients (--clients all for every tool).
|
|
160
|
+
install-cursor-mcp-gateway
|
|
161
|
+
Cursor only — adds gateway to mcp.json.
|
|
162
|
+
install-claude-code-mcp-gateway
|
|
163
|
+
Claude Code only — uses claude mcp add or .mcp.json.
|
|
164
|
+
install-claude-desktop-mcp-gateway
|
|
165
|
+
Claude Desktop only.
|
|
166
|
+
install-codex-mcp-gateway
|
|
167
|
+
Codex only — writes ~/.codex/config.toml.
|
|
168
|
+
install-gemini-mcp-gateway
|
|
169
|
+
Gemini CLI only — writes settings.json mcpServers.
|
|
170
|
+
install-windsurf-mcp-gateway
|
|
171
|
+
Windsurf only.
|
|
172
|
+
install-vscode-mcp-gateway
|
|
173
|
+
VS Code only — .vscode/mcp.json or user settings.
|
|
174
|
+
mcp-gateway
|
|
175
|
+
Runs a local MCP gateway that checks AgentGuard runtime/action
|
|
176
|
+
policies before forwarding tool calls to a real MCP server.
|
|
177
|
+
hook Internal: invoked by Cursor per agent event (reads stdin JSON,
|
|
178
|
+
returns an allow/deny verdict). Not run by hand.
|
|
179
|
+
credits Shows hosted scan credits for CI/CD API-key scans.
|
|
180
|
+
init Creates a starter .fullcourtdefense.yml config file.
|
|
181
|
+
|
|
182
|
+
\x1b[1mNew User Process:\x1b[0m
|
|
183
|
+
1. In the web app, an org admin creates a fleet enrollment token:
|
|
184
|
+
AI Fleet → Settings → Fleet enrollment token.
|
|
185
|
+
|
|
186
|
+
2. Check outbound connectivity from the customer machine:
|
|
187
|
+
fullcourtdefense doctor
|
|
188
|
+
This confirms the machine can reach https://api.fullcourtdefense.ai over HTTPS.
|
|
189
|
+
|
|
190
|
+
3. Enroll this developer machine (one time):
|
|
191
|
+
fullcourtdefense login --token <fleet-enrollment-token>
|
|
192
|
+
Or set FCD_ENROLL_TOKEN and run: fullcourtdefense login
|
|
193
|
+
Saves per-machine Shield credentials to ~/.fullcourtdefense.yml —
|
|
194
|
+
install, discover --upload, scan, gateway, and hooks use it automatically.
|
|
195
|
+
|
|
196
|
+
4. One-click protect every AI client on this machine with Action Policies:
|
|
197
|
+
fullcourtdefense install-all
|
|
198
|
+
Verify installs:
|
|
199
|
+
fullcourtdefense protect-all --dry-run true
|
|
200
|
+
Or install one client: fullcourtdefense install-cursor-mcp-gateway ...
|
|
201
|
+
|
|
202
|
+
5. Run a guided local scan:
|
|
203
|
+
fullcourtdefense scan --local
|
|
204
|
+
The CLI asks whether to scan endpoint, mcp, or rag.
|
|
205
|
+
To open the localhost web scan UI first:
|
|
206
|
+
fullcourtdefense scan --local --open-ui
|
|
207
|
+
|
|
208
|
+
6. Review results:
|
|
209
|
+
Use --format summary for CI, --format table for terminal view,
|
|
210
|
+
--format report for evidence, --format full-report for every row,
|
|
211
|
+
or --format json for raw output.
|
|
212
|
+
With a Shield key configured, reports are saved to the web Reports page
|
|
213
|
+
and the browser opens to the saved report. Use --no-open to suppress.
|
|
214
|
+
|
|
215
|
+
\x1b[1mLocal Destinations:\x1b[0m
|
|
216
|
+
endpoint Internal HTTP URL, for example http://agent.local/chat.
|
|
217
|
+
The CLI sends attack prompts to this endpoint and scans responses.
|
|
218
|
+
|
|
219
|
+
mcp Either stdio command + args, or an already-running HTTP/SSE MCP URL.
|
|
220
|
+
Stdio example: node ./mcp-server.js
|
|
221
|
+
HTTP/HTTPS examples: http://mcp.internal/mcp or https://internal.company.com/mcp
|
|
222
|
+
Legacy SSE example: https://internal.company.com/sse
|
|
223
|
+
Secured HTTP MCP supports bearer, basic, and API-key auth.
|
|
224
|
+
|
|
225
|
+
rag File/directory path or live RAG HTTP endpoint.
|
|
226
|
+
Use --rag-path for local documents, or --rag-url for a RAG service.
|
|
227
|
+
|
|
228
|
+
\x1b[1mRecommended Commands:\x1b[0m
|
|
229
|
+
fullcourtdefense doctor
|
|
230
|
+
fullcourtdefense configure
|
|
231
|
+
fullcourtdefense agent-ci --fail-on high --require-gateway --format summary
|
|
232
|
+
fullcourtdefense agent-ci --fail-on high --format sarif --upload
|
|
233
|
+
fullcourtdefense scan --local
|
|
234
|
+
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
235
|
+
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token TOKEN --mcp-tool all --mode full --format report
|
|
236
|
+
fullcourtdefense scan --local --type rag --rag-path ./docs --format report
|
|
237
|
+
fullcourtdefense scan --local --type rag --rag-url http://rag.internal/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report
|
|
238
|
+
fullcourtdefense scan --local --type endpoint --endpoint http://agent.local/chat --method POST --mode full --format report
|
|
239
|
+
|
|
240
|
+
\x1b[1mScan Options:\x1b[0m
|
|
241
|
+
--local Run scan from this machine, inside your network
|
|
242
|
+
--open-ui Open localhost browser scan UI with all options
|
|
243
|
+
--type <type> Local scan type: endpoint, mcp, rag
|
|
244
|
+
--api-key <key> API key (or set FULLCOURTDEFENSE_API_KEY env var)
|
|
245
|
+
--api-url <url> API base URL (default: https://api.fullcourtdefense.ai)
|
|
246
|
+
--endpoint <url> Agent API endpoint to scan
|
|
247
|
+
--mcp-url <url> Already-running HTTP MCP server URL
|
|
248
|
+
--mcp-transport <t> MCP transport: stdio, http, or sse
|
|
249
|
+
--mcp-command <cmd> MCP server command, for example node or npx.cmd
|
|
250
|
+
--mcp-args <args> MCP server args/path, for example ./server.js
|
|
251
|
+
--mcp-tool <tool> MCP tool to test, or all
|
|
252
|
+
--server-name <name> MCP gateway server name for client installers
|
|
253
|
+
--clients <list> Gateway clients: all, auto, cursor, claude-code,
|
|
254
|
+
claude-desktop, codex, gemini-cli, windsurf, vscode
|
|
255
|
+
--developer-name <name> Runtime identity for user-scoped policies (auto-detected if omitted)
|
|
256
|
+
--agent-name <name> Runtime agent name (auto-generated from identity + client if omitted)
|
|
257
|
+
--scope <scope> Claude Code MCP scope: local, project, or user
|
|
258
|
+
--claude-code-scope <s> Claude Code scope for install-mcp-gateway
|
|
259
|
+
--cursor-project <bool> Cursor project config for install-mcp-gateway
|
|
260
|
+
--config-path <path> Claude Desktop config override path
|
|
261
|
+
--mcp-auth-type <type> HTTP MCP auth: none, bearer, basic, api-key
|
|
262
|
+
--mcp-token <token> HTTP MCP bearer token
|
|
263
|
+
--mcp-username <user> HTTP MCP basic username
|
|
264
|
+
--mcp-password <pass> HTTP MCP basic password
|
|
265
|
+
--mcp-api-key-header <h> HTTP MCP API-key header name
|
|
266
|
+
--mcp-api-key <key> HTTP MCP API key value
|
|
267
|
+
--rag-path <path> RAG file or directory to scan
|
|
268
|
+
--rag-url <url> Live RAG HTTP endpoint to scan
|
|
269
|
+
--shield-id <id> Shield ID for local outbound Shield verdicts
|
|
270
|
+
--shield-key <key> Optional Shield key for locked Shields
|
|
271
|
+
--fail-on <severity> agent-ci fail threshold: critical, high, medium, low
|
|
272
|
+
--require-gateway agent-ci requires risky MCP servers to use FCD gateway
|
|
273
|
+
--require-approval-for agent-ci risky controls list, e.g. payment,delete,shell,secrets
|
|
274
|
+
--require-upload agent-ci fails if evidence cannot upload to AgentGuard UI
|
|
275
|
+
--changed-only agent-ci limits findings to changed files
|
|
276
|
+
--changed-files <path> file or comma/newline list of changed files for agent-ci
|
|
277
|
+
--method <GET|POST> Local endpoint method
|
|
278
|
+
--request-format <fmt> Local endpoint request format: custom or openai
|
|
279
|
+
--auth-type <type> none, bearer, basic, api-key
|
|
280
|
+
--description <text> Agent description
|
|
281
|
+
--system-prompt <text> System prompt (text or path to file)
|
|
282
|
+
--mode <sync|async> Hosted mode, or local mode: quick, full, targeted, deep
|
|
283
|
+
--categories <list> Comma-separated attack categories
|
|
284
|
+
--attack-count <n> Number of attacks to run
|
|
285
|
+
--surface <list> Discover surfaces: mcp, secrets, agent-files, posture, all
|
|
286
|
+
--fail-threshold <n> Exit code 1 if score below n (default: 0)
|
|
287
|
+
--format <fmt> Output: table, json, summary, report, full-report (default: table)
|
|
288
|
+
--open Open browser scan UI and saved local scan report
|
|
289
|
+
--open-ui Open only the browser scan UI before local execution
|
|
290
|
+
--no-open Do not open the browser during/after local scans
|
|
291
|
+
--webhook-format <fmt> Hosted webhook format, or legacy local request format
|
|
292
|
+
--config <path> Path to .fullcourtdefense.yml config file
|
|
293
|
+
|
|
294
|
+
\x1b[1mExamples:\x1b[0m
|
|
295
|
+
$ fullcourtdefense scan --endpoint https://my-bot.com/chat --description "Support bot"
|
|
296
|
+
$ fullcourtdefense help
|
|
297
|
+
$ fullcourtdefense scan --local
|
|
298
|
+
$ fullcourtdefense scan --local --open-ui
|
|
299
|
+
$ fullcourtdefense scan --local --type endpoint --mode full --endpoint http://internal-agent/chat
|
|
300
|
+
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full
|
|
301
|
+
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp
|
|
302
|
+
$ fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full
|
|
303
|
+
$ fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full
|
|
304
|
+
$ fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report
|
|
305
|
+
$ fullcourtdefense discover
|
|
306
|
+
$ fullcourtdefense discover --surface mcp
|
|
307
|
+
$ fullcourtdefense discover --surface all --upload
|
|
308
|
+
$ fullcourtdefense discover --surface secrets
|
|
309
|
+
$ fullcourtdefense discover --surface agent-files
|
|
310
|
+
$ fullcourtdefense discover --deep --upload --silent --user-email you@company.com
|
|
311
|
+
$ fullcourtdefense discover --type mcp --json
|
|
312
|
+
$ fullcourtdefense install-cursor-hook
|
|
313
|
+
$ fullcourtdefense install-cursor-hook --shadow true # monitor only
|
|
314
|
+
$ fullcourtdefense install-cursor-hook --events prompt,shell,mcp,file
|
|
315
|
+
$ fullcourtdefense install-cursor-hook --project true # this repo only
|
|
316
|
+
$ fullcourtdefense uninstall-cursor-hook
|
|
317
|
+
$ fullcourtdefense install-claude-hook # Claude Code + VS Code + Copilot CLI
|
|
318
|
+
$ fullcourtdefense install-claude-hook --events tools,prompt # also scan prompts
|
|
319
|
+
$ fullcourtdefense uninstall-claude-hook
|
|
320
|
+
$ fullcourtdefense install-mcp-gateway --clients auto --mcp-command npm --mcp-args "run mcp"
|
|
321
|
+
$ fullcourtdefense install-mcp-gateway --clients all --mcp-command npm --mcp-args "run mcp" --upload
|
|
322
|
+
$ fullcourtdefense install-cursor-mcp-gateway --project true --mcp-command npm --mcp-args "run mcp"
|
|
323
|
+
$ fullcourtdefense install-claude-code-mcp-gateway --scope local --mcp-command npm --mcp-args "run mcp"
|
|
324
|
+
$ fullcourtdefense install-claude-code-mcp-gateway --scope project --mcp-command npm --mcp-args "run mcp"
|
|
325
|
+
$ fullcourtdefense install-claude-desktop-mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
326
|
+
$ fullcourtdefense mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
327
|
+
$ fullcourtdefense login --token <fleet-enrollment-token>
|
|
328
|
+
$ fullcourtdefense install-all
|
|
329
|
+
$ fullcourtdefense install-all --auto-protect true --upload
|
|
330
|
+
$ fullcourtdefense discover --surface all --upload --schedule logon
|
|
331
|
+
$ fullcourtdefense install-mcp-gateway --clients cursor,codex --mcp-command npm --mcp-args "run mcp"
|
|
332
|
+
$ fullcourtdefense install-codex-mcp-gateway --mcp-command npm --mcp-args "run mcp"
|
|
333
|
+
$ fullcourtdefense scan --system-prompt ./prompts/system.md --fail-threshold 80
|
|
334
|
+
$ fullcourtdefense scan --config .fullcourtdefense.yml --format json
|
|
335
|
+
$ fullcourtdefense credits
|
|
336
|
+
$ fullcourtdefense init
|
|
337
|
+
|
|
338
|
+
\x1b[2mDocs: https://fullcourtdefense.ai/docs/cli\x1b[0m
|
|
339
339
|
`);
|
|
340
340
|
}
|
|
341
341
|
async function main() {
|
package/dist/version.json
CHANGED