fullcourtdefense-cli 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,5 @@
1
1
  import { BotGuardConfig } from '../config';
2
+ import { type ShellAuditReport } from './windowsAudit';
2
3
  export type DiscoverSurface = 'mcp' | 'secrets' | 'agent-files' | 'posture';
3
4
  export interface DiscoverArgs {
4
5
  type?: string;
@@ -57,6 +58,8 @@ export interface DesktopDiscoveryHost {
57
58
  user: string;
58
59
  scannedAt: string;
59
60
  probeMode: 'config' | 'deep';
61
+ /** Windows-only: PowerShell audit coverage (ScriptBlock Logging + Transcription). */
62
+ shellAudit?: ShellAuditReport;
60
63
  }
61
64
  export declare function discoverCommand(args: DiscoverArgs, config: BotGuardConfig): Promise<void>;
62
65
  /** Upload-only discover — used after install-mcp-gateway --upload. */
@@ -47,6 +47,7 @@ const knownMcpServers_1 = require("./knownMcpServers");
47
47
  const discoverAgentFiles_1 = require("./discoverAgentFiles");
48
48
  const discoverBlastRadius_1 = require("./discoverBlastRadius");
49
49
  const discoverSecrets_1 = require("./discoverSecrets");
50
+ const windowsAudit_1 = require("./windowsAudit");
50
51
  const DEFAULT_API_URL = 'https://api.fullcourtdefense.ai';
51
52
  function parseSurfaces(args) {
52
53
  const raw = (args.surface || args.type || 'mcp').toLowerCase().trim();
@@ -101,6 +102,7 @@ function buildHostMetadata(userEmail, probeMode = 'config') {
101
102
  user: userEmail || info.username,
102
103
  scannedAt: new Date().toISOString(),
103
104
  probeMode,
105
+ shellAudit: (0, windowsAudit_1.getShellAuditReport)(),
104
106
  };
105
107
  }
106
108
  /** Where MCP client configs live — see discoverPaths.ts for the canonical list. */
@@ -10,6 +10,7 @@ export interface InstallAllArgs extends ProtectAllArgs {
10
10
  scheduleHour?: string;
11
11
  autoProtect?: string;
12
12
  intervalMinutes?: string;
13
+ windowsAudit?: string;
13
14
  }
14
15
  /**
15
16
  * One-click install: discover/wrap every existing MCP server, install Cursor
@@ -9,6 +9,7 @@ const discoverSchedule_1 = require("./discoverSchedule");
9
9
  const mcpGateway_1 = require("./mcpGateway");
10
10
  const autoProtect_1 = require("./autoProtect");
11
11
  const restartNotice_1 = require("./restartNotice");
12
+ const windowsAudit_1 = require("./windowsAudit");
12
13
  /**
13
14
  * One-click install: discover/wrap every existing MCP server, install Cursor
14
15
  * hooks for built-in Cursor actions, optional self-heal and fleet upload.
@@ -65,6 +66,33 @@ async function installAllCommand(args, config) {
65
66
  console.log(`Claude-format hooks skipped: ${error instanceof Error ? error.message : String(error)}`);
66
67
  }
67
68
  }
69
+ // Windows-wide command auditing — PowerShell ScriptBlock Logging + Transcription.
70
+ // Covers commands typed in ANY PowerShell (inside or outside the IDE), not just
71
+ // agent-driven actions. Requires ONE admin (UAC) approval; failure is a warning,
72
+ // never an install blocker — missing coverage shows on the fleet dashboard.
73
+ if (process.platform === 'win32' && args.windowsAudit !== 'false') {
74
+ console.log('\n\x1b[1mEnabling Windows PowerShell audit logging (ScriptBlock Logging + Transcription)…\x1b[0m');
75
+ try {
76
+ const current = (0, windowsAudit_1.getWindowsAuditStatus)();
77
+ if (current.scriptBlockLogging && current.transcription) {
78
+ console.log('\x1b[32m✓ Already enabled — every PowerShell command on this machine is logged.\x1b[0m');
79
+ }
80
+ else {
81
+ console.log('\x1b[2mWindows will show an admin approval prompt (UAC). Approve it to enable machine-wide command auditing.\x1b[0m');
82
+ const result = (0, windowsAudit_1.enableWindowsAudit)();
83
+ if (result.ok) {
84
+ console.log(`\x1b[32m✓ ${result.message}\x1b[0m`);
85
+ }
86
+ else {
87
+ console.log(`\x1b[33m⚠ Warning: ${result.message}\x1b[0m`);
88
+ console.log('\x1b[33m Installation continues — this machine will show as "audit logging missing" in the fleet dashboard.\x1b[0m');
89
+ }
90
+ }
91
+ }
92
+ catch (error) {
93
+ console.log(`\x1b[33m⚠ Warning: PowerShell audit logging step failed (${error instanceof Error ? error.message : String(error)}). Installation continues.\x1b[0m`);
94
+ }
95
+ }
68
96
  if (args.autoProtect === 'true') {
69
97
  console.log('\n\x1b[1mScheduling self-healing MCP protection…\x1b[0m');
70
98
  await (0, autoProtect_1.autoProtectCommand)({
@@ -0,0 +1,47 @@
1
+ export interface WindowsAuditStatus {
2
+ /** False on non-Windows platforms (audit logging is a Windows feature). */
3
+ supported: boolean;
4
+ scriptBlockLogging: boolean;
5
+ transcription: boolean;
6
+ transcriptionPath?: string;
7
+ checkedAt: string;
8
+ }
9
+ /** Shape reported to the backend (discovery host payload + heartbeat). */
10
+ export interface ShellAuditReport {
11
+ platform: string;
12
+ scriptBlockLogging: boolean;
13
+ transcription: boolean;
14
+ transcriptionPath?: string;
15
+ checkedAt: string;
16
+ }
17
+ /** Probe current audit coverage. Read-only, no elevation needed, never throws. */
18
+ export declare function getWindowsAuditStatus(): WindowsAuditStatus;
19
+ /**
20
+ * Compact status for the discovery host payload and telemetry heartbeat.
21
+ * Returns undefined on non-Windows so the field is simply omitted.
22
+ * Never throws — telemetry/discovery must not break on a probe failure.
23
+ */
24
+ export declare function getShellAuditReport(): ShellAuditReport | undefined;
25
+ export interface EnableWindowsAuditResult {
26
+ ok: boolean;
27
+ status: WindowsAuditStatus;
28
+ /** Human-readable outcome, printable as-is. */
29
+ message: string;
30
+ /** True when the user saw (and answered) a UAC elevation prompt. */
31
+ promptShown: boolean;
32
+ }
33
+ /**
34
+ * Enable ScriptBlock Logging + Transcription via ONE UAC elevation prompt.
35
+ * Skips silently when already fully enabled. Never throws; on any failure
36
+ * (UAC declined, no admin, GPO conflict) returns ok=false with a warning
37
+ * message — callers must treat that as non-blocking.
38
+ */
39
+ export declare function enableWindowsAudit(): EnableWindowsAuditResult;
40
+ export interface WindowsAuditArgs {
41
+ enable?: string;
42
+ }
43
+ /**
44
+ * `fullcourtdefense windows-audit` — show (default) or enable (--enable)
45
+ * Windows PowerShell audit coverage on this machine.
46
+ */
47
+ export declare function windowsAuditCommand(args: WindowsAuditArgs): Promise<void>;
@@ -0,0 +1,245 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.getWindowsAuditStatus = getWindowsAuditStatus;
37
+ exports.getShellAuditReport = getShellAuditReport;
38
+ exports.enableWindowsAudit = enableWindowsAudit;
39
+ exports.windowsAuditCommand = windowsAuditCommand;
40
+ const child_process_1 = require("child_process");
41
+ const fs = __importStar(require("fs"));
42
+ const os = __importStar(require("os"));
43
+ const path = __importStar(require("path"));
44
+ /**
45
+ * Windows PowerShell audit coverage — ScriptBlock Logging + Transcription.
46
+ *
47
+ * Both are built-in Windows engine features (no agent, no driver): once the
48
+ * HKLM policy keys are set, PowerShell itself records every script block it
49
+ * executes (event 4104 — including decoded/obfuscated code, scripts run as
50
+ * files, and PowerShell spawned by other processes) and writes full session
51
+ * transcripts. That closes the biggest endpoint blind spot: dangerous commands
52
+ * that never pass through an IDE hook or interactive prompt.
53
+ *
54
+ * The keys live under HKLM\SOFTWARE\Policies so writing them requires
55
+ * elevation — `enableWindowsAudit()` triggers ONE UAC prompt via
56
+ * `Start-Process -Verb RunAs`. Reading them needs no elevation, so coverage
57
+ * status is probed freely by `install-all`, `discover --upload`, and every
58
+ * telemetry heartbeat (which is how the fleet dashboard knows which machines
59
+ * are covered).
60
+ *
61
+ * Fail-open by design: enable failures (UAC declined, no admin rights,
62
+ * GPO-managed) NEVER block an install — they surface as a warning locally and
63
+ * as missing coverage in the Devices & MCP fleet view.
64
+ */
65
+ const SBL_KEY = 'HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging';
66
+ const TRANSCRIPTION_KEY = 'HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription';
67
+ /** Read a REG_DWORD value; returns undefined when the key/value is absent. */
68
+ function regDword(key, value) {
69
+ try {
70
+ const out = (0, child_process_1.execFileSync)('reg', ['query', key, '/v', value], {
71
+ encoding: 'utf8', windowsHide: true, timeout: 5000, stdio: ['ignore', 'pipe', 'ignore'],
72
+ });
73
+ const match = out.match(new RegExp(`${value}\\s+REG_DWORD\\s+0x([0-9a-fA-F]+)`));
74
+ return match ? parseInt(match[1], 16) : undefined;
75
+ }
76
+ catch {
77
+ return undefined; // key or value missing → not enabled
78
+ }
79
+ }
80
+ /** Read a REG_SZ value; returns undefined when the key/value is absent. */
81
+ function regString(key, value) {
82
+ try {
83
+ const out = (0, child_process_1.execFileSync)('reg', ['query', key, '/v', value], {
84
+ encoding: 'utf8', windowsHide: true, timeout: 5000, stdio: ['ignore', 'pipe', 'ignore'],
85
+ });
86
+ const match = out.match(new RegExp(`${value}\\s+REG_(?:EXPAND_)?SZ\\s+(.+)`));
87
+ return match ? match[1].trim() : undefined;
88
+ }
89
+ catch {
90
+ return undefined;
91
+ }
92
+ }
93
+ /** Probe current audit coverage. Read-only, no elevation needed, never throws. */
94
+ function getWindowsAuditStatus() {
95
+ const checkedAt = new Date().toISOString();
96
+ if (process.platform !== 'win32') {
97
+ return { supported: false, scriptBlockLogging: false, transcription: false, checkedAt };
98
+ }
99
+ return {
100
+ supported: true,
101
+ scriptBlockLogging: regDword(SBL_KEY, 'EnableScriptBlockLogging') === 1,
102
+ transcription: regDword(TRANSCRIPTION_KEY, 'EnableTranscripting') === 1,
103
+ transcriptionPath: regString(TRANSCRIPTION_KEY, 'OutputDirectory'),
104
+ checkedAt,
105
+ };
106
+ }
107
+ /**
108
+ * Compact status for the discovery host payload and telemetry heartbeat.
109
+ * Returns undefined on non-Windows so the field is simply omitted.
110
+ * Never throws — telemetry/discovery must not break on a probe failure.
111
+ */
112
+ function getShellAuditReport() {
113
+ try {
114
+ if (process.platform !== 'win32')
115
+ return undefined;
116
+ const status = getWindowsAuditStatus();
117
+ return {
118
+ platform: 'win32',
119
+ scriptBlockLogging: status.scriptBlockLogging,
120
+ transcription: status.transcription,
121
+ transcriptionPath: status.transcriptionPath,
122
+ checkedAt: status.checkedAt,
123
+ };
124
+ }
125
+ catch {
126
+ return undefined;
127
+ }
128
+ }
129
+ function defaultTranscriptDir() {
130
+ const programData = process.env.ProgramData || 'C:\\ProgramData';
131
+ return path.join(programData, 'FullCourtDefense', 'Transcripts');
132
+ }
133
+ /** The elevated payload: sets both policy keys + creates the transcript dir. */
134
+ function buildEnableScript(transcriptDir) {
135
+ return [
136
+ `$ErrorActionPreference = 'Stop'`,
137
+ `$sbl = 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging'`,
138
+ `New-Item -Path $sbl -Force | Out-Null`,
139
+ `New-ItemProperty -Path $sbl -Name EnableScriptBlockLogging -Value 1 -PropertyType DWord -Force | Out-Null`,
140
+ `$tr = 'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription'`,
141
+ `New-Item -Path $tr -Force | Out-Null`,
142
+ `New-ItemProperty -Path $tr -Name EnableTranscripting -Value 1 -PropertyType DWord -Force | Out-Null`,
143
+ `New-ItemProperty -Path $tr -Name EnableInvocationHeader -Value 1 -PropertyType DWord -Force | Out-Null`,
144
+ `$dir = '${transcriptDir.replace(/'/g, "''")}'`,
145
+ `New-Item -ItemType Directory -Path $dir -Force | Out-Null`,
146
+ `New-ItemProperty -Path $tr -Name OutputDirectory -Value $dir -PropertyType String -Force | Out-Null`,
147
+ ].join('\r\n') + '\r\n';
148
+ }
149
+ /**
150
+ * Enable ScriptBlock Logging + Transcription via ONE UAC elevation prompt.
151
+ * Skips silently when already fully enabled. Never throws; on any failure
152
+ * (UAC declined, no admin, GPO conflict) returns ok=false with a warning
153
+ * message — callers must treat that as non-blocking.
154
+ */
155
+ function enableWindowsAudit() {
156
+ const before = getWindowsAuditStatus();
157
+ if (!before.supported) {
158
+ return { ok: false, status: before, promptShown: false, message: 'PowerShell audit logging is a Windows feature — skipped on this OS.' };
159
+ }
160
+ if (before.scriptBlockLogging && before.transcription) {
161
+ return { ok: true, status: before, promptShown: false, message: 'PowerShell audit logging already enabled (ScriptBlock Logging + Transcription).' };
162
+ }
163
+ const transcriptDir = before.transcriptionPath || defaultTranscriptDir();
164
+ const scriptPath = path.join(os.tmpdir(), `fcd-enable-audit-${process.pid}.ps1`);
165
+ const elevatePath = path.join(os.tmpdir(), `fcd-elevate-audit-${process.pid}.ps1`);
166
+ let promptShown = false;
167
+ try {
168
+ fs.writeFileSync(scriptPath, buildEnableScript(transcriptDir), 'utf8');
169
+ // Outer (unelevated) launcher script asks Windows to run the payload
170
+ // elevated. Using -File for BOTH scripts avoids inline -Command quoting
171
+ // pitfalls (paths with spaces, nested quotes). -Wait blocks until the
172
+ // elevated child finishes so the recheck below is accurate; if the user
173
+ // clicks "No" on UAC, Start-Process throws and the launcher exits 1.
174
+ const quotedPayload = `"${scriptPath}"`.replace(/'/g, "''");
175
+ fs.writeFileSync(elevatePath, [
176
+ `$ErrorActionPreference = 'Stop'`,
177
+ `try {`,
178
+ ` $p = Start-Process -FilePath 'powershell.exe' -Verb RunAs -Wait -PassThru -WindowStyle Hidden -ArgumentList @('-NoProfile','-ExecutionPolicy','Bypass','-File','${quotedPayload}')`,
179
+ ` exit $p.ExitCode`,
180
+ `} catch {`,
181
+ ` exit 1`,
182
+ `}`,
183
+ ].join('\r\n') + '\r\n', 'utf8');
184
+ promptShown = true;
185
+ const result = (0, child_process_1.spawnSync)('powershell.exe', [
186
+ '-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Bypass', '-File', elevatePath,
187
+ ], { encoding: 'utf8', windowsHide: true, timeout: 120000 });
188
+ const after = getWindowsAuditStatus();
189
+ if (after.scriptBlockLogging && after.transcription) {
190
+ return {
191
+ ok: true, status: after, promptShown,
192
+ message: `PowerShell audit logging enabled — ScriptBlock Logging + Transcription (transcripts: ${after.transcriptionPath || transcriptDir}).`,
193
+ };
194
+ }
195
+ const declined = result.status !== 0;
196
+ return {
197
+ ok: false, status: after, promptShown,
198
+ message: declined
199
+ ? 'PowerShell audit logging NOT enabled — the admin prompt was declined or elevation failed. Re-run `fullcourtdefense install-all` (or `fullcourtdefense windows-audit --enable`) and approve the prompt, or ask IT to enable it via GPO/Intune.'
200
+ : 'PowerShell audit logging could not be verified after the elevated write — the keys may be managed by Group Policy. Ask IT to enable ScriptBlock Logging + Transcription via GPO/Intune.',
201
+ };
202
+ }
203
+ catch (error) {
204
+ return {
205
+ ok: false, status: getWindowsAuditStatus(), promptShown,
206
+ message: `PowerShell audit logging NOT enabled (${error instanceof Error ? error.message : String(error)}). Re-run elevated or ask IT to enable via GPO/Intune.`,
207
+ };
208
+ }
209
+ finally {
210
+ try {
211
+ fs.unlinkSync(scriptPath);
212
+ }
213
+ catch { /* best effort */ }
214
+ try {
215
+ fs.unlinkSync(elevatePath);
216
+ }
217
+ catch { /* best effort */ }
218
+ }
219
+ }
220
+ /**
221
+ * `fullcourtdefense windows-audit` — show (default) or enable (--enable)
222
+ * Windows PowerShell audit coverage on this machine.
223
+ */
224
+ async function windowsAuditCommand(args) {
225
+ if (process.platform !== 'win32') {
226
+ console.log('PowerShell audit logging is a Windows feature — nothing to do on this OS.');
227
+ return;
228
+ }
229
+ if (args.enable === 'true') {
230
+ console.log('Enabling PowerShell audit logging (ScriptBlock Logging + Transcription)…');
231
+ console.log('\x1b[2mWindows will show an admin approval prompt (UAC). Approve it to enable machine-wide command auditing.\x1b[0m');
232
+ const result = enableWindowsAudit();
233
+ console.log(result.ok ? `\x1b[32m✓ ${result.message}\x1b[0m` : `\x1b[33m⚠ ${result.message}\x1b[0m`);
234
+ return;
235
+ }
236
+ const status = getWindowsAuditStatus();
237
+ const mark = (on) => (on ? '\x1b[32m✓ enabled\x1b[0m' : '\x1b[31m✗ disabled\x1b[0m');
238
+ console.log('\n\x1b[1mWindows PowerShell audit coverage\x1b[0m');
239
+ console.log(` ScriptBlock Logging (event 4104): ${mark(status.scriptBlockLogging)}`);
240
+ console.log(` Transcription (session recording): ${mark(status.transcription)}${status.transcriptionPath ? ` \x1b[2m→ ${status.transcriptionPath}\x1b[0m` : ''}`);
241
+ if (!status.scriptBlockLogging || !status.transcription) {
242
+ console.log('\n Enable with: \x1b[1mfullcourtdefense windows-audit --enable\x1b[0m (requires one admin approval)');
243
+ }
244
+ console.log('');
245
+ }
package/dist/index.js CHANGED
@@ -50,6 +50,7 @@ const installClaudeHook_1 = require("./commands/installClaudeHook");
50
50
  const mcpGateway_1 = require("./commands/mcpGateway");
51
51
  const installAll_1 = require("./commands/installAll");
52
52
  const autoProtect_1 = require("./commands/autoProtect");
53
+ const windowsAudit_1 = require("./commands/windowsAudit");
53
54
  const fs = __importStar(require("fs"));
54
55
  const path = __importStar(require("path"));
55
56
  function readCliVersion() {
@@ -123,6 +124,8 @@ function printHelp() {
123
124
  install available runtime hooks for built-in actions. No folder path
124
125
  or --mcp-command needed. Use --hooks false to skip runtime hooks.
125
126
  install Alias for install-all.
127
+ windows-audit Show Windows PowerShell audit coverage (ScriptBlock Logging +
128
+ Transcription). Use --enable to turn it on (one admin prompt).
126
129
  scan Runs the scan. Use --local for inside-organization scans.
127
130
  discover Finds MCP servers, local secrets, agent rules/skills, and machine
128
131
  blast radius on this laptop. Use --surface all --upload for AI Fleet.
@@ -592,10 +595,16 @@ async function main() {
592
595
  discover: flags.discover,
593
596
  autoProtect: flags['auto-protect'],
594
597
  intervalMinutes: flags['interval-minutes'],
598
+ windowsAudit: flags['windows-audit'],
595
599
  };
596
600
  await (0, installAll_1.installAllCommand)(args, config);
597
601
  break;
598
602
  }
603
+ case 'windows-audit': {
604
+ const args = { enable: flags.enable };
605
+ await (0, windowsAudit_1.windowsAuditCommand)(args);
606
+ break;
607
+ }
599
608
  case 'install-mcp-gateway': {
600
609
  await (0, mcpGateway_1.installMcpGatewayCommand)(buildInstallArgs(), config);
601
610
  break;
package/dist/telemetry.js CHANGED
@@ -42,6 +42,7 @@ const fs = __importStar(require("fs"));
42
42
  const os = __importStar(require("os"));
43
43
  const path = __importStar(require("path"));
44
44
  const machineIdentity_1 = require("./machineIdentity");
45
+ const windowsAudit_1 = require("./commands/windowsAudit");
45
46
  /**
46
47
  * Local-first telemetry: every enforcement decision is appended to an on-disk
47
48
  * spool (instant, offline-safe) and flushed to the backend in batches. Critical
@@ -125,7 +126,16 @@ async function flushSpool(input) {
125
126
  shieldId: input.shieldId,
126
127
  machineId: identity.machineId,
127
128
  heartbeat: input.heartbeat
128
- ? { agentVersion: input.agentVersion, integrityOk: input.integrityOk, coverage: 'hooks' }
129
+ ? {
130
+ agentVersion: input.agentVersion,
131
+ integrityOk: input.integrityOk,
132
+ coverage: 'hooks',
133
+ hostname: identity.hostname,
134
+ // Windows-only: current PowerShell audit coverage (ScriptBlock
135
+ // Logging + Transcription). Keeps the fleet dashboard's coverage
136
+ // fresh on every ping — undefined (omitted) on other platforms.
137
+ shellAudit: (0, windowsAudit_1.getShellAuditReport)(),
138
+ }
129
139
  : undefined,
130
140
  events: batch,
131
141
  }),
package/dist/version.json CHANGED
@@ -1,3 +1,3 @@
1
1
  {
2
- "version": "1.8.0"
2
+ "version": "1.9.0"
3
3
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fullcourtdefense-cli",
3
- "version": "1.8.0",
3
+ "version": "1.9.0",
4
4
  "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
5
  "main": "dist/index.js",
6
6
  "bin": {
@@ -16,6 +16,8 @@
16
16
  "build": "tsc && node scripts/copy-attack-corpus.js",
17
17
  "test:deterministic-guard": "npm run build && node scripts/test-deterministic-guard.js",
18
18
  "test:taint-ledger": "npm run build && node scripts/test-taint-ledger.js",
19
+ "test:shell-audit": "npm run build && node scripts/test-shell-audit.js",
20
+ "test:ping-e2e": "npm run build && node scripts/test-ping-e2e.js",
19
21
  "prepublishOnly": "npm run build"
20
22
  },
21
23
  "keywords": [