gadriel 0.10.3 → 0.10.4

package/README.md

@@ -5,8 +5,12 @@ SAST, SCA, secret, config, container, and API scans over your codebase and
 integrates with AI coding agents (Claude Code, Cursor, Copilot) via git hooks
 and an MCP server.
 
-> Platform support: this release ships a prebuilt **Linux x64 (glibc)** binary.
-> Other platforms are not yet published.
+> **Beta program:** This release is part of the Gadriel developer beta.
+> Sign up at [https://app.gadriel.ai/developers/](https://app.gadriel.ai/developers/)
+> to get your CLI token.
+
+> **Platform support:** Linux x64 (glibc). macOS and Windows platform packages
+> will follow in the next release.
 
 ## Install
 
@@ -17,61 +21,98 @@ gadriel --version
 
 The `gadriel` package is a thin launcher; the actual binary is delivered by the
 platform package `@gadriel/cli-linux-x64`, selected automatically at install
-time via npm `optionalDependencies` (matched on `os` + `cpu`).
+time via npm `optionalDependencies`.
 
 ## Quick start
 
 ```bash
-# 1. Authenticate (one-time; uses the Gadriel portal)
+# 1. Authenticate — paste a token from https://app.gadriel.ai/developers/tokens
 gadriel auth login
 
-# 2. Scaffold code-security in your repo
-#    Creates .security/, git hooks, MCP server config, and CLAUDE.md.
+# 2. Sync the vulnerability database (one-time, ~500 MB, enables CVE detection)
+gadriel code policies --osv
+
+# 3. Scaffold code-security in your repo
+#    Creates .security/, git hooks, MCP server config, and CLAUDE.md
 gadriel code init
 
-# 3. Scan the current repo
-gadriel code scan
+# 4. Scan the current repo
+gadriel code scan .
 
-# 4. Read findings
-gadriel code findings
+# 5. Open the HTML report
+open .security/reports/index.html
 ```
 
-`gadriel code init` bundles the GVL rule corpus inside the binary, so scans work
-offline with no extra download. Add `--offline` to skip the OSV CVE sync.
+> **New in 0.10.3:** When the OSV database is absent, `gadriel code scan`
+> now prompts you to sync it inline rather than silently running in degraded
+> mode. The CLI also shows a clear recovery message when no token is found.
+
+## Getting started (full guide)
+
+Full onboarding guide: [docs/beta/getting-started.md](https://github.com/Gadriel-ai/preflight/blob/main/docs/beta/getting-started.md)
 
 ## Code-security commands
 
 | Command | What it does |
 |---|---|
+| `gadriel auth login` | Authenticate with your portal token |
+| `gadriel auth status` | Show current token name, expiry, and scopes |
 | `gadriel code init` | Scaffold `.security/`, git hooks, MCP server, `CLAUDE.md` |
 | `gadriel code scan` | Run SAST + SCA + secrets + config + container + API scans |
+| `gadriel code policies --osv` | Sync the OSV CVE vulnerability database (required once) |
 | `gadriel code watch` | Watch files and scan on save (Layer-1 fast path) |
 | `gadriel code findings` | Read findings from `.security/findings.json` |
 | `gadriel code fix <id>` | Confirm, dismiss, or hand a finding to an AI agent |
 | `gadriel code sbom` | Export an SBOM (SPDX 2.3 + CycloneDX 1.4) |
 | `gadriel code report` | Per-framework compliance reports + static HTML bundle |
 | `gadriel code dashboard` | Local web dashboard (binds `127.0.0.1`) |
-| `gadriel code mcp` | Start the MCP server (JSON-RPC 2.0 over stdio) |
+| `gadriel code mcp` | Start the MCP server for Claude Code / IDE integrations |
+
+Output formats: `--format table|json|html|ocsf`.
+
+## Scan flags
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `--fail-on <severity>` | `none` | Exit non-zero on findings at or above level (`low`, `medium`, `high`, `critical`) |
+| `--format <fmt>` | `table` | Terminal summary format |
+| `--no-html` | false | Skip HTML report (faster in CI) |
+| `--no-osv` | false | Skip CVE detection entirely |
+| `--offline` | false | No network calls at all |
+| `--staged` | false | Scan only git-staged files (pre-commit) |
+| `--git-history` | false | Deep sweep of all git commits (Layer-4) |
+
+## Claude Code integration
 
-Output formats: `--format table|json|sarif|junit|csv|html|ocsf`.
+After `gadriel code init`, open Claude Code in your project directory:
+
+```bash
+claude
+```
+
+Slash commands available:
+
+| Command | What it does |
+|---------|-------------|
+| `/gadriel-scan` | Full scan of the repo |
+| `/gadriel-scan src/auth` | Scan a specific path |
+| `/gadriel-fix CODE-W1-L1-001` | AI-assisted fix for a finding |
+| `/gadriel-reports` | Generate compliance PDFs (EU AI Act, NIST, OWASP…) |
 
 ## Exit codes
 
 | Code | Meaning |
-|---|---|
+|------|---------|
 | `0` | Clean — no gate tripped |
-| `1` | Security gate tripped (`--fail-on <severity>` threshold breached) |
+| `1` | Security gate tripped (`--fail-on` threshold breached) |
 | `2` | Tooling error / crash |
-| `7` | License check failed |
-
-Git hooks branch on these: `0` passes, `1` blocks, anything else warns and
-lets the commit through. Set `GADRIEL_SKIP=1` to bypass.
+| `7` | Auth required — run `gadriel auth login` |
 
 ## Documentation
 
-See https://gadriel.ai for full documentation, scenario catalogs, and the
-compliance-framework mappings (EU AI Act, NIST AI RMF, SOC 2, HIPAA, PCI-DSS,
-OWASP LLM Top 10).
+- Getting started: https://app.gadriel.ai/developers/
+- Full docs: https://gadriel.ai
+- Issues: https://github.com/Gadriel-ai/preflight/issues
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gadriel",
-  "version": "0.10.3",
+  "version": "0.10.4",
   "description": "Gadriel - Code-security CLI for AI-assisted development",
   "keywords": [
     "security",
@@ -35,10 +35,10 @@
     "node": ">=16"
   },
   "optionalDependencies": {
-    "@gadriel/cli-linux-x64": "0.10.3",
-    "@gadriel/cli-linux-arm64": "0.10.3",
-    "@gadriel/cli-darwin-x64": "0.10.3",
-    "@gadriel/cli-darwin-arm64": "0.10.3",
-    "@gadriel/cli-win32-x64": "0.10.3"
+    "@gadriel/cli-linux-x64": "0.10.4",
+    "@gadriel/cli-linux-arm64": "0.10.4",
+    "@gadriel/cli-darwin-x64": "0.10.4",
+    "@gadriel/cli-darwin-arm64": "0.10.4",
+    "@gadriel/cli-win32-x64": "0.10.4"
   }
 }