mpx-scan 1.3.0 → 1.3.1

package/README.md

@@ -1,26 +1,25 @@
 # mpx-scan 🔍
 
-**Professional website security scanner for developers and AI agents**
+**Professional website security scanner for developers and AI agents.**
 
 Check your site's security headers, SSL/TLS configuration, DNS settings, and get actionable fix suggestions — all from your terminal.
 
 Part of the [Mesaplex](https://mesaplex.com) developer toolchain.
 
 [![npm version](https://img.shields.io/npm/v/mpx-scan.svg)](https://www.npmjs.com/package/mpx-scan)
-[![License](https://img.shields.io/badge/license-Dual-blue.svg)](LICENSE)
+[![License: Dual](https://img.shields.io/badge/license-Dual-blue.svg)](LICENSE)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
 
-## ✨ Features
+## Features
 
 - **Zero-config security scanning** — just point it at a URL
 - **Beautiful terminal output** with color-coded results
 - **Structured JSON output** — `--json` for CI/CD and AI agent consumption
-- **MCP server** — integrates with any MCP-compatible AI agent (Claude, GPT, Cursor, etc.)
+- **MCP server** — integrates with any MCP-compatible AI agent (Claude, Cursor, Windsurf, etc.)
 - **Actionable fix suggestions** — copy-paste config for nginx, Apache, Caddy, Cloudflare
 - **Batch scanning** — pipe URLs from stdin
 - **Self-documenting** — `--schema` returns machine-readable tool description
-- **Fast** — scans complete in seconds
 - **Zero native dependencies** — installs cleanly everywhere
-- **CI/CD ready** — predictable exit codes and JSON output
 
 ### Security Checks
 
@@ -30,23 +29,42 @@ Part of the [Mesaplex](https://mesaplex.com) developer toolchain.
 - ✅ Server information leakage
 - ✅ CORS misconfiguration
 - ✅ Mixed content detection
-- ✅ DNS security (DNSSEC, CAA records) — *Pro only*
-- ✅ Subresource Integrity (SRI) — *Pro only*
-- ✅ Open redirect detection — *Pro only*
-- ✅ Exposed sensitive files — *Pro only*
+- ✅ DNS security (DNSSEC, CAA records) — *Pro*
+- ✅ Subresource Integrity (SRI) — *Pro*
+- ✅ Open redirect detection — *Pro*
+- ✅ Exposed sensitive files — *Pro*
 
-## 🚀 Quick Start
+## Installation
+
+```bash
+npm install -g mpx-scan
+```
+
+Or run directly with npx:
 
 ```bash
-# Run once without installing
 npx mpx-scan https://example.com
+```
 
-# Or install globally
-npm install -g mpx-scan
+**Requirements:** Node.js 18+ · No native dependencies · macOS, Linux, Windows
+
+## Quick Start
+
+```bash
+# Basic scan
 mpx-scan https://example.com
+
+# JSON output
+mpx-scan https://example.com --json
+
+# Fix suggestions for nginx
+mpx-scan https://example.com --fix nginx
+
+# Deep scan (Pro)
+mpx-scan https://example.com --full
 ```
 
-## 📖 Usage
+## Usage
 
 ### Basic Scan
 
@@ -65,7 +83,7 @@ Returns structured JSON to stdout (progress/status goes to stderr):
 ```json
 {
   "mpxScan": {
-    "version": "1.1.0",
+    "version": "1.3.0",
     "scannedAt": "2026-02-16T22:00:00.000Z",
     "scanDuration": 350
   },
@@ -90,7 +108,7 @@ Returns structured JSON to stdout (progress/status goes to stderr):
 }
 ```
 
-### Get Fix Suggestions
+### Fix Suggestions
 
 ```bash
 mpx-scan https://example.com --fix nginx
@@ -99,18 +117,27 @@ mpx-scan https://example.com --fix caddy
 mpx-scan https://example.com --fix cloudflare
 ```
 
-### Deep Scan (Pro)
+### Brief Output
 
 ```bash
-mpx-scan https://example.com --full
+mpx-scan https://example.com --brief
 ```
 
-### Brief Output
+### PDF Export
 
 ```bash
-mpx-scan https://example.com --brief
+# Generate PDF report (auto-named)
+mpx-scan https://example.com --pdf
+
+# Specify output filename
+mpx-scan https://example.com --pdf report.pdf
+
+# Combine with JSON output
+mpx-scan https://example.com --json --pdf report.pdf
 ```
 
+Generates a professional PDF report with color-coded findings, severity grades, and actionable recommendations.
+
 ### Batch Scanning
 
 ```bash
@@ -127,7 +154,38 @@ mpx-scan --schema
 
 Returns a JSON schema describing all commands, flags, inputs, and outputs — designed for AI agent tool discovery.
 
-## 🤖 AI Agent Usage
+### CLI Reference
+
+```
+Usage: mpx-scan [url] [options]
+
+Arguments:
+  url                      URL to scan
+
+Options:
+  -V, --version            Output version number
+  --json                   Output as structured JSON
+  --full                   Run all checks (Pro only)
+  --brief                  Brief one-line output
+  --quiet, -q              Minimal output (no banners)
+  --no-color               Disable ANSI color codes
+  --batch                  Read URLs from stdin (one per line)
+  --schema                 Output JSON schema for tool discovery
+  --pdf [filename]         Export results as a PDF report
+  --fix <platform>         Generate fix config (nginx, apache, caddy, cloudflare)
+  --timeout <seconds>      Connection timeout (default: 10)
+  --ci                     CI mode: exit 1 if below --min-score
+  --min-score <score>      Minimum score for CI mode (default: 70)
+  -h, --help               Display help
+
+Commands:
+  license                  Show license status
+  activate <key>           Activate Pro license
+  deactivate               Return to free tier
+  mcp                      Start MCP stdio server
+```
+
+## AI Agent Usage
 
 mpx-scan is designed to be used by AI agents as well as humans.
 
@@ -151,36 +209,16 @@ The MCP server exposes these tools:
 - **`generate_fixes`** — Scan and generate platform-specific fix config
 - **`get_schema`** — Get full tool schema
 
-### Programmatic Usage
-
-```bash
-# JSON output for parsing
-mpx-scan https://example.com --json
-
-# Batch processing
-cat urls.txt | mpx-scan --batch --json
-
-# Schema discovery
-mpx-scan --schema
-
-# Quiet mode (no banners, progress goes to stderr)
-mpx-scan https://example.com --json --quiet
-```
-
 ### Exit Codes
 
 | Code | Meaning |
 |------|---------|
-| 0 | Scan complete, no security issues found |
-| 1 | Scan complete, security issues found |
-| 2 | Invalid arguments |
-| 3 | Configuration error (license, rate limit) |
-| 4 | Network/connectivity error |
+| 0 | Success, no issues found |
+| 1 | Issues found or error |
+| 2 | Invalid usage or bad arguments |
 
 ### Error Responses (JSON mode)
 
-When `--json` is used, errors return structured JSON:
-
 ```json
 {
   "error": "Description of what went wrong",
@@ -193,14 +231,11 @@ Error codes: `ERR_NETWORK`, `ERR_SCAN`, `ERR_RATE_LIMIT`, `ERR_PRO_REQUIRED`, `E
 ### Automation Tips
 
 - Use `--json` for machine-parseable output (stdout only, no ANSI)
-- Use `--no-color` to strip ANSI codes from human-readable output
 - Use `--quiet` to suppress banners and progress info
-- Pipe `--batch --json` for JSONL (one result per line) processing
+- Use `--batch --json` for JSONL processing
 - Check exit codes for pass/fail decisions in CI/CD
 
-## 🎯 Use Cases
-
-### CI/CD Integration
+## CI/CD Integration
 
 ```yaml
 # .github/workflows/security.yml
@@ -213,38 +248,25 @@ jobs:
       - run: npx mpx-scan https://mysite.com --ci --min-score 70 --json
 ```
 
-### Monitoring Script
-
-```bash
-#!/bin/bash
-for site in site1.com site2.com site3.com; do
-  result=$(npx mpx-scan "$site" --json 2>/dev/null)
-  grade=$(echo "$result" | jq -r '.score.grade')
-  echo "$site: $grade"
-done
-```
-
-## 📊 Free vs Pro
+## Free vs Pro
 
 | Feature | Free | Pro |
 |---------|------|-----|
-| **Daily scans** | 3 | Unlimited |
-| **Security headers** | ✅ | ✅ |
-| **SSL/TLS checks** | ✅ | ✅ |
-| **Server info checks** | ✅ | ✅ |
-| **JSON output** | ✅ | ✅ |
-| **Batch scanning** | ✅ | ✅ |
-| **MCP server** | ✅ | ✅ |
-| **DNS security** | ❌ | ✅ |
-| **Cookie security** | ❌ | ✅ |
-| **SRI checks** | ❌ | ✅ |
-| **Exposed files** | ❌ | ✅ |
-| **Mixed content** | ❌ | ✅ |
-| **Full scan (--full)** | ❌ | ✅ |
-
-**Upgrade to Pro:** [https://mesaplex.com/mpx-scan](https://mesaplex.com/mpx-scan)
-
-## 🔐 License Management
+| Daily scans | 3 | Unlimited |
+| Security headers | ✅ | ✅ |
+| SSL/TLS checks | ✅ | ✅ |
+| Server info checks | ✅ | ✅ |
+| JSON output | ✅ | ✅ |
+| Batch scanning | ✅ | ✅ |
+| MCP server | ✅ | ✅ |
+| DNS security | ❌ | ✅ |
+| Cookie security | ❌ | ✅ |
+| SRI checks | ❌ | ✅ |
+| Exposed files | ❌ | ✅ |
+| Mixed content | ❌ | ✅ |
+| Full scan (`--full`) | ❌ | ✅ |
+
+### License Management
 
 ```bash
 mpx-scan license                         # Check status
@@ -252,83 +274,24 @@ mpx-scan activate MPX-PRO-XXXXXXXX      # Activate Pro
 mpx-scan deactivate                      # Return to free tier
 ```
 
-## 🛠️ CLI Reference
-
-```
-Usage: mpx-scan [url] [options]
-
-Arguments:
-  url                      URL to scan
-
-Options:
-  -V, --version            Output version number
-  --json                   Output as structured JSON
-  --full                   Run all checks (Pro only)
-  --brief                  Brief one-line output
-  --quiet, -q              Minimal output (no banners)
-  --no-color               Disable ANSI color codes
-  --batch                  Read URLs from stdin (one per line)
-  --schema                 Output JSON schema for tool discovery
-  --fix <platform>         Generate fix config (nginx, apache, caddy, cloudflare)
-  --timeout <seconds>      Connection timeout (default: 10)
-  --ci                     CI mode: exit 1 if below --min-score
-  --min-score <score>      Minimum score for CI mode (default: 70)
-  -h, --help               Display help
-
-Commands:
-  license                  Show license status
-  activate <key>           Activate Pro license
-  deactivate               Return to free tier
-  mcp                      Start MCP stdio server
-```
-
-## 📦 Installation
-
-```bash
-# Global
-npm install -g mpx-scan
-
-# Project dependency
-npm install --save-dev mpx-scan
-
-# One-off with npx
-npx mpx-scan https://example.com
-```
-
-### Requirements
-
-- Node.js 18.0.0 or higher
-- No native dependencies
-- Works on macOS, Linux, Windows
-
-## 🧪 Testing
-
-```bash
-npm test
-```
-
-## 🤝 Contributing
-
-Security improvements and bug fixes are welcome!
-
-## 📄 License
+**Upgrade to Pro:** [https://mesaplex.com/mpx-scan](https://mesaplex.com/mpx-scan)
 
-Dual License: Free tier for personal use, Pro license for commercial use and advanced features.
+## License
 
-See [LICENSE](LICENSE) for full terms.
+Dual License — Free tier for personal use, Pro license for commercial use and advanced features. See [LICENSE](LICENSE) for full terms.
 
-## 🔗 Links
+## Links
 
-- **Website:** [https://mesaplex.com/mpx-scan](https://mesaplex.com/mpx-scan)
+- **Website:** [https://mesaplex.com](https://mesaplex.com)
 - **npm:** [https://www.npmjs.com/package/mpx-scan](https://www.npmjs.com/package/mpx-scan)
 - **GitHub:** [https://github.com/mesaplexdev/mpx-scan](https://github.com/mesaplexdev/mpx-scan)
 - **Support:** support@mesaplex.com
 
-## 📚 Related Tools
+### Related Tools
 
-- **mpx-scan** — Security scanner (you are here)
-- **[mpx-api](https://www.npmjs.com/package/mpx-api)** — API testing toolkit
-- **[mpx-db](https://www.npmjs.com/package/mpx-db)** — Database toolkit
+- **[mpx-api](https://www.npmjs.com/package/mpx-api)** — API testing, mocking, and documentation
+- **[mpx-db](https://www.npmjs.com/package/mpx-db)** — Database management CLI
+- **[mpx-secrets-audit](https://www.npmjs.com/package/mpx-secrets-audit)** — Secret lifecycle tracking and audit
 
 ---
 

package/bin/cli.js

@@ -12,6 +12,7 @@ const chalk = require('chalk');
 const { scan } = require('../src/index');
 const { formatReport, formatBrief } = require('../src/reporters/terminal');
 const { formatJSON } = require('../src/reporters/json');
+const { generatePDF, getDefaultPDFFilename } = require('../src/reporters/pdf');
 const { generateFixes, PLATFORMS } = require('../src/generators/fixes');
 const { getSchema } = require('../src/schema');
 const { 
@@ -25,13 +26,13 @@ const {
 
 const pkg = require('../package.json');
 
-// Exit codes per AI-native spec
+// Exit codes
 const EXIT = {
   SUCCESS: 0,           // Success, no issues found
-  ISSUES_FOUND: 1,      // Success, issues found
-  BAD_ARGS: 2,          // Invalid arguments
-  CONFIG_ERROR: 3,      // Configuration error
-  NETWORK_ERROR: 4      // Network/connectivity error
+  ISSUES_FOUND: 1,      // Issues found or error occurred
+  BAD_ARGS: 2,          // Invalid arguments / bad usage
+  CONFIG_ERROR: 1,      // Configuration error
+  NETWORK_ERROR: 1      // Network/connectivity error
 };
 
 // Auto-detect non-interactive mode
@@ -39,6 +40,12 @@ const isInteractive = process.stdout.isTTY && !process.env.CI;
 
 const program = new Command();
 
+// Error handling — set before any command/option registration
+program.exitOverride();
+program.configureOutput({
+  writeErr: () => {} // Suppress Commander's own error output; we handle it in the catch below
+});
+
 program
   .name('mpx-scan')
   .description('Professional website security scanner — check headers, SSL, DNS, and more')
@@ -52,6 +59,7 @@ program
   .option('--batch', 'Batch mode: read URLs from stdin (one per line)')
   .option('--schema', 'Output JSON schema describing all commands and flags')
   .option('--fix <platform>', `Generate fix config for platform (${PLATFORMS.join(', ')})`)
+  .option('--pdf [filename]', 'Export results as a PDF report')
   .option('--timeout <seconds>', 'Connection timeout', '10')
   .option('--ci', 'CI/CD mode: exit 1 if score below threshold')
   .option('--min-score <score>', 'Minimum score for CI mode', '70')
@@ -71,7 +79,8 @@ program
 
     // Show help if no URL provided
     if (!url) {
-      program.help();
+      program.outputHelp();
+      process.exit(EXIT.BAD_ARGS);
       return;
     }
     
@@ -95,7 +104,7 @@ async function runSingleScan(url, options) {
         if (jsonMode) {
           console.log(JSON.stringify({ error: `Invalid platform: "${options.fix}". Valid platforms: ${PLATFORMS.join(', ')}`, code: 'ERR_BAD_ARGS' }, null, 2));
         } else {
-          console.error(chalk.red.bold(`\n❌ Invalid platform: "${options.fix}"`));
+          console.error(chalk.red(`Error: Invalid platform: "${options.fix}"`));
           console.error(chalk.yellow(`Valid platforms: ${PLATFORMS.join(', ')}`));
           console.error('');
         }
@@ -109,7 +118,7 @@ async function runSingleScan(url, options) {
       if (jsonMode) {
         console.log(JSON.stringify({ error: 'Invalid --timeout value. Must be a non-negative number.', code: 'ERR_BAD_ARGS' }, null, 2));
       } else {
-        console.error(chalk.red.bold('\n❌ Invalid --timeout value. Must be a non-negative number.'));
+        console.error(chalk.red('Error: Invalid --timeout value. Must be a non-negative number.'));
       }
       return EXIT.BAD_ARGS;
     }
@@ -129,7 +138,7 @@ async function runSingleScan(url, options) {
           upgrade: 'https://mesaplex.com/mpx-scan'
         }, null, 2));
       } else {
-        console.error(chalk.red.bold('\n❌ Daily scan limit reached'));
+        console.error(chalk.red('Error: Daily scan limit reached'));
         console.error(chalk.yellow(`Free tier: ${FREE_DAILY_LIMIT} scans/day`));
         console.error(chalk.gray(`Resets: ${new Date(rateLimit.resetsAt).toLocaleString()}\n`));
         console.error(chalk.blue('Upgrade to Pro for unlimited scans:'));
@@ -147,7 +156,7 @@ async function runSingleScan(url, options) {
           upgrade: 'https://mesaplex.com/mpx-scan'
         }, null, 2));
       } else {
-        console.error(chalk.red.bold('\n❌ --full flag requires Pro license'));
+        console.error(chalk.red('Error: --full flag requires Pro license'));
         console.error(chalk.yellow('Free tier includes: headers, SSL, server checks'));
         console.error(chalk.yellow('Pro includes: all checks (DNS, cookies, SRI, exposed files, etc.)\n'));
         console.error(chalk.blue('Upgrade: https://mesaplex.com/mpx-scan\n'));
@@ -184,6 +193,25 @@ async function runSingleScan(url, options) {
       console.log(formatReport(results, { ...options, quiet: quietMode }));
     }
     
+    // Generate PDF if requested
+    if (options.pdf !== undefined) {
+      const pdfPath = (typeof options.pdf === 'string' && options.pdf)
+        ? options.pdf
+        : getDefaultPDFFilename(results.hostname);
+      try {
+        await generatePDF(results, pdfPath);
+        if (!jsonMode && !options.brief) {
+          console.error(chalk.green(`📄 PDF report saved: ${pdfPath}`));
+        }
+      } catch (pdfErr) {
+        if (jsonMode) {
+          console.error(JSON.stringify({ warning: `PDF generation failed: ${pdfErr.message}` }));
+        } else {
+          console.error(chalk.yellow(`Warning: PDF generation failed: ${pdfErr.message}`));
+        }
+      }
+    }
+
     // Check if core scanners errored with network issues (DNS failure, connection refused, etc.)
     const coreScanners = ['headers', 'ssl'];
     const coreErrored = coreScanners.every(name => {
@@ -203,7 +231,7 @@ async function runSingleScan(url, options) {
         if (jsonMode) {
           console.log(JSON.stringify({ error: 'Invalid --min-score value', code: 'ERR_BAD_ARGS' }, null, 2));
         } else {
-          console.error(chalk.red.bold('\n❌ Invalid --min-score value. Must be a number.'));
+          console.error(chalk.red('Error: Invalid --min-score value. Must be a number.'));
         }
         return EXIT.BAD_ARGS;
       }
@@ -228,7 +256,7 @@ async function runSingleScan(url, options) {
       const code = isNetworkError(err) ? 'ERR_NETWORK' : 'ERR_SCAN';
       console.log(JSON.stringify({ error: err.message, code }, null, 2));
     } else {
-      console.error(chalk.red.bold('\n❌ Error:'), err.message);
+      console.error(chalk.red('Error:'), err.message);
       console.error('');
     }
     return isNetworkError(err) ? EXIT.NETWORK_ERROR : EXIT.ISSUES_FOUND;
@@ -244,7 +272,7 @@ async function runBatchMode(options) {
     if (jsonMode) {
       console.log(JSON.stringify({ error: 'No URLs provided on stdin', code: 'ERR_NO_INPUT' }, null, 2));
     } else {
-      console.error(chalk.red('No URLs provided. Pipe URLs via stdin:'));
+      console.error(chalk.red('Error: No URLs provided. Pipe URLs via stdin:'));
       console.error(chalk.gray('  cat urls.txt | mpx-scan --batch --json'));
     }
     process.exit(EXIT.BAD_ARGS);
@@ -257,7 +285,7 @@ async function runBatchMode(options) {
     if (jsonMode) {
       console.log(JSON.stringify({ error: 'No valid URLs found in input', code: 'ERR_NO_INPUT' }, null, 2));
     } else {
-      console.error(chalk.red('No valid URLs found in input.'));
+      console.error(chalk.red('Error: No valid URLs found in input.'));
     }
     process.exit(EXIT.BAD_ARGS);
     return;
@@ -391,7 +419,7 @@ program
       console.log(chalk.gray('  • Batch scanning'));
       console.log('');
     } catch (err) {
-      console.error(chalk.red.bold('\n❌ Activation failed:'), err.message);
+      console.error(chalk.red('Error:'), err.message);
       console.error('');
       process.exit(EXIT.CONFIG_ERROR);
     }
@@ -474,7 +502,7 @@ program
       if (jsonMode) {
         console.log(JSON.stringify({ error: err.message, code: 'ERR_UPDATE' }, null, 2));
       } else {
-        console.error(chalk.red.bold('\n❌ Update check failed:'), err.message);
+        console.error(chalk.red('Error:'), err.message);
         console.error('');
       }
       process.exit(EXIT.NETWORK_ERROR);
@@ -503,6 +531,8 @@ ${chalk.bold('Examples:')}
   ${chalk.cyan('mpx-scan example.com --json')}            JSON output
   ${chalk.cyan('mpx-scan example.com --fix nginx')}       Generate nginx config
   ${chalk.cyan('mpx-scan example.com --brief')}           One-line summary
+  ${chalk.cyan('mpx-scan example.com --pdf')}             Export PDF report
+  ${chalk.cyan('mpx-scan example.com --pdf report.pdf')}  Export PDF to specific file
   ${chalk.cyan('mpx-scan --schema')}                      Show tool schema (JSON)
   ${chalk.cyan('cat urls.txt | mpx-scan --batch --json')} Batch scan from stdin
   ${chalk.cyan('mpx-scan mcp')}                           Start MCP server
@@ -510,10 +540,8 @@ ${chalk.bold('Examples:')}
 
 ${chalk.bold('Exit Codes:')}
   0  Success, no issues found
-  1  Success, issues found
-  2  Invalid arguments
-  3  Configuration error (license, rate limit)
-  4  Network/connectivity error
+  1  Error or issues found
+  2  Invalid usage or bad arguments
 
 ${chalk.bold('Free vs Pro:')}
   ${chalk.yellow('Free:')}  3 scans/day, basic checks (headers, SSL, server)
@@ -522,4 +550,15 @@ ${chalk.bold('Free vs Pro:')}
   ${chalk.blue('Upgrade: https://mesaplex.com/mpx-scan')}
 `);
 
-program.parse();
+try {
+  program.parse();
+} catch (err) {
+  if (err.code === 'commander.version') {
+    process.exit(0);
+  }
+  if (err.code !== 'commander.help' && err.code !== 'commander.helpDisplayed') {
+    const msg = err.message.startsWith('error:') ? `Error: ${err.message.slice(7)}` : `Error: ${err.message}`;
+    console.error(chalk.red(msg));
+    process.exit(EXIT.BAD_ARGS);
+  }
+}

package/package.json

@@ -1,16 +1,24 @@
 {
   "name": "mpx-scan",
-  "version": "1.3.0",
-  "description": "Professional website security scanner CLI. Check headers, SSL, cookies, DNS, and get actionable fix suggestions. Part of the Mesaplex developer toolchain.",
+  "version": "1.3.1",
+  "description": "Website security scanner CLI. Headers, SSL, cookies, and DNS auditing. AI-native with JSON output and MCP server.",
   "main": "src/index.js",
   "bin": {
     "mpx-scan": "bin/cli.js"
   },
   "scripts": {
-    "test": "node test/run.js",
-    "start": "node bin/cli.js"
+    "test": "node test/run.js"
   },
+  "funding": "https://mesaplex.com/pricing",
   "keywords": [
+    "cli",
+    "devtools",
+    "mesaplex",
+    "ai-native",
+    "mcp",
+    "model-context-protocol",
+    "automation",
+    "json-output",
     "security",
     "scanner",
     "headers",
@@ -20,16 +28,10 @@
     "owasp",
     "devops",
     "ci-cd",
-    "mesaplex",
-    "devtools",
     "security-headers",
     "ssl-check",
     "dns-security",
-    "cors",
-    "mcp",
-    "ai-native",
-    "model-context-protocol",
-    "automation"
+    "cors"
   ],
   "author": "Mesaplex <support@mesaplex.com>",
   "license": "SEE LICENSE IN LICENSE",
@@ -38,20 +40,22 @@
     "url": "git+https://github.com/mesaplexdev/mpx-scan.git"
   },
   "homepage": "https://github.com/mesaplexdev/mpx-scan#readme",
-  "bugs": "https://github.com/mesaplexdev/mpx-scan/issues",
+  "bugs": {
+    "url": "https://github.com/mesaplexdev/mpx-scan/issues"
+  },
   "engines": {
     "node": ">=18.0.0"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.26.0",
     "chalk": "^4.1.2",
-    "commander": "^12.0.0"
+    "commander": "^12.0.0",
+    "pdfkit": "^0.17.2"
   },
   "files": [
     "src/",
     "bin/",
     "README.md",
-    "LICENSE",
-    "package.json"
+    "LICENSE"
   ]
 }

package/src/index.js

@@ -52,7 +52,7 @@ function checkConnectivity(parsedUrl, timeoutMs) {
       path: parsedUrl.pathname || '/',
       method: 'HEAD',
       timeout: timeoutMs,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner' },
       rejectUnauthorized: false,
     }, (res) => {
       clearTimeout(timer);
@@ -62,7 +62,7 @@ function checkConnectivity(parsedUrl, timeoutMs) {
 
     req.on('error', (err) => {
       clearTimeout(timer);
-      if (err.code === 'ENOTFOUND' || err.code === 'ECONNREFUSED' || err.code === 'ETIMEDOUT' || err.code === 'ECONNRESET') {
+      if (err.code === 'ENOTFOUND' || err.code === 'EAI_AGAIN' || err.code === 'ECONNREFUSED' || err.code === 'ETIMEDOUT' || err.code === 'ECONNRESET') {
         reject(err);
       } else {
         resolve(); // Other errors (like SSL) are fine — host is reachable

package/src/reporters/pdf.js

@@ -0,0 +1,218 @@
+/**
+ * PDF Report Generator for mpx-scan
+ * 
+ * Generates professional security scan reports using PDFKit
+ */
+
+const PDFDocument = require('pdfkit');
+const fs = require('fs');
+const path = require('path');
+const pkg = require('../../package.json');
+
+// Color palette
+const COLORS = {
+  primary: '#1a56db',
+  dark: '#1f2937',
+  gray: '#6b7280',
+  lightGray: '#e5e7eb',
+  white: '#ffffff',
+  pass: '#16a34a',
+  warn: '#ea580c',
+  fail: '#dc2626',
+  info: '#2563eb',
+  error: '#dc2626',
+  headerBg: '#1e3a5f',
+  sectionBg: '#f3f4f6',
+};
+
+const STATUS_LABELS = {
+  pass: '✓ PASS',
+  warn: '⚠ WARNING',
+  fail: '✗ FAIL',
+  info: 'ℹ INFO',
+  error: '✗ ERROR',
+};
+
+const SECTION_NAMES = {
+  headers: 'Security Headers',
+  ssl: 'SSL/TLS',
+  cookies: 'Cookies',
+  server: 'Server Configuration',
+  exposedFiles: 'Exposed Files',
+  dns: 'DNS Security',
+  sri: 'Subresource Integrity',
+  mixedContent: 'Mixed Content',
+  redirects: 'Redirects',
+};
+
+/**
+ * Generate a PDF report from scan results
+ * @param {object} results - Scan results object
+ * @param {string} outputPath - Path to write the PDF
+ * @returns {Promise<string>} - Resolved path of the generated PDF
+ */
+function generatePDF(results, outputPath) {
+  return new Promise((resolve, reject) => {
+    try {
+      const doc = new PDFDocument({
+        size: 'A4',
+        margins: { top: 50, bottom: 50, left: 50, right: 50 },
+        info: {
+          Title: `mpx-scan Security Report — ${results.hostname}`,
+          Author: 'mpx-scan',
+          Subject: 'Website Security Scan Report',
+          Creator: `mpx-scan v${pkg.version}`,
+        },
+        bufferPages: true,
+      });
+
+      const stream = fs.createWriteStream(outputPath);
+      doc.pipe(stream);
+
+      const pageWidth = doc.page.width - doc.page.margins.left - doc.page.margins.right;
+      const now = new Date().toLocaleDateString('en-US', {
+        year: 'numeric', month: 'long', day: 'numeric', hour: '2-digit', minute: '2-digit',
+      });
+
+      // ─── Header ───
+      doc.rect(0, 0, doc.page.width, 100).fill(COLORS.headerBg);
+      doc.fontSize(22).fillColor(COLORS.white).font('Helvetica-Bold')
+        .text('mpx-scan Security Report', 50, 30);
+      doc.fontSize(10).fillColor('#a0b4cc').font('Helvetica')
+        .text(`v${pkg.version}  •  ${now}  •  ${results.url}`, 50, 60);
+
+      doc.y = 120;
+
+      // ─── Summary Box ───
+      const scorePercent = results.maxScore > 0 ? Math.round((results.score / results.maxScore) * 100) : 0;
+      const gradeColor = scorePercent >= 85 ? COLORS.pass : scorePercent >= 55 ? COLORS.warn : COLORS.fail;
+
+      doc.roundedRect(50, doc.y, pageWidth, 90, 6).fill(COLORS.sectionBg);
+      const summaryTop = doc.y + 15;
+
+      // Grade circle
+      doc.circle(100, summaryTop + 30, 28).fill(gradeColor);
+      doc.fontSize(26).fillColor(COLORS.white).font('Helvetica-Bold')
+        .text(results.grade, 100 - 18, summaryTop + 16, { width: 36, align: 'center' });
+
+      // Score text
+      doc.fontSize(16).fillColor(COLORS.dark).font('Helvetica-Bold')
+        .text(`${scorePercent}/100`, 150, summaryTop + 5);
+      doc.fontSize(10).fillColor(COLORS.gray).font('Helvetica')
+        .text(`${results.score}/${results.maxScore} points  •  ${results.scanDuration}ms scan`, 150, summaryTop + 28);
+
+      // Counts
+      const countsX = 360;
+      const counts = [
+        { label: 'Passed', count: results.summary.passed, color: COLORS.pass },
+        { label: 'Warnings', count: results.summary.warnings, color: COLORS.warn },
+        { label: 'Failed', count: results.summary.failed, color: COLORS.fail },
+        { label: 'Info', count: results.summary.info, color: COLORS.info },
+      ];
+      counts.forEach((c, i) => {
+        const cx = countsX + i * 55;
+        doc.fontSize(18).fillColor(c.color).font('Helvetica-Bold')
+          .text(String(c.count), cx, summaryTop + 5, { width: 50, align: 'center' });
+        doc.fontSize(7).fillColor(COLORS.gray).font('Helvetica')
+          .text(c.label, cx, summaryTop + 28, { width: 50, align: 'center' });
+      });
+
+      doc.y = summaryTop + 75;
+
+      // ─── Detailed Findings ───
+      for (const [sectionKey, section] of Object.entries(results.sections)) {
+        const sectionName = SECTION_NAMES[sectionKey] || sectionKey;
+        const sectionPercent = section.maxScore > 0 ? Math.round((section.score / section.maxScore) * 100) : 0;
+
+        // Check if we need a new page (need at least 100px for header + 1 check)
+        if (doc.y > doc.page.height - 150) {
+          doc.addPage();
+          doc.y = 50;
+        }
+
+        // Section header
+        doc.y += 10;
+        doc.roundedRect(50, doc.y, pageWidth, 28, 4).fill(COLORS.primary);
+        doc.fontSize(11).fillColor(COLORS.white).font('Helvetica-Bold')
+          .text(`${sectionName}`, 60, doc.y + 7);
+        doc.fontSize(9).fillColor('#c0d4f0').font('Helvetica')
+          .text(`${section.grade}  •  ${sectionPercent}%  (${section.score}/${section.maxScore})`, 60, doc.y + 7, {
+            width: pageWidth - 20, align: 'right'
+          });
+        doc.y += 35;
+
+        // Checks
+        for (const check of section.checks) {
+          if (doc.y > doc.page.height - 100) {
+            doc.addPage();
+            doc.y = 50;
+          }
+
+          const statusColor = COLORS[check.status] || COLORS.gray;
+          const statusLabel = STATUS_LABELS[check.status] || check.status.toUpperCase();
+
+          // Status badge
+          doc.fontSize(7).fillColor(statusColor).font('Helvetica-Bold')
+            .text(statusLabel, 60, doc.y);
+
+          // Check name
+          doc.fontSize(10).fillColor(COLORS.dark).font('Helvetica-Bold')
+            .text(check.name, 130, doc.y);
+          doc.y += 15;
+
+          // Message
+          if (check.message) {
+            doc.fontSize(9).fillColor(COLORS.gray).font('Helvetica')
+              .text(check.message, 130, doc.y, { width: pageWidth - 90 });
+            doc.y += doc.heightOfString(check.message, { width: pageWidth - 90, fontSize: 9 }) + 3;
+          }
+
+          // Recommendation
+          if (check.recommendation) {
+            doc.fontSize(8).fillColor(COLORS.primary).font('Helvetica-Oblique')
+              .text(`→ ${check.recommendation}`, 130, doc.y, { width: pageWidth - 90 });
+            doc.y += doc.heightOfString(`→ ${check.recommendation}`, { width: pageWidth - 90, fontSize: 8 }) + 3;
+          }
+
+          doc.y += 8;
+        }
+      }
+
+      // ─── Footer on every page ───
+      const range = doc.bufferedPageRange();
+      for (let i = range.start; i < range.start + range.count; i++) {
+        doc.switchToPage(i);
+        const footerY = doc.page.height - 35;
+        doc.fontSize(7).fillColor(COLORS.gray).font('Helvetica')
+          .text(
+            `Generated by mpx-scan v${pkg.version} on ${now}`,
+            50, footerY, { width: pageWidth, align: 'center' }
+          );
+        doc.text(
+          `Page ${i + 1} of ${range.count}`,
+          50, footerY + 12, { width: pageWidth, align: 'center' }
+        );
+      }
+
+      doc.end();
+
+      stream.on('finish', () => resolve(outputPath));
+      stream.on('error', reject);
+    } catch (err) {
+      reject(err);
+    }
+  });
+}
+
+/**
+ * Get default PDF filename for a scan
+ * @param {string} hostname - Target hostname
+ * @returns {string} Default filename
+ */
+function getDefaultPDFFilename(hostname) {
+  const date = new Date().toISOString().slice(0, 10);
+  const safeName = hostname.replace(/[^a-zA-Z0-9.-]/g, '_');
+  return `mpx-scan-report-${safeName}-${date}.pdf`;
+}
+
+module.exports = { generatePDF, getDefaultPDFFilename };

package/src/scanners/cookies.js

@@ -78,7 +78,7 @@ function fetchCookies(parsedUrl, options = {}) {
     const req = protocol.request(parsedUrl.href, {
       method: 'GET',
       timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
       rejectUnauthorized: false,
     }, (res) => {
       // Consume body

package/src/scanners/dns.js

@@ -117,8 +117,14 @@ async function scanDNS(parsedUrl, options = {}) {
   try {
     const mxRecords = await withTimeout(resolver.resolveMx(rootDomain), dnsTimeout, `MX ${rootDomain}`);
     if (mxRecords && mxRecords.length > 0) {
-      const mxList = mxRecords.sort((a, b) => a.priority - b.priority).map(r => `${r.exchange} (${r.priority})`);
-      checks.push({ name: 'MX Records', status: 'info', message: `Mail servers: ${mxList.join(', ')}`, value: mxList.join(', ') });
+      const mxList = mxRecords.sort((a, b) => a.priority - b.priority).map(r => `${r.exchange || '.'} (${r.priority})`);
+      // Null MX (RFC 7505): single record with exchange "." and priority 0 means domain does not accept mail
+      const isNullMx = mxRecords.length === 1 && (!mxRecords[0].exchange || mxRecords[0].exchange === '.') && mxRecords[0].priority === 0;
+      if (isNullMx) {
+        checks.push({ name: 'MX Records', status: 'info', message: 'Null MX — domain does not accept email', value: '. (0)' });
+      } else {
+        checks.push({ name: 'MX Records', status: 'info', message: `Mail servers: ${mxList.join(', ')}`, value: mxList.join(', ') });
+      }
     }
   } catch { /* MX is informational only */ }
 

package/src/scanners/exposed-files.js

@@ -151,7 +151,7 @@ function checkPath(parsedUrl, pathStr, options = {}) {
     const req = protocol.request(url.href, {
       method: 'GET',
       timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
       rejectUnauthorized: false,
     }, (res) => {
       let body = '';

package/src/scanners/fingerprint.js

@@ -305,7 +305,7 @@ function fetchHeaders(parsedUrl, options = {}) {
 
     const req = protocol.request(parsedUrl.href, {
       method, timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
       rejectUnauthorized: false,
     }, (res) => {
       if (method === 'GET') { res.resume(); }

package/src/scanners/headers.js

@@ -191,7 +191,7 @@ function fetchHeaders(parsedUrl, options = {}) {
       method,
       timeout,
       headers: {
-        'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)'
+        'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)'
       },
       rejectUnauthorized: false // We check SSL separately
     }, (res) => {

package/src/scanners/redirects.js

@@ -86,7 +86,7 @@ function followRedirect(testUrl, options = {}) {
     const req = protocol.request(testUrl.href, {
       method: 'GET',
       timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
       rejectUnauthorized: false,
     }, (res) => {
       res.resume(); // Consume body

package/src/scanners/server.js

@@ -88,7 +88,7 @@ function checkRedirectToHttps(httpUrl, options = {}) {
     const req = http.request(httpUrl.href, {
       method,
       timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
     }, (res) => {
       if (method === 'GET') { res.resume(); }
       if (res.statusCode >= 300 && res.statusCode < 400) {
@@ -115,7 +115,7 @@ function fetchWithOrigin(parsedUrl, options = {}) {
       method,
       timeout,
       headers: {
-        'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)',
+        'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)',
         'Origin': 'https://evil.example.com'
       },
       rejectUnauthorized: false,
@@ -141,7 +141,7 @@ function checkMethods(parsedUrl, options = {}) {
     const req = protocol.request(parsedUrl.href, {
       method: 'OPTIONS',
       timeout,
-      headers: { 'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
+      headers: { 'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)' },
       rejectUnauthorized: false,
     }, (res) => {
       const allow = res.headers.allow || '';

package/src/scanners/sri.js

@@ -125,7 +125,7 @@ function fetchBody(parsedUrl, options = {}) {
       method: 'GET',
       timeout,
       headers: { 
-        'User-Agent': 'mpx-scan/1.2.1 Security Scanner (https://github.com/mesaplexdev/mpx-scan)',
+        'User-Agent': 'mpx-scan/1.3.0 Security Scanner (https://github.com/mesaplexdev/mpx-scan)',
         'Accept': 'text/html'
       },
       rejectUnauthorized: false,

package/src/schema.js

@@ -194,6 +194,40 @@ function getSchema() {
       free: SCANNER_TIERS.free,
       pro: SCANNER_TIERS.pro
     },
+    exitCodes: {
+      0: 'Success / no issues',
+      1: 'Error or security issues found'
+    },
+    globalFlags: {
+      '--json': {
+        type: 'boolean',
+        default: false,
+        description: 'Output results as structured JSON'
+      },
+      '--quiet': {
+        type: 'boolean',
+        default: false,
+        description: 'Suppress non-essential output (no banners or progress)'
+      },
+      '--no-color': {
+        type: 'boolean',
+        default: false,
+        description: 'Disable ANSI color codes in output'
+      },
+      '--schema': {
+        type: 'boolean',
+        default: false,
+        description: 'Output this schema as JSON'
+      },
+      '--version': {
+        type: 'boolean',
+        description: 'Show version number'
+      },
+      '--help': {
+        type: 'boolean',
+        description: 'Show help information'
+      }
+    },
     mcpConfig: {
       description: 'Add to your MCP client configuration to use mpx-scan as an AI tool',
       config: {