npm - nyx-audit-cli - Versions diffs - 0.2.3 → 0.2.5 - Mend

nyx-audit-cli 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,168 @@
+# nyx-audit-cli
+**Your homelab should be doing what you think it's doing. nyx proves it.**
+[npm](https://www.npmjs.com/package/nyx-audit-cli) · [GitHub](https://github.com/jpvelasco/nyx) · [Spec reference](https://github.com/jpvelasco/nyx/blob/main/docs/spec.html)
+Cross-platform CLI that audits **live network behavior** against a declared YAML intent model — VLAN isolation, VPN routing, host counts, DNS, ports, ACLs, and drift over time. Every command emits structured JSON for automation and AI agents.
+<p align="center">
+  <a href="https://github.com/jpvelasco/nyx/actions/workflows/ci.yml"><img src="https://github.com/jpvelasco/nyx/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="https://github.com/jpvelasco/nyx/releases/latest"><img src="https://img.shields.io/github/v/release/jpvelasco/nyx" alt="Release"></a>
+  <a href="https://www.npmjs.com/package/nyx-audit-cli"><img src="https://img.shields.io/npm/v/nyx-audit-cli" alt="npm"></a>
+  <a href="https://www.npmjs.com/package/nyx-audit-cli"><img src="https://img.shields.io/npm/dm/nyx-audit-cli" alt="npm downloads"></a>
+  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-blue.svg" alt="MIT License"></a>
+</p>
+## Install
+```bash
+npm install -g nyx-audit-cli
+```
+Try without a global install:
+```bash
+npx nyx-audit-cli version
+npx nyx-audit-cli doctor
+```
+Works on **macOS**, **Linux**, **Windows**, and **WSL** — `x64` and `arm64`. Postinstall downloads the matching prebuilt binary from GitHub Releases with embedded SHA-256 verification.
+## Quickstart
+```bash
+# 1. Install (above)
+# 2. Check prerequisites (nmap, interfaces, spec hints)
+nyx doctor
+# 3. Generate a starter spec from your machine's RFC1918 networks
+nyx init --output my-network.yaml
+# 4. Run a full audit against declared intent
+sudo nyx audit --spec my-network.yaml
+```
+After a clean audit, lock in a baseline from the saved snapshot (each audit writes to `~/.nyx/snapshots/`):
+```bash
+sudo nyx audit --spec my-network.yaml
+nyx snapshot list
+nyx snapshot baseline ~/.nyx/snapshots/snapshot-YYYYMMDD-HHMMSS.json
+```
+Compare later when something feels off:
+```bash
+sudo nyx audit --spec my-network.yaml && nyx drift status
+```
+## What it does
+```
+sudo nyx audit --spec homelab.yaml
+```
+One spec file. Eight assertion types. Concurrent live checks:
+1. **Subnet discovery** — host counts per VLAN (`nmap -sn`)
+2. **Isolation** — prove zones cannot reach each other
+3. **VPN routing** — split-tunnel vs full-tunnel behavior
+4. **Route checks** — gateway and path correctness
+5. **Port checks** — TCP reachability
+6. **DNS checks** — resolution and optional DNSSEC
+7. **Network health** — latency, loss, MTU
+8. **ACL checks** — Omada / OPNsense policy alignment
+Results preserve spec order, include evidence, and map to exit codes (`0` pass, `1` fail, `2` error, `3` warn).
+## Why nyx?
+| Ad-hoc checks | nyx |
+|---------------|-----|
+| Ping one host, hope VLANs are fine | Declared intent across every network |
+| "It worked yesterday" | Snapshot baseline + drift diff |
+| Tribal knowledge in your head | Versioned YAML spec in git |
+| Scattered shell one-liners | One audit, structured JSON output |
+| Manual firewall spot-checks | `acl_check` against Omada / OPNsense |
+Built for **homelab operators**, **platform engineers**, and **SREs** who run segmented networks and need proof — not vibes.
+## Assertion types
+| Type | Validates |
+|------|-----------|
+| `subnet_discovery` | Host count in a CIDR |
+| `isolation` | Zone-to-zone deny/allow |
+| `vpn_route` | Traffic uses the expected tunnel |
+| `route_check` | Route to a target exists |
+| `port_check` | TCP ports open/closed |
+| `dns_check` | Resolution (+ optional DNSSEC) |
+| `network_health` | Latency, loss, MTU |
+| `acl_check` | Controller policy enforcement |
+Remote probes: set `runner:` on assertions to execute checks over SSH from another VLAN.
+## Vendor integrations
+| Provider | Commands | What you get |
+|----------|----------|--------------|
+| **Omada SDN** | `nyx omada info \| import \| check` | Import networks/policies into a spec |
+| **OPNsense** | `nyx opnsense info \| import \| check` | API-driven spec from live firewall |
+## AI agent integration (MCP)
+Built-in [Model Context Protocol](https://modelcontextprotocol.io/) server — audit, discover, route-check, and drift tools for Claude Code, Cursor, and other MCP clients.
+**Claude Code:**
+```bash
+claude mcp add nyx -- npx -y nyx-audit-cli mcp serve --transport stdio
+```
+**Claude Desktop / Cursor:**
+```json
+{
+  "mcpServers": {
+    "nyx": {
+      "command": "npx",
+      "args": ["-y", "nyx-audit-cli", "mcp", "serve", "--transport", "stdio"]
+    }
+  }
+}
+```
+## Prerequisites
+- **nmap** — required for discovery (`nyx doctor` prints the install command for your OS)
+- **sudo** — needed for some subnet scans on Linux/macOS
+## Commands
+| Command | Purpose |
+|---------|---------|
+| `audit` | Run all assertions from a YAML spec |
+| `init` | Auto-detect networks and generate a starter spec |
+| `doctor` | Environment and spec validation |
+| `discover` | nmap host discovery for a subnet |
+| `check-vpn` | Split-tunnel vs full-tunnel check |
+| `drift status` | Compare latest audit to baseline |
+| `snapshot baseline` | Lock in a known-good audit |
+| `mcp serve` | Start MCP stdio server |
+| `omada` / `opnsense` | Vendor import and check |
+Global flags: `--json`, `--spec`, `--verbose`, `--timeout`.
+## Documentation
+- **Spec reference:** [docs/spec.html](https://github.com/jpvelasco/nyx/blob/main/docs/spec.html)
+- **Walkthrough:** [docs/walkthrough.md](https://github.com/jpvelasco/nyx/blob/main/docs/walkthrough.md)
+- **Repository:** [github.com/jpvelasco/nyx](https://github.com/jpvelasco/nyx)
+## License
+MIT — see [LICENSE](https://github.com/jpvelasco/nyx/blob/main/LICENSE).
+nyx is independent tooling — not affiliated with TP-Link/Omada, OPNsense, or the nmap project.

package/install.js CHANGED Viewed

@@ -1,5 +1,5 @@
-// nosemgrep: all — npm install shim, not application code
 #!/usr/bin/env node
+// nosemgrep: all — npm install shim, not application code
 "use strict";
 const fs = require("fs");

package/package.json CHANGED Viewed

@@ -1,12 +1,16 @@
 {
   "name": "nyx-audit-cli",
-  "version": "0.2.3",
-  "description": "Network audit CLI for validating private networks against intended behavior",
+  "version": "0.2.5",
+  "description": "Prove your homelab matches your intent — YAML network specs, live VLAN/VPN audits, drift detection, Omada/OPNsense import. Cross-platform CLI with MCP for AI agents.",
   "license": "MIT",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/jpvelasco/nyx.git"
   },
+  "bugs": {
+    "url": "https://github.com/jpvelasco/nyx/issues"
+  },
+  "homepage": "https://github.com/jpvelasco/nyx#readme",
   "bin": {
     "nyx": "run.js"
   },
@@ -24,25 +28,51 @@
   ],
   "keywords": [
     "network",
-    "audit",
-    "nmap",
-    "vpn",
-    "vlan",
+    "network-audit",
+    "network-security",
+    "network-monitoring",
+    "network-validation",
     "homelab",
+    "homelab-network",
+    "vlan",
+    "vpn",
+    "wireguard",
+    "firewall",
+    "segmentation",
+    "zero-trust",
+    "routing",
+    "dns",
+    "nmap",
+    "infrastructure",
+    "intent",
+    "yaml",
+    "audit",
+    "compliance",
+    "drift-detection",
+    "devops",
+    "sre",
+    "opnsense",
+    "omada",
+    "tp-link",
+    "sdn",
     "mcp",
-    "cli"
+    "model-context-protocol",
+    "ai-agent",
+    "cli",
+    "port-scan"
   ],
   "files": [
+    "README.md",
     "install.js",
     "run.js",
     "bin/"
   ],
   "binaryChecksums": {
-    "nyx_0.2.3_darwin_amd64.tar.gz": "3169389cf4679b9b1e40ca288540f67b428e52cb0ed9bf36654cfec68db4544a",
-    "nyx_0.2.3_darwin_arm64.tar.gz": "e901ed1099178abc90284ba46a9c58eff6016513978cf74dc8cad9c476d19286",
-    "nyx_0.2.3_linux_amd64.tar.gz": "f0996d9e926f29c77744be5bee77d16bddf5ed528511cff72bf6d23375ff9aac",
-    "nyx_0.2.3_linux_arm64.tar.gz": "a8f1db96aaa8c03dfff41f45ab08c9cb278ed589a3fa559a4e980890a089683b",
-    "nyx_0.2.3_windows_amd64.zip": "153bc2bc157c377d4031948d3ff7edb6c0a2fa036ae1cbe7f5529d2e3459f0f4",
-    "nyx_0.2.3_windows_arm64.zip": "625291d4c02e8d4f32684b721fac19cca75206075c2a865709a96b33e0c3ab11"
+    "nyx_0.2.5_darwin_amd64.tar.gz": "cb744fbb93bef215b2561d3ac0ce3a88343d2702ff61b57864b916a6a9f2ad5c",
+    "nyx_0.2.5_darwin_arm64.tar.gz": "8263e2d26f688c7f1bcebfccbb02f1ec1606c2e3a3c39aa68222cb45f09bce44",
+    "nyx_0.2.5_linux_amd64.tar.gz": "517fbec4837ba6dbf316c19e181afcd7377d35c9b67b865a97dc01fa0cfc87bd",
+    "nyx_0.2.5_linux_arm64.tar.gz": "e4563604aeba49ba4d0457dbf2c57a51a6a62dd616283cb367e7cb26d3902eee",
+    "nyx_0.2.5_windows_amd64.zip": "78192a7765f3e3f138cda933940112c65e6b674f571c497d5292e5242c667ed0",
+    "nyx_0.2.5_windows_arm64.zip": "8b8bdcf6b8e02a927ece6314d4ee2b8e94cb4548acba5787e8046caec6bd7632"
   }
 }

package/run.js CHANGED Viewed

@@ -1,5 +1,5 @@
-// nosemgrep: all — npm run shim, not application code
 #!/usr/bin/env node
+// nosemgrep: all — npm run shim, not application code
 "use strict";
 const path = require("path");