opena2a-cli 0.5.12 → 0.6.1

package/README.md

@@ -106,7 +106,7 @@ When drift is detected, `opena2a protect` migrates the key to environment variab
 
 ### `opena2a review`
 
-Run all security checks and generate a unified HTML dashboard. This is the recommended starting point -- it combines credential scanning, config integrity, Shield posture, advisory checks, and optional HMA deep scan into a single interactive report.
+Run all security checks and generate a unified HTML dashboard. This is the recommended starting point -- it combines credential scanning, config integrity, Shield posture, shadow AI detection, advisory checks, and optional HMA deep scan into a single interactive report with 6 tabs.
 
 ```bash
 opena2a review                     # Scan + open HTML report in browser
@@ -115,6 +115,26 @@ opena2a review --report out.html   # Save to custom path
 opena2a review --format json       # JSON output for CI
 ```
 
+### `opena2a detect`
+
+Discover AI agents, MCP servers, and AI configurations running on this machine. Reports a governance score (0-100, where 100 = fully governed) with actionable findings that explain why each issue matters and how to fix it.
+
+```bash
+opena2a detect                              # Scan current project
+opena2a detect --report                     # Generate HTML executive report
+opena2a detect --export-csv assets.csv      # Export asset inventory for CMDB
+opena2a detect --format json                # Machine-readable output
+opena2a detect --verbose                    # Show full MCP server list and PIDs
+```
+
+What detect finds:
+- **Running AI agents**: Claude Code, Cursor, GitHub Copilot, Windsurf, Aider, Ollama, LM Studio, and more
+- **MCP servers**: Project-local and machine-wide configurations across Claude, Cursor, Windsurf, Cline, and VS Code
+- **AI config files**: `.cursorrules`, `CLAUDE.md`, `.copilot`, `.windsurfrules`, and framework configs
+- **Governance posture**: AIM identity, SOUL.md behavioral rules, capability policies
+
+The CSV export includes hostname, username, scan directory, and timestamp on every row for enterprise CMDB import.
+
 ### `opena2a init`
 
 Read-only security assessment. Detects project type (Node.js, Python via `pyproject.toml`, Go via `go.mod`), scans for credentials, checks hygiene (`.gitignore`, `.env` protection, lock file, security config, `.mcp/config.json`), calculates a trust score (0-100), and provides prioritized next steps. Does not modify any files -- use `opena2a protect` or `opena2a shield init` to take action.

package/dist/commands/detect.d.ts

@@ -1,26 +1,40 @@
 /**
  * opena2a detect -- Shadow AI Agent Audit
  *
- * Scans the local machine for running AI agents and MCP servers,
- * then reports their identity and governance status.
+ * Discovers AI agents running on this machine, MCP servers configured
+ * across all platforms, local LLM processes, and AI config files in the
+ * project. Reports identity, governance posture, and risk classification.
  */
 export interface DetectOptions {
     targetDir: string;
     ci?: boolean;
     format?: string;
     verbose?: boolean;
+    reportPath?: string;
+    exportCsv?: string;
 }
+export type RiskLevel = 'critical' | 'high' | 'medium' | 'low';
 export interface DetectedAgent {
     name: string;
     pid: number;
+    category: 'ai-assistant' | 'local-llm' | 'ai-plugin';
     identityStatus: 'identified' | 'no identity';
     governanceStatus: 'governed' | 'no governance';
+    risk: RiskLevel;
 }
 export interface DetectedMcpServer {
     name: string;
     transport: 'stdio' | 'sse' | 'unknown';
     source: string;
     verified: boolean;
+    capabilities: string[];
+    risk: RiskLevel;
+}
+export interface AiConfigFile {
+    file: string;
+    tool: string;
+    risk: RiskLevel;
+    details: string;
 }
 export interface IdentitySummary {
     aimIdentities: number;
@@ -30,29 +44,38 @@ export interface IdentitySummary {
     capabilityPolicies: number;
 }
 export interface DetectResult {
+    scanTimestamp: string;
+    scanDirectory: string;
+    summary: {
+        totalAgents: number;
+        ungoverned: number;
+        mcpServers: number;
+        unverifiedServers: number;
+        localLlms: number;
+        aiConfigs: number;
+        /** Governance score: 100 = fully governed, 0 = nothing in place. */
+        governanceScore: number;
+        /** How many points can be recovered by addressing findings. */
+        recoverablePoints: number;
+    };
     agents: DetectedAgent[];
     mcpServers: DetectedMcpServer[];
+    aiConfigs: AiConfigFile[];
     identity: IdentitySummary;
+    findings: Finding[];
+}
+export interface Finding {
+    severity: RiskLevel;
+    category: string;
+    title: string;
+    detail: string;
+    whyItMatters: string;
+    remediation: string;
 }
-/**
- * Scan running processes for AI agents.
- * Runs a single `ps aux` and parses once.
- */
 export declare function scanProcesses(psOutput?: string): DetectedAgent[];
-/**
- * Parse an MCP config file and extract server entries.
- */
 export declare function parseMcpConfig(filePath: string, label: string): DetectedMcpServer[];
-/**
- * Scan for MCP server config files.
- */
 export declare function scanMcpServers(targetDir: string): DetectedMcpServer[];
-/**
- * Check for AIM identity and governance files.
- */
+export declare function scanAiConfigs(targetDir: string): AiConfigFile[];
 export declare function scanIdentity(targetDir: string): IdentitySummary;
-/**
- * Main detect command entry point.
- */
 export declare function detect(options: DetectOptions): Promise<number>;
 //# sourceMappingURL=detect.d.ts.map

package/dist/commands/detect.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/commands/detect.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,YAAY,GAAG,aAAa,CAAC;IAC7C,gBAAgB,EAAE,UAAU,GAAG,eAAe,CAAC;CAChD;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,QAAQ,EAAE,eAAe,CAAC;CAC3B;AA+BD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,aAAa,EAAE,CAuChE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,iBAAiB,EAAE,CAkCrB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAgCrE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CA+C/D;AAuFD;;GAEG;AACH,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CA6CpE"}
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/commands/detect.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE/D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,cAAc,GAAG,WAAW,GAAG,WAAW,CAAC;IACrD,cAAc,EAAE,YAAY,GAAG,aAAa,CAAC;IAC7C,gBAAgB,EAAE,UAAU,GAAG,eAAe,CAAC;IAC/C,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,GAAG,KAAK,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,oEAAoE;QACpE,eAAe,EAAE,MAAM,CAAC;QACxB,+DAA+D;QAC/D,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,QAAQ,EAAE,eAAe,CAAC;IAC1B,QAAQ,EAAE,OAAO,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,SAAS,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAkFD,wBAAgB,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,aAAa,EAAE,CAsChE;AAMD,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,iBAAiB,EAAE,CA6BrB;AAmGD,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA6BrE;AAMD,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,EAAE,CAiC/D;AAMD,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CAgD/D;AAqgBD,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAuGpE"}