npm - policylayer - Versions diffs - 0.1.4 → 0.1.5 - Mend

policylayer 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +89 -0
package/package.json +3 -2

package/README.md ADDED Viewed

@@ -0,0 +1,89 @@
+# policylayer
+Scan your MCP config. See what your AI agent can do. Get a shareable report.
+## Quick start
+```bash
+npx -y policylayer
+```
+That's it. The CLI finds your MCP config, live-scans each server, classifies every tool, and prints a report URL.
+## What it does
+1. **Finds your config** -- checks `.mcp.json`, `~/.claude.json`, Claude Desktop, Cursor, VS Code, Windsurf, and Codex configs automatically
+2. **Live-scans servers** -- spawns each MCP server, performs the JSON-RPC handshake, and discovers every tool with its full schema
+3. **Classifies tools** -- checks against the PolicyLayer database of 2,500+ classified tools. Unknown tools are classified locally using schema analysis, blast radius detection, and verb matching
+4. **Generates a policy YAML** -- suggested default rules for every tool, ready to use with [Intercept](https://github.com/policylayer/intercept)
+5. **Prints a report URL** -- permanent, shareable, no login required
+6. **Contributes back** -- live-scanned tool data is contributed to the database so future scans are faster for everyone
+## Commands
+```bash
+npx -y policylayer
+```
+**Options:**
+| Flag | Description |
+|------|-------------|
+| `-d, --dir <path>` | Directory to scan for config files (default: cwd) |
+| `-o, --output <path>` | Output path for policy YAML (default: `policylayer.yaml`) |
+| `--no-live` | Skip live scanning, classify from config only |
+| `--no-report` | Skip submitting report to PolicyLayer |
+| `--timeout <ms>` | Timeout per server in milliseconds (default: 30000) |
+| `--json` | Output results as JSON |
+### Examples
+```bash
+# Auto-detect config and scan
+npx -y policylayer
+# Scan a specific directory
+npx -y policylayer -d ~/projects/my-app
+# Skip live scanning (faster, less detailed)
+npx -y policylayer --no-live
+# Output as JSON for piping
+npx -y policylayer --json
+# Custom policy output path
+npx -y policylayer -o my-policy.yaml
+```
+## Config detection
+The CLI searches these paths and uses all configs found:
+| Client | Path |
+|--------|------|
+| Claude Code (project) | `.mcp.json` |
+| Claude Code (user) | `~/.claude.json` |
+| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` |
+| Cursor | `.cursor/mcp.json` |
+| VS Code | `.vscode/settings.json` |
+| Windsurf | `~/.codeium/windsurf/mcp_config.json` |
+| Codex (project) | `.codex/config.toml` |
+| Codex (user) | `~/.codex/config.toml` |
+## Privacy
+The CLI **never sends** your raw config. Before anything leaves your machine:
+- Environment variables are stripped
+- Auth tokens are removed
+- Only server names, package identifiers, and tool schemas are sent
+- Live-scanned tool data (names, descriptions, schemas) is contributed to improve the database
+Use `--no-report` to skip sending anything.
+## Links
+- [Example report](https://policylayer.com/scan/report/65545482-5d1d-472f-9fca-472ff1181d0d)
+- [Scan your config online](https://policylayer.com/scan)
+- [Policy library](https://policylayer.com/policies)
+- [Intercept](https://github.com/policylayer/intercept) -- enforce limits on every MCP tool call

package/package.json CHANGED Viewed

@@ -1,13 +1,14 @@
 {
   "name": "policylayer",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "description": "Scan your MCP servers for security risks — live tool discovery + classification + shareable report",
   "bin": {
     "policylayer": "./dist/index.js"
   },
   "files": [
-    "dist"
+    "dist",
+    "README.md"
   ],
   "engines": {
     "node": ">=20"