securenow 8.0.3 → 8.2.0

package/SKILL-CLI.md

@@ -15,7 +15,7 @@ npx securenow <command>
 
 **Full parity with the SDK:** every capability the `securenow` Node SDK exposes has a CLI counterpart — redaction, CIDR matching, log/span emission, firewall preload, config inspection. If you can do it in code, you can do it from the terminal.
 
-**MCP parity (v8.0+):** the same package also ships a local stdio MCP server for Codex, Claude, and other MCP clients:
+**MCP parity (v8.0+):** the same package also ships a local stdio MCP server for Codex, Claude, and other MCP clients:
 
 ```bash
 npx securenow login
@@ -24,31 +24,31 @@ codex mcp add securenow -- npx securenow mcp
 npx -p securenow securenow-mcp
 ```
 
-The MCP server reads admin/control-plane auth from `.securenow/admin.json` and SDK runtime app credentials from `.securenow/runtime.json`, with legacy `.securenow/credentials.json` still supported. Admin/global tools use admin auth; runtime-scoped read tools can use the runtime API key where its scopes allow it. Write tools require `confirm:true` plus a reason.
+The MCP server reads admin/control-plane auth from `.securenow/admin.json` and SDK runtime app credentials from `.securenow/runtime.json`, with legacy `.securenow/credentials.json` still supported. Admin/global tools use admin auth; runtime-scoped read tools can use the runtime API key where its scopes allow it. Write tools require `confirm:true` plus a reason.
 
 ### Authenticate
 
 ```bash
-securenow login             # friendly flow: admin auth + app runtime connection
-securenow admin login       # admin/control-plane CLI and MCP auth only
-securenow app connect       # app/runtime SDK connection only
-securenow admin login --token <JWT>   # headless / CI admin auth
-securenow whoami            # verify both admin auth and runtime app status
-```
-
-**Two-lane credentials (v8.0+):** admin/control-plane auth lives in `.securenow/admin.json`; SDK runtime app config and the runtime API key live in `.securenow/runtime.json`. `securenow login` can run both lanes for onboarding, but `securenow admin login` never replaces runtime app config and `securenow app connect` never replaces admin auth. Legacy combined `.securenow/credentials.json` files are still read.
+securenow login             # friendly flow: admin auth + app runtime connection
+securenow admin login       # admin/control-plane CLI and MCP auth only
+securenow app connect       # app/runtime SDK connection only
+securenow admin login --token <JWT>   # headless / CI admin auth
+securenow whoami            # verify both admin auth and runtime app status
+```
+
+**Two-lane credentials (v8.0+):** admin/control-plane auth lives in `.securenow/admin.json`; SDK runtime app config and the runtime API key live in `.securenow/runtime.json`. `securenow login` can run both lanes for onboarding, but `securenow admin login` never replaces runtime app config and `securenow app connect` never replaces admin auth. Legacy combined `.securenow/credentials.json` files are still read.
 
-**Zero-config runtime flow:** the browser step lets the user pick (or create) an app. The CLI stores the app's **key (UUID)** and **name** in `.securenow/runtime.json`. The SDK sends traces/logs to the default SecureNow ingestion gateway, which routes by app key, so no env vars or per-instance collector URLs are required for local dev or production.
+**Zero-config runtime flow:** the browser step lets the user pick (or create) an app. The CLI stores the app's **key (UUID)** and **name** in `.securenow/runtime.json`. The SDK sends traces/logs to the default SecureNow ingestion gateway, which routes by app key, so no env vars or per-instance collector URLs are required for local dev or production.
 
-**Default-on security (v8.0+):** after picking or creating the app, `securenow app connect` turns on that app's firewall toggle, mints a runtime API key with `traces:write + logs:write + firewall:read + blocklist:read + allowlist:read` scopes, and writes it into `.securenow/runtime.json`. Traces, logs, POST body capture, multipart metadata capture, and the firewall are enabled by default. No `SECURENOW_API_KEY` env var is needed. To add or rotate a key later without re-running app connect, use `securenow api-key create` or `securenow api-key set snk_live_...` (see [API Key Management](#api-key-management) below).
+**Default-on security (v8.0+):** after picking or creating the app, `securenow app connect` turns on that app's firewall toggle, mints a runtime API key with `traces:write + logs:write + firewall:read + blocklist:read + allowlist:read` scopes, and writes it into `.securenow/runtime.json`. Traces, logs, POST body capture, multipart metadata capture, and the firewall are enabled by default. No `SECURENOW_API_KEY` env var is needed. To add or rotate a key later without re-running app connect, use `securenow api-key create` or `securenow api-key set snk_live_...` (see [API Key Management](#api-key-management) below).
 
-Runtime credentials resolve in order: project `.securenow/runtime.json` -> legacy project `.securenow/credentials.json` -> project named runtime credentials -> global `.securenow/runtime.json` -> legacy global credentials -> global named runtime credentials. Admin auth resolves from `admin.json` first, then legacy `credentials.json`. Runtime config is credentials-json based; environment-variable fallbacks are not supported.
+Runtime credentials resolve in order: project `.securenow/runtime.json` -> legacy project `.securenow/credentials.json` -> project named runtime credentials -> global `.securenow/runtime.json` -> legacy global credentials -> global named runtime credentials. Admin auth resolves from `admin.json` first, then legacy `credentials.json`. Runtime config is credentials-json based; environment-variable fallbacks are not supported.
 
-The **runtime API key** should live in runtime credentials as `apiKey`; it authenticates telemetry ingestion and firewall sync.
+The **runtime API key** should live in runtime credentials as `apiKey`; it authenticates telemetry ingestion and firewall sync.
 
-For CI / Docker / production, use `securenow credentials runtime --env production` to generate a tokenless runtime file, then mount/copy it as `.securenow/credentials.json`. Since v7.7.2, mounting the generated `.securenow/credentials.production.json` filename directly also works when `credentials.json` is absent.
-
-**Environment model:** use one SecureNow app key for local, preview, staging, and production. The credentials field `config.runtime.deploymentEnvironment` separates traces/logs/firewall/forensics by environment. CLI security commands default to `production`; pass `--env local`, `--env staging`, or `--env all` only when that scope is intentional.
+For CI / Docker / production, use `securenow credentials runtime --env production` to generate a tokenless runtime file, then mount/copy it as `.securenow/credentials.json`. Since v7.7.2, mounting the generated `.securenow/credentials.production.json` filename directly also works when `credentials.json` is absent.
+
+**Environment model:** use one SecureNow app key for local, preview, staging, and production. The credentials field `config.runtime.deploymentEnvironment` separates traces/logs/firewall/forensics by environment. CLI security commands default to `production`; pass `--env local`, `--env staging`, or `--env all` only when that scope is intentional.
 
 ### Integrate With Your App
 
@@ -65,11 +65,11 @@ node -r securenow/register src/index.js
 For Next.js, run the interactive scaffolding:
 
 ```bash
-securenow login
-securenow init
-```
-
-This auto-detects your framework, creates the necessary `instrumentation.ts` and `next.config.js` changes, and reuses the app, instance, and runtime API key written by login or `app connect` to `.securenow/runtime.json`.
+securenow login
+securenow init
+```
+
+This auto-detects your framework, creates the necessary `instrumentation.ts` and `next.config.js` changes, and reuses the app, instance, and runtime API key written by login or `app connect` to `.securenow/runtime.json`.
 
 ### Install This Skill in Cursor
 
@@ -79,19 +79,19 @@ Save this file as `.cursor/skills/securenow-cli/SKILL.md` in your project. Your
 
 Config lives in `~/.securenow/` (global) and optionally `.securenow/` (per-project):
 
-| File | Content |
-|------|---------|
-| `~/.securenow/config.json` | `apiUrl`, `appUrl`, `defaultApp`, `output` |
-| `~/.securenow/admin.json` | `token`, `email`, `expiresAt` for global admin/control-plane CLI and MCP auth |
-| `~/.securenow/runtime.json` | `apiKey`, `app`, `config` for global SDK runtime |
-| `.securenow/admin.json` | `token`, `email`, `expiresAt` for project-local admin/control-plane CLI and MCP auth |
-| `.securenow/runtime.json` | `apiKey`, `app`, `config`, `_securenow.explanations` for project-local SDK runtime |
-| `.securenow/credentials.json` | Legacy combined credentials; still read for backward compatibility |
-| `.securenow/credentials.<environment>.json` | Tokenless runtime credentials generated by `securenow credentials runtime --env <environment>`; read in a fixed order, not selected from env vars |
-
-**Credential resolution order:** runtime config resolves from project `.securenow/runtime.json` -> legacy project `.securenow/credentials.json` -> project named runtime credentials in the fixed staging/production/preview/local/test/development/dev/prod order -> global `.securenow/runtime.json` -> legacy global credentials -> global named runtime credentials. Admin auth resolves from `admin.json` first, then legacy `credentials.json`. Environment-variable fallbacks are not supported.
-
-**Runtime API key resolution (v8.0+):** project `.securenow/runtime.json` -> legacy project credentials -> project named runtime credentials in the fixed staging/production/preview/local/test/development/dev/prod order -> global runtime credentials -> legacy global credentials -> global named runtime credentials. Use `securenow app connect` for runtime setup or `securenow api-key set` to rotate a key without touching admin auth or env vars.
+| File | Content |
+|------|---------|
+| `~/.securenow/config.json` | `apiUrl`, `appUrl`, `defaultApp`, `output` |
+| `~/.securenow/admin.json` | `token`, `email`, `expiresAt` for global admin/control-plane CLI and MCP auth |
+| `~/.securenow/runtime.json` | `apiKey`, `app`, `config` for global SDK runtime |
+| `.securenow/admin.json` | `token`, `email`, `expiresAt` for project-local admin/control-plane CLI and MCP auth |
+| `.securenow/runtime.json` | `apiKey`, `app`, `config`, `_securenow.explanations` for project-local SDK runtime |
+| `.securenow/credentials.json` | Legacy combined credentials; still read for backward compatibility |
+| `.securenow/credentials.<environment>.json` | Tokenless runtime credentials generated by `securenow credentials runtime --env <environment>`; read in a fixed order, not selected from env vars |
+
+**Credential resolution order:** runtime config resolves from project `.securenow/runtime.json` -> legacy project `.securenow/credentials.json` -> project named runtime credentials in the fixed staging/production/preview/local/test/development/dev/prod order -> global `.securenow/runtime.json` -> legacy global credentials -> global named runtime credentials. Admin auth resolves from `admin.json` first, then legacy `credentials.json`. Environment-variable fallbacks are not supported.
+
+**Runtime API key resolution (v8.0+):** project `.securenow/runtime.json` -> legacy project credentials -> project named runtime credentials in the fixed staging/production/preview/local/test/development/dev/prod order -> global runtime credentials -> legacy global credentials -> global named runtime credentials. Use `securenow app connect` for runtime setup or `securenow api-key set` to rotate a key without touching admin auth or env vars.
 
 ```bash
 securenow config set apiUrl https://api.securenow.ai
@@ -101,7 +101,7 @@ securenow config get defaultApp          # show one
 securenow config path                    # print file paths + active auth source
 ```
 
-Legacy CLI overrides still exist for operator automation, but runtime SDK config should stay in the credentials file.
+Legacy CLI overrides still exist for operator automation, but runtime SDK config should stay in the credentials file.
 
 ## Global Flags
 
@@ -113,7 +113,7 @@ Legacy CLI overrides still exist for operator automation, but runtime SDK config
 | `--force` | `-f` | Skip confirmations |
 | `--yes` | `-y` | Auto-confirm prompts |
 
-SecureNow-specific environment overrides are not supported; use `.securenow/runtime.json`, `.securenow/admin.json`, or `securenow config set`.
+SecureNow-specific environment overrides are not supported; use `.securenow/runtime.json`, `.securenow/admin.json`, or `securenow config set`.
 
 ---
 
@@ -129,19 +129,19 @@ securenow run --firewall-only app.js         # preload firewall only (no tracing
 securenow src/index.js                       # shorthand — auto-detected as "run"
 ```
 
-Spawns `node --require securenow/register [--import otel/hook.mjs] <script>`. ESM detection uses nearest `package.json` `"type"` field or `.mjs`/`.cjs` extension. With `--firewall-only`, uses `securenow/firewall-only` instead (credentials-file firewall, no OpenTelemetry).
+Spawns `node --require securenow/register [--import otel/hook.mjs] <script>`. ESM detection uses nearest `package.json` `"type"` field or `.mjs`/`.cjs` extension. With `--firewall-only`, uses `securenow/firewall-only` instead (credentials-file firewall, no OpenTelemetry).
 
 ### Authentication
 
 ```bash
-securenow login                   # friendly flow: admin auth + app runtime connection
-securenow admin login             # admin/control-plane CLI and MCP auth only
-securenow admin login --token <JWT> # headless / CI admin auth
-securenow app connect             # app/runtime SDK connection only
-securenow logout                  # clear admin auth; runtime app config remains
-securenow logout --global         # clear global admin auth only
-securenow whoami                  # show admin auth and runtime app status separately
-```
+securenow login                   # friendly flow: admin auth + app runtime connection
+securenow admin login             # admin/control-plane CLI and MCP auth only
+securenow admin login --token <JWT> # headless / CI admin auth
+securenow app connect             # app/runtime SDK connection only
+securenow logout                  # clear admin auth; runtime app config remains
+securenow logout --global         # clear global admin auth only
+securenow whoami                  # show admin auth and runtime app status separately
+```
 
 ### Applications
 
@@ -158,39 +158,39 @@ securenow apps scan [--yes]                  # scan all app domains for new subd
 
 ### API Key Management
 
-Manage the runtime API key stored in runtime credentials. Since v8.0 the app runtime flow writes app-scoped `snk_live_...` keys to `.securenow/runtime.json` by default, so no env var is required for local dev.
+Manage the runtime API key stored in runtime credentials. Since v8.0 the app runtime flow writes app-scoped `snk_live_...` keys to `.securenow/runtime.json` by default, so no env var is required for local dev.
 
-```bash
-securenow api-key create --name "CLI runtime" # mint + save a current-app runtime key
-securenow api-key create --app <key-or-id>    # mint + save a runtime key scoped to another app
-securenow api-key set snk_live_xxxxxxxxxx    # save to project ./.securenow/ (default)
-securenow api-key set snk_live_xxx --global  # save to ~/.securenow/ instead
-securenow api-key show                       # print the masked current key + its source
-securenow api-key clear                      # remove just the API key (keeps session/app)
-securenow api-key clear --global             # same, but from the global file
-securenow credentials runtime --env production # write .securenow/credentials.production.json for production secret-file deploys
+```bash
+securenow api-key create --name "CLI runtime" # mint + save a current-app runtime key
+securenow api-key create --app <key-or-id>    # mint + save a runtime key scoped to another app
+securenow api-key set snk_live_xxxxxxxxxx    # save to project ./.securenow/ (default)
+securenow api-key set snk_live_xxx --global  # save to ~/.securenow/ instead
+securenow api-key show                       # print the masked current key + its source
+securenow api-key clear                      # remove just the API key (keeps session/app)
+securenow api-key clear --global             # same, but from the global file
+securenow credentials runtime --env production # write .securenow/credentials.production.json for production secret-file deploys
 ```
 
-The key must start with `snk_live_`. `securenow app connect` writes the key automatically; use `api-key create` when you have admin auth but no runtime key yet, or `api-key set` when you already have a key from the dashboard. `api-key create` defaults to the current app in `.securenow/runtime.json`, resolves that app UUID to the server app id, creates a one-app `runtime_app` key with `traces:write`, `logs:write`, `firewall:read`, `blocklist:read`, and `allowlist:read`, then stores the one-time plaintext key as `apiKey`.
+The key must start with `snk_live_`. `securenow app connect` writes the key automatically; use `api-key create` when you have admin auth but no runtime key yet, or `api-key set` when you already have a key from the dashboard. `api-key create` defaults to the current app in `.securenow/runtime.json`, resolves that app UUID to the server app id, creates a one-app `runtime_app` key with `traces:write`, `logs:write`, `firewall:read`, `blocklist:read`, and `allowlist:read`, then stores the one-time plaintext key as `apiKey`.
 
 ### Init — Project Setup
 
 ```bash
-securenow init [--env local] [--key <API_KEY>]
+securenow init [--env local] [--key <API_KEY>]
 ```
 
-Auto-detects framework (Next.js, Nuxt, Express, Fastify, Koa, Hapi, Node) from `package.json`. Then:
-- **Credentials**: ensures `.securenow/runtime.json` exists with secure defaults and explanations
-- **Next.js**: creates `instrumentation.ts/js` with `securenow/nextjs` + `securenow/nextjs-auto-capture`, and adds `serverExternalPackages: ['securenow']` plus `outputFileTracingIncludes` when the config can be patched safely
-- **Existing Next.js files**: prints a Codex/Claude-ready merge prompt when instrumentation or config already exists or is too custom to safely patch
-- **Nuxt**: tells you to add `securenow/nuxt` to modules
-- **Node/Express/etc.**: suggests adding `-r securenow/register` to start script
-- Reuses `.securenow/runtime.json` written by login/app connect; production should mount/copy the tokenless runtime file generated by `securenow credentials runtime --env production`
+Auto-detects framework (Next.js, Nuxt, Express, Fastify, Koa, Hapi, Node) from `package.json`. Then:
+- **Credentials**: ensures `.securenow/runtime.json` exists with secure defaults and explanations
+- **Next.js**: creates `instrumentation.ts/js` with `securenow/nextjs` + `securenow/nextjs-auto-capture`, and adds `serverExternalPackages: ['securenow']` plus `outputFileTracingIncludes` when the config can be patched safely
+- **Existing Next.js files**: prints a Codex/Claude-ready merge prompt when instrumentation or config already exists or is too custom to safely patch
+- **Nuxt**: tells you to add `securenow/nuxt` to modules
+- **Node/Express/etc.**: suggests adding `-r securenow/register` to start script
+- Reuses `.securenow/runtime.json` written by login/app connect; production should mount/copy the tokenless runtime file generated by `securenow credentials runtime --env production`
 
 ### Dashboard & Status
 
 ```bash
-securenow status [--app <key>] [--env local|production|all] # dashboard overview
+securenow status [--app <key>] [--env local|production|all] # dashboard overview
 securenow analytics [--app <key>]            # response analytics
 ```
 
@@ -199,83 +199,91 @@ securenow analytics [--app <key>]            # response analytics
 ### Traces
 
 ```bash
-securenow traces [--app <key>] [--env production] [--limit N] [--start ISO] [--end ISO]
-securenow traces list --app my-app --env production --limit 50
-securenow traces show <traceId> --env production      # full trace detail with spans
-securenow traces analyze <traceId> --env production   # AI-powered trace analysis
+securenow traces [--app <key>] [--env production] [--limit N] [--start ISO] [--end ISO]
+securenow traces list --app my-app --env production --limit 50
+securenow traces show <traceId> --env production      # full trace detail with spans
+securenow traces analyze <traceId> --env production   # AI-powered trace analysis
 ```
 
 ### Logs
 
 ```bash
-securenow logs [--app <key>] [--env production] [--limit N] [--minutes M] [--level error|warn|info]
-securenow logs list --app my-app --env production --minutes 30 --level error
-securenow logs trace <traceId> --env production       # logs correlated to a specific trace
-```
-
-### Notifications
-
-```bash
-securenow notifications [--limit N] [--page P]
-securenow notifications list --limit 20
-securenow notifications read <id>            # mark one as read
-securenow notifications read-all             # mark all as read
-securenow notifications unread               # unread count
-```
-
-### Human Actions — AI-Prepared Decision Queue
-
-Use this for the same work shown in **Requires Human**: AI has already grouped alerts, fetched traces, built a report, and left a final Block IP or False Positive decision.
-
-```bash
-securenow human                              # list human decisions, most urgent first
-securenow human list --limit 20
-securenow human show 1                       # inspect row 1 with AI report, investigation steps, proofs, trace links
-securenow human block 1 --yes --reason "AI evidence confirmed malicious"
-securenow human fp 1 --yes --reason "Scoped false positive after evidence review"
-securenow human action 1 --status rejected --yes --reason "Tuning guard is too broad"
-securenow human prompt 1                     # print a Codex/Claude MCP prompt for this row
-securenow human work --limit 10              # list queue + print MCP runbook for deep queue work
-```
-
-MCP parity:
-
-- `securenow_human_actions_list`
-- `securenow_notifications_get`
-- `securenow_human_action_report`
-- `securenow_human_action_block`
-- `securenow_human_action_false_positive`
-- `securenow_human_case_action_update`
-- prompts: `investigate_human_action_row`, `work_human_actions`
-
-Write tools still require `confirm:true` plus a reason. False positives should stay restrictive to the app, alert rule, path, method/status, user-agent, body pattern, or other exact evidence the AI report supports. Notification IP investigations can include `metadata.matchedSubdetectors`; prefer that exact field over inferring which subdetector fired from the title or sample body.
-
-### Alerts
-
-```bash
-securenow alerts                             # list alert rules (default)
+securenow logs [--app <key>] [--env production] [--limit N] [--minutes M] [--level error|warn|info]
+securenow logs list --app my-app --env production --minutes 30 --level error
+securenow logs trace <traceId> --env production       # logs correlated to a specific trace
+```
+
+### Notifications
+
+```bash
+securenow notifications [--limit N] [--page P]
+securenow notifications list --limit 20
+securenow notifications read <id>            # mark one as read
+securenow notifications read-all             # mark all as read
+securenow notifications unread               # unread count
+```
+
+### Human Actions — AI-Prepared Decision Queue
+
+Use this for the same work shown in **Requires Human**: AI has already grouped alerts, fetched traces, built a report, and left a final Block IP or False Positive decision.
+
+```bash
+securenow human                              # list human decisions, most urgent first
+securenow human list --limit 20
+securenow human show 1                       # inspect row 1 with AI report, investigation steps, proofs, trace links
+securenow human block 1 --yes --reason "AI evidence confirmed malicious"
+securenow human fp 1 --yes --reason "Scoped false positive after evidence review"
+securenow human action 1 --status rejected --yes --reason "Tuning guard is too broad"
+securenow human prompt 1                     # print a Codex/Claude MCP prompt for this row
+securenow human work --limit 10              # list queue + print MCP runbook for deep queue work
+```
+
+MCP parity:
+
+- `securenow_human_actions_list`
+- `securenow_notifications_get`
+- `securenow_human_action_report`
+- `securenow_human_action_block`
+- `securenow_human_action_false_positive`
+- `securenow_human_case_action_update`
+- prompts: `investigate_human_action_row`, `work_human_actions`
+
+Write tools still require `confirm:true` plus a reason. False positives should stay restrictive to the app, alert rule, path, method/status, user-agent, body pattern, or other exact evidence the AI report supports. Notification IP investigations can include `metadata.matchedSubdetectors`; prefer that exact field over inferring which subdetector fired from the title or sample body.
+
+### Alerts
+
+```bash
+securenow alerts                             # list alert rules (default)
 securenow alerts rules                       # list alert rules (columns: Status, Applications, Schedule)
-securenow alerts rules show <id>            # one rule; JSON: --json
-securenow alerts rules update <id> --applications-all   # all current & future apps
-securenow alerts rules update <id> --apps key1,key2     # explicit app keys only
-securenow alerts rules test <id> --mode dry_run --wait  # validate a rule query
-securenow alerts rules dry-run-query <id> --sql @candidate.sql --app <key> --wait
-securenow alerts rules tune-query <id> --sql @candidate.sql --reason "Preserve exploit detector, remove benign broad match" --apply-globally --yes
-securenow alerts rules exclusions <id> list              # embedded rule exclusions
-securenow alerts channels                    # list alert channels (Slack, email, etc.)
-securenow alerts history [--limit N]         # past triggered alerts
-```
-
-MCP parity for noisy alert-rule reviews:
-
-- `securenow_alert_rule_get`
-- `securenow_alert_rule_candidate_test` dry-runs a full candidate SQL query without saving it.
-- `securenow_alert_rule_test_result` polls the dry-run.
-- `securenow_alert_rule_query_update` updates the shared public query mapping behind a system rule for all customer copies. It is admin-only, requires `confirm:true`, `applyGlobally:true`, `reason`, and SQL that keeps `__USER_APP_KEYS__` tenant scoping.
-- `securenow_alert_rule_instant_update` patches Instant rule conditions/config with stale-write guards. Fetch the rule first, pass `expectedRuleVersion` plus `expectedCurrentInstantHash`, use operations such as `remove_condition` / `add_condition` / `update_condition`, and set `applyGlobally:true` for system rules. The API runs seeded before/after checks and returns benign samples removed plus attack samples still matching. If global tuning is denied, it returns a structured admin handoff with the exact patch and missing permission.
-- `securenow_alert_rule_exclusion_add` remains the last-resort customer-specific path; it supports restrictive conditions plus `matchMode` and should not be used to hide a generic system-rule bug.
-
-For system-rule tuning, dry-run the candidate SQL first for scheduled rules, or use `dryRun:true` on `securenow_alert_rule_instant_update` for Instant rules. Save only when the guard preserves attack detection. Good guards add exact exploit tokens, dangerous schemes, matched subdetectors, sensitive path/status evidence, malicious user agents, or repeat thresholds; bad guards simply suppress a noisy path.
+securenow alerts rules create \              # NEW: create a custom detection rule from inline SQL
+  --name "Auth: magic-link brute force" \
+  --sql @rule.sql \                          #   SQL, @file, or - for stdin; scope apps with __USER_APP_KEYS__
+  --apps key1,key2 \                         #   or --applications-all
+  --severity high --schedule "*/15 * * * *" \
+  --nlp "single IP flooding /api/auth/signin or /api/auth/callback"
+securenow alerts rules show <id>            # one rule; JSON: --json
+securenow alerts rules update <id> --applications-all   # all current & future apps
+securenow alerts rules update <id> --apps key1,key2     # explicit app keys only
+securenow alerts rules test <id> --mode dry_run --wait  # validate a rule query
+securenow alerts rules dry-run-query <id> --sql @candidate.sql --app <key> --wait
+securenow alerts rules tune-query <id> --sql @candidate.sql --reason "Preserve exploit detector, remove benign broad match" --apply-globally --yes
+securenow alerts rules exclusions <id> list              # embedded rule exclusions
+securenow alerts channels                    # list alert channels (Slack, email, etc.)
+securenow alerts history [--limit N]         # past triggered alerts
+```
+
+`alerts rules create` flags: `--name` (required); one of `--sql <sql|@file|->` or `--query-mapping-id <id>`; one of `--apps k1,k2` or `--applications-all`; optional `--description`, `--nlp` (plain-English intent), `--category`, `--severity critical|high|medium|low`, `--schedule <cron>` (default `*/15 * * * *`), `--throttle-minutes N` / `--no-throttle`, `--execution-mode scheduled|instant|hybrid`, `--channel id1,id2` (defaults to your in-app SecureNow channel). Detection SQL must scope app keys via the `__USER_APP_KEYS__` placeholder and select an `ip` column for per-IP aggregation/remediation. Requires `alerts:write`.
+
+MCP parity for noisy alert-rule reviews:
+
+- `securenow_alert_rule_get`
+- `securenow_alert_rule_candidate_test` dry-runs a full candidate SQL query without saving it.
+- `securenow_alert_rule_test_result` polls the dry-run.
+- `securenow_alert_rule_query_update` updates the shared public query mapping behind a system rule for all customer copies. It is admin-only, requires `confirm:true`, `applyGlobally:true`, `reason`, and SQL that keeps `__USER_APP_KEYS__` tenant scoping.
+- `securenow_alert_rule_instant_update` patches Instant rule conditions/config with stale-write guards. Fetch the rule first, pass `expectedRuleVersion` plus `expectedCurrentInstantHash`, use operations such as `remove_condition` / `add_condition` / `update_condition`, and set `applyGlobally:true` for system rules. The API runs seeded before/after checks and returns benign samples removed plus attack samples still matching. If global tuning is denied, it returns a structured admin handoff with the exact patch and missing permission.
+- `securenow_alert_rule_exclusion_add` remains the last-resort customer-specific path; it supports restrictive conditions plus `matchMode` and should not be used to hide a generic system-rule bug.
+
+For system-rule tuning, dry-run the candidate SQL first for scheduled rules, or use `dryRun:true` on `securenow_alert_rule_instant_update` for Instant rules. Save only when the guard preserves attack detection. Good guards add exact exploit tokens, dangerous schemes, matched subdetectors, sensitive path/status evidence, malicious user agents, or repeat thresholds; bad guards simply suppress a noisy path.
 
 ---
 
@@ -284,15 +292,15 @@ For system-rule tuning, dry-run the candidate SQL first for scheduled rules, or
 ```bash
 securenow ip <ip-address>                    # lookup (geo, ASN, threat score, reputation)
 securenow ip lookup <ip-address>             # same as above
-securenow ip traces <ip-address> --env production # traces originating from this IP
+securenow ip traces <ip-address> --env production # traces originating from this IP
 ```
 
 ### Forensics — Natural Language Security Queries
 
 ```bash
-securenow forensics "show me all SQL injection attempts in the last 24h" --env production
-securenow forensics query "top 10 IPs by blocked requests" --app my-app --env production
-securenow forensics chat --app my-app --env production # interactive forensics chat session
+securenow forensics "show me all SQL injection attempts in the last 24h" --env production
+securenow forensics query "top 10 IPs by blocked requests" --app my-app --env production
+securenow forensics chat --app my-app --env production # interactive forensics chat session
 securenow forensics library                  # view saved/template queries
 ```
 
@@ -309,100 +317,100 @@ securenow api-map stats                      # endpoint statistics
 ### Firewall
 
 ```bash
-securenow firewall                           # show status (default)
-securenow firewall status --app <key> --env production   # app/env toggle, sync time, blocked count
-securenow firewall test-ip <ip> --app <key> --env local  # check if IP would be blocked
+securenow firewall                           # show status (default)
+securenow firewall status --app <key> --env production   # app/env toggle, sync time, blocked count
+securenow firewall test-ip <ip> --app <key> --env local  # check if IP would be blocked
 ```
 
-**Zero-config setup:** running `securenow app connect` enables the selected app's firewall toggle, auto-mints a runtime API key (scoped `traces:write + logs:write + firewall:read + blocklist:read + allowlist:read`), and writes it to `.securenow/runtime.json` after the app is selected. No `SECURENOW_API_KEY` env var needed. If the user already has a key, `securenow api-key set snk_live_...` achieves the same thing; if they only have admin auth, `securenow api-key create` mints and saves a fresh runtime key. See [the landing firewall page](https://securenow.ai/firewall) for an overview.
+**Zero-config setup:** running `securenow app connect` enables the selected app's firewall toggle, auto-mints a runtime API key (scoped `traces:write + logs:write + firewall:read + blocklist:read + allowlist:read`), and writes it to `.securenow/runtime.json` after the app is selected. No `SECURENOW_API_KEY` env var needed. If the user already has a key, `securenow api-key set snk_live_...` achieves the same thing; if they only have admin auth, `securenow api-key create` mints and saves a fresh runtime key. See [the landing firewall page](https://securenow.ai/firewall) for an overview.
 
 ### Blocklist — Block Malicious IPs
 
 ```bash
-securenow blocklist                          # list blocked IPs
-securenow blocklist list
-securenow blocklist add <ip> --app <key> --env production --reason "Brute force"
-securenow blocklist add <ip> --route /admin* --mode prefix --method ALL --reason "Admin probing"
-securenow blocklist unblock <id> --reason "False alarm after review"
-securenow blocklist remove <id>              # compatibility alias for unblock
-securenow blocklist list --status removed    # audit retained unblocks
-securenow blocklist stats                    # block counts, top reasons
-```
-
-Scoped blocks use the same model as rate limits: `--route`/`--path`/`--pattern`
-sets `pathPattern`, `--mode`/`--path-mode` chooses `prefix`, `exact`, or
-`regex`, and `--method` limits enforcement to one HTTP method or `ALL`.
-
-Unblock stops firewall enforcement but preserves the block report, history, and
-unblock audit fields. Reblocking the same IP later creates a fresh active block
-without erasing the previous investigation trail.
-
-MCP exposes legacy pending-block cleanup separately from current Requires Human
-work:
-
-- `securenow_blocklist_unblock`
-- `securenow_blocklist_remove` (compatibility alias for unblock)
-- `securenow_blocklist_pending_list`
-- `securenow_blocklist_pending_approve`
-- `securenow_blocklist_pending_reject`
-- `securenow_blocklist_pending_bulk_approve`
-- `securenow_blocklist_pending_bulk_reject`
-- prompt: `cleanup_legacy_pending_blocks`
-
-### Rate Limits - Soft Remediation
-
-```bash
-securenow ratelimit list --env production
-securenow ratelimit add 203.0.113.42 --route /api/login --limit 2 --window 1m --duration 24h
-securenow ratelimit parse "rate limit 203.0.113.42 on POST /api/login to 2 attempts per minute"
-securenow ratelimit from-text "rate limit /api/login for this IP to 2 attempts per minute for 24h" --yes
-securenow ratelimit test 203.0.113.42 --path /api/login --method POST
-```
-
-MCP parity:
-
-- `securenow_rate_limit_parse`
-- `securenow_rate_limit_create_from_text`
-
-### Automation Rules
-
-```bash
-securenow automation                         # list blocklist automation rules
-securenow automation defaults --yes          # ensure built-in default risk-score rules
-securenow automation show <id>
-securenow automation dry-run <id> --limit 500
-securenow automation execute <id> --yes
-```
-
-Built-in default automation is enabled by default for all apps/environments and
-uses the canonical `riskScore`: 95-100 blocks for 7 days, 90-94 blocks for 72h,
-85-89 blocks for 24h, and scores below 85 stay in investigation/review unless
-the customer adds a stricter custom rule. Raw SecureNow IPDB confidence remains
-supporting evidence, not the primary automation score.
+securenow blocklist                          # list blocked IPs
+securenow blocklist list
+securenow blocklist add <ip> --app <key> --env production --reason "Brute force"
+securenow blocklist add <ip> --route /admin* --mode prefix --method ALL --reason "Admin probing"
+securenow blocklist unblock <id> --reason "False alarm after review"
+securenow blocklist remove <id>              # compatibility alias for unblock
+securenow blocklist list --status removed    # audit retained unblocks
+securenow blocklist stats                    # block counts, top reasons
+```
+
+Scoped blocks use the same model as rate limits: `--route`/`--path`/`--pattern`
+sets `pathPattern`, `--mode`/`--path-mode` chooses `prefix`, `exact`, or
+`regex`, and `--method` limits enforcement to one HTTP method or `ALL`.
+
+Unblock stops firewall enforcement but preserves the block report, history, and
+unblock audit fields. Reblocking the same IP later creates a fresh active block
+without erasing the previous investigation trail.
+
+MCP exposes legacy pending-block cleanup separately from current Requires Human
+work:
+
+- `securenow_blocklist_unblock`
+- `securenow_blocklist_remove` (compatibility alias for unblock)
+- `securenow_blocklist_pending_list`
+- `securenow_blocklist_pending_approve`
+- `securenow_blocklist_pending_reject`
+- `securenow_blocklist_pending_bulk_approve`
+- `securenow_blocklist_pending_bulk_reject`
+- prompt: `cleanup_legacy_pending_blocks`
+
+### Rate Limits - Soft Remediation
+
+```bash
+securenow ratelimit list --env production
+securenow ratelimit add 203.0.113.42 --route /api/login --limit 2 --window 1m --duration 24h
+securenow ratelimit parse "rate limit 203.0.113.42 on POST /api/login to 2 attempts per minute"
+securenow ratelimit from-text "rate limit /api/login for this IP to 2 attempts per minute for 24h" --yes
+securenow ratelimit test 203.0.113.42 --path /api/login --method POST
+```
+
+MCP parity:
+
+- `securenow_rate_limit_parse`
+- `securenow_rate_limit_create_from_text`
+
+### Automation Rules
+
+```bash
+securenow automation                         # list blocklist automation rules
+securenow automation defaults --yes          # ensure built-in default risk-score rules
+securenow automation show <id>
+securenow automation dry-run <id> --limit 500
+securenow automation execute <id> --yes
+```
+
+Built-in default automation is enabled by default for all apps/environments and
+uses the canonical `riskScore`: 95-100 blocks for 7 days, 90-94 blocks for 72h,
+85-89 blocks for 24h, and scores below 85 stay in investigation/review unless
+the customer adds a stricter custom rule. Raw SecureNow IPDB confidence remains
+supporting evidence, not the primary automation score.
 
 ### Allowlist — Restrict to Known IPs
 
-Dangerous production mode: IP Allowlist is deny-by-default. Once any active
-allowlist entry exists for an app/environment, only listed IPs can reach it and
-all other IPs are blocked. Do not use allowlist to mark an IP trusted, suppress
-false positives, or clean up investigations. Use `securenow trusted add` for
-known-safe monitors, office/VPN traffic, or trusted bypass cases.
-
-```bash
-securenow allowlist                          # list allowed IPs
-securenow allowlist list
-securenow allowlist add <ip> --app <key> --env local --label "Office" --reason "Corporate VPN"
+Dangerous production mode: IP Allowlist is deny-by-default. Once any active
+allowlist entry exists for an app/environment, only listed IPs can reach it and
+all other IPs are blocked. Do not use allowlist to mark an IP trusted, suppress
+false positives, or clean up investigations. Use `securenow trusted add` for
+known-safe monitors, office/VPN traffic, or trusted bypass cases.
+
+```bash
+securenow allowlist                          # list allowed IPs
+securenow allowlist list
+securenow allowlist add <ip> --app <key> --env local --label "Office" --reason "Corporate VPN"
 securenow allowlist remove <id>
 securenow allowlist stats
 ```
 
-### Trusted IPs
+### Trusted IPs
+
+Trusted IPs are the safe bypass/suppression mechanism for known infrastructure
+and do not enable deny-by-default allowlist mode.
 
-Trusted IPs are the safe bypass/suppression mechanism for known infrastructure
-and do not enable deny-by-default allowlist mode.
-
-```bash
-securenow trusted                            # list trusted IPs
+```bash
+securenow trusted                            # list trusted IPs
 securenow trusted list
 securenow trusted add <ip> [--label "CloudFlare edge"]
 securenow trusted remove <id>
@@ -496,7 +504,7 @@ securenow test-span
 securenow test-span "ci.smoke-test"          # custom span name
 ```
 
-Both commands use the default SecureNow ingestion gateway plus optional advanced `config.otel.*` overrides from `.securenow/runtime.json` or legacy runtime credentials, and return non-zero on HTTP errors so CI/cron can detect failures.
+Both commands use the default SecureNow ingestion gateway plus optional advanced `config.otel.*` overrides from `.securenow/runtime.json` or legacy runtime credentials, and return non-zero on HTTP errors so CI/cron can detect failures.
 
 ### Utilities — Redaction, CIDR, Diagnostics
 
@@ -511,7 +519,7 @@ securenow redact @request.json --fields internal_id,sessionHash
 securenow cidr match 10.0.0.5 10.0.0.0/24,192.168.0.0/16
 securenow cidr parse 10.0.0.0/24             # network, broadcast, mask, size
 
-# Show resolved config (service name, endpoints, credentials, firewall layers)
+# Show resolved config (service name, endpoints, credentials, firewall layers)
 securenow env                                # human-readable
 securenow env --json                         # pipe to jq
 
@@ -520,7 +528,7 @@ securenow doctor                             # exits 0 if healthy, 1 otherwise
 securenow doctor --json
 ```
 
-The `redact` command accepts a JSON string or `@path/to/file.json` and layers your `--fields` flag on top of `DEFAULT_SENSITIVE_FIELDS`. Exit code from `cidr match` is `0` if the IP matches the list, `2` otherwise — scriptable.
+The `redact` command accepts a JSON string or `@path/to/file.json` and layers your `--fields` flag on top of `DEFAULT_SENSITIVE_FIELDS`. Exit code from `cidr match` is `0` if the IP matches the list, `2` otherwise — scriptable.
 
 ---
 
@@ -604,10 +612,10 @@ All commands support `--json` for structured output. When piping to other tools
 
 | Exit code / Error | Meaning | Recovery |
 |------------------|---------|----------|
-| `Session expired` | Admin JWT expired | `securenow admin login` (or `admin login --global` for shared admin auth) |
-| `Not logged in` | No admin token found | `securenow admin login`; runtime `.securenow/runtime.json` is unrelated |
-| `Access denied (403)` | Insufficient plan or permissions | Upgrade plan or check user role |
-| `Cannot connect` | API unreachable | Check `securenow config get apiUrl` or network |
+| `Session expired` | Admin JWT expired | `securenow admin login` (or `admin login --global` for shared admin auth) |
+| `Not logged in` | No admin token found | `securenow admin login`; runtime `.securenow/runtime.json` is unrelated |
+| `Access denied (403)` | Insufficient plan or permissions | Upgrade plan or check user role |
+| `Cannot connect` | API unreachable | Check `securenow config get apiUrl` or network |
 | `Unknown command` | Typo or unrecognized command | `securenow help` |
 
-SecureNow-specific environment overrides are intentionally unsupported for troubleshooting; use explicit CLI config files and normal terminal logs.
+SecureNow-specific environment overrides are intentionally unsupported for troubleshooting; use explicit CLI config files and normal terminal logs.