security-mcp 1.0.3 → 1.0.5

package/README.md

@@ -45,7 +45,7 @@ security-mcp actively hardens every surface of your software:
 ## Quick Start
 
 ```bash
-npx security-mcp install
+npx -y security-mcp@latest install
 ```
 
 That's it. The tool auto-detects your editor and writes the MCP config. Restart your editor -- done.
@@ -53,15 +53,43 @@ That's it. The tool auto-detects your editor and writes the MCP config. Restart
 To target a specific editor:
 
 ```bash
-npx security-mcp install --claude-code
-npx security-mcp install --cursor
-npx security-mcp install --vscode
+npx -y security-mcp@latest install --claude-code
+npx -y security-mcp@latest install --cursor
+npx -y security-mcp@latest install --vscode
 ```
 
 Preview without writing anything:
 
 ```bash
-npx security-mcp install --dry-run
+npx -y security-mcp@latest install --dry-run
+```
+
+### Global Install
+
+Install the package globally, then configure editors to call the global binary directly:
+
+```bash
+npm install -g security-mcp@latest
+security-mcp install-global
+```
+
+Preview the global install flow without writing:
+
+```bash
+security-mcp install-global --dry-run
+```
+
+### Update Behavior
+
+- `npx -y security-mcp@latest ...` always runs the latest published npm version.
+- Global installs (`npm install -g security-mcp`) do not auto-upgrade by themselves.
+- The CLI now checks npm for new releases and prints an update prompt when a newer version is available.
+
+Global update command:
+
+```bash
+npm install -g security-mcp@latest
+security-mcp install-global
 ```
 
 In **Claude Code**, activate the security engineer:
@@ -78,28 +106,36 @@ Your AI will now **find and fix** security issues instead of just mentioning the
 
 When you invoke `/senior-security-engineer` or call any security-mcp MCP tool, your AI shifts into the role of a Senior Security Engineer. It will:
 
-1. **Scan your code** for vulnerabilities, misconfigurations, and security anti-patterns
-2. **Fix what it finds** -- not just flag it; it rewrites the insecure code with the secure version
-3. **Enforce policies** -- set up input validation, auth middleware, security headers, and rate limiting
-4. **Block dangerous patterns** -- refuse to implement code that introduces known vulnerabilities
-5. **Explain everything in plain English** -- no security jargon required
+1. **Ask scan scope first** -- folder-by-folder, file-by-file, or recent changes
+2. **Start a review run** -- carry a `runId` for ordered execution and attestation
+3. **Scan your code** for vulnerabilities, misconfigurations, and security anti-patterns
+4. **Fix what it finds** -- not just flag it; it rewrites the insecure code with the secure version
+5. **Enforce policies** -- set up input validation, auth middleware, security headers, and rate limiting
+6. **Block dangerous patterns** -- refuse to implement code that introduces known vulnerabilities
+7. **Produce an attestation** -- emit a confidence summary and integrity hash for the completed review
 
 ### MCP Tools (Your AI Uses These Automatically)
 
 | Tool | What It Does |
 | --- | --- |
+| `security.start_review` | Starts a stateful review run and returns the `runId` used for ordered execution and attestation |
 | `security.get_system_prompt` | Loads the full security directive into your AI session -- activates the Senior Security Engineer mode |
 | `security.threat_model` | Generates a complete threat model for any feature before a single line of code is written |
 | `security.checklist` | Returns a hardened pre-ship checklist specific to your surface (web, API, mobile, AI, cloud) |
+| `security.scan_strategy` | Forces scan mode selection (`folder_by_folder`, `file_by_file`, `recent_changes`) and builds an exhaustive review plan |
 | `security.generate_policy` | Writes a `security-policy.json` for your project that the gate enforces on every PR |
-| `security.run_pr_gate` | Scans your current code diff and **blocks merge** if it introduces CRITICAL or HIGH vulnerabilities |
+| `security.terraform_hardening_blueprint` | Produces an advanced Terraform hardening baseline (network, IAM, data, logging, CI controls) |
+| `security.generate_opa_rego` | Generates preventive OPA/Rego policies for Terraform plans, CI pipelines, and Kubernetes admission (requires explicit consent) |
+| `security.self_heal_loop` | Proposes self-healing improvements, but requires explicit human approval before any change |
+| `security.attest_review` | Writes an auditable review attestation with integrity hash and confidence summary |
+| `security.run_pr_gate` | Scans recent changes, selected folders, or selected files and **blocks merge** on CRITICAL/HIGH vulnerabilities; requires `runId` in MCP usage |
 | `repo.read_file` | Reads files from your workspace for analysis |
 | `repo.search` | Searches your codebase for vulnerable patterns |
 
 ### Security Gate (Blocks Bad Code from Shipping)
 
 ```bash
-npx security-mcp ci:pr-gate
+npx -y security-mcp@latest ci:pr-gate
 ```
 
 Add this to your CI pipeline. It scans every PR and **blocks the merge** if it finds:
@@ -158,14 +194,17 @@ When your AI has security-mcp active, it will **fix these automatically** -- not
 
 | Editor | Install Command | Config Location |
 | --- | --- | --- |
-| Claude Code | `npx security-mcp install --claude-code` | `~/.claude/settings.json` |
-| Cursor (global) | `npx security-mcp install --cursor` | `~/.cursor/mcp.json` |
-| Cursor (workspace) | `npx security-mcp install --cursor` | `.cursor/mcp.json` |
-| VS Code | `npx security-mcp install --vscode` | User `settings.json` |
+| Claude Code | `npx -y security-mcp@latest install --claude-code` | `~/.claude/settings.json` |
+| Claude Code (global binary) | `security-mcp install-global --claude-code` | `~/.claude/settings.json` |
+| Cursor (global) | `npx -y security-mcp@latest install --cursor` | `~/.cursor/mcp.json` |
+| Cursor (global binary) | `security-mcp install-global --cursor` | `~/.cursor/mcp.json` |
+| Cursor (workspace) | `npx -y security-mcp@latest install --cursor` | `.cursor/mcp.json` |
+| VS Code | `npx -y security-mcp@latest install --vscode` | User `settings.json` |
+| VS Code (global binary) | `security-mcp install-global --vscode` | User `settings.json` |
 | GitHub Copilot | Manual config (see below) | `.vscode/settings.json` |
 | Codex | Manual config (see below) | Editor config |
 | Replit | Manual config (see below) | `.replit` config |
-| Any MCP-compatible | `npx security-mcp config` | Paste into editor config |
+| Any MCP-compatible | `npx -y security-mcp@latest config` or `security-mcp config --use-global-binary` | Paste into editor config |
 
 ---
 
@@ -203,7 +242,20 @@ security-mcp applies all of them on your behalf:
   "mcpServers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
+    }
+  }
+}
+```
+
+### Claude Code With Global Binary (`~/.claude/settings.json`)
+
+```json
+{
+  "mcpServers": {
+    "security-mcp": {
+      "command": "security-mcp",
+      "args": ["serve"]
     }
   }
 }
@@ -216,7 +268,7 @@ security-mcp applies all of them on your behalf:
   "mcpServers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
     }
   }
 }
@@ -229,7 +281,7 @@ security-mcp applies all of them on your behalf:
   "mcp.servers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
     }
   }
 }
@@ -238,7 +290,8 @@ security-mcp applies all of them on your behalf:
 Print the config snippet for any editor:
 
 ```bash
-npx security-mcp config
+npx -y security-mcp@latest config
+security-mcp config --use-global-binary
 ```
 
 ---
@@ -250,6 +303,9 @@ Copy the default policy into your project:
 ```bash
 cp node_modules/security-mcp/defaults/security-policy.json .mcp/policies/security-policy.json
 cp node_modules/security-mcp/defaults/evidence-map.json .mcp/mappings/evidence-map.json
+cp node_modules/security-mcp/defaults/control-catalog.json .mcp/catalog/control-catalog.json
+cp node_modules/security-mcp/defaults/security-tools.json .mcp/scanners/security-tools.json
+cp node_modules/security-mcp/defaults/security-exceptions.json .mcp/exceptions/security-exceptions.json
 ```
 
 Or generate one tailored to your project:

package/defaults/control-catalog.json

@@ -0,0 +1,157 @@
+{
+  "version": "1.0.0",
+  "controls": [
+    {
+      "id": "SCAN_MODE_SELECTED",
+      "description": "A review mode is selected before scanning begins.",
+      "automation": "workflow",
+      "surfaces": ["all"],
+      "frameworks": ["NIST 800-218", "OWASP SAMM"],
+      "required_steps": ["scan_strategy"]
+    },
+    {
+      "id": "THREAT_MODEL_COMPLETED",
+      "description": "Threat modeling is completed before security review signoff.",
+      "automation": "workflow",
+      "surfaces": ["web", "api", "mobile", "ai", "infra"],
+      "frameworks": ["STRIDE", "PASTA", "MITRE ATT&CK"],
+      "required_steps": ["threat_model"]
+    },
+    {
+      "id": "CHECKLIST_COMPLETED",
+      "description": "Surface-specific security checklist completed.",
+      "automation": "workflow",
+      "surfaces": ["all"],
+      "frameworks": ["OWASP ASVS", "NIST CSF 2.0"],
+      "required_steps": ["checklist"]
+    },
+    {
+      "id": "ZERO_TRUST",
+      "description": "All services enforce authentication and authorization with no implicit trust.",
+      "automation": "evidence",
+      "surfaces": ["web", "api", "infra"],
+      "frameworks": ["NIST 800-207", "OWASP ASVS"],
+      "evidence": ["deny_by_default_authz", "service_to_service_auth"]
+    },
+    {
+      "id": "SECRET_MANAGER_ONLY",
+      "description": "Secrets stored only in a dedicated secret manager.",
+      "automation": "evidence",
+      "surfaces": ["all"],
+      "frameworks": ["NIST 800-53", "SOC 2"],
+      "evidence": ["no_hardcoded_secrets", "secret_manager_refs"]
+    },
+    {
+      "id": "TLS_13",
+      "description": "TLS configuration is verified.",
+      "automation": "evidence",
+      "surfaces": ["web", "api", "infra"],
+      "frameworks": ["NIST 800-53", "PCI DSS 4.0"],
+      "evidence": ["tls_config_verified"]
+    },
+    {
+      "id": "CSP_NO_INLINE",
+      "description": "CSP is configured without unsafe inline execution.",
+      "automation": "evidence",
+      "surfaces": ["web"],
+      "frameworks": ["OWASP ASVS", "CWE-79"],
+      "evidence": ["security_headers_present"]
+    },
+    {
+      "id": "CSRF",
+      "description": "CSRF protections and tests are present.",
+      "automation": "evidence",
+      "surfaces": ["web", "api"],
+      "frameworks": ["OWASP Top 10", "OWASP ASVS"],
+      "evidence": ["csrf_protection_present", "csrf_tests_present"]
+    },
+    {
+      "id": "SSRF",
+      "description": "SSRF guards and tests are present.",
+      "automation": "evidence",
+      "surfaces": ["web", "api", "infra"],
+      "frameworks": ["OWASP Top 10", "CWE-918"],
+      "evidence": ["ssrf_guard_present", "ssrf_tests_present"]
+    },
+    {
+      "id": "MOBILE_MASVS",
+      "description": "Mobile release configuration meets MASVS baseline.",
+      "automation": "evidence",
+      "surfaces": ["mobile"],
+      "frameworks": ["OWASP MASVS"],
+      "evidence": ["ios_ats_strict", "android_nsc_strict", "release_not_debuggable"]
+    },
+    {
+      "id": "AI_BOUNDED_OUTPUTS",
+      "description": "AI outputs are schema-validated and tools are allowlisted.",
+      "automation": "evidence",
+      "surfaces": ["ai"],
+      "frameworks": ["OWASP LLM Top 10", "MITRE ATLAS"],
+      "evidence": ["json_schema_validation", "tool_allowlist_router"]
+    },
+    {
+      "id": "SECRETS_SCANNER_READY",
+      "description": "A dedicated secrets scanner is installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["all"],
+      "frameworks": ["NIST 800-218", "SLSA"],
+      "required_scanners": ["gitleaks"]
+    },
+    {
+      "id": "SAST_SCANNER_READY",
+      "description": "A static analysis scanner is installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["web", "api", "ai"],
+      "frameworks": ["OWASP Top 10", "OWASP SAMM"],
+      "required_scanners": ["semgrep"]
+    },
+    {
+      "id": "DEPENDENCY_SCANNER_READY",
+      "description": "A dependency scanner is installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["web", "api", "ai"],
+      "frameworks": ["SLSA", "NIST 800-218"],
+      "required_scanners": ["osv-scanner"]
+    },
+    {
+      "id": "IAC_SCANNER_READY",
+      "description": "Infrastructure scanners and policy-as-code tooling are installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["infra"],
+      "frameworks": ["CIS", "NIST 800-53"],
+      "required_scanners": ["checkov", "conftest"]
+    },
+    {
+      "id": "CONTAINER_SCANNER_READY",
+      "description": "A container scanner is installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["infra"],
+      "frameworks": ["NIST 800-190", "CIS"],
+      "required_scanners": ["trivy"]
+    },
+    {
+      "id": "DAST_SCANNER_READY",
+      "description": "A DAST scanner is installed and runnable.",
+      "automation": "tooling",
+      "surfaces": ["web", "api"],
+      "frameworks": ["OWASP Testing Guide"],
+      "required_scanners": ["zaproxy"]
+    },
+    {
+      "id": "HUMAN_APPROVED_REGO",
+      "description": "OPA/Rego generation only happens after explicit human approval.",
+      "automation": "approval",
+      "surfaces": ["infra"],
+      "frameworks": ["NIST 800-218"],
+      "required_steps": ["generate_opa_rego"]
+    },
+    {
+      "id": "HUMAN_APPROVED_SELF_HEALING",
+      "description": "Self-healing changes only happen after explicit human approval.",
+      "automation": "approval",
+      "surfaces": ["all"],
+      "frameworks": ["NIST 800-218", "SOC 2"],
+      "required_steps": ["self_heal_loop"]
+    }
+  ]
+}

package/defaults/security-exceptions.json

@@ -0,0 +1,4 @@
+{
+  "version": "1.0.0",
+  "exceptions": []
+}

package/defaults/security-tools.json

@@ -0,0 +1,41 @@
+{
+  "version": "1.0.0",
+  "fail_closed": true,
+  "scanners": {
+    "gitleaks": {
+      "command": "gitleaks",
+      "args": ["version"],
+      "required_for": ["all"]
+    },
+    "semgrep": {
+      "command": "semgrep",
+      "args": ["--version"],
+      "required_for": ["web", "api", "ai"]
+    },
+    "osv-scanner": {
+      "command": "osv-scanner",
+      "args": ["--version"],
+      "required_for": ["web", "api", "ai"]
+    },
+    "checkov": {
+      "command": "checkov",
+      "args": ["--version"],
+      "required_for": ["infra"]
+    },
+    "trivy": {
+      "command": "trivy",
+      "args": ["--version"],
+      "required_for": ["infra"]
+    },
+    "conftest": {
+      "command": "conftest",
+      "args": ["--version"],
+      "required_for": ["infra"]
+    },
+    "zaproxy": {
+      "command": "zaproxy",
+      "args": ["-version"],
+      "required_for": ["web", "api"]
+    }
+  }
+}

package/dist/ci/pr-gate.js

@@ -1,6 +1,6 @@
 import { runPrGate } from "../gate/policy.js";
-// Allowlist refs to the same safe character set enforced in diff.ts. CWE-88.
-const SAFE_REF_RE = /^[a-zA-Z0-9_.\-/]+$/;
+// Allow safe git revision operators (~ and ^) plus ref/path characters. CWE-88.
+const SAFE_REF_RE = /^[a-zA-Z0-9_./~^-]+$/;
 function safeEnvRef(envVar, defaultValue) {
     const val = process.env[envVar] || defaultValue;
     if (!SAFE_REF_RE.test(val)) {
@@ -20,7 +20,6 @@ async function main() {
         process.exit(2);
     }
 }
-// eslint-disable-next-line unicorn/prefer-top-level-await
 main().catch((err) => {
     console.error("security gate crashed:", err);
     process.exit(3);

package/dist/cli/index.js

@@ -14,6 +14,7 @@ import { fileURLToPath } from "url";
 import { dirname, resolve } from "path";
 import { runInstall } from "./install.js";
 import { main as runServer } from "../mcp/server.js";
+import { notifyIfUpdateAvailable } from "./update.js";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const require = createRequire(import.meta.url);
 function getVersion() {
@@ -26,17 +27,33 @@ function getVersion() {
     }
 }
 const VERSION = getVersion();
+function getConfigSnippet(useGlobalBinary) {
+    return {
+        mcpServers: {
+            "security-mcp": useGlobalBinary
+                ? {
+                    command: "security-mcp",
+                    args: ["serve"]
+                }
+                : {
+                    command: "npx",
+                    args: ["-y", "security-mcp@latest", "serve"]
+                }
+        }
+    };
+}
 const HELP = `
 security-mcp v${VERSION}
 
   AI security MCP server and gate for Claude Code, Cursor, Copilot, Codex, Replit, and any MCP-compatible editor.
 
 USAGE
-  npx security-mcp <command> [options]
+  npx -y security-mcp@latest <command> [options]
 
 COMMANDS
   serve            Start the MCP server over stdio (default for editors)
   install          Auto-detect installed editors and write MCP configs
+  install-global   Install using the globally installed security-mcp binary
   config           Print MCP config JSON for manual editor setup
 
 OPTIONS (install)
@@ -44,6 +61,7 @@ OPTIONS (install)
   --cursor         Write config for Cursor only
   --vscode         Write config for VS Code only
   --global         Write to global editor config (default)
+  --use-global-binary  Write configs that execute "security-mcp serve" instead of npx
   --dry-run        Print what would change without writing
 
 OPTIONS (general)
@@ -52,26 +70,31 @@ OPTIONS (general)
 
 EXAMPLES
   # Start MCP server (called automatically by editors):
-  npx -y security-mcp serve
+  npx -y security-mcp@latest serve
 
   # Install into all detected editors:
-  npx security-mcp install
+  npx -y security-mcp@latest install
+
+  # Install globally once, then configure editors to use the global binary:
+  npm install -g security-mcp@latest
+  security-mcp install-global
 
   # Install into Claude Code only:
-  npx security-mcp install --claude-code
+  npx -y security-mcp@latest install --claude-code
 
   # Preview install without writing:
-  npx security-mcp install --dry-run
+  npx -y security-mcp@latest install --dry-run
 
   # Print JSON config snippet:
-  npx security-mcp config
+  npx -y security-mcp@latest config
+  security-mcp config --use-global-binary
 
 EDITOR CONFIG (add manually if install fails):
   {
     "mcpServers": {
       "security-mcp": {
         "command": "npx",
-        "args": ["-y", "security-mcp", "serve"]
+        "args": ["-y", "security-mcp@latest", "serve"]
       }
     }
   }
@@ -83,16 +106,9 @@ EDITOR CONFIG (add manually if install fails):
 MORE INFO
   https://github.com/AbrahamOO/security-mcp
 `;
-const CONFIG_SNIPPET = {
-    mcpServers: {
-        "security-mcp": {
-            command: "npx",
-            args: ["-y", "security-mcp", "serve"]
-        }
-    }
-};
 async function main() {
     const args = process.argv.slice(2);
+    const useGlobalBinary = args.includes("--use-global-binary");
     if (args.includes("--version") || args.includes("-v")) {
         process.stdout.write(`security-mcp v${VERSION}\n`);
         process.exit(0);
@@ -102,6 +118,12 @@ async function main() {
         process.exit(0);
     }
     const command = args[0] ?? "serve";
+    if (command === "serve") {
+        void notifyIfUpdateAvailable(VERSION);
+    }
+    else {
+        await notifyIfUpdateAvailable(VERSION);
+    }
     switch (command) {
         case "serve": {
             // MCP stdio server - never write to stdout except via MCP protocol
@@ -114,14 +136,27 @@ async function main() {
                 cursor: args.includes("--cursor"),
                 vscode: args.includes("--vscode"),
                 dryRun: args.includes("--dry-run"),
+                useGlobalBinary,
                 // If no editor flag specified, install to all detected
                 all: !args.includes("--claude-code") && !args.includes("--cursor") && !args.includes("--vscode")
             };
             await runInstall(options);
             break;
         }
+        case "install-global": {
+            const options = {
+                claudeCode: args.includes("--claude-code"),
+                cursor: args.includes("--cursor"),
+                vscode: args.includes("--vscode"),
+                dryRun: args.includes("--dry-run"),
+                useGlobalBinary: true,
+                all: !args.includes("--claude-code") && !args.includes("--cursor") && !args.includes("--vscode")
+            };
+            await runInstall(options);
+            break;
+        }
         case "config": {
-            process.stdout.write(JSON.stringify(CONFIG_SNIPPET, null, 2) + "\n");
+            process.stdout.write(JSON.stringify(getConfigSnippet(useGlobalBinary), null, 2) + "\n");
             process.stdout.write("\nAdd the above to your editor's MCP config file.\n");
             process.stdout.write("  Claude Code:  ~/.claude/settings.json\n");
             process.stdout.write("  Cursor:       ~/.cursor/mcp.json\n");

package/dist/cli/install.js

@@ -3,16 +3,12 @@
  *
  * Auto-detects installed editors and writes MCP server config + Claude Code skill.
  */
-import { readFileSync, writeFileSync, mkdirSync, existsSync, copyFileSync } from "fs";
-import { dirname, join, resolve } from "path";
-import { homedir, platform } from "os";
-import { fileURLToPath } from "url";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, copyFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { homedir, platform } from "node:os";
+import { fileURLToPath } from "node:url";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PKG_ROOT = resolve(__dirname, "../..");
-const MCP_ENTRY = {
-    command: "npx",
-    args: ["-y", "security-mcp", "serve"]
-};
 function resolveHome(p) {
     return p.replace(/^~/, homedir());
 }
@@ -78,10 +74,23 @@ function readJsonSafe(filePath) {
         return {};
     }
 }
-function writeMcpServersJson(configPath, dryRun) {
+function getMcpEntry(useGlobalBinary) {
+    return useGlobalBinary
+        ? {
+            type: "stdio",
+            command: "security-mcp",
+            args: ["serve"]
+        }
+        : {
+            type: "stdio",
+            command: "npx",
+            args: ["-y", "security-mcp@latest", "serve"]
+        };
+}
+function writeMcpServersJson(configPath, dryRun, useGlobalBinary) {
     const existing = readJsonSafe(configPath);
     const servers = existing["mcpServers"] ?? {};
-    servers["security-mcp"] = MCP_ENTRY;
+    servers["security-mcp"] = getMcpEntry(useGlobalBinary);
     existing["mcpServers"] = servers;
     const content = JSON.stringify(existing, null, 2) + "\n";
     if (!dryRun) {
@@ -90,10 +99,10 @@ function writeMcpServersJson(configPath, dryRun) {
     }
     return configPath;
 }
-function writeVsCodeSettings(configPath, dryRun) {
+function writeVsCodeSettings(configPath, dryRun, useGlobalBinary) {
     const existing = readJsonSafe(configPath);
     const servers = existing["mcp.servers"] ?? {};
-    servers["security-mcp"] = MCP_ENTRY;
+    servers["security-mcp"] = getMcpEntry(useGlobalBinary);
     existing["mcp.servers"] = servers;
     const content = JSON.stringify(existing, null, 2) + "\n";
     if (!dryRun) {
@@ -107,7 +116,19 @@ function installPolicy(dryRun) {
     const policyDest = join(process.cwd(), ".mcp", "policies", "security-policy.json");
     const evidenceSrc = join(PKG_ROOT, "defaults", "evidence-map.json");
     const evidenceDest = join(process.cwd(), ".mcp", "mappings", "evidence-map.json");
-    for (const { src, dest } of [{ src: policySrc, dest: policyDest }, { src: evidenceSrc, dest: evidenceDest }]) {
+    const catalogSrc = join(PKG_ROOT, "defaults", "control-catalog.json");
+    const catalogDest = join(process.cwd(), ".mcp", "catalog", "control-catalog.json");
+    const scannersSrc = join(PKG_ROOT, "defaults", "security-tools.json");
+    const scannersDest = join(process.cwd(), ".mcp", "scanners", "security-tools.json");
+    const exceptionsSrc = join(PKG_ROOT, "defaults", "security-exceptions.json");
+    const exceptionsDest = join(process.cwd(), ".mcp", "exceptions", "security-exceptions.json");
+    for (const { src, dest } of [
+        { src: policySrc, dest: policyDest },
+        { src: evidenceSrc, dest: evidenceDest },
+        { src: catalogSrc, dest: catalogDest },
+        { src: scannersSrc, dest: scannersDest },
+        { src: exceptionsSrc, dest: exceptionsDest }
+    ]) {
         if (!existsSync(src)) {
             process.stdout.write(`  [skip] ${src} not found in package\n`);
             continue;
@@ -144,7 +165,7 @@ export async function runInstall(opts) {
     if (targets.length === 0) {
         process.stdout.write("No supported editors detected automatically.\n" +
             "Run with --claude-code, --cursor, or --vscode to target a specific editor.\n" +
-            'Or add the config manually (run "npx security-mcp config" for the snippet).\n\n');
+            'Or add the config manually (run "npx -y security-mcp@latest config" for the snippet).\n\n');
         return;
     }
     for (const target of targets) {
@@ -152,10 +173,10 @@ export async function runInstall(opts) {
         try {
             let written;
             if (target.type === "vscode-settings") {
-                written = writeVsCodeSettings(target.configPath, dryRun);
+                written = writeVsCodeSettings(target.configPath, dryRun, opts.useGlobalBinary);
             }
             else {
-                written = writeMcpServersJson(target.configPath, dryRun);
+                written = writeMcpServersJson(target.configPath, dryRun, opts.useGlobalBinary);
             }
             process.stdout.write(`  ${dryRun ? "[dry-run] would update" : "updated"}: ${written}\n`);
         }
@@ -175,8 +196,9 @@ export async function runInstall(opts) {
     process.stdout.write(dryRun
         ? "Dry-run complete. Re-run without --dry-run to apply.\n"
         : "Done! Restart your editor to activate the security-mcp server.\n");
+    process.stdout.write(`Install mode: ${opts.useGlobalBinary ? "global binary (security-mcp serve)" : "npx (npx -y security-mcp@latest serve)"}\n`);
     process.stdout.write("\nNext steps:\n");
     process.stdout.write("  1. Restart your editor.\n");
     process.stdout.write('  2. In Claude Code, type /senior-security-engineer to activate the security persona.\n');
-    process.stdout.write('  3. Ask your AI: "Run security.run_pr_gate" to check your current diff.\n\n');
+    process.stdout.write('  3. Ask your AI: "Run security.start_review with mode=recent_changes" to begin an auditable review.\n\n');
 }