sicario-red-team 3.1.0 → 3.1.1

package/README.md

@@ -1,60 +1,118 @@
-# 🎯 Sicario: High-Density Autonomous Security Swarm
+# 🎯 Sicario: Developer-First Security Scanner
 
-**The AI Security Co-Founder for Modern Web Development.**
+**The developer-first security scanner for modern web applications.**
 
-AI coding assistants (**Cursor, v0, GitHub Copilot**) allow you to ship full-stack applications in hours. But while they write beautiful code, they frequently hallucinate critical **Business Logic Vulnerabilities**—like bypassing auth, mutating prices, or escalating privileges.
+AI coding assistants (**Cursor, v0, GitHub Copilot**) allow you to ship full-stack applications in hours. But while they write beautiful code, they frequently introduce critical vulnerabilities — like hardcoded secrets, business logic bypasses, LLM injection vectors, and supply chain risks.
 
 Legacy scanners (Snyk, Burp) are built for enterprise compliance, not rapid development. They output dense PDFs that nobody reads.
 
-**Sicario v3** is different. It is an autonomous, locally-running AI swarm that plays your application like a video game to find logic flaws and provides a **Keyless Mission Control** for real-time remediation.
+**Sicario** is different. It is a locally-running static analysis scanner that understands your code's semantic intent — parsing your source into an Abstract Syntax Tree to detect complex flaws that regex-based tools miss. Beautiful output. Interactive workflow. Fix with one command.
 
 ---
 
-## 🚀 Keyless Quickstart (v3.1.0)
+## 🚀 Quickstart
 
-No API keys to copy. No configuration files to edit. Just pure security.
+No API keys to copy. No configuration files to edit.
 
 ```bash
-# 1. Install & Authenticate with Mission Control
-npx sicario-red-team@latest login
+# Scan current directory (no install needed)
+npx sicario-red-team@latest
 
-# 2. Launch a continuous background siege on your project
+# Or install globally
+npm install -g sicario-red-team
+
+# Link to cloud dashboard
+sicario login
+
+# Continuous scanning as you code
 sicario watch
+
+# AI fix + GitHub PR
+sicario fix --pr
 ```
 
 ---
 
-## 🔪 The vanguard Features (v3)
+## ✨ Features
+
+- **AST-Based Scanning** — Parses TypeScript, JavaScript, Python, Go, and Rust into ASTs for deep semantic analysis
+- **Secrets Detection** — 30+ patterns including AWS keys, GitHub tokens, Stripe keys, and high-entropy strings
+- **LLM Vulnerability Detection** — Prompt injection, insecure output handling, unsafe model configurations
+- **Business Logic Analysis** — Missing auth checks, IDOR, mass assignment, rate limiting gaps
+- **Supply Chain Auditing** — OSV database queries, typosquatting detection, SBOM generation (`--sbom`)
+- **AI Auto-Fix (Scribe)** — Generates and applies code patches, or opens GitHub PRs with `sicario fix --pr`
+- **Cloud Dashboard** — Sync findings to Mission Control for team visibility and compliance reporting
+- **Beautiful Output** — Rich terminal UI with interactive post-scan menu, watch mode, and CI/CD integration
+
+---
+
+## 🔧 Core Commands
+
+| Command | Description |
+|---|---|
+| `sicario scan [path]` | Scan a directory or file |
+| `sicario fix` | Apply AI-generated patches locally |
+| `sicario fix --pr` | Open a GitHub PR with the fix |
+| `sicario triage` | Launch the interactive TUI Mission Control |
+| `sicario login` | Authenticate with the cloud dashboard |
+| `sicario watch` | Continuous scanning as you code |
+| `sicario init` | Initialize a `.sicarioignore` config file |
+
+### Useful Flags
+
+| Flag | Description |
+|---|---|
+| `--sbom` | Generate a CycloneDX JSON Software Bill of Materials |
+| `--baseline <file>` | Suppress findings present in a saved baseline file |
+| `--fail-on <severity>` | Exit with code 1 at/above this severity (CI/CD gating) |
+| `--dry-run` | Preview what would be scanned/fixed without writing files |
+| `--incremental` | Scan only files changed since last Git commit |
+| `--format <fmt>` | Output format: `text`, `json`, `sarif`, `markdown` |
 
-### 1. Keyless Mission Control
-Sicario v3 introduces the **Secure Handshake Protocol**. Simply run `sicario login` to pair your terminal with the cloud dashboard. No more copy-pasting raw API keys—just click "Authorize" in your browser and your local agent is ready to deploy sieges.
+---
 
-### 2. The Scribe (Autonomous Prompt-to-Patch)
-When Sicario confirms an exploit, it doesn't just give you a stack trace. The **Scribe Node** automatically generates a natural-language "AI-ready" prompt. Copy-paste the Scribe's output into Cursor or Copilot, and it will write the exact patch for you.
+## ☁️ Cloud Dashboard
 
-### 3. High-Density Security Command Center
-The updated Mission Control Dashboard provides a zero-friction view of your entire fleet. Manage connected devices, track preference persistence (Neural Engine selection, telemetry levels), and monitor real-time AI reasoning logs as the swarm attacks your code.
+After running `sicario login`, scan results automatically sync to your Mission Control dashboard at [usesicario.xyz/dashboard](https://usesicario.xyz/dashboard).
 
-### 4. DOM Supremacy
-Sicario utilizes a headless engine to pierce React hydration and Web Component Shadow DOMs. It attacks your app exactly how a real human would, intercepting asynchronous fetch requests and manipulating state in real-time.
+The dashboard provides:
+- Scan history and finding trends over time
+- Severity distribution and OWASP category breakdown
+- Compliance report export (OWASP, PCI-DSS, HIPAA)
+- Remote AI remediation for GitHub-connected repositories
+
+```bash
+# Authenticate once — all future scans sync automatically
+sicario login
+```
 
 ---
 
-## 🛡️ Swarm Architecture & Safety
+## 🛡️ Detection Engines
+
+Sicario runs 4 detection engines on every scan:
 
-Sicario runs locally on your machine. By default, it operates in **SHADOW TIER** (Dry-Run mode), meaning it maps your application and simulates attacks without mutating your database.
+1. **Secrets Engine** — Detects hardcoded credentials, API keys, and high-entropy strings
+2. **LLM Guard** — Identifies prompt injection, unsafe AI output handling, and insecure model configs
+3. **Business Logic Engine** — Finds auth bypasses, IDOR, mass assignment, and missing rate limits
+4. **Supply Chain Engine** — Audits dependencies against the OSV database, detects typosquatting
 
-To authorize active database mutations and live POST/PUT exploits on your local environment, pass the `--live-fire` flag.
+**Supported Languages:** TypeScript · JavaScript · Python · Go · Rust
 
 ---
 
-## 💎 Sicario Operator Tier
+## 💎 Pricing
 
-The free NPM package is powered by a rate-limited Critic Cascade. For professional engineering teams, the **OPERATOR TIER** provides:
+| Tier | Price | Includes |
+|---|---|---|
+| **Hacker** | Free | Full AST scanning, SARIF/JSON/Markdown reports, watch mode, CI/CD integration, cloud dashboard |
+| **Pro** | Paid | Everything in Hacker + AI auto-fix, GitHub PR creation, SBOM generation, remote fix from dashboard |
+| **Enterprise** | Coming Soon | SSO, custom SLAs, dedicated support |
+
+Upgrade at [usesicario.xyz](https://usesicario.xyz).
+
+---
 
-*   **Unlimited Tokens** & Zero Rate Limits
-*   **Enterprise Auth Vaulting** (Bypass Okta/Auth0)
-*   **Full Scribe Remediation** (Automated GitHub PRs)
-*   **CI/CD Pipeline Integration**
+## 📄 License
 
-Upgrade your license at [usesicario.xyz](https://usesicario.xyz).
+See [LICENSE](./LICENSE) for details.