veracarto 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,76 +1,50 @@
1
- # vcarto
1
+ # Veracarto
2
2
 
3
- Agentic GCP security remediation tool. Continuously scans your Google Cloud project for misconfigurations, triages findings with an AI agent, and applies fixes -- with human approval where needed.
3
+ Ingests GCP and GitHub security findings, traces them to your running
4
+ infrastructure, and surfaces the few that are actually exploitable.
4
5
 
5
- ## Architecture
6
-
7
- - **Server** -- Express API + background agent loops. Deployed to Railway (or any Node.js host).
8
- - **CLI** -- Ink-based terminal UI. Published to npm as `vcarto`. Connects to the server over HTTPS.
9
-
10
- ## Quick start
11
-
12
- ### 1. Deploy the server
13
-
14
- [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template)
15
-
16
- Or manually:
6
+ ## Setup (5 minutes)
17
7
 
8
+ ### 1. Grant read-only access + enable APIs
18
9
  ```bash
19
- git clone <repo-url> && cd veracarto-cli
20
- cp .env.example .env # fill in ENCRYPTION_KEY + ANTHROPIC_API_KEY
21
- npm install
22
- npm run build:server
23
- npm start
10
+ bash <(curl -s https://api.veracarto.com/setup.sh) YOUR_PROJECT_ID
24
11
  ```
25
12
 
26
- See [DEPLOY.md](./DEPLOY.md) for full Railway deployment instructions.
27
-
28
- ### 2. Install the CLI
13
+ ### 2. Install
14
+ ```bash
15
+ npm install -g veracarto
16
+ ```
29
17
 
18
+ ### 3. Initialize
30
19
  ```bash
31
- npm install -g vcarto
32
- veracarto
20
+ veracarto init
33
21
  ```
34
22
 
35
- The CLI walks you through connecting GCP, GitHub, and Slack.
23
+ ### 4. Install the GitHub App
24
+ https://github.com/apps/veracarto/installations/new
36
25
 
37
- ## Environment variables
26
+ ## What it does
38
27
 
39
- | Variable | Required | Description |
40
- |---|---|---|
41
- | `ENCRYPTION_KEY` | Yes | 64-char hex string for encrypting GCP keys at rest |
42
- | `ANTHROPIC_API_KEY` | Yes | Claude API key for the AI agent |
43
- | `PORT` | No | Server port (default: 3000) |
44
- | `DATABASE_PATH` | No | SQLite path (default: `./data/veracarto.db`) |
45
- | `GITHUB_APP_ID` | No | GitHub App for Dependabot ingestion |
46
- | `SLACK_CLIENT_ID` | No | Slack App for approval workflows |
28
+ - Ingests GCP SCC findings and GitHub Dependabot alerts
29
+ - Traces vulnerabilities to running Cloud Run services
30
+ - Surfaces only what's actually exploitable; filters the rest
31
+ - Sends gcloud fix commands to Slack; opens draft dependency PRs
32
+ - Read-only: never modifies your infrastructure
47
33
 
48
- See `.env.example` for the full list.
34
+ ## Permissions (all read-only)
49
35
 
50
- ## Development
36
+ - `roles/securitycenter.findingsViewer`
37
+ - `roles/cloudasset.viewer`
38
+ - `roles/logging.viewer`
39
+ - `roles/run.viewer`
40
+ - `roles/cloudbuild.builds.viewer`
51
41
 
52
- ```bash
53
- # Terminal 1 -- server
54
- cp .env.example .env # fill in values
55
- npm install
56
- npm run dev:server
42
+ ## Commands
57
43
 
58
- # Terminal 2 -- CLI (watch mode)
59
- npm run dev:cli
60
- node dist/cli/index.js
61
44
  ```
62
-
63
- ## Scripts
64
-
65
- | Script | Description |
66
- |---|---|
67
- | `npm run dev:server` | Start server with hot reload |
68
- | `npm run dev:cli` | Build CLI in watch mode |
69
- | `npm run build` | Build both server and CLI |
70
- | `npm run build:cli` | Build CLI only |
71
- | `npm run build:server` | Build server only |
72
- | `npm start` | Start the production server |
73
-
74
- ## License
75
-
76
- MIT
45
+ veracarto TUI dashboard
46
+ veracarto logs Agent activity feed
47
+ veracarto mapping Deployment pipeline map
48
+ veracarto status Non-interactive status
49
+ veracarto integrations Connection health
50
+ ```