veracarto 0.1.9 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,56 +1,76 @@
1
- # Veracarto
1
+ # vcarto
2
2
 
3
- Ingests GCP and GitHub security findings, traces them to your running
4
- infrastructure, and surfaces the few that are actually exploitable.
3
+ Agentic GCP security remediation tool. Continuously scans your Google Cloud project for misconfigurations, triages findings with an AI agent, and applies fixes -- with human approval where needed.
5
4
 
6
- ## Requirements
5
+ ## Architecture
7
6
 
8
- - **Node.js** >= 20
9
- - A **Google Cloud** project with read-only access (see Permissions below)
10
- - A **GitHub** account (for Dependabot alert ingestion) and optionally **Slack** (for fix approvals)
7
+ - **Server** -- Express API + background agent loops. Deployed to Railway (or any Node.js host).
8
+ - **CLI** -- Ink-based terminal UI. Published to npm as `vcarto`. Connects to the server over HTTPS.
11
9
 
12
- ## Setup (5 minutes)
10
+ ## Quick start
13
11
 
14
- ### 1. Grant read-only access + enable APIs
15
- ```bash
16
- bash <(curl -s https://api.veracarto.com/setup.sh) YOUR_PROJECT_ID
17
- ```
12
+ ### 1. Deploy the server
13
+
14
+ [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template)
15
+
16
+ Or manually:
18
17
 
19
- ### 2. Install
20
18
  ```bash
21
- npm install -g veracarto
19
+ git clone <repo-url> && cd veracarto-cli
20
+ cp .env.example .env # fill in ENCRYPTION_KEY + ANTHROPIC_API_KEY
21
+ npm install
22
+ npm run build:server
23
+ npm start
22
24
  ```
23
25
 
24
- ### 3. Initialize
26
+ See [DEPLOY.md](./DEPLOY.md) for full Railway deployment instructions.
27
+
28
+ ### 2. Install the CLI
29
+
25
30
  ```bash
26
- veracarto init
31
+ npm install -g vcarto
32
+ veracarto
27
33
  ```
28
34
 
29
- ### 4. Install the GitHub App
30
- https://github.com/apps/veracarto/installations/new
35
+ The CLI walks you through connecting GCP, GitHub, and Slack.
31
36
 
32
- ## What it does
37
+ ## Environment variables
33
38
 
34
- - Ingests GCP SCC findings and GitHub Dependabot alerts
35
- - Traces vulnerabilities to running Cloud Run services
36
- - Surfaces only what's actually exploitable; filters the rest
37
- - Sends gcloud fix commands to Slack; opens draft dependency PRs
38
- - Read-only: never modifies your infrastructure
39
+ | Variable | Required | Description |
40
+ |---|---|---|
41
+ | `ENCRYPTION_KEY` | Yes | 64-char hex string for encrypting GCP keys at rest |
42
+ | `ANTHROPIC_API_KEY` | Yes | Claude API key for the AI agent |
43
+ | `PORT` | No | Server port (default: 3000) |
44
+ | `DATABASE_PATH` | No | SQLite path (default: `./data/veracarto.db`) |
45
+ | `GITHUB_APP_ID` | No | GitHub App for Dependabot ingestion |
46
+ | `SLACK_CLIENT_ID` | No | Slack App for approval workflows |
39
47
 
40
- ## Permissions (all read-only)
48
+ See `.env.example` for the full list.
41
49
 
42
- - `roles/securitycenter.findingsViewer`
43
- - `roles/cloudasset.viewer`
44
- - `roles/logging.viewer`
45
- - `roles/run.viewer`
46
- - `roles/cloudbuild.builds.viewer`
50
+ ## Development
47
51
 
48
- ## Commands
52
+ ```bash
53
+ # Terminal 1 -- server
54
+ cp .env.example .env # fill in values
55
+ npm install
56
+ npm run dev:server
49
57
 
58
+ # Terminal 2 -- CLI (watch mode)
59
+ npm run dev:cli
60
+ node dist/cli/index.js
50
61
  ```
51
- veracarto TUI dashboard
52
- veracarto logs Agent activity feed
53
- veracarto mapping Deployment pipeline map
54
- veracarto status Non-interactive status
55
- veracarto integrations Connection health
56
- ```
62
+
63
+ ## Scripts
64
+
65
+ | Script | Description |
66
+ |---|---|
67
+ | `npm run dev:server` | Start server with hot reload |
68
+ | `npm run dev:cli` | Build CLI in watch mode |
69
+ | `npm run build` | Build both server and CLI |
70
+ | `npm run build:cli` | Build CLI only |
71
+ | `npm run build:server` | Build server only |
72
+ | `npm start` | Start the production server |
73
+
74
+ ## License
75
+
76
+ MIT