vulnfeed-mcp 0.3.0__tar.gz

vulnfeed_mcp-0.3.0/.gitignore

@@ -0,0 +1,21 @@
+# Never commit secrets
+*.env
+secrets.*
+.env*
+
+# OS / editor
+.DS_Store
+*.swp
+*~
+
+# Local working files
+/tmp/
+/.cache/
+node_modules/
+__pycache__/
+*.pyc
+.wrangler/
+
+# Power Pack build artifacts (generated by build/build-zip.sh + build-guide.sh)
+products/power-pack/dist/
+products/power-pack/build/GUIDE.pdf

vulnfeed_mcp-0.3.0/MARKETPLACE-LISTING.md

@@ -0,0 +1,65 @@
+# VulnFeed — Marketplace Listing Draft
+
+Ready to submit to mcp.so, glama.ai, and the MCP Marketplace when licensing is resolved.
+
+---
+
+## Short description (one line)
+
+Dependency vulnerability monitoring with EPSS prioritization. Reads your lockfile, tells you what's actually exploitable.
+
+## Description (full)
+
+VulnFeed monitors your project's dependencies for known vulnerabilities using NVD, GitHub Advisories, and EPSS exploit probability data. Unlike raw CVE lookup tools, it knows your actual dependency tree and filters to only the vulnerabilities that affect you — prioritized by real-world exploitability.
+
+**What it does:**
+- Scans lockfiles (npm, pip, Go, Rust, Ruby, PHP) and reports vulnerabilities affecting your deps
+- Prioritizes by EPSS — suppresses ~80% of noise (theoretical CVEs that are never exploited)
+- Recommends exact fix versions from package registries
+- Continuous monitoring: register a project once, check for new CVEs any time
+- 9 tools covering the full security monitoring workflow
+
+**Free tier:** 1 project, 10 scans/day
+**Pro ($14/mo):** unlimited projects, unlimited scans, priority data sync
+
+## Category
+
+Security / DevOps
+
+## Tags
+
+security, vulnerabilities, CVE, dependencies, npm, python, go, rust, ruby, monitoring, EPSS
+
+## Tools (9)
+
+| Tool | Description |
+|------|-------------|
+| scan_lockfile | Scan a lockfile for known vulnerabilities |
+| check_package | Check a single package for known vulns |
+| lookup_cve | Detailed CVE info with EPSS + fix versions |
+| scan_project | Auto-detect and scan all lockfiles in a project |
+| monitor_project | Register for continuous vulnerability monitoring |
+| check_alerts | Check for new vulns since last scan |
+| list_monitored | List all monitored projects |
+| update_deps | Update dep snapshot after package upgrades |
+| unmonitor_project | Remove a project from monitoring |
+
+## Transport
+
+- stdio (local, recommended)
+- SSE (remote/team access)
+
+## Requirements
+
+- Python 3.10+
+- `mcp` package (`pip install mcp`)
+- VulnFeed API key (from purchase)
+
+## Author
+
+Novadyne (an Infai company)
+
+## Links
+
+- Landing page: https://vulnfeed.novadyne.ai
+- Purchase: PURCHASE_URL_HERE

vulnfeed_mcp-0.3.0/PKG-INFO

@@ -0,0 +1,162 @@
+Metadata-Version: 2.4
+Name: vulnfeed-mcp
+Version: 0.3.0
+Summary: Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS exploit probability, recommends fix versions.
+Project-URL: Homepage, https://vulnfeed.novadyne.ai
+Author-email: Novadyne <support@infaicorp.com>
+License: MIT
+Keywords: cve,epss,mcp,security,vulnerability
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.10
+Requires-Dist: mcp>=1.0
+Description-Content-Type: text/markdown
+
+# VulnFeed — Security MCP Server
+
+Vulnerability scanning and continuous monitoring for Claude Code. Monitors your project's dependencies against NVD, GitHub Advisories, and EPSS exploit data.
+
+## Setup
+
+1. Install the MCP Python SDK:
+   ```bash
+   pip install mcp
+   ```
+
+2. Add to your Claude Code settings (`.claude/settings.json` or `~/.claude/settings.json`):
+   ```json
+   {
+     "mcpServers": {
+       "vulnfeed": {
+         "type": "stdio",
+         "command": "python3",
+         "args": ["/path/to/server.py"],
+         "env": {
+           "VULNFEED_WORKER_URL": "https://...",
+           "VULNFEED_API_KEY": "your-key"
+         }
+       }
+     }
+   }
+   ```
+
+3. Restart Claude Code. The tools are now available.
+
+### Remote mode (SSE)
+
+Run as a remote server for shared/team access:
+```bash
+python3 server.py --transport sse --host 0.0.0.0 --port 8383
+```
+
+Then connect from Claude Code settings:
+```json
+{
+  "mcpServers": {
+    "vulnfeed": {
+      "type": "sse",
+      "url": "http://your-server:8383/sse"
+    }
+  }
+}
+```
+
+Or set `VULNFEED_TRANSPORT=sse` to default to SSE mode.
+
+## Tools
+
+### Scanning
+
+#### `scan_lockfile`
+Scan a specific lockfile for vulnerabilities.
+```
+scan_lockfile(lockfile_path="/path/to/package-lock.json")
+```
+
+#### `check_package`
+Check a single package for known vulnerabilities.
+```
+check_package(name="express", version="4.17.1", ecosystem="npm")
+```
+
+#### `lookup_cve`
+Get detailed info on a specific vulnerability.
+```
+lookup_cve(cve_id="CVE-2024-29041")
+```
+
+#### `scan_project`
+Auto-detect and scan all lockfiles in a project directory.
+```
+scan_project(project_path="/path/to/project")
+```
+
+### Monitoring
+
+#### `monitor_project`
+Register a project for continuous vulnerability monitoring. Takes a baseline snapshot of current dependencies and known vulns.
+```
+monitor_project(project_path="/path/to/project", project_name="my-app")
+```
+
+#### `check_alerts`
+Check for new vulnerabilities since the last scan. Returns only vulns that weren't in the baseline.
+```
+check_alerts(project_id="f47e98b0e47a")
+```
+
+#### `list_monitored`
+List all projects registered for monitoring.
+```
+list_monitored()
+```
+
+#### `update_deps`
+Update the dependency snapshot after upgrading packages (e.g. after `npm update`).
+```
+update_deps(project_id="f47e98b0e47a", project_path="/path/to/project")
+```
+
+#### `unmonitor_project`
+Remove a project from monitoring.
+```
+unmonitor_project(project_id="f47e98b0e47a")
+```
+
+## Supported lockfiles
+
+- `package-lock.json` (npm)
+- `yarn.lock` (Yarn)
+- `pnpm-lock.yaml` (pnpm)
+- `Pipfile.lock` (Pipenv)
+- `requirements.txt` (pip)
+- `go.sum` / `go.mod` (Go)
+- `Cargo.lock` (Rust / crates.io)
+- `Gemfile.lock` (Ruby / RubyGems)
+- `composer.lock` (PHP / Packagist)
+
+## Smart filtering
+
+By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% exploit probability AND CVSS < 9.0). This cuts noise by ~80% — most CVEs are theoretical, not actively exploited.
+
+To see everything, pass `show_all=True` to any scan tool:
+```
+scan_lockfile(lockfile_path="package-lock.json", show_all=True)
+```
+
+## How it works
+
+1. Parses your lockfile to extract dependency names + versions
+2. Batch-queries OSV.dev (which includes NVD + GitHub Advisories)
+3. Enriches each vulnerability with EPSS exploit probability scores
+4. Filters by exploitability — suppresses low-EPSS, non-critical CVEs by default
+5. Sorts results by exploitability — the CVEs most likely to be used in real attacks appear first
+6. Returns fix version recommendations from package registries
+
+### Monitoring flow
+
+1. `monitor_project` scans your deps and stores a baseline (known vulns + dep versions)
+2. `check_alerts` re-scans against the same dep list and diffs — new vulns that appeared since last check are surfaced, resolved vulns are noted
+3. Run `check_alerts` periodically (e.g. daily) to catch newly published CVEs affecting your deps

vulnfeed_mcp-0.3.0/POLAR-SETUP.md

@@ -0,0 +1,42 @@
+# VulnFeed — Polar.sh Setup (Nat-side, ~10 min)
+
+Polar.sh handles licensing + payments for VulnFeed subscriptions. Free signup, 4% transaction fee.
+
+## Steps
+
+1. **Sign up at [polar.sh](https://polar.sh)** — use `natburke@infaicorp.com` or your preferred email. Create an organization (e.g., "Novadyne" or "Infai").
+
+2. **Create a Product:**
+   - Name: VulnFeed
+   - Type: Subscription (recurring)
+   - Price: $14/mo
+   - Add a "License Key" benefit — this auto-generates keys for each subscriber
+
+3. **Copy two values back to Discord:**
+   - **Organization ID** — found in Settings → Developer → Organization ID (UUID format)
+   - **Product URL** — the checkout link for VulnFeed (Polar provides a hosted checkout page)
+
+4. Agent will:
+   - PUT the Organization ID to the Worker as `POLAR_ORG_ID`
+   - Substitute the checkout URL into the landing page (replacing `PURCHASE_URL_HERE`)
+   - Deploy the updated landing page
+   - The license key validation code is already built and waiting
+
+## How it works (already built)
+
+- Buyer completes checkout on Polar.sh → gets a license key
+- Buyer sets `VULNFEED_API_KEY` in their MCP config to this key
+- MCP server sends the key to the Worker on each request
+- Worker validates against Polar.sh API, caches valid keys for 24h in KV
+- Free tier (no key): 10 scans/day, 1 monitored project
+- Paid tier: unlimited scans and projects
+
+## What's NOT needed from you
+
+- No API key/token needed — Polar.sh's validation endpoint is unauthenticated (safe for public clients)
+- No webhook setup needed for MVP — validation is on-demand, not event-driven
+- Custom domain live at `vulnfeed.novadyne.ai` (also accessible at `vulnfeed.pages.dev`)
+
+## Timeline
+
+Once you post the Org ID + product URL in Discord, the agent will wire everything up in one wake (~15 min of work). VulnFeed goes live immediately after.

vulnfeed_mcp-0.3.0/README.md

@@ -0,0 +1,146 @@
+# VulnFeed — Security MCP Server
+
+Vulnerability scanning and continuous monitoring for Claude Code. Monitors your project's dependencies against NVD, GitHub Advisories, and EPSS exploit data.
+
+## Setup
+
+1. Install the MCP Python SDK:
+   ```bash
+   pip install mcp
+   ```
+
+2. Add to your Claude Code settings (`.claude/settings.json` or `~/.claude/settings.json`):
+   ```json
+   {
+     "mcpServers": {
+       "vulnfeed": {
+         "type": "stdio",
+         "command": "python3",
+         "args": ["/path/to/server.py"],
+         "env": {
+           "VULNFEED_WORKER_URL": "https://...",
+           "VULNFEED_API_KEY": "your-key"
+         }
+       }
+     }
+   }
+   ```
+
+3. Restart Claude Code. The tools are now available.
+
+### Remote mode (SSE)
+
+Run as a remote server for shared/team access:
+```bash
+python3 server.py --transport sse --host 0.0.0.0 --port 8383
+```
+
+Then connect from Claude Code settings:
+```json
+{
+  "mcpServers": {
+    "vulnfeed": {
+      "type": "sse",
+      "url": "http://your-server:8383/sse"
+    }
+  }
+}
+```
+
+Or set `VULNFEED_TRANSPORT=sse` to default to SSE mode.
+
+## Tools
+
+### Scanning
+
+#### `scan_lockfile`
+Scan a specific lockfile for vulnerabilities.
+```
+scan_lockfile(lockfile_path="/path/to/package-lock.json")
+```
+
+#### `check_package`
+Check a single package for known vulnerabilities.
+```
+check_package(name="express", version="4.17.1", ecosystem="npm")
+```
+
+#### `lookup_cve`
+Get detailed info on a specific vulnerability.
+```
+lookup_cve(cve_id="CVE-2024-29041")
+```
+
+#### `scan_project`
+Auto-detect and scan all lockfiles in a project directory.
+```
+scan_project(project_path="/path/to/project")
+```
+
+### Monitoring
+
+#### `monitor_project`
+Register a project for continuous vulnerability monitoring. Takes a baseline snapshot of current dependencies and known vulns.
+```
+monitor_project(project_path="/path/to/project", project_name="my-app")
+```
+
+#### `check_alerts`
+Check for new vulnerabilities since the last scan. Returns only vulns that weren't in the baseline.
+```
+check_alerts(project_id="f47e98b0e47a")
+```
+
+#### `list_monitored`
+List all projects registered for monitoring.
+```
+list_monitored()
+```
+
+#### `update_deps`
+Update the dependency snapshot after upgrading packages (e.g. after `npm update`).
+```
+update_deps(project_id="f47e98b0e47a", project_path="/path/to/project")
+```
+
+#### `unmonitor_project`
+Remove a project from monitoring.
+```
+unmonitor_project(project_id="f47e98b0e47a")
+```
+
+## Supported lockfiles
+
+- `package-lock.json` (npm)
+- `yarn.lock` (Yarn)
+- `pnpm-lock.yaml` (pnpm)
+- `Pipfile.lock` (Pipenv)
+- `requirements.txt` (pip)
+- `go.sum` / `go.mod` (Go)
+- `Cargo.lock` (Rust / crates.io)
+- `Gemfile.lock` (Ruby / RubyGems)
+- `composer.lock` (PHP / Packagist)
+
+## Smart filtering
+
+By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% exploit probability AND CVSS < 9.0). This cuts noise by ~80% — most CVEs are theoretical, not actively exploited.
+
+To see everything, pass `show_all=True` to any scan tool:
+```
+scan_lockfile(lockfile_path="package-lock.json", show_all=True)
+```
+
+## How it works
+
+1. Parses your lockfile to extract dependency names + versions
+2. Batch-queries OSV.dev (which includes NVD + GitHub Advisories)
+3. Enriches each vulnerability with EPSS exploit probability scores
+4. Filters by exploitability — suppresses low-EPSS, non-critical CVEs by default
+5. Sorts results by exploitability — the CVEs most likely to be used in real attacks appear first
+6. Returns fix version recommendations from package registries
+
+### Monitoring flow
+
+1. `monitor_project` scans your deps and stores a baseline (known vulns + dep versions)
+2. `check_alerts` re-scans against the same dep list and diffs — new vulns that appeared since last check are surfaced, resolved vulns are noted
+3. Run `check_alerts` periodically (e.g. daily) to catch newly published CVEs affecting your deps

vulnfeed_mcp-0.3.0/SPEC.md

@@ -0,0 +1,123 @@
+# Bet B — Security Feed MCP
+
+**Product:** VulnFeed (working name) — a paid MCP server that monitors your dependencies for vulnerabilities and tells you what actually matters.
+
+**Price:** $14/mo
+
+**One-liner:** Snyk-grade vulnerability intelligence for $14/mo, native to Claude Code.
+
+## What it is
+
+An MCP server that knows your project's dependencies (by reading your lockfile) and continuously monitors NVD, GitHub Advisories, and EPSS data. When a new CVE drops that affects your actual deps, it tells you: what's vulnerable, how likely it is to be exploited, and exactly which version to upgrade to.
+
+## What it is NOT
+
+A raw CVE lookup tool. There are 6+ free MCP servers that wrap NVD's API. We don't compete with them on data access — we compete on signal-to-noise.
+
+## Why someone pays
+
+1. **Context-aware.** Free servers answer "tell me about CVE-2026-XXXX." VulnFeed answers "am I vulnerable right now?" It knows your `package-lock.json` / `requirements.txt` / `go.sum` and filters to only the CVEs that hit your actual dependency tree.
+
+2. **Prioritized.** EPSS (Exploit Prediction Scoring System) scores every CVE by real-world exploitability. Most CVEs are noise — EPSS cuts the alert volume by ~80%. VulnFeed surfaces the ones likely to be exploited, not every theoretical vuln.
+
+3. **Actionable.** Not just "you're vulnerable" but "upgrade `express` from 4.18.2 → 4.21.0 to fix CVE-2026-XXXX (EPSS: 0.73, CVSS: 9.1)." Cross-references package registries (npm, PyPI, Go) for fix versions.
+
+4. **Always-on.** Maintains a persistent watch list. New CVE published at 3am? Indexed by 3:15am. Your morning coding session knows about it without you asking.
+
+5. **Cheap.** Snyk Team is $25/dev/mo. GitHub Advanced Security is $49/committer/mo. VulnFeed is $14/mo flat — not per-seat.
+
+## Competitive positioning
+
+| | Free MCP servers | Snyk/Socket ($25-49/dev/mo) | VulnFeed ($14/mo) |
+|---|---|---|---|
+| CVE lookup | ✅ | ✅ | ✅ |
+| Knows your deps | ❌ | ✅ | ✅ |
+| EPSS prioritization | ❌ | ✅ | ✅ |
+| Fix recommendations | ❌ | ✅ | ✅ |
+| Continuous monitoring | ❌ | ✅ | ✅ |
+| MCP-native | ✅ | ❌ | ✅ |
+| Auto-fix PRs | ❌ | ✅ | ❌ (v2) |
+| Per-seat pricing | n/a | ✅ (expensive) | ❌ (flat) |
+
+## Architecture
+
+```
+User's Claude Code session
+  ↓ MCP tool call
+VulnFeed MCP Server (Cloudflare Worker)
+  ├── /scan — reads lockfile, returns vulns affecting your deps
+  ├── /monitor — registers a project for continuous monitoring
+  ├── /alerts — returns new vulns since last check
+  └── /cve/{id} — detailed CVE info with fix recommendation
+  ↓
+Data layer (Worker KV / D1)
+  ├── NVD feed (synced hourly)
+  ├── GitHub Advisories (synced hourly)  
+  ├── EPSS scores (synced daily)
+  └── Package registry metadata (npm, PyPI, Go — cached)
+```
+
+Runs entirely on Cloudflare Workers + KV/D1. No server to maintain. Data sync runs on Worker Cron Triggers.
+
+## Build plan
+
+### v0.1 (wake #46) — MVP ✅
+- [x] Worker `/vulnscan/query` endpoint: batch OSV.dev + EPSS enrichment
+- [x] `/vulnscan/cve/{id}` endpoint: detailed CVE with fix versions
+- [x] Python CLI scanner: lockfile parser + prioritized report
+
+### v0.2 (wake #47) — MCP Server ✅
+- [x] FastMCP server with stdio transport: scan_lockfile, check_package, lookup_cve, scan_project
+- [x] Support for package-lock.json, requirements.txt, go.sum, yarn.lock, Pipfile.lock
+
+### v0.3 (wake #48) — Monitoring ✅
+- [x] `POST /vulnscan/monitor`: register project, store dep snapshot in KV
+- [x] `GET /vulnscan/alerts`: diff current CVEs against stored snapshot
+- [x] `PUT /vulnscan/monitor/:id`: update deps, preserve vuln history
+- [x] MCP tools: monitor_project, check_alerts, update_deps, list_monitored, unmonitor_project
+- [x] Landing page draft (products/security-mcp/landing/index.html)
+
+### v1.0 (~1 wake) — Ship
+- [x] EPSS-based smart prioritization (suppress CVEs below 0.1 EPSS unless CVSS ≥ 9) — wake #49
+- [x] SSE transport for remote MCP connections — wake #49
+- [x] License key validation code (Polar.sh integration) — wake #51, activates on POLAR_ORG_ID
+- [x] Deploy landing page to vulnfeed.pages.dev — wake #51
+- [x] Custom domain: vulnfeed.novadyne.ai — wake #56
+- [x] Substitute Polar.sh purchase URL into landing page — wake #57
+- [x] Set POLAR_ORG_ID on Worker — wake #57
+- [x] Free tier auth fix (route order bug: general auth gate blocked free-tier vulnscan requests) — wake #59
+- [ ] Listing on mcp.so + glama.ai + Smithery (listing content drafted, manual submission needed)
+- [ ] MCP Marketplace listing (free tier: 1 project, 10 scans/day)
+
+## Metrics
+
+| Metric | Target | Timeframe |
+|--------|--------|-----------|
+| MCP Marketplace installs | 100 | 30 days post-listing |
+| Free-to-paid conversion | 5-8% | 60 days |
+| Paid subscribers | 50 | 60 days post-listing |
+| MRR | $700 | 60 days |
+| Churn | <10%/mo | After month 2 |
+
+## Kill criteria
+
+- <20 paid users after 90 days of listing
+- <50 free installs after 30 days (no organic interest)
+- Upstream data costs exceed revenue (shouldn't happen — all sources are free)
+- Anthropic ships native vulnerability scanning in Claude Code
+
+## Brand / marketing
+
+**Novadyne umbrella (Nat 09:30Z).** Nat clarified: novadyne is the AI product umbrella (accounting, ledger, now MCP), infai is novadyne's parent company. Security MCP goes under novadyne alongside the bookkeeping assistant — unified AI product brand. Product name: VulnFeed by Novadyne. Marketing via @InfaiHq (parent-company channel) until novadyne has its own presence.
+
+## Upstream costs
+
+$0 ongoing:
+- NVD API: free (no key needed, <5 req/30s)
+- GitHub Advisory DB: free (public GraphQL)
+- EPSS: free (open data, daily CSV)
+- npm/PyPI/Go registries: free (public APIs)
+- Cloudflare Workers: free tier covers initial traffic
+- D1 database: free tier (5GB, 5M reads/day)
+
+Revenue breakeven: first subscriber.

vulnfeed_mcp-0.3.0/claude-code-config.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "vulnfeed": {
+      "command": "uvx",
+      "args": ["vulnfeed-mcp"],
+      "env": {
+        "VULNFEED_API_KEY": "YOUR_LICENSE_KEY_HERE"
+      }
+    }
+  }
+}

vulnfeed_mcp-0.3.0/landing/.wrangler/cache/pages.json

@@ -0,0 +1,4 @@
+{
+  "account_id": "ea0a2969150760d35f85003f32bb927c",
+  "project_name": "vulnfeed"
+}

vulnfeed_mcp-0.3.0/landing/deploy.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+# Deploys the VulnFeed landing page to Cloudflare Pages.
+# Project: vulnfeed (to be created on first deploy).
+# Production URL: https://vulnfeed.novadyne.ai (also: https://vulnfeed.pages.dev)
+#
+# Required env (export before running):
+#   CLOUDFLARE_API_TOKEN
+#   CLOUDFLARE_ACCOUNT_ID
+#
+# On first deploy, create the Pages project first:
+#   curl -X POST "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/pages/projects" \
+#     -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+#     -H "Content-Type: application/json" \
+#     -d '{"name":"vulnfeed","production_branch":"main"}'
+
+set -euo pipefail
+
+PROJECT_NAME=${PROJECT_NAME:-vulnfeed}
+BRANCH=${BRANCH:-main}
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+: "${CLOUDFLARE_API_TOKEN:?CLOUDFLARE_API_TOKEN required}"
+: "${CLOUDFLARE_ACCOUNT_ID:?CLOUDFLARE_ACCOUNT_ID required}"
+
+echo "Deploying $SCRIPT_DIR to Pages project '$PROJECT_NAME' (branch=$BRANCH)..."
+npx --yes wrangler@latest pages deploy "$SCRIPT_DIR" \
+  --project-name="$PROJECT_NAME" \
+  --branch="$BRANCH" \
+  --commit-dirty=true
+
+echo
+echo "Production: https://${PROJECT_NAME}.pages.dev"
+echo "Latest deployment:"
+curl -fsS -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+  "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/pages/projects/$PROJECT_NAME/deployments" \
+  | python3 -c "
+import json,sys
+d=json.load(sys.stdin)
+for dep in d.get('result',[])[:1]:
+    print(f\"  {dep.get('id')[:8]}  {dep.get('environment')}  {dep.get('url')}\")
+    for s in dep.get('stages',[]):
+        if s.get('name') == 'deploy':
+            print(f\"  deploy stage: {s.get('status')}\")
+"