npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

fullcourtdefense-cli

v1.0.2

Published

Full Court Defense CLI — security scanning for AI agents from your terminal

Downloads

121

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

fullcourtdefense-botfullcourtdefense-bot

Keywords

llmsecurityguardrailsai-safetyprompt-injectionclired-teamingowaspmcprag

Readme

FullCourtDefense CLI

Full Court Defense is an AI agent security platform and runtime firewall for teams shipping LLM apps, agentic workflows, MCP tools, and RAG systems. We help builders find and block prompt injection, jailbreaks, data exfiltration, unsafe tool use, and poisoned retrieval content before those failures reach production.

The FullCourtDefense CLI brings that security workflow to your terminal. It can run hosted CI/CD scans against public agents, or local in-organization scans against private APIs, MCP servers, RAG document corpora, and live RAG services. Local scans execute from your machine or VPN, then send captured content outbound to your Shield for verdicts and saved web reports.

Install

npm install -g fullcourtdefense-cli
# or run directly
npx fullcourtdefense-cli scan

Quick Start

# Show onboarding help
fullcourtdefense help

# 1. Check outbound HTTPS from the customer machine
fullcourtdefense doctor

# 2. Save Shield ID and Shield key
fullcourtdefense configure

# 3. Run an in-organization local scan with guided questions
fullcourtdefense scan --local

# 4. Run a detailed MCP report
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./server.js --mcp-tool all --mode full --format report

# Hosted CI/CD scan, if using an API key instead of local Shield scan
fullcourtdefense scan --api-key YOUR_KEY --endpoint https://my-agent.com/chat --description "My chatbot"

# Check remaining credits
fullcourtdefense credits --api-key YOUR_KEY

# Generate a config file
fullcourtdefense init

Command Guide

  • fullcourtdefense help — shows the full onboarding flow and command reference.
  • fullcourtdefense doctor — confirms outbound HTTPS to FullCourtDefense is open before scanning.
  • fullcourtdefense configure — saves Shield ID, Shield key, and API URL to .fullcourtdefense.yml.
  • fullcourtdefense scan --local — runs inside the customer network and asks whether to scan endpoint, MCP, or RAG.
  • fullcourtdefense scan --local --type mcp ... — launches a local stdio MCP server, calls tools, and sends tool responses to Shield.
  • fullcourtdefense scan --local --type rag ... — scans local RAG files/directories or a live RAG HTTP service.
  • fullcourtdefense scan --local --type endpoint ... — scans an internal HTTP/OpenAI-compatible endpoint.
  • fullcourtdefense credits — checks hosted scan credits for CI/CD API-key scans.
  • fullcourtdefense init — creates a starter config file.

Config File

Create a .fullcourtdefense.yml to avoid passing flags every time:

apiKey: ${BOTGUARD_API_KEY}
apiUrl: https://api.fullcourtdefense.ai
shieldId: sh_your_shield_id
# shieldKey: shsk_optional_if_locked
scan:
  endpoint: https://my-agent.com/chat
  description: "Customer support chatbot"
  categories: [jailbreak, prompt_injection, data_extraction]
  failThreshold: 80
  format: table

Then just run:

fullcourtdefense scan

Modes

Hosted scans use a CI/CD API key and scan a public or reachable agent endpoint through the FullCourtDefense backend.

| Mode | Use When | Behavior | |---|---|---| | --mode sync | Small hosted scans from CI or a terminal | Waits for the hosted scan result before exiting. | | --mode async | Longer hosted scans | Starts a hosted job, polls until complete, then prints the result. |

Local scans run from the customer machine or VPN and only send captured text outbound to Shield for verdicts.

| Mode | Use When | Behavior | |---|---|---| | --mode quick | Smoke test before a demo or install handoff | Runs a small default attack set. | | --mode full | Real evidence report | Runs the bundled 229+ attack corpus. | | --mode targeted | You know what the agent protects | Runs default plus targeted attacks and appends --description as focus context. | | --mode deep | Stress and broad regression testing | Runs the broad corpus plus deeper multi-step/stress cases. |

Full Option Reference

Global

| Flag | Applies To | Description | Default | |---|---|---|---| | --help, -h | all commands | Show help. | — | | --version, -v | all commands | Print package version. | — | | --config <path> | scan/config | Path to .fullcourtdefense.yml, .fullcourtdefense.yaml, or legacy .botguard.yml. | auto-detect | | --api-url <url> | doctor/configure/scan | FullCourtDefense backend URL. | https://api.fullcourtdefense.ai |

Shield And Hosted API

| Flag | Applies To | Description | Default | |---|---|---|---| | --api-key <key> | hosted scan/credits | Hosted scan API key. Can also use BOTGUARD_API_KEY. | config/env | | --shield-id <id> | local scan | Shield ID from the Shield Integrate tab. Can also use FULLCOURTDEFENSE_SHIELD_ID, FCD_SHIELD_ID, or AGENTGUARD_SHIELD_ID. | config/env/prompt | | --shield-key <key> | local scan | Optional Shield key for locked Shields. Can also use FULLCOURTDEFENSE_SHIELD_KEY, FCD_SHIELD_KEY, or AGENTGUARD_SHIELD_KEY. | config/env/prompt |

Hosted Scan

| Flag | Applies To | Description | Default | |---|---|---|---| | --endpoint <url> | hosted scan | Public/reachable AI agent API URL. | config | | --description <text> | hosted scan/local targeted | Agent description. For --mode targeted, also used as local focus context. | config | | --system-prompt <text-or-path> | hosted scan | System prompt text or path to a file. | config | | --categories <list> | hosted scan | Comma-separated attack categories. | all | | --attack-count <n> | hosted/local | Limit number of attacks. Useful for smoke tests. | mode default | | --webhook-format <fmt> | hosted scan | Webhook format: n8n, make, zapier, or custom. Legacy alias for local request format. | — |

Local Target Selection

| Flag | Applies To | Description | Default | |---|---|---|---| | --local | scan | Run from this machine, inside the customer's network/VPN. | false | | --type <type> | local scan | Local target type: endpoint, mcp, or rag. | prompt |

Local HTTP API Endpoint

| Flag | Applies To | Description | Default | |---|---|---|---| | --endpoint <url> | --type endpoint | Internal HTTP API URL, for example http://agent.local/chat. | prompt | | --method <GET|POST> | endpoint/rag-url | HTTP method. | prompt/POST | | --request-format <fmt> | endpoint/rag-url | Request body shape: custom or openai. | prompt/custom | | --input-field <field> | endpoint/rag-url | Request field that receives the attack prompt, for example message, query, question, or input. | message | | --output-field <field> | endpoint/rag-url | Response field containing the bot answer, for example answer, response, text, or choices.0.message.content. | auto-detect | | --auth-type <type> | endpoint/rag-url | HTTP auth type: none, bearer, basic, or api-key. | none | | --username <user> | endpoint/rag-url basic auth | Basic auth username. | prompt | | --password <pass> | endpoint/rag-url basic auth | Basic auth password. | prompt | | --token <token> | endpoint/rag-url bearer auth | Bearer token. | prompt | | --api-key-header <header> | endpoint/rag-url API-key auth | API key header name, for example X-API-Key. | X-API-Key | | --endpoint-api-key <key> | endpoint/rag-url API-key auth | API key value for the scanned endpoint. | prompt |

MCP

| Flag | Applies To | Description | Default | |---|---|---|---| | --mcp-command <cmd> | stdio MCP | Command that starts the MCP server, for example node, python, or npx.cmd. | prompt | | --mcp-args <args> | stdio MCP | Args passed to --mcp-command, for example .\dist\server.js. JSON array strings are also supported. | empty | | --mcp-url <url> | HTTP/SSE MCP | Already-running MCP URL, for example https://internal.company.com/mcp. | prompt | | --mcp-transport <t> | MCP | Transport: stdio, http, or sse. HTTP/SSE can usually be inferred from --mcp-url. | inferred | | --mcp-tool <tool> | MCP | Tool to scan, or all to scan every listed tool. | all when destination is provided | | --mcp-tool-args <json> | MCP | Tool args JSON. Use {{attack}} anywhere the current attack prompt should be inserted. | {} | | --mcp-auth-type <type> | HTTP/SSE MCP | Auth type: none, bearer, basic, or api-key. | none | | --mcp-token <token> | HTTP/SSE MCP bearer auth | Bearer token. | prompt | | --mcp-username <user> | HTTP/SSE MCP basic auth | Basic auth username. | prompt | | --mcp-password <pass> | HTTP/SSE MCP basic auth | Basic auth password. | prompt | | --mcp-api-key-header <header> | HTTP/SSE MCP API-key auth | API key header name. | X-API-Key | | --mcp-api-key <key> | HTTP/SSE MCP API-key auth | API key value. | prompt | | --progress <mode> | MCP | Console progress: verbose, compact, or silent. | verbose |

RAG

| Flag | Applies To | Description | Default | |---|---|---|---| | --rag-path <path> | --type rag | Local RAG file or directory to scan as a corpus. Supports .txt, .md, .json, .csv, and .html. | prompt | | --rag-url <url> | --type rag | Live RAG HTTP endpoint to scan like an app. Uses the same HTTP flags as endpoint scans. | — |

Output And CI

| Flag | Applies To | Description | Default | |---|---|---|---| | --mode <mode> | scan | Hosted: sync, async. Local: quick, full, targeted, deep. | hosted sync, local quick | | --format <fmt> | scan | Output: table, summary, report, full-report, or json. | hosted table, local summary | | --fail-threshold <n> | scan | Exit with code 1 if score is below this 0-100 threshold. | 0 |

Realistic Command Examples

First-Time Setup

Run these on the same machine that can reach the customer's private agent, MCP server, or RAG service:

fullcourtdefense doctor
fullcourtdefense configure
fullcourtdefense scan --local

Expected doctor output:

BotGuard outbound diagnostic
Target: https://api.fullcourtdefense.ai

PASS outbound HTTPS open (200, 487ms)
Checked: https://api.fullcourtdefense.ai/api/health/ping

Hosted CI/CD Scan

Use hosted scans when the agent endpoint is reachable by FullCourtDefense and you have a CI/CD API key.

$env:BOTGUARD_API_KEY = "bg_live_..."
fullcourtdefense scan --endpoint "https://support-bot.example.com/chat" --description "Customer support chatbot" --mode sync --format summary --fail-threshold 80

Async hosted scan for a longer job:

fullcourtdefense scan --api-key "bg_live_..." --endpoint "https://agent.example.com/chat" --description "Production sales assistant" --mode async --format report

Local Modes

Use quick mode first:

fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report

Use full mode for evidence:

fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode full --format report

Use targeted mode when you know the protected domain:

fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode targeted --description "Healthcare support bot with patient records and billing data" --format report

Use deep mode for broad regression:

fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode deep --format full-report

Local API Endpoint Examples

Typical Express/FastAPI app:

fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report

Query-style endpoint:

fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report

OpenAI-compatible endpoint:

fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:8000/v1/chat/completions" --method POST --request-format openai --mode full --format report

MCP Examples

Local stdio MCP server built from your repo:

fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool all --mode full --format report

Filesystem MCP over npx.cmd on Windows:

fullcourtdefense scan --local --type mcp --mcp-command npx.cmd --mcp-args "-y @modelcontextprotocol/server-filesystem C:\company\docs" --mcp-tool all --mode full --format report

Single MCP tool with attack inserted into an argument:

fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\mcp-server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}", "limit": 5 }' --mode quick --format report

Already-running HTTP MCP:

fullcourtdefense scan --local --type mcp --mcp-url "http://127.0.0.1:5066/mcp" --mcp-tool all --mode full --format report

Secured HTTP MCP:

fullcourtdefense scan --local --type mcp --mcp-url "https://mcp.internal.company.com/mcp" --mcp-auth-type bearer --mcp-token "mcp_token_..." --mcp-tool all --mode full --format report

RAG Examples

Scan local documents before ingestion:

fullcourtdefense scan --local --type rag --rag-path "C:\company\kb-docs" --mode full --format report

Scan one suspicious file:

fullcourtdefense scan --local --type rag --rag-path ".\docs\release-notes.md" --mode quick --format report

Scan a live RAG service:

fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode full --format report

Scan an OpenAI-compatible RAG service:

fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report

Auth Examples

Bearer auth for an internal agent:

fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type bearer --token "eyJ..." --mode full --format report

Basic auth:

fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type basic --username "scanner" --password "scanner-password" --mode full --format report

API key header:

fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field answer --auth-type api-key --api-key-header X-Internal-Key --endpoint-api-key "internal_key_..." --mode full --format report

CI Gate Examples

Fail the build if score is below 80:

fullcourtdefense scan --api-key "$env:BOTGUARD_API_KEY" --endpoint "https://agent.example.com/chat" --description "Production support agent" --mode sync --format summary --fail-threshold 80

Local CI against a service started earlier in the job:

fullcourtdefense scan --local --type endpoint --endpoint "http://127.0.0.1:3000/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format summary --fail-threshold 80

In-Organization Local Scan

Use local scan when the AI endpoint, MCP server, RAG service, or RAG corpus is only reachable from inside your organization. The CLI executes the local target, then sends the captured content outbound to your FullCourtDefense Shield for the real verdict.

fullcourtdefense scan --local

On first local scan, the CLI asks for your Shield ID and saves it to .fullcourtdefense.yml. You can also pass it directly:

fullcourtdefense scan --local --shield-id sh_your_shield_id

The CLI asks what to scan:

  • endpoint — internal HTTP API or OpenAI-compatible endpoint.
  • mcp — MCP destination. For stdio MCP, the destination is the command plus args needed to launch the server, for example node ./mcp-server.js or npx.cmd -y @modelcontextprotocol/server-filesystem C:\data. For an already-running HTTP/HTTPS or legacy SSE MCP server, the destination is --mcp-url.
  • rag — local file/directory of RAG documents/chunks, or a live RAG HTTP endpoint via --rag-url.

Recommended Flow

  1. Run doctor first from the customer machine. This confirms outbound HTTPS to FullCourtDefense works before you try a scan.
  2. Run configure once. Paste the Shield ID and Shield key from the web app's Shield Integrate tab.
  3. Pick the target type: API endpoint, MCP, RAG corpus, or live RAG service.
  4. Use --mode quick for a smoke test, then --mode full --format report for evidence and web history.
fullcourtdefense doctor
fullcourtdefense configure

With a Shield key configured, local scans are saved to the web Reports history automatically.

API Endpoint Scan

Use this when the AI agent is a normal HTTP API, for example /chat, /ask, /query, or an OpenAI-compatible /v1/chat/completions route.

For custom JSON APIs, tell the CLI which request field receives the attack prompt and which response field contains the bot answer:

fullcourtdefense scan --local --type endpoint --endpoint "http://internal-agent.local/chat" --method POST --request-format custom --input-field message --output-field response --mode quick --format report

Common custom field mappings:

# Request: { "query": "..." }, response: { "answer": "..." }
fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/query" --method POST --request-format custom --input-field query --output-field answer --mode full --format report

# GET endpoint: /ask?q=...
fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/ask" --method GET --request-format custom --input-field q --output-field answer --mode quick --format report

For OpenAI-compatible APIs:

fullcourtdefense scan --local --type endpoint --endpoint "http://localhost:8080/v1/chat/completions" --method POST --request-format openai --mode full --format report

Authenticated API examples:

# Bearer token
fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type bearer --token YOUR_TOKEN --mode full --format report

# API key header
fullcourtdefense scan --local --type endpoint --endpoint "https://agent.internal/chat" --method POST --request-format custom --input-field message --output-field response --auth-type api-key --api-key-header X-API-Key --endpoint-api-key YOUR_KEY --mode full --format report

MCP Scan

Use this when the target exposes tools through the Model Context Protocol. The CLI calls the tool with attack prompts, captures the tool response, sends that response to Shield, and saves the report to history.

For stdio MCP servers:

fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool all --mode full --format report

For a single stdio tool with fixed args:

fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ".\dist\server.js" --mcp-tool search_docs --mcp-tool-args '{ "query": "{{attack}}" }' --mode quick --format report

For already-running HTTP MCP servers:

fullcourtdefense scan --local --type mcp --mcp-url "http://mcp.internal.company.com/mcp" --mcp-tool all --mode full --format report

For secured MCP servers:

# Bearer auth
fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report

# Basic auth
fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report

# API key header
fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report

For legacy SSE MCP:

fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url "https://internal.company.com/sse" --mcp-tool all --mode full --format report

MCP progress controls:

fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress verbose --format report
fullcourtdefense scan --local --type mcp --mcp-url "https://internal.company.com/mcp" --mcp-tool all --mode full --progress compact --format summary

RAG Corpus Scan

Use this when you have local documents or chunks before they are indexed. The CLI reads .txt, .md, .json, .csv, and .html files, sends chunks to the RAG Shield endpoint, and saves the report as a RAG scan.

fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode quick --format report
fullcourtdefense scan --local --type rag --rag-path ".\docs" --mode full --format full-report

Use corpus scan to find poisoned files before ingestion. Use live RAG scan when you need to test the actual retrieval service behavior.

Live RAG Service Scan

Use this when RAG is a running service, not just files. This is common for retrieval APIs that accept a question and return an answer with retrieved context.

fullcourtdefense scan --local --type rag --rag-url "http://rag.internal.company.com/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report

Common live RAG shapes:

# Request: { "question": "..." }, response: { "answer": "..." }
fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/chat" --method POST --request-format custom --input-field question --output-field answer --mode full --format report

# Request: { "query": "..." }, response: { "result": "..." }
fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/query" --method POST --request-format custom --input-field query --output-field result --mode full --format report

# OpenAI-compatible RAG endpoint
fullcourtdefense scan --local --type rag --rag-url "http://localhost:5065/v1/chat/completions" --method POST --request-format openai --mode full --format report

The web report will show Agent Tested: Local full RAG endpoint scan: ... and is saved with scanType: rag.

Local Demo RAG Server

This repository includes a deliberately vulnerable RAG service for testing the CLI flow:

$env:PORT = "5065"
node samples\rag\rag-server.js

In another terminal:

fullcourtdefense scan --local --type rag --rag-url "http://127.0.0.1:5065/chat" --method POST --request-format custom --input-field message --output-field answer --mode quick --format report

The demo should fail because it echoes raw poisoned retrieved context. That is expected and proves the scanner is catching RAG poisoning.

Older Compact Examples

# Internal web API
fullcourtdefense scan --local --type endpoint --endpoint http://internal-agent.local/chat --method POST --shield-id sh_your_shield_id

# Internal OpenAI-compatible endpoint
fullcourtdefense scan --local --type endpoint --endpoint http://localhost:8080/v1/chat/completions --webhook-format openai --shield-id sh_your_shield_id

# MCP stdio server
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool search_docs --mcp-tool-args '{"query":"security policy"}' --shield-id sh_your_shield_id

# Already-running HTTP or HTTPS MCP server
fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp
fullcourtdefense scan --local --type mcp --mcp-url http://mcp.internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --format report --shield-id sh_your_shield_id

# Legacy SSE MCP server
fullcourtdefense scan --local --type mcp --mcp-transport sse --mcp-url https://internal.company.com/sse --mcp-tool all --mode full --format report --shield-id sh_your_shield_id

# Secured HTTP MCP server with bearer auth
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type bearer --mcp-token YOUR_TOKEN --mcp-tool all --mode full --format report --shield-id sh_your_shield_id

# Secured HTTP MCP server with basic auth
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type basic --mcp-username USER --mcp-password PASS --mcp-tool all --mode full --format report --shield-id sh_your_shield_id

# Secured HTTP MCP server with API-key auth
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-auth-type api-key --mcp-api-key-header X-API-Key --mcp-api-key YOUR_KEY --mcp-tool all --mode full --format report --shield-id sh_your_shield_id

# MCP full scan: all tools x bundled 229+ web attacks
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --shield-id sh_your_shield_id

# MCP smoke test with same full corpus, limited to 10 attacks per tool
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --shield-id sh_your_shield_id

# MCP evidence report: includes each attack sent, captured tool response, and Shield verdict
fullcourtdefense scan --local --type mcp --mcp-command node --mcp-args ./dist/index.js --mcp-tool all --mode full --attack-count 10 --format report --shield-id sh_your_shield_id

# MCP full scan with per-attack live progress
fullcourtdefense scan --local --type mcp --mcp-url https://internal.company.com/mcp --mcp-tool all --mode full --progress verbose --format report --shield-id sh_your_shield_id

# RAG documents
fullcourtdefense scan --local --type rag --rag-path ./docs --format table --shield-id sh_your_shield_id

# Live RAG HTTP service
fullcourtdefense scan --local --type rag --rag-url http://rag.internal.company.com/chat --method POST --request-format custom --input-field message --output-field answer --mode full --format report --shield-id sh_your_shield_id

Local scans run from the machine executing the CLI, so they can reach private/VPN/internal targets without opening inbound firewall access. The only required network path is outbound HTTPS to your FullCourtDefense backend. With a Shield key configured, the CLI saves the completed scan into the same web Reports history used by hosted scans. The web report keeps every test row with bounded evidence text; use --format report or --format json locally for the full raw evidence artifact.

When an MCP destination is provided (--mcp-url or --mcp-command), the CLI defaults to a full all-tools report scan with per-attack live progress. Use --progress compact for shorter logs, or --progress silent for CI logs.

Outbound Diagnostic

Use doctor before local scans to confirm the customer environment can reach the FullCourtDefense backend over outbound HTTPS:

fullcourtdefense doctor
fullcourtdefense doctor --api-url https://api.fullcourtdefense.ai

It checks GET /api/health/ping and reports whether outbound TCP 443/HTTPS is open.

CI/CD Usage

The CLI returns exit code 1 when the score is below --fail-threshold, making it CI-friendly:

fullcourtdefense scan --fail-threshold 80 --format summary

For GitHub Actions, use botguardai/security-scan which wraps this CLI with PR comments and check status.

Get Your API Key

  1. Sign up at fullcourtdefense.ai
  2. Go to Account > API Keys
  3. Create a CI/CD key

Related

License

MIT