@@ -8,8 +8,14 @@ them, and keep unreviewed critical findings visible until someone triages them.
88
99![ Vulnerability Daemon hero] ( ./docs/assets/vulnerability-daemon-hero.png )
1010
11+ ![ Dashboard with toolbar icon] ( ./docs/assets/dashboard-screenshot.png )
12+
1113![ Dashboard with review drawer] ( ./docs/assets/dashboard-drawer-screenshot.png )
1214
15+ The app icon is served as the favicon, the install manifest icon, the header
16+ brand mark, and the top-right review queue button:
17+ [ vulnerability-daemon-icon.svg] ( ./docs/assets/vulnerability-daemon-icon.svg ) .
18+
1319## What It Does
1420
1521- Runs recurring security audits over local folders.
@@ -24,6 +30,17 @@ them, and keep unreviewed critical findings visible until someone triages them.
2430
2531The core promise: never let a new critical finding disappear into a terminal log.
2632
33+ ## Product Shape
34+
35+ The normal user flow is app-like:
36+
37+ 1 . Start ` vuln-daemon ` .
38+ 2 . It lives in the menu bar on macOS.
39+ 3 . Reviews run on the schedule in your config.
40+ 4 . Critical findings stay visible in the dashboard until reviewed.
41+
42+ The CLI commands remain available for automation, CI experiments, and debugging.
43+
2744## Install
2845
2946From source:
@@ -34,44 +51,70 @@ cargo install --path .
3451
3552During development, use ` cargo run -- ` in place of ` vuln-daemon ` .
3653
54+ This is still a source install. Packaged ` .app ` , Homebrew, and signed release
55+ binaries are planned so users do not need Rust installed.
56+
3757## Quick Start
3858
39- Create a config interactively :
59+ Start the app :
4060
4161``` bash
42- vuln-daemon init
62+ vuln-daemon
4363```
4464
45- Or write the example config directly :
65+ or :
4666
4767``` bash
48- vuln-daemon init-config ./vuln-daemon.config.json
68+ vuln-daemon start
69+ ```
70+
71+ On first run it asks for one local repo/folder to watch, writes the app config,
72+ starts the local daemon, and opens the dashboard. On macOS it also stays in the
73+ menu bar with actions for opening the dashboard, starting a review now, opening
74+ the config, and quitting.
75+
76+ Default app config locations:
77+
78+ - macOS: ` ~/Library/Application Support/Vulnerability Daemon/config.json `
79+ - Linux: ` ~/.config/vulnerability-daemon/config.json `
80+ - Windows: ` %APPDATA%\Vulnerability Daemon\config.json `
81+
82+ Use a specific config when you want to keep project-local state:
83+
84+ ``` bash
85+ vuln-daemon start --config ./vuln-daemon.config.json
4986```
5087
51- Edit the ` targets ` entries so each ` path ` points at a local repo or folder.
88+ ## Power User CLI
5289
53- Run one dry run without invoking an agent :
90+ Create a config without starting the app :
5491
5592``` bash
56- vuln-daemon run-once --config ./vuln-daemon.config.json --dry-run
93+ vuln-daemon init
5794```
5895
59- Run one real audit:
96+ Write the example config directly:
97+
98+ ``` bash
99+ vuln-daemon init-config ./vuln-daemon.config.json
100+ ```
101+
102+ Run one review immediately:
60103
61104``` bash
62105vuln-daemon run-once --config ./vuln-daemon.config.json
63106```
64107
65- Start the local daemon and dashboard :
108+ Run the daemon without menu-bar integration :
66109
67110``` bash
68- vuln-daemon serve --config ./vuln-daemon.config.json
111+ vuln-daemon start --config ./vuln-daemon.config.json --no-tray
69112```
70113
71- Then open :
114+ Or run the raw HTTP server :
72115
73- ``` text
74- http://127.0.0.1:8831
116+ ``` bash
117+ vuln-daemon serve --config ./vuln-daemon.config.json
75118```
76119
77120Export SARIF after runs:
@@ -118,7 +161,7 @@ For a compiled binary:
118161
119162``` bash
120163cargo build --release
121- ./target/release/vuln-daemon serve --config ./vuln-daemon.config.json
164+ ./target/release/vuln-daemon start --config ./vuln-daemon.config.json
122165```
123166
124167## API
@@ -194,15 +237,16 @@ out/vulnerability-daemon/
194237}
195238```
196239
197- ## Daemon Install
240+ ## Headless Daemon Install
198241
199242Examples are included for:
200243
201244- [ systemd] ( ./examples/systemd/vulnerability-daemon.service )
202245- [ launchd] ( ./examples/launchd/com.vulnerability-daemon.plist )
203246
204- Both examples assume you have installed the compiled binary somewhere stable and
205- created a config file. The dashboard should remain bound to ` 127.0.0.1 ` .
247+ Both examples run the HTTP/scheduler daemon without menu-bar UI. They assume you
248+ have installed the compiled binary somewhere stable and created a config file.
249+ The dashboard should remain bound to ` 127.0.0.1 ` .
206250
207251## Security Notes
208252
0 commit comments