SecureNow dashboard with application security investigations

Agentic AI security for developers

SecureNow CLI + MCP for agents that can actually investigate.

Give Codex, Claude, Cursor, and your own scripts a developer-safe command surface for production traces, logs, alerts, IP intelligence, firewall actions, rule tuning, and auditable incident response.

Install CLI + MCP Solve a real problem

JSON-first CLI

Local stdio MCP server

Confirmed writes only

terminalReady

npm install -g securenow
securenow login
codex mcp add securenow -- npx securenow mcp
securenow human work --limit 10 --json

Setup

One package gives you the CLI, SDK, and MCP server.

The CLI is for humans and scripts. MCP is for agents. Both use the same SecureNow package and the same evidence model, so a human terminal workflow can become an agent workflow without rewriting the runbook.

CLI quick start

Connect the app, write runtime credentials, generate framework setup, and run the service with SecureNow preloaded.

npm install -g securenow@latest
securenow login
securenow app connect
securenow init
securenow run src/index.js

MCP for Codex and Claude

Start a local stdio MCP server. Agents get structured tools for reading evidence and guarded tools for write actions.

npx securenow login
codex mcp add securenow -- npx securenow mcp

# Other MCP clients can use the package binary directly
npx -p securenow securenow-mcp

Agent prompt starter

Paste this into Codex, Claude Code, Cursor, or Windsurf after MCP is connected.

Investigate the newest SecureNow human-action queue.
For every open IP:
- fetch the AI report and linked traces
- skip false_positive, blocked, and clean statuses
- recommend block, rate limit, false positive, or rule tuning
- only execute writes with confirm:true and a reason

Detect

See the alert, source IPs, paths, status codes, and suspicious payload shape.

SecureNow analysis view with trace details

Analyze

Pivot into traces, logs, bodies, and AI findings without leaving the developer workflow.

SecureNow defense view with remediation actions

Defend

Block, rate limit, trust, tune, or close cases through CLI, MCP, or dashboard.

CLI features

The terminal surface for the full SecDevOps loop.

SecureNow CLI covers setup, instrumentation, observability, detection, investigation, response, rule tuning, telemetry utilities, and human-review workflows. Every command supports structured output with --json.

Setup

Auth, credentials, and apps

Login, admin auth, runtime app connect, API keys, config paths, app creation, default app selection, instance checks, and status.

securenow loginsecurenow admin loginsecurenow app connectsecurenow api-key createsecurenow apps createsecurenow statussecurenow whoami

Run

Instrument any Node.js app

Start Express, Fastify, Koa, Hapi, NestJS, raw Node, Next.js, and Nuxt with traces, logs, body capture, and firewall sync.

securenow initsecurenow run src/index.jsnode -r securenow/register app.jssecurenow run --firewall-only app.jssecurenow credentials runtime --env production

Observe

Traces, logs, analytics, and API map

Pull production traces, correlate logs by trace ID, analyze routes, inspect response analytics, and discover attack surface.

securenow traces listsecurenow traces show <traceId>securenow traces analyze <traceId>securenow logs trace <traceId>securenow analyticssecurenow api-map stats

Investigate

Alerts, IP intel, and forensics

Read notifications, inspect per-IP investigation status, query traffic in plain English, and build evidence-backed incident reports.

securenow notifications listsecurenow human show 1securenow ip 203.0.113.42securenow ip traces 203.0.113.42securenow forensics "SQLi attempts in 24h"securenow forensics chat

Respond

Firewall, blocklist, trusted IPs, and rate limits

Block attackers, test firewall decisions, add scoped rate limits, trust known-safe infrastructure, and avoid dangerous deny-by-default allowlists.

securenow firewall statussecurenow firewall test-ip <ip>securenow blocklist add <ip>securenow trusted add <ip>securenow ratelimit from-text "limit POST /api/login"securenow automation dry-run <id>

Tune

Rules, false positives, and automation

Dry-run alert rules, tune noisy detections, create restrictive false-positive exclusions, and execute reviewed automation safely.

securenow alerts rules test <id> --mode dry_runsecurenow alerts rules tune-query <id>securenow fp ai-fillsecurenow fp dry-runsecurenow fp mark <notification-id> <ip>securenow automation execute <id>

Shell

Scriptable telemetry and utilities

Emit logs and spans from CI or cron, redact payloads, test CIDR ranges, inspect resolved config, and run diagnostics.

securenow log send "Deploy done"securenow test-spansecurenow redact @request.jsonsecurenow cidr match 10.0.0.5 10.0.0.0/24securenow env --jsonsecurenow doctor

Human review

Agent-prepared decisions

Work the Requires Human queue from terminal or MCP. Review AI evidence, then approve a block, mark a false positive, tune a rule, or defer.

securenow human listsecurenow human report 1securenow human block 1 --yes --reason "confirmed"securenow human fp 1 --yes --reason "partner IP"securenow human prompt 1securenow human work --limit 10

MCP features

MCP gives agents tools, not screenshots.

The local MCP server exposes SecureNow's control plane and investigation workflows as typed tools. Read tools fetch evidence. Write tools require explicit confirmation, a reason, and scoped inputs that become part of the audit trail.

Credential lanes

Admin and control-plane tools use .securenow/admin.json. Runtime reads can use .securenow/runtime.json where the API key scopes allow it. Legacy credentials are still read for compatibility.

Case and alert review

Let an agent fetch grouped evidence, inspect AI reports, and close no-write or reviewed decisions.

securenow_human_actions_listsecurenow_human_action_reportsecurenow_human_action_blocksecurenow_human_action_false_positivesecurenow_human_case_action_updatesecurenow_alert_review_runs_listsecurenow_alert_review_run_apply_group_decision

Live evidence

Pull traces, spans, logs, IP intelligence, notifications, analytics, and natural-language forensic results.

securenow_notifications_listsecurenow_notifications_getsecurenow_ip_lookupsecurenow_ip_tracessecurenow_traces_listsecurenow_traces_showsecurenow_logs_for_tracesecurenow_forensics_query

Remediation

Perform scoped blocks, rate limits, firewall checks, trusted IP changes, and pending-block cleanup with confirmation gates.

securenow_firewall_statussecurenow_firewall_test_ipsecurenow_blocklist_addsecurenow_blocklist_unblocksecurenow_rate_limit_parsesecurenow_rate_limit_create_from_textsecurenow_trusted_addsecurenow_allowlist_list

Rule testing and tuning

Dry-run SQL and instant-rule candidates before saving. Version and hash guards protect shared system rules.

securenow_alert_rule_getsecurenow_alert_rule_candidate_testsecurenow_alert_rule_condition_diffsecurenow_alert_rule_condition_updatesecurenow_alert_rule_query_updatesecurenow_alert_rule_exclusion_addsecurenow_alert_rule_test_result

Automation and app control

Create apps, inspect runtime state, dry-run automation rules, execute reviewed automation, and manage app firewall posture.

securenow_auth_statussecurenow_apps_listsecurenow_apps_createsecurenow_automation_rules_listsecurenow_automation_rule_dry_runsecurenow_automation_rule_executesecurenow_firewall_appssecurenow_firewall_set_threshold

Safety model

Write tools require confirm:true, a human-readable reason, scoped inputs, and structured audit reports for risky decisions.

confirm:truereasondecisionReportexpectedRuleVersionexpectedCurrentInstantHashapplyGlobally:truepreviewOnlydryRun

Problem to solution

How devs use CLI + MCP when something is actually on fire.

Each workflow has the human CLI path and the MCP tools an agent can use to do the same investigation with guardrails.

Problem 1

I shipped a new endpoint. Is it safe in production?

Start the app with SecureNow, let the agent inspect traces and bodies, then ask for risky paths, attack payloads, and unexpected status spikes.

securenow_traces_listsecurenow_logs_listsecurenow_forensics_query

securenow run src/index.js
securenow api-map stats --json
securenow forensics "show risky new endpoints since deploy" --json

Problem 2

A suspicious IP keeps hitting login.

Check reputation, pull all traces for the IP, inspect payload and route behavior, then choose block, rate limit, or clean.

securenow_ip_lookupsecurenow_ip_tracessecurenow_rate_limit_create_from_text

securenow ip 203.0.113.42 --json
securenow ip traces 203.0.113.42 --env production --json
securenow ratelimit from-text "limit this IP on POST /api/login to 2 per minute" --yes

Problem 3

An alert fired, but I do not know what to approve.

Use the Requires Human queue. The agent reads the prepared report, checks linked traces, and records an auditable decision.

securenow_human_actions_listsecurenow_human_action_reportsecurenow_human_action_block

securenow human list --limit 10 --json
securenow human show 1
securenow human block 1 --yes --reason "trace evidence confirmed credential stuffing"

Problem 4

A noisy rule is paging on normal webhook traffic.

Dry-run a restrictive exclusion or tune the rule. Keep the guard tied to exact path, method, user agent, body field, or matched detector evidence.

securenow_alert_rule_candidate_testsecurenow_alert_rule_condition_diffsecurenow_human_action_false_positive

securenow fp ai-fill --description "Stripe webhook POST /api/stripe/webhook"
securenow fp dry-run --conditions @candidate.json
securenow alerts rules test <rule-id> --mode dry_run --wait

Problem 5

Bots are burning CPU before I have a full security stack.

Run firewall-only mode first. Keep trusted crawlers open, test IP decisions locally, and promote to full monitoring when you need deeper evidence.

securenow_firewall_statussecurenow_firewall_test_ipsecurenow_blocklist_add

securenow app connect
securenow run --firewall-only app.js
securenow firewall test-ip 198.51.100.7 --json

Problem 6

I want Codex or Claude to do security work without guessing.

Connect the MCP server. The agent gets structured tools for evidence and guarded writes instead of scraping dashboard screenshots.

securenow_auth_statussecurenow_notifications_getsecurenow_alert_review_runs_list

npx securenow login
codex mcp add securenow -- npx securenow mcp

# Other MCP clients can use the package binary directly
npx -p securenow securenow-mcp

Agentic AI

The agent has evidence, tools, and a brake pedal.

Agentic security is not "AI says scary thing." It is a loop: ask a concrete question, gather production evidence, make a scoped recommendation, run a dry run when needed, then write only after confirmation.

1Ask

A developer asks whether a spike is a bug, bot traffic, or an attack.

2Gather

MCP reads traces, logs, IP intelligence, notifications, and prior decisions.

3Decide

The agent explains confidence, affected paths, missing proof, and next action.

4Act

CLI or MCP applies a scoped block, rate limit, false-positive rule, or alert tune.

5Audit

The decision records evidence, trace IDs, methods, paths, and recommendations.

Guardrails

Built for production, not demo-mode autonomy.

SecureNow is opinionated about the dangerous parts: blocking, allowlisting, global rule tuning, and false-positive suppression all carry evidence and confirmation requirements.

Runtime credentials live in .securenow/runtime.json. Admin control-plane auth lives in .securenow/admin.json.

Every CLI command supports --json so agents can parse evidence instead of reading tables.

MCP write actions require confirm:true plus a reason and can attach decisionReport evidence.

Alert-rule tuning uses dry runs, seeded fixtures, rule versions, and hashes before saving.

Allowlist mode is deny-by-default. For known-safe traffic, use trusted IPs instead.

False positives should be scoped to exact rule, app, path, method, status, user agent, body, or detector evidence.

Give your agent the same security console you use.

Start with the CLI, connect MCP when you want agentic workflows, and keep every investigation grounded in production evidence.

Start free Full CLI docs npm package