Skip to content

feat(cli): vendor-response subcommand + README Vulnerability Analysis Workflow#88

Open
manus-use wants to merge 1 commit into
mainfrom
feat/readme-scoring-workflow
Open

feat(cli): vendor-response subcommand + README Vulnerability Analysis Workflow#88
manus-use wants to merge 1 commit into
mainfrom
feat/readme-scoring-workflow

Conversation

@manus-use

Copy link
Copy Markdown
Owner

Summary

Two complementary improvements shipped in a single PR:

1. manus-agent vendor-response CLI subcommand

The track_vendor_response Strands tool has lived in src/manus_agent/tools/ since its introduction, and the README has documented manus-agent vendor-response <CVE-ID> for several weeks — but there was no dispatch in cli.py. This PR wires it up.

Usage:

manus-agent vendor-response CVE-2024-3094
manus-agent vendor-response CVE-2024-3094 --output json | jq .vendor_response_state

Output states (matching the actual track_vendor_response implementation):

State Meaning
patch_available Confirmed fix released
patch_pending Vendor acknowledged; fix in progress
workaround_only Mitigation exists; no patch yet
investigating Vendor acknowledged but response unclear
no_patch_expected EoL / wont-fix
unknown Insufficient data

Also fixes the README vendor-response section which was documenting a different state schema that never matched the implementation.

2. Vulnerability Analysis Workflow section in README

Adds a new top-level section to the README showing how the CLI tools chain together into a repeatable analyst pipeline, with a complete CVE-2021-44228 (Log4Shell) worked example across epss-trend, exploit-complexity, blast-radius, vendor-response, patch-diff, cluster-variants, and compare. Also includes a JSON pipeline section for CI gates.

Files changed

File Change
src/manus_agent/cli.py Add _VENDOR_STATE_LABEL, _build_vendor_response_parser, _run_vendor_response; add vendor-response to _SUBCOMMANDS; wire dispatch in main()
README.md Fix vendor-response section; add Vulnerability Analysis Workflow section + TOC entry
tests/test_vendor_response_cli.py 35 new tests (all HTTP mocked)

Test results

937 passed, 3 deselected, 0 failures (up from 902; +35 new tests). ruff clean.

… section

Wire up `manus-agent vendor-response <CVE-ID>` CLI subcommand for the
`track_vendor_response` Strands tool that already existed in main but had
no CLI dispatch. Also add a narrative "Vulnerability Analysis Workflow"
section to README with a full CVE-2021-44228 (Log4Shell) worked example.

Changes:
- cli.py: add `_build_vendor_response_parser` + `_run_vendor_response`
  (text + JSON output, same pattern as exploit-complexity / blast-radius)
- cli.py: add `"vendor-response"` to `_SUBCOMMANDS` set
- cli.py: wire dispatch in `main()` between blast-radius and discover
- cli.py: move state-label dict to module level (_VENDOR_STATE_LABEL)
  to satisfy ruff N806 (no uppercase vars inside functions)
- README.md: fix vendor-response section — corrects the 6 state names
  to match the actual tool output (was documenting a different schema)
- README.md: add "Vulnerability Analysis Workflow" section with a
  4-stage pipeline diagram (Discover → Exploitability → Reach → Remediation)
  and full CVE-2021-44228 worked example across 5 CLI tools
- README.md: add Vulnerability Analysis Workflow to Table of Contents
- tests/test_vendor_response_cli.py: 35 new unit tests (all HTTP mocked)
  covering parser, text output, JSON output, input validation, and
  full end-to-end main() dispatch

Tests: 937 passing (was 902), 0 failures, ruff clean
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant