Skip to content

nuclide-research/visor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
cmd/visor
cmd/visor
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 

Repository files navigation

visor

Umbrella CLI for the NuClide Visor tool family. Catches stale tool binaries before a survey starts.

release license go NuClide

FeaturesInstallationUsageStatusManifestSessionStart

The NuClide toolchain spans 15 binaries across independent repos, each on its own release cadence. The methodology assumes installed versions match the canonical ones. In practice they drift: a machine that installed once and never updated silently runs wrong fingerprints, wrong module rankings, wrong compliance scores. visor catches that before a survey starts.

It probes each binary's version flag, compares the result against an embedded manifest, and prints a status table: OK, STALE, UNKNOWN, or MISSING, with an upgrade command for every non-OK row.

Features

  • Probes 15 tracked NuClide binaries (aimap, bare, cortex, jaxen, menlohunt, nu-recon, recongraph, visorbishop, visorgoose, visorgraph, visorlog, visorplus, visorrag, visorscuba, visorsd)
  • Manifest embedded at build time. No network access at runtime
  • Status taxonomy: OK, STALE, UNKNOWN, MISSING
  • Per-tool upgrade hints for every non-OK row
  • --exit-on-stale for CI and SessionStart hook integration
  • JSON output for both versions and list
  • Single static binary, standard library only, no dependencies

Installation

go install github.com/nuclide-research/visor/cmd/visor@latest

Or build from source:

git clone https://github.com/nuclide-research/visor
cd visor
go build -o /usr/local/bin/visor ./cmd/visor

Go 1.21 or later.

Usage

visor versions              # probe all tracked tools; print status table
visor list                  # list the manifest inventory (version + repo per tool)
visor version               # print visor's own version
visor help                  # print help

versions flags

Flag Effect
--json emit JSON instead of the human-readable table
--no-color disable ANSI color (auto-set when stdout is not a TTY)
--exit-on-stale exit non-zero if any tool is stale or missing (for CI / SessionStart hooks)
--timeout DUR per-tool probe timeout (default 5s; takes a unit, e.g. 10s, 1m)

list flags

Flag Effect
--json emit JSON array instead of the human-readable table

Status taxonomy

Status Meaning
OK On PATH, version detected, matches canonical
STALE On PATH, version detected, does not match canonical; upgrade hint shown
UNKNOWN On PATH but version probe inconclusive; regex did not match output
MISSING Not on PATH; install hint shown

Manifest

The manifest is embedded at build time from internal/manifest/manifest.go. Each entry records a binary name, the canonical version, the version-flag argument (or empty string for banner parse), a regex to extract the version string from binary output, the source repo, and a one-line install command.

JSON output of visor list:

[
  {"name":"aimap","canonical":"v1.9.22","repo":"github.com/nuclide-research/aimap","install":"go install github.com/nuclide-research/aimap@latest"}
]

JSON output of visor versions (one object per tool):

[
  {"name":"aimap","status":"STALE","detected":"1.8","canonical":"v1.9.22","path":"/home/user/go/bin/aimap","repo":"github.com/nuclide-research/aimap","install_hint":"go install github.com/nuclide-research/aimap@latest","probe_err":""}
]

Example

TOOL            STATUS    DETECTED      CANONICAL     PATH / NOTE
────────────────────────────────────────────────────────────────────────────────────────────
aimap           STALE     1.8           v1.9.22       /home/user/go/bin/aimap   upgrade: go install github.com/nuclide-research/aimap@latest
bare            STALE     0.1.0         0.2.0         /home/user/.local/bin/bare   upgrade: cargo install ...
cortex          MISSING   .             v2.0.0        install: go install github.com/nuclide-research/cortex-framework@latest
jaxen           OK        v0.2.0        v0.2.0        /home/user/go/bin/jaxen
visorgraph      OK        1.0.0         v1.0.0        /home/user/go/bin/visorgraph
visorlog        OK        v0.2.0        v0.2.0        /home/user/go/bin/visorlog

summary: 4 OK, 2 STALE, 1 UNKNOWN, 1 MISSING (of 15 tracked)

SessionStart hook

Wire visor into a SessionStart hook so drift surfaces before a survey starts, not 22 minutes into it.

~/.claude/settings.json:

{
  "hooks": {
    "SessionStart": [
      "visor versions --exit-on-stale --no-color"
    ]
  }
}

The hook prints the table and exits non-zero if anything is stale or missing.

Bumping the manifest

Edit the Manifest slice in internal/manifest/manifest.go, then go build and redistribute the binary. The manifest is embedded at build time; no network access is needed at runtime.

What visor is not

visor does not install or upgrade tools. It detects and reports drift. It does not orchestrate surveys or run any Visor tools. It reads no external services; the manifest is compiled in.

Our other projects

  • aimap, AI/ML infrastructure fingerprint scanner
  • scanner, full-handshake banner stage between passive discovery and deep enumeration
  • VisorLog, finding ledger and ingest pipeline
  • VisorGraph, cert-pivot to operator attribution
  • BARE, semantic exploit-module ranking over scanner findings

License

MIT. Part of the NuClide toolchain. Contact: nuclide-research.com

About

Umbrella CLI for the NuClide Visor tool family. Catches stale or missing tool binaries before a survey starts.

nuclide-research.com

Topics

cli golang devtools version-check nuclide visor security-research ai-security drift-detection security-tooling tool-management toolchain-manager version-manifest llm-security session-start-hook embedded-manifest

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages