# blackveil-dns - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 blackveil-dns 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**：README 或插件配置提到多个宿主 AI。 证据：`README.md` Claim：`clm_0002` supported 0.86

## 它能做什么

- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md` Claim：`clm_0001` supported 0.86

## 怎么开始

- `claude mcp add --transport http blackveil-dns https://dns-mcp.blackveilsecurity.com/mcp` 证据：`README.md` Claim：`clm_0003` supported 0.86
- `curl https://dns-mcp.blackveilsecurity.com/health` 证据：`README.md` Claim：`clm_0004` supported 0.86
- `npm install @blackveil/dns-checks` 证据：`packages/dns-checks/README.md` Claim：`clm_0005` supported 0.86
- `npx vitest run test/check-spf.spec.ts       # Single spec` 证据：`CLAUDE.md` Claim：`clm_0006` supported 0.86
- `npx wrangler dev                            # localhost:8787` 证据：`CLAUDE.md` Claim：`clm_0007` supported 0.86

## 继续前判断卡

- **当前建议**：需要管理员/安全审批
- **为什么**：继续前可能涉及密钥、账号、外部服务或敏感上下文，建议先经过管理员或安全审批。

### 30 秒判断

- **现在怎么做**：需要管理员/安全审批
- **最小安全下一步**：先跑 Prompt Preview；若涉及凭证或企业环境，先审批再试装
- **先别相信**：角色质量和任务匹配不能直接相信。
- **继续会触碰**：角色选择偏差、命令执行、宿主 AI 配置

### 现在可以相信

- **适合人群线索：正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`README.md` Claim：`clm_0002` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md` Claim：`clm_0001` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`README.md` Claim：`clm_0003` supported 0.86

### 现在还不能相信

- **角色质量和任务匹配不能直接相信。**（unverified）：角色库证明有很多角色，不证明每个角色都适合你的具体任务，也不证明角色能产生高质量结果。
- **不能把角色文案当成真实执行能力。**（unverified）：安装前只能判断角色描述和任务画像是否匹配，不能证明它能在宿主 AI 里完成任务。
- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。 证据：`AGENTS.md`, `CLAUDE.md`
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。

### 继续会触碰什么

- **角色选择偏差**：用户对任务应该由哪个专家角色处理的判断。 原因：选错角色会让 AI 从错误专业视角回答，浪费时间或误导决策。
- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md`
- **宿主 AI 配置**：Claude/Codex/Cursor/Gemini/OpenCode 等宿主的 plugin、Skill 或规则加载配置。 原因：宿主配置会改变 AI 后续工作方式，可能和用户已有规则冲突。 证据：`AGENTS.md`, `CLAUDE.md`
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md`
- **环境变量 / API Key**：项目入口文档明确出现 API key、token、secret 或账号凭证配置。 原因：如果真实安装需要凭证，应先使用测试凭证并经过权限/合规判断。 证据：`.github/copilot-instructions.md`, `.github/instructions/security.instructions.md`, `CHANGELOG.md`, `CLAUDE.md` 等
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：先用交互式试用验证任务画像和角色匹配，不要先导入整套角色库。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **先备份宿主 AI 配置**：Skill、plugin、规则文件可能改变 Claude/Cursor/Codex 的默认行为。（适用：存在插件 manifest、Skill 或宿主规则入口时。）
- **不要使用真实生产凭证**：环境变量/API key 一旦进入宿主或工具链，可能产生账号和合规风险。（适用：出现 API、TOKEN、KEY、SECRET 等环境线索时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **准备移除宿主 plugin / Skill / 规则入口**：如果试装后行为异常，可以把宿主 AI 恢复到试装前状态。
- **保留原始角色选择记录**：如果输出偏题，可以回到任务画像阶段重新选择角色，而不是继续沿着错误角色推进。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **准备撤销测试 API key 或 token**：测试凭证泄露或误用时，可以快速止损。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0008` inferred 0.45
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md` Claim：`clm_0009` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`CLAUDE.md`, `README.md`, `packages/dns-checks/README.md` Claim：`clm_0001` supported 0.86

### 上下文规模

- 文件总数：906
- 重要文件覆盖：40/906
- 证据索引条目：80
- 角色 / Skill 条目：29

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 blackveil-dns 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 blackveil-dns 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 blackveil-dns 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```


## 角色 / Skill 索引

- 共索引 29 个角色 / Skill / 项目文档条目。

- **Repository Guidelines**（project_doc）：Project Structure & Module Organization 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`AGENTS.md`
- **CLAUDE.md**（project_doc）：Guidance for Claude Code working in this repo. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CLAUDE.md`
- **BLACK V EIL DNS**（project_doc）：Source-available DNS & email security scanner for Claude, Cursor, VS Code, and MCP clients across Streamable HTTP, stdio, and legacy HTTP+SSE. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`README.md`
- **Blackveil DNS - Slack/Discord Weekly Reporter**（project_doc）：Blackveil DNS - Slack/Discord Weekly Reporter 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`examples/slack-discord-webhook/README.md`
- **Blackveil DNS — MCP Security Scanner**（project_doc）：Blackveil DNS — MCP Security Scanner 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`extensions/vscode/README.md`
- **@blackveil/dns-checks**（project_doc）：DNS and email security check implementations for BlackVeil Security https://blackveilsecurity.com . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`packages/dns-checks/README.md`
- **OAuth Production Smoke Probe Runbook**（project_doc）：OAuth Production Smoke Probe Runbook 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`scripts/oauth/README.md`
- **Contributing to Blackveil DNS**（project_doc）：Thanks for your interest in contributing! Blackveil DNS is a source-available DNS & email security scanner exposed as an MCP server. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CONTRIBUTING.md`
- **Client Setup**（project_doc）：This document defines MCP client integration for bv-mcp . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/client-setup.md`
- **GitHub repository settings**（project_doc）：These settings must be configured manually in the GitHub web UI. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/github-settings.md`
- **Scoring Methodology**（project_doc）：Canonical scoring reference for scan domain results. Aligned with scoring v2 three-tier model. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/scoring.md`
- **Documentation Style Guide**（project_doc）：This guide defines the writing conventions for README.md and files under docs/ . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/style-guide.md`
- **Tenant Operations Runbook**（project_doc）：Public-safe reference for the tenant pipeline. Keep real tenant IDs, customer names, Cloudflare resource IDs, private queue/database names, and emergency procedures in ignored operator notes, not in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/tenant-ops-runbook.md`
- **Troubleshooting**（project_doc）：Operational runbook for common MCP integration and request failures. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/troubleshooting.md`
- **Brand-Audit Binding Provisioning**（project_doc）：Public-safe checklist for the brand audit batch start async path. Keep real Cloudflare database IDs, queue names, bucket names, service names, and account details in ignored deployment notes. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/provisioning/brand-audit-bindings.md`
- **Summary**（project_doc）：- Bug fix - New feature - Security fix - Refactor / cleanup - Documentation - CI / tooling 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/PULL_REQUEST_TEMPLATE.md`
- **Project Guidelines**（project_doc）：Build and Test - Install dependencies: npm ci - Build package and CLI bundle: npm run build - Build subpackage: npm -w packages/dns-checks run build - Run local Worker dev server: npx wrangler dev - Run tests Workers runtime : npm test - Run subpackage tests: npm -w packages/dns-checks run test - Run single test file: npx vitest run test/check-spf.spec.ts - Run chaos test all 9 MCP client types : python3 scripts/cha… 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/copilot-instructions.md`
- **Changelog**（project_doc）：All notable changes to this project will be documented in this file. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CHANGELOG.md`
- **Contributor Covenant Code of Conduct**（project_doc）：Contributor Covenant Code of Conduct 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CODE_OF_CONDUCT.md`
- **Security Policy**（project_doc）：Version Supported --------- ----------- 2.x Yes < 2.0 No 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SECURITY.md`
- **Support**（project_doc）：- Troubleshooting : See docs/troubleshooting.md docs/troubleshooting.md for common issues, error codes, and manual request examples. - Client setup : See docs/client-setup.md docs/client-setup.md for VS Code, Claude Desktop, Claude Code, and Cursor configuration. - Scoring and coverage : See docs/scoring.md docs/scoring.md for how checks are scored and what they cover. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SUPPORT.md`
- **Asset Discovery Integration & Documentation Update**（project_doc）：Asset Discovery Integration & Documentation Update 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`conductor/asset-discovery.md`
- **TDD Plan: Enterprise PDF Engine Playwright Integration**（project_doc）：TDD Plan: Enterprise PDF Engine Playwright Integration 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`conductor/pdf-engine-tdd.md`
- **Scan Orchestration**（project_doc）：Use when modifying scan domain orchestration, maturity staging, post-processing adjustments, partial timeout handling, or scan report formatting in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/instructions/scan-orchestration.instructions.md`
- **Zod Schema Conventions**（project_doc）：Use when editing or creating Zod schemas, adding tool argument validation, modifying enum normalization, or deriving MCP inputSchema in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/instructions/schemas.instructions.md`
- **Security Context**（project_doc）：Use when performing security audits, reviewing code for vulnerabilities, triaging findings, or assessing OWASP compliance in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/instructions/security.instructions.md`
- **MCP Tool Implementation**（project_doc）：Use when adding or modifying MCP tools, DNS checks, schemas, handlers, scan orchestration, or scoring-related findings in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/instructions/tools.instructions.md`
- **Changelog**（project_doc）：Added - Initial release with 44 MCP tools for DNS & email security scanning - Automatic MCP server registration via contributes.mcpServers - Works with GitHub Copilot Chat — no configuration required for free tier 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`extensions/vscode/CHANGELOG.md`
- **Test Patterns**（project_doc）：Use when editing or creating test files, fixing flaky tests, writing DNS mocks, or validating cache and session behavior in this repository. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`.github/instructions/tests.instructions.md`

## 证据索引

- 共索引 80 条证据。

- **Repository Guidelines**（documentation）：Project Structure & Module Organization 证据：`AGENTS.md`
- **CLAUDE.md**（documentation）：Guidance for Claude Code working in this repo. 证据：`CLAUDE.md`
- **BLACK V EIL DNS**（documentation）：Source-available DNS & email security scanner for Claude, Cursor, VS Code, and MCP clients across Streamable HTTP, stdio, and legacy HTTP+SSE. 证据：`README.md`
- **Blackveil DNS - Slack/Discord Weekly Reporter**（documentation）：Blackveil DNS - Slack/Discord Weekly Reporter 证据：`examples/slack-discord-webhook/README.md`
- **Blackveil DNS — MCP Security Scanner**（documentation）：Blackveil DNS — MCP Security Scanner 证据：`extensions/vscode/README.md`
- **@blackveil/dns-checks**（documentation）：DNS and email security check implementations for BlackVeil Security https://blackveilsecurity.com . 证据：`packages/dns-checks/README.md`
- **OAuth Production Smoke Probe Runbook**（documentation）：OAuth Production Smoke Probe Runbook 证据：`scripts/oauth/README.md`
- **Package**（package_manifest）：{ "name": "blackveil-dns", "version": "2.25.0", "license": "BUSL-1.1", "type": "module", "bin": { "blackveil-dns-mcp": "dist/stdio.js" }, "files": "dist", "LICENSE", "README.md" , "engines": { "node": " =22.0.0" }, "repository": { "type": "git", "url": "git+https://github.com/MadaBurns/bv-mcp.git" }, "mcpName": "com.blackveilsecurity/dns", "bugs": { "url": "https://github.com/MadaBurns/bv-mcp/issues" }, "homepage": "https://github.com/MadaBurns/bv-mcp readme", "workspaces": "packages/ " , "scripts": { "build": "tsup", "build:wasm": "cd crates/bv-wasm-core && wasm-pack build --target web", "deploy:prod": "node scripts/inject-private-config.cjs && npx wrangler deploy --minify --config wrangle… 证据：`package.json`
- **Contributing to Blackveil DNS**（documentation）：Thanks for your interest in contributing! Blackveil DNS is a source-available DNS & email security scanner exposed as an MCP server. 证据：`CONTRIBUTING.md`
- **Package**（package_manifest）：{ "name": "blackveil-dns", "displayName": "Blackveil DNS — MCP Security Scanner", "description": "44 DNS & email security tools for GitHub Copilot Chat via MCP. Scan SPF, DMARC, DKIM, DNSSEC, SSL, MTA-STS, and more — no install, no API key required.", "version": "1.0.0", "publisher": "BlackveilSecurity", "license": "BUSL-1.1", "icon": "icon.png", "repository": { "type": "git", "url": "https://github.com/MadaBurns/bv-mcp.git", "directory": "extensions/vscode" }, "homepage": "https://blackveilsecurity.com", "bugs": { "url": "https://github.com/MadaBurns/bv-mcp/issues" }, "categories": "AI", "Linters", "Other" , "keywords": "mcp", "dns", "security", "email", "copilot", "dmarc", "spf", "dkim",… 证据：`extensions/vscode/package.json`
- **Package**（package_manifest）：{ "name": "@blackveil/bv-whois", "version": "0.1.0", "description": "WHOIS-over-TCP/43 to HTTPS shim Worker for the bv-mcp RDAP fallback path", "license": "BUSL-1.1", "private": true, "type": "module", "scripts": { "test": "vitest run", "typecheck": "tsc --noEmit", "dev": "wrangler dev", "deploy": "wrangler deploy" }, "dependencies": { "@blackveil/dns-checks": " ", "hono": "^4.12.21", "zod": "^4.3.6" }, "devDependencies": { "@cloudflare/vitest-pool-workers": "^0.16.7", "@cloudflare/workers-types": "^4.20260521.1", "typescript": "^5.0.0", "vitest": "4.1.6", "wrangler": "^4.93.0" } } 证据：`packages/bv-whois/package.json`
- **Package**（package_manifest）：{ "name": "@blackveil/dns-checks", "version": "1.1.3", "description": "Runtime-agnostic DNS and email security checks 16 checks + scoring engine for BlackVeil Security", "license": "BUSL-1.1", "type": "module", "main": "dist/index.js", "types": "dist/index.d.ts", "exports": { ".": { "import": "./dist/index.js", "types": "./dist/index.d.ts" }, "./scoring": { "import": "./dist/scoring/index.js", "types": "./dist/scoring/index.d.ts" }, "./whois": { "import": "./dist/whois/index.js", "types": "./dist/whois/index.d.ts" } }, "files": "dist", "LICENSE", "README.md" , "scripts": { "build": "tsup", "test": "vitest run", "typecheck": "tsc --noEmit" }, "repository": { "type": "git", "url": "git+https:… 证据：`packages/dns-checks/package.json`
- **License**（source_file）：Licensor: BLACKVEIL Security Licensed Work: Blackveil DNS The Licensed Work is c 2025-2026 BLACKVEIL Security Additional Use Grant: You may make non-commercial use of the Licensed Work. "Non-commercial use" means use that is not intended for or directed toward commercial advantage or monetary compensation. For the avoidance of doubt, providing the Licensed Work as a hosted service to third parties for a fee, or embedding the Licensed Work in a commercial product, constitutes commercial use. 证据：`LICENSE`
- **License**（source_file）：Licensor: BLACKVEIL Security Licensed Work: Blackveil DNS The Licensed Work is c 2025-2026 BLACKVEIL Security Additional Use Grant: You may make non-commercial use of the Licensed Work. "Non-commercial use" means use that is not intended for or directed toward commercial advantage or monetary compensation. For the avoidance of doubt, providing the Licensed Work as a hosted service to third parties for a fee, or embedding the Licensed Work in a commercial product, constitutes commercial use. 证据：`extensions/vscode/LICENSE`
- **License**（source_file）：Licensor: BLACKVEIL Security Licensed Work: Blackveil DNS v1.3.0 The Licensed Work is c 2026 BLACKVEIL Security Additional Use Grant: You may make non-commercial use of the Licensed Work. "Non-commercial use" means use that is not intended for or directed toward commercial advantage or monetary compensation. For the avoidance of doubt, providing the Licensed Work as a hosted service to third parties for a fee, or embedding the Licensed Work in a commercial product, constitutes commercial use. 证据：`packages/dns-checks/LICENSE`
- **Client Setup**（documentation）：This document defines MCP client integration for bv-mcp . 证据：`docs/client-setup.md`
- **GitHub repository settings**（documentation）：These settings must be configured manually in the GitHub web UI. 证据：`docs/github-settings.md`
- **Scoring Methodology**（documentation）：Canonical scoring reference for scan domain results. Aligned with scoring v2 three-tier model. 证据：`docs/scoring.md`
- **Documentation Style Guide**（documentation）：This guide defines the writing conventions for README.md and files under docs/ . 证据：`docs/style-guide.md`
- **Tenant Operations Runbook**（documentation）：Public-safe reference for the tenant pipeline. Keep real tenant IDs, customer names, Cloudflare resource IDs, private queue/database names, and emergency procedures in ignored operator notes, not in this repository. 证据：`docs/tenant-ops-runbook.md`
- **Troubleshooting**（documentation）：Operational runbook for common MCP integration and request failures. 证据：`docs/troubleshooting.md`
- **Brand-Audit Binding Provisioning**（documentation）：Public-safe checklist for the brand audit batch start async path. Keep real Cloudflare database IDs, queue names, bucket names, service names, and account details in ignored deployment notes. 证据：`docs/provisioning/brand-audit-bindings.md`
- **Summary**（documentation）：- Bug fix - New feature - Security fix - Refactor / cleanup - Documentation - CI / tooling 证据：`.github/PULL_REQUEST_TEMPLATE.md`
- **Project Guidelines**（documentation）：Build and Test - Install dependencies: npm ci - Build package and CLI bundle: npm run build - Build subpackage: npm -w packages/dns-checks run build - Run local Worker dev server: npx wrangler dev - Run tests Workers runtime : npm test - Run subpackage tests: npm -w packages/dns-checks run test - Run single test file: npx vitest run test/check-spf.spec.ts - Run chaos test all 9 MCP client types : python3 scripts/chaos/chaos-test-clients.py - Typecheck: npm run typecheck - Typecheck subpackage: npm -w packages/dns-checks run typecheck - Lint: npm run lint - Auto-fix lint issues: npm run lint:fix - Enable pre-commit hooks: git config core.hooksPath .githooks - Deploy production worker config:… 证据：`.github/copilot-instructions.md`
- **Changelog**（documentation）：All notable changes to this project will be documented in this file. 证据：`CHANGELOG.md`
- **Contributor Covenant Code of Conduct**（documentation）：Contributor Covenant Code of Conduct 证据：`CODE_OF_CONDUCT.md`
- **Security Policy**（documentation）：Version Supported --------- ----------- 2.x Yes < 2.0 No 证据：`SECURITY.md`
- **Support**（documentation）：- Troubleshooting : See docs/troubleshooting.md docs/troubleshooting.md for common issues, error codes, and manual request examples. - Client setup : See docs/client-setup.md docs/client-setup.md for VS Code, Claude Desktop, Claude Code, and Cursor configuration. - Scoring and coverage : See docs/scoring.md docs/scoring.md for how checks are scored and what they cover. 证据：`SUPPORT.md`
- **Asset Discovery Integration & Documentation Update**（documentation）：Asset Discovery Integration & Documentation Update 证据：`conductor/asset-discovery.md`
- **TDD Plan: Enterprise PDF Engine Playwright Integration**（documentation）：TDD Plan: Enterprise PDF Engine Playwright Integration 证据：`conductor/pdf-engine-tdd.md`
- **Scan Orchestration**（documentation）：scan domain runs the standard mail/web scan categories in parallel via Promise.allSettled : checkSpf , checkDmarc , checkDkim , checkDnssec , checkSsl , checkMtaSts , checkNs , checkCaa , checkBimi , checkTlsrpt , checkSubdomainTakeover , checkMx , checkHttpSecurity , checkDane , checkDaneHttps , checkSvcbHttps , checkSubdomailing 证据：`.github/instructions/scan-orchestration.instructions.md`
- **Zod Schema Conventions**（documentation）：- Tool argument schemas: src/schemas/tool-args.ts TOOL SCHEMA MAP - Tool definitions MCP tools/list : src/schemas/tool-definitions.ts TOOLS array, TOOL DEFS - Shared primitives: src/schemas/primitives.ts DomainSchema , SessionIdSchema , FormatSchema , ProfileSchema - src/handlers/tool-schemas.ts is a deprecated re-export shim — do not add new schemas there 证据：`.github/instructions/schemas.instructions.md`
- **Security Context & Threat Model**（documentation）：Operator-controlled inputs NOT attacker-controlled : - All environment variables BV DOH ENDPOINT , PROVIDER SIGNATURES URL , BV API KEY , ALLOWED ORIGINS , SCORING CONFIG , etc. are set by the deployer via wrangler.jsonc — they are NOT user/attacker input. Do not flag these as injection vectors. - PROVIDER SIGNATURES URL is additionally validated at runtime via validateRuntimeSourceUrl with allowlist and SHA-256 pinning. 证据：`.github/instructions/security.instructions.md`
- **MCP Tool Implementation**（documentation）：- Validate and normalize all domain input with validateDomain and sanitizeDomain from src/lib/sanitize.ts . - Build findings and results with createFinding and buildCheckResult from src/lib/scoring.ts . - Do not manually construct finding objects. - Keep public error messages client-safe and prefixed with approved safe prefixes such as Missing required or Invalid . - Preserve Cloudflare Workers compatibility. Avoid Node-only runtime APIs. - Return responses via buildToolContent text, structuredData, format from src/handlers/tool-formatters.ts . Full-format mode appends structured JSON automatically. - Never hardcode secrets in tool code, tests, fixtures, scripts, or docs. Use env vars/secre… 证据：`.github/instructions/tools.instructions.md`
- **Changelog**（documentation）：Added - Initial release with 44 MCP tools for DNS & email security scanning - Automatic MCP server registration via contributes.mcpServers - Works with GitHub Copilot Chat — no configuration required for free tier 证据：`extensions/vscode/CHANGELOG.md`
- **Settings**（structured_config）：{ "hooks": { "PostToolUse": { "matcher": "Write Edit", "hooks": { "type": "command", "command": "jq -r '.tool input.file path // .tool response.filePath // empty' { read -r f; case \"$f\" in .ts npx eslint --no-error-on-unmatched-pattern \"$f\" 2 /dev/null true;; esac; }", "timeout": 15, "statusMessage": "Linting..." } }, { "matcher": "Bash", "hooks": { "type": "command", "if": "Bash git commit: ", "command": "node -e \"const p=require './package.json' ;const s=require 'fs' .readFileSync 'src/lib/server-version.ts','utf8' ;const m=s.match /SERVER VERSION = ' ^' + '/ ;if !m {console.log JSON.stringify {systemMessage:'WARNING: Cannot parse SERVER VERSION from src/lib/server-version.ts'} ;}els… 证据：`.claude/settings.json`
- **Devcontainer**（structured_config）：{ "name": "bv-mcp Cloudflare Worker DevContainer", "build": { "dockerfile": "Dockerfile" }, "postCreateCommand": "npm install", "forwardPorts": 8787 , "features": {}, "settings": { "terminal.integrated.defaultProfile.linux": "zsh" }, "extensions": "esbenp.prettier-vscode", "dbaeumer.vscode-eslint", "cloudflare.cloudflare-vscode", "ms-vscode.vscode-typescript-next" } 证据：`.devcontainer/devcontainer.json`
- **Config**（structured_config）：{ "scripts": { "name": "build", "command": "npm run build", "mode": "command", "category": "build" }, { "name": "dev", "command": "npm run dev", "mode": "service", "category": "dev" }, { "name": "deploy:private", "command": "npm run deploy:private", "mode": "command", "category": "other" }, { "name": "mcp:stdio", "command": "npm run mcp:stdio", "mode": "command", "category": "other" }, { "name": "start", "command": "npm run start", "mode": "service", "category": "dev" }, { "name": "prepack", "command": "npm run prepack", "mode": "command", "category": "other" }, { "name": "validate:internal-deps", "command": "npm run validate:internal-deps", "mode": "command", "category": "other" }, { "name… 证据：`.intent/config.json`
- **.Mcp**（structured_config）：{ "mcpServers": { "blackveil-dns": { "type": "http", "url": "https://dns-mcp.blackveilsecurity.com/mcp" } } } 证据：`.mcp.json`
- **Server**（structured_config）：{ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "com.blackveilsecurity/dns", "description": "DNS and email security scanner with 59 MCP tools for SPF, DMARC, DNSSEC, SSL, and brand audits.", "repository": { "url": "https://github.com/MadaBurns/bv-mcp", "source": "github" }, "version": "2.25.0", "packages": { "registryType": "npm", "identifier": "blackveil-dns", "version": "2.25.0", "transport": { "type": "stdio" }, "environmentVariables": { "description": "Blackveil API key optional \u2014 free tier works without ", "isRequired": false, "format": "string", "isSecret": true, "name": "BV API KEY" } } , "remotes": { "type": "streamable-http"… 证据：`server.json`
- **Tsconfig**（structured_config）：{ "extends": "../tsconfig.json", "compilerOptions": { "types": "@cloudflare/vitest-pool-workers" }, "include": "./ / .ts", "../worker-configuration.d.ts" , "exclude": } 证据：`test/tsconfig.json`
- **Tsconfig**（structured_config）：{ "compilerOptions": { / Visit https://aka.ms/tsconfig.json to read more about this file / 证据：`tsconfig.json`
- **Tsconfig**（structured_config）：{ "compilerOptions": { "target": "ES2022", "module": "ESNext", "moduleResolution": "Bundler", "lib": "ES2022" , "types": "@cloudflare/workers-types" , "strict": true, "isolatedModules": true, "esModuleInterop": true, "skipLibCheck": true, "resolveJsonModule": true, "noEmit": true, "jsx": "preserve", "allowSyntheticDefaultImports": true, "forceConsistentCasingInFileNames": true }, "include": "src/ / .ts" } 证据：`packages/bv-whois/tsconfig.json`
- **Tsconfig**（structured_config）：{ "compilerOptions": { "target": "ES2024", "module": "ES2022", "moduleResolution": "bundler", "strict": true, "skipLibCheck": true, "declaration": true, "outDir": "dist", "rootDir": "src", "lib": "es2022", "dom" }, "include": "src/ / .ts" , "exclude": "src/ / tests / " } 证据：`packages/dns-checks/tsconfig.json`
- **Policy**（structured_config）：{ "forbiddenPaths": ".dev/", ".dev.vars", ".dev.vars.", ".mcp-registry-key.pem", ".npmrc", "wrangler.production.jsonc", "reports/", ".reports/", " .pdf", " .env", " .env. ", " .sqlite", " .sqlite3", " .db", "scripts/tranco- .json", "reports/tenant-readiness-proof.html", "reports/tenant-calibration- .json", "reports/tenant- .json", "reports/repo-audit- .html" , "sourceExtensions": ".cjs", ".css", ".html", ".js", ".json", ".jsonc", ".md", ".mjs", ".py", ".sh", ".sql", ".toml", ".ts", ".tsx", ".yaml", ".yml" , "allowedEmailDomains": "example.com", "example.test", "example.invalid", "blackveilsecurity.com", "anthropic.com" , "allowedDomainSuffixes": "example.com", "example.net", "example.org",… 证据：`scripts/repo-safety/policy.json`
- **0000 Snapshot**（structured_config）：{ "version": "6", "dialect": "sqlite", "id": "c85a8973-7fd5-4598-946c-881041b54298", "prevId": "00000000-0000-0000-0000-000000000000", "tables": { "billing events": { "name": "billing events", "columns": { "id": { "name": "id", "type": "text", "primaryKey": true, "notNull": true, "autoincrement": false }, "super tenant id": { "name": "super tenant id", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "sub tenant id": { "name": "sub tenant id", "type": "text", "primaryKey": false, "notNull": false, "autoincrement": false }, "event type": { "name": "event type", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "count": { "name": "c… 证据：`src/tenants/db/migrations/registry/meta/0000_snapshot.json`
- **0001 Snapshot**（structured_config）：{ "version": "6", "dialect": "sqlite", "id": "260958ce-4341-47f2-8b34-eefa35c42df1", "prevId": "c85a8973-7fd5-4598-946c-881041b54298", "tables": { "audit events": { "name": "audit events", "columns": { "id": { "name": "id", "type": "text", "primaryKey": true, "notNull": true, "autoincrement": false }, "timestamp": { "name": "timestamp", "type": "integer", "primaryKey": false, "notNull": true, "autoincrement": false }, "actor principal": { "name": "actor principal", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "actor tier": { "name": "actor tier", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "super tenant id": { "name": "s… 证据：`src/tenants/db/migrations/registry/meta/0001_snapshot.json`
- **0002 Snapshot**（structured_config）：{ "version": "6", "dialect": "sqlite", "id": "dc96d292-2998-4ce4-a306-356a0958f82a", "prevId": "260958ce-4341-47f2-8b34-eefa35c42df1", "tables": { "audit events": { "name": "audit events", "columns": { "id": { "name": "id", "type": "text", "primaryKey": true, "notNull": true, "autoincrement": false }, "timestamp": { "name": "timestamp", "type": "integer", "primaryKey": false, "notNull": true, "autoincrement": false }, "actor principal": { "name": "actor principal", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "actor tier": { "name": "actor tier", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "super tenant id": { "name": "s… 证据：`src/tenants/db/migrations/registry/meta/0002_snapshot.json`
- **Journal**（structured_config）：{ "version": "7", "dialect": "sqlite", "entries": { "idx": 0, "version": "6", "when": 1778296780215, "tag": "0000 minor skaar", "breakpoints": true }, { "idx": 1, "version": "6", "when": 1778322158640, "tag": "0001 wet warhawk", "breakpoints": true }, { "idx": 2, "version": "6", "when": 1778329285961, "tag": "0002 big speedball", "breakpoints": true } } 证据：`src/tenants/db/migrations/registry/meta/_journal.json`
- **0000 Snapshot**（structured_config）：{ "version": "6", "dialect": "sqlite", "id": "ab1dc5ff-e3a7-4c05-8806-68e6fe423bcc", "prevId": "00000000-0000-0000-0000-000000000000", "tables": { "alerts": { "name": "alerts", "columns": { "id": { "name": "id", "type": "text", "primaryKey": true, "notNull": true, "autoincrement": false }, "domain": { "name": "domain", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "alert type": { "name": "alert type", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "triggered at": { "name": "triggered at", "type": "integer", "primaryKey": false, "notNull": true, "autoincrement": false }, "resolved at": { "name": "resolved at", "type": "intege… 证据：`src/tenants/db/migrations/tenant/meta/0000_snapshot.json`
- **0001 Snapshot**（structured_config）：{ "version": "6", "dialect": "sqlite", "id": "a7faeacc-a4a4-49e5-9986-3a15d757ead9", "prevId": "ab1dc5ff-e3a7-4c05-8806-68e6fe423bcc", "tables": { "alerts": { "name": "alerts", "columns": { "id": { "name": "id", "type": "text", "primaryKey": true, "notNull": true, "autoincrement": false }, "domain": { "name": "domain", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "alert type": { "name": "alert type", "type": "text", "primaryKey": false, "notNull": true, "autoincrement": false }, "triggered at": { "name": "triggered at", "type": "integer", "primaryKey": false, "notNull": true, "autoincrement": false }, "resolved at": { "name": "resolved at", "type": "intege… 证据：`src/tenants/db/migrations/tenant/meta/0001_snapshot.json`
- **Journal**（structured_config）：{ "version": "7", "dialect": "sqlite", "entries": { "idx": 0, "version": "6", "when": 1778296780784, "tag": "0000 clear clea", "breakpoints": true }, { "idx": 1, "version": "6", "when": 1778329286706, "tag": "0001 clumsy master mold", "breakpoints": true } } 证据：`src/tenants/db/migrations/tenant/meta/_journal.json`
- **Batch Test**（structured_config）：{ "mode": "queue", "domains": "tenant-seed-001.example.test" , "concurrency": 1 } 证据：`test/data/batch_test.json`
- **Domains**（structured_config）：{ "results": { "domain": "tenant-seed-001.example.test" }, { "domain": "tenant-seed-002.example.test" }, { "domain": "tenant-seed-003.example.test" }, { "domain": "tenant-seed-004.example.test" }, { "domain": "tenant-seed-005.example.test" }, { "domain": "tenant-seed-006.example.test" }, { "domain": "tenant-seed-007.example.test" }, { "domain": "tenant-seed-008.example.test" }, { "domain": "tenant-seed-009.example.test" }, { "domain": "tenant-seed-010.example.test" }, { "domain": "tenant-seed-011.example.test" }, { "domain": "tenant-seed-012.example.test" }, { "domain": "tenant-seed-013.example.test" }, { "domain": "tenant-seed-014.example.test" }, { "domain": "tenant-seed-015.example.test"… 证据：`test/data/domains.json`
- **Rescan Batch**（structured_config）：{ "mode": "queue", "domains": "tenant-seed-001.example.test", "tenant-seed-002.example.test", "tenant-seed-003.example.test", "tenant-seed-004.example.test", "tenant-seed-005.example.test", "tenant-seed-006.example.test", "tenant-seed-007.example.test", "tenant-seed-008.example.test", "tenant-seed-009.example.test", "tenant-seed-010.example.test", "tenant-seed-011.example.test", "tenant-seed-012.example.test", "tenant-seed-013.example.test", "tenant-seed-014.example.test", "tenant-seed-015.example.test", "tenant-seed-016.example.test", "tenant-seed-017.example.test", "tenant-seed-018.example.test", "tenant-seed-019.example.test", "tenant-seed-020.example.test", "tenant-seed-021.example.test… 证据：`test/data/rescan_batch.json`
- **Sync Test**（structured_config）：{ "mode": "sync", "domains": "tenant-seed-001.example.test" , "concurrency": 1 } 证据：`test/data/sync_test.json`
- **Temp Sync Batch**（structured_config）：{ "mode": "sync", "domains": "tenant-seed-001.example.test", "tenant-seed-002.example.test", "tenant-seed-003.example.test", "tenant-seed-004.example.test", "tenant-seed-005.example.test", "tenant-seed-006.example.test", "tenant-seed-007.example.test", "tenant-seed-008.example.test", "tenant-seed-009.example.test", "tenant-seed-010.example.test", "tenant-seed-011.example.test", "tenant-seed-012.example.test", "tenant-seed-013.example.test", "tenant-seed-014.example.test", "tenant-seed-015.example.test", "tenant-seed-016.example.test", "tenant-seed-017.example.test", "tenant-seed-018.example.test", "tenant-seed-019.example.test", "tenant-seed-020.example.test", "tenant-seed-021.example.test"… 证据：`test/data/temp_sync_batch.json`
- **Asset Discovery Corpus**（structured_config）：{ "seed": "blackveilsecurity.com", "groundTruth": { "subdomains": "www.blackveilsecurity.com" , "brandDomains": { "domain": "blackveil.nz", "signals": "ns" }, { "domain": "blackveil.io", "signals": "ns" } , "shadowVariants": { "domain": "blackveilsecurity.nz", "expectedSeverity": "info" }, { "domain": "blackveilsecurity.net", "expectedSeverity": "info" } } } 证据：`test/fixtures/asset-discovery-corpus.json`
- **Ford Com Fast.Golden**（structured_config）：{ "viewVersion": 1, "anchor": { "apex": "ford.com", "primaryRegistrar": { "family": "csc corporate domains", "name": "CSC Corporate Domains, Inc.", "ianaId": "299" }, "managedByCsc": true }, "registrarPortfolio": { "totalApexes": 4, "byFamily": { "family": "csc corporate domains", "count": 3, "percent": 75, "exampleApexes": "ford.com", "ford.com.au", "ford.de" }, { "family": "godaddy", "count": 1, "percent": 25, "exampleApexes": "fordcorp.com" } , "offPortfolioCount": 1, "offPortfolioApexes": "fordcorp.com" }, "shadowItHighlights": { "apex": "fordcorp.com", "registrar": "GoDaddy.com, LLC", "combinedConfidence": 0.8, "reasons": "off-primary" , "evidence": "TXT verification reuse" } , "defens… 证据：`test/fixtures/csc-complement/ford-com-fast.golden.json`
- **Ford Com Full.Golden**（structured_config）：{ "viewVersion": 1, "anchor": { "apex": "ford.com", "primaryRegistrar": { "family": "csc corporate domains", "name": "CSC Corporate Domains, Inc.", "ianaId": "299" }, "managedByCsc": true }, "registrarPortfolio": { "totalApexes": 4, "byFamily": { "family": "csc corporate domains", "count": 3, "percent": 75, "exampleApexes": "ford.com", "ford.com.au", "ford.de" }, { "family": "godaddy", "count": 1, "percent": 25, "exampleApexes": "fordcorp.com" } , "offPortfolioCount": 1, "offPortfolioApexes": "fordcorp.com" }, "shadowItHighlights": { "apex": "fordcorp.com", "registrar": "GoDaddy.com, LLC", "combinedConfidence": 0.8, "reasons": "off-primary" , "evidence": "TXT verification reuse" } , "defens… 证据：`test/fixtures/csc-complement/ford-com-full.golden.json`
- 其余 20 条证据见 `AI_CONTEXT_PACK.json` 或 `EVIDENCE_INDEX.json`。

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`AGENTS.md`, `CLAUDE.md`, `README.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`AGENTS.md`, `CLAUDE.md`, `README.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架；踩坑日志会被转成宿主 AI 必须遵守的工作约束。

## Human Manual 骨架

使用规则：这里只是项目阅读路线和显著性信号，不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。

宿主 AI 硬性规则：
- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。
- 解释 Human Manual 骨架时，必须明确说它只是阅读路线/显著性信号。
- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。

- **仓库概览**：importance `high`
  - source_paths: README.md, package.json, .devcontainer/Dockerfile, crates/bv-wasm-core/Cargo.toml, examples/slack-discord-webhook/README.md
- **入口与运行边界**：importance `high`
  - source_paths: README.md, package.json, .devcontainer/Dockerfile, crates/bv-wasm-core/Cargo.toml, examples/slack-discord-webhook/README.md
- **架构证据地图**：importance `high`
  - source_paths: README.md, package.json, .devcontainer/Dockerfile, crates/bv-wasm-core/Cargo.toml, examples/slack-discord-webhook/README.md
- **运维与验证边界**：importance `high`
  - source_paths: README.md, package.json, .devcontainer/Dockerfile, crates/bv-wasm-core/Cargo.toml, examples/slack-discord-webhook/README.md

## Repo Inspection Evidence / 源码检查证据

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `6ec59b31c6f7a560892a2bceabdbadc344482b84`
- inspected_files: `package.json`, `README.md`, `docs/scoring.md`, `docs/troubleshooting.md`, `docs/tenant-ops-runbook.md`, `docs/github-settings.md`, `docs/client-setup.md`, `docs/style-guide.md`, `docs/provisioning/brand-audit-bindings.md`, `docs/demos/2026-05-22-ai-vendor-csc-complement-decisions.md`, `docs/demos/2026-05-22-ai-vendor-csc-complement-intro.md`, `docs/demos/2026-05-22-ai-vendor-csc-complement-findings.md`, `docs/demos/csc-package-2026-05-23/03-provenance.md`, `docs/demos/csc-package-2026-05-23/00-cover-email.md`, `docs/demos/csc-package-2026-05-23/02-walkthrough.md`, `docs/demos/csc-package-2026-05-23/01-exec-summary.md`, `examples/slack-discord-webhook/wrangler.toml`, `examples/slack-discord-webhook/README.md`, `examples/slack-discord-webhook/worker.ts`, `packages/bv-whois/vitest.config.ts`

宿主 AI 硬性规则：
- 没有 repo_clone_verified=true 时，不得声称已经读过源码。
- 没有 repo_inspection_verified=true 时，不得把 README/docs/package 文件判断写成事实。
- 没有 quick_start_verified=true 时，不得声称 Quick Start 已跑通。

## Doramagic Pitfall Constraints / 踩坑约束

这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束，而不是普通说明文字。

### Constraint 1: 仓库名和安装名不一致

- Trigger: 仓库名 `bv-mcp` 与安装入口 `blackveil-dns` 不完全一致。
- Host AI rule: 在 npm/PyPI/GitHub 上确认包名映射和官方 README 说明。
- Why it matters: 用户照着仓库名搜索包或照着包名找仓库时容易走错入口。
- Evidence: identity.distribution | mcp_registry:com.blackveilsecurity/dns:2.13.0 | https://registry.modelcontextprotocol.io/v0.1/servers/com.blackveilsecurity%2Fdns/versions/2.13.0 | repo=bv-mcp; install=blackveil-dns
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 2: 失败模式：installation: v2.15.0

- Trigger: Developers should check this installation risk before relying on the project: v2.15.0
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.15.0. Context: Observed when using node
- Why it matters: Upgrade or migration may change expected behavior: v2.15.0
- Evidence: failure_mode_cluster:github_release | fmev_9140ac651a595cd7080066734be793f0 | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.15.0 | v2.15.0
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 3: 失败模式：installation: v2.21.2

- Trigger: Developers should check this installation risk before relying on the project: v2.21.2
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.21.2. Context: Observed when using node
- Why it matters: Upgrade or migration may change expected behavior: v2.21.2
- Evidence: failure_mode_cluster:github_release | fmev_79fa7dd8e004846c272458cea5989a50 | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.21.2 | v2.21.2
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 4: 失败模式：installation: v2.21.4

- Trigger: Developers should check this installation risk before relying on the project: v2.21.4
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.21.4. Context: Observed when using node
- Why it matters: Upgrade or migration may change expected behavior: v2.21.4
- Evidence: failure_mode_cluster:github_release | fmev_79dcde979ed5a1ab616ec36d4ca908ac | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.21.4 | v2.21.4
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 5: 失败模式：configuration: v2.21.3

- Trigger: Developers should check this configuration risk before relying on the project: v2.21.3
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.21.3. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v2.21.3
- Evidence: failure_mode_cluster:github_release | fmev_880e5d019d1d59ec27e1d6e633bf8ab3 | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.21.3 | v2.21.3
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 6: 失败模式：configuration: v2.21.5

- Trigger: Developers should check this configuration risk before relying on the project: v2.21.5
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.21.5. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v2.21.5
- Evidence: failure_mode_cluster:github_release | fmev_f575125577e3d0677d78cf724ae17b86 | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.21.5 | v2.21.5
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 7: 失败模式：configuration: v2.22.0

- Trigger: Developers should check this configuration risk before relying on the project: v2.22.0
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.22.0. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v2.22.0
- Evidence: failure_mode_cluster:github_release | fmev_08bbcb6cd0b26f3592d0d91616a8f5aa | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.22.0 | v2.22.0
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 8: 失败模式：configuration: v2.24.0

- Trigger: Developers should check this configuration risk before relying on the project: v2.24.0
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.24.0. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: v2.24.0
- Evidence: failure_mode_cluster:github_release | fmev_c8ff700daeb43ed10610457d9ae0a216 | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.24.0 | v2.24.0
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 9: 能力判断依赖假设

- Trigger: README/documentation is current enough for a first validation pass.
- Host AI rule: 将假设转成下游验证清单。
- Why it matters: 假设不成立时，用户拿不到承诺的能力。
- Evidence: capability.assumptions | mcp_registry:com.blackveilsecurity/dns:2.13.0 | https://registry.modelcontextprotocol.io/v0.1/servers/com.blackveilsecurity%2Fdns/versions/2.13.0 | README/documentation is current enough for a first validation pass.
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 10: 失败模式：runtime: v2.16.0

- Trigger: Developers should check this runtime risk before relying on the project: v2.16.0
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v2.16.0. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: v2.16.0
- Evidence: failure_mode_cluster:github_release | fmev_64947b1b7d48f7a970f4c6f296b9d9db | https://github.com/MadaBurns/bv-mcp/releases/tag/v2.16.0 | v2.16.0
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。