Purpose

mg-artifact-audit collapses six passive artifact analyzers into one subcommand-routed CLI. The goal is to reduce the public tool chest without losing the useful parsing work: JavaScript, source maps, API key extraction, document metadata, APK inspection, and IPA inspection now share one binary and one harness tool pack.

The legacy harness endpoints remain available for compatibility:

EndpointSubcommand
js.analyzemg-artifact-audit js
sourcemap.fetchmg-artifact-audit sourcemap
apikey.extractmg-artifact-audit apikey
metadata.extractmg-artifact-audit metadata
apk.analyzemg-artifact-audit apk
ipa.analyzemg-artifact-audit ipa
artifact.auditmg-artifact-audit audit

CLI

# One artifact type
mg-artifact-audit js acme-bounty
mg-artifact-audit apikey acme-bounty
mg-artifact-audit sourcemap acme-bounty
mg-artifact-audit metadata acme-bounty
mg-artifact-audit apk acme-bounty --apk ./app.apk
mg-artifact-audit ipa acme-bounty --ipa ./app.ipa

# Multiple passive artifact checks in one pass
mg-artifact-audit audit acme-bounty --types js,apikey,sourcemap,metadata

Harness behavior

mg-harness routes each legacy endpoint to mg-artifact-audit with the matching subcommand. artifact.audit is the high-level endpoint for running multiple artifact analyzers in one call. All artifact-audit endpoints are passive and sit in the artifact_audit pack, visible in the default chat profile.

Why this exists

The previous sprint grew the tool list too quickly. This merge is the first cleanup slice: retire thin standalone binaries, keep their behavior as safer domain-pack subcommands, and make the AI-facing catalog easier to reason about before pruning anything destructive or noisy.

Notes

  • The retired standalone binaries are mg-js-analyze, mg-sourcemap, mg-apikey, mg-metadata, mg-apk, and mg-ipa.
  • Existing wiki pages for those names are kept as compatibility/reference pages and point to the new subcommands.
  • The code paths are still passive: they read crawl output or local artifacts and write findings under the engagement workspace.