chore: update .gitignore and README for improved clarity and new features

Av7danger · Av7danger · commit 942fc026c615 · 2026-03-12T20:51:06.000+05:30
- Added .env.local and .env.*.local to .gitignore for better environment management.
- Updated README to include new features: bug bounty mode, TUI, MCP server, and export formats (Markdown, SARIF, JUnit).
- Clarified output directory structure and tools available for running scans and skills.
diff --git a/.gitignore b/.gitignore
@@ -3,14 +3,17 @@ venv/
 env/
 .venv/
 .env
+.env.local
+.env.*.local
 
-# Application results
+# Application results and session data
 results/
 .sisyphus/
 .secnode_temp/
+.api-agent/
 all_tests.txt
 
-# Python Cache
+# Python cache and build
 __pycache__/
 *.pyc
 *.pyo
@@ -19,6 +22,9 @@ __pycache__/
 .coverage
 htmlcov/
 *.egg-info/
+dist/
+build/
+*.egg
 
 # macOS
 .DS_Store
@@ -28,5 +34,5 @@ htmlcov/
 .vscode/
 .cursor/
 
-# Debug logs
-debug-*.log
+# Logs
+*.log
diff --git a/README.md b/README.md
@@ -15,7 +15,10 @@ SecNode API helps security engineers and backend teams run repeatable API risk a
 - Executes tests concurrently with optional proxy routing
 - Supports autonomous agent mode with request budgets and iterative replanning
 - Supports direct microservices mode with controller/planner/worker boundaries
-- Produces both human-readable and machine-readable findings
+- Bug bounty mode with strict scope enforcement for authorized testing
+- TUI (`secnodeapi-tui`) for interactive scans and skill execution
+- MCP server for Cursor and IDE integration
+- Produces both human-readable and machine-readable findings (Markdown, SARIF, JUnit)
 
 ## What It Is and Is Not
 
@@ -175,11 +178,13 @@ TUI command highlights:
 
 ## Output
 
-Each run generates an output directory containing:
+Each run generates an output directory under `results/` containing:
 
 - `report.md` with executive summary, severity overview, and evidence sections
 - `findings.json` for machine processing and pipeline integration
 
+Export formats include Markdown, SARIF, and JUnit for CI integration.
+
 ## Development
 
 ```bash
@@ -211,13 +216,14 @@ GitHub Actions workflow runs:
 
 ## Direct Microservices Runtime
 
-This repository now includes a direct microservices runtime foundation:
+This repository includes a direct microservices runtime foundation:
 
 - Controller service
 - Planner service
 - Skill engine service with ranked skill dispatch
 - Specialized workers (recon, discovery, fuzzing, exploit)
 - Tool adapters (`ffuf`, `nuclei`, `sqlmap`, `zap`, `kiterunner`)
+- Python skills: BOLA, JWT tamper, XSS, SSRF, GraphQL injection/auth bypass, NoSQL injection, command injection, rate limit bypass, workflow exploit
 - Memory subsystem (session, history, skill metrics)
 - Attack graph engine
 - FastAPI control plane
@@ -267,7 +273,7 @@ secnodeapi-mcp --transport streamable-http --port 8010
 ### Tools
 
 - `run_scan(target)` run a full API pentest against the target URL
-- `run_skill(target, skill_name)` run a specific skill (e.g. api_path_fuzz, template_vuln_scan)
+- `run_skill(target, skill_name)` run a specific skill (e.g. api_path_fuzz, bola_test, jwt_tamper, xss_scan)
 - `list_skills()` list available pentesting skills
 - `export_report(session_id, format, output_path)` export findings to Markdown or SARIF
 
