From 3a94eb153732616ff7f02583d007360378aebb73 Mon Sep 17 00:00:00 2001
From: mopanc <jorgemopanc@icloud.com>
Date: Sat, 25 Apr 2026 20:37:17 +0100
Subject: [PATCH 1/3] Add depguard

Signed-off-by: mopanc <jorgemopanc@icloud.com>
---
 tools/depguard.json | 58 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 tools/depguard.json

diff --git a/tools/depguard.json b/tools/depguard.json
new file mode 100644
index 0000000..cf69414
--- /dev/null
+++ b/tools/depguard.json
@@ -0,0 +1,58 @@
+{
+  "$schema": "https://cyclonedx.org/schema/tool-center-v2.tool.schema.json",
+  "specVersion": "2.0",
+  "tool": {
+    "name": "depguard",
+    "publisher": "Jorge Morais",
+    "description": "MCP security server for AI coding agents. Generates CycloneDX 1.6 SBOMs with optional VEX, audits npm packages against npm and GitHub advisories, scans tarballs for supply-chain attacks, and acts as a pre-install guardian. Zero runtime dependencies.",
+    "repository_url": "https://github.com/mopanc/depguard",
+    "website_url": "https://depguard.dev",
+    "capabilities": [
+      "SBOM",
+      "VDR/VEX"
+    ],
+    "availability": [
+      "OPEN_SOURCE",
+      "OSI_APPROVED"
+    ],
+    "functions": [
+      "ANALYSIS",
+      "AUTHOR"
+    ],
+    "analysis": [
+      "SECURITY_VULNERABILITIES",
+      "LICENSE_REPORTING",
+      "OUTDATED_COMPONENTS"
+    ],
+    "transform": [],
+    "packaging": [
+      "COMMAND_LINE_UTILITY",
+      "LIBRARY"
+    ],
+    "library": [
+      "JAVASCRIPT_TYPESCRIPT",
+      "NODE.JS"
+    ],
+    "platform": [
+      "LINUX",
+      "MAC",
+      "WINDOWS"
+    ],
+    "lifecycle": [
+      "PRE-BUILD",
+      "BUILD"
+    ],
+    "supportedStandards": [
+      "CYCLONEDX",
+      "PACKAGE_URL",
+      "SPDX"
+    ],
+    "cycloneDxVersion": [
+      "CYCLONEDX_V1.6"
+    ],
+    "supportedLanguages": [
+      "JAVASCRIPT/TYPESCRIPT",
+      "NODE.JS"
+    ]
+  }
+}

From 3c02794159ac8aa214f3888228dc3e0f2c64205e Mon Sep 17 00:00:00 2001
From: Jorge Morais <jorgemopanc@icloud.com>
Date: Mon, 11 May 2026 18:29:15 +0100
Subject: [PATCH 2/3] Update tools/depguard.json
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Done, thanks for the catch, agreed, AUTHOR is for human-driven tooling. 👍

Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jorge Morais <jorgemopanc@icloud.com>
---
 tools/depguard.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tools/depguard.json b/tools/depguard.json
index cf69414..e09c3b1 100644
--- a/tools/depguard.json
+++ b/tools/depguard.json
@@ -17,7 +17,6 @@
     ],
     "functions": [
       "ANALYSIS",
-      "AUTHOR"
     ],
     "analysis": [
       "SECURITY_VULNERABILITIES",

From 07a199bb134e988ca179c527c23d89a1c8840acd Mon Sep 17 00:00:00 2001
From: Jorge Morais <jorgemopanc@icloud.com>
Date: Tue, 12 May 2026 22:18:02 +0100
Subject: [PATCH 3/3] fix(depguard.json): remove trailing comma after ANALYSIS

Signed-off-by: Jorge Morais <jorgemopanc@icloud.com>
---
 tools/depguard.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/depguard.json b/tools/depguard.json
index e09c3b1..fd5f7b5 100644
--- a/tools/depguard.json
+++ b/tools/depguard.json
@@ -16,7 +16,7 @@
       "OSI_APPROVED"
     ],
     "functions": [
-      "ANALYSIS",
+      "ANALYSIS"
     ],
     "analysis": [
       "SECURITY_VULNERABILITIES",