[SECURITY] `mcts inventory` reads local MCP configs without consent gate

[hello-args]

Summary

Unlike live scan and fuzz commands, mcts inventory reads user home directory MCP configuration files (Cursor, Claude, VS Code, Windsurf) without an explicit consent flag or environment variable gate.

Problem

Unlike live scan and fuzz commands, mcts inventory reads user home directory MCP configuration files (Cursor, Claude, VS Code, Windsurf) without an explicit consent flag or environment variable gate.

Expected Behavior

See recommended fix.

Evidence

Unlike live scan and fuzz commands, mcts inventory reads user home directory MCP configuration files (Cursor, Claude, VS Code, Windsurf) without an explicit consent flag or environment variable gate.

Impact

• Enterprise environments may consider inventory a sensitive operation.
• CI docs note ephemeral runners have empty inventory — but developer laptops expose real configs.

Recommendation

1. Add consent flag or document as low-risk read-only operation in SECURITY.md.
2. Option --paths-only vs full scan.
3. Redact home directory prefix in output (~/.cursor/... instead of full path).
4. Add --config-path to scope to explicit file instead of auto-discovery.

References

• src/mcts/inventory/discoverers.py
• docs/scanning/inventory.md
• docs/platform/ci-integration.md — inventory in CI guidance

Acceptance Criteria

• Add consent flag or document as low-risk read-only operation in SECURITY.md.
• Option --paths-only vs full scan.
• Redact home directory prefix in output (~/.cursor/... instead of full path).
• Add --config-path to scope to explicit file instead of auto-discovery.