Escape-Technologies · kaanescape · Dec 26, 2025
@@ -50,9 +50,12 @@ ASSET TYPES:
   • DOMAIN              - DNS domains
 
 ASSET STATUS:
-  • MONITORED    - Active monitoring and scanning
-  • UNMONITORED  - Discovered but not actively tested
-  • ARCHIVED     - No longer in use
+  • MONITORED       - Active monitoring and scanning
+  • DEPRECATED      - Deprecated asset (kept for tracking)
+  • OUT_OF_SCOPE    - Excluded from scope
+  • PERMANENT       - Permanent asset status
+  • THIRD_PARTY     - Third-party owned/managed asset
+  • FALSE_POSITIVE  - Incorrectly flagged asset status
 
 COMMON WORKFLOWS:
   • List all monitored assets:
@@ -79,7 +82,7 @@ the APIs, applications, and infrastructure being monitored by Escape.
 
 FILTER OPTIONS:
   -t, --types            Filter by asset types (WEBAPP, REST_API, GRAPHQL_API, etc.)
-  --statuses             Filter by monitoring status (MONITORED, UNMONITORED, ARCHIVED)
+  --statuses             Filter by monitoring status (DEPRECATED, FALSE_POSITIVE, MONITORED, OUT_OF_SCOPE, PERMANENT, THIRD_PARTY)
   -s, --search           Free-text search across asset names and URLs
   -m, --manually-created Filter assets created manually vs auto-discovered
 
@@ -261,12 +264,12 @@ Permanently delete an asset from your inventory. This will also remove:
   • Issue findings linked to this asset
   • Activity logs and events
 
-⚠️  WARNING: This action is IRREVERSIBLE!
+WARNING: This action is IRREVERSIBLE!
 
 ALTERNATIVES TO DELETION:
   Instead of deleting, consider:
-  • Archiving: Use 'escape-cli assets update <id> --status ARCHIVED'
-  • Unmonitoring: Use 'escape-cli assets update <id> --status UNMONITORED'
+  • Changing status: Use 'escape-cli assets update <id> --status <STATUS>'
+    (valid STATUS values: DEPRECATED, FALSE_POSITIVE, MONITORED, OUT_OF_SCOPE, PERMANENT, THIRD_PARTY)
 
 WHEN TO DELETE:
   • Test/temporary assets no longer needed
@@ -316,21 +319,16 @@ and framework classification. Use this to maintain accurate asset inventory.
 UPDATABLE FIELDS:
   -d, --description    Human-readable description
   -f, --framework      Asset framework/type classification
-  -s, --status         Monitoring status (MONITORED, UNMONITORED, ARCHIVED)
+  -s, --status         Monitoring status (DEPRECATED, FALSE_POSITIVE, MONITORED, OUT_OF_SCOPE, PERMANENT, THIRD_PARTY)
   --owners             Asset owners (email addresses)
   -t, --tag-ids        Tag IDs for organization
 
-STATUS TRANSITIONS:
-  • MONITORED    → UNMONITORED   Stop active scanning
-  • UNMONITORED  → MONITORED     Resume security testing
-  • Any          → ARCHIVED      Mark as decommissioned
-
 USE CASES:
   • Update asset description for clarity
   • Change monitoring status
   • Assign ownership for accountability
   • Add tags for organization and filtering
-  • Archive deprecated APIs`,
+  • Mark assets as DEPRECATED / OUT_OF_SCOPE`,
 	Example: `  # Update asset description
   escape-cli assets update <asset-id> --description "Production REST API"
 
@@ -341,10 +339,10 @@ USE CASES:
   escape-cli assets update <asset-id> --owners "security@example.com,devops@example.com"
 
   # Add tags for organization
-  escape-cli assets update <asset-id> --tag-ids "tag-prod,tag-critical"
+  escape-cli assets update <asset-id> --tag-ids "00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000001"
 
-  # Archive decommissioned asset
-  escape-cli assets update <asset-id> --status ARCHIVED --description "Deprecated - removed 2025-10-01"
+  # Mark deprecated asset
+  escape-cli assets update <asset-id> --status DEPRECATED --description "Deprecated - removed 2025-10-01"
 
   # Update multiple fields at once
   escape-cli assets update <asset-id> \

@@ -68,17 +68,15 @@ FILTER OPTIONS:
   # Export for compliance reporting
   escape-cli audit list --date-from 2025-01-01T00:00:00Z -o json > audit-report-jan2025.json`,
 	RunE: func(cmd *cobra.Command, _ []string) error {
-		logs, next, err := escape.ListAuditLogs(
-			cmd.Context(),
-			"",
-			&escape.ListAuditLogsFilters{
-				DateFrom:   auditCmdDateFrom,
-				DateTo:     auditCmdDateTo,
-				ActionType: auditCmdEventType,
-				Actor:      auditCmdActor,
-				Search:     auditCmdSearch,
-			},
-		)
+		filters := &escape.ListAuditLogsFilters{
+			DateFrom:   auditCmdDateFrom,
+			DateTo:     auditCmdDateTo,
+			ActionType: auditCmdEventType,
+			Actor:      auditCmdActor,
+			Search:     auditCmdSearch,
+		}
+
+		logs, next, err := escape.ListAuditLogs(cmd.Context(), "", filters)
 		if err != nil {
 			return fmt.Errorf("unable to list audits: %w", err)
 		}
@@ -99,15 +97,7 @@ FILTER OPTIONS:
 		})
 
 		for next != nil && *next != "" {
-			logs, next, err = escape.ListAuditLogs(
-				cmd.Context(),
-				*next,
-				&escape.ListAuditLogsFilters{
-					DateFrom:   auditCmdDateFrom,
-					DateTo:     auditCmdDateTo,
-					ActionType: auditCmdEventType,
-				},
-			)
+			logs, next, err = escape.ListAuditLogs(cmd.Context(), *next, filters)
 			if err != nil {
 				return fmt.Errorf("unable to list audits: %w", err)
 			}

@@ -30,15 +30,15 @@ and understanding test behavior.
 
 EVENT LEVELS:
   • ERROR   - Scan errors and failures
-  • WARN    - Warnings and potential issues
+  • WARNING - Warnings and potential issues
   • INFO    - General informational messages
   • DEBUG   - Detailed debugging information
 
 EVENT STAGES:
-  • DISCOVERY  - API endpoint discovery
-  • EXECUTION  - Active security testing
-  • ANALYSIS   - Results processing
-  • REPORTING  - Report generation`,
+  • AGENT_ACTION     - Agent action
+  • AGENT_REASONING  - Agent reasoning
+  • CONFIGURATION    - Configuration
+  • EXECUTION        - Execution`,
 }
 
 var eventsListCmd = &cobra.Command{
@@ -55,7 +55,7 @@ FILTER OPTIONS:
   -a, --asset-id       Filter by asset ID
   -i, --issue-id       Filter by issue ID
   --stage              Filter by execution stage
-  -l, --levels         Filter by level (ERROR, WARN, INFO, DEBUG)
+  -l, --levels         Filter by level (ERROR, WARNING, INFO, DEBUG)
   --has-attachments    Show only events with attachments`,
 	Example: `  # List recent events
   escape-cli events list
@@ -95,7 +95,7 @@ FILTER OPTIONS:
 			events, next, err = escape.ListEvents(cmd.Context(), *next, filters)
 
 			if err != nil {
-				return fmt.Errorf("unable to list profiles: %w", err)
+				return fmt.Errorf("unable to list events: %w", err)
 			}
 			out.Table(events, func() []string {
 				res := []string{"ID\tCREATED AT\tLEVEL\tSTAGE\tTITLE"}

@@ -37,12 +37,11 @@ discovered during security scans. Each issue represents a specific security conc
 that should be reviewed and remediated.
 
 ISSUE LIFECYCLE:
-  1. OPEN              - Newly discovered, needs review
-  2. MANUAL_REVIEW     - Under investigation
-  3. IN_PROGRESS       - Actively being fixed
-  4. RESOLVED          - Fixed and verified
-  5. FALSE_POSITIVE    - Not a real issue
-  6. ACCEPTED_RISK     - Acknowledged but not fixing
+  1. OPEN           - Newly discovered, needs review
+  2. MANUAL_REVIEW  - Under investigation
+  3. RESOLVED       - Fixed and verified
+  4. FALSE_POSITIVE - Not a real issue
+  5. IGNORED        - Ignored / excluded from tracking
 
 COMMON WORKFLOWS:
   • List high-priority issues:
@@ -52,7 +51,7 @@ COMMON WORKFLOWS:
     $ escape-cli issues list --asset-id <asset-id>
 
   • Update issue status as you fix them:
-    $ escape-cli issues update <issue-id> --status IN_PROGRESS
+    $ escape-cli issues update <issue-id> --status MANUAL_REVIEW
 
   • Track issue history:
     $ escape-cli issues list-activities <issue-id>`,
@@ -69,7 +68,7 @@ filtering options to find exactly the issues you need to review or remediate.
 
 FILTER OPTIONS:
   --severity         Filter by severity: CRITICAL, HIGH, MEDIUM, LOW, INFO
-  --status           Filter by status: OPEN, MANUAL_REVIEW, IN_PROGRESS, RESOLVED
+  --status           Filter by status: FALSE_POSITIVE, IGNORED, MANUAL_REVIEW, OPEN, RESOLVED
   -p, --profile-id   Filter by profile ID
   -a, --asset-id     Filter by asset ID  
   -d, --domain       Filter by domain name
@@ -138,7 +137,7 @@ ID                                      CREATED AT  SEVERITY  STATUS  NAME
 		for next != nil && *next != "" {
 			issues, next, err = escape.ListIssues(cmd.Context(), *next, filters)
 			if err != nil {
-				return fmt.Errorf("unable to list profiles: %w", err)
+				return fmt.Errorf("unable to list issues: %w", err)
 			}
 			out.Table(issues, func() []string {
 				res := []string{"ID\tCREATED AT\tSEVERITY\tSTATUS\tNAME\tASSET\tLINK"}
@@ -227,37 +226,34 @@ Change the status of a security issue as you progress through remediation.
 Status updates create an audit trail and help teams track security work.
 
 AVAILABLE STATUSES:
-  OPEN              - Newly discovered, awaiting review
-  MANUAL_REVIEW     - Under investigation by security team
-  IN_PROGRESS       - Actively being fixed by developers
-  RESOLVED          - Fixed and verified
-  FALSE_POSITIVE    - Determined not to be a real issue
-  ACCEPTED_RISK     - Acknowledged but not fixing (with justification)
-  REOPENED          - Previously resolved but found again
+  OPEN           - Newly discovered, awaiting review
+  MANUAL_REVIEW  - Under investigation by security team
+  RESOLVED       - Fixed and verified
+  FALSE_POSITIVE - Determined not to be a real issue
+  IGNORED        - Ignored / excluded from tracking
 
 WORKFLOW EXAMPLE:
   1. New issue discovered:        OPEN
   2. Security team reviews:       MANUAL_REVIEW
-  3. Assigned to developers:      IN_PROGRESS
-  4. Fix deployed and tested:     RESOLVED
+  3. Fix deployed and tested:     RESOLVED
 
 TRACKING:
   All status changes are logged in the issue's activity history.
   Use 'escape-cli issues list-activities <issue-id>' to view the full timeline.`,
 	Example: `  # Mark issue under review
   escape-cli issues update <issue-id> --status MANUAL_REVIEW
 
-  # Mark as in progress when fixing
-  escape-cli issues update <issue-id> --status IN_PROGRESS
-
   # Mark as resolved after fixing
   escape-cli issues update <issue-id> --status RESOLVED
 
   # Mark as false positive
   escape-cli issues update <issue-id> --status FALSE_POSITIVE
+
+  # Ignore an issue
+  escape-cli issues update <issue-id> --status IGNORED
 
   # Bulk update issues from a list
-  cat issue_ids.txt | xargs -I {} escape-cli issues update {} --status IN_PROGRESS`,
+  cat issue_ids.txt | xargs -I {} escape-cli issues update {} --status MANUAL_REVIEW`,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		issueID := args[0]
 		if err := cmd.MarkFlagRequired("status"); err != nil {

@@ -89,9 +89,19 @@ ID                                      NAME                       SSH PUBLIC KE
 				return fmt.Errorf("failed to list locations: %w", err)
 			}
 			out.Table(locations, func() []string {
-				res := []string{}
+				res := []string{"ID\tNAME\tTYPE\tENABLED\tLINK"}
 				for _, location := range locations {
-					res = append(res, fmt.Sprintf("%s\t%s\t%s\t%t", location.GetId(), location.GetName(), location.GetType(), location.GetEnabled()))
+					res = append(
+						res,
+						fmt.Sprintf(
+							"%s\t%s\t%s\t%t\t%s",
+							location.GetId(),
+							location.GetName(),
+							location.GetType(),
+							location.GetEnabled(),
+							location.GetLinks().LocationOverview,
+						),
+					)
 				}
 				return res
 			})