Can I use OSV as a CLI?

Yes. KosmoKrator exposes a OSV CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose OSV through MCP?

Yes. The KosmoKrator MCP gateway can expose selected OSV tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are OSV credentials stored?

OSV credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for OSV MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

data

OSV CLI for AI Agents

Use the OSV CLI from KosmoKrator to call OSV tools headlessly, return JSON, inspect schemas, and automate workflows from coding agents, scripts, and CI.

OSV CLI Setup

OSV can be configured headlessly with `kosmokrator integrations:configure osv`.

Install, configure, and verify

# Install KosmoKrator first if it is not available on PATH.
curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bash

# Configure and verify this integration.
kosmokrator integrations:configure osv --enable --read allow --write ask --json
kosmokrator integrations:doctor osv --json
kosmokrator integrations:status --json

Credentials

Authentication type: No credentials none. Configure credentials once, then reuse the same stored profile from scripts, coding CLIs, Lua, and MCP.

No credentials are required.

Command Patterns

The generic command is stable across every integration. The provider shortcut is shorter for humans.

Generic CLI call

kosmo integrations:call osv.osv_query '{}' --json

Provider shortcut

kosmo integrations:osv osv_query '{}' --json

Discovery

These commands return structured output for coding agents that need to inspect capabilities before choosing a function.

Discovery commands

kosmo integrations:docs osv --json
kosmo integrations:docs osv.osv_query --json
kosmo integrations:schema osv.osv_query --json
kosmo integrations:search "OSV" --json
kosmo integrations:list --json

Automation Contexts

The same configured command surface works in these environments. The command does not change unless the host wrapper, credentials, or permissions change.

CI Run integration calls from CI jobs with JSON output, explicit credentials, and predictable exit status. Cron Jobs Schedule repeatable integration workflows from cron while keeping credentials in KosmoKrator config. Shell Scripts Call integration functions from shell scripts with stable JSON input and output. Headless Automation Use KosmoKrator as a non-interactive integration runtime for local automations and wrappers. Coding Agents Let coding agents discover schemas and execute integration functions through CLI commands or MCP.

CLI Functions

Every function below can be called headlessly. Commands are highlighted, copyable, and scroll horizontally when payloads are long.

`osv.osv_query`

Query vulnerabilities for one package version, purl, or commit.

Read read

Parameters: none

Generic call

kosmo integrations:call osv.osv_query '{}' --json

Shortcut

kosmo integrations:osv osv_query '{}' --json

`osv.osv_query_batch`

Query vulnerabilities for multiple package versions or commits.

Read read

Parameters: none

Generic call

kosmo integrations:call osv.osv_query_batch '{}' --json

Shortcut

kosmo integrations:osv osv_query_batch '{}' --json

`osv.osv_get_vulnerability`

Retrieve one OSV vulnerability record by ID.

Read read

Parameters: none

Generic call

kosmo integrations:call osv.osv_get_vulnerability '{}' --json

Shortcut

kosmo integrations:osv osv_get_vulnerability '{}' --json

`osv.osv_import_findings`

Retrieve experimental import-quality findings for a source.

Read read

Parameters: none

Generic call

kosmo integrations:call osv.osv_import_findings '{}' --json

Shortcut

kosmo integrations:osv osv_import_findings '{}' --json

`osv.osv_determine_version`

Experimentally identify likely C/C++ library versions from file hashes.

Read read

Parameters: none

Generic call

kosmo integrations:call osv.osv_determine_version '{}' --json

Shortcut

kosmo integrations:osv osv_determine_version '{}' --json

Function Schemas

Use these parameter tables when building CLI payloads without calling integrations:schema first.

osv.osv_query 0 parameters

Schema command

kosmo integrations:schema osv.osv_query --json

Parameter	Type	Required	Description
No parameters.

osv.osv_query_batch 0 parameters

Schema command

kosmo integrations:schema osv.osv_query_batch --json

Parameter	Type	Required	Description
No parameters.

osv.osv_get_vulnerability 0 parameters

Schema command

kosmo integrations:schema osv.osv_get_vulnerability --json

Parameter	Type	Required	Description
No parameters.

osv.osv_import_findings 0 parameters

Schema command

kosmo integrations:schema osv.osv_import_findings --json

Parameter	Type	Required	Description
No parameters.

osv.osv_determine_version 0 parameters

Schema command

kosmo integrations:schema osv.osv_determine_version --json

Parameter	Type	Required	Description
No parameters.

Permissions

Headless calls still follow the integration read/write permission policy. Configure read/write defaults with integrations:configure. Add --force only for trusted automation that should bypass that policy.