NICO No-Server Command Center
Authorized bug assessment without a hosted backend
NICO is ready for local-first defensive assessments from the CLI. The hosted site is a guide and status page until a backend is intentionally deployed later.
System Status
Current operating mode
Browser mode cannot scan local files without a backend or local app. Real testing currently runs from the local CLI on systems you own or are explicitly authorized to assess.
How to test now
Run NICO from your local CLI
Use these commands on your computer or Codespace. The --authorized flag confirms that you own the target or have explicit permission to assess it.
Assessment Scope
What the no-server engine checks
Safety Boundary
Allowed use
NICO is for defensive assessments of systems you own or are explicitly authorized to assess. It should not be used to scan unrelated internet targets.
- Defensive-only
- Authorized systems only
- No exploitation
- No brute force
- No authentication bypass
- No credential theft
- No destructive actions
Truth Rules
No fake findings
- No fake backend status.
- No fake scan results.
- No placeholder findings.
- No invented vulnerabilities.
- Missing tools are reported as unavailable.
- Scores must cite scanned files, visible passive evidence, command output, or unavailable-data notes.
Optional Hosted Backend Later
Backend health checking is not required now
Optional
When a hosted dashboard is intentionally deployed, Vercel can point to a backend with NEXT_PUBLIC_NICO_API_URL. Until then, app.nicoaudit.com should not claim that browser-based assessments are running.
NEXT_PUBLIC_NICO_API_URL=https://YOUR-NICO-API-HOST NICO_CORS_ORIGINS=https://app.nicoaudit.com,https://nicoaudit.vercel.app