Align README and CLI docs with actual implementations

[thebenignhacker]

Summary

• Fix Python SDK version in README: 1.4.2 -> 1.4.3
• Fix algorithm count in README: 80+ -> 130+ (actual: 132)
• Rewrite docs/cli.md to match actual JS CLI implementation
• Clearly separate Python-only commands into their own section
• Remove aspirational flags that don't exist (--push, --python-only, --update, etc. from JS CLI docs)

Context

Cross-verified every command and flag against both sdk/javascript/bin/cryptoserve.mjs (15 commands) and sdk/python/cryptoserve/__main__.py (25 commands).

[github-actions]

Claude finished @thebenignhacker's task —— View job

---

Security-Focused PR Review

Performing security review for PR #35...

Analysis Summary

This PR contains documentation-only changes to align README and CLI docs with actual implementations. No code files were modified.

Changes Verified

README.md (2 lines changed):

• ✅ Line 56: Algorithm count 80+ → 130+ (actual: 156 in algorithm-db.mjs, conservative claim)
• ✅ Line 134: Python SDK version v1.4.2 → v1.4.3 (confirmed in source)

docs/cli.md (392 deletions, 98 additions):

• ✅ Removed aspirational/non-existent flags: --push, --python-only, --update, --local-only, --no-upload
• ✅ Removed deps, push, certs, token commands from JS CLI section (these are Python-only)
• ✅ Simplified descriptions to match actual JS CLI implementation
• ✅ Added "Python CLI Only" section clearly separating Python-specific commands
• ✅ All documented commands verified against sdk/javascript/bin/cryptoserve.mjs

Security Review (Items 1-12)

1-9. Injection, Auth, Crypto, SSRF, ReDoS, Command Injection, etc.

• ✅ N/A - No code changes, documentation only
• ✅ No hardcoded credentials or secrets introduced
• ✅ No malicious URLs or external links added
• ✅ No misleading security advice

10-12. Logic Bugs Creating Security Issues

• ✅ N/A - No scoring/gating functions modified
• ✅ N/A - No filter predicates modified
• ✅ N/A - No boolean logic modified

Security Assessment

Documentation Accuracy Review:

• ✅ Algorithm count claims are conservative and accurate
• ✅ Version information is correct
• ✅ Command documentation matches implementation
• ✅ No false security claims or misleading information
• ✅ Removed documentation for non-existent features (prevents user confusion and potential misuse)
• ✅ Python-only commands clearly separated to avoid confusion

Risk Analysis:

• 🟢 No security risks identified
• 🟢 No malicious content
• 🟢 Improves security posture by removing documentation for non-existent flags that could mislead users

Conclusion

This PR improves documentation accuracy with zero security concerns. The changes:

1. Fix factual inaccuracies (version numbers, algorithm counts)
2. Remove documentation for non-existent features
3. Improve clarity by separating Python-only commands
4. Reduce potential user confusion and misuse

All claims were cross-verified against source code implementations.

FINDINGS_COUNT=0

---

[github-actions]

Manual review required. This PR did not meet auto-merge criteria:

• Security review found issues (findings: unknown)
• PR author 'thebenignhacker' is not in the trusted auto-merge list
• Too many lines changed (494 > 200)
• PR is too new (2 min < 5 min minimum)