@collabchron/tharos 0.1.0 → 0.1.3

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Fennec Security
+Copyright (c) 2026 Tharos Security
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -12,8 +12,11 @@ Tharos is a comprehensive security analysis tool that combines static code analy
 
 ### 🔒 Multi-Layer Security Analysis
 - **AST-Based Detection**: Fast, accurate pattern matching for common vulnerabilities
+- **Scanner Mindset**: Context-aware analysis that ignores test files and mock data
+- **Weighted Blocking**: Intelligent CI/CD gating based on finding severity
 - **AI Semantic Analysis**: Deep understanding of code context and intent
 - **Risk Scoring**: Automated 0-100 risk assessment for every finding
+- **SARIF Export**: Standardized reporting for GitHub Advanced Security & other tools
 - **Suggested Fixes**: AI-generated code snippets to resolve issues
 
 ### 🌍 Multi-Language Support
@@ -115,18 +118,39 @@ cp node_modules/tharos/policies/soc2.yaml tharos.yaml
 cp node_modules/tharos/policies/gdpr.yaml tharos.yaml
 ```
 
-### 3. Set Up AI (Optional)
+### 3. Set Up AI Providers (Optional but Recommended)
+
+Tharos works without AI but provides **deeper insights** with it enabled. Choose either provider (both have free tiers):
+
+#### 🧠 Option 1: Google Gemini (Recommended)
+**Best for:** Powerful analysis, generous free tier
+
 ```bash
-# Option 1: Use Groq (recommended)
-export GROQ_API_KEY="your-groq-key"
+# Get your API key from https://makersuite.google.com/app/apikey
+export GEMINI_API_KEY="your-gemini-key-here"
 
-# Option 2: Use Gemini
-export GEMINI_API_KEY="your-gemini-key"
+# Or on Windows PowerShell:
+$env:GEMINI_API_KEY="your-gemini-key-here"
+```
 
-# Option 3: Use local Ollama
-ollama serve
+#### ⚡ Option 2: Groq (Fast & Free)
+**Best for:** Speed, low latency
+
+```bash
+# Get your free API key from https://console.groq.com
+export GROQ_API_KEY="your-groq-key-here"
+
+# Or on Windows PowerShell:
+$env:GROQ_API_KEY="your-groq-key-here"
+```
+
+**Check your setup:**
+```bash
+tharos core setup
 ```
 
+
+
 ### 4. Run Analysis
 ```bash
 # Check all staged files

package/dist/hooks/manager.js

@@ -1,6 +1,8 @@
 import fs from 'fs';
 import path from 'path';
-import { execa } from 'execa';
+import { exec } from 'child_process';
+import { promisify } from 'util';
+const execAsync = promisify(exec);
 const HOOK_CONTENT = `#!/bin/sh
 # Tharos Git Hook
 // This hook is managed by Tharos. Do not modify manually.
@@ -52,7 +54,7 @@ export async function verifyHooks() {
 }
 async function findGitDir() {
     try {
-        const { stdout } = await execa('git', ['rev-parse', '--git-dir']);
+        const { stdout } = await execAsync('git rev-parse --git-dir');
         return path.resolve(stdout.trim());
     }
     catch {

package/dist/index.js

@@ -1,120 +1,21 @@
 #!/usr/bin/env node
-import { Command } from 'commander';
-import chalk from 'chalk';
+import { spawn } from 'child_process';
 import path from 'path';
 import { fileURLToPath } from 'url';
-import { initHooks, verifyHooks } from './hooks/manager.js';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const program = new Command();
-program
-    .name('tharos')
-    .description('Tharos: Intelligent, Unbreakable Code Policy Enforcement')
-    .version('0.1.0');
-program
-    .command('init')
-    .description('Initialize Tharos hooks in the current repository')
-    .action(async () => {
-    console.log(chalk.cyan('🛡️ Initializing Tharos...'));
-    try {
-        await initHooks();
-        console.log(chalk.green('✅ Tharos hooks installed successfully!'));
-    }
-    catch (error) {
-        console.error(chalk.red('❌ Failed to initialize Tharos:'), error);
-        process.exit(1);
-    }
+// Path to the Go binary
+const binaryName = process.platform === 'win32' ? 'tharos.exe' : 'tharos';
+const binaryPath = path.resolve(__dirname, binaryName);
+// Pass all arguments to the Go binary
+const args = process.argv.slice(2);
+const child = spawn(binaryPath, args, {
+    stdio: 'inherit',
+    shell: false
 });
-program
-    .command('sync')
-    .description('Synchronize organizational policies with the cloud')
-    .action(async () => {
-    console.log(chalk.cyan('☁️ Syncing Tharos policies with cloud...'));
-    await new Promise(resolve => setTimeout(resolve, 1500)); // Simulate network latency
-    console.log(chalk.green('✅ Organizational policies synchronized!'));
-    console.log(chalk.gray('   Applied Policy: SEC-RULE-2026 (Enforced)'));
+child.on('exit', (code) => {
+    process.exit(code || 0);
 });
-program
-    .command('check')
-    .description('Run Tharos policy checks on staged files')
-    .option('--self-heal', 'Perform self-healing if hooks are missing or tampered')
-    .action(async (options) => {
-    if (options.selfHeal) {
-        await verifyHooks();
-    }
-    console.log(chalk.cyan('🛡️ Tharos is analyzing your intent...'));
-    try {
-        const { execa } = await import('execa');
-        // Get staged files
-        const { stdout: stagedFiles } = await execa('git', ['diff', '--cached', '--name-only']);
-        const files = stagedFiles.split('\n').filter(f => f.match(/\.(js|ts|jsx|tsx)$/));
-        if (files.length === 0) {
-            console.log(chalk.gray('No relevant files staged for commit.'));
-            return;
-        }
-        let globalBlock = false;
-        for (const file of files) {
-            console.log(chalk.white(`\n📄 Analyzing ${chalk.bold(file)}...`));
-            try {
-                const corePath = path.resolve(__dirname, 'tharos-core.exe');
-                const { stdout } = await execa(corePath, ['analyze', file]);
-                const result = JSON.parse(stdout);
-                // Display Findings
-                if (result.findings && result.findings.length > 0) {
-                    result.findings.forEach((finding) => {
-                        const color = finding.severity === 'block' ? chalk.red : chalk.yellow;
-                        const icon = finding.severity === 'block' ? '🛑' : '⚠️';
-                        console.log(`  ${icon} ${color(finding.type.toUpperCase())}: ${finding.message}`);
-                        if (finding.line) {
-                            console.log(chalk.gray(`     Line ${finding.line}`));
-                        }
-                        if (finding.severity === 'block')
-                            globalBlock = true;
-                    });
-                }
-                else {
-                    console.log(chalk.green('  ✅ No issues found.'));
-                }
-                // Display AI Insights
-                if (result.ai_insights && result.ai_insights.length > 0) {
-                    console.log(chalk.blue.italic('\n  🧠 Tharos AI Semantic Insights:'));
-                    result.ai_insights.forEach((insight) => {
-                        if (typeof insight === 'string') {
-                            console.log(`     ✨ ${insight}`);
-                            return;
-                        }
-                        const score = insight.risk_score || 50;
-                        const recommendation = insight.recommendation || insight;
-                        const scoreColor = score > 70 ? chalk.red : score > 40 ? chalk.yellow : chalk.green;
-                        console.log(`     ✨ ${recommendation}`);
-                        console.log(`     📊 Risk Score: ${scoreColor(score + '/100')}`);
-                        if (insight.suggested_fix) {
-                            console.log(chalk.cyan('\n     💡 Suggested Fix:'));
-                            console.log(chalk.gray('     ---------------------------------------'));
-                            console.log(insight.suggested_fix.split('\n').map((line) => `     ${line}`).join('\n'));
-                            console.log(chalk.gray('     ---------------------------------------'));
-                        }
-                    });
-                }
-                else if (result.findings && result.findings.length > 0) {
-                    console.log(chalk.gray('\n  💡 Tip: No AI insights available.'));
-                    console.log(chalk.gray('     Run "ollama serve" or use Tharos Cloud for smart analysis.'));
-                }
-            }
-            catch (e) {
-                console.error(chalk.red(`  ❌ Failed to analyze ${file}:`), e);
-            }
-        }
-        if (globalBlock) {
-            console.log(chalk.red('\n🛑 Commit blocked by Tharos policy. Please fix the issues above.'));
-            process.exit(1);
-        }
-        else {
-            console.log(chalk.green('\n✨ Tharos logic check passed! Proceeding...'));
-        }
-    }
-    catch (error) {
-        console.error(chalk.red('❌ Tharos check execution failed:'), error);
-        process.exit(1);
-    }
+child.on('error', (err) => {
+    console.error(`Failed to start Tharos binary: ${err.message}`);
+    process.exit(1);
 });
-program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@collabchron/tharos",
-  "version": "0.1.0",
+  "version": "0.1.3",
   "description": "Tharos: Intelligent, Unbreakable Code Policy Enforcement",
   "keywords": [
     "security",
@@ -26,18 +26,13 @@
     "tharos": "dist/index.js"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && copy go-core\\tharos.exe dist\\tharos.exe",
     "start": "node --loader ts-node/esm src/index.ts",
     "dev": "node --loader ts-node/esm src/index.ts",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
-  "dependencies": {
-    "chalk": "^5.3.0",
-    "commander": "^12.0.0",
-    "execa": "^8.0.1"
-  },
+  "dependencies": {},
   "devDependencies": {
-    "@napi-rs/cli": "^3.5.1",
     "@types/node": "^20.11.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.3.3"