@collabchron/tharos 0.1.4 → 1.0.1

package/README.md

@@ -1,63 +1,38 @@
-# 🦊 Tharos
+<div align="center">
+  <img src="docs/public/logo_banner.png" alt="Tharos Logo" width="200"/>
+  
+  # Tharos
 
-**AI-Powered Security & Quality Analysis for Modern Development**
+**Modern AI-Powered Git Hook Security Scanner**
+
+Tharos is a specialized git commit hook scanner that acts as an intelligent gatekeeper for your codebase. It combines lightning-fast AST analysis with deep AI semantic insights to catch security vulnerabilities and leaks *before* they are committed to your repository.
 
-Tharos is a comprehensive security analysis tool that combines static code analysis with AI-powered semantic insights to catch security vulnerabilities, enforce compliance standards, and improve code quality before they reach production.
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue)](https://www.typescriptlang.org/)
 [![Go](https://img.shields.io/badge/Go-1.21-00ADD8)](https://golang.org/)
 
+</div>
+
 ## ✨ Features
 
-### 🔒 Multi-Layer Security Analysis
-- **AST-Based Detection**: Fast, accurate pattern matching for common vulnerabilities
-- **Scanner Mindset**: Context-aware analysis that ignores test files and mock data
-- **Weighted Blocking**: Intelligent CI/CD gating based on finding severity
-- **AI Semantic Analysis**: Deep understanding of code context and intent
-- **Risk Scoring**: Automated 0-100 risk assessment for every finding
-- **SARIF Export**: Standardized reporting for GitHub Advanced Security & other tools
-- **Suggested Fixes**: AI-generated code snippets to resolve issues
-
-### 🌍 Multi-Language Support
-- TypeScript & JavaScript (including React)
-- Python
-- Go
-- Rust
-- Java
-- *More languages coming soon*
-
-### 🎯 Compliance Frameworks
-Pre-built policies for industry standards:
-- **OWASP Top 10 2021** - Web application security risks
-- **SOC 2 Type II** - Trust Services Criteria
-- **GDPR** - EU data protection compliance
-- **PCI-DSS v4.0** - Payment card security
-- **Code Quality** - Best practices and maintainability
-
-### 🚀 Multiple Integration Points
-
-#### 1. CLI Tool
-```bash
-# Initialize in your project
-tharos init
+### 🛡️ Core: Intelligent Git Hooks
+Tharos's primary interface is your git workflow. It provides automated security gating that prevents high-risk code from ever leaving your machine.
+- **Pre-commit Gating**: Block commits containing secrets, SQLi, or high-risk vulnerabilities.
+- **Polyglot AST Support**: Native semantic analysis for **TypeScript, JavaScript, Go, and Python**.
+- **Interactive Magic Fixes**: Collaboratively review, fix, or explain findings in the CLI.
+- **Policy-as-Code**: Load organizational security policies from YAML (SOC2, GDPR, OWASP).
 
-# Check files before commit
-tharos check
+- **Self-Healing Hooks**: Automatically manages and repairs git hook integrity.
 
-# Analyze specific file
-tharos analyze src/auth.ts
-```
+### 🔒 AI-Powered Security Analysis
+- **AST-Based Detection**: Fast, accurate pattern matching for common vulnerabilities (SQLi, XSS, Secrets).
+- **Scanner Mindset**: Context-aware analysis that ignores test files and mock data.
+- **AI Semantic Analysis**: Deep understanding of code context and intent using Gemini/Groq.
+- **Risk Scoring**: Intelligent commit blocking based on cumulative finding severity and AI risk scores.
+- **Suggested Fixes**: AI-generated code snippets to resolve issues instantly at commit time.
 
-#### 2. Git Hooks
-Automatic pre-commit and pre-push validation with self-healing hooks
 
-#### 3. VSCode Extension
-Real-time feedback as you code:
-- Red squiggles under security issues
-- AI insights on hover
-- Quick fixes via lightbulb menu
-- Status bar integration
 
 #### 4. GitHub Actions
 ```yaml
@@ -70,21 +45,20 @@ Real-time feedback as you code:
 
 ### 🧠 AI Provider Flexibility
 Automatic fallback chain:
-1. **Ollama** (Local, privacy-first)
-2. **Managed AI** (Zero-config cloud)
-3. **Google Gemini** (Personal API key)
-4. **Groq** (Fast, cost-effective)
+1. **Google Gemini** (Recommended, generous free tier)
+2. **Groq** (Fast & Free inference)
+3. **Managed AI** (Zero-config cloud fallback)
 
 ## 📦 Installation
 
 ### NPM (Recommended)
 ```bash
-npm install -g tharos
+npm install -g @collabchron/tharos
 ```
 
 ### From Source
 ```bash
-git clone https://github.com/yourusername/tharos.git
+git clone https://github.com/chinonsochikelue/tharos.git
 cd tharos
 npm install
 npm run build
@@ -146,7 +120,7 @@ $env:GROQ_API_KEY="your-groq-key-here"
 
 **Check your setup:**
 ```bash
-tharos core setup
+tharos setup
 ```
 
 
@@ -159,10 +133,20 @@ tharos check
 # Analyze specific file
 tharos analyze src/api/auth.ts
 
-# Analyze entire project
-tharos analyze .
+# Interactive review (Fix/Explain/Skip findings)
+tharos analyze . --interactive
 ```
 
+---
+
+### 🧪 Automated Testing
+Tharos includes a built-in test suite to verify security policies and engine performance.
+```bash
+# Run the automated security test suite
+node scripts/run-tests.cjs
+```
+This suite tests Tharos against the `audit_samples/` directory, ensuring no regressions in vulnerability detection.
+
 ## 📋 Configuration
 
 ### `tharos.yaml` Example
@@ -170,28 +154,24 @@ tharos analyze .
 name: "My Project Security Policy"
 version: "1.0.0"
 
-# Severity levels: block, warning, info
-default_severity: "warning"
+# Built-in AST analysis is ALWAYS enabled for TS, JS, Go, and Python.
+# You can add custom regex patterns under the security section.
 
-# Security rules
 security:
   enabled: true
   rules:
-    - pattern: "eval\\("
-      message: "Code injection risk: eval() detected"
-      severity: "block"
-    
-    - pattern: "(?i)(api[_-]?key|secret).*=.*['\"].*['\"]"
-      message: "Hardcoded credentials detected"
-      severity: "block"
+    - pattern: "DANGEROUS_INTERNAL_API"
+      message: "Internal API bypass detected"
+      severity: "critical"
 
 # AI configuration
 ai:
   enabled: true
-  provider: "auto"  # auto, ollama, gemini, groq
-  min_risk_score: 60  # Only show insights for risks >= 60
+  provider: "auto"     # auto, ollama, gemini, groq
+  min_risk_score: 60   # Filter noise; only show high-confidence AI insights
 ```
 
+
 ## 🔧 VSCode Extension
 
 ### Installation
@@ -264,7 +244,7 @@ We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guid
 ### Development Setup
 ```bash
 # Clone repository
-git clone https://github.com/yourusername/tharos.git
+git clone https://github.com/chinonsochikelue/tharos.git
 cd tharos
 
 # Install dependencies
@@ -284,13 +264,13 @@ npm test
 
 ## 📖 Documentation
 
-Full documentation available at [https://tharos.dev](https://tharos.dev)
+Full documentation available at [https://tharos.vercel.app](https://tharos.vercel.app)
 
-- [Getting Started Guide](https://tharos.dev/docs/getting-started)
-- [Policy Configuration](https://tharos.dev/docs/policies)
-- [AI Integration](https://tharos.dev/docs/ai)
-- [VSCode Extension](https://tharos.dev/docs/vscode)
-- [API Reference](https://tharos.dev/docs/api)
+- [Getting Started Guide](https://tharos.vercel.app/docs)
+- [Policy Configuration](https://tharos.vercel.app/docs/policies)
+- [AI Integration](https://tharos.vercel.app/docs/quickstart#2-configure-ai-recommended)
+- [VSCode Extension](https://tharos.vercel.app/docs/vscode)
+- [API Reference](https://tharos.vercel.app/docs/api)
 
 ## 🎯 Use Cases
 
@@ -353,14 +333,13 @@ MIT License - see [LICENSE](LICENSE) for details
 - OWASP for security guidelines
 - Google Gemini team for AI capabilities
 - Groq for fast inference
-- Ollama for local AI support
 - The open-source community
 
 ## 💬 Support
 
-- **Documentation**: [https://tharos.dev](https://tharos.dev)
-- **Issues**: [GitHub Issues](https://github.com/yourusername/tharos/issues)
-- **Discussions**: [GitHub Discussions](https://github.com/yourusername/tharos/discussions)
+- **Documentation**: [https://tharos.vercel.app](https://tharos.vercel.app)
+- **Issues**: [GitHub Issues](https://github.com/chinonsochikelue/tharos/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/chinonsochikelue/tharos/discussions)
 - **Discord**: [Join our community](https://discord.gg/tharos)
 
 ---

package/dist/hooks/manager.js

@@ -5,8 +5,8 @@ import { promisify } from 'util';
 const execAsync = promisify(exec);
 const HOOK_CONTENT = `#!/bin/sh
 # Tharos Git Hook
-// This hook is managed by Tharos. Do not modify manually.
-// VERSION: 0.1.0
+# This hook is managed by Tharos. Do not modify manually.
+# VERSION: 0.1.2
 
 # Self-healing check
 if ! command -v tharos > /dev/null 2>&1; then
@@ -14,10 +14,11 @@ if ! command -v tharos > /dev/null 2>&1; then
   exit 0
 fi
 
-# Auto-sync policies (non-blocking)
+# Periodic setup audit & policy sync (non-blocking)
 tharos sync > /dev/null 2>&1 &
 
-tharos check --self-heal
+# Run pre-commit security check
+tharos check
 `;
 export async function initHooks() {
     const gitDir = await findGitDir();

package/package.json

@@ -1,13 +1,24 @@
 {
   "name": "@collabchron/tharos",
-  "version": "0.1.4",
+  "version": "1.0.1",
   "description": "Tharos: Intelligent, Unbreakable Code Policy Enforcement",
   "keywords": [
     "security",
     "linter",
     "analysis",
     "policy",
-    "tharos"
+    "tharos",
+    "code-security",
+    "collabchron",
+    "code-quality",
+    "chinonsochikelue",
+    "fluantix",
+    "Chinonso Chikelue",
+    "git-hooks",
+    "code-scanner",
+    "ai-security",
+    "code-policy",
+    "ast-analysis"
   ],
   "author": "Chinonso Chikelue <chinonsoneft@gmail.com>",
   "license": "MIT",
@@ -30,10 +41,12 @@
     "tharos": "dist/index.js"
   },
   "scripts": {
-    "build": "tsc && copy go-core\\tharos.exe dist\\tharos.exe",
+    "build": "tsc && npm run build:binary",
+    "build:binary": "node scripts/build-binary.cjs",
     "start": "node --loader ts-node/esm src/index.ts",
     "dev": "node --loader ts-node/esm src/index.ts",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "prepare": "npm run build",
+    "test": "node scripts/run-tests.cjs"
   },
   "dependencies": {},
   "devDependencies": {