@jishankai/solid-cli 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 macOS Security Analysis CLI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,276 @@
+# macOS System & Security Analysis Agent CLI (solid-cli)
+
+A **local-first** macOS security and performance analysis CLI. It runs a unified, adaptive set of analysis agents on your machine and can (optionally) use an LLM (Claude or OpenAI) to generate structured recommendations.
+
+> Note: LLM use is **optional**. When enabled, the CLI applies prompt sanitization and will **abort AI analysis** if sensitive patterns are detected.
+
+## 快速开始（Quick Start）
+
+```bash
+# Run once (no install)
+npx solid-cli
+
+# Or install globally
+npm install -g solid-cli
+solid-cli
+
+# Show help
+solid-cli --help
+```
+
+Optional (enable AI analysis):
+```bash
+export ANTHROPIC_API_KEY=sk-ant-...
+# or
+export OPENAI_API_KEY=sk-...
+
+solid-cli
+```
+
+Reports are written to `./reports/<YYYY>/<Month>/` by default.
+
+## Features
+
+- **Unified Adaptive Analysis**: runs a core set of agents every time, then conditionally expands analysis (e.g. blockchain/DeFi) when indicators are detected.
+- **Core Security Coverage**:
+  - System integrity checks (SIP, Gatekeeper, updates)
+  - Persistence mechanism detection (LaunchAgents/LaunchDaemons, Login Items, crontab)
+  - Process analysis for suspicious activity
+  - Network connection analysis (optionally enriched with IP geolocation)
+  - Privacy permission auditing
+- **Blockchain/DeFi Safety Add-on (adaptive)**: triggers wallet/DeFi threat checks only when crypto indicators are found.
+- **Privacy-protected AI insights (optional)**:
+  - Provider auto-detection (Claude preferred when both keys exist)
+  - Prompt sanitization + sensitive-pattern blocking
+  - Threshold-based skipping when findings are below configured triggers
+- **Professional Reports**: Markdown and/or PDF (Puppeteer) with templates.
+- **Structured Logging**: operational logs under `./logs/`.
+
+## Architecture
+
+```
+┌─────────────┐
+│   CLI UI    │  inquirer + chalk
+└─────┬───────┘
+      │
+┌─────▼────────────────────┐
+│   Orchestrator (Unified) │  Phase 1 core + Phase 2 adaptive
+└─────┬────────────────────┘
+      │
+ ┌────▼────┐  ┌───────────────▼───────────────┐
+ │ Core    │  │ Adaptive Agents (conditional) │
+ │ Agents  │  │ Blockchain / DeFi             │
+ └────┬────┘  └───────────────┬───────────────┘
+      │                        │
+┌─────▼───────────┐     ┌─────▼───────────┐
+│  LLM Analyzer    │     │ Report Manager  │
+│  (optional)      │     │ Markdown / PDF  │
+└──────────────────┘     └─────────────────┘
+```
+
+## Requirements
+
+- **macOS** 10.15 or later
+- **Node.js** 20.0 or later
+- **API Keys** (optional): Anthropic Claude and/or OpenAI
+
+## Installation
+
+### Install from npm
+
+```bash
+npm install -g solid-cli
+solid-cli
+```
+
+Run once without installing:
+```bash
+npx solid-cli
+```
+
+### Local development
+
+```bash
+npm install
+npm start
+```
+
+Optional: make the entry executable:
+```bash
+chmod +x src/index.js
+```
+
+## Usage
+
+Run the interactive CLI:
+
+```bash
+solid-cli
+# or, in this repo
+npm start
+```
+
+Show help:
+```bash
+solid-cli --help
+# or
+npm start -- --help
+```
+
+### What the CLI will ask (current flow)
+
+1. **LLM auto-detection** (no manual provider picker)
+   - If `ANTHROPIC_API_KEY` is present, the CLI uses **Claude**.
+   - Else if `OPENAI_API_KEY` is present, it uses **OpenAI**.
+   - Else it runs **report-only**.
+2. **AI analysis option**: you can still choose **AI analysis** or **report-only**.
+3. **Report format**: PDF or Markdown.
+4. **IP geolocation**: controlled by config (`security.enableGeoLookup`) and shown in the run summary.
+5. Analysis starts automatically (no extra confirmation prompt).
+
+### Report output
+
+- Default output root: `./reports` (configurable via `reports.outputDir`).
+- Directory layout: `./reports/<YYYY>/<Month>/`
+- Filenames:
+  - `Security-Report-<REPORT_ID>.md`
+  - `Security-Report-<REPORT_ID>.pdf`
+  - `metadata-<YYYY-MM-DD>.json`
+
+### Example run (illustrative)
+
+```text
+$ solid-cli
+
+✅ Claude (Anthropic) - API key detected
+? 🤖 AI Analysis Option: (Use arrow keys)
+  🧠 Use AI Analysis (CLAUDE) - Enhanced insights & recommendations
+  📋 Generate Security Report Only - Maximum privacy protection
+
+? Select report format: PDF (.pdf)
+✅ IP geolocation enabled
+
+🔍 Starting unified adaptive analysis...
+
+Phase 1: Core Security Analysis
+✓ ResourceAgent completed - Risk: LOW
+✓ SystemAgent completed - Risk: MEDIUM
+...
+
+Phase 2: Adaptive Analysis
+   No blockchain indicators detected - skipping blockchain analysis
+
+📁 Saved Reports:
+   📑 Pdf: reports/2025/December/Security-Report-RPT-XXXXXX.pdf
+```
+
+## Agents
+
+### Core agents (always run)
+
+- `ResourceAgent`: CPU/memory/process resource usage heuristics.
+- `SystemAgent`: SIP/Gatekeeper/updates and other system posture checks.
+- `PersistenceAgent`: LaunchAgents/LaunchDaemons/Login Items/crontab.
+- `ProcessAgent`: suspicious process patterns (paths, elevation, obfuscation).
+- `NetworkAgent`: network connections and listening ports; optional IP geolocation enrichment.
+- `PermissionAgent`: privacy permission auditing.
+
+### Adaptive agents (only run when indicators are detected)
+
+- `BlockchainAgent`: wallet processes/files, wallet-like browser extensions, mining indicators, and blockchain/DeFi network patterns.
+- `DeFiSecurityAgent`: DeFi scam indicators (processes/download metadata/network) with privacy-protective behavior (no clipboard or browser-history content extraction).
+
+## Configuration
+
+This project uses the `config` (node-config) package.
+
+- Defaults ship in `config/default.json`.
+- You can override settings by providing your own config directory in one of these ways:
+  - Create `./config/local.json` in the directory where you run `solid-cli`.
+  - Or set `NODE_CONFIG_DIR` to a custom config folder.
+
+Common settings:
+
+- `reports.outputDir`: report output directory (default `./reports`).
+- `analysis.parallelExecution` and `analysis.maxParallelAgents`: speed vs. load tradeoff.
+- `security.enableGeoLookup` and `security.geoLookupLimit`: IP geolocation enrichment behavior.
+- `llm.mode`: prompt mode (`summary` / `full`).
+- `llm.minHighRiskFindings`, `llm.minTotalFindings`, `llm.skipWhenBelowThreshold`: when AI analysis should run.
+
+## AI / LLM behavior (privacy-protected)
+
+- **Provider auto-detection priority**: Claude → OpenAI → none.
+- Before any LLM call, the CLI:
+  - builds a prompt from analysis results,
+  - runs a **sensitive pattern scan**,
+  - and **skips AI analysis** (and records details into report metadata) if sensitive patterns are detected.
+- When AI analysis runs, request/response payloads are logged under `./logs/llm-requests/`.
+
+## Security Considerations
+
+- **No Root Required**: checks run with user permissions.
+- **Local-First**: analysis runs locally; AI is optional.
+- **Read-only**: the tool does not modify system settings.
+- **LLM Safety**: sensitive pattern detection can prevent accidental leakage of keys/tokens.
+
+## Troubleshooting
+
+### Permission prompts / incomplete results
+
+Some checks may be limited without:
+- **Full Disk Access** (e.g. some system databases)
+- **Accessibility** (some process visibility)
+
+### PDF generation fails
+
+PDF uses Puppeteer. If Chromium cannot launch:
+- reinstall dependencies so Puppeteer can fetch Chromium, or
+- set `PUPPETEER_EXECUTABLE_PATH` to a local Chrome/Chromium.
+
+## Development
+
+### Project Structure
+
+```text
+solid-cli/
+├── config/
+│   └── default.json              # node-config defaults
+├── src/
+│   ├── agents/                   # analysis agents
+│   ├── config/ConfigManager.js   # config access/validation
+│   ├── llm/LLMAnalyzer.js        # LLM prompt building + safety checks
+│   ├── logging/Logger.js         # structured logging
+│   ├── report/                   # report generation (Handlebars + Puppeteer)
+│   ├── utils/                    # shell helpers, signatures, etc.
+│   ├── Orchestrator.js           # unified adaptive runner
+│   └── index.js                  # CLI entry point
+├── reports/                      # generated reports (gitignored typically)
+├── logs/                         # generated logs (gitignored typically)
+└── README.md
+```
+
+### Adding custom agents
+
+1. Create a new agent extending `BaseAgent` and implement `analyze()`.
+2. Register it in `src/Orchestrator.js` (core or conditional).
+
+## Publishing to npm (maintainers)
+
+1. Update `package.json` metadata (name/scope, version, repository, bugs, homepage).
+2. Clean artifacts: remove generated `logs/` and `reports/` before packing.
+3. Verify package contents: `npm pack --dry-run`.
+4. Smoke tests (non-interactive helpers):
+   - `node src/index.js --help`
+   - `node test-llm-choice.js`
+   - `node test-llm-blocking.js`
+   - `node test-llm-privacy.js`
+   - `node test-blockchain.js`
+5. Publish: `npm publish --access public`.
+
+## License
+
+MIT License - see `LICENSE`.
+
+## Disclaimer
+
+This tool is for legitimate security analysis and system auditing only. Users are responsible for compliance with applicable laws and regulations. The authors assume no liability for misuse.

package/config/default.json

@@ -0,0 +1,79 @@
+{
+  "analysis": {
+    "defaultDepth": "comprehensive",
+    "adaptiveMode": true,
+    "blockchainDetection": true,
+    "deepForensicsThreshold": "medium",
+    "parallelExecution": true,
+    "maxParallelAgents": 3
+  },
+  "reports": {
+    "outputDir": "./reports",
+    "retentionDays": 90,
+    "defaultTemplate": "executive",
+    "defaultFormats": ["markdown", "pdf"],
+    "pdfOptions": {
+      "format": "A4",
+      "margin": "2cm",
+      "displayHeaderFooter": true,
+      "printBackground": true
+    },
+    "includeScreenshots": false,
+    "compressOldReports": true
+  },
+  "logging": {
+    "level": "info",
+    "consoleLevel": "warn",
+    "enableConsole": true,
+    "enableFiles": true,
+    "logDir": "./logs",
+    "maxFileSize": "20m",
+    "maxFiles": "14d",
+    "securityLogRetention": "30d"
+  },
+  "llm": {
+    "autoDetectProvider": true,
+    "enableLogging": true,
+    "logDir": "./logs/llm-requests",
+    "privacyLevel": "high",
+    "maxTokens": 4000,
+    "temperature": 0.1,
+    "mode": "full",
+    "minHighRiskFindings": 0,
+    "minTotalFindings": 0,
+    "skipWhenBelowThreshold": false
+  },
+  "privacy": {
+    "redactUserPaths": true,
+    "redactUsernames": true,
+    "redactIPs": false,
+    "preserveDomains": true,
+    "sanitizationLevel": "high"
+  },
+  "performance": {
+    "enableMetrics": true,
+    "slowQueryThreshold": 5000,
+    "memoryThreshold": 1024,
+    "enableProfiling": false
+  },
+  "security": {
+    "enableGeoLookup": true,
+    "geoLookupLimit": 10,
+    "trustedPaths": [
+      "/System",
+      "/usr/bin",
+      "/usr/sbin",
+      "/bin",
+      "/sbin",
+      "/Applications"
+    ],
+    "riskyPorts": [
+      22, 23, 135, 139, 445, 1433, 3389, 5432, 6379, 27017, 8080, 8443
+    ]
+  },
+  "compliance": {
+    "frameworks": ["NIST CSF", "ISO 27001", "SOC 2"],
+    "enableMapping": true,
+    "reportCompliance": true
+  }
+}

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@jishankai/solid-cli",
+  "version": "1.0.0",
+  "description": "MacOS System & Security Analysis Agent CLI with LLM-powered insights",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "solid-cli": "./src/index.js"
+  },
+  "files": [
+    "src",
+    "config/default.json",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "node --watch src/index.js"
+  },
+  "keywords": [
+    "macos",
+    "security",
+    "analysis",
+    "cli",
+    "agent",
+    "llm",
+    "auditing",
+    "forensics"
+  ],
+  "author": "Kai <jishankai@gmail.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/your-org/solid-cli.git"
+  },
+  "bugs": {
+    "url": "https://github.com/your-org/solid-cli/issues"
+  },
+  "homepage": "https://github.com/your-org/solid-cli#readme",
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.30.0",
+    "chalk": "^5.3.0",
+    "config": "^4.1.1",
+    "execa": "^9.5.2",
+    "handlebars": "^4.7.8",
+    "inquirer": "^12.2.0",
+    "joi": "^18.0.2",
+    "openai": "^4.77.3",
+    "ora": "^8.1.1",
+    "puppeteer": "^24.34.0",
+    "winston": "^3.19.0",
+    "winston-daily-rotate-file": "^5.0.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}