@musashimiyamoto/agent-guard 0.3.0 → 0.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@musashimiyamoto/agent-guard",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Security scanner for AI agent configurations. Detects misconfigurations, exposed secrets, and unsafe skill patterns.",
   "main": "src/index.js",
   "bin": {
@@ -39,6 +39,7 @@
   "files": [
     "src/cli.js",
     "src/scanner.js",
+    "src/license.js",
     "src/rules/",
     "src/proxy/",
     "README.md"

package/src/cli.js

@@ -7,8 +7,9 @@ import { scan } from './scanner.js';
 import { resolve } from 'path';
 
 import { createProxy } from './proxy/index.js';
+import { getLicense, getUpgradePrompt } from './license.js';
 
-const VERSION = '0.3.0';
+const VERSION = '0.4.0';
 
 const FEEDBACK_URL = 'https://github.com/MusashiMiyamoto1-cloud/agent-guard/issues/new';
 const REPO_URL = 'https://github.com/MusashiMiyamoto1-cloud/agent-guard';
@@ -53,27 +54,36 @@ ${COLORS.cyan}╔═════════════════════
 function printHelp() {
   console.log(`
 ${COLORS.bold}Usage:${COLORS.reset}
-  agent-guard scan [path]     Scan directory for security issues
-  agent-guard proxy [port]    Start runtime protection proxy
-  agent-guard feedback [msg]  Submit feedback or report an issue
-  agent-guard --help          Show this help message
-  agent-guard --version       Show version
+  agent-guard scan [path]           Scan directory for security issues
+  agent-guard proxy [port]          Start runtime protection proxy (Pro)
+  agent-guard license activate KEY  Activate Pro license
+  agent-guard license status        Show license status
+  agent-guard license deactivate    Remove license
+  agent-guard feedback [msg]        Submit feedback or report an issue
+  agent-guard --help                Show this help message
+  agent-guard --version             Show version
 
 ${COLORS.bold}Examples:${COLORS.reset}
-  npx agent-guard scan .              Scan current directory
-  npx agent-guard scan ./my-agent     Scan specific agent directory
-  npx agent-guard proxy               Start proxy on port 18800
-  npx agent-guard proxy 8080          Start proxy on custom port
-  npx agent-guard feedback            Open feedback form
-  npx agent-guard feedback "Bug: ..."  Submit inline feedback
+  npx agent-guard scan .                        Scan current directory
+  npx agent-guard scan ./my-agent               Scan specific agent directory
+  npx agent-guard license activate XXXX-XXXX    Activate Pro license
+  npx agent-guard proxy                         Start proxy on port 18800 (Pro)
+  npx agent-guard feedback "Bug: ..."           Submit inline feedback
 
 ${COLORS.bold}Options:${COLORS.reset}
-  --json                      Output results as JSON
+  --json                      Output results as JSON (Pro)
   --quiet                     Only show findings (no banner)
   --policy <file>             Use custom policy file
 
+${COLORS.bold}Free vs Pro:${COLORS.reset}
+  Free: 50 files, 10 findings, 5 basic rules
+  Pro:  Unlimited, all 20+ rules, JSON, proxy, dashboard
+
+  Get Pro: https://agentguard.co/pro
+
 ${COLORS.bold}Environment:${COLORS.reset}
-  HTTP_PROXY=http://127.0.0.1:18800   Route agent through proxy
+  HTTP_PROXY=http://127.0.0.1:18800   Route agent through proxy (Pro)
+  AGENT_GUARD_LICENSE=KEY             License key (alternative to activate)
 
 ${COLORS.bold}Exit Codes:${COLORS.reset}
   0    No critical findings
@@ -225,6 +235,65 @@ async function handleFeedback(message) {
   console.log(`\n${COLORS.gray}Or visit: ${COLORS.cyan}${FEEDBACK_URL}${COLORS.reset}\n`);
 }
 
+async function handleLicense(subcommand, args, quiet) {
+  const license = await getLicense();
+  
+  if (subcommand === 'activate') {
+    const key = args[0] || process.env.AGENT_GUARD_LICENSE;
+    if (!key) {
+      console.log(`${COLORS.red}Error: License key required${COLORS.reset}`);
+      console.log(`Usage: agent-guard license activate YOUR-LICENSE-KEY`);
+      console.log(`\nGet a license at: ${COLORS.cyan}https://agentguard.co/pro${COLORS.reset}`);
+      process.exit(2);
+    }
+    
+    console.log(`${COLORS.gray}Validating license...${COLORS.reset}`);
+    const result = await license.activate(key);
+    
+    if (result.success) {
+      console.log(`${COLORS.green}✓ ${result.message}${COLORS.reset}`);
+      console.log(`\n${COLORS.bold}License Details:${COLORS.reset}`);
+      console.log(`  Product: ${license.data.product}`);
+      console.log(`  Email:   ${license.data.email || 'N/A'}`);
+      if (license.data.expiresAt) {
+        console.log(`  Expires: ${license.data.expiresAt}`);
+      }
+      console.log(`\n${COLORS.green}All Pro features unlocked!${COLORS.reset}`);
+    } else {
+      console.log(`${COLORS.red}✗ ${result.message}${COLORS.reset}`);
+      console.log(`\nNeed a license? Visit: ${COLORS.cyan}https://agentguard.co/pro${COLORS.reset}`);
+      process.exit(2);
+    }
+  } else if (subcommand === 'status') {
+    if (license.isPro()) {
+      console.log(`${COLORS.green}✓ Pro License Active${COLORS.reset}\n`);
+      console.log(`${COLORS.bold}License Details:${COLORS.reset}`);
+      console.log(`  Product: ${license.data.product}`);
+      console.log(`  Email:   ${license.data.email || 'N/A'}`);
+      console.log(`  Since:   ${license.data.activatedAt}`);
+      if (license.data.expiresAt) {
+        console.log(`  Expires: ${license.data.expiresAt}`);
+      }
+    } else {
+      console.log(`${COLORS.yellow}Free Tier${COLORS.reset}\n`);
+      console.log(`${COLORS.bold}Limits:${COLORS.reset}`);
+      console.log(`  Files:    50 max`);
+      console.log(`  Findings: 10 shown`);
+      console.log(`  Rules:    5 basic`);
+      console.log(`  JSON:     ✗`);
+      console.log(`  Proxy:    ✗`);
+      console.log(getUpgradePrompt());
+    }
+  } else if (subcommand === 'deactivate') {
+    const result = await license.deactivate();
+    console.log(`${COLORS.green}✓ ${result.message}${COLORS.reset}`);
+  } else {
+    console.log(`Unknown license command: ${subcommand}`);
+    console.log(`Usage: agent-guard license [activate|status|deactivate]`);
+    process.exit(2);
+  }
+}
+
 async function main() {
   const args = process.argv.slice(2);
   
@@ -232,6 +301,14 @@ async function main() {
   const quiet = args.includes('--quiet');
   const filteredArgs = args.filter(a => !a.startsWith('--'));
   
+  // Load license early
+  const license = await getLicense();
+  
+  // Check for env var license
+  if (!license.isPro() && process.env.AGENT_GUARD_LICENSE) {
+    await license.activate(process.env.AGENT_GUARD_LICENSE);
+  }
+  
   if (args.includes('--help') || args.includes('-h')) {
     printBanner();
     printHelp();
@@ -252,7 +329,22 @@ async function main() {
     process.exit(0);
   }
   
+  if (command === 'license') {
+    const subcommand = filteredArgs[1] || 'status';
+    const subArgs = filteredArgs.slice(2);
+    if (!quiet) printBanner();
+    await handleLicense(subcommand, subArgs, quiet);
+    process.exit(0);
+  }
+  
   if (command === 'proxy') {
+    if (!license.isPro()) {
+      if (!quiet) printBanner();
+      console.log(`${COLORS.red}Runtime proxy requires Pro license.${COLORS.reset}\n`);
+      console.log(getUpgradePrompt('proxy'));
+      process.exit(2);
+    }
+    
     const port = parseInt(filteredArgs[1]) || 18800;
     if (!quiet) printBanner();
     console.log(`${COLORS.cyan}Starting runtime protection proxy...${COLORS.reset}\n`);
@@ -291,17 +383,53 @@ async function main() {
   }
   
   try {
-    const report = await scan(targetPath);
+    const report = await scan(targetPath, { license });
+    
+    // Apply license limits
+    const limits = license.getLimits();
+    let findings = report.findings;
+    let truncated = false;
+    let hitFileLimit = report.hitFileLimit;
+    
+    if (!license.isPro() && findings.length > limits.maxFindings) {
+      truncated = true;
+      findings = findings.slice(0, limits.maxFindings);
+    }
     
     if (jsonOutput) {
+      if (!license.isPro()) {
+        console.log(`${COLORS.red}JSON output requires Pro license.${COLORS.reset}\n`);
+        console.log(getUpgradePrompt('json'));
+        process.exit(2);
+      }
       // Add feedback URL to JSON output for agent consumption
       report.feedback_url = FEEDBACK_URL;
       report.repo_url = REPO_URL;
       console.log(JSON.stringify(report, null, 2));
     } else {
+      // Show rules info for free tier
+      if (!license.isPro()) {
+        console.log(`${COLORS.gray}Using ${report.rulesUsed}/${report.totalRules} rules (Free tier)${COLORS.reset}\n`);
+      }
+      
       printScore(report);
-      printFindings(report.findings);
+      printFindings(findings);
+      
+      if (hitFileLimit) {
+        console.log(`${COLORS.yellow}${getUpgradePrompt('files')}${COLORS.reset}\n`);
+      }
+      
+      if (truncated) {
+        console.log(`${COLORS.yellow}${getUpgradePrompt('findings').replace('{total}', report.findings.length)}${COLORS.reset}\n`);
+      }
+      
       printRecommendations(report);
+      
+      // Show upgrade prompt for free users with findings
+      if (!license.isPro() && report.totalFindings > 0) {
+        console.log(getUpgradePrompt());
+      }
+      
       printFeedbackFooter();
     }
     

package/src/license.js

@@ -0,0 +1,227 @@
+// Agent Guard License System
+// Integrates with LemonSqueezy for payment processing
+
+import { homedir } from 'os';
+import { join } from 'path';
+import { readFile, writeFile, mkdir } from 'fs/promises';
+
+const CONFIG_DIR = join(homedir(), '.agent-guard');
+const LICENSE_FILE = join(CONFIG_DIR, 'license.json');
+const LEMON_API = 'https://api.lemonsqueezy.com/v1/licenses/validate';
+
+// Product IDs (set these after creating LemonSqueezy products)
+const PRODUCT_IDS = {
+  'agent-guard-pro': null,      // Will be set after LemonSqueezy setup
+  'musashi-suite': null,
+};
+
+// Feature limits
+export const LIMITS = {
+  free: {
+    maxFiles: 50,
+    maxFindings: 10,        // Only show first 10 findings
+    rules: 'basic',          // Only basic rules (SEC-001 to SEC-005)
+    jsonOutput: false,
+    proxy: false,
+    dashboard: false,
+  },
+  pro: {
+    maxFiles: Infinity,
+    maxFindings: Infinity,
+    rules: 'all',
+    jsonOutput: true,
+    proxy: true,
+    dashboard: true,
+  }
+};
+
+// Basic rule IDs (free tier)
+const BASIC_RULES = ['SEC-001', 'SEC-002', 'SEC-003', 'SEC-004', 'SEC-005'];
+
+export class License {
+  constructor() {
+    this.data = null;
+    this.tier = 'free';
+  }
+
+  async load() {
+    try {
+      const content = await readFile(LICENSE_FILE, 'utf-8');
+      this.data = JSON.parse(content);
+      
+      // Check if still valid
+      if (this.data.valid && this.data.expiresAt) {
+        if (new Date(this.data.expiresAt) < new Date()) {
+          // Expired, try to revalidate
+          if (this.data.key) {
+            await this.activate(this.data.key);
+          }
+        } else {
+          this.tier = 'pro';
+        }
+      }
+    } catch {
+      // No license file or invalid
+      this.data = null;
+      this.tier = 'free';
+    }
+    return this;
+  }
+
+  async save() {
+    try {
+      await mkdir(CONFIG_DIR, { recursive: true });
+      await writeFile(LICENSE_FILE, JSON.stringify(this.data, null, 2));
+    } catch (err) {
+      // Ignore save errors
+    }
+  }
+
+  async activate(licenseKey) {
+    // Clean the key
+    const key = licenseKey.trim();
+    
+    // Try LemonSqueezy validation
+    try {
+      const response = await fetch(LEMON_API, {
+        method: 'POST',
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          license_key: key,
+          instance_name: `agent-guard-${homedir().split('/').pop()}`
+        })
+      });
+
+      const result = await response.json();
+      
+      if (result.valid || result.license_key?.status === 'active') {
+        this.data = {
+          key,
+          valid: true,
+          activatedAt: new Date().toISOString(),
+          expiresAt: result.license_key?.expires_at || null,
+          email: result.meta?.customer_email || null,
+          product: result.meta?.product_name || 'Agent Guard Pro',
+          instanceId: result.instance?.id || null,
+        };
+        this.tier = 'pro';
+        await this.save();
+        return { success: true, message: 'License activated!' };
+      } else {
+        return { 
+          success: false, 
+          message: result.error || 'Invalid license key' 
+        };
+      }
+    } catch (err) {
+      // Network error - check for offline activation
+      // For now, allow a grace period with cached validation
+      if (this.data?.key === key && this.data?.valid) {
+        this.tier = 'pro';
+        return { success: true, message: 'License valid (cached)' };
+      }
+      return { 
+        success: false, 
+        message: `Validation failed: ${err.message}` 
+      };
+    }
+  }
+
+  async deactivate() {
+    if (this.data?.instanceId) {
+      // Optionally deactivate on LemonSqueezy
+      try {
+        await fetch(`https://api.lemonsqueezy.com/v1/licenses/deactivate`, {
+          method: 'POST',
+          headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+          },
+          body: JSON.stringify({
+            license_key: this.data.key,
+            instance_id: this.data.instanceId
+          })
+        });
+      } catch {
+        // Ignore deactivation errors
+      }
+    }
+    
+    this.data = null;
+    this.tier = 'free';
+    await this.save();
+    return { success: true, message: 'License deactivated' };
+  }
+
+  getLimits() {
+    return LIMITS[this.tier];
+  }
+
+  isPro() {
+    return this.tier === 'pro';
+  }
+
+  filterRules(rules) {
+    if (this.isPro()) return rules;
+    // Free tier: only basic rules
+    return rules.filter(r => BASIC_RULES.includes(r.id));
+  }
+
+  filterFindings(findings) {
+    const limits = this.getLimits();
+    if (limits.maxFindings === Infinity) return findings;
+    return findings.slice(0, limits.maxFindings);
+  }
+
+  checkFileLimit(count) {
+    const limits = this.getLimits();
+    return count <= limits.maxFiles;
+  }
+
+  canUseFeature(feature) {
+    const limits = this.getLimits();
+    return limits[feature] === true;
+  }
+}
+
+// Singleton
+let licenseInstance = null;
+
+export async function getLicense() {
+  if (!licenseInstance) {
+    licenseInstance = new License();
+    await licenseInstance.load();
+  }
+  return licenseInstance;
+}
+
+// Upgrade prompt
+export function getUpgradePrompt(feature = null) {
+  const baseUrl = 'https://agentguard.co/pro';
+  
+  const messages = {
+    default: `
+┌─────────────────────────────────────────────────────┐
+│  ⭐ Upgrade to Agent Guard Pro                      │
+│                                                     │
+│  ✓ Unlimited files & findings                       │
+│  ✓ All 20+ security rules                           │
+│  ✓ JSON output for CI/CD                            │
+│  ✓ Runtime protection proxy                         │
+│  ✓ Dashboard integration                            │
+│                                                     │
+│  ${baseUrl}                             │
+└─────────────────────────────────────────────────────┘`,
+    
+    files: `⚠️  Free tier limited to 50 files. Upgrade for unlimited: ${baseUrl}`,
+    findings: `⚠️  Showing 10 of {total} findings. Upgrade to see all: ${baseUrl}`,
+    json: `⚠️  JSON output requires Pro license: ${baseUrl}`,
+    proxy: `⚠️  Runtime proxy requires Pro license: ${baseUrl}`,
+    rules: `ℹ️  Free tier uses 5 basic rules. Pro includes 20+ rules: ${baseUrl}`,
+  };
+
+  return messages[feature] || messages.default;
+}

package/src/scanner.js

@@ -14,6 +14,9 @@ const IGNORE_FILES = [
   '.DS_Store', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml'
 ];
 
+// Basic rules available in free tier
+const BASIC_RULE_IDS = ['SEC-001', 'SEC-002', 'SEC-003', 'SEC-004', 'SEC-005'];
+
 export class Scanner {
   constructor(options = {}) {
     this.findings = [];
@@ -21,8 +24,14 @@ export class Scanner {
     this.options = {
       maxFileSize: options.maxFileSize || 1024 * 1024, // 1MB
       followSymlinks: options.followSymlinks || false,
+      maxFiles: options.maxFiles || Infinity,
       ...options
     };
+    
+    // Filter rules based on license
+    this.activeRules = options.license?.isPro() 
+      ? rules 
+      : rules.filter(r => BASIC_RULE_IDS.includes(r.id));
   }
 
   async scan(targetPath) {
@@ -64,6 +73,11 @@ export class Scanner {
   }
 
   async scanFile(filePath) {
+    // Check file limit
+    if (this.scannedFiles >= this.options.maxFiles) {
+      return; // Hit free tier limit
+    }
+    
     try {
       const stats = await stat(filePath);
       
@@ -76,7 +90,7 @@ export class Scanner {
       
       this.scannedFiles++;
       
-      for (const rule of rules) {
+      for (const rule of this.activeRules) {
         if (!rule.patterns) continue; // Skip non-pattern rules
         
         if (!this.matchesFilePattern(fileName, rule.files)) {
@@ -177,6 +191,12 @@ export class Scanner {
       }
     }
     
+    // Deduplicate: skip if same rule+file+line already recorded
+    const isDuplicate = this.findings.some(f => 
+      f.rule === rule.id && f.file === filePath && f.line === lineNum
+    );
+    if (isDuplicate) return;
+    
     // Redact sensitive values
     const redactedMatch = this.redactSensitive(match);
     
@@ -246,6 +266,19 @@ export class Scanner {
 }
 
 export async function scan(targetPath, options = {}) {
+  // Apply license limits
+  if (options.license) {
+    const limits = options.license.getLimits();
+    options.maxFiles = options.maxFiles || limits.maxFiles;
+  }
+  
   const scanner = new Scanner(options);
-  return scanner.scan(targetPath);
+  const report = await scanner.scan(targetPath);
+  
+  // Add metadata for license handling
+  report.hitFileLimit = scanner.scannedFiles >= (options.maxFiles || Infinity);
+  report.rulesUsed = scanner.activeRules?.length || rules.length;
+  report.totalRules = rules.length;
+  
+  return report;
 }