@neurosec/sentry 1.0.20 → 1.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neurosec/sentry",
-  "version": "1.0.20",
+  "version": "1.1.0",
   "description": "NeuroShield Sentry — host-level agent protection daemon. Detects and blocks malicious AI agent actions at the OS level.",
   "keywords": [
     "ai-security",
@@ -28,7 +28,8 @@
   },
   "os": [
     "linux",
-    "darwin"
+    "darwin",
+    "win32"
   ],
   "preferGlobal": true,
   "bin": {
@@ -50,7 +51,10 @@
     "lint": "eslint src --ext .ts",
     "test": "vitest run",
     "prepack": "npm run build && node scripts/prepack.js",
-    "postinstall": "node scripts/postinstall.js"
+    "postinstall": "node scripts/postinstall.js",
+    "install-service:linux": "sudo bash scripts/install-sentry.sh",
+    "install-service:macos": "sudo bash scripts/install-sentry-macos.sh",
+    "install-service:win": "powershell -ExecutionPolicy Bypass -File scripts/install-sentry-windows.ps1"
   },
   "dependencies": {
     "yaml": "^2.3.4",

package/scripts/install-sentry-windows.ps1

@@ -0,0 +1,217 @@
+# NeuroShield Sentry Daemon — Windows Installation Script
+# Run as Administrator: powershell -ExecutionPolicy Bypass -File install-sentry-windows.ps1
+param(
+    [string]$Mode = "monitor",
+    [string]$NeurosecUrl = "https://api.neurosec.ai",
+    [string]$OrgId = "",
+    [string]$Token = ""
+)
+
+$ErrorActionPreference = "Stop"
+$SentryVersion = "1.0.0"
+$InstallDir = "$env:ProgramFiles\NeuroShield\Sentry"
+$ConfigDir = "$env:ProgramData\NeuroShield\Sentry"
+$StateDir = "$env:ProgramData\NeuroShield\Sentry\state"
+$LogDir = "$env:ProgramData\NeuroShield\Sentry\logs"
+$BinPath = "$InstallDir\bin\neuroshield-sentryd.cmd"
+$ConfigPath = "$ConfigDir\sentry.yaml"
+$ServiceName = "NeuroShieldSentry"
+
+Write-Host "============================================" -ForegroundColor Cyan
+Write-Host " NeuroShield Sentry v$SentryVersion Installer (Windows)" -ForegroundColor Cyan
+Write-Host " Mode: $Mode" -ForegroundColor Cyan
+Write-Host "============================================" -ForegroundColor Cyan
+
+# Check if running as admin
+$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+if (-not $isAdmin) {
+    Write-Host "ERROR: This script must be run as Administrator" -ForegroundColor Red
+    exit 1
+}
+
+# Check Node.js
+try {
+    $nodeVersion = node --version
+    Write-Host "Node.js found: $nodeVersion" -ForegroundColor Green
+} catch {
+    Write-Host "ERROR: Node.js is required (>= 20)" -ForegroundColor Red
+    exit 1
+}
+
+# Create directories
+Write-Host "Creating directories..." -ForegroundColor Yellow
+New-Item -ItemType Directory -Force -Path $InstallDir | Out-Null
+New-Item -ItemType Directory -Force -Path $ConfigDir | Out-Null
+New-Item -ItemType Directory -Force -Path $StateDir | Out-Null
+New-Item -ItemType Directory -Force -Path $LogDir | Out-Null
+
+# Copy sentry package files
+$scriptPath = Split-Path -Parent $MyInvocation.MyCommand.Path
+$projectDir = Resolve-Path "$scriptPath\..\..\.."
+$sentryPackage = "$projectDir\packages\sentry"
+
+if (Test-Path "$sentryPackage\package.json") {
+    Write-Host "Building sentry daemon from source..." -ForegroundColor Yellow
+    
+    # Copy dist
+    if (Test-Path "$sentryPackage\dist") {
+        Copy-Item -Path "$sentryPackage\dist\*" -Destination "$InstallDir" -Recurse -Force
+    }
+    
+    # Copy node_modules
+    if (Test-Path "$sentryPackage\node_modules") {
+        Copy-Item -Path "$sentryPackage\node_modules\*" -Destination "$InstallDir\node_modules" -Recurse -Force
+    }
+    
+    Copy-Item -Path "$sentryPackage\package.json" -Destination "$InstallDir" -Force
+}
+
+# Create wrapper script
+$wrapperContent = @"
+@echo off
+node "%~dp0..\dist\index.js" %*
+"@
+[System.IO.File]::WriteAllText($BinPath, $wrapperContent)
+
+# Generate default config
+if (-not (Test-Path $ConfigPath)) {
+    Write-Host "Generating default config..." -ForegroundColor Yellow
+    
+    $hostId = "$env:COMPUTERNAME-sentry"
+    
+    $configContent = @"
+# NeuroShield Sentry Daemon Configuration (Windows)
+sentry:
+  host_id: "$hostId"
+  version: "$SentryVersion"
+  health_port: 9190
+  api_port: 9191
+  state_dir: "$StateDir"
+  pid_file_path: "$StateDir\sentry.pid"
+
+neurosec:
+  endpoint: "$NeurosecUrl"
+  org_id: "$OrgId"
+  token_path: "$ConfigDir\sentry.token"
+  tls_cert: "$ConfigDir\cert.pem"
+  tls_key: "$ConfigDir\key.pem"
+  sync_interval_ms: 30000
+  heartbeat_interval_ms: 300000
+
+enforcement:
+  mode: "$Mode"
+  sandbox_enabled: false
+  syscall_filter_enabled: false
+  network_filter_enabled: true
+  filesystem_filter_enabled: false
+
+sandbox_defaults:
+  cpu_max: "0.5"
+  memory_max: "512MB"
+  pid_max: 100
+
+network:
+  allow_hosts:
+    - "api.openai.com:443"
+    - "api.anthropic.com:443"
+    - "api.neurosec.ai:443"
+  block_hosts:
+    - "*.pastebin.com"
+    - "*.ngrok.io"
+    - "*.requestbin.net"
+    - "*.webhook.site"
+  allow_private: false
+  dns_monitor_enabled: false
+
+proxy:
+  enabled: true
+  port: 9081
+  bind_address: "127.0.0.1"
+  upstream_timeout_ms: 120000
+  max_buffer_size_mb: 10
+  intercept_https: false
+
+redirect:
+  enabled: true
+  strategy: "env-inject"
+  preserve_original_key: true
+  inject_on_discover: true
+
+skill_authz:
+  enabled: true
+  allow_unknown: false
+  require_approval:
+    - "shell_exec"
+    - "bash"
+    - "terminal"
+    - "run_command"
+
+audit:
+  log_path: "$LogDir\sentry.log"
+  retention_days: 90
+  max_size_mb: 500
+
+discovery:
+  interval_ms: 30000
+  source_paths:
+    - "C:\Users"
+    - "C:\Projects"
+    - "C:\Workspace"
+"@
+    [System.IO.File]::WriteAllText($ConfigPath, $configContent)
+    Write-Host "  Config written to $ConfigPath" -ForegroundColor Green
+}
+
+# Create empty token file
+$tokenPath = "$ConfigDir\sentry.token"
+if (-not (Test-Path $tokenPath)) {
+    if ($Token) {
+        [System.IO.File]::WriteAllText($tokenPath, $Token)
+    } else {
+        New-Item -ItemType File -Force -Path $tokenPath | Out-Null
+    }
+}
+
+# Install Windows service using NSSM or sc.exe
+Write-Host "Installing Windows service..." -ForegroundColor Yellow
+
+# Check if NSSM is available
+$nssmPath = Get-Command "nssm" -ErrorAction SilentlyContinue
+
+if ($nssmPath) {
+    # Use NSSM for service management
+    nssm install $ServiceName "node.exe" "$InstallDir\dist\index.js" "$ConfigPath"
+    nssm set $ServiceName AppDirectory "$InstallDir"
+    nssm set $ServiceName DisplayName "NeuroShield Sentry Daemon"
+    nssm set $ServiceName Description "Host-level AI agent protection daemon. Detects, sandboxes, and enforces policies on AI agent processes."
+    nssm set $ServiceName Start SERVICE_AUTO_START
+    nssm set $ServiceName AppStdout "$LogDir\sentry-stdout.log"
+    nssm set $ServiceName AppStderr "$LogDir\sentry-stderr.log"
+    nssm set $ServiceName AppEnvironmentExtra "NODE_ENV=production SENTRY_CONFIG_PATH=$ConfigPath LOG_LEVEL=info"
+    nssm start $ServiceName
+} else {
+    # Use sc.exe for basic service creation
+    $binaryPath = "node.exe `"$InstallDir\dist\index.js`" `"$ConfigPath`""
+    sc.exe create $ServiceName binPath= $binaryPath start= auto
+    sc.exe description $ServiceName "Host-level AI agent protection daemon"
+    sc.exe failure $ServiceName reset= 86400 actions= restart/5000/restart/10000/restart/30000
+    sc.exe start $ServiceName
+}
+
+Write-Host ""
+Write-Host "============================================" -ForegroundColor Cyan
+Write-Host " Installation Complete!" -ForegroundColor Cyan
+Write-Host "============================================" -ForegroundColor Cyan
+Write-Host ""
+Write-Host " Next steps:"
+Write-Host "   1. Edit $ConfigPath with your NeuroSec org ID"
+Write-Host "   2. Set your sentry token: echo 'your-token' > $ConfigDir\sentry.token"
+Write-Host "   3. Service '$ServiceName' should be running"
+Write-Host "   4. Check status: sc query $ServiceName"
+Write-Host "   5. View logs: Get-Content $LogDir\sentry-stdout.log -Tail 50"
+Write-Host "   6. Local API: curl http://127.0.0.1:9191/api/v1/status"
+Write-Host ""
+Write-Host " To uninstall:"
+Write-Host "   nssm stop $ServiceName"
+Write-Host "   nssm remove $ServiceName confirm"
+Write-Host "   Remove-Item -Recurse -Force '$InstallDir'"