@northbridge-security/secureai 0.1.13

package/.claude/commands/wrapup.md

@@ -0,0 +1,103 @@
+# Wrapup: Document and Restart
+
+Wrap up the session before `/clear`. Document decisions and status for the next session.
+
+**CRITICAL**: The next session's `/catchup` reads `docs/TODO.md` and `docs/ADR.md`. Any work not documented there will be lost to the next agent.
+
+## Tasks
+
+1. **Update docs/TODO.md** (REQUIRED)
+   - **In Progress**: Add incomplete tasks with clear next steps
+   - **Done**: Move completed tasks with date
+   - **Backlog**: Add discovered tasks for future
+   - Reference PRD files for context: `See docs/requirements/prd.xxx.md`
+
+2. **Document decisions in docs/ADR.md** (if any)
+   - A decision has: alternatives considered, a non-obvious rationale, future relevance
+   - If yes: Append using the ADR template below
+
+3. **End session**
+   - Run: `secureai session end`
+   - This removes the session flag so the next session runs catchup
+
+4. **Git commit docs** (if changed)
+   - Stage: `docs/TODO.md`, `docs/ADR.md`
+   - Commit: `docs: update TODO and ADR for session handoff`
+
+5. **Output summary**
+   - What's in TODO.md for next session?
+   - Reminder: Run `/clear` to clear context
+
+## ADR Template
+
+When adding to `docs/ADR.md`, use this format:
+
+```markdown
+---
+
+## ADR-NNN: <Title>
+
+**Date**: YYYY-MM-DD
+**Status**: Accepted | Proposed | Deprecated | Superseded by ADR-XXX
+
+### Context
+
+What is the issue or situation that requires a decision?
+
+### Decision
+
+What is the decision that was made?
+
+### Alternatives Considered
+
+1. **Alternative A**: Description. Rejected because...
+2. **Alternative B**: Description. Rejected because...
+
+### Consequences
+
+- Positive: ...
+- Negative: ...
+- Neutral: ...
+
+### Implementation Notes
+
+Any specific guidance for implementing this decision.
+```
+
+## ADR.md File Structure
+
+If `docs/ADR.md` doesn't exist, create it:
+
+```markdown
+# Architecture Decision Records
+
+This document captures significant architectural and design decisions for the project.
+Decisions are numbered sequentially (ADR-001, ADR-002, etc.).
+
+## Index
+
+| ADR | Title | Date | Status |
+|-----|-------|------|--------|
+| ADR-001 | Example decision | 2024-01-15 | Accepted |
+
+---
+
+## ADR-001: Example decision
+
+...
+```
+
+## What Qualifies as an ADR?
+
+| Include | Exclude |
+|---------|---------|
+| Technology choices | Bug fixes |
+| Architecture patterns | Implementation details |
+| Breaking changes | Temporary workarounds |
+| API design decisions | Style preferences |
+| Security policies | Config tweaks |
+| Data model changes | Dependency updates (minor) |
+
+## Note
+
+After this command, manually run `/clear` to start fresh.

package/LICENSE

@@ -0,0 +1,183 @@
+PROPRIETARY SOFTWARE LICENSE
+
+Copyright (c) 2025 Northbridge Security AB. All rights reserved.
+
+IMPORTANT: This software and associated documentation files (the "Software") are
+proprietary and confidential to Northbridge Security AB ("Northbridge").
+
+This Software is NOT open source and is NOT licensed under MIT, Apache, GPL, or
+any other open-source license.
+
+================================================================================
+1. GRANT OF LICENSE
+================================================================================
+
+Subject to the terms and conditions of this License, Northbridge grants a
+limited, non-exclusive, non-transferable, revocable license to use the Software
+ONLY to the following authorized parties ("Authorized Users"):
+
+  a) Employees of Northbridge Security AB
+  b) Employees of Northbridge Security (US entity)
+  c) Employees of companies within the TechStars portfolio group
+  d) Approved business partners explicitly authorized in writing by Northbridge
+
+This license is granted solely for:
+  - Internal business operations of the authorized organizations
+  - Approved development and engineering activities
+  - Approved research and development projects
+
+================================================================================
+2. RESTRICTIONS
+================================================================================
+
+You are expressly PROHIBITED from:
+
+  a) Using the Software in client assignments or consulting projects without
+     explicit written approval from Northbridge management
+
+  b) Using the Software in personal projects without explicit written approval
+     from Northbridge management
+
+  c) Distributing, sublicensing, selling, or transferring the Software to any
+     third party not listed as an Authorized User
+
+  d) Creating derivative works based on the Software for use outside the
+     authorized organizations
+
+  e) Removing, altering, or obscuring any proprietary notices, labels, or marks
+     from the Software
+
+  f) Reverse engineering, decompiling, or disassembling the Software (except as
+     permitted by applicable law)
+
+  g) Copying or cloning the Software or any portion thereof for use outside of
+     Northbridge Security, Northbridge AB, or the TechStars group
+
+  h) Disclosing, sharing, or making available the Software source code to any
+     unauthorized individuals or entities
+
+  i) Using the Software for any purpose that competes with Northbridge's
+     business interests
+
+================================================================================
+3. CONTRACTORS AND CONSULTANTS
+================================================================================
+
+External contractors and consultants working with Authorized Users:
+
+  a) Must sign a separate Confidentiality and Non-Disclosure Agreement (NDA)
+
+  b) Are granted access only for the specific duration and scope of their
+     authorized engagement
+
+  c) Must immediately cease all use and return/delete all copies of the Software
+     upon completion or termination of their engagement
+
+  d) Are expressly PROHIBITED from retaining, copying, or using the Software in
+     any capacity after their engagement ends
+
+  e) Are PROHIBITED from using the Software for any other clients or projects
+
+================================================================================
+4. CONFIDENTIALITY
+================================================================================
+
+The Software is confidential and proprietary to Northbridge. Authorized Users
+must:
+
+  a) Maintain the confidentiality of the Software
+  b) Use the same degree of care as they use for their own confidential information
+  c) Not disclose the Software to any unauthorized third parties
+  d) Immediately notify Northbridge of any unauthorized access or disclosure
+
+================================================================================
+5. INTELLECTUAL PROPERTY
+================================================================================
+
+  a) Northbridge retains all rights, title, and interest in and to the Software,
+     including all intellectual property rights
+
+  b) No ownership rights are transferred under this License
+
+  c) All modifications, enhancements, or derivative works created remain the
+     exclusive property of Northbridge
+
+  d) Authorized Users agree to assign all rights in any contributions or
+     modifications to Northbridge
+
+================================================================================
+6. TERMINATION
+================================================================================
+
+  a) This License is effective until terminated
+
+  b) Northbridge may terminate this License at any time with or without cause
+
+  c) This License automatically terminates if you breach any terms
+
+  d) Upon termination, you must immediately:
+     - Cease all use of the Software
+     - Delete all copies of the Software in your possession
+     - Certify in writing the destruction of all copies (if requested)
+
+  e) Employment termination or end of contractor engagement automatically
+     terminates this License
+
+================================================================================
+7. NO WARRANTY
+================================================================================
+
+THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
+
+NORTHBRIDGE DOES NOT WARRANT THAT THE SOFTWARE WILL MEET YOUR REQUIREMENTS OR
+THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE.
+
+================================================================================
+8. LIMITATION OF LIABILITY
+================================================================================
+
+IN NO EVENT SHALL NORTHBRIDGE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT,
+OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR
+LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION,
+OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE
+SOFTWARE, EVEN IF NORTHBRIDGE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+================================================================================
+9. GENERAL PROVISIONS
+================================================================================
+
+  a) Governing Law: This License shall be governed by the laws of Sweden
+
+  b) Severability: If any provision is found invalid, the remainder continues
+     in effect
+
+  c) Entire Agreement: This License constitutes the entire agreement regarding
+     the Software
+
+  d) Amendments: Northbridge may modify this License at any time by providing
+     notice to Authorized Users
+
+  e) No Waiver: Failure to enforce any provision does not waive future enforcement
+
+================================================================================
+10. CONTACT AND APPROVAL REQUESTS
+================================================================================
+
+For license clarifications, approval requests, or questions, contact:
+
+  Northbridge Security AB
+  Legal/Compliance Department
+  [Insert contact email or address]
+
+================================================================================
+
+BY ACCESSING, DOWNLOADING, OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE
+READ THIS LICENSE, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND
+CONDITIONS.
+
+IF YOU DO NOT AGREE TO THESE TERMS, YOU ARE NOT AUTHORIZED TO USE THE SOFTWARE.
+
+================================================================================

package/README.md

@@ -0,0 +1,108 @@
+# Secure AI by Northbridge Security
+
+**AI agents are team members, not tools. They follow the same rules as humans.**
+
+Secure AI enforces your Secure Development Lifecycle (SDLC) for both humans and AI agents, ensuring all code delivered meets the same standards: secure, validated, documented, deployed, and observable.
+
+## Features
+
+### Security Controls
+
+Code meets security standards based on regulatory context.
+
+- **No secrets in code** - Blocks commits containing API keys, tokens, and passwords
+- **No PII exposure** - Prevents sensitive data from reaching AI providers
+- **Supply chain integrity** - Pins dependencies and validates provenance
+- **Static and dynamic analysis** - Detects vulnerabilities before and after deployment
+
+### Quality Enforcement
+
+Code is efficient, maintainable, well-designed, and fit for purpose.
+
+- **Test coverage** - Enforces minimum coverage thresholds
+- **Code standards** - Validates against company-wide coding standards
+- **Requirements traceability** - Maps PRDs to tasks to commits
+- **Human approval** - All code reviewed before merge
+
+### Human-in-the-Loop
+
+AI agents propose. Humans approve.
+
+- **Sandboxed development** - AI agents work in isolated worktrees
+- **Approval gates** - Human approval required for tasks, merges, and deploys
+- **Blocked actions** - AI cannot push, deploy, or publish
+- **Full audit trail** - Complete visibility into AI operations
+
+## Alpha 0.2
+
+This release adds real-time protection for AI agent interactions:
+
+- **PII Detection** - Blocks prompts containing emails, phone numbers, credit cards, and other sensitive data before they reach AI providers
+- **Secret Scanning** - Detects AWS keys, GitHub tokens, private keys, and database connection strings
+- **Guard Hooks** - PreToolUse and UserPromptSubmit hooks for Claude Code
+- **VSCode Dashboard** - Visual display of security findings
+
+See [Alpha 0.2 Release Notes](docs/user/v0.2.md) for installation instructions and detailed feature documentation.
+
+## Quick Start
+
+```bash
+# Install CLI
+npm install -g @northbridge-security/secureai-cli
+
+# Configure security hooks
+secureai install
+```
+
+## Documentation
+
+### Getting Started
+
+| Document                                    | Description                                  |
+| ------------------------------------------- | -------------------------------------------- |
+| [Vision](docs/VISION.md)                    | Business value proposition and Code Complete |
+| [Installation Guide](docs/installer.md)     | Detailed installation and configuration      |
+| [Usage Guide](docs/USAGE.md)                | CLI commands, tips, and troubleshooting      |
+| [Security Guard Rails](docs/user/guards.md) | Configure AI assistant security boundaries   |
+| [1Password Integration](docs/1password.md)  | Secret management setup                      |
+
+### Quality and Operations
+
+| Document                                   | Description                                    |
+| ------------------------------------------ | ---------------------------------------------- |
+| [Quality Assurance](docs/QA.md)            | Test strategy, coverage, and quality gates     |
+| [Security Policy](docs/SECURITY.md)        | Security practices and vulnerability reporting |
+| [AI Control Mode](docs/AI_CONTROL_MODE.md) | Configure AI permission levels                 |
+
+### Architecture
+
+| Document                                                     | Description                              |
+| ------------------------------------------------------------ | ---------------------------------------- |
+| [Domain Model](docs/domains.md)                              | System architecture and bounded contexts |
+| [Clean Architecture Guide](docs/guides/agents.clean.arch.md) | Architectural patterns and principles    |
+
+### AI Agent Resources
+
+| Document                                      | Description                        |
+| --------------------------------------------- | ---------------------------------- |
+| [Agent Guidelines](docs/agents.md)            | Slash commands and MCP tools       |
+| [Slash Commands](docs/commands.md)            | Available commands for AI agents   |
+| [Best Practice Guides](docs/guides/README.md) | Standards for AI-generated content |
+
+## Contributing
+
+Interested in contributing? See [CONTRIBUTING.md](docs/CONTRIBUTING.md) for:
+
+- Development setup and prerequisites
+- Code style guidelines and naming conventions
+- Testing guidelines and coverage requirements
+- Commit message format (conventional commits)
+- Pull request process
+- MCP server development
+- NPM publishing workflow
+
+## License
+
+This software is proprietary and confidential to Northbridge Security AB. See [LICENSE](LICENSE) for full terms.
+
+**Important**: This is NOT open-source software. Usage is restricted to authorized Northbridge Security, Northbridge AB, and TechStars portfolio personnel only.