@rafter-security/cli 0.5.3 → 0.5.9

package/dist/commands/issues/issue-builder.js

@@ -0,0 +1,101 @@
+/**
+ * Build structured GitHub issues from scan findings.
+ *
+ * Handles both:
+ * - Backend scan vulnerabilities (SAST/policy findings)
+ * - Local scan results (secret detection)
+ */
+import { fingerprint, embedFingerprint } from "./dedup.js";
+function severityLabel(level) {
+    const map = {
+        error: "critical",
+        critical: "critical",
+        warning: "high",
+        high: "high",
+        note: "medium",
+        medium: "medium",
+        low: "low",
+    };
+    return map[level.toLowerCase()] || "medium";
+}
+function severityEmoji(level) {
+    const sev = severityLabel(level);
+    const emojis = {
+        critical: "🔴",
+        high: "🟠",
+        medium: "🟡",
+        low: "🟢",
+    };
+    return emojis[sev] || "🟡";
+}
+export function buildFromBackendVulnerability(vuln) {
+    const sev = severityLabel(vuln.level);
+    const emoji = severityEmoji(vuln.level);
+    const fp = fingerprint(vuln.file, vuln.ruleId);
+    const title = `${emoji} [${sev.toUpperCase()}] ${vuln.ruleId}: ${truncate(vuln.message, 80)}`;
+    let body = `## Security Finding\n\n`;
+    body += `**Rule:** \`${vuln.ruleId}\`\n`;
+    body += `**Severity:** ${sev}\n`;
+    body += `**File:** \`${vuln.file}\``;
+    if (vuln.line)
+        body += ` (line ${vuln.line})`;
+    body += `\n\n`;
+    body += `### Description\n\n${vuln.message}\n\n`;
+    body += `### Remediation\n\nReview and fix the finding in \`${vuln.file}\`.\n`;
+    body += `\n---\n*Created by [Rafter CLI](https://rafter.so) — security for AI builders*\n`;
+    const labels = [
+        "security",
+        `severity:${sev}`,
+        `rule:${vuln.ruleId}`,
+    ];
+    return {
+        title,
+        body: embedFingerprint(body, fp),
+        labels,
+        fingerprint: fp,
+    };
+}
+export function buildFromLocalMatch(file, match) {
+    const sev = severityLabel(match.pattern.severity);
+    const emoji = severityEmoji(match.pattern.severity);
+    const fp = fingerprint(file, match.pattern.name);
+    const title = `${emoji} [${sev.toUpperCase()}] Secret detected: ${match.pattern.name} in ${basename(file)}`;
+    let body = `## Secret Detection\n\n`;
+    body += `**Pattern:** \`${match.pattern.name}\`\n`;
+    body += `**Severity:** ${sev}\n`;
+    body += `**File:** \`${file}\``;
+    if (match.line)
+        body += ` (line ${match.line})`;
+    body += `\n`;
+    if (match.redacted) {
+        body += `**Match:** \`${match.redacted}\`\n`;
+    }
+    body += `\n`;
+    if (match.pattern.description) {
+        body += `### Description\n\n${match.pattern.description}\n\n`;
+    }
+    body += `### Remediation\n\n`;
+    body += `1. Rotate the exposed credential immediately\n`;
+    body += `2. Remove the secret from source code\n`;
+    body += `3. Use environment variables or a secrets manager instead\n`;
+    body += `\n---\n*Created by [Rafter CLI](https://rafter.so) — security for AI builders*\n`;
+    const labels = [
+        "security",
+        "secret-detected",
+        `severity:${sev}`,
+    ];
+    return {
+        title,
+        body: embedFingerprint(body, fp),
+        labels,
+        fingerprint: fp,
+    };
+}
+function truncate(s, max) {
+    if (s.length <= max)
+        return s;
+    return s.slice(0, max - 3) + "...";
+}
+function basename(filepath) {
+    return filepath.split("/").pop() || filepath;
+}

package/dist/commands/policy/export.js

@@ -54,9 +54,14 @@ function generateCodexConfig() {
     const policy = cfg.agent?.commandPolicy;
     const blocked = policy?.blockedPatterns || [];
     const approval = policy?.requireApproval || [];
-    let toml = `# Rafter security policy for OpenAI Codex
+    let toml = `# Rafter security policy for OpenAI Codex CLI
 # Generated by: rafter policy export --format codex
-# Docs: https://docs.rafter.so/cli/pretool-hooks
+#
+# Usage: Save this file to your project root as codex-policy.toml
+# then reference it in your Codex sandbox configuration.
+#
+# For full Codex integration, run: rafter agent init
+# This auto-detects Codex CLI and installs skills to ~/.agents/skills/
 
 `;
     if (blocked.length > 0) {

package/dist/commands/scan/index.js

@@ -0,0 +1,44 @@
+/**
+ * rafter scan — top-level scan command group.
+ *
+ * Default (no subcommand): remote backend scan (same as `rafter run`)
+ * rafter scan remote:       explicit alias for remote backend scan
+ * rafter scan local [path]: local secret scanner (was `rafter agent scan`)
+ */
+import { Command } from "commander";
+import { runRemoteScan } from "../backend/run.js";
+import { createScanCommand as createLocalScanCommand } from "../agent/scan.js";
+export function createScanGroupCommand() {
+    // "local" subcommand — reuses agent/scan.ts logic, renamed
+    const localCmd = createLocalScanCommand();
+    localCmd.name("local");
+    localCmd.description("Scan files or directories for secrets (local)");
+    // "remote" subcommand — same handler as `rafter run`
+    const remoteCmd = new Command("remote")
+        .description("Trigger a remote backend security scan (explicit alias for 'rafter run')")
+        .option("-r, --repo <repo>", "org/repo (default: current)")
+        .option("-b, --branch <branch>", "branch (default: current else main)")
+        .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
+        .option("-f, --format <format>", "json | md", "md")
+        .option("--skip-interactive", "do not wait for scan to complete")
+        .option("--quiet", "suppress status messages")
+        .action(async (opts) => {
+        await runRemoteScan(opts);
+    });
+    // Root scan group — default action is remote backend scan
+    const scanGroup = new Command("scan")
+        .description("Scan for security issues. Default: remote backend scan. Use 'scan local' for local secret scanning.")
+        .option("-r, --repo <repo>", "org/repo (default: current)")
+        .option("-b, --branch <branch>", "branch (default: current else main)")
+        .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
+        .option("-f, --format <format>", "json | md", "md")
+        .option("--skip-interactive", "do not wait for scan to complete")
+        .option("--quiet", "suppress status messages");
+    scanGroup.addCommand(localCmd);
+    scanGroup.addCommand(remoteCmd);
+    // When invoked with no subcommand, run remote backend scan
+    scanGroup.action(async (opts) => {
+        await runRemoteScan(opts);
+    });
+    return scanGroup;
+}

package/dist/core/audit-logger.js

@@ -3,6 +3,12 @@ import path from "path";
 import { getAuditLogPath } from "./config-defaults.js";
 import { ConfigManager } from "./config-manager.js";
 import { assessCommandRisk } from "./risk-rules.js";
+export const RISK_SEVERITY = {
+    low: 0,
+    medium: 1,
+    high: 2,
+    critical: 3,
+};
 export class AuditLogger {
     constructor(logPath) {
         this.logPath = logPath || getAuditLogPath();
@@ -31,6 +37,41 @@ export class AuditLogger {
         // Append to log file
         const line = JSON.stringify(fullEntry) + "\n";
         fs.appendFileSync(this.logPath, line, "utf-8");
+        // Send webhook notification if configured and risk meets threshold
+        this.sendNotification(fullEntry, config);
+    }
+    /**
+     * Send webhook notification for high-risk events
+     */
+    sendNotification(entry, config) {
+        const webhookUrl = config.agent?.notifications?.webhook;
+        if (!webhookUrl)
+            return;
+        const eventRisk = entry.action?.riskLevel || "low";
+        const minRisk = config.agent?.notifications?.minRiskLevel || "high";
+        if ((RISK_SEVERITY[eventRisk] ?? 0) < (RISK_SEVERITY[minRisk] ?? 2)) {
+            return;
+        }
+        const payload = {
+            event: entry.eventType,
+            risk: eventRisk,
+            command: entry.action?.command || null,
+            timestamp: entry.timestamp,
+            agent: entry.agentType || null,
+            // Slack-compatible text field
+            text: `[rafter] ${eventRisk}-risk event: ${entry.eventType}${entry.action?.command ? ` — ${entry.action.command}` : ""}`,
+            // Discord-compatible content field
+            content: `[rafter] ${eventRisk}-risk event: ${entry.eventType}${entry.action?.command ? ` — ${entry.action.command}` : ""}`,
+        };
+        // Fire-and-forget POST — never block audit logging
+        fetch(webhookUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(payload),
+            signal: AbortSignal.timeout(5000),
+        }).catch(() => {
+            // Silently ignore webhook failures
+        });
     }
     /**
      * Log a command interception

package/dist/core/config-defaults.js

@@ -19,6 +19,30 @@ export function getDefaultConfig() {
                 claudeCode: {
                     enabled: false,
                     mcpPath: path.join(os.homedir(), ".claude", "mcp", "rafter-security.json")
+                },
+                codex: {
+                    enabled: false,
+                    skillsDir: path.join(os.homedir(), ".agents", "skills")
+                },
+                gemini: {
+                    enabled: false,
+                    configPath: path.join(os.homedir(), ".gemini", "settings.json")
+                },
+                aider: {
+                    enabled: false,
+                    configPath: path.join(os.homedir(), ".aider.conf.yml")
+                },
+                cursor: {
+                    enabled: false,
+                    mcpPath: path.join(os.homedir(), ".cursor", "mcp.json")
+                },
+                windsurf: {
+                    enabled: false,
+                    mcpPath: path.join(os.homedir(), ".codeium", "windsurf", "mcp_config.json")
+                },
+                continueDev: {
+                    enabled: false,
+                    configPath: path.join(os.homedir(), ".continue", "config.json")
                 }
             },
             skills: {
@@ -39,6 +63,10 @@ export function getDefaultConfig() {
                 logAllActions: true,
                 retentionDays: 30,
                 logLevel: "info"
+            },
+            notifications: {
+                webhook: undefined,
+                minRiskLevel: "high"
             }
         }
     };

package/dist/core/config-manager.js

@@ -179,10 +179,27 @@ export class ConfigManager {
      * Migrate config to latest version
      */
     migrate(config) {
-        // For now, just ensure version is current
-        // In future, handle version-specific migrations
+        let dirty = false;
         if (config.version !== CONFIG_VERSION) {
             config.version = CONFIG_VERSION;
+            dirty = true;
+        }
+        // Fix overly broad curl/wget pipe-to-shell patterns.
+        // Old pattern: "curl.*\|.*sh" — matches any command containing "sh" after a pipe
+        // (e.g. `grep "curl\|sh"` or `git push`). Replace with word-bounded shell names.
+        const badToGood = {
+            "curl.*\\|.*sh": "curl.*\\|\\s*(bash|sh|zsh|dash)\\b",
+            "wget.*\\|.*sh": "wget.*\\|\\s*(bash|sh|zsh|dash)\\b",
+        };
+        const approval = config.agent?.commandPolicy?.requireApproval;
+        if (Array.isArray(approval)) {
+            const fixed = approval.map(p => badToGood[p] ?? p);
+            if (fixed.some((p, i) => p !== approval[i])) {
+                config.agent.commandPolicy.requireApproval = fixed;
+                dirty = true;
+            }
+        }
+        if (dirty) {
             this.save(config);
         }
         return config;

package/dist/core/pattern-engine.js

@@ -1,3 +1,7 @@
+const GENERIC_PATTERN_NAMES = new Set(["Generic API Key", "Generic Secret"]);
+const VARIABLE_NAME_RE = /^[A-Z][A-Z0-9]*(?:_[A-Z0-9]+)+$/;
+const LOWERCASE_IDENT_RE = /^[a-z][a-z0-9]*(?:_[a-z0-9]+)+$/;
+const QUOTED_VALUE_RE = /['"]([^'"]+)['"]/;
 export class PatternEngine {
     constructor(patterns) {
         this.patterns = patterns;
@@ -11,6 +15,8 @@ export class PatternEngine {
             const regex = this.createRegex(pattern.regex);
             let match;
             while ((match = regex.exec(text)) !== null) {
+                if (this.isFalsePositive(pattern, match[0]))
+                    continue;
                 matches.push({
                     pattern,
                     match: match[0],
@@ -32,6 +38,8 @@ export class PatternEngine {
                 const regex = this.createRegex(pattern.regex);
                 let match;
                 while ((match = regex.exec(line)) !== null) {
+                    if (this.isFalsePositive(pattern, match[0]))
+                        continue;
                     matches.push({
                         pattern,
                         match: match[0],
@@ -51,7 +59,7 @@ export class PatternEngine {
         let redacted = text;
         for (const pattern of this.patterns) {
             const regex = this.createRegex(pattern.regex);
-            redacted = redacted.replace(regex, (match) => this.redact(match));
+            redacted = redacted.replace(regex, (match) => this.isFalsePositive(pattern, match) ? match : this.redact(match));
         }
         return redacted;
     }
@@ -67,6 +75,23 @@ export class PatternEngine {
     getPatternsBySeverity(severity) {
         return this.patterns.filter(p => p.severity === severity);
     }
+    /**
+     * Check if a match from a generic pattern looks like a variable name
+     * rather than an actual secret value.
+     */
+    isFalsePositive(pattern, matchText) {
+        if (!GENERIC_PATTERN_NAMES.has(pattern.name))
+            return false;
+        const m = QUOTED_VALUE_RE.exec(matchText);
+        if (!m)
+            return false;
+        const value = m[1];
+        if (VARIABLE_NAME_RE.test(value))
+            return true;
+        if (LOWERCASE_IDENT_RE.test(value))
+            return true;
+        return false;
+    }
     /**
      * Create RegExp from pattern string, extracting inline flags
      */

package/dist/core/risk-rules.js

@@ -17,9 +17,10 @@ export const HIGH_PATTERNS = [
     /chmod\s+777/,
     /curl.*\|\s*(bash|sh|zsh|dash)\b/,
     /wget.*\|\s*(bash|sh|zsh|dash)\b/,
-    /git\s+push\s+(--force|-f)\b/,
-    /git\s+push\s+--force-(with-lease|if-includes)\b/,
-    /git\s+push\s+\S*\s+\+\S+/, // refspec force: git push origin +main
+    /git\s+push\b.*\s--force\b/, // --force anywhere after push
+    /git\s+push\b.*\s-[a-zA-Z]*f\b/, // -f or combined flags like -vf
+    /git\s+push\b.*\s--force-(with-lease|if-includes)\b/, // specific force variants
+    /git\s+push\s+\S*\s+\+/, // refspec force: git push origin +main
     /docker\s+system\s+prune/,
     /npm\s+publish/,
     /pypi.*upload/,
@@ -50,6 +51,7 @@ export const DEFAULT_REQUIRE_APPROVAL = [
     "git push -f",
     "git push --force-with-lease",
     "git push --force-if-includes",
+    "git push .* \\+",
 ];
 /**
  * Assess risk level of a command string.

package/dist/index.js

@@ -4,16 +4,18 @@ import * as dotenv from "dotenv";
 import { createRunCommand } from "./commands/backend/run.js";
 import { createGetCommand } from "./commands/backend/get.js";
 import { createUsageCommand } from "./commands/backend/usage.js";
+import { createScanGroupCommand } from "./commands/scan/index.js";
 import { createAgentCommand } from "./commands/agent/index.js";
 import { createCiCommand } from "./commands/ci/index.js";
 import { createHookCommand } from "./commands/hook/index.js";
 import { createMcpCommand } from "./commands/mcp/index.js";
 import { createPolicyCommand } from "./commands/policy/index.js";
 import { createCompletionCommand } from "./commands/completion.js";
+import { createIssuesCommand } from "./commands/issues/index.js";
 import { checkForUpdate } from "./utils/update-checker.js";
 import { setAgentMode } from "./utils/formatter.js";
 dotenv.config();
-const VERSION = "0.5.3";
+const VERSION = "0.5.7";
 const program = new Command()
     .name("rafter")
     .description("Rafter CLI")
@@ -26,10 +28,12 @@ program.hook("preAction", (thisCommand) => {
         setAgentMode(true);
     }
 });
-// Backend commands (existing)
+// Backend commands
 program.addCommand(createRunCommand());
 program.addCommand(createGetCommand());
 program.addCommand(createUsageCommand());
+// Scan command group (default: remote backend scan; subcommands: local, remote)
+program.addCommand(createScanGroupCommand());
 // Agent commands
 program.addCommand(createAgentCommand());
 // CI commands
@@ -40,6 +44,8 @@ program.addCommand(createHookCommand());
 program.addCommand(createMcpCommand());
 // Policy commands
 program.addCommand(createPolicyCommand());
+// GitHub Issues integration
+program.addCommand(createIssuesCommand());
 // Shell completions
 program.addCommand(createCompletionCommand());
 // Non-blocking update check — runs after command, prints to stderr

package/dist/scanners/gitleaks.js

@@ -44,11 +44,7 @@ export class GitleaksScanner {
             };
         }
         catch (e) {
-            // Clean up report
-            if (fs.existsSync(tmpReport)) {
-                fs.unlinkSync(tmpReport);
-            }
-            // Gitleaks exits with code 1 when leaks found
+            // Gitleaks exits with code 1 when leaks found — read report before cleanup
             if (e.code === 1 && fs.existsSync(tmpReport)) {
                 const results = this.parseResults(tmpReport);
                 fs.unlinkSync(tmpReport);
@@ -57,6 +53,10 @@ export class GitleaksScanner {
                     matches: results.map(r => this.convertToPatternMatch(r))
                 };
             }
+            // Clean up report for non-leak errors
+            if (fs.existsSync(tmpReport)) {
+                fs.unlinkSync(tmpReport);
+            }
             throw new Error(`Gitleaks scan failed: ${e.message}`);
         }
     }

package/dist/scanners/regex-scanner.js

@@ -57,7 +57,18 @@ export class RegexScanner {
             ".next",
             "coverage",
             ".vscode",
-            ".idea"
+            ".idea",
+            // Vendored / virtual-env / generated dirs that cause false positives
+            "vendor",
+            ".venv",
+            "venv",
+            "__pycache__",
+            ".tox",
+            ".mypy_cache",
+            ".pytest_cache",
+            "results",
+            ".terraform",
+            "bower_components"
         ];
         // Merge policy excludePaths into the exclude list
         if (options?.excludePaths) {

package/dist/scanners/secret-patterns.js

@@ -90,13 +90,13 @@ export const DEFAULT_SECRET_PATTERNS = [
     // Generic patterns
     {
         name: "Generic API Key",
-        regex: "(?i)(api[_-]?key|apikey)[\\s]*[:=][\\s]*['\"]?[0-9a-zA-Z\\-_]{16,}['\"]?",
+        regex: "(?i)(?<![a-zA-Z0-9_])(api[_-]?key|apikey)[\\s]*[:=][\\s]*['\"](?=[0-9a-zA-Z\\-_]*[0-9])[0-9a-zA-Z\\-_]{16,}['\"]",
         severity: "high",
         description: "Generic API key pattern detected"
     },
     {
         name: "Generic Secret",
-        regex: "(?i)(secret|password|passwd|pwd)[\\s]*[:=][\\s]*['\"]?[0-9a-zA-Z\\-_!@#$%^&*()]{8,}['\"]?",
+        regex: "(?i)(?<![a-zA-Z0-9_])(secret|password|passwd|pwd)[\\s]*[:=][\\s]*['\"](?=[^\\s'\"]*[0-9])(?=[^\\s'\"]*[a-zA-Z])[0-9a-zA-Z\\-_!@#$%^&*()]{12,}['\"]",
         severity: "high",
         description: "Generic secret pattern detected"
     },
@@ -108,7 +108,7 @@ export const DEFAULT_SECRET_PATTERNS = [
     },
     {
         name: "Bearer Token",
-        regex: "(?i)bearer[\\s]+[a-zA-Z0-9\\-_\\.=]+",
+        regex: "(?i)bearer[\\s]+(?=[a-zA-Z0-9\\-_\\.=]*[0-9])(?=[a-zA-Z0-9\\-_\\.=]*[a-zA-Z])[a-zA-Z0-9\\-_\\.=]{20,}",
         severity: "high",
         description: "Bearer token detected"
     },

package/dist/utils/binary-manager.js

@@ -1,4 +1,5 @@
 import fs from "fs";
+import os from "os";
 import path from "path";
 import https from "https";
 import { exec, execSync } from "child_process";
@@ -6,7 +7,7 @@ import { promisify } from "util";
 import { getBinDir } from "../core/config-defaults.js";
 import * as tar from "tar";
 const execAsync = promisify(exec);
-const GITLEAKS_VERSION = "8.18.2";
+export const GITLEAKS_VERSION = "8.18.2";
 export class BinaryManager {
     constructor() {
         this.binDir = getBinDir();
@@ -74,10 +75,10 @@ export class BinaryManager {
             return false;
         }
         try {
-            const { stdout } = await execAsync(`"${this.getGitleaksPath()}" version`, {
-                timeout: 5000
-            });
-            return stdout.includes("gitleaks version");
+            // execAsync rejects on non-zero exit, so reaching here means exit code 0.
+            // Accept any successful exit — don't require specific stdout content.
+            await execAsync(`"${this.getGitleaksPath()}" version`, { timeout: 5000 });
+            return true;
         }
         catch {
             return false;
@@ -90,8 +91,9 @@ export class BinaryManager {
         const gitleaksPath = binaryPath ?? this.getGitleaksPath();
         try {
             const { stdout, stderr } = await execAsync(`"${gitleaksPath}" version`, { timeout: 5000 });
-            const ok = stdout.includes("gitleaks version");
-            return { ok, stdout: stdout.trim(), stderr: stderr.trim() };
+            // execAsync rejects on non-zero exit, so reaching here means exit code 0.
+            // Accept any successful exit — don't require specific stdout content.
+            return { ok: true, stdout: stdout.trim(), stderr: stderr.trim() };
         }
         catch (e) {
             const err = e;
@@ -145,9 +147,11 @@ export class BinaryManager {
         return lines.join("\n");
     }
     /**
-     * Download and install Gitleaks
+     * Download and install Gitleaks.
+     * @param onProgress  Optional progress callback.
+     * @param version     Gitleaks version to install (defaults to GITLEAKS_VERSION).
      */
-    async downloadGitleaks(onProgress) {
+    async downloadGitleaks(onProgress, version = GITLEAKS_VERSION) {
         const log = onProgress || (() => { });
         // Check platform support
         if (!this.isPlatformSupported()) {
@@ -159,8 +163,8 @@ export class BinaryManager {
         }
         const platform = this.getPlatformString();
         const arch = this.getArchString();
-        const url = this.getDownloadUrl(platform, arch);
-        log(`Downloading Gitleaks v${GITLEAKS_VERSION} for ${platform}/${arch}...`);
+        const url = this.getDownloadUrl(platform, arch, version);
+        log(`Downloading Gitleaks v${version} for ${platform}/${arch}...`);
         log(`  URL: ${url}`);
         const archivePath = path.join(this.binDir, platform === "windows" ? "gitleaks.zip" : "gitleaks.tar.gz");
         try {
@@ -172,8 +176,7 @@ export class BinaryManager {
             // Extract binary
             log("Extracting binary...");
             if (platform === "windows") {
-                // For Windows, we'd need unzip - for now just error
-                throw new Error("Windows support coming soon");
+                await this.extractZip(archivePath);
             }
             else {
                 await this.extractTarball(archivePath);
@@ -255,15 +258,15 @@ export class BinaryManager {
         throw new Error(`Unsupported architecture: ${arch}`);
     }
     /**
-     * Get download URL for platform/arch
+     * Get download URL for platform/arch/version
      */
-    getDownloadUrl(platform, arch) {
-        const baseUrl = `https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}`;
+    getDownloadUrl(platform, arch, version = GITLEAKS_VERSION) {
+        const baseUrl = `https://github.com/gitleaks/gitleaks/releases/download/v${version}`;
         if (platform === "windows") {
-            return `${baseUrl}/gitleaks_${GITLEAKS_VERSION}_windows_${arch}.zip`;
+            return `${baseUrl}/gitleaks_${version}_windows_${arch}.zip`;
         }
         else {
-            return `${baseUrl}/gitleaks_${GITLEAKS_VERSION}_${platform}_${arch}.tar.gz`;
+            return `${baseUrl}/gitleaks_${version}_${platform}_${arch}.tar.gz`;
         }
     }
     /**
@@ -320,13 +323,49 @@ export class BinaryManager {
         });
     }
     /**
-     * Extract tarball — binary only, strip packaging extras (LICENSE, README.md)
+     * Extract zip (Windows) — uses PowerShell's Expand-Archive, then copies
+     * only the gitleaks.exe binary to binDir. Cleans up the temp extract dir.
+     */
+    async extractZip(zipPath) {
+        const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), "rafter-gitleaks-"));
+        try {
+            // PowerShell 5+ ships on all supported Windows versions
+            await execAsync(`powershell -NoProfile -Command "Expand-Archive -Force -LiteralPath '${zipPath}' -DestinationPath '${tempDir}'"`, { timeout: 30000 });
+            // Find gitleaks.exe — may be at root or inside a subdirectory
+            const findBinary = (dir) => {
+                for (const entry of fs.readdirSync(dir)) {
+                    const full = path.join(dir, entry);
+                    if (entry === "gitleaks.exe")
+                        return full;
+                    if (fs.statSync(full).isDirectory()) {
+                        const found = findBinary(full);
+                        if (found)
+                            return found;
+                    }
+                }
+                return null;
+            };
+            const found = findBinary(tempDir);
+            if (!found)
+                throw new Error("gitleaks.exe not found in archive");
+            fs.copyFileSync(found, path.join(this.binDir, "gitleaks.exe"));
+        }
+        finally {
+            fs.rmSync(tempDir, { recursive: true, force: true });
+        }
+    }
+    /**
+     * Extract tarball — binary only, strip packaging extras (LICENSE, README.md).
+     *
+     * The gitleaks release tarball has all files at the archive root (no top-level
+     * directory), so strip: 0 (the default). With strip: 1, node-tar reduces the
+     * single-component paths to empty strings; the filter never matches "gitleaks"
+     * and nothing is extracted. The filter alone is sufficient.
      */
     async extractTarball(tarballPath) {
         await tar.extract({
             file: tarballPath,
             cwd: this.binDir,
-            strip: 1,
             filter: (p) => {
                 const base = path.basename(p);
                 return base === "gitleaks" || base === "gitleaks.exe";

package/dist/utils/skill-manager.js

@@ -156,15 +156,17 @@ export class SkillManager {
     async installRafterSkillVerbose(force = false) {
         const skillPath = this.getRafterSkillPath();
         const sourcePath = this.getRafterSkillSourcePath();
-        if (!this.isOpenClawInstalled()) {
-            return { ok: false, sourcePath, destPath: skillPath, error: `OpenClaw skills directory not found: ${this.getOpenClawSkillsDir()}` };
+        // Check if ~/.openclaw exists (the parent dir), not just the skills subdir
+        const openclawDir = path.join(os.homedir(), ".openclaw");
+        if (!fs.existsSync(openclawDir)) {
+            return { ok: false, sourcePath, destPath: skillPath, error: `OpenClaw not found: ${openclawDir}` };
         }
         // Check if already installed and not forcing
         if (!force && this.isRafterSkillInstalled()) {
             return { ok: true, sourcePath, destPath: skillPath };
         }
         try {
-            // Ensure skills directory exists
+            // Ensure skills directory exists (may not exist on fresh OpenClaw installs)
             const skillsDir = this.getOpenClawSkillsDir();
             if (!fs.existsSync(skillsDir)) {
                 fs.mkdirSync(skillsDir, { recursive: true });