@twira/cli 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +140 -9
  2. package/package.json +3 -2
package/README.md CHANGED
@@ -5,24 +5,153 @@
5
5
  <h1 align="center">Twira</h1>
6
6
 
7
7
  <p align="center">
8
- Power tools for AI agents. Fewer hallucinations, fewer tokens, faster work.
8
+ Coding power tools for AI agents. Deliver better code, faster and safer.
9
+ </p>
10
+
11
+ <p align="center">
12
+ <b>18 PowerTools</b> · <b>26 languages</b> · <b>65 deterministic detectors</b> ·
13
+ <b>Wire-level PII redaction</b> · <b>Tamper-evident audit chain</b> ·
14
+ <b>Works with every MCP agent</b>
15
+ </p>
16
+
17
+ <p align="center">
18
+ <a href="#what-is-twira">What is Twira</a> ·
19
+ <a href="#the-ai-compliance-proxy">AI Compliance Proxy</a> ·
20
+ <a href="#the-toolbelt">The toolbelt</a> ·
21
+ <a href="#free-vs-pro">Free vs Pro</a> ·
22
+ <a href="#install">Install</a> ·
23
+ <a href="#get-started">Get started</a>
9
24
  </p>
10
25
 
11
26
  ---
12
27
 
13
- Twira indexes your codebase locally and plugs into Claude Code, Codex, Gemini, and any MCP-compatible assistant. It gives your AI ground truth. Fast, local, and deterministic. Your assistant gets sharper. You stay in flow.
28
+ > This package installs the prebuilt native `twira` binary for your platform
29
+ > (macOS / Linux / Windows, x64 and arm64) on install. Homebrew and a curl
30
+ > installer are available too, in [Install](#install) below.
14
31
 
15
- Zero dependencies. Runs locally. Your source code never leaves your machine.
32
+ ## What is Twira?
16
33
 
17
- ## Install
34
+ Twira is a single local binary that gives your AI coding agent deterministic,
35
+ indexed access to your codebase, so it reads real code instead of guessing.
36
+ Your agent is the operator. Twira is the power tool beneath it. You stay in
37
+ control.
18
38
 
19
- ```sh
20
- npm install -g @twira/cli
39
+ Indexed search across 26 languages. 65 deterministic detectors. Tamper-evident
40
+ audit chain. Works with Claude Code, Codex, Gemini, Cursor, and anything else
41
+ that speaks MCP.
42
+
43
+ Every tool is reachable two ways: your AI agent calls them over MCP, and you
44
+ call the same tools from your terminal. Deterministic, local-first,
45
+ cryptographic where it matters. Your source code never leaves your machine.
46
+
47
+ ## The AI Compliance Proxy
48
+
49
+ The flagship. A wire-level proxy that sits between your AI agents and the
50
+ model providers they call, on your machine, so personal data and secrets are
51
+ redacted **before** they leave it:
52
+
53
+ ```
54
+ your AI agent ──▶ Twira proxy ─────────────────▶ model provider
55
+ │ redact PII + secrets sees placeholder
56
+ │ swap in the custodied API key tokens, never the
57
+ │ sign + chain every call real values
58
+ you see normal ◀── restore real values ◀────────── response
59
+ output
21
60
  ```
22
61
 
23
- This package downloads the right native `twira` binary for your platform on install. Other channels:
62
+ - **Redaction at the wire.** Around 50 text patterns plus deterministic
63
+ person-name detection, structured Article 9 identifiers (health, politics,
64
+ religion), API keys and secrets, and OCR-driven redaction inside images:
65
+ faces blurred, personal text blacked out, EXIF stripped.
66
+ - **Reversible, invisibly.** Each value becomes a session-scoped token on the
67
+ way out and is swapped back on the way home. Your workflow never notices;
68
+ the provider never sees the real data.
69
+ - **Key custody.** Provider API keys are stored AES-256-GCM encrypted and
70
+ injected at the wire. The agent never sees the key. Rotate centrally
71
+ without touching every machine.
72
+ - **Signed receipts.** Every call is Ed25519-signed and Merkle-chained,
73
+ verifiable offline. Per-session evidence in the dashboard shows exactly
74
+ what was redacted, what token replaced it, and how often it was sent, and
75
+ exports as a signed redaction certificate.
76
+ - **Compliance postures.** Hospital, Bank and Government floors enforce
77
+ Strict; General maps to Standard; Dev to Lenient. GDPR purge removes
78
+ mappings and bodies on request while keeping the chain proof intact.
79
+ - **Spend visibility.** Per-agent token usage across every provider, in one
80
+ place.
81
+
82
+ Built for the rules teams actually face: GDPR and UK GDPR, the EU AI Act,
83
+ ISO/IEC 42001, the NIST AI Risk Management Framework, Singapore's Agentic AI
84
+ framework, and equivalent regimes worldwide.
85
+
86
+ ## The toolbelt
87
+
88
+ Eighteen PowerTools. Each one a single command, deterministic and local.
89
+
90
+ ### Look up code
91
+
92
+ | Tool | What it does |
93
+ |---|---|
94
+ | **Index** | Your codebase as a queryable knowledge graph: symbols, call graph, dependencies, references and optional embeddings across 26 languages, kept fresh on every commit. |
95
+ | **Code Search** | Find anything fast. Five modes in one interface: symbol, path, content, regex and semantic (vector + keyword + call-graph, fused). |
96
+ | **Code Read** | A symbol slice, a file overview, or the whole file, without burning tokens re-reading what the index already knows. |
97
+ | **Impact** | Know what would break before you ship: references, dependency direction and blast radius from the call graph, risk-rated. |
98
+ | **Database MCP** | Code and database on one interface. Maps every table, FK, index, view and RLS policy live across 6 engines; read-only queries; finds every place code touches a table across 17 ORM patterns. |
99
+
100
+ ### Find bugs and risks
101
+
102
+ | Tool | What it does |
103
+ |---|---|
104
+ | **Diagnose (SAST)** | 65 deterministic detectors across 4 profiles, locally, in the millisecond range. Baselines, suppressions that survive renames and refactors, output as JSON or SARIF 2.1.0. |
105
+ | **Dependency Vulnerabilities (SCA)** | OSV-backed and reachability-filtered (installed AND imported, so the noise drops). Local cache means air-gapped runs still work. |
106
+ | **Risk** | Triage what changed: RED, YELLOW, GREEN per commit, at a glance. |
107
+
108
+ ### Data protection and evidence
109
+
110
+ | Tool | What it does |
111
+ |---|---|
112
+ | **AI Compliance Proxy** | The wire-level redaction, custody and receipts engine described above. |
113
+ | **Audit** | A tamper-evident, cryptographically signed, append-only record of every meaningful action the agent takes. RFC 3161 time-stamped, verifiable offline. |
114
+
115
+ ### Coordinate the work
116
+
117
+ | Tool | What it does |
118
+ |---|---|
119
+ | **Team** | Ask, review, brainstorm and debate across 10+ frontier models from 6+ providers, synthesised into one peer-reviewed answer. |
120
+ | **Code Review** | Type `/code-review` in your agent: multiple frontier models review the commit, each with a different lens. |
121
+ | **Plan Review** | Type `/plan-review`: multiple models review the implementation plan before any code gets written. |
122
+ | **Masterplan** | One shared task graph that every agent in every session works from. Atomic claims, no duplicated work. |
123
+ | **Relay** | Parallel agent sessions on the same repo without collisions, coordinated by file claims. |
124
+ | **Lore** | Institutional memory across agents: save the lesson once, and every future session checks it before touching the file. |
125
+ | **Port** | Cross-language migration with structural matching. Port a 200,000-line legacy codebase without losing a function. |
126
+
127
+ ### Defensibility and ergonomics
128
+
129
+ | Tool | What it does |
130
+ |---|---|
131
+ | **Localhost Dashboard** | The visual control panel on 127.0.0.1: redaction evidence, sessions, spend, audit, toggles, instructions. |
132
+ | **Notifications** | Desktop toasts, a chime, optional spoken alerts when an agent finishes, asks, or needs permission. |
133
+
134
+ ## Free vs Pro
135
+
136
+ **Free, for ever, personal use.** Index, Code Search and Code Read. No
137
+ signup, no email, no card. One binary, no runtime dependencies, on macOS,
138
+ Linux and Windows.
139
+
140
+ **Pro, the full toolbelt.** $29.99/month with a 14-day trial, no card
141
+ required. Free for students who verify with an institutional email.
142
+
143
+ ## Works with
144
+
145
+ 26 languages · 6 database engines · 6+ AI providers · Claude Code, Codex,
146
+ Gemini CLI, Cursor and any MCP-compatible agent · macOS / Linux / Windows ·
147
+ air-gap capable.
148
+
149
+ ## Install
24
150
 
25
151
  ```sh
152
+ # npm
153
+ npm install -g @twira/cli
154
+
26
155
  # Homebrew (macOS / Linux)
27
156
  brew install twirahq/tap/twira
28
157
 
@@ -38,7 +167,8 @@ twira login # link this machine to your Twira account (Pro and trials)
38
167
  twira dashboard # open the local dashboard in your browser
39
168
  ```
40
169
 
41
- From there your AI agent does the work. Ask it to search, read, check impact, or diagnose, and it reaches for Twira's tools by itself.
170
+ From there your AI agent does the work. Ask it to search, read, check impact,
171
+ or diagnose, and it reaches for Twira's tools by itself.
42
172
 
43
173
  ## Links
44
174
 
@@ -48,4 +178,5 @@ From there your AI agent does the work. Ask it to search, read, check impact, or
48
178
 
49
179
  ---
50
180
 
51
- Free for personal use, straight from install. Pro unlocks the full toolbelt with a 14-day trial, no card required.
181
+ Free for personal use, straight from install. Pro unlocks the full toolbelt
182
+ with a 14-day trial, no card required.
package/package.json CHANGED
@@ -1,7 +1,8 @@
1
1
  {
2
2
  "name": "@twira/cli",
3
- "version": "2.0.2",
4
- "description": "Power tools for AI agents",
3
+ "version": "2.0.3",
4
+ "description": "Coding power tools for AI agents. Deliver better code, faster and safer.",
5
+ "mcpName": "com.twira/twira",
5
6
  "license": "LicenseRef-Proprietary",
6
7
  "homepage": "https://twira.com",
7
8
  "repository": {