@twira/cli 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +140 -9
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -5,24 +5,153 @@
|
|
|
5
5
|
<h1 align="center">Twira</h1>
|
|
6
6
|
|
|
7
7
|
<p align="center">
|
|
8
|
-
|
|
8
|
+
Coding power tools for AI agents. Deliver better code, faster and safer.
|
|
9
|
+
</p>
|
|
10
|
+
|
|
11
|
+
<p align="center">
|
|
12
|
+
<b>18 PowerTools</b> · <b>26 languages</b> · <b>65 deterministic detectors</b> ·
|
|
13
|
+
<b>Wire-level PII redaction</b> · <b>Tamper-evident audit chain</b> ·
|
|
14
|
+
<b>Works with every MCP agent</b>
|
|
15
|
+
</p>
|
|
16
|
+
|
|
17
|
+
<p align="center">
|
|
18
|
+
<a href="#what-is-twira">What is Twira</a> ·
|
|
19
|
+
<a href="#the-ai-compliance-proxy">AI Compliance Proxy</a> ·
|
|
20
|
+
<a href="#the-toolbelt">The toolbelt</a> ·
|
|
21
|
+
<a href="#free-vs-pro">Free vs Pro</a> ·
|
|
22
|
+
<a href="#install">Install</a> ·
|
|
23
|
+
<a href="#get-started">Get started</a>
|
|
9
24
|
</p>
|
|
10
25
|
|
|
11
26
|
---
|
|
12
27
|
|
|
13
|
-
|
|
28
|
+
> This package installs the prebuilt native `twira` binary for your platform
|
|
29
|
+
> (macOS / Linux / Windows, x64 and arm64) on install. Homebrew and a curl
|
|
30
|
+
> installer are available too, in [Install](#install) below.
|
|
14
31
|
|
|
15
|
-
|
|
32
|
+
## What is Twira?
|
|
16
33
|
|
|
17
|
-
|
|
34
|
+
Twira is a single local binary that gives your AI coding agent deterministic,
|
|
35
|
+
indexed access to your codebase, so it reads real code instead of guessing.
|
|
36
|
+
Your agent is the operator. Twira is the power tool beneath it. You stay in
|
|
37
|
+
control.
|
|
18
38
|
|
|
19
|
-
|
|
20
|
-
|
|
39
|
+
Indexed search across 26 languages. 65 deterministic detectors. Tamper-evident
|
|
40
|
+
audit chain. Works with Claude Code, Codex, Gemini, Cursor, and anything else
|
|
41
|
+
that speaks MCP.
|
|
42
|
+
|
|
43
|
+
Every tool is reachable two ways: your AI agent calls them over MCP, and you
|
|
44
|
+
call the same tools from your terminal. Deterministic, local-first,
|
|
45
|
+
cryptographic where it matters. Your source code never leaves your machine.
|
|
46
|
+
|
|
47
|
+
## The AI Compliance Proxy
|
|
48
|
+
|
|
49
|
+
The flagship. A wire-level proxy that sits between your AI agents and the
|
|
50
|
+
model providers they call, on your machine, so personal data and secrets are
|
|
51
|
+
redacted **before** they leave it:
|
|
52
|
+
|
|
53
|
+
```
|
|
54
|
+
your AI agent ──▶ Twira proxy ─────────────────▶ model provider
|
|
55
|
+
│ redact PII + secrets sees placeholder
|
|
56
|
+
│ swap in the custodied API key tokens, never the
|
|
57
|
+
│ sign + chain every call real values
|
|
58
|
+
you see normal ◀── restore real values ◀────────── response
|
|
59
|
+
output
|
|
21
60
|
```
|
|
22
61
|
|
|
23
|
-
|
|
62
|
+
- **Redaction at the wire.** Around 50 text patterns plus deterministic
|
|
63
|
+
person-name detection, structured Article 9 identifiers (health, politics,
|
|
64
|
+
religion), API keys and secrets, and OCR-driven redaction inside images:
|
|
65
|
+
faces blurred, personal text blacked out, EXIF stripped.
|
|
66
|
+
- **Reversible, invisibly.** Each value becomes a session-scoped token on the
|
|
67
|
+
way out and is swapped back on the way home. Your workflow never notices;
|
|
68
|
+
the provider never sees the real data.
|
|
69
|
+
- **Key custody.** Provider API keys are stored AES-256-GCM encrypted and
|
|
70
|
+
injected at the wire. The agent never sees the key. Rotate centrally
|
|
71
|
+
without touching every machine.
|
|
72
|
+
- **Signed receipts.** Every call is Ed25519-signed and Merkle-chained,
|
|
73
|
+
verifiable offline. Per-session evidence in the dashboard shows exactly
|
|
74
|
+
what was redacted, what token replaced it, and how often it was sent, and
|
|
75
|
+
exports as a signed redaction certificate.
|
|
76
|
+
- **Compliance postures.** Hospital, Bank and Government floors enforce
|
|
77
|
+
Strict; General maps to Standard; Dev to Lenient. GDPR purge removes
|
|
78
|
+
mappings and bodies on request while keeping the chain proof intact.
|
|
79
|
+
- **Spend visibility.** Per-agent token usage across every provider, in one
|
|
80
|
+
place.
|
|
81
|
+
|
|
82
|
+
Built for the rules teams actually face: GDPR and UK GDPR, the EU AI Act,
|
|
83
|
+
ISO/IEC 42001, the NIST AI Risk Management Framework, Singapore's Agentic AI
|
|
84
|
+
framework, and equivalent regimes worldwide.
|
|
85
|
+
|
|
86
|
+
## The toolbelt
|
|
87
|
+
|
|
88
|
+
Eighteen PowerTools. Each one a single command, deterministic and local.
|
|
89
|
+
|
|
90
|
+
### Look up code
|
|
91
|
+
|
|
92
|
+
| Tool | What it does |
|
|
93
|
+
|---|---|
|
|
94
|
+
| **Index** | Your codebase as a queryable knowledge graph: symbols, call graph, dependencies, references and optional embeddings across 26 languages, kept fresh on every commit. |
|
|
95
|
+
| **Code Search** | Find anything fast. Five modes in one interface: symbol, path, content, regex and semantic (vector + keyword + call-graph, fused). |
|
|
96
|
+
| **Code Read** | A symbol slice, a file overview, or the whole file, without burning tokens re-reading what the index already knows. |
|
|
97
|
+
| **Impact** | Know what would break before you ship: references, dependency direction and blast radius from the call graph, risk-rated. |
|
|
98
|
+
| **Database MCP** | Code and database on one interface. Maps every table, FK, index, view and RLS policy live across 6 engines; read-only queries; finds every place code touches a table across 17 ORM patterns. |
|
|
99
|
+
|
|
100
|
+
### Find bugs and risks
|
|
101
|
+
|
|
102
|
+
| Tool | What it does |
|
|
103
|
+
|---|---|
|
|
104
|
+
| **Diagnose (SAST)** | 65 deterministic detectors across 4 profiles, locally, in the millisecond range. Baselines, suppressions that survive renames and refactors, output as JSON or SARIF 2.1.0. |
|
|
105
|
+
| **Dependency Vulnerabilities (SCA)** | OSV-backed and reachability-filtered (installed AND imported, so the noise drops). Local cache means air-gapped runs still work. |
|
|
106
|
+
| **Risk** | Triage what changed: RED, YELLOW, GREEN per commit, at a glance. |
|
|
107
|
+
|
|
108
|
+
### Data protection and evidence
|
|
109
|
+
|
|
110
|
+
| Tool | What it does |
|
|
111
|
+
|---|---|
|
|
112
|
+
| **AI Compliance Proxy** | The wire-level redaction, custody and receipts engine described above. |
|
|
113
|
+
| **Audit** | A tamper-evident, cryptographically signed, append-only record of every meaningful action the agent takes. RFC 3161 time-stamped, verifiable offline. |
|
|
114
|
+
|
|
115
|
+
### Coordinate the work
|
|
116
|
+
|
|
117
|
+
| Tool | What it does |
|
|
118
|
+
|---|---|
|
|
119
|
+
| **Team** | Ask, review, brainstorm and debate across 10+ frontier models from 6+ providers, synthesised into one peer-reviewed answer. |
|
|
120
|
+
| **Code Review** | Type `/code-review` in your agent: multiple frontier models review the commit, each with a different lens. |
|
|
121
|
+
| **Plan Review** | Type `/plan-review`: multiple models review the implementation plan before any code gets written. |
|
|
122
|
+
| **Masterplan** | One shared task graph that every agent in every session works from. Atomic claims, no duplicated work. |
|
|
123
|
+
| **Relay** | Parallel agent sessions on the same repo without collisions, coordinated by file claims. |
|
|
124
|
+
| **Lore** | Institutional memory across agents: save the lesson once, and every future session checks it before touching the file. |
|
|
125
|
+
| **Port** | Cross-language migration with structural matching. Port a 200,000-line legacy codebase without losing a function. |
|
|
126
|
+
|
|
127
|
+
### Defensibility and ergonomics
|
|
128
|
+
|
|
129
|
+
| Tool | What it does |
|
|
130
|
+
|---|---|
|
|
131
|
+
| **Localhost Dashboard** | The visual control panel on 127.0.0.1: redaction evidence, sessions, spend, audit, toggles, instructions. |
|
|
132
|
+
| **Notifications** | Desktop toasts, a chime, optional spoken alerts when an agent finishes, asks, or needs permission. |
|
|
133
|
+
|
|
134
|
+
## Free vs Pro
|
|
135
|
+
|
|
136
|
+
**Free, for ever, personal use.** Index, Code Search and Code Read. No
|
|
137
|
+
signup, no email, no card. One binary, no runtime dependencies, on macOS,
|
|
138
|
+
Linux and Windows.
|
|
139
|
+
|
|
140
|
+
**Pro, the full toolbelt.** $29.99/month with a 14-day trial, no card
|
|
141
|
+
required. Free for students who verify with an institutional email.
|
|
142
|
+
|
|
143
|
+
## Works with
|
|
144
|
+
|
|
145
|
+
26 languages · 6 database engines · 6+ AI providers · Claude Code, Codex,
|
|
146
|
+
Gemini CLI, Cursor and any MCP-compatible agent · macOS / Linux / Windows ·
|
|
147
|
+
air-gap capable.
|
|
148
|
+
|
|
149
|
+
## Install
|
|
24
150
|
|
|
25
151
|
```sh
|
|
152
|
+
# npm
|
|
153
|
+
npm install -g @twira/cli
|
|
154
|
+
|
|
26
155
|
# Homebrew (macOS / Linux)
|
|
27
156
|
brew install twirahq/tap/twira
|
|
28
157
|
|
|
@@ -38,7 +167,8 @@ twira login # link this machine to your Twira account (Pro and trials)
|
|
|
38
167
|
twira dashboard # open the local dashboard in your browser
|
|
39
168
|
```
|
|
40
169
|
|
|
41
|
-
From there your AI agent does the work. Ask it to search, read, check impact,
|
|
170
|
+
From there your AI agent does the work. Ask it to search, read, check impact,
|
|
171
|
+
or diagnose, and it reaches for Twira's tools by itself.
|
|
42
172
|
|
|
43
173
|
## Links
|
|
44
174
|
|
|
@@ -48,4 +178,5 @@ From there your AI agent does the work. Ask it to search, read, check impact, or
|
|
|
48
178
|
|
|
49
179
|
---
|
|
50
180
|
|
|
51
|
-
Free for personal use, straight from install. Pro unlocks the full toolbelt
|
|
181
|
+
Free for personal use, straight from install. Pro unlocks the full toolbelt
|
|
182
|
+
with a 14-day trial, no card required.
|
package/package.json
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@twira/cli",
|
|
3
|
-
"version": "2.0.
|
|
4
|
-
"description": "
|
|
3
|
+
"version": "2.0.4",
|
|
4
|
+
"description": "Coding power tools for AI agents. Deliver better code, faster and safer.",
|
|
5
|
+
"mcpName": "com.twira/twira",
|
|
5
6
|
"license": "LicenseRef-Proprietary",
|
|
6
7
|
"homepage": "https://twira.com",
|
|
7
8
|
"repository": {
|