agent-analyzer 0.1.2

package/LICENSE

@@ -0,0 +1,60 @@
+# Claude Log Analyzer Source Available License
+
+Copyright (c) 2026 Robert Douglass. All rights reserved.
+
+This license governs the Claude Log Analyzer source code and related project files
+in this repository, except for files that clearly state a different license.
+Third-party dependencies remain governed by their own licenses.
+
+## 1. Source Availability
+
+You may view, download, and clone this repository to inspect the source code,
+evaluate the software, report issues, and propose contributions.
+
+## 2. Limited Evaluation Use
+
+You may run unmodified copies of the software for personal, internal evaluation,
+security review, and development testing. This permission does not include any
+production, hosted, commercial, resale, or service-provider use.
+
+## 3. Contributions
+
+By submitting a contribution, you grant Robert Douglass a perpetual, worldwide,
+irrevocable, royalty-free license to use, reproduce, modify, distribute,
+sublicense, and relicense your contribution as part of Claude Log Analyzer.
+You represent that you have the right to grant this license.
+
+## 4. Restrictions
+
+Except as expressly allowed above, you may not:
+
+- use the software in production or for commercial purposes;
+- provide the software, or substantially similar functionality, as a hosted or
+  managed service;
+- sell, rent, lease, sublicense, redistribute, or otherwise make the software
+  available to third parties;
+- modify, create derivative works, or distribute modified versions outside your
+  own private evaluation environment;
+- remove copyright, license, attribution, or proprietary notices;
+- use the software to train, fine-tune, or improve a machine learning model
+  without prior written permission.
+
+## 5. Commercial Licensing
+
+Production, hosted, commercial, redistribution, and other uses not expressly
+permitted by this license require a separate written commercial license from
+Robert Douglass.
+
+## 6. No Trademark Rights
+
+This license does not grant rights to use the names, logos, trademarks, service
+marks, or branding of Claude Log Analyzer or Robert Douglass.
+
+## 7. Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,127 @@
+# Agent Analyzer
+
+Deterministic performance profiler for AI coding workflows.
+
+This repo starts with a Docker-local, end-to-end implementation:
+
+- run the analyzer locally against one Claude Code JSONL log
+- write a sanitized report JSON that the user can inspect before upload
+- upload only the sanitized report JSON
+- detect waste patterns and ecosystem fingerprints
+- generate an ephemeral report JSON
+- view the report in a static local web UI
+
+The production target is CDN + local deterministic CLI + report-only upload + short-lived report storage. Local development intentionally avoids cloud dependencies so the complete flow can be tested before any infrastructure is provisioned.
+
+## Launch Command
+
+The public launch path is one copy/paste command:
+
+```sh
+npx --yes agent-analyzer@latest run
+```
+
+That command fetches a scriptless npm package, runs the bundled native Go binary,
+analyzes the latest Claude Code log locally, writes `agent-analyzer-report.json`,
+shows the upload boundary, asks for confirmation, uploads only sanitized report
+JSON, and opens the short-lived report page.
+
+For users who do not want npm/NPX, versioned GitHub Release archives with
+`checksums.txt` remain available. See [docs/distribution.md](docs/distribution.md).
+
+There is intentionally no browser upload form. Claude Code logs live under `~/.claude`, which is awkward for Finder/browser upload flows. The public launch path is local-first:
+
+1. `npx --yes agent-analyzer@latest run` starts the local native analyzer.
+2. The analyzer finds the latest Claude Code JSONL log, parses and redacts it locally, and writes `agent-analyzer-report.json`.
+3. The CLI prints the upload boundary and asks for confirmation.
+4. After confirmation, it sends only the sanitized report to `POST /api/client-reports`.
+5. The short-lived report opens at `/r/{job_id}/{report_token}` and expires on the retention schedule.
+
+Legacy raw-log token upload endpoints still exist for internal Docker smoke coverage while the paid scan is moved to the same local-first model. They are not the public onboarding path.
+
+Paid delivery contract: [docs/remediation/plugin-artifacts.md](docs/remediation/plugin-artifacts.md).
+
+## Local Runthrough
+
+The `analyze` subcommand accepts a log path either as a positional argument or
+via the `--log` flag. The two forms are mutually exclusive; passing both, or
+passing more than one positional, fails fast with a non-zero exit:
+
+```bash
+# positional form (equivalent to using --log):
+agent-analyzer analyze ~/.claude/projects/some-session.jsonl --out ./report.json
+
+# explicit --log form:
+agent-analyzer analyze --log ~/.claude/projects/some-session.jsonl --out ./report.json
+```
+
+If neither form is supplied, the latest log under `~/.claude/projects/` is used.
+
+```bash
+docker compose up --build
+```
+
+Open `http://localhost:8080`, click `Generate NPX Command`, and use the generated one-line local analyze/review/upload flow. The smoke scripts still exercise the legacy token path with `testdata/fixtures/sample-claude.jsonl` for backend compatibility.
+
+Smoke test:
+
+```bash
+./scripts/smoke-local.sh
+```
+
+If Docker Desktop is unavailable, the same API/worker path can be checked with:
+
+```bash
+./scripts/smoke-native.sh
+```
+
+Local load gate:
+
+```bash
+COMPOSE_PROJECT_NAME=agent-log-analyzer-load docker compose up --build -d
+./scripts/load-local.sh 25
+COMPOSE_PROJECT_NAME=agent-log-analyzer-load docker compose down -v
+```
+
+Aggregate analytics summary, for retained `analytics.Event` JSONL only:
+
+```bash
+go run ./cmd/analytics-summary --input /tmp/agent-log-analyzer/analytics/events.jsonl --min-cohort 10
+```
+
+AWS-backend local smoke with LocalStack:
+
+```bash
+./scripts/smoke-aws-local.sh
+```
+
+## Development
+
+```bash
+go test ./...
+go run ./cmd/api
+go run ./cmd/worker
+```
+
+Useful local env vars:
+
+- `CLAUDE_ANALYZER_DATA_DIR`, default `/tmp/agent-log-analyzer`
+- `CLAUDE_ANALYZER_ADDR`, default `:8080`
+- `CLAUDE_ANALYZER_WORKER_INTERVAL`, default `2s`
+
+## Privacy Posture
+
+Raw logs are treated as toxic. The launch UX parses and redacts locally, emits aggregate-safe ecosystem IDs only, and uploads only sanitized report JSON. Operational logs forbid raw prompt/tool text.
+
+See [docs/data-retention-and-analytics.md](docs/data-retention-and-analytics.md).
+
+Cloud launch checklist: [docs/cloud-launch-todo.md](docs/cloud-launch-todo.md).
+
+## License
+
+Agent Analyzer is source-available, not open source. You may inspect,
+clone, and run the software for personal/internal evaluation and development
+testing, but production, hosted, commercial, redistribution, and managed-service
+uses require a separate written license.
+
+See [LICENSE](LICENSE).

package/npm/bin/agent-analyzer.js

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+"use strict";
+
+const { spawnSync } = require("node:child_process");
+const path = require("node:path");
+
+const target = `${process.platform}-${process.arch}`;
+const exe = process.platform === "win32" ? ".exe" : "";
+const binary = path.join(__dirname, `agent-analyzer-${target}${exe}`);
+
+const result = spawnSync(binary, process.argv.slice(2), { stdio: "inherit" });
+
+if (result.error) {
+  if (result.error.code === "ENOENT") {
+    console.error(`agent-analyzer does not include a binary for ${target}.`);
+    console.error("Supported targets: darwin-x64, darwin-arm64, linux-x64, linux-arm64, win32-x64.");
+    process.exit(1);
+  }
+  console.error(result.error.message);
+  process.exit(1);
+}
+
+if (result.signal) {
+  process.kill(process.pid, result.signal);
+}
+
+process.exit(result.status ?? 1);

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "agent-analyzer",
+  "version": "0.1.2",
+  "description": "Local-first deterministic profiler for agentic coding logs.",
+  "license": "SEE LICENSE IN LICENSE",
+  "homepage": "https://github.com/Priivacy-ai/agent-log-analyzer#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Priivacy-ai/agent-log-analyzer.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Priivacy-ai/agent-log-analyzer/issues"
+  },
+  "bin": {
+    "agent-analyzer": "npm/bin/agent-analyzer.js"
+  },
+  "files": [
+    "npm/bin/agent-analyzer.js",
+    "npm/bin/agent-analyzer-*",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "provenance": true
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}