npm - aiblueprint-cli - Versions diffs - 1.4.45 → 1.4.48 - Mend

aiblueprint-cli 1.4.45 → 1.4.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aiblueprint-cli",
-  "version": "1.4.45",
+  "version": "1.4.48",
   "description": "AIBlueprint CLI for setting up Claude Code configurations",
   "author": "AIBlueprint",
   "license": "MIT",
@@ -47,7 +47,7 @@
   },
   "files": [
     "dist",
-    "claude-code-config"
+    "ai-config"
   ],
   "keywords": [
     "claude",

package/claude-code-config/hooks/hooks.json DELETED Viewed

@@ -1,15 +0,0 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "bun ${CLAUDE_PLUGIN_ROOT}/claude-code-config/scripts/validate-command.js"
-          }
-        ]
-      }
-    ]
-  }
-}

package/claude-code-config/scripts/CLAUDE.md DELETED Viewed

@@ -1,50 +0,0 @@
-# Scripts - Project Memory
-Monorepo containing Claude Code utilities and extensions.
-## Structure
-```
-scripts/
-├── auto-rename-session/  # Auto-generates session titles via AI
-├── claude-code-ai/       # Shared Claude API helpers
-├── command-validator/    # Security validation for bash commands
-├── statusline/           # Custom statusline for Claude Code
-└── package.json          # Root package with all scripts
-```
-## Commands
-```bash
-bun run test              # Run ALL tests (186 tests)
-bun run lint              # Lint all packages
-```
-### Per-Package Commands
-| Package | Test | Start |
-|---------|------|-------|
-| auto-rename-session | `bun run auto-rename:test` | `bun run auto-rename:start` |
-| claude-code-ai | `bun run ai:test` | - |
-| command-validator | `bun run validator:test` | `bun run validator:cli` |
-| statusline | `bun run statusline:test` | `bun run statusline:start` |
-## Cross-Platform Support
-All packages support macOS, Linux, and Windows (via WSL):
-- Use `path.join()` instead of string concatenation
-- Use `os.homedir()` instead of `process.env.HOME`
-- Use `path.sep` or regex `[/\\]` for path splitting
-## Shared Dependencies
-- `@ai-sdk/anthropic` + `ai` - Claude API access
-- `picocolors` - Terminal colors
-- `@biomejs/biome` - Linting/formatting
-- `bun:test` - Testing
-## Credentials
-Claude Code OAuth tokens are retrieved via `claude-code-ai/helper/credentials.ts`:
-- macOS: Keychain (`security find-generic-password`)
-- Linux/Windows: `~/.claude/.credentials.json`

package/claude-code-config/scripts/command-validator/CLAUDE.md DELETED Viewed

@@ -1,112 +0,0 @@
-# Command Validator - CLAUDE.md
-This file provides guidance to Claude Code when working with the command-validator security package.
-## Project Purpose
-**Command Validator** is a security validation package for Claude Code's PreToolUse hook. It validates bash commands before execution to prevent dangerous operations like:
-- System destruction (rm -rf /, dd, mkfs)
-- Privilege escalation (sudo, chmod, passwd)
-- Network attacks (nc, nmap, telnet)
-- Malicious patterns (fork bombs, backdoors)
-- Sensitive file access (/etc/passwd, /etc/shadow)
-The validator is integrated as a hook in Claude Code settings and blocks dangerous commands while allowing safe operations.
-## CRITICAL: This Project Uses BUN
-**NEVER use npm or node commands. This project exclusively uses BUN.**
-## Development Commands
-**CRITICAL**: Only use these BUN commands:
-### Testing (Primary Workflow)
-- `bun test` - Run all tests with Vitest
-- `bun test:ui` - Run tests with UI interface
-- `bun run test` - Alternative test command
-### Code Quality
-- `bun run lint` - Run Biome linter and auto-fix
-- `bun run format` - Format code with Biome
-- `bunx tsc --noEmit` - TypeScript type checking (no build)
-### Execution
-- `bun src/cli.ts` - Run CLI validator directly
-- `bun install` - Install dependencies
-## Development Workflow
-**CRITICAL**: The majority of work on this project follows this simple cycle:
-### Test-Driven Development Cycle
-1. **Run tests**: `bun test`
-2. **Read errors**: Analyze test failures carefully
-3. **Fix the problem**: Make minimal changes to pass tests
-4. **Re-run tests**: `bun test` until ALL tests pass
-5. **Repeat**: Continue cycle until all tests are green
-**ALWAYS follow this workflow:**
-```bash
-bun test          # See what's broken
-# Fix the code
-bun test          # Verify fix works
-# Repeat until green
-```
-## Architecture Overview
-```
-src/
-├── cli.ts                 # CLI entry point (used by Claude Code hook)
-├── lib/
-│   ├── types.ts           # TypeScript interfaces
-│   ├── security-rules.ts  # Security rules database
-│   └── validator.ts       # Core validation logic
-└── __tests__/
-    └── validator.test.ts  # Comprehensive test suite (82+ tests)
-```
-### Key Files
-- **@scripts/command-validator/src/lib/validator.ts** - Core CommandValidator class
-- **@scripts/command-validator/src/lib/security-rules.ts** - Security rules database
-- **@scripts/command-validator/src/__tests__/validator.test.ts** - All test cases
-## Code Conventions
-- **TypeScript**: Strict mode enabled
-- **Testing**: Vitest with comprehensive coverage (82+ tests)
-- **Linting**: Biome for formatting and linting
-- **Imports**: ESM module format only
-## Security Test Categories
-The test suite validates:
-1. **Safe Commands**: ls, git, npm, cat, cp, mv, mkdir (must allow)
-2. **Dangerous Commands**: rm -rf /, dd, sudo, passwd (must block)
-3. **Special Cases**: rm -rf safety rules, protected paths, command chains
-4. **Malicious Patterns**: Fork bombs, backdoors, log manipulation
-## IMPORTANT: Workflow Rules
-- **BEFORE making changes**: Run `bun test` to see current state
-- **AFTER any code change**: Run `bun test` to verify
-- **NEVER assume tests pass**: Always verify with `bun test`
-- **Fix one test at a time**: Make minimal changes, then re-test
-- **Use Bun ONLY**: No npm, node, or yarn commands
-## Common Modifications
-Most changes involve:
-1. **Adding new security rules** → Update @scripts/command-validator/src/lib/security-rules.ts
-2. **Modifying validation logic** → Update @scripts/command-validator/src/lib/validator.ts
-3. **Adding test cases** → Update @scripts/command-validator/src/__tests__/validator.test.ts
-4. **Run tests after each change** → `bun test`
-## Test Execution Priority
-**ALWAYS use the test-driven approach:**
-- Tests define the requirements
-- Code changes must make tests pass
-- All 82+ tests must be green before committing
-- Use `bun test` continuously during development

package/claude-code-config/scripts/command-validator/README.md DELETED Viewed

@@ -1,147 +0,0 @@
-# Command Validator
-A secure command validation package for Claude Code's PreToolUse hook. This package validates bash commands before execution to prevent dangerous operations.
-## Features
-- **Comprehensive Security Rules**: Blocks dangerous commands (rm -rf /, dd, mkfs, etc.)
-- **Pattern Matching**: Detects malicious patterns like fork bombs, backdoors, and data exfiltration
-- **Path Protection**: Prevents writes to system directories (/etc, /usr, /bin, etc.)
-- **Command Chaining**: Validates chained commands (&&, ||, ;)
-- **Fully Tested**: 82+ tests with Vitest ensuring reliable validation
-## Installation
-```bash
-bun install
-```
-## Usage
-### As a Claude Code Hook
-The validator is configured as a PreToolUse hook in Claude Code settings:
-```json
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "bun ~/.claude/scripts/command-validator/src/cli.ts"
-          }
-        ]
-      }
-    ]
-  }
-}
-```
-### Programmatic Usage
-```typescript
-import { CommandValidator } from "./src/lib/validator";
-const validator = new CommandValidator();
-const result = validator.validate("rm -rf /");
-if (!result.isValid) {
-  console.log(`Blocked: ${result.violations.join(", ")}`);
-  console.log(`Severity: ${result.severity}`);
-}
-```
-## Testing
-```bash
-# Run all tests
-bun test
-# Run tests with UI
-bun test:ui
-```
-## Test Coverage
-The test suite includes:
-### Safe Commands (Must Allow)
-- Standard utilities: ls, git, npm, pnpm, node, python
-- File operations: cat, cp, mv, mkdir, touch
-- Safe command chains with &&
-### Dangerous Commands (Must Block)
-- System destruction: rm -rf /, dd, mkfs, fdisk
-- Privilege escalation: sudo, chmod, chown, passwd
-- Network attacks: nc, nmap, telnet
-- Malicious patterns: fork bombs, backdoors, log manipulation
-- Sensitive file access: /etc/passwd, /etc/shadow, /etc/sudoers
-### Special Cases
-- rm -rf safety: Allows deletions in safe paths (~/Developer/, /tmp/)
-- Protected paths: Blocks dangerous operations on /etc, /usr, /bin, etc.
-- Binary content detection
-- Command length limits
-## Architecture
-```
-src/
-├── cli.ts                 # CLI entry point (used by Claude Code hook)
-├── lib/
-│   ├── types.ts           # TypeScript interfaces
-│   ├── security-rules.ts  # Security rules database
-│   └── validator.ts       # Core validation logic
-└── __tests__/
-    └── validator.test.ts  # Comprehensive test suite
-```
-## Security Rules
-### Critical Commands
-- `del`, `format`, `mkfs`, `shred`, `dd`, `fdisk`, `parted`
-### Privilege Escalation
-- `sudo`, `su`, `passwd`, `chpasswd`, `usermod`, `chmod`, `chown`
-### Network Commands
-- `nc`, `netcat`, `nmap`, `telnet`, `ssh-keygen`, `iptables`
-### System Manipulation
-- `systemctl`, `service`, `kill`, `killall`, `mount`, `umount`
-### Protected Paths
-- `/etc/`, `/usr/`, `/sbin/`, `/boot/`, `/sys/`, `/proc/`, `/dev/`, `/root/`
-## Security Logs
-Security events are logged to `data/security.log` inside the package directory. The log file contains:
-- Timestamp
-- Session ID
-- Tool name
-- Command (truncated to 500 chars)
-- Blocked/allowed status
-- Severity level
-- Violations detected
-The `data/` folder is gitignored to prevent committing sensitive log data.
-## Development
-```bash
-# Run linter
-bun run lint
-# Format code
-bun run format
-# Type check
-bunx tsc --noEmit
-```
-## License
-MIT

package/claude-code-config/scripts/command-validator/src/__tests__/validator.test.ts DELETED Viewed

@@ -1,99 +0,0 @@
-import { describe, expect, it } from "bun:test";
-import { CommandValidator } from "../lib/validator";
-describe("CommandValidator", () => {
-	const validator = new CommandValidator();
-	describe("Commands that MUST be ALLOWED (action: allow)", () => {
-		const allowedCommands = [
-			"ls -la",
-			"pwd",
-			"git status",
-			"git add -A && git commit -m 'Clé API Google gérée côté client'",
-			"npm install",
-			"rm file.txt",
-			"rm -r folder",
-			"rm -f file.txt",
-			"echo 'éàù accents français'",
-			"git commit -m '🚀 emoji test'",
-			"cat /etc/passwd",
-			"curl http://example.com",
-		];
-		for (const command of allowedCommands) {
-			it(`should ALLOW: ${command}`, () => {
-				const result = validator.validate(command);
-				expect(result.isValid).toBe(true);
-				expect(result.action).toBe("allow");
-				expect(result.violations).toHaveLength(0);
-			});
-		}
-	});
-	describe("Commands that MUST be DENIED (action: deny) - rm -rf ONLY", () => {
-		const deniedCommands = [
-			"rm -rf /",
-			"rm -rf folder",
-			"rm -rf .",
-			"rm -rf /tmp/test",
-			"rm -fr folder",
-			"rm -r -f folder",
-			"rm -f -r folder",
-			"rm -rf /Users/test/.claude/skills",
-			"mkdir test && rm -rf test",
-		];
-		for (const command of deniedCommands) {
-			it(`should DENY: ${command}`, () => {
-				const result = validator.validate(command);
-				expect(result.isValid).toBe(false);
-				expect(result.action).toBe("deny");
-				expect(result.severity).toBe("CRITICAL");
-				expect(result.violations[0]).toContain("rm -rf is forbidden");
-			});
-		}
-	});
-	describe("Commands that MUST ASK permission (action: ask)", () => {
-		const askCommands = [
-			{ cmd: "sudo apt install", expected: "sudo" },
-			{ cmd: "sudo rm something", expected: "sudo" },
-			{ cmd: "chmod 777 file.txt", expected: "chmod" },
-			{ cmd: "chown root file.txt", expected: "chown" },
-			{ cmd: "dd if=/dev/zero of=test.img", expected: "dd" },
-			{ cmd: "kill -9 1234", expected: "kill" },
-			{ cmd: "killall node", expected: "killall" },
-			{ cmd: "su root", expected: "su" },
-		];
-		for (const { cmd, expected } of askCommands) {
-			it(`should ASK for: ${cmd}`, () => {
-				const result = validator.validate(cmd);
-				expect(result.isValid).toBe(false);
-				expect(result.action).toBe("ask");
-				expect(result.severity).toBe("HIGH");
-				expect(result.violations[0]).toContain(expected);
-			});
-		}
-	});
-	describe("Edge cases", () => {
-		it("should DENY empty commands", () => {
-			const result = validator.validate("");
-			expect(result.isValid).toBe(false);
-			expect(result.action).toBe("deny");
-		});
-		it("should ALLOW commands with accented characters", () => {
-			const result = validator.validate("git commit -m 'éàùç accents'");
-			expect(result.isValid).toBe(true);
-			expect(result.action).toBe("allow");
-		});
-		it("should ALLOW commands with emojis", () => {
-			const result = validator.validate("echo '🚀🎉'");
-			expect(result.isValid).toBe(true);
-			expect(result.action).toBe("allow");
-		});
-	});
-});

package/claude-code-config/scripts/command-validator/src/cli.ts DELETED Viewed

@@ -1,120 +0,0 @@
-#!/usr/bin/env bun
-import { join } from "node:path";
-import type { HookInput, HookOutput } from "./lib/types";
-import { CommandValidator } from "./lib/validator";
-const LOG_FILE = join(import.meta.dir, "../data/security.log");
-async function logSecurityEvent(
-	command: string,
-	toolName: string,
-	result: { isValid: boolean; severity: string; violations: string[] },
-	sessionId: string | null,
-) {
-	const timestamp = new Date().toISOString();
-	const logEntry = {
-		timestamp,
-		sessionId,
-		toolName,
-		command: command.substring(0, 500),
-		blocked: !result.isValid,
-		severity: result.severity,
-		violations: result.violations,
-		source: "claude-code-hook",
-	};
-	try {
-		const logLine = `${JSON.stringify(logEntry)}\n`;
-		const file = Bun.file(LOG_FILE);
-		const exists = await file.exists();
-		if (exists) {
-			const existingContent = await file.text();
-			await Bun.write(LOG_FILE, existingContent + logLine);
-		} else {
-			await Bun.write(LOG_FILE, logLine);
-		}
-		console.error(
-			`[SECURITY] ${result.isValid ? "ALLOWED" : "BLOCKED"}: ${command.substring(0, 100)}`,
-		);
-	} catch (error) {
-		console.error("Failed to write security log:", error);
-	}
-}
-async function main() {
-	const validator = new CommandValidator();
-	try {
-		const stdin = process.stdin;
-		const chunks: Buffer[] = [];
-		for await (const chunk of stdin) {
-			chunks.push(chunk);
-		}
-		const input = Buffer.concat(chunks).toString();
-		if (!input.trim()) {
-			console.error("No input received from stdin");
-			process.exit(1);
-		}
-		let hookData: HookInput;
-		try {
-			hookData = JSON.parse(input);
-		} catch (error) {
-			console.error("Invalid JSON input:", (error as Error).message);
-			process.exit(1);
-		}
-		const toolName = hookData.tool_name || "Unknown";
-		const toolInput = hookData.tool_input || {};
-		const sessionId = hookData.session_id || null;
-		if (toolName !== "Bash") {
-			console.log(`Skipping validation for tool: ${toolName}`);
-			process.exit(0);
-		}
-		const command = toolInput.command;
-		if (!command) {
-			console.error("No command found in tool input");
-			process.exit(1);
-		}
-		const result = validator.validate(command, toolName);
-		await logSecurityEvent(command, toolName, result, sessionId);
-		if (result.isValid) {
-			console.log("Command validation passed");
-			process.exit(0);
-		}
-		const message = result.action === "deny"
-			? `Command blocked!\n\nCommand: ${command}\nReason: ${result.violations.join(", ")}\nSeverity: ${result.severity}`
-			: `⚠️ Potentially dangerous command\n\nCommand: ${command}\nReason: ${result.violations.join(", ")}\nSeverity: ${result.severity}\n\nDo you want to proceed?`;
-		const hookOutput: HookOutput = {
-			hookSpecificOutput: {
-				hookEventName: "PreToolUse",
-				permissionDecision: result.action === "deny" ? "deny" : "ask",
-				permissionDecisionReason: message,
-			},
-		};
-		console.log(JSON.stringify(hookOutput));
-		process.exit(0);
-	} catch (error) {
-		console.error("Validation script error:", error);
-		process.exit(2);
-	}
-}
-main().catch((error) => {
-	console.error("Fatal error:", error);
-	process.exit(2);
-});