chainwall 0.1.0

package/install.sh

@@ -0,0 +1,543 @@
+#!/bin/bash
+#
+# ChainWall — Universal Installer
+#
+# Detects installed AI coding tools and installs appropriate security
+# layers: hooks, instruction files, skills, and commands.
+#
+# Usage:
+#   ./install.sh                  # Install in current directory
+#   ./install.sh /path/to/project # Install in specific project
+#
+# Requirements: bash 3.2+, jq
+# Idempotent: safe to run multiple times
+#
+
+set -euo pipefail
+
+# ═══════════════════════════════════════════════════════════════════════
+# Configuration
+# ═══════════════════════════════════════════════════════════════════════
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_DIR="${1:-$(pwd)}"
+LLMAV_DIR="${PROJECT_DIR}/.llm-av"
+
+# Colors
+RED=$'\e[31m'
+GREEN=$'\e[32m'
+YELLOW=$'\e[33m'
+CYAN=$'\e[36m'
+BOLD=$'\e[1m'
+RESET=$'\e[0m'
+
+# Installed components tracker
+INSTALLED=()
+SKIPPED=()
+WARNINGS=()
+
+# ═══════════════════════════════════════════════════════════════════════
+# Helpers
+# ═══════════════════════════════════════════════════════════════════════
+
+info()  { echo -e "${CYAN}[info]${RESET}  $1"; }
+ok()    { echo -e "${GREEN}[ok]${RESET}    $1"; INSTALLED+=("$1"); }
+skip()  { echo -e "${YELLOW}[skip]${RESET}  $1"; SKIPPED+=("$1"); }
+fail()  { echo -e "${RED}[error]${RESET} $1" >&2; }
+warn()  { echo -e "${YELLOW}[warn]${RESET}  $1"; WARNINGS+=("$1"); }
+
+# Check if jq is available
+check_jq() {
+    if ! command -v jq &> /dev/null; then
+        fail "jq is required but not installed."
+        echo "  Install: brew install jq (macOS) or apt install jq (Linux)" >&2
+        exit 1
+    fi
+}
+
+# Merge hooks into Claude Code settings.local.json
+# Non-destructive: preserves existing settings and hooks
+merge_claude_hooks() {
+    local settings_dir="$1"
+    local settings_file="${settings_dir}/settings.local.json"
+
+    mkdir -p "$settings_dir"
+
+    # Read existing settings or create empty object
+    local settings='{}'
+    if [[ -f "$settings_file" ]]; then
+        settings=$(cat "$settings_file" 2>/dev/null || echo '{}')
+        # Validate JSON
+        if ! echo "$settings" | jq empty 2>/dev/null; then
+            local backup="${settings_file}.bak.$(date +%s)"
+            cp "$settings_file" "$backup"
+            warn "Malformed settings backed up to $backup"
+            settings='{}'
+        fi
+    fi
+
+    # Define hook entries
+    local security_scanner_hook
+    security_scanner_hook=$(jq -n '{
+        matcher: "Bash|Write|Edit|Read",
+        hooks: [{
+            type: "command",
+            command: ($dir + "/hooks/security-scanner.sh"),
+            timeout: 10
+        }]
+    }' --arg dir "$SCRIPT_DIR")
+
+    local git_safety_hook
+    git_safety_hook=$(jq -n '{
+        matcher: "Bash",
+        hooks: [{
+            type: "command",
+            command: ($dir + "/hooks/git-safety.sh"),
+            timeout: 10
+        }]
+    }' --arg dir "$SCRIPT_DIR")
+
+    local audit_logger_hook
+    audit_logger_hook=$(jq -n '{
+        matcher: ".*",
+        hooks: [{
+            type: "command",
+            command: ($dir + "/hooks/audit-logger.sh"),
+            timeout: 10
+        }]
+    }' --arg dir "$SCRIPT_DIR")
+
+    # Check if hooks already exist (by checking for security-scanner.sh)
+    local has_scanner
+    has_scanner=$(echo "$settings" | jq '[.hooks.PreToolUse[]? | .hooks[]? | .command | select(contains("security-scanner.sh"))] | length')
+
+    if [[ "$has_scanner" -gt 0 ]]; then
+        skip "Claude Code hooks (already installed)"
+        return
+    fi
+
+    # Merge hooks into settings
+    settings=$(echo "$settings" | jq \
+        --argjson scanner "$security_scanner_hook" \
+        --argjson git_safety "$git_safety_hook" \
+        --argjson audit "$audit_logger_hook" \
+        '
+        .hooks.PreToolUse = (.hooks.PreToolUse // []) + [$scanner, $git_safety] |
+        .hooks.PostToolUse = (.hooks.PostToolUse // []) + [$audit]
+        ')
+
+    # Atomic write
+    local tmp_file="${settings_file}.tmp.$$"
+    echo "$settings" | jq '.' > "$tmp_file"
+    mv "$tmp_file" "$settings_file"
+    manifest_add "$settings_file"
+    ok "Claude Code hooks (security-scanner, git-safety, audit-logger)"
+}
+
+# Record installed file in manifest
+manifest_add() {
+    local path="$1"
+    if [[ -n "${MANIFEST_FILE:-}" ]] && [[ -f "${MANIFEST_FILE:-}" ]]; then
+        echo "$path" >> "$MANIFEST_FILE"
+    fi
+}
+
+# Copy instruction file if it doesn't exist (non-destructive)
+copy_if_absent() {
+    local src="$1"
+    local dst="$2"
+    local label="$3"
+
+    if [[ -f "$dst" ]]; then
+        skip "$label (already exists)"
+    else
+        mkdir -p "$(dirname "$dst")"
+        cp "$src" "$dst"
+        manifest_add "$dst"
+        ok "$label"
+    fi
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# Detection: Which AI tools are installed?
+# ═══════════════════════════════════════════════════════════════════════
+
+detect_tools() {
+    local tools=()
+
+    # Claude Code: .claude/ directory or claude in PATH
+    if [[ -d "${PROJECT_DIR}/.claude" ]] || command -v claude &> /dev/null; then
+        tools+=("claude")
+    fi
+
+    # Cursor: .cursor/ directory or .cursorrules file
+    if [[ -d "${PROJECT_DIR}/.cursor" ]] || [[ -f "${PROJECT_DIR}/.cursorrules" ]]; then
+        tools+=("cursor")
+    fi
+
+    # Copilot: .github/ directory detected
+    if [[ -d "${PROJECT_DIR}/.github" ]]; then
+        tools+=("copilot")
+        info "Detected .github/ directory — installing Copilot instructions"
+    fi
+
+    # Windsurf: .windsurfrules file
+    if [[ -f "${PROJECT_DIR}/.windsurfrules" ]]; then
+        tools+=("windsurf")
+    fi
+
+    # Gemini/Jules: GEMINI.md or .gemini/ directory
+    if [[ -f "${PROJECT_DIR}/GEMINI.md" ]] || [[ -d "${PROJECT_DIR}/.gemini" ]]; then
+        tools+=("gemini")
+    fi
+
+    # Cline: .cline/ directory or .clinerules file
+    if [[ -d "${PROJECT_DIR}/.cline" ]] || [[ -f "${PROJECT_DIR}/.clinerules" ]]; then
+        tools+=("cline")
+    fi
+
+    # RooCode: .roo/ directory
+    if [[ -d "${PROJECT_DIR}/.roo" ]]; then
+        tools+=("roocode")
+    fi
+
+    # Continue.dev: .continue/ directory or .continuerules file
+    if [[ -d "${PROJECT_DIR}/.continue" ]] || [[ -f "${PROJECT_DIR}/.continuerules" ]]; then
+        tools+=("continue")
+    fi
+
+    # Trae IDE: .trae/ directory
+    if [[ -d "${PROJECT_DIR}/.trae" ]]; then
+        tools+=("trae")
+    fi
+
+    # Kiro: .kiro/ directory
+    if [[ -d "${PROJECT_DIR}/.kiro" ]]; then
+        tools+=("kiro")
+    fi
+
+    # Always install AGENTS.md (universal standard)
+    tools+=("agents")
+
+    echo "${tools[@]}"
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# Installation
+# ═══════════════════════════════════════════════════════════════════════
+
+echo -e "${BOLD}╔══════════════════════════════════════════════╗${RESET}"
+echo -e "${BOLD}║      ChainWall — Universal Installer    ║${RESET}"
+echo -e "${BOLD}╚══════════════════════════════════════════════╝${RESET}"
+echo ""
+
+# Prerequisite check
+check_jq
+
+info "Project: ${PROJECT_DIR}"
+info "Source:  ${SCRIPT_DIR}"
+echo ""
+
+# Detect installed tools
+TOOLS=$(detect_tools)
+info "Detected tools: ${TOOLS}"
+echo ""
+
+# ─── Create .llm-av directory ──────────────────────────────────────────
+mkdir -p "$LLMAV_DIR"
+MANIFEST_FILE="${LLMAV_DIR}/manifest.txt"
+: > "$MANIFEST_FILE"  # Create/truncate manifest
+ok "Created .llm-av/ directory"
+
+# Create default config if absent
+if [[ ! -f "${LLMAV_DIR}/config.json" ]]; then
+    cat > "${LLMAV_DIR}/config.json" << 'DEFAULTCONFIG'
+{
+  "allowlist": {
+    "paths": [],
+    "patterns": []
+  },
+  "blocklist": {
+    "paths": [],
+    "patterns": []
+  }
+}
+DEFAULTCONFIG
+    ok "Default config (.llm-av/config.json)"
+else
+    skip "Config file (already exists)"
+fi
+
+# ─── Install AGENTS.md (universal) ────────────────────────────────────
+copy_if_absent \
+    "${SCRIPT_DIR}/rules/AGENTS.md" \
+    "${PROJECT_DIR}/AGENTS.md" \
+    "AGENTS.md (universal security rules)"
+
+# ─── Platform-specific installations ──────────────────────────────────
+for tool in $TOOLS; do
+    case "$tool" in
+        claude)
+            # Install hooks into .claude/settings.local.json
+            merge_claude_hooks "${PROJECT_DIR}/.claude"
+
+            # Install skill
+            if [[ -d "${SCRIPT_DIR}/skill/llm-antivirus" ]]; then
+                local_skill_dir="${PROJECT_DIR}/.claude/skill/llm-antivirus"
+                if [[ ! -d "$local_skill_dir" ]]; then
+                    mkdir -p "$local_skill_dir"
+                    cp -r "${SCRIPT_DIR}/skill/llm-antivirus/"* "$local_skill_dir/"
+                    manifest_add "$local_skill_dir"
+                    ok "Claude Code skill (llm-antivirus)"
+                else
+                    skip "Claude Code skill (already exists)"
+                fi
+            fi
+
+            # Install commands
+            if [[ -d "${SCRIPT_DIR}/commands" ]]; then
+                local_commands_dir="${PROJECT_DIR}/.claude/commands"
+                if [[ ! -f "${local_commands_dir}/security-scan.md" ]]; then
+                    mkdir -p "$local_commands_dir"
+                    cp "${SCRIPT_DIR}/commands/security-scan.md" "$local_commands_dir/"
+                    manifest_add "${local_commands_dir}/security-scan.md"
+                    ok "Claude Code /security-scan command"
+                else
+                    skip "Claude Code /security-scan command (already exists)"
+                fi
+            fi
+            ;;
+
+        cursor)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/cursor-security.mdc" \
+                "${PROJECT_DIR}/.cursor/rules/security.mdc" \
+                "Cursor security rules (.cursor/rules/security.mdc)"
+            # Also deploy .cursorrules fallback for older Cursor versions
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/cursor-security.mdc" \
+                "${PROJECT_DIR}/.cursorrules" \
+                "Cursor fallback rules (.cursorrules)"
+            ;;
+
+        copilot)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/copilot-instructions.md" \
+                "${PROJECT_DIR}/.github/copilot-instructions.md" \
+                "Copilot instructions (.github/copilot-instructions.md)"
+            ;;
+
+        windsurf)
+            # Append to existing .windsurfrules rather than overwrite
+            if [[ -f "${PROJECT_DIR}/.windsurfrules" ]]; then
+                if ! grep -q "ChainWall" "${PROJECT_DIR}/.windsurfrules" 2>/dev/null; then
+                    cat "${SCRIPT_DIR}/rules/windsurfrules" >> "${PROJECT_DIR}/.windsurfrules"
+                    manifest_add "${PROJECT_DIR}/.windsurfrules"
+                    ok "Windsurf security rules (appended to .windsurfrules)"
+                else
+                    skip "Windsurf security rules (already present)"
+                fi
+            else
+                cp "${SCRIPT_DIR}/rules/windsurfrules" "${PROJECT_DIR}/.windsurfrules"
+                ok "Windsurf security rules (.windsurfrules)"
+            fi
+            ;;
+
+        gemini)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/gemini.md" \
+                "${PROJECT_DIR}/GEMINI.md" \
+                "Gemini security rules (GEMINI.md)"
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/gemini.md" \
+                "${PROJECT_DIR}/.gemini/styleguide.md" \
+                "Gemini styleguide (.gemini/styleguide.md)"
+            ;;
+
+        cline)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/clinerules" \
+                "${PROJECT_DIR}/.clinerules" \
+                "Cline security rules (.clinerules)"
+            ;;
+
+        roocode)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/roocode-security.md" \
+                "${PROJECT_DIR}/.roo/rules/security.md" \
+                "RooCode security rules (.roo/rules/security.md)"
+            ;;
+
+        continue)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/continuerules" \
+                "${PROJECT_DIR}/.continuerules" \
+                "Continue.dev security rules (.continuerules)"
+            ;;
+
+        trae)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/trae-security.md" \
+                "${PROJECT_DIR}/.trae/rules/security.md" \
+                "Trae IDE security rules (.trae/rules/security.md)"
+            ;;
+
+        kiro)
+            copy_if_absent \
+                "${SCRIPT_DIR}/rules/kiro-security.md" \
+                "${PROJECT_DIR}/.kiro/rules/security.md" \
+                "Kiro security rules (.kiro/rules/security.md)"
+            ;;
+
+        agents)
+            # Already handled above
+            ;;
+    esac
+done
+
+# ─── Update .gitignore ────────────────────────────────────────────────
+if [[ -f "${PROJECT_DIR}/.gitignore" ]]; then
+    GITIGNORE_UPDATED=false
+    for pattern in ".llm-av/" ".env" ".env.local"; do
+        if ! grep -qxF "$pattern" "${PROJECT_DIR}/.gitignore" 2>/dev/null; then
+            echo "$pattern" >> "${PROJECT_DIR}/.gitignore"
+            GITIGNORE_UPDATED=true
+        fi
+    done
+    if [[ "$GITIGNORE_UPDATED" == "true" ]]; then
+        ok "Updated .gitignore with sensitive patterns"
+    else
+        skip ".gitignore (patterns already present)"
+    fi
+else
+    cat > "${PROJECT_DIR}/.gitignore" << 'GITIGNORE'
+# ChainWall
+.llm-av/
+.env
+.env.local
+GITIGNORE
+    ok "Created .gitignore with sensitive patterns"
+fi
+
+# ─── Install git hooks ───────────────────────────────────────────────
+if [[ -d "${PROJECT_DIR}/.git" ]]; then
+    HOOKS_DIR="${PROJECT_DIR}/.git/hooks"
+    mkdir -p "$HOOKS_DIR"
+
+    for hook_name in pre-commit pre-push; do
+        src_hook="${SCRIPT_DIR}/hooks/git-${hook_name}.sh"
+        dst_hook="${HOOKS_DIR}/${hook_name}"
+
+        if [[ ! -f "$src_hook" ]]; then
+            continue
+        fi
+
+        if [[ -f "$dst_hook" ]]; then
+            # Check if it's already our hook
+            if grep -q "ChainWall" "$dst_hook" 2>/dev/null; then
+                skip "Git ${hook_name} hook (already installed)"
+            else
+                # Backup existing hook, create wrapper
+                cp "$dst_hook" "${dst_hook}.existing"
+                cat > "$dst_hook" << HOOKWRAPPER
+#!/bin/bash
+# ChainWall wrapper — runs both existing and security hooks
+# Original hook backed up to ${hook_name}.existing
+
+# Run existing hook first
+if [[ -x "${dst_hook}.existing" ]]; then
+    "${dst_hook}.existing" "\$@"
+    EXISTING_RC=\$?
+    if [[ \$EXISTING_RC -ne 0 ]]; then
+        exit \$EXISTING_RC
+    fi
+fi
+
+# Run ChainWall hook
+exec "${src_hook}" "\$@"
+HOOKWRAPPER
+                chmod +x "$dst_hook"
+                manifest_add "$dst_hook"
+                ok "Git ${hook_name} hook (wrapped existing)"
+            fi
+        else
+            # No existing hook — create a simple forwarding script
+            cat > "$dst_hook" << HOOKSCRIPT
+#!/bin/bash
+# ChainWall — ${hook_name} hook
+exec "${src_hook}" "\$@"
+HOOKSCRIPT
+            chmod +x "$dst_hook"
+            manifest_add "$dst_hook"
+            ok "Git ${hook_name} hook"
+        fi
+    done
+else
+    skip "Git hooks (no .git directory found)"
+fi
+
+# ─── Offer MCP server config (Claude Desktop / Cursor) ──────────────
+MCP_SERVER_PATH="${SCRIPT_DIR}/dist/mcp-server/index.js"
+if [[ -f "$MCP_SERVER_PATH" ]]; then
+    # Claude Desktop
+    CLAUDE_DESKTOP_CONFIG="${HOME}/Library/Application Support/Claude/claude_desktop_config.json"
+    if [[ -f "$CLAUDE_DESKTOP_CONFIG" ]]; then
+        if ! jq -e '.mcpServers."llm-antivirus"' "$CLAUDE_DESKTOP_CONFIG" &>/dev/null; then
+            UPDATED=$(jq --arg path "$MCP_SERVER_PATH" \
+                '.mcpServers."llm-antivirus" = { "command": "node", "args": [$path] }' \
+                "$CLAUDE_DESKTOP_CONFIG")
+            echo "$UPDATED" | jq '.' > "${CLAUDE_DESKTOP_CONFIG}.tmp.$$"
+            mv "${CLAUDE_DESKTOP_CONFIG}.tmp.$$" "$CLAUDE_DESKTOP_CONFIG"
+            ok "MCP server registered (Claude Desktop)"
+        else
+            skip "MCP server (already in Claude Desktop config)"
+        fi
+    fi
+
+    # Cursor MCP config
+    CURSOR_MCP_CONFIG="${HOME}/.cursor/mcp.json"
+    if [[ -d "${HOME}/.cursor" ]]; then
+        if [[ ! -f "$CURSOR_MCP_CONFIG" ]]; then
+            echo '{"mcpServers":{}}' > "$CURSOR_MCP_CONFIG"
+        fi
+        if ! jq -e '.mcpServers."llm-antivirus"' "$CURSOR_MCP_CONFIG" &>/dev/null; then
+            UPDATED=$(jq --arg path "$MCP_SERVER_PATH" \
+                '.mcpServers."llm-antivirus" = { "command": "node", "args": [$path] }' \
+                "$CURSOR_MCP_CONFIG")
+            echo "$UPDATED" | jq '.' > "${CURSOR_MCP_CONFIG}.tmp.$$"
+            mv "${CURSOR_MCP_CONFIG}.tmp.$$" "$CURSOR_MCP_CONFIG"
+            ok "MCP server registered (Cursor)"
+        else
+            skip "MCP server (already in Cursor config)"
+        fi
+    fi
+fi
+
+# ═══════════════════════════════════════════════════════════════════════
+# Summary
+# ═══════════════════════════════════════════════════════════════════════
+
+echo ""
+echo -e "${BOLD}=== Installation Summary ===${RESET}"
+echo -e "${GREEN}Installed: ${#INSTALLED[@]}${RESET}"
+for item in "${INSTALLED[@]}"; do
+    echo -e "  ${GREEN}+${RESET} $item"
+done
+
+if [[ ${#SKIPPED[@]} -gt 0 ]]; then
+    echo -e "${YELLOW}Skipped: ${#SKIPPED[@]}${RESET}"
+    for item in "${SKIPPED[@]}"; do
+        echo -e "  ${YELLOW}-${RESET} $item"
+    done
+fi
+
+if [[ ${#WARNINGS[@]} -gt 0 ]]; then
+    echo -e "${RED}Warnings: ${#WARNINGS[@]}${RESET}"
+    for item in "${WARNINGS[@]}"; do
+        echo -e "  ${RED}!${RESET} $item"
+    done
+fi
+
+echo ""
+echo -e "${GREEN}${BOLD}ChainWall installed successfully.${RESET}"
+echo -e "Run ${CYAN}chainwall scan${RESET} to scan your project."

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "chainwall",
+  "version": "0.1.0",
+  "description": "Antivirus for AI coding agents — scan your machine, see what's exposed, block threats",
+  "type": "module",
+  "bin": {
+    "chainwall": "./dist/cli.js",
+    "chainwall-mcp": "./dist/mcp-server/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "prepare": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "dev": "tsx src/cli.ts"
+  },
+  "engines": {
+    "node": ">=18.17.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/consulalialpric/chainwall.git"
+  },
+  "homepage": "https://github.com/consulalialpric/chainwall",
+  "bugs": {
+    "url": "https://github.com/consulalialpric/chainwall/issues"
+  },
+  "author": "consulalialpric",
+  "license": "MIT",
+  "keywords": [
+    "security", "ai-safety", "antivirus", "secrets-detection",
+    "prompt-injection", "llm-security", "ai-agents", "mcp",
+    "pre-commit-hook", "claude-code", "cursor", "copilot"
+  ],
+  "files": [
+    "dist/",
+    "hooks/",
+    "patterns/",
+    "rules/",
+    "skill/",
+    "commands/",
+    "install.sh",
+    "uninstall.sh",
+    "LICENSE",
+    "README.md"
+  ],
+  "dependencies": {
+    "@inkjs/ui": "^2.0.0",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "chalk": "^5.4.1",
+    "commander": "^13.1.0",
+    "ink": "^6.6.0",
+    "ink-big-text": "^2.0.0",
+    "ink-gradient": "^3.0.0",
+    "ink-spinner": "^5.0.0",
+    "ora": "^8.2.0",
+    "react": "^19.2.4",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.1",
+    "@types/react": "^19.2.13",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.3",
+    "vitest": "^3.0.5"
+  }
+}