npm - chainwall - Versions diffs - 0.1.0 - Mend

chainwall 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/LICENSE +21 -0
package/README.md +278 -0
package/commands/security-scan.md +35 -0
package/dist/auditor/access-mapper.d.ts +3 -0
package/dist/auditor/access-mapper.d.ts.map +1 -0
package/dist/auditor/access-mapper.js +15 -0
package/dist/auditor/access-mapper.js.map +1 -0
package/dist/auditor/cli-detector.d.ts +7 -0
package/dist/auditor/cli-detector.d.ts.map +1 -0
package/dist/auditor/cli-detector.js +63 -0
package/dist/auditor/cli-detector.js.map +1 -0
package/dist/auditor/cross-reference.d.ts +4 -0
package/dist/auditor/cross-reference.d.ts.map +1 -0
package/dist/auditor/cross-reference.js +16 -0
package/dist/auditor/cross-reference.js.map +1 -0
package/dist/auditor/env-auditor.d.ts +9 -0
package/dist/auditor/env-auditor.d.ts.map +1 -0
package/dist/auditor/env-auditor.js +83 -0
package/dist/auditor/env-auditor.js.map +1 -0
package/dist/auditor/mcp-analyzer.d.ts +11 -0
package/dist/auditor/mcp-analyzer.d.ts.map +1 -0
package/dist/auditor/mcp-analyzer.js +145 -0
package/dist/auditor/mcp-analyzer.js.map +1 -0
package/dist/auditor/mcp-detector.d.ts +17 -0
package/dist/auditor/mcp-detector.d.ts.map +1 -0
package/dist/auditor/mcp-detector.js +86 -0
package/dist/auditor/mcp-detector.js.map +1 -0
package/dist/auditor/remediation.d.ts +26 -0
package/dist/auditor/remediation.d.ts.map +1 -0
package/dist/auditor/remediation.js +222 -0
package/dist/auditor/remediation.js.map +1 -0
package/dist/auditor/tool-detector.d.ts +15 -0
package/dist/auditor/tool-detector.d.ts.map +1 -0
package/dist/auditor/tool-detector.js +241 -0
package/dist/auditor/tool-detector.js.map +1 -0
package/dist/auditor/types.d.ts +31 -0
package/dist/auditor/types.d.ts.map +1 -0
package/dist/auditor/types.js +2 -0
package/dist/auditor/types.js.map +1 -0
package/dist/auditor/vscode-extension-scanner.d.ts +8 -0
package/dist/auditor/vscode-extension-scanner.d.ts.map +1 -0
package/dist/auditor/vscode-extension-scanner.js +51 -0
package/dist/auditor/vscode-extension-scanner.js.map +1 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +159 -0
package/dist/cli.js.map +1 -0
package/dist/commands/audit.d.ts +8 -0
package/dist/commands/audit.d.ts.map +1 -0
package/dist/commands/audit.js +151 -0
package/dist/commands/audit.js.map +1 -0
package/dist/commands/init.d.ts +2 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +34 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/remediate-cli.d.ts +3 -0
package/dist/commands/remediate-cli.d.ts.map +1 -0
package/dist/commands/remediate-cli.js +96 -0
package/dist/commands/remediate-cli.js.map +1 -0
package/dist/commands/scan.d.ts +11 -0
package/dist/commands/scan.d.ts.map +1 -0
package/dist/commands/scan.js +138 -0
package/dist/commands/scan.js.map +1 -0
package/dist/commands/watch.d.ts +6 -0
package/dist/commands/watch.d.ts.map +1 -0
package/dist/commands/watch.js +203 -0
package/dist/commands/watch.js.map +1 -0
package/dist/config.d.ts +19 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +235 -0
package/dist/config.js.map +1 -0
package/dist/mcp-server/index.d.ts +3 -0
package/dist/mcp-server/index.d.ts.map +1 -0
package/dist/mcp-server/index.js +69 -0
package/dist/mcp-server/index.js.map +1 -0
package/dist/mcp-server/schemas.d.ts +13 -0
package/dist/mcp-server/schemas.d.ts.map +1 -0
package/dist/mcp-server/schemas.js +13 -0
package/dist/mcp-server/schemas.js.map +1 -0
package/dist/mcp-server/tools/audit-status.d.ts +3 -0
package/dist/mcp-server/tools/audit-status.d.ts.map +1 -0
package/dist/mcp-server/tools/audit-status.js +46 -0
package/dist/mcp-server/tools/audit-status.js.map +1 -0
package/dist/mcp-server/tools/check-command.d.ts +4 -0
package/dist/mcp-server/tools/check-command.d.ts.map +1 -0
package/dist/mcp-server/tools/check-command.js +30 -0
package/dist/mcp-server/tools/check-command.js.map +1 -0
package/dist/mcp-server/tools/scan-content.d.ts +4 -0
package/dist/mcp-server/tools/scan-content.d.ts.map +1 -0
package/dist/mcp-server/tools/scan-content.js +18 -0
package/dist/mcp-server/tools/scan-content.js.map +1 -0
package/dist/mcp-server/tools/scan-file.d.ts +4 -0
package/dist/mcp-server/tools/scan-file.d.ts.map +1 -0
package/dist/mcp-server/tools/scan-file.js +48 -0
package/dist/mcp-server/tools/scan-file.js.map +1 -0
package/dist/mcp-server/types.d.ts +15 -0
package/dist/mcp-server/types.d.ts.map +1 -0
package/dist/mcp-server/types.js +2 -0
package/dist/mcp-server/types.js.map +1 -0
package/dist/reporter/audit-report.d.ts +4 -0
package/dist/reporter/audit-report.d.ts.map +1 -0
package/dist/reporter/audit-report.js +186 -0
package/dist/reporter/audit-report.js.map +1 -0
package/dist/reporter/json-report.d.ts +3 -0
package/dist/reporter/json-report.d.ts.map +1 -0
package/dist/reporter/json-report.js +4 -0
package/dist/reporter/json-report.js.map +1 -0
package/dist/reporter/remediation-text.d.ts +3 -0
package/dist/reporter/remediation-text.d.ts.map +1 -0
package/dist/reporter/remediation-text.js +12 -0
package/dist/reporter/remediation-text.js.map +1 -0
package/dist/reporter/risk-scorer.d.ts +8 -0
package/dist/reporter/risk-scorer.d.ts.map +1 -0
package/dist/reporter/risk-scorer.js +40 -0
package/dist/reporter/risk-scorer.js.map +1 -0
package/dist/reporter/sarif-report.d.ts +3 -0
package/dist/reporter/sarif-report.d.ts.map +1 -0
package/dist/reporter/sarif-report.js +80 -0
package/dist/reporter/sarif-report.js.map +1 -0
package/dist/reporter/shared.d.ts +11 -0
package/dist/reporter/shared.d.ts.map +1 -0
package/dist/reporter/shared.js +85 -0
package/dist/reporter/shared.js.map +1 -0
package/dist/reporter/summary-generator.d.ts +16 -0
package/dist/reporter/summary-generator.d.ts.map +1 -0
package/dist/reporter/summary-generator.js +89 -0
package/dist/reporter/summary-generator.js.map +1 -0
package/dist/reporter/terminal-report.d.ts +4 -0
package/dist/reporter/terminal-report.d.ts.map +1 -0
package/dist/reporter/terminal-report.js +135 -0
package/dist/reporter/terminal-report.js.map +1 -0
package/dist/rules/crypto-rules.d.ts +3 -0
package/dist/rules/crypto-rules.d.ts.map +1 -0
package/dist/rules/crypto-rules.js +252 -0
package/dist/rules/crypto-rules.js.map +1 -0
package/dist/rules/default-rules.d.ts +9 -0
package/dist/rules/default-rules.d.ts.map +1 -0
package/dist/rules/default-rules.js +1319 -0
package/dist/rules/default-rules.js.map +1 -0
package/dist/rules/index.d.ts +7 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +7 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/injection-rules.d.ts +8 -0
package/dist/rules/injection-rules.d.ts.map +1 -0
package/dist/rules/injection-rules.js +108 -0
package/dist/rules/injection-rules.js.map +1 -0
package/dist/rules/types.d.ts +52 -0
package/dist/rules/types.d.ts.map +1 -0
package/dist/rules/types.js +2 -0
package/dist/rules/types.js.map +1 -0
package/dist/scanner/filesystem-scanner.d.ts +26 -0
package/dist/scanner/filesystem-scanner.d.ts.map +1 -0
package/dist/scanner/filesystem-scanner.js +369 -0
package/dist/scanner/filesystem-scanner.js.map +1 -0
package/dist/scanner/injection-scanner.d.ts +12 -0
package/dist/scanner/injection-scanner.d.ts.map +1 -0
package/dist/scanner/injection-scanner.js +136 -0
package/dist/scanner/injection-scanner.js.map +1 -0
package/dist/scanner/permission-checker.d.ts +4 -0
package/dist/scanner/permission-checker.d.ts.map +1 -0
package/dist/scanner/permission-checker.js +37 -0
package/dist/scanner/permission-checker.js.map +1 -0
package/dist/scanner/redact.d.ts +3 -0
package/dist/scanner/redact.d.ts.map +1 -0
package/dist/scanner/redact.js +17 -0
package/dist/scanner/redact.js.map +1 -0
package/dist/scanner/rule-engine.d.ts +9 -0
package/dist/scanner/rule-engine.d.ts.map +1 -0
package/dist/scanner/rule-engine.js +129 -0
package/dist/scanner/rule-engine.js.map +1 -0
package/dist/scanner/system-targets.d.ts +17 -0
package/dist/scanner/system-targets.d.ts.map +1 -0
package/dist/scanner/system-targets.js +81 -0
package/dist/scanner/system-targets.js.map +1 -0
package/dist/tui/App.d.ts +6 -0
package/dist/tui/App.d.ts.map +1 -0
package/dist/tui/App.js +224 -0
package/dist/tui/App.js.map +1 -0
package/dist/tui/components/BootSequence.d.ts +6 -0
package/dist/tui/components/BootSequence.d.ts.map +1 -0
package/dist/tui/components/BootSequence.js +40 -0
package/dist/tui/components/BootSequence.js.map +1 -0
package/dist/tui/components/BorderedSection.d.ts +12 -0
package/dist/tui/components/BorderedSection.d.ts.map +1 -0
package/dist/tui/components/BorderedSection.js +7 -0
package/dist/tui/components/BorderedSection.js.map +1 -0
package/dist/tui/components/ErrorBoundary.d.ts +18 -0
package/dist/tui/components/ErrorBoundary.d.ts.map +1 -0
package/dist/tui/components/ErrorBoundary.js +36 -0
package/dist/tui/components/ErrorBoundary.js.map +1 -0
package/dist/tui/components/FirstUseHint.d.ts +7 -0
package/dist/tui/components/FirstUseHint.d.ts.map +1 -0
package/dist/tui/components/FirstUseHint.js +20 -0
package/dist/tui/components/FirstUseHint.js.map +1 -0
package/dist/tui/components/Footer.d.ts +10 -0
package/dist/tui/components/Footer.d.ts.map +1 -0
package/dist/tui/components/Footer.js +51 -0
package/dist/tui/components/Footer.js.map +1 -0
package/dist/tui/components/MetricCard.d.ts +11 -0
package/dist/tui/components/MetricCard.d.ts.map +1 -0
package/dist/tui/components/MetricCard.js +8 -0
package/dist/tui/components/MetricCard.js.map +1 -0
package/dist/tui/components/Panel.d.ts +15 -0
package/dist/tui/components/Panel.d.ts.map +1 -0
package/dist/tui/components/Panel.js +25 -0
package/dist/tui/components/Panel.js.map +1 -0
package/dist/tui/components/RemediationMenu.d.ts +10 -0
package/dist/tui/components/RemediationMenu.d.ts.map +1 -0
package/dist/tui/components/RemediationMenu.js +84 -0
package/dist/tui/components/RemediationMenu.js.map +1 -0
package/dist/tui/components/RiskGauge.d.ts +7 -0
package/dist/tui/components/RiskGauge.d.ts.map +1 -0
package/dist/tui/components/RiskGauge.js +55 -0
package/dist/tui/components/RiskGauge.js.map +1 -0
package/dist/tui/components/ScrollableList.d.ts +11 -0
package/dist/tui/components/ScrollableList.d.ts.map +1 -0
package/dist/tui/components/ScrollableList.js +14 -0
package/dist/tui/components/ScrollableList.js.map +1 -0
package/dist/tui/components/Section.d.ts +9 -0
package/dist/tui/components/Section.d.ts.map +1 -0
package/dist/tui/components/Section.js +7 -0
package/dist/tui/components/Section.js.map +1 -0
package/dist/tui/components/SectionHeader.d.ts +8 -0
package/dist/tui/components/SectionHeader.d.ts.map +1 -0
package/dist/tui/components/SectionHeader.js +15 -0
package/dist/tui/components/SectionHeader.js.map +1 -0
package/dist/tui/components/SeverityBadge.d.ts +5 -0
package/dist/tui/components/SeverityBadge.d.ts.map +1 -0
package/dist/tui/components/SeverityBadge.js +7 -0
package/dist/tui/components/SeverityBadge.js.map +1 -0
package/dist/tui/components/Sidebar.d.ts +2 -0
package/dist/tui/components/Sidebar.d.ts.map +1 -0
package/dist/tui/components/Sidebar.js +40 -0
package/dist/tui/components/Sidebar.js.map +1 -0
package/dist/tui/components/StatusIndicator.d.ts +8 -0
package/dist/tui/components/StatusIndicator.d.ts.map +1 -0
package/dist/tui/components/StatusIndicator.js +15 -0
package/dist/tui/components/StatusIndicator.js.map +1 -0
package/dist/tui/components/Table.d.ts +21 -0
package/dist/tui/components/Table.d.ts.map +1 -0
package/dist/tui/components/Table.js +38 -0
package/dist/tui/components/Table.js.map +1 -0
package/dist/tui/components/Transition.d.ts +8 -0
package/dist/tui/components/Transition.d.ts.map +1 -0
package/dist/tui/components/Transition.js +38 -0
package/dist/tui/components/Transition.js.map +1 -0
package/dist/tui/components/WelcomeScreen.d.ts +6 -0
package/dist/tui/components/WelcomeScreen.d.ts.map +1 -0
package/dist/tui/components/WelcomeScreen.js +14 -0
package/dist/tui/components/WelcomeScreen.js.map +1 -0
package/dist/tui/educational.d.ts +32 -0
package/dist/tui/educational.d.ts.map +1 -0
package/dist/tui/educational.js +117 -0
package/dist/tui/educational.js.map +1 -0
package/dist/tui/hooks/useAudit.d.ts +24 -0
package/dist/tui/hooks/useAudit.d.ts.map +1 -0
package/dist/tui/hooks/useAudit.js +263 -0
package/dist/tui/hooks/useAudit.js.map +1 -0
package/dist/tui/hooks/useConfig.d.ts +18 -0
package/dist/tui/hooks/useConfig.d.ts.map +1 -0
package/dist/tui/hooks/useConfig.js +85 -0
package/dist/tui/hooks/useConfig.js.map +1 -0
package/dist/tui/hooks/useHookStatus.d.ts +10 -0
package/dist/tui/hooks/useHookStatus.d.ts.map +1 -0
package/dist/tui/hooks/useHookStatus.js +59 -0
package/dist/tui/hooks/useHookStatus.js.map +1 -0
package/dist/tui/hooks/useLogs.d.ts +42 -0
package/dist/tui/hooks/useLogs.d.ts.map +1 -0
package/dist/tui/hooks/useLogs.js +105 -0
package/dist/tui/hooks/useLogs.js.map +1 -0
package/dist/tui/hooks/useScan.d.ts +39 -0
package/dist/tui/hooks/useScan.d.ts.map +1 -0
package/dist/tui/hooks/useScan.js +255 -0
package/dist/tui/hooks/useScan.js.map +1 -0
package/dist/tui/hooks/useTerminalSize.d.ts +10 -0
package/dist/tui/hooks/useTerminalSize.d.ts.map +1 -0
package/dist/tui/hooks/useTerminalSize.js +27 -0
package/dist/tui/hooks/useTerminalSize.js.map +1 -0
package/dist/tui/index.d.ts +2 -0
package/dist/tui/index.d.ts.map +1 -0
package/dist/tui/index.js +8 -0
package/dist/tui/index.js.map +1 -0
package/dist/tui/screens/AuditPanel.d.ts +7 -0
package/dist/tui/screens/AuditPanel.d.ts.map +1 -0
package/dist/tui/screens/AuditPanel.js +467 -0
package/dist/tui/screens/AuditPanel.js.map +1 -0
package/dist/tui/screens/LogsPanel.d.ts +2 -0
package/dist/tui/screens/LogsPanel.d.ts.map +1 -0
package/dist/tui/screens/LogsPanel.js +127 -0
package/dist/tui/screens/LogsPanel.js.map +1 -0
package/dist/tui/screens/OverviewPanel.d.ts +2 -0
package/dist/tui/screens/OverviewPanel.d.ts.map +1 -0
package/dist/tui/screens/OverviewPanel.js +84 -0
package/dist/tui/screens/OverviewPanel.js.map +1 -0
package/dist/tui/screens/ScanPanel.d.ts +2 -0
package/dist/tui/screens/ScanPanel.d.ts.map +1 -0
package/dist/tui/screens/ScanPanel.js +188 -0
package/dist/tui/screens/ScanPanel.js.map +1 -0
package/dist/tui/screens/ScanResultsPanel.d.ts +2 -0
package/dist/tui/screens/ScanResultsPanel.d.ts.map +1 -0
package/dist/tui/screens/ScanResultsPanel.js +394 -0
package/dist/tui/screens/ScanResultsPanel.js.map +1 -0
package/dist/tui/screens/SettingsPanel.d.ts +2 -0
package/dist/tui/screens/SettingsPanel.d.ts.map +1 -0
package/dist/tui/screens/SettingsPanel.js +353 -0
package/dist/tui/screens/SettingsPanel.js.map +1 -0
package/dist/tui/state.d.ts +35 -0
package/dist/tui/state.d.ts.map +1 -0
package/dist/tui/state.js +13 -0
package/dist/tui/state.js.map +1 -0
package/dist/tui/theme.d.ts +58 -0
package/dist/tui/theme.d.ts.map +1 -0
package/dist/tui/theme.js +80 -0
package/dist/tui/theme.js.map +1 -0
package/dist/version.d.ts +2 -0
package/dist/version.d.ts.map +1 -0
package/dist/version.js +5 -0
package/dist/version.js.map +1 -0
package/hooks/audit-logger.sh +74 -0
package/hooks/detection-lib.sh +301 -0
package/hooks/git-pre-commit.sh +195 -0
package/hooks/git-pre-push.sh +125 -0
package/hooks/git-safety.sh +152 -0
package/hooks/security-scanner.sh +527 -0
package/install.sh +543 -0
package/package.json +67 -0
package/patterns/credentials.yaml +317 -0
package/patterns/dangerous-commands.yaml +167 -0
package/patterns/pii.yaml +95 -0
package/patterns/prompt-injection.yaml +131 -0
package/patterns/supply-chain.yaml +119 -0
package/rules/AGENTS.md +60 -0
package/rules/SECURITY-RULES.md +177 -0
package/rules/claude.md +9 -0
package/rules/clinerules +29 -0
package/rules/continuerules +29 -0
package/rules/copilot-instructions.md +9 -0
package/rules/cursor-security.mdc +14 -0
package/rules/gemini.md +9 -0
package/rules/kiro-security.md +29 -0
package/rules/roocode-security.md +29 -0
package/rules/trae-security.md +29 -0
package/rules/windsurfrules +9 -0
package/skill/llm-antivirus/SKILL.md +73 -0
package/skill/llm-antivirus/references/threat-patterns.yaml +82 -0
package/skill/llm-antivirus/scripts/security-audit.sh +244 -0
package/uninstall.sh +215 -0

package/patterns/credentials.yaml ADDED Viewed

@@ -0,0 +1,317 @@
+# ChainWall — Credential Detection Patterns
+#
+# 50+ patterns for API keys, tokens, and secrets from major providers.
+# Reference database. Consumed by security-audit.sh for project scanning.
+# Critical patterns are hardcoded in hooks for real-time enforcement.
+#
+# Fields:
+#   name:        Human-readable pattern name
+#   regex:       POSIX ERE with `(?i)` prefix convention (stripped by scanner, replaced with -i flag)
+#   severity:    critical | high | medium
+#   description: What this pattern detects and why it matters
+#
+# Severity guide:
+#   critical — Live production credentials, immediate exploitation risk
+#   high     — API keys/tokens with significant access scope
+#   medium   — Keys with limited scope or test-mode indicators
+patterns:
+  # ── AWS ──────────────────────────────────────────────────────────────
+  - name: AWS Access Key ID
+    regex: "AKIA[0-9A-Z]{16}"
+    severity: critical
+    description: AWS IAM access key — grants programmatic access to AWS services
+  - name: AWS Secret Access Key
+    regex: "(?i)aws_secret_access_key[\"'\\s=:]+[A-Za-z0-9/+=]{40}"
+    severity: critical
+    description: AWS secret key paired with access key ID
+  - name: AWS Session Token
+    regex: "(?i)aws_session_token[\"'\\s=:]+[A-Za-z0-9/+=]{100,}"
+    severity: critical
+    description: Temporary AWS session token from STS
+  # ── GCP / Google ─────────────────────────────────────────────────────
+  - name: Google API Key
+    regex: "AIza[0-9A-Za-z_-]{35}"
+    severity: high
+    description: Google Cloud / Maps / Firebase API key
+  - name: GCP Service Account Key
+    regex: "\"type\":\\s*\"service_account\""
+    severity: critical
+    description: GCP service account JSON key file marker
+  - name: Google OAuth Client Secret
+    regex: "(?i)client_secret[\"'\\s=:]+[A-Za-z0-9_-]{24,}"
+    severity: high
+    description: Google OAuth2 client secret
+  # ── Azure ────────────────────────────────────────────────────────────
+  - name: Azure Storage Account Key
+    regex: "(?i)(AccountKey|azure_storage_key)[\"'\\s=:]+[A-Za-z0-9/+=]{86,88}=="
+    severity: critical
+    description: Azure Storage account access key
+  - name: Azure AD Client Secret
+    regex: "(?i)(client_secret|azure_client_secret)[\"'\\s=:]+[A-Za-z0-9_.~-]{34,}"
+    severity: high
+    description: Azure Active Directory application secret
+  - name: Azure Connection String
+    regex: "DefaultEndpointsProtocol=https;AccountName=[^;]+;AccountKey=[A-Za-z0-9/+=]{86,88}=="
+    severity: critical
+    description: Azure Storage connection string with embedded key
+  # ── GitHub ───────────────────────────────────────────────────────────
+  - name: GitHub Personal Access Token
+    regex: "ghp_[a-zA-Z0-9]{36,}"
+    severity: critical
+    description: GitHub classic personal access token
+  - name: GitHub Fine-Grained Token
+    regex: "github_pat_[a-zA-Z0-9]{22,}_[a-zA-Z0-9]{59,}"
+    severity: critical
+    description: GitHub fine-grained personal access token
+  - name: GitHub OAuth Access Token
+    regex: "gho_[a-zA-Z0-9]{36}"
+    severity: high
+    description: GitHub OAuth access token
+  - name: GitHub App Token
+    regex: "(ghu|ghs)_[a-zA-Z0-9]{36}"
+    severity: high
+    description: GitHub App user-to-server or server-to-server token
+  - name: GitHub App Refresh Token
+    regex: "ghr_[a-zA-Z0-9]{36}"
+    severity: high
+    description: GitHub App refresh token
+  # ── GitLab ───────────────────────────────────────────────────────────
+  - name: GitLab Personal Access Token
+    regex: "glpat-[a-zA-Z0-9_-]{20,}"
+    severity: critical
+    description: GitLab personal access token
+  - name: GitLab Pipeline Token
+    regex: "glptt-[a-zA-Z0-9_-]{20,}"
+    severity: high
+    description: GitLab pipeline trigger token
+  - name: GitLab Runner Token
+    regex: "glrt-[a-zA-Z0-9_-]{20,}"
+    severity: high
+    description: GitLab runner registration token
+  # ── Slack ────────────────────────────────────────────────────────────
+  - name: Slack Bot/User Token
+    regex: "xox[pboa]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24,}"
+    severity: critical
+    description: Slack API token (bot, user, app, or OAuth)
+  - name: Slack Webhook URL
+    regex: "https://hooks\\.slack\\.com/services/T[A-Z0-9]{8,}/B[A-Z0-9]{8,}/[a-zA-Z0-9]{24,}"
+    severity: high
+    description: Slack incoming webhook URL
+  # ── Stripe ───────────────────────────────────────────────────────────
+  - name: Stripe Secret Key
+    regex: "sk_(live|test)_[a-zA-Z0-9]{24,}"
+    severity: critical
+    description: Stripe API secret key (live or test mode)
+  - name: Stripe Restricted Key
+    regex: "rk_(live|test)_[a-zA-Z0-9]{24,}"
+    severity: high
+    description: Stripe restricted API key
+  - name: Stripe Webhook Secret
+    regex: "whsec_[a-zA-Z0-9]{32,}"
+    severity: high
+    description: Stripe webhook signing secret
+  # ── OpenAI / Anthropic ──────────────────────────────────────────────
+  - name: OpenAI API Key
+    regex: "sk-[a-zA-Z0-9]{48}"
+    severity: critical
+    description: OpenAI API key for GPT/DALL-E/Whisper access
+  - name: OpenAI Project Key
+    regex: "sk-proj-[a-zA-Z0-9_-]{48,}"
+    severity: critical
+    description: OpenAI project-scoped API key
+  - name: Anthropic API Key
+    regex: "sk-ant-[a-zA-Z0-9_-]{40,}"
+    severity: critical
+    description: Anthropic API key for Claude access
+  # ── Twilio ───────────────────────────────────────────────────────────
+  - name: Twilio API Key
+    regex: "SK[a-f0-9]{32}"
+    severity: high
+    description: Twilio API key (SK prefix + 32 hex chars)
+  - name: Twilio Account SID
+    regex: "AC[a-f0-9]{32}"
+    severity: medium
+    description: Twilio Account SID (not secret but sensitive identifier)
+  # ── SendGrid ─────────────────────────────────────────────────────────
+  - name: SendGrid API Key
+    regex: "SG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43}"
+    severity: critical
+    description: SendGrid API key for email sending
+  # ── Supabase ─────────────────────────────────────────────────────────
+  - name: Supabase Service Role Key
+    regex: "(?i)(supabase_service_role_key|SUPABASE_SERVICE_KEY)[\"'\\s=:]+eyJ[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+"
+    severity: critical
+    description: Supabase service role JWT — bypasses Row Level Security
+  - name: Supabase Anon Key (exposed)
+    regex: "(?i)supabase_anon_key[\"'\\s=:]+eyJ[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+"
+    severity: medium
+    description: Supabase anonymous key — public but sensitive in server context
+  # ── Firebase ─────────────────────────────────────────────────────────
+  - name: Firebase Server Key
+    regex: "AAAA[a-zA-Z0-9_-]{7,}:[a-zA-Z0-9_-]{140,}"
+    severity: critical
+    description: Firebase Cloud Messaging server key
+  # ── Databricks ───────────────────────────────────────────────────────
+  - name: Databricks Access Token
+    regex: "dapi[a-f0-9]{32}"
+    severity: high
+    description: Databricks personal access token
+  # ── npm / PyPI / Docker ──────────────────────────────────────────────
+  - name: npm Access Token
+    regex: "npm_[a-zA-Z0-9]{36}"
+    severity: critical
+    description: npm registry authentication token
+  - name: PyPI API Token
+    regex: "pypi-[a-zA-Z0-9_-]{50,}"
+    severity: critical
+    description: PyPI package repository API token
+  - name: Docker Hub Access Token
+    regex: "dckr_pat_[a-zA-Z0-9_-]{20,}"
+    severity: high
+    description: Docker Hub personal access token
+  # ── JWT / Bearer ─────────────────────────────────────────────────────
+  - name: JSON Web Token
+    regex: "eyJ[a-zA-Z0-9_-]{10,}\\.[a-zA-Z0-9_-]{10,}\\.[a-zA-Z0-9_-]{10,}"
+    severity: medium
+    description: JWT token (may contain sensitive claims)
+  - name: Bearer Token
+    regex: "Bearer\\s+[a-zA-Z0-9_-]{20,}"
+    severity: medium
+    description: Authorization Bearer token in header format (entropy-validated in TypeScript layer)
+  # ── SSH / PGP ────────────────────────────────────────────────────────
+  - name: RSA Private Key
+    regex: "-----BEGIN RSA PRIVATE KEY-----"
+    severity: critical
+    description: PEM-encoded RSA private key header
+  - name: DSA Private Key
+    regex: "-----BEGIN DSA PRIVATE KEY-----"
+    severity: critical
+    description: PEM-encoded DSA private key header
+  - name: EC Private Key
+    regex: "-----BEGIN EC PRIVATE KEY-----"
+    severity: critical
+    description: PEM-encoded Elliptic Curve private key header
+  - name: OpenSSH Private Key
+    regex: "-----BEGIN OPENSSH PRIVATE KEY-----"
+    severity: critical
+    description: OpenSSH format private key header
+  - name: PGP Private Key Block
+    regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----"
+    severity: critical
+    description: PGP/GPG private key block header
+  # ── Hashicorp Vault ──────────────────────────────────────────────────
+  - name: Vault Token
+    regex: "hvs\\.[a-zA-Z0-9_-]{24,}"
+    severity: critical
+    description: HashiCorp Vault service token
+  - name: Vault Batch Token
+    regex: "hvb\\.[a-zA-Z0-9_-]{24,}"
+    severity: high
+    description: HashiCorp Vault batch token
+  # ── Datadog ──────────────────────────────────────────────────────────
+  - name: Datadog API Key
+    regex: "(?i)(dd_api_key|datadog_api_key)[\"'\\s=:]+[a-f0-9]{32}"
+    severity: high
+    description: Datadog API key for monitoring data access
+  # ── Mailgun ──────────────────────────────────────────────────────────
+  - name: Mailgun API Key
+    regex: "key-[a-f0-9]{32}"
+    severity: high
+    description: Mailgun API key for email service
+  # ── Heroku ───────────────────────────────────────────────────────────
+  - name: Heroku API Key
+    regex: "(?i)(heroku_api_key|HEROKU_API_KEY)[\"'\\s=:]+[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+    severity: high
+    description: Heroku platform API key (UUID format)
+  # ── Shopify ──────────────────────────────────────────────────────────
+  - name: Shopify Access Token
+    regex: "shpat_[a-f0-9]{32}"
+    severity: high
+    description: Shopify Admin API access token
+  - name: Shopify Custom App Token
+    regex: "shpca_[a-f0-9]{32}"
+    severity: high
+    description: Shopify custom app access token
+  - name: Shopify Private App Password
+    regex: "shppa_[a-f0-9]{32}"
+    severity: high
+    description: Shopify private app password
+  # ── Linear ───────────────────────────────────────────────────────────
+  - name: Linear API Key
+    regex: "lin_api_[a-zA-Z0-9]{40,}"
+    severity: high
+    description: Linear project management API key
+  # ── Vercel ───────────────────────────────────────────────────────────
+  - name: Vercel Access Token
+    regex: "(?i)(vercel_token|VERCEL_TOKEN)[\"'\\s=:]+[a-zA-Z0-9]{24,}"
+    severity: high
+    description: Vercel platform access token
+  # ── Generic High-Entropy Secrets ─────────────────────────────────────
+  - name: Generic API Key Assignment
+    regex: "(?i)(api_key|apikey|api_secret|secret_key)[\"'\\s=:]+[a-zA-Z0-9_-]{20,}"
+    severity: medium
+    description: Generic API key or secret in assignment context
+  - name: Password in Config
+    regex: "(?i)(password|passwd|pwd)[\"'\\s=:]+[^\\s\"']{8,}"
+    severity: medium
+    description: Password value in configuration or code
+  - name: Private Key Variable
+    regex: "(?i)(private_key|privatekey)[\"'\\s=:]+[a-zA-Z0-9/+=_-]{20,}"
+    severity: high
+    description: Private key value in variable assignment

package/patterns/dangerous-commands.yaml ADDED Viewed

@@ -0,0 +1,167 @@
+# ChainWall — Dangerous Command Detection Patterns
+#
+# Shell commands that could cause system damage, data loss, or compromise.
+# Reference database. Consumed by security-audit.sh for project scanning.
+# Critical patterns are hardcoded in hooks for real-time enforcement.
+#
+# Fields:
+#   name:        Human-readable pattern name
+#   regex:       POSIX ERE with `(?i)` prefix convention (stripped by scanner, replaced with -i flag)
+#   severity:    critical | high | medium
+#   description: What this command does and why it's dangerous
+#   scope:       command  (only checked against tool_input.command)
+patterns:
+  # ── Destructive File Operations ──────────────────────────────────────
+  - name: Recursive Force Delete
+    regex: "rm\\s+-[^\\s]*r[^\\s]*f|rm\\s+-[^\\s]*f[^\\s]*r"
+    severity: critical
+    description: "rm with both -r and -f flags — recursive force deletion, data loss risk"
+    scope: command
+  - name: Shred File
+    regex: "shred\\s+"
+    severity: high
+    description: "Securely overwrites file content — irreversible data destruction"
+    scope: command
+  # ── Remote Code Execution ────────────────────────────────────────────
+  - name: Curl Pipe to Shell
+    regex: "(curl|wget)\\s.+\\|\\s*(bash|sh|zsh|ksh|dash|fish|python|perl|ruby|node)"
+    severity: critical
+    description: "Downloads and executes remote code — classic malware delivery vector"
+    scope: command
+  - name: Eval from Variable
+    regex: "eval\\s+\\$"
+    severity: high
+    description: "Evaluates shell variable as code — command injection risk"
+    scope: command
+  - name: Base64 Decode Execute
+    regex: "base64\\s+(-d|--decode).*\\|\\s*(bash|sh|eval)"
+    severity: critical
+    description: "Decodes and executes base64 content — obfuscated code execution"
+    scope: command
+  # ── Dangerous Permissions ────────────────────────────────────────────
+  - name: World-Writable Permissions
+    regex: "chmod\\s+777"
+    severity: high
+    description: "Sets world-readable/writable/executable — security misconfiguration"
+    scope: command
+  - name: SetUID Bit
+    regex: "chmod\\s+[u+]*s|chmod\\s+[0-7]*4[0-7]{3}"
+    severity: critical
+    description: "Sets SUID/SGID bit — privilege escalation vector"
+    scope: command
+  # ── Disk/Device Operations ───────────────────────────────────────────
+  - name: DD to Device
+    regex: "dd\\s.+of=/dev/"
+    severity: critical
+    description: "Writes directly to block device — potential disk destruction"
+    scope: command
+  - name: Filesystem Format
+    regex: "mkfs"
+    severity: critical
+    description: "Formats a filesystem — complete data loss on target device"
+    scope: command
+  - name: Direct Device Write
+    regex: ">/dev/(sd|hd|nvme|vd|xvd)"
+    severity: critical
+    description: "Redirects output to block device — disk corruption risk"
+    scope: command
+  # ── Network Exfiltration ─────────────────────────────────────────────
+  - name: Netcat Listener
+    regex: "nc\\s+(-l|-p|--listen)"
+    severity: high
+    description: "Opens network listener — potential reverse shell or data exfiltration"
+    scope: command
+  - name: Reverse Shell
+    regex: "/dev/tcp/|bash\\s+-i\\s+>&|/dev/udp/"
+    severity: critical
+    description: "Bash reverse shell pattern — remote access backdoor"
+    scope: command
+  - name: SSH Tunnel
+    regex: "ssh\\s+.*-[RLD]\\s+[0-9]+:"
+    severity: medium
+    description: "SSH port forwarding — potential data exfiltration tunnel"
+    scope: command
+  # ── System Modification ──────────────────────────────────────────────
+  - name: Crontab Modification
+    regex: "crontab\\s+(-e|-r|-l)|echo.*>>\\s*/etc/cron"
+    severity: high
+    description: "Modifies scheduled tasks — persistence mechanism"
+    scope: command
+  - name: Hosts File Modification
+    regex: ">/etc/hosts|>>\\s*/etc/hosts"
+    severity: high
+    description: "Modifies DNS resolution — potential traffic hijacking"
+    scope: command
+  - name: Sudoers Modification
+    regex: "visudo|>/etc/sudoers|>>\\s*/etc/sudoers"
+    severity: critical
+    description: "Modifies sudo permissions — privilege escalation"
+    scope: command
+  - name: Systemd Service Install
+    regex: "systemctl\\s+(enable|start).*\\.service|cp.*\\.service.*/etc/systemd/"
+    severity: high
+    description: "Installs or enables systemd service — persistence mechanism"
+    scope: command
+  # ── Container Escape ─────────────────────────────────────────────────
+  - name: Docker Socket Mount
+    regex: "docker.*-v.*/var/run/docker\\.sock"
+    severity: critical
+    description: "Mounts Docker socket — container escape / host access"
+    scope: command
+  - name: Privileged Container
+    regex: "docker\\s+run.*--privileged"
+    severity: critical
+    description: "Runs container in privileged mode — full host access"
+    scope: command
+  # ── Environment Manipulation ─────────────────────────────────────────
+  - name: LD_PRELOAD Injection
+    regex: "LD_PRELOAD="
+    severity: critical
+    description: "Sets LD_PRELOAD — shared library injection for code hijacking"
+    scope: command
+  - name: PATH Manipulation
+    regex: "export\\s+PATH=.*:\\."
+    severity: high
+    description: "Adds current directory to PATH — binary hijacking risk"
+    scope: command
+  # ── History/Log Tampering ────────────────────────────────────────────
+  - name: History Deletion
+    regex: "history\\s+(-c|-d)|>.*\\.bash_history|>.*\\.zsh_history|unset\\s+HISTFILE"
+    severity: high
+    description: "Clears or disables shell history — anti-forensics technique"
+    scope: command
+  - name: Log Tampering
+    regex: ">/var/log/|truncate.*(/var/log/|/var/audit/)"
+    severity: high
+    description: "Clears system logs — anti-forensics technique"
+    scope: command
+  - name: History File Deletion
+    regex: "history\\s+-c|>.*\\.bash_history"
+    severity: high
+    description: "Deletes bash history file — evidence destruction technique"
+    scope: command

package/patterns/pii.yaml ADDED Viewed

@@ -0,0 +1,95 @@
+# ChainWall — PII Detection Patterns
+#
+# Personally Identifiable Information patterns for Layer 5 detection.
+# Reference database. Consumed by security-audit.sh for project scanning.
+# Critical patterns are hardcoded in hooks for real-time enforcement.
+#
+# Fields:
+#   name:        Human-readable pattern name
+#   regex:       POSIX ERE with `(?i)` prefix convention (stripped by scanner, replaced with -i flag)
+#   severity:    critical | high | medium
+#   description: What PII this detects
+#   validation:  Optional extra validation logic (implemented in scanner)
+patterns:
+  # ── Government IDs ───────────────────────────────────────────────────
+  - name: US Social Security Number
+    regex: "[0-9]{3}-[0-9]{2}-[0-9]{4}"
+    severity: critical
+    description: "US SSN in XXX-XX-XXXX format — identity theft risk"
+    validation: "first_group_not_000_666_900plus"
+  - name: US SSN (No Dashes)
+    regex: "(?i)(ssn|social.?security)[\"'\\s=:]+[0-9]{9}"
+    severity: high
+    description: "US SSN as 9 continuous digits in labeled context"
+  - name: US EIN/Tax ID
+    regex: "(?i)(ein|tax.?id)[\"'\\s=:]+[0-9]{2}-[0-9]{7}"
+    severity: high
+    description: "US Employer Identification Number"
+  # ── Financial ────────────────────────────────────────────────────────
+  - name: Credit Card Number
+    regex: "[0-9]{4}[-\\s]?[0-9]{4}[-\\s]?[0-9]{4}[-\\s]?[0-9]{3,4}"
+    severity: critical
+    description: "15-16 digit credit/debit card number with optional separators (Amex=15, others=16)"
+  - name: Bank Account Number
+    regex: "(?i)(account.?num|acct.?no|bank.?account)[\"'\\s=:]+[0-9]{8,17}"
+    severity: high
+    description: "Bank account number in labeled context"
+  - name: Routing Number
+    regex: "(?i)(routing.?num|aba.?num|routing.?no)[\"'\\s=:]+[0-9]{9}"
+    severity: high
+    description: "US bank routing number (ABA) in labeled context"
+  - name: IBAN
+    regex: "[A-Z]{2}[0-9]{2}[A-Z0-9]{11,30}"
+    severity: high
+    description: "International Bank Account Number"
+  # ── Personal Contact ─────────────────────────────────────────────────
+  - name: Email with PII Context
+    regex: "(?i)(patient|ssn|medical|diagnosis|prescription).*[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
+    severity: medium
+    description: "Email address in medical/PII context — HIPAA risk"
+  - name: Phone in PII Context
+    regex: "(?i)(patient|ssn|medical|dob|birth).*[0-9]{3}[-.]?[0-9]{3}[-.]?[0-9]{4}"
+    severity: medium
+    description: "Phone number in medical/PII context"
+  # ── Medical/Health ───────────────────────────────────────────────────
+  - name: Medical Record Number
+    regex: "(?i)(mrn|medical.?record|patient.?id)[\"'\\s=:]+[A-Z0-9]{6,20}"
+    severity: high
+    description: "Medical record number — HIPAA protected"
+  - name: DEA Number
+    regex: "[A-Z][A-Z9][0-9]{7}"
+    severity: high
+    description: "DEA registration number for controlled substances"
+  # ── Identity Documents ───────────────────────────────────────────────
+  - name: Passport Number
+    regex: "(?i)(passport)[\"'\\s=:]+[A-Z0-9]{6,12}"
+    severity: high
+    description: "Passport number in labeled context"
+  - name: Driver License
+    regex: "(?i)(driver.?licen[sc]e|dl.?num)[\"'\\s=:]+[A-Z0-9]{5,15}"
+    severity: high
+    description: "Driver's license number in labeled context"
+  - name: Date of Birth
+    regex: "(?i)(dob|date.?of.?birth|birthdate)[\"'\\s=:]+[0-9]{1,4}[-/][0-9]{1,2}[-/][0-9]{1,4}"
+    severity: medium
+    description: "Date of birth in labeled context"
+  - name: Medicare ID
+    regex: "[0-9]{4}-[0-9]{3}-[0-9]{4}-[0-9]{3}"
+    severity: high
+    description: "US Medicare Beneficiary Identifier — HIPAA protected"