chainwall 0.1.0

package/rules/trae-security.md

@@ -0,0 +1,29 @@
+# Security Rules — Trae IDE
+
+These rules are enforced by ChainWall and apply to all Trae IDE operations.
+
+## NEVER
+
+- Write credentials, API keys, tokens, or passwords in code or commands
+- Access .env, credentials.json, secrets.json, SSH keys, .npmrc, or .pypirc
+- Run rm -rf, mkfs, dd to devices, chmod 777, or redirect to block devices
+- Pipe downloads to shell (curl|bash, wget|sh)
+- Expose SSNs, credit card numbers, or other PII in outputs
+- Write PEM private keys (RSA, DSA, EC, OpenSSH, PGP) to any file
+- Force-push to main/master or hard-reset shared branches
+- Install packages from arbitrary URLs or override registries
+
+## ALWAYS
+
+- Use environment variables for secrets
+- Validate inputs at system boundaries
+- Use parameterized queries — never concatenate user input into SQL or shell
+- Pin dependency versions and preserve lock files
+- Check file paths to prevent path traversal
+- Use HTTPS for API calls and package downloads
+
+## Configuration
+
+Override: ~/.llm-av/config.json (global), .llm-av/config.json (project)
+Bypass: LLMAV_SKIP=1 (logged)
+Audit: .llm-av/audit.jsonl

package/rules/windsurfrules

@@ -0,0 +1,9 @@
+# Windsurf Security Rules
+
+This project uses ChainWall for security enforcement.
+
+Read and follow ALL rules in AGENTS.md (in the project root)
+before performing any file operations, shell commands, or code generation.
+
+Do not write credentials, access sensitive files, run destructive commands,
+or expose PII. See AGENTS.md for the complete rule set.

package/skill/llm-antivirus/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: llm-antivirus
+description: Security auditing skill for AI coding agents — scans for credentials, dangerous commands, PII, and prompt injection
+version: 2.0.0
+author: Laurenz
+tags: [security, audit, credentials, pii, owasp]
+---
+
+# ChainWall Security Skill
+
+You are a security auditing assistant. When invoked, perform a comprehensive
+security scan of the project using the patterns and scripts provided.
+
+## Quick Reference
+
+**What this skill does:**
+- Scans project files for leaked credentials, API keys, and tokens
+- Detects dangerous shell commands in scripts and configs
+- Identifies PII (SSN, credit cards, medical records)
+- Checks for prompt injection patterns in AI-facing files
+- Validates .gitignore for sensitive file exclusions
+- Reports findings with severity levels and remediation guidance
+
+## How to Use
+
+Run the security audit script:
+```bash
+./skill/llm-antivirus/scripts/security-audit.sh
+```
+
+Or perform a targeted scan:
+```bash
+# Scan specific directory
+./skill/llm-antivirus/scripts/security-audit.sh src/
+
+# Scan specific file
+./skill/llm-antivirus/scripts/security-audit.sh path/to/file.ts
+```
+
+## Detection Categories
+
+| Category | Severity | Patterns |
+|----------|----------|----------|
+| Credentials | Critical/High | 55 patterns (AWS, GitHub, OpenAI, etc.) |
+| Dangerous Commands | Critical/High | 26 patterns (rm -rf, curl\|bash, etc.) |
+| PII | Critical/High | 15 patterns (SSN, credit card, medical) |
+| Prompt Injection | Medium | 18 patterns (jailbreak, role confusion) |
+| Supply Chain | High/Medium | 16 patterns (typosquatting, lock files) |
+
+## When to Invoke This Skill
+
+- Before committing code to a repository
+- When reviewing pull requests for security issues
+- After adding new dependencies or configuration files
+- When onboarding a new project to verify security posture
+- Periodically as part of security maintenance
+
+## Pattern Reference
+
+See `patterns/*.yaml` in the repository root for the complete pattern database
+with regex expressions, severity levels, and descriptions.
+
+## OWASP LLM Top 10 Coverage
+
+| ID | Vulnerability | Covered |
+|----|---------------|---------|
+| LLM01 | Prompt Injection | Yes — Layer 6 |
+| LLM02 | Insecure Output | Yes — Layers 2-3, 5 |
+| LLM06 | Sensitive Info Disclosure | Yes — Layers 1-3, 5 |
+| LLM07 | System Prompt Leakage | Yes — Layer 6 |
+| LLM08 | Excessive Agency | Yes — Layer 4 |
+| LLM09 | Overreliance | Partial — instruction files |
+| LLM10 | Model Supply Chain | Yes — supply-chain patterns |

package/skill/llm-antivirus/references/threat-patterns.yaml

@@ -0,0 +1,82 @@
+# ChainWall — Threat Pattern Reference for Skill
+#
+# Consolidated pattern reference used by the security audit skill.
+# This file provides a high-level summary; full patterns are in /patterns/*.yaml.
+
+categories:
+
+  credentials:
+    count: 55
+    source: patterns/credentials.yaml
+    providers:
+      - AWS (Access Key, Secret, Session Token)
+      - GCP/Google (API Key, Service Account, OAuth Secret)
+      - Azure (Storage Key, AD Secret, Connection String)
+      - GitHub (PAT classic, fine-grained, OAuth, App, Refresh)
+      - GitLab (PAT, Pipeline, Runner)
+      - Slack (Bot/User Token, Webhook URL)
+      - Stripe (Secret Key, Restricted Key, Webhook Secret)
+      - OpenAI (API Key, Project Key)
+      - Anthropic (API Key)
+      - Twilio (API Key, Account SID)
+      - SendGrid (API Key)
+      - Supabase (Service Role, Anon Key)
+      - Firebase (Server Key)
+      - Databricks (Access Token)
+      - npm (Access Token)
+      - PyPI (API Token)
+      - Docker Hub (Access Token)
+      - Hashicorp Vault (Service Token, Batch Token)
+      - Datadog (API Key)
+      - Mailgun (API Key)
+      - Heroku (API Key)
+      - Shopify (Access Token, Custom App, Private App)
+      - Linear (API Key)
+      - Vercel (Access Token)
+      - JWT, Bearer, SSH/PGP keys
+      - Generic (API key assignments, passwords, private key vars)
+
+  dangerous_commands:
+    count: 24
+    source: patterns/dangerous-commands.yaml
+    categories:
+      - Destructive (rm -rf, shred)
+      - Remote Code Execution (curl|bash, eval, base64 decode)
+      - Permissions (chmod 777, SUID)
+      - Disk/Device (dd, mkfs, device write)
+      - Network Exfiltration (netcat, reverse shell, SSH tunnel)
+      - System Modification (crontab, hosts, sudoers, systemd)
+      - Container Escape (Docker socket, privileged)
+      - Environment (LD_PRELOAD, PATH manipulation)
+      - Anti-forensics (history deletion, log tampering)
+
+  pii:
+    count: 15
+    source: patterns/pii.yaml
+    types:
+      - Government IDs (SSN, EIN)
+      - Financial (credit card, bank account, routing, IBAN)
+      - Personal Contact (email/phone in PII context)
+      - Medical (MRN, DEA number)
+      - Identity Documents (passport, driver license, DOB)
+
+  prompt_injection:
+    count: 18
+    source: patterns/prompt-injection.yaml
+    vectors:
+      - Instruction Override (ignore previous, disregard, forget)
+      - Role Confusion (authority claims, admin override)
+      - System Prompt Extraction (reveal, show, reflect)
+      - Jailbreak (DAN, developer mode, no restrictions)
+      - Encoded Injection (base64, code blocks)
+      - Output Manipulation (suppress, format attacks)
+
+  supply_chain:
+    count: 17
+    source: patterns/supply-chain.yaml
+    vectors:
+      - Package Installation (pip from URL, registry override)
+      - Post-Install Scripts (curl in lifecycle, eval)
+      - Dependency Manipulation (git deps, private registry)
+      - Lock File (deletion, checkout)
+      - Container Image (untagged, unknown registry)

package/skill/llm-antivirus/scripts/security-audit.sh

@@ -0,0 +1,244 @@
+#!/bin/bash
+#
+# ChainWall — Security Audit Script
+# Full project security scan using pattern databases
+#
+# Usage:
+#   ./security-audit.sh              # Scan entire project
+#   ./security-audit.sh src/         # Scan specific directory
+#   ./security-audit.sh file.ts      # Scan specific file
+#
+# Exit codes:
+#   0 = No findings
+#   1 = Findings detected
+#
+# Dependencies: bash 3.2+, grep
+#
+
+set -o pipefail
+
+# ═══════════════════════════════════════════════════════════════════════
+# Configuration
+# ═══════════════════════════════════════════════════════════════════════
+
+# Resolve script and repo root
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/../../.." && pwd)"
+PATTERNS_DIR="${REPO_ROOT}/patterns"
+
+# Colors
+RED_BOLD=$'\e[1;31m'
+RED=$'\e[31m'
+YELLOW=$'\e[33m'
+GREEN=$'\e[32m'
+CYAN=$'\e[36m'
+BOLD=$'\e[1m'
+RESET=$'\e[0m'
+
+# Scan target (default: current directory)
+SCAN_TARGET="${1:-.}"
+
+# Counters
+CRITICAL_COUNT=0
+HIGH_COUNT=0
+MEDIUM_COUNT=0
+LOW_COUNT=0
+FILES_SCANNED=0
+
+# ═══════════════════════════════════════════════════════════════════════
+# Pattern Loading
+# ═══════════════════════════════════════════════════════════════════════
+
+# Extract regex patterns from a YAML file
+# Returns one pattern per line
+extract_patterns() {
+    local yaml_file="$1"
+    [[ ! -f "$yaml_file" ]] && return
+    grep '^\s*regex:' "$yaml_file" 2>/dev/null \
+        | sed 's/.*regex: *"//' \
+        | sed 's/"$//'
+}
+
+# Extract pattern names from a YAML file
+extract_names() {
+    local yaml_file="$1"
+    [[ ! -f "$yaml_file" ]] && return
+    grep '^\s*- name:' "$yaml_file" 2>/dev/null \
+        | sed 's/.*- name: *//'
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# Scanning Functions
+# ═══════════════════════════════════════════════════════════════════════
+
+scan_with_patterns() {
+    local yaml_file="$1"
+    local category="$2"
+    local severity="$3"
+
+    [[ ! -f "$yaml_file" ]] && return
+
+    # Read patterns and names into arrays
+    local patterns=()
+    local names=()
+    while IFS= read -r line; do
+        patterns+=("$line")
+    done < <(extract_patterns "$yaml_file")
+
+    while IFS= read -r line; do
+        names+=("$line")
+    done < <(extract_names "$yaml_file")
+
+    local idx=0
+    for pattern in "${patterns[@]}"; do
+        local name="${names[$idx]:-Pattern $idx}"
+        idx=$((idx + 1))
+
+        # Skip patterns with (?i) — grep -E doesn't support inline flags
+        # Use -i flag instead for case-insensitive patterns
+        local grep_flags="-rn"
+        local clean_pattern="$pattern"
+        if [[ "$pattern" == "(?i)"* ]]; then
+            grep_flags="-rni"
+            clean_pattern="${pattern#\(\?i\)}"
+        fi
+
+        # Run grep and collect results
+        local all_results
+        all_results=$(grep $grep_flags -E "$clean_pattern" "$SCAN_TARGET" \
+            --include='*.ts' --include='*.js' --include='*.py' --include='*.rb' \
+            --include='*.go' --include='*.rs' --include='*.java' --include='*.sh' \
+            --include='*.yaml' --include='*.yml' --include='*.json' --include='*.toml' \
+            --include='*.env' --include='*.env.*' --include='*.cfg' --include='*.ini' \
+            --include='*.conf' --include='*.config' --include='*.xml' --include='*.md' \
+            --exclude-dir='.git' --exclude-dir='node_modules' --exclude-dir='.llm-av' \
+            --exclude-dir='dist' --exclude-dir='build' --exclude-dir='__pycache__' \
+            --exclude-dir='tests' --exclude-dir='test' --exclude-dir='fixtures' \
+            --exclude='*.test.*' --exclude='*.spec.*' --exclude='security-audit.sh' \
+            2>/dev/null)
+        local results
+        results=$(echo "$all_results" | head -20)
+
+        if [[ -n "$results" ]]; then
+            local match_count
+            match_count=$(echo "$all_results" | wc -l | tr -d ' ')
+
+            # Set color based on severity
+            local color="$YELLOW"
+            case "$severity" in
+                critical) color="$RED_BOLD"; CRITICAL_COUNT=$((CRITICAL_COUNT + match_count)) ;;
+                high)     color="$RED";      HIGH_COUNT=$((HIGH_COUNT + match_count)) ;;
+                medium)   color="$YELLOW";   MEDIUM_COUNT=$((MEDIUM_COUNT + match_count)) ;;
+                low)      color="$CYAN";     LOW_COUNT=$((LOW_COUNT + match_count)) ;;
+            esac
+
+            local severity_upper
+            severity_upper=$(echo "$severity" | tr '[:lower:]' '[:upper:]')
+            echo -e "\n${color}[${severity_upper}] ${name}${RESET}"
+            echo -e "${color}Pattern: ${clean_pattern}${RESET}"
+            echo "$results" | while IFS= read -r line; do
+                echo -e "  ${line}"
+            done
+            if [[ "$match_count" -gt 20 ]]; then
+                echo -e "  ... and $((match_count - 20)) more matches"
+            fi
+        fi
+    done
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# .gitignore Check
+# ═══════════════════════════════════════════════════════════════════════
+
+check_gitignore() {
+    echo -e "\n${BOLD}=== .gitignore Check ===${RESET}"
+
+    if [[ ! -f ".gitignore" ]]; then
+        echo -e "${RED_BOLD}[CRITICAL] No .gitignore found${RESET}"
+        echo -e "  Create a .gitignore to prevent committing sensitive files"
+        CRITICAL_COUNT=$((CRITICAL_COUNT + 1))
+        return
+    fi
+
+    local missing=()
+    for pattern in ".env" "*.pem" "id_rsa" ".npmrc" ".pypirc"; do
+        if ! grep -q "$pattern" .gitignore 2>/dev/null; then
+            missing+=("$pattern")
+        fi
+    done
+
+    if [[ ${#missing[@]} -gt 0 ]]; then
+        echo -e "${YELLOW}[MEDIUM] .gitignore missing sensitive patterns:${RESET}"
+        for m in "${missing[@]}"; do
+            echo -e "  - $m"
+            MEDIUM_COUNT=$((MEDIUM_COUNT + 1))
+        done
+    else
+        echo -e "${GREEN}  .gitignore includes standard sensitive patterns${RESET}"
+    fi
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# Main
+# ═══════════════════════════════════════════════════════════════════════
+
+echo -e "${BOLD}╔══════════════════════════════════════════════╗${RESET}"
+echo -e "${BOLD}║     ChainWall — Security Audit v2.0     ║${RESET}"
+echo -e "${BOLD}╚══════════════════════════════════════════════╝${RESET}"
+echo -e "Scanning: ${CYAN}${SCAN_TARGET}${RESET}"
+echo -e "Patterns: ${CYAN}${PATTERNS_DIR}${RESET}"
+echo ""
+
+# Count files to scan
+if [[ -d "$SCAN_TARGET" ]]; then
+    FILES_SCANNED=$(find "$SCAN_TARGET" -type f \
+        \( -name '*.ts' -o -name '*.js' -o -name '*.py' -o -name '*.sh' \
+        -o -name '*.yaml' -o -name '*.yml' -o -name '*.json' -o -name '*.env' \
+        -o -name '*.go' -o -name '*.rs' -o -name '*.java' \) \
+        -not -path '*/.git/*' -not -path '*/node_modules/*' \
+        -not -path '*/dist/*' -not -path '*/.llm-av/*' \
+        2>/dev/null | wc -l | tr -d ' ')
+elif [[ -f "$SCAN_TARGET" ]]; then
+    FILES_SCANNED=1
+fi
+echo -e "Files: ${CYAN}${FILES_SCANNED}${RESET}"
+
+# Run scans
+echo -e "\n${BOLD}=== Credential Scan ===${RESET}"
+scan_with_patterns "$PATTERNS_DIR/credentials.yaml" "credentials" "critical"
+
+echo -e "\n${BOLD}=== Dangerous Command Scan ===${RESET}"
+scan_with_patterns "$PATTERNS_DIR/dangerous-commands.yaml" "commands" "high"
+
+echo -e "\n${BOLD}=== PII Scan ===${RESET}"
+scan_with_patterns "$PATTERNS_DIR/pii.yaml" "pii" "high"
+
+echo -e "\n${BOLD}=== Prompt Injection Scan ===${RESET}"
+scan_with_patterns "$PATTERNS_DIR/prompt-injection.yaml" "injection" "medium"
+
+echo -e "\n${BOLD}=== Supply Chain Scan ===${RESET}"
+scan_with_patterns "$PATTERNS_DIR/supply-chain.yaml" "supply_chain" "medium"
+
+# .gitignore check
+check_gitignore
+
+# ═══════════════════════════════════════════════════════════════════════
+# Summary
+# ═══════════════════════════════════════════════════════════════════════
+
+TOTAL=$((CRITICAL_COUNT + HIGH_COUNT + MEDIUM_COUNT + LOW_COUNT))
+
+echo -e "\n${BOLD}=== Summary ===${RESET}"
+echo -e "  Critical: ${RED_BOLD}${CRITICAL_COUNT}${RESET}"
+echo -e "  High:     ${RED}${HIGH_COUNT}${RESET}"
+echo -e "  Medium:   ${YELLOW}${MEDIUM_COUNT}${RESET}"
+echo -e "  Low:      ${CYAN}${LOW_COUNT}${RESET}"
+echo -e "  ${BOLD}Total:    ${TOTAL}${RESET}"
+
+if [[ "$TOTAL" -eq 0 ]]; then
+    echo -e "\n${GREEN}No security findings detected.${RESET}"
+    exit 0
+else
+    echo -e "\n${YELLOW}Review findings above and remediate before committing.${RESET}"
+    exit 1
+fi

package/uninstall.sh

@@ -0,0 +1,215 @@
+#!/bin/bash
+#
+# ChainWall — Uninstaller
+#
+# Removes ChainWall components from a project.
+# Non-destructive: only removes what was installed, preserves user files.
+#
+# Usage:
+#   ./uninstall.sh                  # Uninstall from current directory
+#   ./uninstall.sh /path/to/project # Uninstall from specific project
+#
+# Requirements: bash 3.2+, jq
+#
+
+set -euo pipefail
+
+# ═══════════════════════════════════════════════════════════════════════
+# Configuration
+# ═══════════════════════════════════════════════════════════════════════
+
+PROJECT_DIR="${1:-$(pwd)}"
+
+# Colors
+RED=$'\e[31m'
+GREEN=$'\e[32m'
+YELLOW=$'\e[33m'
+CYAN=$'\e[36m'
+BOLD=$'\e[1m'
+RESET=$'\e[0m'
+
+REMOVED=()
+SKIPPED=()
+
+# ═══════════════════════════════════════════════════════════════════════
+# Helpers
+# ═══════════════════════════════════════════════════════════════════════
+
+info()   { echo -e "${CYAN}[info]${RESET}   $1"; }
+ok()     { echo -e "${GREEN}[removed]${RESET} $1"; REMOVED+=("$1"); }
+skip()   { echo -e "${YELLOW}[skip]${RESET}    $1"; SKIPPED+=("$1"); }
+
+remove_file() {
+    local path="$1"
+    local label="$2"
+
+    if [[ -f "$path" ]]; then
+        rm "$path"
+        ok "$label"
+    else
+        skip "$label (not found)"
+    fi
+}
+
+remove_dir() {
+    local path="$1"
+    local label="$2"
+
+    if [[ -d "$path" ]]; then
+        rm -rf "$path"
+        ok "$label"
+    else
+        skip "$label (not found)"
+    fi
+}
+
+# ═══════════════════════════════════════════════════════════════════════
+# Uninstallation
+# ═══════════════════════════════════════════════════════════════════════
+
+echo -e "${BOLD}╔══════════════════════════════════════════════╗${RESET}"
+echo -e "${BOLD}║     ChainWall — Uninstaller             ║${RESET}"
+echo -e "${BOLD}╚══════════════════════════════════════════════╝${RESET}"
+echo ""
+info "Project: ${PROJECT_DIR}"
+echo ""
+
+# ─── Remove Claude Code hooks from settings.local.json ─────────────────
+SETTINGS_FILE="${PROJECT_DIR}/.claude/settings.local.json"
+if [[ -f "$SETTINGS_FILE" ]] && command -v jq &> /dev/null; then
+    if jq -e '.hooks' "$SETTINGS_FILE" &>/dev/null; then
+        # Remove entries containing security-scanner.sh, git-safety.sh, or audit-logger.sh
+        UPDATED=$(jq '
+            .hooks.PreToolUse = [.hooks.PreToolUse[]? | select(.hooks | all(.command | contains("security-scanner.sh") | not) and all(.command | contains("git-safety.sh") | not))] |
+            .hooks.PostToolUse = [.hooks.PostToolUse[]? | select(.hooks | all(.command | contains("audit-logger.sh") | not))] |
+            if (.hooks.PreToolUse | length) == 0 and (.hooks.PostToolUse | length) == 0 then del(.hooks) else . end
+        ' "$SETTINGS_FILE")
+        echo "$UPDATED" | jq '.' > "${SETTINGS_FILE}.tmp.$$"
+        mv "${SETTINGS_FILE}.tmp.$$" "$SETTINGS_FILE"
+        ok "Claude Code hooks (settings.local.json)"
+    else
+        skip "Claude Code hooks (no hooks in settings)"
+    fi
+else
+    skip "Claude Code hooks (settings.local.json not found)"
+fi
+
+# ─── Remove installed files ────────────────────────────────────────────
+MANIFEST_FILE="${PROJECT_DIR}/.llm-av/manifest.txt"
+if [[ -f "$MANIFEST_FILE" ]]; then
+    info "Using install manifest for safe removal"
+    while IFS= read -r entry; do
+        [[ -z "$entry" ]] && continue
+        if [[ -d "$entry" ]]; then
+            remove_dir "$entry" "$(basename "$entry") (from manifest)"
+        elif [[ -f "$entry" ]]; then
+            remove_file "$entry" "$(basename "$entry") (from manifest)"
+        else
+            skip "$(basename "$entry") (not found)"
+        fi
+    done < "$MANIFEST_FILE"
+else
+    info "No install manifest found — using default file list"
+fi
+
+# Always attempt these removals (fallback for pre-manifest installs)
+remove_file "${PROJECT_DIR}/AGENTS.md" "AGENTS.md"
+remove_dir "${PROJECT_DIR}/.claude/skill/llm-antivirus" "Claude Code skill"
+remove_file "${PROJECT_DIR}/.claude/commands/security-scan.md" "Claude Code /security-scan command"
+remove_file "${PROJECT_DIR}/.cursor/rules/security.mdc" "Cursor security rules"
+remove_file "${PROJECT_DIR}/.github/copilot-instructions.md" "Copilot instructions"
+
+# Windsurf: only remove if we appended (check for our marker)
+if [[ -f "${PROJECT_DIR}/.windsurfrules" ]]; then
+    if grep -q "ChainWall" "${PROJECT_DIR}/.windsurfrules" 2>/dev/null; then
+        # Try to remove only our appended section
+        # If the whole file is ours, remove it
+        FIRST_LINE=$(head -1 "${PROJECT_DIR}/.windsurfrules" 2>/dev/null)
+        if [[ "$FIRST_LINE" == *"Windsurf Security Rules"* ]]; then
+            rm "${PROJECT_DIR}/.windsurfrules"
+            ok "Windsurf security rules (.windsurfrules)"
+        else
+            info "Windsurf: .windsurfrules contains mixed content — manual cleanup needed"
+            SKIPPED+=("Windsurf rules (manual cleanup)")
+        fi
+    fi
+fi
+
+remove_file "${PROJECT_DIR}/GEMINI.md" "Gemini security rules"
+remove_file "${PROJECT_DIR}/.clinerules" "Cline security rules"
+remove_dir "${PROJECT_DIR}/.roo/rules" "RooCode security rules"
+remove_file "${PROJECT_DIR}/.continuerules" "Continue.dev security rules"
+remove_dir "${PROJECT_DIR}/.trae/rules" "Trae IDE security rules"
+remove_dir "${PROJECT_DIR}/.kiro/rules" "Kiro security rules"
+remove_file "${PROJECT_DIR}/.cursorrules" "Cursor fallback rules"
+remove_file "${PROJECT_DIR}/.gemini/styleguide.md" "Gemini styleguide"
+
+# ─── Remove git hooks ────────────────────────────────────────────────
+if [[ -d "${PROJECT_DIR}/.git/hooks" ]]; then
+    for hook_name in pre-commit pre-push; do
+        hook_file="${PROJECT_DIR}/.git/hooks/${hook_name}"
+        if [[ -f "$hook_file" ]] && grep -q "ChainWall" "$hook_file" 2>/dev/null; then
+            if [[ -f "${hook_file}.existing" ]]; then
+                mv "${hook_file}.existing" "$hook_file"
+                ok "Git ${hook_name} hook (restored original)"
+            else
+                rm "$hook_file"
+                ok "Git ${hook_name} hook"
+            fi
+        fi
+    done
+fi
+
+# ─── Remove MCP server config ────────────────────────────────────────
+if command -v jq &> /dev/null; then
+    CLAUDE_DESKTOP_CONFIG="${HOME}/Library/Application Support/Claude/claude_desktop_config.json"
+    if [[ -f "$CLAUDE_DESKTOP_CONFIG" ]] && jq -e '.mcpServers."llm-antivirus"' "$CLAUDE_DESKTOP_CONFIG" &>/dev/null; then
+        UPDATED=$(jq 'del(.mcpServers."llm-antivirus")' "$CLAUDE_DESKTOP_CONFIG")
+        echo "$UPDATED" | jq '.' > "${CLAUDE_DESKTOP_CONFIG}.tmp.$$"
+        mv "${CLAUDE_DESKTOP_CONFIG}.tmp.$$" "$CLAUDE_DESKTOP_CONFIG"
+        ok "MCP server config (Claude Desktop)"
+    fi
+
+    CURSOR_MCP_CONFIG="${HOME}/.cursor/mcp.json"
+    if [[ -f "$CURSOR_MCP_CONFIG" ]] && jq -e '.mcpServers."llm-antivirus"' "$CURSOR_MCP_CONFIG" &>/dev/null; then
+        UPDATED=$(jq 'del(.mcpServers."llm-antivirus")' "$CURSOR_MCP_CONFIG")
+        echo "$UPDATED" | jq '.' > "${CURSOR_MCP_CONFIG}.tmp.$$"
+        mv "${CURSOR_MCP_CONFIG}.tmp.$$" "$CURSOR_MCP_CONFIG"
+        ok "MCP server config (Cursor)"
+    fi
+fi
+
+# ─── Remove .llm-av directory ──────────────────────────────────────────
+if [[ -d "${PROJECT_DIR}/.llm-av" ]]; then
+    echo ""
+    echo -e "${YELLOW}Found .llm-av/ directory with audit logs and config.${RESET}"
+    echo -e "${YELLOW}Remove it? This will delete audit history. [y/N]${RESET}"
+    read -r REPLY
+    if [[ "$REPLY" =~ ^[Yy]$ ]]; then
+        rm -rf "${PROJECT_DIR}/.llm-av"
+        ok ".llm-av/ directory (audit logs and config)"
+    else
+        skip ".llm-av/ directory (preserved by user)"
+    fi
+fi
+
+# ═══════════════════════════════════════════════════════════════════════
+# Summary
+# ═══════════════════════════════════════════════════════════════════════
+
+echo ""
+echo -e "${BOLD}=== Uninstall Summary ===${RESET}"
+echo -e "${GREEN}Removed: ${#REMOVED[@]}${RESET}"
+for item in "${REMOVED[@]}"; do
+    echo -e "  ${RED}-${RESET} $item"
+done
+
+if [[ ${#SKIPPED[@]} -gt 0 ]]; then
+    echo -e "${YELLOW}Skipped: ${#SKIPPED[@]}${RESET}"
+    for item in "${SKIPPED[@]}"; do
+        echo -e "  ${YELLOW}~${RESET} $item"
+    done
+fi
+
+echo ""
+echo -e "${GREEN}${BOLD}ChainWall uninstalled.${RESET}"