clawhatch 0.1.0

package/dist/telemetry.js

@@ -0,0 +1,52 @@
+/**
+ * Telemetry module — anonymizes scan results and uploads threat reports.
+ * Only shares check IDs, severities, and categories. Never sends file paths,
+ * descriptions, or remediation text.
+ */
+import { createHash } from "node:crypto";
+import { hostname, userInfo } from "node:os";
+/** Stable per-machine identifier (first 16 hex chars of SHA-256 of hostname:username). */
+export function getInstanceId() {
+    const raw = `${hostname()}:${userInfo().username}`;
+    return createHash("sha256").update(raw).digest("hex").slice(0, 16);
+}
+/** Strip a ScanResult down to only safe-to-share metadata. */
+export function anonymizeScanResult(result) {
+    return {
+        version: "0.1.0",
+        timestamp: result.timestamp,
+        instanceId: getInstanceId(),
+        platform: result.platform,
+        score: result.score,
+        checksRun: result.checksRun,
+        findingCount: result.findings.length,
+        findings: result.findings.map((f) => ({
+            id: f.id,
+            severity: f.severity,
+            category: f.category,
+        })),
+    };
+}
+/** POST a ThreatReport to the community API. Never throws. */
+export async function uploadThreatReport(report, apiUrl) {
+    try {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), 5000);
+        const res = await fetch(`${apiUrl}/v1/reports`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(report),
+            signal: controller.signal,
+        });
+        clearTimeout(timer);
+        if (res.ok) {
+            return { success: true };
+        }
+        return { success: false, error: `HTTP ${res.status}: ${res.statusText}` };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { success: false, error: message };
+    }
+}
+//# sourceMappingURL=telemetry.js.map

package/dist/telemetry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.js","sourceRoot":"","sources":["../src/telemetry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAG7C,0FAA0F;AAC1F,MAAM,UAAU,aAAa;IAC3B,MAAM,GAAG,GAAG,GAAG,QAAQ,EAAE,IAAI,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC;IACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,mBAAmB,CAAC,MAAkB;IACpD,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,UAAU,EAAE,aAAa,EAAE;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QACpC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpC,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC;AAED,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAoB,EACpB,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAEzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,aAAa,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YAC5B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC;IAC5E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC"}

package/dist/threat-feed.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Threat feed client — fetches community threat intelligence and formats
+ * it for terminal display. Cross-references local scan results against
+ * community-wide trends.
+ */
+import type { ScanResult, ThreatFeed } from "./types.js";
+export declare const DEFAULT_API_URL = "https://api.clawhatch.com";
+/** Fetch the community threat feed. Returns null on any failure. */
+export declare function fetchThreatFeed(apiUrl: string): Promise<ThreatFeed | null>;
+/** Format a ThreatFeed as a chalk-colored terminal string. */
+export declare function formatThreatFeed(feed: ThreatFeed): string;
+/** Cross-reference local scan findings against the community feed. */
+export declare function checkAgainstFeed(result: ScanResult, feed: ThreatFeed): string[];
+//# sourceMappingURL=threat-feed.d.ts.map

package/dist/threat-feed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-feed.d.ts","sourceRoot":"","sources":["../src/threat-feed.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAmB,MAAM,YAAY,CAAC;AAE1E,eAAO,MAAM,eAAe,8BAA8B,CAAC;AAE3D,oEAAoE;AACpE,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAgB5B;AA2CD,8DAA8D;AAC9D,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CA4DzD;AAED,sEAAsE;AACtE,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,UAAU,GACf,MAAM,EAAE,CAwBV"}

package/dist/threat-feed.js

@@ -0,0 +1,133 @@
+/**
+ * Threat feed client — fetches community threat intelligence and formats
+ * it for terminal display. Cross-references local scan results against
+ * community-wide trends.
+ */
+import chalk from "chalk";
+export const DEFAULT_API_URL = "https://api.clawhatch.com";
+/** Fetch the community threat feed. Returns null on any failure. */
+export async function fetchThreatFeed(apiUrl) {
+    try {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), 5000);
+        const res = await fetch(`${apiUrl}/v1/feed`, {
+            signal: controller.signal,
+        });
+        clearTimeout(timer);
+        if (!res.ok)
+            return null;
+        return (await res.json());
+    }
+    catch {
+        return null;
+    }
+}
+/** Format a number with commas (e.g. 1234 -> "1,234"). */
+function formatNumber(n) {
+    return n.toLocaleString("en-US");
+}
+/** Colorize a severity label with chalk. */
+function colorSeverity(severity) {
+    const s = severity.toUpperCase();
+    switch (s) {
+        case "CRITICAL":
+            return chalk.red.bold(s.padEnd(8));
+        case "HIGH":
+            return chalk.yellow.bold(s.padEnd(8));
+        case "MEDIUM":
+            return chalk.cyan(s.padEnd(8));
+        case "LOW":
+            return chalk.dim(s.padEnd(8));
+        default:
+            return s.padEnd(8);
+    }
+}
+/** Render a frequency bar like "######----" (10 chars wide). */
+function frequencyBar(frequency) {
+    const width = 10;
+    const filled = Math.round(frequency * width);
+    const empty = width - filled;
+    return "#".repeat(filled) + "-".repeat(empty);
+}
+/** How long ago a timestamp was in human terms. */
+function timeAgo(isoDate) {
+    const diff = Date.now() - new Date(isoDate).getTime();
+    const minutes = Math.floor(diff / 60_000);
+    if (minutes < 60)
+        return `${minutes}m ago`;
+    const hours = Math.floor(minutes / 60);
+    if (hours < 24)
+        return `${hours}h ago`;
+    const days = Math.floor(hours / 24);
+    return `${days}d ago`;
+}
+/** Format a ThreatFeed as a chalk-colored terminal string. */
+export function formatThreatFeed(feed) {
+    const lines = [];
+    lines.push("");
+    lines.push(chalk.bold.cyan("Clawhatch Community Threat Intelligence"));
+    lines.push(chalk.cyan("========================================"));
+    lines.push("");
+    // Community Stats
+    lines.push(chalk.bold("Community Stats"));
+    lines.push(`  Total Scans: ${formatNumber(feed.totalScans)}`);
+    lines.push(`  Active Instances: ${formatNumber(feed.totalInstances)}`);
+    lines.push(`  Average Score: ${feed.communityScore}/100`);
+    lines.push("");
+    // Top Threats
+    if (feed.topThreats.length > 0) {
+        lines.push(chalk.bold("Top Threats"));
+        for (const t of feed.topThreats) {
+            const pct = Math.round(t.frequency * 100);
+            const bar = frequencyBar(t.frequency);
+            const trending = t.trending
+                ? "  " + chalk.red("trending")
+                : "";
+            lines.push(`  ${colorSeverity(t.severity)}  ${t.id.padEnd(14)}  ${t.title.padEnd(24)}  ${bar}  ${String(pct).padStart(3)}%${trending}`);
+        }
+        lines.push("");
+    }
+    // New Threats (last 24h)
+    if (feed.newThreats.length > 0) {
+        lines.push(chalk.bold("New Threats (last 24h)"));
+        for (const t of feed.newThreats) {
+            const ago = timeAgo(t.firstSeen);
+            lines.push(`  ${colorSeverity(t.severity)}  ${t.id.padEnd(14)}  ${t.title}  ${chalk.dim(`First seen: ${ago}`)}`);
+        }
+        lines.push("");
+    }
+    // Advisories
+    if (feed.advisories.length > 0) {
+        lines.push(chalk.bold("Advisories"));
+        for (const a of feed.advisories) {
+            lines.push(`  ${chalk.yellow("!")} [${a.id}] ${a.title}`);
+            if (a.affectedChecks.length > 0) {
+                lines.push(`    ${chalk.dim("Affects: " + a.affectedChecks.join(", "))}`);
+            }
+        }
+        lines.push("");
+    }
+    return lines.join("\n");
+}
+/** Cross-reference local scan findings against the community feed. */
+export function checkAgainstFeed(result, feed) {
+    const warnings = [];
+    const threatMap = new Map();
+    for (const t of feed.topThreats) {
+        threatMap.set(t.id, t);
+    }
+    for (const finding of result.findings) {
+        const threat = threatMap.get(finding.id);
+        if (!threat)
+            continue;
+        const pct = Math.round(threat.frequency * 100);
+        if (threat.trending) {
+            warnings.push(`${finding.id} is trending - affects ${pct}% of the community`);
+        }
+        else if (threat.frequency > 0.3) {
+            warnings.push(`${finding.id} affects ${pct}% of the community`);
+        }
+    }
+    return warnings;
+}
+//# sourceMappingURL=threat-feed.js.map

package/dist/threat-feed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-feed.js","sourceRoot":"","sources":["../src/threat-feed.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,MAAM,CAAC,MAAM,eAAe,GAAG,2BAA2B,CAAC;AAE3D,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;QAEzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,UAAU,EAAE;YAC3C,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAe,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0DAA0D;AAC1D,SAAS,YAAY,CAAC,CAAS;IAC7B,OAAO,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED,4CAA4C;AAC5C,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjC,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,KAAK,KAAK;YACR,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC;YACE,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,gEAAgE;AAChE,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,KAAK,GAAG,MAAM,CAAC;IAC7B,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,mDAAmD;AACnD,SAAS,OAAO,CAAC,OAAe;IAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,CAAC;IAC1C,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,GAAG,OAAO,OAAO,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,EAAE;QAAE,OAAO,GAAG,KAAK,OAAO,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;IACpC,OAAO,GAAG,IAAI,OAAO,CAAC;AACxB,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,gBAAgB,CAAC,IAAgB;IAC/C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;IACnE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,kBAAkB;IAClB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9D,KAAK,CAAC,IAAI,CAAC,uBAAuB,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,cAAc,MAAM,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,cAAc;IACd,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ;gBACzB,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC;gBAC9B,CAAC,CAAC,EAAE,CAAC;YACP,KAAK,CAAC,IAAI,CACR,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,KAAK,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAC5H,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACjD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACjC,KAAK,CAAC,IAAI,CACR,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,GAAG,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,CACrG,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CACR,KAAK,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAC9C,CAAC;YACF,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CACR,OAAO,KAAK,CAAC,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,gBAAgB,CAC9B,MAAkB,EAClB,IAAgB;IAEhB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;IACrD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QAChC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CACX,GAAG,OAAO,CAAC,EAAE,0BAA0B,GAAG,oBAAoB,CAC/D,CAAC;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CACX,GAAG,OAAO,CAAC,EAAE,YAAY,GAAG,oBAAoB,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,221 @@
+/**
+ * Core types for Clawhatch security scanner.
+ */
+export declare enum Severity {
+    Critical = "CRITICAL",
+    High = "HIGH",
+    Medium = "MEDIUM",
+    Low = "LOW"
+}
+export type Confidence = "high" | "medium" | "low";
+export type FixType = "safe" | "behavioral";
+export interface Finding {
+    id: string;
+    severity: Severity;
+    confidence: Confidence;
+    category: string;
+    title: string;
+    description: string;
+    risk: string;
+    remediation: string;
+    autoFixable: boolean;
+    fixType?: FixType;
+    references?: string[];
+    /** File path where the issue was found */
+    file?: string;
+    /** Line number in the file */
+    line?: number;
+}
+export interface ScanOptions {
+    openclawPath: string;
+    workspacePath?: string;
+    autoFix: boolean;
+    deep: boolean;
+    json: boolean;
+    upload: boolean;
+}
+export interface ScanResult {
+    timestamp: string;
+    openclawVersion: string | null;
+    score: number;
+    findings: Finding[];
+    suggestions: Finding[];
+    filesScanned: number;
+    checksRun: number;
+    checksPassed: number;
+    duration: number;
+    platform: NodeJS.Platform;
+}
+export interface FixResult {
+    finding: Finding;
+    applied: boolean;
+    backupPath?: string;
+    description: string;
+    skippedReason?: string;
+}
+/** Parsed OpenClaw config (openclaw.json). Loosely typed since the format may vary. */
+export interface OpenClawConfig {
+    [key: string]: unknown;
+    gateway?: {
+        bind?: string;
+        port?: number;
+        auth?: {
+            mode?: string;
+            token?: string;
+        };
+        trustedProxies?: string[];
+        allowInsecureAuth?: boolean;
+        dangerouslyDisableDeviceAuth?: boolean;
+    };
+    channels?: Record<string, {
+        dmPolicy?: string;
+        allowFrom?: string[];
+        groupPolicy?: string;
+        groupAllowFrom?: string[];
+        requireMention?: boolean;
+        mentionPatterns?: string[];
+        dmScope?: string;
+        accounts?: Record<string, unknown>[];
+    }>;
+    sandbox?: {
+        mode?: string;
+        scope?: string;
+        workspaceAccess?: string;
+        docker?: {
+            network?: string;
+            socketMounted?: boolean;
+        };
+        browser?: {
+            allowHostControl?: boolean;
+        };
+    };
+    tools?: {
+        elevated?: string[];
+        useAccessGroups?: boolean;
+        allowlist?: string[];
+        timeout?: number;
+        rateLimit?: number;
+        auditLog?: boolean;
+    };
+    retention?: {
+        sessionLogTTL?: number;
+        encryptAtRest?: boolean;
+        logRotation?: boolean;
+    };
+    monitoring?: {
+        enabled?: boolean;
+        provider?: string;
+    };
+    skills?: {
+        autoUpdate?: boolean;
+        verifySignatures?: boolean;
+        sandboxed?: boolean;
+    };
+    pairing?: {
+        storeTTL?: number;
+    };
+    model?: {
+        default?: string;
+        fallbackOrder?: string[];
+    };
+    reasoning?: {
+        enabled?: boolean;
+    };
+    verbose?: {
+        enabled?: boolean;
+    };
+    identityLinks?: unknown[];
+    commands?: {
+        useAccessGroups?: boolean;
+    };
+    agents?: Record<string, unknown>[];
+}
+/** Parsed .env file as key-value pairs */
+export type EnvVars = Record<string, string>;
+/** A single JSONL session entry */
+export interface SessionEntry {
+    role?: string;
+    content?: string;
+    tool?: string;
+    timestamp?: string;
+    [key: string]: unknown;
+}
+/** Clawhatch-specific config (clawhatch.json, separate from openclaw.json) */
+export interface ClawhatchConfig {
+    apiUrl?: string;
+    notify?: {
+        webhookUrl?: string;
+        email?: string;
+        threshold?: string;
+    };
+}
+/** Anonymized threat report for community sharing */
+export interface ThreatReport {
+    version: string;
+    timestamp: string;
+    instanceId: string;
+    platform: NodeJS.Platform;
+    score: number;
+    checksRun: number;
+    findingCount: number;
+    findings: ThreatSignature[];
+}
+/** Anonymized finding — no file paths or secrets, just check metadata */
+export interface ThreatSignature {
+    id: string;
+    severity: string;
+    category: string;
+}
+/** Community threat feed */
+export interface ThreatFeed {
+    lastUpdated: string;
+    totalScans: number;
+    totalInstances: number;
+    communityScore: number;
+    topThreats: ThreatFeedEntry[];
+    newThreats: ThreatFeedEntry[];
+    advisories: Advisory[];
+}
+export interface ThreatFeedEntry {
+    id: string;
+    severity: string;
+    category: string;
+    title: string;
+    frequency: number;
+    firstSeen: string;
+    lastSeen: string;
+    trending: boolean;
+}
+export interface Advisory {
+    id: string;
+    severity: string;
+    title: string;
+    description: string;
+    affectedChecks: string[];
+    publishedAt: string;
+}
+export interface WebhookAlert {
+    checkId: string;
+    severity: string;
+    title: string;
+    description: string;
+    communityFrequency?: number;
+    trending?: boolean;
+}
+/** Discovered files to scan */
+export interface DiscoveredFiles {
+    configPath: string | null;
+    envPath: string | null;
+    credentialFiles: string[];
+    authProfileFiles: string[];
+    sessionLogFiles: string[];
+    workspaceMarkdownFiles: string[];
+    skillFiles: string[];
+    customCommandFiles: string[];
+    skillPackageFiles: string[];
+    privateKeyFiles: string[];
+    sshKeyFiles: string[];
+    openclawDir: string;
+    workspaceDir: string | null;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,oBAAY,QAAQ;IAClB,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;CACZ;AAED,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEnD,MAAM,MAAM,OAAO,GAAG,MAAM,GAAG,YAAY,CAAC;AAE5C,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,0CAA0C;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,EAAE,OAAO,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;CAC3B;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,uFAAuF;AACvF,MAAM,WAAW,cAAc;IAC7B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE;YACL,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,KAAK,CAAC,EAAE,MAAM,CAAC;SAChB,CAAC;QACF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAC5B,4BAA4B,CAAC,EAAE,OAAO,CAAC;KACxC,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CACf,MAAM,EACN;QACE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;KACtC,CACF,CAAC;IACF,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,MAAM,CAAC,EAAE;YACP,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,aAAa,CAAC,EAAE,OAAO,CAAC;SACzB,CAAC;QACF,OAAO,CAAC,EAAE;YACR,gBAAgB,CAAC,EAAE,OAAO,CAAC;SAC5B,CAAC;KACH,CAAC;IACF,KAAK,CAAC,EAAE;QACN,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,WAAW,CAAC,EAAE,OAAO,CAAC;KACvB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,SAAS,CAAC,EAAE;QACV,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,aAAa,CAAC,EAAE,OAAO,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE;QACT,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CACpC;AAED,0CAA0C;AAC1C,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE7C,mCAAmC;AACnC,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,8EAA8E;AAC9E,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,qDAAqD;AACrD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED,yEAAyE;AACzE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,4BAA4B;AAC5B,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,UAAU,EAAE,QAAQ,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,+BAA+B;AAC/B,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B"}

package/dist/types.js

@@ -0,0 +1,11 @@
+/**
+ * Core types for Clawhatch security scanner.
+ */
+export var Severity;
+(function (Severity) {
+    Severity["Critical"] = "CRITICAL";
+    Severity["High"] = "HIGH";
+    Severity["Medium"] = "MEDIUM";
+    Severity["Low"] = "LOW";
+})(Severity || (Severity = {}));
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAN,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,iCAAqB,CAAA;IACrB,yBAAa,CAAA;IACb,6BAAiB,CAAA;IACjB,uBAAW,CAAA;AACb,CAAC,EALW,QAAQ,KAAR,QAAQ,QAKnB"}

package/dist/utils.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Shared utility functions for the Clawhatch scanner.
+ */
+/**
+ * Read at most `maxBytes` from a file without loading the entire file into memory.
+ * Prevents OOM on huge session logs (which can be hundreds of MB).
+ *
+ * If the file is smaller than maxBytes, reads it entirely.
+ * Otherwise, streams up to maxBytes and returns a truncated string.
+ */
+export declare function readFileCapped(filePath: string, maxBytes: number): Promise<string>;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH;;;;;;GAMG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBxF"}

package/dist/utils.js

@@ -0,0 +1,34 @@
+/**
+ * Shared utility functions for the Clawhatch scanner.
+ */
+import { stat, readFile } from "node:fs/promises";
+import { createReadStream } from "node:fs";
+/**
+ * Read at most `maxBytes` from a file without loading the entire file into memory.
+ * Prevents OOM on huge session logs (which can be hundreds of MB).
+ *
+ * If the file is smaller than maxBytes, reads it entirely.
+ * Otherwise, streams up to maxBytes and returns a truncated string.
+ */
+export async function readFileCapped(filePath, maxBytes) {
+    const fileStat = await stat(filePath);
+    if (fileStat.size <= maxBytes) {
+        return readFile(filePath, "utf-8");
+    }
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let bytesRead = 0;
+        const stream = createReadStream(filePath, { highWaterMark: 64 * 1024 });
+        stream.on("data", (chunk) => {
+            const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+            bytesRead += buf.length;
+            chunks.push(buf);
+            if (bytesRead >= maxBytes) {
+                stream.destroy();
+            }
+        });
+        stream.on("close", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        stream.on("error", reject);
+    });
+}
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,QAAgB;IACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAsB,EAAE,EAAE;YAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChE,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;gBAC1B,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC3E,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -0,0 +1,71 @@
+{
+  "name": "clawhatch",
+  "version": "0.1.0",
+  "description": "Security scanner for OpenClaw AI agents — 100-point audit with auto-fix",
+  "type": "module",
+  "bin": {
+    "clawhatch": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "!dist/__tests__",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "typecheck": "tsc --noEmit",
+    "test": "tsc && node --test dist/__tests__/*.test.js",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "security",
+    "ai",
+    "agent",
+    "openclaw",
+    "scanner",
+    "audit",
+    "ai-agent",
+    "ai-agent-security",
+    "cli",
+    "security-audit",
+    "configuration-scanner",
+    "devops",
+    "devsecops",
+    "infosec",
+    "secret-scanning",
+    "hardening",
+    "compliance",
+    "claude",
+    "openai",
+    "llm-security"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/wlshlad85/clawhatch.git"
+  },
+  "homepage": "https://github.com/wlshlad85/clawhatch#readme",
+  "bugs": {
+    "url": "https://github.com/wlshlad85/clawhatch/issues"
+  },
+  "author": "Clawhatch <security@clawhatch.com>",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "chalk": "5.4.1",
+    "commander": "13.1.0",
+    "glob": "11.1.0",
+    "json5": "2.2.3"
+  },
+  "devDependencies": {
+    "@types/node": "22.13.1",
+    "tsx": "4.21.0",
+    "typescript": "5.7.3"
+  }
+}