npm - create-hq - Versions diffs - 5.0.0 - Mend

create-hq 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/template/knowledge/ai-security-framework/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,139 @@
+# Contributing to the AI Security Framework
+> Help make AI automation safer for everyone
+---
+## Why Contribute
+The AI agent security landscape evolves weekly. New attack vectors are discovered, new mitigations are developed, and new tools emerge. No single person or team can keep up alone. This framework improves through community contributions.
+---
+## What We Need
+### High Priority
+1. **Real-world incident reports** (anonymized)
+   - What happened?
+   - How was it detected?
+   - What was the resolution?
+2. **New attack vectors**
+   - Prompt injection techniques
+   - Credential extraction methods
+   - Session hijacking patterns
+3. **Better mitigations**
+   - Configurations that work
+   - Tools and scripts
+   - Monitoring approaches
+4. **Tool-specific guidance**
+   - Claude in Chrome hardening
+   - Other browser agents
+   - CLI-based agents
+### Always Welcome
+- Typo fixes and clarifications
+- Additional checklist items
+- Better explanations
+- Example configurations
+- Translation to other languages
+---
+## Contribution Process
+### For Small Changes (typos, clarifications)
+1. Fork the repository
+2. Make your change
+3. Submit a pull request with clear description
+### For New Content
+1. Open an issue first to discuss
+2. Get feedback on approach
+3. Fork and create your content
+4. Submit PR with:
+   - Clear description of addition
+   - Why it's valuable
+   - Any caveats or limitations
+### For Security Vulnerabilities
+If you've found a security issue with this framework itself:
+1. **Do not** open a public issue
+2. Email: [security contact]
+3. Include:
+   - Description of vulnerability
+   - Steps to reproduce
+   - Potential impact
+   - Suggested fix (if any)
+---
+## Content Guidelines
+### Tone
+- Practical over theoretical
+- Actionable over abstract
+- Clear over clever
+- Honest about limitations
+### Format
+- Follow existing document structure
+- Use consistent heading levels
+- Include both explanation AND actionable steps
+- Provide examples where helpful
+### Quality Bar
+Before submitting, verify:
+- [ ] Content is accurate (cite sources for claims)
+- [ ] Examples actually work
+- [ ] No sensitive information included
+- [ ] Consistent with existing framework philosophy
+- [ ] Adds clear value for users
+---
+## What We Don't Accept
+- Promotional content for specific products
+- Unverified security claims
+- Content that could enable attacks
+- Low-effort "me too" additions
+- Content that contradicts core principles without strong justification
+---
+## Recognition
+Contributors will be:
+- Listed in CONTRIBUTORS.md (if desired)
+- Credited in relevant documents
+- Thanked publicly (if comfortable)
+---
+## Questions
+Open an issue with the "question" label, or reach out to maintainers directly.
+---
+## License
+By contributing, you agree that your contributions will be licensed under the same MIT license as the project.
+---
+*Thank you for helping make AI automation safer.*

package/template/knowledge/ai-security-framework/GLOSSARY.md ADDED Viewed

@@ -0,0 +1,176 @@
+# Glossary
+> Key terms used in this security framework
+---
+## A
+### AI Agent
+An AI system that can take autonomous actions in the world—browsing websites, sending emails, writing code, etc. Unlike a chatbot that only responds, agents act on your behalf.
+### Allowlist
+A list of explicitly permitted resources (sites, APIs, actions). Everything NOT on the list is blocked by default. More secure than blocklist approach.
+### Audit Log
+A chronological record of all actions taken by an AI agent, including what was done, when, and the outcome. Essential for security review and incident investigation.
+### Autonomy Level
+The degree of independence granted to an AI agent for a particular type of action. Ranges from "full autonomy" (no human approval needed) to "never allowed" (agent cannot perform).
+---
+## B
+### Back Pressure
+In the Ralph methodology, the checks that prevent bad work from accumulating. For security, this includes permission checks, approval gates, and validation before actions execute.
+### Blast Radius
+The maximum potential damage if something goes wrong with a particular action or capability. A key concept for determining what level of autonomy to grant.
+### Blocklist
+A list of explicitly prohibited resources. Everything NOT on the list is allowed. Less secure than allowlist approach because new threats aren't automatically blocked.
+### Bounded Autonomy
+The principle of giving AI freedom to operate within carefully defined limits. AI can act independently within boundaries but cannot exceed them.
+---
+## C
+### Circuit Breaker
+An automated mechanism that stops AI agent activity when certain thresholds are exceeded (error rate, spending, unusual patterns). Like an electrical circuit breaker that trips to prevent damage.
+### Context Isolation
+From the Ralph methodology: starting each AI task with fresh context, without accumulated data from previous tasks. A security feature that prevents sensitive data leakage between operations.
+### Credential Broker
+An architecture pattern where AI agents don't have direct credential access. Instead, they request access through a broker (human or automated) that provides time-limited, scoped tokens.
+---
+## D
+### Defense in Depth
+Layering multiple security controls so that failure of any single control doesn't result in complete compromise. Each layer provides protection if other layers fail.
+---
+## F
+### Fail-Secure
+When a security control fails, the system becomes MORE restrictive, not less. Example: if the approval system fails, actions are blocked rather than auto-approved.
+### Fresh Context
+Starting an AI operation without carrying over context from previous operations. Prevents accumulated sensitive data and reduces attack surface.
+---
+## G
+### GREEN Zone
+In this framework: actions that AI can take autonomously without human approval. Low blast radius, easily reversible.
+---
+## K
+### Kill Switch
+An emergency mechanism to immediately stop all AI agent activity. Should be accessible in under 60 seconds and tested regularly.
+---
+## L
+### Least Privilege
+The security principle of giving an entity (user, AI, system) only the minimum access needed to perform its specific task—no more.
+---
+## M
+### Machine Identity (NHI - Non-Human Identity)
+Credentials, tokens, or accounts used by automated systems rather than humans. AI agents use machine identities to access services.
+### Memory Poisoning
+An attack where malicious information is injected into an AI's persistent memory, causing it to behave incorrectly in future sessions.
+---
+## P
+### Prompt Injection
+An attack where malicious instructions are hidden in content the AI processes (websites, documents, emails), causing the AI to take unintended actions.
+---
+## R
+### RED Zone
+In this framework: actions that AI must NEVER take, regardless of instructions. Critical blast radius, potentially catastrophic consequences.
+### Review Gate
+A checkpoint requiring human approval before AI can proceed with a consequential action. Provides oversight for YELLOW zone actions.
+---
+## S
+### Sandboxing
+Running AI agents in an isolated environment where they cannot affect systems outside the sandbox. Limits blast radius of compromises.
+### Scoped Token
+A credential with limited permissions, valid only for specific actions or resources. Contrasts with full-access credentials.
+### Session Termination
+Immediately ending an AI agent's active session, including revoking any temporary access and clearing active state.
+### System Prompt Extraction
+An attack where adversaries trick AI into revealing its configuration or instructions, exposing security rules and business logic.
+---
+## T
+### Token Rotation
+Regularly replacing credentials/tokens with new ones, even if no compromise is suspected. Limits the window of opportunity if a credential is stolen.
+---
+## Y
+### YELLOW Zone
+In this framework: actions that AI can take but requires notification or review. Moderate blast radius, requires oversight.
+---
+## Z
+### Zero Standing Privileges
+An access model where no entity has permanent access to sensitive resources. Access is granted just-in-time, scoped, and revoked after use.
+### Zero Trust
+A security model that assumes no implicit trust based on network location, previous authentication, or other contextual factors. Every request must be verified.
+---
+## Security Framework Acronyms
+| Acronym | Meaning |
+|---------|---------|
+| MFA | Multi-Factor Authentication |
+| IAM | Identity and Access Management |
+| RBAC | Role-Based Access Control |
+| PAT | Personal Access Token |
+| SSO | Single Sign-On |
+| OAuth | Open Authorization (delegation protocol) |
+| CSRF | Cross-Site Request Forgery |
+| XSS | Cross-Site Scripting |
+| CVE | Common Vulnerabilities and Exposures |
+| OWASP | Open Web Application Security Project |
+| NIST | National Institute of Standards and Technology |
+| SOC 2 | Service Organization Control Type 2 |
+---
+*Can't find a term? It might be in the [Core Principles](docs/01-core-principles.md) or [Threat Landscape](docs/02-threat-landscape.md) docs.*

package/template/knowledge/ai-security-framework/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Corey Epstein
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/template/knowledge/ai-security-framework/QUICK-START.md ADDED Viewed

@@ -0,0 +1,172 @@
+# Quick Start Guide
+> Get secure in 30 minutes
+---
+## Who This Is For
+You're about to give AI agents (Claude in Chrome, Claude Code, or similar) access to your systems. You have credentials, accounts, and data you need to protect. This guide gets you to a baseline secure state fast.
+---
+## The 30-Minute Path
+### Minute 0-5: Create Isolation
+**Create a separate browser profile for AI:**
+1. Chrome → Profile icon → Add
+2. Name it "AI-Agent"
+3. Don't sign into Chrome
+4. Don't sync anything
+**Verify isolation:**
+- No saved passwords in new profile
+- No payment methods
+- No autofill data
+### Minute 5-15: Block Critical Sites
+**Add these to your blocklist:**
+Your banks:
+```
+bankofamerica.com
+chase.com
+[your banks here]
+```
+Investment sites:
+```
+fidelity.com
+vanguard.com
+[your investment sites]
+```
+Password managers (web):
+```
+1password.com
+lastpass.com
+bitwarden.com
+```
+**Method:** Use a site blocker extension, or add to hosts file:
+```
+# /etc/hosts
+127.0.0.1 bankofamerica.com
+127.0.0.1 chase.com
+# etc.
+```
+### Minute 15-20: Know Your Kill Switch
+**Practice these now:**
+Close all tabs fast:
+- Mac: `Cmd + Shift + W`
+- Windows: `Ctrl + Shift + W`
+Kill browser process:
+- Mac: `Cmd + Option + Esc` → Force Quit
+- Chrome: `Shift + Esc` → End Process
+Write down: "If AI goes rogue, I will: ________________"
+### Minute 20-25: Set Basic Rules
+**Add to your agents.md or equivalent:**
+```markdown
+## Security Rules
+NEVER access:
+- Banking or financial sites
+- Password managers
+- Healthcare portals
+ALWAYS ask before:
+- Sending any external communication
+- Making any purchase
+- Deleting any file
+- Accessing any site not on approved list
+```
+### Minute 25-30: Verify It Works
+**Test your blocks:**
+1. In AI profile, try navigating to your bank
+2. Should be blocked
+3. If not, fix your blocklist
+**Test your kill switch:**
+1. Open several tabs
+2. Practice closing them all (<10 seconds)
+3. Practice force quit
+---
+## You're Now Baseline Secure
+This gives you:
+- ✅ Credential isolation (separate profile)
+- ✅ Critical site blocking (financial, etc.)
+- ✅ Emergency stop capability (kill switches)
+- ✅ Basic rules documented
+---
+## Next Steps (When You Have Time)
+### This Week
+- Complete [Pre-Flight Checklist](checklists/pre-flight.md) fully
+- Set up basic logging
+- Review your token permissions
+### This Month
+- Read [Core Principles](docs/01-core-principles.md)
+- Implement [Audit Logging](configs/audit-logging.md)
+- Create scoped tokens for AI access
+### Ongoing
+- [Weekly Audit](checklists/weekly-audit.md) every Friday
+- Rotate credentials monthly
+- Stay current on AI security news
+---
+## If Something Goes Wrong
+1. **Stop** - Use your kill switch
+2. **Assess** - What did AI access?
+3. **Revoke** - Kill any compromised tokens
+4. **Rotate** - Change passwords if needed
+5. **Learn** - Update your rules
+---
+## Quick Reference
+```
+KILL SWITCHES
+─────────────
+Close tabs:    Cmd/Ctrl + Shift + W
+Kill browser:  Cmd + Option + Esc (Mac)
+               Ctrl + Shift + Esc (Windows)
+NEVER LET AI
+────────────
+• Access banking sites
+• Use password manager
+• Send without approval
+ALWAYS HAVE
+───────────
+• Separate browser profile
+• Blocked critical sites
+• Way to stop in <60s
+```
+---
+*For comprehensive security, see [README](README.md)*