deliberate 1.0.1

package/LICENSE

@@ -0,0 +1,11 @@
+Copyright (c) 2025 TheRadarTech LLC. All Rights Reserved.
+
+This software and associated documentation files (the "Software") are the
+exclusive property of TheRadarTech LLC. No part of this Software may be reproduced,
+distributed, modified, or transmitted in any form or by any means without
+the prior written permission of TheRadarTech LLC.
+
+Unauthorized copying, modification, distribution, or use of this Software,
+via any medium, is strictly prohibited.
+
+For licensing inquiries, contact: missioncontrol@the-radar.net

package/README.md

@@ -0,0 +1,180 @@
+# Deliberate
+
+A safety layer for AI coding agents.
+
+## The Problem
+
+AI agents have access to your shell. They can run any command. Delete files. Exfiltrate credentials. Open reverse shells. The only guardrail: a yes/no prompt you'll inevitably approve on autopilot.
+
+## The Solution
+
+Deliberate forces you to be deliberate. Every command gets classified and explained before execution:
+
+```
+[Bash] rm -rf node_modules
+🚨 [DANGEROUS] Recursively deletes the node_modules directory and all contents.
+> Allow? [y/n]
+```
+
+The analysis persists after execution—no more vanishing prompts:
+
+```
+🚨 DELIBERATE [DANGEROUS]
+    Recursively deletes the node_modules directory and all contents.
+```
+
+Three risk levels:
+- ✅ **SAFE** — Read-only, no system changes
+- ⚡ **MODERATE** — Modifies files or services, reversible
+- 🚨 **DANGEROUS** — Destructive, credential access, network exfiltration
+
+Every command shows its analysis. You decide with context, not blind trust.
+
+## How It Works
+
+Four layers, each serving a purpose:
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│  Layer 1: Pattern Matcher                                   │
+│           Regex rules. Deterministic. Can't be bypassed     │
+│           by prompt injection.                              │
+├─────────────────────────────────────────────────────────────┤
+│  Layer 2: ML Classifier                                     │
+│           Semantic embeddings via CmdCaliper. Trained on    │
+│           712 labeled commands. Catches novel attacks.      │
+├─────────────────────────────────────────────────────────────┤
+│  Layer 3: LLM Explainer                                     │
+│           Human-readable explanations. Uses your            │
+│           configured provider (Claude, Ollama, etc).        │
+├─────────────────────────────────────────────────────────────┤
+│  Layer 4: Catch-All Backup                                  │
+│           Automatic backup before ANY destructive command.  │
+│           Files recoverable even if you approve by mistake. │
+└─────────────────────────────────────────────────────────────┘
+```
+
+The AI agent can't explain away its own commands—the classifier runs independently.
+
+## Workflow Detection
+
+Individual commands can look safe while the sequence is catastrophic. Deliberate tracks command history within sessions and detects dangerous patterns:
+
+| Pattern | What It Detects |
+|---------|-----------------|
+| REPO_WIPE | rm + git rm + force push |
+| MASS_DELETE | 3+ rm commands in sequence |
+| HISTORY_REWRITE | git reset --hard + force push |
+| TEMP_SWAP | copy to temp, delete original, copy back |
+
+When a pattern is detected, you see the full context—not just the current command.
+
+## Consequence Visualization
+
+Before destructive commands run, you see exactly what will be affected:
+
+```
+⚠️  WILL DELETE: 17 files, 2 directories (2,847 lines of code) [156.3 KB]
+    Files:
+      - src/ai/deliberate-ai.ts
+      - src/core/classification/classifier.ts
+      - src/cli/commands.ts
+      ... and 14 more
+```
+
+Supported commands:
+- `rm` / `git rm` — shows files and line counts
+- `git reset --hard` — shows uncommitted changes that will be discarded
+- `git clean` — shows untracked files that will be deleted
+- `git checkout --` — shows modified files that will revert
+- `git stash drop` — shows stash contents that will be lost
+
+## Automatic Backups
+
+Every destructive command triggers an automatic backup before execution:
+
+```
+~/.deliberate/backups/
+  └── my-project/
+      └── 20250114_120000/
+          ├── metadata.json    # Command, paths, restore info
+          ├── files/           # Backed up files (original structure)
+          └── git_state/       # Branch, commit, uncommitted diff
+```
+
+Files are recoverable even if you approve a destructive command by mistake. The `metadata.json` includes file mappings for exact restore to original locations.
+
+## Installation
+
+```bash
+npm install -g deliberate
+deliberate install
+```
+
+The installer walks you through LLM provider setup (Claude, Anthropic API, or Ollama).
+
+### Dependencies
+
+**Python 3.9+** with ML libraries:
+
+```bash
+pip install sentence-transformers scikit-learn numpy
+```
+
+The CmdCaliper embedding model (~419MB) downloads on first use.
+
+## CLI
+
+```bash
+deliberate install          # Install hooks, configure LLM
+deliberate status           # Check installation
+deliberate classify "rm -rf /"   # Test classification → DANGEROUS
+deliberate serve            # Start classifier server (faster)
+```
+
+## Training
+
+The classifier ships with 481 labeled examples: reverse shells, credential theft, cloud operations, container escapes, privilege escalation, and safe workflows.
+
+### Add Your Own
+
+```bash
+# Add to training/expanded-command-safety.jsonl
+{"command": "...", "label": "DANGEROUS", "category": "..."}
+
+# Retrain
+python training/build_classifier.py --model base
+```
+
+### Active Learning
+
+Uncertain classifications get logged. Review and approve them:
+
+```bash
+python training/approve_cases.py   # Review pending
+python training/build_classifier.py --model base  # Retrain
+```
+
+## Requirements
+
+- Node.js 18+
+- Python 3.9+
+- Claude Code (or any tool supporting Claude Code hooks)
+
+Works on macOS, Linux, and Windows.
+
+## Uninstall
+
+```bash
+deliberate uninstall
+```
+
+## Acknowledgments
+
+Command embeddings by [CmdCaliper](https://huggingface.co/CyCraftAI/CmdCaliper-base) from CyCraft AI.
+
+## License
+
+Copyright © 2025 TheRadarTech LLC. All Rights Reserved.
+
+This software is proprietary. See [LICENSE](LICENSE) for details.

package/bin/cli.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+/**
+ * Deliberate CLI
+ * Safety layer for agentic coding tools
+ */
+
+import { Command } from 'commander';
+import { install } from '../src/install.js';
+import { startServer } from '../src/server.js';
+import { classify, getStatus } from '../src/classifier/index.js';
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const program = new Command();
+
+program
+  .name('deliberate')
+  .description('Safety layer for agentic coding tools')
+  .version('1.0.0');
+
+program
+  .command('install')
+  .description('Install hooks and configure Claude Code integration')
+  .action(async () => {
+    await install();
+  });
+
+program
+  .command('serve')
+  .description('Start the classifier server')
+  .option('-p, --port <port>', 'Port to listen on', '8765')
+  .action(async (options) => {
+    await startServer(parseInt(options.port));
+  });
+
+program
+  .command('classify <input>')
+  .description('Classify a command or file change')
+  .option('-t, --type <type>', 'Type of input: command, edit, write', 'command')
+  .action(async (input, options) => {
+    const result = await classify(input, options.type);
+    console.log(JSON.stringify(result, null, 2));
+  });
+
+program
+  .command('status')
+  .description('Check if hooks are installed and classifier is ready')
+  .action(async () => {
+    console.log('Deliberate Status\n');
+
+    // Check hooks installation
+    const claudeSettingsPath = join(homedir(), '.claude', 'settings.json');
+    let hooksInstalled = false;
+
+    if (existsSync(claudeSettingsPath)) {
+      try {
+        const settings = JSON.parse(readFileSync(claudeSettingsPath, 'utf-8'));
+        const hooks = settings.hooks || {};
+        const preToolUse = hooks.PreToolUse || [];
+        const postToolUse = hooks.PostToolUse || [];
+
+        const hasCommandHook = preToolUse.some(h =>
+          h.command && h.command.includes('explain-command')
+        );
+        const hasChangesHook = postToolUse.some(h =>
+          h.command && h.command.includes('explain-changes')
+        );
+
+        if (hasCommandHook && hasChangesHook) {
+          console.log('Hooks:      ✅ Installed (PreToolUse + PostToolUse)');
+          hooksInstalled = true;
+        } else if (hasCommandHook) {
+          console.log('Hooks:      ⚠️  Partial (PreToolUse only)');
+          hooksInstalled = true;
+        } else if (hasChangesHook) {
+          console.log('Hooks:      ⚠️  Partial (PostToolUse only)');
+          hooksInstalled = true;
+        } else {
+          console.log('Hooks:      ❌ Not installed');
+        }
+      } catch (e) {
+        console.log('Hooks:      ❌ Error reading settings');
+      }
+    } else {
+      console.log('Hooks:      ❌ Claude settings not found');
+    }
+
+    // Check classifier status
+    const classifierStatus = getStatus();
+
+    if (classifierStatus.patternMatcher?.ready) {
+      console.log('Patterns:   ✅ Ready');
+    } else {
+      console.log('Patterns:   ❌ Not loaded');
+    }
+
+    if (classifierStatus.modelClassifier?.ready) {
+      console.log('Classifier: ✅ Ready');
+    } else {
+      console.log('Classifier: ⚠️  Will load on first use');
+    }
+
+    // Overall status
+    console.log('');
+    if (hooksInstalled) {
+      console.log('Status: Ready to protect your Claude Code sessions');
+    } else {
+      console.log('Status: Run "deliberate install" to set up hooks');
+    }
+  });
+
+program.parse();