hackmyagent 0.15.7 → 0.16.1

package/dist/cli.js

@@ -42,9 +42,11 @@ const commander_1 = require("commander");
 const index_1 = require("./index");
 const resolve_mcp_1 = require("./resolve-mcp");
 const wild_1 = require("./wild");
-const nemoclaw_scanner_1 = require("./hardening/nemoclaw-scanner");
 const program = new commander_1.Command();
 program.showHelpAfterError('(run with --help for usage)');
+// Total security check count across all scanner modules.
+// Update when adding new checks (verify with: grep -r "checkId:" src/hardening/ | grep -o "checkId: '[^']*'" | sort -u | wc -l)
+const CHECK_COUNT = 208;
 // Write a string to stdout synchronously with retry for pipe backpressure.
 // process.stdout.write() is async and gets truncated when process.exit()
 // runs before the stream flushes. fs.writeFileSync(1, ...) can fail with
@@ -126,20 +128,19 @@ program
     .name('hackmyagent')
     .description(`Find it. Break it. Fix it.
 
-The hacker's toolkit for AI agents. 204 security checks, 115 attack
+The hacker's toolkit for AI agents. ${CHECK_COUNT} security checks, ${index_1.PAYLOAD_STATS.total} attack
 payloads, auto-fix with rollback, and OASB benchmark compliance.
 
 Documentation: https://hackmyagent.com/docs
 
 Updates (v${index_1.VERSION}):
-  - NemoClaw sandbox scanner (28 installation checks)
   - 10 new static analysis patterns (NEMO series)
   - Community trust contributions
-  - 204 checks across 60 categories
+  - ${CHECK_COUNT} checks across 60 categories
 
 Examples:
-  $ hackmyagent secure                         Find vulnerabilities (204 checks)
-  $ hackmyagent attack --local                 Break it with 115 attack payloads
+  $ hackmyagent secure                         Find vulnerabilities (${CHECK_COUNT} checks)
+  $ hackmyagent attack --local                 Break it with ${index_1.PAYLOAD_STATS.total} attack payloads
   $ hackmyagent secure --fix                   Fix issues automatically
   $ hackmyagent fix-all                        Run all security plugins
   $ hackmyagent scan example.com               Scan external infrastructure`)
@@ -147,7 +148,7 @@ Examples:
     .option('--no-color', 'Disable colored output (also respects NO_COLOR env)');
 program.addHelpText('beforeAll', `
 Quick start:
-  $ hackmyagent secure              Scan current directory (204 checks)
+  $ hackmyagent secure              Scan current directory (${CHECK_COUNT} checks)
   $ hackmyagent fix-all --with-aim  Auto-fix + create agent identity
   $ hackmyagent attack              Red-team your agent
 `);
@@ -170,7 +171,7 @@ program
     .description(`Check if a package, repo, or skill is safe
 
 Accepts npm packages, GitHub repos, local paths, or skill identifiers:
-  • npm package: downloads and runs full security analysis (204 checks + NanoMind)
+  • npm package: downloads and runs full security analysis (${CHECK_COUNT} checks + NanoMind)
   • GitHub repo: shallow clones and runs full security analysis
   • Local path: runs NanoMind semantic analysis
   • Skill identifier: verifies publisher, permissions, revocation
@@ -185,8 +186,12 @@ Examples:
   $ hackmyagent check https://github.com/punkpeye/awesome-mcp-servers
   $ hackmyagent check ./my-agent/
   $ hackmyagent check @publisher/skill --verbose
-  $ hackmyagent check modelcontextprotocol/servers --json`)
-    .argument('<target>', 'npm package name, local path, or skill identifier')
+  $ hackmyagent check pip:requests
+  $ hackmyagent check pypi:flask
+  $ hackmyagent check modelcontextprotocol/servers --json
+  $ hackmyagent check https://gitlab.com/org/repo
+  $ hackmyagent check https://example.com/agent-v1.tar.gz`)
+    .argument('<target>', 'npm package, PyPI package (pip: or pypi: prefix), local path, GitHub repo, or skill identifier')
     .option('-v, --verbose', 'Show detailed verification info')
     .option('--json', 'Output as JSON (for scripting/CI)')
     .option('--offline', 'Skip DNS verification (offline mode)')
@@ -244,11 +249,21 @@ Examples:
                 process.exit(1);
             return;
         }
+        // PyPI package: download, run full HMA scan, clean up
+        if (looksLikePyPiPackage(skill)) {
+            await checkPyPiPackage(skill, options);
+            return;
+        }
         // GitHub repo: clone, run full HMA scan, clean up
         if (looksLikeGitHubRepo(skill)) {
             await checkGitHubRepo(skill, options);
             return;
         }
+        // Raw URL (non-GitHub): fetch/clone based on content type
+        if (looksLikeRawUrl(skill)) {
+            await checkRawUrl(skill, options);
+            return;
+        }
         // npm package name: download, run full HMA scan, clean up
         if (looksLikeNpmPackage(skill)) {
             await checkNpmPackage(skill, options);
@@ -343,6 +358,43 @@ const SEVERITY_DISPLAY = {
     medium: { symbol: '[~]', color: () => colors.yellow },
     low: { symbol: '[.]', color: () => colors.green },
 };
+/**
+ * Display check command findings with optional verbose details.
+ * When verbose is true, shows checkId, category, file location, and fix/guidance for each finding.
+ */
+function displayCheckFindings(failed, verbose) {
+    if (failed.length > 0) {
+        console.log();
+        const limit = verbose ? failed.length : 15;
+        for (const f of failed.slice(0, limit)) {
+            const sev = SEVERITY_DISPLAY[f.severity];
+            const attackClass = f.attackClass ? ` (${f.attackClass})` : '';
+            console.log(`  ${sev.color()}${sev.symbol}${RESET()} ${f.name}: ${f.message}${colors.dim}${attackClass}${RESET()}`);
+            if (verbose) {
+                console.log(`    ${colors.dim}Check:    ${f.checkId}${RESET()}`);
+                if (f.category) {
+                    console.log(`    ${colors.dim}Category: ${f.category}${RESET()}`);
+                }
+                if (f.file) {
+                    const location = f.line ? `${f.file}:${f.line}` : f.file;
+                    console.log(`    ${colors.dim}File:     ${location}${RESET()}`);
+                }
+                if (f.fix) {
+                    console.log(`    ${colors.cyan}Fix:      ${f.fix}${RESET()}`);
+                }
+                if (f.guidance) {
+                    console.log(`    ${colors.dim}Guidance: ${f.guidance}${RESET()}`);
+                }
+            }
+        }
+        if (failed.length > limit) {
+            console.log(`\n  ... and ${failed.length - limit} more (use --verbose to see all)`);
+        }
+    }
+    else {
+        console.log(`\n  ${colors.green}No security issues found.${RESET()}`);
+    }
+}
 function groupFindingsBySeverity(findings) {
     const grouped = {
         critical: [],
@@ -1774,7 +1826,7 @@ program
     .command('secure')
     .description(`Scan and harden your agent setup
 
-Performs 204 security checks across 60 categories:
+Performs ${CHECK_COUNT} security checks across 60 categories:
   • Credentials: API key exposure, secrets in configs
   • MCP: Server configs, tool permissions, secrets
   • Network: TLS, interface bindings, CORS
@@ -2776,188 +2828,6 @@ Examples:
         process.exit(1);
     }
 });
-// NemoClaw-specific helpers
-const NEMOCLAW_CHECK_CATEGORIES = nemoclaw_scanner_1.NEMOCLAW_CATEGORIES;
-function detectNemoClawDirectory(providedDir) {
-    const os = require('os');
-    const fs = require('fs');
-    const path = require('path');
-    if (providedDir && providedDir !== '') {
-        return providedDir.startsWith('/') ? providedDir : path.join(process.cwd(), providedDir);
-    }
-    const homeDir = os.homedir();
-    const candidates = [
-        path.join(homeDir, '.nemoclaw'),
-        path.join(homeDir, '.openshell'),
-        path.join(homeDir, '.openclaw'),
-    ];
-    for (const candidate of candidates) {
-        if (fs.existsSync(candidate)) {
-            return candidate;
-        }
-    }
-    return process.cwd();
-}
-function filterNemoClawFindings(findings) {
-    return findings.filter((f) => {
-        const checkId = f.checkId.toUpperCase();
-        return checkId.startsWith('HMA-NMC-');
-    });
-}
-function assessNemoClawRiskLevel(findings) {
-    const criticalCount = findings.filter((f) => f.severity === 'critical').length;
-    const highCount = findings.filter((f) => f.severity === 'high').length;
-    const mediumCount = findings.filter((f) => f.severity === 'medium').length;
-    if (criticalCount > 0) {
-        return {
-            level: 'Critical',
-            color: colors.brightRed,
-            description: `${criticalCount} critical finding(s) with recommended fixes available.`,
-        };
-    }
-    if (highCount > 0) {
-        return {
-            level: 'High',
-            color: colors.red,
-            description: `${highCount} high-severity finding(s) detected. Fixes available below.`,
-        };
-    }
-    if (mediumCount > 0) {
-        return {
-            level: 'Moderate',
-            color: colors.yellow,
-            description: 'Some findings detected. Review the recommendations below.',
-        };
-    }
-    if (findings.length === 0) {
-        return {
-            level: 'None',
-            color: colors.dim,
-            description: `No NemoClaw installation detected. Run \`${CLI_PREFIX} secure\` for a full scan.`,
-        };
-    }
-    return {
-        level: 'Low',
-        color: colors.green,
-        description: 'No critical or high findings detected.',
-    };
-}
-program
-    .command('secure-nemoclaw')
-    .description(`Security scan for NVIDIA NemoClaw installations
-
-Performs focused security checks for NemoClaw sandbox deployments:
-  - Secrets: NVIDIA API key exposure in configs, logs, Docker, shell history
-  - Network: Gateway/k3s/inference port binding, Docker socket, egress policies
-  - Skills: Blueprint integrity, skill verification, directory permissions
-  - Process: Sandbox privileges, seccomp/Landlock enforcement, root execution
-  - OpenClaw layer: Inherited misconfigs that survive NemoClaw sandboxing
-
-Auto-detects ~/.nemoclaw, ~/.openshell, or ~/.openclaw directories.
-Exit code 1 if critical/high issues found.
-
-Examples:
-  $ hackmyagent secure-nemoclaw                  Scan auto-detected directory
-  $ hackmyagent secure-nemoclaw ~/.nemoclaw      Scan specific directory
-  $ hackmyagent secure-nemoclaw --json           JSON output for CI`)
-    .argument('[directory]', 'Directory to scan (default: ~/.nemoclaw or ~/.openshell)', '')
-    .option('--json', 'Output as JSON (for scripting/CI)')
-    .option('-v, --verbose', 'Show all checks including passed ones')
-    .action(async (directory, options) => {
-    try {
-        const targetDir = detectNemoClawDirectory(directory);
-        if (!options.json) {
-            console.log(`\nNemoClaw Security Report`);
-            console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n`);
-            console.log(`Scanning ${targetDir}...\n`);
-        }
-        const scanner = new nemoclaw_scanner_1.NemoClawScanner();
-        const findings = await scanner.scan(targetDir, {});
-        // Enrich with taxonomy
-        const { enrichWithTaxonomy } = require('./hardening/taxonomy');
-        enrichWithTaxonomy(findings);
-        // NanoMind semantic analysis (defense-in-depth)
-        let mergedFindings = findings;
-        try {
-            const { orchestrateNanoMind } = await Promise.resolve().then(() => __importStar(require('./nanomind-core/orchestrate.js')));
-            const nmResult = await orchestrateNanoMind(targetDir, findings, { silent: !!options.json });
-            mergedFindings = nmResult.mergedFindings;
-        }
-        catch { /* NanoMind unavailable */ }
-        const issues = mergedFindings.filter((f) => !f.passed);
-        const passedFindings = mergedFindings.filter((f) => f.passed);
-        if (options.json) {
-            const jsonOutput = {
-                target: targetDir,
-                riskLevel: assessNemoClawRiskLevel(issues).level,
-                totalChecks: mergedFindings.length,
-                issues: issues.length,
-                passed: passedFindings.length,
-                findings: mergedFindings,
-            };
-            writeJsonStdout(jsonOutput);
-            return;
-        }
-        // Risk assessment
-        const risk = assessNemoClawRiskLevel(issues);
-        console.log(`Risk Level: ${risk.color}${risk.level}${RESET()}`);
-        console.log(`${risk.description}\n`);
-        // Summary stats
-        console.log(`Checks: ${findings.length} total | ${issues.length} issues | ${passedFindings.length} passed\n`);
-        // Show issues
-        if (issues.length > 0) {
-            console.log(`${colors.red}Findings:${RESET()}\n`);
-            for (const finding of issues) {
-                const display = SEVERITY_DISPLAY[finding.severity];
-                const location = finding.file
-                    ? finding.line
-                        ? `${finding.file}:${finding.line}`
-                        : finding.file
-                    : '';
-                const sevLabel = finding.severity.charAt(0).toUpperCase() + finding.severity.slice(1);
-                console.log(`${display.color()}${display.symbol} [${finding.checkId}] ${sevLabel}${RESET()}`);
-                console.log(`   ${finding.description}`);
-                if (location) {
-                    console.log(`   File: ${location}`);
-                }
-                if (finding.fix) {
-                    console.log(`   ${colors.cyan}Recommended fix:${RESET()} ${finding.fix}`);
-                }
-                console.log();
-            }
-        }
-        else {
-            console.log(`${colors.green}No NemoClaw-specific issues found.${RESET()}\n`);
-        }
-        // Show passed checks in verbose mode
-        if (options.verbose && passedFindings.length > 0) {
-            console.log(`${colors.green}Passed Checks:${RESET()}`);
-            for (const finding of passedFindings) {
-                console.log(`  ${colors.green}[ok]${RESET()} [${finding.checkId}] ${finding.name}`);
-            }
-            console.log();
-        }
-        // Shodan self-check guidance
-        if (issues.some((f) => f.category === 'network')) {
-            console.log(`${colors.yellow}Internet Exposure Check:${RESET()}`);
-            console.log(`  Check if your instance is visible on Shodan:`);
-            console.log(`  https://www.shodan.io/host/<YOUR-IP>`);
-            console.log(`  Known NemoClaw dorks: port:18789, port:6443 ssl.cert.subject.cn:"k3s-serving"\n`);
-        }
-        console.log(`━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━`);
-        console.log(`Run '${CLI_PREFIX} secure-openclaw' for OpenClaw-specific checks.`);
-        console.log(`Run '${CLI_PREFIX} secure' for a full security scan.\n`);
-        // Exit with non-zero if critical/high issues remain
-        const criticalOrHigh = issues.filter((f) => f.severity === 'critical' || f.severity === 'high');
-        if (criticalOrHigh.length > 0) {
-            process.exit(1);
-        }
-    }
-    catch (error) {
-        console.error(`Error: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        process.exit(1);
-    }
-});
 program
     .command('scan')
     .description(`Scan external target for exposed MCP endpoints
@@ -4534,7 +4404,7 @@ Examples:
         console.log(`\n  Detected: ${result.tool}\n`);
         console.log(`  Added HackMyAgent MCP server to ${result.configPath}\n`);
         console.log(`  Available tools in ${result.tool}:`);
-        console.log(`    hackmyagent_scan       — 204 checks + structural analysis`);
+        console.log(`    hackmyagent_scan       — ${CHECK_COUNT} checks + structural analysis`);
         console.log(`    hackmyagent_deep_scan  — Full analysis with LLM reasoning`);
         console.log(`    hackmyagent_analyze_file — Analyze a single file`);
         console.log(`    hackmyagent_benchmark  — OASB-1 compliance assessment\n`);
@@ -5328,26 +5198,44 @@ Examples:
 });
 program
     .command('check-metadata')
-    .description('Export metadata for all security checks by scanning test fixtures (JSON)')
-    .option('-d, --directory <dir>', 'Directory to scan for check metadata extraction')
+    .description('Export metadata for all security checks (JSON)')
+    .option('-d, --directory <dir>', 'Scan a specific directory to collect check metadata from findings')
+    .option('--json', 'Output as JSON (default)')
     .action(async (options) => {
-    const { getAttackClass } = require('./hardening/taxonomy');
-    const targetDir = options.directory || process.cwd();
-    // Run a real scan to collect all check metadata from findings
-    const scanner = new index_1.HardeningScanner();
-    const result = await scanner.scan({ targetDir, autoFix: false, scanDepth: 'deep' });
+    const { getAttackClass, getTaxonomyMap } = require('./hardening/taxonomy');
+    // Build static registry from taxonomy map (covers all known checks)
+    const taxMap = getTaxonomyMap();
     const metadata = {};
-    for (const finding of result.findings) {
-        if (!metadata[finding.checkId]) {
-            metadata[finding.checkId] = {
-                checkId: finding.checkId,
-                name: finding.name,
-                category: finding.category,
-                attackClass: getAttackClass(finding.checkId) || '',
-                severity: finding.severity,
-                fix: finding.fix || '',
-                guidance: finding.guidance || '',
-            };
+    // Add all checks from taxonomy (the authoritative source of check IDs)
+    for (const checkId of Object.keys(taxMap)) {
+        const prefix = checkId.split('-').slice(0, -1).join('-') || checkId.split('-')[0];
+        metadata[checkId] = {
+            checkId,
+            name: checkId,
+            category: prefix.toLowerCase(),
+            attackClass: taxMap[checkId] || '',
+            severity: '',
+        };
+    }
+    // If a directory is provided, enrich with actual finding data (names, severity, etc.)
+    if (options.directory) {
+        const scanner = new index_1.HardeningScanner();
+        const result = await scanner.scan({ targetDir: options.directory, autoFix: false, scanDepth: 'deep' });
+        for (const finding of result.findings) {
+            if (metadata[finding.checkId]) {
+                metadata[finding.checkId].name = finding.name;
+                metadata[finding.checkId].category = finding.category;
+                metadata[finding.checkId].severity = finding.severity;
+            }
+            else {
+                metadata[finding.checkId] = {
+                    checkId: finding.checkId,
+                    name: finding.name,
+                    category: finding.category,
+                    attackClass: getAttackClass(finding.checkId) || '',
+                    severity: finding.severity,
+                };
+            }
         }
     }
     writeJsonStdout({ totalChecks: Object.keys(metadata).length, checks: metadata });
@@ -5373,12 +5261,39 @@ program
     // Fallback: static explanation from check metadata
     const checkId = findingId.toUpperCase();
     const staticExplanations = {
+        // Credential checks
         'CRED-001': 'Hardcoded credential detected. API keys, tokens, or passwords are embedded directly in source code. Replace with environment variable references ($VAR_NAME) and rotate the exposed credential immediately.',
         'CRED-002': 'OpenAI API key pattern detected (sk-...). Move to environment variable OPENAI_API_KEY.',
         'CRED-003': 'Anthropic API key pattern detected (sk-ant-...). Move to environment variable ANTHROPIC_API_KEY.',
         'CRED-004': 'AWS credential pattern detected. Use AWS SDK credential chain or environment variables.',
-        'MCP-001': 'MCP server running without TLS. Agent-to-server communication is unencrypted.',
-        'SKILL-005': 'External endpoint in skill capability declaration. Verify the endpoint is trusted.',
+        // MCP checks
+        'MCP-001': 'MCP server running without TLS. Agent-to-server communication is unencrypted. Enable TLS on the MCP server or use a reverse proxy with TLS termination.',
+        // Skill checks
+        'SKILL-005': 'External endpoint in skill capability declaration. Verify the endpoint is trusted and uses HTTPS.',
+        // Governance checks
+        'GOV-001': 'No governance policy found. Agents should declare behavioral constraints in a SOUL.md or governance file. Create a SOUL.md with mission, boundaries, and allowed actions.',
+        'GOV-002': 'Governance file lacks boundary definitions. Without explicit boundaries, the agent may act outside intended scope. Add "boundaries" or "constraints" sections to your governance file.',
+        'GOV-003': 'Governance file missing escalation policy. Define when and how the agent should escalate to a human. Add an escalation section with trigger conditions and contact methods.',
+        // Permission checks
+        'PERM-001': 'Overly broad file system permissions detected. The agent has write access to directories outside its working scope. Restrict file permissions to the minimum required paths.',
+        'PERM-002': 'Network permissions not restricted. The agent can make outbound requests to any host. Define an allowlist of permitted domains in the agent configuration.',
+        'PERM-003': 'Execution permissions too permissive. The agent can spawn arbitrary processes. Restrict executable permissions to specific, required binaries only.',
+        // SOUL checks
+        'SOUL-001': 'No SOUL.md file found. SOUL.md defines the agent identity, mission, and behavioral constraints. Run `hackmyagent secure --fix` to generate one.',
+        'SOUL-002': 'SOUL.md missing identity section. The agent lacks a declared identity, making impersonation easier. Add name, version, and publisher fields.',
+        'SOUL-003': 'SOUL.md missing behavioral boundaries. Without explicit limits, the agent may perform unintended actions. Add a boundaries section listing prohibited behaviors.',
+        // Privacy checks
+        'PRIV-001': 'PII handling not declared. The agent processes data but has no privacy policy or data handling declaration. Add a data handling section specifying what data is collected, stored, and shared.',
+        // Data checks
+        'DATA-001': 'Sensitive data logged to console or file. Credentials, tokens, or PII appear in log output. Sanitize log statements to redact sensitive values before output.',
+        'DATA-002': 'Data retention policy missing. The agent stores data without a defined retention or deletion policy. Define how long data is kept and when it is purged.',
+        // Injection checks
+        'INJECT-001': 'No prompt injection defense detected. The agent does not validate or sanitize inputs against injection attacks. Add input validation and consider using a system prompt with injection resistance instructions.',
+        'INJECT-002': 'Indirect prompt injection surface found. External data (URLs, files, API responses) is passed to the LLM without sanitization. Sanitize or sandbox external content before including it in prompts.',
+        // Attestation checks
+        'ATTEST-001': 'No attestation mechanism found. The agent cannot prove its identity or integrity to other agents. Implement agent attestation using signed identity tokens or SOUL.md signatures.',
+        // Supply chain checks
+        'SUPPLY-001': 'Dependency with known vulnerability detected. A transitive or direct dependency has a published CVE. Update the affected package to a patched version.',
     };
     const explanation = staticExplanations[checkId];
     if (explanation) {
@@ -5754,6 +5669,18 @@ program
 // ============================================================================
 // npm package scanning helpers (used by `check <package>`)
 // ============================================================================
+/**
+ * Detect whether a string looks like a PyPI package reference.
+ *
+ * Requires an explicit prefix:
+ * - pip:package-name
+ * - pypi:package-name
+ *
+ * Bare names are NOT auto-detected as PyPI (they fall through to npm).
+ */
+function looksLikePyPiPackage(target) {
+    return target.startsWith('pip:') || target.startsWith('pypi:');
+}
 /**
  * Detect whether a string looks like an npm package name rather than
  * a hostname, IP address, or local path.
@@ -5804,6 +5731,16 @@ function looksLikeGitHubRepo(target) {
     }
     return false;
 }
+/**
+ * Detect whether a string is an HTTP(S) URL that is NOT a GitHub repo.
+ * GitHub URLs are handled by looksLikeGitHubRepo; this catches everything else:
+ * GitLab, Bitbucket, self-hosted git, raw tarballs, zip archives, single files, etc.
+ */
+function looksLikeRawUrl(target) {
+    if (looksLikeGitHubRepo(target))
+        return false;
+    return /^https?:\/\/.+/.test(target);
+}
 /**
  * Parse a GitHub target into org/repo and optional clone URL.
  * Returns { org, repo, cloneUrl }
@@ -6124,21 +6061,7 @@ async function checkGitHubRepo(target, options) {
         console.log(`  Type:       ${result.projectType}`);
         console.log(`  Score:      ${scoreColor}${result.score}/${result.maxScore}${RESET()}`);
         console.log(`  Findings:   ${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low`);
-        if (failed.length > 0) {
-            console.log();
-            const limit = options.verbose ? failed.length : 15;
-            for (const f of failed.slice(0, limit)) {
-                const sev = SEVERITY_DISPLAY[f.severity];
-                const attackClass = f.attackClass ? ` (${f.attackClass})` : '';
-                console.log(`  ${sev.color()}${sev.symbol}${RESET()} ${f.name}: ${f.message}${colors.dim}${attackClass}${RESET()}`);
-            }
-            if (failed.length > limit) {
-                console.log(`\n  ... and ${failed.length - limit} more (use --verbose to see all)`);
-            }
-        }
-        else {
-            console.log(`\n  ${colors.green}No security issues found.${RESET()}`);
-        }
+        displayCheckFindings(failed, !!options.verbose);
         // Step 3: Community contribution
         if (process.stdin.isTTY && !globalCiMode) {
             const scanCount = incrementScanCounter();
@@ -6202,6 +6125,305 @@ async function checkGitHubRepo(target, options) {
  * Download an npm package, run full HMA secure scan, display results, clean up.
  * Checks the registry first; only downloads if data is missing or stale.
  */
+/**
+ * Download a PyPI package, scan it with HMA + NanoMind, and display results.
+ * Accepts targets prefixed with pip: or pypi: (e.g. pip:requests, pypi:flask).
+ */
+async function checkPyPiPackage(target, options) {
+    // Strip prefix to get the bare package name
+    const name = target.replace(/^(pip|pypi):/, '');
+    const { mkdtemp, rm, readdir } = await Promise.resolve().then(() => __importStar(require('node:fs/promises')));
+    const { tmpdir } = await Promise.resolve().then(() => __importStar(require('node:os')));
+    const { join } = await Promise.resolve().then(() => __importStar(require('node:path')));
+    const { execFileSync } = await Promise.resolve().then(() => __importStar(require('node:child_process')));
+    if (!options.json && !globalCiMode) {
+        console.error(`Downloading ${name} from PyPI...`);
+    }
+    const tempDir = await mkdtemp(join(tmpdir(), 'hma-check-pypi-'));
+    try {
+        // Fetch package metadata from PyPI JSON API
+        const metaRes = await fetch(`https://pypi.org/pypi/${encodeURIComponent(name)}/json`);
+        if (!metaRes.ok) {
+            if (metaRes.status === 404) {
+                console.error(`Error: Package "${name}" not found on PyPI.`);
+            }
+            else {
+                console.error(`Error: PyPI API returned ${metaRes.status} for "${name}".`);
+            }
+            process.exit(1);
+        }
+        const meta = await metaRes.json();
+        // Prefer sdist (source tarball) for scanning; fall back to first wheel
+        const sdist = meta.urls.find((u) => u.packagetype === 'sdist');
+        const wheel = meta.urls.find((u) => u.packagetype === 'bdist_wheel');
+        const dist = sdist || wheel || meta.urls[0];
+        if (!dist) {
+            console.error(`Error: No downloadable distribution found for "${name}" on PyPI.`);
+            process.exit(1);
+        }
+        // Download the archive
+        const archiveRes = await fetch(dist.url);
+        if (!archiveRes.ok) {
+            throw new Error(`Failed to download ${dist.filename}: HTTP ${archiveRes.status}`);
+        }
+        const archiveBuffer = Buffer.from(await archiveRes.arrayBuffer());
+        const archivePath = join(tempDir, dist.filename);
+        const { writeFileSync } = await Promise.resolve().then(() => __importStar(require('node:fs')));
+        writeFileSync(archivePath, archiveBuffer);
+        // Extract
+        const extractDir = join(tempDir, 'package');
+        const { mkdirSync } = await Promise.resolve().then(() => __importStar(require('node:fs')));
+        mkdirSync(extractDir, { recursive: true });
+        if (dist.filename.endsWith('.tar.gz') || dist.filename.endsWith('.tgz')) {
+            execFileSync('tar', ['xzf', archivePath, '-C', extractDir, '--strip-components=1'], { timeout: 30000 });
+        }
+        else if (dist.filename.endsWith('.zip') || dist.filename.endsWith('.whl')) {
+            execFileSync('unzip', ['-q', '-o', archivePath, '-d', extractDir], { timeout: 30000 });
+        }
+        else {
+            throw new Error(`Unsupported archive format: ${dist.filename}`);
+        }
+        // Run full HMA scan + NanoMind (same pipeline as checkNpmPackage)
+        const scanner = new index_1.HardeningScanner();
+        const result = await scanner.scan({ targetDir: extractDir, autoFix: false });
+        // Run NanoMind semantic analysis and re-filter
+        try {
+            const { orchestrateNanoMind } = await Promise.resolve().then(() => __importStar(require('./nanomind-core/orchestrate.js')));
+            const nmResult = await orchestrateNanoMind(extractDir, result.findings, { silent: true });
+            const refiltered = await scanner.reapplyIgnoreFilters(nmResult.mergedFindings, extractDir);
+            const projectType = result.projectType || 'library';
+            result.findings = refiltered.filter((f) => !f.passed && f.file && scanner.findingAppliesTo(f, projectType));
+            result.score = scanner.calculateScore(result.findings.filter((f) => !f.passed && !f.fixed)).score;
+        }
+        catch {
+            // NanoMind unavailable -- use base scan results
+        }
+        const failed = result.findings.filter(f => !f.passed);
+        const critical = failed.filter(f => f.severity === 'critical');
+        const high = failed.filter(f => f.severity === 'high');
+        const medium = failed.filter(f => f.severity === 'medium');
+        const low = failed.filter(f => f.severity === 'low');
+        if (options.json) {
+            writeJsonStdout({
+                name,
+                type: 'pypi-package',
+                source: 'local-scan',
+                version: meta.info.version,
+                projectType: result.projectType,
+                score: result.score,
+                maxScore: result.maxScore,
+                findings: result.findings,
+            });
+            return;
+        }
+        // Display results
+        const scoreRatio = result.score / result.maxScore;
+        const scoreColor = scoreRatio >= 0.7 ? colors.green : scoreRatio >= 0.4 ? colors.yellow : colors.red;
+        console.log(`\n  ${name} (PyPI)`);
+        console.log(`  Version:    ${meta.info.version}`);
+        console.log(`  Type:       ${result.projectType}`);
+        console.log(`  Score:      ${scoreColor}${result.score}/${result.maxScore}${RESET()}`);
+        console.log(`  Findings:   ${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low`);
+        if (failed.length > 0) {
+            console.log();
+            const limit = options.verbose ? failed.length : 15;
+            for (const f of failed.slice(0, limit)) {
+                const sev = SEVERITY_DISPLAY[f.severity];
+                const attackClass = f.attackClass ? ` (${f.attackClass})` : '';
+                console.log(`  ${sev.color()}${sev.symbol}${RESET()} ${f.name}: ${f.message}${colors.dim}${attackClass}${RESET()}`);
+            }
+            if (failed.length > limit) {
+                console.log(`\n  ... and ${failed.length - limit} more (use --verbose to see all)`);
+            }
+        }
+        else {
+            console.log(`\n  ${colors.green}No security issues found.${RESET()}`);
+        }
+        console.log(`\n  Full project scan: ${CLI_PREFIX} secure <dir>`);
+        console.log();
+        if (critical.length > 0 || high.length > 0)
+            process.exit(1);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        if (message.includes('not found on PyPI')) {
+            console.error(`Error: ${message}`);
+        }
+        else {
+            console.error(`Error scanning PyPI package "${name}": ${message}`);
+        }
+        process.exit(1);
+    }
+    finally {
+        await rm(tempDir, { recursive: true, force: true });
+    }
+}
+/**
+ * Fetch a raw URL, detect its type (git repo, tarball, zip, or single file),
+ * download to a temp dir, run full HMA + NanoMind scan, display results, clean up.
+ */
+async function checkRawUrl(url, options) {
+    const { mkdtemp, rm, writeFile, readdir } = await Promise.resolve().then(() => __importStar(require('node:fs/promises')));
+    const { tmpdir } = await Promise.resolve().then(() => __importStar(require('node:os')));
+    const { join, basename } = await Promise.resolve().then(() => __importStar(require('node:path')));
+    const { execFile } = await Promise.resolve().then(() => __importStar(require('node:child_process')));
+    const { promisify } = await Promise.resolve().then(() => __importStar(require('node:util')));
+    const execAsync = promisify(execFile);
+    const tempDir = await mkdtemp(join(tmpdir(), 'hma-check-url-'));
+    let scanDir = tempDir;
+    let displayName = url;
+    try {
+        // Git clone for known forge URLs and .git suffix
+        const isGitUrl = url.endsWith('.git')
+            || /^https?:\/\/(gitlab\.com|bitbucket\.org|codeberg\.org|gitea\.com|sr\.ht)\//.test(url);
+        if (isGitUrl) {
+            const repoName = basename(url.replace(/\.git$/, '')) || 'repo';
+            displayName = url.replace(/^https?:\/\//, '').replace(/\.git$/, '');
+            if (!options.json && !globalCiMode) {
+                console.error(`Cloning ${displayName}...`);
+            }
+            await execAsync('git', ['clone', '--depth', '1', '--single-branch', url, join(tempDir, repoName)], { timeout: 120000 });
+            scanDir = join(tempDir, repoName);
+        }
+        else {
+            // HTTP fetch — use HEAD to determine content type
+            if (!options.json && !globalCiMode) {
+                console.error(`Fetching ${url}...`);
+            }
+            const headRes = await fetch(url, { method: 'HEAD', redirect: 'follow' });
+            if (!headRes.ok) {
+                console.error(`Error: HTTP ${headRes.status} fetching "${url}".`);
+                process.exit(1);
+            }
+            const contentType = headRes.headers.get('content-type') || '';
+            const finalUrl = headRes.url;
+            const fileName = basename(new URL(finalUrl).pathname) || 'download';
+            const isArchive = /\.(tar\.gz|tgz|tar\.bz2|tar\.xz|zip)$/i.test(fileName)
+                || contentType.includes('gzip')
+                || contentType.includes('tar')
+                || contentType.includes('zip')
+                || contentType.includes('compressed');
+            const bodyRes = await fetch(finalUrl, { redirect: 'follow' });
+            if (!bodyRes.ok || !bodyRes.body) {
+                console.error(`Error: Failed to download "${url}" (HTTP ${bodyRes.status}).`);
+                process.exit(1);
+            }
+            const buffer = Buffer.from(await bodyRes.arrayBuffer());
+            if (isArchive) {
+                const archivePath = join(tempDir, fileName);
+                await writeFile(archivePath, buffer);
+                const extractDir = join(tempDir, 'extracted');
+                await execAsync('mkdir', ['-p', extractDir]);
+                if (/\.(tar\.gz|tgz)$/i.test(fileName) || contentType.includes('gzip') || contentType.includes('tar')) {
+                    await execAsync('tar', ['xzf', archivePath, '-C', extractDir], { timeout: 30000 });
+                }
+                else if (/\.tar\.bz2$/i.test(fileName)) {
+                    await execAsync('tar', ['xjf', archivePath, '-C', extractDir], { timeout: 30000 });
+                }
+                else if (/\.tar\.xz$/i.test(fileName)) {
+                    await execAsync('tar', ['xJf', archivePath, '-C', extractDir], { timeout: 30000 });
+                }
+                else if (/\.zip$/i.test(fileName)) {
+                    await execAsync('unzip', ['-q', archivePath, '-d', extractDir], { timeout: 30000 });
+                }
+                // If extraction produced a single directory, scan that
+                const entries = await readdir(extractDir);
+                if (entries.length === 1) {
+                    const { statSync } = await Promise.resolve().then(() => __importStar(require('node:fs')));
+                    const innerPath = join(extractDir, entries[0]);
+                    if (statSync(innerPath).isDirectory()) {
+                        scanDir = innerPath;
+                    }
+                    else {
+                        scanDir = extractDir;
+                    }
+                }
+                else {
+                    scanDir = extractDir;
+                }
+                displayName = fileName;
+            }
+            else {
+                // Single file: save for scanning
+                await writeFile(join(tempDir, fileName), buffer);
+                scanDir = tempDir;
+                displayName = fileName;
+            }
+        }
+        // Run full HMA scan + NanoMind
+        const scanner = new index_1.HardeningScanner();
+        const result = await scanner.scan({ targetDir: scanDir, autoFix: false });
+        try {
+            const { orchestrateNanoMind } = await Promise.resolve().then(() => __importStar(require('./nanomind-core/orchestrate.js')));
+            const nmResult = await orchestrateNanoMind(scanDir, result.findings, { silent: true });
+            const refiltered = await scanner.reapplyIgnoreFilters(nmResult.mergedFindings, scanDir);
+            const projectType = result.projectType || 'library';
+            result.findings = refiltered.filter((f) => !f.passed && f.file && scanner.findingAppliesTo(f, projectType));
+            result.score = scanner.calculateScore(result.findings.filter((f) => !f.passed && !f.fixed)).score;
+        }
+        catch {
+            // NanoMind unavailable — use base scan results
+        }
+        const failed = result.findings.filter(f => !f.passed);
+        const critical = failed.filter(f => f.severity === 'critical');
+        const high = failed.filter(f => f.severity === 'high');
+        const medium = failed.filter(f => f.severity === 'medium');
+        const low = failed.filter(f => f.severity === 'low');
+        if (options.json) {
+            writeJsonStdout({
+                name: displayName,
+                url,
+                type: 'raw-url',
+                source: 'local-scan',
+                projectType: result.projectType,
+                score: result.score,
+                maxScore: result.maxScore,
+                findings: result.findings,
+            });
+            return;
+        }
+        // Display results
+        const scoreRatio = result.score / result.maxScore;
+        const scoreColor = scoreRatio >= 0.7 ? colors.green : scoreRatio >= 0.4 ? colors.yellow : colors.red;
+        console.log(`\n  ${displayName} ${colors.dim}(URL)${RESET()}`);
+        console.log(`  Type:       ${result.projectType}`);
+        console.log(`  Score:      ${scoreColor}${result.score}/${result.maxScore}${RESET()}`);
+        console.log(`  Findings:   ${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low`);
+        displayCheckFindings(failed, !!options.verbose);
+        // Community contribution (auto-share if opted in, no first-time prompt for URLs)
+        if (process.stdin.isTTY && !globalCiMode) {
+            if (isContributeEnabled()) {
+                flushPendingScans();
+                const ok = await publishToRegistry(displayName, result);
+                if (!ok)
+                    queuePendingScan(displayName, result);
+            }
+        }
+        console.log(`\n  Full project scan: ${CLI_PREFIX} secure <dir>`);
+        console.log();
+        if (critical.length > 0 || high.length > 0)
+            process.exit(1);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        if (message.includes('128') || message.includes('not found') || message.includes('Repository not found')) {
+            console.error(`Error: Could not clone repository from "${url}".`);
+            console.error(`\nVerify the URL is accessible and contains a git repository.`);
+        }
+        else if (message.includes('timeout') || message.includes('Timeout')) {
+            console.error(`Error: Fetching "${url}" timed out. The target may be too large.`);
+            console.error(`\nTry downloading manually and scanning the local path:`);
+            console.error(`  ${CLI_PREFIX} check ./downloaded-dir/`);
+        }
+        else {
+            console.error(`Error scanning URL: ${message}`);
+        }
+        process.exit(1);
+    }
+    finally {
+        await rm(tempDir, { recursive: true, force: true });
+    }
+}
 async function checkNpmPackage(name, options) {
     // Step 1: Check registry for existing trust data
     if (!options.offline) {
@@ -6279,21 +6501,7 @@ async function checkNpmPackage(name, options) {
         console.log(`  Type:       ${result.projectType}`);
         console.log(`  Score:      ${scoreColor}${result.score}/${result.maxScore}${RESET()}`);
         console.log(`  Findings:   ${critical.length} critical, ${high.length} high, ${medium.length} medium, ${low.length} low`);
-        if (failed.length > 0) {
-            console.log();
-            const limit = options.verbose ? failed.length : 15;
-            for (const f of failed.slice(0, limit)) {
-                const sev = SEVERITY_DISPLAY[f.severity];
-                const attackClass = f.attackClass ? ` (${f.attackClass})` : '';
-                console.log(`  ${sev.color()}${sev.symbol}${RESET()} ${f.name}: ${f.message}${colors.dim}${attackClass}${RESET()}`);
-            }
-            if (failed.length > limit) {
-                console.log(`\n  ... and ${failed.length - limit} more (use --verbose to see all)`);
-            }
-        }
-        else {
-            console.log(`\n  ${colors.green}No security issues found.${RESET()}`);
-        }
+        displayCheckFindings(failed, !!options.verbose);
         // Step 3: Community contribution (after 3 scans, interactive only)
         if (process.stdin.isTTY && !globalCiMode) {
             const scanCount = incrementScanCounter();