litmus-cli 1.0.19 → 1.0.20

package/dist/lib/hook-logger.cjs

@@ -146,7 +146,12 @@ async function main() {
   const raw = await readStdin()
   if (!raw.trim()) return
 
-  const { prompt, sessionId } = extractPrompt(raw, tool)
+  // Detect Cursor firing Claude Code hooks — Cursor sets CURSOR_TRACE_ID
+  const effectiveTool = (tool === "claude" && process.env.CURSOR_TRACE_ID)
+    ? "cursor"
+    : tool
+
+  const { prompt, sessionId } = extractPrompt(raw, effectiveTool)
   if (!prompt) return
 
   const truncated = prompt.length > MAX_PROMPT_LENGTH
@@ -156,7 +161,7 @@ async function main() {
   const event = {
     ts: new Date().toISOString(),
     type: "ai_prompt",
-    tool,
+    tool: effectiveTool,
     prompt: truncated,
   }
   if (sessionId) event.sessionId = sessionId

package/dist/lib/watcher.cjs

@@ -16,7 +16,9 @@
 
 const fs = require("fs")
 const path = require("path")
+const crypto = require("crypto")
 const { execSync, execFile } = require("child_process")
+const dns = require("dns")
 const https = require("https")
 const http = require("http")
 
@@ -122,7 +124,16 @@ function shouldIgnore(relPath) {
   return IGNORED.some((re) => re.test(relPath))
 }
 
+// ── Hash chain for tamper evidence ──────────────────────────────
+let prevHash = "0".repeat(64) // genesis
+let nextSeq = 0
+
 function emit(event) {
+  event._seq = nextSeq++
+  event._prevHash = prevHash
+  const hash = crypto.createHash("sha256").update(JSON.stringify(event)).digest("hex")
+  event._hash = hash
+  prevHash = hash
   log.write(JSON.stringify(event) + "\n")
   if (uploadConfig && uploadBuffer.length < MAX_BUFFER_SIZE) {
     uploadBuffer.push(event)
@@ -195,6 +206,10 @@ process.on("uncaughtException", (err) => {
 try {
   const watcher = fs.watch(projectDir, { recursive: true }, (eventType, filename) => {
     if (!filename) return
+
+    // Check for AI artifact files before applying ignore filter (artifacts are dotfiles)
+    checkArtifact(filename)
+
     if (shouldIgnore(filename)) return
 
     // Check for burst edits on raw events (before debounce — needs real timing)
@@ -322,6 +337,16 @@ const AI_TOOL_PATTERNS = {
   codeium: /\bcodeium\b/,
   codex: /\bcodex\b/,
   copilot: /\bcopilot\b/,
+  windsurf: /\bwindsurf\b/,
+  ollama: /\bollama\b/,
+  tabnine: /\btabnine\b/,
+  supermaven: /\bsupermaven\b/,
+  cline: /\bcline\b/,
+  cody: /\bsourcegraph-cody\b|\bcody-agent\b/,
+  "amazon-q": /\bamazon-q\b/,
+  "roo-code": /\broo-code\b|\broo_code\b/,
+  pearai: /\bpearai\b/,
+  ghostwriter: /\bghostwriter\b/,
 }
 
 function detectEnvironment() {
@@ -353,6 +378,159 @@ function detectEnvironment() {
 detectEnvironment() // Run immediately on startup
 setInterval(detectEnvironment, 10 * 60 * 1000) // Every 10 minutes
 
+// ── AI artifact file detection ──────────────────────────────────
+const AI_ARTIFACT_PATTERNS = [
+  { tool: "cursor", paths: [".cursorrules", ".cursorignore"] },
+  { tool: "windsurf", paths: [".windsurfrules"] },
+  { tool: "aider", paths: [".aider.chat.history.md", ".aider.input.history", ".aider.tags.cache"] },
+  { tool: "continue", paths: [".continue"] },
+  { tool: "codeium", paths: [".codeium"] },
+  { tool: "tabnine", paths: [".tabnine"] },
+  { tool: "codex", paths: ["codex.md", ".codex"] },
+]
+
+const seenArtifacts = new Set()
+
+function checkArtifact(relPath) {
+  if (seenArtifacts.has(relPath)) return
+  for (const { tool, paths } of AI_ARTIFACT_PATTERNS) {
+    for (const p of paths) {
+      if (relPath === p || relPath.startsWith(p + "/") || relPath.startsWith(p + "\\")) {
+        seenArtifacts.add(relPath)
+        emit({
+          ts: new Date().toISOString(),
+          type: "ai_artifact_detected",
+          tool,
+          file: relPath,
+        })
+        return
+      }
+    }
+  }
+}
+
+// Startup scan for pre-existing artifacts
+for (const { tool, paths } of AI_ARTIFACT_PATTERNS) {
+  for (const p of paths) {
+    try {
+      if (fs.existsSync(path.join(projectDir, p))) {
+        seenArtifacts.add(p)
+        emit({
+          ts: new Date().toISOString(),
+          type: "ai_artifact_detected",
+          tool,
+          file: p,
+        })
+      }
+    } catch { /* skip */ }
+  }
+}
+
+// ── Network monitoring (AI API endpoint detection) ──────────────
+const AI_NETWORK_HOSTS = {
+  "api.openai.com": "openai",
+  "chat.openai.com": "chatgpt",
+  "chatgpt.com": "chatgpt",
+  "api.anthropic.com": "claude_api",
+  "claude.ai": "claude_web",
+  "generativelanguage.googleapis.com": "gemini_api",
+  "gemini.google.com": "gemini_web",
+  "copilot-proxy.githubusercontent.com": "copilot",
+  "githubcopilot.com": "copilot",
+  "api2.cursor.sh": "cursor",
+  "cursor.sh": "cursor",
+  "server.codeium.com": "codeium",
+  "api.perplexity.ai": "perplexity",
+  "perplexity.ai": "perplexity",
+  "api.deepseek.com": "deepseek",
+  "api.groq.com": "groq",
+  "api.mistral.ai": "mistral",
+}
+
+// IP -> tool name cache (refreshed every 30 min)
+const ipToTool = new Map()
+let lastDnsRefresh = 0
+const DNS_REFRESH_MS = 30 * 60 * 1000
+
+function refreshDnsCache() {
+  lastDnsRefresh = Date.now()
+  for (const [host, tool] of Object.entries(AI_NETWORK_HOSTS)) {
+    dns.resolve4(host, { ttl: false }, (err, addresses) => {
+      if (!err && addresses) {
+        for (const ip of addresses) {
+          ipToTool.set(ip, { tool, host })
+        }
+      }
+    })
+  }
+}
+
+refreshDnsCache() // Resolve on startup
+
+let lastNetworkTools = "" // Dedup: JSON stringified tool set from previous check
+
+function detectNetworkAI() {
+  if (Date.now() - lastDnsRefresh > DNS_REFRESH_MS) refreshDnsCache()
+  if (ipToTool.size === 0) return // DNS hasn't resolved yet
+
+  execFile("lsof", ["-i", "-n", "-P"], { timeout: 10_000, encoding: "utf8", maxBuffer: 2 * 1024 * 1024 }, (err, stdout) => {
+    if (err) {
+      // lsof unavailable — try ss on Linux
+      if (err.code === "ENOENT" && process.platform === "linux") {
+        execFile("ss", ["-tnp"], { timeout: 5000, encoding: "utf8", maxBuffer: 1024 * 1024 }, (ssErr, ssOut) => {
+          if (!ssErr && ssOut) parseNetworkOutput(ssOut, true)
+        })
+      }
+      return
+    }
+    if (stdout) parseNetworkOutput(stdout, false)
+  })
+}
+
+function parseNetworkOutput(output, isSS) {
+  const detected = new Map() // tool -> Set<host>
+
+  for (const line of output.split("\n")) {
+    // lsof: match destination IP in "->IP:port" pattern
+    // ss: match destination IP in "IP:port" pattern after local address
+    const ipMatch = isSS
+      ? line.match(/\s(\d+\.\d+\.\d+\.\d+):(\d+)\s*$/)
+      : line.match(/->(\d+\.\d+\.\d+\.\d+):(\d+)/)
+    if (!ipMatch) continue
+
+    const ip = ipMatch[1]
+    const entry = ipToTool.get(ip)
+    if (entry) {
+      if (!detected.has(entry.tool)) detected.set(entry.tool, new Set())
+      detected.get(entry.tool).add(entry.host)
+    }
+  }
+
+  if (detected.size === 0) return
+
+  // Dedup: don't re-emit if same tools detected as last check
+  const toolKey = JSON.stringify([...detected.keys()].sort())
+  if (toolKey === lastNetworkTools) return
+  lastNetworkTools = toolKey
+
+  const tools = []
+  const hosts = []
+  for (const [tool, hostSet] of detected) {
+    tools.push(tool)
+    for (const h of hostSet) hosts.push(h)
+  }
+
+  emit({
+    ts: new Date().toISOString(),
+    type: "network_ai_detected",
+    tools,
+    hosts,
+  })
+}
+
+detectNetworkAI() // Run immediately
+setInterval(detectNetworkAI, 5 * 60 * 1000) // Every 5 minutes
+
 // ── Auto-submit at deadline ──────────────────────────────────────
 // NOTE: Deadline calculation duplicated from config.ts getEffectiveDeadline()
 // (this file is CommonJS and cannot import the TS module). Keep both in sync.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "litmus-cli",
-  "version": "1.0.19",
+  "version": "1.0.20",
   "description": "CLI tool for Litmus engineering assessments",
   "license": "MIT",
   "author": "elenazhao",