pando-ai 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +66 -6
  2. package/dist/cli.js +151 -149
  3. package/package.json +12 -3
  4. package/tools/clojure-editor/lib/pando-clojure-editor-standalone.jar +0 -0
  5. package/tools/clojure-indexer/lib/pando-clojure-indexer-standalone.jar +0 -0
package/README.md CHANGED
@@ -1,12 +1,18 @@
1
1
  # pandō — AI coding firewall
2
2
 
3
- `pando-ai` is an **AI coding firewall**. It supervises your coding agents
4
- (`codex` and `claude`) transparently, with two jobs:
3
+ `pando-ai` is an **AI coding firewall** for Codex and Claude Code. It installs
4
+ supervised launchers so developers keep running `codex ...` and `claude ...`
5
+ normally while Pando applies local policy on each launch.
5
6
 
6
- 1. **Block unsafe operations** — reduce the agent to a single audited tool (the
7
- Pando MCP server) and intercept, rewrite, or block everything else.
8
- 2. **Keep code local** — sit inline on the wire so model/tool traffic passes
9
- through a local gateway you control.
7
+ Its jobs:
8
+
9
+ 1. **Constrain tool use** — install the project-scoped Pando MCP server, deny
10
+ native tools where supported, and deny non-Pando MCP tools by default.
11
+ 2. **Inspect tool traffic** — use Claude Code hooks on every Claude launch and
12
+ a local provider gateway where available to block off-policy tool calls and
13
+ tool results.
14
+ 3. **Keep code local by default** — run indexing, search, snapshots, and edits
15
+ locally; optional working-set memory is off unless explicitly enabled.
10
16
 
11
17
  It is built on the same indexing + MCP engine as the Pandō VS Code extension.
12
18
 
@@ -111,6 +117,40 @@ context. Gateway mode is an additional full-wire layer for request/response
111
117
  inspection, memory, and provider-bound enforcement; hooks still run when the
112
118
  gateway is active.
113
119
 
120
+ #### Enabling gateway mode
121
+
122
+ Gateway mode starts only when Claude Code gateway credentials are present and
123
+ `[proxy].claude = "enforce"`. Provide one of:
124
+
125
+ ```bash
126
+ # Environment variable (highest precedence)
127
+ export ANTHROPIC_API_KEY=sk-ant-...
128
+ # …or an auth token
129
+ export ANTHROPIC_AUTH_TOKEN=...
130
+ ```
131
+
132
+ For local development you can keep the key in a git-ignored `.env` at the repo
133
+ root and source it before launching:
134
+
135
+ ```bash
136
+ # .env (already git-ignored — never commit it)
137
+ ANTHROPIC_API_KEY=sk-ant-...
138
+
139
+ export $(grep -v '^#' .env | xargs) # load it into the shell
140
+ claude -p 'hello' # Pando supervises + routes via gateway
141
+ ```
142
+
143
+ A `apiKeyHelper` configured in Claude Code settings works as well. With any of
144
+ these present Pando logs `gateway listening on http://127.0.0.1:<port>
145
+ (memory=off)` and sets `ANTHROPIC_BASE_URL` for the child `claude` process.
146
+ Without them, Pando falls back to hooks-only enforcement over subscription OAuth.
147
+
148
+ The gateway forwards the Anthropic Messages and OpenAI Responses APIs
149
+ transparently, including compressed upstream responses: `fetch` decodes the
150
+ `content-encoding` (gzip/brotli) before Pando inspects or rewrites the body, and
151
+ the gateway emits the decoded, identity-encoded bytes — it never re-advertises a
152
+ `content-encoding` it isn't sending.
153
+
114
154
  ### Provider proxy toggle
115
155
 
116
156
  Users can enable or disable the local provider proxy per supervised tool:
@@ -141,6 +181,7 @@ provider-bound gateway enforcement is disabled.
141
181
  ```bash
142
182
  pando-ai # firewall console (TTY): status + proactive install
143
183
  pando-ai install # force a (re)install pass
184
+ pando-ai uninstall # remove Pando shims, managed PATH block, and install state
144
185
  pando-ai serve [path] # stdio MCP server for MCP clients
145
186
  pando-ai serve-http # HTTP MCP server
146
187
  pando-ai gateway # run the firewall gateway in the foreground (debug)
@@ -152,6 +193,25 @@ pando-ai config set telemetry false
152
193
  `pando-ai launch codex|claude -- <args>` is the supervised launcher the shims
153
194
  call; you don't run it directly.
154
195
 
196
+ ## Uninstall
197
+
198
+ To stop supervising `codex` and `claude`:
199
+
200
+ ```bash
201
+ pando-ai uninstall
202
+ ```
203
+
204
+ This removes Pando-owned `codex`/`claude` shims from `~/.pando/bin`, removes
205
+ the managed PATH block from your shell startup file when present, and deletes
206
+ `~/.pando/state.json` so declined/install state does not suppress future setup
207
+ prompts. It does not delete policy files, logs, or other user data.
208
+
209
+ If you installed the npm package globally, remove it separately:
210
+
211
+ ```bash
212
+ npm uninstall -g pando-ai
213
+ ```
214
+
155
215
  ## MCP serve mode
156
216
 
157
217
  When invoked without a TTY (e.g. spawned by an MCP client) `pando-ai` starts the