seamshield 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +118 -0
  2. package/package.json +29 -2
package/README.md ADDED
@@ -0,0 +1,118 @@
1
+ # SeamShield
2
+
3
+ Local security scanner for AI-built JavaScript and TypeScript apps.
4
+
5
+ SeamShield finds common flaws that AI-generated apps often ship: committed secrets, client-exposed server keys, client-only auth, open platform rules, unsafe agent config, and dependency supply-chain risks.
6
+
7
+ ## Install
8
+
9
+ ```bash
10
+ npx seamshield scan .
11
+ ```
12
+
13
+ Or install globally:
14
+
15
+ ```bash
16
+ npm install -g seamshield
17
+ seamshield scan .
18
+ ```
19
+
20
+ Requires Node.js 20 or newer.
21
+
22
+ ## Commands
23
+
24
+ ```bash
25
+ seamshield scan .
26
+ seamshield fix-plan .
27
+ seamshield agent-context . --claude
28
+ seamshield agent-context . --cursor
29
+ seamshield guard install .
30
+ seamshield guard check
31
+ ```
32
+
33
+ ## Scan
34
+
35
+ ```bash
36
+ seamshield scan .
37
+ seamshield scan . --format json
38
+ seamshield scan . --format sarif
39
+ seamshield scan . --fail-on high
40
+ seamshield scan . --offline
41
+ ```
42
+
43
+ Exit codes:
44
+
45
+ - `0` - no findings at or above the selected `--fail-on` threshold.
46
+ - `1` - findings at or above the threshold.
47
+ - `2` - CLI usage or scanner failure.
48
+
49
+ `--offline` disables npm registry and OSV checks. Static rules still run.
50
+
51
+ ## Fix Plans
52
+
53
+ ```bash
54
+ seamshield fix-plan .
55
+ ```
56
+
57
+ Writes `.seamshield/fix-plan.json` with redacted findings and agent-ready remediation prompts.
58
+
59
+ ## Agent Context
60
+
61
+ ```bash
62
+ seamshield agent-context . --claude
63
+ seamshield agent-context . --cursor
64
+ ```
65
+
66
+ Claude writes or updates `CLAUDE.md`. Cursor writes `.cursor/rules/seamshield.mdc`.
67
+
68
+ ## Claude Code Guard
69
+
70
+ ```bash
71
+ seamshield guard install .
72
+ ```
73
+
74
+ Installs a Claude Code `PreToolUse` hook for `Write`, `Edit`, `MultiEdit`, and `Bash`.
75
+
76
+ The guard denies block-severity edits such as hardcoded provider keys, service-role keys, private keys, committed dotenv files, open Firebase rules, or RLS disablement. Bash checks deny obvious dangerous commands such as `git add .env*`, `curl ... | sh`, and installs of npm packages that do not resolve.
77
+
78
+ Guard behavior is fail-open: if the hook errors, it allows the tool call and appends diagnostics to `.seamshield/guard.log`.
79
+
80
+ ## Configuration
81
+
82
+ Create `.seamshield/config.yaml`:
83
+
84
+ ```yaml
85
+ ignore:
86
+ - vendored/**
87
+ rules:
88
+ disable:
89
+ - ss/auth/client-only-guard
90
+ ```
91
+
92
+ Suppress a single finding inline:
93
+
94
+ ```ts
95
+ // seamshield-ignore ss/secrets/hardcoded-provider-key
96
+ const fixtureKey = "sk_live_test_fixture_only";
97
+ ```
98
+
99
+ ## Privacy
100
+
101
+ SeamShield runs locally. Static scanning does not transmit source code.
102
+
103
+ Network dependency checks send package names and versions to the npm registry and OSV. Use `--offline` to disable those checks.
104
+
105
+ Secret evidence is redacted before findings, JSON, SARIF, and fix plans are emitted.
106
+
107
+ ## Public Rule Coverage
108
+
109
+ - Secrets and client exposure
110
+ - Next.js auth footguns
111
+ - Supabase, Convex, and Firebase platform mistakes
112
+ - Dependency lockfile, pinning, hallucinated-package, and OSV vulnerability checks
113
+ - Agent config secrets and overbroad permissions
114
+
115
+ ## Links
116
+
117
+ - Repository: https://github.com/KaraboGerald/SeamShield
118
+ - Issues: https://github.com/KaraboGerald/SeamShield/issues
package/package.json CHANGED
@@ -1,13 +1,39 @@
1
1
  {
2
2
  "name": "seamshield",
3
- "version": "0.1.0",
3
+ "version": "0.1.2",
4
4
  "description": "Security scanner for AI-generated apps: finds the flaws vibecoded projects predictably ship",
5
5
  "type": "module",
6
6
  "license": "MIT",
7
+ "homepage": "https://github.com/KaraboGerald/SeamShield#readme",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "git+https://github.com/KaraboGerald/SeamShield.git",
11
+ "directory": "packages/cli"
12
+ },
13
+ "bugs": {
14
+ "url": "https://github.com/KaraboGerald/SeamShield/issues"
15
+ },
16
+ "keywords": [
17
+ "security",
18
+ "scanner",
19
+ "cli",
20
+ "ai",
21
+ "vibecoding",
22
+ "secrets",
23
+ "sast",
24
+ "nextjs",
25
+ "supabase",
26
+ "firebase",
27
+ "claude-code",
28
+ "cursor",
29
+ "osv",
30
+ "sarif"
31
+ ],
7
32
  "bin": {
8
- "seamshield": "./dist/index.js"
33
+ "seamshield": "dist/index.js"
9
34
  },
10
35
  "files": [
36
+ "README.md",
11
37
  "dist",
12
38
  "rules",
13
39
  "schemas"
@@ -17,6 +43,7 @@
17
43
  },
18
44
  "scripts": {
19
45
  "build": "tsup src/index.ts --format esm --clean && tsc -p tsconfig.build.json && rm -rf rules schemas && cp -R ../rules/rules ../rules/schemas .",
46
+ "prepack": "pnpm run build",
20
47
  "test": "vitest run"
21
48
  },
22
49
  "dependencies": {