seamshield 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +46 -55
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -1,32 +1,43 @@
1
1
  # SeamShield
2
2
 
3
- SeamShield is the security layer for AI-built JavaScript and TypeScript apps. It scans for the predictable flaws that vibecoded projects ship: committed secrets, client-exposed server keys, client-only auth, open platform rules, unsafe agent config, and dependency supply-chain risks.
3
+ Local security scanner for AI-built JavaScript and TypeScript apps.
4
4
 
5
- The current product surface is:
6
-
7
- - `npx seamshield scan` - CLI scanner with table, JSON, and SARIF output.
8
- - `npx seamshield fix-plan` - writes agent-ready remediation prompts.
9
- - `npx seamshield agent-context` - writes SeamShield instructions for Claude Code or Cursor.
10
- - `npx seamshield guard install` / `guard check` - Claude Code PreToolUse guard for insecure edits and commands.
5
+ SeamShield finds common flaws that AI-generated apps often ship: committed secrets, client-exposed server keys, client-only auth, open platform rules, unsafe agent config, and dependency supply-chain risks.
11
6
 
12
7
  ## Install
13
8
 
14
9
  ```bash
15
- npm install -g seamshield
16
- # or
17
10
  npx seamshield scan .
18
11
  ```
19
12
 
13
+ Or install globally:
14
+
15
+ ```bash
16
+ npm install -g seamshield
17
+ seamshield scan .
18
+ ```
19
+
20
20
  Requires Node.js 20 or newer.
21
21
 
22
+ ## Commands
23
+
24
+ ```bash
25
+ seamshield scan .
26
+ seamshield fix-plan .
27
+ seamshield agent-context . --claude
28
+ seamshield agent-context . --cursor
29
+ seamshield guard install .
30
+ seamshield guard check
31
+ ```
32
+
22
33
  ## Scan
23
34
 
24
35
  ```bash
25
- npx seamshield scan .
26
- npx seamshield scan . --format json
27
- npx seamshield scan . --format sarif
28
- npx seamshield scan . --fail-on high
29
- npx seamshield scan . --offline
36
+ seamshield scan .
37
+ seamshield scan . --format json
38
+ seamshield scan . --format sarif
39
+ seamshield scan . --fail-on high
40
+ seamshield scan . --offline
30
41
  ```
31
42
 
32
43
  Exit codes:
@@ -37,24 +48,19 @@ Exit codes:
37
48
 
38
49
  `--offline` disables npm registry and OSV checks. Static rules still run.
39
50
 
40
- ## Fix Plan
51
+ ## Fix Plans
41
52
 
42
53
  ```bash
43
- npx seamshield fix-plan .
54
+ seamshield fix-plan .
44
55
  ```
45
56
 
46
- This writes `.seamshield/fix-plan.json` with:
47
-
48
- - the finding list,
49
- - redacted evidence,
50
- - per-finding `agent_prompt` text,
51
- - one combined `agent_markdown` block for Claude Code, Cursor, or another coding agent.
57
+ Writes `.seamshield/fix-plan.json` with redacted findings and agent-ready remediation prompts.
52
58
 
53
59
  ## Agent Context
54
60
 
55
61
  ```bash
56
- npx seamshield agent-context . --claude
57
- npx seamshield agent-context . --cursor
62
+ seamshield agent-context . --claude
63
+ seamshield agent-context . --cursor
58
64
  ```
59
65
 
60
66
  Claude writes or updates `CLAUDE.md`. Cursor writes `.cursor/rules/seamshield.mdc`.
@@ -62,14 +68,14 @@ Claude writes or updates `CLAUDE.md`. Cursor writes `.cursor/rules/seamshield.md
62
68
  ## Claude Code Guard
63
69
 
64
70
  ```bash
65
- npx seamshield guard install .
71
+ seamshield guard install .
66
72
  ```
67
73
 
68
- The guard installs a Claude Code `PreToolUse` hook for `Write`, `Edit`, `MultiEdit`, and `Bash`.
74
+ Installs a Claude Code `PreToolUse` hook for `Write`, `Edit`, `MultiEdit`, and `Bash`.
69
75
 
70
- It denies block-severity edits such as hardcoded provider keys, service-role keys, private keys, committed dotenv files, open Firebase rules, or RLS disablement. Bash checks deny obvious dangerous commands such as `git add .env*`, `curl ... | sh`, and installs of npm packages that do not resolve.
76
+ The guard denies block-severity edits such as hardcoded provider keys, service-role keys, private keys, committed dotenv files, open Firebase rules, or RLS disablement. Bash checks deny obvious dangerous commands such as `git add .env*`, `curl ... | sh`, and installs of npm packages that do not resolve.
71
77
 
72
- Guard behavior is fail-open: if the hook errors, it allows the tool call and appends diagnostics to `.seamshield/guard.log`. CI/release gates should stay fail-closed.
78
+ Guard behavior is fail-open: if the hook errors, it allows the tool call and appends diagnostics to `.seamshield/guard.log`.
73
79
 
74
80
  ## Configuration
75
81
 
@@ -92,36 +98,21 @@ const fixtureKey = "sk_live_test_fixture_only";
92
98
 
93
99
  ## Privacy
94
100
 
95
- SeamShield v0.x runs locally. Static scanning does not transmit source code. Network dependency checks send package names and versions to the npm registry and OSV only; use `--offline` to disable them. Secret evidence is redacted before findings, JSON, SARIF, and fix plans are emitted.
96
-
97
- ## Rule Coverage
98
-
99
- The rule pack covers:
101
+ SeamShield runs locally. Static scanning does not transmit source code.
100
102
 
101
- - secrets and client exposure,
102
- - Next.js auth footguns,
103
- - Supabase, Convex, and Firebase platform mistakes,
104
- - dependency lockfile, pinning, hallucinated-package, and OSV vulnerability checks,
105
- - agent config secrets and overbroad permissions.
103
+ Network dependency checks send package names and versions to the npm registry and OSV. Use `--offline` to disable those checks.
106
104
 
107
- Rules map back to the SeamShield framework files under `seamshield-final-framework/` and `AI_AGENT_DROP_IN.md`.
108
-
109
- ## Development
110
-
111
- ```bash
112
- pnpm install
113
- pnpm build
114
- pnpm test
115
- pnpm typecheck
116
- ```
105
+ Secret evidence is redacted before findings, JSON, SARIF, and fix plans are emitted.
117
106
 
118
- Before publishing:
107
+ ## Public Rule Coverage
119
108
 
120
- 1. Revoke any exposed npm token and mint a fresh token.
121
- 2. Run `pnpm build`, `pnpm test`, and `pnpm typecheck`.
122
- 3. Verify `node packages/cli/dist/index.js scan examples/vulnerable-next-app --offline`.
123
- 4. Publish from `packages/cli` after confirming package contents with `npm pack --dry-run`.
109
+ - Secrets and client exposure
110
+ - Next.js auth footguns
111
+ - Supabase, Convex, and Firebase platform mistakes
112
+ - Dependency lockfile, pinning, hallucinated-package, and OSV vulnerability checks
113
+ - Agent config secrets and overbroad permissions
124
114
 
125
- ## Framework
115
+ ## Links
126
116
 
127
- The original SeamShield framework remains in `seamshield-final-framework/`: Runtime, Artifact, Update, and Evidence planes; OPA policies; schemas; validators; and adoption guidance.
117
+ - Repository: https://github.com/KaraboGerald/SeamShield
118
+ - Issues: https://github.com/KaraboGerald/SeamShield/issues
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "seamshield",
3
- "version": "0.1.1",
3
+ "version": "0.1.2",
4
4
  "description": "Security scanner for AI-generated apps: finds the flaws vibecoded projects predictably ship",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -42,7 +42,7 @@
42
42
  "node": ">=20"
43
43
  },
44
44
  "scripts": {
45
- "build": "tsup src/index.ts --format esm --clean && tsc -p tsconfig.build.json && rm -rf rules schemas && cp -R ../rules/rules ../rules/schemas . && cp ../../README.md README.md",
45
+ "build": "tsup src/index.ts --format esm --clean && tsc -p tsconfig.build.json && rm -rf rules schemas && cp -R ../rules/rules ../rules/schemas .",
46
46
  "prepack": "pnpm run build",
47
47
  "test": "vitest run"
48
48
  },