shellward 0.6.1 → 0.6.2

package/dist/mcp-server.js

@@ -21,6 +21,8 @@
 //   }
 import { ShellWard } from './core/engine.js';
 import { McpBaseline } from './mcp-baseline.js';
+import { runComplianceAudit } from './compliance/audit.js';
+import { renderComplianceReport } from './compliance/report.js';
 import { readFileSync } from 'fs';
 import { createInterface } from 'readline';
 import { fileURLToPath } from 'url';
@@ -140,6 +142,16 @@ const TOOLS = [
             properties: {},
         },
     },
+    {
+        name: 'compliance_check',
+        description: 'Run a China AI-compliance health check (网安法/PIPL/等保2.0/数据出境/AI标识) and return a red/yellow/green scorecard report. Detects overseas LLM endpoints (data-export risk), audit-log retention, enabled defense layers, and root execution.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                format: { type: 'string', enum: ['report', 'json'], description: 'Output format: "report" (Markdown scorecard, default) or "json" (raw result)' },
+            },
+        },
+    },
 ];
 // ===== Tool Execution =====
 function executeTool(name, args) {
@@ -263,6 +275,30 @@ function executeTool(name, args) {
                 ],
             };
         }
+        case 'compliance_check': {
+            const report = runComplianceAudit(guard.config);
+            if (args.format === 'json') {
+                return {
+                    score: report.score,
+                    grade: report.grade,
+                    passed: report.passed,
+                    warned: report.warned,
+                    failed: report.failed,
+                    manual: report.manual,
+                    total: report.total,
+                    results: report.results.map(r => ({
+                        id: r.control.id,
+                        regulation: r.control.regulation,
+                        article: r.control.article,
+                        title: guard.locale === 'zh' ? r.control.title_zh : r.control.title_en,
+                        status: r.status,
+                        detail: guard.locale === 'zh' ? r.detail_zh : r.detail_en,
+                    })),
+                };
+            }
+            // default: return Markdown report as text
+            return { report: renderComplianceReport(report, guard.locale) };
+        }
         default:
             throw new Error(`Unknown tool: ${name}`);
     }

package/dist/rules/overseas-llm.d.ts

@@ -0,0 +1,37 @@
+export interface OverseasEndpoint {
+    id: string;
+    /** 主机名匹配（小写、去端口）。命中其一即视为境外大模型端点 */
+    hosts: string[];
+    provider_zh: string;
+    provider_en: string;
+}
+export declare const OVERSEAS_LLM_ENDPOINTS: OverseasEndpoint[];
+export interface OverseasMatch {
+    isOverseas: boolean;
+    endpointId?: string;
+    provider_zh?: string;
+    provider_en?: string;
+    host?: string;
+}
+/**
+ * 从任意字符串（URL / base_url / 命令行 / 配置）中提取主机名并判断是否境外大模型端点。
+ * 同时识别裸 URL 与命令行里的 https://... 形式。
+ */
+export declare function detectOverseasLLM(text: string): OverseasMatch;
+/** 包名（小写）→ 厂商 */
+export declare const OVERSEAS_LLM_PACKAGES: Record<string, {
+    zh: string;
+    en: string;
+}>;
+export interface DepMatch {
+    pkg: string;
+    provider_zh: string;
+    provider_en: string;
+}
+/** 依赖清单文件名（小写）判定 */
+export declare function isDependencyManifest(filename: string): boolean;
+/**
+ * 从依赖清单内容中提取境外大模型 SDK 依赖。
+ * 对 package.json 解析 JSON 的 deps/devDeps/peerDeps；其余按"出现包名"宽松匹配。
+ */
+export declare function detectOverseasDeps(filename: string, content: string): DepMatch[];

package/dist/rules/overseas-llm.js

@@ -0,0 +1,147 @@
+// src/rules/overseas-llm.ts — 境外大模型端点识别（数据出境检测）
+//
+// 中国差异化能力：识别请求是否指向「境外大模型 / 境外 AI 服务」端点。
+// 在中国监管下，向境外大模型 API 发送个人信息/重要数据 = 数据出境，受
+// 《促进数据跨境流动规定》《数据出境安全评估办法》约束。英文工具没有
+// "出境"概念，这是 ShellWard 面向中国市场的护城河之一。
+//
+// 用途：
+//   - 体检引擎据此判断"是否存在数据出境风险"
+//   - 网关层据此标记"数据出境"事件 / 触发出境前脱敏（路线图）
+//
+// 边界：仅做端点归属判断（不做 IP 归属解析），覆盖主流境外大模型与聚合网关。
+export const OVERSEAS_LLM_ENDPOINTS = [
+    { id: 'openai', hosts: ['api.openai.com', 'openai.com'], provider_zh: 'OpenAI', provider_en: 'OpenAI' },
+    { id: 'anthropic', hosts: ['api.anthropic.com', 'anthropic.com'], provider_zh: 'Anthropic Claude', provider_en: 'Anthropic Claude' },
+    { id: 'google', hosts: ['generativelanguage.googleapis.com', 'aiplatform.googleapis.com'], provider_zh: 'Google Gemini', provider_en: 'Google Gemini' },
+    { id: 'azure-openai', hosts: ['openai.azure.com'], provider_zh: 'Azure OpenAI', provider_en: 'Azure OpenAI' },
+    { id: 'aws-bedrock', hosts: ['bedrock-runtime', 'bedrock.', 'amazonaws.com'], provider_zh: 'AWS Bedrock', provider_en: 'AWS Bedrock' },
+    { id: 'cohere', hosts: ['api.cohere.ai', 'api.cohere.com'], provider_zh: 'Cohere', provider_en: 'Cohere' },
+    { id: 'mistral', hosts: ['api.mistral.ai'], provider_zh: 'Mistral AI', provider_en: 'Mistral AI' },
+    { id: 'groq', hosts: ['api.groq.com'], provider_zh: 'Groq', provider_en: 'Groq' },
+    { id: 'together', hosts: ['api.together.xyz', 'api.together.ai'], provider_zh: 'Together AI', provider_en: 'Together AI' },
+    { id: 'perplexity', hosts: ['api.perplexity.ai'], provider_zh: 'Perplexity', provider_en: 'Perplexity' },
+    { id: 'openrouter', hosts: ['openrouter.ai'], provider_zh: 'OpenRouter (聚合网关)', provider_en: 'OpenRouter (gateway)' },
+    { id: 'huggingface', hosts: ['api-inference.huggingface.co', 'huggingface.co'], provider_zh: 'HuggingFace', provider_en: 'HuggingFace' },
+    { id: 'xai', hosts: ['api.x.ai'], provider_zh: 'xAI Grok', provider_en: 'xAI Grok' },
+];
+/**
+ * 从任意字符串（URL / base_url / 命令行 / 配置）中提取主机名并判断是否境外大模型端点。
+ * 同时识别裸 URL 与命令行里的 https://... 形式。
+ */
+export function detectOverseasLLM(text) {
+    if (!text)
+        return { isOverseas: false };
+    const lower = text.toLowerCase();
+    // 提取所有候选主机名：URL 中的 host，或文本中出现的端点关键字
+    const hosts = extractHosts(lower);
+    for (const ep of OVERSEAS_LLM_ENDPOINTS) {
+        for (const h of ep.hosts) {
+            // host 列表里带 '.' 或子串形式（如 'bedrock.'）做包含匹配，纯域名做后缀/相等匹配
+            const hit = hosts.some(host => host === h || host.endsWith('.' + h) || host.includes(h))
+                || lower.includes('://' + h)
+                || lower.includes(h);
+            if (hit) {
+                return {
+                    isOverseas: true,
+                    endpointId: ep.id,
+                    provider_zh: ep.provider_zh,
+                    provider_en: ep.provider_en,
+                    host: h,
+                };
+            }
+        }
+    }
+    return { isOverseas: false };
+}
+// ===== 境外大模型 SDK 依赖检测 =====
+// 几乎每个国产 AI 项目的依赖清单里都躺着 openai/anthropic 等境外 SDK —— 这是
+// 一条"数据出境通道"，命中率远高于扫 URL 字符串。英文工具不会把它框定为"出境"。
+/** 包名（小写）→ 厂商 */
+export const OVERSEAS_LLM_PACKAGES = {
+    // npm
+    'openai': { zh: 'OpenAI', en: 'OpenAI' },
+    '@anthropic-ai/sdk': { zh: 'Anthropic Claude', en: 'Anthropic Claude' },
+    '@google/generative-ai': { zh: 'Google Gemini', en: 'Google Gemini' },
+    '@google-cloud/aiplatform': { zh: 'Google Vertex AI', en: 'Google Vertex AI' },
+    'cohere-ai': { zh: 'Cohere', en: 'Cohere' },
+    '@mistralai/mistralai': { zh: 'Mistral AI', en: 'Mistral AI' },
+    'groq-sdk': { zh: 'Groq', en: 'Groq' },
+    '@huggingface/inference': { zh: 'HuggingFace', en: 'HuggingFace' },
+    'replicate': { zh: 'Replicate', en: 'Replicate' },
+    '@langchain/openai': { zh: 'OpenAI (LangChain)', en: 'OpenAI (LangChain)' },
+    '@langchain/anthropic': { zh: 'Anthropic (LangChain)', en: 'Anthropic (LangChain)' },
+    '@langchain/google-genai': { zh: 'Gemini (LangChain)', en: 'Gemini (LangChain)' },
+    // python
+    'anthropic': { zh: 'Anthropic Claude', en: 'Anthropic Claude' },
+    'google-generativeai': { zh: 'Google Gemini', en: 'Google Gemini' },
+    'google-cloud-aiplatform': { zh: 'Google Vertex AI', en: 'Google Vertex AI' },
+    'cohere': { zh: 'Cohere', en: 'Cohere' },
+    'mistralai': { zh: 'Mistral AI', en: 'Mistral AI' },
+    'groq': { zh: 'Groq', en: 'Groq' },
+    'together': { zh: 'Together AI', en: 'Together AI' },
+    'huggingface-hub': { zh: 'HuggingFace', en: 'HuggingFace' },
+    'langchain-openai': { zh: 'OpenAI (LangChain)', en: 'OpenAI (LangChain)' },
+    'langchain-anthropic': { zh: 'Anthropic (LangChain)', en: 'Anthropic (LangChain)' },
+    'langchain-google-genai': { zh: 'Gemini (LangChain)', en: 'Gemini (LangChain)' },
+    // go
+    'github.com/sashabaranov/go-openai': { zh: 'OpenAI (Go)', en: 'OpenAI (Go)' },
+    'github.com/anthropics/anthropic-sdk-go': { zh: 'Anthropic (Go)', en: 'Anthropic (Go)' },
+};
+/** 依赖清单文件名（小写）判定 */
+export function isDependencyManifest(filename) {
+    const f = filename.toLowerCase();
+    return f === 'package.json' || f === 'requirements.txt' || f === 'pyproject.toml' || f === 'go.mod';
+}
+/**
+ * 从依赖清单内容中提取境外大模型 SDK 依赖。
+ * 对 package.json 解析 JSON 的 deps/devDeps/peerDeps；其余按"出现包名"宽松匹配。
+ */
+export function detectOverseasDeps(filename, content) {
+    const f = filename.toLowerCase();
+    const names = new Set();
+    if (f === 'package.json') {
+        try {
+            const json = JSON.parse(content);
+            for (const field of ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies']) {
+                const deps = json[field];
+                if (deps && typeof deps === 'object') {
+                    for (const k of Object.keys(deps))
+                        names.add(k.toLowerCase());
+                }
+            }
+        }
+        catch { /* 解析失败则跳过 */ }
+    }
+    else {
+        // requirements.txt / pyproject.toml / go.mod：按行宽松提取包名 token
+        for (const raw of content.split('\n')) {
+            const line = raw.trim().toLowerCase();
+            if (!line || line.startsWith('#') || line.startsWith('//'))
+                continue;
+            // 提取依赖名：requirements `pkg==x` / pyproject `"pkg>=x"` / go.mod `module vX`
+            const tokens = line.match(/[a-z0-9_.\-\/@]+/g) || [];
+            for (const t of tokens)
+                names.add(t);
+        }
+    }
+    const matches = [];
+    const seen = new Set();
+    for (const [pkg, prov] of Object.entries(OVERSEAS_LLM_PACKAGES)) {
+        if (names.has(pkg.toLowerCase()) && !seen.has(pkg)) {
+            seen.add(pkg);
+            matches.push({ pkg, provider_zh: prov.zh, provider_en: prov.en });
+        }
+    }
+    return matches;
+}
+/** 从文本中粗提取主机名（URL host 段） */
+function extractHosts(lowerText) {
+    const hosts = [];
+    const urlRe = /https?:\/\/([a-z0-9.\-]+)(?::\d+)?/g;
+    let m;
+    while ((m = urlRe.exec(lowerText)) !== null) {
+        hosts.push(m[1]);
+    }
+    return hosts;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.6.1",
+  "version": "0.6.2",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [
@@ -43,7 +43,7 @@
   },
   "type": "module",
   "bin": {
-    "shellward": "dist/mcp-server.js",
+    "shellward": "dist/cli.js",
     "shellward-mcp": "dist/mcp-server.js"
   },
   "main": "dist/index.js",
@@ -57,8 +57,9 @@
   "scripts": {
     "build": "tsc",
     "mcp": "npx tsx src/mcp-server.ts",
-    "test": "npx tsx test-sdk.ts && npx tsx test-integration.ts && npx tsx test-edge-cases.ts && npx tsx test-rugpull.ts && npx tsx test-redos.ts && npx tsx test-mcp-client.ts && npx tsx test-mcp.ts",
+    "test": "npx tsx test-sdk.ts && npx tsx test-integration.ts && npx tsx test-edge-cases.ts && npx tsx test-rugpull.ts && npx tsx test-redos.ts && npx tsx test-mcp-client.ts && npx tsx test-mcp.ts && npx tsx test-compliance.ts",
     "test:redos": "npx tsx test-redos.ts",
+    "test:compliance": "npx tsx test-compliance.ts",
     "test:integration": "npx tsx test-integration.ts",
     "test:edge": "npx tsx test-edge-cases.ts",
     "test:sdk": "npx tsx test-sdk.ts",

package/src/cli.ts

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+// src/cli.ts — ShellWard CLI 入口（零安装合规体检）
+//
+//   npx shellward            → 扫描当前项目，输出合规体检评分卡
+//   npx shellward scan [dir] → 同上，可指定目录
+//   npx shellward scan --json→ 输出 JSON（CI 用）
+//   npx shellward mcp        → 启动 MCP 服务器（stdio，向后兼容）
+//   npx shellward --help
+//
+// 设计目标：30 秒、零配置、出一张可截图的「你的项目」合规风险报告。
+
+import { resolve } from 'path'
+import { writeFileSync } from 'fs'
+import { ShellWard } from './core/engine.js'
+import { runProjectComplianceAudit } from './compliance/audit.js'
+import { renderComplianceReport, renderProjectFindings } from './compliance/report.js'
+import { resolveLocale } from './types.js'
+
+const argv = process.argv.slice(2)
+const wantsHelp = argv.includes('--help') || argv.includes('-h') || argv[0] === 'help'
+const cmd = argv[0] && !argv[0].startsWith('-') ? argv[0] : 'scan'
+
+async function main() {
+  if (wantsHelp) {
+    printHelp()
+    return
+  }
+
+  if (cmd === 'mcp') {
+    // 转发到 MCP 服务器（import 即启动 stdio 循环）
+    await import('./mcp-server.js')
+    return
+  }
+
+  if (cmd === 'scan') {
+    runScan(argv.slice(1))
+    return
+  }
+
+  console.error(`未知命令: ${cmd}\n`)
+  printHelp()
+  process.exit(2)
+}
+
+function runScan(args: string[]) {
+  const json = args.includes('--json')
+  const ci = args.includes('--ci')
+  const outPath = flagValue(args, '--out')
+  const dirArg = args.find(a => !a.startsWith('-'))
+  const root = resolve(dirArg || process.cwd())
+
+  // 用环境变量解析 locale；layers/mode 用默认（代表「采用 ShellWard 默认部署」的合规覆盖）
+  const guard = new ShellWard({
+    locale: (process.env.SHELLWARD_LOCALE as any) || 'auto',
+    mode: (process.env.SHELLWARD_MODE as any) || 'enforce',
+    autoCheckOnStartup: false,
+  })
+  const locale = resolveLocale(guard.config)
+  const zh = locale === 'zh'
+
+  const { report, scan } = runProjectComplianceAudit(guard.config, root)
+
+  if (json) {
+    process.stdout.write(JSON.stringify({
+      root,
+      score: report.score,
+      grade: report.grade,
+      summary: { passed: report.passed, warned: report.warned, failed: report.failed, manual: report.manual },
+      projectScan: {
+        filesScanned: scan.filesScanned,
+        truncated: scan.truncated,
+        counts: scan.counts,
+        findings: scan.findings,
+      },
+      controls: report.results.map(r => ({
+        id: r.control.id, regulation: r.control.regulation, status: r.status,
+      })),
+    }, null, 2) + '\n')
+  } else {
+    // 头条：项目实测风险（关于「你的项目」）+ 合规映射评分卡
+    const body = [
+      renderProjectFindings(scan, locale),
+      renderComplianceReport(report, locale),
+    ].join('\n')
+
+    if (outPath) {
+      const doc = `<!-- 扫描目录: ${root} -->\n\n` + body + '\n'
+      writeFileSync(resolve(outPath), doc, 'utf-8')
+      process.stdout.write(zh
+        ? `✅ 合规报告已导出: ${resolve(outPath)}\n   得分 ${report.score}/100 [${report.grade}]，可存档用于备案/审计。\n`
+        : `✅ Compliance report exported: ${resolve(outPath)}\n   Score ${report.score}/100 [${report.grade}].\n`)
+    } else {
+      const out = [
+        zh ? `\n扫描目录: ${root}\n` : `\nScanned: ${root}\n`,
+        body,
+        '',
+        zh
+          ? '💡 这是只读扫描，未上传任何数据。要在运行时自动拦截风险，把 ShellWard 作为 MCP/插件接入你的 AI Agent。'
+          : '💡 Read-only scan, nothing uploaded. To block these risks at runtime, integrate ShellWard as an MCP server/plugin in your AI agent.',
+      ]
+      process.stdout.write(out.join('\n') + '\n')
+    }
+  }
+
+  // CI 模式：有 critical 项目发现则非零退出
+  if (ci) {
+    const criticals = scan.findings.filter(f => f.severity === 'critical').length
+    if (criticals > 0) process.exit(1)
+  }
+}
+
+/** 取 `--flag value` 或 `--flag=value` 的值 */
+function flagValue(args: string[], flag: string): string | undefined {
+  const i = args.indexOf(flag)
+  if (i >= 0 && args[i + 1] && !args[i + 1].startsWith('-')) return args[i + 1]
+  const eq = args.find(a => a.startsWith(flag + '='))
+  return eq ? eq.slice(flag.length + 1) : undefined
+}
+
+function printHelp() {
+  const lang = (process.env.SHELLWARD_LOCALE === 'en') ? 'en' : 'zh'
+  if (lang === 'en') {
+    console.log(`ShellWard — AI compliance gateway
+
+Usage:
+  shellward [scan] [dir]   Scan a project for compliance risks (default)
+  shellward scan --json    Output JSON (for CI)
+  shellward scan --ci      Exit non-zero if critical findings
+  shellward scan --out f   Export the full report to a Markdown file
+  shellward mcp            Start MCP server (stdio)
+  shellward --help
+
+Detects: overseas LLM endpoints (data-export risk), hardcoded secrets,
+PII in files, .env permissions. Maps to CSL / PIPL / MLPS / cross-border / labeling.`)
+  } else {
+    console.log(`ShellWard — AI 合规网关
+
+用法:
+  shellward [scan] [目录]   扫描项目的合规风险（默认命令）
+  shellward scan --json     输出 JSON（CI 用）
+  shellward scan --ci       有 critical 发现时非零退出
+  shellward scan --out 文件  导出完整报告为 Markdown（合规存档）
+  shellward mcp             启动 MCP 服务器（stdio）
+  shellward --help
+
+检测: 境外大模型端点(数据出境)、硬编码密钥、文件中的个人信息、.env 权限。
+映射到 网安法 / PIPL / 等保2.0 / 数据出境 / AI标识。`)
+  }
+}
+
+main().catch(err => {
+  console.error(`[ShellWard] ${err?.message || err}`)
+  process.exit(1)
+})

package/src/commands/compliance.ts

@@ -0,0 +1,25 @@
+// src/commands/compliance.ts — /compliance 命令：一键合规体检报告
+//
+// 月1 获客钩子的命令形态。扫一遍配置 + 环境 + 审计日志 + 出境端点，
+// 输出网安法/PIPL/等保/数据出境/AI标识 的红黄绿合规评分卡。
+
+import type { ShellWardConfig } from '../types.js'
+import { resolveLocale } from '../types.js'
+import { runComplianceAudit } from '../compliance/audit.js'
+import { renderComplianceReport } from '../compliance/report.js'
+
+export function registerComplianceCommand(api: any, config: ShellWardConfig) {
+  const locale = resolveLocale(config)
+
+  api.registerCommand({
+    name: 'compliance',
+    description: locale === 'zh'
+      ? '📋 AI 应用合规体检（网安法/PIPL/等保/数据出境/AI标识）'
+      : '📋 AI compliance health check (CSL/PIPL/MLPS/Cross-border/Labeling)',
+    acceptsArgs: false,
+    handler: () => {
+      const report = runComplianceAudit(config)
+      return { text: renderComplianceReport(report, locale) }
+    },
+  })
+}

package/src/commands/index.ts

@@ -9,6 +9,7 @@ import { registerScanPluginsCommand } from './scan-plugins.js'
 import { registerScanMcpCommand } from './scan-mcp.js'
 import { registerCheckUpdatesCommand } from './check-updates.js'
 import { registerUpgradeOpenClawCommand } from './upgrade-openclaw.js'
+import { registerComplianceCommand } from './compliance.js'
 
 /** @returns number of registered commands (for the startup log). */
 export function registerAllCommands(api: any, config: ShellWardConfig): number {
@@ -22,6 +23,7 @@ export function registerAllCommands(api: any, config: ShellWardConfig): number {
   registerScanMcpCommand(api, config)
   registerCheckUpdatesCommand(api, config)
   registerUpgradeOpenClawCommand(api, config)
+  registerComplianceCommand(api, config)
 
   // Register /cg shortcut with help
   api.registerCommand({
@@ -35,6 +37,7 @@ export function registerAllCommands(api: any, config: ShellWardConfig): number {
 
 | 命令 | 说明 |
 |------|------|
+| \`/compliance\` | 🆕 AI 合规体检（网安法/PIPL/等保/数据出境/AI标识 红黄绿评分卡） |
 | \`/security\` | 安全状态总览（防御层、审计统计、系统检查） |
 | \`/audit [数量] [过滤]\` | 查看审计日志 (过滤: block/audit/critical/high) |
 | \`/harden\` | 安全扫描 · \`/harden fix\` 自动修复权限 |
@@ -50,6 +53,7 @@ L5 安全门 · L6 回复审计 · L7 数据流监控 · L8 会话安全`
 
 | Command | Description |
 |---------|-------------|
+| \`/compliance\` | 🆕 AI compliance check (CSL/PIPL/MLPS/cross-border/labeling scorecard) |
 | \`/security\` | Security status overview (layers, audit stats, system checks) |
 | \`/audit [count] [filter]\` | View audit log (filter: block/audit/critical/high) |
 | \`/harden\` | Security scan · \`/harden fix\` to auto-fix permissions |
@@ -64,6 +68,6 @@ L5 Security Gate · L6 Outbound Guard · L7 Data Flow Guard · L8 Session Guard`
     }),
   })
 
-  // 7 individual commands + /cg help
-  return 8
+  // 8 individual commands + /cg help
+  return 9
 }