shellward 0.6.6 → 0.6.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +21 -10
  2. package/dist/compliance/project-scan.js +0 -0
  3. package/package.json +1 -1
  4. package/src/compliance/project-scan.ts +0 -0
package/README.md CHANGED
@@ -4,41 +4,52 @@
4
4
 
5
5
  # ShellWard
6
6
 
7
- **AI Agent Security & Compliance Gateway** the AI agent security middleware built for **China's regulatory regime** (网安法 / PIPL / 等保2.0 / 数据出境 / AI标识). Scan your project for compliance risks, then block prompt injection, data exfiltration, and dangerous commands at runtime. Chinese-language threat detection + Chinese PII + zero dependencies — things English tools don't do.
7
+ **AI 应用合规网关**为中国监管而生的 AI Agent 安全合规工具(网安法 2026 / PIPL / 等保2.0 / 数据出境 / AI标识)。先一行命令体检项目合规风险,再在运行时拦截提示注入、数据外泄与危险命令。中文威胁检测 + 中文 PII + 零依赖——英文工具不做的事。
8
8
 
9
9
  [![npm](https://img.shields.io/npm/v/shellward?color=cb0000&label=npm)](https://www.npmjs.com/package/shellward)
10
10
  [![license](https://img.shields.io/badge/license-Apache--2.0-blue)](./LICENSE)
11
- [![tests](https://img.shields.io/badge/tests-262%20passing-brightgreen)](#performance)
11
+ [![tests](https://img.shields.io/badge/tests-263%20passing-brightgreen)](#performance)
12
12
  [![deps](https://img.shields.io/badge/dependencies-0-brightgreen)](#performance)
13
13
 
14
- **🌐 Website: https://jnmetacode.github.io/shellward/**
14
+ **🌐 官网: https://jnmetacode.github.io/shellward/**
15
15
 
16
- [English](#demo) | [中文](#中文)
16
+ [中文](#30-秒合规体检) | [English](#english)
17
17
 
18
- ## 30-Second Compliance Scan
18
+ ## 30 秒合规体检
19
19
 
20
- Zero install, read-only, nothing uploaded. Scan your AI project for compliance risks right now:
20
+ 零安装、只读、不上传任何数据。一行命令,扫出你的 AI 项目踩了哪些合规红线:
21
21
 
22
22
  ```bash
23
23
  npx shellward scan
24
24
  ```
25
25
 
26
- Outputs a red/yellow/green scorecard mapped to 网安法 / PIPL / 等保2.0 / 数据出境 / AI标识, plus the concrete `file:line` findings in your project:
26
+ 输出一张映射到 **网安法 / PIPL / 等保2.0 / 数据出境 / AI标识** 的红黄绿评分卡,并精确到 `文件:行`:
27
27
 
28
28
  ```
29
29
  ## 🔍 项目实测风险
30
30
  🌐 数据出境风险: 2 | 🔑 硬编码密钥: 3 | 🪪 个人信息暴露: 2 | 📂 .env 权限: 1
31
31
 
32
32
  - .env:2 境外大模型端点: OpenAI — 向其发送个人信息即构成数据出境
33
+ - package.json:12 境外大模型 SDK 依赖: openai — 项目内含数据出境通道
33
34
  - src/config.ts:3 硬编码 GitHub Token: ghp_12*** — 凭据不应写入源码
34
35
  - customers.csv:2 手机号 13912*** — 个人信息出现在文件中,需评估脱敏
35
36
 
36
- 合规得分: 75/100 [B] 🟢 8 | 🟡 3 | 🔴 1 | ⚪ 2
37
+ 合规得分: 63/100 [C]
37
38
  ```
38
39
 
39
- `npx shellward scan --json` for CI · `--ci` to fail the build on critical findings · `--html report.html` for a self-contained report you can print to PDF for 备案/audit · see [GitHub Action](#github-action-pr-compliance-gate).
40
+ `--json` CI · `--ci` 发现 critical 时让构建失败 · `--html report.html` 导出可打印成 PDF 的报告(备案/审计存档)· 也可作 [GitHub Action](#github-action-pr-compliance-gate) 接入 PR 门禁。
41
+
42
+ > 检测重点:**境外大模型端点与 SDK 依赖(数据出境——中国独有、英文工具没有的概念)**、硬编码密钥、文件中的中文 PII、`.env` 暴露。扫到境外模型(如 `openai` 依赖)时,**直接给出境内合规替代**(通义千问 / DeepSeek / Kimi / 智谱)及其 OpenAI 兼容 `base_url`——多数迁移只需改一个 `base_url`。
43
+
44
+ 更多命令、运行时防护(MCP / 插件)、与英文文档见下方 [English](#english) 章节。
45
+
46
+ ---
47
+
48
+ ## English
49
+
50
+ **AI Agent Security & Compliance Gateway** — the AI agent security middleware built for **China's regulatory regime** (CSL / PIPL / MLPS 2.0 / cross-border data / AI labeling). Scan your project for compliance risks, then block prompt injection, data exfiltration, and dangerous commands at runtime. Chinese-language threat detection + Chinese PII + zero dependencies — things English tools don't do.
40
51
 
41
- > Detects overseas-LLM endpoints (**data-export risk** a China-only concept English tools ignore), hardcoded secrets, Chinese PII in files, and `.env` exposure. When it finds an overseas model (e.g. an `openai` dependency), it **prescribes domestic compliant alternatives** (通义千问 / DeepSeek / Kimi / 智谱) with their OpenAI-compatible `base_url` — most migrations are just a `base_url` swap.
52
+ Quick start: `npx shellward scan`zero install, read-only, nothing uploaded. Outputs a red/yellow/green scorecard mapped to Chinese regulations plus concrete `file:line` findings, and prescribes domestic compliant model alternatives for any overseas LLM it finds.
42
53
 
43
54
  ## Demo
44
55
 
package/dist/compliance/project-scan.js CHANGED
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shellward",
3
- "version": "0.6.6",
3
+ "version": "0.6.7",
4
4
  "mcpName": "io.github.jnMetaCode/shellward",
5
5
  "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
6
6
  "keywords": [
package/src/compliance/project-scan.ts CHANGED
Binary file