ship-safe 6.0.0 → 6.1.1

package/cli/agents/index.js

@@ -25,6 +25,8 @@ export { RAGSecurityAgent } from './rag-security-agent.js';
 export { PIIComplianceAgent } from './pii-compliance-agent.js';
 export { VibeCodingAgent } from './vibe-coding-agent.js';
 export { ExceptionHandlerAgent } from './exception-handler-agent.js';
+export { AgentConfigScanner } from './agent-config-scanner.js';
+export { ABOMGenerator } from './abom-generator.js';
 export { VerifierAgent } from './verifier-agent.js';
 export { DeepAnalyzer } from './deep-analyzer.js';
 export { ScoringEngine, GRADES, CATEGORIES } from './scoring-engine.js';
@@ -33,7 +35,7 @@ export { PolicyEngine } from './policy-engine.js';
 export { HTMLReporter } from './html-reporter.js';
 
 /**
- * Create a fully configured orchestrator with all 15 scanning agents.
+ * Create a fully configured orchestrator with all 16 scanning agents.
  * (VerifierAgent and DeepAnalyzer run as post-processors, not in the agent pool.)
  */
 import { Orchestrator as OrchestratorClass } from './orchestrator.js';
@@ -54,6 +56,7 @@ import { RAGSecurityAgent as RAGSecurityAgentClass } from './rag-security-agent.
 import { PIIComplianceAgent as PIIComplianceAgentClass } from './pii-compliance-agent.js';
 import { VibeCodingAgent as VibeCodingAgentClass } from './vibe-coding-agent.js';
 import { ExceptionHandlerAgent as ExceptionHandlerAgentClass } from './exception-handler-agent.js';
+import { AgentConfigScanner as AgentConfigScannerClass } from './agent-config-scanner.js';
 
 export function buildOrchestrator() {
   const orchestrator = new OrchestratorClass();
@@ -75,6 +78,7 @@ export function buildOrchestrator() {
     new PIIComplianceAgentClass(),
     new VibeCodingAgentClass(),
     new ExceptionHandlerAgentClass(),
+    new AgentConfigScannerClass(),
   ]);
   return orchestrator;
 }

package/cli/agents/scoring-engine.js

@@ -11,6 +11,7 @@
 
 import fs from 'fs';
 import path from 'path';
+import { getComplianceSummary } from '../utils/compliance-map.js';
 
 // =============================================================================
 // SCORING CONFIGURATION
@@ -47,6 +48,7 @@ const FALLBACK_CATEGORY_MAP = {
   'rag': 'llm',
   'vibe': 'injection',        // Vibe coding findings → Code Vulnerabilities
   'exception': 'injection',   // OWASP A10:2025 — Mishandling of Exceptional Conditions
+  'agent-config': 'llm',      // Agent config security → AI/LLM category
   'recon': null,               // skip recon findings
 };
 
@@ -136,12 +138,21 @@ export class ScoringEngine {
     const score = Math.max(0, 100 - totalDeduction);
     const grade = GRADES.find(g => score >= g.min);
 
+    // ── Compliance mapping ─────────────────────────────────────────────────
+    let compliance;
+    try {
+      compliance = getComplianceSummary(findings);
+    } catch {
+      compliance = null;
+    }
+
     return {
       score,
       grade,
       categories: categoryResults,
       totalFindings: findings.length,
       totalDepVulns: depVulns.length,
+      compliance,
     };
   }
 

package/cli/bin/ship-safe.js

@@ -40,6 +40,11 @@ import { ciCommand } from '../commands/ci.js';
 import { diffCommand } from '../commands/diff.js';
 import { vibeCheckCommand } from '../commands/vibe-check.js';
 import { benchmarkCommand } from '../commands/benchmark.js';
+import { openclawCommand } from '../commands/openclaw.js';
+import { scanSkillCommand } from '../commands/scan-skill.js';
+import { abomCommand } from '../commands/abom.js';
+import { updateIntelCommand } from '../commands/update-intel.js';
+import { ABOMGenerator } from '../agents/abom-generator.js';
 import { PolicyEngine } from '../agents/policy-engine.js';
 import { SBOMGenerator } from '../agents/sbom-generator.js';
 
@@ -110,6 +115,7 @@ program
   .option('--gitignore', 'Only copy .gitignore')
   .option('--headers', 'Only copy security headers config')
   .option('--agents', 'Only add security rules to AI agent instruction files (CLAUDE.md, .cursor/rules/, .windsurfrules, copilot-instructions.md)')
+  .option('--openclaw', 'Generate a hardened openclaw.json template')
   .action(initCommand);
 
 // -----------------------------------------------------------------------------
@@ -128,6 +134,7 @@ program
   .command('guard [action]')
   .description('Install a git hook to block pushes if secrets are found')
   .option('--pre-commit', 'Install as pre-commit hook instead of pre-push')
+  .option('--generate-hooks', 'Generate defensive Claude Code hooks (.claude/settings.json)')
   .action(guardCommand);
 
 // -----------------------------------------------------------------------------
@@ -192,7 +199,7 @@ program
 // -----------------------------------------------------------------------------
 program
   .command('audit [path]')
-  .description('Full security audit: secrets + 17 agents + deps + score + deep analysis + remediation plan')
+  .description('Full security audit: secrets + 18 agents + deps + score + deep analysis + remediation plan')
   .option('--json', 'Output results as JSON')
   .option('--sarif', 'Output results in SARIF format')
   .option('--csv', 'Output results as CSV')
@@ -230,7 +237,7 @@ program
 // -----------------------------------------------------------------------------
 program
   .command('red-team [path]')
-  .description('Multi-agent security audit: 17 agents scan for 80+ attack classes')
+  .description('Multi-agent security audit: 18 agents scan for 80+ attack classes')
   .option('--agents <list>', 'Comma-separated list of agents to run')
   .option('--json', 'Output results as JSON')
   .option('--sarif', 'Output results in SARIF format')
@@ -252,6 +259,7 @@ program
   .command('watch [path]')
   .description('Continuous monitoring: watch files for security issues in real-time')
   .option('--poll', 'Use polling mode (for network drives)')
+  .option('--configs', 'Watch only agent config files (openclaw.json, .cursorrules, mcp.json, etc.)')
   .action(watchCommand);
 
 // -----------------------------------------------------------------------------
@@ -327,6 +335,47 @@ program
   .option('--json', 'Output results as JSON')
   .action(benchmarkCommand);
 
+// -----------------------------------------------------------------------------
+// OPENCLAW COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('openclaw [path]')
+  .description('OpenClaw security scan: agent configs, MCP servers, skills, hooks')
+  .option('--fix', 'Auto-harden OpenClaw and agent configurations')
+  .option('--preflight', 'Exit non-zero on critical findings (for CI)')
+  .option('--red-team', 'Simulate adversarial attacks against agent configs')
+  .option('--json', 'Output results as JSON')
+  .action(openclawCommand);
+
+// -----------------------------------------------------------------------------
+// SCAN-SKILL COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('scan-skill [target]')
+  .description('Analyze an AI agent skill for security issues before installing it')
+  .option('--all', 'Scan all skills defined in openclaw.json')
+  .option('--json', 'Output results as JSON')
+  .action(scanSkillCommand);
+
+// -----------------------------------------------------------------------------
+// ABOM COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('abom [path]')
+  .description('Generate Agent Bill of Materials (CycloneDX ABOM) — MCP servers, skills, configs, LLM providers')
+  .option('-o, --output <file>', 'Output file path', 'abom.json')
+  .option('--json', 'Output to stdout as JSON')
+  .action(abomCommand);
+
+// -----------------------------------------------------------------------------
+// UPDATE-INTEL COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('update-intel')
+  .description('Update threat intelligence feed (malicious skill hashes, compromised MCP servers)')
+  .option('--url <url>', 'Custom feed URL')
+  .action(updateIntelCommand);
+
 // -----------------------------------------------------------------------------
 // DOCTOR COMMAND
 // -----------------------------------------------------------------------------
@@ -344,15 +393,19 @@ if (process.argv.length === 2) {
   console.log(banner);
   console.log(chalk.yellow('\nQuick start:\n'));
   console.log(chalk.cyan.bold('  v6.0 — Full Security Audit'));
-  console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + 17 agents + deps + remediation'));
+  console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + 18 agents + deps + remediation'));
   console.log(chalk.white('  npx ship-safe audit . --deep') + chalk.gray('# LLM-powered taint analysis (Anthropic/Ollama)'));
-  console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 17-agent red team scan (80+ attack classes)'));
+  console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 18-agent red team scan (80+ attack classes)'));
   console.log(chalk.white('  npx ship-safe vibe-check .  ') + chalk.gray('# Fun security check with emoji & shareable badge'));
   console.log(chalk.white('  npx ship-safe benchmark .   ') + chalk.gray('# Compare score against industry averages'));
   console.log(chalk.white('  npx ship-safe ci .          ') + chalk.gray('# CI/CD mode: scan, score, exit code'));
   console.log(chalk.white('  npx ship-safe diff          ') + chalk.gray('# Scan only changed files (fast pre-commit)'));
   console.log(chalk.white('  npx ship-safe watch .       ') + chalk.gray('# Continuous monitoring mode'));
+  console.log(chalk.white('  npx ship-safe openclaw .    ') + chalk.gray('# OpenClaw & agent config security scan'));
+  console.log(chalk.white('  npx ship-safe scan-skill <u>') + chalk.gray('# Vet a skill before installing'));
+  console.log(chalk.white('  npx ship-safe abom .        ') + chalk.gray('# Agent Bill of Materials (CycloneDX)'));
   console.log(chalk.white('  npx ship-safe sbom .        ') + chalk.gray('# Generate CycloneDX SBOM (CRA-ready)'));
+  console.log(chalk.white('  npx ship-safe update-intel  ') + chalk.gray('# Update threat intelligence feed'));
   console.log(chalk.white('  npx ship-safe policy init   ') + chalk.gray('# Create security policy template'));
   console.log(chalk.white('  npx ship-safe doctor        ') + chalk.gray('# Check environment and configuration'));
   console.log();

package/cli/commands/abom.js

@@ -0,0 +1,73 @@
+/**
+ * ABOM Command
+ * =============
+ *
+ * Generate an Agent Bill of Materials in CycloneDX format.
+ * Lists all AI agent components: MCP servers, skills, configs, LLM providers.
+ *
+ * USAGE:
+ *   ship-safe abom [path]               Generate ABOM
+ *   ship-safe abom . -o agent-bom.json  Custom output path
+ */
+
+import path from 'path';
+import chalk from 'chalk';
+import { ABOMGenerator } from '../agents/abom-generator.js';
+import * as output from '../utils/output.js';
+
+export async function abomCommand(targetPath = '.', options = {}) {
+  const absolutePath = path.resolve(targetPath);
+  const outputFile = options.output || 'abom.json';
+
+  console.log();
+  output.header('Ship Safe — Agent Bill of Materials');
+  console.log();
+
+  const generator = new ABOMGenerator();
+  const bom = generator.generate(absolutePath);
+
+  if (options.json) {
+    console.log(JSON.stringify(bom, null, 2));
+    return;
+  }
+
+  generator.generateToFile(absolutePath, outputFile);
+
+  const agentComponents = bom.components.filter(c => c.properties?.some(p => p.name?.startsWith('agent:')));
+  const mcpServers = agentComponents.filter(c => c.properties?.some(p => p.value === 'mcp-server'));
+  const skills = agentComponents.filter(c => c.properties?.some(p => p.value === 'openclaw-skill'));
+  const configs = agentComponents.filter(c => c.properties?.some(p => p.value === 'agent-rules' || p.value === 'agent-config'));
+  const providers = agentComponents.filter(c => c.properties?.some(p => p.value === 'llm-provider'));
+
+  console.log(chalk.gray(`  Project: ${bom.metadata.component.name}`));
+  console.log();
+  console.log(`  ${chalk.cyan('MCP Servers')}:      ${mcpServers.length}`);
+  console.log(`  ${chalk.cyan('OpenClaw Skills')}:  ${skills.length}`);
+  console.log(`  ${chalk.cyan('Agent Configs')}:    ${configs.length}`);
+  console.log(`  ${chalk.cyan('LLM Providers')}:    ${providers.length}`);
+  console.log(`  ${chalk.cyan('Total Components')}: ${bom.components.length}`);
+  console.log();
+
+  if (mcpServers.length > 0) {
+    console.log(chalk.white.bold('  MCP Servers:'));
+    for (const s of mcpServers) {
+      const cmd = s.properties?.find(p => p.name === 'agent:command')?.value || 'N/A';
+      console.log(chalk.gray(`    · ${s.name} (${cmd})`));
+    }
+    console.log();
+  }
+
+  if (skills.length > 0) {
+    console.log(chalk.white.bold('  OpenClaw Skills:'));
+    for (const s of skills) {
+      const verified = s.properties?.find(p => p.name === 'agent:verified')?.value;
+      const icon = verified === 'true' ? chalk.green('✔') : chalk.yellow('?');
+      console.log(chalk.gray(`    ${icon} ${s.name}`));
+    }
+    console.log();
+  }
+
+  console.log(chalk.green(`  ✔ ABOM saved to ${outputFile}`));
+  console.log(chalk.gray(`    Format: CycloneDX ${bom.specVersion}`));
+  console.log();
+}

package/cli/commands/audit.js

@@ -391,6 +391,7 @@ export async function auditCommand(targetPath = '.', options = {}) {
     reporter.generateFullReport(scoreResult, filteredFindings, depVulns, recon, remediationPlan, absolutePath, htmlPath);
     console.log();
     console.log(chalk.cyan(`  Full report: ${chalk.white.bold(htmlPath)}`));
+    console.log(chalk.gray(`  Dashboard:   `) + chalk.cyan('https://shipsafecli.com/app'));
 
     // PDF export
     if (options.pdf) {
@@ -662,6 +663,7 @@ function outputJSON(scoreResult, findings, depVulns, recon, agentResults, remedi
     recon,
     agents: agentResults,
   };
+  if (scoreResult.compliance) output.compliance = scoreResult.compliance;
   if (suppressions) output.suppressions = suppressions;
   if (history && history.length >= 2) {
     const prev = history[history.length - 2];

package/cli/commands/ci.js

@@ -311,7 +311,7 @@ function postPRComment(scoreResult, findings, depVulns, rootPath, duration) {
     body += '> No security issues found — looking good! 🎉\n\n';
   }
 
-  body += `<sub>Generated by <a href="https://shipsafecli.com">Ship Safe</a></sub>`;
+  body += `\n---\n<sub>Generated by <a href="https://shipsafecli.com">Ship Safe</a> · <a href="https://shipsafecli.com/app">View full report in dashboard</a></sub>`;
 
   // Post comment via gh CLI
   execFileSync('gh', ['pr', 'comment', prNumber, '--body', body], { // ship-safe-ignore — execFileSync, not MCP

package/cli/commands/guard.js

@@ -136,6 +136,10 @@ export async function guardCommand(action, options = {}) {
     process.exit(1);
   }
 
+  if (options.generateHooks) {
+    return generateClaudeHooks(cwd);
+  }
+
   if (action === 'remove') {
     return removeHooks(gitDir, cwd);
   }
@@ -278,6 +282,101 @@ function removeHooks(gitDir, cwd) {
   }
 }
 
+// =============================================================================
+// CLAUDE CODE DEFENSIVE HOOKS
+// =============================================================================
+
+function generateClaudeHooks(cwd) {
+  output.header('Generating Defensive Claude Code Hooks');
+
+  const claudeDir = path.join(cwd, '.claude');
+  const settingsPath = path.join(claudeDir, 'settings.json');
+
+  // Defensive hooks that block common attack patterns
+  const preToolCmd = [
+    'node -e "',
+    'const c=process.argv[1]||String();',
+    'const bad=[/curl.*[|].*(?:bash|sh|node|python)/i,/wget.*[|].*(?:bash|sh)/i,',
+    '/rm\\s+-rf\\s+\\//,/webhook[.]site|requestbin|ngrok[.]io|pipedream/i,',
+    '/base64.*-d.*[|].*(?:bash|sh)/i];',
+    'const m=bad.find(r=>r.test(c));',
+    'if(m){console.error(String.fromCharCode(10060)+String.fromCharCode(32)+c.slice(0,80));process.exit(1)}',
+    '" "$INPUT"',
+  ].join('');
+
+  const postToolCmd = [
+    'node -e "',
+    'const f=process.argv[1]||String();',
+    'if(/[.]env$|[.]env[.]/.test(f)){console.log(String.fromCharCode(9888)+String.fromCharCode(32)+f)}',
+    '" "$INPUT"',
+  ].join('');
+
+  const defensiveHooks = {
+    hooks: {
+      PreToolUse: [
+        {
+          matcher: 'Bash',
+          command: preToolCmd,
+          description: 'Ship Safe: Block dangerous command patterns (curl|bash, rm -rf /, exfil domains)',
+        },
+      ],
+      PostToolUse: [
+        {
+          matcher: 'Write',
+          command: postToolCmd,
+          description: 'Ship Safe: Alert when .env files are modified',
+        },
+      ],
+    },
+  };
+
+  // Merge with existing settings
+  let existing = {};
+  if (fs.existsSync(settingsPath)) {
+    try {
+      existing = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));
+    } catch { /* fresh start */ }
+  }
+
+  // Merge hooks — don't overwrite existing hooks, append
+  if (!existing.hooks) existing.hooks = {};
+  if (!existing.hooks.PreToolUse) existing.hooks.PreToolUse = [];
+  if (!existing.hooks.PostToolUse) existing.hooks.PostToolUse = [];
+
+  // Check if ship-safe hooks already present
+  const hasPreHook = existing.hooks.PreToolUse.some(h => h.description?.includes('Ship Safe'));
+  const hasPostHook = existing.hooks.PostToolUse.some(h => h.description?.includes('Ship Safe'));
+
+  if (hasPreHook && hasPostHook) {
+    output.warning('Ship Safe hooks already installed in .claude/settings.json');
+    return;
+  }
+
+  if (!hasPreHook) {
+    existing.hooks.PreToolUse.push(...defensiveHooks.hooks.PreToolUse);
+  }
+  if (!hasPostHook) {
+    existing.hooks.PostToolUse.push(...defensiveHooks.hooks.PostToolUse);
+  }
+
+  // Write
+  if (!fs.existsSync(claudeDir)) fs.mkdirSync(claudeDir, { recursive: true });
+  fs.writeFileSync(settingsPath, JSON.stringify(existing, null, 2) + '\n');
+
+  output.success('Defensive hooks installed in .claude/settings.json');
+  console.log();
+  console.log(chalk.gray('  Hooks installed:'));
+  console.log(chalk.gray('    PreToolUse  → Block curl|bash, rm -rf /, exfil domains'));
+  console.log(chalk.gray('    PostToolUse → Alert on .env file modifications'));
+  console.log();
+  console.log(chalk.gray('  These hooks protect against:'));
+  console.log(chalk.gray('    • Remote code execution via piped downloads'));
+  console.log(chalk.gray('    • Data exfiltration to webhook.site/ngrok/requestbin'));
+  console.log(chalk.gray('    • Destructive filesystem operations'));
+  console.log(chalk.gray('    • Unauthorized .env modifications'));
+  console.log();
+}
+
 // =============================================================================
 // UTILITIES
 // =============================================================================

package/cli/commands/init.js

@@ -50,6 +50,11 @@ export async function initCommand(options = {}) {
   // Determine which files to copy.
   // If a specific flag is set, only run that category.
   // With no flags, run everything.
+  // Handle --openclaw flag separately
+  if (options.openclaw) {
+    return handleOpenClawInit(targetDir, options.force, results);
+  }
+
   const hasSpecificFlag = options.gitignore || options.headers || options.agents;
   const copyGitignore = hasSpecificFlag ? !!options.gitignore : true;
   const copyHeaders   = hasSpecificFlag ? !!options.headers   : true;
@@ -296,6 +301,59 @@ async function handleAgentFiles(targetDir, force, results) {
   }
 }
 
+// =============================================================================
+// OPENCLAW HARDENED CONFIG
+// =============================================================================
+
+const HARDENED_OPENCLAW = `{
+  "// SECURITY": "Generated by ship-safe init --openclaw — hardened defaults",
+
+  "// host": "Bind to localhost only — never 0.0.0.0 (CVE-2026-25253 ClawJacked)",
+  "host": "127.0.0.1",
+  "port": 3100,
+
+  "// auth": "Always require authentication — prevents unauthorized agent takeover",
+  "auth": {
+    "type": "apiKey",
+    "key": "\${OPENCLAW_API_KEY}"
+  },
+
+  "// url": "Use wss:// for all non-localhost connections (encrypted WebSocket)",
+  "url": "wss://localhost:3100",
+
+  "// safeBins": "Allowlist of binaries the agent can execute — block everything else",
+  "safeBins": ["node", "git", "npx", "npm"],
+
+  "// skills": "Only add verified skills from trusted sources — ClawHavoc had 1,184 malicious skills",
+  "skills": [],
+
+  "// logging": "Enable audit logging for security monitoring",
+  "logging": {
+    "level": "info",
+    "auditLog": true
+  }
+}
+`;
+
+async function handleOpenClawInit(targetDir, force, results) {
+  const targetPath = path.join(targetDir, 'openclaw.json');
+
+  if (fs.existsSync(targetPath) && !force) {
+    results.skipped.push('openclaw.json (already exists, use -f to overwrite)');
+  } else {
+    fs.writeFileSync(targetPath, HARDENED_OPENCLAW.trim() + '\n');
+    results.copied.push('openclaw.json (hardened template)');
+  }
+
+  printSummary(results);
+
+  console.log(chalk.cyan('Important:'));
+  console.log(chalk.white('  1.') + ' Set the OPENCLAW_API_KEY environment variable');
+  console.log(chalk.white('  2.') + ' Only add verified skills from trusted sources');
+  console.log(chalk.white('  3.') + ' Run ' + chalk.cyan('npx ship-safe openclaw .') + ' to verify security');
+  console.log();
+}
+
 // =============================================================================
 // SUMMARY
 // =============================================================================