npm - ship-safe - Versions diffs - 9.2.0 → 9.2.2 - Mend

ship-safe 9.2.0 → 9.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +85 -713
package/cli/.ship-safe/context.json +8157 -0
package/cli/.ship-safe/history.json +190 -0
package/cli/bin/ship-safe.js +5 -3
package/cli/commands/audit.js +1 -1
package/cli/commands/shell.js +101 -6
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,14 +1,13 @@
 <p align="center">
   <img src=".github/assets/logo%20ship%20safe.png" alt="Ship Safe Logo" width="180" />
 </p>
-<p align="center"><strong>AI-powered application security platform for developers.</strong></p>
-<p align="center"><a href="https://shipsafecli.com">shipsafecli.com</a></p>
+<p align="center"><strong>AI security agent for developers. Scan, fix, and ship safely.</strong></p>
+<p align="center"><a href="https://shipsafecli.com">shipsafecli.com</a> · <a href="https://shipsafecli.com/docs">Docs</a> · <a href="https://shipsafecli.com/blog">Blog</a></p>
 <p align="center">
   <a href="https://www.npmjs.com/package/ship-safe"><img src="https://badge.fury.io/js/ship-safe.svg" alt="npm version" /></a>
   <a href="https://www.npmjs.com/package/ship-safe"><img src="https://img.shields.io/npm/dm/ship-safe.svg" alt="npm downloads" /></a>
   <a href="https://github.com/asamassekou10/ship-safe/actions/workflows/ci.yml"><img src="https://github.com/asamassekou10/ship-safe/actions/workflows/ci.yml/badge.svg" alt="CI" /></a>
-  <a href="https://nodejs.org"><img src="https://img.shields.io/node/v/ship-safe" alt="Node.js version" /></a>
   <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT" /></a>
   <a href="https://github.com/asamassekou10/ship-safe/stargazers"><img src="https://img.shields.io/github/stars/asamassekou10/ship-safe?style=social" alt="GitHub stars" /></a>
   <a href="https://github.com/sponsors/asamassekou10"><img src="https://img.shields.io/badge/Sponsor-%E2%9D%A4-ea4aaa?logo=github" alt="Sponsor" /></a>
@@ -16,796 +15,175 @@
 ---
-23 security agents. 80+ attack classes. One command.
-**Ship Safe v9.1.0** is an AI-powered security platform that runs 23 specialized agents in parallel against your codebase — covering secrets, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, AI integration supply chain (Vercel-class attacks), memory poisoning, Hermes Agent security, Supabase RLS, Docker/Terraform/Kubernetes misconfigs, CI/CD pipeline poisoning, LLM/agentic AI security, MCP server misuse, RAG poisoning, PII compliance, vibe coding patterns, exception handling, Claude Managed Agent configs, and more. Full OWASP Agentic AI Top 10 mapping (ASI-01–ASI-10) enriches every finding. Live OSV.dev advisory feed surfaces actively exploited CVEs within hours of disclosure. OWASP 2025 scoring with EPSS exploit probability. LLM-powered deep analysis verifies exploitability of critical findings. Secrets verification probes provider APIs to check if leaked keys are still active.
-**v9.1.0 highlights:** **AgenticSupplyChainAgent & Vercel Breach Checker** — new 23rd agent detects AI integration supply chain attacks (Vercel-class): unpinned AI CI actions, OAuth scope abuse in platform integrations, unsigned webhook handlers, and MCP/Hermes cross-boundary token forwarding. New public breach impact checker at /breach/vercel-april-2026 lets any Vercel user self-serve all four checks without the CLI. Full incident analysis published.
-**v9.0.0:** **Agent Studio, Teams & Findings** — the web dashboard is now a full AI security operations platform. **Agent Studio** lets you build, configure, and deploy custom Hermes security agents from the UI — give each agent a role, tools, and memory, then deploy to a live container in one click. **Agent Console** provides a live SSE chat interface with ANSI color rendering and per-session run history. **Agent Teams** orchestrate multiple specialist agents (pen tester, secrets scanner, CVE analyst) under a lead agent that plans, delegates tasks in parallel, and synthesises an executive security report. **Agent Triggers** add webhook and cron-based automation per agent. The new **Findings Dashboard** aggregates all security findings across every agent run with severity charts, trend data, and one-click GitHub issue creation. Billing has moved to monthly subscriptions (Pro at $9/month, Team at $19/seat/month) with automatic plan downgrade on cancellation.
-[Documentation](https://shipsafecli.com/docs) | [Blog](https://shipsafecli.com/blog) | [Pricing](https://shipsafecli.com/pricing)
----
+<p align="center">
+  <img src=".github/assets/demo-repl.gif" alt="Ship Safe REPL demo" width="800" />
+</p>
-## Quick Start
+Type `ship-safe` and you're in. 23 agents scan your codebase for secrets, injections, AI/LLM vulnerabilities, supply chain attacks, and 80+ other classes. The agent shows a diff for every proposed fix, asks before writing, and verifies the fix worked. Every change is logged and reversible.
 ```bash
-# Full security audit — secrets + 23 agents + deps + remediation plan
-npx ship-safe audit .
-# LLM-powered deep analysis (Anthropic, OpenAI, Google, Ollama, Gemma 4)
-npx ship-safe audit . --deep
-# Agentic loop — scan → auto-annotate fixes → re-scan until score ≥ 75
-npx ship-safe audit . --agentic
-npx ship-safe audit . --agentic 5 --agentic-target 85
-# Red team scan (23 agents, 80+ attack classes)
-npx ship-safe red-team .
-# Scan only changed files (fast pre-commit & PR scanning)
-npx ship-safe diff
-npx ship-safe diff --staged
-# Live OSV.dev advisory feed — no API key, no stale data
-npx ship-safe advisories .
-# Continuous monitoring
-npx ship-safe watch .                         # Lightweight file watcher
-npx ship-safe watch . --deep                  # Full 23-agent scan on every change
-npx ship-safe watch . --deep --threshold 80   # Fail if score drops below threshold
-npx ship-safe watch . --status                # Show last deep-watch results
-# Fun emoji security grade with shareable badge
-npx ship-safe vibe-check .
-# Compare your score against industry averages
-npx ship-safe benchmark .
-# Quick secret scan
-npx ship-safe scan .
-# Security health score (0-100)
-npx ship-safe score .
-# CI/CD pipeline mode — compact output, exit codes, PR comments
-npx ship-safe ci .
-npx ship-safe ci . --github-pr
-# Accept current findings, only report regressions
-npx ship-safe baseline .
-npx ship-safe audit . --baseline
-# Check if leaked secrets are still active
-npx ship-safe audit . --verify
-# Environment diagnostics
-npx ship-safe doctor
-# Install Claude Code hooks — real-time secret blocking + advisory scan
-npx ship-safe hooks install
-npx ship-safe hooks status
-npx ship-safe hooks remove
+npx ship-safe
 ```
 ---
-## The `audit` Command
-One command that runs everything and generates a full report:
+## Quick Start
 ```bash
-npx ship-safe audit .
-```
-```
-════════════════════════════════════════════════════════════
-  Ship Safe v9.0 — Full Security Audit
-════════════════════════════════════════════════════════════
-  [Phase 1/4] Scanning for secrets...         ✔ 49 found
-  [Phase 2/4] Running 23 security agents...   ✔ 103 findings
-  [Phase 3/4] Auditing dependencies...        ✔ 44 CVEs
-  [Phase 4/4] Computing security score...     ✔ 25/100 F
-  Remediation Plan
-  ════════════════════════════════════════════════════════
+# Interactive REPL — scan, fix, ask questions in one session
+npx ship-safe
-  🔴 CRITICAL — fix immediately
-  ────────────────────────────────────────────────────────
-   1. [SECRETS] Rotate Stripe Live Secret Key
-      .env:67 → Move to environment variable or secrets manager
-   2. [INJECTION] Unsafe pickle.loads()
-      backend/ai_processor.py:64 → Use JSON for untrusted data
-  🟠 HIGH — fix before deploy
-  ────────────────────────────────────────────────────────
-   3. [XSS] dangerouslySetInnerHTML without sanitization
-      frontend/src/utils/blogContentRenderer.jsx:50 → Add DOMPurify
-  ... 149 more items in the full report
-  📊 Full report: ship-safe-report.html
-```
-**What it runs:**
-1. **Secret scan** — 50+ patterns with entropy scoring (API keys, passwords, tokens)
-2. **23 security agents** — run in parallel with per-agent timeouts and framework-aware filtering
-3. **Dependency audit** — npm/pip/bundler CVE scanning with EPSS exploit probability scores
-4. **Secrets verification** — probes provider APIs (GitHub, Stripe, OpenAI, etc.) to check if leaked keys are still active
-5. **Deep analysis** — LLM-powered taint analysis verifies exploitability of critical/high findings (optional)
-6. **Score computation** — OWASP 2025 weighted scoring across 8 categories (0-100, A-F)
-7. **Context-aware confidence tuning** — downgrades findings in test files, docs, and comments
-8. **Compliance mapping** — maps findings to SOC 2 Type II, ISO 27001:2022, and NIST AI Risk Management Framework controls
-9. **Remediation plan** — prioritized fix list grouped by severity
-10. **Interactive HTML report** — standalone dark-themed report with severity filtering, search, collapsible findings, compliance summary, and click-to-copy ignore annotations
-**Flags:**
-- `--json` — structured JSON output (clean for piping)
-- `--sarif` — SARIF format for GitHub Code Scanning
-- `--csv` — CSV export for spreadsheets
-- `--md` — Markdown report
-- `--html [file]` — custom HTML report path (default: `ship-safe-report.html`)
-- `--compare` — show per-category score delta vs. last scan
-- `--timeout <ms>` — per-agent timeout (default: 30s)
-- `--no-deps` — skip dependency audit
-- `--no-ai` — skip AI classification
-- `--no-cache` — force full rescan (ignore cached results)
-- `--baseline` — only show findings not in the baseline
-- `--pdf [file]` — generate PDF report (requires Chrome/Chromium)
-- `--deep` — LLM-powered taint analysis for critical/high findings
-- `--local` — use local Ollama model for deep analysis
-- `--model <model>` — LLM model to use for deep/AI analysis
-- `--provider <name>` — LLM provider: groq, together, mistral, deepseek, xai, perplexity, lmstudio, gemma4
-- `--base-url <url>` — custom OpenAI-compatible base URL (e.g. LM Studio, vLLM)
-- `--budget <cents>` — max spend in cents for deep analysis (default: 50)
-- `--verify` — check if leaked secrets are still active (probes provider APIs)
-- `--agentic [n]` — scan → annotate fixes → re-scan loop, up to n iterations (default: 3)
-- `--agentic-target <score>` — stop agentic loop when score reaches this threshold (default: 75)
----
-## 23 Security Agents
-| Agent | Category | What It Detects |
-|-------|----------|-----------------|
-| **InjectionTester** | Code Vulns | SQL/NoSQL injection, command injection, code injection (eval), XSS, path traversal, XXE, ReDoS, prototype pollution, Python f-string SQL injection, Python subprocess shell injection |
-| **AuthBypassAgent** | Auth | JWT vulnerabilities (alg:none, weak secrets), cookie security, CSRF, OAuth misconfig, BOLA/IDOR, weak crypto, timing attacks, TLS bypass, Django `DEBUG = True`, Flask hardcoded secret keys |
-| **SSRFProber** | SSRF | User input in fetch/axios, cloud metadata endpoints, internal IPs, redirect following |
-| **SupplyChainAudit** | Supply Chain | Typosquatting (Levenshtein distance), git/URL dependencies, wildcard versions, suspicious install scripts, dependency confusion, lockfile integrity, trojanized package behavioral signatures (env-var harvesting, DNS exfiltration, WebSocket C2) |
-| **ConfigAuditor** | Config | Dockerfile (running as root, :latest tags), Terraform (public S3/RDS, open SG, CloudFront HTTP, Lambda admin, S3 no versioning), Kubernetes (privileged containers, `:latest` tags, missing NetworkPolicy), CORS, CSP, Firebase, Nginx |
-| **SupabaseRLSAgent** | Auth | Supabase Row Level Security — `service_role` key in client code, `CREATE TABLE` without RLS, anon key inserts, unprotected storage operations |
-| **LLMRedTeam** | AI/LLM | OWASP LLM Top 10 — prompt injection, excessive agency, system prompt leakage, unbounded consumption, RAG poisoning |
-| **MCPSecurityAgent** | AI/LLM | MCP server security — unvalidated tool inputs, missing auth, excessive permissions, tool poisoning, typosquatting detection, over-permissioned tools, shadow config discovery |
-| **AgenticSecurityAgent** | AI/LLM | OWASP Agentic AI Top 10 — agent hijacking, privilege escalation, unsafe code execution, memory poisoning |
-| **RAGSecurityAgent** | AI/LLM | RAG pipeline security — unvalidated embeddings, context injection, document poisoning, vector DB access control |
-| **MemoryPoisoningAgent** | AI/LLM | ASI-01/ASI-05 — instruction injection in `.claude/memory/`, `.cursorrules`, `.cursor/rules/`, `.windsurfrules`, `.continue/config.json`, `.gemini/`, `.cody/`, `.augment/` and docs; hidden Unicode payloads; persona hijacking; persistent trigger detection |
-| **PIIComplianceAgent** | Compliance | PII detection — SSNs, credit cards, emails, phone numbers in source code, logs, and configs |
-| **VibeCodingAgent** | Code Vulns | AI-generated code patterns — no input validation, empty catch blocks, hardcoded secrets, disabled security features, TODO-auth patterns |
-| **ExceptionHandlerAgent** | Code Vulns | OWASP A10:2025 — empty catch blocks, unhandled promise rejections, missing React error boundaries, leaked stack traces, generic catch-all without rethrow |
-| **AgentConfigScanner** | AI/LLM | AI agent config security — prompt injection in .cursorrules/CLAUDE.md/AGENTS.md/.windsurfrules, malicious Claude Code hooks (CVE-2026), OpenClaw public binding & malicious skills, claw-code config risks, Gemini CLI / Cody / Augment Code config risks, encoded/obfuscated payloads |
-| **MobileScanner** | Mobile | OWASP Mobile Top 10 2024 — insecure storage, WebView JS injection, HTTP endpoints, excessive permissions, debug mode |
-| **GitHistoryScanner** | Secrets | Leaked secrets in git commit history (checks if still active in working tree) |
-| **CICDScanner** | CI/CD | OWASP CI/CD Top 10 — pipeline poisoning, unpinned actions, secret logging, self-hosted runners, script injection, AI agent danger flags |
-| **APIFuzzer** | API | Routes without auth, missing input validation, mass assignment, unrestricted file upload, GraphQL introspection, debug endpoints, missing rate limiting, OpenAPI spec security issues |
-| **ManagedAgentScanner** | AI/LLM | Claude Managed Agents misconfigurations — `always_allow` permission policies, unrestricted networking, bash without human confirmation, MCP servers over HTTP, hardcoded vault tokens, unpinned environment packages (ASI-03, ASI-04, ASI-05, ASI-07) |
-| **HermesSecurityAgent** | AI/LLM | Hermes Agent deployments — tool registry poisoning, function-call injection (`<tool_call>` / `<function_calls>`), goal/plan hijacking, memory layer attacks, skill permission drift, sub-agent trust boundary violations, manifest attestation (ASI-01–ASI-10) |
-| **AgentAttestationAgent** | Supply Chain | Agent manifest supply chain — unpinned versions (`latest`, `^`, `~`), missing integrity hashes on remote tool sources, unsigned manifests, `skipIntegrityCheck` bypass, dynamic `require()` of manifests from env vars, missing provenance fields (ASI-10, SLSA Level 0) |
-| **AgenticSupplyChainAgent** *(new)* | Supply Chain | AI integration supply chain — over-privileged AI CI actions (Vercel/GitHub/Netlify), OAuth scope creep in AI platform integrations, unsigned AI webhook receivers (missing HMAC), MCP/Hermes cross-boundary token forwarding to third-party servers (ASI-02, ASI-06, ASI-09, CICD-SEC-8) |
-**Post-processors:** ScoringEngine (8-category weighted scoring with OWASP Agentic AI Top 10 enrichment), VerifierAgent (secrets liveness verification), DeepAnalyzer (LLM-powered taint analysis)
----
-## All Commands
-### Core Audit Commands
-```bash
-# Full audit with remediation plan + HTML report
+# Full audit: secrets + 23 agents + deps + remediation plan
 npx ship-safe audit .
-# Red team: 23 agents, 80+ attack classes
-npx ship-safe red-team .
-npx ship-safe red-team . --agents injection,auth    # Run specific agents
-npx ship-safe red-team . --html report.html         # HTML report
-npx ship-safe red-team . --json                     # JSON output
-# Secret scanner (pattern matching + entropy)
-npx ship-safe scan .
-npx ship-safe scan . --json          # JSON for CI
-npx ship-safe scan . --sarif         # SARIF for GitHub
-# Security health score (0-100, A-F)
-npx ship-safe score .
-# Dependency CVE audit
-npx ship-safe deps .
-npx ship-safe deps . --fix           # Auto-fix vulnerabilities
-```
-### AI-Powered Commands
-```bash
-# AI audit: scan + classify with Claude + auto-fix secrets
+# Interactive fix agent: plan → diff → accept → verify
 npx ship-safe agent .
+npx ship-safe agent . --severity critical   # critical findings only
+npx ship-safe agent . --branch --pr         # fix on a branch + open a PR
-# Auto-fix hardcoded secrets: rewrite code + write .env
-npx ship-safe remediate .
-npx ship-safe remediate . --all    # Also fix agent findings (TLS, debug, XSS, etc.)
-# Revoke exposed keys — opens provider dashboards
-npx ship-safe rotate .
-```
-### Baseline Management
-```bash
-# Accept current findings as baseline
-npx ship-safe baseline .
-# Audit showing only new findings since baseline
-npx ship-safe audit . --baseline
+# Undo the last fix
+npx ship-safe undo
-# Show what changed since baseline
-npx ship-safe baseline --diff
-# Remove baseline
-npx ship-safe baseline --clear
-```
-### Diff Scanning
-```bash
-# Scan only changed files (fast pre-commit & PR scanning)
-npx ship-safe diff                   # All uncommitted changes
-npx ship-safe diff --staged          # Only staged changes
-npx ship-safe diff HEAD~3            # Changes in last 3 commits
-npx ship-safe diff --json            # JSON output
-```
-### Vibe Check & Benchmark
-```bash
-# Fun emoji security grade
-npx ship-safe vibe-check .
-npx ship-safe vibe-check . --badge   # Generate shields.io README badge
-# Compare your score against industry averages (OWASP, Synopsys, Snyk)
-npx ship-safe benchmark .
-npx ship-safe benchmark . --json     # JSON output
-```
-### CI/CD Pipeline
-```bash
-# CI mode — compact output, exit codes, threshold gating
-npx ship-safe ci .
-npx ship-safe ci . --threshold 80    # Custom passing score
-npx ship-safe ci . --fail-on critical # Fail on severity
-npx ship-safe ci . --sarif out.sarif  # SARIF for GitHub
-npx ship-safe ci . --github-pr       # Post results as PR comment
-```
-### Deep Analysis & Verification
-```bash
-# LLM-powered deep analysis (Anthropic/OpenAI/Google/Ollama)
-npx ship-safe audit . --deep
-npx ship-safe audit . --deep --local               # Use local Ollama
-npx ship-safe audit . --deep --budget 50           # Cap spend at 50 cents
-# Use any OpenAI-compatible provider for deep analysis
-npx ship-safe audit . --deep --provider groq
-npx ship-safe audit . --deep --provider together
-npx ship-safe audit . --deep --provider mistral
-npx ship-safe audit . --deep --provider deepseek
-npx ship-safe audit . --deep --provider lmstudio   # Local LM Studio
-npx ship-safe audit . --deep --provider xai
-npx ship-safe audit . --deep --provider perplexity
-npx ship-safe audit . --deep --base-url http://localhost:1234/v1 --model my-model  # Custom
-# Check if leaked secrets are still active
-npx ship-safe audit . --verify
-```
-### Diagnostics
-```bash
-# Environment check — Node.js, git, npm, API keys, cache, version
-npx ship-safe doctor
-```
-### Agent Security
-```bash
-# Focused OpenClaw security scan
-npx ship-safe openclaw .
-# Auto-harden OpenClaw configs (0.0.0.0->127.0.0.1, add auth, ws->wss)
-npx ship-safe openclaw . --fix
-# Red team: simulate ClawJacked, prompt injection, data exfil attacks
-npx ship-safe openclaw . --red-team
-# CI preflight — exit non-zero on critical findings
-npx ship-safe openclaw . --preflight
-# Scan a skill before installing it
-npx ship-safe scan-skill https://clawhub.io/skills/some-skill
-npx ship-safe scan-skill ./local-skill.json
-npx ship-safe scan-skill --all              # Scan all skills from openclaw.json
-# Scan an MCP server's tool manifest before connecting
-npx ship-safe scan-mcp https://your-mcp-server/
-npx ship-safe scan-mcp ./local-manifest.json
-npx ship-safe scan-mcp https://your-mcp-server/ --json
-# Legal risk audit — DMCA, leaked-source derivatives (openclaude, claw-code-js), IP disputes
-npx ship-safe legal .
-# Generate hardened OpenClaw config
-npx ship-safe init --openclaw
-# Generate Agent Bill of Materials (CycloneDX 1.5)
-npx ship-safe abom .
-```
-#### openclaude and claw-code
-Ship Safe detects security issues in both major Claude Code forks from the March 2026 source leak.
-**openclaude** (`@gitlawb/openclaude`) is a CLI tool that routes Claude Code's toolset through any OpenAI-compatible provider. Its only persistent file artifact is `.openclaude-profile.json`. Ship Safe flags:
-- `OPENAI_BASE_URL` using `http://` for non-localhost endpoints (unencrypted LLM traffic)
-- The profile file present in a project not covered by `.gitignore` (API key exposure risk)
-**claw-code** (`ultraworkers/claw-code`) is a clean-room Rust + Python rewrite of Claude Code's agent harness. Its config lives in `.claw.json`, `.claw/settings.json`, and `.claw/settings.local.json`. Ship Safe flags:
-- `permissionMode: danger-full-access` or `dangerouslySkipPermissions: true` (no confirmation on any tool call)
-- `sandbox.enabled: false` (filesystem isolation removed)
-- Hook commands containing shell execution or remote download patterns
-- MCP server connections over `ws://` or `http://` to non-localhost hosts
-### Hermes Agent Integration
-Ship Safe is a first-class Hermes Agent citizen. Register Ship Safe tools directly in your Hermes tool registry:
-```js
-import { registerWithHermes, verifyIntegrity } from 'ship-safe';
-// Register all 5 Ship Safe tools with integrity verification
-await registerWithHermes(toolRegistry);
-```
-Or use the bundled skill in your Hermes agent:
-```yaml
-# In your Hermes agent manifest
-skills:
-  - ./node_modules/ship-safe/skills/ship-safe-security.md
-```
-Available tools: `ship_safe_audit`, `ship_safe_scan_mcp`, `ship_safe_get_findings`, `ship_safe_suppress_finding`, `ship_safe_memory_list`.
-### Threat Intelligence
-```bash
-# Update threat intel feed (ClawHavoc IOCs, malicious skills, config signatures)
-npx ship-safe update-intel
-# Ships with offline-first seed data — no internet required for scanning
-```
-### OpenClaw GitHub Action
-Drop-in CI action that blocks PRs introducing agent config vulnerabilities:
-```yaml
-# .github/workflows/openclaw-security.yml
-name: OpenClaw Security Check
-on: [pull_request]
-permissions:
-  contents: read
-jobs:
-  openclaw:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: asamassekou10/ship-safe/.github/actions/openclaw-check@main
-        with:
-          fail-on-critical: 'true'
-```
-**Inputs:**
-| Input | Default | Description |
-|-------|---------|-------------|
-| `path` | `.` | Path to scan |
-| `fail-on-critical` | `true` | Fail the check if critical findings are found |
-| `node-version` | `20` | Node.js version to use |
-**Outputs:**
-| Output | Description |
-|--------|-------------|
-| `findings` | Total number of findings detected |
-| `critical` | Number of critical findings |
-Scans `openclaw.json`, `.cursorrules`, `CLAUDE.md`, Claude Code hooks, and MCP configs. Checks against the bundled threat intelligence database for known ClawHavoc IOCs.
-### Live Advisory Feed
-```bash
-# Query OSV.dev for actively exploited CVEs across all package ecosystems
-npx ship-safe advisories .
-npx ship-safe advisories . --json    # JSON output for CI
-```
-No API key required. Malware advisories (MAL-*) are sorted to the top. Results include EPSS exploit probability and remediation guidance.
-### Defensive Hooks
-```bash
-# Install Claude Code defensive hooks (blocks curl|bash, exfil domains, rm -rf /)
-npx ship-safe guard --generate-hooks
-# Watch agent config files for drift (.cursorrules, CLAUDE.md, openclaw.json)
-npx ship-safe watch . --configs
+# CI/CD mode
+npx ship-safe ci . --threshold 80 --sarif results.sarif
 ```
-### Infrastructure Commands
-```bash
-# Lightweight file watcher — re-scans changed files on save
-npx ship-safe watch .
-# Deep watch — full 23-agent orchestrator on every change
-npx ship-safe watch . --deep
-npx ship-safe watch . --deep --threshold 80   # Fail if score drops below threshold
-npx ship-safe watch . --deep --debounce 2000  # Custom debounce in ms (default: 1000)
-npx ship-safe watch . --status                # Show last deep-watch results from .ship-safe/watch.json
-# Generate CycloneDX SBOM
-npx ship-safe sbom .
-# Policy-as-code (enforce minimum score, fail on severity)
-npx ship-safe policy init
-# Block git push if secrets found
-npx ship-safe guard
-# Initialize security configs (.gitignore, headers)
-npx ship-safe init
+No signup. No API key required for scanning. Works offline.
-# Launch-day security checklist
-npx ship-safe checklist
-# MCP server for AI editors (Claude Desktop, Cursor, etc.)
-npx ship-safe mcp
-```
+<p align="center">
+  <img src=".github/assets/demo-agent.gif" alt="Ship Safe agent demo" width="800" />
+</p>
 ---
-## Claude Code Hooks
-Install ship-safe as real-time Claude Code hooks — secrets are blocked **before** they ever touch disk:
-```bash
-npx ship-safe hooks install
-```
-Once installed, two hooks activate automatically on every Claude Code session:
+## 23 Security Agents
-| Hook | Trigger | Behaviour |
-|------|---------|-----------|
-| **PreToolUse** | Write / Edit / MultiEdit / Bash | Blocks the write if critical secrets are detected; blocks dangerous Bash patterns (curl\|bash, credential exfiltration, `rm -rf /`) |
-| **PostToolUse** | Write / Edit / MultiEdit | Scans the saved file and injects advisory findings (high-severity patterns, DB URLs with credentials) directly into Claude's context — never blocks |
+All agents run in parallel. Each skips irrelevant projects automatically.
-Hook scripts are copied to `~/.ship-safe/hooks/` at install time — a stable, user-owned location that survives `npx` cache rotations.
+| Agent | Category | What It Detects |
+|-------|----------|-----------------|
+| **InjectionTester** | Code Vulns | SQL/NoSQL injection, command injection, XSS, path traversal, XXE, ReDoS, prototype pollution |
+| **AuthBypassAgent** | Auth | JWT flaws (alg:none, weak secrets), CSRF, OAuth misconfig, BOLA/IDOR, TLS bypass |
+| **SSRFProber** | SSRF | User input in fetch/axios, cloud metadata endpoints, internal IPs |
+| **SupplyChainAudit** | Supply Chain | Typosquatting, wildcard versions, suspicious install scripts, dependency confusion |
+| **ConfigAuditor** | Config | Docker (root user, :latest), Terraform, Kubernetes, CORS, CSP, Firebase, Nginx |
+| **SupabaseRLSAgent** | Auth | service_role key in client code, tables without RLS, anon key inserts |
+| **LLMRedTeam** | AI/LLM | OWASP LLM Top 10: prompt injection, excessive agency, system prompt leakage |
+| **MCPSecurityAgent** | AI/LLM | MCP server misuse, tool poisoning, typosquatting, unvalidated inputs |
+| **AgenticSecurityAgent** | AI/LLM | OWASP Agentic AI Top 10: agent hijacking, privilege escalation |
+| **RAGSecurityAgent** | AI/LLM | Context injection, document poisoning, vector DB access control |
+| **MemoryPoisoningAgent** | AI/LLM | Instruction injection in agent memory files, hidden Unicode payloads (ASI-01, ASI-05) |
+| **PIIComplianceAgent** | Compliance | SSNs, credit cards, emails, phone numbers in source code |
+| **VibeCodingAgent** | Code Vulns | AI-generated code anti-patterns: no validation, empty catches, TODO-auth |
+| **ExceptionHandlerAgent** | Code Vulns | Empty catches, unhandled rejections, leaked stack traces (OWASP A10:2025) |
+| **AgentConfigScanner** | AI/LLM | Prompt injection in .cursorrules, CLAUDE.md, malicious Claude Code hooks |
+| **MobileScanner** | Mobile | OWASP Mobile Top 10 2024: insecure storage, WebView injection, debug mode |
+| **GitHistoryScanner** | Secrets | Leaked secrets in git commit history |
+| **CICDScanner** | CI/CD | Pipeline poisoning, unpinned actions, secret logging (OWASP CI/CD Top 10) |
+| **APIFuzzer** | API | Routes without auth, mass assignment, GraphQL introspection, debug endpoints |
+| **ManagedAgentScanner** | AI/LLM | Claude Managed Agent misconfigs: always_allow policies, unrestricted networking (ASI-03–ASI-07) |
+| **HermesSecurityAgent** | AI/LLM | Tool registry poisoning, function-call injection, skill permission drift (ASI-01–ASI-10) |
+| **AgentAttestationAgent** | Supply Chain | Unpinned agent versions, missing integrity hashes, unsigned manifests (ASI-10, SLSA L0) |
+| **AgenticSupplyChainAgent** | Supply Chain | Over-privileged AI CI actions, OAuth scope creep, unsigned AI webhook receivers (ASI-02, ASI-06) |
-```bash
-npx ship-safe hooks status   # Check installation
-npx ship-safe hooks remove   # Uninstall
-```
+**Post-processors:** ScoringEngine · VerifierAgent (secrets liveness) · DeepAnalyzer (LLM taint analysis)
 ---
-## Claude Code Plugin
+## The REPL
-Use Ship Safe directly inside Claude Code — no CLI needed:
-```bash
-claude plugin add github:asamassekou10/ship-safe
 ```
+$ ship-safe
-| Command | Description |
-|---------|-------------|
-| `/ship-safe` | Full security audit — 23 agents, remediation plan, auto-fix |
-| `/ship-safe-scan` | Quick scan for leaked secrets |
-| `/ship-safe-score` | Security health score (0-100) |
-| `/ship-safe-deep` | LLM-powered deep taint analysis |
-| `/ship-safe-ci` | CI/CD pipeline setup guide |
-| `/ship-safe-hooks` | Install real-time Claude Code hooks (blocks secrets on write) |
-| `/ship-safe-baseline` | Accept current findings as baseline; report only regressions |
-| `/ship-safe-fix` | Auto-fix secrets and common vulnerabilities |
-| `/ship-safe-red-team` | Run full red-team audit and open HTML report |
-Claude interprets the results, explains findings in plain language, and can fix issues directly in your codebase.
----
+  ███████╗██╗  ██╗██╗██████╗     ███████╗ █████╗ ███████╗███████╗
+  ...
-## Incremental Scanning
+  v9.2.1  ·  DeepSeek  ·  ~/my-project
-Ship Safe caches file hashes and findings in `.ship-safe/context.json`. On subsequent runs, only changed files are re-scanned — unchanged files reuse cached results.
+  /scan to find issues  ·  /agent to fix them  ·  /help for more
+shipsafe ›
 ```
-✔ [Phase 1/4] Secrets: 41 found (0 changed, 313 cached)
-```
-- **~40% faster** on repeated scans
-- **Auto-invalidation** — cache expires after 24 hours or when ship-safe updates
-- **`--no-cache`** — force a full rescan anytime
-The cache is stored in `.ship-safe/` which is automatically excluded from scans.
-### LLM Response Caching
-When using AI classification (`--no-ai` to disable), results are cached in `.ship-safe/llm-cache.json` with a 7-day TTL. Repeated scans reuse cached classifications — reducing API costs significantly.
----
-## Smart `.gitignore` Handling
-Ship Safe respects your `.gitignore` for build output, caches, and vendor directories — but **always scans security-sensitive files** even if gitignored:
-| Skipped (gitignore respected) | Always scanned (gitignore overridden) |
-|-------------------------------|---------------------------------------|
-| `node_modules/`, `dist/`, `build/` | `.env`, `.env.local`, `.env.production` |
-| `*.log`, `*.pkl`, vendor dirs | `*.pem`, `*.key`, `*.p12` |
-| Cache directories, IDE files | `credentials.json`, `*.secret` |
-Why? Files like `.env` are gitignored *because* they contain secrets — which is exactly what a security scanner should catch.
----
-## Multi-LLM Support
-Ship Safe supports any AI provider for deep analysis and classification:
-| Provider | Env Variable | Flag | Default Model |
-|----------|-------------|------|---------------|
-| **Anthropic** | `ANTHROPIC_API_KEY` | *(auto-detected)* | claude-haiku-4-5 |
-| **OpenAI** | `OPENAI_API_KEY` | *(auto-detected)* | gpt-4o-mini |
-| **Google** | `GOOGLE_AI_API_KEY` | *(auto-detected)* | gemini-2.0-flash |
-| **Gemma 4 (Ollama)** | *(none)* | `--provider gemma4` | gemma4:e4b (256K ctx) |
-| **Ollama** | `OLLAMA_HOST` | `--local` | gemma4:e4b |
-| **Groq** | `GROQ_API_KEY` | `--provider groq` | llama-3.3-70b-versatile |
-| **Together AI** | `TOGETHER_API_KEY` | `--provider together` | meta-llama/Llama-3-70b-chat-hf |
-| **Mistral** | `MISTRAL_API_KEY` | `--provider mistral` | mistral-small-latest |
-| **DeepSeek** | `DEEPSEEK_API_KEY` | `--provider deepseek` | deepseek-chat |
-| **xAI (Grok)** | `XAI_API_KEY` | `--provider xai` | grok-beta |
-| **Perplexity** | `PERPLEXITY_API_KEY` | `--provider perplexity` | llama-3.1-sonar-small-128k-online |
-| **LM Studio** | *(none)* | `--provider lmstudio` | Local server |
-| **Custom** | *(any)* | `--base-url <url> --model <model>` | Any OpenAI-compatible |
-Auto-detected from environment variables. Use `--provider <name>` to override. No API key required for scanning — AI is optional.
----
-## Scoring System
-Starts at 100. Each finding deducts points by severity and category, weighted by confidence level (high: 100%, medium: 60%, low: 30%) to reduce noise from heuristic patterns.
-**8 Categories** (with weight caps):
-| Category | Weight | Critical | High | Medium | Cap |
-|----------|--------|----------|------|--------|-----|
-| Secrets | 15% | -25 | -15 | -5 | -15 |
-| Code Vulnerabilities | 15% | -20 | -10 | -3 | -15 |
-| Dependencies | 13% | -20 | -10 | -5 | -13 |
-| Auth & Access Control | 15% | -20 | -10 | -3 | -15 |
-| Configuration | 8% | -15 | -8 | -3 | -8 |
-| Supply Chain | 12% | -15 | -8 | -3 | -12 |
-| API Security | 10% | -15 | -8 | -3 | -10 |
-| AI/LLM Security | 12% | -15 | -8 | -3 | -12 |
-*Weights aligned with OWASP Top 10 2025 risk rankings.*
-**Grades:** A (90-100), B (75-89), C (60-74), D (40-59), F (0-39)
-**Exit codes:** `0` for A/B (>= 75), `1` for C/D/F — use in CI to fail builds.
----
-## Policy-as-Code
-Create `.ship-safe.policy.json` to enforce team-wide security standards:
-```bash
-npx ship-safe policy init
-```
+| Command | What it does |
+|---------|-------------|
+| `/scan` | Re-scan the project |
+| `/agent` | Run the interactive fix loop |
+| `/findings` | List findings from the last scan |
+| `/show <n>` | Full detail on finding n |
+| `/plan <n>` | Preview fix plan for finding n (no writes) |
+| `/undo [--all]` | Revert the last fix (or all fixes) |
+| `/diff` | Show git working-tree diff |
+| `/provider <name>` | Switch LLM provider mid-session |
+| `/quit` | Exit (also `Ctrl-D` or `Ctrl-C`) |
-```json
-{
-  "minimumScore": 70,
-  "failOn": "critical",
-  "requiredScans": ["secrets", "injection", "deps", "auth"],
-  "ignoreRules": [],
-  "customSeverityOverrides": {},
-  "maxAge": { "criticalCVE": "7d", "highCVE": "30d", "mediumCVE": "90d" }
-}
-```
+Anything not starting with `/` is sent to the LLM as a free-form question, with your latest scan results as context.
 ---
-## CI/CD Integration
-The dedicated `ci` command is optimized for pipelines — compact output, exit codes, threshold-based gating:
-```bash
-# Basic CI — fail if score < 75
-npx ship-safe ci .
-# Strict — fail on any critical finding
-npx ship-safe ci . --fail-on critical
-# Custom threshold + SARIF for GitHub Security tab
-npx ship-safe ci . --threshold 80 --sarif results.sarif
-# Only check new findings (not in baseline)
-npx ship-safe ci . --baseline
-```
-**GitHub Actions example:**
+## CI/CD
 ```yaml
 # .github/workflows/security.yml
 name: Security Audit
 on: [push, pull_request]
 jobs:
   security:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Security gate
-        run: npx ship-safe ci . --threshold 75 --sarif results.sarif --github-pr
+        run: npx ship-safe ci . --threshold 75 --sarif results.sarif
       - uses: github/codeql-action/upload-sarif@v3
         if: always()
         with:
           sarif_file: results.sarif
 ```
-**Export formats:** `--json`, `--sarif`, `--csv`, `--md`, `--html`, `--pdf`
+---
+## LLM Support
+Works with any provider — auto-detected from environment variables. Use `--provider <name>` to override.
+Anthropic · OpenAI · Google · DeepSeek · Groq · Together · Mistral · xAI · Perplexity · Ollama · LM Studio · any OpenAI-compatible endpoint
+No API key required for scanning. AI is optional.
 ---
 ## Suppress False Positives
-**Inline:** Add `# ship-safe-ignore` comment on a line:
 ```python
 password = get_password()  # ship-safe-ignore
 ```
-**File-level:** Create `.ship-safeignore` (gitignore syntax):
 ```gitignore
-# Exclude test fixtures
+# .ship-safeignore
 tests/fixtures/
-*.test.js
-# Exclude documentation with code examples
 docs/
 ```
 ---
-## OWASP Coverage
-| Standard | Coverage |
-|----------|----------|
-| **OWASP Top 10 Web 2025** | A01-A10: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Auth Failures, Data Integrity, Logging Failures, SSRF |
-| **OWASP Top 10 Mobile 2024** | M1-M10: Improper Credential Usage, Inadequate Supply Chain, Insecure Auth, Insufficient Validation, Insecure Communication, Inadequate Privacy, Binary Protections, Security Misconfiguration, Insecure Data Storage, Insufficient Cryptography |
-| **OWASP LLM Top 10 2025** | LLM01-LLM10: Prompt Injection, Sensitive Info Disclosure, Supply Chain, Data Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector/Embedding Weaknesses, Misinformation, Unbounded Consumption |
-| **OWASP CI/CD Top 10** | CICD-SEC-1 to 10: Insufficient Flow Control, Identity Management, Dependency Chain Abuse, Poisoned Pipeline Execution, Insufficient PBAC, Credential Hygiene, Insecure System Config, Ungoverned Usage, Improper Artifact Integrity, Insufficient Logging |
-| **OWASP Agentic AI Top 10** | ASI-01–ASI-10: Goal Hijacking, Excessive Agency, Unsafe Tool Use, Unvalidated Actions, Untrusted Tools, Memory Poisoning, Lack of Oversight, Logging Gaps, Supply Chain Attacks, Cascading Failures |
----
-## What's Inside
-### [`/configs`](./configs)
-Drop-in security configs for Next.js, Supabase, and Firebase.
-### [`/snippets`](./snippets)
-Copy-paste security patterns: rate limiting, JWT, CORS, input validation.
-### [`/ai-defense`](./ai-defense)
-LLM security: prompt injection detection, cost protection, system prompt hardening.
-### [`/checklists`](./checklists)
-Manual security audits: launch-day checklist, framework-specific guides.
-### [`/skills`](./skills)
-Hermes Agent skill definitions. Install `skills/ship-safe-security.md` to give any Hermes agent native security scanning capabilities.
----
-## Add a Security Badge to Your README
-Show the world your project is secure. After running `npx ship-safe audit .` or `npx ship-safe vibe-check . --badge`, add one of these to your README:
+## Add a Badge
 ```markdown
-<!-- Replace GRADE and COLOR with your results -->
 [![Ship Safe](https://img.shields.io/badge/Ship_Safe-A+-22c55e)](https://shipsafecli.com)
 ```
-| Grade | Badge |
-|-------|-------|
-| A+ | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-A+-22c55e)](https://shipsafecli.com)` |
-| A | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-A-22c55e)](https://shipsafecli.com)` |
-| B | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-B-06b6d4)](https://shipsafecli.com)` |
-| C | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-C-eab308)](https://shipsafecli.com)` |
-| D | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-D-ef4444)](https://shipsafecli.com)` |
-| F | `[![Ship Safe](https://img.shields.io/badge/Ship_Safe-F-dc2626)](https://shipsafecli.com)` |
----
-## Supply Chain Hardening
-Ship Safe practices what it preaches. Our own supply chain is hardened against the [2026 Trivy/CanisterWorm attack chain](https://shipsafecli.com/blog/supply-chain-attacks-2026-how-we-hardened-ship-safe):
-| Defense | What It Blocks |
-|---------|---------------|
-| All GitHub Actions pinned to full commit SHAs | Tag repointing (Trivy-style) |
-| `permissions: contents: read` in CI | Excessive token scope |
-| `npm ci --ignore-scripts` in all pipelines | CanisterWorm postinstall propagation |
-| OIDC trusted publishing with provenance | Stolen npm token publishing |
-| CODEOWNERS on `action.yml`, `.github/`, `package.json` | Unauthorized changes to critical paths |
-| Strict `files` allowlist in package.json | Accidental inclusion of secrets/configs |
-| Self-scanning with ship-safe in CI | Malicious code injection |
-| 5 direct dependencies | Minimal transitive attack surface |
-Verify provenance on any Ship Safe release:
-```bash
-npm audit signatures
-```
 ---
 ## Contributing
-1. Fork the repo
-2. Add your security pattern, agent, or config
-3. Include comments explaining *why* it matters
-4. Open a PR
-See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
----
-## Security Standards Reference
-- [OWASP Top 10 Web 2025](https://owasp.org/Top10/)
-- [OWASP Top 10 Mobile 2024](https://owasp.org/www-project-mobile-top-10/)
-- [OWASP LLM Top 10 2025](https://genai.owasp.org/llm-top-10/)
-- [OWASP API Security Top 10 2023](https://owasp.org/API-Security/)
-- [OWASP CI/CD Top 10](https://owasp.org/www-project-top-10-ci-cd-security-risks/)
-- [OWASP Agentic AI Top 10](https://owasp.org/www-project-agentic-ai-top-10/)
+1. Fork · add your pattern, agent, or config · open a PR
+2. See [CONTRIBUTING.md](./CONTRIBUTING.md)
 ---
 ## Sponsors
-Ship Safe is MIT-licensed and free forever. If it saves you time or helps you ship more securely, consider sponsoring — it helps keep the project maintained and growing.
+Ship Safe is MIT-licensed and free forever.
 <p align="center">
   <a href="https://github.com/sponsors/asamassekou10">
@@ -815,12 +193,6 @@ Ship Safe is MIT-licensed and free forever. If it saves you time or helps you sh
 ---
-## License
-MIT - Use it, share it, secure your stuff.
----
 ## Star History
 [![Star History Chart](https://api.star-history.com/svg?repos=asamassekou10/ship-safe&type=Date)](https://star-history.com/#asamassekou10/ship-safe&Date)