vigile-scan 0.2.3 → 0.2.5

package/dist/index.js

@@ -6,6 +6,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
@@ -23,11 +26,88 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// package.json
+var require_package = __commonJS({
+  "package.json"(exports2, module2) {
+    module2.exports = {
+      name: "vigile-scan",
+      version: "0.2.5",
+      description: "Security scanner for AI agent tools \u2014 detect tool poisoning, permission abuse, and supply chain attacks in MCP servers and agent skills",
+      main: "dist/index.js",
+      bin: {
+        "vigile-scan": "dist/index.js",
+        vigile: "dist/index.js"
+      },
+      files: [
+        "dist",
+        "README.md",
+        "LICENSE"
+      ],
+      scripts: {
+        build: "tsup && chmod +x dist/index.js",
+        dev: "tsup --watch",
+        start: "node dist/index.js",
+        lint: "eslint src/",
+        typecheck: "tsc --noEmit",
+        test: "vitest run",
+        "test:watch": "vitest",
+        "test:coverage": "vitest run --coverage",
+        prepublishOnly: "npm run build"
+      },
+      keywords: [
+        "mcp",
+        "security",
+        "ai-agent",
+        "scanner",
+        "trust",
+        "model-context-protocol",
+        "tool-poisoning",
+        "ai-security",
+        "agent-skills",
+        "skill-scanning",
+        "prompt-injection",
+        "data-exfiltration",
+        "claude",
+        "cursor",
+        "copilot"
+      ],
+      author: "Vigile AI Security",
+      license: "Apache-2.0",
+      homepage: "https://vigile.dev",
+      repository: {
+        type: "git",
+        url: "git+https://github.com/Vigile-ai/vigile-cli.git"
+      },
+      bugs: {
+        url: "https://github.com/Vigile-ai/vigile-cli/issues"
+      },
+      publishConfig: {
+        access: "public"
+      },
+      engines: {
+        node: ">=18.0.0"
+      },
+      dependencies: {
+        chalk: "^5.3.0",
+        commander: "^12.1.0",
+        glob: "^11.0.0",
+        ora: "^8.1.0"
+      },
+      devDependencies: {
+        "@types/node": "^20.11.0",
+        tsup: "^8.0.0",
+        typescript: "^5.4.0",
+        vitest: "^2.0.0"
+      }
+    };
+  }
+});
+
 // src/index.ts
 var import_commander = require("commander");
 var import_chalk2 = __toESM(require("chalk"));
 var import_ora = __toESM(require("ora"));
-var import_promises4 = require("fs/promises");
+var import_promises5 = require("fs/promises");
 
 // src/discovery/claude-desktop.ts
 var import_path2 = require("path");
@@ -53,7 +133,7 @@ async function parseMCPConfig(configPath, source) {
   try {
     const raw = await (0, import_promises.readFile)(configPath, "utf-8");
     const config = JSON.parse(raw);
-    const servers = config.mcpServers || config;
+    const servers = config.mcpServers || config.servers || config;
     if (typeof servers !== "object" || servers === null) {
       return [];
     }
@@ -118,13 +198,63 @@ async function discoverCursor() {
 
 // src/discovery/claude-code.ts
 var import_path4 = require("path");
+var import_fs2 = require("fs");
 async function discoverClaudeCode() {
   const home = getHome();
-  const paths = [
+  const allServers = [];
+  const traditionalPaths = [
     (0, import_path4.join)(home, ".claude.json"),
     (0, import_path4.join)(process.cwd(), ".mcp.json")
   ];
-  return tryConfigPaths(paths, "claude-code");
+  allServers.push(...await tryConfigPaths(traditionalPaths, "claude-code"));
+  const pluginCacheDir = (0, import_path4.join)(home, ".claude", "plugins", "cache", "claude-plugins-official");
+  if ((0, import_fs2.existsSync)(pluginCacheDir)) {
+    allServers.push(...await discoverPluginMCPConfigs(pluginCacheDir));
+  }
+  return allServers;
+}
+async function discoverPluginMCPConfigs(cacheDir) {
+  const servers = [];
+  const seen = /* @__PURE__ */ new Set();
+  let pluginDirs;
+  try {
+    pluginDirs = (0, import_fs2.readdirSync)(cacheDir, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  for (const pluginEntry of pluginDirs) {
+    if (!pluginEntry.isDirectory()) continue;
+    const pluginDir = (0, import_path4.join)(cacheDir, pluginEntry.name);
+    let versionDirs;
+    try {
+      versionDirs = (0, import_fs2.readdirSync)(pluginDir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const versionEntry of versionDirs) {
+      if (!versionEntry.isDirectory()) continue;
+      const versionDir = (0, import_path4.join)(pluginDir, versionEntry.name);
+      const candidates = [(0, import_path4.join)(versionDir, ".mcp.json")];
+      try {
+        for (const sub of (0, import_fs2.readdirSync)(versionDir, { withFileTypes: true })) {
+          if (sub.isDirectory()) {
+            candidates.push((0, import_path4.join)(versionDir, sub.name, ".mcp.json"));
+          }
+        }
+      } catch {
+      }
+      for (const candidate of candidates) {
+        const found = await parseMCPConfig(candidate, "claude-code");
+        for (const server of found) {
+          if (!seen.has(server.name)) {
+            seen.add(server.name);
+            servers.push(server);
+          }
+        }
+      }
+    }
+  }
+  return servers;
 }
 
 // src/discovery/windsurf.ts
@@ -146,10 +276,67 @@ async function discoverVSCode() {
   return tryConfigPaths(paths, "vscode");
 }
 
-// src/discovery/skills.ts
-var import_promises2 = require("fs/promises");
-var import_fs2 = require("fs");
+// src/discovery/openclaw.ts
 var import_path7 = require("path");
+var import_promises2 = require("fs/promises");
+var import_fs3 = require("fs");
+async function discoverOpenClaw() {
+  const home = getHome();
+  const allServers = [];
+  const seen = /* @__PURE__ */ new Set();
+  const configPaths = [
+    (0, import_path7.join)(home, ".openclaw", "openclaw.json"),
+    (0, import_path7.join)(process.cwd(), "openclaw.config.json")
+  ];
+  for (const server of await tryConfigPaths(configPaths, "openclaw")) {
+    if (!seen.has(server.name)) {
+      seen.add(server.name);
+      allServers.push(server);
+    }
+  }
+  const globalConfig = (0, import_path7.join)(home, ".openclaw", "openclaw.json");
+  if ((0, import_fs3.existsSync)(globalConfig)) {
+    for (const server of await parseAgentMCPConfigs(globalConfig)) {
+      if (!seen.has(server.name)) {
+        seen.add(server.name);
+        allServers.push(server);
+      }
+    }
+  }
+  return allServers;
+}
+async function parseAgentMCPConfigs(configPath) {
+  try {
+    const raw = await (0, import_promises2.readFile)(configPath, "utf-8");
+    const config = JSON.parse(raw);
+    const agents = config?.agents?.list;
+    if (!Array.isArray(agents)) return [];
+    const servers = [];
+    for (const agent of agents) {
+      const mcpServers = agent?.mcp?.servers;
+      if (!Array.isArray(mcpServers)) continue;
+      for (const server of mcpServers) {
+        if (!server.name || !server.command && !server.url) continue;
+        servers.push({
+          name: server.name,
+          source: "openclaw",
+          command: server.command || "",
+          args: Array.isArray(server.args) ? server.args : [],
+          env: server.env,
+          configPath
+        });
+      }
+    }
+    return servers;
+  } catch {
+    return [];
+  }
+}
+
+// src/discovery/skills.ts
+var import_promises3 = require("fs/promises");
+var import_fs4 = require("fs");
+var import_path8 = require("path");
 var import_glob = require("glob");
 async function discoverAllSkills() {
   const skills = [];
@@ -183,8 +370,8 @@ async function discoverClaudeCodeSkills() {
   const home = getHome();
   const skills = [];
   const projectPatterns = [
-    (0, import_path7.join)(process.cwd(), ".claude", "skills", "*", "SKILL.md"),
-    (0, import_path7.join)(process.cwd(), ".claude", "commands", "**", "*.md")
+    (0, import_path8.join)(process.cwd(), ".claude", "skills", "*", "SKILL.md"),
+    (0, import_path8.join)(process.cwd(), ".claude", "commands", "**", "*.md")
   ];
   for (const pattern of projectPatterns) {
     const files = await (0, import_glob.glob)(pattern, { absolute: true });
@@ -194,8 +381,8 @@ async function discoverClaudeCodeSkills() {
     }
   }
   const globalPatterns = [
-    (0, import_path7.join)(home, ".claude", "skills", "*", "SKILL.md"),
-    (0, import_path7.join)(home, ".claude", "commands", "**", "*.md")
+    (0, import_path8.join)(home, ".claude", "skills", "*", "SKILL.md"),
+    (0, import_path8.join)(home, ".claude", "commands", "**", "*.md")
   ];
   for (const pattern of globalPatterns) {
     const files = await (0, import_glob.glob)(pattern, { absolute: true });
@@ -209,8 +396,8 @@ async function discoverClaudeCodeSkills() {
 async function discoverGitHubCopilotSkills() {
   const skills = [];
   const patterns = [
-    (0, import_path7.join)(process.cwd(), ".github", "skills", "*", "SKILL.md"),
-    (0, import_path7.join)(process.cwd(), ".github", "copilot", "**", "*.md")
+    (0, import_path8.join)(process.cwd(), ".github", "skills", "*", "SKILL.md"),
+    (0, import_path8.join)(process.cwd(), ".github", "copilot", "**", "*.md")
   ];
   for (const pattern of patterns) {
     const files = await (0, import_glob.glob)(pattern, { absolute: true });
@@ -224,18 +411,18 @@ async function discoverGitHubCopilotSkills() {
 async function discoverCursorRules() {
   const home = getHome();
   const skills = [];
-  const projectPattern = (0, import_path7.join)(process.cwd(), ".cursor", "rules", "*.mdc");
+  const projectPattern = (0, import_path8.join)(process.cwd(), ".cursor", "rules", "*.mdc");
   const projectFiles = await (0, import_glob.glob)(projectPattern, { absolute: true });
   for (const filePath of projectFiles) {
     const entry = await readSkillFile(filePath, "cursor", "mdc-rule", "project");
     if (entry) skills.push(entry);
   }
-  const legacyPath = (0, import_path7.join)(process.cwd(), ".cursorrules");
-  if ((0, import_fs2.existsSync)(legacyPath)) {
+  const legacyPath = (0, import_path8.join)(process.cwd(), ".cursorrules");
+  if ((0, import_fs4.existsSync)(legacyPath)) {
     const entry = await readSkillFile(legacyPath, "cursor", "mdc-rule", "project");
     if (entry) skills.push(entry);
   }
-  const globalPattern = (0, import_path7.join)(home, ".cursor", "rules", "*.mdc");
+  const globalPattern = (0, import_path8.join)(home, ".cursor", "rules", "*.mdc");
   const globalFiles = await (0, import_glob.glob)(globalPattern, { absolute: true });
   for (const filePath of globalFiles) {
     const entry = await readSkillFile(filePath, "cursor", "mdc-rule", "global");
@@ -249,16 +436,21 @@ async function discoverMemoryFiles() {
   const cwd = process.cwd();
   const memoryFiles = [
     // Project-level memory files
-    { path: (0, import_path7.join)(cwd, "CLAUDE.md"), fileType: "claude.md", scope: "project" },
-    { path: (0, import_path7.join)(cwd, ".claude", "CLAUDE.md"), fileType: "claude.md", scope: "project" },
-    { path: (0, import_path7.join)(cwd, "SOUL.md"), fileType: "soul.md", scope: "project" },
-    { path: (0, import_path7.join)(cwd, "MEMORY.md"), fileType: "memory.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, "CLAUDE.md"), fileType: "claude.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, ".claude", "CLAUDE.md"), fileType: "claude.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, "SOUL.md"), fileType: "soul.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, "MEMORY.md"), fileType: "memory.md", scope: "project" },
+    // Additional project instruction files
+    { path: (0, import_path8.join)(cwd, ".github", "copilot-instructions.md"), fileType: "claude.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, "AGENTS.md"), fileType: "claude.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, ".windsurfrules"), fileType: "claude.md", scope: "project" },
+    { path: (0, import_path8.join)(cwd, "GEMINI.md"), fileType: "claude.md", scope: "project" },
     // Global memory files
-    { path: (0, import_path7.join)(home, ".claude", "CLAUDE.md"), fileType: "claude.md", scope: "global" },
-    { path: (0, import_path7.join)(home, "CLAUDE.md"), fileType: "claude.md", scope: "global" }
+    { path: (0, import_path8.join)(home, ".claude", "CLAUDE.md"), fileType: "claude.md", scope: "global" },
+    { path: (0, import_path8.join)(home, "CLAUDE.md"), fileType: "claude.md", scope: "global" }
   ];
   for (const { path, fileType, scope } of memoryFiles) {
-    if ((0, import_fs2.existsSync)(path)) {
+    if ((0, import_fs4.existsSync)(path)) {
       const entry = await readSkillFile(path, "memory-file", fileType, scope);
       if (entry) skills.push(entry);
     }
@@ -267,8 +459,8 @@ async function discoverMemoryFiles() {
 }
 async function readSkillFile(filePath, source, fileType, scope) {
   try {
-    const content = await (0, import_promises2.readFile)(filePath, "utf-8");
-    const fileStat = await (0, import_promises2.stat)(filePath);
+    const content = await (0, import_promises3.readFile)(filePath, "utf-8");
+    const fileStat = await (0, import_promises3.stat)(filePath);
     const name = deriveSkillName(filePath, fileType);
     return {
       name,
@@ -286,11 +478,11 @@ async function readSkillFile(filePath, source, fileType, scope) {
 function deriveSkillName(filePath, fileType) {
   switch (fileType) {
     case "skill.md": {
-      const parentDir = (0, import_path7.basename)((0, import_path7.dirname)(filePath));
-      return parentDir === "skills" ? (0, import_path7.basename)(filePath, ".md") : parentDir;
+      const parentDir = (0, import_path8.basename)((0, import_path8.dirname)(filePath));
+      return parentDir === "skills" ? (0, import_path8.basename)(filePath, ".md") : parentDir;
     }
     case "mdc-rule": {
-      const name = (0, import_path7.basename)(filePath);
+      const name = (0, import_path8.basename)(filePath);
       return name.replace(/\.(mdc|cursorrules?)$/, "") || name;
     }
     case "claude.md":
@@ -300,7 +492,7 @@ function deriveSkillName(filePath, fileType) {
     case "memory.md":
       return "MEMORY.md";
     default:
-      return (0, import_path7.basename)(filePath);
+      return (0, import_path8.basename)(filePath);
   }
 }
 
@@ -311,7 +503,8 @@ async function discoverAllServers(clientFilter) {
     { client: "cursor", fn: discoverCursor },
     { client: "claude-code", fn: discoverClaudeCode },
     { client: "windsurf", fn: discoverWindsurf },
-    { client: "vscode", fn: discoverVSCode }
+    { client: "vscode", fn: discoverVSCode },
+    { client: "openclaw", fn: discoverOpenClaw }
   ];
   const toRun = clientFilter ? discoverers.filter((d) => d.client === clientFilter) : discoverers;
   const servers = [];
@@ -359,15 +552,10 @@ var TOOL_POISONING_PATTERNS = [
     description: "Tool description instructs the AI agent to hide information from the user \u2014 a hallmark of tool poisoning.",
     recommendation: "Do NOT install this MCP server. Legitimate tools never instruct agents to hide actions."
   },
-  {
-    id: "TP-003",
-    category: "tool-poisoning",
-    severity: "critical",
-    title: "System prompt override attempt",
-    pattern: /you\s+are\s+(now\s+)?(a|an|acting\s+as)/i,
-    description: "Tool description attempts to redefine the AI agent's identity or role.",
-    recommendation: "Remove this MCP server. Tool descriptions should not redefine agent behavior."
-  },
+  // TP-003 removed: "you are a/an [role]" is too broad — matches legitimate
+  // role descriptions in skills (e.g., "You are a computer science professor").
+  // SK-001 covers the real threat (malicious persona hijacking) with proper
+  // specificity by requiring suspicious role terms like "hacker" or "jailbroken".
   {
     id: "TP-004",
     category: "tool-poisoning",
@@ -1313,6 +1501,7 @@ function deduplicateFindings2(findings) {
 
 // src/sentinel/sentinel.ts
 var import_child_process = require("child_process");
+var import_dns = require("dns");
 
 // src/sentinel/sentinel-patterns.ts
 var SUSPICIOUS_ENDPOINT_PATTERNS = [
@@ -1580,6 +1769,8 @@ var SentinelEngine = class {
   serverName;
   durationSeconds;
   onEvent;
+  /** DNS reverse-lookup cache: IP → hostname. Persists for the session. */
+  dnsCache = /* @__PURE__ */ new Map();
   constructor(options) {
     this.serverName = options.serverName;
     this.durationSeconds = options.durationSeconds || 120;
@@ -1588,11 +1779,15 @@ var SentinelEngine = class {
   /**
    * Start monitoring network activity for the given MCP server.
    *
-   * The monitor works in three modes depending on the OS and permissions:
-   *   1. macOS: Uses `nettop` or `networksetup` + `tcpdump`
-   *   2. Linux: Uses `ss` polling + optional `tcpdump`
-   *   3. Fallback: Uses Node.js HTTP/HTTPS module monkey-patching
-   *      (only captures Node.js HTTP requests from the current process tree)
+   * The monitor works in four modes depending on the OS and permissions:
+   *   1. macOS: Uses `lsof -i` polling (no root required)
+   *   2. Linux: Uses `ss -tnp` polling (no root required)
+   *   3. Windows: Uses PowerShell `Get-NetTCPConnection` (no admin required)
+   *   4. Fallback: Stub — events must be fed manually via ingestEvent()
+   *
+   * All modes perform async reverse-DNS enrichment so that endpoint patterns
+   * (pastebin.com, ngrok.io, etc.) match against resolved hostnames rather
+   * than raw IPs.
    */
   async startMonitoring() {
     this.startTime = Date.now();
@@ -1606,6 +1801,9 @@ var SentinelEngine = class {
       case "ss-poll":
         await this.startSsPolling();
         break;
+      case "netstat-poll":
+        await this.startNetstatPolling();
+        break;
       case "proxy":
         await this.startProxyCapture();
         break;
@@ -1734,66 +1932,103 @@ var SentinelEngine = class {
   }
   // ── Monitoring Methods ──
   detectMonitoringMethod() {
-    try {
-      (0, import_child_process.execSync)("which lsof", { stdio: "pipe" });
+    if (process.platform === "win32") {
+      return "netstat-poll";
+    }
+    if (process.platform === "darwin") {
       return "lsof-poll";
+    }
+    try {
+      (0, import_child_process.execFileSync)("which", ["ss"], { stdio: "pipe" });
+      return "ss-poll";
     } catch {
       try {
-        (0, import_child_process.execSync)("which ss", { stdio: "pipe" });
-        return "ss-poll";
+        (0, import_child_process.execFileSync)("which", ["lsof"], { stdio: "pipe" });
+        return "lsof-poll";
       } catch {
         return "proxy";
       }
     }
   }
   /**
-   * macOS/Linux: Poll `lsof` to capture network connections for a process.
-   * This is the lowest-privilege method — no root needed.
+   * macOS: Poll `lsof -i` to capture network connections.
+   * No root required. DNS-enriches IPs → hostnames before pattern matching.
    */
   async startLsofPolling() {
-    const pollInterval = setInterval(() => {
+    const safeName = this.serverName.replace(/[^a-zA-Z0-9._-]/g, "");
+    const pollInterval = setInterval(async () => {
       try {
-        const output = (0, import_child_process.execSync)(
-          `lsof -i -n -P 2>/dev/null | grep -i "${this.serverName}" || true`,
-          { timeout: 5e3, encoding: "utf-8" }
-        );
-        for (const line of output.split("\n").filter(Boolean)) {
-          const event = this.parseLsofLine(line);
-          if (event) this.ingestEvent(event);
-        }
+        const lsofOutput = (0, import_child_process.execFileSync)("/usr/sbin/lsof", ["-i", "-n", "-P"], {
+          timeout: 5e3,
+          encoding: "utf-8",
+          stdio: ["pipe", "pipe", "pipe"]
+        });
+        const lines = lsofOutput.split("\n").filter((line) => line.toLowerCase().includes(safeName.toLowerCase())).filter(Boolean);
+        const rawEvents = lines.map((l) => this.parseLsofLine(l)).filter((e) => e !== null);
+        const enriched = await Promise.all(rawEvents.map((e) => this.enrichWithHostname(e)));
+        for (const event of enriched) this.ingestEvent(event);
       } catch {
       }
     }, 2e3);
-    this.monitorProcess = {
-      kill: () => clearInterval(pollInterval)
-    };
-    setTimeout(() => {
-      clearInterval(pollInterval);
-    }, this.durationSeconds * 1e3);
+    this.monitorProcess = { kill: () => clearInterval(pollInterval) };
+    setTimeout(() => clearInterval(pollInterval), this.durationSeconds * 1e3);
   }
   /**
-   * Linux: Poll `ss` (socket statistics) for network connections.
+   * Linux: Poll `ss -tnp` (socket statistics) for network connections.
+   * No root required. DNS-enriches IPs → hostnames before pattern matching.
    */
   async startSsPolling() {
-    const pollInterval = setInterval(() => {
+    const safeName = this.serverName.replace(/[^a-zA-Z0-9._-]/g, "");
+    const pollInterval = setInterval(async () => {
       try {
-        const output = (0, import_child_process.execSync)(
-          `ss -tnp 2>/dev/null | grep "${this.serverName}" || true`,
-          { timeout: 5e3, encoding: "utf-8" }
-        );
-        for (const line of output.split("\n").filter(Boolean)) {
-          const event = this.parseSsLine(line);
-          if (event) this.ingestEvent(event);
-        }
+        const ssOutput = (0, import_child_process.execFileSync)("ss", ["-tnp"], {
+          timeout: 5e3,
+          encoding: "utf-8",
+          stdio: ["pipe", "pipe", "pipe"]
+        });
+        const lines = ssOutput.split("\n").filter((line) => line.includes(safeName)).filter(Boolean);
+        const rawEvents = lines.map((l) => this.parseSsLine(l)).filter((e) => e !== null);
+        const enriched = await Promise.all(rawEvents.map((e) => this.enrichWithHostname(e)));
+        for (const event of enriched) this.ingestEvent(event);
       } catch {
       }
     }, 2e3);
-    this.monitorProcess = {
-      kill: () => clearInterval(pollInterval)
-    };
-    setTimeout(() => {
-      clearInterval(pollInterval);
-    }, this.durationSeconds * 1e3);
+    this.monitorProcess = { kill: () => clearInterval(pollInterval) };
+    setTimeout(() => clearInterval(pollInterval), this.durationSeconds * 1e3);
+  }
+  /**
+   * Windows: Poll PowerShell `Get-NetTCPConnection` for established connections.
+   * No admin required (available on Windows 8+ / Server 2012+).
+   * DNS-enriches IPs → hostnames so endpoint patterns match correctly.
+   *
+   * Note: Unlike lsof/ss, this captures ALL machine connections (not filtered
+   * by process name) because Windows process-to-connection mapping requires
+   * admin rights. Vigil's patterns handle the noise — it flags what matters.
+   */
+  async startNetstatPolling() {
+    const psCommand = `Get-NetTCPConnection -State Established | Where-Object { $_.RemoteAddress -notmatch '^(127\\.|::1$|0\\.0\\.0\\.0$|::$)' } | Select-Object LocalAddress,LocalPort,RemoteAddress,RemotePort | ConvertTo-Csv -NoTypeInformation`;
+    const pollInterval = setInterval(async () => {
+      try {
+        const output = (0, import_child_process.execFileSync)("powershell", [
+          "-NoProfile",
+          "-NonInteractive",
+          "-Command",
+          psCommand
+        ], {
+          timeout: 8e3,
+          // PowerShell startup is slower than lsof
+          encoding: "utf-8",
+          stdio: ["pipe", "pipe", "pipe"]
+        });
+        const lines = output.split("\n").slice(1).map((l) => l.trim()).filter(Boolean);
+        const rawEvents = lines.map((l) => this.parsePowerShellLine(l)).filter((e) => e !== null);
+        const enriched = await Promise.all(rawEvents.map((e) => this.enrichWithHostname(e)));
+        for (const event of enriched) this.ingestEvent(event);
+      } catch {
+      }
+    }, 3e3);
+    this.monitorProcess = { kill: () => clearInterval(pollInterval) };
+    setTimeout(() => clearInterval(pollInterval), this.durationSeconds * 1e3);
   }
   /**
    * Fallback: Start a lightweight MITM proxy that MCP traffic routes through.
@@ -1839,6 +2074,65 @@ var SentinelEngine = class {
       tls: parseInt(remotePort, 10) === 443
     };
   }
+  /**
+   * Windows: Parse a CSV row from PowerShell `Get-NetTCPConnection | ConvertTo-Csv`.
+   * Format: "LocalAddress","LocalPort","RemoteAddress","RemotePort"
+   * Example: "192.168.1.5","54123","172.64.155.209","443"
+   */
+  parsePowerShellLine(line) {
+    const match = line.match(/^"?([^",]+)"?,"\d+","?([^",]+)"?,"?(\d+)"?/);
+    if (!match) return null;
+    const [, , remoteAddress, remotePort] = match;
+    const port = parseInt(remotePort, 10);
+    if (remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress.startsWith("10.") || remoteAddress.startsWith("192.168.") || /^172\.(1[6-9]|2\d|3[01])\./.test(remoteAddress)) {
+      return null;
+    }
+    return {
+      timestamp: Date.now(),
+      serverName: this.serverName,
+      method: "TCP",
+      url: `https://${remoteAddress}:${remotePort}/`,
+      destinationIp: remoteAddress,
+      port,
+      requestSize: 0,
+      tls: port === 443
+    };
+  }
+  // ── DNS Enrichment ──
+  /**
+   * Reverse-DNS lookup with a session-scoped cache.
+   * Returns the first PTR record if available, otherwise the raw IP.
+   *
+   * WHY this matters: Sentinel's endpoint patterns match against known-bad
+   * hostnames (pastebin.com, ngrok.io, etc.). Without DNS enrichment, lsof/ss/
+   * netstat all return raw IPs and those patterns would silently miss every hit.
+   */
+  async resolveIp(ip) {
+    const cached = this.dnsCache.get(ip);
+    if (cached !== void 0) return cached;
+    try {
+      const hostnames = await import_dns.promises.reverse(ip);
+      const hostname = hostnames[0] ?? ip;
+      this.dnsCache.set(ip, hostname);
+      return hostname;
+    } catch {
+      this.dnsCache.set(ip, ip);
+      return ip;
+    }
+  }
+  /**
+   * Enrich a NetworkEvent's url field with a resolved hostname.
+   * Returns a new event object (does not mutate the original).
+   */
+  async enrichWithHostname(event) {
+    if (!event.destinationIp) return event;
+    const hostname = await this.resolveIp(event.destinationIp);
+    if (hostname === event.destinationIp) return event;
+    return {
+      ...event,
+      url: `https://${hostname}:${event.port}/`
+    };
+  }
 };
 function getSentinelFeatures(tier) {
   switch (tier) {
@@ -2043,6 +2337,7 @@ function printNoServersFound() {
   console.log(import_chalk.default.gray("    \u2022 Claude Code config (.claude.json / .mcp.json)"));
   console.log(import_chalk.default.gray("    \u2022 Windsurf MCP config"));
   console.log(import_chalk.default.gray("    \u2022 VS Code MCP config (.vscode/mcp.json)"));
+  console.log(import_chalk.default.gray("    \u2022 OpenClaw config (~/.openclaw/openclaw.json)"));
   console.log("");
   console.log(import_chalk.default.gray("  If you have MCP servers configured elsewhere, use:"));
   console.log(import_chalk.default.cyan("    vigile-scan --config /path/to/config.json"));
@@ -2204,8 +2499,8 @@ function formatJSON(summary) {
 }
 
 // src/api/auth.ts
-var import_promises3 = require("fs/promises");
-var import_path8 = require("path");
+var import_promises4 = require("fs/promises");
+var import_path9 = require("path");
 var import_os2 = require("os");
 
 // src/api/client.ts
@@ -2216,7 +2511,19 @@ var VigileApiClient = class {
   baseUrl;
   token;
   constructor(baseUrl, token) {
-    this.baseUrl = (baseUrl || process.env.VIGILE_API_URL || DEFAULT_API_URL).replace(/\/+$/, "");
+    const rawUrl = (baseUrl || process.env.VIGILE_API_URL || DEFAULT_API_URL).replace(/\/+$/, "");
+    try {
+      const u = new URL(rawUrl);
+      if (u.protocol !== "https:" && u.hostname !== "localhost" && u.hostname !== "127.0.0.1") {
+        console.error(`[vigile] API URL must use HTTPS \u2014 falling back to default`);
+        this.baseUrl = DEFAULT_API_URL;
+      } else {
+        this.baseUrl = rawUrl;
+      }
+    } catch {
+      console.error(`[vigile] Invalid API URL \u2014 falling back to default`);
+      this.baseUrl = DEFAULT_API_URL;
+    }
     this.token = token || null;
   }
   get isAuthenticated() {
@@ -2301,8 +2608,8 @@ var VigileApiClient = class {
 };
 
 // src/api/auth.ts
-var CONFIG_DIR = (0, import_path8.join)((0, import_os2.homedir)(), ".vigile");
-var CONFIG_FILE = (0, import_path8.join)(CONFIG_DIR, "config.json");
+var CONFIG_DIR = (0, import_path9.join)((0, import_os2.homedir)(), ".vigile");
+var CONFIG_FILE = (0, import_path9.join)(CONFIG_DIR, "config.json");
 async function resolveToken() {
   const envToken = process.env.VIGILE_TOKEN;
   if (envToken && envToken.length > 0) {
@@ -2319,15 +2626,15 @@ async function resolveApiUrl() {
 }
 async function loadConfig() {
   try {
-    const raw = await (0, import_promises3.readFile)(CONFIG_FILE, "utf-8");
+    const raw = await (0, import_promises4.readFile)(CONFIG_FILE, "utf-8");
     return JSON.parse(raw);
   } catch {
     return {};
   }
 }
 async function saveConfig(config) {
-  await (0, import_promises3.mkdir)(CONFIG_DIR, { recursive: true });
-  await (0, import_promises3.writeFile)(CONFIG_FILE, JSON.stringify(config, null, 2), {
+  await (0, import_promises4.mkdir)(CONFIG_DIR, { recursive: true });
+  await (0, import_promises4.writeFile)(CONFIG_FILE, JSON.stringify(config, null, 2), {
     mode: 384
     // Owner read/write only
   });
@@ -2379,7 +2686,7 @@ async function getAuthenticatedClient() {
 }
 
 // src/index.ts
-var VERSION = "0.2.0";
+var VERSION = require_package().version;
 var program = new import_commander.Command();
 program.name("vigile-scan").description(
   "Security scanner for AI agent tools \u2014 detect tool poisoning, permission abuse, and supply chain attacks in MCP servers and agent skills"
@@ -2387,7 +2694,7 @@ program.name("vigile-scan").description(
 function addScanOptions(cmd) {
   return cmd.option("-j, --json", "Output results as JSON").option("-v, --verbose", "Show detailed findings and score breakdown").option("-c, --config <path>", "Path to a custom MCP config file").option("-o, --output <path>", "Write results to a file").option(
     "--client <client>",
-    "Only scan a specific client (claude-desktop, cursor, claude-code, windsurf, vscode)"
+    "Only scan a specific client (claude-desktop, cursor, claude-code, windsurf, vscode, openclaw)"
   ).option("-s, --skills", "Scan agent skills only (SKILL.md, .mdc rules, CLAUDE.md, etc.)").option("-a, --all", "Scan both MCP servers and agent skills").option("--sentinel", "Enable Sentinel runtime monitoring (Pro+ feature)").option("--sentinel-server <name>", "Monitor a specific MCP server by name").option("--sentinel-duration <seconds>", "Monitoring duration in seconds (default: 120)", parseInt).option("--no-upload", "Skip uploading scan results to Vigile API");
 }
 addScanOptions(
@@ -2527,9 +2834,13 @@ async function runScan(options) {
   if (isJSON) {
     const jsonOutput = formatJSON(summary);
     if (options.output) {
-      await (0, import_promises4.writeFile)(options.output, jsonOutput);
+      await (0, import_promises5.writeFile)(options.output, jsonOutput);
     } else {
-      console.log(jsonOutput);
+      await new Promise((resolve, reject) => {
+        const ok = process.stdout.write(jsonOutput + "\n");
+        if (ok) resolve();
+        else process.stdout.once("drain", resolve);
+      });
     }
   } else {
     console.log("");
@@ -2545,7 +2856,7 @@ async function runScan(options) {
     }
     printSummary(summary);
     if (options.output) {
-      await (0, import_promises4.writeFile)(options.output, formatJSON(summary));
+      await (0, import_promises5.writeFile)(options.output, formatJSON(summary));
       console.log(`  Results saved to ${options.output}`);
     }
   }
@@ -2556,6 +2867,13 @@ async function runScan(options) {
     await runSentinel(options, results, isJSON);
   }
   if (summary.bySeverity.critical > 0 || summary.bySeverity.high > 0) {
+    await new Promise((resolve) => {
+      if (process.stdout.writableNeedDrain) {
+        process.stdout.once("drain", resolve);
+      } else {
+        resolve();
+      }
+    });
     process.exit(1);
   }
 }