cipher-security 1.1.0__tar.gz → 1.3.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (246) hide show
  1. {cipher_security-1.1.0 → cipher_security-1.3.0}/.github/workflows/ci.yml +6 -6
  2. cipher_security-1.3.0/.github/workflows/release.yml +124 -0
  3. {cipher_security-1.1.0 → cipher_security-1.3.0}/.gitignore +1 -0
  4. cipher_security-1.3.0/CHANGELOG.md +132 -0
  5. {cipher_security-1.1.0 → cipher_security-1.3.0}/PKG-INFO +156 -29
  6. {cipher_security-1.1.0 → cipher_security-1.3.0}/README.md +149 -28
  7. cipher_security-1.3.0/agents/cipher-architect.md +82 -0
  8. cipher_security-1.3.0/agents/cipher-blue.md +74 -0
  9. cipher_security-1.3.0/agents/cipher-incident.md +66 -0
  10. cipher_security-1.3.0/agents/cipher-privacy.md +67 -0
  11. cipher_security-1.3.0/agents/cipher-purple.md +66 -0
  12. cipher_security-1.3.0/agents/cipher-recon.md +64 -0
  13. cipher_security-1.3.0/agents/cipher-red.md +69 -0
  14. cipher_security-1.3.0/agents/cipher-researcher.md +69 -0
  15. cipher_security-1.3.0/commands/aisec.md +15 -0
  16. cipher_security-1.3.0/commands/audit.md +97 -0
  17. cipher_security-1.3.0/commands/brief.md +134 -0
  18. cipher_security-1.3.0/commands/cc.md +15 -0
  19. cipher_security-1.3.0/commands/claudeapi.md +18 -0
  20. cipher_security-1.3.0/commands/cloud.md +19 -0
  21. cipher_security-1.3.0/commands/crypto.md +15 -0
  22. cipher_security-1.3.0/commands/cve.md +23 -0
  23. cipher_security-1.3.0/commands/devsecops.md +16 -0
  24. cipher_security-1.3.0/commands/engage.md +87 -0
  25. cipher_security-1.3.0/commands/export.md +104 -0
  26. cipher_security-1.3.0/commands/forensics.md +19 -0
  27. cipher_security-1.3.0/commands/hardening.md +16 -0
  28. cipher_security-1.3.0/commands/hunt.md +16 -0
  29. cipher_security-1.3.0/commands/ics.md +15 -0
  30. cipher_security-1.3.0/commands/insider.md +15 -0
  31. cipher_security-1.3.0/commands/ir.md +16 -0
  32. cipher_security-1.3.0/commands/malware.md +16 -0
  33. cipher_security-1.3.0/commands/mobile.md +14 -0
  34. cipher_security-1.3.0/commands/ollama.md +18 -0
  35. cipher_security-1.3.0/commands/phishing.md +15 -0
  36. cipher_security-1.3.0/commands/privacy.md +16 -0
  37. cipher_security-1.3.0/commands/purple.md +16 -0
  38. cipher_security-1.3.0/commands/recon.md +16 -0
  39. cipher_security-1.3.0/commands/redteam.md +21 -0
  40. cipher_security-1.3.0/commands/report.md +24 -0
  41. cipher_security-1.3.0/commands/resume.md +64 -0
  42. cipher_security-1.3.0/commands/setup-hooks.md +117 -0
  43. cipher_security-1.3.0/commands/sigma.md +16 -0
  44. cipher_security-1.3.0/commands/smart.md +18 -0
  45. cipher_security-1.3.0/commands/threatintel.md +15 -0
  46. cipher_security-1.3.0/commands/threatmodel.md +16 -0
  47. cipher_security-1.3.0/commands/update.md +97 -0
  48. cipher_security-1.3.0/commands/web.md +16 -0
  49. cipher_security-1.3.0/completions/cipher.bash +17 -0
  50. cipher_security-1.3.0/completions/cipher.fish +31 -0
  51. cipher_security-1.3.0/completions/cipher.zsh +14 -0
  52. {cipher_security-1.1.0 → cipher_security-1.3.0}/config.yaml.example +15 -1
  53. cipher_security-1.3.0/hooks/cipher-context-monitor.js +241 -0
  54. cipher_security-1.3.0/hooks/cipher-statusline.js +165 -0
  55. {cipher_security-1.1.0 → cipher_security-1.3.0}/pyproject.toml +7 -2
  56. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/app.py +426 -21
  57. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/cli.py +1 -1
  58. cipher_security-1.3.0/src/gateway/client.py +248 -0
  59. cipher_security-1.3.0/src/gateway/complexity.py +330 -0
  60. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/config.py +20 -3
  61. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/dashboard.py +1 -1
  62. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/gateway.py +7 -0
  63. cipher_security-1.3.0/src/gateway/plugins.py +376 -0
  64. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/prompt.py +15 -0
  65. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/conftest.py +20 -0
  66. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_client.py +61 -0
  67. cipher_security-1.3.0/tests/test_complexity.py +341 -0
  68. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_config.py +35 -0
  69. cipher_security-1.3.0/tests/test_plugins.py +234 -0
  70. cipher_security-1.3.0/vscode/.gitignore +3 -0
  71. cipher_security-1.3.0/vscode/README.md +47 -0
  72. cipher_security-1.3.0/vscode/media/cipher-icon.svg +4 -0
  73. cipher_security-1.3.0/vscode/package-lock.json +4019 -0
  74. cipher_security-1.3.0/vscode/package.json +124 -0
  75. cipher_security-1.3.0/vscode/src/extension.ts +100 -0
  76. cipher_security-1.3.0/vscode/src/gateway.ts +91 -0
  77. cipher_security-1.3.0/vscode/src/sidebar.ts +408 -0
  78. cipher_security-1.3.0/vscode/tsconfig.json +16 -0
  79. cipher_security-1.1.0/.github/workflows/release.yml +0 -63
  80. cipher_security-1.1.0/src/gateway/client.py +0 -57
  81. {cipher_security-1.1.0 → cipher_security-1.3.0}/.dockerignore +0 -0
  82. {cipher_security-1.1.0 → cipher_security-1.3.0}/.github/ISSUE_TEMPLATE/bug_report.md +0 -0
  83. {cipher_security-1.1.0 → cipher_security-1.3.0}/.github/ISSUE_TEMPLATE/feature_request.md +0 -0
  84. {cipher_security-1.1.0 → cipher_security-1.3.0}/.github/ISSUE_TEMPLATE/knowledge_request.md +0 -0
  85. {cipher_security-1.1.0 → cipher_security-1.3.0}/.hooks/post-commit +0 -0
  86. {cipher_security-1.1.0 → cipher_security-1.3.0}/CLAUDE.md +0 -0
  87. {cipher_security-1.1.0 → cipher_security-1.3.0}/CONTRIBUTING.md +0 -0
  88. {cipher_security-1.1.0 → cipher_security-1.3.0}/Dockerfile +0 -0
  89. {cipher_security-1.1.0 → cipher_security-1.3.0}/Dockerfile.bot +0 -0
  90. {cipher_security-1.1.0 → cipher_security-1.3.0}/LICENSE +0 -0
  91. {cipher_security-1.1.0 → cipher_security-1.3.0}/Modelfile +0 -0
  92. {cipher_security-1.1.0 → cipher_security-1.3.0}/docker-compose.yml +0 -0
  93. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/00-MASTER-INDEX.md +0 -0
  94. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/active-directory-deep.md +0 -0
  95. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/ai-defense-deep.md +0 -0
  96. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/api-exploitation-deep.md +0 -0
  97. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/attack-chains-synthesis.md +0 -0
  98. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/aws-security-ultimate.md +0 -0
  99. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/azure-security-ultimate.md +0 -0
  100. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/binary-exploitation-deep.md +0 -0
  101. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/blockchain-web3-deep.md +0 -0
  102. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/breach-case-studies-deep.md +0 -0
  103. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/bugbounty-methodology-deep.md +0 -0
  104. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/c2-postexploit-deep.md +0 -0
  105. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/cloud-attacks-deep.md +0 -0
  106. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/cloud-infra-deep.md +0 -0
  107. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/compliance-frameworks-deep.md +0 -0
  108. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/container-k8s-deep.md +0 -0
  109. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/crypto-pki-tls-deep.md +0 -0
  110. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/ctf-methodology-deep.md +0 -0
  111. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/curated-resources-deep.md +0 -0
  112. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/data-protection-deep.md +0 -0
  113. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/defensive-deep.md +0 -0
  114. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/defensive-synthesis.md +0 -0
  115. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/dev-security-deep.md +0 -0
  116. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/devsecops-sdlc-deep.md +0 -0
  117. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/dfir-hunting-deep.md +0 -0
  118. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/dns-email-infra-deep.md +0 -0
  119. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/edr-av-internals-deep.md +0 -0
  120. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/email-forensics-deep.md +0 -0
  121. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/email-phishing-se-deep.md +0 -0
  122. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/emerging-threats-deep.md +0 -0
  123. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/encoding-manipulation-deep.md +0 -0
  124. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/evasion-detection-catalog.md +0 -0
  125. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/evasion-techniques-deep.md +0 -0
  126. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/exfil-tunneling-deep.md +0 -0
  127. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/forensics-artifacts-deep.md +0 -0
  128. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/gcp-security-deep.md +0 -0
  129. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/grc-risk-deep.md +0 -0
  130. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/hardening-guides-ultimate.md +0 -0
  131. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/ics-scada-deep.md +0 -0
  132. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/identity-auth-deep.md +0 -0
  133. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/incident-playbooks-deep.md +0 -0
  134. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/index.md +0 -0
  135. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/insider-threat-dlp-deep.md +0 -0
  136. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/kubernetes-attacks-deep.md +0 -0
  137. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/linux-exploitation-deep.md +0 -0
  138. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/logging-monitoring-deep.md +0 -0
  139. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/malware-analysis-deep.md +0 -0
  140. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/malware-re-evasion-deep.md +0 -0
  141. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/mitre-attack-deep.md +0 -0
  142. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/mobile-security-deep.md +0 -0
  143. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/network-attacks-deep.md +0 -0
  144. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/network-forensics-deep.md +0 -0
  145. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/network-protocol-deep.md +0 -0
  146. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/network-segmentation-deep.md +0 -0
  147. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/offensive-deep.md +0 -0
  148. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/osint-tradecraft-deep.md +0 -0
  149. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/password-credential-deep.md +0 -0
  150. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/pentest-cheatsheet-ultimate.md +0 -0
  151. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/pentest-reporting-deep.md +0 -0
  152. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/pentestgpt-deep.md +0 -0
  153. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/powershell-security-deep.md +0 -0
  154. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/privacy-crypto-deep.md +0 -0
  155. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/privacy-engineering-deep.md +0 -0
  156. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/privacy-osint-deep.md +0 -0
  157. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/privacy-regulations-deep.md +0 -0
  158. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/purple-team-deep.md +0 -0
  159. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/purple-team-exercises-deep.md +0 -0
  160. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/recon-osint-deep.md +0 -0
  161. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/redteam-infra-deep.md +0 -0
  162. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/secops-runbooks-deep.md +0 -0
  163. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/secure-coding-deep.md +0 -0
  164. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/secure-infrastructure-deep.md +0 -0
  165. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-architecture-deep.md +0 -0
  166. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-automation-deep.md +0 -0
  167. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-certifications-deep.md +0 -0
  168. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-leadership-deep.md +0 -0
  169. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-mastery-deep.md +0 -0
  170. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-metrics-deep.md +0 -0
  171. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/security-scenarios.md +0 -0
  172. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/shells-arsenal-deep.md +0 -0
  173. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/siem-soc-deep.md +0 -0
  174. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/sigma-detection-deep.md +0 -0
  175. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/social-engineering-deep.md +0 -0
  176. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/startup-security-deep.md +0 -0
  177. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/stylesheets/cipher-cards.css +0 -0
  178. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/stylesheets/cipher-glow.css +0 -0
  179. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/stylesheets/cipher-theme.css +0 -0
  180. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/supplementary-security-knowledge.md +0 -0
  181. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/supply-chain-security-deep.md +0 -0
  182. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/threat-hunting-deep.md +0 -0
  183. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/threat-intel-deep.md +0 -0
  184. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/threat-modeling-arch-deep.md +0 -0
  185. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/timeline-analysis-deep.md +0 -0
  186. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/vuln-research-deep.md +0 -0
  187. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/websec-deep.md +0 -0
  188. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/windows-ad-deep.md +0 -0
  189. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/windows-eventlog-mastery.md +0 -0
  190. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/windows-internals-deep.md +0 -0
  191. {cipher_security-1.1.0 → cipher_security-1.3.0}/knowledge/wireless-physical-iot-deep.md +0 -0
  192. {cipher_security-1.1.0 → cipher_security-1.3.0}/mkdocs.yml +0 -0
  193. {cipher_security-1.1.0 → cipher_security-1.3.0}/scripts/docs-build.sh +0 -0
  194. {cipher_security-1.1.0 → cipher_security-1.3.0}/scripts/docs-serve.sh +0 -0
  195. {cipher_security-1.1.0 → cipher_security-1.3.0}/scripts/install.ps1 +0 -0
  196. {cipher_security-1.1.0 → cipher_security-1.3.0}/scripts/install.sh +0 -0
  197. {cipher_security-1.1.0 → cipher_security-1.3.0}/scripts/setup-ollama.sh +0 -0
  198. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/automation-scripting/SKILL.md +0 -0
  199. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/blue-team/SKILL.md +0 -0
  200. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/incident-response/SKILL.md +0 -0
  201. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/osint-recon/SKILL.md +0 -0
  202. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/privacy-engineering/SKILL.md +0 -0
  203. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/purple-team/SKILL.md +0 -0
  204. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/red-team/SKILL.md +0 -0
  205. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/red-team/active-directory/SKILL.md +0 -0
  206. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/red-team/cloud/SKILL.md +0 -0
  207. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/red-team/post-exploitation/SKILL.md +0 -0
  208. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/red-team/web/SKILL.md +0 -0
  209. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/security-architecture/SKILL.md +0 -0
  210. {cipher_security-1.1.0 → cipher_security-1.3.0}/skills/threat-intelligence/SKILL.md +0 -0
  211. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/__init__.py +0 -0
  212. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/bot/__init__.py +0 -0
  213. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/bot/bot.py +0 -0
  214. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/bot/format.py +0 -0
  215. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/bot/session.py +0 -0
  216. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/__init__.py +0 -0
  217. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/migrations.py +0 -0
  218. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/mode.py +0 -0
  219. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/retriever.py +0 -0
  220. {cipher_security-1.1.0 → cipher_security-1.3.0}/src/gateway/theme.py +0 -0
  221. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/__init__.py +0 -0
  222. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_bot.py +0 -0
  223. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_cli_commands.py +0 -0
  224. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_cli_smart.py +0 -0
  225. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_config_edge_cases.py +0 -0
  226. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_dashboard.py +0 -0
  227. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_e2e_pipeline.py +0 -0
  228. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_format.py +0 -0
  229. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_gateway.py +0 -0
  230. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_guardrails.py +0 -0
  231. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_install_scripts.py +0 -0
  232. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_integration.py +0 -0
  233. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_knowledge_format.py +0 -0
  234. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_migrations.py +0 -0
  235. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_mode.py +0 -0
  236. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_mode_routing.py +0 -0
  237. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_performance.py +0 -0
  238. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_prompt.py +0 -0
  239. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_rag_quality.py +0 -0
  240. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_retriever.py +0 -0
  241. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_security_scan.py +0 -0
  242. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_session.py +0 -0
  243. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_setup_signal.py +0 -0
  244. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_skill_content.py +0 -0
  245. {cipher_security-1.1.0 → cipher_security-1.3.0}/tests/test_streaming.py +0 -0
  246. {cipher_security-1.1.0 → cipher_security-1.3.0}/uv.lock +0 -0
@@ -14,10 +14,10 @@ jobs:
14
14
  python-version: ["3.14"]
15
15
 
16
16
  steps:
17
- - uses: actions/checkout@v4
17
+ - uses: actions/checkout@v6
18
18
 
19
19
  - name: Set up Python ${{ matrix.python-version }}
20
- uses: actions/setup-python@v5
20
+ uses: actions/setup-python@v6
21
21
  with:
22
22
  python-version: ${{ matrix.python-version }}
23
23
 
@@ -31,15 +31,15 @@ jobs:
31
31
  env:
32
32
  PYTHONPATH: src
33
33
  run: |
34
- pytest tests/ -v --ignore=tests/test_integration.py --tb=short
34
+ pytest tests/ -v --ignore=tests/test_integration.py --ignore=tests/test_performance.py --ignore=tests/test_gateway.py --tb=short
35
35
 
36
36
  lint:
37
37
  runs-on: ubuntu-latest
38
38
  steps:
39
- - uses: actions/checkout@v4
39
+ - uses: actions/checkout@v6
40
40
 
41
41
  - name: Set up Python
42
- uses: actions/setup-python@v5
42
+ uses: actions/setup-python@v6
43
43
  with:
44
44
  python-version: "3.14"
45
45
 
@@ -54,7 +54,7 @@ jobs:
54
54
  knowledge-check:
55
55
  runs-on: ubuntu-latest
56
56
  steps:
57
- - uses: actions/checkout@v4
57
+ - uses: actions/checkout@v6
58
58
 
59
59
  - name: Verify knowledge base integrity
60
60
  run: |
@@ -0,0 +1,124 @@
1
+ name: Release
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - "v*"
7
+
8
+ permissions:
9
+ contents: write
10
+ packages: write
11
+
12
+ jobs:
13
+ pypi:
14
+ name: Publish to PyPI
15
+ runs-on: ubuntu-latest
16
+ environment: release
17
+ permissions:
18
+ id-token: write
19
+ steps:
20
+ - uses: actions/checkout@v6
21
+
22
+ - name: Set up Python
23
+ uses: actions/setup-python@v6
24
+ with:
25
+ python-version: "3.14"
26
+
27
+ - name: Install build tools
28
+ run: pip install build twine
29
+
30
+ - name: Build package
31
+ run: python -m build
32
+
33
+ - name: Publish to PyPI
34
+ env:
35
+ TWINE_USERNAME: __token__
36
+ TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
37
+ run: twine upload dist/* --skip-existing
38
+
39
+ docker:
40
+ name: Push Docker image
41
+ runs-on: ubuntu-latest
42
+ steps:
43
+ - uses: actions/checkout@v6
44
+
45
+ - name: Log in to GHCR
46
+ uses: docker/login-action@v3
47
+ with:
48
+ registry: ghcr.io
49
+ username: ${{ github.actor }}
50
+ password: ${{ secrets.GITHUB_TOKEN }}
51
+
52
+ - name: Extract version from tag
53
+ id: version
54
+ run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
55
+
56
+ - name: Build and push
57
+ uses: docker/build-push-action@v6
58
+ with:
59
+ context: .
60
+ push: true
61
+ tags: |
62
+ ghcr.io/defconxt/cipher:latest
63
+ ghcr.io/defconxt/cipher:${{ steps.version.outputs.VERSION }}
64
+
65
+ vscode:
66
+ name: Package VS Code extension
67
+ runs-on: ubuntu-latest
68
+ steps:
69
+ - uses: actions/checkout@v6
70
+
71
+ - name: Set up Node.js
72
+ uses: actions/setup-node@v4
73
+ with:
74
+ node-version: "22"
75
+
76
+ - name: Extract version from tag
77
+ id: version
78
+ run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
79
+
80
+ - name: Update extension version
81
+ working-directory: vscode
82
+ run: npm version ${{ steps.version.outputs.VERSION }} --no-git-tag-version
83
+
84
+ - name: Install dependencies and build
85
+ working-directory: vscode
86
+ run: |
87
+ npm install
88
+ npm run compile
89
+
90
+ - name: Package VSIX
91
+ working-directory: vscode
92
+ run: npx @vscode/vsce package --no-dependencies
93
+
94
+ - name: Upload VSIX to GitHub Release
95
+ uses: softprops/action-gh-release@v2
96
+ with:
97
+ files: vscode/*.vsix
98
+
99
+ github-release:
100
+ name: Create GitHub Release
101
+ runs-on: ubuntu-latest
102
+ needs: [pypi, docker, vscode]
103
+ steps:
104
+ - uses: actions/checkout@v6
105
+
106
+ - name: Extract version from tag
107
+ id: version
108
+ run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
109
+
110
+ - name: Extract changelog for version
111
+ id: changelog
112
+ run: |
113
+ # Extract the section for this version from CHANGELOG.md
114
+ awk '/^## \['"${{ steps.version.outputs.VERSION }}"'\]/{found=1; next} /^## \[/{if(found) exit} found{print}' CHANGELOG.md > /tmp/release-notes.md
115
+ echo "NOTES<<EOF" >> $GITHUB_OUTPUT
116
+ cat /tmp/release-notes.md >> $GITHUB_OUTPUT
117
+ echo "EOF" >> $GITHUB_OUTPUT
118
+
119
+ - name: Create/update GitHub Release
120
+ uses: softprops/action-gh-release@v2
121
+ with:
122
+ name: CIPHER v${{ steps.version.outputs.VERSION }}
123
+ body: ${{ steps.changelog.outputs.NOTES }}
124
+ generate_release_notes: false
@@ -6,3 +6,4 @@ config.yaml
6
6
  __pycache__/
7
7
  .chromadb/
8
8
  site/
9
+ dist/
@@ -0,0 +1,132 @@
1
+ # Changelog
2
+
3
+ All notable changes to CIPHER are documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [Unreleased]
9
+
10
+ ## [1.3.0] - 2026-03-16
11
+
12
+ ### Added
13
+
14
+ - **Multi-provider via LiteLLM** — `pip install cipher-security[multi]` enables any LiteLLM-supported model (OpenAI, Gemini, Mistral, Groq, Azure, etc.) via `--backend litellm` or `llm_backend: litellm` in config. Adapter wraps `litellm.completion()` behind Anthropic-compatible interface — no gateway branching needed.
15
+ - **Plugin system** — extend CIPHER with custom skills. CLI: `cipher plugin list/install/remove/info`. Plugins discovered from `~/.config/cipher/plugins/` and Python entry points (`cipher.skills` group). Priority-sorted injection into system prompt. 12 tests.
16
+ - **VS Code extension** — sidebar chat with streaming, right-click code analysis, mode/backend selectors. Subprocess-based (no daemon). Source in `vscode/`.
17
+ - **Web UI** — `cipher web` launches a browser-accessible Textual interface via `textual-serve`. Requires `pip install cipher-security[web]`.
18
+ - **Bash and Zsh shell completions** — `completions/cipher.bash` and `completions/cipher.zsh` alongside existing Fish completions.
19
+ - **Setup wizard LiteLLM support** — `cipher setup` now offers LiteLLM as option 3 with model string, API key, and base URL prompts.
20
+ - Optional dependency extras: `[multi]` (LiteLLM), `[web]` (Textual web), `[all]` (everything)
21
+
22
+ ### Changed
23
+
24
+ - Architecture diagram updated: three backends (Ollama, Claude, LiteLLM), seven interfaces (CLI, Dashboard, Web, VS Code, Claude Code, Signal Bot, Docker)
25
+ - README rewritten: multi-provider docs, plugin system, VS Code extension, web UI, shell completions, updated test count (485), corrected skill count (9)
26
+ - CI updated to `actions/checkout@v6` and `actions/setup-python@v6` (Node.js 24 migration)
27
+ - VS Code gateway simplified from spawn+fallback to clean `execFile` invocation
28
+
29
+ ### Fixed
30
+
31
+ - Setup wizard only offered ollama/claude — added litellm as third option
32
+ - Setup step 2 had no litellm config branch — added model, api_key, api_base prompts
33
+
34
+ ## [1.2.0] - 2026-03-16
35
+
36
+ ### Added
37
+
38
+ - Dynamic version resolution from package metadata
39
+ - Fish shell completions
40
+ - **Context monitor hook** — PostToolUse hook warns at 35%/25% remaining context, engagement-aware messaging
41
+ - **Statusline hook** — model, directory, and context usage bar for Claude Code
42
+ - **`/cipher:update`** — self-update from PyPI with changelog display and confirmation
43
+ - **`/cipher:setup-hooks`** — register hooks in Claude Code, GSD-aware coexistence
44
+ - **Auto-install hooks** during `cipher setup` (detects and coexists with GSD)
45
+ - **Complexity classifier** (`gateway/complexity.py`) — multi-signal heuristic routing: length, domain keywords, query structure, framework density
46
+ - **Engagement persistence** — `.cipher/` directory with `ENGAGEMENT.md` as single source of truth
47
+ - **`/cipher:engage`** — initialize security engagements (pentest, audit, IR, threat-model, assessment)
48
+ - **`/cipher:resume`** — resume engagement with status briefing
49
+ - **`/cipher:export`** — export engagement as formatted security report
50
+ - **8 agent definitions** — cipher-red, cipher-blue, cipher-purple, cipher-incident, cipher-recon, cipher-privacy, cipher-architect, cipher-researcher
51
+ - **Wave-based parallel dispatch** for `/cipher:audit` (4 parallel agents + synthesis)
52
+ - **Wave-based parallel dispatch** for `/cipher:brief` (4 parallel agents + synthesis)
53
+ - All 34 slash commands shipped in `commands/` directory for distribution
54
+ - CHANGELOG.md
55
+
56
+ ### Changed
57
+
58
+ - Smart routing upgraded from keyword matching to score-based complexity classifier (SIMPLE/MODERATE→Ollama, COMPLEX/EXPERT→Claude)
59
+ - `/cipher:audit` rewritten with 2-wave parallel architecture (4x faster)
60
+ - `/cipher:brief` rewritten with 2-wave parallel architecture (4x faster)
61
+ - README updated with hooks, engagements, and update documentation (35 skills)
62
+
63
+ ## [1.1.0] - 2026-03-16
64
+
65
+ Version bump only — no functional changes beyond 0.3.0.
66
+
67
+ ## [0.3.0] - 2026-03-16
68
+
69
+ ### Added
70
+
71
+ - `/cipher:brief` orchestrator mode
72
+ - Knowledge base expansion: tomnomnom recon tooling, abliteration techniques
73
+ - Streaming responses in CLI
74
+ - Signal bot RAG integration
75
+ - Comprehensive test expansion — 10 new test modules (940+ total tests)
76
+ - Config migrations framework with 7 tests
77
+ - CONTRIBUTING.md and GitHub issue templates
78
+ - Asciinema demo and PyPI badge in README
79
+
80
+ ### Changed
81
+
82
+ - Require Python 3.14+, drop 3.10–3.13 support
83
+ - Update Docker and release workflow to Python 3.14
84
+ - Expand `threat-intel-deep.md` (800 to 2300 lines)
85
+ - Expand `evasion-techniques-deep.md` (801 to 2073 lines)
86
+ - Skip RAG ingestion during setup if index already populated (performance)
87
+ - Update README — 29 skills, Python 3.14+, 940+ tests, new KB content
88
+
89
+ ### Fixed
90
+
91
+ - Write config to `~/.config/cipher/` instead of pipx venv directory
92
+ - Multi-word queries, graceful config errors, data bundling
93
+ - Strip ANSI codes in CLI tests, skip ingest tests in CI
94
+ - Resolve test failures — import paths, timeouts, and RAG assertions
95
+ - CI test failures — ANSI escape codes and ingest timeouts
96
+
97
+ ## [0.2.0] - 2026-03-15
98
+
99
+ ### Added
100
+
101
+ - Multi-interface architecture rewrite (CIPHER v2.0)
102
+ - Typer CLI with Rich cyberpunk theme
103
+ - Cyberpunk TUI dashboard (`cipher dashboard`)
104
+ - Onboarding wizard (`cipher setup`)
105
+ - RAG pipeline for knowledge base retrieval (ChromaDB)
106
+ - Auto re-ingest RAG on `knowledge/` file changes
107
+ - RAG retriever tests and GitHub Actions CI
108
+ - ARCHITECT skill file and purple team exercise playbooks
109
+ - Deep knowledge expansion — 7 documents, 18K+ new lines
110
+ - Install scripts and Docker support
111
+ - Release workflow — PyPI and GHCR on version tags
112
+ - Config upgrade — env var substitution and secret redaction
113
+ - Validation test suite — guardrails, RAG quality, mode routing
114
+ - Cyberpunk knowledge base theme for cipher.blacktemple.net
115
+ - Signal bot with E2E fixes, setup subcommand, session manager
116
+ - Gateway orchestrator, LLM client factory, mode detection, prompt assembly
117
+ - AGPL-3.0 license and copyright headers
118
+
119
+ ### Fixed
120
+
121
+ - Docker build (use pip instead of uv) and PyPI skip-existing
122
+ - Signal-api healthcheck (wget to curl)
123
+ - Host install scripts via GitHub raw URLs
124
+ - CI install all deps including signal extra
125
+ - Resolve ruff lint errors (F401, F841)
126
+
127
+ [Unreleased]: https://github.com/defconxt/CIPHER/compare/v1.3.0...HEAD
128
+ [1.3.0]: https://github.com/defconxt/CIPHER/compare/v1.2.0...v1.3.0
129
+ [1.2.0]: https://github.com/defconxt/CIPHER/compare/v1.1.0...v1.2.0
130
+ [1.1.0]: https://github.com/defconxt/CIPHER/compare/v0.3.0...v1.1.0
131
+ [0.3.0]: https://github.com/defconxt/CIPHER/compare/v0.2.0...v0.3.0
132
+ [0.2.0]: https://github.com/defconxt/CIPHER/compare/v1.0...v0.2.0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cipher-security
3
- Version: 1.1.0
3
+ Version: 1.3.0
4
4
  Summary: CIPHER — Security Engineering Assistant with RAG-powered knowledge base
5
5
  Project-URL: Homepage, https://github.com/defconxt/CIPHER
6
6
  Project-URL: Documentation, https://blacktemple.net/cipher
@@ -27,9 +27,15 @@ Requires-Dist: rich>=13.0
27
27
  Requires-Dist: textual>=1.0
28
28
  Requires-Dist: typer>=0.12
29
29
  Provides-Extra: all
30
+ Requires-Dist: litellm>=1.40.0; extra == 'all'
30
31
  Requires-Dist: signalbot>=0.25.0; extra == 'all'
32
+ Requires-Dist: textual-serve>=1.1.0; extra == 'all'
33
+ Provides-Extra: multi
34
+ Requires-Dist: litellm>=1.40.0; extra == 'multi'
31
35
  Provides-Extra: signal
32
36
  Requires-Dist: signalbot>=0.25.0; extra == 'signal'
37
+ Provides-Extra: web
38
+ Requires-Dist: textual-serve>=1.1.0; extra == 'web'
33
39
  Description-Content-Type: text/markdown
34
40
 
35
41
  <!-- Copyright (c) 2026 defconxt. All rights reserved. -->
@@ -55,8 +61,8 @@ Description-Content-Type: text/markdown
55
61
  [![Python 3.14+](https://img.shields.io/badge/python-3.14+-00ff41.svg)](https://python.org)
56
62
 
57
63
  A principal-level security engineering assistant with 96 deep-dive knowledge docs,
58
- RAG-powered retrieval, 7 operating modes, and 29 specialized skills.
59
- Runs locally via Ollama or cloud via Claude API.
64
+ RAG-powered retrieval, 7 operating modes, and a plugin system.
65
+ Runs locally via Ollama, cloud via Claude API, or any provider via LiteLLM.
60
66
 
61
67
  [![Demo](https://asciinema.org/a/0MjCmtsarnsztdQ6.svg)](https://asciinema.org/a/0MjCmtsarnsztdQ6)
62
68
 
@@ -86,6 +92,14 @@ pip install cipher-security
86
92
  cipher setup
87
93
  ```
88
94
 
95
+ **With optional extras:**
96
+ ```bash
97
+ pip install cipher-security[multi] # LiteLLM multi-provider support
98
+ pip install cipher-security[web] # Textual web UI
99
+ pip install cipher-security[signal] # Signal bot
100
+ pip install cipher-security[all] # Everything
101
+ ```
102
+
89
103
  **Docker:**
90
104
  ```bash
91
105
  docker run -it ghcr.io/defconxt/cipher "how do I detect Kerberoasting"
@@ -103,9 +117,15 @@ cipher "[MODE: RED] exploit AS-REP roasting in Active Directory"
103
117
  # Auto-route: simple queries → local Ollama, complex → Claude API
104
118
  cipher --smart "design a zero trust architecture for multi-cloud"
105
119
 
120
+ # Use any LiteLLM-supported model
121
+ cipher --backend litellm "analyze this CVE for exploitability"
122
+
106
123
  # Interactive dashboard
107
124
  cipher dashboard
108
125
 
126
+ # Web UI (requires cipher-security[web])
127
+ cipher web
128
+
109
129
  # System health check
110
130
  cipher doctor
111
131
  ```
@@ -138,7 +158,50 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
138
158
  - **Emerging**: Breach case studies (12 major incidents), AI/ML security, abliteration/alignment attacks, vulnerability research, ransomware ecosystem
139
159
  - **Recon**: tomnomnom toolchain (assetfinder, waybackurls, kxss, unfurl), composable pipeline patterns, OSINT tradecraft
140
160
 
141
- ### 29 Slash Commands (Claude Code)
161
+ ### Multi-Provider Support
162
+
163
+ Three built-in backends with smart routing:
164
+
165
+ | Backend | Setup | Use Case |
166
+ |---------|-------|----------|
167
+ | **Ollama** | `cipher setup` → option 1 | Free local inference, privacy-first |
168
+ | **Claude** | `cipher setup` → option 2 | High-quality cloud reasoning |
169
+ | **LiteLLM** | `pip install cipher-security[multi]` | Any provider: OpenAI, Gemini, Mistral, Groq, Azure, etc. |
170
+
171
+ Smart routing (`--smart`) auto-classifies query complexity and routes between Ollama (simple/moderate) and Claude (complex/expert). LiteLLM is always explicit via `--backend litellm` or `llm_backend: litellm` in config.
172
+
173
+ ### Plugin System
174
+
175
+ Extend CIPHER with custom skills:
176
+
177
+ ```bash
178
+ cipher plugin list # Show installed plugins
179
+ cipher plugin install ./my-plugin # Install from directory
180
+ cipher plugin remove my-plugin # Remove a plugin
181
+ cipher plugin info my-plugin # Show plugin details
182
+ ```
183
+
184
+ Plugins are discovered from `~/.config/cipher/plugins/` and Python entry points (`cipher.skills` group). Each plugin provides a `plugin.yaml` manifest with metadata, a priority (0–100), and optional skill content that's injected into the system prompt.
185
+
186
+ See [Plugin Development](https://blacktemple.net/cipher/plugins) for the full spec.
187
+
188
+ ### VS Code Extension
189
+
190
+ Full security assistant inside VS Code:
191
+
192
+ - **Sidebar chat** — conversational security queries with streaming responses
193
+ - **Right-click analysis** — select code, right-click → "Analyze with CIPHER"
194
+ - **Mode & backend selectors** — switch modes and providers from the UI
195
+ - **No daemon required** — queries go through the `cipher-gw` CLI
196
+
197
+ Install from `vscode/` directory:
198
+ ```bash
199
+ cd vscode && npm install && npm run compile
200
+ # Then "Install from VSIX" in VS Code, or:
201
+ npx @vscode/vsce package && code --install-extension cipher-security-*.vsix
202
+ ```
203
+
204
+ ### 34 Slash Commands (Claude Code)
142
205
 
143
206
  ```
144
207
  /cipher:redteam /cipher:web /cipher:phishing /cipher:malware
@@ -148,7 +211,8 @@ RAG-powered retrieval over 145K+ lines of security knowledge:
148
211
  /cipher:ir /cipher:cve /cipher:threatintel /cipher:aisec
149
212
  /cipher:audit /cipher:report /cipher:ics /cipher:mobile
150
213
  /cipher:cc /cipher:ollama /cipher:claudeapi /cipher:smart
151
- /cipher:brief
214
+ /cipher:brief /cipher:update /cipher:setup-hooks
215
+ /cipher:engage /cipher:resume /cipher:export
152
216
  ```
153
217
 
154
218
  `/cipher:brief` is the orchestrator — synthesizes a full target briefing from multiple
@@ -159,8 +223,10 @@ and a prioritized action plan. Inspired by [h1-brain](https://github.com/PatrikF
159
223
 
160
224
  | Interface | Command | Cost |
161
225
  |-----------|---------|------|
162
- | **CLI** | `cipher "query"` | Free (Ollama) or paid (Claude) |
163
- | **Dashboard** | `cipher dashboard` | Free (Ollama) or paid (Claude) |
226
+ | **CLI** | `cipher "query"` | Free (Ollama) or paid (Claude/LiteLLM) |
227
+ | **Dashboard** | `cipher dashboard` | Free (Ollama) or paid (Claude/LiteLLM) |
228
+ | **Web UI** | `cipher web` | Free (Ollama) or paid (Claude/LiteLLM) |
229
+ | **VS Code** | Extension sidebar | Free (Ollama) or paid (Claude/LiteLLM) |
164
230
  | **Claude Code** | `/cipher:cc "query"` | Included with Claude Code |
165
231
  | **Signal Bot** | Message the bot | Free (Ollama) or paid (Claude) |
166
232
  | **Docker** | `docker run -it cipher "query"` | Free (Ollama) or paid (Claude) |
@@ -173,6 +239,56 @@ Semantic search over the entire knowledge base:
173
239
  - Top-5 retrieval injected into system prompt before every query
174
240
  - Auto re-ingests on knowledge base changes (git hook)
175
241
 
242
+ ### Shell Completions
243
+
244
+ Tab completions for all commands, options, and modes:
245
+
246
+ ```bash
247
+ # Bash — add to ~/.bashrc
248
+ source <(cipher completions bash)
249
+ # or: cp completions/cipher.bash /etc/bash_completion.d/
250
+
251
+ # Zsh — add to ~/.zshrc
252
+ source <(cipher completions zsh)
253
+ # or: cp completions/cipher.zsh ~/.zsh/completions/_cipher
254
+
255
+ # Fish
256
+ cp completions/cipher.fish ~/.config/fish/completions/
257
+ ```
258
+
259
+ ### Updating
260
+
261
+ ```bash
262
+ # From Claude Code
263
+ /cipher:update
264
+
265
+ # From CLI
266
+ pip install --upgrade cipher-security
267
+ ```
268
+
269
+ `/cipher:update` checks PyPI for the latest version, shows the changelog, asks for confirmation, and runs the upgrade.
270
+
271
+ ### Claude Code Hooks
272
+
273
+ CIPHER includes Claude Code hooks that install automatically during `cipher setup`:
274
+
275
+ - **Statusline** — shows model, directory, and a context usage bar
276
+ - **Context monitor** — warns when context window is running low (35% WARNING, 25% CRITICAL), with engagement-aware messaging when a `.cipher/` engagement is active
277
+
278
+ Hooks coexist with [GSD](https://github.com/gsd-build/get-shit-done) — if GSD's statusline is already registered, CIPHER keeps it and adds its context monitor alongside. To manually (re)install hooks: `/cipher:setup-hooks`.
279
+
280
+ ### Engagements
281
+
282
+ Persistent security engagement state across sessions:
283
+
284
+ ```bash
285
+ /cipher:engage # Start a new engagement (pentest, IR, audit, etc.)
286
+ /cipher:resume # Resume — shows findings, open questions, next actions
287
+ /cipher:export # Export engagement as a formatted security report
288
+ ```
289
+
290
+ Engagement state lives in `.cipher/ENGAGEMENT.md` — human-readable, git-trackable, and automatically detected by the context monitor hook.
291
+
176
292
  ## CLI Commands
177
293
 
178
294
  ```
@@ -180,37 +296,42 @@ cipher "query" Send a security query (default command)
180
296
  cipher --smart "query" Auto-route: simple→Ollama, complex→Claude
181
297
  cipher --backend ollama Force local inference
182
298
  cipher --backend claude Force cloud inference
299
+ cipher --backend litellm Use LiteLLM provider (requires [multi] extra)
183
300
  cipher setup Interactive onboarding wizard
184
301
  cipher dashboard Cyberpunk terminal UI
302
+ cipher web Web UI via Textual (requires [web] extra)
185
303
  cipher doctor Diagnostics and health checks
186
304
  cipher doctor --fix Auto-repair issues
187
305
  cipher status Show system status
188
306
  cipher ingest Re-index the knowledge base
307
+ cipher plugin list List installed plugins
308
+ cipher plugin install DIR Install a plugin
309
+ cipher plugin remove NAME Remove a plugin
189
310
  cipher version Show version
190
311
  ```
191
312
 
192
313
  ## Architecture
193
314
 
194
315
  ```
195
- ┌─────────────────────────────────────────────────────┐
196
- Interfaces
197
- │ CLI · Dashboard · Claude Code · Signal Bot · Docker
198
- └──────────────────────┬──────────────────────────────┘
199
-
200
- ┌────────▼────────┐
201
- Gateway
202
- │ Mode Detection │──── 7 modes
203
- │ Prompt Assembly│──── 13 skill files
204
- │ RAG Retrieval │──── 14,900 chunks
205
- └────────┬────────┘
206
-
207
- ┌───────────┼───────────┐
208
-
209
- ┌──────▼──────┐ ┌──────▼──────┐
210
- │ Ollama │ │ Claude API │
211
- │ (local) │ │ (cloud) │
212
- │ qwen2.5:32b │ │ sonnet-4-5 │
213
- └─────────────┘ └─────────────┘
316
+ ┌──────────────────────────────────────────────────────────────┐
317
+ Interfaces
318
+ │ CLI · Dashboard · Web · VS Code · Claude Code · Signal Bot
319
+ └────────────────────────────┬─────────────────────────────────┘
320
+
321
+ ┌────────▼────────┐
322
+ Gateway
323
+ │ Mode Detection │──── 7 modes
324
+ │ Prompt Assembly│──── 9 skills + plugins
325
+ │ RAG Retrieval │──── 14,900 chunks
326
+ └────────┬────────┘
327
+
328
+ ┌─────────────────┼─────────────────┐
329
+
330
+ ┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
331
+ │ Ollama │ │ Claude API │ │ LiteLLM │
332
+ │ (local) │ │ (cloud) │ │ (any model) │
333
+ │ qwen2.5:32b │ │ sonnet-4-5 │ │ gpt-4o, etc │
334
+ └─────────────┘ └─────────────┘ └─────────────┘
214
335
  ```
215
336
 
216
337
  ## Configuration
@@ -220,7 +341,7 @@ Config file: `config.yaml` (project root) or `~/.config/cipher/config.yaml`
220
341
  Supports `${VAR}` and `${VAR:-default}` environment variable substitution:
221
342
 
222
343
  ```yaml
223
- llm_backend: ollama
344
+ llm_backend: ollama # ollama | claude | litellm
224
345
 
225
346
  ollama:
226
347
  base_url: "http://127.0.0.1:11434"
@@ -231,6 +352,12 @@ claude:
231
352
  api_key: "${ANTHROPIC_API_KEY}"
232
353
  model: "claude-sonnet-4-5-20250929"
233
354
  timeout: 120
355
+
356
+ litellm:
357
+ model: "openai/gpt-4o" # Any LiteLLM model string
358
+ api_key: "${OPENAI_API_KEY}"
359
+ api_base: "" # Optional custom endpoint
360
+ timeout: 120
234
361
  ```
235
362
 
236
363
  Priority: env vars > project config > home config.
@@ -240,11 +367,11 @@ Priority: env vars > project config > home config.
240
367
  ```bash
241
368
  git clone https://github.com/defconxt/CIPHER.git && cd CIPHER
242
369
  python -m venv .venv && source .venv/bin/activate
243
- pip install -e ".[signal]"
370
+ pip install -e ".[all]"
244
371
  pytest tests/ --ignore=tests/test_integration.py
245
372
  ```
246
373
 
247
- **940+ tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, and security scanning.
374
+ **485 tests** covering gateway, mode routing, RAG quality, architecture guardrails, configuration, CLI commands, streaming, plugins, multi-provider, and security scanning.
248
375
 
249
376
  ## Contributing
250
377