intercept-agent 0.2.0__py3-none-any.whl

intercept_agent-0.2.0.dist-info/METADATA

@@ -0,0 +1,9 @@
+Metadata-Version: 2.4
+Name: intercept-agent
+Version: 0.2.0
+Summary: Intercept Developer Posture Agent - collects developer environment data
+Requires-Python: >=3.12
+Requires-Dist: click>=8.1.0
+Requires-Dist: httpx>=0.28.0
+Requires-Dist: pydantic>=2.10.0
+Requires-Dist: pyyaml>=6.0.0

intercept_agent-0.2.0.dist-info/RECORD

@@ -0,0 +1,24 @@
+posture_agent/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/main.py,sha256=NCeCQulpZhXZ1ZjpvznrOHFqXuaA18qBvmWsOgw2CB4,7147
+posture_agent/collectors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/collectors/ai_tools.py,sha256=Gs0GiUkNxLJedXu9exNDff_1TyaFJT0LoZ0z2nXohP4,2719
+posture_agent/collectors/base.py,sha256=s939WaTB1eIyqEHNY8fV1yRTw-eFaiRyKdFzZmpe23U,477
+posture_agent/collectors/dev_tools.py,sha256=V3xkde6W-UTA1PGypR24veFosFXlwg6YLVsSnRK7big,1914
+posture_agent/collectors/extensions.py,sha256=oKNQF4Q_d7Y56USiGGDdSospAfqGy2zCN9sm_3P6MCg,5468
+posture_agent/collectors/ides.py,sha256=tDdL6USDwRfo4r0M2EMJyCfHP6vedcTOvfMYupzoaJo,2799
+posture_agent/collectors/machine.py,sha256=cxB9LBDd3a4t67hSFGpSDULOnuOr9jRo4IJd9Ia5BOw,1879
+posture_agent/collectors/package_managers.py,sha256=bPaHOIpiP-EXGldTsc9AnK7PkkeBCnLZh8AIh_rWu4M,1662
+posture_agent/collectors/security.py,sha256=ebAN5x_i8Wlq4wyA-9i7ilnQ-_8IgePImRczPHyI3jw,7809
+posture_agent/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/core/config.py,sha256=Lk1WdmjOE7eblQxG-fdXLeJrkIeF7w8eHJ0m5IOeNgc,2721
+posture_agent/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/models/report.py,sha256=cDpsK9DHVcL0df5RAlc_EnF24L_eIsiYA1JjfJAICU0,644
+posture_agent/services/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/services/fingerprint.py,sha256=CZweetzmjtu8dLFW8TeN1BJHSKNCujH4qQ9_6ge93Pw,1450
+posture_agent/services/reporter.py,sha256=Qyd03ts9lDul-JosSQqUTnQsSiRUQkKYveVa4kY1t48,1115
+posture_agent/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+posture_agent/utils/shell.py,sha256=536rlhmaCbCwHjEfSokO5tlrkdEMbtCcIHfZ-f40KNw,1234
+intercept_agent-0.2.0.dist-info/METADATA,sha256=oZsq1jVASBqaWkGxv01pmEVenbY79KT8SW93yspd7B0,282
+intercept_agent-0.2.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+intercept_agent-0.2.0.dist-info/entry_points.txt,sha256=zQAYh4GBdBWnNuiyVJt5zNPZAMVD8OhUzO4hygsX3B8,59
+intercept_agent-0.2.0.dist-info/RECORD,,

intercept_agent-0.2.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.28.0
+Root-Is-Purelib: true
+Tag: py3-none-any

intercept_agent-0.2.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+intercept-agent = posture_agent.main:cli

posture_agent/collectors/ai_tools.py

@@ -0,0 +1,79 @@
+"""AI tools collector."""
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import check_version, run_command
+
+
+# Known AI extension IDs across editors
+AI_EXTENSIONS = {
+    "github.copilot",
+    "github.copilot-chat",
+    "sourcegraph.cody-ai",
+    "continue.continue",
+    "amazonwebservices.amazon-q-vscode",
+    "saoudrizwan.claude-dev",
+    "cursor.cursor-ai",
+}
+
+# CLI-based AI tools: (name, binary, version_flag)
+AI_CLI_TOOLS = [
+    ("Claude Code", "claude", "--version"),
+    ("GitHub Copilot CLI", "github-copilot-cli", "--version"),
+    ("Aider", "aider", "--version"),
+    ("Open Interpreter", "interpreter", "--version"),
+]
+
+
+class AIToolsCollector(BaseCollector):
+    """Collects AI coding tool information."""
+
+    name = "ai_tools"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        ai_tools: list[dict[str, str]] = []
+
+        # Check CLI tools
+        for name, binary, version_flag in AI_CLI_TOOLS:
+            try:
+                which_result = await run_command("which", binary)
+                if which_result and which_result.strip():
+                    version = await check_version(binary, version_flag) or ""
+                    ai_tools.append({
+                        "name": name,
+                        "type": "cli",
+                        "binary": binary,
+                        "version": version,
+                    })
+            except Exception as e:
+                errors.append(f"{name}: {e}")
+
+        # Check VS Code/Cursor extensions for AI tools
+        for binary in ("code", "cursor"):
+            try:
+                which_result = await run_command("which", binary)
+                if not which_result or not which_result.strip():
+                    continue
+
+                result = await run_command(binary, "--list-extensions")
+                if not result:
+                    continue
+
+                installed_exts = {ext.strip().lower() for ext in result.strip().split("\n") if ext.strip()}
+                for ai_ext_id in AI_EXTENSIONS:
+                    if ai_ext_id.lower() in installed_exts:
+                        editor = "VS Code" if binary == "code" else "Cursor"
+                        ai_tools.append({
+                            "name": ai_ext_id,
+                            "type": "extension",
+                            "editor": editor,
+                            "version": "",
+                        })
+            except Exception as e:
+                errors.append(f"AI extensions ({binary}): {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=ai_tools,
+            errors=errors,
+        )

posture_agent/collectors/base.py

@@ -0,0 +1,24 @@
+"""Base collector interface."""
+
+from abc import ABC, abstractmethod
+from typing import Any
+
+from pydantic import BaseModel
+
+
+class CollectorResult(BaseModel):
+    """Result from a collector."""
+    collector: str
+    data: Any
+    errors: list[str] = []
+
+
+class BaseCollector(ABC):
+    """Base class for all collectors."""
+
+    name: str = "base"
+
+    @abstractmethod
+    async def collect(self) -> CollectorResult:
+        """Collect data and return a result."""
+        ...

posture_agent/collectors/dev_tools.py

@@ -0,0 +1,59 @@
+"""Developer tools collector."""
+
+import os
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import check_version, run_command
+
+
+# Tool definitions: (name, binary, version_flag)
+DEV_TOOL_DEFINITIONS = [
+    ("Git", "git", "--version"),
+    ("Docker", "docker", "--version"),
+    ("Node.js", "node", "--version"),
+    ("Python", "python3", "--version"),
+    ("Go", "go", "version"),
+    ("Rust", "rustc", "--version"),
+    ("Ruby", "ruby", "--version"),
+    ("Java", "java", "--version"),
+    ("Swift", "swift", "--version"),
+    ("Make", "make", "--version"),
+    ("CMake", "cmake", "--version"),
+    ("Terraform", "terraform", "--version"),
+    ("kubectl", "kubectl", "version --client"),
+    ("Helm", "helm", "version --short"),
+    ("AWS CLI", "aws", "--version"),
+    ("gcloud", "gcloud", "--version"),
+    ("Azure CLI", "az", "--version"),
+]
+
+
+class DevToolsCollector(BaseCollector):
+    """Collects installed developer tools."""
+
+    name = "dev_tools"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        tools: list[dict[str, str]] = []
+
+        for name, binary, version_flag in DEV_TOOL_DEFINITIONS:
+            try:
+                which_result = await run_command("which", binary)
+                if which_result and which_result.strip():
+                    version = await check_version(binary, version_flag) or ""
+                    path = os.path.realpath(which_result.strip())
+                    tools.append({
+                        "name": name,
+                        "binary": binary,
+                        "version": version,
+                        "path": path,
+                    })
+            except Exception as e:
+                errors.append(f"{name}: {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=tools,
+            errors=errors,
+        )

posture_agent/collectors/extensions.py

@@ -0,0 +1,144 @@
+"""IDE extension collector."""
+
+import json
+import re
+import zipfile
+from pathlib import Path
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import run_command
+
+# Map binary name to extensions directory
+_EXT_DIRS = {
+    "code": Path.home() / ".vscode" / "extensions",
+    "cursor": Path.home() / ".cursor" / "extensions",
+}
+
+
+class ExtensionCollector(BaseCollector):
+    """Collects IDE extension information."""
+
+    name = "extensions"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        extensions: dict[str, list[dict[str, str]]] = {}
+
+        # VS Code extensions
+        try:
+            vscode_exts = await self._collect_vscode_extensions("code")
+            if vscode_exts:
+                extensions["vscode"] = vscode_exts
+        except Exception as e:
+            errors.append(f"VS Code extensions: {e}")
+
+        # Cursor extensions
+        try:
+            cursor_exts = await self._collect_vscode_extensions("cursor")
+            if cursor_exts:
+                extensions["cursor"] = cursor_exts
+        except Exception as e:
+            errors.append(f"Cursor extensions: {e}")
+
+        # JetBrains plugins
+        try:
+            jetbrains_plugins = await self._collect_jetbrains_plugins()
+            if jetbrains_plugins:
+                extensions["jetbrains"] = jetbrains_plugins
+        except Exception as e:
+            errors.append(f"JetBrains plugins: {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=extensions,
+            errors=errors,
+        )
+
+    async def _collect_vscode_extensions(self, binary: str) -> list[dict[str, str]]:
+        """Collect extensions for VS Code or Cursor via CLI or filesystem."""
+        # Try CLI first
+        which_result = await run_command("which", binary)
+        if which_result and which_result.strip():
+            result = await run_command(binary, "--list-extensions", "--show-versions")
+            if result:
+                exts = []
+                for line in result.strip().split("\n"):
+                    line = line.strip()
+                    if not line:
+                        continue
+                    if "@" in line:
+                        ext_id, version = line.rsplit("@", 1)
+                        exts.append({"id": ext_id, "version": version})
+                    else:
+                        exts.append({"id": line, "version": ""})
+                return exts
+
+        # Fall back to reading extensions directory
+        ext_dir = _EXT_DIRS.get(binary)
+        if not ext_dir or not ext_dir.exists():
+            return []
+
+        exts = []
+        for entry in ext_dir.iterdir():
+            if not entry.is_dir():
+                continue
+            pkg_json = entry / "package.json"
+            if not pkg_json.exists():
+                continue
+            try:
+                data = json.loads(pkg_json.read_text(encoding="utf-8", errors="replace"))
+                publisher = data.get("publisher", "")
+                name = data.get("name", "")
+                version = data.get("version", "")
+                if publisher and name:
+                    exts.append({"id": f"{publisher}.{name}", "version": version})
+            except (json.JSONDecodeError, OSError):
+                continue
+        # Deduplicate (multiple versions may be installed)
+        seen: dict[str, str] = {}
+        for ext in exts:
+            ext_id = ext["id"].lower()
+            if ext_id not in seen or ext["version"] > seen[ext_id]:
+                seen[ext_id] = ext["version"]
+        return [{"id": ext_id, "version": ver} for ext_id, ver in sorted(seen.items())]
+
+    async def _collect_jetbrains_plugins(self) -> list[dict[str, str]]:
+        """Collect JetBrains IDE plugins from filesystem."""
+        plugins: list[dict[str, str]] = []
+        jetbrains_dir = Path.home() / "Library" / "Application Support" / "JetBrains"
+        if not jetbrains_dir.exists():
+            return plugins
+
+        for ide_dir in jetbrains_dir.iterdir():
+            if not ide_dir.is_dir():
+                continue
+            plugins_dir = ide_dir / "plugins"
+            if plugins_dir.exists():
+                for plugin_dir in plugins_dir.iterdir():
+                    if plugin_dir.is_dir():
+                        version = self._get_jetbrains_plugin_version(plugin_dir)
+                        plugins.append({
+                            "id": plugin_dir.name,
+                            "ide": ide_dir.name,
+                            "version": version,
+                        })
+        return plugins
+
+    def _get_jetbrains_plugin_version(self, plugin_dir: Path) -> str:
+        """Extract version from a JetBrains plugin's JAR META-INF/plugin.xml."""
+        lib_dir = plugin_dir / "lib"
+        if not lib_dir.exists():
+            return ""
+
+        for jar_path in lib_dir.glob("*.jar"):
+            try:
+                with zipfile.ZipFile(jar_path) as zf:
+                    if "META-INF/plugin.xml" not in zf.namelist():
+                        continue
+                    plugin_xml = zf.read("META-INF/plugin.xml").decode("utf-8", errors="replace")
+                    match = re.search(r"<version>([^<]+)</version>", plugin_xml)
+                    if match:
+                        return match.group(1)
+            except (zipfile.BadZipFile, OSError, KeyError):
+                continue
+        return ""

posture_agent/collectors/ides.py

@@ -0,0 +1,75 @@
+"""IDE collector."""
+
+from pathlib import Path
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import check_version, run_command
+
+
+# IDE definitions: (name, binary, app_path, version_flag)
+IDE_DEFINITIONS = [
+    ("VS Code", "code", "/Applications/Visual Studio Code.app", "--version"),
+    ("Cursor", "cursor", "/Applications/Cursor.app", "--version"),
+    ("IntelliJ IDEA", "idea", "/Applications/IntelliJ IDEA.app", None),
+    ("PyCharm", "pycharm", "/Applications/PyCharm.app", None),
+    ("WebStorm", "webstorm", "/Applications/WebStorm.app", None),
+    ("GoLand", "goland", "/Applications/GoLand.app", None),
+    ("Xcode", None, "/Applications/Xcode.app", None),
+    ("Vim", "vim", None, "--version"),
+    ("Neovim", "nvim", None, "--version"),
+    ("Emacs", "emacs", None, "--version"),
+    ("Sublime Text", "subl", "/Applications/Sublime Text.app", "--version"),
+    ("Zed", "zed", "/Applications/Zed.app", "--version"),
+]
+
+
+class IDECollector(BaseCollector):
+    """Collects installed IDE information."""
+
+    name = "ides"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        ides: list[dict[str, str]] = []
+
+        for name, binary, app_path, version_flag in IDE_DEFINITIONS:
+            try:
+                installed = False
+                version = ""
+
+                # Check app bundle
+                if app_path and Path(app_path).exists():
+                    installed = True
+                    # Try to get version from Info.plist
+                    plist_path = Path(app_path) / "Contents" / "Info.plist"
+                    if plist_path.exists():
+                        result = await run_command(
+                            "defaults", "read", str(plist_path), "CFBundleShortVersionString"
+                        )
+                        if result:
+                            version = result.strip()
+
+                # Check binary
+                if binary:
+                    which_result = await run_command("which", binary)
+                    if which_result and which_result.strip():
+                        installed = True
+                        if version_flag and not version:
+                            ver = await check_version(binary, version_flag)
+                            if ver:
+                                version = ver
+
+                if installed:
+                    ides.append({
+                        "name": name,
+                        "version": version,
+                        "binary": binary or "",
+                    })
+            except Exception as e:
+                errors.append(f"{name}: {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=ides,
+            errors=errors,
+        )

posture_agent/collectors/machine.py

@@ -0,0 +1,63 @@
+"""Machine info collector."""
+
+import platform
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import run_command
+
+
+class MachineCollector(BaseCollector):
+    """Collects machine hardware and OS information."""
+
+    name = "machine"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+
+        hostname = platform.node()
+        os_name = "macOS"
+        os_version = platform.mac_ver()[0] or platform.release()
+        architecture = platform.machine()
+
+        # CPU info
+        cpu_brand = ""
+        cpu_cores = 0
+        try:
+            result = await run_command("sysctl", "-n", "machdep.cpu.brand_string")
+            cpu_brand = result.strip() if result else ""
+        except Exception as e:
+            errors.append(f"CPU brand: {e}")
+
+        try:
+            result = await run_command("sysctl", "-n", "hw.ncpu")
+            cpu_cores = int(result.strip()) if result else 0
+        except Exception as e:
+            errors.append(f"CPU cores: {e}")
+
+        # Memory
+        memory_gb = 0
+        try:
+            result = await run_command("sysctl", "-n", "hw.memsize")
+            if result:
+                memory_gb = round(int(result.strip()) / (1024**3), 1)
+        except Exception as e:
+            errors.append(f"Memory: {e}")
+
+        # Username
+        import os
+        username = os.environ.get("USER", "")
+
+        return CollectorResult(
+            collector=self.name,
+            data={
+                "hostname": hostname,
+                "username": username,
+                "os_name": os_name,
+                "os_version": os_version,
+                "architecture": architecture,
+                "cpu_brand": cpu_brand,
+                "cpu_cores": cpu_cores,
+                "memory_gb": memory_gb,
+            },
+            errors=errors,
+        )

posture_agent/collectors/package_managers.py

@@ -0,0 +1,51 @@
+"""Package manager collector."""
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import check_version, run_command
+
+
+# Package manager definitions: (name, binary, version_flag)
+PACKAGE_MANAGERS = [
+    ("Homebrew", "brew", "--version"),
+    ("npm", "npm", "--version"),
+    ("pnpm", "pnpm", "--version"),
+    ("yarn", "yarn", "--version"),
+    ("pip", "pip3", "--version"),
+    ("uv", "uv", "--version"),
+    ("pipx", "pipx", "--version"),
+    ("Cargo", "cargo", "--version"),
+    ("Go Modules", "go", "version"),
+    ("Composer", "composer", "--version"),
+    ("Gem", "gem", "--version"),
+    ("CocoaPods", "pod", "--version"),
+    ("Swift PM", "swift", "package --version"),
+]
+
+
+class PackageManagerCollector(BaseCollector):
+    """Collects installed package managers."""
+
+    name = "package_managers"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        managers: list[dict[str, str]] = []
+
+        for name, binary, version_flag in PACKAGE_MANAGERS:
+            try:
+                which_result = await run_command("which", binary)
+                if which_result and which_result.strip():
+                    version = await check_version(binary, version_flag) or ""
+                    managers.append({
+                        "name": name,
+                        "binary": binary,
+                        "version": version,
+                    })
+            except Exception as e:
+                errors.append(f"{name}: {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=managers,
+            errors=errors,
+        )

posture_agent/collectors/security.py

@@ -0,0 +1,178 @@
+"""Security practices collector."""
+
+from posture_agent.collectors.base import BaseCollector, CollectorResult
+from posture_agent.utils.shell import run_command
+
+
+class SecurityCollector(BaseCollector):
+    """Collects security configuration information."""
+
+    name = "security"
+
+    async def collect(self) -> CollectorResult:
+        errors: list[str] = []
+        security: dict[str, object] = {}
+
+        # Git commit signing
+        try:
+            gpg_sign = await run_command("git", "config", "--global", "commit.gpgsign")
+            security["git_signing_enabled"] = gpg_sign is not None and gpg_sign.strip().lower() == "true"
+
+            sign_format = await run_command("git", "config", "--global", "gpg.format")
+            security["git_signing_format"] = sign_format.strip() if sign_format else "gpg"
+        except Exception as e:
+            security["git_signing_enabled"] = False
+            errors.append(f"Git signing: {e}")
+
+        # Git user info
+        try:
+            git_name = await run_command("git", "config", "--global", "user.name")
+            security["git_name"] = git_name.strip() if git_name else ""
+
+            git_email = await run_command("git", "config", "--global", "user.email")
+            security["git_email"] = git_email.strip() if git_email else ""
+        except Exception as e:
+            errors.append(f"Git user: {e}")
+
+        # SSH keys - detect private keys by content, not just .pub files
+        try:
+            from pathlib import Path
+            ssh_dir = Path.home() / ".ssh"
+            ssh_keys: list[dict[str, str]] = []
+            if ssh_dir.exists():
+                for f in ssh_dir.iterdir():
+                    if not f.is_file():
+                        continue
+                    # Skip known non-key files
+                    if f.name in ("config", "known_hosts", "known_hosts.old", "authorized_keys", "environment"):
+                        continue
+                    if f.suffix in (".pub", ".old", ".bak", ".log"):
+                        continue
+                    # Check if file looks like a private key
+                    try:
+                        header = f.read_bytes()[:64].decode("utf-8", errors="ignore")
+                        key_type = None
+                        if "BEGIN OPENSSH PRIVATE KEY" in header:
+                            key_type = "openssh"
+                        elif "BEGIN RSA PRIVATE KEY" in header:
+                            key_type = "rsa"
+                        elif "BEGIN EC PRIVATE KEY" in header:
+                            key_type = "ecdsa"
+                        elif "BEGIN DSA PRIVATE KEY" in header:
+                            key_type = "dsa"
+                        if key_type:
+                            # Try to determine algorithm from filename
+                            algo = key_type
+                            if "ed25519" in f.name:
+                                algo = "ed25519"
+                            elif "ecdsa" in f.name:
+                                algo = "ecdsa"
+                            elif "rsa" in f.name:
+                                algo = "rsa"
+                            elif "dsa" in f.name:
+                                algo = "dsa"
+                            ssh_keys.append({"name": f.name, "algorithm": algo})
+                    except (OSError, PermissionError):
+                        continue
+            security["ssh_key_count"] = len(ssh_keys)
+            security["ssh_keys"] = ssh_keys
+
+            # Check SSH agent for loaded keys
+            agent_output = await run_command("ssh-add", "-l")
+            if agent_output and "no identities" not in agent_output.lower() and "error" not in agent_output.lower():
+                loaded_keys = [
+                    line.strip() for line in agent_output.strip().splitlines()
+                    if line.strip() and not line.startswith("The agent")
+                ]
+                security["ssh_agent_keys"] = len(loaded_keys)
+            else:
+                security["ssh_agent_keys"] = 0
+        except Exception as e:
+            errors.append(f"SSH keys: {e}")
+
+        # FileVault (disk encryption)
+        try:
+            fv_status = await run_command("fdesetup", "status")
+            security["filevault_enabled"] = (
+                fv_status is not None and "On" in fv_status
+            )
+        except Exception as e:
+            security["filevault_enabled"] = False
+            errors.append(f"FileVault: {e}")
+
+        # Firewall
+        try:
+            fw_status = await run_command(
+                "/usr/libexec/ApplicationFirewall/socketfilterfw", "--getglobalstate"
+            )
+            security["firewall_enabled"] = (
+                fw_status is not None and "enabled" in fw_status.lower()
+            )
+        except Exception as e:
+            security["firewall_enabled"] = False
+            errors.append(f"Firewall: {e}")
+
+        # Pre-commit hooks (global)
+        try:
+            hooks_path = await run_command("git", "config", "--global", "core.hooksPath")
+            security["global_hooks_path"] = hooks_path.strip() if hooks_path else ""
+        except Exception as e:
+            errors.append(f"Hooks path: {e}")
+
+        # Git credential helper (shows secure credential management)
+        try:
+            # Check effective value (system + global + local), not just global
+            cred_helper = await run_command("git", "config", "credential.helper")
+            security["credential_helper"] = cred_helper.strip() if cred_helper else ""
+        except Exception as e:
+            errors.append(f"Credential helper: {e}")
+
+        # Allowed signers (SSH signing verification)
+        try:
+            from pathlib import Path
+            allowed_signers = await run_command("git", "config", "--global", "gpg.ssh.allowedSignersFile")
+            signers_path = allowed_signers.strip() if allowed_signers else ""
+            security["allowed_signers_configured"] = bool(signers_path)
+            if signers_path:
+                expanded = Path(signers_path).expanduser()
+                security["allowed_signers_exists"] = expanded.exists()
+            else:
+                security["allowed_signers_exists"] = False
+        except Exception as e:
+            security["allowed_signers_configured"] = False
+            errors.append(f"Allowed signers: {e}")
+
+        # SSH agent type (1Password, Secretive, Apple Keychain, standard)
+        try:
+            from pathlib import Path
+            ssh_auth_sock = await run_command("printenv", "SSH_AUTH_SOCK")
+            sock_path = ssh_auth_sock.strip() if ssh_auth_sock else ""
+            if "1password" in sock_path.lower() or "1Password" in sock_path:
+                security["ssh_agent_type"] = "1Password"
+            elif "secretive" in sock_path.lower():
+                security["ssh_agent_type"] = "Secretive"
+            elif "com.apple.launchd" in sock_path:
+                security["ssh_agent_type"] = "Apple Keychain"
+            elif sock_path:
+                security["ssh_agent_type"] = "standard"
+            else:
+                security["ssh_agent_type"] = "none"
+        except Exception as e:
+            security["ssh_agent_type"] = "unknown"
+            errors.append(f"SSH agent type: {e}")
+
+        # Gatekeeper status (macOS app security)
+        try:
+            gk_status = await run_command("spctl", "--status")
+            security["gatekeeper_enabled"] = (
+                gk_status is not None and "enabled" in gk_status.lower()
+            )
+        except Exception as e:
+            security["gatekeeper_enabled"] = False
+            errors.append(f"Gatekeeper: {e}")
+
+        return CollectorResult(
+            collector=self.name,
+            data=security,
+            errors=errors,
+        )

posture_agent/core/config.py

@@ -0,0 +1,99 @@
+"""Application configuration loaded from YAML files with env overrides."""
+
+import os
+from functools import lru_cache
+from pathlib import Path
+
+import yaml
+from pydantic import BaseModel
+
+
+class AppConfig(BaseModel):
+    """Application configuration."""
+
+    name: str = "Intercept Posture Agent"
+    debug: bool = False
+    log_level: str = "INFO"
+
+
+class APIConfig(BaseModel):
+    """API connection configuration."""
+
+    url: str = "http://localhost:8000"
+    timeout: int = 30
+    retries: int = 3
+
+
+class CollectorsConfig(BaseModel):
+    """Collector enable/disable flags."""
+
+    machine: bool = True
+    ides: bool = True
+    extensions: bool = True
+    ai_tools: bool = True
+    dev_tools: bool = True
+    security: bool = True
+    package_managers: bool = True
+
+
+class ScheduleConfig(BaseModel):
+    """Schedule configuration."""
+
+    interval_seconds: int = 3600
+
+
+class Settings:
+    """Combined settings from YAML config and environment."""
+
+    def __init__(self) -> None:
+        self._load_config()
+
+    def _load_config(self) -> None:
+        """Load configuration from YAML file based on ENVIRONMENT variable."""
+        env = os.getenv("ENVIRONMENT", "dev-local")
+        user_config = Path.home() / ".config" / "intercept" / "agent.yaml"
+        config_paths = [
+            user_config,
+            Path(f"config/{env}.yaml"),
+            Path(f"../config/{env}.yaml"),
+            Path(__file__).parent.parent.parent / "config" / f"{env}.yaml",
+        ]
+
+        config_data: dict = {}
+        for config_path in config_paths:
+            if config_path.exists():
+                with open(config_path) as f:
+                    config_data = yaml.safe_load(f) or {}
+                break
+
+        self.app = AppConfig(**config_data.get("app", {}))
+        self.api = APIConfig(**config_data.get("api", {}))
+        self.collectors = CollectorsConfig(**config_data.get("collectors", {}))
+        self.schedule = ScheduleConfig(**config_data.get("schedule", {}))
+
+        # Environment variable overrides
+        if api_url := os.environ.get("INTERCEPT_API_URL"):
+            self.api = self.api.model_copy(update={"url": api_url})
+
+    @property
+    def agent_version(self) -> str:
+        """Read version from VERSION file."""
+        version_path = Path(__file__).parent.parent.parent / "VERSION"
+        if version_path.exists():
+            return version_path.read_text().strip()
+        return "0.1.0"
+
+    # Convenience properties
+    @property
+    def debug(self) -> bool:
+        return self.app.debug
+
+    @property
+    def log_level(self) -> str:
+        return self.app.log_level
+
+
+@lru_cache
+def get_settings() -> Settings:
+    """Get cached settings instance."""
+    return Settings()

posture_agent/main.py

@@ -0,0 +1,224 @@
+"""Intercept Posture Agent CLI."""
+
+import asyncio
+import json
+import sys
+from datetime import datetime, timezone
+from pathlib import Path
+
+import click
+
+from posture_agent.collectors.ai_tools import AIToolsCollector
+from posture_agent.collectors.dev_tools import DevToolsCollector
+from posture_agent.collectors.extensions import ExtensionCollector
+from posture_agent.collectors.ides import IDECollector
+from posture_agent.collectors.machine import MachineCollector
+from posture_agent.collectors.package_managers import PackageManagerCollector
+from posture_agent.collectors.security import SecurityCollector
+from posture_agent.core.config import get_settings
+from posture_agent.models.report import PostureReportPayload
+from posture_agent.services.fingerprint import get_machine_fingerprint
+from posture_agent.services.reporter import send_report
+
+
+PLIST_NAME = "com.hijacksecurity.intercept-agent"
+PLIST_PATH = Path.home() / "Library" / "LaunchAgents" / f"{PLIST_NAME}.plist"
+
+
+async def run_collection(report: bool = False) -> None:
+    """Run all collectors and optionally report to API."""
+    settings = get_settings()
+
+    # Get machine fingerprint
+    fingerprint = await get_machine_fingerprint()
+
+    # Run enabled collectors
+    collectors = []
+    if settings.collectors.machine:
+        collectors.append(MachineCollector())
+    if settings.collectors.ides:
+        collectors.append(IDECollector())
+    if settings.collectors.extensions:
+        collectors.append(ExtensionCollector())
+    if settings.collectors.ai_tools:
+        collectors.append(AIToolsCollector())
+    if settings.collectors.dev_tools:
+        collectors.append(DevToolsCollector())
+    if settings.collectors.security:
+        collectors.append(SecurityCollector())
+    if settings.collectors.package_managers:
+        collectors.append(PackageManagerCollector())
+
+    results = await asyncio.gather(
+        *(c.collect() for c in collectors),
+        return_exceptions=True,
+    )
+
+    # Build payload
+    payload_data: dict = {
+        "fingerprint": fingerprint,
+        "agent_version": settings.agent_version,
+        "collected_at": datetime.now(timezone.utc),
+    }
+
+    for result in results:
+        if isinstance(result, Exception):
+            click.echo(f"  Error: {result}", err=True)
+            continue
+        payload_data[result.collector] = result.data
+
+    payload = PostureReportPayload(**payload_data)
+
+    if report:
+        click.echo(f"Sending report to {settings.api.url}...")
+        try:
+            response = await send_report(payload, settings)
+            click.echo(f"Report submitted: {response.get('id', 'ok')}")
+        except Exception as e:
+            click.echo(f"Failed to send report: {e}", err=True)
+            sys.exit(1)
+    else:
+        click.echo(json.dumps(payload.model_dump(mode="json"), indent=2))
+
+
+@click.group()
+def cli() -> None:
+    """Intercept Developer Posture Agent."""
+    pass
+
+
+@cli.command()
+@click.option("--report", is_flag=True, help="Send report to API (default: dry-run to stdout)")
+def collect(report: bool) -> None:
+    """Collect developer environment data."""
+    asyncio.run(run_collection(report=report))
+
+
+@cli.command()
+def install() -> None:
+    """Install launchd plist for hourly collection."""
+    settings = get_settings()
+    interval = settings.schedule.interval_seconds
+
+    # Ensure config directory and logs exist
+    config_dir = Path.home() / ".config" / "intercept"
+    logs_dir = config_dir / "logs"
+    config_dir.mkdir(parents=True, exist_ok=True)
+    logs_dir.mkdir(parents=True, exist_ok=True)
+
+    # Write default config if not present
+    config_file = config_dir / "agent.yaml"
+    if not config_file.exists():
+        config_file.write_text(
+            "api:\n"
+            f"  url: \"{settings.api.url}\"\n"
+            "  timeout: 30\n"
+            "  retries: 3\n"
+            "collectors:\n"
+            "  machine: true\n"
+            "  ides: true\n"
+            "  extensions: true\n"
+            "  ai_tools: true\n"
+            "  dev_tools: true\n"
+            "  security: true\n"
+            "  package_managers: true\n"
+            "schedule:\n"
+            f"  interval_seconds: {interval}\n"
+        )
+        click.echo(f"Config written to {config_file}")
+
+    # Find the intercept-agent binary
+    import shutil
+    agent_bin = shutil.which("intercept-agent")
+    if not agent_bin:
+        click.echo("Error: intercept-agent not found in PATH. Install with: pip install -e .", err=True)
+        sys.exit(1)
+
+    stdout_log = str(logs_dir / "agent.stdout.log")
+    stderr_log = str(logs_dir / "agent.stderr.log")
+
+    plist_content = f"""<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>{PLIST_NAME}</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>{agent_bin}</string>
+        <string>collect</string>
+        <string>--report</string>
+    </array>
+    <key>StartInterval</key>
+    <integer>{interval}</integer>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <false/>
+    <key>StandardOutPath</key>
+    <string>{stdout_log}</string>
+    <key>StandardErrorPath</key>
+    <string>{stderr_log}</string>
+</dict>
+</plist>
+"""
+
+    # Write plist
+    PLIST_PATH.parent.mkdir(parents=True, exist_ok=True)
+    PLIST_PATH.write_text(plist_content)
+    click.echo(f"Plist written to {PLIST_PATH}")
+
+    # Load with launchctl
+    import subprocess
+    subprocess.run(["launchctl", "load", str(PLIST_PATH)], check=True)
+    click.echo("Agent installed and started.")
+
+
+@cli.command()
+def uninstall() -> None:
+    """Uninstall launchd plist."""
+    import subprocess
+
+    if PLIST_PATH.exists():
+        subprocess.run(["launchctl", "unload", str(PLIST_PATH)], check=False)
+        PLIST_PATH.unlink()
+        click.echo("Agent uninstalled.")
+    else:
+        click.echo("Agent not installed.")
+
+
+@cli.command()
+def status() -> None:
+    """Show agent status."""
+    settings = get_settings()
+
+    click.echo(f"Agent version: {settings.agent_version}")
+    click.echo(f"API URL: {settings.api.url}")
+    click.echo(f"Schedule: every {settings.schedule.interval_seconds}s")
+    click.echo(f"Plist: {PLIST_PATH}")
+    click.echo(f"Installed: {PLIST_PATH.exists()}")
+
+    if PLIST_PATH.exists():
+        import subprocess
+        result = subprocess.run(
+            ["launchctl", "list", PLIST_NAME],
+            capture_output=True, text=True,
+        )
+        if result.returncode == 0:
+            click.echo(f"Status: loaded")
+            for line in result.stdout.strip().split("\n"):
+                if "PID" in line or "LastExitStatus" in line:
+                    click.echo(f"  {line.strip()}")
+        else:
+            click.echo("Status: not loaded")
+
+    # Check logs
+    stdout_log = Path.home() / ".config" / "intercept" / "logs" / "agent.stdout.log"
+    if stdout_log.exists():
+        lines = stdout_log.read_text().strip().split("\n")
+        if lines:
+            click.echo(f"Last output: {lines[-1]}")
+
+
+if __name__ == "__main__":
+    cli()

posture_agent/models/report.py

@@ -0,0 +1,21 @@
+"""Pydantic models for the posture report payload."""
+
+from datetime import datetime
+from typing import Any
+
+from pydantic import BaseModel, Field
+
+
+class PostureReportPayload(BaseModel):
+    """The full report payload sent to the API."""
+
+    fingerprint: str
+    agent_version: str
+    collected_at: datetime = Field(default_factory=datetime.utcnow)
+    machine: dict[str, Any] = {}
+    ides: list[Any] | dict[str, Any] = []
+    extensions: dict[str, Any] = {}
+    ai_tools: list[Any] | dict[str, Any] = []
+    dev_tools: list[Any] | dict[str, Any] = []
+    security: dict[str, Any] = {}
+    package_managers: list[Any] | dict[str, Any] = []

posture_agent/services/fingerprint.py

@@ -0,0 +1,39 @@
+"""Machine fingerprint generation."""
+
+import hashlib
+
+from posture_agent.utils.shell import run_command
+
+
+async def get_machine_fingerprint() -> str:
+    """Generate a stable machine fingerprint from IOPlatformUUID."""
+    # Try IOPlatformUUID first (most reliable on macOS)
+    result = await run_command(
+        "ioreg", "-rd1", "-c", "IOPlatformExpertDevice"
+    )
+    if result:
+        for line in result.split("\n"):
+            if "IOPlatformUUID" in line:
+                # Extract UUID value
+                parts = line.split('"')
+                for i, part in enumerate(parts):
+                    if part == "IOPlatformUUID" and i + 2 < len(parts):
+                        uuid_val = parts[i + 2]
+                        return hashlib.sha256(uuid_val.encode()).hexdigest()[:32]
+
+    # Fallback: serial number
+    serial = await run_command(
+        "ioreg", "-l", "-c", "IOPlatformExpertDevice"
+    )
+    if serial:
+        for line in serial.split("\n"):
+            if "IOPlatformSerialNumber" in line:
+                parts = line.split('"')
+                for i, part in enumerate(parts):
+                    if part == "IOPlatformSerialNumber" and i + 2 < len(parts):
+                        return hashlib.sha256(parts[i + 2].encode()).hexdigest()[:32]
+
+    # Last resort: hostname-based
+    import platform
+    fallback = f"{platform.node()}-{platform.machine()}"
+    return hashlib.sha256(fallback.encode()).hexdigest()[:32]

posture_agent/services/reporter.py

@@ -0,0 +1,29 @@
+"""HTTP reporter for sending posture data to the API."""
+
+import httpx
+
+from posture_agent.core.config import Settings
+from posture_agent.models.report import PostureReportPayload
+
+
+async def send_report(payload: PostureReportPayload, settings: Settings) -> dict:
+    """Send posture report to the API with retry."""
+    url = f"{settings.api.url}/api/v1/core/posture/reports"
+
+    last_error: Exception | None = None
+    for attempt in range(settings.api.retries):
+        try:
+            async with httpx.AsyncClient(timeout=settings.api.timeout) as client:
+                response = await client.post(
+                    url,
+                    json=payload.model_dump(mode="json"),
+                )
+                response.raise_for_status()
+                return response.json()
+        except (httpx.HTTPError, httpx.TimeoutException) as e:
+            last_error = e
+            if attempt < settings.api.retries - 1:
+                import asyncio
+                await asyncio.sleep(2 ** attempt)
+
+    raise RuntimeError(f"Failed to send report after {settings.api.retries} attempts: {last_error}")

posture_agent/utils/shell.py

@@ -0,0 +1,38 @@
+"""Shell utility functions for running subprocesses."""
+
+import asyncio
+
+
+async def run_command(*args: str, timeout: float = 10.0) -> str | None:
+    """Run a command and return stdout, or None on failure."""
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            *args,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+        )
+        stdout, _ = await asyncio.wait_for(proc.communicate(), timeout=timeout)
+        if proc.returncode == 0 and stdout:
+            return stdout.decode("utf-8", errors="replace")
+        return None
+    except (asyncio.TimeoutError, FileNotFoundError, OSError):
+        return None
+
+
+async def check_version(binary: str, version_flag: str) -> str | None:
+    """Get version string from a binary. Handles multi-word flags."""
+    args = [binary] + version_flag.split()
+    result = await run_command(*args)
+    if not result:
+        return None
+
+    # Extract version from common formats
+    line = result.strip().split("\n")[0]
+
+    # Try to find version-like pattern
+    import re
+    match = re.search(r"(\d+\.\d+[\.\d]*)", line)
+    if match:
+        return match.group(1)
+
+    return line[:50]  # Fallback: first 50 chars of first line