no-cluely-detector 0.0.1__py3-none-any.whl

no_cluely_detector/__init__.py

@@ -0,0 +1,412 @@
+"""
+No-Cluely Detector - Python Library
+
+Detect Cluely employee monitoring software and its evasion techniques.
+This library provides Python bindings to a fast Rust-based detection engine.
+
+Basic Usage:
+    >>> from no_cluely_detector import ClueLyDetector
+    >>> if ClueLyDetector.is_cluely_running():
+    ...     print("⚠️ Employee monitoring detected!")
+
+Advanced Usage:
+    >>> detection = ClueLyDetector.detect_cluely_detailed()
+    >>> print(f"Severity: {detection.severity_level}")
+    >>> print(f"Techniques: {', '.join(detection.evasion_techniques)}")
+"""
+
+import ctypes
+import platform
+import os
+from pathlib import Path
+from typing import List, Optional, NamedTuple, Union
+from dataclasses import dataclass
+from datetime import datetime
+import threading
+import time
+
+# Ensure we're on macOS
+if platform.system() != "Darwin":
+    raise RuntimeError("Cluely Detector is only supported on macOS")
+
+
+# Locate the dynamic library
+def _find_library() -> str:
+    """Find the Rust dynamic library."""
+    # Try relative to this package first
+    current_dir = Path(__file__).parent
+    lib_paths = [
+        current_dir
+        / ".."
+        / ".."
+        / ".."
+        / "target"
+        / "release"
+        / "libno_cluely_driver.dylib",
+        current_dir / ".." / ".." / "target" / "release" / "libno_cluely_driver.dylib",
+        current_dir / "libno_cluely_driver.dylib",
+        Path("/usr/local/lib/libno_cluely_driver.dylib"),
+        Path("/opt/homebrew/lib/libno_cluely_driver.dylib"),
+    ]
+
+    for lib_path in lib_paths:
+        lib_path = lib_path.resolve()
+        if lib_path.exists():
+            return str(lib_path)
+
+    raise FileNotFoundError(
+        "Could not find libno_cluely_driver.dylib. "
+        "Please ensure the Rust library is built: cargo build --lib --release"
+    )
+
+
+# Load the library
+_lib_path = _find_library()
+_lib = ctypes.CDLL(_lib_path)
+
+
+# Define C structures
+class _ClueLyDetectionResult(ctypes.Structure):
+    """C structure for detection results."""
+
+    _fields_ = [
+        ("is_detected", ctypes.c_bool),
+        ("window_count", ctypes.c_uint32),
+        ("screen_capture_evasion_count", ctypes.c_uint32),
+        ("elevated_layer_count", ctypes.c_uint32),
+        ("max_layer_detected", ctypes.c_int32),
+    ]
+
+
+# Define function signatures
+_lib.is_cluely_running.argtypes = []
+_lib.is_cluely_running.restype = ctypes.c_int
+
+_lib.detect_cluely.argtypes = []
+_lib.detect_cluely.restype = _ClueLyDetectionResult
+
+_lib.get_cluely_report.argtypes = []
+_lib.get_cluely_report.restype = ctypes.c_char_p
+
+_lib.free_cluely_report.argtypes = [ctypes.c_char_p]
+_lib.free_cluely_report.restype = None
+
+_lib.get_cluely_window_count.argtypes = []
+_lib.get_cluely_window_count.restype = ctypes.c_uint32
+
+
+@dataclass(frozen=True)
+class ClueLyDetection:
+    """
+    Detailed information about Cluely detection.
+
+    Attributes:
+        is_detected: True if Cluely monitoring software is detected
+        window_count: Total number of Cluely windows found
+        screen_capture_evasion_count: Number of windows using screen capture evasion
+        elevated_layer_count: Number of windows using elevated layer positioning
+        max_layer_detected: Highest layer number detected
+        severity_level: Human-readable severity level ('None', 'Low', 'Medium', 'High')
+        evasion_techniques: List of detected evasion techniques
+        report: Detailed text report
+        timestamp: Detection timestamp
+    """
+
+    is_detected: bool
+    window_count: int
+    screen_capture_evasion_count: int
+    elevated_layer_count: int
+    max_layer_detected: int
+    severity_level: str
+    evasion_techniques: List[str]
+    report: str
+    timestamp: datetime
+
+
+class ClueLyDetector:
+    """
+    Cluely Detection Library
+
+    Detects Cluely employee monitoring software and its specific evasion techniques.
+    All methods are thread-safe and can be called from any thread.
+    """
+
+    @staticmethod
+    def is_cluely_running() -> bool:
+        """
+        Simple check if Cluely monitoring software is running.
+
+        Returns:
+            True if Cluely is detected, False otherwise
+
+        Example:
+            >>> if ClueLyDetector.is_cluely_running():
+            ...     print("⚠️ Employee monitoring detected!")
+        """
+        return _lib.is_cluely_running() != 0
+
+    @staticmethod
+    def detect_cluely() -> tuple[bool, int]:
+        """
+        Basic detection with window count.
+
+        Returns:
+            Tuple of (is_detected, window_count)
+
+        Example:
+            >>> is_detected, window_count = ClueLyDetector.detect_cluely()
+            >>> print(f"Detected: {is_detected}, Windows: {window_count}")
+        """
+        result = _lib.detect_cluely()
+        return result.is_detected, result.window_count
+
+    @staticmethod
+    def detect_cluely_detailed() -> ClueLyDetection:
+        """
+        Detailed detection with evasion technique analysis.
+
+        Returns:
+            ClueLyDetection object with comprehensive information
+
+        Example:
+            >>> detection = ClueLyDetector.detect_cluely_detailed()
+            >>> if detection.is_detected:
+            ...     print(f"Severity: {detection.severity_level}")
+            ...     print(f"Techniques: {', '.join(detection.evasion_techniques)}")
+        """
+        result = _lib.detect_cluely()
+
+        # Get the detailed report
+        report_ptr = _lib.get_cluely_report()
+        try:
+            if report_ptr:
+                report = report_ptr.decode("utf-8")
+            else:
+                report = "No detailed report available"
+        finally:
+            if report_ptr:
+                _lib.free_cluely_report(report_ptr)
+
+        # Calculate severity level
+        technique_count = 0
+        if result.screen_capture_evasion_count > 0:
+            technique_count += 1
+        if result.elevated_layer_count > 0:
+            technique_count += 1
+
+        if not result.is_detected:
+            severity_level = "None"
+        elif technique_count == 0:
+            severity_level = "Low"
+        elif technique_count == 1:
+            severity_level = "Medium"
+        else:
+            severity_level = "High"
+
+        # Build evasion techniques list
+        evasion_techniques = []
+        if result.screen_capture_evasion_count > 0:
+            evasion_techniques.append(
+                f"Screen capture evasion ({result.screen_capture_evasion_count} windows)"
+            )
+        if result.elevated_layer_count > 0:
+            evasion_techniques.append(
+                f"Elevated layer positioning ({result.elevated_layer_count} windows)"
+            )
+
+        return ClueLyDetection(
+            is_detected=result.is_detected,
+            window_count=result.window_count,
+            screen_capture_evasion_count=result.screen_capture_evasion_count,
+            elevated_layer_count=result.elevated_layer_count,
+            max_layer_detected=result.max_layer_detected,
+            severity_level=severity_level,
+            evasion_techniques=evasion_techniques,
+            report=report,
+            timestamp=datetime.now(),
+        )
+
+    @staticmethod
+    def get_cluely_report() -> str:
+        """
+        Get detailed text report of detection results.
+
+        Returns:
+            Detailed text report explaining what was found
+
+        Example:
+            >>> report = ClueLyDetector.get_cluely_report()
+            >>> print(report)
+        """
+        report_ptr = _lib.get_cluely_report()
+        try:
+            if report_ptr:
+                return report_ptr.decode("utf-8")
+            else:
+                return "No report available"
+        finally:
+            if report_ptr:
+                _lib.free_cluely_report(report_ptr)
+
+    @staticmethod
+    def get_cluely_window_count() -> int:
+        """
+        Get the number of Cluely windows detected.
+
+        Returns:
+            Number of Cluely windows
+
+        Example:
+            >>> count = ClueLyDetector.get_cluely_window_count()
+            >>> print(f"Found {count} Cluely windows")
+        """
+        return _lib.get_cluely_window_count()
+
+
+class ClueLyMonitor:
+    """
+    Monitor for Cluely detection changes with event callbacks.
+
+    This class provides continuous monitoring with callbacks for detection events.
+    It runs in a separate thread to avoid blocking the main application.
+    """
+
+    def __init__(self):
+        self._running = False
+        self._thread: Optional[threading.Thread] = None
+        self._last_detection: Optional[ClueLyDetection] = None
+        self._callbacks = {}
+
+    def start(
+        self,
+        interval: float = 10.0,
+        on_detected: Optional[callable] = None,
+        on_removed: Optional[callable] = None,
+        on_change: Optional[callable] = None,
+    ) -> None:
+        """
+        Start monitoring for Cluely detection changes.
+
+        Args:
+            interval: Check interval in seconds (default: 10.0)
+            on_detected: Callback when Cluely is first detected
+            on_removed: Callback when Cluely monitoring stops
+            on_change: Callback on every detection check
+
+        Example:
+            >>> def alert(detection):
+            ...     print(f"🚨 Cluely detected! Severity: {detection.severity_level}")
+            >>>
+            >>> monitor = ClueLyMonitor()
+            >>> monitor.start(interval=5.0, on_detected=alert)
+        """
+        if self._running:
+            raise RuntimeError("Monitor is already running")
+
+        self._callbacks = {
+            "on_detected": on_detected,
+            "on_removed": on_removed,
+            "on_change": on_change,
+        }
+
+        self._running = True
+        self._thread = threading.Thread(target=self._monitor_loop, args=(interval,))
+        self._thread.daemon = True
+        self._thread.start()
+
+    def stop(self) -> None:
+        """
+        Stop monitoring.
+
+        Example:
+            >>> monitor.stop()
+        """
+        self._running = False
+        if self._thread:
+            self._thread.join(timeout=5.0)
+            self._thread = None
+
+    def get_last_detection(self) -> Optional[ClueLyDetection]:
+        """
+        Get the last detection result.
+
+        Returns:
+            Last ClueLyDetection result or None if no detection has been performed
+
+        Example:
+            >>> last = monitor.get_last_detection()
+            >>> if last and last.is_detected:
+            ...     print("Still detected")
+        """
+        return self._last_detection
+
+    def _monitor_loop(self, interval: float) -> None:
+        """Internal monitoring loop."""
+        while self._running:
+            try:
+                detection = ClueLyDetector.detect_cluely_detailed()
+
+                # Check for state changes
+                if self._last_detection:
+                    if detection.is_detected and not self._last_detection.is_detected:
+                        # Just detected
+                        if self._callbacks["on_detected"]:
+                            self._callbacks["on_detected"](detection)
+                    elif not detection.is_detected and self._last_detection.is_detected:
+                        # Just stopped
+                        if self._callbacks["on_removed"]:
+                            self._callbacks["on_removed"]()
+                else:
+                    # First check
+                    if detection.is_detected and self._callbacks["on_detected"]:
+                        self._callbacks["on_detected"](detection)
+
+                # Always call on_change if provided
+                if self._callbacks["on_change"]:
+                    self._callbacks["on_change"](detection)
+
+                self._last_detection = detection
+
+            except Exception as e:
+                # Log error but continue monitoring
+                print(f"Monitoring error: {e}")
+
+            if self._running:
+                time.sleep(interval)
+
+
+# Convenience functions for quick access
+def is_cluely_running() -> bool:
+    """Convenience function: Check if Cluely is running."""
+    return ClueLyDetector.is_cluely_running()
+
+
+def detect_cluely() -> tuple[bool, int]:
+    """Convenience function: Basic detection with window count."""
+    return ClueLyDetector.detect_cluely()
+
+
+def detect_cluely_detailed() -> ClueLyDetection:
+    """Convenience function: Detailed detection with evasion analysis."""
+    return ClueLyDetector.detect_cluely_detailed()
+
+
+def get_cluely_report() -> str:
+    """Convenience function: Get detailed text report."""
+    return ClueLyDetector.get_cluely_report()
+
+
+# Export public API
+__all__ = [
+    "ClueLyDetector",
+    "ClueLyDetection",
+    "ClueLyMonitor",
+    "is_cluely_running",
+    "detect_cluely",
+    "detect_cluely_detailed",
+    "get_cluely_report",
+]
+
+# Version information
+__version__ = "1.0.0"
+__author__ = "No-Cluely Team"

no_cluely_detector/py.typed

@@ -0,0 +1 @@
+# This file indicates that this package supports type hints (PEP 561) 

no_cluely_detector-0.0.1.dist-info/METADATA

@@ -0,0 +1,586 @@
+Metadata-Version: 2.4
+Name: no-cluely-detector
+Version: 0.0.1
+Summary: Detect Cluely employee monitoring software and its evasion techniques
+Author: No-Cluely Team
+License: MIT
+Project-URL: Homepage, https://github.com/your-org/no-cluely-driver
+Project-URL: Bug Reports, https://github.com/your-org/no-cluely-driver/issues
+Project-URL: Source, https://github.com/your-org/no-cluely-driver
+Project-URL: Documentation, https://github.com/your-org/no-cluely-driver#readme
+Keywords: privacy,monitoring,detection,cluely,employee,screen-sharing,evasion,macos
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: MacOS
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Monitoring
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+Requires-Dist: typing-extensions>=4.0.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
+Requires-Dist: black>=22.0.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Requires-Dist: flake8>=5.0.0; extra == "dev"
+
+# no-cluely-detector 🎯
+
+Python library for detecting Cluely employee monitoring software and its evasion techniques.
+
+## Features
+
+- **Fast Detection**: Built on a high-performance Rust engine
+- **Thread-Safe**: Use from any thread in your Python application
+- **Type-Safe**: Full type hints support with mypy compatibility
+- **Event Monitoring**: Real-time callbacks for detection changes
+- **Detailed Analysis**: Comprehensive evasion technique reporting
+- **Easy Integration**: Simple API for any Python project
+
+## Installation
+
+```bash
+pip install no-cluely-detector
+```
+
+### Requirements
+
+- **Python**: 3.8 or later
+- **Platform**: macOS only (Cluely is macOS-specific)
+- **Architecture**: x64 (Intel/Apple Silicon)
+
+## Quick Start
+
+### Simple Detection
+```python
+from no_cluely_detector import ClueLyDetector
+
+# Quick check
+if ClueLyDetector.is_cluely_running():
+    print("⚠️ Employee monitoring detected!")
+else:
+    print("✅ No monitoring software found")
+```
+
+### Detailed Analysis
+```python
+from no_cluely_detector import ClueLyDetector
+
+detection = ClueLyDetector.detect_cluely_detailed()
+
+if detection.is_detected:
+    print(f"🚨 Cluely Detected!")
+    print(f"   Severity: {detection.severity_level}")
+    print(f"   Windows: {detection.window_count}")
+    print(f"   Techniques: {', '.join(detection.evasion_techniques)}")
+else:
+    print("✅ System clean")
+```
+
+### Real-time Monitoring
+```python
+from no_cluely_detector import ClueLyMonitor
+
+def on_detected(detection):
+    print(f"🚨 Monitoring started! Severity: {detection.severity_level}")
+
+def on_removed():
+    print("✅ Monitoring stopped")
+
+monitor = ClueLyMonitor()
+monitor.start(
+    interval=5.0,  # Check every 5 seconds
+    on_detected=on_detected,
+    on_removed=on_removed
+)
+
+# Your application continues...
+# Call monitor.stop() when done
+```
+
+## API Reference
+
+### ClueLyDetector
+
+Main detection class with static methods for detecting Cluely monitoring software.
+
+#### Methods
+
+##### `ClueLyDetector.is_cluely_running() -> bool`
+Simple boolean check for Cluely presence.
+
+```python
+detected = ClueLyDetector.is_cluely_running()
+```
+
+##### `ClueLyDetector.detect_cluely() -> tuple[bool, int]`
+Basic detection returning status and window count.
+
+```python
+is_detected, window_count = ClueLyDetector.detect_cluely()
+print(f"Detected: {is_detected}, Windows: {window_count}")
+```
+
+##### `ClueLyDetector.detect_cluely_detailed() -> ClueLyDetection`
+Comprehensive detection with full analysis.
+
+```python
+detection = ClueLyDetector.detect_cluely_detailed()
+# Returns ClueLyDetection object with all details
+```
+
+##### `ClueLyDetector.get_cluely_report() -> str`
+Detailed text report of findings.
+
+```python
+report = ClueLyDetector.get_cluely_report()
+print(report)
+```
+
+##### `ClueLyDetector.get_cluely_window_count() -> int`
+Number of Cluely windows detected.
+
+```python
+count = ClueLyDetector.get_cluely_window_count()
+```
+
+### ClueLyDetection
+
+Data class containing detailed detection information.
+
+#### Attributes
+
+- `is_detected: bool` - True if Cluely is detected
+- `window_count: int` - Total number of Cluely windows
+- `screen_capture_evasion_count: int` - Windows using screen capture evasion
+- `elevated_layer_count: int` - Windows using elevated layer positioning
+- `max_layer_detected: int` - Highest layer number found
+- `severity_level: str` - Severity ('None', 'Low', 'Medium', 'High')
+- `evasion_techniques: List[str]` - List of detected techniques
+- `report: str` - Detailed text report
+- `timestamp: datetime` - Detection timestamp
+
+```python
+detection = ClueLyDetector.detect_cluely_detailed()
+
+print(f"Detected: {detection.is_detected}")
+print(f"Severity: {detection.severity_level}")
+print(f"Evasion Techniques:")
+for technique in detection.evasion_techniques:
+    print(f"  - {technique}")
+```
+
+### ClueLyMonitor
+
+Event-based monitoring for detection changes.
+
+#### Methods
+
+##### `start(interval=10.0, on_detected=None, on_removed=None, on_change=None)`
+Start monitoring with event callbacks.
+
+- `interval: float` - Check interval in seconds
+- `on_detected: callable` - Called when Cluely is first detected
+- `on_removed: callable` - Called when Cluely monitoring stops
+- `on_change: callable` - Called on every check
+
+##### `stop()`
+Stop monitoring and cleanup resources.
+
+##### `get_last_detection() -> Optional[ClueLyDetection]`
+Get the most recent detection result.
+
+```python
+monitor = ClueLyMonitor()
+
+def alert(detection):
+    send_email(f"Security Alert: {detection.severity_level}")
+
+monitor.start(interval=30.0, on_detected=alert)
+```
+
+## Usage Examples
+
+### Flask Web Application
+```python
+from flask import Flask, jsonify
+from no_cluely_detector import ClueLyDetector
+
+app = Flask(__name__)
+
+@app.route('/api/security/check')
+def security_check():
+    detection = ClueLyDetector.detect_cluely_detailed()
+    
+    return jsonify({
+        'monitoring_detected': detection.is_detected,
+        'severity': detection.severity_level,
+        'evasion_techniques': detection.evasion_techniques,
+        'window_count': detection.window_count,
+        'timestamp': detection.timestamp.isoformat()
+    })
+
+if __name__ == '__main__':
+    app.run(debug=True)
+```
+
+### Django Integration
+```python
+# views.py
+from django.http import JsonResponse
+from django.views.decorators.http import require_http_methods
+from no_cluely_detector import ClueLyDetector
+
+@require_http_methods(["GET"])
+def check_monitoring(request):
+    detection = ClueLyDetector.detect_cluely_detailed()
+    
+    return JsonResponse({
+        'detected': detection.is_detected,
+        'severity': detection.severity_level,
+        'techniques': detection.evasion_techniques,
+        'report': detection.report
+    })
+
+# urls.py
+from django.urls import path
+from . import views
+
+urlpatterns = [
+    path('security/check/', views.check_monitoring, name='check_monitoring'),
+]
+```
+
+### FastAPI Application
+```python
+from fastapi import FastAPI
+from pydantic import BaseModel
+from typing import List
+from datetime import datetime
+from no_cluely_detector import ClueLyDetector, ClueLyDetection
+
+app = FastAPI(title="Security Monitor API")
+
+class SecurityStatus(BaseModel):
+    detected: bool
+    severity: str
+    evasion_techniques: List[str]
+    window_count: int
+    timestamp: datetime
+
+@app.get("/security/check", response_model=SecurityStatus)
+async def check_security():
+    detection = ClueLyDetector.detect_cluely_detailed()
+    
+    return SecurityStatus(
+        detected=detection.is_detected,
+        severity=detection.severity_level,
+        evasion_techniques=detection.evasion_techniques,
+        window_count=detection.window_count,
+        timestamp=detection.timestamp
+    )
+```
+
+### Background Monitoring Service
+```python
+import time
+import logging
+from no_cluely_detector import ClueLyMonitor
+from email.mime.text import MimeText
+import smtplib
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+class SecurityMonitorService:
+    def __init__(self, email_alerts=True):
+        self.monitor = ClueLyMonitor()
+        self.email_alerts = email_alerts
+        
+    def start(self):
+        logger.info("Starting security monitoring service...")
+        
+        self.monitor.start(
+            interval=60.0,  # Check every minute
+            on_detected=self._on_threat_detected,
+            on_removed=self._on_threat_removed,
+            on_change=self._on_status_change
+        )
+        
+    def stop(self):
+        logger.info("Stopping security monitoring service...")
+        self.monitor.stop()
+        
+    def _on_threat_detected(self, detection):
+        logger.warning(f"🚨 SECURITY THREAT DETECTED - Severity: {detection.severity_level}")
+        
+        if self.email_alerts:
+            self._send_alert_email(detection)
+            
+        # Log to security system
+        self._log_security_event("THREAT_DETECTED", detection)
+        
+    def _on_threat_removed(self):
+        logger.info("✅ Security threat removed")
+        self._log_security_event("THREAT_REMOVED", None)
+        
+    def _on_status_change(self, detection):
+        # Log periodic status (every 10 minutes)
+        if int(time.time()) % 600 == 0:
+            status = "DETECTED" if detection.is_detected else "CLEAN"
+            logger.info(f"Security status: {status}")
+            
+    def _send_alert_email(self, detection):
+        # Implementation depends on your email setup
+        subject = f"Security Alert: Employee Monitoring Detected ({detection.severity_level})"
+        body = f"""
+        Security Alert: Cluely employee monitoring software detected
+        
+        Severity: {detection.severity_level}
+        Evasion Techniques: {', '.join(detection.evasion_techniques)}
+        Window Count: {detection.window_count}
+        Time: {detection.timestamp}
+        
+        Report:
+        {detection.report}
+        """
+        # Send email implementation here
+        
+    def _log_security_event(self, event_type, detection):
+        # Log to your security information system
+        event_data = {
+            'event_type': event_type,
+            'timestamp': time.time(),
+            'detection': detection.__dict__ if detection else None
+        }
+        logger.info(f"Security event: {event_data}")
+
+# Usage
+if __name__ == "__main__":
+    service = SecurityMonitorService()
+    service.start()
+    
+    try:
+        # Keep the service running
+        while True:
+            time.sleep(60)
+    except KeyboardInterrupt:
+        service.stop()
+```
+
+### Jupyter Notebook Integration
+```python
+# Cell 1: Setup
+from no_cluely_detector import ClueLyDetector, ClueLyMonitor
+import pandas as pd
+from datetime import datetime
+import matplotlib.pyplot as plt
+
+# Cell 2: Single Check
+detection = ClueLyDetector.detect_cluely_detailed()
+
+print(f"🔍 Security Check Results")
+print(f"========================")
+print(f"Detected: {'🚨 YES' if detection.is_detected else '✅ NO'}")
+if detection.is_detected:
+    print(f"Severity: {detection.severity_level}")
+    print(f"Techniques: {', '.join(detection.evasion_techniques)}")
+
+# Cell 3: Historical Analysis
+detection_history = []
+
+def record_detection(detection):
+    detection_history.append({
+        'timestamp': detection.timestamp,
+        'detected': detection.is_detected,
+        'severity': detection.severity_level,
+        'window_count': detection.window_count
+    })
+
+monitor = ClueLyMonitor()
+monitor.start(interval=30.0, on_change=record_detection)
+
+# Let it run for a while, then analyze
+# monitor.stop()
+
+# Cell 4: Visualization
+df = pd.DataFrame(detection_history)
+df['timestamp'] = pd.to_datetime(df['timestamp'])
+
+plt.figure(figsize=(12, 6))
+plt.subplot(2, 1, 1)
+plt.plot(df['timestamp'], df['detected'].astype(int))
+plt.title('Detection Status Over Time')
+plt.ylabel('Detected (1=Yes, 0=No)')
+
+plt.subplot(2, 1, 2)
+plt.plot(df['timestamp'], df['window_count'])
+plt.title('Window Count Over Time')
+plt.ylabel('Window Count')
+plt.xlabel('Time')
+
+plt.tight_layout()
+plt.show()
+```
+
+### Automation Script
+```python
+#!/usr/bin/env python3
+"""
+Security monitoring automation script
+Usage: python security_monitor.py [--interval SECONDS] [--log-file PATH]
+"""
+
+import argparse
+import sys
+import time
+import json
+from pathlib import Path
+from no_cluely_detector import ClueLyMonitor
+
+def main():
+    parser = argparse.ArgumentParser(description='Monitor for Cluely employee monitoring software')
+    parser.add_argument('--interval', type=float, default=60.0, 
+                       help='Check interval in seconds (default: 60)')
+    parser.add_argument('--log-file', type=Path, 
+                       help='JSON log file path')
+    parser.add_argument('--alert-command', type=str,
+                       help='Command to run when threat detected')
+    
+    args = parser.parse_args()
+    
+    def log_detection(detection):
+        log_entry = {
+            'timestamp': detection.timestamp.isoformat(),
+            'detected': detection.is_detected,
+            'severity': detection.severity_level,
+            'evasion_techniques': detection.evasion_techniques,
+            'window_count': detection.window_count
+        }
+        
+        if args.log_file:
+            with open(args.log_file, 'a') as f:
+                f.write(json.dumps(log_entry) + '\n')
+        
+        # Print to console
+        status = f"🚨 DETECTED ({detection.severity_level})" if detection.is_detected else "✅ CLEAN"
+        print(f"[{detection.timestamp}] {status}")
+        
+        if detection.is_detected and detection.evasion_techniques:
+            print(f"  Techniques: {', '.join(detection.evasion_techniques)}")
+    
+    def on_detected(detection):
+        print(f"🚨 ALERT: Employee monitoring detected! Severity: {detection.severity_level}")
+        
+        if args.alert_command:
+            import subprocess
+            try:
+                subprocess.run(args.alert_command.split(), check=True)
+            except subprocess.CalledProcessError as e:
+                print(f"Alert command failed: {e}")
+    
+    print(f"Starting security monitor (interval: {args.interval}s)")
+    if args.log_file:
+        print(f"Logging to: {args.log_file}")
+    
+    monitor = ClueLyMonitor()
+    monitor.start(
+        interval=args.interval,
+        on_detected=on_detected,
+        on_change=log_detection
+    )
+    
+    try:
+        while True:
+            time.sleep(1)
+    except KeyboardInterrupt:
+        print("\nStopping monitor...")
+        monitor.stop()
+
+if __name__ == '__main__':
+    main()
+```
+
+## Error Handling
+
+```python
+from no_cluely_detector import ClueLyDetector
+import platform
+
+try:
+    detection = ClueLyDetector.detect_cluely_detailed()
+    # Process detection...
+except RuntimeError as e:
+    if "only supported on macOS" in str(e):
+        print("This library only works on macOS")
+    else:
+        print(f"Detection error: {e}")
+except FileNotFoundError as e:
+    print("Rust library not found. Please install properly.")
+except Exception as e:
+    print(f"Unexpected error: {e}")
+```
+
+## Performance
+
+- **Detection Speed**: < 50ms per check
+- **Memory Usage**: < 2MB resident memory
+- **Thread Safety**: All methods are thread-safe
+- **CPU Usage**: Minimal (< 0.1% during checks)
+
+## Testing
+
+```python
+# test_detection.py
+import pytest
+from no_cluely_detector import ClueLyDetector, ClueLyMonitor
+
+def test_basic_detection():
+    """Test basic detection functionality."""
+    result = ClueLyDetector.is_cluely_running()
+    assert isinstance(result, bool)
+
+def test_detailed_detection():
+    """Test detailed detection."""
+    detection = ClueLyDetector.detect_cluely_detailed()
+    
+    assert hasattr(detection, 'is_detected')
+    assert hasattr(detection, 'severity_level')
+    assert isinstance(detection.evasion_techniques, list)
+    assert detection.severity_level in ['None', 'Low', 'Medium', 'High']
+
+def test_monitor():
+    """Test monitoring functionality."""
+    monitor = ClueLyMonitor()
+    
+    # Should start and stop without issues
+    monitor.start(interval=1.0)
+    time.sleep(2)
+    monitor.stop()
+
+if __name__ == '__main__':
+    pytest.main([__file__])
+```
+
+Run tests:
+```bash
+pip install pytest
+python -m pytest test_detection.py -v
+```
+
+## License
+
+MIT License
+
+## Contributing
+
+Issues and pull requests welcome at: https://github.com/your-org/no-cluely-driver 

no_cluely_detector-0.0.1.dist-info/RECORD

@@ -0,0 +1,6 @@
+no_cluely_detector/__init__.py,sha256=CpJrFN-by68C1zJ3O_XAXLqya4TrZ40-EBOENLwYOPY,12836
+no_cluely_detector/py.typed,sha256=ly_OTohiB3OSMv5IvZcW13LkzgSEk-ieT7d3zlEXpdc,70
+no_cluely_detector-0.0.1.dist-info/METADATA,sha256=n8N2ceZnzSNPdJhvsim43sgLweTfh_1HyigRHfvvqUk,16899
+no_cluely_detector-0.0.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+no_cluely_detector-0.0.1.dist-info/top_level.txt,sha256=BCY0tJTlX9NWuKdsapwC3nY9tnYQ_iymXuZlFpWoeAc,19
+no_cluely_detector-0.0.1.dist-info/RECORD,,

no_cluely_detector-0.0.1.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (80.9.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

no_cluely_detector-0.0.1.dist-info/top_level.txt

@@ -0,0 +1 @@
+no_cluely_detector