rsil 0.1.0__tar.gz

rsil-0.1.0/.claude/CLAUDE.md

@@ -0,0 +1,136 @@
+# RSIL — Claude Code Project Context
+
+## What this project is
+
+RSIL (Runtime Secret Isolation Layer) is a Python CLI tool and library that injects secrets into processes at runtime without ever storing them in plaintext on disk. It uses `fork()`/`execve()` to create minimal-environment child processes, Fernet encryption for the local secret store, and process-inspection to detect and block AI coding agents from accessing secrets.
+
+GitHub tagline: **"Runtime secret injection with process-level isolation — built for the AI-agent era."**
+
+The project solves a new threat model: AI coding assistants (Claude Code, Cursor, Copilot) run inside local repositories and can read `.env` files and `os.environ`. RSIL prevents that by eliminating `.env` files and only materializing secrets inside short-lived, isolated child processes.
+
+---
+
+## Key directories
+
+| Path | What it contains |
+|------|-----------------|
+| `rsil/cli/` | typer-based CLI, one file per command (`init`, `add`, `list`, `delete`, `run`) |
+| `rsil/core/` | Execution engine: executor, process spawning, env builder, cleanup, isolation stub |
+| `rsil/secrets/` | Encrypted store, Fernet crypto primitives, SecretManager |
+| `rsil/policy/` | YAML-based access control rules and evaluation engine |
+| `rsil/security/` | Process guard (AI agent detection), output redactor, audit logger |
+| `rsil/utils/` | Logger, config loader (`~/.rsil/config.toml`) |
+| `tests/unit/` | Fast, fully mocked unit tests |
+| `tests/integration/` | Tests that exercise the full run path with mock secrets |
+| `tests/fixtures/` | Mock store helpers and sample policy YAML |
+| `examples/simple_app/` | Minimal Python app to test `rsil run` locally |
+| `examples/fastapi_app/` | FastAPI app demonstrating RSIL in a web context |
+| `docs/` | `architecture.md` (deep technical doc), `roadmap.md` (12-week plan) |
+
+---
+
+## Dev install
+
+```bash
+pip install -e ".[dev]"
+# or
+uv sync --extra dev
+```
+
+---
+
+## How to run tests
+
+```bash
+pytest                          # all tests
+pytest tests/unit/              # unit tests only (fast)
+pytest tests/integration/       # integration tests
+pytest -k test_crypto           # specific test module
+pytest --cov=rsil               # with coverage report
+```
+
+---
+
+## Linting and type checking
+
+```bash
+ruff check rsil/ tests/
+ruff format rsil/ tests/
+mypy rsil/
+```
+
+---
+
+## CLI usage (after install)
+
+```bash
+rsil --help
+rsil init
+rsil add MY_KEY=myvalue --service demo
+rsil list --service demo
+rsil run --service demo -- python examples/simple_app/app.py
+rsil delete MY_KEY --service demo
+```
+
+---
+
+## Architecture summary (8-step execution flow)
+
+```
+rsil run --service payment-api -- python app.py
+```
+
+1. `cli/commands/run.py` parses command and service name
+2. `core/executor.py :: Executor.run()` orchestrates the lifecycle
+3. `security/process_guard.py` checks if parent process is a known AI agent → denies if so
+4. `policy/engine.py` evaluates access rules (stub in v0.1 — always passes)
+5. `secrets/manager.py` decrypts `~/.rsil/secrets.enc` → `{"STRIPE_KEY": "..."}`
+6. `core/env_builder.py` builds minimal env dict — **never** copies `os.environ`
+7. `core/process.py` calls `os.fork()` + `os.execve()` with isolated env; pipes stdout/stderr through `security/redact.py`
+8. `core/cleanup.py` zeroes secret values; `security/audit.py` writes JSON event to `~/.rsil/audit.log`
+
+---
+
+## CRITICAL constraints — read before writing any code
+
+These are not preferences. Violating them introduces real security vulnerabilities.
+
+1. **Never read `~/.rsil/secrets.enc` or `~/.rsil/master.key` directly.** Always go through `secrets/manager.py`. These paths are also blocked in `settings.json`.
+
+2. **Never use `os.environ.copy()` or inherit the full environment** when building child process environments. Only `core/env_builder.build_minimal_env()` is allowed to construct child envs. This is the central security invariant.
+
+3. **Never hardcode secret values in tests.** All tests must use the mock fixtures in `tests/fixtures/mock_store.py`. Use `pytest-mock` for `SecretManager`.
+
+4. **Never call `rsil run` with real secrets in tests.** Integration tests use `rsil run -- env` or `python -c "print('hello')"` with mock secrets injected via `conftest.py` fixtures.
+
+5. **Never log raw secret values.** The `utils/logger.py` logger must never receive raw secret strings. Pass data through `security/redact.py` first.
+
+6. **Never import from `cli/` inside `core/`, `secrets/`, `policy/`, or `security/`.** Dependency direction: `cli` → `core` → `secrets`/`policy`/`security`/`utils`. No upward imports.
+
+7. **Never write to `~/.rsil/` during tests.** Always use `monkeypatch.setenv("RSIL_HOME", str(tmp_path))` to redirect all RSIL paths to a temporary directory.
+
+---
+
+## Testing philosophy
+
+- Unit tests mock `SecretManager` entirely using `pytest-mock`
+- `test_crypto.py` generates fresh Fernet keys per test, never reuses keys across tests
+- `test_executor.py` patches `core.process.spawn()` to avoid forking in unit tests
+- Integration tests use a temporary `RSIL_HOME` via a `tmp_path` fixture
+- No test should leave files in the real `~/.rsil/` directory
+
+---
+
+## Current version and status
+
+See `pyproject.toml` for the current version (`0.1.0`).
+See `docs/roadmap.md` for weekly milestones.
+See `CHANGELOG.md` for version history.
+
+---
+
+## Platform notes
+
+- **macOS + Linux only.** `os.fork()` is a POSIX call. Windows is not supported.
+- The process guard uses `psutil` (not `/proc`) so it works on both macOS and Linux.
+- Tests should pass on both platforms.

rsil-0.1.0/.claude/settings.json

@@ -0,0 +1,11 @@
+{
+  "permissions": {
+    "deny": [
+      "Read(~/.rsil/secrets.enc)",
+      "Read(~/.rsil/master.key)",
+      "Bash(cat ~/.rsil/*)",
+      "Bash(rsil add *)",
+      "Bash(rsil run * -- *)"
+    ]
+  }
+}

rsil-0.1.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,45 @@
+---
+name: Bug report
+about: Report a bug in RSIL
+title: "[bug] "
+labels: bug
+assignees: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To reproduce
+
+Steps to reproduce the behavior:
+
+1. Run `rsil ...`
+2. See error
+
+## Expected behavior
+
+What you expected to happen.
+
+## Actual behavior
+
+What actually happened. Include error output if available.
+
+```
+paste error output here
+```
+
+## Environment
+
+- OS: [e.g. macOS 15.0, Ubuntu 22.04]
+- Python version: [e.g. 3.12.0]
+- RSIL version: [e.g. 0.1.0 — run `rsil --version`]
+- Install method: [pip / uv / source]
+
+## Additional context
+
+Any other context about the problem.
+
+## Security note
+
+**Do not include real secret values in bug reports.** Use placeholder values like `sk_test_XXXX`.

rsil-0.1.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,41 @@
+---
+name: Feature request
+about: Suggest a new feature or improvement for RSIL
+title: "[feat] "
+labels: enhancement
+assignees: ''
+---
+
+## Summary
+
+A short description of the feature you'd like.
+
+## Motivation
+
+What problem does this solve? Who benefits from it?
+
+## Proposed solution
+
+How would this feature work? Include examples if possible.
+
+```bash
+# Example CLI usage
+rsil new-command --flag value
+```
+
+## Alternatives considered
+
+Other approaches you've thought about and why you prefer this one.
+
+## Scope
+
+Which RSIL version milestone does this fit?
+- [ ] v0.2 (process guard + env isolation)
+- [ ] v0.3 (pipe-based injection)
+- [ ] v0.4 (policy engine)
+- [ ] post-v1.0 (team sync, daemon mode, network backends)
+- [ ] unsure
+
+## Additional context
+
+Any other context, screenshots, or references.

rsil-0.1.0/.github/workflows/ci.yml

@@ -0,0 +1,59 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  lint:
+    name: Lint & typecheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dev dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Ruff lint
+        run: ruff check rsil/ tests/
+
+      - name: Ruff format check
+        run: ruff format --check rsil/ tests/
+
+      - name: Mypy
+        run: mypy rsil/
+
+  test:
+    name: Test (Python ${{ matrix.python-version }}, ${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+        os: [ubuntu-latest, macos-latest]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Run tests
+        run: pytest --cov=rsil --cov-report=xml -q
+
+      - name: Upload coverage
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        uses: codecov/codecov-action@v4
+        with:
+          files: coverage.xml
+          fail_ci_if_error: false

rsil-0.1.0/.github/workflows/publish.yml

@@ -0,0 +1,83 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Target environment"
+        required: true
+        default: "testpypi"
+        type: choice
+        options:
+          - testpypi
+          - pypi
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build sdist and wheel
+        run: python -m build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  test-publish:
+    name: Publish to TestPyPI
+    needs: build
+    # Runs on every release, or when manually targeting testpypi
+    if: github.event_name == 'release' || inputs.environment == 'testpypi'
+    runs-on: ubuntu-latest
+    environment: testpypi
+    permissions:
+      id-token: write
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  publish:
+    name: Publish to PyPI
+    needs: [build, test-publish]
+    # On release: runs after test-publish succeeds.
+    # On manual pypi trigger: test-publish is skipped, so allow skipped.
+    if: |
+      always() &&
+      needs.build.result == 'success' &&
+      (needs.test-publish.result == 'success' || needs.test-publish.result == 'skipped') &&
+      (github.event_name == 'release' || inputs.environment == 'pypi')
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

rsil-0.1.0/.gitignore

@@ -0,0 +1,211 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# docs
+.gitignore
+docs/publishing.md
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/

rsil-0.1.0/CHANGELOG.md

@@ -0,0 +1,63 @@
+# Changelog
+
+All notable changes to RSIL are documented here.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+---
+
+## [Unreleased]
+
+### Added
+- Initial project scaffold
+- `pyproject.toml` with hatchling build backend
+- Full package skeleton: `rsil/cli/`, `rsil/core/`, `rsil/secrets/`, `rsil/policy/`, `rsil/security/`, `rsil/utils/`
+- `rsil/secrets/` — Fernet-based encrypted local store
+- `rsil/core/` — POSIX fork/execve execution engine with minimal environment
+- `rsil/security/` — process guard (AI agent detection), output redactor, audit logger
+- `rsil/policy/` — YAML-based policy rule loader and stub engine
+- `rsil/utils/` — config loader and logger
+- `docs/architecture.md` — full architecture documentation
+- `docs/roadmap.md` — 12-week development roadmap
+- `.claude/CLAUDE.md` — project context and constraints for AI-assisted development
+- `examples/simple_app/` — minimal Python app demonstrating secret injection
+
+---
+
+## [0.1.0] — *Target: 2026-05-02*
+
+### Added
+- `rsil init` — initialize `~/.rsil/` and generate master key
+- `rsil add KEY=value --service NAME` — add/update a secret
+- `rsil list [--service NAME]` — list secret keys (never values)
+- `rsil delete KEY --service NAME` — remove a secret
+- `rsil run --service NAME -- COMMAND` — run a command with secrets injected
+
+---
+
+## [0.2.0] — *Target: 2026-05-23*
+
+### Added
+- Process guard: detect and block AI coding agents by parent process name
+- Minimal environment: child process inherits only `PATH`, `HOME`, `USER`, `LANG`, `TERM`
+- Core dump prevention: `RLIMIT_CORE = 0` in child before exec
+- Full integration test suite
+
+---
+
+## [0.3.0] — *Target: 2026-06-13*
+
+### Added
+- Pipe-based secret injection (`--inject-mode=pipe`)
+- `rsil.inject` helper for Python apps to read secrets from fd 3
+- Audit logging to `~/.rsil/audit.log` (JSON-lines)
+- `~/.rsil/config.toml` support
+
+---
+
+## [0.4.0] — *Target: 2026-07-05*
+
+### Added
+- Policy engine: YAML-based allow/deny rules evaluated at runtime
+- Binary hash verification in policy rules
+- `rsil policy validate` and `rsil policy check` commands
+- `examples/fastapi_app/` — FastAPI demo with RSIL integration