tweek 0.1.0__py3-none-any.whl

tweek/plugins/screening/session_analyzer.py

@@ -0,0 +1,159 @@
+#!/usr/bin/env python3
+"""
+Tweek Session Analyzer Screening Plugin
+
+Cross-turn anomaly detection for conversation hijacking:
+- Privilege escalation patterns
+- Repeated denial attacks
+- Behavior shift detection
+- Instruction persistence
+- ACIP graduated escalation
+
+Free and open source.
+"""
+
+from typing import Optional, Dict, Any, List
+from tweek.plugins.base import (
+    ScreeningPlugin,
+    ScreeningResult,
+    Finding,
+    Severity,
+    ActionType,
+)
+
+
+class SessionAnalyzerPlugin(ScreeningPlugin):
+    """
+    Session analyzer screening plugin.
+
+    Analyzes session history to detect cross-turn anomalies
+    that would be missed by single-command analysis.
+
+    Free and open source.
+    """
+
+    VERSION = "1.0.0"
+    DESCRIPTION = "Cross-turn anomaly detection for session analysis"
+    AUTHOR = "Tweek"
+    REQUIRES_LICENSE = "free"
+    TAGS = ["screening", "session-analysis", "anomaly-detection"]
+
+    def __init__(self, config: Optional[Dict[str, Any]] = None):
+        super().__init__(config)
+        self._analyzer = None
+
+    @property
+    def name(self) -> str:
+        return "session_analyzer"
+
+    def _get_analyzer(self):
+        """Lazy initialization of session analyzer."""
+        if self._analyzer is None:
+            try:
+                from tweek.security.session_analyzer import SessionAnalyzer
+
+                self._analyzer = SessionAnalyzer(
+                    lookback_minutes=self._config.get("lookback_minutes", 30),
+                )
+            except ImportError:
+                pass
+
+        return self._analyzer
+
+    def screen(
+        self,
+        tool_name: str,
+        content: str,
+        context: Dict[str, Any]
+    ) -> ScreeningResult:
+        """
+        Analyze session for cross-turn anomalies.
+
+        Args:
+            tool_name: Name of the tool being invoked
+            content: Command or content (used for context)
+            context: Must include 'session_id'
+
+        Returns:
+            ScreeningResult with session analysis
+        """
+        analyzer = self._get_analyzer()
+        if analyzer is None:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                reason="Session analyzer not available",
+            )
+
+        session_id = context.get("session_id")
+        if not session_id:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                reason="No session ID for analysis",
+            )
+
+        result = analyzer.analyze(session_id)
+
+        if not result.is_suspicious:
+            return ScreeningResult(
+                allowed=True,
+                plugin_name=self.name,
+                risk_level="safe",
+                details=result.details,
+            )
+
+        # Convert anomalies to findings
+        from tweek.security.session_analyzer import AnomalyType
+
+        anomaly_severity = {
+            AnomalyType.PRIVILEGE_ESCALATION: Severity.HIGH,
+            AnomalyType.PATH_ESCALATION: Severity.HIGH,
+            AnomalyType.REPEATED_DENIALS: Severity.MEDIUM,
+            AnomalyType.BEHAVIOR_SHIFT: Severity.MEDIUM,
+            AnomalyType.SUSPICIOUS_PATTERN: Severity.HIGH,
+            AnomalyType.VELOCITY_CHANGE: Severity.LOW,
+            AnomalyType.TIER_DRIFT: Severity.MEDIUM,
+            AnomalyType.CAPABILITY_AGGREGATION: Severity.HIGH,
+            AnomalyType.GRADUATED_ESCALATION: Severity.HIGH,
+        }
+
+        findings = []
+        for anomaly in result.anomalies:
+            findings.append(Finding(
+                pattern_name=f"session_{anomaly.value}",
+                matched_text=f"Session: {session_id[:20]}...",
+                severity=anomaly_severity.get(anomaly, Severity.MEDIUM),
+                description=anomaly.value.replace("_", " ").title(),
+                recommended_action=ActionType.ASK,
+                metadata={"anomaly_type": anomaly.value}
+            ))
+
+        risk_level = "dangerous" if result.is_high_risk else "suspicious"
+
+        return ScreeningResult(
+            allowed=not result.is_high_risk,
+            plugin_name=self.name,
+            reason=f"Session anomalies detected: {', '.join(a.value for a in result.anomalies)}",
+            risk_level=risk_level,
+            confidence=result.risk_score,
+            should_prompt=result.is_suspicious,
+            findings=findings,
+            details={
+                "risk_score": result.risk_score,
+                "anomalies": [a.value for a in result.anomalies],
+                "recommendations": result.recommendations,
+                **result.details,
+            }
+        )
+
+    def get_session_profile(self, session_id: str) -> Optional[Dict[str, Any]]:
+        """Get the stored profile for a session."""
+        analyzer = self._get_analyzer()
+        if analyzer is None:
+            return None
+
+        # Would need to add this method to SessionAnalyzer
+        # For now, just return the analysis
+        result = analyzer.analyze(session_id)
+        return result.details if result else None

tweek/proxy/__init__.py

@@ -0,0 +1,302 @@
+"""
+Tweek Proxy - Optional LLM API security proxy.
+
+This module provides transparent HTTPS interception for LLM API calls,
+enabling security screening for any application (not just Claude Code).
+
+Installation:
+    pip install tweek[proxy]
+
+Usage:
+    tweek proxy start      # Start the proxy server
+    tweek proxy stop       # Stop the proxy server
+    tweek proxy trust      # Install CA certificate
+    tweek proxy status     # Show proxy status
+
+The proxy is DISABLED by default. Enable with:
+    tweek proxy enable
+"""
+
+import shutil
+import socket
+from typing import Optional, Tuple
+from dataclasses import dataclass
+
+# Check if proxy dependencies are available
+PROXY_AVAILABLE = False
+PROXY_MISSING_DEPS: list[str] = []
+
+try:
+    import mitmproxy
+    PROXY_AVAILABLE = True
+except ImportError:
+    PROXY_MISSING_DEPS.append("mitmproxy")
+
+
+# Default ports
+MOLTBOT_DEFAULT_PORT = 18789
+TWEEK_DEFAULT_PORT = 9877
+
+
+@dataclass
+class ProxyConflict:
+    """Information about a detected proxy conflict."""
+    tool_name: str
+    port: int
+    is_running: bool
+    description: str
+
+
+def is_port_in_use(port: int, host: str = "127.0.0.1") -> bool:
+    """Check if a port is currently in use."""
+    try:
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.settimeout(1)
+            result = s.connect_ex((host, port))
+            return result == 0
+    except (socket.error, OSError):
+        return False
+
+
+def check_moltbot_gateway_running(port: int = MOLTBOT_DEFAULT_PORT) -> bool:
+    """Check if moltbot's gateway is actively listening on its port."""
+    return is_port_in_use(port)
+
+
+def detect_proxy_conflicts() -> list[ProxyConflict]:
+    """
+    Detect any running proxies that might conflict with Tweek.
+
+    Returns a list of detected conflicts with details about each.
+    """
+    conflicts = []
+
+    # Check for moltbot
+    moltbot_info = detect_moltbot()
+    if moltbot_info:
+        moltbot_port = moltbot_info.get("gateway_port", MOLTBOT_DEFAULT_PORT)
+        is_running = check_moltbot_gateway_running(moltbot_port)
+
+        if moltbot_info.get("process_running") or is_running:
+            conflicts.append(ProxyConflict(
+                tool_name="moltbot",
+                port=moltbot_port,
+                is_running=is_running,
+                description="Moltbot gateway detected" +
+                           (f" on port {moltbot_port}" if is_running else " (process found)")
+            ))
+
+    # Check if something else is using Tweek's default port
+    if is_port_in_use(TWEEK_DEFAULT_PORT):
+        conflicts.append(ProxyConflict(
+            tool_name="unknown",
+            port=TWEEK_DEFAULT_PORT,
+            is_running=True,
+            description=f"Port {TWEEK_DEFAULT_PORT} is already in use"
+        ))
+
+    return conflicts
+
+
+def get_moltbot_status() -> dict:
+    """
+    Get detailed moltbot status including whether its gateway is running.
+
+    Returns:
+        Dict with keys: installed, running, gateway_active, port, config_path
+    """
+    from pathlib import Path
+
+    moltbot_info = detect_moltbot()
+
+    status = {
+        "installed": moltbot_info is not None,
+        "running": False,
+        "gateway_active": False,
+        "port": MOLTBOT_DEFAULT_PORT,
+        "config_path": None,
+    }
+
+    if moltbot_info:
+        status["running"] = moltbot_info.get("process_running", False)
+        status["port"] = moltbot_info.get("gateway_port", MOLTBOT_DEFAULT_PORT)
+        status["gateway_active"] = check_moltbot_gateway_running(status["port"])
+
+        config_path = Path.home() / ".moltbot"
+        if config_path.exists():
+            status["config_path"] = str(config_path)
+
+    return status
+
+
+# Detection functions for supported tools
+def detect_moltbot() -> Optional[dict]:
+    """Detect if moltbot is installed on the system."""
+    import subprocess
+    import json
+    from pathlib import Path
+
+    indicators = {
+        "npm_global": False,
+        "process_running": False,
+        "config_exists": False,
+        "gateway_port": None,
+    }
+
+    # Check for npm global installation
+    try:
+        result = subprocess.run(
+            ["npm", "list", "-g", "moltbot", "--json"],
+            capture_output=True,
+            text=True,
+            timeout=5
+        )
+        if result.returncode == 0:
+            data = json.loads(result.stdout)
+            if "dependencies" in data and "moltbot" in data.get("dependencies", {}):
+                indicators["npm_global"] = True
+    except (subprocess.TimeoutExpired, FileNotFoundError, json.JSONDecodeError):
+        pass
+
+    # Check for running moltbot process
+    try:
+        result = subprocess.run(
+            ["pgrep", "-f", "moltbot"],
+            capture_output=True,
+            timeout=5
+        )
+        if result.returncode == 0:
+            indicators["process_running"] = True
+    except (subprocess.TimeoutExpired, FileNotFoundError):
+        pass
+
+    # Check for moltbot config directory
+    moltbot_config = Path.home() / ".moltbot"
+    if moltbot_config.exists():
+        indicators["config_exists"] = True
+
+    # Default gateway port
+    indicators["gateway_port"] = 18789
+
+    if any([indicators["npm_global"], indicators["process_running"], indicators["config_exists"]]):
+        return indicators
+
+    return None
+
+
+def detect_cursor() -> Optional[dict]:
+    """Detect if Cursor IDE is installed."""
+    from pathlib import Path
+    import platform
+
+    system = platform.system()
+
+    if system == "Darwin":
+        cursor_app = Path("/Applications/Cursor.app")
+        cursor_config = Path.home() / "Library/Application Support/Cursor"
+    elif system == "Linux":
+        cursor_app = Path.home() / ".local/share/applications/cursor.desktop"
+        cursor_config = Path.home() / ".config/Cursor"
+    else:
+        return None
+
+    if cursor_app.exists() or cursor_config.exists():
+        return {
+            "app_exists": cursor_app.exists(),
+            "config_exists": cursor_config.exists(),
+        }
+
+    return None
+
+
+def detect_continue() -> Optional[dict]:
+    """Detect if Continue.dev extension is installed."""
+    from pathlib import Path
+
+    # Check VS Code extensions
+    vscode_ext = Path.home() / ".vscode/extensions"
+    continue_pattern = "continue.continue-*"
+
+    if vscode_ext.exists():
+        matches = list(vscode_ext.glob(continue_pattern))
+        if matches:
+            return {
+                "extension_path": str(matches[0]),
+                "version": matches[0].name.split("-")[-1] if "-" in matches[0].name else "unknown",
+            }
+
+    return None
+
+
+def detect_supported_tools() -> dict:
+    """Detect all supported LLM tools on the system."""
+    return {
+        "moltbot": detect_moltbot(),
+        "cursor": detect_cursor(),
+        "continue": detect_continue(),
+    }
+
+
+def get_proxy_status() -> dict:
+    """Get current proxy status."""
+    from pathlib import Path
+    import yaml
+
+    config_path = Path.home() / ".tweek" / "config.yaml"
+
+    status = {
+        "available": PROXY_AVAILABLE,
+        "missing_deps": PROXY_MISSING_DEPS,
+        "enabled": False,
+        "running": False,
+        "port": 9877,
+        "ca_trusted": False,
+        "detected_tools": detect_supported_tools(),
+    }
+
+    if config_path.exists():
+        try:
+            with open(config_path) as f:
+                config = yaml.safe_load(f) or {}
+            proxy_config = config.get("proxy", {})
+            status["enabled"] = proxy_config.get("enabled", False)
+            status["port"] = proxy_config.get("port", 9877)
+        except Exception:
+            pass
+
+    # Check if proxy process is running
+    if PROXY_AVAILABLE:
+        try:
+            import subprocess
+            result = subprocess.run(
+                ["pgrep", "-f", "tweek.*proxy"],
+                capture_output=True,
+                timeout=5
+            )
+            status["running"] = result.returncode == 0
+        except Exception:
+            pass
+
+    # Check if CA certificate is trusted
+    ca_cert = Path.home() / ".tweek" / "proxy" / "tweek-ca.pem"
+    status["ca_trusted"] = ca_cert.exists()  # Simplified check
+
+    return status
+
+
+__all__ = [
+    "PROXY_AVAILABLE",
+    "PROXY_MISSING_DEPS",
+    "MOLTBOT_DEFAULT_PORT",
+    "TWEEK_DEFAULT_PORT",
+    "ProxyConflict",
+    "is_port_in_use",
+    "check_moltbot_gateway_running",
+    "detect_proxy_conflicts",
+    "get_moltbot_status",
+    "detect_moltbot",
+    "detect_cursor",
+    "detect_continue",
+    "detect_supported_tools",
+    "get_proxy_status",
+]

tweek/proxy/addon.py

@@ -0,0 +1,223 @@
+"""
+Mitmproxy Addon - The actual proxy implementation.
+
+This module provides the mitmproxy addon that intercepts LLM API traffic
+and applies Tweek's security screening.
+
+Requires: pip install tweek[proxy]
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+from pathlib import Path
+from typing import Optional
+
+# Guard import - only available with [proxy] extra
+try:
+    from mitmproxy import http, ctx
+    from mitmproxy.script import concurrent
+    MITMPROXY_AVAILABLE = True
+except ImportError:
+    MITMPROXY_AVAILABLE = False
+    # Stub for type checking
+    class http:
+        class HTTPFlow:
+            pass
+    ctx = None
+    def concurrent(f):
+        return f
+
+from .interceptor import LLMAPIInterceptor, LLMProvider
+
+logger = logging.getLogger("tweek.proxy")
+
+
+class TweekProxyAddon:
+    """
+    Mitmproxy addon for Tweek LLM security screening.
+
+    This addon intercepts HTTPS traffic to LLM APIs and screens
+    both requests (for prompt injection) and responses (for dangerous tool calls).
+    """
+
+    def __init__(
+        self,
+        pattern_matcher=None,
+        security_logger=None,
+        block_mode: bool = True,
+        log_only: bool = False,
+    ):
+        """
+        Initialize the Tweek proxy addon.
+
+        Args:
+            pattern_matcher: PatternMatcher instance for screening
+            security_logger: SecurityLogger for audit logging
+            block_mode: If True, block dangerous responses. If False, just log.
+            log_only: If True, log all traffic without blocking.
+        """
+        self.interceptor = LLMAPIInterceptor(
+            pattern_matcher=pattern_matcher,
+            security_logger=security_logger,
+        )
+        self.block_mode = block_mode
+        self.log_only = log_only
+        self.stats = {
+            "requests_screened": 0,
+            "responses_screened": 0,
+            "requests_blocked": 0,
+            "responses_blocked": 0,
+            "tool_calls_detected": 0,
+            "tool_calls_blocked": 0,
+        }
+
+    def load(self, loader):
+        """Called when the addon is loaded."""
+        if ctx:
+            ctx.log.info("Tweek LLM Security Proxy loaded")
+            ctx.log.info(f"Block mode: {self.block_mode}")
+            ctx.log.info(f"Log only: {self.log_only}")
+
+    def request(self, flow: http.HTTPFlow):
+        """Handle outgoing requests to LLM APIs."""
+        host = flow.request.host
+
+        if not self.interceptor.should_intercept(host):
+            return
+
+        self.stats["requests_screened"] += 1
+        provider = self.interceptor.identify_provider(host)
+
+        # Screen the request for prompt injection
+        if flow.request.content:
+            result = self.interceptor.screen_request(flow.request.content, provider)
+
+            if result.warnings:
+                # Log warnings but don't block requests
+                logger.warning(
+                    f"Prompt injection warning: {result.warnings} "
+                    f"(provider={provider.value}, path={flow.request.path})"
+                )
+
+                # Add header to track warning
+                flow.request.headers["X-Tweek-Warning"] = "prompt-injection-suspected"
+
+    @concurrent
+    def response(self, flow: http.HTTPFlow):
+        """Handle incoming responses from LLM APIs."""
+        host = flow.request.host
+
+        if not self.interceptor.should_intercept(host):
+            return
+
+        # Skip streaming responses - we can't buffer them without breaking UX
+        content_type = flow.response.headers.get("content-type", "")
+        if "text/event-stream" in content_type:
+            logger.debug(f"Skipping streaming response from {host}")
+            return
+
+        self.stats["responses_screened"] += 1
+        provider = self.interceptor.identify_provider(host)
+
+        if not flow.response.content:
+            return
+
+        # Screen the response for dangerous tool calls
+        result = self.interceptor.screen_response(flow.response.content, provider)
+
+        if result.blocked_tools:
+            self.stats["tool_calls_detected"] += len(result.blocked_tools)
+
+        if not result.allowed:
+            self.stats["responses_blocked"] += 1
+            self.stats["tool_calls_blocked"] += len(result.blocked_tools)
+
+            logger.warning(
+                f"BLOCKED: {result.reason} "
+                f"(provider={provider.value}, patterns={result.matched_patterns})"
+            )
+
+            if self.block_mode and not self.log_only:
+                # Replace response with error
+                flow.response = http.Response.make(
+                    403,
+                    json.dumps({
+                        "error": {
+                            "type": "security_blocked",
+                            "message": f"Tweek Security: {result.reason}",
+                            "blocked_tools": result.blocked_tools,
+                            "patterns": result.matched_patterns,
+                        }
+                    }),
+                    {"Content-Type": "application/json"},
+                )
+
+        elif result.warnings:
+            logger.info(f"Warnings for response: {result.warnings}")
+
+    def done(self):
+        """Called when the proxy shuts down."""
+        logger.info(f"Tweek Proxy Stats: {json.dumps(self.stats, indent=2)}")
+
+
+def create_addon(
+    pattern_matcher=None,
+    security_logger=None,
+    block_mode: bool = True,
+    log_only: bool = False,
+) -> TweekProxyAddon:
+    """
+    Factory function to create a configured Tweek proxy addon.
+
+    This is the entry point used by mitmproxy when loading the script.
+    """
+    return TweekProxyAddon(
+        pattern_matcher=pattern_matcher,
+        security_logger=security_logger,
+        block_mode=block_mode,
+        log_only=log_only,
+    )
+
+
+# For direct script loading by mitmproxy
+addons = []
+
+
+def configure_and_load():
+    """
+    Configure and load the addon with Tweek's pattern matcher.
+
+    Called when loading as a mitmproxy script.
+    """
+    global addons
+
+    # Try to load Tweek's pattern matcher
+    pattern_matcher = None
+    security_logger = None
+
+    try:
+        from tweek.hooks.patterns import PatternMatcher
+        pattern_matcher = PatternMatcher()
+    except ImportError:
+        logger.warning("Could not load PatternMatcher, running in pass-through mode")
+
+    try:
+        from tweek.logging.security_log import SecurityLogger
+        security_logger = SecurityLogger()
+    except ImportError:
+        logger.warning("Could not load SecurityLogger")
+
+    addon = create_addon(
+        pattern_matcher=pattern_matcher,
+        security_logger=security_logger,
+    )
+
+    addons = [addon]
+    return addons
+
+
+# Auto-configure when loaded as script
+if MITMPROXY_AVAILABLE:
+    configure_and_load()