tweek 0.3.1__py3-none-any.whl → 0.4.1__py3-none-any.whl

tweek/skills/context.py

@@ -0,0 +1,221 @@
+"""
+Tweek Skill Context Tracking
+
+Detects active skill context from Claude Code's Skill tool invocations.
+When PreToolUse sees tool_name=="Skill", the skill name is extracted from
+tool_input and written to a breadcrumb file. Subsequent tool calls within
+the same session read the breadcrumb to get skill context for tier lookup.
+
+This bridges the gap where Claude Code's hook protocol doesn't include
+skill_name: the Skill tool IS a regular tool, so PreToolUse sees it.
+
+Security properties:
+  - Session-isolated: per-session breadcrumb files (no cross-session leakage)
+  - Auto-expiring: 60-second staleness timeout
+  - Atomic writes: write-to-temp + os.rename (POSIX atomic)
+  - Restricted permissions: 0o600 on breadcrumb files
+  - Fail-safe: any error falls to no-context = default tier
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import tempfile
+import time
+from pathlib import Path
+from typing import Optional
+
+# Breadcrumb location — per-session files for isolation
+TWEEK_STATE_DIR = Path.home() / ".tweek" / "state"
+
+# Breadcrumb expires after 60 seconds of inactivity.
+# Skills typically issue tool calls in rapid succession; 60s is generous
+# while limiting the window for staleness-based attacks.
+STALENESS_TIMEOUT_SECONDS = 60
+
+# Maximum age before a per-session breadcrumb file is considered orphaned
+# and eligible for cleanup (1 hour).
+ORPHAN_CLEANUP_SECONDS = 3600
+
+
+def _breadcrumb_path_for_session(session_id: str, state_dir: Optional[Path] = None) -> Path:
+    """Get the breadcrumb file path for a specific session.
+
+    Uses first 12 chars of session_id to avoid excessively long filenames
+    while maintaining sufficient uniqueness.
+    """
+    prefix = session_id[:12] if session_id else "unknown"
+    base = state_dir or TWEEK_STATE_DIR
+    return base / f"active_skill_{prefix}.json"
+
+
+def write_skill_breadcrumb(
+    skill_name: str,
+    session_id: str,
+    *,
+    breadcrumb_path: Optional[Path] = None,
+) -> None:
+    """Record the active skill for this session.
+
+    Called when PreToolUse detects a Skill tool invocation.
+    Uses atomic write (temp file + rename) and restricts permissions to 0o600.
+
+    Args:
+        skill_name: The skill being invoked (from tool_input["skill"])
+        session_id: Current hook session ID for isolation
+        breadcrumb_path: Override for testing (bypasses per-session naming)
+    """
+    path = breadcrumb_path or _breadcrumb_path_for_session(session_id)
+    path.parent.mkdir(parents=True, exist_ok=True)
+
+    data = {
+        "skill": skill_name,
+        "session_id": session_id,
+        "timestamp": time.time(),
+    }
+
+    # Atomic write: write to temp file, then rename (POSIX atomic)
+    fd = None
+    tmp_path = None
+    try:
+        fd, tmp_path = tempfile.mkstemp(
+            dir=str(path.parent),
+            prefix=".skill_",
+            suffix=".tmp",
+        )
+        os.write(fd, json.dumps(data).encode("utf-8"))
+        os.close(fd)
+        fd = None  # Mark as closed
+
+        # Restrict permissions before rename (owner read/write only)
+        os.chmod(tmp_path, 0o600)
+
+        # Atomic rename
+        os.rename(tmp_path, str(path))
+        tmp_path = None  # Mark as renamed (don't clean up)
+    finally:
+        # Clean up on failure
+        if fd is not None:
+            try:
+                os.close(fd)
+            except OSError:
+                pass
+        if tmp_path is not None:
+            try:
+                os.unlink(tmp_path)
+            except OSError:
+                pass
+
+
+def read_skill_context(
+    session_id: str,
+    *,
+    breadcrumb_path: Optional[Path] = None,
+    staleness_seconds: float = STALENESS_TIMEOUT_SECONDS,
+) -> Optional[str]:
+    """Read the active skill for the current session, if any.
+
+    Returns the skill name if a fresh, session-matching breadcrumb exists.
+    Returns None if no breadcrumb, wrong session, or stale.
+
+    Args:
+        session_id: Current hook session ID — must match breadcrumb
+        breadcrumb_path: Override for testing (bypasses per-session naming)
+        staleness_seconds: Max age in seconds before breadcrumb is stale
+    """
+    path = breadcrumb_path or _breadcrumb_path_for_session(session_id)
+
+    try:
+        if not path.exists():
+            return None
+
+        data = json.loads(path.read_text(encoding="utf-8"))
+
+        # Session isolation: only match same session
+        if data.get("session_id") != session_id:
+            return None
+
+        # Staleness check
+        ts = data.get("timestamp", 0)
+        if (time.time() - ts) > staleness_seconds:
+            # Expired — clean up
+            _clear_breadcrumb(path)
+            return None
+
+        return data.get("skill")
+
+    except (json.JSONDecodeError, OSError, KeyError):
+        return None
+
+
+def clear_skill_breadcrumb(
+    session_id: Optional[str] = None,
+    *,
+    breadcrumb_path: Optional[Path] = None,
+) -> None:
+    """Clear the active skill breadcrumb.
+
+    Called on session end or UserPromptSubmit if needed.
+
+    Args:
+        session_id: If provided, clears the per-session breadcrumb.
+        breadcrumb_path: Override for testing.
+    """
+    if breadcrumb_path:
+        _clear_breadcrumb(breadcrumb_path)
+    elif session_id:
+        _clear_breadcrumb(_breadcrumb_path_for_session(session_id))
+
+
+def cleanup_orphaned_breadcrumbs(
+    *,
+    state_dir: Optional[Path] = None,
+    max_age_seconds: float = ORPHAN_CLEANUP_SECONDS,
+) -> int:
+    """Remove breadcrumb files older than max_age_seconds.
+
+    Called periodically to prevent accumulation of stale session files.
+    Returns the number of files cleaned up.
+    """
+    base = state_dir or TWEEK_STATE_DIR
+    cleaned = 0
+
+    try:
+        if not base.exists():
+            return 0
+
+        now = time.time()
+        for f in base.glob("active_skill_*.json"):
+            try:
+                age = now - f.stat().st_mtime
+                if age > max_age_seconds:
+                    f.unlink(missing_ok=True)
+                    cleaned += 1
+            except OSError:
+                continue
+    except OSError:
+        pass
+
+    return cleaned
+
+
+def _clear_breadcrumb(path: Path) -> None:
+    """Remove the breadcrumb file silently."""
+    try:
+        path.unlink(missing_ok=True)
+    except OSError:
+        pass
+
+
+def extract_skill_from_tool_input(tool_input: dict) -> Optional[str]:
+    """Extract the skill name from a Skill tool's tool_input.
+
+    The Skill tool sends: {"skill": "commit", "args": "..."}
+
+    Returns the skill name or None if not a valid Skill invocation.
+    """
+    skill = tool_input.get("skill")
+    if isinstance(skill, str) and skill.strip():
+        return skill.strip()
+    return None

tweek/skills/scanner.py

@@ -6,7 +6,7 @@ installation. Reuses existing Tweek infrastructure where possible.
 
 Layers:
 1. Structure Validation    — file types, size, depth, symlinks
-2. Pattern Matching        — 259 regex patterns (reuses audit.py)
+2. Pattern Matching        — 262 regex patterns (reuses audit.py)
 3. Secret Scanning         — credential detection (reuses secret_scanner.py)
 4. AST Analysis            — forbidden imports/calls (reuses git_security.py)
 5. Prompt Injection Scan   — skill-specific instruction injection patterns
@@ -349,7 +349,7 @@ class SkillScanner:
     def _scan_patterns(
         self, skill_dir: Path, text_files: List[Path]
     ) -> ScanLayerResult:
-        """Run 259 regex patterns against all text files."""
+        """Run 262 regex patterns against all text files."""
         result = ScanLayerResult(layer_name="patterns", passed=True)
 
         try:

{tweek-0.3.1.dist-info → tweek-0.4.1.dist-info}/METADATA

@@ -1,13 +1,13 @@
 Metadata-Version: 2.4
 Name: tweek
-Version: 0.3.1
+Version: 0.4.1
 Summary: Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks
 Author: Tommy Mancino
 License-Expression: Apache-2.0
 Project-URL: Homepage, https://gettweek.com
 Project-URL: Repository, https://github.com/gettweek/tweek
 Project-URL: Issues, https://github.com/gettweek/tweek/issues
-Keywords: claude,security,sandbox,ai,llm,tweek,claude-code,prompt-injection,mcp,credential-theft
+Keywords: claude,security,dry-run,ai,llm,tweek,claude-code,prompt-injection,mcp,credential-theft
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: MacOS :: MacOS X
@@ -45,6 +45,7 @@ Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0; extra == "dev"
 Requires-Dist: pytest-xdist>=3.5.0; extra == "dev"
+Requires-Dist: pytest-timeout>=2.2.0; extra == "dev"
 Requires-Dist: hypothesis>=6.98.0; extra == "dev"
 Requires-Dist: black>=23.0; extra == "dev"
 Requires-Dist: ruff>=0.1.0; extra == "dev"
@@ -124,7 +125,7 @@ tweek proxy setup                       # Cursor, Windsurf, Continue.dev (HTTP p
 tweek doctor
 ```
 
-That's it. Tweek auto-detects your tools, applies all 259 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
+That's it. Tweek auto-detects your tools, applies all 262 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
 
 ---
 
@@ -166,7 +167,7 @@ Turn 3: cat ~/.ssh/id_rsa → BLOCKED: path_escalation anomaly
 
 **Response injection** — Malicious instructions hidden in tool responses are caught at ingestion.
 
-See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 259 patterns across 11 categories.
+See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 262 patterns across 11 categories.
 
 ---
 
@@ -217,7 +218,7 @@ Every tool call passes through six independent screening layers. An attacker wou
 
 | Layer | What It Does |
 |-------|-------------|
-| **1. Pattern Matching** | 259 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
+| **1. Pattern Matching** | 262 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
 | **2. Rate Limiting** | Detects burst attacks, automated probing, and resource theft sequences |
 | **3. Local Prompt Injection AI** | Custom-trained AI models built specifically to classify and detect prompt injection. Run 100% on your machine — no API calls, no cloud, no latency. Small enough to be fast, accurate enough to catch what regex can't. |
 | **4. Session Tracking** | Behavioral analysis across turns detects multi-step attacks that look innocent individually |
@@ -235,7 +236,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Full Feature List](docs/FEATURES.md) | Complete feature inventory |
 | [Architecture](docs/ARCHITECTURE.md) | System design and interception layers |
 | [Defense Layers](docs/DEFENSE_LAYERS.md) | Screening pipeline deep dive |
-| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 259-pattern library reference |
+| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 262-pattern library reference |
 | [Configuration](docs/CONFIGURATION.md) | Config files, tiers, and presets |
 | [CLI Reference](docs/CLI_REFERENCE.md) | All commands, flags, and examples |
 | [MCP Integration](docs/MCP_INTEGRATION.md) | MCP proxy and gateway setup |
@@ -244,7 +245,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Credential Vault](docs/VAULT.md) | Vault setup and migration |
 | [Plugins](docs/PLUGINS.md) | Plugin development and registry |
 | [Logging](docs/LOGGING.md) | Event logging and audit trail |
-| [Sandbox](docs/SANDBOX.md) | Sandbox preview configuration |
+| [Dry-Run](docs/DRY_RUN.md) | Dry-run preview configuration |
 | [Tweek vs. Claude Code](docs/COMPARISON.md) | Feature comparison with native security |
 | [Troubleshooting](docs/TROUBLESHOOTING.md) | Common issues and fixes |
 

{tweek-0.3.1.dist-info → tweek-0.4.1.dist-info}/RECORD

@@ -1,46 +1,66 @@
-tweek/__init__.py,sha256=NppVIy7NWIJrgFbWfAVveJtg-UdwqA9ux98hciWBeLM,360
+tweek/__init__.py,sha256=Yok2ar0ngfNDc-NyYeDnL5rfwdj_htDZ0SX9sUqD1lY,359
 tweek/_keygen.py,sha256=UapwIKNSwaRWdqHoJoF3hmKuiux6aIiFGe8WVskTbI8,1286
-tweek/audit.py,sha256=OmCUagbx_fkCorcrZt2ebTtDm-rr4fRKkZpxZdvZens,8868
-tweek/cli.py,sha256=Ad54k7bDws9Eg7z3oeEVR85Ni9DQz72JJVUFC1WV_zA,256803
-tweek/cli_helpers.py,sha256=Q2NTOkyRTOIPNLMqY2jA5_tuzDPksAGwGXYPRK3bzoY,5538
+tweek/audit.py,sha256=AzjIpy6Jc-WzTrda9lb3nZbyaR_SDWUxo04pObJP2MQ,8868
+tweek/cli.py,sha256=OOZrpcrwDGbmaHxIyvBw7MoVSlEdrFNAgIwWHI56p5M,2976
+tweek/cli_config.py,sha256=rSQTkw0JAqm6w02Ah2_hiJ-wIxhnrjTgvFuw2A39qfs,24525
+tweek/cli_configure.py,sha256=fHm2sWxjUWFu7ulup7T-zrQ3LYiYg_1Vf-m3E5hoKd8,14603
+tweek/cli_core.py,sha256=0mgcJ_ZduuloOhyIn4ecTHROMtz_pDcAdlew-E45DPk,26843
+tweek/cli_dry_run.py,sha256=8DBx3qKAZHY8VA6MsbsGBs6EyDGFxKsrtmuNaHJ22C8,14335
+tweek/cli_helpers.py,sha256=_8aVj8e67MrP61ao7_AaEQSi9AfJQxW3eNvnjbSWT7g,16347
+tweek/cli_install.py,sha256=5AaxZmOpDk9y8Ursy_CaU8JYn4mtMPWNtIhWNpb6an8,74111
+tweek/cli_logs.py,sha256=uoJBKb85EYcIQnXxNfh15w235u9UWP1he-RlwnITWuA,10776
+tweek/cli_mcp.py,sha256=mIKTUqTKLlVYc9054LdjfL-maiVAabPFkb_sLtoS0Gk,4787
+tweek/cli_memory.py,sha256=Sw2TOt7RGsXBoH_q13bQjUK3WyvOy49bXefZ7atoaCY,11895
 tweek/cli_model.py,sha256=iMZStFqA0Nqyzm4rxSbhD4v-AqcO6h5NI72AR7cldoY,12853
-tweek/diagnostics.py,sha256=KbtXQH8QrRBoyIFWumL6q9--aQQdR0tUo2GzjMhwpII,24601
-tweek/licensing.py,sha256=wYN8wBYVCp1RbAi_sWeF7gKKBSU116ncX3tnZawYUpQ,11703
+tweek/cli_plugins.py,sha256=3u8oJ0Wxb50taTc6Xofyy9voaPi62ozEfcP93VBY1oA,30059
+tweek/cli_protect.py,sha256=q6VhmR2vnozdybUXJEnaofx0FVZSoQq39gWVh5xmjnc,22398
+tweek/cli_proxy.py,sha256=J63CuL0bg2UVHbdavDgIcqiC1C8JS0kNG8pqHEAx9mw,14289
+tweek/cli_security.py,sha256=FpPOY0YsSY5kOc9aNy8QBi9h4fpmQ7wiX3cKtRYmLzg,8482
+tweek/cli_skills.py,sha256=N2D184i5gajKjrLdQuWxhdiXWGiE4NGCvPahMDZvliI,9045
+tweek/cli_uninstall.py,sha256=sRDbtYxbJ9fnt-fBypEZOCR_UdTTo09RozOI_Xlo1Dc,21463
+tweek/cli_vault.py,sha256=j2HUurcOCOUgObfnSiMrcJQ8k3BUs1aD-YqCNZzp98I,11457
+tweek/diagnostics.py,sha256=aYtdLeTulbYF3KzIt-oqTDucYNJrBL85rsPXlPM07bg,27487
+tweek/licensing.py,sha256=_t_X3wgd6F0VEoLrOags-AE2k3IZXw3WhWXFuQU4UYA,11703
 tweek/config/__init__.py,sha256=ENwimeLZd2gSJXpkASMY45hbMUDn2RwM-Zl_RMvpCbQ,772
-tweek/config/allowed_dirs.yaml,sha256=dMF_DqKgQThzkdIEoXzDBfAjbopGrk0HTkiM7ENmBaU,788
-tweek/config/families.yaml,sha256=jkNO0UsmX3MFlTKC9Or3p8_MlD3ZtHM0SrQIYFqx9i8,18212
-tweek/config/manager.py,sha256=Jk9l_UJM9e5_fxTvWFXrU0677u9HCttmunahp36woBE,40591
+tweek/config/allowed_dirs.yaml,sha256=eHmX3QEJ-LBVdwH5tQBFeTFnlRewLvRG2jLJwBh3lOY,841
+tweek/config/families.yaml,sha256=QAQD-6pnCOdiNXpXUPyeAKkYMlRcQmUpCMORkDeGA1Y,18348
+tweek/config/manager.py,sha256=cs77QiAShd91RTMGxKgWUmz7qluRfQq0PogCpfxUAPA,41256
 tweek/config/models.py,sha256=RbVjC2pxnkrBKanS6QGDrHwPVkmss5ouG_dqAHf_C3Q,10018
-tweek/config/patterns.yaml,sha256=hu0lphSN0i_bY8kla65bTaBEQR8phhrb3BLC1KprMLw,85376
-tweek/config/tiers.yaml,sha256=9hIXQ9izVKXd8ptoCsQiBo2r_XY8RvIk7VWrhWggkbc,10191
+tweek/config/patterns.yaml,sha256=5HHLGGCb0KmEAEo9KPc3eja0ykYjy53x66D-u7WY6No,86749
+tweek/config/templates.py,sha256=aIGD3bDfx-J6vVBKQTNZr3IIh-O9yjcddRB8l1BxZPs,4440
+tweek/config/tiers.yaml,sha256=gVQ80iOqirHzlJI9YEzpi6alqqmNtNNZh1nA4DQYPPs,10298
+tweek/config/templates/config.yaml.template,sha256=i3QGrIuNjF9kqJNoMJmr62mja_8Rh9gMsc-YM6YzNSE,9120
+tweek/config/templates/env.template,sha256=MCnGhE6WHU5Bk9HO6dkPfBtkur2QyK69cxzHUKBWPzs,1456
+tweek/config/templates/overrides.yaml.template,sha256=T9CjpPayth_1bDH-iL0mSdTTMi27GmC8cNxnBaxRNWk,4170
+tweek/config/templates/tweek.yaml.template,sha256=jdSE7e3JeS9vOWEGWK2VCr66HLxSSFpOkNNUcZQQrkg,777
 tweek/hooks/__init__.py,sha256=GcgDjPdhZayxmyZ4-GfBa-ISARNtt9087RsuprRq2-s,54
 tweek/hooks/break_glass.py,sha256=GNMhCtLWPylNMlQ5QfsoUkEjgIT1Uk1Ik7HvRWeE5N8,4636
 tweek/hooks/feedback.py,sha256=uuA4opHYyBHC5sElBz-fr2Je3cg2DAv-aRHvETZcag0,6555
-tweek/hooks/overrides.py,sha256=1Yw_NPpZMvcFG_uyNY-ouBKSSomnxOptRedSjzkkhmE,18635
-tweek/hooks/post_tool_use.py,sha256=22ugZdlZn2Q0eUcUucelrF18N7mCgaC_agb7kZT51Ww,17195
-tweek/hooks/pre_tool_use.py,sha256=70XbonRSGh8rYpDlI4R_Z5Ug2LwU4iLyLsS87I5xlqc,71743
+tweek/hooks/overrides.py,sha256=9WfTfh5R_IstoR7SKlEIq-mgRbUTnnIiJYSTDV3_ekI,18762
+tweek/hooks/post_tool_use.py,sha256=NVOgcd7wn5BL5TYQiTwvMFxy_68dWp5z6FoRYXypfaU,19195
+tweek/hooks/pre_tool_use.py,sha256=qMGaRamkBUEXZFTYdiqFgmxLiTeH2ON4FHvcGKKxazg,76765
 tweek/integrations/__init__.py,sha256=sl7wFwbygmnruugX4bO2EUjoXxBlCpzTKbj-1zHuUPg,78
-tweek/integrations/openclaw.py,sha256=jX99__ODGI7Cq6gclSTK2pI5lsI7UGh5_iCHmq1R8RY,13798
+tweek/integrations/openclaw.py,sha256=uSP_FPG5BFnk8o6Z-1PlXB8od4OX0p0nGN8xRof9XsE,16955
 tweek/integrations/openclaw_server.py,sha256=Ah7wxsxKE2lQmIdlrFINvt5jW9U_bqqERfG3X2N5Aps,12533
 tweek/logging/__init__.py,sha256=-HUdhMuDlGUwG3v2KE7xH7cClOSQ5kZIDcVO4cybVLI,228
 tweek/logging/bundle.py,sha256=eDP0Is-hna18goaHmvexXpoNAlFhmWoMG-STTLZ19_w,11911
 tweek/logging/json_logger.py,sha256=zXOsFAufj3MF0TboM5zSS7V8uNBDJea7YkJHR-uQgBA,4698
 tweek/logging/security_log.py,sha256=BwHDdrN0VCpqssStvsZdASFnyxVpANCq9xiSkFsEFFk,28486
-tweek/mcp/__init__.py,sha256=AOFDrzDfjOvICMcN15Hz-iNCT0Kf6oyUBB-iNEW5Vr4,791
+tweek/mcp/__init__.py,sha256=UbBOrb15XrVIcyKoNLXos2N63Xw2_EeyKnaALkjfnME,610
 tweek/mcp/approval.py,sha256=WIFQi4ryXEFtgQyzQIshwgP5h_Th7Cxepx9NIhf2o_4,17885
 tweek/mcp/approval_cli.py,sha256=8WtmJF7KTLmdEF5wHqENaUJUzKEQej4CjRtFey4RcGg,11281
-tweek/mcp/proxy.py,sha256=0p5OEaRsFuNRcGR3rnqprkPjTdSSYgrsU_XXQiFPS8c,24819
+tweek/mcp/proxy.py,sha256=aQb7FxNq1QvllL82rLAd4fyZUu5POpDPLByvRdN1bng,31073
 tweek/mcp/screening.py,sha256=ax5TK8ZSXb9uo5DFx3mxiYrBKjDBP0cTLNhA05TXb80,5421
-tweek/mcp/server.py,sha256=3pF3piXUNtIf2-SUJPCjGZPD42esg2KFsVXpaBXrq3E,10901
 tweek/mcp/clients/__init__.py,sha256=46tdDJRG_POVhRWLxzgeU2FjOoBKquCNf4jnHQ_FUn0,900
-tweek/mcp/clients/chatgpt.py,sha256=M7Mu-F1On47ijNlRj3KRb0S7tN3xkK7ZCjutAYoe8bw,3739
-tweek/mcp/clients/claude_desktop.py,sha256=ujkZm26l0QMlK1ectgae7VlJsl2tcOXhrWCsjyFvsdc,6624
-tweek/mcp/clients/gemini.py,sha256=2eKkX02gb8wuQoBeN6oo4DVmvn1R7D2mt8KGDdUFvQA,5653
+tweek/mcp/clients/chatgpt.py,sha256=9nX-HODn-M9dR-39l_ltvHCjdiZfKs2i0dkb7-tSgdw,3739
+tweek/mcp/clients/claude_desktop.py,sha256=c92vsomu0Ko5rqnS0157ziIpiVTO_BjaTKBxFzduyNw,6624
+tweek/mcp/clients/gemini.py,sha256=IFGClXc2ytrheah0Ja7vrMLVDEhORcUdQWnEo29BOVE,5653
 tweek/memory/__init__.py,sha256=rUe3cc-Nh-8k7kEMHzF8ao2QRt-tnI9kZQAtU8GQT5M,843
-tweek/memory/queries.py,sha256=SdpO9VEmvuIuribJRb7W9JO_dvVC6fSdzAonaQ9kgbg,6640
-tweek/memory/safety.py,sha256=9nahGB5HGnOrA92X72WvcjAu8f6yTv5UE1uYk19_CBw,4586
-tweek/memory/schemas.py,sha256=-yTBhenL5x1w5FLiCFXVhi7ciROf5oPWgTwdz3tVslY,2045
-tweek/memory/store.py,sha256=d1RAgeDjRvmH6DgmQ8SopDw81K8nUxs3fNlN4-0awAc,35350
+tweek/memory/provenance.py,sha256=zuVHRI9Krj4-YCEj-OJ_4P7xnmAHDelIyrN34446fhw,15628
+tweek/memory/queries.py,sha256=MsUTMOai_iyVSfAmiRFcb_-E9KF2kah1WdeXOa27u-A,6712
+tweek/memory/safety.py,sha256=Mv9R2bQxX2TcitIsgugY7gZmaWjxEahTyVTRTTr1ePA,5416
+tweek/memory/schemas.py,sha256=WD2BIXgEYdG1rjn8MNNS1UWxc2x9bZ_7k736BkJERZg,2125
+tweek/memory/store.py,sha256=Z9MwVsWkz76SncSwxaYmWT3uU4btq4CM-2JIuDkS744,36705
 tweek/platform/__init__.py,sha256=jIwiwsMU297T02JOymjAdvk7QheEJxgDspueV38pJJE,3757
 tweek/plugins/__init__.py,sha256=u2dsiOhUE2WbYArjoeyWbaaO99J0aZJU_Z_X83OzVWw,28437
 tweek/plugins/base.py,sha256=dcx-qjaYE7Dwr36JRNWQaQ1xaDZgb6-T3CTP45j3A24,33445
@@ -70,7 +90,7 @@ tweek/plugins/providers/bedrock.py,sha256=ADIdO7Kpz-kNq78Mq1pQpt8rfX9OIAR3NaMGiA
 tweek/plugins/providers/google.py,sha256=2wIt-lKXGb_vRcEz-_2zLHTyRdT_VFd3RYpEs_Vuxj0,6033
 tweek/plugins/providers/openai.py,sha256=LK3_4UIgj1XBORA2MTEI88DID67_9nXY1i8rbe3Yem0,7522
 tweek/plugins/screening/__init__.py,sha256=KijMffjrD35tbz0RBW4fb8elt36tdrNvlKBVmyeH-OA,1214
-tweek/plugins/screening/heuristic_scorer.py,sha256=emTYUT49-GJZhNc3wOZxjeOxJz8u7-GC7c8AVFPT7n8,17193
+tweek/plugins/screening/heuristic_scorer.py,sha256=CuXR_KEoRbn9nRMdNbjzmA00WvBkp31tQTuS5E2t_sQ,17193
 tweek/plugins/screening/llm_reviewer.py,sha256=DJv4bd5iu0aXtfUyuQ5yb6UTKnyPaY0NW43JraiE90o,5135
 tweek/plugins/screening/local_model_reviewer.py,sha256=SCQDXvd5cq_w6IQP_G3RzOVDy6W2Xco0b4lKeYd14-0,5010
 tweek/plugins/screening/pattern_matcher.py,sha256=Zto8ZAJenZoN605LfHvoyNLzqYtJqJg02rH7GaAvPoo,8673
@@ -91,34 +111,36 @@ tweek/sandbox/registry.py,sha256=ZZDQYeJMNAJ0FrFEayo1KyC5r3qXSBx6Tu-JcXIMjtI,506
 tweek/screening/__init__.py,sha256=-QKzhN8TNqEOrooPunbQl_f6133LOXAszmiKyv8V07I,352
 tweek/screening/context.py,sha256=iZeD6-Fm7dNs5wlIu15MlMbIPzeTX_Pe0DUkK5xHpQ0,3030
 tweek/security/__init__.py,sha256=2qkoxVHzWeHdVWYHRYZG479Qpfodl6jNCQu_Wc3i1vM,901
+tweek/security/integrity.py,sha256=QMW5Zu5PaZHC5DLwumnIq7CUOw-iqs_7AMlijLonXj4,2689
 tweek/security/language.py,sha256=690g63NoeKjwxPG0d38USa1w30QtsAohiT2SXBv-ON4,9128
-tweek/security/llm_reviewer.py,sha256=66DSIY1BKXWR5tamL85RpPwN6ihfCQ9PAbmXtwUoM14,49220
+tweek/security/llm_reviewer.py,sha256=NnelRwC6ie_KzxV_2MYjuVPaWUVf61QN7ORuKSM5sVY,53335
 tweek/security/local_model.py,sha256=fqWQOSiAcWVIM1zzy6SosXVh9hNHJbLRzTJPy9I3sFs,10451
-tweek/security/local_reviewer.py,sha256=-kHWDmGnMH13cSv_7DiH4n7ZTZ3uqWZoPzQgYKQKwR0,4987
-tweek/security/model_registry.py,sha256=XscpZcWaaJwHldX2T9C1T1zSvJ3lm0aSW4nIhwRpUzc,11022
+tweek/security/local_reviewer.py,sha256=0BzFx8U42KucBL14rpUbXZ8zxsu9ALHGhVosVcj0uh0,6890
+tweek/security/model_registry.py,sha256=zi0mYyTzWc6BL2W7Kd1gCLNti0N8OygKpwL94Re8Kzw,13795
 tweek/security/rate_limiter.py,sha256=bY8VIkQ-wCbNOYTLwD4MsMBoHk59zPWeZCkuE8Zntm8,24185
 tweek/security/secret_scanner.py,sha256=G-bbMwsAJD197BEOnZJdn_qphS4RNPK_wpLfkpiLuFU,18774
 tweek/security/session_analyzer.py,sha256=-Ylp583VZ_YJRkN5JZrYpaK1sVbiM6KP7ZwLBzWpiCI,24260
 tweek/skill_template/SKILL.md,sha256=gBk_Ken77scVYeCs8imm1ASnNLDpBl-C0ufgWrrkQIA,10274
 tweek/skill_template/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tweek/skill_template/cli-reference.md,sha256=DdXIEfTPvYn6iybVwA-r3CKkV1Mlx5Ub_sJf_lJrV2k,6913
-tweek/skill_template/overrides-reference.md,sha256=xlc07wXXsCOrx60wMD7LZ7fn5Z_dhLuj5Mgx04-xGQ0,4509
+tweek/skill_template/overrides-reference.md,sha256=xmTIdQ_Pe0FUIhEGkUniO1rxWzsubs-XULNBElYdRlA,4509
 tweek/skill_template/scripts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tweek/skill_template/scripts/check_installed.py,sha256=-pMmfgBjdbwb5u2t9rJ0dMBz7MGYgiZM5db3tiNZgO4,5878
 tweek/skills/__init__.py,sha256=DyTvK8n5Lb-idkJhXCVytpiZjNfWveCtNkSL6o8dxHM,1209
 tweek/skills/config.py,sha256=I95wK9CBj_UiHwFuxfE8yRl7cmFiqdY0hXfF3BHP0X8,4782
+tweek/skills/context.py,sha256=15wn3wh_m4n954tsWtf4p8kBdtFmwN18TxPzOaGfGlc,6672
 tweek/skills/fingerprints.py,sha256=YjPsTxqotzGlyMIgfgewSoNDTLU8_-p9fY_a44LJTjU,6027
 tweek/skills/guard.py,sha256=1g3QVFwtW2T04PPCouAAEPxgoweVGEld0WL9eCE80js,8294
 tweek/skills/isolation.py,sha256=AmGwzD8xh70HL4f5aIrvYGm_ug1hHwu8tZXSAnsKiJk,16547
-tweek/skills/scanner.py,sha256=PaeZNnwxLTGls2O3hQaDgBhGw9jVJThPjfKCY_05_nI,27574
+tweek/skills/scanner.py,sha256=YlH-yg3_JuwmBvmnpqA4PVfWyNBHaPSjBo6d9Ncuh8k,27574
 tweek/vault/__init__.py,sha256=L408fjdRYL8-VqLEsyyHSO9PkBDhd_2mPIbrCu53YhM,980
 tweek/vault/cross_platform.py,sha256=D4UvX_7OpSo8iRx5sc2OUUWQIk8JHhgeFBYk1MbyIj4,8251
 tweek/vault/keychain.py,sha256=XL18-SUj7HwuqxLXZDViuCH81--KMu68jN9Szn1aeyw,10624
-tweek-0.3.1.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
-tweek-0.3.1.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
+tweek-0.4.1.dist-info/licenses/LICENSE,sha256=rjoDzr1vAf0bsqZglpIyekU5aewIkCk4jHZZDvVI2BE,15269
+tweek-0.4.1.dist-info/licenses/NOTICE,sha256=taQokyDes5UTRNEC67G-13VmqvUyTOncrrT33pCcWL0,8729
 tweek-openclaw-plugin/node_modules/flatted/python/flatted.py,sha256=UYburBDqkySaTfSpntPCUJRxiBGcplusJM7ECX8FEgA,3860
-tweek-0.3.1.dist-info/METADATA,sha256=iR7qpsuY7fLnF2DO8OWFrqUTE2vuDv3_VNMWddDIZMU,11939
-tweek-0.3.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-tweek-0.3.1.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
-tweek-0.3.1.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
-tweek-0.3.1.dist-info/RECORD,,
+tweek-0.4.1.dist-info/METADATA,sha256=0yNrHwETKn3gL-nzeTgoFJiDkbMJPNjp7IpJOUyqKWA,11992
+tweek-0.4.1.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+tweek-0.4.1.dist-info/entry_points.txt,sha256=YXThD6UiF5XQXwqW33sphsvz-Bl4Zm6pm-xq-5wcCYE,1337
+tweek-0.4.1.dist-info/top_level.txt,sha256=jtNcCxjoGXN8IBqEVL0F3LHDrZD_B0S-4XF9-Ur7Pbc,28
+tweek-0.4.1.dist-info/RECORD,,