tweek 0.3.1__tar.gz → 0.4.1__tar.gz

{tweek-0.3.1/tweek.egg-info → tweek-0.4.1}/PKG-INFO

@@ -1,13 +1,13 @@
 Metadata-Version: 2.4
 Name: tweek
-Version: 0.3.1
+Version: 0.4.1
 Summary: Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks
 Author: Tommy Mancino
 License-Expression: Apache-2.0
 Project-URL: Homepage, https://gettweek.com
 Project-URL: Repository, https://github.com/gettweek/tweek
 Project-URL: Issues, https://github.com/gettweek/tweek/issues
-Keywords: claude,security,sandbox,ai,llm,tweek,claude-code,prompt-injection,mcp,credential-theft
+Keywords: claude,security,dry-run,ai,llm,tweek,claude-code,prompt-injection,mcp,credential-theft
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: MacOS :: MacOS X
@@ -45,6 +45,7 @@ Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0; extra == "dev"
 Requires-Dist: pytest-xdist>=3.5.0; extra == "dev"
+Requires-Dist: pytest-timeout>=2.2.0; extra == "dev"
 Requires-Dist: hypothesis>=6.98.0; extra == "dev"
 Requires-Dist: black>=23.0; extra == "dev"
 Requires-Dist: ruff>=0.1.0; extra == "dev"
@@ -124,7 +125,7 @@ tweek proxy setup                       # Cursor, Windsurf, Continue.dev (HTTP p
 tweek doctor
 ```
 
-That's it. Tweek auto-detects your tools, applies all 259 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
+That's it. Tweek auto-detects your tools, applies all 262 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
 
 ---
 
@@ -166,7 +167,7 @@ Turn 3: cat ~/.ssh/id_rsa → BLOCKED: path_escalation anomaly
 
 **Response injection** — Malicious instructions hidden in tool responses are caught at ingestion.
 
-See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 259 patterns across 11 categories.
+See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 262 patterns across 11 categories.
 
 ---
 
@@ -217,7 +218,7 @@ Every tool call passes through six independent screening layers. An attacker wou
 
 | Layer | What It Does |
 |-------|-------------|
-| **1. Pattern Matching** | 259 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
+| **1. Pattern Matching** | 262 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
 | **2. Rate Limiting** | Detects burst attacks, automated probing, and resource theft sequences |
 | **3. Local Prompt Injection AI** | Custom-trained AI models built specifically to classify and detect prompt injection. Run 100% on your machine — no API calls, no cloud, no latency. Small enough to be fast, accurate enough to catch what regex can't. |
 | **4. Session Tracking** | Behavioral analysis across turns detects multi-step attacks that look innocent individually |
@@ -235,7 +236,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Full Feature List](docs/FEATURES.md) | Complete feature inventory |
 | [Architecture](docs/ARCHITECTURE.md) | System design and interception layers |
 | [Defense Layers](docs/DEFENSE_LAYERS.md) | Screening pipeline deep dive |
-| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 259-pattern library reference |
+| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 262-pattern library reference |
 | [Configuration](docs/CONFIGURATION.md) | Config files, tiers, and presets |
 | [CLI Reference](docs/CLI_REFERENCE.md) | All commands, flags, and examples |
 | [MCP Integration](docs/MCP_INTEGRATION.md) | MCP proxy and gateway setup |
@@ -244,7 +245,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Credential Vault](docs/VAULT.md) | Vault setup and migration |
 | [Plugins](docs/PLUGINS.md) | Plugin development and registry |
 | [Logging](docs/LOGGING.md) | Event logging and audit trail |
-| [Sandbox](docs/SANDBOX.md) | Sandbox preview configuration |
+| [Dry-Run](docs/DRY_RUN.md) | Dry-run preview configuration |
 | [Tweek vs. Claude Code](docs/COMPARISON.md) | Feature comparison with native security |
 | [Troubleshooting](docs/TROUBLESHOOTING.md) | Common issues and fixes |
 

{tweek-0.3.1 → tweek-0.4.1}/README.md

@@ -68,7 +68,7 @@ tweek proxy setup                       # Cursor, Windsurf, Continue.dev (HTTP p
 tweek doctor
 ```
 
-That's it. Tweek auto-detects your tools, applies all 259 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
+That's it. Tweek auto-detects your tools, applies all 262 attack patterns across 6 defense layers, and runs 100% locally. Your code never leaves your machine.
 
 ---
 
@@ -110,7 +110,7 @@ Turn 3: cat ~/.ssh/id_rsa → BLOCKED: path_escalation anomaly
 
 **Response injection** — Malicious instructions hidden in tool responses are caught at ingestion.
 
-See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 259 patterns across 11 categories.
+See the full [Attack Patterns Reference](docs/ATTACK_PATTERNS.md) for all 262 patterns across 11 categories.
 
 ---
 
@@ -161,7 +161,7 @@ Every tool call passes through six independent screening layers. An attacker wou
 
 | Layer | What It Does |
 |-------|-------------|
-| **1. Pattern Matching** | 259 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
+| **1. Pattern Matching** | 262 regex signatures catch known credential theft, exfiltration, and injection attacks instantly |
 | **2. Rate Limiting** | Detects burst attacks, automated probing, and resource theft sequences |
 | **3. Local Prompt Injection AI** | Custom-trained AI models built specifically to classify and detect prompt injection. Run 100% on your machine — no API calls, no cloud, no latency. Small enough to be fast, accurate enough to catch what regex can't. |
 | **4. Session Tracking** | Behavioral analysis across turns detects multi-step attacks that look innocent individually |
@@ -179,7 +179,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Full Feature List](docs/FEATURES.md) | Complete feature inventory |
 | [Architecture](docs/ARCHITECTURE.md) | System design and interception layers |
 | [Defense Layers](docs/DEFENSE_LAYERS.md) | Screening pipeline deep dive |
-| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 259-pattern library reference |
+| [Attack Patterns](docs/ATTACK_PATTERNS.md) | Full 262-pattern library reference |
 | [Configuration](docs/CONFIGURATION.md) | Config files, tiers, and presets |
 | [CLI Reference](docs/CLI_REFERENCE.md) | All commands, flags, and examples |
 | [MCP Integration](docs/MCP_INTEGRATION.md) | MCP proxy and gateway setup |
@@ -188,7 +188,7 @@ See [Defense Layers](docs/DEFENSE_LAYERS.md) for the deep dive and [Architecture
 | [Credential Vault](docs/VAULT.md) | Vault setup and migration |
 | [Plugins](docs/PLUGINS.md) | Plugin development and registry |
 | [Logging](docs/LOGGING.md) | Event logging and audit trail |
-| [Sandbox](docs/SANDBOX.md) | Sandbox preview configuration |
+| [Dry-Run](docs/DRY_RUN.md) | Dry-run preview configuration |
 | [Tweek vs. Claude Code](docs/COMPARISON.md) | Feature comparison with native security |
 | [Troubleshooting](docs/TROUBLESHOOTING.md) | Common issues and fixes |
 

{tweek-0.3.1 → tweek-0.4.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "tweek"
-version = "0.3.1"
+version = "0.4.1"
 description = "Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks"
 readme = "README.md"
 requires-python = ">=3.9"
@@ -12,7 +12,7 @@ license = "Apache-2.0"
 authors = [
     {name = "Tommy Mancino"}
 ]
-keywords = ["claude", "security", "sandbox", "ai", "llm", "tweek", "claude-code", "prompt-injection", "mcp", "credential-theft"]
+keywords = ["claude", "security", "dry-run", "ai", "llm", "tweek", "claude-code", "prompt-injection", "mcp", "credential-theft"]
 classifiers = [
     "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",
@@ -57,6 +57,7 @@ dev = [
     "pytest>=7.0",
     "pytest-cov>=4.0",
     "pytest-xdist>=3.5.0",
+    "pytest-timeout>=2.2.0",
     "hypothesis>=6.98.0",
     "black>=23.0",
     "ruff>=0.1.0",
@@ -115,6 +116,7 @@ exclude = ["website*", "tests*", "scripts*", "test-environment*", "docs*"]
 tweek = [
     "config/*.yaml",
     "config/_integrity.json",
+    "config/templates/*",
     "skill_template/*.md",
     "skill_template/scripts/*.py",
 ]
@@ -122,13 +124,13 @@ tweek = [
 [tool.pytest.ini_options]
 testpaths = ["tests"]
 python_files = ["test_*.py"]
-addopts = "-v --cov=tweek --cov-report=term-missing --cov-fail-under=65"
+addopts = "-v --cov=tweek --cov-report=term-missing --cov-fail-under=60 -m 'not integration'"
 markers = [
     "patterns: Regex pattern matching and prompt injection detection (slow, ~37s)",
     "hooks: Pre/post tool use hook pipeline and path boundary escalation",
     "cli: CLI commands (install, uninstall, protect, config, license, logs, update)",
     "plugins: Plugin system (git registry, lockfile, compliance, discovery, security)",
-    "sandbox: Sandbox execution, project isolation, and Docker bridge",
+    "sandbox: Dry-run execution, project isolation, and Docker bridge",
     "skills: Skill scanning, isolation, fingerprints, and guard",
     "mcp: MCP proxy, server, and desktop client integration",
     "security: Credential scanning, redaction, break-glass, enforcement, overrides",
@@ -137,6 +139,7 @@ markers = [
     "memory: Memory store, safety, and query system",
     "core: Approval queue, audit, diagnostics, feedback, rate limiting, sessions",
     "local_model: Local ONNX model inference, registry, and CLI commands",
+    "integration: End-to-end integration tests with isolated venv install (slow)",
 ]
 
 [tool.black]
@@ -183,7 +186,7 @@ omit = [
 ]
 
 [tool.coverage.report]
-fail_under = 65
+fail_under = 60
 show_missing = true
 exclude_lines = [
     "pragma: no cover",

{tweek-0.3.1 → tweek-0.4.1}/tests/test_cli.py

@@ -12,11 +12,13 @@ Tests coverage of:
 """
 
 import json
+import os
 import pytest
 from pathlib import Path
 from unittest.mock import patch, MagicMock
 from click.testing import CliRunner
 import sys
+import shutil
 
 sys.path.insert(0, str(Path(__file__).parent.parent))
 
@@ -43,6 +45,18 @@ def temp_home(tmp_path):
     return tmp_path
 
 
+@pytest.fixture(autouse=True)
+def mock_claude_on_path():
+    """Mock Claude Code binary as available (not installed in CI)."""
+    _original = shutil.which
+    def _which(cmd):
+        if cmd == "claude":
+            return "/usr/local/bin/claude"
+        return _original(cmd)
+    with patch('tweek.cli_install.shutil.which', new=_which):
+        yield
+
+
 class TestInstallCommand:
     """Tests for the protect claude-code command (formerly install)."""
 
@@ -50,13 +64,14 @@ class TestInstallCommand:
         """Test global protect claude-code creates settings.json."""
         claude_dir = tmp_path / ".claude"
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.cli.Path.home', return_value=tmp_path):
-                result = runner.invoke(
-                    main,
-                    ['protect', 'claude-code', '--skip-env-scan'],
-                    catch_exceptions=False
-                )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    result = runner.invoke(
+                        main,
+                        ['protect', 'claude-code', '--skip-env-scan'],
+                        catch_exceptions=False
+                    )
 
         # Should complete successfully
         assert result.exit_code == 0 or "Installation complete" in result.output
@@ -77,21 +92,25 @@ class TestInstallCommand:
 
     def test_install_with_preset(self, runner, tmp_path):
         """Test protect claude-code with security preset."""
-        with patch.object(Path, 'home', return_value=tmp_path):
-            result = runner.invoke(
-                main,
-                ['protect', 'claude-code', '--preset', 'paranoid', '--skip-env-scan']
-            )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    result = runner.invoke(
+                        main,
+                        ['protect', 'claude-code', '--preset', 'paranoid', '--skip-env-scan']
+                    )
 
         assert "paranoid" in result.output.lower() or result.exit_code == 0
 
     def test_install_skip_proxy_check(self, runner, tmp_path):
         """Test protect claude-code with --skip-proxy-check skips openclaw detection."""
-        with patch.object(Path, 'home', return_value=tmp_path):
-            result = runner.invoke(
-                main,
-                ['protect', 'claude-code', '--skip-env-scan', '--skip-proxy-check']
-            )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    result = runner.invoke(
+                        main,
+                        ['protect', 'claude-code', '--skip-env-scan', '--skip-proxy-check']
+                    )
 
         # Should not mention openclaw
         assert "openclaw" not in result.output.lower()
@@ -107,14 +126,16 @@ class TestInstallCommand:
             "config_path": str(tmp_path / ".openclaw"),
         }
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
-                with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
-                    result = runner.invoke(
-                        main,
-                        ['protect', 'claude-code', '--skip-env-scan'],
-                        input='n\n'  # Answer 'no' to proxy override prompt
-                    )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
+                        with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
+                            result = runner.invoke(
+                                main,
+                                ['protect', 'claude-code', '--skip-env-scan'],
+                                input='n\n'  # Answer 'no' to proxy override prompt
+                            )
 
         # Should mention openclaw was detected
         assert "openclaw" in result.output.lower() or result.exit_code == 0
@@ -129,14 +150,16 @@ class TestInstallCommand:
             "config_path": str(tmp_path / ".openclaw"),
         }
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
-                with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
-                    result = runner.invoke(
-                        main,
-                        ['protect', 'claude-code', '--skip-env-scan'],
-                        input='n\n'  # Answer 'no' to proxy override prompt
-                    )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
+                        with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
+                            result = runner.invoke(
+                                main,
+                                ['protect', 'claude-code', '--skip-env-scan'],
+                                input='n\n'  # Answer 'no' to proxy override prompt
+                            )
 
         # Should mention gateway is running
         assert "gateway" in result.output.lower() or "running" in result.output.lower() or result.exit_code == 0
@@ -151,13 +174,15 @@ class TestInstallCommand:
             "config_path": None,
         }
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
-                with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
-                    result = runner.invoke(
-                        main,
-                        ['protect', 'claude-code', '--skip-env-scan', '--force-proxy']
-                    )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
+                        with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
+                            result = runner.invoke(
+                                main,
+                                ['protect', 'claude-code', '--skip-env-scan', '--force-proxy']
+                            )
 
         # Should mention force/override
         assert "override" in result.output.lower() or "proxy" in result.output.lower() or result.exit_code == 0
@@ -174,13 +199,15 @@ class TestInstallCommand:
 
         tweek_dir = tmp_path / ".tweek"
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
-                with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
-                    result = runner.invoke(
-                        main,
-                        ['protect', 'claude-code', '--skip-env-scan', '--force-proxy']
-                    )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
+                        with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
+                            result = runner.invoke(
+                                main,
+                                ['protect', 'claude-code', '--skip-env-scan', '--force-proxy']
+                            )
 
         # Check config file was created
         config_file = tweek_dir / "config.yaml"
@@ -201,14 +228,16 @@ class TestInstallCommand:
             "config_path": None,
         }
 
-        with patch.object(Path, 'home', return_value=tmp_path):
-            with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
-                with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
-                    result = runner.invoke(
-                        main,
-                        ['protect', 'claude-code', '--skip-env-scan'],
-                        input='y\n'  # Answer 'yes' to proxy override prompt
-                    )
+        with patch.dict(os.environ, {'HOME': str(tmp_path)}):
+            with patch.object(Path, 'home', return_value=tmp_path):
+                with patch('tweek.cli_install.Path.home', return_value=tmp_path):
+                    with patch('tweek.proxy.get_openclaw_status', return_value=openclaw_status):
+                        with patch('tweek.proxy.detect_proxy_conflicts', return_value=[]):
+                            result = runner.invoke(
+                                main,
+                                ['protect', 'claude-code', '--skip-env-scan'],
+                                input='y\n'  # Answer 'yes' to proxy override prompt
+                            )
 
         # Should confirm proxy override
         assert "proxy" in result.output.lower() or result.exit_code == 0
@@ -217,7 +246,7 @@ class TestInstallCommand:
 class TestUninstallCommand:
     """Tests for the unprotect command (formerly uninstall)."""
 
-    @patch('tweek.cli.sys')
+    @patch('tweek.cli_protect.sys')
     def test_uninstall_not_installed(self, mock_sys, runner, tmp_path):
         """Test unprotect when not installed (project scope, empty directory)."""
         mock_sys.stdin.isatty.return_value = True
@@ -227,7 +256,7 @@ class TestUninstallCommand:
 
         assert "No Tweek installation" in result.output or result.exit_code == 0
 
-    @patch('tweek.cli.sys')
+    @patch('tweek.cli_protect.sys')
     def test_uninstall_removes_hooks(self, mock_sys, runner, tmp_path):
         """Test unprotect removes Tweek hooks."""
         mock_sys.stdin.isatty.return_value = True