tweek 0.4.1__py3-none-any.whl → 0.4.3__py3-none-any.whl

tweek/cli_uninstall.py

@@ -7,17 +7,12 @@ Full removal of Tweek from the system:
     tweek uninstall --all                Remove ALL Tweek data system-wide
     tweek uninstall --all --confirm      Remove everything without prompts
 
-IMPORTANT: Users MUST run ``tweek unprotect --all`` (or ``tweek uninstall``)
-BEFORE removing the pip package with ``pip uninstall tweek``.  If the package
-is removed first, the Claude Code hooks in ~/.claude/settings.json become
-orphaned — they still reference the hook scripts on disk but the ``tweek``
-CLI is no longer available to clean them up.  Orphaned hooks cause spurious
-security warnings in every Claude Code session.
-
-To manually clean up orphaned hooks, remove the ``PreToolUse`` and
-``PostToolUse`` entries that reference ``tweek`` from:
-    ~/.claude/settings.json              (global hooks)
-    <project>/.claude/settings.json      (project-level hooks)
+Resilience against ``pip uninstall tweek`` running first:
+    - Hooks in settings.json point to self-healing wrappers at ~/.tweek/hooks/
+      (outside the pip package). If tweek is gone, the wrappers silently remove
+      themselves from settings.json and allow the tool call.
+    - A standalone cleanup script at ~/.tweek/uninstall.sh can remove all
+      Tweek state without requiring the Python package.
 """
 from __future__ import annotations
 
@@ -289,6 +284,8 @@ def _remove_tweek_data_dir(tweek_dir: Path) -> list:
         ("config.yaml", "configuration"),
         ("overrides.yaml", "security overrides"),
         ("security.db", "security log database"),
+        ("uninstall.sh", "standalone uninstall script"),
+        ("installed_scopes.json", "installation scope tracking"),
     ]
     for filename, label in items:
         filepath = tweek_dir / filename
@@ -297,6 +294,7 @@ def _remove_tweek_data_dir(tweek_dir: Path) -> list:
             removed.append(label)
 
     dirs = [
+        ("hooks", "self-healing hook wrappers"),
         ("patterns", "pattern repository"),
         ("chamber", "skill isolation chamber"),
         ("jail", "skill jail"),
@@ -329,6 +327,40 @@ def _remove_tweek_data_dir(tweek_dir: Path) -> list:
     return removed
 
 
+def _remove_tweek_yaml_files(tweek_dir: Path) -> list:
+    """Remove .tweek.yaml control files. Returns list of paths removed."""
+    removed = []
+
+    # Global .tweek.yaml
+    global_yaml = Path("~/.tweek.yaml").expanduser()
+    if global_yaml.exists():
+        global_yaml.unlink()
+        removed.append(str(global_yaml))
+
+    # Project-level .tweek.yaml files from recorded scopes
+    scopes_file = tweek_dir / "installed_scopes.json"
+    if scopes_file.exists():
+        try:
+            scopes = json.loads(scopes_file.read_text()) or []
+            for scope_str in scopes:
+                # .tweek.yaml is in the parent of the .claude/ directory
+                scope_parent = Path(scope_str).parent
+                project_yaml = scope_parent / ".tweek.yaml"
+                if project_yaml.exists():
+                    project_yaml.unlink()
+                    removed.append(str(project_yaml))
+        except (json.JSONDecodeError, IOError):
+            pass
+
+    # Current directory .tweek.yaml
+    cwd_yaml = Path.cwd() / ".tweek.yaml"
+    if cwd_yaml.exists() and str(cwd_yaml) not in removed:
+        cwd_yaml.unlink()
+        removed.append(str(cwd_yaml))
+
+    return removed
+
+
 def _remove_mcp_integrations() -> list:
     """Remove MCP integrations for all known clients. Returns list of clients removed."""
     removed = []
@@ -460,14 +492,52 @@ def _uninstall_scope(target: Path, tweek_dir: Path, confirm: bool, scope_label:
         console.print("[white]Tweek data directory (~/.tweek/) was preserved.[/white]")
 
 
+def _get_all_project_scopes(project_target: Path) -> list:
+    """Get all project-level .claude/ directories that may have tweek hooks.
+
+    Merges: (1) the current project, (2) any recorded install scopes from
+    ~/.tweek/installed_scopes.json.  Deduplicates by resolved path.
+    """
+    seen = set()
+    result = []
+
+    # Always include current project
+    resolved_cwd = str(project_target.resolve())
+    seen.add(resolved_cwd)
+    result.append(project_target)
+
+    # Include all recorded scopes from install-time tracking
+    try:
+        from tweek.cli_install import _get_installed_scopes
+        for scope_str in _get_installed_scopes():
+            scope = Path(scope_str)
+            resolved = str(scope.resolve())
+            if resolved not in seen and scope.exists():
+                seen.add(resolved)
+                result.append(scope)
+    except (ImportError, Exception):
+        pass
+
+    return result
+
+
 def _uninstall_everything(global_target: Path, project_target: Path, tweek_dir: Path, confirm: bool):
     """Full system removal of all Tweek data."""
+    # Discover all project scopes (current + recorded from install)
+    all_project_scopes = _get_all_project_scopes(project_target)
+
     console.print("[bold yellow]FULL REMOVAL[/bold yellow] \u2014 This will remove ALL Tweek data:\n")
-    console.print("  [white]\u2022[/white] Hooks from current project (.claude/settings.json)")
+    if len(all_project_scopes) > 1:
+        console.print(f"  [white]\u2022[/white] Hooks from {len(all_project_scopes)} project(s):")
+        for scope in all_project_scopes:
+            console.print(f"      [white]{scope}/settings.json[/white]")
+    else:
+        console.print("  [white]\u2022[/white] Hooks from current project (.claude/settings.json)")
     console.print("  [white]\u2022[/white] Hooks from global installation (~/.claude/settings.json)")
     console.print("  [white]\u2022[/white] Tweek skill directories (project + global)")
     console.print("  [white]\u2022[/white] All backup files")
-    console.print("  [white]\u2022[/white] Tweek data directory (~/.tweek/)")
+    console.print("  [white]\u2022[/white] .tweek.yaml control files")
+    console.print("  [white]\u2022[/white] Tweek data directory (~/.tweek/) including hook wrappers")
 
     # Show what exists in ~/.tweek/
     if tweek_dir.exists():
@@ -489,23 +559,25 @@ def _uninstall_everything(global_target: Path, project_target: Path, tweek_dir:
 
     console.print()
 
-    # ── Project scope ──
-    console.print("[bold]Project scope (.claude/):[/bold]")
-    removed_hooks = _remove_hooks_from_settings(project_target / "settings.json")
-    for hook_type in removed_hooks:
-        console.print(f"  [green]\u2713[/green] Removed {hook_type} hook from project settings.json")
-    if not removed_hooks:
-        console.print(f"  [white]-[/white] Skipped: no project hooks found")
-
-    if _remove_skill_directory(project_target):
-        console.print(f"  [green]\u2713[/green] Removed Tweek skill from project")
-    else:
-        console.print(f"  [white]-[/white] Skipped: no project skill directory")
+    # ── Project scopes (current + recorded from install) ──
+    for scope in all_project_scopes:
+        scope_label = str(scope)
+        console.print(f"[bold]Project scope ({scope_label}):[/bold]")
+        removed_hooks = _remove_hooks_from_settings(scope / "settings.json")
+        for hook_type in removed_hooks:
+            console.print(f"  [green]\u2713[/green] Removed {hook_type} hook from {scope_label}/settings.json")
+        if not removed_hooks:
+            console.print(f"  [white]-[/white] Skipped: no hooks found")
+
+        if _remove_skill_directory(scope):
+            console.print(f"  [green]\u2713[/green] Removed Tweek skill directory")
+        else:
+            console.print(f"  [white]-[/white] Skipped: no skill directory")
 
-    if _remove_backup_file(project_target):
-        console.print(f"  [green]\u2713[/green] Removed project backup file")
-    else:
-        console.print(f"  [white]-[/white] Skipped: no project backup file")
+        if _remove_backup_file(scope):
+            console.print(f"  [green]\u2713[/green] Removed backup file")
+        else:
+            console.print(f"  [white]-[/white] Skipped: no backup file")
 
     console.print()
 
@@ -529,13 +601,14 @@ def _uninstall_everything(global_target: Path, project_target: Path, tweek_dir:
 
     console.print()
 
-    # ── Tweek data directory ──
-    console.print("[bold]Tweek data (~/.tweek/):[/bold]")
-    data_removed = _remove_tweek_data_dir(tweek_dir)
-    for item in data_removed:
-        console.print(f"  [green]\u2713[/green] Removed {item}")
-    if not data_removed:
-        console.print(f"  [white]-[/white] Skipped: no data directory found")
+    # ── .tweek.yaml control files ──
+    # Must run before data directory removal (needs installed_scopes.json)
+    console.print("[bold]Control files (.tweek.yaml):[/bold]")
+    yaml_removed = _remove_tweek_yaml_files(tweek_dir)
+    for yaml_path in yaml_removed:
+        console.print(f"  [green]\u2713[/green] Removed {yaml_path}")
+    if not yaml_removed:
+        console.print(f"  [white]-[/white] Skipped: no .tweek.yaml files found")
 
     console.print()
 
@@ -547,5 +620,15 @@ def _uninstall_everything(global_target: Path, project_target: Path, tweek_dir:
     if not mcp_removed:
         console.print(f"  [white]-[/white] Skipped: no MCP integrations found")
 
+    console.print()
+
+    # ── Tweek data directory (last — other steps need installed_scopes.json) ──
+    console.print("[bold]Tweek data (~/.tweek/):[/bold]")
+    data_removed = _remove_tweek_data_dir(tweek_dir)
+    for item in data_removed:
+        console.print(f"  [green]\u2713[/green] Removed {item}")
+    if not data_removed:
+        console.print(f"  [white]-[/white] Skipped: no data directory found")
+
     console.print()
     console.print("[green]All Tweek data has been removed.[/green]")

tweek/config/families.yaml

@@ -128,6 +128,8 @@ families:
       - 218  # reverse_shell_perl_ruby
       - 219  # reverse_shell_mkfifo
       - 220  # reverse_shell_encoded
+      - 272  # shortened_url_to_shell
+      - 275  # raw_ip_url_to_shell
     heuristic_signals:
       exfil_verbs:
         - "curl"
@@ -308,6 +310,15 @@ families:
       - 113  # gzip_obfuscation
       - 125  # importlib_evasion
       - 126  # variable_indirection
+      - 263  # punycode_domain
+      - 264  # non_ascii_hostname
+      - 265  # cyrillic_in_url
+      - 266  # greek_in_url
+      - 267  # bidi_isolate_chars
+      - 268  # url_userinfo_trick
+      - 269  # lookalike_tld
+      - 270  # fullwidth_dot_in_url
+      - 274  # double_encoding_in_url
     heuristic_signals:
       evasion_indicators:
         - "eval("
@@ -391,6 +402,7 @@ families:
       - 96   # login_item_persistence
       - 118  # curl_write_sensitive
       - 227  # privesc_cron_inject
+      - 273  # dotfile_overwrite_via_redirect
     heuristic_signals:
       persistence_paths:
         - "LaunchAgents"
@@ -582,6 +594,7 @@ families:
       - 167  # pnpm_symlink_traversal
       - 248  # supply_chain_typosquat_ai
       - 249  # supply_chain_postinstall_exec
+      - 271  # insecure_tls_flags
     heuristic_signals:
       supply_chain_indicators:
         - "--pre"

tweek/config/models.py

@@ -12,7 +12,7 @@ from __future__ import annotations
 
 import re
 from enum import Enum
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List, Literal, Optional
 
 from pydantic import BaseModel, Field, field_validator, model_validator
 
@@ -53,6 +53,21 @@ class PatternConfidence(str, Enum):
     CONTEXTUAL = "contextual"
 
 
+class LLMFailMode(str, Enum):
+    """Behavior when LLM review is unavailable (provider errors, timeouts).
+
+    OPEN: Degrade gracefully, return SAFE (current default behavior).
+          Pattern matching remains the primary defense.
+    CLOSED: Hard block -- return DANGEROUS with should_prompt=True.
+            Use when LLM review is considered a mandatory gate.
+    ESCALATE: Return SUSPICIOUS with should_prompt=True (triggers ASK).
+              Recommended middle ground for security-sensitive environments.
+    """
+    OPEN = "open"
+    CLOSED = "closed"
+    ESCALATE = "escalate"
+
+
 # ============================================================================
 # Configuration Section Models
 # ============================================================================
@@ -88,6 +103,10 @@ class LLMReviewConfig(BaseModel):
     base_url: Optional[str] = None
     api_key_env: Optional[str] = None
     timeout_seconds: float = Field(default=15.0, gt=0)
+    fail_mode: LLMFailMode = Field(
+        default=LLMFailMode.OPEN,
+        description="Behavior when LLM review is unavailable: open, closed, or escalate",
+    )
     local: LLMReviewLocalConfig = Field(default_factory=LLMReviewLocalConfig)
     fallback: LLMReviewFallbackConfig = Field(default_factory=LLMReviewFallbackConfig)
 
@@ -186,9 +205,18 @@ class OpenClawConfig(BaseModel):
     gateway_port: int = Field(default=18789, gt=0, le=65535)
     scanner_port: int = Field(default=9878, gt=0, le=65535)
     plugin_installed: bool = False
-    preset: str = "cautious"
+    preset: Literal["paranoid", "cautious", "balanced", "trusted"] = "cautious"
 
-    model_config = {"extra": "allow"}
+    model_config = {"extra": "forbid"}
+
+    @model_validator(mode="after")
+    def check_port_collision(self) -> "OpenClawConfig":
+        if self.gateway_port == self.scanner_port:
+            raise ValueError(
+                f"gateway_port and scanner_port must differ "
+                f"(both set to {self.gateway_port})"
+            )
+        return self
 
 
 # ============================================================================

tweek/config/patterns.yaml

@@ -24,8 +24,8 @@
 #   contextual - Depends on surrounding context; broad behavioral pattern
 # PRO tier adds: LLM review, session analysis, rate limiting
 
-version: 5
-pattern_count: 262
+version: 6
+pattern_count: 275
 
 patterns:
   # ============================================================================
@@ -2275,3 +2275,127 @@ patterns:
     severity: medium
     confidence: contextual
     family: prompt_injection
+
+  # ============================================================================
+  # TERMINAL & URL SECURITY PATTERNS (263-275)
+  # 13 patterns covering IDN/punycode, homoglyph scripts, bidi text direction,
+  # URL spoofing, insecure transport, dotfile persistence, and encoding attacks.
+  # Inspired by Tirith terminal security research.
+  # Added: 2026-02-03
+  # ============================================================================
+
+  # --- IDN / Punycode Attacks (263-264) ---
+
+  - id: 263
+    name: punycode_domain
+    description: "Internationalized domain name (punycode) in URL"
+    regex: 'https?://[^\s/]*xn--[^\s/]*'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  - id: 264
+    name: non_ascii_hostname
+    description: "Non-ASCII characters in URL hostname (potential homoglyph)"
+    regex: 'https?://[^\s/]*[^\x00-\x7f][^\s/]*'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  # --- Homoglyph Script Detection (265-266) ---
+
+  - id: 265
+    name: cyrillic_in_url
+    description: "Cyrillic characters in URL (homoglyph spoofing)"
+    regex: 'https?://[^\s]*[\u0400-\u04ff]'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  - id: 266
+    name: greek_in_url
+    description: "Greek characters in URL (homoglyph spoofing)"
+    regex: 'https?://[^\s]*[\u0370-\u03ff]'
+    severity: medium
+    confidence: heuristic
+    family: evasion_techniques
+
+  # --- Bidi Text Direction Attacks (267) ---
+
+  - id: 267
+    name: bidi_isolate_chars
+    description: "Bidi isolate characters that manipulate text display direction"
+    regex: '[\u2066-\u2069]'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  # --- URL Spoofing (268-270) ---
+
+  - id: 268
+    name: url_userinfo_trick
+    description: "URL with userinfo@ to disguise real hostname"
+    regex: 'https?://[^\s/@]+\.[^\s/@]+@[^\s/]+'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  - id: 269
+    name: lookalike_tld
+    description: "URL with .zip or .mov TLD that mimics file extension"
+    regex: 'https?://[^\s/]+\.(zip|mov)(/|\s|$)'
+    severity: medium
+    confidence: contextual
+    family: evasion_techniques
+
+  - id: 270
+    name: fullwidth_dot_in_url
+    description: "Fullwidth or ideographic dots in URL to bypass domain parsing"
+    regex: 'https?://[^\s]*[\uff0e\u3002\uff61]'
+    severity: high
+    confidence: heuristic
+    family: evasion_techniques
+
+  # --- Insecure Transport (271-272) ---
+
+  - id: 271
+    name: insecure_tls_flags
+    description: "TLS certificate verification disabled (MITM risk)"
+    regex: '(curl\s+.*(-k\b|--insecure)|wget\s+.*--no-check-certificate)'
+    severity: high
+    confidence: heuristic
+    family: supply_chain
+
+  - id: 272
+    name: shortened_url_to_shell
+    description: "Shortened URL piped to interpreter (hidden destination)"
+    regex: '(curl|wget)\s+.*https?://(bit\.ly|t\.co|tinyurl\.com|is\.gd|rb\.gy|shorturl\.at)[^\s]*.*\|\s*(bash|sh|zsh|python|perl|ruby)'
+    severity: critical
+    confidence: deterministic
+    family: data_exfiltration
+
+  # --- Dotfile Persistence & Encoding (273-275) ---
+
+  - id: 273
+    name: dotfile_overwrite_via_redirect
+    description: "Download command redirecting output to shell config dotfile"
+    regex: '(curl|wget)\s+[^|]*?(>|>>)\s*~?/?\.(bashrc|zshrc|profile|bash_profile|gitconfig)'
+    severity: critical
+    confidence: deterministic
+    family: persistence
+
+  - id: 274
+    name: double_encoding_in_url
+    description: "Double percent-encoding to bypass URL security filters"
+    regex: '%25[0-9a-fA-F]{2}'
+    severity: medium
+    confidence: heuristic
+    family: evasion_techniques
+
+  - id: 275
+    name: raw_ip_url_to_shell
+    description: "Raw IP address URL piped to interpreter"
+    regex: '(curl|wget)\s+.*https?://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}[^\s]*.*\|\s*(bash|sh|zsh|python)'
+    severity: high
+    confidence: heuristic
+    family: data_exfiltration

tweek/diagnostics.py

@@ -33,12 +33,13 @@ class HealthCheck:
     fix_hint: str = ""  # Recovery: "Run: tweek protect claude-code --global"
 
 
-def run_health_checks(verbose: bool = False) -> List[HealthCheck]:
+def run_health_checks(verbose: bool = False, interactive: bool = False) -> List[HealthCheck]:
     """
     Run all health checks and return results.
 
     Args:
         verbose: If True, include extra detail in messages.
+        interactive: If True, offer to fix issues interactively.
 
     Returns:
         List of HealthCheck results in check order.
@@ -72,6 +73,10 @@ def run_health_checks(verbose: bool = False) -> List[HealthCheck]:
                 fix_hint="This may indicate a corrupted installation. Try: pip install --force-reinstall tweek",
             ))
 
+    # Interactive fix mode — offer to resolve fixable issues
+    if interactive:
+        _offer_interactive_fixes(results)
+
     # Log health check results
     try:
         from tweek.logging.security_log import get_logger, SecurityEvent, EventType
@@ -788,3 +793,121 @@ def _check_llm_review(verbose: bool = False) -> HealthCheck:
             status=CheckStatus.WARNING,
             message=f"Cannot check LLM review: {e}",
         )
+
+
+# ==================== Interactive Fix Mode ====================
+
+
+def _offer_interactive_fixes(results: List[HealthCheck]) -> None:
+    """Offer to fix issues found during health checks.
+
+    Only runs when ``tweek doctor --fix`` is used. Prompts for each
+    fixable issue and attempts automatic remediation.
+    """
+    import click
+    from rich.console import Console
+
+    console = Console()
+    fixable = [r for r in results if r.status in (CheckStatus.WARNING, CheckStatus.ERROR)]
+
+    if not fixable:
+        return
+
+    console.print("\n[bold]Interactive Fix Mode[/bold]")
+    console.print(f"Found {len(fixable)} issue(s) that may be fixable:\n")
+
+    for check in fixable:
+        fixed = False
+
+        if check.name == "local_model" and "not downloaded" in check.message:
+            if click.confirm(f"  [{check.name}] Download local model now?", default=True):
+                fixed = _fix_download_model()
+
+        elif check.name == "local_model" and "Dependencies" in check.message:
+            if click.confirm(f"  [{check.name}] Install local model dependencies?", default=True):
+                fixed = _fix_install_model_deps()
+
+        elif check.name == "local_model" and "SHA-256" in check.message:
+            if click.confirm(f"  [{check.name}] Re-download model (integrity check failed)?", default=True):
+                fixed = _fix_redownload_model()
+
+        elif check.name == "llm_review" and "No LLM provider" in check.message:
+            if click.confirm(f"  [{check.name}] Configure LLM provider now?", default=True):
+                fixed = _fix_configure_llm()
+
+        elif check.name == "hooks_installed" and "No hooks" in check.message:
+            if click.confirm(f"  [{check.name}] Install hooks now?", default=True):
+                fixed = _fix_install_hooks()
+
+        else:
+            if check.fix_hint:
+                console.print(f"  [{check.name}] {check.message}")
+                console.print(f"    [dim]Hint: {check.fix_hint}[/dim]")
+
+        if fixed:
+            console.print(f"  [green]\u2713[/green] Fixed: {check.name}")
+        console.print()
+
+
+def _fix_download_model() -> bool:
+    """Download the local classifier model."""
+    try:
+        from tweek.cli_install import _download_local_model
+        return _download_local_model(quick=False)
+    except Exception as e:
+        from rich.console import Console
+        Console().print(f"  [red]\u2717[/red] Failed: {e}")
+        return False
+
+
+def _fix_install_model_deps() -> bool:
+    """Install onnxruntime, tokenizers, numpy."""
+    try:
+        from tweek.cli_install import _ensure_local_model_deps
+        return _ensure_local_model_deps()
+    except Exception as e:
+        from rich.console import Console
+        Console().print(f"  [red]\u2717[/red] Failed: {e}")
+        return False
+
+
+def _fix_redownload_model() -> bool:
+    """Force re-download the local model."""
+    try:
+        from tweek.security.model_registry import download_model, get_default_model_name
+        download_model(get_default_model_name(), force=True)
+        return True
+    except Exception as e:
+        from rich.console import Console
+        Console().print(f"  [red]\u2717[/red] Failed: {e}")
+        return False
+
+
+def _fix_configure_llm() -> bool:
+    """Run the LLM provider configuration wizard."""
+    try:
+        from tweek.cli_install import _configure_llm_provider
+        tweek_dir = Path("~/.tweek").expanduser()
+        _configure_llm_provider(tweek_dir, interactive=True, quick=False)
+        return True
+    except Exception as e:
+        from rich.console import Console
+        Console().print(f"  [red]\u2717[/red] Failed: {e}")
+        return False
+
+
+def _fix_install_hooks() -> bool:
+    """Run hook installation."""
+    try:
+        from tweek.cli_install import _install_claude_code_hooks
+        _install_claude_code_hooks(
+            install_global=True, dev_test=False, backup=True,
+            skip_env_scan=True, interactive=False, preset="cautious",
+            ai_defaults=False, with_sandbox=False, force_proxy=False,
+            skip_proxy_check=True, quick=True,
+        )
+        return True
+    except Exception as e:
+        from rich.console import Console
+        Console().print(f"  [red]\u2717[/red] Failed: {e}")
+        return False