Metadata-Version: 2.4
Name: security-autopilot
Version: 0.1.4
Summary: MCP server giving Claude Code native security scanning superpowers
License: MIT
Requires-Python: >=3.11
Requires-Dist: aiosqlite>=0.20.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: mcp>=1.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: watchdog>=4.0.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Description-Content-Type: text/markdown

<div align="center">

# 🛡️ Security Autopilot

### Catches threats in your code. Fixes them automatically. Never asks you to do anything.

[![Python](https://img.shields.io/badge/python-3.11%2B-blue)](pyproject.toml)
[![PyPI](https://img.shields.io/badge/pypi-0.1.2-green)](https://pypi.org/project/security-autopilot/)
[![License](https://img.shields.io/badge/license-MIT-green)](LICENSE)
[![MCP](https://img.shields.io/badge/MCP-compatible-purple)](https://modelcontextprotocol.io)

</div>

---

## The Problem

On **March 30, 2026**, two malicious versions of `axios` — one of the most downloaded npm packages on the planet — were quietly published to npm.

They contained **zero suspicious code inside axios itself**. Any developer who inspected the source would have found nothing wrong.

Instead, they silently injected a fake dependency called `plain-crypto-js` that ran a **postinstall script the moment you ran `npm install`**. That script phoned home to a command-and-control server and dropped a remote access trojan tailored to your OS.

After delivering the payload, it deleted itself and swapped its own `package.json` for a clean decoy. **No trace. No warning. No audit trail.**

`npm audit` reported nothing. GitHub Dependabot reported nothing. Standard code review caught nothing.

> **This is the new shape of supply chain attacks** — and your existing tools aren't built to catch them.

---

## What It Does

Security Autopilot runs silently in the background on your machine from the moment you install it. You never have to open it, ask it anything, or remember it exists.

### 1. Scans all your existing projects on first install

The moment you install it, Security Autopilot walks through your development folders (`~/projects`, `~/code`, `~/Desktop/projects`, etc.), scans every project it finds, and sends you a single desktop notification with a summary. If anything critical is found, it tells you exactly what and where.

### 2. Watches every project forever after

After the initial scan, it keeps watching. The moment you add or update a `package.json`, `requirements.txt`, `go.mod`, `Cargo.toml`, or any lockfile — it scans automatically. No commands to run. No Claude Code required.

### 3. Auto-patches malicious packages

If it detects a known-malicious package (e.g. `axios@1.14.1`), it doesn't just warn you — it fixes it:

- Finds the highest safe version within the same major (semver-compatible, no breaking changes)
- Runs `npm install axios@1.14.0` automatically
- Sends you a desktop notification: **"✅ Auto-patched: axios 1.14.1 → 1.14.0"**

You never even see the bad version in your project.

### 4. Fires a loud alert for exposed secrets

If it finds an API key, token, or password committed to your codebase — it sends an immediate desktop notification with step-by-step rotation instructions specific to that credential type:

> 🚨 **SECRET EXPOSED — Action Required**
> AWS KEY exposed in .env. Go to AWS Console → IAM → Users → Security credentials → Delete key immediately.

Full instructions (all steps) are saved to `~/.security-autopilot/secret-alerts.log` so you can refer back at any time. Covers AWS, GitHub, Stripe, Slack, SendGrid, Twilio, JWT, and more.

### 5. Plugs into Claude Code

When Claude Code is open, Security Autopilot exposes four tools Claude can use directly:

| Tool | What it does |
|---|---|
| `scan_repo(path)` | Full scan — all 4 scanners in parallel, results in plain English |
| `scan_file(filepath)` | Scan a single file |
| `get_findings(severity)` | Retrieve cached findings from previous scans |
| `watch_project(path)` | Start a background watcher on a specific project |

You can just say **"scan this project"** or **"show my security findings"** and Claude handles the rest.

---

## What It Catches

| Threat | How |
|---|---|
| 🔴 **Known-malicious packages** | Blocklist of confirmed-bad versions updated as attacks happen |
| 🟠 **Maintainer account hijacks** | Detects publisher email changes between versions |
| 🟠 **Postinstall script injection** | Flags `preinstall`, `postinstall`, `prepare` lifecycle hooks |
| 🟠 **Exposed secrets** | API keys, tokens, passwords committed to any file |
| 🟡 **CVEs in dependencies** | Trivy scans against the full NVD vulnerability database |
| 🟡 **Code-level bugs** | Semgrep: SQL injection, XSS, `eval(userInput)`, 1000+ patterns |
| 🟡 **Recently published versions** | 72-hour cooldown gate on brand-new releases |
| 🔵 **Floating version pins** | `^` and `~` pins that allow silent upgrades |
| 🔵 **Missing SLSA provenance** | Packages published without cryptographic build attestations |

---

## Install

```bash
curl -fsSL https://raw.githubusercontent.com/Omar-Dahleh/security-autopilot/main/install.sh | sh
```

This single command:
1. Installs `uv` (Python package manager) if not present
2. Installs `security-autopilot` from PyPI
3. Installs `trivy`, `gitleaks`, and `semgrep` scanner CLIs
4. Patches `~/.claude/claude.json` to register the Claude Code plugin
5. Registers a background daemon that starts automatically at every login
6. Immediately scans all your existing projects

Safe to run twice — fully idempotent.

> **Telemetry:** On first run you'll be asked whether to share anonymous usage data (OS + Python version only). Opt out anytime by deleting `~/.security-autopilot/telemetry_consent`.

---

## What Happens After Install

```
Install completes
      │
      ▼
Daemon starts immediately
      │
      ├─▶ Scans all projects in ~/projects, ~/code, ~/Desktop/projects
      │         └─▶ Desktop notification: "Scanned 8 projects — 2 critical issues found"
      │
      └─▶ Watches forever
                │
                ├─▶ You run npm install axios@1.14.1
                │         └─▶ Detected → auto-patched to 1.14.0 → "✅ Fixed automatically"
                │
                ├─▶ You commit a file with an AWS key
                │         └─▶ "🚨 SECRET EXPOSED — rotate immediately" + full steps
                │
                └─▶ New project appears in ~/projects
                          └─▶ Auto-detected → scanned within 60 seconds
```

---

## Scanners

| Scanner | What it catches | Requires |
|---|---|---|
| **Supply Chain** | Known-bad versions, account hijacks, lifecycle scripts, floating pins | Built-in |
| **Trivy** | CVEs in npm, pip, Go, Rust, Java dependencies | Auto-installed |
| **Gitleaks** | Hardcoded secrets, API keys, tokens, passwords | Auto-installed |
| **Semgrep** | 1000+ SAST rules: injection, XSS, insecure patterns | Auto-installed |

Security Autopilot works with reduced coverage if a scanner is missing — it never crashes.

---

## For Contributors

```bash
uv run pytest tests/ -v        # run all tests
python -m mcp_server.server    # start MCP server manually
```

See `CLAUDE.md` for the complete project context, coding rules, and how to add a new scanner.

### Known-Bad Versions

```python
# mcp_server/tools/supply_chain.py → KNOWN_BAD
[
  {"name": "axios",           "version": "1.14.1", "reason": "supply chain RAT March 2026"},
  {"name": "axios",           "version": "0.30.4", "reason": "supply chain RAT March 2026"},
  {"name": "plain-crypto-js", "version": "4.2.1",  "reason": "axios attack dropper"},
]
```

PRs to extend this list are welcome.

---

## License

MIT — free to use, modify, and distribute.

---

<div align="center">

Built in response to the **March 2026 axios supply chain attack**.  
Because `npm audit` wasn't enough.

</div>
