-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·139 lines (121 loc) · 5.42 KB
/
install.sh
File metadata and controls
executable file
·139 lines (121 loc) · 5.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/usr/bin/env bash
# Claude Security Guard — one-liner installer
# curl -fsSL https://raw.githubusercontent.com/nardovibecoding/claude-sec-ops-guard/main/install.sh | bash
set -euo pipefail
INSTALL_DIR="$HOME/claude-sec-ops-guard"
SETTINGS="$HOME/.claude/settings.json"
RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' CYAN='\033[0;36m' BOLD='\033[1m' NC='\033[0m'
echo ""
echo -e "${CYAN}${BOLD}"
echo " ╔═════════════════════════════════════════╗"
echo " ║ Claude Security Guard Installer ║"
echo " ║ 14 hooks + 28 MCP tools + 2 commands ║"
echo " ╚═════════════════════════════════════════╝"
echo -e "${NC}"
# --- Check Python ---
if ! command -v python3 &>/dev/null; then
echo -e "${RED}✗ Python 3 is required. Install it first.${NC}"
exit 1
fi
# --- Clone or update ---
if [ -d "$INSTALL_DIR/.git" ]; then
echo -e "${YELLOW}→ Updating existing install...${NC}"
git -C "$INSTALL_DIR" pull --ff-only 2>/dev/null || true
else
if [ -d "$INSTALL_DIR" ]; then
echo -e "${RED}✗ $INSTALL_DIR exists but is not a git repo. Remove it first.${NC}"
exit 1
fi
echo -e "${GREEN}→ Cloning repository...${NC}"
git clone https://github.com/nardovibecoding/claude-sec-ops-guard.git "$INSTALL_DIR"
fi
# --- Install MCP dependencies ---
echo -e "${GREEN}→ Installing MCP server dependencies...${NC}"
pip3 install --quiet mcp 2>/dev/null || pip install --quiet mcp 2>/dev/null || echo -e "${YELLOW} Warning: couldn't install mcp package. Install manually: pip install mcp${NC}"
# --- Optional VPS config ---
echo ""
echo -e "${BOLD}Optional: VPS configuration${NC}"
read -rp "VPS hostname (leave blank to skip): " VPS_HOST
if [ -n "$VPS_HOST" ]; then
read -rp "VPS user [root]: " VPS_USER
VPS_USER=${VPS_USER:-root}
cat > "$INSTALL_DIR/.env" << ENVEOF
VPS_HOST=$VPS_HOST
VPS_USER=$VPS_USER
ENVEOF
echo -e " ${GREEN}Saved .env${NC}"
fi
# --- Patch settings.json ---
echo -e "${GREEN}→ Configuring hooks + MCP server...${NC}"
mkdir -p "$HOME/.claude"
python3 << 'PYEOF'
import json, os
INSTALL_DIR = os.path.expanduser("~/claude-sec-ops-guard")
SETTINGS = os.path.expanduser("~/.claude/settings.json")
if os.path.exists(SETTINGS):
with open(SETTINGS) as f:
settings = json.load(f)
else:
settings = {}
hooks = settings.setdefault("hooks", {})
MARKER = "claude-sec-ops-guard"
HOOK_DEFS = {
"PreToolUse": [
{"matcher": "Bash|Write|Edit|Read", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/guard_safety.py", "timeout": 5000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/canary_guard.py", "timeout": 3000},
]},
],
"PostToolUse": [
{"matcher": "Bash|Read|WebFetch", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_scan_output.py", "timeout": 3000},
]},
{"matcher": "Bash", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_vps_sync.py", "timeout": 15000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_dependency_grep.py", "timeout": 10000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_license.py", "timeout": 15000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_repo_check.py", "timeout": 5000},
]},
{"matcher": "Edit|Write", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_pip_install.py", "timeout": 30000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_bot_restart.py", "timeout": 15000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_skill_sync.py", "timeout": 5000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_restart_process.py", "timeout": 15000},
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_memory_index.py", "timeout": 5000},
]},
],
"UserPromptSubmit": [
{"matcher": "", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_context_checkpoint.py", "timeout": 3000},
]},
],
"Stop": [
{"matcher": "", "hooks": [
{"type": "command", "command": f"python3 {INSTALL_DIR}/hooks/auto_content_remind.py", "timeout": 3000},
]},
],
}
for event, entries in HOOK_DEFS.items():
event_hooks = hooks.setdefault(event, [])
event_hooks[:] = [h for h in event_hooks if not any(MARKER in hook.get("command", "") for hook in h.get("hooks", []))]
event_hooks.extend(entries)
# Add MCP server
mcp = settings.setdefault("mcpServers", {})
mcp["security-guard"] = {
"command": "python3",
"args": [f"{INSTALL_DIR}/mcp/server.py"]
}
with open(SETTINGS, "w") as f:
json.dump(settings, f, indent=2)
print(" Hooks + MCP server configured in ~/.claude/settings.json")
PYEOF
# --- Done ---
echo ""
echo -e "${GREEN}${BOLD}✓ Claude Security Guard installed!${NC}"
echo ""
echo -e " ${BOLD}14 hooks${NC} block dangerous commands, auto-sync, scan output."
echo -e " ${BOLD}28 MCP tools${NC} for VPS management, file locking, sanitization."
echo -e " ${BOLD}2 commands${NC}: /system-check, /md-cleanup"
echo ""
echo -e " ${YELLOW}Restart Claude Code if it's already running.${NC}"
echo ""