@calmhive/calmhive-cli
Version:
🐝 Intelligent Claude CLI wrapper with rule injection, AFk background processing, voice interface, and adaptive retry
208 lines (156 loc) • 6.07 kB
Markdown
# Rule Injection Security & Scope
*Last Updated: 2025-01-07*
*Version: 1.0.0*
## 🔒 Security Overview
Calmhive's rule injection system is designed with **process isolation** and **user control** as top priorities. This document explains exactly what is and isn't affected by rule injection.
## 🎯 What Gets Injected
### ✅ Affected (Only These)
- **Calmhive chat sessions** - Interactive chats started with `calmhive chat`
- **Calmhive commands** - `calmhive run`, `calmhive afk`, etc.
- **Explicit Calmhive usage** - Only when you deliberately use Calmhive
### ❌ NOT Affected (Guaranteed)
- **Other Claude apps** - VS Code extensions, Claude Desktop, etc.
- **Other CLI tools** - Any non-Calmhive tools that use Anthropic API
- **System-wide HTTP** - No global network interception
- **Other Node.js apps** - Process isolation prevents cross-contamination
- **Background services** - No persistent system modifications
## 🛡️ How Isolation Works
### Process-Specific Interception
```bash
# When you run this:
calmhive chat
# Internally it becomes:
node --require ./lib/chat-interceptor.js $(which claude) [args]
```
The `--require` flag only affects **that specific process**. When the process ends, all interception stops.
### Technical Boundaries
1. **Process Isolation**: Interceptor only loads in the Claude CLI process launched by Calmhive
2. **No Global Patching**: We don't modify system-wide Node.js modules
3. **No Persistent Changes**: No background services or system modifications
4. **Clean Termination**: All interception ends when the command completes
## 🔍 Verification Commands
### Check Current Status
```bash
# See if injection is enabled
calmhive intercept status
# Detailed information
calmhive intercept info
# Test injection functionality
calmhive intercept test
```
### Verify Process Isolation
```bash
# Start Calmhive in one terminal
calmhive chat
# In another terminal, test other apps aren't affected
# (run any other Node.js app that uses Anthropic API)
```
## 🎛️ User Control Options
### Global Control
```bash
# Disable injection for all commands
calmhive intercept off
# Re-enable with specific method
calmhive intercept on --method=network
# Check status anytime
calmhive intercept status
```
### Per-Session Control
```bash
# Disable for single session
calmhive chat --no-intercept
# Use different interception method
calmhive chat --intercept=stdio
```
### Settings File Control
Edit `~/.claude/calmhive-settings.json`:
```json
{
"ruleInjection": false // Disables globally
}
```
### Environment Variable Override
```bash
# Disable via environment (overrides all settings)
export CALMHIVE_NO_INJECT=1
calmhive chat # Will not inject
```
## 📊 Token Usage & Costs
### Cost Analysis
- **CLAUDE.md size**: ~32KB (your file size)
- **Added per message**: ~32KB of tokens
- **Typical cost**: ~$0.XX per message (depends on model)
### Cost Optimization Options
1. **Selective Usage**: Only enable for complex tasks
2. **Condensed Rules**: Create shorter version for cost-sensitive work
3. **Method Selection**: `--intercept=stdio` has no API cost impact
### ROI Evaluation
Use the built-in A/B testing to measure value:
```bash
# Test if injection improves your outputs
node test/test-output-quality.js
```
## 🚨 What Could Go Wrong?
### Unlikely but Possible Issues
1. **Process Memory**: Large CLAUDE.md files use more memory
2. **Network Overhead**: Slightly larger requests
3. **Response Time**: Minimal delay from larger requests
### What Won't Happen
- ❌ Other apps getting your rules injected
- ❌ Rules sent to wrong services
- ❌ Persistent system changes
- ❌ Background processes affected
- ❌ Data leakage to other applications
## 🔧 Troubleshooting Isolation
### Verify Only Calmhive is Affected
1. **Run Calmhive**: `calmhive chat "test message"`
2. **Check injection**: Should see debug output about injection
3. **Test other app**: Use any other Claude tool
4. **Verify isolation**: Other app should NOT show injection
### Debug Process Boundaries
```bash
# Enable debug mode
export CALMHIVE_DEBUG=1
# Run Calmhive command
calmhive chat "test"
# Check for injection messages in output
# Should see: [Calmhive Interceptor] messages
```
### Emergency Disable
If anything seems wrong:
```bash
# Immediate global disable
calmhive intercept off
# Or delete settings file
rm ~/.claude/calmhive-settings.json
# Or use bypass
claude chat # Direct Claude, bypasses Calmhive entirely
```
## 📋 Security Checklist
Before using rule injection, verify:
- [ ] You understand it only affects Calmhive commands
- [ ] You know how to disable it globally (`calmhive intercept off`)
- [ ] You've tested that other Claude apps aren't affected
- [ ] You're comfortable with the token cost increase
- [ ] You have a backup plan (direct Claude CLI usage)
## 🤝 User Trust
We understand that intercepting API requests is a sensitive operation. That's why we've designed the system with:
- **Full Transparency**: Complete source code available
- **User Control**: Multiple ways to disable/control
- **Process Isolation**: Cannot affect other applications
- **No Persistence**: No permanent system changes
- **Easy Verification**: Built-in tools to test and verify
## 📞 Support & Questions
If you have security concerns or questions:
1. **Check documentation**: This file and `RULE-INJECTION.md`
2. **Test isolation**: Use the verification commands above
3. **Report issues**: If you find any cross-contamination or unexpected behavior
4. **Emergency disable**: `calmhive intercept off` immediately stops all injection
## 🎯 Bottom Line
**Calmhive rule injection is designed to be:**
- ✅ **Safe**: Process-isolated, no system-wide effects
- ✅ **Controllable**: Multiple disable options
- ✅ **Transparent**: Full visibility into what's happening
- ✅ **Reversible**: Easy to turn off permanently
- ✅ **Verifiable**: Built-in testing and status commands
**Use it confidently knowing it only affects what you explicitly run through Calmhive.**