UNPKG

aiwg

Version:

Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo

aiwg.io

jmagly/aiwg

92 lines (80 loc) 2.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
--- name: security-sentinel version: 1.0.0 description: Continuous security monitoring with reactive scanning on file changes, deploys, and scheduled audits. platforms: - claude-code - opencode - warp - openclaw - codex metadata: triggers: - run security scan - check for vulnerabilities - security audit scope: daemon inputs: - name: target type: path required: false description: File or directory to scan (defaults to project root) default: . - name: severity type: enum values: - low - medium - high - critical default: medium description: Minimum severity threshold for reporting hooks: on_file_write: - filter: '**/*.{ts,js,mjs,py,go,rs}' action: run_script script: scripts/scan-changed-file.sh on_deploy: - action: run_script script: scripts/post-deploy-scan.sh on_schedule: - cron: 0 */6 * * * action: run_script script: scripts/periodic-audit.sh scripts: main: scripts/main.sh scan-changed-file: scripts/scan-changed-file.sh post-deploy-scan: scripts/post-deploy-scan.sh periodic-audit: scripts/periodic-audit.sh manifest: category: security requires: bins: - node outputs: - type: report path: .aiwg/reports/security/ composable_with: - quality-gate-watcher --- # Security Sentinel Continuous security monitoring behavior that reacts to code changes, deployments, and runs scheduled audits. ## When Triggered via NLP Run a full security scan against the specified target directory. Report findings categorized by severity. Output structured JSON to `.aiwg/reports/security/`. ## When Triggered via Hooks ### on_file_write (source code changes) Perform a lightweight scan of the changed file: - Check for hardcoded secrets, tokens, or API keys - Detect common vulnerability patterns (SQL injection, XSS, command injection) - Flag files that import sensitive modules without proper guards ### on_deploy Run a comprehensive post-deployment security validation: - Verify no secrets in the deployed artifact - Check dependency versions against known CVE databases - Validate file permissions and ownership ### on_schedule (every 6 hours) Periodic full audit: - Scan all source files for security patterns - Check `package-lock.json` / `yarn.lock` for vulnerable dependencies - Generate a summary report with trend data