claude/codex specs (#33)

bb-connor · web-flow · commit 4f0396db3a35 · 2026-02-04T21:15:40.000-05:00
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,47 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+
+- `crates/`: Rust workspace crates (core engine, guards, CLI, daemon, WASM bindings)
+- `packages/`: TypeScript SDK + framework adapters, plus Python SDK in `packages/hush-py/`
+- `apps/desktop/`: Tauri + Vite desktop app
+- `rulesets/`: pre-configured YAML policies used by examples and tooling
+- `docs/`: mdBook source (`docs/src/**`)
+- `examples/`, `fixtures/`, `scripts/`, `tools/`, `fuzz/`
+- `vendor/`: vendored Rust dependencies for offline builds (avoid hand-editing)
+
+## Build, Test, and Development Commands
+
+Toolchains are pinned in `mise.toml` (Rust `1.93`, Node `24`, Python `3.12`).
+
+- Rust workspace: `cargo build`, `cargo test --workspace`
+- Format/lint: `cargo fmt --all` and `cargo clippy --all-targets --all-features -- -D warnings`
+- Rust “local CI”: `mise run ci`
+- Full platform check (Rust + TS + Python + docs): `bash scripts/test-platform.sh`
+- Offline (vendored) Rust tests: `CARGO_NET_OFFLINE=true scripts/cargo-offline.sh test --workspace --all-targets`
+
+TypeScript packages are built/tested per-package (no root JS workspace):
+- Example: `npm --prefix packages/hush-ts ci && npm --prefix packages/hush-ts test`
+- Desktop: `npm --prefix apps/desktop ci && npm --prefix apps/desktop run tauri:dev`
+
+Docs:
+- `mdbook build docs` / `mdbook test docs`
+
+## Coding Style & Naming Conventions
+
+- Rust: `rustfmt` is authoritative. Clippy denies `unwrap()`/`expect()` at the workspace level—prefer `?` + typed errors.
+- TypeScript: 2-space indentation, ESM modules. Keep public exports stable; run `npm run typecheck` in touched packages.
+- Python (`packages/hush-py`): 4-space indentation, `ruff` (line length 100) + `mypy --strict`.
+
+## Testing Guidelines
+
+- Rust: `cargo test -p <crate>`; add unit/integration tests for guard/policy changes (property tests may use `proptest`).
+- TypeScript: `vitest` with `*.test.ts` / `*.e2e.test.ts` naming; run `npm test` in affected packages.
+- Python: `pytest` under `packages/hush-py/tests/` (`test_*.py`).
+
+## Commit & Pull Request Guidelines
+
+- Commits follow Conventional Commits (seen in history): `feat:`, `fix:`, `docs:`, `chore(deps):`, with optional scopes (e.g. `feat(desktop): …`) and `!` for breaking changes.
+- Branches typically use `feature/<name>` or `fix/<name>`.
+- PRs: keep scope tight, link issues (“Closes #123”), update docs for public API changes, and include screenshots for `apps/desktop` UI changes.
+- Security reports: follow `SECURITY.md` (no public issues for vulnerabilities).
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,116 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Clawdstrike is a runtime security enforcement system for AI agents. It provides policy-driven security checks at the tool boundary between agent runtimes and their executed actions. The project is Rust-first with multi-language support (TypeScript, Python, WebAssembly).
+
+**Design Philosophy:** Fail-closed. Invalid policies reject at load time; errors during evaluation deny access.
+
+## Common Commands
+
+```bash
+# Build
+cargo build --workspace
+
+# Test
+cargo test --workspace                    # All tests
+cargo test -p clawdstrike                 # Single crate
+cargo test test_name                      # Single test
+
+# Lint & Format
+cargo fmt --all
+cargo clippy --workspace -- -D warnings
+
+# Full CI locally
+mise run ci   # or: cargo fmt --all -- --check && cargo clippy --workspace -- -D warnings && cargo test --workspace
+
+# Documentation
+cargo doc --no-deps --all-features
+mdbook build docs
+
+# TypeScript packages
+npm install --workspace=packages/hush-ts
+npm run build --workspace=packages/hush-ts
+npm test --workspace=packages/hush-ts
+
+# Python
+pip install -e packages/hush-py[dev]
+pytest packages/hush-py/tests
+
+# CLI
+cargo install --path crates/hush-cli
+clawdstrike check --action-type file --ruleset strict ~/.ssh/id_rsa
+```
+
+## Architecture
+
+### Monorepo Structure
+
+**Rust Crates (`crates/`):**
+- `hush-core` - Cryptographic primitives (Ed25519, SHA-256, Keccak-256, Merkle trees, canonical JSON RFC 8785)
+- `clawdstrike` - Main library: guards, policy engine, receipts
+- `hush-cli` - CLI binary (commands: `clawdstrike`, `hush`)
+- `hushd` - HTTP daemon for centralized enforcement (experimental)
+- `hush-proxy` - Network proxy utilities
+- `hush-wasm` - WebAssembly bindings
+- `hush-certification` - Compliance templates
+- `hush-multi-agent` - Multi-agent orchestration
+
+**TypeScript Packages (`packages/`):**
+- `hush-ts` - Core TypeScript SDK (`@clawdstrike/sdk`)
+- `clawdstrike-policy` - Canonical policy engine (TS)
+- `clawdstrike-adapter-core` - Base adapter interface
+- Framework adapters: `clawdstrike-openclaw`, `clawdstrike-vercel-ai`, `clawdstrike-langchain`, `clawdstrike-claude-code`, `clawdstrike-codex`, `clawdstrike-opencode`
+
+**Python:** `packages/hush-py`
+
+### Core Abstractions
+
+- **Guard** - A security check implementing the `Guard` trait (sync) or `AsyncGuard` trait (async)
+- **Policy** - YAML configuration (schema v1.1.0) with `extends` for inheritance
+- **Receipt** - Ed25519-signed attestation of decision, policy, and evidence
+- **HushEngine** - Facade orchestrating guards and signing
+
+### Built-in Guards (7)
+
+1. `ForbiddenPathGuard` - Blocks sensitive filesystem paths
+2. `EgressAllowlistGuard` - Controls network egress by domain
+3. `SecretLeakGuard` - Detects secrets in file writes
+4. `PatchIntegrityGuard` - Validates patch safety
+5. `McpToolGuard` - Restricts MCP tool invocations
+6. `PromptInjectionGuard` - Detects prompt injection
+7. `JailbreakGuard` - 4-layer detection (heuristic + statistical + ML + optional LLM-judge)
+
+### Policy System
+
+Policies are YAML files with schema version 1.1.0. They support inheritance via `extends`:
+- Built-in rulesets: `permissive`, `default`, `strict`, `ai-agent`, `cicd`
+- Local file references
+- Remote URLs
+- Git refs
+
+Location: `rulesets/` directory contains built-in policies.
+
+### Decision Flow
+
+```
+Policy Load → Guard Instantiation → Action Check → Per-Guard Evaluation
+→ Aggregate Verdict → Receipt Signing → Audit Logging
+```
+
+## Conventions
+
+- **Commit messages:** Follow [Conventional Commits](https://www.conventionalcommits.org/) - `feat(scope):`, `fix(scope):`, `docs:`, `test:`, `refactor:`, `perf:`, `chore:`
+- **Clippy:** Must pass with `-D warnings` (treat warnings as errors)
+- **Property testing:** Use `proptest` for cryptographic and serialization code
+- **MSRV:** Rust 1.93
+
+## Key Files
+
+- `Cargo.toml` - Workspace root with all crate definitions
+- `mise.toml` - Task runner configuration
+- `deny.toml` - cargo-deny license/advisory config
+- `rulesets/*.yaml` - Built-in security policies
+- `docs/` - mdBook documentation source
