AI Security Review
scanned 23h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/domain/registry.ts launches Claude in tmux and defaults sessions to --dangerously-skip-permissions unless opted out
- src/domain/operations.ts exposes authenticated session RPC/HTTP ops for bash, readFile, writeFile, sendKeys, mode changes, and session creation
- src/relay/relay.ts connects to https://api.cluster-fluster.com using ~/.happy/access.key credentials and registers machine/session RPC handlers
- src/cli.ts user-invoked install writes systemd/launchd service files for a persistent joy-tmux daemon
- package.json has no npm lifecycle hooks, so no install-time execution
- Persistence is behind explicit joy install CLI command, not npm install/import
- src/transports/http.ts binds localhost and requires X-Joy-Token for POST/DELETE routes
- src/domain/fileOps.ts validates file paths to session cwd plus scoped per-session media root
- src/claude/hooks.ts writes package-owned hook/settings files under ~/.happy/joy-tmux-state and passes them via --settings for joy-managed Claude sessions
- No credential harvesting or arbitrary exfiltration beyond package-aligned Happy/Joy relay credentials and encrypted relay traffic
Source & flagged code
7 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/cli.tsView on unpkg · L10Package source invokes a package manager install command at runtime.
src/cli.tsView on unpkg · L10Source writes installer persistence such as shell profile or service configuration.
src/cli.tsView on unpkg · L10Package source references dynamic require/import behavior.
bin/joy.mjsView on unpkg · L15This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/domain/fileOps.tsView on unpkg