registry  /  @h1veframework/cli  /  0.5.2

@h1veframework/cli@0.5.2

The CLI for H1VE — the governance & memory layer for teams building with AI. Drive your feature flow (start, status, move, spec, done) from the terminal. Works with Claude Code, Cursor and Copilot.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time behavior. The explicit `nf serve` command provides a paired loopback agent for applying user-supplied environment variables locally or to selected deployment providers.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `nf serve` and supplies its displayed pairing token through the permitted browser origin.
Impact
Can modify a gitignored local env file or selected provider environment variables when explicitly invoked and authenticated.
Mechanism
Paired loopback environment-variable and deployment-provider management
Rationale
Direct inspection shows a user-invoked CLI with expected credential, Git, local-agent, and deployment-management functions; no lifecycle execution, covert collection, foreign AI-agent configuration mutation, or unconsented exfiltration was found. Static signals correspond to documented functionality guarded by explicit commands, loopback binding, origin checks, and pairing-token authentication.
Evidence
package.jsondist/index.jsREADME.md.env.local~/.config/h1ve/credentials.json
Network endpoints6
app.h1ve.orgapi.vercel.comapi.netlify.comapi.fly.io/graphqlbackboard.railway.com/graphql/v2api.render.com

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.js` exposes `nf serve`, which can write local and deployment environment variables.
  • `dist/index.js` reads API credentials from environment or `~/.config/h1ve/credentials.json`.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • `dist/index.js` only invokes `git` with fixed argument arrays for branch and remote operations.
  • Credential writes occur only through explicit `nf login`; logout removes that same file.
  • `nf connect` writes only a gitignored local env file after explicit `--env` input.
  • `nf serve` binds to `127.0.0.1`, enforces origin/host checks, and requires a random pairing token.
  • Deployment API calls occur only after an explicit paired local-agent request with supplied provider token.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 1 file(s), 52.7 KB of source, external domains: 127.0.0.1, api.fly.io, api.netlify.com, api.render.com, api.vercel.com, app.h1ve.org, backboard.railway.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
7// ../core/src/branch.ts L8: import { execFile } from "child_process"; L9: import { promisify } from "util";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L7
1137}); L1138: process.stdout.write( L1139: `Agente H1VE ouvindo em http://127.0.0.1:${port} L1140: Origem permitida: ${origin} ... L1152: import { randomBytes as randomBytes2 } from "crypto"; L1153: import { execFile as execFile2 } from "child_process"; L1154: var LOGIN_TIMEOUT_MS = 3 * 60 * 1e3;
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1137

Findings

3 High3 Medium4 Low
HighChild Processdist/index.js
HighShell
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings