registry  /  @h1veframework/cli  /  0.7.0

@h1veframework/cli@0.7.0

The CLI for H1VE — the governance & memory layer for teams building with AI. Drive your feature flow (start, status, move, spec, done) from the terminal. Works with Claude Code, Cursor and Copilot.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The user-invoked CLI manages H1VE workflow state, local credentials, and explicitly supplied deployment configuration.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit execution of `h1ve` or `nf`, including `h1ve serve` for the local agent.
Impact
Can modify user-selected local git-ignored env files or selected provider env settings only after explicit invocation and pairing.
Mechanism
Authenticated H1VE API client and loopback-gated deployment environment helper.
Rationale
The scanner signals correspond to documented, user-invoked CLI functions and constrained local/deployment credential handling. Source inspection found no lifecycle execution, harvesting, off-target exfiltration, remote payload execution, persistence, or AI-agent control-surface mutation.
Evidence
package.jsonREADME.mddist/index.js.env.local~/.config/h1ve/credentials.json
Network endpoints6
app.h1ve.orgapi.vercel.comapi.netlify.comapi.fly.io/graphqlbackboard.railway.com/graphql/v2api.render.com

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.js` offers explicit `h1ve serve` routes that can apply caller-supplied environment values locally or to selected deployment providers.
Evidence against
  • `package.json` defines no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • `dist/index.js` is only the declared `h1ve`/`nf` executable; no import-time background behavior is present.
  • `execFile` is limited to fixed `git` operations and opening the login browser, with no shell-string execution.
  • Local env writes require an explicit command or loopback request, a pairing token, an allowed origin, a safe basename, and `git check-ignore`.
  • The loopback agent binds only to `127.0.0.1`; provider tokens and env values are sent only to the selected Vercel, Netlify, Fly, Railway, or Render API.
  • `connect` registers only connection metadata with H1VE; parsed `KEY=VALUE` secrets are written locally and are not included in its H1VE API request.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 1 file(s), 54.8 KB of source, external domains: 127.0.0.1, api.fly.io, api.netlify.com, api.render.com, api.vercel.com, app.h1ve.org, backboard.railway.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
7// ../core/src/branch.ts L8: import { execFile } from "child_process"; L9: import { promisify } from "util";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L7
1188}); L1189: process.stdout.write( L1190: `Agente H1VE ouvindo em http://127.0.0.1:${port} L1191: Origem permitida: ${origin} ... L1203: import { randomBytes as randomBytes2 } from "crypto"; L1204: import { execFile as execFile2 } from "child_process"; L1205: var LOGIN_TIMEOUT_MS = 3 * 60 * 1e3;
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1188

Findings

3 High3 Medium4 Low
HighChild Processdist/index.js
HighShell
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings