AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit login installs persistent Claude Code hooks and a shell shim. On later Claude tool invocations, the guard can fetch and replace those executable hooks from the SolonGate API, then transmit audit data.
Decision evidence
public snapshot- `dist/login.js` runs global setup by default after an explicit `login` authorization.
- `dist/global-install.js` writes `~/.claude/settings.json` hooks and shell startup shims for `claude`.
- `hooks/guard.mjs` downloads newer hook source, verifies only a server-supplied SHA-256, then atomically replaces `~/.solongate/hooks/{guard,audit,shield}.mjs`.
- Installed hooks send tool arguments and audit decisions to the configured SolonGate API endpoint.
- `package.json` contains no `preinstall`, `install`, or `postinstall` lifecycle hook.
- The control-surface changes require an explicit `login` command; `login --no-install` avoids them.
- The default network host is package-aligned: `https://api.solongate.com`.
- `dist/lib.js` exports library APIs and shows no import-time installation or hook mutation.
Source & flagged code
15 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tui/index.jsView on unpkg · L1976A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L281Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L10617Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L11403Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/login.jsView on unpkg