From b761e369b7990e1877d86d9e610ad4de8acc26fe Mon Sep 17 00:00:00 2001 From: Mitsuru Hayasaka Date: Sun, 8 Feb 2026 01:24:47 +0900 Subject: [PATCH 1/2] Add OSS essentials: README, LICENSE, CONTRIBUTING, and metadata - Add README.md with usage examples and design principles - Add MIT LICENSE - Add CONTRIBUTING.md with development setup guide - Add OSS metadata to package.json (keywords, author, repository, engines) - Add prepublishOnly script to ensure build before publish - Expand .gitignore with OS, editor, env, and coverage patterns --- .gitignore | 20 +++++++++++++++ CONTRIBUTING.md | 41 ++++++++++++++++++++++++++++++ LICENSE | 21 ++++++++++++++++ README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 25 ++++++++++++++++++- 5 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 README.md diff --git a/.gitignore b/.gitignore index db1d324..8f309f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,23 @@ node_modules/ dist/ .serena/ + +# OS +.DS_Store +Thumbs.db + +# Editor +*.swp +*.swo +*~ +.idea/ +.vscode/ +*.sublime-project +*.sublime-workspace + +# Environment +.env +.env.local + +# Coverage +coverage/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..94d7b67 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,41 @@ +# Contributing to lgtmit + +Thanks for your interest in contributing! + +## Development setup + +```bash +git clone https://github.com/mitsuru/lgtmit.git +cd lgtmit +npm install +npm run build +``` + +## Scripts + +| Command | Description | +|---|---| +| `npm run build` | Compile TypeScript to `dist/` | +| `npm run dev` | Watch mode for development | +| `npm test` | Run unit tests | + +## Code style + +- TypeScript with strict mode +- ESM (`"type": "module"`) +- Zero external runtime dependencies — Node.js built-ins only +- `.js` extensions in imports (required for ESM) + +## Pull requests + +1. Fork the repo and create a feature branch +2. Make your changes +3. Run `npm test` and `npx tsc --noEmit` to verify +4. Submit a PR with a clear description of the change + +## Reporting bugs + +Open an issue on GitHub with: +- What you expected to happen +- What actually happened +- Steps to reproduce diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2683fa3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 Mitsuru Hayasaka + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..ab800dc --- /dev/null +++ b/README.md @@ -0,0 +1,66 @@ +# lgtmit + +Make `curl | bash` installations safe with AI-powered script review. + +## What is this? + +`lgtmit` is a CLI stdout filter that sits between `curl` and `bash`, using Claude to review installation scripts before execution. + +```bash +npx lgtmit -- curl https://example.com/install -fsS | bash +``` + +**Without lgtmit:** You blindly pipe remote scripts into your shell. + +**With lgtmit:** Claude reviews the script first. If it's safe, the script passes through. If not, a warning script with `exit 1` is output instead — so `bash` never runs anything dangerous. + +## How it works + +``` +user command → lgtmit fetches script → Claude reviews it + → safe: original script → stdout → bash executes it + → unsafe: warning script (exit 1) → stdout → bash exits safely +``` + +All logs go to stderr. Only the script (or warning) goes to stdout. This keeps the pipe clean. + +## Install + +```bash +npm install -g lgtmit +``` + +Requires [Claude CLI](https://docs.anthropic.com/en/docs/claude-cli) (`claude`) to be installed and authenticated. + +## Usage + +```bash +# Review and execute an install script +npx lgtmit -- curl https://example.com/install -fsS | bash + +# Dry-run: fetch and display the script without review +npx lgtmit --dry-run -- curl https://example.com/install -fsS +``` + +### Options + +| Option | Description | +|---|---| +| `--dry-run` | Fetch and output script without review | +| `--` | Separator between lgtmit options and the fetch command | + +## Requirements + +- Node.js 18+ +- [Claude CLI](https://docs.anthropic.com/en/docs/claude-cli) installed and authenticated + +## Design principles + +- **Fail-safe:** Any review failure (timeout, parse error, missing CLI) is treated as unsafe +- **Zero external deps:** Node.js built-in modules only +- **stdout/stderr separation:** stdout carries only the script; all logs go to stderr +- **lgtmit always exits 0:** Never breaks the pipe — safety is communicated through the output script + +## License + +[MIT](LICENSE) diff --git a/package.json b/package.json index 76e0f93..19a7a4d 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,30 @@ "build": "tsc", "dev": "tsc --watch", "test": "vitest run", - "test:watch": "vitest" + "test:watch": "vitest", + "prepublishOnly": "npm run build" + }, + "keywords": [ + "security", + "curl", + "bash", + "script-review", + "ai", + "claude", + "cli", + "install-safety" + ], + "author": "Mitsuru Hayasaka", + "repository": { + "type": "git", + "url": "https://github.com/mitsuru/lgtmit.git" + }, + "homepage": "https://github.com/mitsuru/lgtmit", + "bugs": { + "url": "https://github.com/mitsuru/lgtmit/issues" + }, + "engines": { + "node": ">=18" }, "devDependencies": { "@types/node": "^22.0.0", From d10e6e8b72e959f544c5e9ad4ba25fd564ef7173 Mon Sep 17 00:00:00 2001 From: Mitsuru Hayasaka Date: Sun, 8 Feb 2026 01:37:44 +0900 Subject: [PATCH 2/2] Fix Claude Code documentation links in README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Claude CLI → Claude Code to match the actual tool used (claude -p) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab800dc..710f925 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ All logs go to stderr. Only the script (or warning) goes to stdout. This keeps t npm install -g lgtmit ``` -Requires [Claude CLI](https://docs.anthropic.com/en/docs/claude-cli) (`claude`) to be installed and authenticated. +Requires [Claude Code](https://docs.anthropic.com/en/docs/claude-code) (`claude`) to be installed and authenticated. ## Usage @@ -52,7 +52,7 @@ npx lgtmit --dry-run -- curl https://example.com/install -fsS ## Requirements - Node.js 18+ -- [Claude CLI](https://docs.anthropic.com/en/docs/claude-cli) installed and authenticated +- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) installed and authenticated ## Design principles