🛡️ Vanguard: AI Supply Chain Firewall

$3

![npm version](https://www.npmjs.com/package/vanguard-cli)
![License: MIT](https://opensource.org/licenses/MIT)
![AI Power](https://deepmind.google/technologies/gemini/)
![Build Status](https://github.com/bazobehram/vanguard/actions)

Intercepts git clone & git pull to detect malware, backdoors, and vulnerabilities

BEFORE they reach your disk. Powered by Hybrid Intelligence.

Installation • Quick Start • How It Works • Configuration

---

🚀 Why Vanguard?

Modern software supply chain attacks are sophisticated. Traditional antiviruses miss them. Vanguard acts as a firewall between the internet and your codebase.

* 🧠 Hybrid Intelligence: Combines Google Gemini 2.0's reasoning with a curated Threat Intelligence DB and OSV.dev vulnerability data.
* ⚡ Zero-Latency Caching: Uses SHA-256 hashing to memorize safe files. Re-scanning a project takes milliseconds.
* 🔒 Privacy First: Supports Local Ollama. Your code never leaves your machine if you choose local models.
* 🛡️ Proactive Defense: It doesn't just scan; it intercepts Git commands to prevent bad code from reaching your disk.
* ⚡ Flexible Audit Modes: Choose between a Quick Audit (targeting configuration and entry files) or a Deep Audit (full behavioral analysis of all code files).

---

🏗️ Architecture

Vanguard operates as a protective layer between your command line and the remote repository, combining local heuristics with global intelligence.

``

mermaid

graph TD

    User["User Command (clone/pull)"] --> CLI["Vanguard CLI"]

    CLI --> Cache{"Cache Check (SHA-256)"}

    Cache -- "Hit (Safe)" --> Finish["Verdict: PASS"]

    Cache -- "Miss" --> Sync["Sync Intelligence"]

    Sync --> DB["GitHub Threat DB"]

    Sync --> OSV["OSV.dev API"]

    DB --> Analysis["AI Analysis"]

    OSV --> Analysis

    Analysis -- "Gemini 2.0 / Ollama" --> Verdict{"Verdict"}

    Verdict -- "Malicious" --> Block["Verdict: BLOCK"]

    Verdict -- "Clean" --> SaveCache["Save to Cache"]

    SaveCache --> Finish





---



📦 Installation



Ensure you have Node.js (v18+) installed.

bash

npm install -g vanguard-cli





---



🚀 Quick Start



$3

Integrate Vanguard with your shell (Bash, Zsh, Fish, PowerShell) to automatically scan every

git clone

bash

vanguard integrate





$3

Verify if the firewall is active or if you are in a protected session.

bash

vanguard status





$3

Setup your Gemini API key or local Ollama endpoint:

bash

vanguard config





$3

Audit and clone any repository in a single command. Vanguard isolates the repo in a sandbox first.

bash

vanguard clone





$3

Safely update your local codebase. Vanguard audits the diff before merging.

bash

vanguard pull

``

---

🤝 Contribution

We welcome contributors! Please see our CONTRIBUTING.md for local setup instructions and the CODE_OF_CONDUCT.md for community guidelines.

🔐 Security

To report a vulnerability or an exploit bypass, please follow the protocol in SECURITY.md.

---

⚖️ License