Metadata-Version: 2.4
Name: aientrophy-nightwatch
Version: 0.2.0
Summary: Real-time file monitoring agent with YARA scanning and AI-powered malware analysis
Author-email: LEVELTHREE <info@aientrophy.com>
License: Proprietary
Project-URL: Homepage, https://aientrophy.com
Project-URL: Repository, https://github.com/injaehwang/aientrophy-nightwatch
Keywords: malware,security,yara,file-monitoring,antivirus
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: System Administrators
Classifier: Topic :: Security
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: POSIX :: Linux
Classifier: License :: Other/Proprietary License
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: watchdog>=4.0
Requires-Dist: httpx>=0.27
Requires-Dist: pyyaml>=6.0
Requires-Dist: click>=8.1
Requires-Dist: rich>=13.0
Provides-Extra: yara
Requires-Dist: yara-python>=4.5; extra == "yara"
Provides-Extra: magic
Requires-Dist: python-magic>=0.4; extra == "magic"
Provides-Extra: cloud
Requires-Dist: fastapi>=0.115; extra == "cloud"
Requires-Dist: uvicorn>=0.32; extra == "cloud"
Requires-Dist: anthropic>=0.40; extra == "cloud"
Requires-Dist: python-multipart>=0.0.12; extra == "cloud"
Provides-Extra: dev
Requires-Dist: pytest>=8.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.24; extra == "dev"
Requires-Dist: ruff>=0.8; extra == "dev"
Provides-Extra: all
Requires-Dist: yara-python>=4.5; extra == "all"
Requires-Dist: python-magic>=0.4; extra == "all"
Requires-Dist: fastapi>=0.115; extra == "all"
Requires-Dist: uvicorn>=0.32; extra == "all"
Requires-Dist: anthropic>=0.40; extra == "all"
Requires-Dist: python-multipart>=0.0.12; extra == "all"

# Aientrophy Nightwatch

Real-time file monitoring agent with YARA scanning and AI-powered malware analysis.

## Features

- **Real-time file monitoring** — watchdog-based filesystem watcher with event deduplication
- **Multi-layer scanning pipeline** — Hash DB → Extension mismatch → YARA rules → Cloud AI
- **YARA rule engine** — Compiled rule matching with auto-update from cloud
- **Extension disguise detection** — Detects executables/scripts masquerading as images/documents
- **Quarantine management** — Automatic isolation with metadata tracking and restore capability
- **Cloud AI analysis** — Escalates suspicious files to Claude API for deep inspection
- **Lightweight agent** — ~50MB RAM footprint, all heavy analysis offloaded to cloud

## Quick Start

```bash
# Install
pip install aientrophy-nightwatch

# Scan a single file
nightwatch scan /path/to/suspicious/file

# Start monitoring daemon
nightwatch start --config /etc/aientrophy/agent.yml

# Check status
nightwatch status
```

## One-line Server Install

```bash
curl -sL https://install.aientrophy.com/agent | sudo bash -s -- --key YOUR_API_KEY
```

## Configuration

```yaml
watch:
  paths:
    - /var/www
    - /tmp
  recursive: true

scan:
  yara_rules_dir: /var/lib/aientrophy/yara-rules
  hash_db_path: /var/lib/aientrophy/hash-db/malware_hashes.txt

action:
  on_detect: quarantine  # quarantine | alert | block

cloud:
  server: https://malware.aientrophy.com
```

## Requirements

- Python 3.10+
- Linux (recommended) or Windows

## Links

- Homepage: https://aientrophy.com
- Documentation: https://docs.aientrophy.com/nightwatch
