Detalhes do pacote

@getjavelin/overwatch

getjavelin4.4kSEE LICENSE IN LICENSE2.0.1

Overwatch AI Gateway - Secure wrapper for AI CLI tools with Javelin Guardrails

ai, llm, mcp, security

readme (leia-me)

🛡️ Overwatch - Secure AI CLI Wrapper

Overwatch is a universal security wrapper for AI CLI tools that adds Javelin Guardrails protection to any AI command-line interface.

⚠️ Platform Support:

  • macOS: Full support (Apple Silicon and Intel) with pre-built binaries
  • Linux: Supported - requires building from source (see below)
  • Windows: Coming soon

Features

  • 🔒 Universal AI Tool Wrapping - Secure any AI CLI tool (Claude, llm, aider, etc.)
  • 🛡️ Javelin Guardrails Integration - Enterprise-grade security and compliance
  • 🚀 Zero Configuration - Works out of the box with sensible defaults
  • 🔄 Transparent Proxy - Automatically routes AI requests through security layer
  • 📊 Policy Enforcement - Apply custom security policies to AI interactions
  • 🎯 MCP Support - Full Model Context Protocol support with security

Installation

macOS (Pre-built binaries)

npm install -g @getjavelin/overwatch

Linux (Build from source)

On Linux, you need to build the proxy binary from source first:

# Install Rust if not already installed
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Clone and build
git clone https://github.com/getjavelin/javelin-ramparts.git
cd javelin-ramparts
cargo build --release -p ramparts-proxy

# Install the binary
sudo cp target/release/ramparts-proxy /usr/local/bin/

# Now install Overwatch
npm install -g @getjavelin/overwatch

Quick Start

1. Install

npm install -g @getjavelin/overwatch

During installation, you'll be prompted to configure Javelin Guardrails:

🔧 Javelin Guardrails Configuration
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Get your API key:
  👉 https://sandbox.javelin.live

Enter your Javelin API Key: ****
Javelin API URL [https://sandbox.javelin.live]:

✅ Configuration saved successfully!

Configuration is saved to ~/.overwatch/config.json and used automatically.

2. Use Overwatch

Simply prefix any AI CLI tool with overwatch:

# Secure Claude CLI - ALL LLM and MCP calls intercepted
overwatch claude "Hello, how are you?"

# Secure llm CLI
overwatch llm "What is the weather today?"

# Secure Gemini
overwatch gemini "Explain quantum computing"

# Works with ANY AI tool
overwatch <your-ai-tool> [args...]

What happens:

  • ✅ Loads credentials from ~/.overwatch/config.json
  • ✅ Applies default security policy automatically
  • ✅ Proxy auto-starts on available port (8081+)
  • ✅ Environment variables set to route ALL API calls through proxy
  • ✅ Your AI tool runs normally
  • Every LLM call (OpenAI, Anthropic, Google, etc.) → secured
  • Every MCP call (tools, resources, prompts) → secured
  • ✅ All requests validated with Javelin Guardrails
  • ✅ Secrets automatically blocked/redacted in responses
  • ✅ Responses flow back to your tool

No exports needed! Configuration is automatic.

Security Policies

Default Policy (Automatic)

Overwatch automatically installs and applies a comprehensive security policy during installation:

  • 📋 Installed to: ~/.overwatch/default-policy.yaml
  • 🔄 Auto-updated: Policy file is refreshed on each npm install
  • Secret Detection in Prompts - Blocks prompts containing API keys, tokens, passwords (local + cloud)
  • Secret Detection in Responses - Redacts API keys, AWS keys, SSH keys, JWTs, etc.
  • Jailbreak Protection - Blocks prompt injection and jailbreak attempts
  • SSRF Protection - Blocks requests to private IP ranges
  • File System Protection - Restricts access to sensitive directories (.ssh, .aws, /etc, etc.)
  • Tool Restrictions - Blocks dangerous tools (shell, exec, delete, etc.)
  • MCP Server Controls - Per-server tool and resource restrictions

No configuration needed! The default policy is installed and applied automatically.

Secret Detection (Defense-in-Depth)

Overwatch provides two layers of secret detection:

  1. Local Policy (Fast) - Blocks secrets in prompts before they reach the LLM

    • Instant blocking using regex patterns
    • Works offline (no API call needed)
    • Configurable via llm.blockSecrets in policy file

  2. Javelin Guardrails (Comprehensive) - Cloud-based AI detection

    • Advanced ML-based PII and secret detection
    • Detects obfuscated or encoded secrets
    • Provides detailed threat analysis

Example blocked prompts:

# ❌ BLOCKED by local policy (instant)
overwatch claude "Use my HF_TOKEN=hf_abc123xyz to download the dataset"

# ❌ BLOCKED by local policy (instant)
overwatch claude "Here's my API_KEY=sk-1234567890 for testing"

# ❌ BLOCKED by Javelin Guardrails (cloud)
overwatch claude "My social security number is 123-45-6789"

To disable local secret blocking (keep Javelin cloud detection only):

# In ~/.overwatch/default-policy.yaml
llm:
  blockSecrets: false  # Disable local secret detection

Custom Policies (Optional)

You can customize the policy by:

  1. Editing the default policy directly:

    # Edit the installed default policy
nano ~/.overwatch/default-policy.yaml

  2. Creating a custom policy and updating config:

    # Create your custom policy
cp ~/.overwatch/default-policy.yaml ~/.overwatch/my-policy.yaml
nano ~/.overwatch/my-policy.yaml

# Update config.json to use it
# Edit "policyFile" field in ~/.overwatch/config.json

  3. Using environment variable (temporary override):

    export OVERWATCH_POLICY_FILE=./my-policy.yaml
overwatch claude "test"

Example custom policy (my-policy.yaml):

version: 1
defaultAction: allow

# Block secrets in responses
responseGuards:
  action: block  # or 'redact'
  secretPatterns:
    - type: api_key
      regex: '(?i)(api[_-]?key|apikey)[\s:=]+["\']?([a-zA-Z0-9_\-]{20,})["\']?'
    - type: aws_key
      regex: 'AKIA[0-9A-Z]{16}'

# Restrict file access
fs:
  allow:
    - "${workspace}/**"  # Only workspace files
  deny:
    - "~/.ssh/**"        # Block SSH keys
    - "~/.aws/**"        # Block AWS credentials

# Block dangerous tools
tools:
  deny:
    - "shell"
    - "bash"
    - "exec"

See the default policy file for a complete example.

Configuration

Config File

Configuration is stored in ~/.overwatch/config.json:

{
  "javelin": {
    "apiKey": "your-api-key",
    "apiUrl": "https://sandbox.javelin.live"
  },
  "policyFile": "~/.overwatch/default-policy.yaml",
  "version": "1.0",
  "createdAt": "2025-01-15T10:30:00.000Z"
}

Files installed in ~/.overwatch/:

  • config.json - Main configuration file
  • default-policy.yaml - Default security policy (auto-installed)

Config Commands

# Configure credentials (interactive)
overwatch config set

# Show current configuration
overwatch config show

# Get specific value
overwatch config get JAVELIN_API_KEY

Environment Variables (Optional Overrides)

Variable Description Default
OVERWATCH_POLICY_FILE Override policy file From config.json or ~/.overwatch/default-policy.yaml
OVERWATCH_PROXY_PORT Use specific proxy port Auto (8081+)
OVERWATCH_AUTO_START_PROXY Disable auto-start true
OVERWATCH_VERBOSE Enable verbose logging false

Note: JAVELIN_API_KEY and JAVELIN_API_URL environment variables are ignored. Use overwatch config set to configure credentials.

Examples

Installation & Setup

# Install Overwatch
npm install -g @getjavelin/overwatch

# On first use, Overwatch will prompt for Javelin API credentials
# Or configure manually:
overwatch config set

Basic Usage

# No exports needed! Just use overwatch
# First time you run it, you'll be prompted for Javelin API key
overwatch claude "What is 2+2?"
overwatch llm "Explain AI"
overwatch gemini "Write a haiku"

With Custom Policy

# Use custom policy file
export OVERWATCH_POLICY_FILE=./my-policy.yaml
overwatch claude "Generate a sample API key"  # Blocked by policy

Check Configuration

# Show current config
overwatch config show

# Get specific value
overwatch config get JAVELIN_API_KEY

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for details.

License

Proprietary - see LICENSE for details.

Support

Related Projects

  • Javelin - Enterprise AI Gateway
  • Ramparts - MCP Security Scanner
  • MCP - Model Context Protocol

Made with ❤️ by Javelin

changelog (log de mudanças)

Changelog

All notable changes to the Overwatch npm package will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

  • Default Policy Installation: Default policy file now automatically installed to ~/.overwatch/default-policy.yaml during npm install
  • Policy File in Config: policyFile field added to ~/.overwatch/config.json to specify which policy to use
  • Policy file path is now stored in config and used consistently across npm package and proxy

Changed

  • Default policy location changed from package directory to ~/.overwatch/default-policy.yaml
  • Policy file is now user-editable and persists across npm updates
  • Config file now includes policyFile field pointing to default policy
  • Proxy reads policy file path from config.json if not set via environment variable

[0.2.3] - 2025-10-04

Added

  • LLM Prompt Blocking: Default policy now blocks 13 dangerous prompt patterns
    • Jailbreak attempts ("ignore all previous instructions", "bypass restrictions")
    • System prompt extraction ("show me your system prompt")
    • Role manipulation ("you are now a different ai")
    • Whitelist support via llm.allowPatterns for legitimate uses
  • Pattern matching happens before Javelin Guardrails validation
  • Case-insensitive regex matching for prompt patterns

Changed

  • macOS-only support: Removed Linux and Windows builds
    • Only darwin-arm64 and darwin-x64 supported
    • Cleaner, faster build process
  • Security improvement: API key logging changed from ***XXXX to (configured)
    • Prevents any sensitive data leakage in logs

Fixed

  • Security issue: No part of API key is logged anymore

[0.2.2] - 2025-10-04

Changed

  • Configuration now uses ONLY ~/.overwatch/config.json
  • Environment variables are completely ignored
  • overwatch config set is the only way to configure credentials

Fixed

  • Environment variable override issue resolved

[0.2.1] - 2025-10-04

Changed

  • Postinstall script now always prompts for configuration if terminal is interactive
  • Removed global install check

0.1.0 - 2025-01-03

Added

  • Initial release of @getjavelin/overwatch npm package
  • Universal AI CLI wrapper functionality
  • Automatic proxy server management
  • Support for wrapping any AI CLI tool (claude, llm, aider, etc.)
  • Javelin Guardrails integration
  • MCP (Model Context Protocol) support
  • Programmatic API for Node.js applications
  • LLMWrapper class for LLM interactions
  • MCPWrapper class for MCP server interactions
  • OverwatchProxy class for proxy management
  • CLI commands: overwatch <tool>, overwatch proxy, overwatch config
  • Environment variable configuration
  • Policy file support
  • Comprehensive documentation and examples

Features

  • Zero-configuration setup with sensible defaults
  • Automatic proxy startup and health checking
  • Transparent request interception
  • Support for multiple AI providers (OpenAI, Anthropic, etc.)
  • Streaming support for LLM responses
  • HTTP, SSE, and stdio transport support for MCP
  • Platform-specific binary resolution

Documentation

  • README with quick start guide
  • API documentation
  • Usage examples
  • Configuration guide
  • Troubleshooting section