Windows support: hook guard, scanner, and tray app

[kobzevvv]

Goal

Support Windows developers using AI coding agents (Claude Code, Cursor, Windsurf). Currently vibe-sec is macOS-only.

Why

Claude Code fully supports Windows (including ARM64 + winget install as of Feb 2026). The hooks system (PreToolUse in ~/.claude/settings.json) is identical on both platforms. Growing audience of vibe-coders on Windows who need the same protection.

Architecture decision

Mono-repo with process.platform branching — not a separate repo.

• Hook guard and scanner are Node.js — 80-95% already cross-platform
• npx vibe-sec setup should work on both OSes from one npm package
• Only the tray app needs a separate project (Tauri, see Phase 3)

---

Phase 1: Hook guard on Windows (~1-2 hours)

The hook guard (scripts/hook.mjs) is 95% cross-platform already. All pattern detection (CATASTROPHIC, SENSITIVE_READ, EXFIL) is pure regex.

What needs changing:

• Replace osascript notification with PowerShell toast notification on win32
• Test hook installation via install-hooks.mjs on Windows (already uses os.homedir() + path.join())
• Verify hook stdin/stdout contract works with PowerShell execution

Phase 2: Scanner checks for Windows (~4-6 hours)

Already cross-platform (no changes needed)

• ✅ Claude Code settings (dangerousMode, MCP tokens)
• ✅ Prompt injection indicators in sessions
• ✅ CLAUDE.md hardening rules
• ✅ Git repos (.env tracked, secrets in history)
• ✅ CLI tokens & service account keys on disk
• ✅ Claude paste cache & shell snapshots
• ✅ MCP tool descriptions (injection patterns)
• ✅ Git credential store (plaintext passwords)
• ✅ Terraform state files with secrets

Need Windows branches

Check	macOS	Windows equivalent
Open ports	lsof -iTCP -sTCP:LISTEN	netstat -ano | findstr LISTENING or Get-NetTCPConnection -State Listen
Firewall	defaults read com.apple.alf globalstate	Get-NetFirewallProfile | Select-Object Name,Enabled
Shell history secrets	~/.zsh_history, ~/.bash_history	PowerShell history: (Get-PSReadLineOption).HistorySavePath
Screen lock	defaults read com.apple.screensaver	Skip or check power plan settings
Homebrew outdated	brew outdated	winget upgrade or choco outdated
Docker Compose exposure	Works, but paths differ	Same logic, add Windows path patterns

New Windows-specific checks to add

• Windows Defender status (Get-MpComputerStatus)
• Remote Desktop enabled check
• PowerShell execution policy check
• Windows Credential Manager audit

Remediation text changes

• Keychain → Windows Credential Manager (cmdkey /add:...)
• brew → winget / choco
• chmod → icacls for file permissions
• launchctl → Task Scheduler references

Phase 3: Daemon for Windows (~2-3 hours)

• Replace launchd plist with Windows Task Scheduler (schtasks /create /tn "vibe-sec" /tr "node scan-daemon.mjs" /sc daily)
• Add setup-daemon.mjs Windows branch
• Test daily scan trigger + notification

Phase 4: Tray app with Tauri (~2-3 days)

Replace current Swift menubar app with Tauri 2.0 for cross-platform support:

• One codebase → macOS + Windows + Linux
• 2.5 MB bundle (vs 85 MB Electron)
• Built-in system tray API
• Rust backend for file watching + state reading
• Web frontend for settings UI

This would be a new repo (e.g., vibe-sec-tray) or live in apps/tray/ within mono-repo.

Phase 5: CI testing (~1 hour)

• Add GitHub Actions matrix with windows-latest (free for public repos)
• Create test event fixtures for hook guard
• Add OS-specific check tests with mocked process.platform

strategy:
  matrix:
    os: [macos-latest, windows-latest]
runs-on: ${{ matrix.os }}

---

Proposed file structure changes

lib/
  os-checks/
    darwin.mjs    # macOS-specific: lsof, firewall, keychain, launchd
    win32.mjs     # Windows-specific: netstat, defender, credential manager, schtasks
    common.mjs    # Shared: git, env, claude settings, prompt injection

Testing strategy

1. CI: GitHub Actions windows-latest runner — automated, free, real Windows
2. Local: VMware Fusion (free) or Parallels for hands-on debugging
3. Unit: Mock process.platform for branching logic tests

Scope explicitly excluded

• Web-based agents (Claude.ai, ChatGPT web) — sandboxed, no filesystem access, no need for protection
• Linux support — can be added later with same approach (Phase 2 checks mostly work, daemon needs systemd)