Metadata-Version: 2.1
Name: stillrunning
Version: 2.5.0
Summary: AI-powered supply chain security. Blocks malicious packages at install and import time. Works with Claude Code, Cursor, Devin, and every AI coding agent.
Author: johhnyg
Project-URL: Homepage, https://stillrunning.io
Project-URL: Repository, https://github.com/johhnyg/stillrunning
Project-URL: Issues, https://github.com/johhnyg/stillrunning/issues
Project-URL: Documentation, https://stillrunning.io/docs
Keywords: security,supply-chain,import-hook,mcp,claude,cursor,devin,pip,npm,ai-agents
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: MacOS
Classifier: Operating System :: Microsoft :: Windows
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: System :: Monitoring
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Security
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE

# stillrunning

> Supply chain security for developers and AI coding agents.
> Blocks malicious packages at install AND import time.

![Version](https://img.shields.io/badge/version-2.1.0-blue)
![Protected by stillrunning](https://stillrunning.io/badge/protected)
![Python](https://img.shields.io/badge/python-3.8+-green)
![License](https://img.shields.io/badge/license-MIT-blue)

## What's new in v2.0

- **Python import hook** — blocks at execution, not just install
- **MCP server** — Claude Code checks packages before installing
- **Interactive Telegram approvals** — default deny, one tap to allow
- **Works with every AI coding agent** — Claude Code, Cursor, Devin, Replit, Windsurf, Aider
- **Autonomous mode** for CI/CD pipelines
- **Hash verification** against PyPI registry

## What it blocks

| Attack Vector | Status |
|--------------|--------|
| `pip install malicious-pkg` | Blocked |
| `pip3 install malicious-pkg` | Blocked |
| `python3 -m pip install malicious-pkg` | Blocked |
| `npm install malicious-pkg` | Blocked |
| `pip install -r requirements.txt` | Scans all packages |
| `import malicious_pkg` | Blocked (via hook) |
| `from malicious_pkg import x` | Blocked (via hook) |

## Known limitations

| Gap | Workaround |
|----|------------|
| `/usr/bin/pip` direct binary | Use import hook for coverage |
| Virtual env pip | Activate intercept or use import hook |
| Conda/poetry/pipx | Manual activation required |

## Quick start (30 seconds)

```bash
pip install stillrunning
stillrunning --setup
```

## Import protection (one line)

```python
import stillrunning.hook
```

## Always-on import protection

```bash
stillrunning --install-hook
```

## Telemetry

stillrunning sends an anonymous heartbeat every 6 hours if you opt in during setup. No email, IP, or log content — just a random ID so we know how many agents are running.

Disable by setting `telemetry: false` in `stillrunning.yaml`.

## Autonomous mode (CI/CD + AI agents)

```bash
export STILLRUNNING_APP_NAME="my-app"
export STILLRUNNING_TELEGRAM_TOKEN="..."
export STILLRUNNING_CHAT_ID="..."
stillrunning --autonomous
```

## MCP / Claude Code integration

Add to `~/.claude/settings.json`:

```json
{
  "mcpServers": {
    "stillrunning": {
      "type": "url",
      "url": "https://stillrunning.io/mcp",
      "name": "stillrunning"
    }
  }
}
```

## Claude Skill

Install the stillrunning skill for automatic package checking in every Claude Code session:

[github.com/johhnyg/stillrunning-skill](https://github.com/johhnyg/stillrunning-skill)

## Works with every AI coding agent

Claude Code, Cursor, Devin, Replit, GitHub Copilot, Windsurf, Aider

Setup: [stillrunning.io/agent-setup](https://stillrunning.io/agent-setup)

## Commands

```bash
stillrunning --setup          # 3-minute setup wizard
stillrunning --doctor         # Health check
stillrunning --install-hook   # Enable always-on import protection
stillrunning --autonomous     # CI/CD mode (no prompts)
stillrunning --allow <pkg>    # Allow a blocked package
stillrunning --block <pkg>    # Manually block a package
stillrunning whitelist add <pkg>    # Add to whitelist
stillrunning whitelist remove <pkg> # Remove from whitelist
stillrunning whitelist list         # Show whitelist
```

## Pricing

| Tier | Price | AI Scans | Features |
|------|-------|----------|----------|
| **Free** | $0 | 0 | Blocklist checks (10/day) |
| **Personal** | $9/mo | 0 | Guard daemon, 1 machine, blocklist |
| **Basic** | $29/mo | 0 | Dashboard, 3 machines, Telegram, blocklist |
| **AI** | $49/mo | 100/day | AI package review, unlimited machines |
| **Enterprise** | $499/mo | 10,000/day | SIEM, SSO, compliance |
| **Enterprise+** | $2,499/mo | Unlimited | Dedicated support, on-prem |

## Badge

```markdown
![Protected by stillrunning](https://stillrunning.io/badge/protected)
```

## Links

- [stillrunning.io](https://stillrunning.io)
- [stillrunning.io/agent-setup](https://stillrunning.io/agent-setup)
- [@bit_bot9000](https://x.com/bit_bot9000)

## License

MIT License

Patent Pending — US Provisional Application filed April 12, 2026
