Overtrust is an AI-era workstation security scanner. Deterministic. No LLMs.
OVERTRUST │ Trust Score: 34/100 [████████░░░░░░░░░░░░░░░░] CRITICAL
───────────┼───────────────────────────────────────────────────────────────────
Scan Log │ Overview │ Findings (8)
───────────┤ ● 3 critical │ [CRIT] AWS credentials file [9.0]
.env │ ● 2 high │ [CRIT] Anthropic key in .env [9.0]
creds │ ● 1 medium │ [CRIT] Auth provider extension [9.5]
pkg.json │ ● 1 low │ [HIGH] Extension terminal access [8.0]
Dockerf.. │ │ [HIGH] SSH private key exposed [7.5]
✓ done │ Press v for graph │ [HIGH] Debug adapter [8.0]
───────────┴───────────────────────┴───────────────────────────────────────────
Detail
Rule: EXT-003 │ File: .vscode/extensions/ai-code-helper/package.json
Severity: CRITICAL │ Score: 9.5
Extension 'ai-code-helper' is an authentication provider
contributes.authentication — can intercept auth tokens
Linux / macOS
git clone https://github.com/cheese-cakee/overtrust.git
cd overtrust
cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build -j$(nproc)
./build/overtrustWindows
Tip
Install Visual Studio 2022 with the Desktop development with C++ workload, and CMake — tick "Add CMake to the system PATH" during install.
git clone https://github.com/cheese-cakee/overtrust.git
cd overtrust
cmake -B build -DCMAKE_BUILD_TYPE=Release -G "Visual Studio 17 2022"
cmake --build build --config Release -j
.\build\Release\overtrust.exe./build/overtrust # scan $HOME (TUI mode)
./build/overtrust /path/to/project # scan a specific directory
./build/overtrust demo/ # try the included demo fixtures
./build/overtrust --no-tui # headless JSON output to stdout
./build/overtrust --report out.json # write full JSON report to file
./build/overtrust --exit-code # exit 1 if any findings found (CI use)| Flag | Description |
|---|---|
<path> |
Directory to scan (default: $HOME) |
--no-tui |
Headless mode — prints findings as JSON to stdout |
--report <file> |
Write full JSON report to file after scan |
--exit-code |
Exit with code 1 if any findings exist (useful in CI) |
--version |
Print version and exit |
-h, --help |
Show usage |
Note
--no-tui is automatically activated when stdout is not a TTY (e.g. piped or redirected), making it safe to use in scripts and CI without extra flags.
| Category | What Overtrust Finds |
|---|---|
| IDE Extensions | Terminal access, auth providers, debug adapters, always-on activation |
| npm Packages | Preinstall/postinstall scripts, curl|bash patterns |
| Dockerfiles | Root containers, curl|bash RUN instructions |
| Secrets | AWS keys, GitHub tokens, Anthropic/OpenAI keys, Stripe, PEM certs |
| Credentials Files | ~/.aws/credentials, .env files, SSH private keys |
| Kubernetes | ~/.kube/config — may contain cluster credentials and bearer tokens |
| Shell History | .bash_history, .zsh_history — may contain secrets typed in plain text |
| Processes (Linux) | CAP_SYS_PTRACE, CAP_SYS_ADMIN, open sensitive file descriptors |
| Processes (Windows) | SeDebugPrivilege, SeTcbPrivilege, elevated tokens, dangerous privileges |
| AI Tools | Cursor, Copilot, Codeium and others running with access to your secrets |
| Key | Action |
|---|---|
↑ / k |
Previous finding |
↓ / j |
Next finding |
v |
Toggle graph view (overview ↔ trust graph canvas) |
r |
Re-scan |
e |
Export JSON report and exit |
? |
Toggle help overlay |
q |
Quit |
100 → 80 TRUSTED Green System looks clean
79 → 50 MODERATE Yellow Some risks, review findings
49 → 25 HIGH RISK Orange Significant exposure
24 → 0 CRITICAL Red Immediate action needed
Score = 100 - clamp(Σ(finding.score) × 2, 0, 100)
Create a .overtrustignore or .trustignore file in the scanned directory to skip paths:
# ignore local dev directories
.dev-secrets/
vendor/
my-test-env/
Lines starting with # are comments. Both file/directory names and path substrings are matched.
The demo/ directory ships with intentionally bad configs — a ready-made target for testing:
./build/overtrust demo/
# Expected trust score: ~0–15 (Critical)| Fixture | What it triggers |
|---|---|
demo/.vscode/extensions/ai-code-helper/ |
Terminal, auth provider, debug adapter, webview |
demo/.aws/credentials |
AWS credentials file |
demo/.env |
OpenAI, Anthropic, Stripe, GitHub keys |
demo/packages/evil-npm/ |
curl | bash in preinstall script |
demo/Dockerfile |
curl | bash + no USER directive |
demo/scripts/deploy.sh |
Hardcoded secrets |
# .github/workflows/overtrust.yml
- name: Run overtrust
run: |
cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build -j$(nproc)
./build/overtrust ${{ github.workspace }} --exit-code --report overtrust.json
- name: Upload report
uses: actions/upload-artifact@v4
with:
name: overtrust-report
path: overtrust.json--exit-code makes the step fail if any findings are found. Pipe the JSON output to your security dashboard or SIEM.
src/
├── main.cpp Entry point, CLI args, signal handling, TUI/headless dispatch
├── scanner/
│ ├── walker.cpp Recursive filesystem walker, skips noise dirs, respects ignore files
│ ├── classifier.cpp File type detection (path heuristics + magic bytes)
│ ├── manifest.cpp VS Code / npm / Dockerfile parsers → Findings
│ ├── secrets.cpp Keyword filter → regex → entropy → FP guard
│ ├── procscanner_linux.cpp /proc caps, namespace inodes, sensitive FD scan
│ ├── procscanner_win.cpp Win32 process enumeration, token privileges, elevation check
│ └── engine.cpp ScanEngine: orchestrates all phases in a background thread
├── graph/
│ └── graph.cpp TrustGraph: DFS reachability, permission closure, Tarjan SCC
├── tui/
│ ├── app.hpp FTXUI App: 5-panel layout, live updates, keybindings
│ ├── splash.hpp Splash screen with ASCII banner
│ ├── widgets.hpp Reusable FTXUI elements (trust bar, finding rows, detail panel)
│ ├── colors.hpp Severity + score color palette
│ └── graph_view.hpp Compact tree + visual canvas graph renderers
└── report.cpp JSON report export
include/overtrust/
├── version.hpp Version constants (APP_NAME, VERSION)
├── types.hpp Finding, ScanState, ScanSummary, Severity, next_finding_id()
├── scanner.hpp ScanCallbacks, walk_directory, ignore file loading
├── classifier.hpp FileKind enum, classify_file()
├── manifest.hpp VsCodeExtManifest, NpmManifest, DockerfileManifest
├── secrets.hpp SecretMatch, scan_for_secrets(), shannon_entropy()
├── procscanner.hpp ProcessInfo, CapEntry, scan_processes(), is_ai_tool()
├── graph.hpp TrustGraph, GraphNode, GraphEdge, compute_trust_score()
├── engine.hpp ScanEngine
└── report.hpp write_json_report()
| Component | Library | Why |
|---|---|---|
| TUI | FTXUI v5 | Declarative, beautiful, active maintenance |
| JSON | nlohmann/json v3.11 | Single-header, zero drama |
| Rules | Hardcoded C++ | Zero deps, deterministic, no YAML parse attack surface |
| Filesystem | std::filesystem (C++17) |
No deps, recursive walk with permission skip |
| Processes (Linux) | /proc pseudo-FS |
Zero kernel modules, read-only |
| Processes (Windows) | Win32 CreateToolhelp32Snapshot + Advapi32 |
Pure Win32, no admin required |
| Build | CMake 3.16+ with FetchContent |
Auto-fetches FTXUI and nlohmann/json |
No. Overtrust only reads files and /proc entries it already has permission to access. Anything it can't read is silently skipped. On Windows, process enumeration works without elevation — privilege details for protected processes are simply omitted.
Never. All analysis is fully local. No telemetry, no crash reports, no network calls of any kind.
- Offline-first — no API keys, no cloud, no tokens consumed
- Deterministic — identical input always produces identical output
- AI-aware — specifically built for the new attack surface created by AI coding tools with broad filesystem access
- Single binary — one statically-linked executable, no runtime dependencies
Those tools find secrets in code. Overtrust finds what already has access to your secrets right now — running processes, IDE extensions with elevated permissions, misconfigured containers, and credential files sitting in readable directories.
PRs welcome. Read the code first — it's small and well-commented.
MIT — see LICENSE
Built with C++17, FTXUI, and systems knowledge. No AI was used in the detection logic.