🦀 Core Security Engine (Rust Layer)

• High Velocity Loop Break: Heuristic detection of repetitive command patterns (e.g. recursive npm install loops) to force automatic agent suspension.
• The Janitor Protocol: Intelligent auto whitelisting of standard Windows system maintenance paths (%TEMP%, Prefetch, Logs) to eliminate alert fatigue.
• PID Chokehold: Dynamic monitoring and CPU usage throttling. Instantly drops a rogue agent's OS priority to IDLE using Windows WMIC or POSIX renice commands.

🧠 The Brain & The Shield

• Gag Order (PII Sanitizer): Real time entropy and regex scanning for OpenAI AWS keys, credit cards, and emails in outbound strings.
• Faraday Clipboard Guard: Actively calculates Shannon Entropy on your OS clipboard. If it detects a stolen secret, it instantly overwrites your clipboard with a decoy string to prevent pasting and exfiltration.
• Child Process Quarantine: Hierarchical scanning that tracks and restricts permissions for any process spawned by a monitored parent agent.

📦 The Black Box (Forensics)

• Cryptographic Ledger: A blockchain style FNV hash chain that ensures audit logs are immutable and tamper proof.
• Supply Chain Auditor: Real time CVE scanning against the workspace package.json for known malware dependencies.
• Predictive Blast Radius: Recursive import scanner that visually maps exactly what will break in your project before you approve a file deletion.

🚀 v1.2 Roadmap : True Sandboxing & Autonomous Defense

Moving from a passive EDR tool to a true Zero Trust Sandbox requires native hardware drivers and autonomous intelligence. These are currently under active development:

• Autonomous Reasoning Loop (Local LLM): A lightweight, internally hosted reasoning agent that will automatically triage events, correlate velocity spikes with honeypot triggers, and dynamically rotate decoys without human intervention.
• Linux eBPF Probes: Kernel level hooks to intercept sys_enter_openat and sys_enter_mkdir.
• Windows Minifilters: Native file system drivers for absolute Windows execution blocking.
• macOS Endpoint Security Framework (ESF): Strict entitlements for Apple silicon.
• Network Ghost Mode: Local root certificate authority for intercepting and spoofing TLS traffic without payload execution.

⚙️ Under the Hood

Kavach is built for absolute performance and zero latency, running entirely locally on your machine with zero cloud dependencies.

• The Engine (Rust): The core interception logic, OS execution hooks, and cryptographic file caching are written in Rust for memory safety and bare metal speed.
• The Command Center (React TypeScript): The FUI dashboard operates in an isolated webview, ensuring the UI thread never blocks the security engine.
• The Bridge (Tauri): Secure asynchronous Inter Process Communication (IPC) bridges the frontend dashboard and the Rust watcher.

💻 Zero Config Deployment

1. Download: Grab the latest installer for your operating system from the Releases Page.
2. Launch: Run the executable (e.g. Akshays.Kavach_1.1.0_x64-setup.exe). (Note: Windows requires running as Administrator for process termination; macOS requires Full Disk Access).
3. Arm: Select your workspace directory in the UI. Kavach immediately locks down the perimeter.

📞 Direct Line & Feedback

Kavach features a "Direct Line" communication module for users to report anomalies, suggest features, or collaborate.

• Developer: Akshay Sharma
• Feedback: Use the [ COMM LINK ] terminal button inside the application to route encrypted feedback directly to the developer inbox via your OS default mail client.

📜 License

Kavach is proudly released under the GNU General Public License v3.0 (GPLv3). Permanent attribution to Akshay Sharma is required in all forks, distributions, and derivatives, and any modifications must remain open source under the same license terms.