Skip to content

qualifire-dev/rogue-install

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

Rogue Security — One-Line Installer for Claude Code

Real-time AI agent detection and response (AIDR) for Claude Code. Drop-in security plugin that observes every prompt, tool call, and subagent — flags prompt injections, secret exfiltration, and destructive commands before they reach production.

Quick install

curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-install/main/install.sh | bash

You'll be prompted for your Rogue API key. Get one at https://app.rogue.security/settings/api-keys.

Non-interactive (CI, MDM, dotfile bootstrap)

curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-install/main/install.sh \
  | ROGUE_API_KEY=rsk_xxx \
    ROGUE_ACTOR_EMAIL=you@company.com \
    ROGUE_ACTOR_NAME='Your Name' \
    bash

Set ROGUE_NON_INTERACTIVE=1 to fail fast if any value is missing instead of prompting.

What it does

  1. Validates the API key against https://api.rogue.security/api/v1/hooks/ping.
  2. Writes credentials to ~/.rogue-env (mode 600).
  3. Downloads the rogue-plugin-claude tarball and extracts it to ~/.claude/plugins/cache/rogue-marketplace/rogue/.
  4. Registers the marketplace and enables the plugin in ~/.claude/settings.json: 
    {
  "extraKnownMarketplaces": {
    "rogue-marketplace": {
      "source": { "source": "github", "repo": "qualifire-dev/rogue-plugin-claude" }
    }
  },
  "enabledPlugins": {
    "rogue@rogue-marketplace": true
  }
}
  5. Removes any legacy Rogue HTTP hooks from a previous installer, while preserving every other hook you have.

Existing ~/.claude/settings.json is backed up to ~/.claude/settings.json.bak.

After install

  1. Fully quit Claude Code (Cmd-Q on macOS) and reopen — hooks load on session start, not on hot-reload.
  2. In Claude Code, run /rogue:status to verify the connection.
  3. Open the AIDR dashboard to see live activity.

Requirements

  • Required: curl, tar
  • One of: jq or python3
  • Claude Code: v2.1+ (plugin support landed in 2.1; older versions need the legacy hook-only installer)

That's it. python3 ships by default on every modern Linux distro and on macOS via Xcode Command Line Tools. No git, no jq, no Homebrew required on a fresh box if Python is present.

Flags

When invoking the script directly (bash install.sh ...) rather than via curl | bash:

Flag Env var Default
--api-key KEY ROGUE_API_KEY (prompted)
--email EMAIL ROGUE_ACTOR_EMAIL git config user.email$(whoami)@$(hostname)
--name NAME ROGUE_ACTOR_NAME git config user.name$(whoami)
--api-url URL ROGUE_API_URL https://api.rogue.security
--non-interactive ROGUE_NON_INTERACTIVE=1 off

Advanced (rarely needed):

Env var Default Purpose
ROGUE_PLUGIN_REPO qualifire-dev/rogue-plugin-claude Override plugin source repo (private forks, internal builds)
ROGUE_PLUGIN_BRANCH main Pin a specific branch or tag
ROGUE_ENV_FILE $HOME/.rogue-env Where credentials are written

Security

  • Credentials never leave your machine. ~/.rogue-env is chmod 600 and only sourced by hook subprocesses.
  • No shell-rc patching. The installer does not touch ~/.zshrc, ~/.bashrc, or ~/.profile. Hooks source ~/.rogue-env directly when they fire.
  • Fail-open. If the Rogue API is unreachable, hooks return {} (allow) so Claude Code never hangs. Detection is restored on the next request.
  • Pipe-to-bash: if you'd rather review before running: 
    curl -fsSL https://raw.githubusercontent.com/qualifire-dev/rogue-install/main/install.sh -o install.sh
less install.sh
bash install.sh
  • Verify on disk after install: 
    ls -l ~/.rogue-env                                          # mode 600
cat ~/.claude/plugins/cache/rogue-marketplace/rogue/.claude-plugin/plugin.json

Uninstall

# 1. Remove the plugin
rm -rf ~/.claude/plugins/cache/rogue-marketplace

# 2. Remove credentials
rm -f ~/.rogue-env

# 3. Disable in settings (or hand-edit ~/.claude/settings.json):
#    Delete the "rogue@rogue-marketplace" entry under enabledPlugins
#    and the "rogue-marketplace" entry under extraKnownMarketplaces.

To reinstall, just re-run the one-liner.

Upgrade

Re-run the installer. It pulls the latest plugin tarball and rewrites ~/.claude/settings.json idempotently — your other hooks and plugins are untouched. Existing settings are backed up to settings.json.bak first.

How it differs from the legacy installer

The previous installer (claude-hooks-installer.sh) wrote raw HTTP hooks straight into ~/.claude/settings.json::hooks. That worked, but:

  • HTTP hooks need env vars set before Claude Code starts, forcing shell-rc patching.
  • It bypassed Claude Code's plugin manager — no /plugin list visibility, no clean uninstall.
  • The Cowork plugin validator rejected the HTTP-with-${user_config.*}-headers shape.

This installer ships the plugin via Claude Code's native plugin cache and uses command hooks that re-source credentials on every fire. The legacy HTTP-hook entries are stripped automatically when you upgrade.

Troubleshooting

API key validation failed (HTTP 401) — key is wrong or revoked. Generate a fresh one at https://app.rogue.security/settings/api-keys.

'tar' is required but missing — install via brew install gnu-tar (macOS) or sudo apt-get install tar (Debian). Bone-rare; tar is on every machine made in the last 30 years.

Need either 'jq' or 'python3'

  • macOS: xcode-select --install
  • Debian/Ubuntu: sudo apt-get install python3
  • Fedora/RHEL: sudo dnf install python3

settings.json is not valid JSON — your existing ~/.claude/settings.json has a syntax error. Fix it (look for a trailing comma or unquoted key) or mv ~/.claude/settings.json ~/.claude/settings.json.broken and re-run.

Plugin doesn't show up in Claude Code

  1. Did you fully quit and reopen Claude Code? Hot-reload is not enough.
  2. claude --version — confirm v2.1 or newer.
  3. cat ~/.claude/settings.json | python3 -m json.tool — confirm enabledPlugins["rogue@rogue-marketplace"] is true.
  4. ls ~/.claude/plugins/cache/rogue-marketplace/rogue/.claude-plugin/plugin.json — confirm the plugin landed.

Hooks fire but events never reach the dashboard

  • cat ~/.rogue-env — confirm ROGUE_API_KEY, ROGUE_ACTOR_EMAIL, ROGUE_ACTOR_NAME are set.
  • . ~/.rogue-env && curl -v -H "x-rogue-api-key: $ROGUE_API_KEY" https://api.rogue.security/api/v1/hooks/ping — must return 200.
  • Check for an outbound proxy or firewall blocking api.rogue.security.

Reporting issues

License

Proprietary. Copyright © Qualifire, Inc. All rights reserved. See LICENSE.

About

One-line installer for the Rogue Security AIDR plugin for Claude Code

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages