# 📖 AegisAUR Usage Guide

## Befehls-Übersicht

```bash
# Einzelnes Paket scannen
aegisaur scan <paketname> [--verbose]

# Alle AUR-Pakete scannen
aegisaur scan-all [--verbose]

# IOC-Check (wie aurvulntest)
aegisaur check-ioc [--list atomicarch|all]

# Whitelist-Verwaltung
aegisaur allow <paketname>
aegisaur deny  <paketname>

# System-Konfiguration
aegisaur config
aegisaur cache

# ALPM-Hook (root nötig)
sudo aegisaur install-hook
sudo aegisaur remove-hook
```

## Beispiel-Workflows

### Vor Installation eines AUR-Pakets
```bash
# 1. Scannen
aegisaur scan neues-paket

# 2. Wenn IOC erkannt → NICHT installieren
# 3. Wenn verdächtig → PKGBUILD prüfen
# 4. Wenn OK → installieren (mit Hook automatisch)

yay -S neues-paket  # Hook scannt automatisch
```

### Regelmäßige Checks
```bash
# Alle 48h (via cron/systemd)
aegisaur check-ioc
```

### Volle Systemprüfung
```bash
# Alle AUR-Pakete scannen + IOC-Listen checken
aegisaur scan-all && aegisaur check-ioc
```

## Exit Codes

| Code | Bedeutung |
|------|-----------|
| 0 | Erfolg |
| 1 | Allgemeiner Fehler |
| 2 | IOC erkannt / Kritisch |
| 3 | Scan-Fehler |

## Konfiguration

```toml
# ~/.config/aegisaur/config.toml
[settings]
auto_check_iocs = true
auto_check_pkgbuild = true
ioc_cache_ttl_minutes = 60
warning_threshold = 60
critical_threshold = 30
block_install_on_critical = false
block_install_on_ioc = true
notify_desktop = true

[sources.atomic_arch]
name = "Atomic Arch Gist"
url = "https://gist.githubusercontent.com/Kidev/85756c3dcad3623ca5604a8135bafd14/raw"
enabled = true

[sources.community]
name = "AUR Community Blocklist"
url = "https://raw.githubusercontent.com/Kidev/AUR-Blocklist/main/blocklist.txt"
enabled = true
```

## Wichtige Pfade

| Zweck | Lokaler Pfad | Gitea URL |
|-------|-------------|-----------|
| Quellcode | `/home/arch_agent_system/.openclaw/workspace/aegisaur/` | `https://gitea.die-heimatlosen.eu/arch_agent/aegisaur` |
| Binary (Release) | `target/release/aegisaur` | Releases Tab |
| PKGBUILD | `./PKGBUILD` | Raw view |
| Dokumentation | `./README.md`, `./USAGE.md` | Wiki/Raw |
| Issues/Feedback | - | `https://gitea.die-heimatlosen.eu/arch_agent/aegisaur/issues` |

## Troubleshooting

### Hook funktioniert nicht
```bash
# Rechte prüfen
ls -la /usr/share/libalpm/hooks/aegisaur*

# Manuell ausführen
sudo bash /usr/share/libalpm/hooks/aegisaur-check.sh
```

### Cache-Probleme
```bash
# Cache leeren
rm -rf ~/.cache/aegisaur/

# Neu befüllen
aegisaur check-ioc
```

### Netzwerk-Fehler
```bash
# Proxy-Config prüfen
env | grep -i proxy

# Test-Request
curl -I https://gist.githubusercontent.com/Kidev/...
```

---
*Built with ❤️ (and some 👻 magic)*
*Quasi & Thuumate — 2026*