aidp 0.33.0 → 0.34.0

data/lib/aidp/pr_worktree_manager.rb

@@ -3,15 +3,27 @@ require "fileutils"
 require "shellwords"
 
 module Aidp
+  # Simple shell command executor wrapper for testability
+  class ShellExecutor
+    def run(command)
+      `#{command}`
+    end
+
+    def success?
+      $?.success?
+    end
+  end
+
   # Manages worktrees specifically for Pull Request branches
   class PRWorktreeManager
-    def initialize(base_repo_path: nil, project_dir: nil, worktree_registry_path: nil)
+    def initialize(base_repo_path: nil, project_dir: nil, worktree_registry_path: nil, shell_executor: nil)
       @base_repo_path = base_repo_path || project_dir || Dir.pwd
       @project_dir = project_dir
       @worktree_registry_path = worktree_registry_path || File.join(
         project_dir || File.expand_path("~/.aidp"),
         "pr_worktrees.json"
       )
+      @shell_executor = shell_executor || ShellExecutor.new
       FileUtils.mkdir_p(File.dirname(@worktree_registry_path))
       @worktrees = load_registry
     end
@@ -427,7 +439,7 @@ module Aidp
 
       Dir.chdir(worktree_path) do
         # Check staged changes with more robust capture
-        staged_changes_output = `git diff --staged --name-only`.strip
+        staged_changes_output = @shell_executor.run("git diff --staged --name-only").strip
 
         if !staged_changes_output.empty?
           push_result[:git_actions][:staged_changes] = true
@@ -436,16 +448,16 @@ module Aidp
           # More robust commit command with additional logging
           commit_message = "Changes applied via AIDP request-changes workflow for PR ##{pr_number}"
           commit_command = "git commit -m '#{commit_message}' 2>&1"
-          commit_output = `#{commit_command}`.strip
+          commit_output = @shell_executor.run(commit_command).strip
 
-          if $?.success?
+          if @shell_executor.success?
             push_result[:git_actions][:committed] = true
 
             # Enhanced push with verbose tracking
             push_command = "git push origin #{head_branch} 2>&1"
-            push_output = `#{push_command}`.strip
+            push_output = @shell_executor.run(push_command).strip
 
-            if $?.success?
+            if @shell_executor.success?
               push_result[:git_actions][:pushed] = true
               push_result[:success] = true
 

data/lib/aidp/provider_manager.rb

@@ -5,6 +5,9 @@ require "tty-prompt"
 module Aidp
   class ProviderManager
     class << self
+      # Expose for testability
+      attr_accessor :harness_factory
+
       def get_provider(provider_type, options = {})
         factory = get_harness_factory
         raise "Harness factory not available" unless factory

data/lib/aidp/providers/base.rb

@@ -48,6 +48,8 @@ module Aidp
       }.freeze
 
       attr_reader :activity_state, :last_activity_time, :start_time, :step_name, :model
+      # Expose for testability
+      attr_writer :harness_context
 
       def initialize(output: nil, prompt: TTY::Prompt.new)
         @activity_state = :idle

data/lib/aidp/security/rule_of_two_enforcer.rb

@@ -0,0 +1,210 @@
+# frozen_string_literal: true
+
+module Aidp
+  module Security
+    # Main enforcement engine for the Rule of Two security policy
+    # Tracks trifecta state per work unit and denies operations that would
+    # create the lethal trifecta (untrusted_input + private_data + egress)
+    #
+    # Usage:
+    #   enforcer = RuleOfTwoEnforcer.new
+    #   state = enforcer.begin_work_unit(work_unit_id: "unit_123")
+    #   state.enable(:untrusted_input, source: "github_issue")
+    #   state.enable(:egress, source: "git_push")
+    #   # This would raise PolicyViolation:
+    #   # state.enable(:private_data, source: "env_var_access")
+    #   enforcer.end_work_unit("unit_123")
+    class RuleOfTwoEnforcer
+      attr_reader :config
+
+      def initialize(config: {})
+        @config = config
+        @active_states = {}
+        @completed_states = []
+        @mutex = Mutex.new
+      end
+
+      # Begin tracking a new work unit
+      # @param work_unit_id [String] Unique identifier for the work unit
+      # @return [TrifectaState] The state object for this work unit
+      def begin_work_unit(work_unit_id:)
+        @mutex.synchronize do
+          if @active_states.key?(work_unit_id)
+            Aidp.log_warn("security.enforcer", "work_unit_already_active",
+              work_unit_id: work_unit_id)
+            return @active_states[work_unit_id]
+          end
+
+          state = TrifectaState.new(work_unit_id: work_unit_id)
+          @active_states[work_unit_id] = state
+
+          Aidp.log_debug("security.enforcer", "work_unit_started",
+            work_unit_id: work_unit_id,
+            active_count: @active_states.size)
+
+          state
+        end
+      end
+
+      # End tracking for a work unit
+      # @param work_unit_id [String] Unique identifier for the work unit
+      # @return [Hash] Final state summary
+      def end_work_unit(work_unit_id)
+        @mutex.synchronize do
+          state = @active_states.delete(work_unit_id)
+
+          unless state
+            Aidp.log_warn("security.enforcer", "work_unit_not_found",
+              work_unit_id: work_unit_id)
+            return nil
+          end
+
+          summary = state.to_h
+          @completed_states << summary
+
+          # Keep only last 100 completed states
+          @completed_states.shift if @completed_states.size > 100
+
+          Aidp.log_debug("security.enforcer", "work_unit_ended",
+            work_unit_id: work_unit_id,
+            final_state: summary,
+            active_count: @active_states.size)
+
+          summary
+        end
+      end
+
+      # Get the state for an active work unit
+      # @param work_unit_id [String] Unique identifier for the work unit
+      # @return [TrifectaState, nil] The state object or nil if not found
+      def state_for(work_unit_id)
+        @mutex.synchronize { @active_states[work_unit_id] }
+      end
+
+      # Check if a work unit is currently active
+      def active?(work_unit_id)
+        @mutex.synchronize { @active_states.key?(work_unit_id) }
+      end
+
+      # Get count of active work units
+      def active_count
+        @mutex.synchronize { @active_states.size }
+      end
+
+      # Check if an operation would be allowed for a work unit
+      # @param work_unit_id [String] Work unit identifier
+      # @param flag [Symbol] The flag to check (:untrusted_input, :private_data, :egress)
+      # @return [Hash] { allowed: boolean, reason: string }
+      def would_allow?(work_unit_id, flag)
+        state = state_for(work_unit_id)
+
+        unless state
+          return {
+            allowed: true,
+            reason: "No active work unit - enforcement not applicable"
+          }
+        end
+
+        if state.would_create_trifecta?(flag)
+          {
+            allowed: false,
+            reason: "Would create lethal trifecta",
+            current_state: state.to_h,
+            flag: flag
+          }
+        else
+          {
+            allowed: true,
+            reason: "Operation allowed",
+            current_state: state.to_h,
+            flag: flag
+          }
+        end
+      end
+
+      # Enforce a flag on a work unit - raises PolicyViolation on failure
+      # @param work_unit_id [String] Work unit identifier
+      # @param flag [Symbol] The flag to enable
+      # @param source [String] Description of the operation causing the flag
+      # @raise [PolicyViolation] if enabling would create lethal trifecta
+      def enforce!(work_unit_id:, flag:, source:)
+        state = state_for(work_unit_id)
+
+        unless state
+          Aidp.log_warn("security.enforcer", "enforce_on_inactive_unit",
+            work_unit_id: work_unit_id,
+            flag: flag,
+            source: source)
+          return nil
+        end
+
+        state.enable(flag, source: source)
+      end
+
+      # Check if enforcement is currently enabled
+      def enabled?
+        # Default to enabled unless explicitly disabled
+        @config.fetch(:enabled, true)
+      end
+
+      # Get summary of current enforcement status
+      def status_summary
+        @mutex.synchronize do
+          {
+            enabled: enabled?,
+            active_work_units: @active_states.size,
+            completed_work_units: @completed_states.size,
+            active_states: @active_states.transform_values(&:to_h),
+            recent_completions: @completed_states.last(5)
+          }
+        end
+      end
+
+      # Audit log of all completed work units with their final states
+      def audit_log
+        @mutex.synchronize { @completed_states.dup }
+      end
+
+      # Reset enforcer state (primarily for testing)
+      def reset!
+        @mutex.synchronize do
+          @active_states.clear
+          @completed_states.clear
+        end
+      end
+
+      # Create a scoped execution context that automatically manages work unit lifecycle
+      # @param work_unit_id [String] Unique identifier for the work unit
+      # @yield [TrifectaState] The state object for this work unit
+      # @return [Object] The result of the block
+      def with_work_unit(work_unit_id:)
+        state = begin_work_unit(work_unit_id: work_unit_id)
+        begin
+          yield state
+        ensure
+          end_work_unit(work_unit_id)
+        end
+      end
+
+      # Convenience method to wrap an agent operation with security enforcement
+      # @param work_unit_id [String] Work unit identifier
+      # @param untrusted_input_source [String, nil] Source of untrusted input
+      # @param private_data_source [String, nil] Source of private data access
+      # @param egress_source [String, nil] Source of egress capability
+      # @yield The operation to execute
+      # @return [Object] The result of the block
+      # @raise [PolicyViolation] if the combination would violate Rule of Two
+      def wrap_agent_operation(work_unit_id:, untrusted_input_source: nil,
+        private_data_source: nil, egress_source: nil)
+        with_work_unit(work_unit_id: work_unit_id) do |state|
+          # Enable flags based on what's provided
+          state.enable(:untrusted_input, source: untrusted_input_source) if untrusted_input_source
+          state.enable(:private_data, source: private_data_source) if private_data_source
+          state.enable(:egress, source: egress_source) if egress_source
+
+          yield state
+        end
+      end
+    end
+  end
+end

data/lib/aidp/security/secrets_proxy.rb

@@ -0,0 +1,328 @@
+# frozen_string_literal: true
+
+require "securerandom"
+require "json"
+
+module Aidp
+  module Security
+    # Broker for credential access - agents never receive raw secrets
+    # Instead, the proxy issues short-lived, capability-scoped tokens
+    # that are exchanged for actual credentials at execution time.
+    #
+    # Flow:
+    # 1. User registers secret: aidp security register-secret GITHUB_TOKEN
+    # 2. Agent requests credential access via proxy
+    # 3. Proxy issues short-lived token (e.g., 5 minutes)
+    # 4. At execution time, token is exchanged for actual credential
+    # 5. Actual credential is used only in isolated execution context
+    #
+    # This design ensures:
+    # - Agents never see raw credentials
+    # - Credential access is auditable
+    # - Tokens are scoped and time-limited
+    # - Compromised agent output can't leak credentials
+    class SecretsProxy
+      DEFAULT_TOKEN_TTL = 300 # 5 minutes
+
+      attr_reader :registry, :config
+
+      # How often to run automatic cleanup (every N operations)
+      CLEANUP_INTERVAL = 10
+
+      def initialize(registry:, config: {})
+        @registry = registry
+        @config = config
+        @active_tokens = {}
+        @token_usage_log = []
+        @mutex = Mutex.new
+        @operation_count = 0
+      end
+
+      # Request a token for accessing a registered secret
+      # @param secret_name [String] The registered secret name
+      # @param scope [String] The intended use of this token (for audit)
+      # @param ttl [Integer] Token time-to-live in seconds
+      # @return [Hash] Token details { token:, expires_at:, secret_name:, scope: }
+      # @raise [UnregisteredSecretError] if secret is not registered
+      def request_token(secret_name:, scope: nil, ttl: nil)
+        @mutex.synchronize do
+          # Periodic cleanup to prevent memory leaks
+          maybe_cleanup_expired
+          # Verify secret is registered
+          registration = @registry.get(secret_name)
+          unless registration
+            raise UnregisteredSecretError.new(secret_name: secret_name)
+          end
+
+          # Check scope is allowed if scopes are defined
+          allowed_scopes = registration[:scopes] || registration["scopes"] || []
+          if allowed_scopes.any? && scope && !allowed_scopes.include?(scope)
+            raise SecretsProxyError.new(
+              secret_name: secret_name,
+              reason: "Scope '#{scope}' not allowed. Allowed scopes: #{allowed_scopes.join(", ")}"
+            )
+          end
+
+          # Generate token
+          token = generate_token
+          token_ttl = ttl || @config.fetch(:token_ttl, DEFAULT_TOKEN_TTL)
+          expires_at = Time.now + token_ttl
+
+          token_data = {
+            token: token,
+            secret_name: secret_name,
+            scope: scope,
+            expires_at: expires_at,
+            created_at: Time.now,
+            env_var: registration[:env_var] || registration["env_var"],
+            used: false
+          }
+
+          @active_tokens[token] = token_data
+
+          Aidp.log_debug("security.proxy", "token_issued",
+            secret_name: secret_name,
+            scope: scope,
+            expires_in: token_ttl,
+            token_prefix: token[0..7])
+
+          {
+            token: token,
+            expires_at: expires_at.iso8601,
+            secret_name: secret_name,
+            scope: scope,
+            ttl: token_ttl
+          }
+        end
+      end
+
+      # Exchange a token for the actual credential value
+      # This should only be called in the isolated execution context
+      # @param token [String] The proxy token
+      # @return [String] The actual credential value
+      # @raise [TokenExpiredError] if token has expired
+      # @raise [SecretsProxyError] if token is invalid
+      def exchange_token(token)
+        @mutex.synchronize do
+          token_data = @active_tokens[token]
+
+          unless token_data
+            Aidp.log_warn("security.proxy", "invalid_token_exchange",
+              token_prefix: token[0..7] || "nil")
+            raise SecretsProxyError.new(
+              secret_name: "unknown",
+              reason: "Invalid or unknown token"
+            )
+          end
+
+          if Time.now > token_data[:expires_at]
+            @active_tokens.delete(token)
+            raise TokenExpiredError.new(
+              secret_name: token_data[:secret_name],
+              expired_at: token_data[:expires_at].iso8601
+            )
+          end
+
+          # Get actual value from environment
+          env_var = token_data[:env_var]
+          value = ENV[env_var]
+
+          unless value
+            raise SecretsProxyError.new(
+              secret_name: token_data[:secret_name],
+              reason: "Environment variable '#{env_var}' not set"
+            )
+          end
+
+          # Mark token as used and log
+          token_data[:used] = true
+          token_data[:used_at] = Time.now
+
+          log_token_usage(token_data)
+
+          Aidp.log_debug("security.proxy", "token_exchanged",
+            secret_name: token_data[:secret_name],
+            scope: token_data[:scope],
+            token_prefix: token[0..7])
+
+          # Return the actual secret value
+          # This value should ONLY be used in isolated execution context
+          value
+        end
+      end
+
+      # Revoke a token before it expires
+      # @param token [String] The token to revoke
+      # @return [Boolean] true if revoked, false if not found
+      def revoke_token(token)
+        @mutex.synchronize do
+          if @active_tokens.delete(token)
+            Aidp.log_info("security.proxy", "token_revoked",
+              token_prefix: token[0..7])
+            true
+          else
+            false
+          end
+        end
+      end
+
+      # Revoke all tokens for a specific secret
+      # @param secret_name [String] The secret name
+      # @return [Integer] Number of tokens revoked
+      def revoke_all_for_secret(secret_name)
+        @mutex.synchronize do
+          tokens_to_revoke = @active_tokens.select { |_t, d| d[:secret_name] == secret_name }
+          count = tokens_to_revoke.size
+
+          tokens_to_revoke.keys.each { |t| @active_tokens.delete(t) }
+
+          Aidp.log_info("security.proxy", "tokens_revoked_for_secret",
+            secret_name: secret_name,
+            count: count)
+
+          count
+        end
+      end
+
+      # Clean up expired tokens
+      # @return [Integer] Number of expired tokens removed
+      def cleanup_expired!
+        @mutex.synchronize do
+          now = Time.now
+          expired = @active_tokens.select { |_t, d| now > d[:expires_at] }
+          count = expired.size
+
+          expired.keys.each { |t| @active_tokens.delete(t) }
+
+          if count > 0
+            Aidp.log_debug("security.proxy", "expired_tokens_cleaned",
+              count: count)
+          end
+
+          count
+        end
+      end
+
+      # Get list of active tokens (for status display)
+      # @return [Array<Hash>] Token summaries (never includes actual token values)
+      def active_tokens_summary
+        @mutex.synchronize do
+          @active_tokens.values.map do |data|
+            {
+              secret_name: data[:secret_name],
+              scope: data[:scope],
+              expires_at: data[:expires_at].iso8601,
+              created_at: data[:created_at].iso8601,
+              used: data[:used],
+              remaining_ttl: [(data[:expires_at] - Time.now).to_i, 0].max
+            }
+          end
+        end
+      end
+
+      # Get usage audit log
+      # @param limit [Integer] Maximum entries to return
+      # @return [Array<Hash>] Recent token usage records
+      def usage_log(limit: 50)
+        @mutex.synchronize do
+          @token_usage_log.last(limit)
+        end
+      end
+
+      # Build a sanitized environment hash with registered secrets stripped
+      # @param base_env [Hash] The base environment (defaults to ENV.to_h)
+      # @return [Hash] Environment with registered secrets removed
+      def sanitized_environment(base_env = ENV.to_h)
+        env = base_env.dup
+        vars_to_strip = @registry.env_vars_to_strip
+
+        vars_to_strip.each do |var|
+          if env.key?(var)
+            env.delete(var)
+            Aidp.log_debug("security.proxy", "env_var_stripped",
+              env_var: var)
+          end
+        end
+
+        env
+      end
+
+      # Execute a block with a sanitized environment
+      # Registered secrets are stripped from ENV during execution
+      # @yield The block to execute in sanitized environment
+      # @return [Object] The result of the block
+      def with_sanitized_environment
+        original_env = {}
+        vars_to_strip = @registry.env_vars_to_strip
+
+        # Save and clear registered secrets
+        vars_to_strip.each do |var|
+          if ENV.key?(var)
+            original_env[var] = ENV[var]
+            ENV.delete(var)
+          end
+        end
+
+        Aidp.log_debug("security.proxy", "environment_sanitized",
+          stripped_count: original_env.size)
+
+        begin
+          yield
+        ensure
+          # Restore secrets
+          original_env.each { |k, v| ENV[k] = v }
+
+          Aidp.log_debug("security.proxy", "environment_restored",
+            restored_count: original_env.size)
+        end
+      end
+
+      # Reset proxy state (primarily for testing)
+      def reset!
+        @mutex.synchronize do
+          @active_tokens.clear
+          @token_usage_log.clear
+        end
+      end
+
+      private
+
+      # Periodically clean up expired tokens to prevent memory leaks
+      # Called automatically during token operations
+      def maybe_cleanup_expired
+        @operation_count += 1
+        return unless @operation_count >= CLEANUP_INTERVAL
+
+        @operation_count = 0
+        cleanup_expired_internal
+      end
+
+      # Internal cleanup without mutex (called from within synchronized blocks)
+      def cleanup_expired_internal
+        now = Time.now
+        expired = @active_tokens.select { |_t, d| now > d[:expires_at] }
+        return if expired.empty?
+
+        expired.keys.each { |t| @active_tokens.delete(t) }
+        Aidp.log_debug("security.proxy", "auto_cleanup_expired", count: expired.size)
+      end
+
+      def generate_token
+        "aidp_proxy_#{SecureRandom.hex(24)}"
+      end
+
+      def log_token_usage(token_data)
+        @token_usage_log << {
+          secret_name: token_data[:secret_name],
+          scope: token_data[:scope],
+          created_at: token_data[:created_at].iso8601,
+          used_at: token_data[:used_at].iso8601,
+          ttl_remaining: (token_data[:expires_at] - token_data[:used_at]).to_i
+        }
+
+        # Keep log bounded
+        @token_usage_log.shift if @token_usage_log.size > 1000
+      end
+    end
+  end
+end