@aictrl/hush 0.1.6 → 0.1.7

package/src/vault/token-vault.ts

@@ -88,7 +88,9 @@ export class TokenVault {
     let buffer = '';
     const maxTokenLen = Math.max(...[...this.vault.keys()].map(t => t.length), 0);
 
-    // Accumulate content fields across SSE events to reassemble split tokens
+    // Accumulate content fields across SSE events to reassemble split tokens.
+    // Cap buffer size to prevent unbounded memory growth on very long streams.
+    const MAX_BUFFER_SIZE = 1024 * 1024; // 1 MB per field
     const contentBuffers: Record<string, string> = {};
     const CONTENT_FIELDS = ['content', 'reasoning_content', 'partial_json'];
 
@@ -186,11 +188,23 @@ export class TokenVault {
           const bufKey = actualField;
           contentBuffers[bufKey] = (contentBuffers[bufKey] || '') + target[actualField];
 
-          const buf = contentBuffers[bufKey];
+          // Cap buffer size: flush everything if it grows too large
+          if (contentBuffers[bufKey]!.length > MAX_BUFFER_SIZE) {
+            target[actualField] = flushField(bufKey);
+            modified = true;
+            continue;
+          }
+
+          const buf = contentBuffers[bufKey]!;
           const lastBracket = buf.lastIndexOf('[');
+          // Only treat as partial token if the text after '[' looks like a
+          // token prefix (uppercase letter or underscore), not JSON array content.
+          // Also hold back a bare '[' at the end — not enough chars yet to decide.
+          const tail = lastBracket >= 0 ? buf.substring(lastBracket) : '';
           const hasPartialToken = maxTokenLen > 0 && lastBracket >= 0 &&
-            !buf.substring(lastBracket).includes(']') &&
-            buf.length - lastBracket < maxTokenLen;
+            !tail.includes(']') &&
+            buf.length - lastBracket < maxTokenLen &&
+            (tail === '[' || /^\[[A-Z_]/.test(tail));
 
           if (hasPartialToken) {
             const safe = buf.substring(0, lastBracket);

package/tests/init.test.ts

@@ -0,0 +1,101 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { mkdtempSync, readFileSync, writeFileSync, mkdirSync, existsSync, rmSync } from 'fs';
+import { join } from 'path';
+import { execFileSync } from 'child_process';
+import { tmpdir } from 'os';
+
+const CLI = join(__dirname, '..', 'dist', 'cli.js');
+
+function runInit(cwd: string, ...extraArgs: string[]): { stdout: string; stderr: string; exitCode: number } {
+  try {
+    const stdout = execFileSync('node', [CLI, 'init', '--hooks', ...extraArgs], {
+      encoding: 'utf-8',
+      cwd,
+      timeout: 5000,
+    });
+    return { stdout, stderr: '', exitCode: 0 };
+  } catch (err: any) {
+    return {
+      stdout: err.stdout ?? '',
+      stderr: err.stderr ?? '',
+      exitCode: err.status ?? 1,
+    };
+  }
+}
+
+describe('hush init --hooks', () => {
+  let tmpDir: string;
+
+  beforeEach(() => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'hush-init-'));
+  });
+
+  afterEach(() => {
+    rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should create .claude/settings.json from scratch', () => {
+    const { stdout, exitCode } = runInit(tmpDir);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Wrote hush hooks config');
+
+    const settings = JSON.parse(readFileSync(join(tmpDir, '.claude', 'settings.json'), 'utf-8'));
+    expect(settings.hooks.PostToolUse).toHaveLength(1);
+    expect(settings.hooks.PostToolUse[0].matcher).toBe('Bash|Read|Grep|WebFetch');
+    expect(settings.hooks.PostToolUse[0].hooks[0].command).toBe('hush redact-hook');
+  });
+
+  it('should merge into existing settings preserving other keys', () => {
+    const claudeDir = join(tmpDir, '.claude');
+    mkdirSync(claudeDir, { recursive: true });
+    writeFileSync(
+      join(claudeDir, 'settings.json'),
+      JSON.stringify({ env: { ANTHROPIC_BASE_URL: 'http://127.0.0.1:4000' } }, null, 2),
+    );
+
+    const { exitCode } = runInit(tmpDir);
+    expect(exitCode).toBe(0);
+
+    const settings = JSON.parse(readFileSync(join(claudeDir, 'settings.json'), 'utf-8'));
+    // Preserved existing env
+    expect(settings.env.ANTHROPIC_BASE_URL).toBe('http://127.0.0.1:4000');
+    // Added hooks
+    expect(settings.hooks.PostToolUse).toHaveLength(1);
+    expect(settings.hooks.PostToolUse[0].hooks[0].command).toBe('hush redact-hook');
+  });
+
+  it('should be idempotent on re-run', () => {
+    runInit(tmpDir);
+    const { stdout, exitCode } = runInit(tmpDir);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('already configured');
+
+    const settings = JSON.parse(readFileSync(join(tmpDir, '.claude', 'settings.json'), 'utf-8'));
+    expect(settings.hooks.PostToolUse).toHaveLength(1); // Not duplicated
+  });
+
+  it('should write to settings.local.json with --local flag', () => {
+    const { stdout, exitCode } = runInit(tmpDir, '--local');
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('settings.local.json');
+
+    const localPath = join(tmpDir, '.claude', 'settings.local.json');
+    expect(existsSync(localPath)).toBe(true);
+
+    const settings = JSON.parse(readFileSync(localPath, 'utf-8'));
+    expect(settings.hooks.PostToolUse[0].hooks[0].command).toBe('hush redact-hook');
+  });
+
+  it('should show usage without --hooks flag', () => {
+    try {
+      execFileSync('node', [CLI, 'init'], {
+        encoding: 'utf-8',
+        cwd: tmpDir,
+        timeout: 5000,
+      });
+    } catch (err: any) {
+      expect(err.status).toBe(1);
+      expect(err.stderr).toContain('Usage');
+    }
+  });
+});

package/tests/opencode-plugin.test.ts

@@ -0,0 +1,148 @@
+import { describe, it, expect } from 'vitest';
+import { isSensitivePath, commandReadsSensitiveFile } from '../src/plugins/sensitive-patterns.js';
+import { HushPlugin } from '../src/plugins/opencode-hush.js';
+
+describe('isSensitivePath', () => {
+  it.each([
+    '.env',
+    '.env.local',
+    '.env.production',
+    '.env.development.local',
+    'credentials.json',
+    'credentials.yaml',
+    'db-credentials',
+    'secret.txt',
+    'secrets.yaml',
+    'server.pem',
+    'tls.key',
+    'id_rsa',
+    'id_rsa.pub',
+    '.netrc',
+    '.pgpass',
+    'keystore.p12',
+    'cert.pfx',
+    'truststore.jks',
+    'app.keystore',
+    'private.asc',
+  ])('blocks %s', (path) => {
+    expect(isSensitivePath(path)).toBe(true);
+  });
+
+  it.each([
+    '.env',
+    '/home/user/project/.env.local',
+    '/etc/ssl/private/server.key',
+    'config/credentials.json',
+  ])('blocks absolute/relative path %s', (path) => {
+    expect(isSensitivePath(path)).toBe(true);
+  });
+
+  it.each([
+    'package.json',
+    'src/index.ts',
+    'README.md',
+    'tsconfig.json',
+    '.gitignore',
+    'environment.ts',
+    'docker-compose.yml',
+  ])('allows %s', (path) => {
+    expect(isSensitivePath(path)).toBe(false);
+  });
+});
+
+describe('commandReadsSensitiveFile', () => {
+  it.each([
+    'cat .env',
+    'cat /app/.env.local',
+    'head -5 secrets.yaml',
+    'tail -n 20 credentials.json',
+    'less .env.production',
+    'more secret.txt',
+    'bat id_rsa',
+    'cat .pgpass',
+    'cat foo.txt && cat .env',
+    'echo hello | cat .env',
+    'cat $HOME/.env',
+    'cat ${HOME}/.env',
+    'cat ~/secrets/.env',
+    'cat ~/.pgpass',
+    'batcat .env',
+    'batcat id_rsa',
+    'cat "$(echo .env)"',
+    'cat `.env`',
+    'cat <.env',
+    "cat '.env'",
+  ])('blocks: %s', (cmd) => {
+    expect(commandReadsSensitiveFile(cmd)).toBe(true);
+  });
+
+  it.each([
+    'cat README.md',
+    'ls -la',
+    'echo "hello"',
+    'grep password src/config.ts',
+    'head -5 package.json',
+    'cat src/index.ts',
+    'npm install',
+    'node dist/cli.js',
+  ])('allows: %s', (cmd) => {
+    expect(commandReadsSensitiveFile(cmd)).toBe(false);
+  });
+});
+
+describe('HushPlugin integration', () => {
+  it('exports a factory that returns a tool.execute.before hook', async () => {
+    const plugin = await HushPlugin();
+    expect(plugin['tool.execute.before']).toBeTypeOf('function');
+  });
+
+  it('throws when read targets a sensitive file', async () => {
+    const plugin = await HushPlugin();
+    await expect(
+      plugin['tool.execute.before'](
+        { tool: 'read' },
+        { args: { filePath: '/project/.env' } },
+      ),
+    ).rejects.toThrow('[hush] Blocked: sensitive file');
+  });
+
+  it('passes when read targets a normal file', async () => {
+    const plugin = await HushPlugin();
+    await expect(
+      plugin['tool.execute.before'](
+        { tool: 'read' },
+        { args: { filePath: 'src/index.ts' } },
+      ),
+    ).resolves.toBeUndefined();
+  });
+
+  it('throws when bash command reads a sensitive file', async () => {
+    const plugin = await HushPlugin();
+    await expect(
+      plugin['tool.execute.before'](
+        { tool: 'bash' },
+        { args: { command: 'cat .env' } },
+      ),
+    ).rejects.toThrow('[hush] Blocked: command reads sensitive file');
+  });
+
+  it('passes when bash command is harmless', async () => {
+    const plugin = await HushPlugin();
+    await expect(
+      plugin['tool.execute.before'](
+        { tool: 'bash' },
+        { args: { command: 'ls -la' } },
+      ),
+    ).resolves.toBeUndefined();
+  });
+
+  it('passes for unrelated tools', async () => {
+    const plugin = await HushPlugin();
+    await expect(
+      plugin['tool.execute.before'](
+        { tool: 'write' },
+        { args: { filePath: '.env', content: 'x' } },
+      ),
+    ).resolves.toBeUndefined();
+  });
+});

package/tests/redact-hook.test.ts

@@ -0,0 +1,142 @@
+import { describe, it, expect } from 'vitest';
+import { execFileSync } from 'child_process';
+import { join } from 'path';
+
+/**
+ * Integration tests for `hush redact-hook`.
+ * Spawns the CLI as a child process with piped stdin, matching real hook usage.
+ */
+const CLI = join(__dirname, '..', 'dist', 'cli.js');
+
+function runHook(input: string): { stdout: string; stderr: string; exitCode: number } {
+  try {
+    const stdout = execFileSync('node', [CLI, 'redact-hook'], {
+      input,
+      encoding: 'utf-8',
+      timeout: 5000,
+    });
+    return { stdout, stderr: '', exitCode: 0 };
+  } catch (err: any) {
+    return {
+      stdout: err.stdout ?? '',
+      stderr: err.stderr ?? '',
+      exitCode: err.status ?? 1,
+    };
+  }
+}
+
+describe('hush redact-hook', () => {
+  it('should redact email from Bash stdout', () => {
+    const payload = {
+      tool_name: 'Bash',
+      tool_response: { stdout: 'email: test@foo.com' },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[USER_EMAIL_[a-f0-9]{6}\]/);
+    expect(result.reason).not.toContain('test@foo.com');
+  });
+
+  it('should redact email from Read file.content', () => {
+    const payload = {
+      tool_name: 'Read',
+      tool_response: { file: { content: 'Contact: admin@internal.corp', filePath: '/app/config.json' } },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[USER_EMAIL_[a-f0-9]{6}\]/);
+    expect(result.reason).not.toContain('admin@internal.corp');
+  });
+
+  it('should redact IP address from Bash stderr', () => {
+    const payload = {
+      tool_name: 'Bash',
+      tool_response: { stderr: 'connection to 192.168.1.100 failed' },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[NETWORK_IP_[a-f0-9]{6}\]/);
+  });
+
+  it('should pass through clean output (no PII) with no output', () => {
+    const payload = {
+      tool_name: 'Bash',
+      tool_response: { stdout: 'hello world' },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toBe('');
+  });
+
+  it('should handle empty stdin gracefully', () => {
+    const { stdout, exitCode } = runHook('');
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toBe('');
+  });
+
+  it('should exit 2 for invalid JSON', () => {
+    const { exitCode, stderr } = runHook('not json');
+    expect(exitCode).toBe(2);
+    expect(stderr).toContain('invalid JSON');
+  });
+
+  it('should handle payload with no tool_response', () => {
+    const payload = { tool_name: 'Bash' };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toBe('');
+  });
+
+  it('should combine stdout and stderr when both have PII', () => {
+    const payload = {
+      tool_name: 'Bash',
+      tool_response: {
+        stdout: 'user email: alice@example.com',
+        stderr: 'warning: 10.0.0.1 unreachable',
+      },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[USER_EMAIL_[a-f0-9]{6}\]/);
+    expect(result.reason).toMatch(/\[NETWORK_IP_[a-f0-9]{6}\]/);
+  });
+
+  it('should redact secrets from tool response', () => {
+    const payload = {
+      tool_name: 'Bash',
+      tool_response: { stdout: 'api_key=sk-1234567890abcdef1234' },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[SENSITIVE_SECRET_[a-f0-9]{6}\]/);
+  });
+
+  it('should handle Grep tool with top-level content field', () => {
+    const payload = {
+      tool_name: 'Grep',
+      tool_response: { content: 'src/config.ts:3:  email: "dev@internal.corp"' },
+    };
+    const { stdout, exitCode } = runHook(JSON.stringify(payload));
+    expect(exitCode).toBe(0);
+
+    const result = JSON.parse(stdout);
+    expect(result.decision).toBe('block');
+    expect(result.reason).toMatch(/\[USER_EMAIL_[a-f0-9]{6}\]/);
+    expect(result.reason).not.toContain('dev@internal.corp');
+  });
+});

package/tests/redaction.test.ts

@@ -99,4 +99,100 @@ describe('Semantic Security Flow (Redaction + Rehydration)', () => {
     expect(hasRedacted).toBe(true);
     expect(content).toMatch(/^Call \[NETWORK_IP_[a-f0-9]{6}\]$/);
   });
+
+  describe('cloud provider key detection', () => {
+    it('should redact AWS access key IDs', () => {
+      const input = 'key: AKIAIOSFODNN7EXAMPLE';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[AWS_KEY_[a-f0-9]{6}\]/);
+      expect(content).not.toContain('AKIAIOSFODNN7EXAMPLE');
+    });
+
+    it('should redact GCP API keys', () => {
+      const input = 'key: AIzaSyA1234567890abcdefghijklmnopqrstuv';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[GCP_KEY_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact GitHub PATs', () => {
+      const input = 'token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[GITHUB_PAT_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact GitHub fine-grained PATs', () => {
+      const input = 'github_pat_1234567890abcdefghijkl_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[GITHUB_FINE_PAT_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact GitLab PATs', () => {
+      const input = 'token: glpat-1234567890abcdefghij';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[GITLAB_PAT_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact Slack bot tokens', () => {
+      const input = 'xoxb-1234567890123-1234567890123-abc';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[SLACK_BOT_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact Stripe secret keys', () => {
+      // Concatenated to avoid GitHub push-protection false positive
+      const input = 'sk_live_' + '1234567890abcdefghijklmnop';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[STRIPE_SECRET_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact SendGrid API keys', () => {
+      // Concatenated to avoid GitHub push-protection false positive
+      const input = 'SG.' + 'abcdefghijklmnopqrstuv.yz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ01234';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[SENDGRID_KEY_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact npm tokens', () => {
+      const input = 'npm_abcdefghijklmnopqrstuvwxyz0123456789';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[NPM_TOKEN_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact Anthropic API keys', () => {
+      const input = 'sk-ant-api03-abcdefghijklmnopqrstuvwxyz0123456789';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[ANTHROPIC_KEY_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact DigitalOcean PATs', () => {
+      const input = 'dop_v1_' + 'a'.repeat(64);
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[DIGITALOCEAN_TOKEN_[a-f0-9]{6}\]/);
+    });
+
+    it('should redact PEM private keys', () => {
+      const input = '-----BEGIN RSA PRIVATE KEY-----\n' + 'A'.repeat(100) + '\n-----END RSA PRIVATE KEY-----';
+      const { content, hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(true);
+      expect(content).toMatch(/\[PRIVATE_KEY_[a-f0-9]{6}\]/);
+      expect(content).not.toContain('BEGIN RSA PRIVATE KEY');
+    });
+
+    it('should not false-positive on normal text', () => {
+      const input = 'The package.json file has scripts and dependencies.';
+      const { hasRedacted } = redactor.redact(input);
+      expect(hasRedacted).toBe(false);
+    });
+  });
 });