@automagik/genie 4.260424.10 → 4.260424.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/plugins/genie/.claude-plugin/plugin.json +1 -1
  3. package/plugins/genie/package.json +1 -1
  4. package/scripts/sec-scan.cjs +47 -22
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@automagik/genie",
3
- "version": "4.260424.10",
3
+ "version": "4.260424.11",
4
4
  "description": "Collaborative terminal toolkit for human + AI workflows",
5
5
  "type": "module",
6
6
  "bin": {
package/plugins/genie/.claude-plugin/plugin.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "genie",
3
- "version": "4.260424.10",
3
+ "version": "4.260424.11",
4
4
  "description": "Human-AI partnership for Claude Code. Share a terminal, orchestrate workers, evolve together. Brainstorm ideas, turn them into wishes, execute with /work, validate with /review, and ship as one team.",
5
5
  "author": {
6
6
  "name": "Namastex Labs"
package/plugins/genie/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "genie-plugin",
3
- "version": "4.260424.10",
3
+ "version": "4.260424.11",
4
4
  "private": true,
5
5
  "description": "Runtime dependencies for genie bundled CLIs",
6
6
  "type": "module",
package/scripts/sec-scan.cjs CHANGED
@@ -1930,14 +1930,12 @@ function scanNpmCache(homePath, report) {
1930
1930
 
1931
1931
  const versions = findVersionsInText(text);
1932
1932
  const indicators = collectTextIndicators(text);
1933
- if (
1934
- versions.length === 0 &&
1935
- indicators.installCommands.length === 0 &&
1936
- indicators.executionCommands.length === 0 &&
1937
- indicators.iocMatches.length === 0
1938
- ) {
1939
- continue;
1940
- }
1933
+ // Hard evidence in an npm log: an actual compromised version string
1934
+ // or IOC network pattern. Name-only install/exec entries happen every
1935
+ // time anyone runs `npx @automagik/genie ...` and are NOT evidence of
1936
+ // compromise they just record that the package was interacted with.
1937
+ const hardEvidence = versions.length > 0 || indicators.iocMatches.length > 0;
1938
+ if (!hardEvidence) continue;
1941
1939
 
1942
1940
  report.npmLogHits.push({
1943
1941
  home: homePath,
@@ -2333,25 +2331,30 @@ function scanShellHistories(homes, report) {
2333
2331
  const finding = inspectTextEvidenceFile(fullPath);
2334
2332
  if (!finding) continue;
2335
2333
 
2336
- const exposure =
2337
- finding.executionCommands.length > 0 || finding.networkCommands.length > 0
2338
- ? 'execution'
2339
- : finding.installCommands.length > 0
2340
- ? 'install'
2341
- : 'reference';
2334
+ // Hard evidence: network-IOC pattern (curl/wget to exfil host),
2335
+ // raw IOC string match, or explicit compromised-version string in
2336
+ // history. Pure `executionCommands`/`installCommands` name-match is
2337
+ // ambient noise (triggered every time the user runs the scanner).
2338
+ const hasHardEvidence =
2339
+ finding.networkCommands.length > 0 || finding.iocMatches.length > 0 || finding.versions.length > 0;
2340
+
2341
+ const exposure = hasHardEvidence ? 'execution' : 'reference';
2342
2342
 
2343
2343
  report.shellHistoryFindings.push({
2344
2344
  kind: 'shell-history',
2345
2345
  home: homePath,
2346
2346
  exposure,
2347
+ hardEvidence: hasHardEvidence,
2347
2348
  ...finding,
2348
2349
  });
2349
2350
 
2350
2351
  addTimeline(report, {
2351
2352
  time: finding.modifiedAt,
2352
2353
  category: 'shell-history',
2353
- severity: exposure === 'execution' ? 'compromised' : 'affected',
2354
- summary: `shell history shows ${exposure} evidence for suspicious package activity`,
2354
+ severity: hasHardEvidence ? 'compromised' : 'observed',
2355
+ summary: hasHardEvidence
2356
+ ? 'shell history shows execution evidence for suspicious package activity'
2357
+ : 'shell history references tracked package name (clean or unversioned) — informational',
2355
2358
  path: finding.path,
2356
2359
  });
2357
2360
  }
@@ -2850,9 +2853,19 @@ function scanLiveProcesses(report) {
2850
2853
 
2851
2854
  const [, pid, ppid, user, elapsed, command] = match;
2852
2855
 
2853
- // Self-exclusion: the running scanner process itself always matches
2854
- // `exec:@automagik/genie` in its own cmdline. Ignore it.
2856
+ // Self-exclusion: the running scanner + any wrapping shell that invoked
2857
+ // it (e.g. `bash -c "npx @automagik/genie sec scan …"`) will always
2858
+ // match the tracked-package regexes in their own cmdline. Ignore both.
2859
+ if (String(pid) === String(process.pid)) continue;
2860
+ if (String(pid) === String(process.ppid)) continue;
2855
2861
  if (command.includes('sec-scan.cjs') || command.includes('/sec-scan ')) continue;
2862
+ if (
2863
+ /\bgenie\s+sec\s+(scan|remediate|restore|rollback|verify-install|quarantine|print-cleanup-commands)\b/.test(
2864
+ command,
2865
+ )
2866
+ ) {
2867
+ continue;
2868
+ }
2856
2869
 
2857
2870
  const indicators = collectTextIndicators(command);
2858
2871
  const namedHits = collectNamedArtifactHits(command);
@@ -2908,22 +2921,34 @@ function countStrongProfileEvidence(report) {
2908
2921
  ).length;
2909
2922
  }
2910
2923
 
2924
+ // Hard execution evidence in shell history = actual network-IOC (curl/wget
2925
+ // to exfil host) or raw IOC string or explicit compromised version. Pure
2926
+ // `executionCommands` matches (exec:@automagik/genie, exec:npx @automagik/genie)
2927
+ // fire every time the user runs the scanner itself or any other genie command
2928
+ // and are NOT compromise evidence. Same for `installCommands` — cleanup
2929
+ // activity (`npm uninstall -g @automagik/genie`) triggers them.
2911
2930
  function countExecutionHistoryEvidence(report) {
2912
2931
  return report.shellHistoryFindings.filter(
2913
- (finding) =>
2914
- finding.executionCommands.length > 0 || finding.networkCommands.length > 0 || finding.iocMatches.length > 0,
2932
+ (finding) => finding.networkCommands.length > 0 || finding.iocMatches.length > 0 || finding.versions.length > 0,
2915
2933
  ).length;
2916
2934
  }
2917
2935
 
2918
2936
  function countInstallHistoryEvidence(report) {
2919
- return report.shellHistoryFindings.filter((finding) => finding.installCommands.length > 0).length;
2937
+ // Same logic: only count install lines that explicitly reference a
2938
+ // compromised version OR carry an IOC pattern. Bare install/uninstall
2939
+ // commands on tracked package names are ambient noise.
2940
+ return report.shellHistoryFindings.filter((finding) => finding.versions.length > 0 || finding.iocMatches.length > 0)
2941
+ .length;
2920
2942
  }
2921
2943
 
2944
+ // Strong temp-artifact evidence = actual malware bytes / IOC strings /
2945
+ // env-compat artifact. Pure `executionCommands` (package-name execute
2946
+ // pattern) in a text file (log, audit json, registry) is NOT compromise —
2947
+ // dev tooling routinely writes package names into /tmp during tests.
2922
2948
  function countStrongTempEvidence(report) {
2923
2949
  return report.tempArtifactFindings.filter(
2924
2950
  (finding) =>
2925
2951
  finding.iocMatches.length > 0 ||
2926
- finding.executionCommands.length > 0 ||
2927
2952
  finding.knownMalwareHash ||
2928
2953
  finding.nameMatches.some((value) => /env-compat\.(?:cjs|js)/i.test(value)),
2929
2954
  ).length;