npm - @avesta-hq/prevention - Versions diffs - 0.3.0 → 0.3.2 - Mend

@avesta-hq/prevention 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/lib/hooks.js +148 -14
package/package.json +5 -3

package/bin/lib/hooks.js CHANGED Viewed

@@ -9,6 +9,34 @@
 const fs = require('fs');
 const path = require('path');
+const SECRET_PATTERNS = [
+  { pattern: /sk-ant-[a-zA-Z0-9]{20,}/, name: "Anthropic API key" },
+  { pattern: /sk-or-[a-zA-Z0-9]{20,}/, name: "OpenRouter API key" },
+  { pattern: /sk-[a-zA-Z0-9]{20,}/, name: "OpenAI API key" },
+  { pattern: /AKIA[0-9A-Z]{16}/, name: "AWS Access Key ID" },
+  { pattern: /ghp_[a-zA-Z0-9]{36}/, name: "GitHub Personal Access Token" },
+  { pattern: /gho_[a-zA-Z0-9]{36}/, name: "GitHub OAuth token" },
+  { pattern: /glpat-[a-zA-Z0-9\-]{20,}/, name: "GitLab Personal Access Token" },
+  { pattern: /-----BEGIN[\s\w]*PRIVATE KEY-----/, name: "Private key" },
+  { pattern: /xoxb-[0-9]{10,}-[a-zA-Z0-9]{20,}/, name: "Slack bot token" },
+  { pattern: /xoxp-[0-9]{10,}-[a-zA-Z0-9]{20,}/, name: "Slack user token" },
+];
+const SECRET_ALLOWLIST_PATTERNS = [
+  '**/*.test.*', '**/*.spec.*', '**/*.md',
+  '**/.env.example', '**/fixtures/**', '**/mocks/**',
+  '**/__tests__/**',
+];
+function checkForSecrets(content) {
+  for (const { pattern, name } of SECRET_PATTERNS) {
+    if (pattern.test(content)) {
+      return { name };
+    }
+  }
+  return null;
+}
 function readPolicy(cwd) {
   const policyPath = path.join(cwd, '.avesta', 'hook-policy.json');
   if (!fs.existsSync(policyPath)) return null;
@@ -29,6 +57,56 @@ function matchesPattern(filePath, pattern) {
   return new RegExp(regex).test(filePath);
 }
+/**
+ * Extract the target file path from Bash commands that write files.
+ * Catches: cat > file, echo > file, tee file, cp source dest,
+ *          cat << EOF > file, printf > file
+ * Returns the file path or null if not a file-writing command.
+ */
+function extractFileWriteTarget(command) {
+  // cat > file, cat >> file, echo > file, printf > file
+  const redirectMatch = command.match(/(?:cat|echo|printf)\s+.*?>\s*(\S+)/);
+  if (redirectMatch) return redirectMatch[1].replace(/['"]/g, '');
+  // cat << 'EOF' > file (heredoc with redirect)
+  const heredocRedirectMatch = command.match(/cat\s*<<\s*['"]?\w+['"]?\s*>\s*(\S+)/);
+  if (heredocRedirectMatch) return heredocRedirectMatch[1].replace(/['"]/g, '');
+  // cat > file << 'EOF' (redirect before heredoc)
+  const redirectHeredocMatch = command.match(/cat\s*>\s*(\S+)\s*<<\s*['"]?\w+['"]?/);
+  if (redirectHeredocMatch) return redirectHeredocMatch[1].replace(/['"]/g, '');
+  // tee file (without pipe, less common but possible)
+  const teeMatch = command.match(/\btee\s+(?:-a\s+)?(\S+)/);
+  if (teeMatch) return teeMatch[1].replace(/['"]/g, '');
+  // cp source dest — last argument is the destination
+  const cpMatch = command.match(/\bcp\s+(?:-[a-zA-Z]+\s+)*\S+\s+(\S+)\s*$/);
+  if (cpMatch) return cpMatch[1].replace(/['"]/g, '');
+  // mv source dest
+  const mvMatch = command.match(/\bmv\s+(?:-[a-zA-Z]+\s+)*\S+\s+(\S+)\s*$/);
+  if (mvMatch) return mvMatch[1].replace(/['"]/g, '');
+  return null;
+}
+/**
+ * Extract inline content from Bash commands that embed file content.
+ * Used for secret scanning on heredocs and echo content.
+ */
+function extractBashWriteContent(command) {
+  // Heredoc content: cat << 'EOF' ... EOF or cat > file << 'EOF' ... EOF
+  const heredocMatch = command.match(/<<\s*['"]?(\w+)['"]?\s*\n([\s\S]*?)\n\1/);
+  if (heredocMatch) return heredocMatch[2];
+  // echo "content" > file
+  const echoMatch = command.match(/echo\s+(['"])([\s\S]*?)\1\s*>/);
+  if (echoMatch) return echoMatch[2];
+  return null;
+}
 // ── PreToolUse Hook ───────────────────────────────────────────────
 function hookPreToolUse() {
@@ -37,35 +115,91 @@ function hookPreToolUse() {
     const { tool_name: toolName, tool_input: toolInput = {}, cwd = process.cwd() } = data;
     const policy = readPolicy(cwd);
-    if (!policy) process.exit(0); // No policy = fail-open
     // Edit / Write enforcement
     if (toolName === 'Edit' || toolName === 'Write') {
-      const editPolicy = policy.edit_policy;
-      if (!editPolicy || editPolicy.allow_all) process.exit(0);
+      // Policy-based edit restriction (only if policy exists)
+      if (policy) {
+        const editPolicy = policy.edit_policy;
+        if (editPolicy && !editPolicy.allow_all) {
+          const filePath = toolInput.file_path || '';
+          const allowed = editPolicy.allow_patterns.some(p => matchesPattern(filePath, p));
+          if (!allowed) {
+            process.stderr.write(editPolicy.block_message || '⛔ Prevention: Edit blocked by policy.\n');
+            process.exit(2);
+          }
+        }
+      }
+      // Secret scanning (always runs, regardless of policy)
       const filePath = toolInput.file_path || '';
-      const allowed = editPolicy.allow_patterns.some(p => matchesPattern(filePath, p));
-      if (!allowed) {
-        process.stderr.write(editPolicy.block_message || '⛔ Prevention: Edit blocked by policy.\n');
-        process.exit(2);
+      const isAllowlisted = SECRET_ALLOWLIST_PATTERNS.some(p => matchesPattern(filePath, p));
+      if (!isAllowlisted) {
+        const contentToScan = toolName === 'Edit' ? (toolInput.new_string || '') : (toolInput.content || '');
+        if (contentToScan) {
+          const secretFound = checkForSecrets(contentToScan);
+          if (secretFound) {
+            process.stderr.write(
+              `⛔ Prevention: Secret detected — ${secretFound.name}\n` +
+              `Do not hardcode secrets. Use environment variables or a secret manager.\n` +
+              `File: ${filePath}\n`
+            );
+            process.exit(2);
+          }
+        }
       }
       process.exit(0);
     }
     // Bash enforcement
     if (toolName === 'Bash') {
-      const bashPolicy = policy.bash_policy;
-      if (!bashPolicy || !bashPolicy.blocked_commands) process.exit(0);
       const command = toolInput.command || '';
-      for (const rule of bashPolicy.blocked_commands) {
-        if (new RegExp(rule.pattern).test(command)) {
-          process.stderr.write(rule.message || '⛔ Prevention: Command blocked by policy.\n');
+      // Check edit policy for Bash commands that write files
+      // This prevents bypassing Write/Edit restrictions via cat/echo/tee/cp
+      if (policy) {
+        const editPolicy = policy.edit_policy;
+        if (editPolicy && !editPolicy.allow_all) {
+          const fileWriteTarget = extractFileWriteTarget(command);
+          if (fileWriteTarget) {
+            const allowed = editPolicy.allow_patterns.some(p => matchesPattern(fileWriteTarget, p));
+            if (!allowed) {
+              process.stderr.write(
+                (editPolicy.block_message || '⛔ Prevention: File write blocked by policy.\n') +
+                `\nBlocked file: ${fileWriteTarget}\n` +
+                'Use the Write tool instead of Bash to create files.\n'
+              );
+              process.exit(2);
+            }
+          }
+        }
+        // Blocked command patterns (git push, etc.)
+        const bashPolicy = policy.bash_policy;
+        if (bashPolicy && bashPolicy.blocked_commands) {
+          for (const rule of bashPolicy.blocked_commands) {
+            if (new RegExp(rule.pattern).test(command)) {
+              process.stderr.write(rule.message || '⛔ Prevention: Command blocked by policy.\n');
+              process.exit(2);
+            }
+          }
+        }
+      }
+      // Secret scanning for Bash commands that write file content
+      const inlineContent = extractBashWriteContent(command);
+      if (inlineContent) {
+        const secretFound = checkForSecrets(inlineContent);
+        if (secretFound) {
+          process.stderr.write(
+            `⛔ Prevention: Secret detected in Bash command — ${secretFound.name}\n` +
+            `Do not hardcode secrets. Use environment variables or a secret manager.\n`
+          );
           process.exit(2);
         }
       }
       process.exit(0);
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@avesta-hq/prevention",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "XP/CD development agent commands for Claude Code - achieve Elite DORA metrics through disciplined TDD and Continuous Delivery practices",
   "keywords": [
     "claude-code",
@@ -40,7 +40,8 @@
     "dev": "tsx src/mcp-server.ts",
     "test": "jest",
     "test:evals": "cd src/_deprecated/evals && python -m pytest test_cases/orchestrator/ -v",
-    "prebuild:assets": "tsx scripts/embed-assets.ts",
+    "generate:catalog": "tsx scripts/generate-catalog-data.ts",
+    "prebuild:assets": "tsx scripts/generate-catalog-data.ts && tsx scripts/embed-assets.ts",
     "build:binary": "npm run prebuild:assets && bun build src/mcp-server.ts --compile --outfile dist/prevention",
     "build:all": "npm run prebuild:assets && bun build src/mcp-server.ts --compile --target=bun-linux-x64 --outfile dist/prevention-linux-x64 && bun build src/mcp-server.ts --compile --target=bun-darwin-arm64 --outfile dist/prevention-darwin-arm64 && bun build src/mcp-server.ts --compile --target=bun-darwin-x64 --outfile dist/prevention-darwin-x64"
   },
@@ -57,6 +58,7 @@
     "jest": "^30.3.0",
     "ts-jest": "^29.4.6",
     "tsx": "^4.21.0",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.3",
+    "yaml": "^2.8.3"
   }
 }