npm - @bookedsolid/reagent - Versions diffs - 0.5.0 → 0.6.0 - Mend

@bookedsolid/reagent 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/cli/commands/init/github.d.ts +13 -0
package/dist/cli/commands/init/github.d.ts.map +1 -0
package/dist/cli/commands/init/github.js +81 -0
package/dist/cli/commands/init/github.js.map +1 -0
package/dist/cli/commands/init/index.d.ts.map +1 -1
package/dist/cli/commands/init/index.js +11 -0
package/dist/cli/commands/init/index.js.map +1 -1
package/dist/gateway/native-tools.d.ts.map +1 -1
package/dist/gateway/native-tools.js +38 -0
package/dist/gateway/native-tools.js.map +1 -1
package/dist/pm/github-bridge.d.ts +35 -0
package/dist/pm/github-bridge.d.ts.map +1 -1
package/dist/pm/github-bridge.js +185 -0
package/dist/pm/github-bridge.js.map +1 -1
package/dist/pm/types.d.ts +7 -7
package/hooks/ci-config-protection.sh +84 -0
package/hooks/file-size-guard.sh +64 -0
package/hooks/git-config-guard.sh +81 -0
package/hooks/import-guard.sh +99 -0
package/hooks/network-exfil-guard.sh +118 -0
package/hooks/output-validation.sh +101 -0
package/hooks/rate-limit-guard.sh +75 -0
package/hooks/symlink-guard.sh +96 -0
package/package.json +1 -1

package/hooks/symlink-guard.sh ADDED Viewed

@@ -0,0 +1,96 @@
+#!/bin/bash
+# PreToolUse hook: symlink-guard.sh
+# Fires BEFORE every Write tool call.
+# Resolves the target file path and blocks if it escapes the project root.
+# Guards against symlink traversal attacks where a path resolves outside the repo.
+#
+# Content extraction:
+#   Write tool → tool_input.file_path
+#
+# Exit codes:
+#   0 = path is within project root — allow
+#   2 = path escapes project root  — block
+set -uo pipefail
+INPUT=$(cat)
+# ── Dependency check ──────────────────────────────────────────────────────────
+if ! command -v jq >/dev/null 2>&1; then
+  printf 'REAGENT ERROR: jq is required but not installed.\n' >&2
+  printf 'Install: brew install jq  OR  apt-get install -y jq\n' >&2
+  exit 2
+fi
+# ── HALT check ────────────────────────────────────────────────────────────────
+REAGENT_ROOT="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+HALT_FILE="${REAGENT_ROOT}/.reagent/HALT"
+if [ -f "$HALT_FILE" ]; then
+  printf 'REAGENT HALT: %s\nAll agent operations suspended. Run: reagent unfreeze\n' \
+    "$(head -c 1024 "$HALT_FILE" 2>/dev/null || echo 'Reason unknown')" >&2
+  exit 2
+fi
+TOOL_NAME=$(printf '%s' "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+# Only applies to Write tool
+if [[ "$TOOL_NAME" != "Write" ]]; then
+  exit 0
+fi
+FILE_PATH=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+if [[ -z "$FILE_PATH" ]]; then
+  exit 0
+fi
+# ── Determine project root ────────────────────────────────────────────────────
+# Walk up from CLAUDE_PROJECT_DIR looking for .claude/ directory
+PROJECT_ROOT=""
+SEARCH_DIR="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+while [[ "$SEARCH_DIR" != "/" ]]; do
+  if [[ -d "$SEARCH_DIR/.claude" ]] || [[ -d "$SEARCH_DIR/.reagent" ]]; then
+    PROJECT_ROOT="$SEARCH_DIR"
+    break
+  fi
+  SEARCH_DIR=$(dirname "$SEARCH_DIR")
+done
+if [[ -z "$PROJECT_ROOT" ]]; then
+  PROJECT_ROOT="${CLAUDE_PROJECT_DIR:-$(pwd)}"
+fi
+# ── Resolve the file path (no-symlinks) ───────────────────────────────────────
+# Use python3 for portable path resolution since realpath --no-symlinks
+# is not universally available (macOS ships an older realpath)
+if command -v python3 >/dev/null 2>&1; then
+  RESOLVED=$(python3 -c "
+import os, sys
+p = sys.argv[1]
+# os.path.realpath resolves symlinks; we use normpath for lexical-only resolution
+# to detect path traversal without requiring the path to exist
+print(os.path.normpath(os.path.abspath(p)))
+" "$FILE_PATH" 2>/dev/null)
+elif command -v realpath >/dev/null 2>&1; then
+  # Fallback: realpath without --canonicalize-missing may still work on some systems
+  RESOLVED=$(realpath -m "$FILE_PATH" 2>/dev/null || realpath "$FILE_PATH" 2>/dev/null || printf '%s' "$FILE_PATH")
+else
+  # Last resort: use pwd-relative normalization
+  RESOLVED=$(cd "$(dirname "$FILE_PATH")" 2>/dev/null && pwd)/$(basename "$FILE_PATH") || printf '%s' "$FILE_PATH"
+fi
+# ── Check if resolved path is within project root ─────────────────────────────
+RESOLVED_PROJECT=$(python3 -c "import os; print(os.path.normpath(os.path.abspath('$PROJECT_ROOT')))" 2>/dev/null || printf '%s' "$PROJECT_ROOT")
+# Path must start with project root followed by / or be exactly the root
+if [[ "$RESOLVED" != "$RESOLVED_PROJECT"/* ]] && [[ "$RESOLVED" != "$RESOLVED_PROJECT" ]]; then
+  printf 'SYMLINK-GUARD: Path escapes project root — blocked\n' >&2
+  printf '  Requested path: %s\n' "$FILE_PATH" >&2
+  printf '  Resolved path:  %s\n' "$RESOLVED" >&2
+  printf '  Project root:   %s\n' "$RESOLVED_PROJECT" >&2
+  printf 'Block reason: The resolved path is outside the project directory.\n' >&2
+  printf 'This may indicate a symlink traversal attempt or an incorrect absolute path.\n' >&2
+  exit 2
+fi
+exit 0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bookedsolid/reagent",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Zero-trust MCP gateway — policy enforcement, secret redaction, and audit logging for AI-assisted projects",
   "license": "MIT",
   "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",