@elizaos/skills 2.0.0-alpha.10

package/skills/security-modern-python/hooks/intercept-legacy-python.bats

@@ -0,0 +1,388 @@
+#!/usr/bin/env bats
+# Tests for intercept-legacy-python.sh hook
+
+load test_helper
+
+# =============================================================================
+# Early Exit Tests
+# =============================================================================
+
+@test "exits silently when uv is not available" {
+  # Run with restricted PATH that excludes uv
+  run_hook_no_uv "python script.py"
+  assert_allow
+}
+
+@test "exits silently on invalid JSON input" {
+  run bash -c 'echo "not json" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+
+@test "exits silently on empty JSON" {
+  run bash -c 'echo "{}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+
+@test "exits silently when command is empty string" {
+  run bash -c 'echo "{\"tool_input\":{\"command\":\"\"}}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+
+@test "exits silently when command field is missing" {
+  run bash -c 'echo "{\"tool_input\":{}}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+
+# =============================================================================
+# Allow: uv run (proper usage)
+# =============================================================================
+
+@test "allows uv run python" {
+  run_hook "uv run python script.py"
+  assert_allow
+}
+
+@test "allows uv run with script directly" {
+  run_hook "uv run script.py"
+  assert_allow
+}
+
+@test "allows uv run python -m module" {
+  run_hook "uv run python -m pytest"
+  assert_allow
+}
+
+@test "allows uv run after semicolon" {
+  run_hook "cd project; uv run python script.py"
+  assert_allow
+}
+
+@test "allows uv run after &&" {
+  run_hook "cd project && uv run python script.py"
+  assert_allow
+}
+
+# =============================================================================
+# Allow: Diagnostic Commands
+# =============================================================================
+
+@test "allows which python" {
+  run_hook "which python"
+  assert_allow
+}
+
+@test "allows which python3" {
+  run_hook "which python3"
+  assert_allow
+}
+
+@test "allows which pip" {
+  run_hook "which pip"
+  assert_allow
+}
+
+@test "allows which pip3" {
+  run_hook "which pip3"
+  assert_allow
+}
+
+@test "allows type python" {
+  run_hook "type python"
+  assert_allow
+}
+
+@test "allows type python3" {
+  run_hook "type python3"
+  assert_allow
+}
+
+@test "allows whereis python" {
+  run_hook "whereis python"
+  assert_allow
+}
+
+@test "allows whereis pip" {
+  run_hook "whereis pip"
+  assert_allow
+}
+
+@test "allows command -v python" {
+  run_hook "command -v python"
+  assert_allow
+}
+
+@test "allows command -v python3" {
+  run_hook "command -v python3"
+  assert_allow
+}
+
+@test "allows command -v pip" {
+  run_hook "command -v pip"
+  assert_allow
+}
+
+@test "allows command -v pip3" {
+  run_hook "command -v pip3"
+  assert_allow
+}
+
+# =============================================================================
+# Allow: Search Tools (python as argument, not command)
+# =============================================================================
+
+@test "allows grep python file.txt" {
+  run_hook "grep python file.txt"
+  assert_allow
+}
+
+@test "allows grep -r python src/" {
+  run_hook "grep -r python src/"
+  assert_allow
+}
+
+@test "allows rg python src/" {
+  run_hook "rg python src/"
+  assert_allow
+}
+
+@test "allows ag python ." {
+  run_hook "ag python ."
+  assert_allow
+}
+
+@test "allows ack python" {
+  run_hook "ack python"
+  assert_allow
+}
+
+@test "allows find with python in name pattern" {
+  run_hook "find . -name '*.py'"
+  assert_allow
+}
+
+@test "allows find with python string pattern" {
+  run_hook "find . -name 'python*'"
+  assert_allow
+}
+
+@test "allows grep piped to non-python command" {
+  run_hook "grep -l TODO | xargs rm"
+  assert_allow
+}
+
+@test "allows find piped to grep" {
+  run_hook "find . -name '*.py' | grep test"
+  assert_allow
+}
+
+# =============================================================================
+# Deny: Direct Python Execution
+# =============================================================================
+
+@test "denies python script.py" {
+  run_hook "python script.py"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+
+@test "denies python3 script.py" {
+  run_hook "python3 script.py"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+
+@test "denies python -c 'print(1)'" {
+  run_hook "python -c 'print(1)'"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+
+@test "denies python3 -m pytest" {
+  run_hook "python3 -m pytest"
+  assert_deny
+  assert_suggestion_contains "uv run python -m module"
+}
+
+@test "denies python -m module" {
+  run_hook "python -m http.server"
+  assert_deny
+  assert_suggestion_contains "uv run python -m module"
+}
+
+@test "denies python -m pip install" {
+  run_hook "python -m pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+
+@test "denies python3 -m pip install" {
+  run_hook "python3 -m pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+
+# =============================================================================
+# Deny: Pip Commands
+# =============================================================================
+
+@test "denies pip install" {
+  run_hook "pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+
+@test "denies pip3 install" {
+  run_hook "pip3 install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+
+@test "denies pip uninstall" {
+  run_hook "pip uninstall requests"
+  assert_deny
+  assert_suggestion_contains "uv remove"
+}
+
+@test "denies pip3 uninstall" {
+  run_hook "pip3 uninstall foo"
+  assert_deny
+  assert_suggestion_contains "uv remove"
+}
+
+@test "denies pip freeze" {
+  run_hook "pip freeze"
+  assert_deny
+  assert_suggestion_contains "uv export"
+}
+
+@test "denies pip3 freeze" {
+  run_hook "pip3 freeze"
+  assert_deny
+  assert_suggestion_contains "uv export"
+}
+
+@test "denies pip list" {
+  run_hook "pip list"
+  assert_deny
+  assert_suggestion_contains "uv"
+}
+
+@test "denies pip show" {
+  run_hook "pip show requests"
+  assert_deny
+  assert_suggestion_contains "uv"
+}
+
+# =============================================================================
+# Deny: uv pip (legacy interface)
+# =============================================================================
+
+@test "denies uv pip install" {
+  run_hook "uv pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+
+@test "denies uv pip sync" {
+  run_hook "uv pip sync requirements.txt"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+
+@test "denies uv pip compile" {
+  run_hook "uv pip compile requirements.in"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+
+@test "denies uv pip freeze" {
+  run_hook "uv pip freeze"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+
+# =============================================================================
+# Deny: Piped Commands with Python Execution
+# =============================================================================
+
+@test "denies python3 script.py | grep foo" {
+  run_hook "python3 script.py | grep foo"
+  assert_deny
+}
+
+@test "denies python script.py | head" {
+  run_hook "python script.py | head"
+  assert_deny
+}
+
+@test "denies find | xargs python3" {
+  run_hook "find . -name '*.py' | xargs python3"
+  assert_deny
+}
+
+@test "denies grep | xargs python script.py" {
+  run_hook "grep -l test | xargs python script.py"
+  assert_deny
+}
+
+@test "denies cat file | python3" {
+  run_hook "cat file.txt | python3"
+  assert_deny
+}
+
+@test "denies echo | python -c" {
+  run_hook "echo 'data' | python -c 'import sys; print(sys.stdin.read())'"
+  assert_deny
+}
+
+# =============================================================================
+# Deny: Compound Commands
+# =============================================================================
+
+@test "denies python after semicolon" {
+  run_hook "cd project; python script.py"
+  assert_deny
+}
+
+@test "denies python after &&" {
+  run_hook "cd project && python script.py"
+  assert_deny
+}
+
+@test "denies python in subshell" {
+  run_hook "output=\$(python script.py)"
+  assert_deny
+}
+
+@test "denies pip after semicolon" {
+  run_hook "cd project; pip install requests"
+  assert_deny
+}
+
+# =============================================================================
+# Edge Cases
+# =============================================================================
+
+@test "allows command with python in path component" {
+  run_hook "cat /usr/bin/python3"
+  assert_allow
+}
+
+@test "allows ls of python directory" {
+  run_hook "ls ~/.python_history"
+  assert_allow
+}
+
+@test "denies bare python with no args" {
+  run_hook "python"
+  assert_deny
+}
+
+@test "denies bare python3 with no args" {
+  run_hook "python3"
+  assert_deny
+}

package/skills/security-modern-python/hooks/intercept-legacy-python.sh

@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Fast exit if uv not available
+command -v uv &>/dev/null || exit 0
+
+# Parse JSON input
+input_command=$(jq -r '.tool_input.command // empty' 2>/dev/null) || exit 0
+[[ -z "$input_command" ]] && exit 0
+
+suggestion=""
+
+# Skip if the command uses uv run (the proper way)
+# This handles: uv run python, uv run script.py, etc.
+if [[ $input_command =~ (^|[[:space:];|&])uv[[:space:]]+run[[:space:]] ]]; then
+  exit 0
+fi
+
+# Skip diagnostic commands (checking python location, not executing it)
+if [[ $input_command =~ (^|[[:space:];|&])(which|type|whereis)[[:space:]]+(python3?|pip3?)([[:space:]]|$) ]]; then
+  exit 0
+fi
+if [[ $input_command =~ command[[:space:]]+-v[[:space:]]+(python3?|pip3?)([[:space:]]|$) ]]; then
+  exit 0
+fi
+
+# Skip search tools when python/pip is NOT being executed
+# Handles: grep python (OK), python | grep (DENY), find | xargs python (DENY)
+if [[ $input_command =~ (^|[[:space:];|&])(grep|rg|ag|ack|find)[[:space:]] ]]; then
+  # Check for python/pip at COMMAND position before any pipe
+  # Command position: start of string (with optional whitespace) or after ; or &
+  before_pipe="${input_command%%|*}"
+  py_at_start='^[[:space:]]*(python3?|pip3?)([[:space:]]|$)'
+  py_after_sep='[;&][[:space:]]*(python3?|pip3?)([[:space:]]|$)'
+  if [[ $before_pipe =~ $py_at_start ]] || [[ $before_pipe =~ $py_after_sep ]]; then
+    : # Python executes before pipe - fall through to deny
+  # Check for xargs/parallel invoking python/pip after pipe
+  elif [[ $input_command == *"|"* ]]; then
+    after_pipe="${input_command#*|}"
+    if [[ $after_pipe =~ (xargs|parallel)[[:space:]] ]] &&
+      [[ $after_pipe =~ (python3?|pip3?)([[:space:]]|$) ]]; then
+      : # xargs/parallel invokes python - fall through to deny
+    else
+      exit 0 # No python execution found
+    fi
+  else
+    exit 0 # No pipe, search tool only - python is just an argument
+  fi
+fi
+
+# Pattern matching for legacy commands
+# Match at: start of line, after ; && || | $( or whitespace
+# Captures the matched command (python/python3/pip/pip3) in group 2
+legacy_pattern='(^|[;&|]|\$\(|[[:space:]])(python3?|pip3?)([[:space:]]|$)'
+
+if [[ $input_command =~ $legacy_pattern ]]; then
+  matched="${BASH_REMATCH[2]}"
+
+  # Determine suggestion based on what was matched
+  # Build patterns using the matched command
+  # shellcheck disable=SC2016
+  case "$matched" in
+    python | python3)
+      pip_pattern="${matched}[[:space:]]+-m[[:space:]]+pip"
+      module_pattern="${matched}[[:space:]]+-m[[:space:]]"
+      if [[ $input_command =~ $pip_pattern ]]; then
+        suggestion='`python -m pip` -> `uv add`/`uv remove`'
+      elif [[ $input_command =~ $module_pattern ]]; then
+        suggestion='`python -m module` -> `uv run python -m module`'
+      else
+        suggestion='`python` -> `uv run python`'
+      fi
+      ;;
+    pip | pip3)
+      install_pattern="${matched}[[:space:]]+install"
+      uninstall_pattern="${matched}[[:space:]]+uninstall"
+      freeze_pattern="${matched}[[:space:]]+freeze"
+      if [[ $input_command =~ $install_pattern ]]; then
+        suggestion='`pip install` -> `uv add` or `uv run --with pkg`'
+      elif [[ $input_command =~ $uninstall_pattern ]]; then
+        suggestion='`pip uninstall` -> `uv remove`'
+      elif [[ $input_command =~ $freeze_pattern ]]; then
+        suggestion='`pip freeze` -> `uv export`'
+      else
+        suggestion='`pip` -> use `uv` commands instead'
+      fi
+      ;;
+  esac
+fi
+
+# Also check for `uv pip` (legacy interface)
+uv_pip_pattern='(^|[[:space:];|&])uv[[:space:]]+pip([[:space:]]|$)'
+if [[ $input_command =~ $uv_pip_pattern ]]; then
+  # shellcheck disable=SC2016
+  suggestion='`uv pip` is legacy. Use: `uv add`, `uv remove`, `uv sync`'
+fi
+
+[[ -z "$suggestion" ]] && exit 0
+
+# Output denial with suggestion
+cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "Use uv instead: ${suggestion}"
+  }
+}
+EOF

package/skills/security-modern-python/hooks/test_helper.bash

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Test helper functions for intercept-legacy-python.sh BATS tests
+# shellcheck disable=SC2154  # status/output are BATS-provided variables
+# shellcheck disable=SC2016  # Single quotes for jq filter are intentional
+
+# Path to the hook script under test
+HOOK_SCRIPT="${BATS_TEST_DIRNAME}/intercept-legacy-python.sh"
+
+# Run the hook with a bash command
+# Usage: run_hook "python script.py"
+# Uses jq to properly escape the command string for JSON
+run_hook() {
+  local cmd="$1"
+  # Use jq to create properly escaped JSON, pipe directly to script
+  run bash -c 'jq -n --arg cmd "$1" '"'"'{"tool_input":{"command":$cmd}}'"'"' | "$2"' _ "$cmd" "$HOOK_SCRIPT"
+}
+
+# Run hook without uv available (for testing early exit)
+# Usage: run_hook_no_uv "python script.py"
+run_hook_no_uv() {
+  local cmd="$1"
+  # Create a subshell with restricted PATH that excludes uv
+  # Suppress stderr to ignore jq's "Broken pipe" when script exits early
+  run env PATH=/usr/bin:/bin bash -c 'jq -n --arg cmd "$1" '"'"'{"tool_input":{"command":$cmd}}'"'"' 2>/dev/null | "$2"' _ "$cmd" "$HOOK_SCRIPT"
+}
+
+# Assert the hook allowed the command (exit 0, no output)
+assert_allow() {
+  if [[ $status -ne 0 ]]; then
+    echo "Expected exit 0 (allow), got exit $status"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ -n "$output" ]]; then
+    echo "Expected no output (allow), got:"
+    echo "$output"
+    return 1
+  fi
+}
+
+# Assert the hook denied the command (JSON output with deny decision)
+assert_deny() {
+  if [[ $status -ne 0 ]]; then
+    echo "Expected exit 0 with deny JSON, got exit $status"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ -z "$output" ]]; then
+    echo "Expected deny JSON output, got empty"
+    return 1
+  fi
+  if ! echo "$output" | jq -e '.hookSpecificOutput.permissionDecision == "deny"' >/dev/null 2>&1; then
+    echo "Expected permissionDecision: deny"
+    echo "Output: $output"
+    return 1
+  fi
+}
+
+# Assert the suggestion contains expected text
+# Usage: assert_suggestion_contains "uv run python"
+assert_suggestion_contains() {
+  local expected="$1"
+  local reason
+  reason=$(echo "$output" | jq -r '.hookSpecificOutput.permissionDecisionReason // empty' 2>/dev/null)
+  if [[ -z "$reason" ]]; then
+    echo "No permissionDecisionReason found in output"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ "$reason" != *"$expected"* ]]; then
+    echo "Expected suggestion to contain: $expected"
+    echo "Got: $reason"
+    return 1
+  fi
+}