npm - @elizaos/skills - Versions diffs - 2.0.0-alpha.3 - Mend

@elizaos/skills 2.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/skills/security-modern-python/hooks/intercept-legacy-python.bats ADDED Viewed

@@ -0,0 +1,388 @@
+#!/usr/bin/env bats
+# Tests for intercept-legacy-python.sh hook
+load test_helper
+# =============================================================================
+# Early Exit Tests
+# =============================================================================
+@test "exits silently when uv is not available" {
+  # Run with restricted PATH that excludes uv
+  run_hook_no_uv "python script.py"
+  assert_allow
+}
+@test "exits silently on invalid JSON input" {
+  run bash -c 'echo "not json" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+@test "exits silently on empty JSON" {
+  run bash -c 'echo "{}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+@test "exits silently when command is empty string" {
+  run bash -c 'echo "{\"tool_input\":{\"command\":\"\"}}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+@test "exits silently when command field is missing" {
+  run bash -c 'echo "{\"tool_input\":{}}" | '"'$HOOK_SCRIPT'"
+  assert_allow
+}
+# =============================================================================
+# Allow: uv run (proper usage)
+# =============================================================================
+@test "allows uv run python" {
+  run_hook "uv run python script.py"
+  assert_allow
+}
+@test "allows uv run with script directly" {
+  run_hook "uv run script.py"
+  assert_allow
+}
+@test "allows uv run python -m module" {
+  run_hook "uv run python -m pytest"
+  assert_allow
+}
+@test "allows uv run after semicolon" {
+  run_hook "cd project; uv run python script.py"
+  assert_allow
+}
+@test "allows uv run after &&" {
+  run_hook "cd project && uv run python script.py"
+  assert_allow
+}
+# =============================================================================
+# Allow: Diagnostic Commands
+# =============================================================================
+@test "allows which python" {
+  run_hook "which python"
+  assert_allow
+}
+@test "allows which python3" {
+  run_hook "which python3"
+  assert_allow
+}
+@test "allows which pip" {
+  run_hook "which pip"
+  assert_allow
+}
+@test "allows which pip3" {
+  run_hook "which pip3"
+  assert_allow
+}
+@test "allows type python" {
+  run_hook "type python"
+  assert_allow
+}
+@test "allows type python3" {
+  run_hook "type python3"
+  assert_allow
+}
+@test "allows whereis python" {
+  run_hook "whereis python"
+  assert_allow
+}
+@test "allows whereis pip" {
+  run_hook "whereis pip"
+  assert_allow
+}
+@test "allows command -v python" {
+  run_hook "command -v python"
+  assert_allow
+}
+@test "allows command -v python3" {
+  run_hook "command -v python3"
+  assert_allow
+}
+@test "allows command -v pip" {
+  run_hook "command -v pip"
+  assert_allow
+}
+@test "allows command -v pip3" {
+  run_hook "command -v pip3"
+  assert_allow
+}
+# =============================================================================
+# Allow: Search Tools (python as argument, not command)
+# =============================================================================
+@test "allows grep python file.txt" {
+  run_hook "grep python file.txt"
+  assert_allow
+}
+@test "allows grep -r python src/" {
+  run_hook "grep -r python src/"
+  assert_allow
+}
+@test "allows rg python src/" {
+  run_hook "rg python src/"
+  assert_allow
+}
+@test "allows ag python ." {
+  run_hook "ag python ."
+  assert_allow
+}
+@test "allows ack python" {
+  run_hook "ack python"
+  assert_allow
+}
+@test "allows find with python in name pattern" {
+  run_hook "find . -name '*.py'"
+  assert_allow
+}
+@test "allows find with python string pattern" {
+  run_hook "find . -name 'python*'"
+  assert_allow
+}
+@test "allows grep piped to non-python command" {
+  run_hook "grep -l TODO | xargs rm"
+  assert_allow
+}
+@test "allows find piped to grep" {
+  run_hook "find . -name '*.py' | grep test"
+  assert_allow
+}
+# =============================================================================
+# Deny: Direct Python Execution
+# =============================================================================
+@test "denies python script.py" {
+  run_hook "python script.py"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+@test "denies python3 script.py" {
+  run_hook "python3 script.py"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+@test "denies python -c 'print(1)'" {
+  run_hook "python -c 'print(1)'"
+  assert_deny
+  assert_suggestion_contains "uv run python"
+}
+@test "denies python3 -m pytest" {
+  run_hook "python3 -m pytest"
+  assert_deny
+  assert_suggestion_contains "uv run python -m module"
+}
+@test "denies python -m module" {
+  run_hook "python -m http.server"
+  assert_deny
+  assert_suggestion_contains "uv run python -m module"
+}
+@test "denies python -m pip install" {
+  run_hook "python -m pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+@test "denies python3 -m pip install" {
+  run_hook "python3 -m pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+# =============================================================================
+# Deny: Pip Commands
+# =============================================================================
+@test "denies pip install" {
+  run_hook "pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+@test "denies pip3 install" {
+  run_hook "pip3 install requests"
+  assert_deny
+  assert_suggestion_contains "uv add"
+}
+@test "denies pip uninstall" {
+  run_hook "pip uninstall requests"
+  assert_deny
+  assert_suggestion_contains "uv remove"
+}
+@test "denies pip3 uninstall" {
+  run_hook "pip3 uninstall foo"
+  assert_deny
+  assert_suggestion_contains "uv remove"
+}
+@test "denies pip freeze" {
+  run_hook "pip freeze"
+  assert_deny
+  assert_suggestion_contains "uv export"
+}
+@test "denies pip3 freeze" {
+  run_hook "pip3 freeze"
+  assert_deny
+  assert_suggestion_contains "uv export"
+}
+@test "denies pip list" {
+  run_hook "pip list"
+  assert_deny
+  assert_suggestion_contains "uv"
+}
+@test "denies pip show" {
+  run_hook "pip show requests"
+  assert_deny
+  assert_suggestion_contains "uv"
+}
+# =============================================================================
+# Deny: uv pip (legacy interface)
+# =============================================================================
+@test "denies uv pip install" {
+  run_hook "uv pip install requests"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+@test "denies uv pip sync" {
+  run_hook "uv pip sync requirements.txt"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+@test "denies uv pip compile" {
+  run_hook "uv pip compile requirements.in"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+@test "denies uv pip freeze" {
+  run_hook "uv pip freeze"
+  assert_deny
+  assert_suggestion_contains "uv pip"
+  assert_suggestion_contains "legacy"
+}
+# =============================================================================
+# Deny: Piped Commands with Python Execution
+# =============================================================================
+@test "denies python3 script.py | grep foo" {
+  run_hook "python3 script.py | grep foo"
+  assert_deny
+}
+@test "denies python script.py | head" {
+  run_hook "python script.py | head"
+  assert_deny
+}
+@test "denies find | xargs python3" {
+  run_hook "find . -name '*.py' | xargs python3"
+  assert_deny
+}
+@test "denies grep | xargs python script.py" {
+  run_hook "grep -l test | xargs python script.py"
+  assert_deny
+}
+@test "denies cat file | python3" {
+  run_hook "cat file.txt | python3"
+  assert_deny
+}
+@test "denies echo | python -c" {
+  run_hook "echo 'data' | python -c 'import sys; print(sys.stdin.read())'"
+  assert_deny
+}
+# =============================================================================
+# Deny: Compound Commands
+# =============================================================================
+@test "denies python after semicolon" {
+  run_hook "cd project; python script.py"
+  assert_deny
+}
+@test "denies python after &&" {
+  run_hook "cd project && python script.py"
+  assert_deny
+}
+@test "denies python in subshell" {
+  run_hook "output=\$(python script.py)"
+  assert_deny
+}
+@test "denies pip after semicolon" {
+  run_hook "cd project; pip install requests"
+  assert_deny
+}
+# =============================================================================
+# Edge Cases
+# =============================================================================
+@test "allows command with python in path component" {
+  run_hook "cat /usr/bin/python3"
+  assert_allow
+}
+@test "allows ls of python directory" {
+  run_hook "ls ~/.python_history"
+  assert_allow
+}
+@test "denies bare python with no args" {
+  run_hook "python"
+  assert_deny
+}
+@test "denies bare python3 with no args" {
+  run_hook "python3"
+  assert_deny
+}

package/skills/security-modern-python/hooks/intercept-legacy-python.sh ADDED Viewed

@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Fast exit if uv not available
+command -v uv &>/dev/null || exit 0
+# Parse JSON input
+input_command=$(jq -r '.tool_input.command // empty' 2>/dev/null) || exit 0
+[[ -z "$input_command" ]] && exit 0
+suggestion=""
+# Skip if the command uses uv run (the proper way)
+# This handles: uv run python, uv run script.py, etc.
+if [[ $input_command =~ (^|[[:space:];|&])uv[[:space:]]+run[[:space:]] ]]; then
+  exit 0
+fi
+# Skip diagnostic commands (checking python location, not executing it)
+if [[ $input_command =~ (^|[[:space:];|&])(which|type|whereis)[[:space:]]+(python3?|pip3?)([[:space:]]|$) ]]; then
+  exit 0
+fi
+if [[ $input_command =~ command[[:space:]]+-v[[:space:]]+(python3?|pip3?)([[:space:]]|$) ]]; then
+  exit 0
+fi
+# Skip search tools when python/pip is NOT being executed
+# Handles: grep python (OK), python | grep (DENY), find | xargs python (DENY)
+if [[ $input_command =~ (^|[[:space:];|&])(grep|rg|ag|ack|find)[[:space:]] ]]; then
+  # Check for python/pip at COMMAND position before any pipe
+  # Command position: start of string (with optional whitespace) or after ; or &
+  before_pipe="${input_command%%|*}"
+  py_at_start='^[[:space:]]*(python3?|pip3?)([[:space:]]|$)'
+  py_after_sep='[;&][[:space:]]*(python3?|pip3?)([[:space:]]|$)'
+  if [[ $before_pipe =~ $py_at_start ]] || [[ $before_pipe =~ $py_after_sep ]]; then
+    : # Python executes before pipe - fall through to deny
+  # Check for xargs/parallel invoking python/pip after pipe
+  elif [[ $input_command == *"|"* ]]; then
+    after_pipe="${input_command#*|}"
+    if [[ $after_pipe =~ (xargs|parallel)[[:space:]] ]] &&
+      [[ $after_pipe =~ (python3?|pip3?)([[:space:]]|$) ]]; then
+      : # xargs/parallel invokes python - fall through to deny
+    else
+      exit 0 # No python execution found
+    fi
+  else
+    exit 0 # No pipe, search tool only - python is just an argument
+  fi
+fi
+# Pattern matching for legacy commands
+# Match at: start of line, after ; && || | $( or whitespace
+# Captures the matched command (python/python3/pip/pip3) in group 2
+legacy_pattern='(^|[;&|]|\$\(|[[:space:]])(python3?|pip3?)([[:space:]]|$)'
+if [[ $input_command =~ $legacy_pattern ]]; then
+  matched="${BASH_REMATCH[2]}"
+  # Determine suggestion based on what was matched
+  # Build patterns using the matched command
+  # shellcheck disable=SC2016
+  case "$matched" in
+    python | python3)
+      pip_pattern="${matched}[[:space:]]+-m[[:space:]]+pip"
+      module_pattern="${matched}[[:space:]]+-m[[:space:]]"
+      if [[ $input_command =~ $pip_pattern ]]; then
+        suggestion='`python -m pip` -> `uv add`/`uv remove`'
+      elif [[ $input_command =~ $module_pattern ]]; then
+        suggestion='`python -m module` -> `uv run python -m module`'
+      else
+        suggestion='`python` -> `uv run python`'
+      fi
+      ;;
+    pip | pip3)
+      install_pattern="${matched}[[:space:]]+install"
+      uninstall_pattern="${matched}[[:space:]]+uninstall"
+      freeze_pattern="${matched}[[:space:]]+freeze"
+      if [[ $input_command =~ $install_pattern ]]; then
+        suggestion='`pip install` -> `uv add` or `uv run --with pkg`'
+      elif [[ $input_command =~ $uninstall_pattern ]]; then
+        suggestion='`pip uninstall` -> `uv remove`'
+      elif [[ $input_command =~ $freeze_pattern ]]; then
+        suggestion='`pip freeze` -> `uv export`'
+      else
+        suggestion='`pip` -> use `uv` commands instead'
+      fi
+      ;;
+  esac
+fi
+# Also check for `uv pip` (legacy interface)
+uv_pip_pattern='(^|[[:space:];|&])uv[[:space:]]+pip([[:space:]]|$)'
+if [[ $input_command =~ $uv_pip_pattern ]]; then
+  # shellcheck disable=SC2016
+  suggestion='`uv pip` is legacy. Use: `uv add`, `uv remove`, `uv sync`'
+fi
+[[ -z "$suggestion" ]] && exit 0
+# Output denial with suggestion
+cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "Use uv instead: ${suggestion}"
+  }
+}
+EOF

package/skills/security-modern-python/hooks/test_helper.bash ADDED Viewed

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Test helper functions for intercept-legacy-python.sh BATS tests
+# shellcheck disable=SC2154  # status/output are BATS-provided variables
+# shellcheck disable=SC2016  # Single quotes for jq filter are intentional
+# Path to the hook script under test
+HOOK_SCRIPT="${BATS_TEST_DIRNAME}/intercept-legacy-python.sh"
+# Run the hook with a bash command
+# Usage: run_hook "python script.py"
+# Uses jq to properly escape the command string for JSON
+run_hook() {
+  local cmd="$1"
+  # Use jq to create properly escaped JSON, pipe directly to script
+  run bash -c 'jq -n --arg cmd "$1" '"'"'{"tool_input":{"command":$cmd}}'"'"' | "$2"' _ "$cmd" "$HOOK_SCRIPT"
+}
+# Run hook without uv available (for testing early exit)
+# Usage: run_hook_no_uv "python script.py"
+run_hook_no_uv() {
+  local cmd="$1"
+  # Create a subshell with restricted PATH that excludes uv
+  # Suppress stderr to ignore jq's "Broken pipe" when script exits early
+  run env PATH=/usr/bin:/bin bash -c 'jq -n --arg cmd "$1" '"'"'{"tool_input":{"command":$cmd}}'"'"' 2>/dev/null | "$2"' _ "$cmd" "$HOOK_SCRIPT"
+}
+# Assert the hook allowed the command (exit 0, no output)
+assert_allow() {
+  if [[ $status -ne 0 ]]; then
+    echo "Expected exit 0 (allow), got exit $status"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ -n "$output" ]]; then
+    echo "Expected no output (allow), got:"
+    echo "$output"
+    return 1
+  fi
+}
+# Assert the hook denied the command (JSON output with deny decision)
+assert_deny() {
+  if [[ $status -ne 0 ]]; then
+    echo "Expected exit 0 with deny JSON, got exit $status"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ -z "$output" ]]; then
+    echo "Expected deny JSON output, got empty"
+    return 1
+  fi
+  if ! echo "$output" | jq -e '.hookSpecificOutput.permissionDecision == "deny"' >/dev/null 2>&1; then
+    echo "Expected permissionDecision: deny"
+    echo "Output: $output"
+    return 1
+  fi
+}
+# Assert the suggestion contains expected text
+# Usage: assert_suggestion_contains "uv run python"
+assert_suggestion_contains() {
+  local expected="$1"
+  local reason
+  reason=$(echo "$output" | jq -r '.hookSpecificOutput.permissionDecisionReason // empty' 2>/dev/null)
+  if [[ -z "$reason" ]]; then
+    echo "No permissionDecisionReason found in output"
+    echo "Output: $output"
+    return 1
+  fi
+  if [[ "$reason" != *"$expected"* ]]; then
+    echo "Expected suggestion to contain: $expected"
+    echo "Got: $reason"
+    return 1
+  fi
+}