@feiyoug/skill-lab 0.0.0 → 0.0.2

package/src/analyzer/steps/003-risks/dep-risks.ts

@@ -0,0 +1,89 @@
+import type { AnalyzerContext, AnalyzerState } from "../../types.js";
+import type { Permission, Reference } from "../../../shared/mod.js";
+import { addRisk } from "./helpers.js";
+import { isAllowed, isDenied } from "./policy.js";
+import type { TreesitterGrammar } from "../../treesitter/registry.js";
+import { GRAMMAR_SPECS } from "../../treesitter/registry.js";
+
+export function analyzeDependencyRisks(
+    state: AnalyzerState,
+    context: Pick<AnalyzerContext, "config">,
+): AnalyzerState {
+    let next = state;
+
+    for (const permission of next.permissions) {
+        if (permission.scope !== "dep") continue;
+
+        if (permission.permission === "import") {
+            const grammar = resolveGrammar(permission.tool);
+            const importName = permission.args?.[0]?.trim();
+            if (!importName) continue;
+            const groupKey = `DEPENDENCY:external_import:${grammar ?? "unknown"}`;
+
+            if (grammar && isDenied(context.config, grammar, importName)) {
+                next = addRisk(next, {
+                    type: "DEPENDENCY:external_import",
+                    groupKey,
+                    severity: "critical",
+                    message:
+                        `Import '${importName}' is denied by config for ${grammar} and may execute untrusted dependency code.`,
+                    permissionIds: [permission.id],
+                    reference: resolvePrimaryReference(permission),
+                    metadata: { policy: { language: { grammar, importName, source: "denylist" } } },
+                });
+                continue;
+            }
+
+            if (grammar && isAllowed(context.config, grammar, importName)) {
+                continue;
+            }
+
+            next = addRisk(next, {
+                type: "DEPENDENCY:external_import",
+                groupKey,
+                severity: "warning",
+                message: `External import not explicitly configured: ${importName}`,
+                permissionIds: [permission.id],
+                reference: resolvePrimaryReference(permission),
+                metadata: grammar
+                    ? { policy: { language: { grammar, importName, source: "default" } } }
+                    : undefined,
+            });
+            continue;
+        }
+
+        if (permission.permission === "externalreference") {
+            const discoveryMethod = permission.metadata?.discoveryMethod;
+            const path = permission.args?.[0] ?? permission.tool;
+            const isSourceInclude = discoveryMethod === "source";
+
+            next = addRisk(next, {
+                type: "REFERENCE:external_file",
+                groupKey: `REFERENCE:external_file:${permission.tool}`,
+                severity: "warning",
+                message: isSourceInclude
+                    ? `Sourced external file not analyzed yet: ${path}`
+                    : `External reference not analyzed yet: ${path}`,
+                permissionIds: [permission.id],
+                reference: resolvePrimaryReference(permission),
+                metadata: isSourceInclude ? { discoveryMethod: "source" } : undefined,
+            });
+        }
+    }
+
+    return next;
+}
+
+function resolveGrammar(tool: string): TreesitterGrammar | null {
+    return tool in GRAMMAR_SPECS ? (tool as TreesitterGrammar) : null;
+}
+
+function resolvePrimaryReference(permission: Permission): Reference {
+    const reference = permission.references[0];
+    if (reference) return reference;
+    return {
+        file: "SKILL.md",
+        line: 1,
+        type: "content",
+    };
+}

package/src/analyzer/steps/003-risks/helpers.ts

@@ -0,0 +1,41 @@
+import type { AnalyzerState } from "../../types.js";
+import type { Risk, RiskCode, Severity } from "../../../shared/mod.js";
+import { generateRiskId } from "../../utils/id-generator.js";
+
+export function addRisk(
+    state: AnalyzerState,
+    input: {
+        type: RiskCode;
+        groupKey?: string;
+        severity: Severity;
+        message: string;
+        permissionIds: string[];
+        reference: AnalyzerState["findings"][number]["reference"];
+        metadata?: Record<string, unknown>;
+    },
+): AnalyzerState {
+    const risk: Risk = {
+        id: generateRiskId(input.type, state.risks.length),
+        type: input.type,
+        groupKey: input.groupKey,
+        severity: input.severity,
+        message: input.message,
+        reference: input.reference,
+        permissions: input.permissionIds,
+        metadata: input.metadata,
+    };
+
+    const permissions = state.permissions.map((perm) => {
+        if (!input.permissionIds.includes(perm.id)) return perm;
+        return {
+            ...perm,
+            risks: Array.from(new Set([...perm.risks, risk.id])),
+        };
+    });
+
+    return {
+        ...state,
+        permissions,
+        risks: [...state.risks, risk],
+    };
+}

package/src/analyzer/steps/003-risks/mod.ts

@@ -0,0 +1,86 @@
+import * as dntShim from "../../../_dnt.shims.js";
+import ProgressBar from "../../../deps/jsr.io/@deno-library/progress/1.5.1/mod.js";
+import { SkillAnalyzerResult } from "../../result.js";
+import type { AnalyzerContext, AnalyzerState } from "../../types.js";
+import { DEFAULT_ANALYZER_CONFIG, resolveConfig } from "../../config/mod.js";
+import { analyzeDependencyRisks } from "./dep-risks.js";
+import { analyzeRuleMappedRisks } from "./rule-mapped.js";
+
+const REMOTE_SCRIPT_WARNING = "Remote script content analysis is NOT_IMPLEMENTED";
+const ANSI_SHOW_CURSOR = "\x1b[?25h";
+const ENCODER = new TextEncoder();
+
+export async function run003Risks(
+    state: AnalyzerState,
+    context?: Pick<AnalyzerContext, "showProgressBar" | "config">,
+): Promise<SkillAnalyzerResult> {
+    let next = state;
+    const resolvedConfig = context?.config ?? resolveConfig(DEFAULT_ANALYZER_CONFIG);
+
+    const shouldRenderProgress = (context?.showProgressBar ?? false) && dntShim.Deno.stderr.isTerminal();
+    const riskBar = shouldRenderProgress
+        ? new ProgressBar({
+            total: Math.max(1, next.findings.length),
+            clear: true,
+            output: dntShim.Deno.stderr,
+            display: "Finalizing [:bar] :completed/:total findings :percent",
+        })
+        : null;
+    let processed = 0;
+
+    try {
+        if (riskBar) {
+            await riskBar.render(processed);
+        }
+
+        const resolvedContext = { config: resolvedConfig };
+        next = analyzeDependencyRisks(next, resolvedContext);
+        next = analyzeRuleMappedRisks(next, resolvedContext, () => {
+            processed += 1;
+            if (riskBar) {
+                void riskBar.render(processed);
+            }
+        });
+    } finally {
+        if (riskBar) {
+            await riskBar.end();
+        }
+        if (shouldRenderProgress && dntShim.Deno.stderr.isTerminal()) {
+            dntShim.Deno.stderr.writeSync(ENCODER.encode(ANSI_SHOW_CURSOR));
+        }
+    }
+
+    next = addRemoteScriptWarningIfNeeded(next);
+    return new SkillAnalyzerResult(dedupeRisks(next), resolvedConfig);
+}
+
+function addRemoteScriptWarningIfNeeded(state: AnalyzerState): AnalyzerState {
+    const hasRemoteCodeExecution = state.risks.some((risk) =>
+        risk.type === "NETWORK:remote_code_execution"
+    );
+    if (!hasRemoteCodeExecution) return state;
+    if (state.warnings.includes(REMOTE_SCRIPT_WARNING)) return state;
+    return {
+        ...state,
+        warnings: [...state.warnings, REMOTE_SCRIPT_WARNING],
+    };
+}
+
+function dedupeRisks(state: AnalyzerState): AnalyzerState {
+    const map = new Map<string, AnalyzerState["risks"][number]>();
+
+    for (const risk of state.risks) {
+        const key = `${risk.type}:${risk.reference.file}:${risk.reference.line}`;
+        if (!map.has(key)) {
+            map.set(key, risk);
+            continue;
+        }
+        const existing = map.get(key)!;
+        existing.permissions = Array.from(new Set([...existing.permissions, ...risk.permissions]));
+    }
+
+    return {
+        ...state,
+        risks: Array.from(map.values()),
+    };
+}

package/src/analyzer/steps/003-risks/policy.ts

@@ -0,0 +1,38 @@
+import type { TreesitterGrammar } from "../../treesitter/registry.js";
+import type { AnalyzerConfig } from "../../config/mod.js";
+
+function normalizeEntry(value: string): string {
+    return value.trim().toLowerCase();
+}
+
+function listHasValue(list: string[] | undefined, value: string | undefined): boolean {
+    if (!value || !list || list.length === 0) return false;
+    const normalized = normalizeEntry(value);
+    return list.some((entry) => normalizeEntry(entry) === normalized);
+}
+
+export function isDenied(
+    config: AnalyzerConfig,
+    grammar: TreesitterGrammar,
+    importName: string,
+): boolean {
+    const imports = config.denylist?.languages?.[grammar]?.imports;
+    return listHasValue(imports, importName);
+}
+
+export function isAllowed(
+    config: AnalyzerConfig,
+    grammar: TreesitterGrammar,
+    importName: string,
+): boolean {
+    const imports = config.allowlist?.languages?.[grammar]?.imports;
+    return listHasValue(imports, importName);
+}
+
+export function isNetworkDenied(config: AnalyzerConfig, host: string): boolean {
+    return listHasValue(config.denylist?.network?.domains, host);
+}
+
+export function isNetworkAllowed(config: AnalyzerConfig, host: string): boolean {
+    return listHasValue(config.allowlist?.network?.domains, host);
+}

package/src/analyzer/steps/003-risks/rule-mapped.ts

@@ -0,0 +1,206 @@
+import { evalRuleRiskMappings, RULES_BY_ID } from "../../rules/mod.js";
+import type { AnalyzerContext, AnalyzerState } from "../../types.js";
+import type { Finding, Permission, RiskCode } from "../../../shared/mod.js";
+import { addRisk } from "./helpers.js";
+import { isAllowed, isDenied, isNetworkAllowed, isNetworkDenied } from "./policy.js";
+import type { TreesitterGrammar } from "../../treesitter/registry.js";
+import { GRAMMAR_SPECS } from "../../treesitter/registry.js";
+
+const PROMPT_CATEGORY = "PROMPT";
+const INJECTION_CATEGORY = "INJECTION";
+const NETWORK_CATEGORY = "NETWORK";
+const SECRETS_CATEGORY = "SECRETS";
+const DESTRUCTIVE_CATEGORIES = new Set(["DESTRUCTIVE", "PRIVILEGE", "PERSISTENCE"]);
+
+export function analyzeRuleMappedRisks(
+    state: AnalyzerState,
+    context: Pick<AnalyzerContext, "config">,
+    onFindingProcessed?: () => void,
+): AnalyzerState {
+    let next = state;
+
+    for (const finding of next.findings) {
+        const rule = RULES_BY_ID.get(finding.ruleId);
+        if (!rule) continue;
+
+        const matchedPermission = resolvePermissionForFinding(next, finding);
+        const mapped = evalRuleRiskMappings(rule, { permission: matchedPermission, finding });
+
+        for (const risk of mapped) {
+            const policy = resolvePolicyForRisk({
+                context,
+                rule,
+                finding,
+                permission: matchedPermission,
+                risk,
+            });
+            if (policy.skip) continue;
+
+            const permissionIds = selectPermissionIds(next, finding, risk.code, matchedPermission);
+            if (permissionIds.length === 0) continue;
+
+            next = addRisk(next, {
+                type: risk.code,
+                groupKey: matchedPermission ? `${risk.code}:${matchedPermission.tool}` : risk.code,
+                severity: risk.severity,
+                message: risk.message,
+                permissionIds,
+                reference: finding.reference,
+                metadata: policy.metadata,
+            });
+        }
+
+        onFindingProcessed?.();
+    }
+
+    return next;
+}
+
+function resolvePolicyForRisk(input: {
+    context: Pick<AnalyzerContext, "config">;
+    rule: ReturnType<typeof RULES_BY_ID.get>;
+    finding: Finding;
+    permission: Permission | undefined;
+    risk: { code: RiskCode; metadata?: Record<string, unknown> };
+}): { skip: boolean; metadata?: Record<string, unknown> } {
+    const { context, rule, finding, permission, risk } = input;
+    const baseMetadata = (risk.metadata ?? finding.extracted) as
+        | Record<string, unknown>
+        | undefined;
+    const policyMetadata: Record<string, unknown> = {};
+
+    if (risk.code.startsWith("NETWORK:")) {
+        const host = resolveHost(baseMetadata);
+        if (host) {
+            if (isNetworkDenied(context.config, host)) {
+                policyMetadata.network = { host, source: "denylist" };
+            } else if (isNetworkAllowed(context.config, host)) {
+                return { skip: true };
+            }
+        }
+    }
+
+    const grammar = resolveRuleGrammar(rule);
+    const importName = resolveImportName(finding, permission);
+    if (grammar && importName) {
+        if (isDenied(context.config, grammar, importName)) {
+            policyMetadata.language = { grammar, importName, source: "denylist" };
+        } else if (isAllowed(context.config, grammar, importName)) {
+            return { skip: true };
+        }
+    }
+
+    const metadata = Object.keys(policyMetadata).length
+        ? { ...(baseMetadata ?? {}), policy: policyMetadata }
+        : baseMetadata;
+
+    return { skip: false, metadata };
+}
+
+function resolveRuleGrammar(
+    rule: ReturnType<typeof RULES_BY_ID.get>,
+): TreesitterGrammar | null {
+    if (!rule) return null;
+    if ("grammar" in rule && typeof rule.grammar === "string") {
+        return rule.grammar in GRAMMAR_SPECS ? (rule.grammar as TreesitterGrammar) : null;
+    }
+    return null;
+}
+
+function resolveImportName(
+    finding: Finding,
+    permission: Permission | undefined,
+): string | undefined {
+    const extracted = finding.extracted as Record<string, unknown> | undefined;
+    const candidates = [
+        extracted?.import,
+        extracted?.module,
+        extracted?.package,
+        extracted?.dependency,
+    ];
+
+    for (const value of candidates) {
+        if (typeof value === "string" && value.trim()) return value.trim();
+    }
+
+    if (permission?.metadata) {
+        const meta = permission.metadata as Record<string, unknown>;
+        const metaCandidates = [meta.import, meta.module, meta.package, meta.dependency];
+        for (const value of metaCandidates) {
+            if (typeof value === "string" && value.trim()) return value.trim();
+        }
+    }
+
+    return undefined;
+}
+
+function resolveHost(metadata?: Record<string, unknown>): string | undefined {
+    if (!metadata) return undefined;
+    const raw = metadata.host;
+    if (typeof raw === "string" && raw.trim()) return raw.trim();
+    return undefined;
+}
+
+function resolvePermissionForFinding(
+    state: AnalyzerState,
+    finding: Finding,
+): Permission | undefined {
+    return state.permissions.find((permission) => overlaps(permission, finding));
+}
+
+function selectPermissionIds(
+    state: AnalyzerState,
+    finding: Finding,
+    code: RiskCode,
+    matchedPermission: Permission | undefined,
+): string[] {
+    const category = code.split(":", 1)[0];
+
+    if (category === PROMPT_CATEGORY) {
+        return state.permissions.map((perm) => perm.id);
+    }
+
+    if (category === INJECTION_CATEGORY) {
+        return state.permissions
+            .filter((perm) => perm.scope === "sys" || perm.scope === "net")
+            .map((perm) => perm.id);
+    }
+
+    if (category === NETWORK_CATEGORY) {
+        if (code === "NETWORK:remote_code_execution") {
+            return state.permissions
+                .filter((perm) => perm.scope === "sys")
+                .filter((perm) => overlaps(perm, finding))
+                .map((perm) => perm.id);
+        }
+        return matchedPermission ? [matchedPermission.id] : [];
+    }
+
+    if (category === SECRETS_CATEGORY) {
+        return state.permissions
+            .filter((perm) => perm.scope === "env")
+            .filter((perm) => overlaps(perm, finding))
+            .map((perm) => perm.id);
+    }
+
+    if (DESTRUCTIVE_CATEGORIES.has(category)) {
+        const scopedPermissions = state.permissions.filter((perm) => {
+            if (finding.ruleId.startsWith("fs-")) {
+                return perm.scope === "fs" || perm.scope === "sys";
+            }
+            return perm.scope === "sys";
+        });
+
+        return scopedPermissions.filter((perm) => overlaps(perm, finding)).map((perm) => perm.id);
+    }
+
+    return [];
+}
+
+function overlaps(permission: Permission, finding: Finding): boolean {
+    return permission.references.some((reference) =>
+        reference.file === finding.reference.file &&
+        reference.line <= (finding.reference.lineEnd ?? finding.reference.line) &&
+        (reference.lineEnd ?? reference.line) >= finding.reference.line
+    );
+}

package/src/analyzer/steps/003-risks/scoring.ts

@@ -0,0 +1,117 @@
+import { DEFAULT_ANALYZER_CONFIG, resolveConfig } from "../../config/mod.js";
+import type { AnalyzerConfig } from "../../config/mod.js";
+import type { AnalyzerState } from "../../types.js";
+
+type RiskLevel = "safe" | "caution" | "attention" | "risky" | "avoid";
+const SEVERITY_ORDER = { critical: 0, warning: 1, info: 2 } as const;
+
+export function scoreState(state: AnalyzerState): {
+    score: number;
+    riskLevel: RiskLevel;
+    summary: string;
+};
+export function scoreState(
+    state: AnalyzerState,
+    config: AnalyzerConfig,
+): {
+    score: number;
+    riskLevel: RiskLevel;
+    summary: string;
+};
+export function scoreState(
+    state: AnalyzerState,
+    config?: AnalyzerConfig,
+): {
+    score: number;
+    riskLevel: RiskLevel;
+    summary: string;
+} {
+    const resolvedConfig = resolveConfig(config ?? DEFAULT_ANALYZER_CONFIG);
+    const baseScore = {
+        info: 0,
+        warning: 1,
+        critical: 5,
+        ...(resolvedConfig.riskReport?.baseScore ?? {}),
+    };
+    const upliftConfig = resolvedConfig.riskReport?.uplift ?? {};
+    const thresholds = {
+        safe: 0,
+        caution: 1,
+        attention: 3,
+        risky: 5,
+        avoid: 7,
+        ...(resolvedConfig.riskReport?.thresholds ?? {}),
+    };
+
+    const groupedSeverity = new Map<string, number>();
+    const ungroupedSeverity: number[] = [];
+
+    for (const risk of state.risks) {
+        const score = baseScore[risk.severity] ?? 0;
+        if (risk.groupKey) {
+            groupedSeverity.set(
+                risk.groupKey,
+                Math.max(groupedSeverity.get(risk.groupKey) ?? 0, score),
+            );
+            continue;
+        }
+        ungroupedSeverity.push(score);
+    }
+
+    const severityScore = Math.max(0, ...ungroupedSeverity, ...groupedSeverity.values());
+
+    const riskTypes = new Set(state.risks.map((risk) => risk.type));
+    const upliftScore = Array.from(riskTypes).reduce(
+        (sum, riskType) => sum + (upliftConfig[riskType] ?? 0),
+        0,
+    );
+
+    const score = severityScore + upliftScore;
+    const riskLevel = toRiskLevel(score, thresholds);
+    const summary = buildSummary(state, riskLevel);
+
+    return { score, riskLevel, summary };
+}
+
+function toRiskLevel(
+    score: number,
+    thresholds: { safe: number; caution: number; attention: number; risky: number; avoid: number },
+): RiskLevel {
+    if (score >= thresholds.avoid) return "avoid";
+    if (score >= thresholds.risky) return "risky";
+    if (score >= thresholds.attention) return "attention";
+    if (score >= thresholds.caution) return "caution";
+    return "safe";
+}
+
+function buildSummary(
+    state: AnalyzerState,
+    riskLevel: RiskLevel,
+): string {
+    if (state.risks.length === 0) return "No significant risk signals detected.";
+
+    const sorted = [...state.risks].sort(
+        (a, b) => SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity],
+    );
+    const topSeverity = sorted[0].severity;
+    const topTypes = [
+        ...new Set(
+            sorted.filter((risk) => risk.severity === topSeverity).map((risk) => risk.type),
+        ),
+    ].slice(0, 3);
+    const typeList = topTypes.join(", ");
+
+    if (riskLevel === "avoid") {
+        return `Severe risks detected: ${typeList}.`;
+    }
+    if (riskLevel === "risky") {
+        return `Elevated risk: ${typeList}.`;
+    }
+    if (riskLevel === "attention") {
+        return `Moderate risk: ${typeList}.`;
+    }
+    if (riskLevel === "caution") {
+        return `Low-risk signals: ${typeList}.`;
+    }
+    return "No significant risk signals detected.";
+}

package/src/analyzer/steps/mod.ts

@@ -0,0 +1,3 @@
+export { run001Discovery } from "./001-discovery/mod.js";
+export { run002Permissions } from "./002-permissions/mod.js";
+export { run003Risks } from "./003-risks/mod.js";