@flowdot.ai/daemon 1.0.0

package/dist/goals/TaskSanitizer.js

@@ -0,0 +1,464 @@
+import { GoalError } from './errors.js';
+const MAX_TITLE_LENGTH = 200;
+const MAX_DESCRIPTION_LENGTH = 2000;
+const noopLogger = {
+    debug: () => { },
+    info: () => { },
+    warn: () => { },
+    error: () => { },
+};
+const PROMPT_INJECTION_PATTERNS = [
+    {
+        pattern: /ignore\s+(previous|all|prior)\s+instructions?/i,
+        severity: 'critical',
+        description: 'Attempt to ignore previous instructions',
+    },
+    {
+        pattern: /disregard\s+(all|any|the)\s+(rules?|instructions?|guidelines?)/i,
+        severity: 'critical',
+        description: 'Attempt to disregard rules',
+    },
+    {
+        pattern: /execute\s+without\s+(permission|approval|asking)/i,
+        severity: 'critical',
+        description: 'Attempt to bypass permission system',
+    },
+    {
+        pattern: /bypass\s+(security|permission|approval|authentication)/i,
+        severity: 'critical',
+        description: 'Attempt to bypass security',
+    },
+    {
+        pattern: /you\s+are\s+now\s+(a|an|the)/i,
+        severity: 'high',
+        description: 'Role manipulation attempt',
+    },
+    {
+        pattern: /pretend\s+(to\s+be|you\s+are)/i,
+        severity: 'high',
+        description: 'Identity manipulation attempt',
+    },
+    {
+        pattern: /forget\s+(everything|all|what)/i,
+        severity: 'high',
+        description: 'Memory manipulation attempt',
+    },
+    {
+        pattern: /system\s*:\s*|<system>|<\/system>/i,
+        severity: 'high',
+        description: 'System prompt injection attempt',
+    },
+    {
+        pattern: /\[INST\]|\[\/INST\]|<<SYS>>|<</i,
+        severity: 'high',
+        description: 'LLM control sequence injection',
+    },
+    {
+        pattern: /act\s+as\s+(if|though)\s+you/i,
+        severity: 'medium',
+        description: 'Behavioral manipulation attempt',
+    },
+    {
+        pattern: /override\s+(your|the|all)\s+(instructions?|rules?|limits?)/i,
+        severity: 'critical',
+        description: 'Instruction override attempt',
+    },
+    {
+        pattern: /do\s+not\s+follow\s+(the|any|your)\s+(rules?|guidelines?)/i,
+        severity: 'critical',
+        description: 'Rule bypass attempt',
+    },
+];
+const DANGEROUS_COMMAND_PATTERNS = [
+    {
+        pattern: /rm\s+-rf\s+[/~]/,
+        severity: 'critical',
+        description: 'Recursive delete of root or home directory',
+    },
+    {
+        pattern: /rm\s+-rf\s+\*/,
+        severity: 'critical',
+        description: 'Recursive delete with wildcard',
+    },
+    {
+        pattern: /:\s*\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;/,
+        severity: 'critical',
+        description: 'Fork bomb detected',
+    },
+    {
+        pattern: />\s*\/dev\/sd[a-z]/,
+        severity: 'critical',
+        description: 'Direct disk write attempt',
+    },
+    {
+        pattern: /mkfs\./,
+        severity: 'critical',
+        description: 'Filesystem format attempt',
+    },
+    {
+        pattern: /dd\s+if=.*of=\/dev\//,
+        severity: 'critical',
+        description: 'Direct disk manipulation',
+    },
+    {
+        pattern: /chmod\s+(-R\s+)?777\s+\//,
+        severity: 'high',
+        description: 'Recursive permission change on root',
+    },
+    {
+        pattern: /chown\s+-R\s+.*\s+\//,
+        severity: 'high',
+        description: 'Recursive ownership change on root',
+    },
+    {
+        pattern: /curl.*\|\s*(ba)?sh/,
+        severity: 'high',
+        description: 'Remote script execution',
+    },
+    {
+        pattern: /wget.*\|\s*(ba)?sh/,
+        severity: 'high',
+        description: 'Remote script execution',
+    },
+    {
+        pattern: /eval\s*\(/,
+        severity: 'medium',
+        description: 'Dynamic code evaluation',
+    },
+    {
+        pattern: /base64\s+-d.*\|\s*(ba)?sh/,
+        severity: 'high',
+        description: 'Encoded command execution',
+    },
+];
+const PATH_TRAVERSAL_PATTERNS = [
+    {
+        pattern: /\.\.\//,
+        severity: 'medium',
+        description: 'Parent directory traversal',
+    },
+    {
+        pattern: /\.\.\\/,
+        severity: 'medium',
+        description: 'Parent directory traversal (Windows)',
+    },
+    {
+        pattern: /%2e%2e%2f/i,
+        severity: 'high',
+        description: 'URL-encoded path traversal',
+    },
+    {
+        pattern: /%252e%252e%252f/i,
+        severity: 'high',
+        description: 'Double URL-encoded path traversal',
+    },
+    {
+        pattern: /\.\.%c0%af/i,
+        severity: 'high',
+        description: 'Unicode path traversal',
+    },
+];
+const SENSITIVE_PATHS = [
+    /^\/etc\/passwd/,
+    /^\/etc\/shadow/,
+    /^\/etc\/sudoers/,
+    /^~?\/?\.ssh\//,
+    /^~?\/?\.gnupg\//,
+    /^~?\/?\.aws\//,
+    /^~?\/?\.config\/gcloud/,
+    /\.env($|\.)/,
+    /\.pem$/,
+    /\.key$/,
+    /id_rsa/,
+    /id_ed25519/,
+    /credentials\.json/,
+    /secrets?\.(json|ya?ml|toml)/i,
+    /\.git\/config/,
+    /\.netrc/,
+    /\.npmrc/,
+    /\.pypirc/,
+];
+const CONTROL_CHAR_PATTERN = /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g;
+export class TaskSanitizationError extends GoalError {
+    issues;
+    constructor(message, issues) {
+        super('TASK_SANITIZATION_FAILED', message);
+        this.issues = issues;
+    }
+}
+export class TaskSanitizer {
+    allowedPaths;
+    deniedPaths;
+    allowedCommands;
+    deniedCommands;
+    maxTitleLength;
+    maxDescriptionLength;
+    strictMode;
+    customBlockedPatterns;
+    logger;
+    constructor(options = {}) {
+        this.allowedPaths = options.allowedPaths ?? [];
+        this.deniedPaths = options.deniedPaths ?? [];
+        this.allowedCommands = options.allowedCommands ?? [];
+        this.deniedCommands = options.deniedCommands ?? [];
+        this.maxTitleLength = options.maxTitleLength ?? MAX_TITLE_LENGTH;
+        this.maxDescriptionLength = options.maxDescriptionLength ?? MAX_DESCRIPTION_LENGTH;
+        this.strictMode = options.strictMode ?? false;
+        this.customBlockedPatterns = options.customBlockedPatterns ?? [];
+        this.logger = options.logger ?? noopLogger;
+    }
+    sanitize(input) {
+        const issues = [];
+        const warnings = [];
+        const modifications = [];
+        const sanitized = { ...input };
+        const titleInjections = this.checkPromptInjection(input.title, 'title');
+        issues.push(...titleInjections);
+        if (input.description) {
+            const descInjections = this.checkPromptInjection(input.description, 'description');
+            issues.push(...descInjections);
+        }
+        const sanitizedTitle = this.sanitizeText(input.title);
+        if (sanitizedTitle !== input.title) {
+            modifications.push('Title sanitized (control characters removed)');
+            sanitized.title = sanitizedTitle;
+        }
+        if (sanitizedTitle.length > this.maxTitleLength) {
+            issues.push({
+                type: 'excessive_length',
+                severity: 'low',
+                description: `Title exceeds maximum length (${sanitizedTitle.length} > ${this.maxTitleLength})`,
+                location: 'title',
+            });
+            sanitized.title = sanitizedTitle.substring(0, this.maxTitleLength);
+            modifications.push('Title truncated to maximum length');
+        }
+        if (input.description) {
+            const sanitizedDesc = this.sanitizeText(input.description);
+            if (sanitizedDesc !== input.description) {
+                modifications.push('Description sanitized (control characters removed)');
+                sanitized.description = sanitizedDesc;
+            }
+            if (sanitizedDesc.length > this.maxDescriptionLength) {
+                issues.push({
+                    type: 'excessive_length',
+                    severity: 'low',
+                    description: `Description exceeds maximum length (${sanitizedDesc.length} > ${this.maxDescriptionLength})`,
+                    location: 'description',
+                });
+                sanitized.description =
+                    sanitizedDesc.substring(0, this.maxDescriptionLength);
+                modifications.push('Description truncated to maximum length');
+            }
+        }
+        if (input.taskType && input.description) {
+            const cmdIssues = this.checkDangerousCommands(input.description, 'description');
+            issues.push(...cmdIssues);
+        }
+        const customIssues = this.checkCustomPatterns(input);
+        issues.push(...customIssues);
+        const criticalIssues = issues.filter((i) => i.severity === 'critical');
+        const highIssues = issues.filter((i) => i.severity === 'high');
+        const blocked = criticalIssues.length > 0 ||
+            (this.strictMode && highIssues.length > 0);
+        for (const issue of issues) {
+            if (issue.severity !== 'critical') {
+                warnings.push(`[${issue.severity.toUpperCase()}] ${issue.description}`);
+            }
+        }
+        const blockReason = blocked
+            ? criticalIssues[0]?.description ?? highIssues[0]?.description
+            : undefined;
+        if (blocked) {
+            this.logger.warn('TASK_SANITIZER', 'Task blocked', {
+                reason: blockReason,
+                issueCount: issues.length,
+            });
+        }
+        else if (issues.length > 0) {
+            this.logger.debug('TASK_SANITIZER', 'Task sanitized with warnings', {
+                warningCount: warnings.length,
+                modifications: modifications.length,
+            });
+        }
+        return {
+            isValid: !blocked,
+            sanitizedInput: blocked ? null : sanitized,
+            warnings,
+            blocked,
+            blockReason,
+            securityIssues: issues,
+            modifications,
+        };
+    }
+    validatePath(path) {
+        const issues = [];
+        for (const { pattern, severity, description } of PATH_TRAVERSAL_PATTERNS) {
+            if (pattern.test(path)) {
+                issues.push({
+                    type: 'path_traversal',
+                    severity,
+                    description,
+                    location: 'path',
+                    matchedPattern: pattern.toString(),
+                });
+            }
+        }
+        for (const pattern of SENSITIVE_PATHS) {
+            if (pattern.test(path)) {
+                issues.push({
+                    type: 'sensitive_path',
+                    severity: 'high',
+                    description: `Access to sensitive path: ${path}`,
+                    location: 'path',
+                    matchedPattern: pattern.toString(),
+                });
+            }
+        }
+        const normalizedPath = path
+            .replace(/\\/g, '/')
+            .replace(/\/+/g, '/')
+            .replace(/\/$/, '');
+        for (const deniedPattern of this.deniedPaths) {
+            if (this.matchesGlob(normalizedPath, deniedPattern)) {
+                issues.push({
+                    type: 'sensitive_path',
+                    severity: 'high',
+                    description: `Path matches denied pattern: ${deniedPattern}`,
+                    location: 'path',
+                });
+            }
+        }
+        if (this.allowedPaths.length > 0) {
+            const isAllowed = this.allowedPaths.some((pattern) => this.matchesGlob(normalizedPath, pattern));
+            if (!isAllowed) {
+                issues.push({
+                    type: 'sensitive_path',
+                    severity: 'medium',
+                    description: `Path not in allowed paths list`,
+                    location: 'path',
+                });
+            }
+        }
+        return {
+            isValid: issues.filter((i) => i.severity === 'critical' || i.severity === 'high').length === 0,
+            normalizedPath,
+            issues,
+        };
+    }
+    validateCommand(command) {
+        const issues = [];
+        const cmdIssues = this.checkDangerousCommands(command, 'command');
+        issues.push(...cmdIssues);
+        for (const denied of this.deniedCommands) {
+            if (command === denied ||
+                command.startsWith(denied + ' ') ||
+                command.includes(` ${denied} `) ||
+                command.includes(` ${denied}`)) {
+                issues.push({
+                    type: 'dangerous_command',
+                    severity: 'high',
+                    description: `Command matches denied pattern: ${denied}`,
+                    location: 'command',
+                });
+            }
+        }
+        if (this.allowedCommands.length > 0) {
+            const isAllowed = this.allowedCommands.some((allowed) => command === allowed ||
+                command.startsWith(allowed + ' '));
+            if (!isAllowed) {
+                issues.push({
+                    type: 'dangerous_command',
+                    severity: 'medium',
+                    description: 'Command not in allowed commands list',
+                    location: 'command',
+                });
+            }
+        }
+        return issues;
+    }
+    checkPromptInjection(text, location) {
+        const issues = [];
+        for (const { pattern, severity, description } of PROMPT_INJECTION_PATTERNS) {
+            const match = text.match(pattern);
+            if (match) {
+                issues.push({
+                    type: 'prompt_injection',
+                    severity,
+                    description,
+                    location,
+                    matchedPattern: match[0],
+                });
+            }
+        }
+        return issues;
+    }
+    checkDangerousCommands(text, location) {
+        const issues = [];
+        for (const { pattern, severity, description } of DANGEROUS_COMMAND_PATTERNS) {
+            const match = text.match(pattern);
+            if (match) {
+                issues.push({
+                    type: 'dangerous_command',
+                    severity,
+                    description,
+                    location,
+                    matchedPattern: match[0],
+                });
+            }
+        }
+        return issues;
+    }
+    checkCustomPatterns(input) {
+        const issues = [];
+        const textToCheck = `${input.title} ${input.description ?? ''}`;
+        for (const pattern of this.customBlockedPatterns) {
+            const match = textToCheck.match(pattern);
+            if (match) {
+                issues.push({
+                    type: 'suspicious_pattern',
+                    severity: 'high',
+                    description: `Matches custom blocked pattern`,
+                    matchedPattern: match[0],
+                });
+            }
+        }
+        return issues;
+    }
+    sanitizeText(text) {
+        return text.replace(CONTROL_CHAR_PATTERN, '').trim();
+    }
+    matchesGlob(path, pattern) {
+        const regexPattern = pattern
+            .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+            .replace(/\*/g, '.*')
+            .replace(/\?/g, '.');
+        const regex = new RegExp(`^${regexPattern}$`, 'i');
+        return regex.test(path);
+    }
+}
+export function createTaskSanitizer(options = {}) {
+    return new TaskSanitizer(options);
+}
+export function createSecureTaskSanitizer(logger) {
+    return new TaskSanitizer({
+        deniedPaths: [
+            './.git',
+            './.env*',
+            './secrets',
+            './**/credentials*',
+            './**/*.pem',
+            './**/*.key',
+        ],
+        deniedCommands: [
+            'rm -rf',
+            'rm -r /',
+            'git push --force',
+            'git push -f',
+            'npm publish',
+            'yarn publish',
+        ],
+        strictMode: false,
+        logger,
+    });
+}

package/dist/goals/errors.d.ts

@@ -0,0 +1,116 @@
+import type { GoalHash, GoalStatus, TaskStatus } from './types.js';
+export type GoalErrorCode = 'GOAL_NOT_FOUND' | 'GOAL_ALREADY_EXISTS' | 'GOAL_INVALID_STATUS' | 'GOAL_BLOCKED' | 'GOAL_DEPENDENCY_NOT_FOUND' | 'GOAL_CIRCULAR_DEPENDENCY' | 'MILESTONE_NOT_FOUND' | 'MILESTONE_ALREADY_COMPLETE' | 'TASK_NOT_FOUND' | 'TASK_INVALID_STATUS' | 'TASK_EXECUTION_ERROR' | 'TASK_EXECUTION_TIMEOUT' | 'TASK_APPROVAL_REQUIRED' | 'TASK_SANITIZATION_FAILED' | 'MEMORY_NOT_FOUND' | 'MEMORY_CONTENT_TOO_LONG' | 'META_GOAL_NOT_FOUND' | 'META_GOAL_CONSTRAINT_VIOLATED' | 'API_REQUEST_FAILED' | 'API_AUTHENTICATION_FAILED' | 'API_RATE_LIMITED' | 'API_RESPONSE_INVALID' | 'API_NETWORK_ERROR' | 'API_TIMEOUT' | 'VALIDATION_ERROR' | 'INVALID_INPUT' | 'INVALID_GOAL_NAME' | 'INVALID_TASK_TYPE' | 'CACHE_ERROR' | 'CACHE_MISS' | 'CACHE_STALE' | 'MANAGER_NOT_INITIALIZED' | 'MANAGER_ERROR' | 'DEPENDENCY_RESOLUTION_ERROR' | 'CHECKPOINT_NOT_FOUND' | 'RECOVERY_ERROR' | 'COMMS_ERROR' | 'APPROVAL_TIMEOUT' | 'ENFORCEMENT_ERROR' | 'MILESTONE_BREAKDOWN_ERROR' | 'PERMISSION_ERROR' | 'PERMISSION_DENIED' | 'TASK_GENERATION_ERROR' | 'TASK_QUOTA_EXCEEDED';
+export declare class GoalError extends Error {
+    readonly code: GoalErrorCode;
+    readonly context: Record<string, unknown>;
+    readonly timestamp: Date;
+    constructor(code: GoalErrorCode, message: string, context?: Record<string, unknown>);
+    toJSON(): Record<string, unknown>;
+    toLogString(): string;
+}
+export declare class GoalNotFoundError extends GoalError {
+    constructor(identifier: string, identifierType?: 'hash' | 'id');
+}
+export declare class GoalAlreadyExistsError extends GoalError {
+    constructor(name: string);
+}
+export declare class GoalInvalidStatusError extends GoalError {
+    constructor(goalHash: GoalHash, currentStatus: GoalStatus, operation: string, allowedStatuses: GoalStatus[]);
+}
+export declare class GoalBlockedError extends GoalError {
+    constructor(goalHash: GoalHash, blockedBy: GoalHash[]);
+}
+export declare class GoalDependencyNotFoundError extends GoalError {
+    constructor(goalHash: GoalHash, dependencyHash: GoalHash);
+}
+export declare class GoalCircularDependencyError extends GoalError {
+    constructor(goalHash: GoalHash, cycle: GoalHash[]);
+}
+export declare class MilestoneNotFoundError extends GoalError {
+    constructor(goalHash: GoalHash, milestoneId: number);
+}
+export declare class MilestoneAlreadyCompleteError extends GoalError {
+    constructor(goalHash: GoalHash, milestoneId: number);
+}
+export declare class TaskNotFoundError extends GoalError {
+    constructor(goalHash: GoalHash, taskId: number);
+}
+export declare class TaskInvalidStatusError extends GoalError {
+    constructor(taskId: number, currentStatus: TaskStatus, operation: string, allowedStatuses: TaskStatus[]);
+}
+export declare class TaskExecutionError extends GoalError {
+    constructor(taskId: number, cause: string, originalError?: Error);
+}
+export declare class TaskExecutionTimeoutError extends GoalError {
+    constructor(taskId: number, timeoutMs: number);
+}
+export declare class TaskApprovalRequiredError extends GoalError {
+    constructor(taskId: number, permissionCategory: string | null);
+}
+export declare class TaskSanitizationFailedError extends GoalError {
+    constructor(taskId: number, reason: string);
+}
+export declare class MemoryNotFoundError extends GoalError {
+    constructor(goalHash: GoalHash, memoryId: number);
+}
+export declare class MemoryContentTooLongError extends GoalError {
+    constructor(contentLength: number, maxLength: number);
+}
+export declare class MetaGoalNotFoundError extends GoalError {
+    constructor(metaGoalId: number);
+}
+export declare class MetaGoalConstraintViolatedError extends GoalError {
+    constructor(metaGoalId: number, description: string, violation: string);
+}
+export declare class ApiRequestFailedError extends GoalError {
+    constructor(endpoint: string, method: string, statusCode: number | null, reason: string);
+}
+export declare class ApiAuthenticationFailedError extends GoalError {
+    constructor(reason: string);
+}
+export declare class ApiRateLimitedError extends GoalError {
+    constructor(retryAfter: number | null);
+}
+export declare class ApiResponseInvalidError extends GoalError {
+    constructor(endpoint: string, reason: string);
+}
+export declare class ApiNetworkError extends GoalError {
+    constructor(endpoint: string, reason: string, originalError?: Error);
+}
+export declare class ApiTimeoutError extends GoalError {
+    constructor(endpoint: string, timeoutMs: number);
+}
+export declare class ValidationError extends GoalError {
+    readonly errors?: Record<string, string[]>;
+    constructor(message: string, errors: Record<string, string[]>);
+    constructor(field: string, value: unknown, reason: string);
+}
+export declare class InvalidInputError extends GoalError {
+    constructor(input: string, reason: string);
+}
+export declare class InvalidGoalNameError extends GoalError {
+    constructor(name: string, reason: string);
+}
+export declare class InvalidTaskTypeError extends GoalError {
+    constructor(taskType: string);
+}
+export declare class CacheError extends GoalError {
+    constructor(message: string, context?: Record<string, unknown>);
+}
+export declare class CacheMissError extends GoalError {
+    constructor(key: string);
+}
+export declare class CacheStaleError extends GoalError {
+    constructor(key: string, age: number, maxAge: number);
+}
+export declare class ManagerNotInitializedError extends GoalError {
+    constructor();
+}
+export declare class ManagerError extends GoalError {
+    constructor(message: string, context?: Record<string, unknown>);
+}
+export declare function isGoalError(error: unknown): error is GoalError;
+export declare function hasErrorCode(error: unknown, code: GoalErrorCode): error is GoalError;
+export declare function wrapError(error: unknown, code: GoalErrorCode, message: string): GoalError;
+export declare function isNotFoundError(error: unknown): boolean;
+export declare function isApiError(error: unknown): boolean;