npm - @goplus/agentguard - Versions diffs - 1.0.0 → 1.0.2 - Mend

@goplus/agentguard 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/README.md +85 -156
package/dist/action/detectors/exec.d.ts.map +1 -1
package/dist/action/detectors/exec.js +97 -7
package/dist/action/detectors/exec.js.map +1 -1
package/dist/action/detectors/network.d.ts.map +1 -1
package/dist/action/detectors/network.js +7 -0
package/dist/action/detectors/network.js.map +1 -1
package/dist/action/index.d.ts.map +1 -1
package/dist/action/index.js +51 -6
package/dist/action/index.js.map +1 -1
package/dist/index.d.ts +0 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -4
package/dist/index.js.map +1 -1
package/dist/mcp-server.js +45 -1
package/dist/mcp-server.js.map +1 -1
package/dist/registry/storage.d.ts.map +1 -1
package/dist/registry/storage.js +3 -2
package/dist/registry/storage.js.map +1 -1
package/dist/scanner/index.d.ts +14 -0
package/dist/scanner/index.d.ts.map +1 -1
package/dist/scanner/index.js +86 -21
package/dist/scanner/index.js.map +1 -1
package/dist/scanner/rules/exfiltration.js +1 -1
package/dist/scanner/rules/exfiltration.js.map +1 -1
package/dist/scanner/rules/index.d.ts.map +1 -1
package/dist/scanner/rules/index.js +2 -0
package/dist/scanner/rules/index.js.map +1 -1
package/dist/scanner/rules/obfuscation.js +1 -1
package/dist/scanner/rules/obfuscation.js.map +1 -1
package/dist/scanner/rules/remote-loader.js +1 -1
package/dist/scanner/rules/remote-loader.js.map +1 -1
package/dist/scanner/rules/shell-exec.js +2 -2
package/dist/scanner/rules/shell-exec.js.map +1 -1
package/dist/scanner/rules/trojan.d.ts +6 -0
package/dist/scanner/rules/trojan.d.ts.map +1 -0
package/dist/scanner/rules/trojan.js +100 -0
package/dist/scanner/rules/trojan.js.map +1 -0
package/dist/tests/action.test.js +39 -2
package/dist/tests/action.test.js.map +1 -1
package/dist/tests/scanner.test.js +20 -2
package/dist/tests/scanner.test.js.map +1 -1
package/dist/types/action.d.ts +2 -0
package/dist/types/action.d.ts.map +1 -1
package/dist/types/scanner.d.ts +1 -1
package/dist/types/scanner.d.ts.map +1 -1
package/dist/types/scanner.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,70 +1,73 @@
-# GoPlus AgentGuard
+<p align="center">
+  <img src="assets/logo.png" alt="GoPlus AgentGuard" width="120" />
+</p>
-**Security guard for your AI agent.** Automatically blocks dangerous commands, prevents data leaks, and protects your secrets.
+<h1 align="center">GoPlus AgentGuard</h1>
-Your AI agent can execute `rm -rf /`, read your SSH keys, and send passwords to Discord. GoPlus AgentGuard stops all of that.
+<p align="center"><b>The essential security guard for every AI agent user.</b></p>
+<p align="center">Your AI agent has full access to your terminal, files, and secrets — but zero security awareness.<br/>A malicious skill or prompt injection can steal your keys, drain your wallet, or wipe your disk.<br/><b>AgentGuard stops all of that.</b></p>
+[![npm](https://img.shields.io/npm/v/@goplus/agentguard.svg)](https://www.npmjs.com/package/@goplus/agentguard)
+[![GitHub Stars](https://img.shields.io/github/stars/GoPlusSecurity/agentguard)](https://github.com/GoPlusSecurity/agentguard)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![Node.js](https://img.shields.io/badge/node-%3E%3D18-green.svg)](https://nodejs.org)
-[![TypeScript](https://img.shields.io/badge/TypeScript-strict-blue.svg)](https://www.typescriptlang.org)
+[![CI](https://github.com/GoPlusSecurity/agentguard/actions/workflows/ci.yml/badge.svg)](https://github.com/GoPlusSecurity/agentguard/actions/workflows/ci.yml)
 [![Agent Skills](https://img.shields.io/badge/Agent_Skills-compatible-purple.svg)](https://agentskills.io)
-## What It Does
-GoPlus AgentGuard protects your AI coding agent with two layers:
+## Why AgentGuard?
-**Layer 1 — Automatic Guard (hooks)**: Install once, forget about it. GoPlus AgentGuard intercepts dangerous tool calls in real time:
-- Blocks `rm -rf /`, fork bombs, `curl | bash` and other destructive commands
-- Prevents writes to `.env`, `.ssh/`, credentials files
-- Detects data exfiltration to Discord/Telegram/Slack webhooks
-- Flags requests to high-risk domains
+AI coding agents can execute any command, read any file, and install any skill — with zero security review. The risks are real:
-**Layer 2 — Deep Scan (skill)**: On-demand security audit with 20 detection rules:
-- Static code analysis for secrets, backdoors, and vulnerabilities
-- Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
-- Runtime action evaluation with GoPlus API integration
-- Trust registry for managing skill permissions
+- **Malicious skills** can hide backdoors, steal credentials, or exfiltrate data
+- **Prompt injection** can trick your agent into running destructive commands
+- **Unverified code** from the internet may contain wallet drainers or keyloggers
-## Compatibility
+**AgentGuard is the first real-time security layer for AI agents.** It automatically scans every new skill, blocks dangerous actions before they execute, and tracks which skill initiated each action. One install, always protected.
-GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standard and works with:
+## What It Does
-| Platform | Support |
-|----------|---------|
-| **Claude Code** | Full (skill + hooks auto-guard) |
-| **OpenAI Codex CLI** | Skill (scan/action/trust commands) |
-| **Gemini CLI** | Skill |
-| **Cursor** | Skill |
-| **GitHub Copilot** | Skill |
-| **Any Agent Skills-compatible agent** | Skill |
+**Layer 1 — Automatic Guard (hooks)**: Install once, always protected.
+- Blocks `rm -rf /`, fork bombs, `curl | bash` and destructive commands
+- Prevents writes to `.env`, `.ssh/`, credentials files
+- Detects data exfiltration to Discord/Telegram/Slack webhooks
+- Tracks which skill initiated each action — holds malicious skills accountable
-> Hooks-based auto-guard (Layer 1) is currently specific to Claude Code's plugin system. The skill commands (Layer 2) work on any platform that supports the Agent Skills standard.
+**Layer 2 — Deep Scan (skill)**: On-demand security audit with 24 detection rules.
+- **Auto-scans new skills** on session start — malicious code blocked before it runs
+- Static analysis for secrets, backdoors, obfuscation, and prompt injection
+- Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
+- Trust registry with capability-based access control per skill
 ## Quick Start
-### One-Click Install
 ```bash
-git clone https://github.com/GoPlusSecurity/agentguard.git
-cd agentguard && ./setup.sh
+npm install @goplus/agentguard
 ```
-This installs the skill, builds the project, and configures your protection level.
-To enable automatic hook protection, add GoPlus AgentGuard as a Claude Code plugin:
+<details>
+<summary><b>Full install with auto-guard hooks (Claude Code)</b></summary>
 ```bash
+git clone https://github.com/GoPlusSecurity/agentguard.git
+cd agentguard && ./setup.sh
 claude plugin add /path/to/agentguard
 ```
-### Manual Install (Skill Only)
+This installs the skill, configures hooks, and sets your protection level.
+</details>
+<details>
+<summary><b>Manual install (skill only)</b></summary>
 ```bash
 git clone https://github.com/GoPlusSecurity/agentguard.git
 cp -r agentguard/skills/agentguard ~/.claude/skills/agentguard
 ```
-Then use `/agentguard` in Claude Code:
+</details>
+Then use `/agentguard` in your agent:
 ```
 /agentguard scan ./src                     # Scan code for security risks
@@ -74,28 +77,6 @@ Then use `/agentguard` in Claude Code:
 /agentguard config balanced                # Set protection level
 ```
-## How It Works
-```
-┌──────────────────────────────────────────────────────┐
-│  Layer 1: Auto Guard (hooks — install once, forget)  │
-│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐  │
-│  │ PreToolUse   │ │ PostToolUse  │ │ Config       │  │
-│  │ Block danger │ │ Audit log    │ │ 3 levels     │  │
-│  └──────┬───────┘ └──────┬───────┘ └──────┬───────┘  │
-│         └────────┬───────┘               │           │
-│                  ▼                       │           │
-│        ActionScanner Engine ◄────────────┘           │
-└──────────────────────────────────────────────────────┘
-┌──────────────────────────────────────────────────────┐
-│  Layer 2: Deep Scan (skill — on demand)              │
-│  /agentguard scan   — 20-rule static analysis        │
-│  /agentguard action — Runtime action evaluation      │
-│  /agentguard trust  — Skill trust management         │
-│  /agentguard report — Security event log             │
-└──────────────────────────────────────────────────────┘
-```
 ## Protection Levels
 | Level | Behavior |
@@ -104,9 +85,7 @@ Then use `/agentguard` in Claude Code:
 | `balanced` | Block dangerous, confirm risky. Good for daily use. **(default)** |
 | `permissive` | Only block critical threats. For experienced users who want minimal friction. |
-Change with: `/agentguard config <level>`
-## Detection Rules (20)
+## Detection Rules (24)
 | Category | Rules | Severity |
 |----------|-------|----------|
@@ -115,6 +94,7 @@ Change with: `/agentguard config <level>`
 | **Exfiltration** | NET_EXFIL_UNRESTRICTED, WEBHOOK_EXFIL | HIGH-CRITICAL |
 | **Obfuscation** | OBFUSCATION, PROMPT_INJECTION | HIGH-CRITICAL |
 | **Web3** | WALLET_DRAINING, UNLIMITED_APPROVAL, DANGEROUS_SELFDESTRUCT, HIDDEN_TRANSFER, PROXY_UPGRADE, FLASH_LOAN_RISK, REENTRANCY_PATTERN, SIGNATURE_REPLAY | MEDIUM-CRITICAL |
+| **Trojan & Social Engineering** | TROJAN_DISTRIBUTION, SUSPICIOUS_PASTE_URL, SUSPICIOUS_IP, SOCIAL_ENGINEERING | MEDIUM-CRITICAL |
 ## Try It
@@ -124,112 +104,59 @@ Scan the included vulnerable demo project:
 /agentguard scan examples/vulnerable-skill
 ```
-Expected output: **CRITICAL** risk level with **20 detection hits** across JavaScript and Solidity files. This demo contains intentionally vulnerable code (curl|bash, hardcoded keys, webhook exfil, reentrancy, etc.) to showcase all 20 detection rules.
-## Advanced Usage
-### As MCP Server
-```json
-{
-  "mcpServers": {
-    "agentguard": {
-      "command": "npx",
-      "args": ["-y", "agentguard"],
-      "env": {
-        "GOPLUS_API_KEY": "your_key",
-        "GOPLUS_API_SECRET": "your_secret"
-      }
-    }
-  }
-}
-```
-MCP tools: `skill_scanner_scan`, `registry_lookup`, `registry_attest`, `registry_revoke`, `registry_list`, `action_scanner_decide`, `action_scanner_simulate_web3`
-### As SDK
+Expected output: **CRITICAL** risk level with detection hits across JavaScript, Solidity, and Markdown files.
-```typescript
-import { createAgentGuard } from 'agentguard';
-const { scanner, registry, actionScanner } = createAgentGuard();
-// Scan code
-const result = await scanner.scan({
-  skill: { id: 'my-skill', source: 'github.com/org/skill', version_ref: 'v1.0.0', artifact_hash: '' },
-  payload: { type: 'dir', ref: '/path/to/skill' },
-});
-console.log(result.risk_level); // 'low' | 'medium' | 'high' | 'critical'
-// Evaluate action
-const decision = await actionScanner.decide({
-  actor: { skill: { id: 'my-skill', source: 'cli', version_ref: '1.0.0', artifact_hash: '' } },
-  action: { type: 'exec_command', data: { command: 'rm -rf /' } },
-  context: { session_id: 's1', user_present: true, env: 'prod', time: new Date().toISOString() },
-});
-console.log(decision.decision); // 'deny'
-```
-### Trust Management
-```
-/agentguard trust attest --id my-bot --source github.com/org/bot --version v1.0.0 --hash abc --trust-level restricted --preset trading_bot --reviewed-by admin
-/agentguard trust lookup --source github.com/org/bot
-/agentguard trust revoke --source github.com/org/bot --reason "security concern"
-/agentguard trust list --trust-level trusted
-```
-Presets: `none` | `read_only` | `trading_bot` | `defi`
+## Compatibility
-### GoPlus API (Web3)
+GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standard:
-For enhanced Web3 security (phishing detection, address security, transaction simulation):
+| Platform | Support |
+|----------|---------|
+| **Claude Code** | Full (skill + hooks auto-guard) |
+| **OpenAI Codex CLI** | Skill (scan/action/trust commands) |
+| **Gemini CLI** | Skill |
+| **Cursor** | Skill |
+| **GitHub Copilot** | Skill |
-```bash
-export GOPLUS_API_KEY=your_key
-export GOPLUS_API_SECRET=your_secret
-```
+> Hooks-based auto-guard (Layer 1) is specific to Claude Code's plugin system. The skill commands (Layer 2) work on any Agent Skills-compatible platform.
-Get keys at: https://gopluslabs.io/security-api
+## Hook Limitations
-### External Scanner
+The auto-guard hooks (Layer 1) have the following constraints:
-GoPlus AgentGuard integrates with [cisco-ai-defense/skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) for YAML/YARA patterns, Python AST analysis, and VirusTotal integration:
+- **Platform-specific**: Hooks rely on Claude Code's `PreToolUse` / `PostToolUse` / `SessionStart` events. Other platforms do not yet support this hook system.
+- **Default-deny policy**: First-time use may trigger confirmation prompts for certain commands. A built-in safe-command allowlist (`ls`, `echo`, `pwd`, `git status`, etc.) reduces false positives.
+- **Skill source tracking is heuristic**: AgentGuard infers which skill initiated an action by analyzing the conversation transcript. This is not 100% precise in all cases.
+- **Cannot intercept skill installation itself**: Hooks can only intercept tool calls (Bash, Write, WebFetch, etc.) that a skill makes *after* loading — they cannot block the Skill tool invocation itself.
-```bash
-pip install cisco-ai-skill-scanner
-```
+## Roadmap
-## Project Structure
+### v1.1 — Detection Enhancement
+- [x] Extend scanner rules to Markdown files (detect malicious SKILL.md)
+- [x] Base64 payload decoding and re-scanning
+- [x] New rules: TROJAN_DISTRIBUTION, SUSPICIOUS_PASTE_URL, SUSPICIOUS_IP, SOCIAL_ENGINEERING
+- [x] Safe-command allowlist to reduce hook false positives
+- [x] Plugin manifest (`.claude-plugin/`) for one-step install
-```
-agentguard/
-├── skills/agentguard/        # Agent Skills definition
-│   ├── SKILL.md               # Skill entry point
-│   ├── scan-rules.md          # Detection rule reference
-│   ├── action-policies.md     # Action policy reference
-│   ├── web3-patterns.md       # Web3 patterns reference
-│   └── scripts/               # CLI tools (trust-cli, action-cli, guard-hook)
-├── hooks/hooks.json           # Plugin hooks configuration
-├── src/                       # TypeScript source
-│   ├── scanner/               # 20-rule static analysis engine
-│   ├── action/                # Runtime action evaluator + GoPlus integration
-│   ├── registry/              # Trust level management
-│   ├── policy/                # Default policies and presets
-│   └── tests/                 # Test suite
-├── examples/vulnerable-skill/ # Demo project for testing
-├── data/registry.json         # Trust registry storage
-├── setup.sh                   # One-click install script
-└── dist/                      # Compiled output
-```
+### v2.0 — Multi-Platform
+- [ ] OpenClaw gateway plugin integration
+- [ ] `before_tool_call` / `after_tool_call` hook wiring
+- [ ] OpenAI Codex CLI sandbox adapter
+- [ ] Federated trust registry across platforms
-## Testing
+### v3.0 — Ecosystem
+- [ ] Threat intelligence feed (shared C2 IP/domain blocklist)
+- [ ] Skill marketplace automated scanning pipeline
+- [ ] VS Code extension for IDE-native security
+- [ ] Community rule contributions (open rule format)
-```bash
-npm install && npm run build && npm test
-```
+## Documentation
-32 tests across 4 suites: scanner rules, exec command detector, network request detector, and registry CRUD.
+- [MCP Server Setup](docs/mcp-server.md) — Run as a Model Context Protocol server
+- [SDK Usage](docs/sdk.md) — Use as a TypeScript/JavaScript library
+- [Trust Management](docs/trust-cli.md) — Manage skill trust levels and capability presets
+- [GoPlus API (Web3)](docs/goplus-api.md) — Enhanced Web3 security with GoPlus integration
+- [Architecture](docs/architecture.md) — Project structure and testing
 ## License
@@ -239,4 +166,6 @@ npm install && npm run build && npm test
 Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+Found a security vulnerability? See [SECURITY.md](SECURITY.md).
 Built by [GoPlus Security](https://gopluslabs.io).

package/dist/action/detectors/exec.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE7E;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;~~AA2ED~~;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,eAAe,EACxB,WAAW,GAAE,OAAe,GAC3B,kBAAkB,~~CAsIpB~~"}
1	+ {"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE7E;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA0HD;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,eAAe,EACxB,WAAW,GAAE,OAAe,GAC3B,kBAAkB,CA4LpB"}

package/dist/action/detectors/exec.js CHANGED Viewed

@@ -1,6 +1,50 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.analyzeExecCommand = analyzeExecCommand;
+/**
+ * Safe read-only commands that should be allowed without restriction.
+ * Only applied when the command has no shell metacharacters.
+ */
+const SAFE_COMMAND_PREFIXES = [
+    // Basic read-only
+    'ls', 'echo', 'pwd', 'whoami', 'date', 'hostname', 'uname',
+    'cat', 'head', 'tail', 'wc', 'grep', 'find', 'which', 'type',
+    'tree', 'du', 'df', 'sort', 'uniq', 'diff', 'cd',
+    // File operations (safe without metacharacters)
+    'mkdir', 'cp', 'mv', 'touch',
+    // Git (read + common write operations)
+    'git status', 'git log', 'git diff', 'git branch', 'git show', 'git remote',
+    'git checkout', 'git pull', 'git fetch', 'git merge', 'git add', 'git commit', 'git push',
+    // Package managers (run/test/start only — install commands moved to audit list)
+    'npm run', 'npm test', 'npm ci', 'npm start',
+    'npx', 'yarn', 'pnpm',
+    // Version checks
+    'node --version', 'node -v', 'npm --version', 'npm -v', 'npx --version',
+    'python --version', 'python3 --version', 'pip --version',
+    'tsc --version', 'go version', 'rustc --version', 'java -version',
+    // Build & run
+    'tsc', 'go build', 'go run',
+    'cargo build', 'cargo run', 'cargo test',
+    'make',
+];
+/**
+ * Commands that are not blocked but should be logged with elevated risk
+ * (can execute arbitrary code via postinstall scripts, hooks, or setup.py)
+ */
+const AUDIT_COMMAND_PREFIXES = [
+    'npm install', 'pip install', 'pip3 install', 'git clone',
+];
+/**
+ * Shell metacharacters that disqualify a command from the safe list
+ */
+const SHELL_METACHAR_PATTERN = /[;|&`$(){}<>!#\n\t]/;
+/**
+ * Fork bomb patterns (regex-based for variants with spaces)
+ */
+const FORK_BOMB_PATTERNS = [
+    /:\s*\(\s*\)\s*\{.*:\s*\|\s*:.*&.*\}/, // :(){ :|:& };: and space variants
+    /\bfork\s*bomb\b/i,
+];
 /**
  * Dangerous commands that should always be blocked
  */
@@ -9,7 +53,6 @@ const DANGEROUS_COMMANDS = [
     'rm -fr',
     'mkfs',
     'dd if=',
-    ':(){:|:&};:', // Fork bomb
     'chmod 777',
     'chmod -R 777',
     '> /dev/sda',
@@ -85,22 +128,69 @@ function analyzeExecCommand(command, execAllowed = false) {
     let blockReason = execAllowed
         ? undefined
         : 'Command execution not allowed';
-    // Check for dangerous commands
-    for (const dangerous of DANGEROUS_COMMANDS) {
-        if (lowerCommand.includes(dangerous.toLowerCase())) {
+    // Check for fork bomb patterns (regex-based)
+    for (const pattern of FORK_BOMB_PATTERNS) {
+        if (pattern.test(fullCommand)) {
             riskTags.push('DANGEROUS_COMMAND');
             evidence.push({
                 type: 'dangerous_command',
                 field: 'command',
-                match: dangerous,
-                description: `Dangerous command pattern detected: ${dangerous}`,
+                match: 'fork bomb',
+                description: 'Fork bomb detected',
             });
             riskLevel = 'critical';
             shouldBlock = true;
-            blockReason = `Dangerous command: ${dangerous}`;
+            blockReason = 'Dangerous command: fork bomb';
             break;
         }
     }
+    // Check for dangerous commands
+    if (riskLevel !== 'critical') {
+        for (const dangerous of DANGEROUS_COMMANDS) {
+            if (lowerCommand.includes(dangerous.toLowerCase())) {
+                riskTags.push('DANGEROUS_COMMAND');
+                evidence.push({
+                    type: 'dangerous_command',
+                    field: 'command',
+                    match: dangerous,
+                    description: `Dangerous command pattern detected: ${dangerous}`,
+                });
+                riskLevel = 'critical';
+                shouldBlock = true;
+                blockReason = `Dangerous command: ${dangerous}`;
+                break;
+            }
+        }
+    }
+    // Safe command check: if not dangerous, no shell metacharacters, and no sensitive paths, allow
+    if (riskLevel !== 'critical' && !SHELL_METACHAR_PATTERN.test(fullCommand)) {
+        const hasSensitivePath = SENSITIVE_COMMANDS.some(s => lowerCommand.includes(s.toLowerCase()));
+        if (!hasSensitivePath) {
+            const isSafe = SAFE_COMMAND_PREFIXES.some(prefix => lowerCommand === prefix || lowerCommand.startsWith(prefix + ' '));
+            if (isSafe) {
+                return {
+                    risk_level: 'low',
+                    risk_tags: [],
+                    evidence: [],
+                    should_block: false,
+                };
+            }
+            // Audit commands: allow but flag as medium risk (can run arbitrary code via hooks/scripts)
+            const isAudit = AUDIT_COMMAND_PREFIXES.some(prefix => lowerCommand === prefix || lowerCommand.startsWith(prefix + ' '));
+            if (isAudit) {
+                return {
+                    risk_level: 'medium',
+                    risk_tags: ['INSTALL_COMMAND'],
+                    evidence: [{
+                            type: 'install_command',
+                            field: 'command',
+                            description: 'Package install or clone command can execute arbitrary code via hooks',
+                        }],
+                    should_block: false,
+                };
+            }
+        }
+    }
     // Check for sensitive data access
     for (const sensitive of SENSITIVE_COMMANDS) {
         if (lowerCommand.includes(sensitive.toLowerCase())) {

package/dist/action/detectors/exec.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"exec.js","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":";;~~AA8FA~~,~~gDAyIC~~;~~AArND~~;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,~~aAAa,EAAG,YAAY;IAC5B,~~WAAW;IACX,cAAc;IACd,YAAY;IACZ,QAAQ;IACR,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,iBAAiB;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,cAAc;IACd,cAAc;IACd,UAAU;IACV,KAAK;IACL,KAAK;CACN,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,MAAM;IACN,KAAK;IACL,OAAO;IACP,OAAO;IACP,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,UAAU;IACV,OAAO;IACP,UAAU;IACV,QAAQ;IACR,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,OAAO;IACP,OAAO;IACP,KAAK;IACL,QAAQ;IACR,MAAM;IACN,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAwB,EACxB,cAAuB,KAAK;IAE5B,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI;QAC9B,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAChD,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAEpB,MAAM,YAAY,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,SAAS,GAA2C,KAAK,CAAC;IAC9D,IAAI,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC,uCAAuC;IACvE,IAAI,WAAW,GAAuB,WAAW;QAC/C,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,+BAA+B,CAAC;IAEpC,+BAA+B;IAC/B,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;~~QAC3C~~,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;~~YACnD~~,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;~~YACnC~~,QAAQ,CAAC,IAAI,CAAC;~~gBACZ~~,IAAI,EAAE,mBAAmB;~~gBACzB~~,KAAK,EAAE,SAAS;~~gBAChB~~,KAAK,EAAE,SAAS;~~gBAChB~~,WAAW,EAAE,uCAAuC,SAAS,EAAE;~~aAChE~~,CAAC,CAAC;~~YACH~~,SAAS,GAAG,UAAU,CAAC;~~YACvB~~,WAAW,GAAG,IAAI,CAAC;~~YACnB~~,WAAW,GAAG,sBAAsB,SAAS,EAAE,CAAC;~~YAChD~~,MAAM;~~QACR~~,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;QAC3C,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,0BAA0B,SAAS,EAAE;aACnD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,UAAU;gBAAE,SAAS,GAAG,MAAM,CAAC;QACnD,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,gCAAgC,GAAG,CAAC,IAAI,EAAE,EAAE;aAC1D,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,EAAE;aAC9C,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG;QAC7B,SAAS,EAAO,YAAY;QAC5B,UAAU,EAAM,YAAY;QAC5B,SAAS,EAAO,YAAY;QAC5B,aAAa,EAAG,aAAa;QAC7B,UAAU,EAAM,aAAa;QAC7B,YAAY,EAAI,aAAa;KAC9B,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uCAAuC;aACrD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;YAC9C,MAAM;QACR,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,gBAAgB,GAAG;YACvB,SAAS;YACT,QAAQ;YACR,UAAU;YACV,OAAO;YACP,SAAS;YACT,YAAY;SACb,CAAC;QAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,eAAe;oBACrB,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,GAAG;oBACV,WAAW,EAAE,mCAAmC,GAAG,EAAE;iBACtD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"exec.js","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":";;AA6IA,gDA+LC;AA1TD;;;GAGG;AACH,MAAM,qBAAqB,GAAG;IAC5B,kBAAkB;IAClB,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAC1D,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC5D,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI;IAChD,gDAAgD;IAChD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO;IAC5B,uCAAuC;IACvC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY;IAC3E,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU;IACzF,gFAAgF;IAChF,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW;IAC5C,KAAK,EAAE,MAAM,EAAE,MAAM;IACrB,iBAAiB;IACjB,gBAAgB,EAAE,SAAS,EAAE,eAAe,EAAE,QAAQ,EAAE,eAAe;IACvE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe;IACxD,eAAe,EAAE,YAAY,EAAE,iBAAiB,EAAE,eAAe;IACjE,cAAc;IACd,KAAK,EAAE,UAAU,EAAE,QAAQ;IAC3B,aAAa,EAAE,WAAW,EAAE,YAAY;IACxC,MAAM;CACP,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAG;IAC7B,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW;CAC1D,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG,qBAAqB,CAAC;AAErD;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,qCAAqC,EAAK,mCAAmC;IAC7E,kBAAkB;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,WAAW;IACX,cAAc;IACd,YAAY;IACZ,QAAQ;IACR,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,iBAAiB;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,cAAc;IACd,cAAc;IACd,UAAU;IACV,KAAK;IACL,KAAK;CACN,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,MAAM;IACN,KAAK;IACL,OAAO;IACP,OAAO;IACP,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,UAAU;IACV,OAAO;IACP,UAAU;IACV,QAAQ;IACR,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,OAAO;IACP,OAAO;IACP,KAAK;IACL,QAAQ;IACR,MAAM;IACN,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAwB,EACxB,cAAuB,KAAK;IAE5B,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI;QAC9B,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAChD,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAEpB,MAAM,YAAY,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,SAAS,GAA2C,KAAK,CAAC;IAC9D,IAAI,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC,uCAAuC;IACvE,IAAI,WAAW,GAAuB,WAAW;QAC/C,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,+BAA+B,CAAC;IAEpC,6CAA6C;IAC7C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,WAAW;gBAClB,WAAW,EAAE,oBAAoB;aAClC,CAAC,CAAC;YACH,SAAS,GAAG,UAAU,CAAC;YACvB,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,8BAA8B,CAAC;YAC7C,MAAM;QACR,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC7B,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBACnD,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,mBAAmB;oBACzB,KAAK,EAAE,SAAS;oBAChB,KAAK,EAAE,SAAS;oBAChB,WAAW,EAAE,uCAAuC,SAAS,EAAE;iBAChE,CAAC,CAAC;gBACH,SAAS,GAAG,UAAU,CAAC;gBACvB,WAAW,GAAG,IAAI,CAAC;gBACnB,WAAW,GAAG,sBAAsB,SAAS,EAAE,CAAC;gBAChD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,+FAA+F;IAC/F,IAAI,SAAS,KAAK,UAAU,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1E,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9F,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACjD,YAAY,KAAK,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CACjE,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS,EAAE,EAAE;oBACb,QAAQ,EAAE,EAAE;oBACZ,YAAY,EAAE,KAAK;iBACpB,CAAC;YACJ,CAAC;YAED,2FAA2F;YAC3F,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACnD,YAAY,KAAK,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CACjE,CAAC;YACF,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO;oBACL,UAAU,EAAE,QAAQ;oBACpB,SAAS,EAAE,CAAC,iBAAiB,CAAC;oBAC9B,QAAQ,EAAE,CAAC;4BACT,IAAI,EAAE,iBAAiB;4BACvB,KAAK,EAAE,SAAS;4BAChB,WAAW,EAAE,uEAAuE;yBACrF,CAAC;oBACF,YAAY,EAAE,KAAK;iBACpB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;QAC3C,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,0BAA0B,SAAS,EAAE;aACnD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,UAAU;gBAAE,SAAS,GAAG,MAAM,CAAC;QACnD,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,gCAAgC,GAAG,CAAC,IAAI,EAAE,EAAE;aAC1D,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,EAAE;aAC9C,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG;QAC7B,SAAS,EAAO,YAAY;QAC5B,UAAU,EAAM,YAAY;QAC5B,SAAS,EAAO,YAAY;QAC5B,aAAa,EAAG,aAAa;QAC7B,UAAU,EAAM,aAAa;QAC7B,YAAY,EAAI,aAAa;KAC9B,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uCAAuC;aACrD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;YAC9C,MAAM;QACR,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,gBAAgB,GAAG;YACvB,SAAS;YACT,QAAQ;YACR,UAAU;YACV,OAAO;YACP,SAAS;YACT,YAAY;SACb,CAAC;QAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,eAAe;oBACrB,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,GAAG;oBACV,WAAW,EAAE,mCAAmC,GAAG,EAAE;iBACtD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}

package/dist/action/detectors/network.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/network.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAIhF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;~~AAmCD~~;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,kBAAkB,EAC3B,SAAS,GAAE,MAAM,EAAO,GACvB,qBAAqB,CA6HvB"}
1	+ {"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/network.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAIhF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA0CD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,kBAAkB,EAC3B,SAAS,GAAE,MAAM,EAAO,GACvB,qBAAqB,CA6HvB"}

package/dist/action/detectors/network.js CHANGED Viewed

@@ -18,6 +18,13 @@ const WEBHOOK_DOMAINS = [
     'ngrok-free.app',
     'beeceptor.com',
     'mockbin.org',
+    'workers.dev',
+    'vercel.app',
+    'netlify.app',
+    'deno.dev',
+    'burpcollaborator.net',
+    'interact.sh',
+    'oast.pro',
 ];
 /**
  * Known malicious TLDs (high risk)

package/dist/action/detectors/network.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"network.js","sourceRoot":"","sources":["../../../src/action/detectors/network.ts"],"names":[],"mappings":";;~~AAwDA~~,sDAgIC;~~AAvLD~~,yDAAyE;AACzE,qDAA6E;AAkB7E;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,aAAa;IACb,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;IACjB,cAAc;IACd,gBAAgB;IAChB,eAAe;IACf,UAAU;IACV,gBAAgB;IAChB,eAAe;IACf,aAAa;~~CACd~~,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAA2B,EAC3B,YAAsB,EAAE;IAExB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,SAAS,GAA2C,KAAK,CAAC;IAC9D,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,WAA+B,CAAC;IAEpC,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAA,2BAAa,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,SAAS,EAAE,CAAC,aAAa,CAAC;YAC1B,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,aAAa;oBACnB,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,OAAO,CAAC,GAAG;oBAClB,WAAW,EAAE,qBAAqB;iBACnC;aACF;YACD,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,aAAa;SAC5B,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,SAAS,GAAG,IAAA,6BAAe,EAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAErD,4BAA4B;IAC5B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAChD,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,gBAAgB;YACtB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,yCAAyC,MAAM,EAAE;SAC/D,CAAC,CAAC;QACH,SAAS,GAAG,MAAM,CAAC;QAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,iCAAiC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,IAAI,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,wBAAwB;SACtC,CAAC,CAAC;QACH,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,yBAAyB;SACvC,CAAC,CAAC;QACH,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,wCAAwC;IACxC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,uDAAuD;QACvD,IAAI,IAAA,wCAAuB,EAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,MAAM;gBACb,WAAW,EAAE,+CAA+C;aAC7D,CAAC,CAAC;YACH,SAAS,GAAG,UAAU,CAAC;YACvB,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,+CAA+C,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,iCAAiC;YACjC,MAAM,UAAU,GAAG,IAAA,iCAAgB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAE1D,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACxC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAEtC,IAAI,UAAU,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;oBACzC,SAAS,GAAG,UAAU,CAAC;oBACvB,WAAW,GAAG,IAAI,CAAC;oBACnB,WAAW,GAAG,0BAA0B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/E,CAAC;qBAAM,IAAI,UAAU,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC5C,SAAS,GAAG,MAAM,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IACE,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC;QACvD,CAAC,SAAS;QACV,SAAS,KAAK,QAAQ,EACtB,CAAC;QACD,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"network.js","sourceRoot":"","sources":["../../../src/action/detectors/network.ts"],"names":[],"mappings":";;AA+DA,sDAgIC;AA9LD,yDAAyE;AACzE,qDAA6E;AAkB7E;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,aAAa;IACb,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;IACjB,cAAc;IACd,gBAAgB;IAChB,eAAe;IACf,UAAU;IACV,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,aAAa;IACb,YAAY;IACZ,aAAa;IACb,UAAU;IACV,sBAAsB;IACtB,aAAa;IACb,UAAU;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAA2B,EAC3B,YAAsB,EAAE;IAExB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,SAAS,GAA2C,KAAK,CAAC;IAC9D,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,WAA+B,CAAC;IAEpC,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAA,2BAAa,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,UAAU,EAAE,MAAM;YAClB,SAAS,EAAE,CAAC,aAAa,CAAC;YAC1B,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,aAAa;oBACnB,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,OAAO,CAAC,GAAG;oBAClB,WAAW,EAAE,qBAAqB;iBACnC;aACF;YACD,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,aAAa;SAC5B,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,SAAS,GAAG,IAAA,6BAAe,EAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAErD,4BAA4B;IAC5B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAChD,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,gBAAgB;YACtB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,yCAAyC,MAAM,EAAE;SAC/D,CAAC,CAAC;QACH,SAAS,GAAG,MAAM,CAAC;QAEnB,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,iCAAiC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,IAAI,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,eAAe;YACrB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,wBAAwB;SACtC,CAAC,CAAC;QACH,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM;YACb,WAAW,EAAE,yBAAyB;SACvC,CAAC,CAAC;QACH,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,wCAAwC;IACxC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,uDAAuD;QACvD,IAAI,IAAA,wCAAuB,EAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,MAAM;gBACb,WAAW,EAAE,+CAA+C;aAC7D,CAAC,CAAC;YACH,SAAS,GAAG,UAAU,CAAC;YACvB,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,+CAA+C,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,iCAAiC;YACjC,MAAM,UAAU,GAAG,IAAA,iCAAgB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAE1D,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACxC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAEtC,IAAI,UAAU,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;oBACzC,SAAS,GAAG,UAAU,CAAC;oBACvB,WAAW,GAAG,IAAI,CAAC;oBACnB,WAAW,GAAG,0BAA0B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/E,CAAC;qBAAM,IAAI,UAAU,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC5C,SAAS,GAAG,MAAM,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IACE,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC;QACvD,CAAC,SAAS;QACV,SAAS,KAAK,QAAQ,EACtB,CAAC;QACD,SAAS,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}

package/dist/action/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/action/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EAEd,UAAU,EACV,oBAAoB,EAMrB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAIrD,OAAO,EAAE,YAAY,EAAgB,MAAM,oBAAoB,CAAC;~~AAGhE~~;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,wBAAwB;IACxB,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,oBAAoB;IACpB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,eAAe,CAAC;CACvC;AAED;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,mBAAmB,CAAkB;gBAEjC,OAAO,GAAE,oBAAyB;IAM9C;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAmE/D;;OAEG;YACW,oBAAoB;IAmElC;;OAEG;IACH,OAAO,CAAC,iBAAiB;~~IAoCzB~~;;OAEG;YACW,YAAY;IAoK1B;;OAEG;YACW,cAAc;IAiH5B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA+B1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;~~IA6C3B~~;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAgKtE;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC;AAGjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/action/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EAEd,UAAU,EACV,oBAAoB,EAMrB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAIrD,OAAO,EAAE,YAAY,EAAgB,MAAM,oBAAoB,CAAC;AAIhE;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,wBAAwB;IACxB,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,oBAAoB;IACpB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,eAAe,CAAC;CACvC;AAED;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,mBAAmB,CAAkB;gBAEjC,OAAO,GAAE,oBAAyB;IAM9C;;OAEG;IACG,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAmE/D;;OAEG;YACW,oBAAoB;IAmElC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAwCzB;;OAEG;YACW,YAAY;IAoK1B;;OAEG;YACW,cAAc;IAiH5B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA+B1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgE3B;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAgKtE;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC;AAGjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC"}

package/dist/action/index.js CHANGED Viewed

@@ -10,6 +10,28 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
 }));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
@@ -21,6 +43,7 @@ const network_js_1 = require("./detectors/network.js");
 const exec_js_1 = require("./detectors/exec.js");
 const secret_leak_js_1 = require("./detectors/secret-leak.js");
 const client_js_1 = require("./goplus/client.js");
+const nodePath = __importStar(require("path"));
 /**
  * Action Scanner - Module C
  * Runtime action decision engine
@@ -137,8 +160,12 @@ class ActionScanner {
         const execAllowed = capabilities.exec === 'allow';
         const analysis = (0, exec_js_1.analyzeExecCommand)(command, execAllowed);
         if (analysis.should_block) {
+            // Critical threats (rm -rf, fork bomb, etc.) are always hard denied.
+            // Non-critical blocked commands (exec not allowed but not dangerous)
+            // return 'confirm' so balanced mode can prompt the user instead of blocking.
+            const isCritical = analysis.risk_level === 'critical';
             return {
-                decision: 'deny',
+                decision: isCritical ? 'deny' : 'confirm',
                 risk_level: analysis.risk_level,
                 risk_tags: analysis.risk_tags,
                 evidence: analysis.evidence,
@@ -445,20 +472,38 @@ class ActionScanner {
      * Handle file operations
      */
     handleFileOperation(file, type, capabilities) {
-        // Check if path is in allowlist
+        // Normalize path to prevent traversal attacks (e.g. ./allowed/../../../etc/passwd)
+        const normalizedPath = nodePath.normalize(file.path);
+        if (normalizedPath !== file.path && file.path.includes('..')) {
+            return {
+                decision: 'deny',
+                risk_level: 'high',
+                risk_tags: ['PATH_TRAVERSAL'],
+                evidence: [
+                    {
+                        type: 'path_traversal',
+                        field: 'path',
+                        match: file.path,
+                        description: `Path traversal detected: "${file.path}" resolves to "${normalizedPath}"`,
+                    },
+                ],
+                explanation: 'Path traversal attack blocked',
+            };
+        }
+        // Check if path is in allowlist (use normalized path)
         const isAllowed = capabilities.filesystem_allowlist.some((pattern) => {
             if (pattern === '*')
                 return true;
             if (pattern.endsWith('/**')) {
                 const prefix = pattern.slice(0, -3);
-                return file.path.startsWith(prefix);
+                return normalizedPath.startsWith(prefix);
             }
             if (pattern.endsWith('/*')) {
                 const prefix = pattern.slice(0, -2);
-                const remainder = file.path.slice(prefix.length);
-                return file.path.startsWith(prefix) && !remainder.includes('/');
+                const remainder = normalizedPath.slice(prefix.length);
+                return normalizedPath.startsWith(prefix) && !remainder.includes('/');
             }
-            return file.path === pattern || file.path.startsWith(pattern + '/');
+            return normalizedPath === pattern || normalizedPath.startsWith(pattern + '/');
         });
         if (isAllowed) {
             return {