@heysalad/cheri-cli 0.10.0 → 1.1.0

package/src/lib/sandbox.js

@@ -0,0 +1,164 @@
+// Sandboxing for command execution
+// Linux: uses unshare + seccomp-like restrictions via spawn options
+// Fallback: restricted environment variables and timeout enforcement
+
+import { spawn } from "child_process";
+import { platform } from "os";
+
+const IS_LINUX = platform() === "linux";
+
+// Sandbox policy levels
+export const SandboxLevel = {
+  NONE: "none",           // No sandbox (legacy behavior)
+  BASIC: "basic",         // Timeout + restricted env + no network
+  STRICT: "strict",       // BASIC + filesystem restrictions via unshare
+};
+
+// Check if unshare is available (Linux namespace isolation)
+let _unshareAvailable = null;
+async function hasUnshare() {
+  if (_unshareAvailable !== null) return _unshareAvailable;
+  try {
+    const { execSync } = await import("child_process");
+    execSync("which unshare", { stdio: "pipe" });
+    _unshareAvailable = true;
+  } catch {
+    _unshareAvailable = false;
+  }
+  return _unshareAvailable;
+}
+
+// Restricted environment: strip sensitive vars, disable network hints
+function buildSandboxEnv(allowNetwork = false) {
+  const env = { ...process.env };
+
+  // Remove sensitive environment variables
+  const sensitiveVars = [
+    "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN",
+    "AWS_BEARER_TOKEN_BEDROCK", "GITHUB_TOKEN", "GH_TOKEN",
+    "OPENAI_API_KEY", "ANTHROPIC_API_KEY", "STRIPE_SECRET_KEY",
+    "DATABASE_URL", "MONGO_URI", "REDIS_URL",
+    "SSH_AUTH_SOCK", "GPG_AGENT_INFO",
+    "npm_config_//registry.npmjs.org/:_authToken",
+  ];
+  for (const v of sensitiveVars) delete env[v];
+
+  // Signal to child processes that they're sandboxed
+  env.CHERI_SANDBOXED = "1";
+  env.CHERI_SANDBOX_LEVEL = allowNetwork ? "basic" : "strict";
+
+  return env;
+}
+
+/**
+ * Execute a command inside a sandbox.
+ * Returns { stdout, stderr, exitCode, timedOut }
+ */
+export function sandboxExec(command, options = {}) {
+  const {
+    cwd = process.cwd(),
+    timeout = 120000,
+    maxBuffer = 10 * 1024 * 1024,
+    level = SandboxLevel.BASIC,
+    allowNetwork = false,
+    allowWrite = [],  // additional writable paths beyond cwd
+  } = options;
+
+  return new Promise(async (resolve) => {
+    const env = level === SandboxLevel.NONE ? process.env : buildSandboxEnv(allowNetwork);
+    let cmd, args;
+
+    if (level === SandboxLevel.STRICT && IS_LINUX && await hasUnshare()) {
+      // Use unshare for network namespace isolation (no network access)
+      // --net creates a new network namespace with no interfaces
+      if (!allowNetwork) {
+        cmd = "unshare";
+        args = ["--net", "--map-root-user", "sh", "-c", command];
+      } else {
+        cmd = "sh";
+        args = ["-c", command];
+      }
+    } else {
+      cmd = "sh";
+      args = ["-c", command];
+    }
+
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let killed = false;
+
+    const proc = spawn(cmd, args, {
+      cwd,
+      env,
+      stdio: ["pipe", "pipe", "pipe"],
+      // Kill the entire process group on timeout
+      detached: IS_LINUX,
+    });
+
+    const timer = setTimeout(() => {
+      timedOut = true;
+      killed = true;
+      try {
+        if (IS_LINUX && proc.pid) {
+          process.kill(-proc.pid, "SIGKILL");
+        } else {
+          proc.kill("SIGKILL");
+        }
+      } catch {}
+    }, timeout);
+
+    proc.stdout.on("data", (data) => {
+      stdout += data.toString();
+      if (stdout.length > maxBuffer) {
+        stdout = stdout.slice(0, maxBuffer) + "\n...(truncated)";
+        killed = true;
+        try { proc.kill("SIGKILL"); } catch {}
+      }
+    });
+
+    proc.stderr.on("data", (data) => {
+      stderr += data.toString();
+      if (stderr.length > maxBuffer) {
+        stderr = stderr.slice(0, maxBuffer) + "\n...(truncated)";
+      }
+    });
+
+    proc.on("close", (code) => {
+      clearTimeout(timer);
+      resolve({
+        stdout: stdout.trim(),
+        stderr: stderr.trim(),
+        exitCode: code ?? 1,
+        timedOut,
+      });
+    });
+
+    proc.on("error", (err) => {
+      clearTimeout(timer);
+      resolve({
+        stdout: "",
+        stderr: err.message,
+        exitCode: 1,
+        timedOut: false,
+      });
+    });
+
+    // Close stdin immediately
+    proc.stdin.end();
+  });
+}
+
+/**
+ * Get sandbox info for display
+ */
+export function getSandboxInfo(level) {
+  switch (level) {
+    case SandboxLevel.STRICT:
+      return IS_LINUX ? "strict (network isolated)" : "basic (strict requires Linux)";
+    case SandboxLevel.BASIC:
+      return "basic (env sanitized, timeout enforced)";
+    default:
+      return "none";
+  }
+}

package/src/lib/sessions/index.js

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, writeFileSync, readFileSync, readdirSync } from "fs";
+import { existsSync, mkdirSync, writeFileSync, readFileSync, readdirSync, unlinkSync } from "fs";
 import { join } from "path";
 import { homedir } from "os";
 
@@ -48,7 +48,6 @@ export function listSessions() {
 export function deleteSession(sessionId) {
   const filePath = join(SESSIONS_DIR, `${sessionId}.json`);
   if (existsSync(filePath)) {
-    const { unlinkSync } = require("fs");
     unlinkSync(filePath);
     return true;
   }

package/src/lib/tools/file-tools.js

@@ -1,6 +1,8 @@
-import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, existsSync, statSync } from "fs";
 import { dirname, resolve } from "path";
 
+const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB limit
+
 export const readFile = {
   name: "read_file",
   description: "Read the contents of a file at the given path. Returns the file contents as a string.",
@@ -12,12 +14,32 @@ export const readFile = {
     required: ["path"],
   },
   handler: async ({ path }) => {
-    const resolved = resolve(path);
-    if (!existsSync(resolved)) {
-      return { error: `File not found: ${resolved}` };
+    try {
+      const resolved = resolve(path);
+      if (!existsSync(resolved)) {
+        return { error: `File not found: ${resolved}` };
+      }
+      const stat = statSync(resolved);
+      if (stat.isDirectory()) {
+        return { error: `Path is a directory, not a file: ${resolved}` };
+      }
+      if (stat.size > MAX_FILE_SIZE) {
+        return { error: `File too large (${(stat.size / 1024 / 1024).toFixed(1)}MB). Max: 5MB` };
+      }
+      // Detect binary files by checking for null bytes in first 8KB
+      const buf = Buffer.alloc(Math.min(8192, stat.size));
+      const fd = await import("fs").then(fs => fs.openSync(resolved, "r"));
+      const { readSync, closeSync } = await import("fs");
+      readSync(fd, buf, 0, buf.length, 0);
+      closeSync(fd);
+      if (buf.includes(0)) {
+        return { error: `Binary file detected: ${resolved}. Cannot read binary files as text.` };
+      }
+      const content = readFileSync(resolved, "utf-8");
+      return { path: resolved, content, lines: content.split("\n").length };
+    } catch (err) {
+      return { error: `Failed to read file: ${err.message}` };
     }
-    const content = readFileSync(resolved, "utf-8");
-    return { path: resolved, content, lines: content.split("\n").length };
   },
 };
 
@@ -33,13 +55,17 @@ export const writeFile = {
     required: ["path", "content"],
   },
   handler: async ({ path, content }) => {
-    const resolved = resolve(path);
-    const dir = dirname(resolved);
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
+    try {
+      const resolved = resolve(path);
+      const dir = dirname(resolved);
+      if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+      }
+      writeFileSync(resolved, content, "utf-8");
+      return { path: resolved, bytesWritten: Buffer.byteLength(content, "utf-8") };
+    } catch (err) {
+      return { error: `Failed to write file: ${err.message}` };
     }
-    writeFileSync(resolved, content, "utf-8");
-    return { path: resolved, bytesWritten: Buffer.byteLength(content, "utf-8") };
   },
 };
 
@@ -56,17 +82,24 @@ export const editFile = {
     required: ["path", "old_string", "new_string"],
   },
   handler: async ({ path, old_string, new_string }) => {
-    const resolved = resolve(path);
-    if (!existsSync(resolved)) {
-      return { error: `File not found: ${resolved}` };
-    }
-    const content = readFileSync(resolved, "utf-8");
-    if (!content.includes(old_string)) {
-      return { error: "old_string not found in file. Make sure it matches exactly, including whitespace." };
+    try {
+      const resolved = resolve(path);
+      if (!existsSync(resolved)) {
+        return { error: `File not found: ${resolved}` };
+      }
+      const content = readFileSync(resolved, "utf-8");
+      if (!content.includes(old_string)) {
+        return { error: "old_string not found in file. Make sure it matches exactly, including whitespace." };
+      }
+      const count = content.split(old_string).length - 1;
+      if (count > 1) {
+        return { error: `old_string found ${count} times. It must be unique — add more surrounding context.` };
+      }
+      const newContent = content.replace(old_string, new_string);
+      writeFileSync(resolved, newContent, "utf-8");
+      return { path: resolved, replacements: 1 };
+    } catch (err) {
+      return { error: `Failed to edit file: ${err.message}` };
     }
-    const count = content.split(old_string).length - 1;
-    const newContent = content.replace(old_string, new_string);
-    writeFileSync(resolved, newContent, "utf-8");
-    return { path: resolved, replacements: 1, totalOccurrences: count };
   },
 };

package/src/lib/tools/search-tools.js

@@ -43,7 +43,7 @@ export const searchContent = {
   handler: async ({ pattern, path, include }) => {
     const dir = resolve(path || ".");
     try {
-      let cmd = `grep -rn --include='${include || "*"}' ${JSON.stringify(pattern)} ${JSON.stringify(dir)} 2>/dev/null | head -50`;
+      let cmd = `grep -rn --include=${JSON.stringify(include || "*")} ${JSON.stringify(pattern)} ${JSON.stringify(dir)} 2>/dev/null | head -50`;
       const result = execSync(cmd, { encoding: "utf-8", timeout: 10_000 });
       const lines = result.trim().split("\n").filter(Boolean);
       const matches = lines.map((line) => {