@nerviq/cli 1.26.0 → 1.27.0

package/src/shallow-risk/patterns/agent-config-dangerous-autoapprove.js

@@ -0,0 +1,46 @@
+'use strict';
+
+const { SHALLOW_RISK_DOC_URL, escapeRegExp } = require('../shared');
+
+const DANGEROUS_ALLOW_PATTERNS = [
+  /\brm\b[\s\S]{0,40}-r/i,
+  /\bgit\s+push\s+--force\b/i,
+  /\bdrop\s+(?:database|table)\b/i,
+  /\btruncate\s+table\b/i,
+  /\bdelete\s+from\b/i,
+];
+
+function isDangerousAllowRule(rule) {
+  if (typeof rule !== 'string') return false;
+  if (/\bdelete\s+from\b/i.test(rule)) {
+    return !/\bwhere\b/i.test(rule) || /\bwhere\s*1\s*=\s*1\b/i.test(rule);
+  }
+  return DANGEROUS_ALLOW_PATTERNS.some((pattern) => {
+    pattern.lastIndex = 0;
+    return pattern.test(rule);
+  });
+}
+
+module.exports = {
+  key: 'agent-config-dangerous-autoapprove',
+  name: 'Agent config auto-approves destructive commands',
+  severity: 'critical',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const file = '.claude/settings.json';
+    const config = ctx.jsonFile(file);
+    const allowRules = config && config.permissions && Array.isArray(config.permissions.allow)
+      ? config.permissions.allow
+      : [];
+    if (allowRules.length === 0) return [];
+
+    return allowRules
+      .filter(isDangerousAllowRule)
+      .map((rule) => ({
+        file,
+        line: ctx.lineNumber(file, new RegExp(escapeRegExp(rule))) || 1,
+        fix: `${file} pre-approves the destructive rule \`${rule}\`. Remove it from the allow-list so destructive commands always require explicit review.`,
+      }));
+  },
+};

package/src/shallow-risk/patterns/agent-config-deprecated-keys.js

@@ -0,0 +1,46 @@
+'use strict';
+
+const { AIDER_P0_SOURCES, SHALLOW_RISK_DOC_URL, hasLegacyAiderPin } = require('../shared');
+
+const DEPRECATED_AIDER_KEYS = [
+  {
+    key: 'auto-commit',
+    replacement: 'auto-commits',
+    pattern: /^\s*auto-commit\s*:/i,
+    note: 'removed in Aider 0.60+',
+  },
+];
+
+module.exports = {
+  key: 'agent-config-deprecated-keys',
+  name: 'Agent config uses deprecated keys',
+  severity: 'medium',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    if (!Array.isArray(AIDER_P0_SOURCES) || AIDER_P0_SOURCES.length < 2) {
+      return [];
+    }
+
+    const file = ctx.fileContent('.aider.conf.yml') !== null ? '.aider.conf.yml'
+      : (ctx.fileContent('.aider.conf.yaml') !== null ? '.aider.conf.yaml' : null);
+    if (!file || hasLegacyAiderPin(ctx)) return [];
+
+    const findings = [];
+    const content = ctx.fileContent(file) || '';
+    const lines = content.split(/\r?\n/);
+
+    for (const keyDef of DEPRECATED_AIDER_KEYS) {
+      const lineIndex = lines.findIndex((line) => keyDef.pattern.test(line));
+      if (lineIndex === -1) continue;
+      findings.push({
+        file,
+        line: lineIndex + 1,
+        fix: `${file} uses deprecated Aider key \`${keyDef.key}\` (${keyDef.note}). Replace it with \`${keyDef.replacement}\` or remove it if the repo intentionally stays on an older Aider release.`,
+        sourceUrl: AIDER_P0_SOURCES.find((source) => source.key === 'aider-config-reference')?.url || SHALLOW_RISK_DOC_URL,
+      });
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/agent-config-missing-file.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  escapeRegExp,
+  getAgentConfigEntries,
+  getScannableLines,
+  isKnownConventionPath,
+  looksLikeRelativeFileReference,
+  normalizeCandidatePath,
+  resolveRepoPath,
+  toPosix,
+} = require('../shared');
+
+const POINTER_RE = /(?:^|[\s([`'"])(@?(?:\.{1,2}\/)?[A-Za-z0-9._/-]+)(?=$|[\s)\]`'",:;!?])/g;
+
+module.exports = {
+  key: 'agent-config-missing-file',
+  name: 'Agent config references missing file',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const findings = [];
+    const seen = new Set();
+
+    for (const entry of getAgentConfigEntries(ctx)) {
+      if (!/\.(?:md|mdc|txt|rst)$/i.test(entry.path) && !/\.cursorrules$|\.windsurfrules$/i.test(entry.path)) {
+        continue;
+      }
+      for (const { lineNumber, text } of getScannableLines(entry.content)) {
+        POINTER_RE.lastIndex = 0;
+        let match = POINTER_RE.exec(text);
+        while (match) {
+          const candidate = normalizeCandidatePath(match[1]);
+          if (!looksLikeRelativeFileReference(candidate)) {
+            match = POINTER_RE.exec(text);
+            continue;
+          }
+
+          const resolvedPath = resolveRepoPath(ctx, entry.path, candidate, 'relative-to-file');
+          if (!resolvedPath || isKnownConventionPath(resolvedPath)) {
+            match = POINTER_RE.exec(text);
+            continue;
+          }
+
+          if (ctx.fileContent(resolvedPath) !== null) {
+            match = POINTER_RE.exec(text);
+            continue;
+          }
+
+          const dedupeKey = `${entry.path}:${toPosix(resolvedPath)}`;
+          if (seen.has(dedupeKey)) {
+            match = POINTER_RE.exec(text);
+            continue;
+          }
+          seen.add(dedupeKey);
+
+          findings.push({
+            file: entry.path,
+            line: lineNumber || ctx.lineNumber(entry.path, new RegExp(escapeRegExp(candidate))),
+            fix: `${entry.path} references \`${toPosix(resolvedPath)}\`, but the file is missing. Create the file or update the agent guidance to point at a real repo path.`,
+          });
+
+          match = POINTER_RE.exec(text);
+        }
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/agent-config-secret-literal.js

@@ -0,0 +1,49 @@
+'use strict';
+
+const { SHALLOW_RISK_DOC_URL, getAgentConfigEntries } = require('../shared');
+
+const SECRET_PATTERNS = [
+  { label: 'AWS access key', pattern: /\bAKIA[0-9A-Z]{16}\b/g },
+  { label: 'Stripe live key', pattern: /\bsk_live_[A-Za-z0-9]{24,}\b/g },
+  { label: 'GitHub personal access token', pattern: /\bghp_[A-Za-z0-9]{36}\b/g },
+  { label: 'SSH private key header', pattern: /-----BEGIN (?:OPENSSH|RSA|DSA|EC) PRIVATE KEY-----/g },
+];
+
+function looksLikePlaceholder(line, matchText) {
+  return /\b(example|sample|placeholder|replace[-_ ]?me|your[_-]?key|fake|dummy)\b/i.test(line) ||
+    /\bEXAMPLE\b/.test(matchText);
+}
+
+module.exports = {
+  key: 'agent-config-secret-literal',
+  name: 'Agent config contains secret literal',
+  severity: 'critical',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const findings = [];
+
+    for (const entry of getAgentConfigEntries(ctx)) {
+      const lines = entry.content.split(/\r?\n/);
+      for (let index = 0; index < lines.length; index++) {
+        const line = lines[index];
+        for (const secret of SECRET_PATTERNS) {
+          secret.pattern.lastIndex = 0;
+          let match = secret.pattern.exec(line);
+          while (match) {
+            if (!looksLikePlaceholder(line, match[0])) {
+              findings.push({
+                file: entry.path,
+                line: index + 1,
+                fix: `${entry.path} contains a ${secret.label} shape. Rotate the secret, remove it from the agent config, and scrub it from git history if it was real.`,
+              });
+            }
+            match = secret.pattern.exec(line);
+          }
+        }
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/agent-config-stack-contradiction.js

@@ -0,0 +1,34 @@
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  collectStackClaims,
+  findFirstStackEvidence,
+  getDetectedStackEvidence,
+} = require('../shared');
+
+module.exports = {
+  key: 'agent-config-stack-contradiction',
+  name: 'Agent config contradicts actual stack',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const claims = collectStackClaims(ctx);
+    const distinctClaims = [...new Set(claims.map((claim) => claim.key))];
+    if (distinctClaims.length !== 1) return [];
+
+    const declared = claims[0];
+    const hasDeclaredEvidence = declared.stackKeys.some((stackKey) => Boolean(findFirstStackEvidence(ctx, stackKey)));
+    if (hasDeclaredEvidence) return [];
+
+    const actual = getDetectedStackEvidence(ctx).find((item) => !declared.stackKeys.includes(item.key));
+    if (!actual) return [];
+
+    return [{
+      file: declared.file,
+      line: declared.line,
+      fix: `${declared.file} declares the primary stack as "${declared.label}", but the repo shows ${actual.label} signals (${actual.file}) and no ${declared.label} evidence. Align the agent guidance with the actual stack or document a real migration plan.`,
+    }];
+  },
+};

package/src/shallow-risk/patterns/hook-script-missing.js

@@ -0,0 +1,70 @@
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  escapeRegExp,
+  getHookCommandPath,
+  resolveRepoPath,
+} = require('../shared');
+
+const HOOK_EVENTS = new Set([
+  'PreToolUse',
+  'PostToolUse',
+  'Stop',
+  'UserPromptSubmit',
+  'SessionStart',
+]);
+
+function collectHookCommands(node, output = []) {
+  if (Array.isArray(node)) {
+    for (const item of node) collectHookCommands(item, output);
+    return output;
+  }
+
+  if (!node || typeof node !== 'object') {
+    return output;
+  }
+
+  if (node.type === 'command' && typeof node.command === 'string') {
+    output.push(node.command);
+  }
+
+  for (const value of Object.values(node)) {
+    collectHookCommands(value, output);
+  }
+
+  return output;
+}
+
+module.exports = {
+  key: 'hook-script-missing',
+  name: 'Configured hook script is missing',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const file = '.claude/settings.json';
+    const config = ctx.jsonFile(file);
+    if (!config || !config.hooks || typeof config.hooks !== 'object') {
+      return [];
+    }
+
+    const findings = [];
+    for (const [eventName, entries] of Object.entries(config.hooks)) {
+      if (!HOOK_EVENTS.has(eventName)) continue;
+      for (const command of collectHookCommands(entries)) {
+        const scriptPath = getHookCommandPath(command);
+        if (!scriptPath) continue;
+        const resolvedPath = resolveRepoPath(ctx, file, scriptPath, 'repo-root');
+        if (!resolvedPath || ctx.fileContent(resolvedPath) !== null) continue;
+        findings.push({
+          file,
+          line: ctx.lineNumber(file, new RegExp(escapeRegExp(command))) || ctx.lineNumber(file, new RegExp(`"${escapeRegExp(eventName)}"`)) || 1,
+          fix: `${file} declares a ${eventName} hook at \`${resolvedPath}\`, but the script is missing. Create the hook file or remove the dead hook reference.`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/mcp-server-no-allowlist.js

@@ -0,0 +1,52 @@
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  escapeRegExp,
+  isClearlyLocalMcpBinary,
+} = require('../shared');
+
+function hasBroadOpenPermissions(server) {
+  if (!server || typeof server !== 'object') return false;
+  if (Array.isArray(server.permissions) && server.permissions.length === 0) return true;
+  if (server.allow === '*') return true;
+  if (Array.isArray(server.allow) && server.allow.includes('*')) return true;
+  if (server.permissions && typeof server.permissions === 'object') {
+    if (server.permissions.allow === '*') return true;
+    if (Array.isArray(server.permissions.allow) && server.permissions.allow.includes('*')) return true;
+  }
+  return false;
+}
+
+module.exports = {
+  key: 'mcp-server-no-allowlist',
+  name: 'MCP server has no allowlist',
+  severity: 'critical',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  run(ctx) {
+    const findings = [];
+    const candidates = ['.claude/settings.json', '.mcp.json'];
+
+    for (const file of candidates) {
+      const config = ctx.jsonFile(file);
+      const servers = config && config.mcpServers && typeof config.mcpServers === 'object'
+        ? config.mcpServers
+        : null;
+      if (!servers) continue;
+
+      for (const [serverName, server] of Object.entries(servers)) {
+        if (!hasBroadOpenPermissions(server)) continue;
+        const command = typeof server.command === 'string' ? server.command : '';
+        findings.push({
+          severity: isClearlyLocalMcpBinary(command) ? 'high' : 'critical',
+          file,
+          line: ctx.lineNumber(file, new RegExp(`"${escapeRegExp(serverName)}"`)) || 1,
+          fix: `MCP server "${serverName}" in ${file} has broad access without an allowlist. Add a narrow allow/permissions list before relying on it in CI or production repos.`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};