@node9/proxy 1.0.19 → 1.1.1

package/dist/index.js

@@ -37,13 +37,14 @@ module.exports = __toCommonJS(src_exports);
 // src/core.ts
 var import_chalk2 = __toESM(require("chalk"));
 var import_prompts = require("@inquirer/prompts");
-var import_fs2 = __toESM(require("fs"));
-var import_path4 = __toESM(require("path"));
+var import_fs3 = __toESM(require("fs"));
+var import_path5 = __toESM(require("path"));
 var import_os2 = __toESM(require("os"));
 var import_net = __toESM(require("net"));
 var import_crypto = require("crypto");
 var import_child_process2 = require("child_process");
 var import_picomatch = __toESM(require("picomatch"));
+var import_safe_regex2 = __toESM(require("safe-regex2"));
 var import_sh_syntax = require("sh-syntax");
 
 // src/ui/native.ts
@@ -465,8 +466,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path5 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path5}: ${issue.message}`;
+    const path6 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path6}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -679,10 +680,14 @@ function readActiveShields() {
 }
 
 // src/dlp.ts
+var import_fs2 = __toESM(require("fs"));
+var import_path4 = __toESM(require("path"));
 var DLP_PATTERNS = [
   { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
   { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+  // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+  // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
   { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
   { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
   {
@@ -690,8 +695,76 @@ var DLP_PATTERNS = [
     regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
     severity: "block"
   },
+  // GCP service account JSON (detects the type field that uniquely identifies it)
+  {
+    name: "GCP Service Account",
+    regex: /"type"\s*:\s*"service_account"/,
+    severity: "block"
+  },
+  // NPM auth token in .npmrc format
+  {
+    name: "NPM Auth Token",
+    regex: /_authToken\s*=\s*[A-Za-z0-9_\-]{20,}/,
+    severity: "block"
+  },
   { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
 ];
+var SENSITIVE_PATH_PATTERNS = [
+  /[/\\]\.ssh[/\\]/i,
+  /[/\\]\.aws[/\\]/i,
+  /[/\\]\.config[/\\]gcloud[/\\]/i,
+  /[/\\]\.azure[/\\]/i,
+  /[/\\]\.kube[/\\]config$/i,
+  /[/\\]\.env($|\.)/i,
+  // .env, .env.local, .env.production — not .envoy
+  /[/\\]\.git-credentials$/i,
+  /[/\\]\.npmrc$/i,
+  /[/\\]\.docker[/\\]config\.json$/i,
+  /[/\\][^/\\]+\.pem$/i,
+  /[/\\][^/\\]+\.key$/i,
+  /[/\\][^/\\]+\.p12$/i,
+  /[/\\][^/\\]+\.pfx$/i,
+  /^\/etc\/passwd$/,
+  /^\/etc\/shadow$/,
+  /^\/etc\/sudoers$/,
+  /[/\\]credentials\.json$/i,
+  /[/\\]id_rsa$/i,
+  /[/\\]id_ed25519$/i,
+  /[/\\]id_ecdsa$/i
+];
+function scanFilePath(filePath, cwd = process.cwd()) {
+  if (!filePath) return null;
+  let resolved;
+  try {
+    const absolute = import_path4.default.resolve(cwd, filePath);
+    resolved = import_fs2.default.realpathSync.native(absolute);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT" || code === "ENOTDIR") {
+      resolved = import_path4.default.resolve(cwd, filePath);
+    } else {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        severity: "block"
+      };
+    }
+  }
+  const normalised = resolved.replace(/\\/g, "/");
+  for (const pattern of SENSITIVE_PATH_PATTERNS) {
+    if (pattern.test(normalised)) {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        // show original path in alert, not resolved
+        severity: "block"
+      };
+    }
+  }
+  return null;
+}
 function maskSecret(raw, pattern) {
   const match = raw.match(pattern);
   if (!match) return "****";
@@ -749,17 +822,17 @@ function scanArgs(args, depth = 0, fieldPath = "args") {
 }
 
 // src/core.ts
-var PAUSED_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = import_path4.default.join(import_os2.default.homedir(), ".node9", "trust.json");
-var LOCAL_AUDIT_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "audit.log");
-var HOOK_DEBUG_LOG = import_path4.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
+var PAUSED_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "PAUSED");
+var TRUST_FILE = import_path5.default.join(import_os2.default.homedir(), ".node9", "trust.json");
+var LOCAL_AUDIT_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "audit.log");
+var HOOK_DEBUG_LOG = import_path5.default.join(import_os2.default.homedir(), ".node9", "hook-debug.log");
 function checkPause() {
   try {
-    if (!import_fs2.default.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(import_fs2.default.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(import_fs3.default.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        import_fs2.default.unlinkSync(PAUSED_FILE);
+        import_fs3.default.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -770,20 +843,66 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = import_path4.default.dirname(filePath);
-  if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
+  const dir = import_path5.default.dirname(filePath);
+  if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${import_os2.default.hostname()}.${process.pid}.tmp`;
-  import_fs2.default.writeFileSync(tmpPath, data, options);
-  import_fs2.default.renameSync(tmpPath, filePath);
+  import_fs3.default.writeFileSync(tmpPath, data, options);
+  import_fs3.default.renameSync(tmpPath, filePath);
+}
+var MAX_REGEX_LENGTH = 100;
+var REGEX_CACHE_MAX = 500;
+var regexCache = /* @__PURE__ */ new Map();
+function validateRegex(pattern) {
+  if (!pattern) return "Pattern is required";
+  if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    return `Invalid regex syntax: ${e.message}`;
+  }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!(0, import_safe_regex2.default)(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
+  return null;
+}
+function getCompiledRegex(pattern, flags = "") {
+  if (flags && !/^[gimsuy]+$/.test(flags)) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Invalid regex flags: "${flags}"`);
+    return null;
+  }
+  const key = `${pattern}\0${flags}`;
+  if (regexCache.has(key)) {
+    const cached = regexCache.get(key);
+    regexCache.delete(key);
+    regexCache.set(key, cached);
+    return cached;
+  }
+  const err = validateRegex(pattern);
+  if (err) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error(`[Node9] Regex blocked: ${err} \u2014 pattern: "${pattern}"`);
+    return null;
+  }
+  try {
+    const re = new RegExp(pattern, flags);
+    if (regexCache.size >= REGEX_CACHE_MAX) {
+      const oldest = regexCache.keys().next().value;
+      if (oldest) regexCache.delete(oldest);
+    }
+    regexCache.set(key, re);
+    return re;
+  } catch (e) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Regex compile failed:`, e);
+    return null;
+  }
 }
 function getActiveTrustSession(toolName) {
   try {
-    if (!import_fs2.default.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+    if (!import_fs3.default.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      import_fs2.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      import_fs3.default.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -794,8 +913,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (import_fs2.default.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(import_fs2.default.readFileSync(TRUST_FILE, "utf-8"));
+      if (import_fs3.default.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(import_fs3.default.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -811,9 +930,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = import_path4.default.dirname(logPath);
-    if (!import_fs2.default.existsSync(dir)) import_fs2.default.mkdirSync(dir, { recursive: true });
-    import_fs2.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    const dir = import_path5.default.dirname(logPath);
+    if (!import_fs3.default.existsSync(dir)) import_fs3.default.mkdirSync(dir, { recursive: true });
+    import_fs3.default.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
@@ -855,9 +974,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path5) {
+function getNestedValue(obj, path6) {
   if (!obj || typeof obj !== "object") return null;
-  return path5.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path6.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
@@ -876,19 +995,16 @@ function evaluateSmartConditions(args, rule) {
         return val !== null && cond.value ? !val.includes(cond.value) : true;
       case "matches": {
         if (val === null || !cond.value) return false;
-        try {
-          return new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return false;
-        }
+        const reM = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reM) return false;
+        return reM.test(val);
       }
       case "notMatches": {
-        if (val === null || !cond.value) return true;
-        try {
-          return !new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return true;
-        }
+        if (!cond.value) return false;
+        if (val === null) return true;
+        const reN = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reN) return false;
+        return !reN.test(val);
       }
       case "matchesGlob":
         return val !== null && cond.value ? import_picomatch.default.isMatch(val, cond.value) : false;
@@ -1210,9 +1326,9 @@ var ADVISORY_SMART_RULES = [
 var cachedConfig = null;
 function getInternalToken() {
   try {
-    const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-    if (!import_fs2.default.existsSync(pidFile)) return null;
-    const data = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+    const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+    if (!import_fs3.default.existsSync(pidFile)) return null;
+    const data = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1332,10 +1448,10 @@ function isIgnoredTool(toolName) {
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
-  const pidFile = import_path4.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
-  if (import_fs2.default.existsSync(pidFile)) {
+  const pidFile = import_path5.default.join(import_os2.default.homedir(), ".node9", "daemon.pid");
+  if (import_fs3.default.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(import_fs2.default.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(import_fs3.default.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1355,9 +1471,9 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = import_path4.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
-    if (!import_fs2.default.existsSync(file)) return null;
-    const decisions = JSON.parse(import_fs2.default.readFileSync(file, "utf-8"));
+    const file = import_path5.default.join(import_os2.default.homedir(), ".node9", "decisions.json");
+    if (!import_fs3.default.existsSync(file)) return null;
+    const decisions = JSON.parse(import_fs3.default.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1439,7 +1555,7 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path4.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : import_path5.default.join(import_os2.default.tmpdir(), "node9-activity.sock");
 function notifyActivity(data) {
   return new Promise((resolve) => {
     try {
@@ -1501,7 +1617,9 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
   let policyMatchedWord;
   let riskMetadata;
   if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = scanArgs(args);
+    const argsObj = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePath = String(argsObj.file_path ?? argsObj.path ?? argsObj.filename ?? "");
+    const dlpMatch = (filePath ? scanFilePath(filePath) : null) ?? scanArgs(args);
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
@@ -1873,10 +1991,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
-  const globalPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "config.json");
-  const projectPath = import_path4.default.join(process.cwd(), "node9.config.json");
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
+  const globalPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "config.json");
+  const projectPath = import_path5.default.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -1963,18 +2081,19 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
-  if (!import_fs2.default.existsSync(filePath)) return null;
+  if (!import_fs3.default.existsSync(filePath)) return null;
   let raw;
   try {
-    raw = JSON.parse(import_fs2.default.readFileSync(filePath, "utf-8"));
+    raw = JSON.parse(import_fs3.default.readFileSync(filePath, "utf-8"));
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(
@@ -2036,9 +2155,9 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = import_path4.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
-    if (import_fs2.default.existsSync(credPath)) {
-      const creds = JSON.parse(import_fs2.default.readFileSync(credPath, "utf-8"));
+    const credPath = import_path5.default.join(import_os2.default.homedir(), ".node9", "credentials.json");
+    if (import_fs3.default.existsSync(credPath)) {
+      const creds = JSON.parse(import_fs3.default.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";
       const profile = creds[profileName];
       if (profile?.apiKey) {