@node9/proxy 1.0.19 → 1.1.1

package/dist/index.mjs

@@ -1,13 +1,14 @@
 // src/core.ts
 import chalk2 from "chalk";
 import { confirm } from "@inquirer/prompts";
-import fs2 from "fs";
-import path4 from "path";
+import fs3 from "fs";
+import path5 from "path";
 import os2 from "os";
 import net from "net";
 import { randomUUID } from "crypto";
 import { spawnSync } from "child_process";
 import pm from "picomatch";
+import safeRegex from "safe-regex2";
 import { parse } from "sh-syntax";
 
 // src/ui/native.ts
@@ -429,8 +430,8 @@ function sanitizeConfig(raw) {
     }
   }
   const lines = result.error.issues.map((issue) => {
-    const path5 = issue.path.length > 0 ? issue.path.join(".") : "root";
-    return `  \u2022 ${path5}: ${issue.message}`;
+    const path6 = issue.path.length > 0 ? issue.path.join(".") : "root";
+    return `  \u2022 ${path6}: ${issue.message}`;
   });
   return {
     sanitized,
@@ -643,10 +644,14 @@ function readActiveShields() {
 }
 
 // src/dlp.ts
+import fs2 from "fs";
+import path4 from "path";
 var DLP_PATTERNS = [
   { name: "AWS Access Key ID", regex: /\bAKIA[0-9A-Z]{16}\b/, severity: "block" },
   { name: "GitHub Token", regex: /\bgh[pous]_[A-Za-z0-9]{36}\b/, severity: "block" },
-  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]+\b/, severity: "block" },
+  // Slack bot tokens: xoxb- + variable segment. Real tokens are ~50–80 chars;
+  // lower bound 20 avoids false negatives on partial tokens, upper 100 caps scan cost.
+  { name: "Slack Bot Token", regex: /\bxoxb-[0-9A-Za-z-]{20,100}\b/, severity: "block" },
   { name: "OpenAI API Key", regex: /\bsk-[a-zA-Z0-9_-]{20,}\b/, severity: "block" },
   { name: "Stripe Secret Key", regex: /\bsk_(?:live|test)_[0-9a-zA-Z]{24}\b/, severity: "block" },
   {
@@ -654,8 +659,76 @@ var DLP_PATTERNS = [
     regex: /-----BEGIN (?:RSA |EC |OPENSSH )?PRIVATE KEY-----/,
     severity: "block"
   },
+  // GCP service account JSON (detects the type field that uniquely identifies it)
+  {
+    name: "GCP Service Account",
+    regex: /"type"\s*:\s*"service_account"/,
+    severity: "block"
+  },
+  // NPM auth token in .npmrc format
+  {
+    name: "NPM Auth Token",
+    regex: /_authToken\s*=\s*[A-Za-z0-9_\-]{20,}/,
+    severity: "block"
+  },
   { name: "Bearer Token", regex: /Bearer\s+[a-zA-Z0-9\-._~+/]+=*/i, severity: "review" }
 ];
+var SENSITIVE_PATH_PATTERNS = [
+  /[/\\]\.ssh[/\\]/i,
+  /[/\\]\.aws[/\\]/i,
+  /[/\\]\.config[/\\]gcloud[/\\]/i,
+  /[/\\]\.azure[/\\]/i,
+  /[/\\]\.kube[/\\]config$/i,
+  /[/\\]\.env($|\.)/i,
+  // .env, .env.local, .env.production — not .envoy
+  /[/\\]\.git-credentials$/i,
+  /[/\\]\.npmrc$/i,
+  /[/\\]\.docker[/\\]config\.json$/i,
+  /[/\\][^/\\]+\.pem$/i,
+  /[/\\][^/\\]+\.key$/i,
+  /[/\\][^/\\]+\.p12$/i,
+  /[/\\][^/\\]+\.pfx$/i,
+  /^\/etc\/passwd$/,
+  /^\/etc\/shadow$/,
+  /^\/etc\/sudoers$/,
+  /[/\\]credentials\.json$/i,
+  /[/\\]id_rsa$/i,
+  /[/\\]id_ed25519$/i,
+  /[/\\]id_ecdsa$/i
+];
+function scanFilePath(filePath, cwd = process.cwd()) {
+  if (!filePath) return null;
+  let resolved;
+  try {
+    const absolute = path4.resolve(cwd, filePath);
+    resolved = fs2.realpathSync.native(absolute);
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT" || code === "ENOTDIR") {
+      resolved = path4.resolve(cwd, filePath);
+    } else {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        severity: "block"
+      };
+    }
+  }
+  const normalised = resolved.replace(/\\/g, "/");
+  for (const pattern of SENSITIVE_PATH_PATTERNS) {
+    if (pattern.test(normalised)) {
+      return {
+        patternName: "Sensitive File Path",
+        fieldPath: "file_path",
+        redactedSample: filePath,
+        // show original path in alert, not resolved
+        severity: "block"
+      };
+    }
+  }
+  return null;
+}
 function maskSecret(raw, pattern) {
   const match = raw.match(pattern);
   if (!match) return "****";
@@ -713,17 +786,17 @@ function scanArgs(args, depth = 0, fieldPath = "args") {
 }
 
 // src/core.ts
-var PAUSED_FILE = path4.join(os2.homedir(), ".node9", "PAUSED");
-var TRUST_FILE = path4.join(os2.homedir(), ".node9", "trust.json");
-var LOCAL_AUDIT_LOG = path4.join(os2.homedir(), ".node9", "audit.log");
-var HOOK_DEBUG_LOG = path4.join(os2.homedir(), ".node9", "hook-debug.log");
+var PAUSED_FILE = path5.join(os2.homedir(), ".node9", "PAUSED");
+var TRUST_FILE = path5.join(os2.homedir(), ".node9", "trust.json");
+var LOCAL_AUDIT_LOG = path5.join(os2.homedir(), ".node9", "audit.log");
+var HOOK_DEBUG_LOG = path5.join(os2.homedir(), ".node9", "hook-debug.log");
 function checkPause() {
   try {
-    if (!fs2.existsSync(PAUSED_FILE)) return { paused: false };
-    const state = JSON.parse(fs2.readFileSync(PAUSED_FILE, "utf-8"));
+    if (!fs3.existsSync(PAUSED_FILE)) return { paused: false };
+    const state = JSON.parse(fs3.readFileSync(PAUSED_FILE, "utf-8"));
     if (state.expiry > 0 && Date.now() >= state.expiry) {
       try {
-        fs2.unlinkSync(PAUSED_FILE);
+        fs3.unlinkSync(PAUSED_FILE);
       } catch {
       }
       return { paused: false };
@@ -734,20 +807,66 @@ function checkPause() {
   }
 }
 function atomicWriteSync(filePath, data, options) {
-  const dir = path4.dirname(filePath);
-  if (!fs2.existsSync(dir)) fs2.mkdirSync(dir, { recursive: true });
+  const dir = path5.dirname(filePath);
+  if (!fs3.existsSync(dir)) fs3.mkdirSync(dir, { recursive: true });
   const tmpPath = `${filePath}.${os2.hostname()}.${process.pid}.tmp`;
-  fs2.writeFileSync(tmpPath, data, options);
-  fs2.renameSync(tmpPath, filePath);
+  fs3.writeFileSync(tmpPath, data, options);
+  fs3.renameSync(tmpPath, filePath);
+}
+var MAX_REGEX_LENGTH = 100;
+var REGEX_CACHE_MAX = 500;
+var regexCache = /* @__PURE__ */ new Map();
+function validateRegex(pattern) {
+  if (!pattern) return "Pattern is required";
+  if (pattern.length > MAX_REGEX_LENGTH) return `Pattern exceeds max length of ${MAX_REGEX_LENGTH}`;
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    return `Invalid regex syntax: ${e.message}`;
+  }
+  if (/\\\d+[*+{]/.test(pattern)) return "Quantified backreferences are forbidden (ReDoS risk)";
+  if (!safeRegex(pattern)) return "Pattern rejected: potential ReDoS vulnerability detected";
+  return null;
+}
+function getCompiledRegex(pattern, flags = "") {
+  if (flags && !/^[gimsuy]+$/.test(flags)) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Invalid regex flags: "${flags}"`);
+    return null;
+  }
+  const key = `${pattern}\0${flags}`;
+  if (regexCache.has(key)) {
+    const cached = regexCache.get(key);
+    regexCache.delete(key);
+    regexCache.set(key, cached);
+    return cached;
+  }
+  const err = validateRegex(pattern);
+  if (err) {
+    if (process.env.NODE9_DEBUG === "1")
+      console.error(`[Node9] Regex blocked: ${err} \u2014 pattern: "${pattern}"`);
+    return null;
+  }
+  try {
+    const re = new RegExp(pattern, flags);
+    if (regexCache.size >= REGEX_CACHE_MAX) {
+      const oldest = regexCache.keys().next().value;
+      if (oldest) regexCache.delete(oldest);
+    }
+    regexCache.set(key, re);
+    return re;
+  } catch (e) {
+    if (process.env.NODE9_DEBUG === "1") console.error(`[Node9] Regex compile failed:`, e);
+    return null;
+  }
 }
 function getActiveTrustSession(toolName) {
   try {
-    if (!fs2.existsSync(TRUST_FILE)) return false;
-    const trust = JSON.parse(fs2.readFileSync(TRUST_FILE, "utf-8"));
+    if (!fs3.existsSync(TRUST_FILE)) return false;
+    const trust = JSON.parse(fs3.readFileSync(TRUST_FILE, "utf-8"));
     const now = Date.now();
     const active = trust.entries.filter((e) => e.expiry > now);
     if (active.length !== trust.entries.length) {
-      fs2.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
+      fs3.writeFileSync(TRUST_FILE, JSON.stringify({ entries: active }, null, 2));
     }
     return active.some((e) => e.tool === toolName || matchesPattern(toolName, e.tool));
   } catch {
@@ -758,8 +877,8 @@ function writeTrustSession(toolName, durationMs) {
   try {
     let trust = { entries: [] };
     try {
-      if (fs2.existsSync(TRUST_FILE)) {
-        trust = JSON.parse(fs2.readFileSync(TRUST_FILE, "utf-8"));
+      if (fs3.existsSync(TRUST_FILE)) {
+        trust = JSON.parse(fs3.readFileSync(TRUST_FILE, "utf-8"));
       }
     } catch {
     }
@@ -775,9 +894,9 @@ function writeTrustSession(toolName, durationMs) {
 }
 function appendToLog(logPath, entry) {
   try {
-    const dir = path4.dirname(logPath);
-    if (!fs2.existsSync(dir)) fs2.mkdirSync(dir, { recursive: true });
-    fs2.appendFileSync(logPath, JSON.stringify(entry) + "\n");
+    const dir = path5.dirname(logPath);
+    if (!fs3.existsSync(dir)) fs3.mkdirSync(dir, { recursive: true });
+    fs3.appendFileSync(logPath, JSON.stringify(entry) + "\n");
   } catch {
   }
 }
@@ -819,9 +938,9 @@ function matchesPattern(text, patterns) {
   const withoutDotSlash = text.replace(/^\.\//, "");
   return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
 }
-function getNestedValue(obj, path5) {
+function getNestedValue(obj, path6) {
   if (!obj || typeof obj !== "object") return null;
-  return path5.split(".").reduce((prev, curr) => prev?.[curr], obj);
+  return path6.split(".").reduce((prev, curr) => prev?.[curr], obj);
 }
 function evaluateSmartConditions(args, rule) {
   if (!rule.conditions || rule.conditions.length === 0) return true;
@@ -840,19 +959,16 @@ function evaluateSmartConditions(args, rule) {
         return val !== null && cond.value ? !val.includes(cond.value) : true;
       case "matches": {
         if (val === null || !cond.value) return false;
-        try {
-          return new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return false;
-        }
+        const reM = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reM) return false;
+        return reM.test(val);
       }
       case "notMatches": {
-        if (val === null || !cond.value) return true;
-        try {
-          return !new RegExp(cond.value, cond.flags ?? "").test(val);
-        } catch {
-          return true;
-        }
+        if (!cond.value) return false;
+        if (val === null) return true;
+        const reN = getCompiledRegex(cond.value, cond.flags ?? "");
+        if (!reN) return false;
+        return !reN.test(val);
       }
       case "matchesGlob":
         return val !== null && cond.value ? pm.isMatch(val, cond.value) : false;
@@ -1174,9 +1290,9 @@ var ADVISORY_SMART_RULES = [
 var cachedConfig = null;
 function getInternalToken() {
   try {
-    const pidFile = path4.join(os2.homedir(), ".node9", "daemon.pid");
-    if (!fs2.existsSync(pidFile)) return null;
-    const data = JSON.parse(fs2.readFileSync(pidFile, "utf-8"));
+    const pidFile = path5.join(os2.homedir(), ".node9", "daemon.pid");
+    if (!fs3.existsSync(pidFile)) return null;
+    const data = JSON.parse(fs3.readFileSync(pidFile, "utf-8"));
     process.kill(data.pid, 0);
     return data.internalToken ?? null;
   } catch {
@@ -1296,10 +1412,10 @@ function isIgnoredTool(toolName) {
 var DAEMON_PORT = 7391;
 var DAEMON_HOST = "127.0.0.1";
 function isDaemonRunning() {
-  const pidFile = path4.join(os2.homedir(), ".node9", "daemon.pid");
-  if (fs2.existsSync(pidFile)) {
+  const pidFile = path5.join(os2.homedir(), ".node9", "daemon.pid");
+  if (fs3.existsSync(pidFile)) {
     try {
-      const { pid, port } = JSON.parse(fs2.readFileSync(pidFile, "utf-8"));
+      const { pid, port } = JSON.parse(fs3.readFileSync(pidFile, "utf-8"));
       if (port !== DAEMON_PORT) return false;
       process.kill(pid, 0);
       return true;
@@ -1319,9 +1435,9 @@ function isDaemonRunning() {
 }
 function getPersistentDecision(toolName) {
   try {
-    const file = path4.join(os2.homedir(), ".node9", "decisions.json");
-    if (!fs2.existsSync(file)) return null;
-    const decisions = JSON.parse(fs2.readFileSync(file, "utf-8"));
+    const file = path5.join(os2.homedir(), ".node9", "decisions.json");
+    if (!fs3.existsSync(file)) return null;
+    const decisions = JSON.parse(fs3.readFileSync(file, "utf-8"));
     const d = decisions[toolName];
     if (d === "allow" || d === "deny") return d;
   } catch {
@@ -1403,7 +1519,7 @@ async function resolveViaDaemon(id, decision, internalToken) {
     signal: AbortSignal.timeout(3e3)
   });
 }
-var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path4.join(os2.tmpdir(), "node9-activity.sock");
+var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path5.join(os2.tmpdir(), "node9-activity.sock");
 function notifyActivity(data) {
   return new Promise((resolve) => {
     try {
@@ -1465,7 +1581,9 @@ async function _authorizeHeadlessCore(toolName, args, allowTerminalFallback = fa
   let policyMatchedWord;
   let riskMetadata;
   if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
-    const dlpMatch = scanArgs(args);
+    const argsObj = args && typeof args === "object" && !Array.isArray(args) ? args : {};
+    const filePath = String(argsObj.file_path ?? argsObj.path ?? argsObj.filename ?? "");
+    const dlpMatch = (filePath ? scanFilePath(filePath) : null) ?? scanArgs(args);
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
@@ -1837,10 +1955,10 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
   }
   return finalResult;
 }
-function getConfig() {
-  if (cachedConfig) return cachedConfig;
-  const globalPath = path4.join(os2.homedir(), ".node9", "config.json");
-  const projectPath = path4.join(process.cwd(), "node9.config.json");
+function getConfig(cwd) {
+  if (!cwd && cachedConfig) return cachedConfig;
+  const globalPath = path5.join(os2.homedir(), ".node9", "config.json");
+  const projectPath = path5.join(cwd ?? process.cwd(), "node9.config.json");
   const globalConfig = tryLoadConfig(globalPath);
   const projectConfig = tryLoadConfig(projectPath);
   const mergedSettings = {
@@ -1927,18 +2045,19 @@ function getConfig() {
   mergedPolicy.snapshot.tools = [...new Set(mergedPolicy.snapshot.tools)];
   mergedPolicy.snapshot.onlyPaths = [...new Set(mergedPolicy.snapshot.onlyPaths)];
   mergedPolicy.snapshot.ignorePaths = [...new Set(mergedPolicy.snapshot.ignorePaths)];
-  cachedConfig = {
+  const result = {
     settings: mergedSettings,
     policy: mergedPolicy,
     environments: mergedEnvironments
   };
-  return cachedConfig;
+  if (!cwd) cachedConfig = result;
+  return result;
 }
 function tryLoadConfig(filePath) {
-  if (!fs2.existsSync(filePath)) return null;
+  if (!fs3.existsSync(filePath)) return null;
   let raw;
   try {
-    raw = JSON.parse(fs2.readFileSync(filePath, "utf-8"));
+    raw = JSON.parse(fs3.readFileSync(filePath, "utf-8"));
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(
@@ -2000,9 +2119,9 @@ function getCredentials() {
     };
   }
   try {
-    const credPath = path4.join(os2.homedir(), ".node9", "credentials.json");
-    if (fs2.existsSync(credPath)) {
-      const creds = JSON.parse(fs2.readFileSync(credPath, "utf-8"));
+    const credPath = path5.join(os2.homedir(), ".node9", "credentials.json");
+    if (fs3.existsSync(credPath)) {
+      const creds = JSON.parse(fs3.readFileSync(credPath, "utf-8"));
       const profileName = process.env.NODE9_PROFILE || "default";
       const profile = creds[profileName];
       if (profile?.apiKey) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.0.19",
+  "version": "1.1.1",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -71,6 +71,7 @@
     "commander": "^14.0.3",
     "execa": "^9.6.1",
     "picomatch": "^4.0.3",
+    "safe-regex2": "^5.1.0",
     "sh-syntax": "^0.5.8",
     "zod": "^3.25.76"
   },