@node9/proxy 1.24.3 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +382 -21
  2. package/dist/cli.mjs +382 -21
  3. package/dist/dashboard.mjs +52 -8
  4. package/dist/index.js +44 -8
  5. package/dist/index.mjs +44 -8
  6. package/dist/scan-ink.mjs +43 -7
  7. package/package.json +1 -1
package/dist/dashboard.mjs CHANGED
@@ -1030,6 +1030,42 @@ var init_dist = __esm({
1030
1030
  regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JNLH]{58}\b/,
1031
1031
  severity: "block",
1032
1032
  keywords: ["age-secret-key-"]
1033
+ },
1034
+ // ── Database connection strings ───────────────────────────────────────────
1035
+ // Universal <scheme>://[user]:<password>@<host> shape. Covers the gap
1036
+ // vendor-prefix patterns (AWS / GitHub / Stripe / …) leave open. Matches
1037
+ // the whole URL so maskSecret produces `<scheme>...:****@...<host>` —
1038
+ // the password value never appears in the redacted sample.
1039
+ //
1040
+ // Schemes covered: redis, rediss (TLS), postgres, postgresql,
1041
+ // mongodb, mongodb+srv, mysql, mariadb, amqp, amqps, kafka,
1042
+ // clickhouse, cassandra. HTTP(S) / FTP / SSH are intentionally
1043
+ // excluded — they're not database URLs and adding them would
1044
+ // create false positives on every basic-auth URL in the wild.
1045
+ //
1046
+ // Requires `:password@` (4+ char password) so user-only URLs like
1047
+ // `redis://user@host` don't match. Stopwords ('your', '${', '<your',
1048
+ // 'placeholder', 'changeme', etc.) keep doc/README scans clean.
1049
+ {
1050
+ name: "Database Connection String",
1051
+ regex: /\b(redis|rediss|postgres|postgresql|mongodb|mongodb\+srv|mysql|mariadb|amqp|amqps|kafka|clickhouse|cassandra):\/\/[^:/\s@]*:[^@\s]{4,}@[^\s/]+/,
1052
+ severity: "block",
1053
+ keywords: [
1054
+ "redis://",
1055
+ "rediss://",
1056
+ "postgres://",
1057
+ "postgresql://",
1058
+ "mongodb://",
1059
+ "mongodb+srv://",
1060
+ "mysql://",
1061
+ "mariadb://",
1062
+ "amqp://",
1063
+ "amqps://",
1064
+ "kafka://",
1065
+ "clickhouse://",
1066
+ "cassandra://"
1067
+ ],
1068
+ minEntropy: 3
1033
1069
  }
1034
1070
  ];
1035
1071
  DLP_PATTERNS_GLOBAL = DLP_PATTERNS.map(
@@ -1132,7 +1168,7 @@ var init_dist = __esm({
1132
1168
  },
1133
1169
  {
1134
1170
  // Mirrors the JSON shield's `.env` pattern (project-jail.json's
1135
- // review-read-env-any-tool) so the AST FS-op path catches the
1171
+ // block-read-env-any-tool) so the AST FS-op path catches the
1136
1172
  // same set the regex shield does — including Next.js / Vite's
1137
1173
  // `.env.<env>.local` double-suffix overrides which are commonly
1138
1174
  // gitignored AND commonly contain real secrets.
@@ -1742,7 +1778,7 @@ var init_dist = __esm({
1742
1778
  {
1743
1779
  field: "command",
1744
1780
  op: "matches",
1745
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.ssh[\\/\\\\]",
1781
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.ssh[\\/\\\\]",
1746
1782
  flags: "i"
1747
1783
  }
1748
1784
  ],
@@ -1756,7 +1792,7 @@ var init_dist = __esm({
1756
1792
  {
1757
1793
  field: "command",
1758
1794
  op: "matches",
1759
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.aws[\\/\\\\]",
1795
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.aws[\\/\\\\]",
1760
1796
  flags: "i"
1761
1797
  }
1762
1798
  ],
@@ -1770,7 +1806,7 @@ var init_dist = __esm({
1770
1806
  {
1771
1807
  field: "command",
1772
1808
  op: "matches",
1773
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*\\.env(\\.local|\\.production|\\.staging)?\\b",
1809
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.env(\\.(local|production|staging|development|production\\.local|staging\\.local|development\\.local))?(?=\\s|$|[;&|>)<])",
1774
1810
  flags: "i"
1775
1811
  }
1776
1812
  ],
@@ -1784,7 +1820,7 @@ var init_dist = __esm({
1784
1820
  {
1785
1821
  field: "command",
1786
1822
  op: "matches",
1787
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
1823
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
1788
1824
  flags: "i"
1789
1825
  }
1790
1826
  ],
@@ -1820,7 +1856,7 @@ var init_dist = __esm({
1820
1856
  reason: "Reading AWS credentials is blocked by project-jail shield"
1821
1857
  },
1822
1858
  {
1823
- name: "shield:project-jail:review-read-env-any-tool",
1859
+ name: "shield:project-jail:block-read-env-any-tool",
1824
1860
  tool: "*",
1825
1861
  conditions: [
1826
1862
  {
@@ -1830,8 +1866,8 @@ var init_dist = __esm({
1830
1866
  flags: "i"
1831
1867
  }
1832
1868
  ],
1833
- verdict: "review",
1834
- reason: "Reading .env files requires approval (project-jail shield)"
1869
+ verdict: "block",
1870
+ reason: "Reading .env files is blocked by project-jail shield"
1835
1871
  },
1836
1872
  {
1837
1873
  name: "shield:project-jail:review-read-credentials-any-tool",
@@ -3340,6 +3376,13 @@ var init_mcp_pin = __esm({
3340
3376
  }
3341
3377
  });
3342
3378
 
3379
+ // src/setup-opencode-shim.ts
3380
+ var init_setup_opencode_shim = __esm({
3381
+ "src/setup-opencode-shim.ts"() {
3382
+ "use strict";
3383
+ }
3384
+ });
3385
+
3343
3386
  // src/setup.ts
3344
3387
  import chalk2 from "chalk";
3345
3388
  import { confirm } from "@inquirer/prompts";
@@ -3348,6 +3391,7 @@ var init_setup = __esm({
3348
3391
  "src/setup.ts"() {
3349
3392
  "use strict";
3350
3393
  init_mcp_pin();
3394
+ init_setup_opencode_shim();
3351
3395
  }
3352
3396
  });
3353
3397
 
package/dist/index.js CHANGED
@@ -739,6 +739,42 @@ var DLP_PATTERNS = [
739
739
  regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JNLH]{58}\b/,
740
740
  severity: "block",
741
741
  keywords: ["age-secret-key-"]
742
+ },
743
+ // ── Database connection strings ───────────────────────────────────────────
744
+ // Universal <scheme>://[user]:<password>@<host> shape. Covers the gap
745
+ // vendor-prefix patterns (AWS / GitHub / Stripe / …) leave open. Matches
746
+ // the whole URL so maskSecret produces `<scheme>...:****@...<host>` —
747
+ // the password value never appears in the redacted sample.
748
+ //
749
+ // Schemes covered: redis, rediss (TLS), postgres, postgresql,
750
+ // mongodb, mongodb+srv, mysql, mariadb, amqp, amqps, kafka,
751
+ // clickhouse, cassandra. HTTP(S) / FTP / SSH are intentionally
752
+ // excluded — they're not database URLs and adding them would
753
+ // create false positives on every basic-auth URL in the wild.
754
+ //
755
+ // Requires `:password@` (4+ char password) so user-only URLs like
756
+ // `redis://user@host` don't match. Stopwords ('your', '${', '<your',
757
+ // 'placeholder', 'changeme', etc.) keep doc/README scans clean.
758
+ {
759
+ name: "Database Connection String",
760
+ regex: /\b(redis|rediss|postgres|postgresql|mongodb|mongodb\+srv|mysql|mariadb|amqp|amqps|kafka|clickhouse|cassandra):\/\/[^:/\s@]*:[^@\s]{4,}@[^\s/]+/,
761
+ severity: "block",
762
+ keywords: [
763
+ "redis://",
764
+ "rediss://",
765
+ "postgres://",
766
+ "postgresql://",
767
+ "mongodb://",
768
+ "mongodb+srv://",
769
+ "mysql://",
770
+ "mariadb://",
771
+ "amqp://",
772
+ "amqps://",
773
+ "kafka://",
774
+ "clickhouse://",
775
+ "cassandra://"
776
+ ],
777
+ minEntropy: 3
742
778
  }
743
779
  ];
744
780
  var DLP_PATTERNS_GLOBAL = DLP_PATTERNS.map(
@@ -1092,7 +1128,7 @@ var SENSITIVE_PATH_RULES = [
1092
1128
  },
1093
1129
  {
1094
1130
  // Mirrors the JSON shield's `.env` pattern (project-jail.json's
1095
- // review-read-env-any-tool) so the AST FS-op path catches the
1131
+ // block-read-env-any-tool) so the AST FS-op path catches the
1096
1132
  // same set the regex shield does — including Next.js / Vite's
1097
1133
  // `.env.<env>.local` double-suffix overrides which are commonly
1098
1134
  // gitignored AND commonly contain real secrets.
@@ -2554,7 +2590,7 @@ var project_jail_default = {
2554
2590
  {
2555
2591
  field: "command",
2556
2592
  op: "matches",
2557
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.ssh[\\/\\\\]",
2593
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.ssh[\\/\\\\]",
2558
2594
  flags: "i"
2559
2595
  }
2560
2596
  ],
@@ -2568,7 +2604,7 @@ var project_jail_default = {
2568
2604
  {
2569
2605
  field: "command",
2570
2606
  op: "matches",
2571
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.aws[\\/\\\\]",
2607
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.aws[\\/\\\\]",
2572
2608
  flags: "i"
2573
2609
  }
2574
2610
  ],
@@ -2582,7 +2618,7 @@ var project_jail_default = {
2582
2618
  {
2583
2619
  field: "command",
2584
2620
  op: "matches",
2585
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*\\.env(\\.local|\\.production|\\.staging)?\\b",
2621
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.env(\\.(local|production|staging|development|production\\.local|staging\\.local|development\\.local))?(?=\\s|$|[;&|>)<])",
2586
2622
  flags: "i"
2587
2623
  }
2588
2624
  ],
@@ -2596,7 +2632,7 @@ var project_jail_default = {
2596
2632
  {
2597
2633
  field: "command",
2598
2634
  op: "matches",
2599
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
2635
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
2600
2636
  flags: "i"
2601
2637
  }
2602
2638
  ],
@@ -2632,7 +2668,7 @@ var project_jail_default = {
2632
2668
  reason: "Reading AWS credentials is blocked by project-jail shield"
2633
2669
  },
2634
2670
  {
2635
- name: "shield:project-jail:review-read-env-any-tool",
2671
+ name: "shield:project-jail:block-read-env-any-tool",
2636
2672
  tool: "*",
2637
2673
  conditions: [
2638
2674
  {
@@ -2642,8 +2678,8 @@ var project_jail_default = {
2642
2678
  flags: "i"
2643
2679
  }
2644
2680
  ],
2645
- verdict: "review",
2646
- reason: "Reading .env files requires approval (project-jail shield)"
2681
+ verdict: "block",
2682
+ reason: "Reading .env files is blocked by project-jail shield"
2647
2683
  },
2648
2684
  {
2649
2685
  name: "shield:project-jail:review-read-credentials-any-tool",
package/dist/index.mjs CHANGED
@@ -709,6 +709,42 @@ var DLP_PATTERNS = [
709
709
  regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JNLH]{58}\b/,
710
710
  severity: "block",
711
711
  keywords: ["age-secret-key-"]
712
+ },
713
+ // ── Database connection strings ───────────────────────────────────────────
714
+ // Universal <scheme>://[user]:<password>@<host> shape. Covers the gap
715
+ // vendor-prefix patterns (AWS / GitHub / Stripe / …) leave open. Matches
716
+ // the whole URL so maskSecret produces `<scheme>...:****@...<host>` —
717
+ // the password value never appears in the redacted sample.
718
+ //
719
+ // Schemes covered: redis, rediss (TLS), postgres, postgresql,
720
+ // mongodb, mongodb+srv, mysql, mariadb, amqp, amqps, kafka,
721
+ // clickhouse, cassandra. HTTP(S) / FTP / SSH are intentionally
722
+ // excluded — they're not database URLs and adding them would
723
+ // create false positives on every basic-auth URL in the wild.
724
+ //
725
+ // Requires `:password@` (4+ char password) so user-only URLs like
726
+ // `redis://user@host` don't match. Stopwords ('your', '${', '<your',
727
+ // 'placeholder', 'changeme', etc.) keep doc/README scans clean.
728
+ {
729
+ name: "Database Connection String",
730
+ regex: /\b(redis|rediss|postgres|postgresql|mongodb|mongodb\+srv|mysql|mariadb|amqp|amqps|kafka|clickhouse|cassandra):\/\/[^:/\s@]*:[^@\s]{4,}@[^\s/]+/,
731
+ severity: "block",
732
+ keywords: [
733
+ "redis://",
734
+ "rediss://",
735
+ "postgres://",
736
+ "postgresql://",
737
+ "mongodb://",
738
+ "mongodb+srv://",
739
+ "mysql://",
740
+ "mariadb://",
741
+ "amqp://",
742
+ "amqps://",
743
+ "kafka://",
744
+ "clickhouse://",
745
+ "cassandra://"
746
+ ],
747
+ minEntropy: 3
712
748
  }
713
749
  ];
714
750
  var DLP_PATTERNS_GLOBAL = DLP_PATTERNS.map(
@@ -1062,7 +1098,7 @@ var SENSITIVE_PATH_RULES = [
1062
1098
  },
1063
1099
  {
1064
1100
  // Mirrors the JSON shield's `.env` pattern (project-jail.json's
1065
- // review-read-env-any-tool) so the AST FS-op path catches the
1101
+ // block-read-env-any-tool) so the AST FS-op path catches the
1066
1102
  // same set the regex shield does — including Next.js / Vite's
1067
1103
  // `.env.<env>.local` double-suffix overrides which are commonly
1068
1104
  // gitignored AND commonly contain real secrets.
@@ -2524,7 +2560,7 @@ var project_jail_default = {
2524
2560
  {
2525
2561
  field: "command",
2526
2562
  op: "matches",
2527
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.ssh[\\/\\\\]",
2563
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.ssh[\\/\\\\]",
2528
2564
  flags: "i"
2529
2565
  }
2530
2566
  ],
@@ -2538,7 +2574,7 @@ var project_jail_default = {
2538
2574
  {
2539
2575
  field: "command",
2540
2576
  op: "matches",
2541
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.aws[\\/\\\\]",
2577
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.aws[\\/\\\\]",
2542
2578
  flags: "i"
2543
2579
  }
2544
2580
  ],
@@ -2552,7 +2588,7 @@ var project_jail_default = {
2552
2588
  {
2553
2589
  field: "command",
2554
2590
  op: "matches",
2555
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*\\.env(\\.local|\\.production|\\.staging)?\\b",
2591
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.env(\\.(local|production|staging|development|production\\.local|staging\\.local|development\\.local))?(?=\\s|$|[;&|>)<])",
2556
2592
  flags: "i"
2557
2593
  }
2558
2594
  ],
@@ -2566,7 +2602,7 @@ var project_jail_default = {
2566
2602
  {
2567
2603
  field: "command",
2568
2604
  op: "matches",
2569
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
2605
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
2570
2606
  flags: "i"
2571
2607
  }
2572
2608
  ],
@@ -2602,7 +2638,7 @@ var project_jail_default = {
2602
2638
  reason: "Reading AWS credentials is blocked by project-jail shield"
2603
2639
  },
2604
2640
  {
2605
- name: "shield:project-jail:review-read-env-any-tool",
2641
+ name: "shield:project-jail:block-read-env-any-tool",
2606
2642
  tool: "*",
2607
2643
  conditions: [
2608
2644
  {
@@ -2612,8 +2648,8 @@ var project_jail_default = {
2612
2648
  flags: "i"
2613
2649
  }
2614
2650
  ],
2615
- verdict: "review",
2616
- reason: "Reading .env files requires approval (project-jail shield)"
2651
+ verdict: "block",
2652
+ reason: "Reading .env files is blocked by project-jail shield"
2617
2653
  },
2618
2654
  {
2619
2655
  name: "shield:project-jail:review-read-credentials-any-tool",
package/dist/scan-ink.mjs CHANGED
@@ -729,6 +729,42 @@ var DLP_PATTERNS = [
729
729
  regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JNLH]{58}\b/,
730
730
  severity: "block",
731
731
  keywords: ["age-secret-key-"]
732
+ },
733
+ // ── Database connection strings ───────────────────────────────────────────
734
+ // Universal <scheme>://[user]:<password>@<host> shape. Covers the gap
735
+ // vendor-prefix patterns (AWS / GitHub / Stripe / …) leave open. Matches
736
+ // the whole URL so maskSecret produces `<scheme>...:****@...<host>` —
737
+ // the password value never appears in the redacted sample.
738
+ //
739
+ // Schemes covered: redis, rediss (TLS), postgres, postgresql,
740
+ // mongodb, mongodb+srv, mysql, mariadb, amqp, amqps, kafka,
741
+ // clickhouse, cassandra. HTTP(S) / FTP / SSH are intentionally
742
+ // excluded — they're not database URLs and adding them would
743
+ // create false positives on every basic-auth URL in the wild.
744
+ //
745
+ // Requires `:password@` (4+ char password) so user-only URLs like
746
+ // `redis://user@host` don't match. Stopwords ('your', '${', '<your',
747
+ // 'placeholder', 'changeme', etc.) keep doc/README scans clean.
748
+ {
749
+ name: "Database Connection String",
750
+ regex: /\b(redis|rediss|postgres|postgresql|mongodb|mongodb\+srv|mysql|mariadb|amqp|amqps|kafka|clickhouse|cassandra):\/\/[^:/\s@]*:[^@\s]{4,}@[^\s/]+/,
751
+ severity: "block",
752
+ keywords: [
753
+ "redis://",
754
+ "rediss://",
755
+ "postgres://",
756
+ "postgresql://",
757
+ "mongodb://",
758
+ "mongodb+srv://",
759
+ "mysql://",
760
+ "mariadb://",
761
+ "amqp://",
762
+ "amqps://",
763
+ "kafka://",
764
+ "clickhouse://",
765
+ "cassandra://"
766
+ ],
767
+ minEntropy: 3
732
768
  }
733
769
  ];
734
770
  var DLP_PATTERNS_GLOBAL = DLP_PATTERNS.map(
@@ -1333,7 +1369,7 @@ var project_jail_default = {
1333
1369
  {
1334
1370
  field: "command",
1335
1371
  op: "matches",
1336
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.ssh[\\/\\\\]",
1372
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.ssh[\\/\\\\]",
1337
1373
  flags: "i"
1338
1374
  }
1339
1375
  ],
@@ -1347,7 +1383,7 @@ var project_jail_default = {
1347
1383
  {
1348
1384
  field: "command",
1349
1385
  op: "matches",
1350
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*?\\.aws[\\/\\\\]",
1386
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.aws[\\/\\\\]",
1351
1387
  flags: "i"
1352
1388
  }
1353
1389
  ],
@@ -1361,7 +1397,7 @@ var project_jail_default = {
1361
1397
  {
1362
1398
  field: "command",
1363
1399
  op: "matches",
1364
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*\\.env(\\.local|\\.production|\\.staging)?\\b",
1400
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*?\\.env(\\.(local|production|staging|development|production\\.local|staging\\.local|development\\.local))?(?=\\s|$|[;&|>)<])",
1365
1401
  flags: "i"
1366
1402
  }
1367
1403
  ],
@@ -1375,7 +1411,7 @@ var project_jail_default = {
1375
1411
  {
1376
1412
  field: "command",
1377
1413
  op: "matches",
1378
- value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
1414
+ value: "(cat|less|head|tail|bat|more|open|print|nano|vim|vi|emacs|code|type|grep|egrep|fgrep|rg|ag|ack|awk|gawk|sed|cut|tr|jq|yq|od|xxd|hexdump|strings|sort|uniq|tac|nl|dd)\\s+.*(credentials\\.json|\\.netrc|\\.npmrc|\\.docker[\\/\\\\]config\\.json|gcloud[\\/\\\\]credentials)",
1379
1415
  flags: "i"
1380
1416
  }
1381
1417
  ],
@@ -1411,7 +1447,7 @@ var project_jail_default = {
1411
1447
  reason: "Reading AWS credentials is blocked by project-jail shield"
1412
1448
  },
1413
1449
  {
1414
- name: "shield:project-jail:review-read-env-any-tool",
1450
+ name: "shield:project-jail:block-read-env-any-tool",
1415
1451
  tool: "*",
1416
1452
  conditions: [
1417
1453
  {
@@ -1421,8 +1457,8 @@ var project_jail_default = {
1421
1457
  flags: "i"
1422
1458
  }
1423
1459
  ],
1424
- verdict: "review",
1425
- reason: "Reading .env files requires approval (project-jail shield)"
1460
+ verdict: "block",
1461
+ reason: "Reading .env files is blocked by project-jail shield"
1426
1462
  },
1427
1463
  {
1428
1464
  name: "shield:project-jail:review-read-credentials-any-tool",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@node9/proxy",
3
- "version": "1.24.3",
3
+ "version": "1.26.0",
4
4
  "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",