npm - @node9/proxy - Versions diffs - 1.5.0 → 1.5.2 - Mend

@node9/proxy 1.5.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,9 +1,61 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+// src/audit/hasher.ts
+import { createHash } from "crypto";
+function canonicalise(value) {
+  return _canonicalise(value, /* @__PURE__ */ new WeakSet());
+}
+function _canonicalise(value, seen) {
+  if (value === null || typeof value !== "object") return value;
+  if (value instanceof Date) return value.toISOString();
+  if (value instanceof RegExp) return value.toString();
+  if (Buffer.isBuffer(value)) return value.toString("base64");
+  if (seen.has(value)) return "[Circular]";
+  seen.add(value);
+  let result;
+  if (Array.isArray(value)) {
+    result = value.map((v) => _canonicalise(v, seen));
+  } else {
+    const obj = value;
+    result = Object.fromEntries(
+      Object.keys(obj).sort().map((k) => [k, _canonicalise(obj[k], seen)])
+    );
+  }
+  seen.delete(value);
+  return result;
+}
+function hashArgs(args) {
+  const canonical = JSON.stringify(canonicalise(args) ?? null);
+  return createHash("sha256").update(canonical).digest("hex").slice(0, 32);
+}
+var init_hasher = __esm({
+  "src/audit/hasher.ts"() {
+    "use strict";
+  }
+});
 // src/audit/index.ts
+var audit_exports = {};
+__export(audit_exports, {
+  HOOK_DEBUG_LOG: () => HOOK_DEBUG_LOG,
+  LOCAL_AUDIT_LOG: () => LOCAL_AUDIT_LOG,
+  appendConfigAudit: () => appendConfigAudit,
+  appendHookDebug: () => appendHookDebug,
+  appendLocalAudit: () => appendLocalAudit,
+  appendToLog: () => appendToLog,
+  redactSecrets: () => redactSecrets
+});
 import fs from "fs";
 import path from "path";
 import os from "os";
-var LOCAL_AUDIT_LOG = path.join(os.homedir(), ".node9", "audit.log");
-var HOOK_DEBUG_LOG = path.join(os.homedir(), ".node9", "hook-debug.log");
 function redactSecrets(text) {
   if (!text) return text;
   let redacted = text;
@@ -25,24 +77,24 @@ function appendToLog(logPath, entry) {
   } catch {
   }
 }
-function appendHookDebug(toolName, args, meta) {
-  const safeArgs = args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {};
+function appendHookDebug(toolName, args, meta, auditHashArgsEnabled) {
+  const argsField = auditHashArgsEnabled ? { argsHash: hashArgs(args) } : { args: args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {} };
   appendToLog(HOOK_DEBUG_LOG, {
     ts: (/* @__PURE__ */ new Date()).toISOString(),
     tool: toolName,
-    args: safeArgs,
+    ...argsField,
     agent: meta?.agent,
     mcpServer: meta?.mcpServer,
     hostname: os.hostname(),
     cwd: process.cwd()
   });
 }
-function appendLocalAudit(toolName, args, decision, checkedBy, meta) {
-  const safeArgs = args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {};
+function appendLocalAudit(toolName, args, decision, checkedBy, meta, auditHashArgsEnabled) {
+  const argsField = auditHashArgsEnabled ? { argsHash: hashArgs(args) } : { args: args ? JSON.parse(redactSecrets(JSON.stringify(args))) : {} };
   appendToLog(LOCAL_AUDIT_LOG, {
     ts: (/* @__PURE__ */ new Date()).toISOString(),
     tool: toolName,
-    args: safeArgs,
+    ...argsField,
     decision,
     checkedBy,
     agent: meta?.agent,
@@ -50,6 +102,25 @@ function appendLocalAudit(toolName, args, decision, checkedBy, meta) {
     hostname: os.hostname()
   });
 }
+function appendConfigAudit(entry) {
+  appendToLog(LOCAL_AUDIT_LOG, {
+    ts: (/* @__PURE__ */ new Date()).toISOString(),
+    ...entry,
+    hostname: os.hostname()
+  });
+}
+var LOCAL_AUDIT_LOG, HOOK_DEBUG_LOG;
+var init_audit = __esm({
+  "src/audit/index.ts"() {
+    "use strict";
+    init_hasher();
+    LOCAL_AUDIT_LOG = path.join(os.homedir(), ".node9", "audit.log");
+    HOOK_DEBUG_LOG = path.join(os.homedir(), ".node9", "hook-debug.log");
+  }
+});
+// src/core.ts
+init_audit();
 // src/config/index.ts
 import fs3 from "fs";
@@ -118,7 +189,8 @@ var ConfigFileSchema = z.object({
     environment: z.string().optional(),
     slackEnabled: z.boolean().optional(),
     enableTrustSessions: z.boolean().optional(),
-    allowGlobalPause: z.boolean().optional()
+    allowGlobalPause: z.boolean().optional(),
+    auditHashArgs: z.boolean().optional()
   }).optional(),
   policy: z.object({
     sandboxPaths: z.array(z.string()).optional(),
@@ -414,6 +486,7 @@ var DEFAULT_CONFIG = {
     approvalTimeoutMs: 12e4,
     // 120-second auto-deny timeout
     flightRecorder: true,
+    auditHashArgs: true,
     approvers: { native: true, browser: true, cloud: false, terminal: true }
   },
   policy: {
@@ -1981,6 +2054,45 @@ async function notifyDaemonViewer(toolName, args, meta, riskMetadata) {
   const { id, allowCount } = await res.json();
   return { id, allowCount: allowCount ?? 1 };
 }
+async function notifyTaint(filePath, source) {
+  if (!isDaemonRunning()) return;
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  try {
+    await fetch(`${base}/taint`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ path: filePath, source }),
+      signal: AbortSignal.timeout(1e3)
+    });
+  } catch {
+  }
+}
+async function checkTaint(paths) {
+  if (paths.length === 0) return { tainted: false };
+  if (!isDaemonRunning()) return { tainted: false, daemonUnavailable: true };
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  try {
+    const res = await fetch(`${base}/taint/check`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ paths }),
+      signal: AbortSignal.timeout(2e3)
+    });
+    return await res.json();
+  } catch (err) {
+    try {
+      const { appendToLog: appendToLog2, HOOK_DEBUG_LOG: HOOK_DEBUG_LOG2 } = await Promise.resolve().then(() => (init_audit(), audit_exports));
+      appendToLog2(HOOK_DEBUG_LOG2, {
+        ts: (/* @__PURE__ */ new Date()).toISOString(),
+        event: "checkTaint-error",
+        error: String(err),
+        paths
+      });
+    } catch {
+    }
+    return { tainted: false, daemonUnavailable: true };
+  }
+}
 async function resolveViaDaemon(id, decision, internalToken, source) {
   const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
   await fetch(`${base}/resolve/${id}`, {
@@ -2317,7 +2429,11 @@ end run`;
   });
 }
+// src/auth/orchestrator.ts
+init_audit();
 // src/auth/cloud.ts
+init_audit();
 import fs9 from "fs";
 import os8 from "os";
 function auditLocalAllow(toolName, args, checkedBy, creds, meta) {
@@ -2428,6 +2544,51 @@ async function resolveNode9SaaS(requestId, creds, approved, decidedBy) {
 }
 // src/auth/orchestrator.ts
+var WRITE_TOOLS = /* @__PURE__ */ new Set([
+  "write",
+  "write_file",
+  "create_file",
+  "edit",
+  "multiedit",
+  "str_replace_based_edit_tool",
+  "replace",
+  "notebook_edit",
+  "notebookedit"
+]);
+function isWriteTool(toolName) {
+  const t = toolName.toLowerCase().replace(/[^a-z_]/g, "_");
+  return WRITE_TOOLS.has(t);
+}
+function extractFilePaths(toolName, args) {
+  const paths = [];
+  if (!args || typeof args !== "object" || Array.isArray(args)) return paths;
+  const a = args;
+  for (const key of ["file_path", "path", "filename", "source", "src", "input"]) {
+    if (typeof a[key] === "string" && a[key]) paths.push(a[key]);
+  }
+  const cmd = typeof a.command === "string" ? a.command : typeof a.cmd === "string" ? a.cmd : "";
+  if (cmd) {
+    for (const m of cmd.matchAll(/(?:-T|--upload-file|--data(?:-binary)?)\s+@?(\S+)/g)) {
+      paths.push(m[1]);
+    }
+    for (const m of cmd.matchAll(/\b(?:scp|rsync)\s+(?:-\S+\s+)*(\S+)\s+\S+@/g)) {
+      paths.push(m[1]);
+    }
+    for (const m of cmd.matchAll(/<\s*(\S+)/g)) {
+      paths.push(m[1]);
+    }
+  }
+  return paths.filter(Boolean);
+}
+function isNetworkTool(toolName, args) {
+  const t = toolName.toLowerCase();
+  if (t === "bash" || t === "shell" || t === "run_shell_command" || t === "terminal.execute") {
+    const a = args;
+    const cmd = typeof a?.command === "string" ? a.command : typeof a?.cmd === "string" ? a.cmd : "";
+    return /\b(curl|wget|scp|rsync|nc|ncat|netcat|ssh)\b/.test(cmd);
+  }
+  return false;
+}
 var ACTIVITY_SOCKET_PATH = process.platform === "win32" ? "\\\\.\\pipe\\node9-activity" : path13.join(os9.tmpdir(), "node9-activity.sock");
 function notifyActivity(data) {
   return new Promise((resolve) => {
@@ -2458,7 +2619,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
         id: actId,
         tool: toolName,
         ts: actTs,
-        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : "block",
+        status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel
       });
     }
@@ -2472,6 +2633,7 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
   if (pauseState.paused) return { approved: true, checkedBy: "paused" };
   const creds = getCredentials();
   const config = getConfig(options?.cwd);
+  const hashAuditArgs = config.settings.auditHashArgs === true;
   const isTestEnv2 = !!(process.env.VITEST || process.env.NODE_ENV === "test" || process.env.CI || process.env.NODE9_TESTING === "1");
   const approvers = {
     ...config.settings.approvers || { native: true, browser: true, cloud: true, terminal: true }
@@ -2482,13 +2644,26 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     approvers.terminal = false;
   }
   if (config.settings.enableHookLogDebug && !isTestEnv2) {
-    appendHookDebug(toolName, args, meta);
+    appendHookDebug(toolName, args, meta, hashAuditArgs);
   }
   const isManual = meta?.agent === "Terminal";
   let explainableLabel = "Local Config";
   let policyMatchedField;
   let policyMatchedWord;
   let riskMetadata;
+  let taintWarning = null;
+  if (isNetworkTool(toolName, args)) {
+    const filePaths = extractFilePaths(toolName, args);
+    if (filePaths.length > 0) {
+      const taintResult = await checkTaint(filePaths);
+      if (taintResult.tainted && taintResult.record) {
+        const { path: taintedPath, source: taintSource } = taintResult.record;
+        taintWarning = `\u26A0\uFE0F ${taintedPath} was flagged by ${taintSource} \u2014 this file may contain sensitive data`;
+      } else if (taintResult.daemonUnavailable) {
+        taintWarning = `\u26A0\uFE0F Taint service unavailable \u2014 cannot verify if ${filePaths.join(", ")} is clean`;
+      }
+    }
+  }
   if (config.policy.dlp.enabled && (!isIgnoredTool(toolName) || config.policy.dlp.scanIgnoredTools)) {
     const argsObj = args && typeof args === "object" && !Array.isArray(args) ? args : {};
     const filePath = String(argsObj.file_path ?? argsObj.path ?? argsObj.filename ?? "");
@@ -2496,7 +2671,10 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (dlpMatch) {
       const dlpReason = `\u{1F6A8} DATA LOSS PREVENTION: ${dlpMatch.patternName} detected in field "${dlpMatch.fieldPath}" (${dlpMatch.redactedSample})`;
       if (dlpMatch.severity === "block") {
-        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta);
+        if (!isManual) appendLocalAudit(toolName, args, "deny", "dlp-block", meta, true);
+        if (isWriteTool(toolName) && filePath) {
+          await notifyTaint(filePath, `DLP:${dlpMatch.patternName}`);
+        }
         return {
           approved: false,
           reason: dlpReason,
@@ -2504,7 +2682,8 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
           blockedByLabel: "\u{1F6A8} Node9 DLP (Secret Detected)"
         };
       }
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta);
+      if (!isManual)
+        appendLocalAudit(toolName, args, "allow", "dlp-review-flagged", meta, hashAuditArgs);
       explainableLabel = "\u{1F6A8} Node9 DLP (Credential Review)";
     }
   }
@@ -2512,7 +2691,7 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     if (!isIgnoredTool(toolName)) {
       const policyResult = await evaluatePolicy(toolName, args, meta?.agent, options?.cwd);
       if (policyResult.decision === "review") {
-        appendLocalAudit(toolName, args, "allow", "audit-mode", meta);
+        appendLocalAudit(toolName, args, "allow", "audit-mode", meta, hashAuditArgs);
         if (approvers.cloud && creds?.apiKey) {
           await auditLocalAllow(toolName, args, "audit-mode", creds, meta);
         }
@@ -2520,22 +2699,23 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
     }
     return { approved: true, checkedBy: "audit" };
   }
-  if (!isIgnoredTool(toolName)) {
+  if (!taintWarning && !isIgnoredTool(toolName)) {
     if (getActiveTrustSession(toolName)) {
       if (approvers.cloud && creds?.apiKey)
         await auditLocalAllow(toolName, args, "trust", creds, meta);
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "trust", meta);
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "trust", meta, hashAuditArgs);
       return { approved: true, checkedBy: "trust" };
     }
     const policyResult = await evaluatePolicy(toolName, args, meta?.agent);
     if (policyResult.decision === "allow") {
       if (approvers.cloud && creds?.apiKey)
         auditLocalAllow(toolName, args, "local-policy", creds, meta);
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "local-policy", meta);
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "local-policy", meta, hashAuditArgs);
       return { approved: true, checkedBy: "local-policy" };
     }
     if (policyResult.decision === "block") {
-      if (!isManual) appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta);
+      if (!isManual)
+        appendLocalAudit(toolName, args, "deny", "smart-rule-block", meta, hashAuditArgs);
       return {
         approved: false,
         reason: policyResult.reason ?? "Action explicitly blocked by Smart Policy.",
@@ -2554,15 +2734,16 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
       policyMatchedWord,
       policyResult.ruleName
     );
-    const persistent = getPersistentDecision(toolName);
+    const persistent = policyResult.ruleName ? null : getPersistentDecision(toolName);
     if (persistent === "allow") {
       if (approvers.cloud && creds?.apiKey)
         await auditLocalAllow(toolName, args, "persistent", creds, meta);
-      if (!isManual) appendLocalAudit(toolName, args, "allow", "persistent", meta);
+      if (!isManual) appendLocalAudit(toolName, args, "allow", "persistent", meta, hashAuditArgs);
       return { approved: true, checkedBy: "persistent" };
     }
     if (persistent === "deny") {
-      if (!isManual) appendLocalAudit(toolName, args, "deny", "persistent-deny", meta);
+      if (!isManual)
+        appendLocalAudit(toolName, args, "deny", "persistent-deny", meta, hashAuditArgs);
       return {
         approved: false,
         reason: `This tool ("${toolName}") is explicitly listed in your 'Always Deny' list.`,
@@ -2570,10 +2751,21 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         blockedByLabel: "Persistent User Rule"
       };
     }
-  } else {
-    if (!isManual) appendLocalAudit(toolName, args, "allow", "ignored", meta);
+  } else if (!taintWarning) {
+    if (!isManual) appendLocalAudit(toolName, args, "allow", "ignored", meta, hashAuditArgs);
     return { approved: true };
   }
+  if (taintWarning) {
+    explainableLabel = "\u{1F534} Node9 Taint (Exfiltration Prevention)";
+    riskMetadata = computeRiskMetadata(
+      args,
+      7,
+      explainableLabel,
+      void 0,
+      void 0,
+      taintWarning
+    );
+  }
   let cloudRequestId = null;
   const cloudEnforced = approvers.cloud && !!creds?.apiKey;
   if (cloudEnforced) {
@@ -2592,7 +2784,7 @@ async function _authorizeHeadlessCore(toolName, args, meta, options) {
         };
       }
       cloudRequestId = initResult.requestId || null;
-      explainableLabel = "Organization Policy (SaaS)";
+      if (!taintWarning) explainableLabel = "Organization Policy (SaaS)";
     } catch {
     }
   }
@@ -2779,7 +2971,8 @@ REASON: Action blocked because no approval channels are available. (Native/Brows
       args,
       finalResult.approved ? "allow" : "deny",
       finalResult.checkedBy || finalResult.blockedBy || "unknown",
-      meta
+      meta,
+      hashAuditArgs
     );
   }
   return finalResult;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@node9/proxy",
-  "version": "1.5.0",
+  "version": "1.5.2",
   "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",