@nomos-arc/arc 0.1.0

package/src/utils/__tests__/sanitize.test.ts

@@ -0,0 +1,229 @@
+import { describe, it, expect } from 'vitest';
+import {
+  sanitizeByPatterns,
+  calculateEntropy,
+  detectHighEntropyStrings,
+  sanitizeForPty,
+  scanFileForSecrets,
+  sanitizeEnv,
+} from '../sanitize.js';
+
+// ── Pattern-based sanitization ───────────────────────────────────────────────
+
+describe('sanitizeByPatterns', () => {
+  it('redacts API_KEY=sk-abc123 using a key=value pattern', () => {
+    const { output, matches } = sanitizeByPatterns(
+      'config: API_KEY=sk-abc123 end',
+      ['API_KEY=[\\w-]+'],
+    );
+    expect(output).toBe('config: [REDACTED] end');
+    expect(matches).toContain('API_KEY=sk-abc123');
+  });
+
+  it('redacts Bearer token header', () => {
+    const { output, matches } = sanitizeByPatterns(
+      'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.payload.sig',
+      ['Bearer [A-Za-z0-9._-]+'],
+    );
+    expect(output).toContain('[REDACTED]');
+    expect(matches.length).toBeGreaterThan(0);
+  });
+
+  it('redacts PEM private key header', () => {
+    const input = '-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgk=\n-----END PRIVATE KEY-----';
+    const { output, matches } = sanitizeByPatterns(
+      input,
+      ['-----BEGIN PRIVATE KEY-----'],
+    );
+    expect(output).not.toContain('-----BEGIN PRIVATE KEY-----');
+    expect(matches).toHaveLength(1);
+  });
+
+  it('uses a custom label when provided', () => {
+    const { output } = sanitizeByPatterns('secret=abc', ['secret=[\\w]+'], '***');
+    expect(output).toBe('***');
+  });
+
+  it('returns empty matches array when no patterns match', () => {
+    const { output, matches } = sanitizeByPatterns('hello world', ['NOMATCH']);
+    expect(output).toBe('hello world');
+    expect(matches).toHaveLength(0);
+  });
+
+  it('handles multiple patterns independently', () => {
+    const { output, matches } = sanitizeByPatterns(
+      'TOKEN=abc SECRET=xyz',
+      ['TOKEN=[\\w]+', 'SECRET=[\\w]+'],
+    );
+    expect(output).toBe('[REDACTED] [REDACTED]');
+    expect(matches).toHaveLength(2);
+  });
+});
+
+// ── Shannon entropy ───────────────────────────────────────────────────────────
+
+describe('calculateEntropy', () => {
+  it('returns 0 for a single repeated character', () => {
+    expect(calculateEntropy('aaaa')).toBe(0);
+  });
+
+  it('returns a positive value for mixed characters', () => {
+    expect(calculateEntropy('abcd')).toBeGreaterThan(0);
+  });
+
+  it('returns higher entropy for more varied strings', () => {
+    const low = calculateEntropy('aaaaaaaabaaa');
+    const high = calculateEntropy('aAbBcCdDeEfF');
+    expect(high).toBeGreaterThan(low);
+  });
+});
+
+describe('detectHighEntropyStrings', () => {
+  it('flags a 36-char GitHub PAT (high entropy)', () => {
+    // ghp_ + 36 random alphanumeric chars = high entropy
+    const token = 'ghp_' + 'xK9mQ2rL5tP8wN3vB6hY0sU1dA4jE7fC'.slice(0, 32);
+    const results = detectHighEntropyStrings(token, 4.5);
+    expect(results.length).toBeGreaterThan(0);
+  });
+
+  it('ignores 32 identical characters (entropy = 0, below threshold)', () => {
+    const lowEntropy = 'a'.repeat(32);
+    const results = detectHighEntropyStrings(lowEntropy, 4.5);
+    expect(results).toHaveLength(0);
+  });
+
+  it('ignores strings shorter than 32 characters', () => {
+    const results = detectHighEntropyStrings('abcdefghij', 4.5);
+    expect(results).toHaveLength(0);
+  });
+
+  it('returns empty array for plain prose', () => {
+    const results = detectHighEntropyStrings('This is a normal sentence without tokens.', 4.5);
+    expect(results).toHaveLength(0);
+  });
+});
+
+// ── PTY prompt sanitization ──────────────────────────────────────────────────
+
+describe('sanitizeForPty', () => {
+  it('strips C0 control characters (SOH, BEL, BS, VT)', () => {
+    expect(sanitizeForPty('a\x01b\x07c\x08d\x0Be')).toBe('abcde');
+  });
+
+  it('preserves newlines (\\n)', () => {
+    expect(sanitizeForPty('line1\nline2')).toBe('line1\nline2');
+  });
+
+  it('preserves tabs (\\t)', () => {
+    expect(sanitizeForPty('\tcol1\tcol2')).toBe('\tcol1\tcol2');
+  });
+
+  it('strips CSI ANSI sequences', () => {
+    expect(sanitizeForPty('\x1b[0mhello\x1b[32mworld\x1b[0m')).toBe('helloworld');
+  });
+
+  it('strips OSC sequences', () => {
+    expect(sanitizeForPty('\x1b]0;window title\x07prompt text')).toBe('prompt text');
+  });
+
+  it('passes plain text through unchanged', () => {
+    const plain = 'Plan: refactor the auth module to use JWT.';
+    expect(sanitizeForPty(plain)).toBe(plain);
+  });
+});
+
+// ── File secret scanning ─────────────────────────────────────────────────────
+
+describe('scanFileForSecrets', () => {
+  it('returns matching pattern strings for .env content', () => {
+    const envContent = 'OPENAI_API_KEY=sk-abc123\nDATABASE_URL=postgres://user:pass@host/db';
+    const patterns = ['OPENAI_API_KEY', 'DATABASE_URL', 'GITHUB_TOKEN'];
+    const found = scanFileForSecrets(envContent, patterns);
+    expect(found).toContain('OPENAI_API_KEY');
+    expect(found).toContain('DATABASE_URL');
+    expect(found).not.toContain('GITHUB_TOKEN');
+  });
+
+  it('returns empty array when no secrets found', () => {
+    const safeContent = 'const x = 42;\nconst y = "hello";';
+    const patterns = ['OPENAI_API_KEY', 'DATABASE_URL'];
+    expect(scanFileForSecrets(safeContent, patterns)).toHaveLength(0);
+  });
+
+  it('returns all matching patterns, not just the first', () => {
+    const content = 'OPENAI_API_KEY=sk-x\nGITHUB_TOKEN=ghp_y';
+    const patterns = ['OPENAI_API_KEY', 'GITHUB_TOKEN'];
+    const found = scanFileForSecrets(content, patterns);
+    expect(found).toHaveLength(2);
+  });
+});
+
+// ── Environment variable sanitization ─────────────────────────────────────────
+
+describe('sanitizeEnv', () => {
+  it('removes OPENAI_API_KEY from env', () => {
+    const env = { OPENAI_API_KEY: 'sk-abc', PATH: '/usr/bin' };
+    const result = sanitizeEnv(env, []);
+    expect(result['OPENAI_API_KEY']).toBeUndefined();
+    expect(result['PATH']).toBe('/usr/bin');
+  });
+
+  it('removes AWS_SECRET_ACCESS_KEY from env', () => {
+    const env = { AWS_SECRET_ACCESS_KEY: 'AKIAIOSFODNN7EXAMPLE', HOME: '/home/user' };
+    const result = sanitizeEnv(env, []);
+    expect(result['AWS_SECRET_ACCESS_KEY']).toBeUndefined();
+    expect(result['HOME']).toBe('/home/user');
+  });
+
+  it('keeps COLORTERM, PATH, HOME, LANG untouched', () => {
+    const env = {
+      COLORTERM: 'truecolor',
+      PATH: '/usr/local/bin:/usr/bin',
+      HOME: '/home/user',
+      LANG: 'en_US.UTF-8',
+    };
+    const result = sanitizeEnv(env, []);
+    expect(result['COLORTERM']).toBe('truecolor');
+    expect(result['PATH']).toBe('/usr/local/bin:/usr/bin');
+    expect(result['HOME']).toBe('/home/user');
+    expect(result['LANG']).toBe('en_US.UTF-8');
+  });
+
+  it('denylist removes CUSTOM_SECRET but keeps CUSTOM_VALUE', () => {
+    const env = {
+      CUSTOM_SECRET: 'topsecret',
+      CUSTOM_VALUE: 'not-sensitive',
+    };
+    const result = sanitizeEnv(env, ['CUSTOM_SECRET']);
+    expect(result['CUSTOM_SECRET']).toBeUndefined();
+    expect(result['CUSTOM_VALUE']).toBe('not-sensitive');
+  });
+
+  it('denylist matching is case-insensitive on key names', () => {
+    const env = { My_Api_Token: 'abc123', Other: 'keep' };
+    const result = sanitizeEnv(env, ['my_api_token']);
+    expect(result['My_Api_Token']).toBeUndefined();
+    expect(result['Other']).toBe('keep');
+  });
+
+  it('skips env entries with undefined values', () => {
+    const env: Record<string, string | undefined> = { PATH: '/usr/bin', MAYBE: undefined };
+    const result = sanitizeEnv(env, []);
+    expect(result['MAYBE']).toBeUndefined();
+    expect(result['PATH']).toBe('/usr/bin');
+  });
+
+  it('removes DATABASE_URL from env', () => {
+    const env = { DATABASE_URL: 'postgres://u:p@h/db', NODE_ENV: 'production' };
+    const result = sanitizeEnv(env, []);
+    expect(result['DATABASE_URL']).toBeUndefined();
+    expect(result['NODE_ENV']).toBe('production');
+  });
+
+  it('removes SSH_AUTH_SOCK from env', () => {
+    const env = { SSH_AUTH_SOCK: '/tmp/ssh-agent.sock', TERM: 'xterm-256color' };
+    const result = sanitizeEnv(env, []);
+    expect(result['SSH_AUTH_SOCK']).toBeUndefined();
+    expect(result['TERM']).toBe('xterm-256color');
+  });
+});

package/src/utils/ansi.ts

@@ -0,0 +1,19 @@
+/**
+ * stripAnsi — remove all ANSI / VT escape sequences from a string.
+ *
+ * Three-pass removal:
+ *  1. CSI sequences  e.g. \x1b[0m, \x1b[38;5;200m, \x1b[2J
+ *  2. OSC sequences  e.g. \x1b]0;title\x07
+ *  3. Remaining C0 control chars (excluding \n and \t which are meaningful in logs)
+ *
+ * Reused by: PtyAdapter, StdioAdapter, Logger file transport.
+ */
+export function stripAnsi(input: string): string {
+  return input
+    // 1. CSI sequences: ESC [ … <final byte A-Za-z>
+    .replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '')
+    // 2. OSC sequences: ESC ] … BEL
+    .replace(/\x1b\][^\x07]*\x07/g, '')
+    // 3. Remaining C0 control chars except \n (\x0A) and \t (\x09)
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '');
+}

package/src/utils/context.ts

@@ -0,0 +1,44 @@
+import * as fs from 'fs';
+
+/**
+ * Extracts the list of relative file paths that were changed in a git diff.
+ * Parses `--- a/<path>` lines, skipping `/dev/null` (new files have no "a" path).
+ * Returns unique relative paths only.
+ */
+export function extractChangedFilePaths(diff: string): string[] {
+  const seen = new Set<string>();
+  const results: string[] = [];
+  for (const line of diff.split('\n')) {
+    const match = line.match(/^--- a\/(.+)$/);
+    if (match && match[1] !== '/dev/null') {
+      const filePath = match[1];
+      if (!seen.has(filePath)) {
+        seen.add(filePath);
+        results.push(filePath);
+      }
+    }
+  }
+  return results;
+}
+
+/**
+ * Escapes special regex characters in a string for safe use in grep patterns.
+ * RT2-5.1 fix: Used in full relative path import scan to prevent path separators
+ * and dots from being interpreted as regex metacharacters.
+ */
+export function escapeRegex(str: string): string {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+/**
+ * Reads the first 50 lines of a file for context injection snippets.
+ * Returns empty string if the file cannot be read.
+ */
+export function readFirst50Lines(filePath: string): string {
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    return content.split('\n').slice(0, 50).join('\n');
+  } catch {
+    return '';
+  }
+}

package/src/utils/frontmatter.ts

@@ -0,0 +1,27 @@
+import * as fs from 'fs/promises';
+import matter from 'gray-matter';
+import { z } from 'zod';
+import { NomosError } from '../core/errors.js';
+import type { TaskFrontmatter } from '../types/index.js';
+
+const TaskFrontmatterSchema = z.object({
+  title: z.string().min(1),
+  priority: z.enum(['high', 'medium', 'low']),
+  context_files: z.array(z.string()).optional(),
+  status: z.string().optional(),
+});
+
+export async function parseTaskFile(
+  filePath: string,
+): Promise<{ frontmatter: TaskFrontmatter; body: string }> {
+  const raw = await fs.readFile(filePath, 'utf8');
+  const parsed = matter(raw);
+  const result = TaskFrontmatterSchema.safeParse(parsed.data);
+  if (!result.success) {
+    throw new NomosError(
+      'invalid_frontmatter',
+      `Invalid frontmatter in ${filePath}: ${result.error.message}`,
+    );
+  }
+  return { frontmatter: result.data as TaskFrontmatter, body: parsed.content };
+}

package/src/utils/sanitize.ts

@@ -0,0 +1,78 @@
+// ── Pattern-based sanitization ───────────────────────────────────────────────
+export function sanitizeByPatterns(
+  input: string,
+  patterns: string[],
+  label: string = '[REDACTED]',
+): { output: string; matches: string[] } {
+  const matches: string[] = [];
+  let output = input;
+  for (const pattern of patterns) {
+    const re = new RegExp(pattern, 'g');
+    output = output.replace(re, (match) => { matches.push(match); return label; });
+  }
+  return { output, matches };
+}
+
+// ── Shannon entropy ───────────────────────────────────────────────────────────
+export function calculateEntropy(str: string): number {
+  const freq = new Map<string, number>();
+  for (const ch of str) freq.set(ch, (freq.get(ch) ?? 0) + 1);
+  let entropy = 0;
+  for (const count of freq.values()) {
+    const p = count / str.length;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+
+export function detectHighEntropyStrings(input: string, threshold: number): string[] {
+  const candidates = input.match(/[a-zA-Z0-9_-]{32,}/g) ?? [];
+  return candidates.filter(s => calculateEntropy(s) >= threshold);
+}
+
+// ── PTY prompt sanitization ──────────────────────────────────────────────────
+// Used to clean prompt content before it becomes a CLI argument.
+// Even though the prompt is passed via -p flag (not PTY stdin), the content
+// must be free of terminal escape sequences that could corrupt argument parsing.
+export function sanitizeForPty(prompt: string): string {
+  // Order matters: strip full ANSI sequences first (they start with \x1b which is
+  // inside the C0 range). Stripping C0 first would eat the ESC byte and leave
+  // bracket artifacts like "[0m" in the output.
+  return prompt
+    .replace(/\x1b\[[0-9;]*[A-Za-z]/g, '')                  // CSI sequences
+    .replace(/\x1b\][^\x07]*\x07/g, '')                     // OSC sequences
+    .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, '');    // C0 control chars except \n \t
+}
+
+// ── File secret scanning ─────────────────────────────────────────────────────
+// RT2-5.1 fix: Returns matching pattern strings (not just boolean) so the error
+// message can tell the user WHICH patterns triggered. Empty array = no secrets found.
+export function scanFileForSecrets(content: string, patterns: string[]): string[] {
+  return patterns.filter(p => new RegExp(p).test(content));
+}
+
+// ── Environment variable sanitization ─────────────────────────────────────────
+// C3 fix: Match against env var NAMES only — never against 'key=value' strings.
+// Matching 'key=value' causes false positives (e.g., pattern 'TOKEN' deletes 'COLORTERM').
+const ALWAYS_DENY: RegExp[] = [
+  /^(ANTHROPIC|OPENAI|AWS|AZURE|GCP|GOOGLE|GITHUB|GITLAB|HUGGING_?FACE)_.*?(KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i,
+  /^NOMOS_.*?SECRET/i,
+  /^(DATABASE_URL|REDIS_URL|MONGO_URI|DB_PASSWORD)$/i,
+  /^(SSH_AUTH_SOCK|GPG_TTY)$/i,
+];
+
+export function sanitizeEnv(
+  env: Record<string, string | undefined>,
+  denylist: string[],
+): Record<string, string> {
+  const compiledDeny = denylist.map(p => new RegExp(p, 'i'));
+  const result: Record<string, string> = {};
+  for (const [key, value] of Object.entries(env)) {
+    if (value === undefined) continue;
+    const denied =
+      ALWAYS_DENY.some(re => re.test(key)) ||
+      compiledDeny.some(re => re.test(key));
+    if (!denied) result[key] = value;
+  }
+  return result;
+}